Connecting Tech Pros Worldwide Forums | Help | Site Map
bytes > topic > php > answers

Basic Authentication problem

fiziwig
Guest
  
Posts: n/a
#1: Jun 27 '06
Hi,

I've written my first attempt at basic authentication and it doesn't
work. I thought I understood the specs, but I must be missing something
obvious. Can anyone give me a hint as to what might be going wrong. I
know the username and password are correct because I can log into the
site manually. Below is the code (with my customer's site-specific
stuff X'ed out) :

Thanks,
--gary

$fh = fsockopen('XXXXXXXXX.com', 80, $errno, $errstr, 30);
if($fh) {
$body =
'service=RemoveProspect&modifiers[responder]='.$group;
$body .= '&modifiers[email]='.$_POST['email'];
$body .= '&modifiers[ip]='.$ip_addr;
$request = 'POST /XXX/Webservice/PostServer/
HTTP/1.1'."\r\n"
.'Authorization: Basic
'.base64_encode("username:password")."\r\n"
.'Host: XXXXXXXXX.com'."\r\n"
.'Referer:
http://'.$_SERVER['SERVER_NAME']."\r\n"
."Content-Type:
application/x-www-form-urlencoded\r\n"
.'Content-length: '.strlen($body)."\r\n"
.'Connection: close'."\r\n\r\n"
.$body;
fwrite($fh, $request);
$response = '';
while(!feof($fh)) {
$response .= fread($fh, 1024);
}
fclose($fh);

The variable strings are OK because I can cut and paste them into the
URL when I log in manually and they are accepted. But the above code
always returns a 403, Not Authorized.

Janwillem Borleffs
Guest
  
Posts: n/a
#2: Jun 27 '06

re: Basic Authentication problem

fiziwig wrote:[color=blue]
> The variable strings are OK because I can cut and paste them into the
> URL when I log in manually and they are accepted. But the above code
> always returns a 403, Not Authorized.
>[/color]

Perhaps the host expects a User-Agent; try to provide one.


JW
fiziwig
Guest
  
Posts: n/a
#3: Jun 27 '06

re: Basic Authentication problem


Janwillem Borleffs wrote:[color=blue]
> fiziwig wrote:[color=green]
> > The variable strings are OK because I can cut and paste them into the
> > URL when I log in manually and they are accepted. But the above code
> > always returns a 403, Not Authorized.
> >[/color]
>
> Perhaps the host expects a User-Agent; try to provide one.
>
>
> JW[/color]

Good thought. I just tired your suggestion but it didn't help. :-(

Thanks,
--gary
fiziwig
Guest
  
Posts: n/a
#4: Jun 27 '06

re: Basic Authentication problem


fiziwig wrote:[color=blue]
> Janwillem Borleffs wrote:[color=green]
> > fiziwig wrote:[color=darkred]
> > > The variable strings are OK because I can cut and paste them into the
> > > URL when I log in manually and they are accepted. But the above code
> > > always returns a 403, Not Authorized.
> > >[/color]
> >
> > Perhaps the host expects a User-Agent; try to provide one.
> >
> >
> > JW[/color]
>
> Good thought. I just tired your suggestion but it didn't help. :-(
>
> Thanks,
> --gary[/color]

Another oddity: I changed the URL in the fsockopen to point to a
different server (also changing the password and username) and the same
code works fine on my own server but not on the customer's server.
Hmmm.

--gary
Janwillem Borleffs
Guest
  
Posts: n/a
#5: Jun 27 '06

re: Basic Authentication problem

fiziwig wrote:[color=blue]
> Another oddity: I changed the URL in the fsockopen to point to a
> different server (also changing the password and username) and the
> same code works fine on my own server but not on the customer's
> server. Hmmm.
>[/color]

Try manual entry with FireFox and the Live HTTP Headers extension enabled
(http://livehttpheaders.mozdev.org/) and see where the communication
consists of.

Perhaps one uses IIS and the other Apache and there's a difference in
handling these requests...


JW
Jerry Stuckle
Guest
  
Posts: n/a
#6: Jun 27 '06

re: Basic Authentication problem

fiziwig wrote:[color=blue]
> Hi,
>
> I've written my first attempt at basic authentication and it doesn't
> work. I thought I understood the specs, but I must be missing something
> obvious. Can anyone give me a hint as to what might be going wrong. I
> know the username and password are correct because I can log into the
> site manually. Below is the code (with my customer's site-specific
> stuff X'ed out) :
>
> Thanks,
> --gary
>
> $fh = fsockopen('XXXXXXXXX.com', 80, $errno, $errstr, 30);
> if($fh) {
> $body =
> 'service=RemoveProspect&modifiers[responder]='.$group;
> $body .= '&modifiers[email]='.$_POST['email'];
> $body .= '&modifiers[ip]='.$ip_addr;
> $request = 'POST /XXX/Webservice/PostServer/
> HTTP/1.1'."\r\n"
> .'Authorization: Basic
> '.base64_encode("username:password")."\r\n"
> .'Host: XXXXXXXXX.com'."\r\n"
> .'Referer:
> http://'.$_SERVER['SERVER_NAME']."\r\n"
> ."Content-Type:
> application/x-www-form-urlencoded\r\n"
> .'Content-length: '.strlen($body)."\r\n"
> .'Connection: close'."\r\n\r\n"
> .$body;
> fwrite($fh, $request);
> $response = '';
> while(!feof($fh)) {
> $response .= fread($fh, 1024);
> }
> fclose($fh);
>
> The variable strings are OK because I can cut and paste them into the
> URL when I log in manually and they are accepted. But the above code
> always returns a 403, Not Authorized.
>[/color]


'Authorization: Basic '.base64_encode("username:password")."\r\n"

Are you putting your real username and password in here?

Also, don't know if it makes a difference - but I normally put the authorization
header just before the content type.

If you're running Firefox, you can get the Live HTTP Headers extension for it.
Print out your header and compare it to what you get when you try to access the
page with Firefox. You should be able to see what the difference is.



--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================
fiziwig
Guest
  
Posts: n/a
#7: Jun 29 '06

re: Basic Authentication problem


Jerry Stuckle wrote:
<snip>[color=blue]
>
> 'Authorization: Basic '.base64_encode("username:password")."\r\n"
>
> Are you putting your real username and password in here?
>
> Also, don't know if it makes a difference - but I normally put the authorization
> header just before the content type.
>
> If you're running Firefox, you can get the Live HTTP Headers extension for it.
> Print out your header and compare it to what you get when you try to access the
> page with Firefox. You should be able to see what the difference is.
>[/color]

Yes, I am using the real username and password.

FWIW: This alternate approach DID work:

$url = 'http://XXXXXXX.com/ModWebservice/PostServer/';
$url .= '?service=AddProspect&modifiers[responder][0]='.$list_name;
$url .= '&modifiers[email]='.$email;
$url .= '&modifiers[name]='.urlencode($first_name.' '.$last_name);
$url .= '&modifiers[ip]='.$ip;
$ch = curl_init();
// set URL and other appropriate options
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_USERPWD, "username:password");
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

// grab URL and pass it to the browser
$response=curl_exec($ch);

// close CURL resource, and free up system resources
curl_close($ch);

Thanks for all the suggestions.

--gary
Closed Thread

« previous question | next question »

Similar PHP bytes

/bytes/development

/bytes/it

Forums
Visit our community forums for general discussions and latest on Bytes

Our staff and community areas have moved to bytes.com/forums/

/bytes/about

We are a network of experts and professionals in IT and software development that help one another with answers to tough questions and share insights. Get the best answers to your questions from over 226,419 network members.

dev questions:
algorithms | asp | asp.net | c/c++ | coldfusion | c# | flash | html/css | java | javascript |
mobile dev | .net | perl | php | python | ruby | software dev | vb.net | visual basic | xml
it questions:
access | apache | careers | db2 | iis | macosx | mysql | networking | oracle | postgresql | sql server | unix | windows

About Bytes | Copyright 1995-2009 BYTES. All rights Reserved