Http authentication with PHP
What can be wrong with this code-
I have a file named "Vars.inc"Code:<?php if(!isset($_SERVER['PHP_AUTH_USER'])) { header('WWW-Authenticate: Basic realm="secret section"'); header('HTTP/1.0 401 Unauthorized'); exit("This page requires authentication!"); } else { include("I:\secret\Vars.inc"); $user_name=trim($_SERVER['PHP_AUTH_USER']); $user_password=trim($_SERVER['PHP_AUTH_PW']); $connection=mysql_connect($host,$user,$password) #13 or die ("Couldn't connect to server."); $db=mysql_select_db($database,$connection) #15 or die ("Couldn't select database."); $sql="SELECT user_name FROM Valid_User WHERE user_name='$user_name' AND password=md5('$user_password')"; $result=mysql_query($sql) or die("Couldn't execute query."); $num=mysql_num_rows($result); if($num<1) { exit("The User Name or password you entered is not valid.<br>"); } } include("Welcome.inc"); ?>
in the following path "I:\secret\Vars.inc".Code:<?php $host = "localhost"; $user = "root"; $passwd = "********"; $database = "UserAccount";
When I run the program, it doesn't even prompt me for a username and password - it just seems to skip through the whole program until it gets to the block
displaying a message "The User Name or password you entered is not valid".Code:$num = mysql_num_rows($result); if ($num < 1) // user name/password not found { exit("The User Name or password you entered is not valid.<br>"); }
My database was constructed like:
I have entered one record into the db,for example, user_name = 'janet', password = 'janet' & date = '2011-01-02'. Then when I run this program in my Firefox6 browser it prompts with a username and password box saying "The server localhost at secret section requires a username and password."-where I enter 'janet' and 'janet' as my username & password. I am using xampp 1.7.3 & I have Win XP as my OS. And, my xampp folder is located in I drive under I:\xampp. I created a a 'secret' folder in my I drive in I:\secret and in it I created a .htacces & .htpass file . .htaccess contains the following lines- AuthUserFile "I:\secret.htpass" AuthGroupFile /dev/null Authname "Accounting Department" AuthType Basic Require valid-userCode:CREATE DATABASE UserAccount; CREATE TABLE Valid_User ( user_name CHAR(10) NOT NULL, password CHAR(255) NOT NULL, create_date DATE NOT NULL, PRIMARY KEY(user_name) );
The .htpass file contains the 'janet' as username and 'janet' as password in encrypted form. I ran the following command from Windows prompt to create the .htpass file in the directory i:\secret, viz.,- C:\Documents and Settings\user>i:\xampp\apache\bin\htpasswd -c i:\secret.htpass janet Then I placed the Vars.inc file in the same I:\secret folder.
My welcome.inc file contains the following code-
I placed it in I:\xampp\htdocs\test\test1 folder where test1 is the folder containing the Auth.php program above . My original php.ini contained the following as include_pathCode:<?php /* File: Welcome.inc * Desc: HTML code that displays the Welcome Web page. * Uses one PHP variable, $user_name. */ echo "<html><head><title>Welcome</title></head>\n <body> <p align='center'>Hello, $user_name</p>\n <p align='center'>Welcome to my secret page</p>\n </body></html>";
I made the following changes in php.ini located in I:\xampp\php folder -Code:; Windows: "\path1;\path2" ;include_path = ".;c:\php\includes" ; ; PHP's default setting for include_path is ".;/path/to/php/pear" ; http://php.net/include-path include_path = ".;I:\xampp\php\PEAR;"
After all these, when I run the program and type 'janet' as username & 'janet' as password what I get is - "The User Name or password you entered is not valid."Code:include_path = ".;I:\xampp\php\PEAR;I:\secret"
1)Are there any syntactical errors in the program? And is it correct for me to enter 'janet' as my username & password in the prompt dialog box asking me to enter an username & a password?
2)Should I put janet,janet in line #13 ,and "useraccount" in place of $database in line #15?
help please?
CSS Codes
Reply With Quote
Bookmarks