• PHP + Http Authentication
    3 replies, posted
Yesterday, I had PHP/Http authentication working, but today it stopped working. I messed with it a little, but I still can't get it to work [php] <?php session_start(); ///////////// stuff like includes and etc....///////////// //check login $maxlogins = 3; $loginnum = 0; if(! isset($_SESSION['login'])) { authenticate_user("Control Panel"); $row = $db->query("SELECT `username`, `password` FROM `users` WHERE username='{$_SERVER[PHP_AUTH_USER]}' AND password=md5('{$_SERVER['PHP_AUTH_PW']}')"); if($db->affected_rows > 0){ //echo "Success! Redirecting to homepage...".jsRedirect("?",5000); $_SESSION['username'] = $_SERVER['PHP_AUTH_USER']; $_SESSION['password'] = $_SERVER['PHP_AUTH_PW']; $_SESSION['login'] = true; }else{ if($loginnum != $maxlogins){ //authenticate_user("Control Panel: Try $loginnum of $maxlogins"); $loginnum=$loginnum +1; }else{ //echo "Max logins reached. Quitting."; } } } ///////rest of page////// ?> [/php] and then global.php, which has the authenticate_user and other misc. functions [php] <?php function authenticate_user($msg) { header('WWW-Authenticate: Basic realm="'.$msg.'"'); header("HTTP/1.0 401 Unauthorized"); echo "You must enter a valid login ID and password to access this resource\n"; exit; } function jsRedirect($url,$time = 1000){ return "<script>function delayer(){window.location = \"$url\"}setTimeout('delayer()', $time)</script>"; } ?> [/php] Edit: I'm also using [url]http://www.ricocheting.com/scripts/php_mysql_wrapper.php[/url] but that shouldn't matter
Can you provide more than: "It stopped working" ? Also, the wrapper might matter so just use this for db connection for now to eliminate the possibility of the wrapper causing the issue. [PHP] <?php $con = mysql_connect("servername","username","password"); if (!$con) die('Could not connect: ' . mysql_error()); mysql_select_db("database", $con); ?> [/PHP] If you can elaborate on what happened exactly, I can further assist you. Edit: Also, I noticed that $loginnum resets to 0 every time your script is executed, so your max login portion will not work as is not a variable that is stored in the session.
fixed it by putting the sql outside the authenticate_user ie [php] <?php if(!isset($_SERVER['PHP_AUTH_USER'])){ authenticate_user("Control Panel"); }else{ //cool sql stuff here } ?> [/php] Also, is it a bad idea to use a mysql wrapper? I mean, stuff would get done either way, and the wrapper makes it a little bit easier, like with it's $connection_variable->escape($_GET['someinput']);
It's all about preference, and a wrapper makes everything nice and clean for you. Nothing wrong with using one, but it is also acceptable to do it the old fashioned way. lol
Sorry, you need to Log In to post a reply to this thread.