Version: .6b
Type: Full Script
Category: Other
License: GNU General Public License
Description: This script will handle user authentication against a file on your server so you dont need to have a database. it is helpful, though, to place this file outside of the html directory so that web users can’t read everyone’s passwords.
****Please note these are two files and should be split and saved seperately!***
**Also, to use this script simply do the following:
<?
require('path/to/header.php');
?>
YOUR HTML HERE
<?
require('path/to/footer.php');
?>
where path/to/footer.php is replaced with the paths to their respective files.
**********
*header.php*
**********
-----------------------------------------------------------------------------
<?
if (!isset($PHP_AUTH_USER)) {
// If empty, send header causing dialog box to appear
header('WWW-Authenticate: Basic realm="The Crazy Train"');
header('HTTP/1.0 401 Unauthorized');
exit;
}
else if (isset($PHP_AUTH_USER)) {
$filename = "/home/ddclub/webpass.txt"; //the name of the file and the path are entirely up to you but dont leave the file inside the public_html directory for anyone to see. Put it outside so the path is something like /home/username/webpass.list.
$fd = fopen ($filename, "r");
$i = 0;
for ($i = 0;!feof($fd);$i++) {
$buffer[$i] = fgets($fd, 4096);
}
fclose ($fd);
}
$PHP_AUTH_USER = Strtoupper($PHP_AUTH_USER); //converts to uppercase
$PHP_AUTH_PW = Strtoupper($PHP_AUTH_PW); // same thing
$j=sizeof($buffer); // finds out how many elements of $buffer there are
for ($i=0;$i<=$j;$i++) {
$buffer[$i] = Strtoupper($buffer[$i]);
if ($buffer[$i] == "$PHP_AUTH_USER:$PHP_AUTH_PW
") { //this line evaluates for every element of $buffer and checks for a line that matches the inputed username and password. The new line at the end is necisary because the file has a line end as well.
$auth=1;
break;
}
}
if ($auth == 1) {
?>
-----------------------------------------------------------------------------
end header.php
**********
*footer.php *
**********
-----------------------------------------------------------------------------
<?
}
else {
header('WWW-Authenticate: Basic realm="The Crazy Train"');
header('HTTP/1.0 401 Unauthorized');
echo 'Authorization Required.';
exit;
}
return;
?>
-----------------------------------------------------------------------------
end footer.php
please note that your webpass.list file should looke like this:
usernam;password
whoever;whatever
admin;password
<this line intentionally left blank but it does need to be in the file>
after the last entry there needs to be an extra line becuase the script compares every line to "$PHP_AUTH_USER;PHP_AUTH_PW
"
