I posted this in Coding but it seems like maybe it sould go here.
I am trying to work through Welling/Thomson book and am having trouble with the user authentication part.
This listing works in PHP version 4, but not in version 5. Check these two links out, they are the same identical code, only difference is the extension which directs it to which version of PHP to interpret it:
The login should be "user" and "pass"
This one works fine in php 4: PHP4 Version (<!-- m --><a class="postlink" href="http://www.testing.lane-consulting.com/16/http.php">http://www.testing.lane-consulting.com/16/http.php</a><!-- m -->)
But in version 5 it won't accept the authentication!
See: PHP5 Version (<!-- m --><a class="postlink" href="http://www.testing.lane-consulting.com/16/http.php5">http://www.testing.lane-consulting.com/16/http.php5</a><!-- m -->)
Is there something that needs to be activated to get the password to work in version 5?
I am wondering if it is this explode thing that is screwing it up? Any thoughts?
PHP Code:
list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) =
explode(':', base64_decode(substr($HTTP_AUTHORIZATION, 6)));
}
The page code is as follows, any idea where I am going wrong?
PHP Code:
<?php
// if we are using IIS, we need to set $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW']
if (substr($SERVER_SOFTWARE, 0, 9) == 'Microsoft' &&
!isset($_SERVER['PHP_AUTH_USER']) &&
!isset($_SERVER['PHP_AUTH_PW']) &&
substr($HTTP_AUTHORIZATION, 0, 6) == 'Basic ' )
{
list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) =
explode(':', base64_decode(substr($HTTP_AUTHORIZATION, 6)));
}
// Replace this if statement with a database query or similar
if ($_SERVER['PHP_AUTH_USER'] != 'user' || $_SERVER['PHP_AUTH_PW'] != 'pass')
{
// visitor has not yet given details, or their
// name and password combination are not correct
header('WWW-Authenticate: Basic realm="Realm-Name"');
if (substr($SERVER_SOFTWARE, 0, 9) == 'Microsoft')
header('Status: 401 Unauthorized');
else
header('HTTP/1.0 401 Unauthorized');
echo '<h1>Go Away!</h1>';
echo '<p>You are not authorized to view this resource.</p>';
phpinfo();
}
else
{
// visitor has provided correct details
echo '<h1>Here it is!</h1>';
echo '<p>I bet you are glad you can see this secret page.</p>';
phpinfo();
}
?>
Thanks for any help or ideas!Check the setting of register_globals in php.ini
Version 4 defaulted to ON, whereas version 5 defaults to OFF
EDIT: Looks like HTTP_AUTHORIZATION and SERVER_SOFTWARE come from the $_ENV superglobal. A better choice is change those to $_ENV['HTTP_AUTH...'] etcYes, but if you look at the phpinfo that comes up you will see theat Register_Globals is off in both cases --- so must be something else.
But What!I notice my PHP4 is showing Apache as the Server API but the PHP5 shows the Server API as "CGI"
Would that require a different way to access this?Run this above the errors before using the data:
print '<pre>' . print_r($GLOBALS, true) . '</pre>';
Don't paste the results here for security reasons, but look for the variables you are expecting and see how they measure up...Check this, says CGI screws it up!:
<!-- m --><a class="postlink" href="http://www.besthostratings.com/articles/http-auth-php-cgi.htmlThere">http://www.besthostratings.com/articles ... .htmlThere</a><!-- m --> ya go
I am trying to work through Welling/Thomson book and am having trouble with the user authentication part.
This listing works in PHP version 4, but not in version 5. Check these two links out, they are the same identical code, only difference is the extension which directs it to which version of PHP to interpret it:
The login should be "user" and "pass"
This one works fine in php 4: PHP4 Version (<!-- m --><a class="postlink" href="http://www.testing.lane-consulting.com/16/http.php">http://www.testing.lane-consulting.com/16/http.php</a><!-- m -->)
But in version 5 it won't accept the authentication!
See: PHP5 Version (<!-- m --><a class="postlink" href="http://www.testing.lane-consulting.com/16/http.php5">http://www.testing.lane-consulting.com/16/http.php5</a><!-- m -->)
Is there something that needs to be activated to get the password to work in version 5?
I am wondering if it is this explode thing that is screwing it up? Any thoughts?
PHP Code:
list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) =
explode(':', base64_decode(substr($HTTP_AUTHORIZATION, 6)));
}
The page code is as follows, any idea where I am going wrong?
PHP Code:
<?php
// if we are using IIS, we need to set $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW']
if (substr($SERVER_SOFTWARE, 0, 9) == 'Microsoft' &&
!isset($_SERVER['PHP_AUTH_USER']) &&
!isset($_SERVER['PHP_AUTH_PW']) &&
substr($HTTP_AUTHORIZATION, 0, 6) == 'Basic ' )
{
list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) =
explode(':', base64_decode(substr($HTTP_AUTHORIZATION, 6)));
}
// Replace this if statement with a database query or similar
if ($_SERVER['PHP_AUTH_USER'] != 'user' || $_SERVER['PHP_AUTH_PW'] != 'pass')
{
// visitor has not yet given details, or their
// name and password combination are not correct
header('WWW-Authenticate: Basic realm="Realm-Name"');
if (substr($SERVER_SOFTWARE, 0, 9) == 'Microsoft')
header('Status: 401 Unauthorized');
else
header('HTTP/1.0 401 Unauthorized');
echo '<h1>Go Away!</h1>';
echo '<p>You are not authorized to view this resource.</p>';
phpinfo();
}
else
{
// visitor has provided correct details
echo '<h1>Here it is!</h1>';
echo '<p>I bet you are glad you can see this secret page.</p>';
phpinfo();
}
?>
Thanks for any help or ideas!
Check the setting of register_globals in php.iniVersion 4 defaulted to ON, whereas version 5 defaults to OFF
EDIT: Looks like HTTP_AUTHORIZATION and SERVER_SOFTWARE come from the $_ENV superglobal. A better choice is change those to $_ENV['HTTP_AUTH...'] etcYes, but if you look at the phpinfo that comes up you will see theat Register_Globals is off in both cases --- so must be something else.
But What!I notice my PHP4 is showing Apache as the Server API but the PHP5 shows the Server API as "CGI"
Would that require a different way to access this?Run this above the errors before using the data:
print '<pre>' . print_r($GLOBALS, true) . '</pre>';
Don't paste the results here for security reasons, but look for the variables you are expecting and see how they measure up...Check this, says CGI screws it up!:
<!-- m --><a class="postlink" href="http://www.besthostratings.com/articles/http-auth-php-cgi.htmlThere">http://www.besthostratings.com/articles ... .htmlThere</a><!-- m --> ya go