472,955 Members | 2,610 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > php > questions > problem with authentication routine

Join Bytes to post your question to a community of 472,955 software developers and data experts.

problem with authentication routine


The code below comes from a Webmonkey tutorial ( with a couple of
modifications tagged by // which I do not think are relevant)
I cannot get it to work. Any help would be appreciated.
The php file is in the same directory as the .htpasswd file and there is no
..htaccess file.
When I click on a link to the file the initial header('WWW-Authenticate:
Basic realm="My Realm"') dialog pops up and asks for username and
password.
When I enter them, the final header('WWW-Authenticate: Basic
realm="Private"') dialog pops up 3 times before rejecting the
authentication.
Using alerts I have tracked through the code and everything seems ok right
to the end:
the contents of .htpasswd are correctly read into $file_contents and
exploded into $line;
when I check $data_pair[1] and $enc_pw in alert boxes they
are the same;
but the condition if ($data_pair[1] == $enc_pw ) fails and the
Authorization Required message is echoed along with the two identical
strings representing $data_pair[1] and $enc_pw

<?php
if (!isset($_SERVER['PHP_AUTH_USER'])) { //was
!isset($PHP_AUTH_USER)
header('WWW-Authenticate: Basic realm="My Realm"');
header('HTTP/1.0 401 Unauthorized');
echo 'Text to send if user hits Cancel button';
exit;
} else if (isset($_SERVER['PHP_AUTH_USER'])) {
$filename = ".htpasswd";
$fp = fopen($filename, "r");
$file_contents = fread($fp, filesize($filename));
fclose($fp);
$line = explode("\n", $file_contents);
$i = 0;
while($i < sizeof($line))
{ //was while($i <=
sizeof($line)) {
$data_pair = explode(":", $line[$i]);
if ($data_pair[0] =="$PHP_AUTH_USER") {
$salt = substr($data_pair[1], 0, 2);
$enc_pw = crypt("$PHP_AUTH_PW", $salt);
if ($data_pair[1] == $enc_pw ) {
$auth = 1;
break;
} else {
$auth = 0;
}
} else {
$auth = 0;
}
$i++;
}
if ($auth == "1") {
echo "You're authorized!";
} else {
header('WWW-Authenticate: Basic realm="Private"');
header('HTTP/1.0 401 Unauthorized');
echo 'You have not supplied the <strong>Authorization
Required</strong> to enter this site.';
echo $enc_pw."<br>";
echo $data_pair[1]; // confirms that $enc_pw and
$data_pair[1] are apparently the same
exit;
}
}
?>

Jul 17 '05 #1
2 1626
"Alliss" <a1****@hotmail.com> wrote:
The code below comes from a Webmonkey tutorial ( with a couple of
modifications tagged by // which I do not think are relevant)
I cannot get it to work. Any help would be appreciated. if (!isset($_SERVER['PHP_AUTH_USER'])) { Here you have modified the code correctly.
//... if ($data_pair[0] =="$PHP_AUTH_USER") {
$salt = substr($data_pair[1], 0, 2);
$enc_pw = crypt("$PHP_AUTH_PW", $salt);

And here you forgot.

if ($data_pair[0] == $_SERVER['PHP_AUTH_USER']) {
$salt = substr($data_pair[1], 0, 2);
$enc_pw = crypt($_SERVER['PHP_AUTH_PW'], $salt);

HTH;
JOn
Jul 17 '05 #2

"Jon Kraft" <jo*@jonux.co.uk> wrote in message
news:Xn**************************@130.133.1.4...
And here you forgot.

if ($data_pair[0] == $_SERVER['PHP_AUTH_USER']) {
$salt = substr($data_pair[1], 0, 2);
$enc_pw = crypt($_SERVER['PHP_AUTH_PW'], $salt);

HTH;
JOn


Thanks Jon.
After this correction it still did not work.
I tracked the problem down to a difference in the strlengths of $enc_pw and
$data_pair[1] (13 cf 14).
$data_pair[1] had a final space appended to the string which it picked up
from the lines in the .htpasswd file.
Jul 17 '05 #3
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
Form Authentication Expiration
by: Rob Douglass | last post by:
Hi all, I have a site that is compeletely restricted by form authentication. In the case where a user's cookie expires and then they click on the logout button on the site, the authetication...
.NET Framework
12
Problem with WWW-Authenticate HTTP header
by: Ian | last post by:
I'm hoping someome more knowledgeable than I can help me with a problem I'm having. I have been writing a system using PHP and MySQL and had it running for testing purposes on my own pc which is...
HTML / CSS
2
Error handler problem...
by: Steve Richfield | last post by:
My error handler works GREAT. However, VBA seems to have some bugs/features that are causing it fits. The little snippet that I put at the end of each routine looks like this: Error_Handler: If...
Microsoft Access / VBA
4
.NET IIS to IIS credentials problem...
by: Grind Boy | last post by:
Hi, I'm writing this off the top of my head as I don't have the exact information to hand. We are attempting to set up a secure internet site using ASP.NET on IIS5. We are having some...
ASP.NET
3
Forms Authentication Ticket/Cookie values
by: chuck rudolph | last post by:
Folks, Can anyone confirm that my understading is correct and maybe shed some light on why it's as it is. (I'm guessing security, but that seems weak to me.) The asp.net web application is using...
ASP.NET
6
custom code + delegation = problem...
by: Jéjé | last post by:
Hi, I have a custom aspx page which access RS (Reporting Services) using the webservice interface. I'm using the delegation (defautcredentialcache) to send the user authentication to RS. RS...
ASP.NET
1
Cookie Problem
by: Steven M. | last post by:
Greetings... I need desperate help with my problem. I guess the solution is related in some way with the cookies getting lost in the authentication process working with some web servers. ...
ASP.NET
2
smtplib "authentication required" error
by: carl.reimann | last post by:
In using a simple smtp routine: # begin example >>> import smtplib >>> server = smtplib.SMTP('outgoing.verizon.net') >>> server.sendmail('my@address.net', 'another@address.net', """To:...
Python
1
need help with user authentication routine
by: walterbyrd | last post by:
I am trying to develop a simple user authentication routine. I started with something I got from a book called "PHP in Easy Steps." It works like this: - create a table in a database with...
PHP
0
React to native button blinking effect
by: lllomh | last post by:
Define the method first this.state = { buttonBackgroundColor: 'green', isBlinking: false, // A new status is added to identify whether the button is blinking or not } autoStart=()=>{
Software Development
2
Windows 11 and Access Combo Box Issue
by: DJRhino | last post by:
Was curious if anyone else was having this same issue or not.... I was just Up/Down graded to windows 11 and now my access combo boxes are not acting right. With win 10 I could start typing...
Microsoft Access / VBA
0
How to find best mobile app development company in usa
by: Aliciasmith | last post by:
In an age dominated by smartphones, having a mobile app for your business is no longer an option; it's a necessity. Whether you're a startup or an established enterprise, finding the right mobile app...
Mobile Development
0
tracyyun
Can faster file sharing be achieved by connecting computers simultaneously via WiFi and LAN cables
by: tracyyun | last post by:
Hello everyone, I have a question and would like some advice on network connectivity. I have one computer connected to my router via WiFi, but I have two other computers that I want to be able to...
Networking - Hardware / Configuration
2
Energy Model code modification to account for year dependent interest rate
by: giovanniandrean | last post by:
The energy model is structured as follows and uses excel sheets to give input data: 1-Utility.py contains all the functions needed to calculate the variables and other minor things (mentions...
Python
4
NeoPa
Send Current Object to PDF
by: NeoPa | last post by:
Hello everyone. I find myself stuck trying to find the VBA way to get Access to create a PDF of the currently-selected (and open) object (Form or Report). I know it can be done by selecting :...
Microsoft Access / VBA
0
isladogs
Access Europe Meeting - Wed 1 Nov - Using SQL Server skills to extend Access
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 1 Nov 2023 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM) Please note that the UK and Europe revert to winter time on...
Microsoft Access / VBA
3
Finding a record, and then saving a new record after the record has been amended.
by: nia12 | last post by:
Hi there, I am very new to Access so apologies if any of this is obvious/not clear. I am creating a data collection tool for health care employees to complete. It consists of a number of...
Microsoft Access / VBA
0
isladogs
Access Europe Meeting - Wed 6 Dec - Streamline Your Import/Export Spec Workflow with VBA Classes
by: isladogs | last post by:
The next online meeting of the Access Europe User Group will be on Wednesday 6 Dec 2023 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, Mike...
Microsoft Access / VBA

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2023
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!