|
|
Posted by Els on 03/07/07 20:28
Rik wrote:
> Els <els.aNOSPAM@tiscali.nl> wrote:
>> Rik wrote:
>>> Els <els.aNOSPAM@tiscali.nl> wrote:
>>>
>> [using http authentication to protect one page of a cms component]
>>>> If possible, I'd like it to check against usernames that are already
>>>> in the database, and which have certain rights, but I'm happy already
>>>> if I can just set any username/password.
>>>
>>> Well, just check them against the database (mysql?):
>>>
>>> <?php
>>> $verified = false;
>>> if(isset($_SERVER['PHP_AUTH_USER'])){
>>> $user = mysql_real_escape_string($_SERVER['PHP_AUTH_USER']);
>>> $result = mysql_query("SELECT `passwd` FROM `tablename` WHERE `user` =
>>> '$user'");
>>> if(mysql_num_rows($result) == 1){
>>> $row = mysql_fetch_assoc($result);
>>> if($row['passwd']==$_SERVER['PHP_PW']) $verified = true;
>>> }
>>> }
>>> if(!$verfied){
>>> header('WWW-Authenticate: Basic realm="My Realm"');
>>> header('HTTP/1.0 401 Unauthorized');
>>> echo 'Text to send if user hits Cancel button';
>>> exit;
>>> }
>>> ?>
>>
>> I can't seem to get that one to work.
>> The passwords in the database are encoded though, would that cause the
>> trouble?
>
> Indeed, you'd have to use similar encoding on $_SERVER['PHP_PW']. There
> are various functions and encodings available to you, you'll have to know
> which is used. (Often just md5 or sha1.)
It's md5 indeed, but I have no idea how to incorporate that in the
above piece of script..
--
Els http://locusmeus.com/
Now playing: Mr. Big - 30 Days In The Hole
Navigation:
[Reply to this message]
|