PHP based authentication

tolwyn

I am trying to authenticate some webpage - script looks fine, i found few scripts on Zend. Login window popup but when I enter the username and password, it just tries to authenticate but that's all. The login window popup again and again and after 3 attempts it say that it can't authenticate... I am running Iplanet 4.1 on Solaris 7. I have a php plugin installed. Btw all my pages are in php. I appreciate any help.

Thanks

bastien

does it run against a DB? or .htaccess file? text file?

have you set up passwords in the right place? reading the right table name?

need more description of the error and the setup as well as some code

tolwyn

thanks fro reply... i tried everything... mysql, .htaccess file with plugin installed in iplanet, here is some example..

htaccess file:

<Limit GET POST>
order deny,allow
allow from admin
</Limit>
<Limit PUT DELETE>
order deny,allow
deny from all
</Limit>
AuthName php.com
AuthType basic
AuthUserFile /opt/netscape/server4/docs/.htpasswd

and .htpasswd file which i use with this one

petr:$apr1$iP......$C7XFgTSnS8khDqs0z0pkK.

This solution should work according to this howto:

http://access1.sun.com/technotes/01157.html

i am not sure if my .htaccess file is OK.

I also tried to authentication base on some php scripts, please see my examples...

<?php

// sample #1 redirect after success

$PHP_AUTH_USER=$HTTP_SERVER_VARS['admin'];
$PHP_AUTH_PW=$HTTP_SERVER_VARS['phppassword'];

if ( ( !isset( $PHP_AUTH_USER )) || (!isset($PHP_AUTH_PW))
|| ( $PHP_AUTH_USER != 'user' ) || ( $PHP_AUTH_PW != 'open' ) ) {

header( 'WWW-Authenticate: Basic realm="Private"' );
header( 'HTTP/1.0 401 Unauthorized' );
echo 'Authorization Required.';
exit;

} else {

header( 'Location: [url]http://www.php.com/index.php[/url]' );

}
?>

<?php

Another example - php authentication base on text file...

<?php

$auth = false; // Assume user is not authenticated

if (isset( $PHP_AUTH_USER ) && isset($PHP_AUTH_PW)) {

// Read the entire file into the variable $file_contents

$filename = 'pass.txt';
$fp = fopen( $filename, 'r' );
$file_contents = fread( $fp, filesize( $filename ) );
fclose( $fp );

// Place the individual lines from the file contents into an array.

$lines = explode ( "\n", $file_contents );

// Split each of the lines into a username and a password pair
// and attempt to match them to $PHP_AUTH_USER and $PHP_AUTH_PW.

foreach ( $lines as $line ) {

    list( $username, $password ) = explode( ':', $line );

    if ( ( $username == "$PHP_AUTH_USER" ) &&
         ( $password == "$PHP_AUTH_PW" ) ) {

        // A match is found, meaning the user is authenticated.
        // Stop the search.

        $auth = true;
        break;

    }
}

}

if ( ! $auth ) {

header( 'WWW-Authenticate: Basic realm="Private"' );
header( 'HTTP/1.0 401 Unauthorized' );
echo 'Authorization Required.';
exit;

} else {

echo '<P>You are authorized!</P>';

}

I tried really everything and i don't know why it's not working. I appreciate any help.

Thanks

bastien

against a DB?...simpler and way easier to add users....i have seen many developers try to use .htaccess only to realize that table based authentication is what they should be using in a dynamic environment like the web...