Home/ Questions/Q 6738511
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-26T11:22:39+00:00

I have a linux hosted website, i am trying to use the below code

  • 0

I have a linux hosted website, i am trying to use the below code for http-authentication for access to one confidential page, but it doesn’t seem to work, everytime i enter username and password, the authentication box pops up again! Can anybody tell me where m i going wrong?

 <?php
 // User name and password for authentication

$username='username';
$password='password';


if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW']) ||
($_SERVER['PHP_AUTH_USER'] !=$username) || ($_SERVER['PHP_AUTH_PW'] !=$password)) 
{
 // The user name/password are incorrect so send the authentication headers
   header('HTTP/1.1 401 Unauthorized');
  header('WWW-Authenticate: Basic realm="My Web Page:The Freedom Square Of Internet"');
  exit('<h2>My Web page</h2>Sorry, you must enter a valid user name and password to access this page.');
  }
?>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    It’s quite possible that your server ‘eats’ the ‘Authorization’ header, spitting out the contents of $_SERVER can help you get a better idea of what’s going on. What server are you using?

    Here’s a mod_rewrite solution for Apache if you’re using fastcgi and the above is your issue:
    http://search.cpan.org/~mramberg/Catalyst-Runtime-5.80012/lib/Catalyst/Engine/FastCGI.pm#Authorization_header_with_mod_fastcgi_or_mod_cgi

    RewriteCond %{HTTP:Authorization} ^(.+)
RewriteRule ^(.*)$ $1 [E=HTTP_AUTHORIZATION:%1,PT]

    You can then quite simply process the Authorization header if PHP doesn’t do it for you.

    • 0