php http authentication

The following code continues to ask for authentication even if I enter the right username (foo) and password (bar). What am I doing wrong?

<? if ( $auth != 1 ) { //if the user isn't authenticated header( "WWW-Authenticate: Basic realm="Authorization Required!"" ); //this makes the browser generate a login box header( "HTTP/1.0 401 Unauthorized" ); //this tells the browser that further viewing is not permitted echo 'Authorization Required!'; //and this gets echoed if the user doesn't enter the correct username/password pair exit; //this makes the script exit, and the user session ends. No script for you! } $auth = 0; // Assume user is not authenticated if (($PHP_AUTH_USER == "foo" ) && ($PHP_AUTH_PW == "bar" )) $auth = 1; //If all is well, consider the user authenticated ?> test

You must have entered the right password.

You should swap the statements:

$auth = 0;
if ($PHP_AUTH_USER == "foo" && $PHP_AUTH_PW == "bar") { $auth = 1; }

if ($auth != 1) { die("Authorization required!"); }

This is a simplification of what you have, but it shows the correct way.

Sponsor our Newsletter | Privacy Policy | Terms of Service