Posted by Els on 03/07/07 12:40

Rik wrote:
> Els <els.aNOSPAM@tiscali.nl> wrote:
>
[using http authentication to protect one page of a cms component]
>> What I don't know though, is how I set the username and password to
>> check against, so that I can give some people permission to see that
>> form.
>>
>> Probably something really simple, but I don't see it...
>>
>> If possible, I'd like it to check against usernames that are already
>> in the database, and which have certain rights, but I'm happy already
>> if I can just set any username/password.
>
> Well, just check them against the database (mysql?):
>
> <?php
> $verified = false;
> if(isset($_SERVER['PHP_AUTH_USER'])){
> $user = mysql_real_escape_string($_SERVER['PHP_AUTH_USER']);
> $result = mysql_query("SELECT `passwd` FROM `tablename` WHERE `user` =
> '$user'");
> if(mysql_num_rows($result) == 1){
> $row = mysql_fetch_assoc($result);
> if($row['passwd']==$_SERVER['PHP_PW']) $verified = true;
> }
> }
> if(!$verfied){
> header('WWW-Authenticate: Basic realm="My Realm"');
> header('HTTP/1.0 401 Unauthorized');
> echo 'Text to send if user hits Cancel button';
> exit;
> }
> ?>

I can't seem to get that one to work.
The passwords in the database are encoded though, would that cause the
trouble?



--
Els http://locusmeus.com/

Now playing: Mr. Big - 30 Days In The Hole

[Back to original message]