Dear folks,
There seems to be a problem with password protection for accessing a particular php page:
@ When I embed this test code, I am presented nicely with a popup authentification dialog.
@ If I fill in the fields and press enter, it does not show the password/login on the page!
@ It just presents me again the auth dialog with emptied fields… again and again
@ After 3 tries orso it sais unauthorised to access…
What could be going on? Thanks very much for your suggestions!
if (!isset($_SERVER['PHP_AUTH_USER'])) {
header('WWW-Authenticate: Basic realm="My Realm"');
header('HTTP/1.0 401 Unauthorized');
echo 'Text to send if user hits Cancel button';
exit;
} else {
echo "<p>Hello {$_SERVER['PHP_AUTH_USER']}.</p>";
echo "<p>You entered {$_SERVER['PHP_AUTH_PW']} as your password.</p>";
}
Ive Apache 2.0x Fedora with PHP 5.2.3 and nowhere else is password set in apache htacces or anything
PHP_AUTH_USERis available for mod_php setups at best. For CGI or FastCGI setups you will have to manually unmarshall theHTTP_AUTHORIZATIONheader. To make matters worse, it is often not present for security reasons. ( Basic Authentication with PHP gives an endless loop )You will have to check with phpinfo() which variant you can use. Then apply one of the more complex examples from the comments in http://www.php.net/manual/en/features.http-auth.php#94349