OK, this is an "authentication with PHP newbie" question...
Env:
WinNT 4.0, SP6a
PHP 4.2.0
Apache 2.0.36
MySQL 4.0.1
Development/sandbox
Advertising
Trying to get accustomed to PHP 4.2.0 and PHP's preference for
register_globals off, I have register_globals off.
However, when I try to use $PHP_AUTH_USER and $PHP_AUTH_PW, my script fails
(attempting to validate username and password credectials against MySQL...no
error message and my login failure message does not show up, even after
three unsuccessful challenge responses.
When I set register_globals on, I am successful in gaining authorization
(ie, the header('WWW-Auth....' is correct, the script works, the MySQL
connection works and the query works).
How, then do I define th $PHP_AUTH_USER and $PHP_AUTH_PW variables up front
with register_globals off?
The docs offer nothing that has led me to a logical answer.
TIA!!
Mike =====>script copied below
<?php
// Check to see if $PHP_AUTH_USER already contains info
if(!isset($PHP_AUTH_USER)) {
// If empty, send header causing dialog box to appear
header('WWW-Authenticate: Basic realm="Authentication Area"');
header('HTTP/1.0 401 Unauthorized');
echo "You can't get in!";
exit;
} elseif(isset($PHP_AUTH_USER)){
// If non-empty, check the database for matches
// connect to MySQL
$db=mysql_pconnect("host", "username", "password")
or die("Unable to connect to database.");
// select database on MySQL server
mysql_select_db("mydb",$db)
or die("Unable to select database.");
// Formulate the query
$sql = "SELECT username, password
FROM auth
WHERE username='$PHP_AUTH_USER' AND
password='$PHP_AUTH_PW'";
// Execute the query and put results in $result
$result = mysql_query($sql);
// Get number of rows in $result. 0 if invalid, 1 if valid.
$num = mysql_numrows($result);
if($num != "0") {
echo "<P>You are authorized!</p>";
exit;
} else{
header('WWW-Authenticate: Basic realm="Authentication Area""');
header('HTTP/1.0 401 Unauthorized');
echo "You need to login with correct credentials.";
exit;
}
}
?>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php