[PHP]
/*--------------------------------------------------------------------------------------------
This function will utilize the ability to use HTTP-based WWW
Authentication, checking for the global authorized password against
the password entered in the client project's CSV file. Will not
function
unless this password exists.
See http://www.php.net/manual/en/features.http-auth.php for more
info
---------------------------------------------------------------------------------------------*/
if (!function_exists('authenticate')) { // FUTURISTIC: IN CASE AN
"authenticate" PHP FUNCTION IS MADE PART OF CORE IN THE FUTURE
function &authenticate() { // STATIC
global $username, $password, $projectFullName;
if ($password && preg_match('/IIS/i', $_SERVER['SERVER_SOFTWARE']) &&
$_SERVER['HTTP_AUTHORIZATION']) {
list($user, $pw) = explode(':',
base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
if ($user === $username && $pw === $password) return true; //
AUTHENTICATION SUCCESSFUL WITHIN IIS WITH ISAPI
}
if ($_SERVER['PHP_AUTH_USER'] && $password &&
$_SERVER['PHP_AUTH_USER'] === $username &&
$_SERVER['PHP_AUTH_PW'] === $password
) return true;
if ($password) {
header("WWW-Authenticate: Basic realm=\"$projectFullName\"");
header('HTTP/1.0 401 Unauthorized');
echo "You must enter a valid login ID and password to access the
$projectFullName\n";
exit;
}
}
}
[/PHP]
This function fails to authenticate even if the user successfully
enters a username and password. By using print_r(), however, I was
able to verify that the authentication is actually successful,
however, something else is preventing it from actually being
successful (it doesn't return true).
I have no idea why this fails to realize successful authentication and
maybe someone else can figure it out for me as I can't see it.
Thanx
Phil
