PHP connection problem, I can't get success with loging in though I think I use corect login and password...

Hi

need an advice, I'm beginner with PHP. I got little problem:

I use this solution as login to get administration of my pages:

<?php
// if authorization isn't done we request it
if (!IsSet($PHP_AUTH_USER))
{
Header("HTTP/1.0 401 Unauthorized");
Header("WWW-Authenticate: Basic realm=\"RS - Admin Center\"");
echo "Unauthorized access (a)";
exit;
}
// if user filled up the form we continue with checking data in
database
else
{
// connect to database
include "../conn.php";
// looking for the login and password records that are set in
authorizing form
// we off-course looking for active users only
$sql = mysql_query("SELECT * FROM autori
WHERE login LIKE '$PHP_AUTH_USER'
AND pass = '".md5($PHP_AUTH_PW)."'
AND stav = 'a'");
// if we won't find anyone with requested conditions we stop
if (mysql_num_rows($sql) == 0)
{
Header("HTTP/1.0 401 Unauthorized");
Header("WWW-Authenticate: Basic realm=\"RS - Admin Center\"");
echo "Unauthorized access (b)";
mysql_close($conn);
exit;
}
// we don't need the connection with database so we end
mysql_close($conn);
}
// continue with opening frames
?>

The problem is that I can not get success with login on my pages
though I use correct login and password. The dialog is opened three
times and then I get the message Unauthorized access (a). It seems
that the part after else command is never done. Why is it?

Thank you very much for your hints!

Have a nice day!

On Apr 26, 10:07 pm, MIUSS <m...@seznam.cz> wrote:
> Hi
>
> need an advice, I'm beginner with PHP. I got little problem:
>
> I use this solution as login to get administration of my pages:
>
> <?php
> // if authorization isn't done we request it
> if (!IsSet($PHP_AUTH_USER))
> {
> Header("HTTP/1.0 401 Unauthorized");
> Header("WWW-Authenticate: Basic realm=\"RS - Admin Center\"");
> echo "Unauthorized access (a)";
> exit;}
>
> // if user filled up the form we continue with checking data in
> database
> else
> {
> // connect to database
> include "../conn.php";
> // looking for the login and password records that are set in
> authorizing form
> // we off-course looking for active users only
> $sql = mysql_query("SELECT * FROM autori
> WHERE login LIKE '$PHP_AUTH_USER'
> AND pass = '".md5($PHP_AUTH_PW)."'
> AND stav = 'a'");
> // if we won't find anyone with requested conditions we stop
> if (mysql_num_rows($sql) == 0)
> {
> Header("HTTP/1.0 401 Unauthorized");
> Header("WWW-Authenticate: Basic realm=\"RS - Admin Center\"");
> echo "Unauthorized access (b)";
> mysql_close($conn);
> exit;
> }
> // we don't need the connection with database so we end
> mysql_close($conn);}
>
> // continue with opening frames
> ?>
>
> The problem is that I can not get success with login on my pages
> though I use correct login and password. The dialog is opened three
> times and then I get the message Unauthorized access (a). It seems
> that the part after else command is never done. Why is it?
>
> Thank you very much for your hints!
>
> Have a nice day!

you are using an old script, use
$_SERVER['PHP_AUTH_PW']
$_SERVER['PHP_AUTH_USER']
and adjust your query to
....
WHERE login LIKE '".$_SERVER['PHP_AUTH_USER']."'
...
to avoid issue with quotes now, and it should be fine.

Hi!

I'm little confused, I tried more things but I still didn't get
success.

I think this should be corect:

$sql = mysql_query("SELECT * FROM autori
WHERE login LIKE \"".
$_SERVER['PHP_AUTH_USER']."\"
AND pass LIKE
\"".md5($_SERVER['PHP_AUTH_PW'])."\"
AND stav LIKE a\";");

But it isn't and it does not work:-(

On Apr 27, 7:13 pm, MIUSS <m...@seznam.cz> wrote:
> Hi!
>
> I'm little confused, I tried more things but I still didn't get
> success.
>
> I think this should be corect:
>
> $sql = mysql_query("SELECT * FROM autori
> WHERE login LIKE \"".
> $_SERVER['PHP_AUTH_USER']."\"
> AND pass LIKE
> \"".md5($_SERVER['PHP_AUTH_PW'])."\"
> AND stav LIKE a\";");
>
> But it isn't and it does not work:-(

dont use LIKE, instead use = and your query should be better formed,
go check out how to authenticate with mysql, and look for the query
used, and follow the example,
$query = sprintf( "SELECT...... WHERE `login` = '%s' ......",
$_SERVER['PHP_AUTH_USER'] [,......] );
etc.... google for this rather than just trying stuff, else you will
get it wrong.