1

Good morning! I have some problem with HTTP authentication with PHP. As I found in different posts, after the form's submit I tried this PHP code:

PHP 

<?php 
$us = 'name';
$pswd = 'pass';
function verify($a, $b) { return ($a==$us && $b==$pswd);};
$user = $_SERVER['PHP_AUTH_USER'];
$password = $_SERVER['PHP_AUTH_PW'];
if(!isset($user) || verify($user, $password)==false) {
    header('WWW-Authenticate: Basic realm="MyRealm"');
    header('HTTP/1.1 401 Unauthorized');
    exit;
}
else{
    echo 'Correctly authenticated';
}
?>

When I click the submit botton form from HTML a popup appears asking me (again) username and password. Why? I think that in some ways I've to set the PHP_AUTH_USER in $_SERVER with the value in the input, but I don't know how.
I think that I've done a mistake when I send the data from the form because I'm still using the post method. What method I have to use?

HTML

<br>
<form method="post" action="page.php">
   <input type="text" name="user">
   <input type="password" name="password">
   <input type="submit">
</form>
<br>

I never did it before, any tips on how check data on server side or something else are welcome!

Improve this question

2 Answers 2

Reset to default
2

Well problem is with your isset $user you need to check user like this sample code

$user = $_SERVER['PHP_AUTH_USER'];
$password = $_SERVER['PHP_AUTH_PW'];
if(!isset($user)) {
  header('WWW-Authenticate: Basic realm="MyRealm"');
  header('HTTP/1.1 401 Unauthorized');
}

if(isset($user)) {
  $us = 'name';
  $pswd = 'pass';
  if($user == $us && $password == $pswd){
    echo 'Correctly authenticated';
  }else{
   header('WWW-Authenticate: Basic realm="MyRealm"');
   header('HTTP/1.1 401 Unauthorized');
  }
}

By going through the details provided in the comment -

1) You can not set the html input field directly in your "Basic authentication"`
2) Before the webpage load all the data basic authentication 
   comes in front of browser and webserver

So, you can't autofill basic authentication through input field

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Well, I changed the code as you suggest: it works! I have some questions about that. I think that I set the $_SERVER['PHP_AUTH_USER'] in the popup that appears. How can I do it directly from my form in HTML? That's what happens, for example, when I log in on my personal page at university. Can I pass from a php page that set that $_SERVER[etc] to the value that I pass to the form? Thank you!
EDIT: I don't know why, but after closing browser it doesn't work again. I think that $_SERVER['PHP_AUTH_USER') has been deleted, but I'm not sure about it.
0

I think you don't need the HTML form when doing Basic Authentication.

Just rely on the browser form, and you will be ok.

EDIT

I would recommend removing WWW Authenticate headers, and rely on your own authentication process (Keep your HTML):

<?php 
$us = 'name';
$pswd = 'pass';
function verify($a, $b) { return ($a==$us && $b==$pswd);};
$user = $_POST['user'];
$password = $_POST['password'];
if(!isset($user) || verify($user, $password)==false) {
  header('HTTP/1.1 401 Unauthorized');
  exit;
  // You also can redirect to the login page instead:
  // header("Location: myLoginPage.php");
}
else{
    echo 'Correctly authenticated';
}

Also keep in mind you would like to work with some session persistence, cookies can work also.

Improve this answer

2 Comments

I tried it too, but it loops asking me again user name and password even if wrote 'name' and 'pass'. I need to do a simple login form, as I can do with the method post, but using http. For example, when I log in on my university page I've only to fill in the form and submit, without other popups, and it uses HTTP (I think HTTPS, but I'm not so sure). How can I do something like that?
On this way I keep data from the post as I wanted. But where is the HTTP authentication? I want to say, I don't take data from PHP_AUTH_USER, I thought that it was the way to authenticate from HTTP. On that way, it seems like a normal form authentication. Am I wrong? Thank you!

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.