0

I'm trying to add an HTTP Authentication to my admin page using PHP. I've verbatim copied a bunch of different examples and none are working. Does anyone know if there are certain things you need to do on the server side or if this code doesn't work with newer versions of PHP? Please help!

Here is my test 'authorize.php' file. I am just using require_once on this for each admin page.

<?php  
    if (!isset($_SERVER['PHP_AUTH_USER'])) {
        header('WWW-Authenticate: Basic realm="My Realm"');
        header('HTTP/1.0 401 Unauthorized');
        echo 'Text to send if user hits Cancel button';
        exit;
    } else {
        echo "<p>Hello {$_SERVER['PHP_AUTH_USER']}.</p>";
        echo "<p>You entered {$_SERVER['PHP_AUTH_PW']} as your password.</p>";
    }
?>

What happens is that the authorization just pops up over and over. PHP_AUTH_USER never gets set.

Improve this question

3 Answers 3

Reset to default
1

If your PHP working as CGI/FastCGI, then you will have no luck. Try to switch it in non-cgi mode.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Any idea how I do that? Also, are there drawbacks to making such a move?
1. Somewhere in you control panel. 2. No.
1

For others who come across this problem, you can add rewrite rule in .htaccess.

RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

HTTP Basic/Digest Authentication will work on Godaddy with this change.

Improve this answer

Comments

0

You need to find out if they're passing it to PHP, and which Server variable has your user name in it.

Make a small PHP Test page, put the code below in it, and upload it to the directory that's being protected by .htaccess, i.e. where it's asking for a user/pw.

This code will show all the server variables, and you can see which one has your user name in it, then use that variable instead:

foreach($_SERVER as $key_name => $key_value) {  
    print $key_name . " = " . $key_value . "<br>";
}

I don't think it's going to pass the password though, just the user. And you don't want to echo the password through a website anyway.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.