|
|
Posted by shimmyshack on 04/26/07 23:49
On Apr 26, 10:07 pm, MIUSS <m...@seznam.cz> wrote:
> Hi
>
> need an advice, I'm beginner with PHP. I got little problem:
>
> I use this solution as login to get administration of my pages:
>
> <?php
> // if authorization isn't done we request it
> if (!IsSet($PHP_AUTH_USER))
> {
> Header("HTTP/1.0 401 Unauthorized");
> Header("WWW-Authenticate: Basic realm=\"RS - Admin Center\"");
> echo "Unauthorized access (a)";
> exit;}
>
> // if user filled up the form we continue with checking data in
> database
> else
> {
> // connect to database
> include "../conn.php";
> // looking for the login and password records that are set in
> authorizing form
> // we off-course looking for active users only
> $sql = mysql_query("SELECT * FROM autori
> WHERE login LIKE '$PHP_AUTH_USER'
> AND pass = '".md5($PHP_AUTH_PW)."'
> AND stav = 'a'");
> // if we won't find anyone with requested conditions we stop
> if (mysql_num_rows($sql) == 0)
> {
> Header("HTTP/1.0 401 Unauthorized");
> Header("WWW-Authenticate: Basic realm=\"RS - Admin Center\"");
> echo "Unauthorized access (b)";
> mysql_close($conn);
> exit;
> }
> // we don't need the connection with database so we end
> mysql_close($conn);}
>
> // continue with opening frames
> ?>
>
> The problem is that I can not get success with login on my pages
> though I use correct login and password. The dialog is opened three
> times and then I get the message Unauthorized access (a). It seems
> that the part after else command is never done. Why is it?
>
> Thank you very much for your hints!
>
> Have a nice day!
you are using an old script, use
$_SERVER['PHP_AUTH_PW']
$_SERVER['PHP_AUTH_USER']
and adjust your query to
....
WHERE login LIKE '".$_SERVER['PHP_AUTH_USER']."'
...
to avoid issue with quotes now, and it should be fine.
Navigation:
[Reply to this message]
|