By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
435,204 Members | 1,212 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 435,204 IT Pros & Developers. It's quick & easy.

username validation in php

P: n/a

// start code snipet
$user= "username";
$pass= "password";

if (( $PHP_AUTH_USER != $user) || ( $PHP_AUTH_PW != $pass)) {
header("WWW-Authenticate: Basic realm=\"PhpWiki\"");
header("HTTP/1.0 401 Unauthorized");
echo "You entered an invalid login or password.<BR>";
echo "You entered $PHP_AUTH_USER for a username.<BR>";
echo "You entered $PHP_AUTH_PW for a password.<BR>";
exit;
}
echo "You entered $PHP_AUTH_USER for a username.<BR>";
echo "You entered $PHP_AUTH_PW for a password.<BR>";
// end code snipet

This code invariably fails, and the echo statements return blank values
for $PHP_AUTH_USER and $PHP_AUTH_PW. Aren't those two set automatically
when the dialogue box pops up, or do I need to add extra code somewhere
for this to work?
--
--
Fabian
Visit my website often and for long periods!
http://www.lajzar.co.uk

Jul 17 '05 #1
Share this Question
Share on Google+
5 Replies


P: n/a
In article <32*************@individual.net>,
"Fabian" <la****@hotmail.com> wrote:
// start code snipet
$user= "username";
$pass= "password";

if (( $PHP_AUTH_USER != $user) || ( $PHP_AUTH_PW != $pass)) {
header("WWW-Authenticate: Basic realm=\"PhpWiki\"");
header("HTTP/1.0 401 Unauthorized");
echo "You entered an invalid login or password.<BR>";
echo "You entered $PHP_AUTH_USER for a username.<BR>";
echo "You entered $PHP_AUTH_PW for a password.<BR>";
exit;
}
echo "You entered $PHP_AUTH_USER for a username.<BR>";
echo "You entered $PHP_AUTH_PW for a password.<BR>";
// end code snipet

This code invariably fails, and the echo statements return blank values
for $PHP_AUTH_USER and $PHP_AUTH_PW. Aren't those two set automatically
when the dialogue box pops up, or do I need to add extra code somewhere
for this to work?


No. $PHP_AUTH_USER and $PHP_AUTH_PW aren't defined on my server. What
are they? I don't find reference to them in any of my books or the php
manual site. Where are you reading that these are valid?

http://us2.php.net/manual/en/features.http-auth.php

--
DeeDee, don't press that button! DeeDee! NO! Dee...

Jul 17 '05 #2

P: n/a
.oO(Fabian)
This code invariably fails, and the echo statements return blank values
for $PHP_AUTH_USER and $PHP_AUTH_PW. Aren't those two set automatically
when the dialogue box pops up, or do I need to add extra code somewhere
for this to work?


Using Register Globals
http://www.php.net/manual/en/security.globals.php

Micha
Jul 17 '05 #3

P: n/a
Michael Fesser hu kiteb:
.oO(Fabian)
This code invariably fails, and the echo statements return blank
values for $PHP_AUTH_USER and $PHP_AUTH_PW. Aren't those two set
automatically when the dialogue box pops up, or do I need to add
extra code somewhere for this to work?


Using Register Globals
http://www.php.net/manual/en/security.globals.php


ok, that explains where the variable got set from. It seems I have two
possible solutions.

1 - turn on global variables. Given my hosting providor, I'm not sure if
this is an option, and that page suggests there was probably a very good
reason for disabling it.

2 - What is the usual workaround for restrictng page access without
using that particular variable?
--
--
Fabian
Visit my website often and for long periods!
http://www.lajzar.co.uk

Jul 17 '05 #4

P: n/a
.oO(Fabian)
Michael Fesser hu kiteb:
Using Register Globals
http://www.php.net/manual/en/security.globals.php
ok, that explains where the variable got set from. It seems I have two
possible solutions.

1 - turn on global variables.


Nope.

Instead of $PHP_AUTH_USER you use $_SERVER['PHP_AUTH_USER']. The same
goes for values sent to the server from a form, they can be found in the
array $_GET or $_POST.
Given my hosting providor, I'm not sure if
this is an option, and that page suggests there was probably a very good
reason for disabling it.
It's off by default, you should learn how to write scripts that don't
rely on register_globals anymore.
2 - What is the usual workaround for restrictng page access without
using that particular variable?


Try the above first and read the following page:

HTTP authentication with PHP
http://www.php.net/manual/en/features.http-auth.php

Notice the first line:

"The HTTP Authentication hooks in PHP are only available when it is
running as an Apache module and is hence not available in the CGI
version."

What do you use - module or CGI? If unsure check the output of phpinfo()
for the line "Server API".

Micha
Jul 17 '05 #5

P: n/a
Michael Fesser hu kiteb:
.oO(Fabian)
Michael Fesser hu kiteb:
Using Register Globals
http://www.php.net/manual/en/security.globals.php


ok, that explains where the variable got set from. It seems I have
two possible solutions.

1 - turn on global variables.


Nope.

Instead of $PHP_AUTH_USER you use $_SERVER['PHP_AUTH_USER']. The same
goes for values sent to the server from a form, they can be found in
the array $_GET or $_POST.


This one didn't work either :(

--
--
Fabian
Visit my website often and for long periods!
http://www.lajzar.co.uk

Jul 17 '05 #6

This discussion thread is closed

Replies have been disabled for this discussion.