0

Following is my code which I am using to HTTP authenticate. The problem I am facing is I am not able to get the posted values I gave in username and password. Kindly let me know how can I fix this?

$actual_link = "http://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]";
  if (stripos($actual_link, 'rate') !== false) 
{
$valid_passwords = "abcd";
$valid_users = "loanq";

$user = $_SERVER['PHP_AUTH_USER'];
$pass = $_SERVER['PHP_AUTH_PW'];

if ($user != $valid_users || $pass != $valid_passwords)
{
    $validated = false;
}
else
{
    $validated = true;
}

if (!$validated) {
    header('WWW-Authenticate: Basic realm="Authenticate Yourself"');
    header('HTTP/1.0 401 Unauthorized');
    die ("Not authorized");
}
}
soft genic
  • 2,016
  • 3
  • 27
  • 44
  • can we see the html form so we can see how you are forming your post request? – Royalty Jan 09 '15 at 23:11
  • 3
    @Royalty Its HTTP Authentication and you don't put any form for that. Its auto generated... – soft genic Jan 09 '15 at 23:12
  • What is it doing, just keeps giving you the login box over and over? – developerwjk Jan 09 '15 at 23:21
  • @developerwjk yes its exactly doing that.. – soft genic Jan 09 '15 at 23:22
  • You should add something like a session variable so that you can stop and inspect the variables after the first failed login instead of generating a new login box. – jeroen Jan 09 '15 at 23:24
  • Ok, after racking my brain on this and editing the code and thinking I found something, I went back and tried the initial code again, and it actually works. Its just that I mixed up the username and password because you declare them in reverse order pass/user at the top of the PHP...lol – developerwjk Jan 10 '15 at 00:07
  • @jeroen As per the answer here http://stackoverflow.com/questions/7053306/http-auth-via-php-php-auth-user-not-set my server is `CGI/FastCGI ` so is there anyway I can use the HTTP authentication without PHP then? – soft genic Jan 10 '15 at 00:09
  • just wonder, if you debug this - where is your echos? just show us variable values please. and I think first line or almost line must be `if (isset($_SERVER['PHP_AUTH_USER']))` and then you can try to put it into your vars... but anyway echos more often to see where is an error :-) – Alex Jan 10 '15 at 02:53

0 Answers0