Can someone test this code, It prompts to login, but does not accept my username and
or password .. I have a feeling its a server configuration problem but i need someone
to help me confirm it.
Running php version 4.2.3. Apache/1.3.27 - I have tried using
$_SERVER['PHP_AUTH_USER'] and $HTTP_SERVER_VARS['PHP_AUTH_USER'] .. neither works =\
I am just including this script into a script I want to protect.
Thanks.
<?php
$checkservername = "localhost";
$dbcheckusername = "";
$dbcheckpassword = "";
$dbcheckbase = "";
$encryptedpw = true; // password encrypt? (md5)
$realm = "This site is private!";
$auth = false;
if (isset( $PHP_AUTH_USER ) && isset($PHP_AUTH_PW)) {
mysql_connect( $checkservername, $dbcheckusername, $dbcheckpassword )
or die ( 'Unable to connect to server.' );
mysql_select_db( $dbcheckbase )
or die ( 'Unable to select database.' );
if ($encryptedpw) {
$chkpw = md5($PHP_AUTH_PW);
} else {
$chkpw = $PHP_AUTH_PW;
}
$sql = ("SELECT * FROM user WHERE username = '$PHP_AUTH_USER' AND password =
'$chkpw' AND (usergroupid = '6')");
$result = mysql_query( $sql )
or die ( 'Unable to execute query.' );
$num = mysql_numrows( $result );
if ( $num != 0 ) {
$auth = true;
}
}
if ( ! $auth ) {
header( "WWW-Authenticate: Basic realm=\"$realm\"" );
header( "HTTP/1.0 401 Unauthorized" );
echo 'Authorization Required!';
exit;
}
?>
----- Original Message -----
From: Sebastian
To: [EMAIL PROTECTED]
Sent: Thursday, February 20, 2003 4:34 AM
Subject: AUTH (.htaccess style)
Greetings.
I have a member system which each user has a unique ID, username and password.
I want to secure some of my scripts with .htaccess style login, Basically I would
like to fetch the username and password from mysql database, the password is encrypt
using md5 hash.
I would like to the ability to include the file into any script I would like to
protect and validate the user based on the information that is stored on the mysql
database.
Conclusion: Does anyone know of a handy script that I could use?
Thanks in advanced.
