#native_company# #native_desc#
#native_cta#

PHP Simple Authentication using a File (no database needed)

By Josh Friesen
on October 8, 2000

Version: .6b

Type: Full Script

Category: Other

License: GNU General Public License

Description: This script will handle user authentication against a file on your server so you dont need to have a database. it is helpful, though, to place this file outside of the html directory so that web users can’t read everyone’s passwords.

****Please note these are two files and should be split and saved seperately!***
**Also, to use this script simply do the following:
<?
require('path/to/header.php');
?>
YOUR HTML HERE
<?
require('path/to/footer.php');
?>

where path/to/footer.php is replaced with the paths to their respective files.


**********
*header.php*
**********
-----------------------------------------------------------------------------

<?
	if (!isset($PHP_AUTH_USER)) {

		// If empty, send header causing dialog box to appear

        	header('WWW-Authenticate: Basic realm="The Crazy Train"');
        	header('HTTP/1.0 401 Unauthorized');
        	exit;

	} 
	else if (isset($PHP_AUTH_USER)) {

		$filename = "/home/ddclub/webpass.txt"; //the name of the file and the path are entirely up to you but dont leave the file inside the public_html directory for anyone to see.  Put it outside so the path is something like /home/username/webpass.list.
		$fd = fopen ($filename, "r");
		$i = 0;
		for ($i = 0;!feof($fd);$i++) {
			$buffer[$i] = fgets($fd, 4096);
		}
		fclose ($fd);
	}

	$PHP_AUTH_USER = Strtoupper($PHP_AUTH_USER); 	//converts to uppercase
	$PHP_AUTH_PW = Strtoupper($PHP_AUTH_PW);	// same thing
	$j=sizeof($buffer); 				// finds out how many elements of $buffer there are

	for ($i=0;$i<=$j;$i++) {
		$buffer[$i] = Strtoupper($buffer[$i]);
		if ($buffer[$i] == "$PHP_AUTH_USER:$PHP_AUTH_PW
") {  //this line evaluates for every element of $buffer and checks for a line that matches the inputed username and password.  The new line at the end is necisary because the file has a line end as well.
			$auth=1;
			break;
		}
	}

	if ($auth == 1) {

?>

-----------------------------------------------------------------------------
end header.php


**********
*footer.php *
**********
-----------------------------------------------------------------------------
<?
	} 
	else {        

                header('WWW-Authenticate: Basic realm="The Crazy Train"');
                header('HTTP/1.0 401 Unauthorized');
                echo 'Authorization Required.';
                exit;
	}
	return;

?>
-----------------------------------------------------------------------------
end footer.php

please note that your webpass.list file should looke like this:

usernam;password
whoever;whatever
admin;password
<this line intentionally left blank but it does need to be in the file>

after the last entry there needs to be an extra line becuase the script compares every line to "$PHP_AUTH_USER;PHP_AUTH_PW
"