Authentication Problem

Sera

<?php # Script 10 - authentication.php
$authorized = FALSE;  // Initialize a variable.

// Check for authentication submission.
if ( (isset($_SERVER['PHP_AUTH_USER']) AND isset($_SERVER['PHP_AUTH_PW'])) ) {

// Set the database access information as constants.
define ('DB_USER', '***');
define ('DB_PASSWORD', '******');
define ('DB_HOST', 'localhost');
define ('DB_NAME', 'gallery');

// Make the connnection and then select the database.
$dbc = @mysql_connect (DB_HOST, DB_USER, DB_PASSWORD) OR die ('Could not connect to MySQL: ' . mysql_error() );
mysql_select_db (DB_NAME) OR die ('Could not select the database: ' . mysql_error() );

// Query the database.
$query = "SELECT name FROM users WHERE username='{$_SERVER['PHP_AUTH_USER']}' and password=PASSWORD('{$_SERVER['PHP_AUTH_PW']}')";
$result = mysql_query ($query);
$row = @mysql_fetch_array ($result);
if ($row) { // If a record was returned...
	$authorized = TRUE;
}	
} 

// If they haven't been authorized, create the pop-up window.
if (!$authorized) {
	header('WWW-Authenticate: Basic realm="My Web Site"');
	header('HTTP/1.0 401 Unauthorized'); // For cancellations.
}
?>

<?php # Script 11 - auth_index.php

// Demand authentication!
require_once ('authentication.php');
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
        "http://www.w3.org/TR/2000/REC-xhtml1-20000126/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
	<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
	<title>Authorisation</title>
</head>
<body>
<?php
// Print a message based upon authentication.
if (!$authorized) {
	// Include the HTML header file.
	include_once ('header.html');
	echo '<p>Please enter a valid username and password! Click <a href="auth_index.php">here</a> to try again!</p>';

// Include the HTML footer file.

include_once ('footer.html');

} else {// Redirect


header ("Location:  [url]http://[/url]" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/add_print.php");


exit();
}
?>
</body>
</html>

i have created a table in the 'gallery' database called 'users'. i have added a record to the 'users' table and yet the log in window does not accept the username and password. the password was entered into the 'users' table using the password() function.

anyone have a clue as to why the username and password r not being accepted?

Thanx.

devinemke

are you running PHP as an Apache module or as CGI? if you are running CGI then $SERVER['PHP_AUTH_USER'] and $SERVER['PHP_AUTH_PW'] will not be set.

Sera

i'm using Apache.

devinemke

Originally posted by Sera
i'm using Apache.

...yes, you are using the Apache webserver, but are running PHP as an Apache module or as CGI?

Sera

lol, sorry. i am running php as a module with apache.