[RESOLVED] $_SERVER , ("WWW-Authenticate:

igorek

<?php 
require_once('../includes/initialize.php');
session_start();
if  (!isset($_SERVER['PHP_AUTH_USER'])) {
	header("WWW-Authenticate: Basic realm=\"My Private Area\"");
	header("HTTP/1.0 401 Unauthorized");
	print "Sorry, you are not authorized to Destroy MY POST!";
	print "<pre>";
	print_r($_SERVER);
	print "</pre>";
	exit;
} else {
	if (($_SERVER['PHP_AUTH_USER'] == 'name') && ($_SERVER['PHP_AUTH_PW'] == 'password') ) {
		$id = $_GET['id'];
		$_SESSION['message'] = (mysql_query("DELETE FROM blog WHERE id = {$id}")) ? 'Success' : 'Failed '.$id;
		unset($_SERVER['PHP_AUTH_USER']);
		unset($_SERVER['PHP_AUTH_PW']);
		header("Location: ../?view=blog");			
		exit;
	} else {
		header("WWW-Authenticate: Basic realm=\"My Private Area\"");
		header("HTTP/1.0 401 Unauthorized");	
		print "Sorry, you are not authorized to Destroy MY POST!";
	print "<pre>";
	print_r($_SERVER);
	print "</pre>";
		exit;
	}
}
?>

Locally It works but on my production server it doesnt any suggestions to why?

NogDog

There are so many variable aspects to HTTP Authentication with PHP that I wouldn't know which to look at first -- probably why I much prefer to use a sessions-based login system. 🙂

bradgrafelman

What does it do on your production server? Are the HTTP headers being sent properly?

igorek

I made a blog but decided not to make a $SESSION log in at this time to create update delete, for create and update I use a simple authorize function $POST variable carries username and password fields and if they match you can update create. For delete though I decided to go with WWW-Authenticate, I am not too sure what you mean by headers sent properly. There is a menu on ?view=blog Destroy link links to destroy.php. I get the Realm to enter username password but they dont get verified like they do on my local server. Is there anyway to view what values I am submitting to $SERVER['PHP_AUTH_USER'], $SERVER['PHP_AUTH_PW'].

It authorizes the deleting of post depending on username password you submit through it. You can ignore the print_r($_SERVER) parts they were just for quick debugging, I will get to the bottom of this it just happened I got a new laptop today and it wasn't working so I ran tests to get it to work but unfortunately formatted my other laptop and my backup HD accidently but got the new laptop working it was faulty SDRAM one of the 2GB wasnt functioning right. So I am setting up the enviroment right now and will start debugging again. Wow i am so happy with this new laptop 🙂)

bradgrafelman

igorek wrote:
Is there anyway to view what values I am submitting to $SERVER['PHP_AUTH_USER'], $SERVER['PHP_AUTH_PW'].

Of course - print them out or log them.

igorek

I didnt have much time to play with the WWW-Athenticate, I decided to go another way with javascript prompt get password and verify the password. What do you think of this.

<?php
// read, delete
function destroy($password,$table,$id) {
	if ($password == 'passwordgoeshere') {
		$r = mysql_query("DELETE FROM {$table} WHERE id={$id}");
		$_SESSION['message'] = ($r) ? 'Success!' : 'Failure! =(' ;
		header("Location: ?view={$table}&id=1");
		exit;
	} else {
		$_SESSION['message'] = "Not authorized to Destroy a record!";
		header("Location: ?view={$table}");
		exit;
	}
}

		<input type='button' 
			   value="Destroy" 
			   class="button"
			   onClick="f=prompt('Enter password'); if (isset(f)) { window.location.href = '?view=portfolio&id=<?php echo $id; ?>&act=destroy&p='+f; }" />
?>

I ve got so use to ctrl + s that i keep doing it in the browser when i edit my posts and try to save the html page lol