By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
440,567 Members | 1,056 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 440,567 IT Pros & Developers. It's quick & easy.

Basic WWW Authentication function fails

P: n/a
[PHP]
/*--------------------------------------------------------------------------------------------
This function will utilize the ability to use HTTP-based WWW
Authentication, checking for the global authorized password against
the password entered in the client project's CSV file. Will not
function
unless this password exists.

See http://www.php.net/manual/en/features.http-auth.php for more
info
---------------------------------------------------------------------------------------------*/
if (!function_exists('authenticate')) { // FUTURISTIC: IN CASE AN
"authenticate" PHP FUNCTION IS MADE PART OF CORE IN THE FUTURE
function &authenticate() { // STATIC
global $username, $password, $projectFullName;
if ($password && preg_match('/IIS/i', $_SERVER['SERVER_SOFTWARE']) &&
$_SERVER['HTTP_AUTHORIZATION']) {
list($user, $pw) = explode(':',
base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
if ($user === $username && $pw === $password) return true; //
AUTHENTICATION SUCCESSFUL WITHIN IIS WITH ISAPI
}
if ($_SERVER['PHP_AUTH_USER'] && $password &&
$_SERVER['PHP_AUTH_USER'] === $username &&
$_SERVER['PHP_AUTH_PW'] === $password
) return true;
if ($password) {
header("WWW-Authenticate: Basic realm=\"$projectFullName\"");
header('HTTP/1.0 401 Unauthorized');
echo "You must enter a valid login ID and password to access the
$projectFullName\n";
exit;
}
}
}

[/PHP]

This function fails to authenticate even if the user successfully
enters a username and password. By using print_r(), however, I was
able to verify that the authentication is actually successful,
however, something else is preventing it from actually being
successful (it doesn't return true).

I have no idea why this fails to realize successful authentication and
maybe someone else can figure it out for me as I can't see it.

Thanx
Phil
Jul 17 '05 #1
Share this Question
Share on Google+
1 Reply


P: n/a
This works:

[PHP]
/*--------------------------------------------------------------------------------------------
This function will utilize the ability to use HTTP-based WWW
Authentication, checking for the global authorized password against
the password entered in the client project's CSV file. Will not
function
unless this password exists.

See http://www.php.net/manual/en/features.http-auth.php for more
info
---------------------------------------------------------------------------------------------*/
if (!function_exists('authenticate')) { // FUTURISTIC: IN CASE AN
"authenticate" PHP FUNCTION IS MADE PART OF CORE IN THE FUTURE
function authenticate() {
global $username, $password, $projectFullName;
if ($password && preg_match('/IIS/i', $_SERVER['SERVER_SOFTWARE']) &&
$_SERVER['HTTP_AUTHORIZATION']) {
list($user, $pw) = explode(':',
base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
if ($user === $username && $pw === $password) return true; //
AUTHENTICATION SUCCESSFUL WITHIN IIS WITH ISAPI
}
if ($_SERVER['PHP_AUTH_USER'] && $password &&
$_SERVER['PHP_AUTH_USER'] === $username &&
$_SERVER['PHP_AUTH_PW'] === $password
) return true;
if ($password) {
header("WWW-Authenticate: Basic realm=\"$projectFullName: " .
$_SERVER['PHP_AUTH_USER'] . '"');
header('HTTP/1.0 401 Unauthorized');
echo "You must enter a valid login ID and password to access the
$projectFullName\n";
die();
}
}
}
[/PHP]

Phil

so*****@erols.com (Phil Powell) wrote in message news:<1c**************************@posting.google. com>...
[PHP]
/*--------------------------------------------------------------------------------------------
This function will utilize the ability to use HTTP-based WWW
Authentication, checking for the global authorized password against
the password entered in the client project's CSV file. Will not
function
unless this password exists.

See http://www.php.net/manual/en/features.http-auth.php for more
info
---------------------------------------------------------------------------------------------*/
if (!function_exists('authenticate')) { // FUTURISTIC: IN CASE AN
"authenticate" PHP FUNCTION IS MADE PART OF CORE IN THE FUTURE
function &authenticate() { // STATIC
global $username, $password, $projectFullName;
if ($password && preg_match('/IIS/i', $_SERVER['SERVER_SOFTWARE']) &&
$_SERVER['HTTP_AUTHORIZATION']) {
list($user, $pw) = explode(':',
base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
if ($user === $username && $pw === $password) return true; //
AUTHENTICATION SUCCESSFUL WITHIN IIS WITH ISAPI
}
if ($_SERVER['PHP_AUTH_USER'] && $password &&
$_SERVER['PHP_AUTH_USER'] === $username &&
$_SERVER['PHP_AUTH_PW'] === $password
) return true;
if ($password) {
header("WWW-Authenticate: Basic realm=\"$projectFullName\"");
header('HTTP/1.0 401 Unauthorized');
echo "You must enter a valid login ID and password to access the
$projectFullName\n";
exit;
}
}
}

[/PHP]

This function fails to authenticate even if the user successfully
enters a username and password. By using print_r(), however, I was
able to verify that the authentication is actually successful,
however, something else is preventing it from actually being
successful (it doesn't return true).

I have no idea why this fails to realize successful authentication and
maybe someone else can figure it out for me as I can't see it.

Thanx
Phil

Jul 17 '05 #2

This discussion thread is closed

Replies have been disabled for this discussion.