OK, this is an "authentication with PHP newbie" question...

WinNT 4.0, SP6a
PHP 4.2.0
Apache 2.0.36
MySQL 4.0.1

Trying to get accustomed to PHP 4.2.0 and PHP's preference for
register_globals off, I have register_globals off.

However, when I try to use $PHP_AUTH_USER and $PHP_AUTH_PW, my script fails
(attempting to validate username and password credectials against MySQL...no
error message and my login failure message does not show up, even after
three unsuccessful challenge responses.

When I set register_globals on, I am successful in gaining authorization
(ie, the header('WWW-Auth....' is correct, the script works, the MySQL
connection works and the query works).

How, then do I define th $PHP_AUTH_USER and $PHP_AUTH_PW variables up front
with register_globals off?

The docs offer nothing that has led me to a logical answer.


Mike =====>script copied below


 // Check to see if $PHP_AUTH_USER already contains info

 if(!isset($PHP_AUTH_USER)) {

  // If empty, send header causing dialog box to appear

  header('WWW-Authenticate: Basic realm="Authentication Area"');
  header('HTTP/1.0 401 Unauthorized');
  echo "You can't get in!";

 } elseif(isset($PHP_AUTH_USER)){

  // If non-empty, check the database for matches
  // connect to MySQL

  $db=mysql_pconnect("host", "username", "password")

   or die("Unable to connect to database.");

  // select database on MySQL server

   or die("Unable to select database.");

  // Formulate the query

  $sql = "SELECT username, password
                FROM auth
                WHERE username='$PHP_AUTH_USER' AND

  // Execute the query and put results in $result

  $result = mysql_query($sql);

  // Get number of rows in $result. 0 if invalid, 1 if valid.

  $num = mysql_numrows($result);

  if($num != "0") {
   echo "<P>You are authorized!</p>";

  } else{

  header('WWW-Authenticate: Basic realm="Authentication Area""');
  header('HTTP/1.0 401 Unauthorized');
  echo "You need to login with correct credentials.";




PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to