473,395 Members | 1,502 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > php > questions > problem with authentication routine

Join Bytes to post your question to a community of 473,395 software developers and data experts.

problem with authentication routine


The code below comes from a Webmonkey tutorial ( with a couple of
modifications tagged by // which I do not think are relevant)
I cannot get it to work. Any help would be appreciated.
The php file is in the same directory as the .htpasswd file and there is no
..htaccess file.
When I click on a link to the file the initial header('WWW-Authenticate:
Basic realm="My Realm"') dialog pops up and asks for username and
password.
When I enter them, the final header('WWW-Authenticate: Basic
realm="Private"') dialog pops up 3 times before rejecting the
authentication.
Using alerts I have tracked through the code and everything seems ok right
to the end:
the contents of .htpasswd are correctly read into $file_contents and
exploded into $line;
when I check $data_pair[1] and $enc_pw in alert boxes they
are the same;
but the condition if ($data_pair[1] == $enc_pw ) fails and the
Authorization Required message is echoed along with the two identical
strings representing $data_pair[1] and $enc_pw

<?php
if (!isset($_SERVER['PHP_AUTH_USER'])) { //was
!isset($PHP_AUTH_USER)
header('WWW-Authenticate: Basic realm="My Realm"');
header('HTTP/1.0 401 Unauthorized');
echo 'Text to send if user hits Cancel button';
exit;
} else if (isset($_SERVER['PHP_AUTH_USER'])) {
$filename = ".htpasswd";
$fp = fopen($filename, "r");
$file_contents = fread($fp, filesize($filename));
fclose($fp);
$line = explode("\n", $file_contents);
$i = 0;
while($i < sizeof($line))
{ //was while($i <=
sizeof($line)) {
$data_pair = explode(":", $line[$i]);
if ($data_pair[0] =="$PHP_AUTH_USER") {
$salt = substr($data_pair[1], 0, 2);
$enc_pw = crypt("$PHP_AUTH_PW", $salt);
if ($data_pair[1] == $enc_pw ) {
$auth = 1;
break;
} else {
$auth = 0;
}
} else {
$auth = 0;
}
$i++;
}
if ($auth == "1") {
echo "You're authorized!";
} else {
header('WWW-Authenticate: Basic realm="Private"');
header('HTTP/1.0 401 Unauthorized');
echo 'You have not supplied the <strong>Authorization
Required</strong> to enter this site.';
echo $enc_pw."<br>";
echo $data_pair[1]; // confirms that $enc_pw and
$data_pair[1] are apparently the same
exit;
}
}
?>

Jul 17 '05 #1
2 1644
"Alliss" <a1****@hotmail.com> wrote:
The code below comes from a Webmonkey tutorial ( with a couple of
modifications tagged by // which I do not think are relevant)
I cannot get it to work. Any help would be appreciated. if (!isset($_SERVER['PHP_AUTH_USER'])) { Here you have modified the code correctly.
//... if ($data_pair[0] =="$PHP_AUTH_USER") {
$salt = substr($data_pair[1], 0, 2);
$enc_pw = crypt("$PHP_AUTH_PW", $salt);

And here you forgot.

if ($data_pair[0] == $_SERVER['PHP_AUTH_USER']) {
$salt = substr($data_pair[1], 0, 2);
$enc_pw = crypt($_SERVER['PHP_AUTH_PW'], $salt);

HTH;
JOn
Jul 17 '05 #2

"Jon Kraft" <jo*@jonux.co.uk> wrote in message
news:Xn**************************@130.133.1.4...
And here you forgot.

if ($data_pair[0] == $_SERVER['PHP_AUTH_USER']) {
$salt = substr($data_pair[1], 0, 2);
$enc_pw = crypt($_SERVER['PHP_AUTH_PW'], $salt);

HTH;
JOn


Thanks Jon.
After this correction it still did not work.
I tracked the problem down to a difference in the strlengths of $enc_pw and
$data_pair[1] (13 cf 14).
$data_pair[1] had a final space appended to the string which it picked up
from the lines in the .htpasswd file.
Jul 17 '05 #3
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
Form Authentication Expiration
by: Rob Douglass | last post by:
Hi all, I have a site that is compeletely restricted by form authentication. In the case where a user's cookie expires and then they click on the logout button on the site, the authetication...
.NET Framework
12
Problem with WWW-Authenticate HTTP header
by: Ian | last post by:
I'm hoping someome more knowledgeable than I can help me with a problem I'm having. I have been writing a system using PHP and MySQL and had it running for testing purposes on my own pc which is...
HTML / CSS
2
Error handler problem...
by: Steve Richfield | last post by:
My error handler works GREAT. However, VBA seems to have some bugs/features that are causing it fits. The little snippet that I put at the end of each routine looks like this: Error_Handler: If...
Microsoft Access / VBA
4
.NET IIS to IIS credentials problem...
by: Grind Boy | last post by:
Hi, I'm writing this off the top of my head as I don't have the exact information to hand. We are attempting to set up a secure internet site using ASP.NET on IIS5. We are having some...
ASP.NET
3
Forms Authentication Ticket/Cookie values
by: chuck rudolph | last post by:
Folks, Can anyone confirm that my understading is correct and maybe shed some light on why it's as it is. (I'm guessing security, but that seems weak to me.) The asp.net web application is using...
ASP.NET
6
custom code + delegation = problem...
by: Jéjé | last post by:
Hi, I have a custom aspx page which access RS (Reporting Services) using the webservice interface. I'm using the delegation (defautcredentialcache) to send the user authentication to RS. RS...
ASP.NET
1
Cookie Problem
by: Steven M. | last post by:
Greetings... I need desperate help with my problem. I guess the solution is related in some way with the cookies getting lost in the authentication process working with some web servers. ...
ASP.NET
2
smtplib "authentication required" error
by: carl.reimann | last post by:
In using a simple smtp routine: # begin example >>> import smtplib >>> server = smtplib.SMTP('outgoing.verizon.net') >>> server.sendmail('my@address.net', 'another@address.net', """To:...
Python
1
need help with user authentication routine
by: walterbyrd | last post by:
I am trying to develop a simple user authentication routine. I started with something I got from a book called "PHP in Easy Steps." It works like this: - create a table in a database with...
PHP
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!