| View previous topic :: View next topic |
| Author |
Message |
Kent
-
Joined: 12 Jan 2003
Posts: 137
|
 Posted: Fri Aug 08, 2003 10:57 pm Post subject: $PHP_AUTH_USER woes |
 |
|
I have the latest version of PHP for windows ( I used the installer ) auto compiles as cgi right? can there be a way around PHP giving an internal error on this code using the compiled as cgi version of PHP ? Id hate to have to uninstall php and compile it myself.
| Code: | <?php
if(!isset($PHP_AUTH_USER)) {
Header("WWW-Authenticate: Basic realm=\"SECURE LOGIN\"");
Header("HTTP/1.0 401 Unauthorized");
exit;
} else {
if ( ($PHP_AUTH_USER == "USER1" && $PHP_AUTH_PW == "USER") || ($PHP_AUTH_USER == "USER2" && $PHP_AUTH_PW == "USER") || ($PHP_AUTH_USER == "USER3" && $PHP_AUTH_PW == "USER") ) { } else { Header("WWW-Authenticate: Basic realm=\"SECURE LOGIN\""); Header("HTTP/1.0 401 Unauthorized"); Print " WRONG USERNAME AND PASSWORD ENTERED "; exit; } }
?> |
|
|
| Back to top |
  |
 |
aprelium
-
Joined: 22 Mar 2002
Posts: 6800
|
| Posted: Sun Aug 10, 2003 3:58 pm Post subject: Re: $PHP_AUTH_USER woes |
|
|
We did the test with Abyss 1.1.6 and the register_globals=on in php.ini and the script worked fine.
What was the error you get?
_________________
Support Team
Aprelium - http://www.aprelium.com |
|
| Back to top |
 |
|
Kent
-
Joined: 12 Jan 2003
Posts: 137
|
| Posted: Tue Aug 12, 2003 1:25 am Post subject: hmmmmm |
|
|
I have the code set in a seperate file and have the | Code: | | <?include('Securefile.php');?> |
tag to embed it and run it on page load. it gives me an error 500
take a look http://16.sytes.net/0/
here is my full code for my index.php file
| Code: | <?include('secure.passer');?>
<?include('mainpanel.php');?> |
here is my security code file
| Code: | <?PHP
if(!isset($PHP_AUTH_USER)) {
Header("WWW-Authenticate: Basic realm=\"SECURE LOGIN REALM\"");
Header("HTTP/1.0 401 Unauthorized");
exit;
} else {
if ( ($PHP_AUTH_USER == "USER" && $PHP_AUTH_PW == "PASS") || ($PHP_AUTH_USER == "USER" && $PHP_AUTH_PW == "PASS") || ($PHP_AUTH_USER == "USER" && $PHP_AUTH_PW == "PASS") ) { } else { Header("WWW-Authenticate: Basic realm=\"SECURE LOGIN REALM\""); Header("HTTP/1.0 401 Unauthorized"); Print " WRONG USERNAME AND PASSWORD ENTERED "; exit; } }
?>
|
|
|
| Back to top |
|
|
aprelium
-
Joined: 22 Mar 2002
Posts: 6800
|
| Posted: Tue Aug 12, 2003 2:55 pm Post subject: Re: hmmmmm |
|
|
Can you please package all the php files that are used in the /0/ directory and send us a zipped copy to support@aprelium.com because we are unable to reproduce this error 500.
_________________
Support Team
Aprelium - http://www.aprelium.com |
|
| Back to top |
|
|
Kent
-
Joined: 12 Jan 2003
Posts: 137
|
| Posted: Tue Aug 12, 2003 4:18 pm Post subject: ok |
|
|
Ok I sent you guys the entire script, maybe its something im doing wrong but im pretty sure my code is straight enought to do the trick... it worked with the previous beta version if that helps any.
===================================================
by the way do you know of any php code that can make sure a person is coming from a mandatory page to view another page, so if they were to type in http://mysite/somepage without clicking the mandatory link on http://mysite/mainpage it would redirect them to a page of my choosing?
I really would like to do this for pages that Im protecting with credit card verification access and aprelium doesnt jive with .htacess
=================================================== |
|
| Back to top |
|
|
aprelium
-
Joined: 22 Mar 2002
Posts: 6800
|
| Posted: Wed Aug 13, 2003 1:30 pm Post subject: Re: ok |
|
|
| Kent wrote: |
===================================================
by the way do you know of any php code that can make sure a person is coming from a mandatory page to view another page, so if they were to type in http://mysite/somepage without clicking the mandatory link on http://mysite/mainpage it would redirect them to a page of my choosing?
I really would like to do this for pages that Im protecting with credit card verification access and aprelium doesnt jive with .htacess
=================================================== |
You can test the $HTTP_REFERER variable. It should contain the URL the user comes from. But this may not be always the case, because some users can configure their browser to not send this information. In such a case, it is better to rely on sessions.
_________________
Support Team
Aprelium - http://www.aprelium.com |
|
| Back to top |
|
|
Kent
-
Joined: 12 Jan 2003
Posts: 137
|
| Posted: Wed Aug 13, 2003 2:05 pm Post subject: hey |
|
|
by the way did you guys ever find out why my auth code is producing error 500 ?
someone told me it had to do with the fact that I have php setup as CGI and Not ISAPI... but anyways because I tried it like this to get it to work with php as CGI
instead of $PHP_AUTH_USER
I put:
$_SERVER['PHP_AUTH_USER']
and it still gave me the same stupid error....
its really giving me a headache now. |
|
| Back to top |
|
|
aprelium
-
Joined: 22 Mar 2002
Posts: 6800
|
| Posted: Thu Aug 14, 2003 12:30 pm Post subject: Re: hey |
|
|
We never had error 500 while testing your code (with many CGI versions of PHP). Instead, PHP worked and reported two warnings.
_________________
Support Team
Aprelium - http://www.aprelium.com |
|
| Back to top |
|
|
|
