Hi Guys,
Ive had problems with PHP_AUTH_USER in that if a user enters an incorrect username and password these details are checked against a database and the result returned.. If the result is false (user or password does not match) I had until now been unable to get them to click the LOGIN button and re-submit their informaion, as the header information already exists.. I've found a get-around which follows - Ultimatley I was wondering if it needs to be this complex and is there some simpler way of resetting the information when the credentials check out false??? (Sorry the nesting isnt so clear once its pasted into this little window!)
My solution is this:
<?
if (!isset($PHP_AUTH_USER)) {
header('WWW-Authenticate: Basic realm="My Private Stuff"');
header('HTTP/1.0 401 Unauthorized');
echo 'Authorization Required.';
exit;
} else {
$connection = mysql_connect("localhost", "dbuser", "dbpass")
or die ("Couldn't connect to server.");
$db = mysql_select_db("pchut", $connection)
or die ("Couldn't select database.");
$sql = "SELECT UID
FROM users
WHERE Email='$PHP_AUTH_USER' and Password='$PHP_AUTH_PW'";
$result = mysql_query($sql)
or die("Couldn't execute query.");
$num = mysql_numrows($result);
if ($num == 1) {
echo "<P>Welcome Your have passed security<br>";
echo "Your username is $PHP_AUTH_USER<br>";
echo "Your password is $PHP_AUTH_PW</p>";
} else if ($num == 0) {
header('WWW-Authenticate: Basic realm="My Private Stuff"');
header('HTTP/1.0 401 Unauthorized');
echo 'Authorization Required.';
exit;
}
}
?>
Any suggestions or comments if this little bit of code is of any help, or if it could be 'swept up' a bit please let me know...
Am still very amateurish.
