Can someone test this code, It prompts to login, but does not accept my username and or password .. I have a feeling its a server configuration problem but i need someone to help me confirm it. Running php version 4.2.3. Apache/1.3.27 - I have tried using $_SERVER['PHP_AUTH_USER'] and $HTTP_SERVER_VARS['PHP_AUTH_USER'] .. neither works =\
I am just including this script into a script I want to protect. Thanks. <?php $checkservername = "localhost"; $dbcheckusername = ""; $dbcheckpassword = ""; $dbcheckbase = ""; $encryptedpw = true; // password encrypt? (md5) $realm = "This site is private!"; $auth = false; if (isset( $PHP_AUTH_USER ) && isset($PHP_AUTH_PW)) { mysql_connect( $checkservername, $dbcheckusername, $dbcheckpassword ) or die ( 'Unable to connect to server.' ); mysql_select_db( $dbcheckbase ) or die ( 'Unable to select database.' ); if ($encryptedpw) { $chkpw = md5($PHP_AUTH_PW); } else { $chkpw = $PHP_AUTH_PW; } $sql = ("SELECT * FROM user WHERE username = '$PHP_AUTH_USER' AND password = '$chkpw' AND (usergroupid = '6')"); $result = mysql_query( $sql ) or die ( 'Unable to execute query.' ); $num = mysql_numrows( $result ); if ( $num != 0 ) { $auth = true; } } if ( ! $auth ) { header( "WWW-Authenticate: Basic realm=\"$realm\"" ); header( "HTTP/1.0 401 Unauthorized" ); echo 'Authorization Required!'; exit; } ?> ----- Original Message ----- From: Sebastian To: [EMAIL PROTECTED] Sent: Thursday, February 20, 2003 4:34 AM Subject: AUTH (.htaccess style) Greetings. I have a member system which each user has a unique ID, username and password. I want to secure some of my scripts with .htaccess style login, Basically I would like to fetch the username and password from mysql database, the password is encrypt using md5 hash. I would like to the ability to include the file into any script I would like to protect and validate the user based on the information that is stored on the mysql database. Conclusion: Does anyone know of a handy script that I could use? Thanks in advanced.