Posted by Rik on 03/07/07 10:10

Els <els.aNOSPAM@tiscali.nl> wrote:

> Hi all,
>
> I'm working on a Joomla installation with various components, and one
> of them needs to have one page (with an entry form) password
> protected. (Joomla caters for protection of the entire component, but
> that's not what I want)
>
> I found this code on php.net:
>
> <?php
> if (!isset($_SERVER['PHP_AUTH_USER'])) {
> header('WWW-Authenticate: Basic realm=3D"My Realm"');
> header('HTTP/1.0 401 Unauthorized');
> echo 'Text to send if user hits Cancel button';
> exit;
> } else {
> echo "<p>Hello {$_SERVER['PHP_AUTH_USER']}.</p>";
> echo "<p>You entered {$_SERVER['PHP_AUTH_PW']} as your
> password.</p>";
> }
> ?>
>
> And it does indeed work if I use it on the page with the form, in the
> sense that a login thingy pops up.
> What I don't know though, is how I set the username and password to
> check against, so that I can give some people permission to see that
> form.
>
> Probably something really simple, but I don't see it...
>
> If possible, I'd like it to check against usernames that are already
> in the database, and which have certain rights, but I'm happy already
> if I can just set any username/password.


Well, just check them against the database (mysql?):

<?php
$verified =3D false;
if(isset($_SERVER['PHP_AUTH_USER'])){
$user =3D mysql_real_escape_string($_SERVER['PHP_AUTH_USER']);
$result =3D mysql_query("SELECT `passwd` FROM `tablename` WHERE `user` =
=3D =

'$user'");
if(mysql_num_rows($result) =3D=3D 1){
$row =3D mysql_fetch_assoc($result);
if($row['passwd']=3D=3D$_SERVER['PHP_PW']) $verified =3D true;
}
}
if(!$verfied){
header('WWW-Authenticate: Basic realm=3D"My Realm"');
header('HTTP/1.0 401 Unauthorized');
echo 'Text to send if user hits Cancel button';
exit;
}
?>

-- =

Rik Wasmus
Posted on Usenet, not any forum you might see this in.
Ask Smart Questions: http://tinyurl.com/anel

[Back to original message]