Web Hosting Forums

Results 1 to 6 of 6

This is a discussion on PHP - this small 'htpasswd' script worked before upgrade in the Hosting Talk & Chit-chat forum
Hello everyone, l have been using the following script on many of my "admin only" utilities, however after the recent PHP update, it no longer ...

  1. #1
    Loyal Client
    Join Date
    Nov 2003
    Posts
    73

    Unhappy PHP - this small 'htpasswd' script worked before upgrade

    Hello everyone, l have been using the following script on many of my "admin only" utilities, however after the recent PHP update, it no longer seems to work... any suggestions on any way this script could be configured to work again?

    PHP Code:
    $username 'username';//<-edit with username
    $password 'password';//<-edit with password
    //being auth process

    if (!isset($_SERVER['PHP_AUTH_USER'])) {
    header("WWW-Authenticate: Basic realm=\"mydomain.com - admin\"");
    header("HTTP/1.0 401 Unauthorized");
    print 
    "Sorry - you need valid credentials to be granted access!\n";
    exit;

    }else{
    if ((
    $_SERVER['PHP_AUTH_USER'] == $username) && ($_SERVER['PHP_AUTH_PW'] == $password)){
    } else {

    header("WWW-Authenticate: Basic realm=\"HelpMyHits.com - admin\"");
    header("HTTP/1.0 401 Unauthorized");
    print 
    "Sorry - you need valid credentials to be granted access!\n";
    exit;
    }} 
    Any help or explination would come greatly appricaited

  2. #2
    Yeah, I know a LOT! Vin DSL's Avatar
    Join Date
    Mar 2003
    Location
    Arizona Uplands
    Posts
    10,661
    I suggest you post over here...

    http://jaguarpc.com/forums/showthread.php?t=13602

    I asked about this situation...

    http://jaguarpc.com/forums/showpost....&postcount=113

    ...but it was dispatched with a belch ...

    http://jaguarpc.com/forums/showpost....&postcount=117
    DISCLAIMER Any resemblance between the views expressed above and those of the owners and operators of this system is purely coincidental. Any resemblance between these views and my own are non-deterministic. The existence of Vin DSL is questionable. The existence of views in the absence of anyone to hold them is problematic. The existence of the reader is left as an exercise in the second-order coefficient.

    No Guts, No Story! VinDSL 2010

  3. #3
    Ron
    Ron is offline
    Loyal Client
    Join Date
    Aug 2002
    Posts
    7,503
    @Vin; I don't recall seeing any posts on PHP_AUTH_USER or PHP_AUTH_PW. Did I miss one?

    @JSlime; A little more info would be good. Perhaps a clue as to in which section it's failing, what the contents of PHP_AUTH_USER and PHP_AUTH_PW, if any (descriptions rather than actual data is ok )

  4. #4
    Ron
    Ron is offline
    Loyal Client
    Join Date
    Aug 2002
    Posts
    7,503
    According to Zend:
    The $PHP_AUTH_USER, $PHP_AUTH_PW and $PHP_AUTH_TYPE global variables are only available when PHP is installed as a module
    I see a discussion of this issue with a possible soultion here:
    http://www.besthostratings.com/artic...h-php-cgi.html
    First you need to create the following .htaccess file:

    Code:
    <IfModule mod_rewrite.c>
    RewriteEngine on
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
    </IfModule>
    The lines above will assign the username/pass pairs to an environment variable named HTTP_AUTHORIZATION.

    Then in your PHP script you should add the following, right before your user/pass check routine:
    PHP Code:
    list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':' base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6))); 
    So here it is how a sample PHP script using HTTP Authentication would look like:
    PHP Code:
    <?php
    // split the user/pass parts
    list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':'base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));

    // open a user/pass prompt
    if (!isset($_SERVER['PHP_AUTH_USER'])) {
       
    header('WWW-Authenticate: Basic realm="My Realm"');
       
    header('HTTP/1.0 401 Unauthorized');
       echo 
    'Text to send if user hits Cancel button';
       exit;
     } else {
       echo 
    "<p>Hello, </p>".$_SERVER['PHP_AUTH_USER'];
       echo 
    "<p>You entered as your password: </p>".$_SERVER['PHP_AUTH_PW'];
     }
    ?>
    Looks simple enough to implement, I hope you put that authorization scheme in one include file, JSlime!

    I'd put a check in to ensure that they were empty first, before doing the explode, I'd also be careful about that L flag, and re-turning the mod_rewrite engine on, in the mod_rewrite instructions.

    But there's a starting place.
    Last edited by Ron; 06-08-2006 at 08:37 AM.

  5. #5
    Ron
    Ron is offline
    Loyal Client
    Join Date
    Aug 2002
    Posts
    7,503
    I wonder if filling in of PHP_AUTH_USER and PHP_AUTH_PW isn't something that could be pre-filled by the master http config file with a similar approach?
    If it's not going to be available, why not use rewrite to stick the values in?

    Anyway, this is after a few minutes of investigation. Maybe someone else has figured this all out before, just like the REQUEST_URI "fiasco."

  6. #6
    Loyal Client
    Join Date
    Nov 2003
    Posts
    73
    Blah, thanks for the help guys. I'm no programming pushover, but l couldn't get your script to work RON, thanks for posting it though.

    I just created a quick session login script that l can easily include among my pages... it'll do the trick l guess.

    Thanks for all the input and help folks.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •