Announcement

Collapse
No announcement yet.

Code Check

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Code Check

    Can someone check my code please. The code brings up a htaccess login prompt which checks against a user/pass in the database and allows them access based upon that.

    However when I try logging in my user/pass won't work and I'm prompted for it again. Even though they are correct.

    PHP Code:
    <?php 

    $checkservername 
    "localhost";            // hostname or ip of server
    $dbcheckusername "";                // user name
    $dbcheckpassword "";                    // user password
    $dbcheckbase     "";                    // name of database

    $realm "BETA";

    $auth false// Assume user is not authenticated 

    if (isset( $PHP_AUTH_USER ) && isset($PHP_AUTH_PW)) { 

        
    // Connect to MySQL 

        
    mysql_connect$checkservername$dbcheckusername$dbcheckpassword 
            or die ( 
    'Unable to connect to server.' ); 

        
    // Select database on MySQL server 

        
    mysql_select_db$dbcheckbase 
            or die ( 
    'Unable to select database.' ); 
        
    // Formulate the query 

        
    $sql "SELECT * FROM User WHERE 
                Name = '
    $PHP_AUTH_USER' AND 
                Password = MD5(CONCAT(MD5('
    $PHP_AUTH_PW'), salt)) AND RoleID = '6'";
                
        
    // Execute the query and put results in $result 

        
    $result mysql_query$sql 
            or die ( 
    'Unable to execute query.' ); 

        
    // Get number of rows in $result. 

        
    $num mysql_numrows$result ); 

        if ( 
    $num != ) { 

        
    // A matching row was found - the user is authenticated. 

            
    $auth true

        } 



    if ( ! 
    $auth ) { 

        
    header"WWW-Authenticate: Basic realm=\"$realm\"" ); 
        
    header"HTTP/1.0 401 Unauthorized" ); 
        echo 
    'No'
        exit; 


    ?>
    I'm aware of mod_auth_mysql but my host won't enable it, so I'm running a PHP work around.

  • #2
    Try using $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] instead of just $PHP_AUTH_USER and $PHP_AUTH_PW.
    Bugdar: PHP bug tracking software that is beautiful, fast, and robust.

    Comment

    widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
    Working...
    X