Hello, I am relatively new to using PHP and am looking for some help. I have a login page that is using the HTTP Authentication for users. I have it so that it works if the user enters a valid user/pass but I am unable to get it so the user is prompted to login again if the user clicks 'cancel' or enters an incorrect user/pass.
Any help is appreciated.
BTW- I am running PHP on an Apache server as a module. Also, if you have any suggestions on how to clean up the code or make something work better, that is always appreciated.
<?php
// Begin our session for the user
session_start();
header("Cache-control: private");
// Turn off all PHP generated error messages for now
error_reporting(0);
if (!isset($_SERVER['PHP_AUTH_USER'])) {
header('WWW-Authenticate: Basic realm="basic"');
header('HTTP/1.0 401 Unauthorized');
echo 'Sorry, but you need to enter your login information';
exit;
} else {
// get our database info and connect to the datbase
require("db.inc");
//set our query to see if we have a connection
$query="SELECT * FROM test WHERE user = '$username' and password = password('$password');";
// Execute the query and put results in $result
$result=mysql_query($query) OR die("Sorry, but we couldn't connect to the database to run the query. The http user is set to ".$username." "); //for debugging;
// Get number of rows in $result. 0 if invalid, 1 if valid.
$num=mysql_numrows($result);
mysql_close();
// Test to ensure our variables are being passed properly and that the result is what we expect
//print $num."<br>";
//print $query;
if ($num >= 1) {
$redirect_to = $SERVER['HTTP_HOST'] .
dirname($SERVER['PHP_SELF']) . "manage.php" ;
if( $_SERVER['SERVER_PORT'] == 43 ){
$server = 'https';}
else{
$server = 'http';}
print "<meta http-equiv=\"refresh\" content=\"0;URL=$server://$redirect_to\"> ";
//echo "<P>You're authorized!</p>";
} else {
header('WWW-Authenticate: Basic realm="basic"');
header('HTTP/1.0 401 Unauthorized');
echo "Sorry but Authorization Required. Please try logging in again";
exit;
}
}
?>
