I am using the following code from a book that is explaining how to do database authentication via PHP however I can not get it to work. I continuously get the login prompt and am never allowed into my application. The only thing I modified is the "realm" and field names in order to match up with my database.
Database configuration and connection scripts are external and not included below but I know they are correct as I have no problem inserting or selecting data from my database.
Also, I know mysql is deprecated but I am working on a quick project that will be upgraded once I have time to learn the newer code. Please for now, respond based on mysql in that respect.
Finally this is a very small personal project and I know there are a lot of security errors...that is why I am learning. For now, I am starting with the basics and just trying to get the code to work and then next I plan to learn sessions, encryption, etc.
Please go easy on me :) Thanks
<?php
require_once 'database_connection.php';
if (!isset($_SERVER['PHP_AUTH_USER']) ||
!isset($_SERVER['PHP_AUTH_PW'])) {
header('HTTP/1.1 401 Unauthorized');
header('WWW-Authenticate: Basic realm="The Social Site"');
exit("You need a valid username and password to be here. " .
"Move along, nothing to see.");
}
// Look up the user-provided credentials
$query = sprintf("SELECT user_id, username FROM fbo_users" .
"WHERE username = '%s' AND " .
" password = '%s';",
mysql_real_escape_string(trim($_SERVER['PHP_AUTH_USER'])),
mysql_real_escape_string(
crypt(trim($_SERVER['PHP_AUTH_PW']),
$_SERVER['PHP_AUTH_USER'])));
$results = mysql_query($query);
if (mysql_num_rows($results) == 1) {
$result = mysql_fetch_array($results);
$current_user_id = $result['user_id'];
$current_username = $result['username'];
} else {
header('HTTP/1.1 401 Unauthorized');
header('WWW-Authenticate: Basic realm="FBOtracker"');
exit("You need a valid username and password to be here. " .
"Move along, nothing to see.");
}
?>
echo $query
and try to run it manually using phpMyAdmin, command line MySQL prompt or similar. Does it work? If it does: inpsect your PHP code to find out the issue. If it doesn't: edit your question to include the error message you're getting. – Amal Murali Mar 21 at 15:36Fred -ii-
after seeing another some time back. How many Fred's are there on SO? lol @fred2 – Fred -ii- Mar 21 at 16:06