HTTP Authentication Problem

Fubear

I have seen several HTTP Authentication tutorials online, but I cannot get the code to work correctly.

  if (!isset($_SERVER['PHP_AUTH_USER'])) {
    header('WWW-Authenticate: Basic realm="Private Area"');
    header('HTTP/1.0 401 Unauthorized');
    echo 'You are not authenticated to view this page';
    exit;
  } else {
    //Verify user access against the databse and get access levels
  }

My problem is that there is no popup box asking for the login and password, the screen just displys the line of text telling me that im not authorised.

This code is in the page initialisation section, and is run before anything is output, so i assume the header() command is going off correctly.

I'm running a fresh installation of the latest version of PHP on IIS.
Is there some config trick I have missed?

daphreeek

Well this one is easy to overlook during setup as they recommend you use CGI install.

try making a page with this code only:

<?php
phpinfo();
?>

You will notice that the 3rd item down will say "Server API: CGI". This API doesnt allow you to use the HTTP_AUTH

Go into your PHP directory and read the install.txt file. Read the instructions on installing the SAPI version manually for ur web server. Once done, restart your server and it should b fine. If not, run phpinfo() again and check that "Server API" isnt CGI.

Good luck
- Matt

Fubear

Is there an online version of the install.txt I could read?

I dont have access to the webserver, so unless I provide step by step instructions for the webmaster to perform then it wont get done any time soon.

Were both very new at actually running a server, so dont know much about the actual admin side of things.

daphreeek

run phpinfo() first so you can see if it is this. the auth only works when php is running as an apache module so check the "Server API" as I said in my previous post.

If it says Apache for the Server API then this isn't the problem but is most likely your code.

If it doesn't say Apache (ie. you're running the CGI version of PHP) then you will need 2 change httpd.conf as it says in install.txt (attatched)

Although changing it is very easy, a lot of ppl dont like php mod because it is not considered stable and has a few bugs. however, i use it on my server simply because i want 2 b able to use http-auth. 🙂

http://www.php.net/manual/en/features.http-auth.php
that site has a lil more info on http-auth. check ur code as well as phpinfo().

Matt

ken-doh

well I did as that txt file says BUT alas i get module not found

any ideas?