I am using PHP Basic Authorization but it's not working. The username and password pop-up as expected but it allows me to access the page even though I insert the wrong user and password
public function __construct()
{
parent::__construct();
$this->load->library('session');
if (!isset($_SERVER['PHP_AUTH_USER']))
{
header("WWW-Authenticate: Basic realm=\"Admin Area\"");
header("HTTP/1.0 401 Unauthorized");
print "Sorry - you need valid credentials to be granted access!
";
exit;
} else {
list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':' , base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
if (!($_SERVER['PHP_AUTH_USER'] == 'admin') && ($_SERVER['PHP_AUTH_PW'] == 'admin')) {
header("WWW-Authenticate: Basic realm=\"Admin Area\"");
header("HTTP/1.0 401 Unauthorized");
print "Sorry - you need valid credentials to be granted access!
";
exit;
}
}
}
.htaccess :
RewriteEngine on
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ http://%1/$1 [R=301,L]
RewriteCond $1 !^(index\.php|images|css|js|robots\.txt|favicon\.ico)
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ ./index.php?/$1 [L,QSA]
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
Missing brackets, if you want "admin" for login and password you should do this:
if (!(($_SERVER['PHP_AUTH_USER'] == 'admin') && ($_SERVER['PHP_AUTH_PW'] == 'admin'))) {