Stuck in loop

karinne

I'm trying to get this User Authentication script working but I'm stuck. It keep sending me the dialog box, doesn't seem to be checking the vars in the database at all!

Here's the url - http://www.karinne.net/admin/

Username - testing
Password - 123

Here's the script -

$conn = pg_connect ("dbname=karinne user=karinne password=karinne");

$auth = false; // Assume user is not authenticated

if (isset($PHP_AUTH_USER) && isset($PHP_AUTH_PW)) {

    $login = pg_exec ("select * from users where userid='$PHP_AUTH_USER' and password='$PHP_AUTH_PW'");
    $num = pg_numrows($login);

    if ($num != 0) {
            $auth = true;
    }

}

if (!$auth) {
header( 'WWW-Authenticate: Basic realm="Private"' );
header( 'HTTP/1.0 401 Unauthorized' );
echo 'Authorization Required.';
exit;
} else {
header( 'Location: /admin/in.php' );
}
[/color][/size]

TIA

Weedpacket

I notice that it will only check the database if $PHP_AUTH_USER and $PHP_AUTH_PW are both already set. It may be that these variables are not set; perhaps $_SERVER['PHP_AUTH_USER'] etc. would be better choices (i.e., that your PHP is configured with the default "register_globals=off" setting).

karinne

It worked... I thought I had tried that already!? Oh well! Thanks!

Here's the working code -

$conn = pg_connect ("dbname=karinne user=karinne password=karinne");

$auth = false; // Assume user is not authenticated

if (isset($SERVER['PHP_AUTH_USER']) && isset($SERVER['PHP_AUTH_PW'])) {
$userid = $SERVER['PHP_AUTH_USER'];
$password = $SERVER['PHP_AUTH_PW'];

$login = pg_exec ("select * from users where userid='$userid' and password='$password'");
$num = pg_numrows($login);

if ($num != 0) {
	$auth = true;
}

}