Blank Page Error

shaneo

Pages are returning with no html content except the header on my site after attempting to use HTTP AUTH USER

For example http://www.nambourhockey.aunz.org/login_auth.php

secure pages call a require_once("authentication.php");

which looks like this...

<?php
   if ( (!isset($_SERVER['PHP_AUTH_USER'])) OR ($login_page AND !strcmp($_POST[existing_username], $_SERVER['PHP_AUTH_USER'])) ) {
     header('WWW-Authenticate: Basic realm="Administration Module v1.3.4"');
     header('HTTP/1.0 401 Unauthorized');
     echo "Please enter a valid username and password!<P>Reload the page to try again!\n";
     exit;
   } else {
     // login variables are set so check them against the database of authorised users

 require_once("config.inc.php"); // connects to database
 $query = "SELECT * FROM admin_user WHERE username='$_SERVER[PHP_AUTH_USER]'";
 $query_result = mysql_query($query, $db_connection) or die(mysql_error());
 $result = mysql_fetch_array($query_result) or die(mysql_error());
 // returns values for authorised user 
 if ($_SERVER['PHP_AUTH_PW'] == $result[password]) {
   // username and password passed at non-encrypted level
   session_start();
   $username = $_SERVER[PHP_AUTH_USER];
   session_register('username');
   if (strstr($_SERVER['PHP_SELF'], "fieldreport.php")) { 
     // If they were on the log-in page, take them to the administration index.
     header ("Location: index.php");
     exit;
   }
 } else {
   if (!strstr($_SERVER['PHP_SELF'], "login_auth.php")) {
     // If they weren't on the log-in page, take them there.
     header ("Location: login_auth.php");
     exit;
   }
 }
   }
?>

The Login_auth code is this....

<?php // login.php
   require_once "authentication.php";
?>
<!--DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/2000/REC-xhtml1-20000126/DTD/xhtml1-transitional.dtd"-->
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<Title>Log in authorised user</Title>
</head>
<div align="center"><b><font color=#CC0000> </font></b>
  <hr>
  <b><font color=#CC0000><br>
  <font size="+1">User Authentication Failed!</font><br />
  <font color="#333399">A valid <i>username and password</i> are required to access 
  this area of the website! </font></font></b><br />
</div>
<form action=<?php echo ( $_SERVER[PHP_SELF] ); ?>  method="post">
  <div align="center">
    <input type="hidden" name="login_page" value="TRUE">
    <input type="hidden" name="existing_username" value="<? echo ( $_SERVER[PHP_AUTH_USER] ); ?>">
    <input type="submit" value="  TRY AGAIN!  ">
  </div>
</form>
<hr>
<div align="center"><br>
  <font size="+1">Try again to retry log-in or <a href="index.php">go to Blue Demons Home Page</a> 
  </font></div>
</body>
</html>

And Thats It - It Should work but the pages all contain the following source - ie a blank page with header info

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=windows-1252"></HEAD>
<BODY></BODY></HTML>

John_Canyon

What does index.php look like?

Also, try changing this .

// If they were on the log-in page, take them to the administration index.
         header ("Location: index.php");
         exit;

To:

         // If they were on the log-in page, take them to the administration index.
         header ("Refresh: 0 url=/index.php");
         exit;

I have noticed sometimes after assigning session variables and cookies, its better to use a Refresh rather than a redirect.

John_Canyon

Ok, I have isolated your issue i believe.

I would do something like this.

<?php
   if ( !session_is_registered(username)) {
     header('WWW-Authenticate: Basic realm="Administration Module v1.3.4"');
     header('HTTP/1.0 401 Unauthorized');
     echo "Please enter a valid username and password!<P>Reload the page to try again!\n";
     exit;
   } else {
     // login variables are set so check them against the database of authorised users

 require_once("config.inc.php"); // connects to database
 $query = "SELECT * FROM admin_user WHERE username='$_SERVER[PHP_AUTH_USER]'";
 $query_result = mysql_query($query, $db_connection) or die(mysql_error());
 $result = mysql_fetch_array($query_result) or die(mysql_error());
 // returns values for authorised user 
 if ($_SERVER['PHP_AUTH_PW'] == $result[password]) {
   // username and password passed at non-encrypted level
   session_start();
   $username = $_SERVER[PHP_AUTH_USER];
   session_register('username');
   if (strstr($_SERVER['PHP_SELF'], "fieldreport.php")) { 
     // If they were on the log-in page, take them to the administration index.
     header ("Location: index.php");
     exit;
   }
 } else {
 header('WWW-Authenticate: Basic realm="Administration Module v1.3.4"');
 header('HTTP/1.0 401 Unauthorized');
 echo "Please enter a valid username and password!<P>Reload the page to try again!\n";
 exit;
 }
   }
?>

That will work, what it does is checks to see if the session is started, we are assuming that username is only set if the user
is authorized. If the session expires, or the user is not authorized it will display the login.

Let me know how it works, I have not tested it.

Cheers.