470,849 Members | 1,057 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 470,849 developers. It's quick & easy.

problem with authentication routine


The code below comes from a Webmonkey tutorial ( with a couple of
modifications tagged by // which I do not think are relevant)
I cannot get it to work. Any help would be appreciated.
The php file is in the same directory as the .htpasswd file and there is no
..htaccess file.
When I click on a link to the file the initial header('WWW-Authenticate:
Basic realm="My Realm"') dialog pops up and asks for username and
password.
When I enter them, the final header('WWW-Authenticate: Basic
realm="Private"') dialog pops up 3 times before rejecting the
authentication.
Using alerts I have tracked through the code and everything seems ok right
to the end:
the contents of .htpasswd are correctly read into $file_contents and
exploded into $line;
when I check $data_pair[1] and $enc_pw in alert boxes they
are the same;
but the condition if ($data_pair[1] == $enc_pw ) fails and the
Authorization Required message is echoed along with the two identical
strings representing $data_pair[1] and $enc_pw

<?php
if (!isset($_SERVER['PHP_AUTH_USER'])) { //was
!isset($PHP_AUTH_USER)
header('WWW-Authenticate: Basic realm="My Realm"');
header('HTTP/1.0 401 Unauthorized');
echo 'Text to send if user hits Cancel button';
exit;
} else if (isset($_SERVER['PHP_AUTH_USER'])) {
$filename = ".htpasswd";
$fp = fopen($filename, "r");
$file_contents = fread($fp, filesize($filename));
fclose($fp);
$line = explode("\n", $file_contents);
$i = 0;
while($i < sizeof($line))
{ //was while($i <=
sizeof($line)) {
$data_pair = explode(":", $line[$i]);
if ($data_pair[0] =="$PHP_AUTH_USER") {
$salt = substr($data_pair[1], 0, 2);
$enc_pw = crypt("$PHP_AUTH_PW", $salt);
if ($data_pair[1] == $enc_pw ) {
$auth = 1;
break;
} else {
$auth = 0;
}
} else {
$auth = 0;
}
$i++;
}
if ($auth == "1") {
echo "You're authorized!";
} else {
header('WWW-Authenticate: Basic realm="Private"');
header('HTTP/1.0 401 Unauthorized');
echo 'You have not supplied the <strong>Authorization
Required</strong> to enter this site.';
echo $enc_pw."<br>";
echo $data_pair[1]; // confirms that $enc_pw and
$data_pair[1] are apparently the same
exit;
}
}
?>

Jul 17 '05 #1
2 1553
"Alliss" <a1****@hotmail.com> wrote:
The code below comes from a Webmonkey tutorial ( with a couple of
modifications tagged by // which I do not think are relevant)
I cannot get it to work. Any help would be appreciated. if (!isset($_SERVER['PHP_AUTH_USER'])) { Here you have modified the code correctly.
//... if ($data_pair[0] =="$PHP_AUTH_USER") {
$salt = substr($data_pair[1], 0, 2);
$enc_pw = crypt("$PHP_AUTH_PW", $salt);

And here you forgot.

if ($data_pair[0] == $_SERVER['PHP_AUTH_USER']) {
$salt = substr($data_pair[1], 0, 2);
$enc_pw = crypt($_SERVER['PHP_AUTH_PW'], $salt);

HTH;
JOn
Jul 17 '05 #2

"Jon Kraft" <jo*@jonux.co.uk> wrote in message
news:Xn**************************@130.133.1.4...
And here you forgot.

if ($data_pair[0] == $_SERVER['PHP_AUTH_USER']) {
$salt = substr($data_pair[1], 0, 2);
$enc_pw = crypt($_SERVER['PHP_AUTH_PW'], $salt);

HTH;
JOn


Thanks Jon.
After this correction it still did not work.
I tracked the problem down to a difference in the strlengths of $enc_pw and
$data_pair[1] (13 cf 14).
$data_pair[1] had a final space appended to the string which it picked up
from the lines in the .htpasswd file.
Jul 17 '05 #3

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

2 posts views Thread by Rob Douglass | last post: by
2 posts views Thread by Steve Richfield | last post: by
4 posts views Thread by Grind Boy | last post: by
3 posts views Thread by chuck rudolph | last post: by
6 posts views Thread by Jéjé | last post: by
1 post views Thread by Steven M. | last post: by
2 posts views Thread by carl.reimann | last post: by
1 post views Thread by walterbyrd | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.