User Authentication passing variable

toddmarx

Greetings all,

I have to build an admin side to a website. This dir will include about 6 pages that I need to protect. I have the auth done, I just need to know how to pass that user has been verified from one page to the other.

Here is my code if this helps....

<?php 

$auth = false; //assume user is not authenticated

if (isset( $PHP_AUTH_USER ) && isset($PHP_AUTH_PW)) {

//Connect to MySQL
mysql_connect("localhost", "root")
	or die ( 'Unable to connect to server.' );

//Select db
mysql_select_db('computerzonehq')
	or die ('Unable to select the requested database.');

//Build query
$sql = "select * from users where
		username = '$PHP_AUTH_USER' and
		password = '$PHP_AUTH_PW'";

//Execute query and build $result
	$result = mysql_query($sql)
		or die ('Unable to execute query.');

//Get number of rows in $result
	$num = mysql_numrows( $result );
	if ($num !=0) {

	//A Match was found.  Auth the user
	$auth = true;
	}
}
if ( ! $auth ) { 

header( 'WWW-Authenticate: Basic realm="Computerzone HQ"' ); 
header( 'HTTP/1.0 401 Unauthorized' ); 
echo 'Authorization Required.'; 
exit; 

} else { 

echo '<P>You are authorized!</P>'; 
} 

?>

Now that the user has verified, how to get this to go from one page to the next?

Thanks a mil

toddmarx

any takers?

Rex__

provided you have php4 or higher, you can change the following:

if (!$auth){
    header('WWW-Authenticate: Basic realm="Computerzone HQ");
    header('HTTP/1.0 401 Unauthorized');
    echo 'Authorization Required.';
    exit;
} else {
    $_SESSION["auth"]=$auth; //set cookie on user's machine here
    echo '<P>You are authorized!</P>';

}

now put this line at the top of each protected page (or above any protected info).

if ($_SESSION["auth"]!="true") {
	echo "gettouttahea";
	exit; 
}

this will work in php 3.x, but you'd have to change the session array. This code assumes that the user has a common browser and that cookies are enabled. Almost all computers on the net meet these criteria, and cookie sessions are the norm now.

also change mysql_numrows to mysql_num_rows() ... (doh!)

hope this helps

toddmarx

it is not passing the variable.....

Rex__

check for any other syntax errors in your code. if you are redirecting, then errors often won't be visible.

check to see if the $auth=true; line is actually ever executed. if not then you might have some kind of db problem

try using:

if (isset($_SESSION["auth"])) {

instead of:

if ($_SESSION["auth"]=="true") {

you can read about session variables here...

http://ca3.php.net/manual/en/ref.session.php

btw, sessions only last 20 min by default, so the cookie info is deleted at that time. that means the session variable should be unset the next time you access the page (which is a good thing).

toddmarx

thanks rex! That did it! 😃 🆒

toddmarx

Also,

I have heard that there is a particular order that IE likes the headers. Does it really matter?

ex;

header('WWW-Authenticate: Basic realm="Computerzone HQ"');
header('HTTP/1.0 401 Unauthorized');