protecting a page

Anon

Hello,

I am trying to protect a page with php&mysql.

I do this on *nix servers with no problem by requiring an include file which contains:

mysql_connect("localhost","root","xxxxxx")
or die ("Unable to connect to database!");
mysql_select_db("MyDB")
or die ("Unable to select the DB!");

$query = "
select * from users
where username='$PHP_AUTH_USER' and password = '$PHP_AUTH_PW'
";
$result = mysql_query($query);
$numrows =mysql_num_rows($result);
mysql_close();
if($numrows != 1) {
//auth failed!!!!
header('WWW-Authenticate: Basic realm="This is my protected page!"');
header('HTTP/1.0 401 Unauthorized');
echo 'Authorization Required!';
echo 'Hit Reload to Try Again. Session Logged';
exit();
}
$username=mysql_Result($result,0,"username");
$password=mysql_Result($result,0,"password");

This code does not work on Windows. Any tips or hints how to do this on Windows Server?

Thanks

ame12

$PHP_AUTH_USER and PWD are variables I believe only Apache (and BadBlue) supports. You may have to do some work to support this. $REMOTE_USER is equivalent to $PHP_AUTH_USER but IIS doesn't let you get the password that easily. You will need to retrieve $ALL_RAW or $ALL_HTTP (which is all of the header request variables), get the raw authorization string in base64 format, and unbase64 it. Don't know of any other way to do it on IIS.

===========================================
http://badblue.com
Small footprint P2P web server for Windows,

Share files, get PHP up and running fast...

skissiks

Jay,

did you try this out to see if it would work in the way Randy suggests?

just curious, because i am setting up the token guestbook, as i am relatively new to mysql and php, on a win32 platform with IIS and will want to add similar functionality like you, Jay.

thanks for whatever information you find!

andrew
:wq

corsc

The code is right, except for the one hidden fact the mysql_num_rows does not work in windows (atleast it never worked for me).

You are better to replace:
// ================================
$numrows =mysql_num_rows($result);
mysql_close();
if($numrows != 1) { // error }
// ================================
with:
// ================================
$fetched_row = mysql_fetch_row( $result );
if ( !$fetched_row )
{
// error
}
// ================================
or (in one line)
if ( !$fetched_row = mysql_fetch_row( $result ) )
{
// error
}
// ================================