By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
424,988 Members | 1,049 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,988 IT Pros & Developers. It's quick & easy.

Basic Authentication problem

P: n/a
Hi,

I've written my first attempt at basic authentication and it doesn't
work. I thought I understood the specs, but I must be missing something
obvious. Can anyone give me a hint as to what might be going wrong. I
know the username and password are correct because I can log into the
site manually. Below is the code (with my customer's site-specific
stuff X'ed out) :

Thanks,
--gary

$fh = fsockopen('XXXXXXXXX.com', 80, $errno, $errstr, 30);
if($fh) {
$body =
'service=RemoveProspect&modifiers[responder]='.$group;
$body .= '&modifiers[email]='.$_POST['email'];
$body .= '&modifiers[ip]='.$ip_addr;
$request = 'POST /XXX/Webservice/PostServer/
HTTP/1.1'."\r\n"
.'Authorization: Basic
'.base64_encode("username:password")."\r\n"
.'Host: XXXXXXXXX.com'."\r\n"
.'Referer:
http://'.$_SERVER['SERVER_NAME']."\r\n"
."Content-Type:
application/x-www-form-urlencoded\r\n"
.'Content-length: '.strlen($body)."\r\n"
.'Connection: close'."\r\n\r\n"
.$body;
fwrite($fh, $request);
$response = '';
while(!feof($fh)) {
$response .= fread($fh, 1024);
}
fclose($fh);

The variable strings are OK because I can cut and paste them into the
URL when I log in manually and they are accepted. But the above code
always returns a 403, Not Authorized.

Jun 27 '06 #1
Share this Question
Share on Google+
6 Replies


P: n/a
fiziwig wrote:
The variable strings are OK because I can cut and paste them into the
URL when I log in manually and they are accepted. But the above code
always returns a 403, Not Authorized.


Perhaps the host expects a User-Agent; try to provide one.
JW
Jun 27 '06 #2

P: n/a

Janwillem Borleffs wrote:
fiziwig wrote:
The variable strings are OK because I can cut and paste them into the
URL when I log in manually and they are accepted. But the above code
always returns a 403, Not Authorized.


Perhaps the host expects a User-Agent; try to provide one.
JW


Good thought. I just tired your suggestion but it didn't help. :-(

Thanks,
--gary

Jun 27 '06 #3

P: n/a

fiziwig wrote:
Janwillem Borleffs wrote:
fiziwig wrote:
The variable strings are OK because I can cut and paste them into the
URL when I log in manually and they are accepted. But the above code
always returns a 403, Not Authorized.


Perhaps the host expects a User-Agent; try to provide one.
JW


Good thought. I just tired your suggestion but it didn't help. :-(

Thanks,
--gary


Another oddity: I changed the URL in the fsockopen to point to a
different server (also changing the password and username) and the same
code works fine on my own server but not on the customer's server.
Hmmm.

--gary

Jun 27 '06 #4

P: n/a
fiziwig wrote:
Another oddity: I changed the URL in the fsockopen to point to a
different server (also changing the password and username) and the
same code works fine on my own server but not on the customer's
server. Hmmm.


Try manual entry with FireFox and the Live HTTP Headers extension enabled
(http://livehttpheaders.mozdev.org/) and see where the communication
consists of.

Perhaps one uses IIS and the other Apache and there's a difference in
handling these requests...
JW
Jun 27 '06 #5

P: n/a
fiziwig wrote:
Hi,

I've written my first attempt at basic authentication and it doesn't
work. I thought I understood the specs, but I must be missing something
obvious. Can anyone give me a hint as to what might be going wrong. I
know the username and password are correct because I can log into the
site manually. Below is the code (with my customer's site-specific
stuff X'ed out) :

Thanks,
--gary

$fh = fsockopen('XXXXXXXXX.com', 80, $errno, $errstr, 30);
if($fh) {
$body =
'service=RemoveProspect&modifiers[responder]='.$group;
$body .= '&modifiers[email]='.$_POST['email'];
$body .= '&modifiers[ip]='.$ip_addr;
$request = 'POST /XXX/Webservice/PostServer/
HTTP/1.1'."\r\n"
.'Authorization: Basic
'.base64_encode("username:password")."\r\n"
.'Host: XXXXXXXXX.com'."\r\n"
.'Referer:
http://'.$_SERVER['SERVER_NAME']."\r\n"
."Content-Type:
application/x-www-form-urlencoded\r\n"
.'Content-length: '.strlen($body)."\r\n"
.'Connection: close'."\r\n\r\n"
.$body;
fwrite($fh, $request);
$response = '';
while(!feof($fh)) {
$response .= fread($fh, 1024);
}
fclose($fh);

The variable strings are OK because I can cut and paste them into the
URL when I log in manually and they are accepted. But the above code
always returns a 403, Not Authorized.

'Authorization: Basic '.base64_encode("username:password")."\r\n"

Are you putting your real username and password in here?

Also, don't know if it makes a difference - but I normally put the authorization
header just before the content type.

If you're running Firefox, you can get the Live HTTP Headers extension for it.
Print out your header and compare it to what you get when you try to access the
page with Firefox. You should be able to see what the difference is.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
Jun 27 '06 #6

P: n/a

Jerry Stuckle wrote:
<snip>

'Authorization: Basic '.base64_encode("username:password")."\r\n"

Are you putting your real username and password in here?

Also, don't know if it makes a difference - but I normally put the authorization
header just before the content type.

If you're running Firefox, you can get the Live HTTP Headers extension for it.
Print out your header and compare it to what you get when you try to access the
page with Firefox. You should be able to see what the difference is.


Yes, I am using the real username and password.

FWIW: This alternate approach DID work:

$url = 'http://XXXXXXX.com/ModWebservice/PostServer/';
$url .= '?service=AddProspect&modifiers[responder][0]='.$list_name;
$url .= '&modifiers[email]='.$email;
$url .= '&modifiers[name]='.urlencode($first_name.' '.$last_name);
$url .= '&modifiers[ip]='.$ip;
$ch = curl_init();
// set URL and other appropriate options
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_USERPWD, "username:password");
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

// grab URL and pass it to the browser
$response=curl_exec($ch);

// close CURL resource, and free up system resources
curl_close($ch);

Thanks for all the suggestions.

--gary

Jun 29 '06 #7

This discussion thread is closed

Replies have been disabled for this discussion.