dcr33
08-24-2011, 10:48 AM
What can be wrong with this code-
<?php
if(!isset($_SERVER['PHP_AUTH_USER']))
{
header('WWW-Authenticate: Basic realm="secret section"');
header('HTTP/1.0 401 Unauthorized');
exit("This page requires authentication!");
}
else
{
include("I:\secret\Vars.inc");
$user_name=trim($_SERVER['PHP_AUTH_USER']);
$user_password=trim($_SERVER['PHP_AUTH_PW']);
$connection=mysql_connect($host,$user,$password) #13
or die ("Couldn't connect to server.");
$db=mysql_select_db($database,$connection) #15
or die ("Couldn't select database.");
$sql="SELECT user_name FROM Valid_User
WHERE user_name='$user_name'
AND password=md5('$user_password')";
$result=mysql_query($sql)
or die("Couldn't execute query.");
$num=mysql_num_rows($result);
if($num<1)
{
exit("The User Name or password you entered
is not valid.<br>");
}
}
include("Welcome.inc");
?>
I have a file named "Vars.inc"
<?php
$host = "localhost";
$user = "root";
$passwd = "********";
$database = "UserAccount";
in the following path "I:\secret\Vars.inc".
When I run the program, it doesn't even prompt me for a username and password - it just seems to skip through the whole program until it gets to the block
$num = mysql_num_rows($result);
if ($num < 1) // user name/password not found
{
exit("The User Name or password you entered
is not valid.<br>");
}
displaying a message "The User Name or password you entered is not valid".
My database was constructed like:
CREATE DATABASE UserAccount;
CREATE TABLE Valid_User (
user_name CHAR(10) NOT NULL,
password CHAR(255) NOT NULL,
create_date DATE NOT NULL,
PRIMARY KEY(user_name) );
I have entered one record into the db,for example, user_name = 'janet', password = 'janet' & date = '2011-01-02'. Then when I run this program in my Firefox6 browser it prompts with a username and password box saying "The server localhost at secret section requires a username and password."-where I enter 'janet' and 'janet' as my username & password. I am using xampp 1.7.3 & I have Win XP as my OS. And, my xampp folder is located in I drive under I:\xampp. I created a a 'secret' folder in my I drive in I:\secret and in it I created a .htacces & .htpass file . .htaccess contains the following lines- AuthUserFile "I:\secret.htpass" AuthGroupFile /dev/null Authname "Accounting Department" AuthType Basic Require valid-user
The .htpass file contains the 'janet' as username and 'janet' as password in encrypted form. I ran the following command from Windows prompt to create the .htpass file in the directory i:\secret, viz.,- C:\Documents and Settings\user>i:\xampp\apache\bin\htpasswd -c i:\secret.htpass janet Then I placed the Vars.inc file in the same I:\secret folder.
My welcome.inc file contains the following code-
<?php
/* File: Welcome.inc
* Desc: HTML code that displays the Welcome Web page.
* Uses one PHP variable, $user_name.
*/
echo "<html><head><title>Welcome</title></head>\n
<body>
<p align='center'>Hello, $user_name</p>\n
<p align='center'>Welcome to my secret page</p>\n
</body></html>";
I placed it in I:\xampp\htdocs\test\test1 folder where test1 is the folder containing the Auth.php program above . My original php.ini contained the following as include_path
; Windows: "\path1;\path2"
;include_path = ".;c:\php\includes"
;
; PHP's default setting for include_path is ".;/path/to/php/pear"
; http://php.net/include-path
include_path = ".;I:\xampp\php\PEAR;"
I made the following changes in php.ini located in I:\xampp\php folder -
include_path = ".;I:\xampp\php\PEAR;I:\secret"
After all these, when I run the program and type 'janet' as username & 'janet' as password what I get is - "The User Name or password you entered is not valid."
1)Are there any syntactical errors in the program? And is it correct for me to enter 'janet' as my username & password in the prompt dialog box asking me to enter an username & a password?
2)Should I put janet,janet in line #13 ,and "useraccount" in place of $database in line #15?
help please?
<?php
if(!isset($_SERVER['PHP_AUTH_USER']))
{
header('WWW-Authenticate: Basic realm="secret section"');
header('HTTP/1.0 401 Unauthorized');
exit("This page requires authentication!");
}
else
{
include("I:\secret\Vars.inc");
$user_name=trim($_SERVER['PHP_AUTH_USER']);
$user_password=trim($_SERVER['PHP_AUTH_PW']);
$connection=mysql_connect($host,$user,$password) #13
or die ("Couldn't connect to server.");
$db=mysql_select_db($database,$connection) #15
or die ("Couldn't select database.");
$sql="SELECT user_name FROM Valid_User
WHERE user_name='$user_name'
AND password=md5('$user_password')";
$result=mysql_query($sql)
or die("Couldn't execute query.");
$num=mysql_num_rows($result);
if($num<1)
{
exit("The User Name or password you entered
is not valid.<br>");
}
}
include("Welcome.inc");
?>
I have a file named "Vars.inc"
<?php
$host = "localhost";
$user = "root";
$passwd = "********";
$database = "UserAccount";
in the following path "I:\secret\Vars.inc".
When I run the program, it doesn't even prompt me for a username and password - it just seems to skip through the whole program until it gets to the block
$num = mysql_num_rows($result);
if ($num < 1) // user name/password not found
{
exit("The User Name or password you entered
is not valid.<br>");
}
displaying a message "The User Name or password you entered is not valid".
My database was constructed like:
CREATE DATABASE UserAccount;
CREATE TABLE Valid_User (
user_name CHAR(10) NOT NULL,
password CHAR(255) NOT NULL,
create_date DATE NOT NULL,
PRIMARY KEY(user_name) );
I have entered one record into the db,for example, user_name = 'janet', password = 'janet' & date = '2011-01-02'. Then when I run this program in my Firefox6 browser it prompts with a username and password box saying "The server localhost at secret section requires a username and password."-where I enter 'janet' and 'janet' as my username & password. I am using xampp 1.7.3 & I have Win XP as my OS. And, my xampp folder is located in I drive under I:\xampp. I created a a 'secret' folder in my I drive in I:\secret and in it I created a .htacces & .htpass file . .htaccess contains the following lines- AuthUserFile "I:\secret.htpass" AuthGroupFile /dev/null Authname "Accounting Department" AuthType Basic Require valid-user
The .htpass file contains the 'janet' as username and 'janet' as password in encrypted form. I ran the following command from Windows prompt to create the .htpass file in the directory i:\secret, viz.,- C:\Documents and Settings\user>i:\xampp\apache\bin\htpasswd -c i:\secret.htpass janet Then I placed the Vars.inc file in the same I:\secret folder.
My welcome.inc file contains the following code-
<?php
/* File: Welcome.inc
* Desc: HTML code that displays the Welcome Web page.
* Uses one PHP variable, $user_name.
*/
echo "<html><head><title>Welcome</title></head>\n
<body>
<p align='center'>Hello, $user_name</p>\n
<p align='center'>Welcome to my secret page</p>\n
</body></html>";
I placed it in I:\xampp\htdocs\test\test1 folder where test1 is the folder containing the Auth.php program above . My original php.ini contained the following as include_path
; Windows: "\path1;\path2"
;include_path = ".;c:\php\includes"
;
; PHP's default setting for include_path is ".;/path/to/php/pear"
; http://php.net/include-path
include_path = ".;I:\xampp\php\PEAR;"
I made the following changes in php.ini located in I:\xampp\php folder -
include_path = ".;I:\xampp\php\PEAR;I:\secret"
After all these, when I run the program and type 'janet' as username & 'janet' as password what I get is - "The User Name or password you entered is not valid."
1)Are there any syntactical errors in the program? And is it correct for me to enter 'janet' as my username & password in the prompt dialog box asking me to enter an username & a password?
2)Should I put janet,janet in line #13 ,and "useraccount" in place of $database in line #15?
help please?