PHP authentication

[Vincent26381]

Hi,

I found this script on the net and find it pretty easy and usefull. But I have a fe questions though....

Is there a way that when you have access to the page you can add
a user? Maybe by calling the username and password from a
seperate file? I don't need this top-secure but is it a
bit secure?

PHP Code:

<?php

$LOGIN = "Username";
$PASSWORD = "Password";
function error ($error_message) {
    echo $error_message."<BR>";
print "Access denied";
    exit;
}

if ( (!isset($PHP_AUTH_USER)) || ! (($PHP_AUTH_USER == $LOGIN) && ( $PHP_AUTH_PW == "$PASSWORD" )) ) {
    header("WWW-Authenticate: Basic entrer=\"Form2txt admin\"");
    header("HTTP/1.0 401 Unauthorized");
    error("<BR>");
}
?> 
<HTML><HEAD><TITLE>protected page</TITLE></HEAD>
<BODY BGCOLOR="#F2F1EE">
My page
</BODY>
</HTML>

Thanks in advance

[Musicman]

Hi,

the general problem with basic auth is not really to keep people from getting in but rather to add a feature where they can get out again
As long as you do not want a logout button on your main page, this is fine

Musicman

[Vincent26381]

Thanks

Is there a way to add a user (with password) by using another script and that this script gets it's usernames and passwords from another file (.txt?)

I would like it to have it so that when a user log's in he can change his username/password/add a user.

Thanks again....

[Musicman]

Hi,

there should be a few scripts around that are intended to work with a conventional login form. They should work with your setup too.
Make sure to put the textfile in a protected area different from this one...

// fragment to check user/pass
$fp = fopen("../secret/passwords.txt", "r");
$ok = 0;
while($line = fgets($fp, 100))
{ $fields = split("\t", $line);
if($fields[0] == $PHP_AUTH_USER && $fields[1] == $PHP_AUTH_PW)
$ok = 1;
}
if(!$ok)
{ // send them back to the auth form
header("HTTP/1.0 401 Unauthorized");

BTW - you cannot use this system to protect individual images unless you serve them through a php script too

Musicman

[Vincent26381]

Thanks Musicman, you're extremely helpfull

I'm having problems with it though
Where should I put this code, should it replace part of the existing code?

Sorry to be such a pain.....

[Musicman]

Hi,

one way to get it all together ... there are others - I just want to avoid duplicate code

Code:

<?
function deny () {
header("WWW-Authenticate: Basic entrer=\"Form2txt admin\"");
header("HTTP/1.0 401 Unauthorized")
print "Access denied";
    exit;
}
if(!isset($PHP_AUTH_USER)) deny();
$fp = fopen("../secret/passwords.txt", "r");
$ok = 0;
while($line = fgets($fp, 100))
{ $fields = split("\t", $line);
if($fields[0] == $PHP_AUTH_USER && $fields[1] == $PHP_AUTH_PW)
$ok = 1;
}
if(!$ok) deny();
?> 
<HTML><HEAD><TITLE>protected page</TITLE></HEAD>
<BODY BGCOLOR="#F2F1EE">
My page
</BODY>
</HTML>

BTW - I silently assume that there are more than those two fields on the line, otherwise you would probably have to change the code in italics to
$fields = split("\t", ereg_replace("\n", "", $line));

Musicman

[Vincent26381]

Again Thanks!
two more questions
How should I format passwords.txt; I tried several ways...

I silently assume that there are more than those two fields

I need to replace the italic code witg that line if I have more then two user?

Thanks again.

[Musicman]

Hi,

it should be
username TAB password TAB other
username TAB password TAB other

You need to change the italicized code if you do not have any "other" type columns, because the linebreak would otherwise appear as part of the password

Musicman

[Vincent26381]

Perfect! thanks so much