I have the following code in a script for users to login to my site:
$index = "restricted/index.html"; // URL to first restricted file page.
$htaccess = "./users.txt"; // URL to .htpasswd (NOTE: must be in restricted folder)
$user = false;
if ( isset($PHP_AUTH_USER) && isset($PHP_AUTH_PW)) {
$fp = fopen($htaccess, "r");
$contents = fread($fp, filesize($htaccess));
fclose($fp);
$users = explode("\n", $contents);
foreach ($users as $user) {
list($username, $password) = explode(":", $line);
if ($username == $PHP_AUTH_USER) {
if ($password == $PHP_AUTH_PW) {
$user = true;
break;
}
}
}
}
if (!$user) {
echo("Authorization Required.<p><form name=\"ghfjhgrj4jkf\"><input type=\"text\" name=\"PHP_AUTH_USER\"><br><input type=\"text\" name=\"PHP_AUTH_PW\"><br><input type=\"submit\"></form></p><p align=\"center\"><a href=\"http://www.cool-palace.com\">phpUserGate v 2.0<br>Written by Tony Harrison of Cool Palace Web Development</a></p>");
exit();
}
else {
include("$index");
}
BUT IT ACCEPTS ANYTHING!!! IT SHOULD ONLY ACCEPT THE REGISTERED USER BUT IF YOU PUT (FOR EXAMPLE) USER: JOEBOB AND PASS: DUH IT STILL LOGS YOU IN. WHAT IS THE PROBLEM?
