NO !

The headers have to be sent *after* you check the values of $_SERVER["PHP_AUTH_USER"] , which you changed inexplicably to $PHP_AUTH_USER (which is no longer a global variable in recent versions of PHP > 4.1). If they are not global variables within PHP then it'll treat them as local variables within that function (and they'll always be empty)

Check those values first, then if they don't match you're here for the first time (and they're blank) or you haven't got a match from the submitted username / password, so send the authentication headers again.

Then *exit your script* or you will loop. Use


to do this.

Cheers - Neil

At 21:15 11/11/2005, you wrote:
Do you Yahoo!?
  Never miss an Instant Message - Yahoo! Messenger for SMS
Date: Fri, 11 Nov 2005 15:22:14 +1100 (EST)
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-976019534-1131682934=:5427"
Content-Transfer-Encoding: 8bit
Subject: Re: Login Auth help?


Well I tried this code but it fails, if I enter a correct User and Pass set in the db it just prompts for the user/pass again. The error message that should apply if wrong three times appears but the sucessful message I can't get regardless of correct user pass or not, any help please?

function displayLogin() {
header("WWW-Authenticate: Basic realm=\"My Website\"");
header("HTTP/1.0 401 Unauthorized");
echo "<h2>Authentication Failure</h2>";
echo "The username and password provided did not work. Please reload this page and try again.";
$db = mysql_connect('localhost','db_user',db_pass') or die("Couldn't connect to the database.");
mysql_select_db('db_name') or die("Couldn't select the database");
if (!isset($PHP_AUTH_USER) || !isset($PHP_AUTH_PW)) {
// If username or password hasn't been set, display the login request.
} else {
// Escape both the password and username string to prevent users from inserting bogus data.
$PHP_AUTH_USER = addslashes($PHP_AUTH_USER);
// Check username and password agains the database.
$result = mysql_query("SELECT count(id) FROM users WHERE password='$PHP_AUTH_PW' AND username='$PHP_AUTH_USER'") or die("Couldn't query the user-database.");
$num = mysql_result($result, 0);
if (!$num) {
// If there were no matching users, show the login
// All code/html below will only be displayed to authenticated users.
echo "Congratulations! You're now authenticated.";


CaptionKit : Production tools
for accessible subtitled internet media, transcripts
and searchable video. Supports Real Player, Quicktime
and Windows Media Player.

VideoChat with friends online, get Freshly Toasted every
day at : NetMeeting solutions
for a connected world.

PHP Database Mailing List (
To unsubscribe, visit:

Reply via email to