PHP身份验证对话框不断重复

时间:2017-01-01 15:19:06

标签: php mysql authentication

我使用PHP并希望针对MySQL数据库中的条目对用户进行身份验证。所有页面都使用HTTPS。

问题是,当我输入正确的用户名和密码时,授权对话框消失,然后重新出现,用户名和密码为空。

有人知道如何解决它吗?

代码片段:

<?php
  session_start();
  if($_SERVER["HTTPS"] != "on")
  {
     header("Location: https://" . $_SERVER["HTTP_HOST"] . $_SERVER     ["REQUEST_URI"]);
     exit();
  }

require_once("../php-files/cookies.php");
require_once("../php-files/db_connect.php");

/* If user tries to bypass logging in then we need to redirect back
 * to main page. First though, we need to get whether we're localhost or
 * live production.
 */

if($_SESSION["atHome"] == true)
{
  require_once("/Calendar/Month.php");
  require_once("/Calendar/Month/Weekdays.php");
}
else
{
  require_once("../Calendar/Month.php");
  require_once("../Calendar/Month/Weekdays.php");
}

include("../php-files/create-calendar.php");
include("../php-files/put-footer.php");
include("../php-files/timestamp.php");

//if cookie not set redirect back to home page
// prevents people from getting this page by using /php-files/new_event.php
// unless they have a cookie set

if(!isset($_COOKIE['www_broken_com']))
  {
    if($_SESSION["atHome"] == true)
      header("Location: https://localhost");
    else
      header("Location: https://www.broken.com");
  }

$theCookie = $_COOKIE['www_broken_com'];
$theCookie = explode(";",$theCookie); 

//check to see if an Admin is going to enter a new event
//if so ask if they want to enter or to approve events submitted
function authenticate_user()
{
    header('WWW-Authenticate: Basic Realm="New"');    
    header("HTTP/1.0 401 Unauthorized");
    return(FALSE);
}

$authenticate = TRUE;
$authorized = FALSE;
$authorizedName = "";
$privleges = "";
//Compare the email address of the person currently accessing and see if
//he's in the admin database. If so then he as admin privleges.
$db_conn = new db_stuff();
$db = $db_conn->connect();
$query = "SELECT * FROM admin WHERE email = '$theCookie[5]'";
if(!$result = $db->query($query)) exit("Could not select for new event");
if($result && $result->num_rows != 0)
{
    if(!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW']))
     $authenticate = authenticate_user();

    if($authenticate == TRUE)
    {

       $userName = $_SERVER['PHP_AUTH_USER'];
       $userPwd = $_SERVER['PHP_AUTH_PW'];    
       $query = "SELECT * FROM admin WHERE name = '$userName' AND pwd = PASSWORD('$userPwd')";
       if(!$result = $db->query($query)) 
         echo "<br />Could not select for authentication";
       if($result && $result->num_rows != 0)
       {
         while($admin = $result->fetch_array())
         {
           $authorizedName = $admin[2] . " " . $admin[1];
       }

      $authorized = TRUE;
      $privleges = ", you have administrator privleges.";
      $_SESSION['authorizedName'] = $authorizedName;
    }
}
else
{
        exit("In FALSE");  
  $authorized = FALSE;
  $_SERVER['PHP_AUTH_USER'] = "No one";
}
}
else
    $privleges = " ";

1 个答案:

答案 0 :(得分:0)

经过多次挖掘......

  1. 运行phpinfo()以查看:服务器API = CGI / FastCGI(它应该是从顶部开始的第4行)
  2. 如果已设置,则无法在没有解决方法的情况下进行基本授权。
  3. 常见的解决方法是更改​​htaccess并添加以下行:RewriteRule。* - [E = HTTP_AUTHORIZATION:%{HTTP:Authorization}]

    4. 这对我有用。

    有关详细信息,请参阅stackoverflow:Basic Authentication with PHP gives an endless loop

相关问题
最新问题