HTTP Authentication Error

I am getting an authentication error when I open the page, I am not even prompted for the userid or password.   Any suggestions?
I use require_once('authvars.php') to call the attached code.  
<?php

    #We have to specify username and password for authentication
    $user = "userdemo";
    $pass = "passdemo";
    list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode(substr($_SERVER['REDIRECT_REMOTE_USER'], 6)));
    #We ask to open a popup of Authentication System on the client browser
    if (!isset($_SERVER['PHP_AUTH_USER']))
    {
    header("WWW-Authenticate: Basic realm=\"You must Log In!\"");
    Header("HTTP/1.0 401 Unauthorized");
    exit;
    }
    #We have to verify is Login User and Password are the same of defined variables
    else if (($_SERVER['PHP_AUTH_USER'] == $user) && ($_SERVER['PHP_AUTH_PW'] == $pass))
    {
    echo "Now you are Logged In";
    }
    #If Login not is correct
    else
    {
    echo "Error!";
    }
    ?>

Open in new window

rcowen00Asked:
Who is Participating?
 
UmopepisdnCommented:
One solution for this issue when caused by a php-cgi installation:

http://www.besthostratings.com/articles/http-auth-php-cgi.html


First, create this .htaccess file:

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
</IfModule>


This should add the user/pass pair currently in use to HTTP_AUTHORIZATION.  

list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)$

To get this to work in my test, I assigned these variables right after the 401 error is thrown.

    if ( $_SERVER['PHP_AUTH_USER'] == null)
    {
          header("WWW-Authenticate: Basic realm=\"You must Log In!\"");
          header("HTTP/1.0 401 Unauthorized");
          list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)$

          exit;
    }
0
 
UmopepisdnCommented:
Do you receive 'Error!' or an actual unauthorized HTTP status code?

What are the values of $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'']?
0
 
rcowen00Author Commented:
The page opens with the input and href objects but with Error! listed too.  The values are currently
$user = "userdemo";
    $pass = "passdemo";
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
UmopepisdnCommented:
Your problem is that $_SERVER['PHP_AUTH_USER'] will never be unset.  You should check to see if it is null:

if ( $_SERVER['PHP_AUTH_USER'] == null)
0
 
UmopepisdnCommented:
Hmm, this just gets you into the code path with the header statements, but doesn't work much better.
0
 
rcowen00Author Commented:
I'm being prompted for the authentication, but when I click OK it just asks again.  No error response.
<?php

    #We have to specify username and password for authentication
    $user = "userdemo";
    $pass = "passdemo";
    list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode(substr($_SERVER['REDIRECT_REMOTE_USER'], 6)));
    #We ask to open a popup of Authentication System on the client browser
    if ( $_SERVER['PHP_AUTH_USER'] == null)
    {
    header("WWW-Authenticate: Basic realm=\"You must Log In!\"");
    Header("HTTP/1.0 401 Unauthorized");
    exit;
    }
    #We have to verify is Login User and Password are the same of defined variables
    else if (($_SERVER['PHP_AUTH_USER'] == $user) && ($_SERVER['PHP_AUTH_PW'] == $pass))
    {
    echo "Now you are Logged In";
    }
    #If Login not is correct
    else
    {
    echo "Error!";
    }
    ?>

Open in new window

0
 
UmopepisdnCommented:
It looks like these are blank for me because $_SERVER['REDIRECT_REMOTE_USER'] is not set where I'm testing this.
0
 
UmopepisdnCommented:
Looking around, it seems like the reason this is happening can vary based on how your web host's PHP installation is set up.

Can you share the output of this (with anything sensitive or personally-identifying removed)?  

echo "<pre>";
print_r($_SERVER);
echo "</pre>";
0
 
Dave BaldwinFixer of ProblemsCommented:
This page, http://php.net/manual/en/features.http-auth.php, says that this only works as an Apache module which means not in CGI mode.  It has examples and warning about Internet Explorer problems.  Which web server and browser are yuo using?
0
 
rcowen00Author Commented:
Here you go, I'm not sure what I am looking for here?
Array
(
    [DOCUMENT_ROOT] => /var/chroot/home/content/t/r/a/transconvalue/html
    [PATH] => /sbin:/usr/sbin:/bin:/usr/bin
    [PHPRC] => /home/content/t/r/a/transconvalue/html
    [PHP_FCGI_CHILDREN] => 3
    [PHP_FCGI_MAX_REQUESTS] => 500
    [REDIRECT_STATUS] => 200
    [SPI] => TRUE
    [FCGI_ROLE] => RESPONDER
    [HTTP_ACCEPT] => text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    [HTTP_ACCEPT_CHARSET] => ISO-8859-1,utf-8;q=0.7,*;q=0.7
    [HTTP_ACCEPT_ENCODING] => gzip,deflate
    [HTTP_ACCEPT_LANGUAGE] => en-us,en;q=0.5
    [HTTP_CACHE_CONTROL] => max-age=0
    [HTTP_CONNECTION] => keep-alive
    [HTTP_COOKIE] => fc=fcVal=1850929852399479296
    [HTTP_HOST] => www.tcvpath.com
    [HTTP_KEEP_ALIVE] => 300
    [HTTP_REFERER] => http://www.tcvpath.com/index.php
    [HTTP_USER_AGENT] => Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.9) Gecko/20100315 Firefox/3.5.9 GTB6 (.NET CLR 3.5.30729)
    [PATH_INFO] => /propinsp.php
    [RAILS_ENV] => production
    [REMOTE_ADDR] => 68.101.255.112
    [REMOTE_PORT] => 52639
    [SCRIPT_FILENAME] => /var/chroot/home/content/t/r/a/transconvalue/html/propinsp.php
    [SCRIPT_URI] => http://www.tcvpath.com/propinsp.php
    [SCRIPT_URL] => /propinsp.php
    [SERVER_ADDR] => 97.74.215.187
    [SERVER_ADMIN] => support@supportwebsite.com
    [SERVER_NAME] => www.tcvpath.com
    [SERVER_PORT] => 80
    [SERVER_SIGNATURE] => 
Apache/1.3.33 Server at www.tcvpath.com Port 80


    [SERVER_SOFTWARE] => Apache
    [GATEWAY_INTERFACE] => CGI/1.1
    [SERVER_PROTOCOL] => HTTP/1.1
    [REQUEST_METHOD] => GET
    [QUERY_STRING] => job_id=114&tc_number=TC29307&prop_addr_1=12767%20TAMIAMI%20TRAIL%20S%20&prop_city=NORTH%20PORT&prop_state=AZ&prop_county=SARASOTA&prop_zip=34287
    [REQUEST_URI] => /propinsp.php?job_id=114&tc_number=TC29307&prop_addr_1=12767%20TAMIAMI%20TRAIL%20S%20&prop_city=NORTH%20PORT&prop_state=AZ&prop_county=SARASOTA&prop_zip=34287
    [SCRIPT_NAME] => /propinsp.php
    [PHP_SELF] => /propinsp.php
    [REQUEST_TIME] => 1272136730
)

Open in new window

0
 
rcowen00Author Commented:
I actually had all of that from research I had done before my question.  I fixed it by doing further research on the .htaccess file.  I didn't realize that it had to be called ".htaccess" versus "somefile.htaccess.  Newbie error.  Thank you for your help!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.