User Authentication

Jonathan_Beni

Hi,

I am trying to implement a user authentication script.
I used the following silly script to test the global authentication vars..
For some reason on some servers (All Apache) it works as expected but on others the 401 headers are sent regardless of what is inputed into the username & password fields...

Any ideas how to solve this?

<?php 

// Check to see if $PHP_AUTH_USER already contains info

if (!isset($PHP_AUTH_USER)) {

// If empty, send header causing dialog box to appear
header('WWW-Authenticate: Basic realm="My Private Stuff"');
header('HTTP/1.0 401 Unauthorized');
echo 'Authorization Required.';
exit;
}

// If not empty, display values for variables

else {

echo "
<P>You have entered this username: $PHP_AUTH_USER<br>
You have entered this password: $PHP_AUTH_PW<br>
The authorization type is: $PHP_AUTH_TYPE</p>
";

}

?>

Blarg

Correct me if I'm wrong (I probably am 😃).. but isn't $PHP_AUTH_USER only used with .htaccess password protection - which other servers aside from apache don't have...?

Jonathan_Beni

Originally posted by Blarg
Correct me if I'm wrong (I probably am 😃).. but isn't $PHP_AUTH_USER only used with .htaccess password protection - which other servers aside from apache don't have...?

OK, I'm correcting you... 🙂

Actually, it was a problem with the register_globals setting.
Once I changed the vars to $_SERVER['PHP_AUTH_USER'] etc. it worked on all of the servers.

Blarg

😃 slaps forehead :p