HTTP Authentication - Not working 1

[RENO9]

I have an issue trying to get Http Authentification working with an SQL line checking my db, it is

$sql = "SELECT * FROM customer WHERE UPPER(customerID) = UPPER('{$_SERVER['PHP_AUTH_USER']}') AND lower(password) = lower('{$_SERVER['PHP_AUTH_PW']}')";

with the database as

customerID | password
------------+---------
PAULBYR | yhuthe

when i submit it it just seems to loop back in prompting again and i cant work out why...

Could it be because the password in the database is not encrypted and PHP_AUTH_PW is looking for an encrypted one?

 

[sleipnir214]

First, tell us about your environment. You're running PHP as an Apache module, right?

Second, tell us how you are getting the browser to ask the user for a login.

Want the best answers? Ask the best questions!

TANSTAAFL!!

 

[RENO9]

Ok sorry, i was trying not to overcomplicate things, hear is the file

<?php
	//HTTP_Auth.php

	function authenticate( ) {
	  header('[URL unfurl="true"]WWW-Authenticate:[/URL] Basic realm="P9"');  // Logon dialog
	  header('HTTP/1.0 401 Unauthorized');
	  echo "<h3>Record System: Logon Failure</h3>\n";
	  echo "<p>Cancel button was selected</p>\n";
	  exit;
	  } 
	
	if (!isset($_SERVER['PHP_AUTH_USER']))
	{
	  authenticate( );
	}
	else {		// Validate the user
	require_once('PEARConnect.php');
	
	$sql = "SELECT * FROM customer WHERE UPPER(customerID) = UPPER('{$_SERVER['PHP_AUTH_USER']}') ";
    $sql .= "AND lower(password) = lower('{$_SERVER['PHP_AUTH_PW']}')";
	
	$qry = $dsn->query($sql); // Execute the query.
	// If no rows were returned the username and password are invalid.
	// Display a message to the user and exit
	if ($qry->numRows() == 0)
	{
	 echo "<h1>Record System: Logon Failure</h1>\n";
	 echo "<p>Either the username or password was  incorrect. \n";
	 echo "The logon was unsuccessful.</p>\n";
	 $_SERVER['PHP_AUTH_USER'] = "UNAUTHORISED";
 	 exit;
	}
	header("Location: [URL unfurl="true"]http://localhost/index.html");[/URL]
	}
?>

PEARConnect.php

$dsn = $dbType."://root:@localhost/tester";

Hopefully this makes it clearer, it just continuously prompts for the user name and password???

 

[jpadie]

can you confirm the OS, web-server and method of using php (sapi, cgi)?

 

[RENO9]

XP Home
Web-server - Apache 2.0.54
MySQL - 2.0.15-nt
PHP - 5.0.5.5 (Binary)
Thanks

 

[sleipnir214]

Considering that $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] are only available when running PHP as an Apache module, can you please verify that you are running PHP that way?

Want the best answers? Ask the best questions!

TANSTAAFL!!

 

[RENO9]

Im not greatly experienced in PHP/Apache, how could i check this?

Thanks

 

[sleipnir214]

Look in httpd.conf for the mentions of "LoadModule" and "php" in the same line.

Want the best answers? Ask the best questions!

TANSTAAFL!!

 

[RENO9]

There is not one with LoadModule and php in the same line, here is what there is.

LoadModule access_module modules/mod_access.so
LoadModule actions_module modules/mod_actions.so
LoadModule alias_module modules/mod_alias.so
LoadModule asis_module modules/mod_asis.so
LoadModule auth_module modules/mod_auth.so
#LoadModule auth_anon_module modules/mod_auth_anon.so
#LoadModule auth_dbm_module modules/mod_auth_dbm.so
#LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule autoindex_module modules/mod_autoindex.so
#LoadModule cern_meta_module modules/mod_cern_meta.so
LoadModule cgi_module modules/mod_cgi.so
#LoadModule dav_module modules/mod_dav.so
#LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule dir_module modules/mod_dir.so
LoadModule env_module modules/mod_env.so
#LoadModule expires_module modules/mod_expires.so
#LoadModule file_cache_module modules/mod_file_cache.so
#LoadModule headers_module modules/mod_headers.so
LoadModule imap_module modules/mod_imap.so
LoadModule include_module modules/mod_include.so
#LoadModule info_module modules/mod_info.so
LoadModule isapi_module modules/mod_isapi.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule mime_module modules/mod_mime.so
#LoadModule mime_magic_module modules/mod_mime_magic.so
#LoadModule proxy_module modules/mod_proxy.so
#LoadModule proxy_connect_module modules/mod_proxy_connect.so
#LoadModule proxy_http_module modules/mod_proxy_http.so
#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule negotiation_module modules/mod_negotiation.so
#LoadModule rewrite_module modules/mod_rewrite.so
LoadModule setenvif_module modules/mod_setenvif.so
#LoadModule speling_module modules/mod_speling.so
#LoadModule status_module modules/mod_status.so
#LoadModule unique_id_module modules/mod_unique_id.so
LoadModule userdir_module modules/mod_userdir.so

 

[RENO9]

So i presume this is where the problem lies!

 

[sleipnir214]

<tongue-in-cheek>
I make no claim to this being the entire problem....
</tongue-in-cheek>


This is your first Go/Nogo point. The PHP online manual (

http://www.php.net/manual/en/reserved.variables.php)

is explicit that $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] are available if and only if you are running any version of PHP as an Apache module or you are running PHP 5 as an IIS ISAPI filter.

Want the best answers? Ask the best questions!

TANSTAAFL!!

 

[jpadie]

so if you are inexperienced with apache have a look on the web for articles on how to use apached 2* on windows as a sapi module.

Assuming you really want to use the http auth functions of php, you do need to install the sapi version of php. it's not at all difficult (but not very stable either) but you do need to download the full php (without installer) from the php.net website and install it manually. the download (i believe) comes with instructions on how to make it work but if you get stuck post back in the apache forum (or this one since I guess the issue is php...)

 

[RENO9]

Ok i will look into it, thanks everyone.