#1
  1. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2000
    Posts
    26
    Rep Power
    0
    I've been running the following authentication in php on a linux web server. I'm trying to move it to a web server on a Windows machine running Omnihttpd. It isn't working. Any ideas?

    <?php

    if(!isset($PHP_AUTH_USER))
    {
    Header("WWW-Authenticate: Basic realm="Hardware Review"");
    Header("HTTP/1.0 401 Unauthorized");
    echo "You are not authorized to view this pagen";
    exit;
    }
    else
    {
    if ($PHP_AUTH_USER!="hardware"&#0124; &#0124;$PHP_AUTH_PW!="Speed0")
    {
    Header("HTTP/1.0 401 Unauthorized");
    echo "You are not authorized to view this pagen";
    exit;
    }
    }
    ?>
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2000
    Posts
    60
    Rep Power
    15
    you'll have to try a totally different script. Yours will work only when PHP is run as a module, as opposed to as CGI on Win32 for both OmniHTTPD and Apache.
    Try the following. Doesn't depend on any server modules, and its not very secure, but it works in a pinch
    login.php
    <BLOCKQUOTE><font size="1" face="Verdana,Arial,Helvetica">code:</font><HR><pre>
    <HTML>
    <HEAD>
    <TITLE>My Login Form</TITLE>
    </HEAD>

    <?

    switch ($do) {

    case "authenticate":

    $connection = mysql_connect("localhost", "user", "password")
    or die ("Couldn't connect to server.");

    $db = mysql_select_db("authentication_db", $connection)
    or die ("Couldn't select database.");

    $sql = "SELECT id
    FROM users
    WHERE username='$username' and password='$password'";

    $result = mysql_query($sql)
    or die("Couldn't execute query.");

    $num = mysql_numrows($result);

    if ($num == 1) {

    echo "<P>You are a valid user!<br>";
    echo "Your username is $username<br>";
    echo "Your password is $password</p>";

    } else if ($num == 0) {

    unset($do);
    echo "You are not authorized! Please try again.</p>";
    include("login_form.inc");

    }

    break;

    default:

    include("login_form.inc");

    }

    ?>

    </BODY>
    </HTML>
    [/code]

    and
    login_form.inc

    <BLOCKQUOTE><font size="1" face="Verdana,Arial,Helvetica">code:</font><HR><pre>
    <FORM ACTION="login2.php?do=authenticate" METHOD="post">

    <table border=0>
    <tr>
    <td><strong>Username</strong></td>
    <td><input type="text" name="username" size="10" maxsize="10">
    </td>
    </tr>

    <tr>
    <td><strong>Password</strong></td>
    <td><input type="password" name="password" size="10" maxsize="10">
    </td>
    </tr>

    <tr>
    <td colspan="2" align="center">
    <input type="submit" value="Validate Me">
    </td>
    </tr>

    </table>
    [/code]
  4. #3
  5. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2000
    Posts
    26
    Rep Power
    0
    I follow the code, but I'm not sure this will protect everything, since it looks like someone could just punch up one of the pages directly and bypass the password. Is there another script language that I can use to authenticate?
  6. #4
  7. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2000
    Location
    Roseburg, OR, USA
    Posts
    23
    Rep Power
    0
    Your best bet is probably to generate the page your are trying to protect once the user is authenticated.. here is what I have been using.. note I'm NOT an expert on anything:

    ***********

    <?php

    $auth = false;

    if (isset( $user ) && isset($password)) {

    @mysql_connect ("localhost", "root", "password")
    or die ( 'cannot connect...' );

    mysql_select_db( 'content' )
    or die ( 'cannot select...' );

    $sql = ("SELECT * FROM users WHERE
    username = '$user' AND
    password = '$password'");

    $result = mysql_query( $sql )
    or die ( 'cannot execute...' );

    $num = mysql_numrows( $result );

    if ( $num != 0 ) {

    $auth = true;
    }

    }

    if ( ! $auth ) {


    echo 'Authorization Required.';
    exit;

    }

    else {


    echo '<html>
    <head><title></title>
    </head>
    <body>


    It would be easy to change this html with a require or include based on the username entered...


    </body>
    </html>';

    }

    ?>

    **********

    Below is my page used for submitting the the username and password:

    **********

    <html>
    <head><title></title>
    </head>

    <body>

    <form action="login.php" method="POST">

    Username: <input type="text" name="user" size="8" maxlength="8">

    Password: <input type="password" name="password" size="10" maxlength="20">

    <input type="submit" value="Login">
    </form>

    </body>
    </html>

    ************

    Hope this was helpful

Similar Threads

  1. Garbled HTTP Submit
    By lustyx in forum Perl Programming
    Replies: 5
    Last Post: August 11th, 2003, 07:37 PM
  2. Slow upload of large files via HTTP form
    By enclume42 in forum HTML Programming
    Replies: 0
    Last Post: February 11th, 2003, 12:21 PM
  3. http process consume lots of cpu
    By dkhambit in forum Apache Development
    Replies: 1
    Last Post: October 3rd, 2002, 09:58 AM
  4. HTTP environmental variables not found?
    By tbonds67 in forum Apache Development
    Replies: 5
    Last Post: January 3rd, 2002, 05:12 AM
  5. IBM HTTP SERVER 1.3 = Apache Server
    By fazal in forum Apache Development
    Replies: 0
    Last Post: April 29th, 2001, 06:12 AM

IMN logo majestic logo threadwatch logo seochat tools logo