Comments

I tried to do exactly the same thing about a year ago, and only halfway succeeded. This would have come in handy - hopefully it will come in handy again!

Looks very interesting and like, a bit generalized, it would work for most any secure PHP situation. Just a couple of questions:

while ($row = mysqlfetcharray($result)) {

Why is this in a while loop instead of just taking the one row?

Where is PHPAUTHUSER and PHPAUTHPW being set?

A quick note, this won’t work in PHP5.0.0 though it will in PHP5.0.1

I would have just used the modauthmysql to protect the whole directory. But it works only if you have the rights to install an Apache module. http://www.diegonet.com/support/modauthmysql.shtml

If using the php solution, to avoid having to change every single template, you could put the code in a separate file and put this in .htaccess: phpvalue autoprepend_file /path/to/auth.php

Bill: Those two variables are set when by the Web server when you submit the basic authentication form. The loop isn’t really a problem since the SQL always returns one row. So it only executes once.

Scott: The MySQL auth module should work, but as you said, you need to me able to install a module. Most people can’t. I’d also want to review the source of that before using it. (And you have to be using Apache.)

An alternative would be to write an authentication wrapper for Apache in Perl if you have mod_perl running.

This looks exactly like what I need.

You mentioned 5.0 won’t work. I’ve got php4.3.4- will it work? I’m also running cgi-wrap (php-cgiwrap), using mySQL, and configured for php files.

When applying this code, I get the following error:

Warning: main(protect.php): failed to open stream: No such file or directory in /home/jhornef/public_html/journal/index.php on line 5

Warning: main(): Failed opening ‘protect.php’ for inclusion (includepath=’.:/usr/lib/php:/usr/local/lib/php’) in /home/jhornef/publichtml/journal/index.php on line 5

Any ideas?

You have an error that says

Warning: main(protect.php): failed to open stream: No such file or directory

That always means you’re trying to include a file that doesn’t exist.

Either protect.php isn’t on your server or it iisn’t in the spot on your server where journal/index.php is at.

it’s not working for me. it seems it never enters the first “if” loop.

using php 4.3.8

There’s a problem with the code. One of your curly brackets (whatever) is in the wrong place. The while statements should contain the following if statement. Like this:

    while ($row = mysql_fetch_array($result)) {
        $real_pass = $row['author_password'];

    if (crypt($_SERVER['PHP_AUTH_PW'], substr($real_pass, 0, 2)) == $real_pass) {
        $auth = true;
    }//end if

    }//end while

Probably last statement else statement ( …} else { return true; }… ) is useless because function always returns true or stops execution.

Discovered this more than a year later but it’s great nonetheless. I’m curious though if it would be possible to limit access to the author(s) associated with the blog_id=x, not just every author in the MySQL database.

So, I’m trying to password protect my blog, could you break down the instructions for me? I’m sorry, I am a little computer illiterate.

Thanks Crys