Well, I am using htpasswd files for the passwords but I took all the
htaccess or mod_auth directives out of httpsd.conf. I guess I could
learn mysql (yeay), and infact, that looks like a real good idea, but
the double prompting is due to the fact (I think) that I have the
following in the beginning of the index.php file:
<?php
session_start();
if ( ( !isset( $PHP_AUTH_USER )) || (!isset($PHP_AUTH_PW))
|| ( $PHP_AUTH_USER != 'user' ) || ( $PHP_AUTH_PW != 'pass' ) ) {
Header( 'HTTP/1.0 401 Unauthorized' );
Header( 'WWW-Authenticate: Basic Realm="Users info"' );
echo 'Authorization Required.';
exit;
} else {
echo 'You are in users page.';
phpinfo();
}
?>
It seems that for some reason the session is not carrying over with
session_register and session_start from the login.php script, which
looks like this;
<?php
session_register("PHP_AUTH_USER");
session_register("PHP_AUTH_PW");
$auth = false;
if (isset ( $PHP_AUTH_USER ) && isset ($PHP_AUTH_PW)) {
$filename = '/usr/local/apache/conf/htpasswd';
$fp = fopen( $filename, 'r' );
$file_contents = fread( $fp, filesize( $filename ) );
fclose( $fp );
$lines = explode ( "\n", $file_contents );
foreach ( $lines as $line ) {
list ( $username, $password ) = explode( ':', $line );
if ( $username == "$PHP_AUTH_USER" ) {
$salt = substr( $password , 0 , 2 );
$enc_pw = crypt( $pw, $salt );
if ( $password == "$enc_pw" ) {
$auth = true;
break;
}
}
}
}
if ( ! $auth ) {
header( 'WWW-Authenticate: Basic realm="User Area"' );
header( 'HTTP/1.0 401 Unauthorized' );
echo 'Authorization Required.';
exit;
} else {
header( "Location: https://192.168.124.219/users/$user/"; );
}
?>
I just want the login.php to setup the PHP_AUTH_USER and PW and then the
index.php to read those values, compare them to static requirements and
depending on the valuse set up in login.php to either allow or deny.
Any suggestions are appreciated.
I know websites are secured everyday and you can't get to a page unless
you are logged in and if you try it askes for credentials but how is
that done? It seems so ordinary but real hard to find out how.
Thanks again
-Dave Baldwin
-----Original Message-----
From: Jack Dempsey
Sent: Tue 7/10/2001 11:40 AM
To: David Baldwin
Cc:
Subject: RE: [PHP] Authentication
Don't even use those variables, and make sure to call session_start()
before anything else...use something of your own like $user and $pass
and query your db with those values...it sounds like your using htaccess
still because of the double prompting...i'd leave that alone and go
straight for sessions and mysql
jack
-----Original Message-----
From: David Baldwin [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 10, 2001 2:20 PM
To: Jack Dempsey
Subject: RE: [PHP] Authentication
Hey,
I am closer now but there is this one problem. I put
session_register("PHP_AUTH_USER"); and session_register("PHP_AUTH_PW");
in the login.php file and session_start(); in the index.php that the
client is redirected to, it works in MSIE but not on UNIX/Netscape
clients. It still asks for the password twice with netscape.
Any suggestions?
Thanks again
-Dave Baldwin
-----Original Message-----
From: Jack Dempsey
Sent: Tue 7/10/2001 9:14 AM
To: David Baldwin
Cc:
Subject: RE: [PHP] Authentication
Hey dave,
May not find exactly what you want, but that's half the fun...best
thing, practice sessions...start with simple variables, one to a page,
get good with them...then, just add some calls to mysql, checking of the
session data at each page, and your authentication scheme gets built...
Good luck
jack
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
