may may - 1 month ago 12
PHP Question

PHP Basic auth not working in xampp

I am using

PHP Basic Authorization
but it's not working. The username and password pop-up as expected but it allows me to access the page even though I insert the wrong user and password

public function __construct()
{
parent::__construct();

$this->load->library('session');
if (!isset($_SERVER['PHP_AUTH_USER']))
{
header("WWW-Authenticate: Basic realm=\"Admin Area\"");
header("HTTP/1.0 401 Unauthorized");
print "Sorry - you need valid credentials to be granted access!\n";
exit;
} else {
list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':' , base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
if (!($_SERVER['PHP_AUTH_USER'] == 'admin') && ($_SERVER['PHP_AUTH_PW'] == 'admin')) {
header("WWW-Authenticate: Basic realm=\"Admin Area\"");
header("HTTP/1.0 401 Unauthorized");
print "Sorry - you need valid credentials to be granted access!\n";
exit;
}
}

}


.htaccess :

RewriteEngine on

RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ http://%1/$1 [R=301,L]

RewriteCond $1 !^(index\.php|images|css|js|robots\.txt|favicon\.ico)
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ ./index.php?/$1 [L,QSA]

RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]

Fky Fky
Answer

Missing brackets, if you want "admin" for login and password you should do this:

if (!(($_SERVER['PHP_AUTH_USER'] == 'admin') && ($_SERVER['PHP_AUTH_PW'] == 'admin'))) {
Comments