Here's my code - it authorizes no matter what's entered - even if the fields from the form page are left blank, it still authorizes. It should only authorize when the correct username and password are entered. Any help? Thanks!
// Check to see if $PHP_AUTH_USER already contains info
if (!isset($PHP_AUTH_USER)) {
// If empty, send header causing dialog box to appear
header('WWW-Authenticate: Basic realm="Cox Family Website"');
header('HTTP/1.0 401 Unauthorized');
exit;
} else if (isset($PHP_AUTH_USER)) {
// If non-empty, check the database for matches
// connect to odbc
$conn = odbc_connect( "CoxFamily", "root", "" )
or die ("Unable to connect to database.");
// Formulate the query
$sql = "SELECT *
FROM login
WHERE username='$PHP_AUTH_USER' and password='$PHP_AUTH_PW'";
// Execute the query and put results in $result
$result = odbc_exec($conn, $sql);
// Get number of rows in $result. 0 if invalid, 1 if valid.
$num = odbc_num_rows($result);
if ($num != "0") {
echo "<P>You're authorized!</p>";
exit;
} else {
header('WWW-Authenticate: Basic realm="Cox Family Website"');
header('HTTP/1.0 401 Unauthorized');
echo 'Authorization Required.';
exit;
}
}
