PHP - username/password script not working

Posted on 2012-09-04
Last Modified: 2012-09-06
Just created a script that requires people to login to access a certain page. Here is the code:


$username = 'test';
$password = 'test';

	!isset($_SERVER['PHP_AUTH_USER']) || 
	!isset($_SERVER['PHP_AUTH_PW']) || 
	($_SERVER['PHP_AUTH_USER'] != $username) || 
	($_SERVER['PHP_AUTH_PW'] != $password)
	) {
	header('HTTP/1.1 401 Unauthorized');
	header('WWW-Authenticate: Basic realm="emailDB Authentication"');


Open in new window

This code is being included into another file with:

<?php require_once('dynamic/security.php') ?>

Open in new window

It is located at the very top of the file with no spaces.

When I attempt to login with the username and password ("test") at the prompt this script produces, the prompt appears again and denies me access to the page it protects.

What am I doing wrong?

P.S. it works on my localhost when viewing it in Firefox, but does not work on live websites.
Question by:ShootFromtheHip
    LVL 49

    Accepted Solution

    LVL 107

    Assisted Solution

    by:Ray Paseur
    You may find it easier to get this right if you use PHP client authentication.  Many web sites do it and they all follow the same design pattern.

    Author Comment

    Thanks to both - yes, both links help out a bunch. Turns out it was a setting on the server that was grumbling (SERVER API).

    Ray, I take it that article was written pre-mysqli days. Great article, lucid and detailed.
    LVL 107

    Expert Comment

    by:Ray Paseur
    Yes, the article was written before PHP changed the recommendation from MySQL to MySQLi.  One of these days I will have to update the examples.  The principles are still valid.

    Thanks for the points, ~Ray

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Active Directory replication delay is the cause to many problems.  Here is a super easy script to force Active Directory replication to all sites with by using an elevated PowerShell command prompt, and a tool to verify your changes.
    Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
    The viewer will learn how to count occurrences of each item in an array.
    The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    8 Experts available now in Live!

    Get 1:1 Help Now