Earlier I posted a question about why the failure message in my HTTP
authentication script wasn't working. I figured out the answer. There
was no place to go if the user entered a username or password that
wasn't in the database.
Below is the corrected code.
John Hughes
<?
session_start();
/*
** Check password
*/
if($PHP_AUTH_USER != '') #If variable has content check user database
{
require (***directory path ouside Web root***/connect DB***);
$sql = "
SELECT *
FROM users
WHERE username = '$PHP_AUTH_USER' AND password =
password('$PHP_AUTH_PW')
"; #end SQL
$result = mysql_query($sql,$connection) or die ("Can't execute
query.");
$num = mysql_numrows($result);
if ($num != 0) {
$valid="yes";
$user=$username;
session_register('valid');
session_register('user');
header("Location:letters.php");
exit;
} ELSE { #TRY AGAIN
header("WWW-Authenticate: Basic realm='The Letters Realm'");
header("HTTP/1.0 401 Unauthorized");
//show failure text if user presses cancel
print("This directory requires a user name and password.<br>\n");
} #END IF ON SQL CHECK DB RESULT
} ELSE { //SEND headers to request username and password
header("WWW-Authenticate: Basic realm='The Letters Realm'");
header("HTTP/1.0 401 Unauthorized");
//show failure text if user presses cancel
print("This directory requires a user name and password.<br>\n");
}
?>
__________________________________________________
Do You Yahoo!?
Yahoo! Tax Center - online filing with TurboTax
http://taxes.yahoo.com/
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
