Weird authentication issue

Re: Weird authentication issue

redneck_kiwi wrote:[color=blue]
>
> All:
>
> I have an application that has been working well for 3-4 months now
> without any issues (that I am aware of). A day or two ago, one of our
> employees that use this application called to say she was getting a
> weird message:
>
> "Warning: Cannot modify header information - headers already sent by
> (output started at /www/htdocs/sys36/viewhist.php:2) in
> /www/htdocs/sys36/viewhist.php on line 5"
>
> I have been looking into the problem and apparently, the problem is due
> to authentication. Going to other parts of the site will trigger a
> prompt for username/password and once that is entered, all is well,
> even with the page above.
>
> The puzzle is that all pages using Auth use the *EXACT SAME CODE*:
>
> if (!isset($PHP_AU TH_USER)) {
> // if empty, send header causing dialog box to appear
> header('WWW-Authenticate: Basic realm="My Realm"');
> header('HTTP/1.0 401 Unauthorized');
> exit;
> } else if (isset($PHP_AUT H_USER)) {
>
> // if non-empty, check the database for matches
> // Connect to the database
> $db = mysql_connect(" host", "user", "password") ;
> mysql_select_db ("sys36",$db );
>
> $sql="SELECT * FROM Auth WHERE userid='$PHP_AU TH_USER' and
> password='$PHP_ AUTH_PW'";
> $result=mysql_q uery($sql);
> $num=mysql_num_ rows($result);
> $myrow = mysql_fetch_arr ay($result);
> $userlevel=$myr ow["level"];
>
> if ($num != "0") {
> } else {
> $userlevel="3";
> }
> }[/color]
You must have some kind of output before that first line. Check for anything
being echoed or even a blank line before your first <?PHP tag.

Shawn
--
Shawn Wilson
shawn@glassgian t.com

Re: Weird authentication issue

Thanks Shawn....the ONLY thing is <!DOCTYPE HTML PUBLIC "-//W3C//DTD
HTML 4.01 Transitional//EN" "http://www.w3.or
g/TR/html4/loose.dtd">
This is the same line as the page that DOES work!

:-)

Re: Weird authentication issue

redneck_kiwi wrote:[color=blue]
> Thanks Shawn....the ONLY thing is <!DOCTYPE HTML PUBLIC "-//W3C//DTD
> HTML 4.01 Transitional//EN" "http://www.w3.or
> g/TR/html4/loose.dtd">
> This is the same line as the page that DOES work!
>
> :-)[/color]

When you output the doctype line the headers get definitely sent. You have
to move this line below the authentication lines.

It is actually strange that the other page works. Are you sure you tested it
when $PHP_AUTH_USER was not set? It looks to me as if the authentication was
usually made on a page with no output before the authentication, then the
buggy one did not show the problem, because it did not have to send a
header.

--
Markus

Re: Weird authentication issue

In article <1099572582.842 329.291830@f14g 2000cwb.googleg roups.com>,
"redneck_ki wi" <kf4pfw@gmail.c om> wrote:

:This is the same line as the page that DOES work!

Has your user/employee "bookmarked " her login? Is she sending GET data
straight to the page she wants to view? Someone here can explain that
better than me for sure.

Otherwise:


--
Looks like more of Texas to me ...
-- from The Wild Bunch

Re: Weird authentication issue

Odd thing is that moving the doctype line below the auth section
results in a parsing error. Removing the doctype line entirely fixes
the problem!

also, in order to troubleshoot the problem, I use a browser and can
duplicate her results.

Thanks for the pointer, (re)moving the doctype fixed the problem....odd
that it doesn't cause problems with the other pages.

rk