By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
454,397 Members | 1,666 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 454,397 IT Pros & Developers. It's quick & easy.

PHP4.3 - PHP_AUTH_USER and PHP_AUTH_PW are empty

P: n/a
BT3
(newbie)
I have taken some code directly out of a book:

<?php

// if we are using IIS, we need to set $PHP_AUTH_USER and $PHP_AUTH_PW
if (substr($SERVER_SOFTWARE, 0, 9) == 'Microsoft' &&
!isset($PHP_AUTH_USER) &&
!isset($PHP_AUTH_PW) &&
substr($HTTP_AUTHORIZATION, 0, 6) == 'Basic '
)
{
list($PHP_AUTH_USER, $PHP_AUTH_PW) =
explode(':', base64_decode(substr($HTTP_AUTHORIZATION, 6)));

}

// Replace this if statement with a database query or similar
if ($PHP_AUTH_USER != 'user' || $PHP_AUTH_PW != 'pass')
{
// visitor has not yet given details, or their
// name and password combination are not correct

header('WWW-Authenticate: Basic realm="WhosOnCam Moderators"');
if (substr($SERVER_SOFTWARE, 0, 9) == 'Microsoft')
header('Status: 401 Unauthorized');
else
header('HTTP/1.0 401 Unauthorized');

echo '<h1>Go Away!</h1>';
echo 'You are not authorized to view this resource.';
echo "User: $PHP_AUTH_USER Password: $PHP_AUTH_PW <BR />";
echo "Header: $HTTP_AUTHORIZATION";
}
etc.

I am getting the login window, and am entering the user/pass combination.
The code is sending me to the '401' clause and telling me all three
variables are blank.

Any help appreciated.

BT3
Jul 17 '05 #1
Share this Question
Share on Google+
5 Replies


P: n/a
BT3 wrote:
I am getting the login window, and am entering the user/pass
combination. The code is sending me to the '401' clause and telling
me all three variables are blank.


Probably from an old book, try prepending the following code:

$PHP_AUTH_USER = @$_SERVER['PHP_AUTH_USER'];
$PHP_AUTH_PW = @$_SERVER['PHP_AUTH_PW'];
JW

Jul 17 '05 #2

P: n/a
BT3
hmmm, I tried to add it to the beginning, then tried to replace the 'list'
function with the code. Exactly same results. Book was released first in
Oct 2004, "PHP and MySQL Web Development". Here is the new code: (and
pre-thanks again)

<?php

// if we are using IIS, we need to set $PHP_AUTH_USER and $PHP_AUTH_PW
if (substr($SERVER_SOFTWARE, 0, 9) == 'Microsoft' &&
!isset($PHP_AUTH_USER) &&
!isset($PHP_AUTH_PW) &&
substr($HTTP_AUTHORIZATION, 0, 6) == 'Basic '
)
{
$PHP_AUTH_USER = @$_SERVER['PHP_AUTH_USER'];
$PHP_AUTH_PW = @$_SERVER['PHP_AUTH_PW'];

// list($PHP_AUTH_USER, $PHP_AUTH_PW) =
explode(':', base64_decode(substr($HTTP_AUTHORIZATION, 6)));

}

// Replace this if statement with a database query or similar
if ($PHP_AUTH_USER != 'user' || $PHP_AUTH_PW != 'pass')
{
// visitor has not yet given details, or their
// name and password combination are not correct

header('WWW-Authenticate: Basic realm="WhosOnCam Moderators"');
if (substr($SERVER_SOFTWARE, 0, 9) == 'Microsoft')
header('Status: 401 Unauthorized');
else
header('HTTP/1.0 401 Unauthorized');

echo '<h1>Go Away!</h1>';
echo 'You are not authorized to view this resource.';
echo "User: $PHP_AUTH_USER Password: $PHP_AUTH_PW <BR />";
echo "Header: $HTTP_AUTHORIZATION";
}
else
{
"Janwillem Borleffs" <jw@jwscripts.com> wrote in message
news:42***********************@news.euronet.nl...
BT3 wrote:
I am getting the login window, and am entering the user/pass
combination. The code is sending me to the '401' clause and telling
me all three variables are blank.


Probably from an old book, try prepending the following code:

$PHP_AUTH_USER = @$_SERVER['PHP_AUTH_USER'];
$PHP_AUTH_PW = @$_SERVER['PHP_AUTH_PW'];
JW

Jul 17 '05 #3

P: n/a
BT3 wrote:
hmmm, I tried to add it to the beginning, then tried to replace the
'list' function with the code. Exactly same results. Book was
released first in Oct 2004, "PHP and MySQL Web Development". Here is
the new code: (and pre-thanks again)


Then we are dealing with a lazy author here ;-)

Try the following:

$SERVER_SOFTWARE = $_SERVER['SERVER_SOFTWARE'];
$HTTP_AUTHORIZATION = $_SERVER['HTTP_AUTHORIZATION'];
$PHP_AUTH_USER = @$_SERVER['PHP_AUTH_USER'];
$PHP_AUTH_PW = @$_SERVER['PHP_AUTH_PW'];

// if we are using IIS, we need to set $PHP_AUTH_USER and $PHP_AUTH_PW
if (substr($SERVER_SOFTWARE, 0, 9) == 'Microsoft' &&
!isset($PHP_AUTH_USER) &&
!isset($PHP_AUTH_PW) &&
substr($HTTP_AUTHORIZATION, 0, 6) == 'Basic '
)
{
list($PHP_AUTH_USER, $PHP_AUTH_PW) =
explode(':', base64_decode(substr($HTTP_AUTHORIZATION, 6)));

}

The thing is, that the code relies on register_globals being enabled, while
they are disabled in PHP 4.3 by default.
JW

Jul 17 '05 #4

P: n/a
BT3
I should have caught that since I HAVE read the book, BUT alas it doesn;t
work
I echo'ed all the variables and discovered something:
-----
You are not authorized to view this resource.
User:
Password:
Header:
Software: Rapidsite/Apa/1.3.31 (Unix) FrontPage/5.0.2.2510 mod_ssl/2.8.17
OpenSSL/0.9.7c
-----
Due to the 'SERVER_SOFTWARE', it doesn't look like HTTP_AUTHORIZATION will
return anything no matter what I do. Guess I'll just have to write actual
login pages. I code for almost everything under the sun and this initially
looked like a simple syntax or logic problem. However, I'm crunching on PHP
right now. If I'm correct about the environment (SERVER_SOFTWARE), then I'm
sorry to have wasted your time and thanks so much for your help.

Gonna have to revisit the book, because I don't remember anything about the
equivalent of ASP 'Session' variables to pass "LoggedIn" information between
pages. IF you could steer me in the right direction, I'll be out of your
hair, at least for awhile. :)

Bt3of4

"Janwillem Borleffs" <jw@jwscripts.com> wrote in message
news:42***********************@news.euronet.nl...
BT3 wrote:
hmmm, I tried to add it to the beginning, then tried to replace the
'list' function with the code. Exactly same results. Book was
released first in Oct 2004, "PHP and MySQL Web Development". Here is
the new code: (and pre-thanks again)

Then we are dealing with a lazy author here ;-)

Try the following:

$SERVER_SOFTWARE = $_SERVER['SERVER_SOFTWARE'];
$HTTP_AUTHORIZATION = $_SERVER['HTTP_AUTHORIZATION'];
$PHP_AUTH_USER = @$_SERVER['PHP_AUTH_USER'];
$PHP_AUTH_PW = @$_SERVER['PHP_AUTH_PW'];

// if we are using IIS, we need to set $PHP_AUTH_USER and $PHP_AUTH_PW
if (substr($SERVER_SOFTWARE, 0, 9) == 'Microsoft' &&
!isset($PHP_AUTH_USER) &&
!isset($PHP_AUTH_PW) &&
substr($HTTP_AUTHORIZATION, 0, 6) == 'Basic '
)
{
list($PHP_AUTH_USER, $PHP_AUTH_PW) =
explode(':', base64_decode(substr($HTTP_AUTHORIZATION, 6)));

}

The thing is, that the code relies on register_globals being enabled,

while they are disabled in PHP 4.3 by default.
JW

Jul 17 '05 #5

P: n/a
BT3 wrote:
Gonna have to revisit the book, because I don't remember anything
about the equivalent of ASP 'Session' variables to pass "LoggedIn"
information between pages. IF you could steer me in the right
direction, I'll be out of your hair, at least for awhile. :)


http://www.php.net/manual/en/features.http-auth.php
http://www.php.net/session

JW

Jul 17 '05 #6

This discussion thread is closed

Replies have been disabled for this discussion.