Skip to content
Advertisement

page is available using any credentials on php authentication

popup dialog is there but entering any credentials – the page is available
what is the problem ?

if(!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW']) || !$_SERVER['PHP_AUTH_USER'] == 'lorem' || !$_SERVER['PHP_AUTH_PW'] == 'ipsum'){
    header('http/1.1 401 Unauthorized');
    header('WWW-Authenticate: Basic realm="Wonder Penguin"');
    die("Access Denied !");
}

Advertisement

Answer

!$_SERVER['PHP_AUTH_USER'] == 'lorem' is wrong, you want
$_SERVER['PHP_AUTH_USER'] != 'lorem' there.

Or you would have to use an additional set of braces there, !($_SERVER['PHP_AUTH_USER'] == 'lorem')

The reason is operator precedence.

User contributions licensed under: CC BY-SA
4 People found this is helpful
Advertisement