page is available using any credentials on php authentication

Question

popup dialog is there but entering any credentials - the page is available
what is the problem ?

if(!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW']) || !$_SERVER['PHP_AUTH_USER'] == 'lorem' || !$_SERVER['PHP_AUTH_PW'] == 'ipsum'){
    header('http/1.1 401 Unauthorized');
    header('WWW-Authenticate: Basic realm="Wonder Penguin"');
    die("Access Denied !");
}

Checkout [https://stackoverflow.com/questions/14724127/why-are-serverphp-auth-user-and-serverphp-auth-pw-not-set](https://stackoverflow.com/questions/14724127/why-are-serverphp-auth-user-and-serverphp-auth-pw-not-set) — Hritik R, Sep 02 '21 at 04:31
@HritikR - I have no problem with setting variables, but with their values. Otherwise the popup form would not be present — qadenza, Sep 02 '21 at 04:46
`!$_SERVER['PHP_AUTH_USER'] == 'lorem'` is wrong, you want `$_SERVER['PHP_AUTH_USER'] != 'lorem'` there. (Or you would have to use an additional set of braces there, `!($_SERVER['PHP_AUTH_USER'] == 'lorem')`) — CBroe, Sep 02 '21 at 08:11

score 1 · Accepted Answer · answered Sep 02 '21 at 09:21

1

!$_SERVER['PHP_AUTH_USER'] == 'lorem' is wrong, you want
$_SERVER['PHP_AUTH_USER'] != 'lorem' there.

Or you would have to use an additional set of braces there, !($_SERVER['PHP_AUTH_USER'] == 'lorem')

The reason is operator precedence.

answered Sep 02 '21 at 09:21

CBroe

91,630
14
92
150

page is available using any credentials on php authentication

1 Answers1