username validation in php

Fabian

// start code snipet
$user= "username";
$pass= "password";

if (( $PHP_AUTH_USER != $user) || ( $PHP_AUTH_PW != $pass)) {
header("WWW-Authenticate: Basic realm=\"PhpWiki\"");
header("HTTP/1.0 401 Unauthorized");
echo "You entered an invalid login or password. ";
echo "You entered $PHP_AUTH_USER for a username. ";
echo "You entered $PHP_AUTH_PW for a password. ";
exit;
}
echo "You entered $PHP_AUTH_USER for a username. ";
echo "You entered $PHP_AUTH_PW for a password. ";
// end code snipet

This code invariably fails, and the echo statements return blank values
for $PHP_AUTH_USER and $PHP_AUTH_PW. Aren't those two set automatically
when the dialogue box pops up, or do I need to add extra code somewhere
for this to work?
--
--
Fabian
Visit my website often and for long periods!
http://www.lajzar.co.uk

Jul 17 '05 #1

Subscribe Post Reply

8570

vilain

In article <32*************@individual.net>,
"Fabian" <la****@hotmail.com> wrote:

// start code snipet
$user= "username";
$pass= "password";

if (( $PHP_AUTH_USER != $user) || ( $PHP_AUTH_PW != $pass)) {
header("WWW-Authenticate: Basic realm=\"PhpWiki\"");
header("HTTP/1.0 401 Unauthorized");
echo "You entered an invalid login or password. ";
echo "You entered $PHP_AUTH_USER for a username. ";
echo "You entered $PHP_AUTH_PW for a password. ";
exit;
}
echo "You entered $PHP_AUTH_USER for a username. ";
echo "You entered $PHP_AUTH_PW for a password. ";
// end code snipet

This code invariably fails, and the echo statements return blank values
for $PHP_AUTH_USER and $PHP_AUTH_PW. Aren't those two set automatically
when the dialogue box pops up, or do I need to add extra code somewhere
for this to work?

No. $PHP_AUTH_USER and $PHP_AUTH_PW aren't defined on my server. What
are they? I don't find reference to them in any of my books or the php
manual site. Where are you reading that these are valid?

http://us2.php.net/manual/en/features.http-auth.php

--
DeeDee, don't press that button! DeeDee! NO! Dee...

Jul 17 '05 #2

Michael Fesser

.oO(Fabian)

This code invariably fails, and the echo statements return blank values
for $PHP_AUTH_USER and $PHP_AUTH_PW. Aren't those two set automatically
when the dialogue box pops up, or do I need to add extra code somewhere
for this to work?

Using Register Globals
http://www.php.net/manual/en/security.globals.php

Micha

Jul 17 '05 #3

Fabian

Michael Fesser hu kiteb:

.oO(Fabian)
This code invariably fails, and the echo statements return blank
values for $PHP_AUTH_USER and $PHP_AUTH_PW. Aren't those two set
automatically when the dialogue box pops up, or do I need to add
extra code somewhere for this to work?

Using Register Globals
http://www.php.net/manual/en/security.globals.php

ok, that explains where the variable got set from. It seems I have two
possible solutions.

1 - turn on global variables. Given my hosting providor, I'm not sure if
this is an option, and that page suggests there was probably a very good
reason for disabling it.

2 - What is the usual workaround for restrictng page access without
using that particular variable?
--
--
Fabian
Visit my website often and for long periods!
http://www.lajzar.co.uk

Jul 17 '05 #4

Michael Fesser

.oO(Fabian)

Michael Fesser hu kiteb:
Using Register Globals
http://www.php.net/manual/en/security.globals.php
ok, that explains where the variable got set from. It seems I have two
possible solutions.

1 - turn on global variables.

Nope.

Instead of $PHP_AUTH_USER you use $_SERVER['PHP_AUTH_USER']. The same
goes for values sent to the server from a form, they can be found in the
array $_GET or $_POST.
Given my hosting providor, I'm not sure if
this is an option, and that page suggests there was probably a very good
reason for disabling it.
It's off by default, you should learn how to write scripts that don't
rely on register_globals anymore.
2 - What is the usual workaround for restrictng page access without
using that particular variable?

Try the above first and read the following page:

HTTP authentication with PHP
http://www.php.net/manual/en/features.http-auth.php

Notice the first line:

"The HTTP Authentication hooks in PHP are only available when it is
running as an Apache module and is hence not available in the CGI
version."

What do you use - module or CGI? If unsure check the output of phpinfo()
for the line "Server API".

Micha

Jul 17 '05 #5

Fabian

Michael Fesser hu kiteb:

.oO(Fabian)
Michael Fesser hu kiteb:
Using Register Globals
http://www.php.net/manual/en/security.globals.php

ok, that explains where the variable got set from. It seems I have
two possible solutions.

1 - turn on global variables.

Nope.

Instead of $PHP_AUTH_USER you use $_SERVER['PHP_AUTH_USER']. The same
goes for values sent to the server from a form, they can be found in
the array $_GET or $_POST.

This one didn't work either :(

--
--
Fabian
Visit my website often and for long periods!
http://www.lajzar.co.uk

Jul 17 '05 #6

Similar topics

Check If Username Exsists

by: Harry | last post by:

Hi, just getting started on ASP.NET and C# and MS-SQL. Ive managed to get all the connections working and database intergrated nicely for content and stuff. I now want to include a user...

ASP.NET

REQ Been racking my brain trying to figure out how to prevent multiple login with same username

by: Gleep | last post by:

I've searched google intensely on this topic and it seems noone really knows how to approch this. The goal I don't want clients to give out their usernames and passwords to friends, since the site...

PHP

username and password validation

by: Eugene Anthony | last post by:

Is this method of validation for password and username considered to be secured. In my previous post I was given a solution that uses command object and the values are parsed by parameters. But the...

ASP / Active Server Pages

validate username

by: nathj | last post by:

Hi, I'm working on a registration form and one of the checks I need to perform as the form is used is on the username. I need to ensure that it is not already in use. I am getting a little...

PHP

Validating Username

by: runway27 | last post by:

i have used the following code to validate the username it is working fineif( $username == "" || !preg_match("/^+(?:_+)?$/i", $username) ) { $error.="User name cannot be blank or has special...

PHP

validating username

by: Sudhakar | last post by:

i have used the following code to validate the username it is working fine ============================================= if( $username == "" || !preg_match("/^+(?:_+)?$/i", $username) ) {...

PHP

Username should take alphabets

by: meeanji | last post by:

Hi friends, i need to write validation for textbox(Usernme ) which should accept only alphabets. I am able throw validation that Please fill the UserName Details.Now it should throw that it accepts...

Javascript

CreateUserWizard control: forcing it to use a programmatically provided username and e-mail

by: Ken Fine | last post by:

I am using ASP.NET's CreateUserWizard control. I want to force the visitor to use a username and e-mail address that I am providing in programming, and I do not want the visitor to be able to edit...

ASP.NET

capturing username

by: ddtpmyra | last post by:

Hi I have a log-in script below that do the log-in validation, my question is how can I capture the username to for my next page reference so I can execute update command according to current log-in...

PHP

Basic Javascript concepts

by: aa123db | last post by:

Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...

Javascript

Batch import of multiple excel files into the database

by: ryjfgjl | last post by:

If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...

Data Management

Merging data from multiple Excel files

by: ryjfgjl | last post by:

In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...

Data Management

Migrating Website to Cloud - Emmanuel Katto

by: emmanuelkatto | last post by:

Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel

General

How to build RAID in BIOS?

by: Hystou | last post by:

There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...

Computer Hardware

What is ONU?

by: marktang | last post by:

ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...

General

Changing the language in Windows 10

by: Hystou | last post by:

Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...

Windows Server

Problem With Comparison Operator <=> in G++

by: Oralloy | last post by:

Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...

C / C++

Maximizing Business Potential: The Nexus of Website Design and Digital Marketing

by: jinu1996 | last post by:

In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...

Online Marketing