NO !
The headers have to be sent *after* you check the values of
$_SERVER["PHP_AUTH_USER"] , which you changed inexplicably to
$PHP_AUTH_USER (which is no longer a global variable in recent
versions of PHP > 4.1). If they are not global variables within PHP
then it'll treat them as local variables within that function (and
they'll always be empty)
Check those values first, then if they don't match you're here for
the first time (and they're blank) or you haven't got a match from
the submitted username / password, so send the authentication headers again.
Then *exit your script* or you will loop. Use
exit;
to do this.
Cheers - Neil
At 21:15 11/11/2005, you wrote:
Do you Yahoo!?
Never miss an Instant Message - Yahoo! Messenger for SMS
Message-ID: <[EMAIL PROTECTED]>
Date: Fri, 11 Nov 2005 15:22:14 +1100 (EST)
From: JeRRy <[EMAIL PROTECTED]>
To: php-db@lists.php.net
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-976019534-1131682934=:5427"
Content-Transfer-Encoding: 8bit
Subject: Re: Login Auth help?
Hi,
Well I tried this code but it fails, if I enter a correct User and
Pass set in the db it just prompts for the user/pass again. The
error message that should apply if wrong three times appears but the
sucessful message I can't get regardless of correct user pass or
not, any help please?
<?php
function displayLogin() {
header("WWW-Authenticate: Basic realm=\"My Website\"");
header("HTTP/1.0 401 Unauthorized");
echo "<h2>Authentication Failure</h2>";
echo "The username and password provided did not work. Please reload
this page and try again.";
exit;
}
$db = mysql_connect('localhost','db_user',db_pass') or die("Couldn't
connect to the database.");
mysql_select_db('db_name') or die("Couldn't select the database");
if (!isset($PHP_AUTH_USER) || !isset($PHP_AUTH_PW)) {
// If username or password hasn't been set, display the login request.
displayLogin();
} else {
// Escape both the password and username string to prevent users
from inserting bogus data.
$PHP_AUTH_USER = addslashes($PHP_AUTH_USER);
$PHP_AUTH_PW = md5($PHP_AUTH_PW);
// Check username and password agains the database.
$result = mysql_query("SELECT count(id) FROM users WHERE
password='$PHP_AUTH_PW' AND username='$PHP_AUTH_USER'") or
die("Couldn't query the user-database.");
$num = mysql_result($result, 0);
if (!$num) {
// If there were no matching users, show the login
displayLogin();
}
}
// All code/html below will only be displayed to authenticated users.
echo "Congratulations! You're now authenticated.";
?>
========================================================
CaptionKit http://www.captionkit.com : Production tools
for accessible subtitled internet media, transcripts
and searchable video. Supports Real Player, Quicktime
and Windows Media Player.
VideoChat with friends online, get Freshly Toasted every
day at http://www.fresh-toast.net : NetMeeting solutions
for a connected world.
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
