In connection with the above problem, I was searching on how to use HTTP headers thinking I may be making a mistake....anyways so I went to the following site http://www.developerfusion.co.uk/show/3703/7/ ,
and got this code to run, it didn't accept guest as its username and password which it should have ...instead after 3rd attempt it displayed, the message written inside the header...
if ((!isset($PHP_AUTH_USER)) || (!isset($PHP_AUTH_PW)) || ($PHP_AUTH_USER != "guest") || ($PHP_AUTH_PW != "guest"))
header('WWW-Authenticate: Basic realm="Private Area"');
header("HTTP/1.1 401 Unauthorized");
print "This page requires authorisation.";
print "You're through to the secret page, was the effort worth it?";
Can someone please point out where am I making a mistake....
I'm convinced with your answer and would certainly agree too because i just tried it on my college computer which has the setup of php 4.3.11 and apache on a win xp pro machine. It worked. So I'm guessing that the setup on my laptop and also on the LIVE WEBSERVER is the same and thats why its not working.
The reason I got into doing this is because I love the logon box and thought I will use it for a website where certain pages need to be restricted. But anyways now I'll be using just a usual normal boring username and password inputs and then check it against the database.
That is a pretty serious bug. I have used HTTP Auth on php 5.1 and now 5.2.
If you take out the isset and != "guest" terms with PHP_AUTH_USR as a test (only leave the PW terms) and it functions, that would indicate that the PHP_AUTH_USR variable is not being passed through to the PHP code.
Edit: Take a look at the Digest HTTP Authentication method. This uses a $_SERVER['PHP_AUTH_DIGEST'] variable and does not use PHP_AUTH_USR.
Even if you can get the Basic HTTP Authentication method to work, IE7 has added a warning message that the information is being sent over an insecure link. Using the Digest method eliminates this warning message.