By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
437,614 Members | 1,662 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 437,614 IT Pros & Developers. It's quick & easy.

PHP connection problem, I can't get success with loging in though I think I use corect login and password...

P: n/a
Hi

need an advice, I'm beginner with PHP. I got little problem:

I use this solution as login to get administration of my pages:

<?php
// if authorization isn't done we request it
if (!IsSet($PHP_AUTH_USER))
{
Header("HTTP/1.0 401 Unauthorized");
Header("WWW-Authenticate: Basic realm=\"RS - Admin Center\"");
echo "Unauthorized access (a)";
exit;
}
// if user filled up the form we continue with checking data in
database
else
{
// connect to database
include "../conn.php";
// looking for the login and password records that are set in
authorizing form
// we off-course looking for active users only
$sql = mysql_query("SELECT * FROM autori
WHERE login LIKE '$PHP_AUTH_USER'
AND pass = '".md5($PHP_AUTH_PW)."'
AND stav = 'a'");
// if we won't find anyone with requested conditions we stop
if (mysql_num_rows($sql) == 0)
{
Header("HTTP/1.0 401 Unauthorized");
Header("WWW-Authenticate: Basic realm=\"RS - Admin Center\"");
echo "Unauthorized access (b)";
mysql_close($conn);
exit;
}
// we don't need the connection with database so we end
mysql_close($conn);
}
// continue with opening frames
?>

The problem is that I can not get success with login on my pages
though I use correct login and password. The dialog is opened three
times and then I get the message Unauthorized access (a). It seems
that the part after else command is never done. Why is it?

Thank you very much for your hints!

Have a nice day!

Apr 26 '07 #1
Share this Question
Share on Google+
3 Replies


P: n/a
On Apr 26, 10:07 pm, MIUSS <m...@seznam.czwrote:
Hi

need an advice, I'm beginner with PHP. I got little problem:

I use this solution as login to get administration of my pages:

<?php
// if authorization isn't done we request it
if (!IsSet($PHP_AUTH_USER))
{
Header("HTTP/1.0 401 Unauthorized");
Header("WWW-Authenticate: Basic realm=\"RS - Admin Center\"");
echo "Unauthorized access (a)";
exit;}

// if user filled up the form we continue with checking data in
database
else
{
// connect to database
include "../conn.php";
// looking for the login and password records that are set in
authorizing form
// we off-course looking for active users only
$sql = mysql_query("SELECT * FROM autori
WHERE login LIKE '$PHP_AUTH_USER'
AND pass = '".md5($PHP_AUTH_PW)."'
AND stav = 'a'");
// if we won't find anyone with requested conditions we stop
if (mysql_num_rows($sql) == 0)
{
Header("HTTP/1.0 401 Unauthorized");
Header("WWW-Authenticate: Basic realm=\"RS - Admin Center\"");
echo "Unauthorized access (b)";
mysql_close($conn);
exit;
}
// we don't need the connection with database so we end
mysql_close($conn);}

// continue with opening frames
?>

The problem is that I can not get success with login on my pages
though I use correct login and password. The dialog is opened three
times and then I get the message Unauthorized access (a). It seems
that the part after else command is never done. Why is it?

Thank you very much for your hints!

Have a nice day!
you are using an old script, use
$_SERVER['PHP_AUTH_PW']
$_SERVER['PHP_AUTH_USER']
and adjust your query to
....
WHERE login LIKE '".$_SERVER['PHP_AUTH_USER']."'
...
to avoid issue with quotes now, and it should be fine.

Apr 26 '07 #2

P: n/a

Hi!

I'm little confused, I tried more things but I still didn't get
success.

I think this should be corect:

$sql = mysql_query("SELECT * FROM autori
WHERE login LIKE \"".
$_SERVER['PHP_AUTH_USER']."\"
AND pass LIKE
\"".md5($_SERVER['PHP_AUTH_PW'])."\"
AND stav LIKE a\";");

But it isn't and it does not work:-(

Apr 27 '07 #3

P: n/a
On Apr 27, 7:13 pm, MIUSS <m...@seznam.czwrote:
Hi!

I'm little confused, I tried more things but I still didn't get
success.

I think this should be corect:

$sql = mysql_query("SELECT * FROM autori
WHERE login LIKE \"".
$_SERVER['PHP_AUTH_USER']."\"
AND pass LIKE
\"".md5($_SERVER['PHP_AUTH_PW'])."\"
AND stav LIKE a\";");

But it isn't and it does not work:-(
dont use LIKE, instead use = and your query should be better formed,
go check out how to authenticate with mysql, and look for the query
used, and follow the example,
$query = sprintf( "SELECT...... WHERE `login` = '%s' ......",
$_SERVER['PHP_AUTH_USER'] [,......] );
etc.... google for this rather than just trying stuff, else you will
get it wrong.

Apr 27 '07 #4

This discussion thread is closed

Replies have been disabled for this discussion.