oh man, i knew it was something so obvious i couldn't see it.
Thanks
Another thing:
This line
if ($_SERVER['PHP_AUTH_PW']!=$row['str_password'] || $_SERVER['PHP_AUTH_USER']!=$row['str_email']) {
its comparing $_SERVER[PHP_AUTH_PW] to an encrypted value (mysql PASSWORD()) so it never finds a result, thus never authenticating any logins. To fix this, i simply removed this check. It was already check by finding a result in the database, I replaced it with the following line and it works fine.
if ($row['int_user_id']) {
Here is the correctly working script for reference:
function authenticate(){
header("WWW-authenticate: basic realm=Eon-Genesis");
header( "HTTP/1.0 401 Unauthorized");
echo "<h2>Authorizaton Required</h2>";
exit;
}
if(!isset($_SERVER['PHP_AUTH_USER']) && !isset($_SERVER['PHP_AUTH_PW'])){
authenticate();
} else {
$query="SELECT int_user_id, str_email, str_password, bln_admin FROM tbl_account WHERE str_email = '".$_SERVER['PHP_AUTH_USER']."' AND str_password = PASSWORD('".$_SERVER['PHP_AUTH_PW']."') LIMIT 1";
$result = mysql_query($query, $MainLink) or die("Could not execute login query: ".mysql_error());
$row = mysql_fetch_assoc($result);
if ($row['int_user_id']) {
$_SESSION['logged_in']=1;
$_SESSION['user_id']=$row['int_user_id'];
if($row['bln_admin']==1)
$_SESSION['admin']=1;
} else
authenticate();
}
