PHP_AUTH_USER

Anon

can someone please explain how PHP_AUTH_USER works. I know it'll get username and password but what does it compare against and or how even?

help would be greatly appreciated on this

TIA
Shane

Anon

Save below as password.inc and just include it at the top of any page you want to password protect. The $PHP_AUTH_USER is nice because it acts like a session variable. ie. once set you can use it anytime without asking or setting it again.

<?php
function authenticate(){
Header("WWW-authenticate: basic realm=\"www.yourpagehere.com\"");
Header("HTTP/1.0 401 Unauthorized");
echo "
You need your name and password for this.
";
exit;
}

if(!$PHP_AUTH_USER){
authenticate();
}
else{
$query = mysql_query("select name from table_name where name='$PHP_AUTH_USER' and password='$PHP_AUTH_PW'");
if(!mysql_num_rows($query)){
authenticate();
}
}
?>

Anon

...can you explain why this does not work?

<?
if (!isset($PHP_AUTH_USER)):
header('WWW-Authenticate: Basic realm="jana-admin"');
header('HTTP/1.0 401 Unauthorized');
echo 'Authorization Required.';
exit;
else:
if(($PHP_AUTH_USER == 'bob') && ($PHP_AUTH_PW == 'down')):
echo 'guess it works';
else:
echo 'bugger!';
endif;
endif;
?>

thanks

Anon

...complicating matters i think ...

I'm running jana-server ... details are irrelevant as far as I can tell. Important tho - to parse PHP basically all it does is pass the files off to php.exe ... I dunno if this is how PHP works as a CGI but I assume so and it seems that PHP as CGI won't work for PHP_AUTH_USER stuff.

The password/username window comes up but its as though the data is not passed to the page when OK is clicked. Clicking cancel still seems to work find tho.

cheers
shane