Earlier I posted a question about why the failure message in my HTTP
authentication script wasn't working. I figured out the answer. There
was no place to go if the user entered a username or password that
wasn't in the database. 

Below is the corrected code.

John Hughes

<?
session_start();
/*
** Check password
*/
if($PHP_AUTH_USER != '') #If variable has content check user database
{
require (***directory path ouside Web root***/connect DB***);
$sql = "
SELECT * 
FROM users 
WHERE username = '$PHP_AUTH_USER' AND password =
password('$PHP_AUTH_PW')
"; #end SQL
$result = mysql_query($sql,$connection) or die ("Can't execute
query."); 
$num = mysql_numrows($result); 
if ($num != 0) { 
   $valid="yes";
   $user=$username;
   session_register('valid');
   session_register('user');
   header("Location:letters.php");
   exit;
} ELSE { #TRY AGAIN
   header("WWW-Authenticate: Basic realm='The Letters Realm'");
   header("HTTP/1.0 401 Unauthorized");
   //show failure text if user presses cancel
   print("This directory requires a user name and password.<br>\n");
} #END IF ON SQL CHECK DB RESULT 
} ELSE { //SEND headers to request username and password
   header("WWW-Authenticate: Basic realm='The Letters Realm'");
   header("HTTP/1.0 401 Unauthorized");
   //show failure text if user presses cancel
   print("This directory requires a user name and password.<br>\n");
}
?>

__________________________________________________
Do You Yahoo!?
Yahoo! Tax Center - online filing with TurboTax
http://taxes.yahoo.com/

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to