How to improve the code to implement pseudohistorical?

Hello, help please, trying to set a password on the page site via the header, but I have a problem - it displays the form but when entering the login and password prompts again. What may be the problem?
<?
//connect file db.php
include("db.php");
$login = 'test';
 $password = 'test';
 $site = 'http://testik.ru';
 $auth_login = $_SERVER['PHP_AUTH_USER'];
 $auth_password = $_SERVER['PHP_AUTH_PW'];
 $auth_cookie_name = 'private_area_login';
 $auth_cookie = $_COOKIE[$auth_cookie_name];
 if (($auth_login != $login) or ($auth_password != $password)) {
 if (($auth_login == 'x') and ($auth_password == 'x') and ($auth_cookie == 'ok')) {
 setcookie($auth_cookie_name, ");
 header('Location: '.$site);
 } else {
 header("WWW-Authenticate: Basic realm=\"Private\"");
 header("HTTP/1.0 401 Unauthorized");
 echo "Sorry, access denied!";
 echo "<meta http-equiv='refresh' content='5; URL=http://testik.EN'/-->";
}
exit;
 } else {
 setcookie($auth_cookie_name, 'ok');
 //making a request all records from table and work with them
$query=mysql_query("select * from `otzivi1`");
while($a = mysql_fetch_assoc($query)){

 echo "<center>";
 //If you pressed the Publish button - publish and removed from the table if the Spam is just deleted
if($_POST['access']){
 mysql_query("insert into `otzivi2`(`name`, `email`, `stars`, `comment`, `data`) values('".addslashes($a['name'])."', '".addslashes($a['email'])."', ".addslashes($a['stars']).", '".addslashes($a['comment'])."', '".addslashes($a['data'])."')");
 mysql_query("delete from `otzivi1` where `id`= ".$_POST['id']);
 echo "<span style="color: darkgreen;">Review is published! After 5 seconds the page will restart!</span>";
 $_POST['access']=false; //get rid of event of the button during the next pass through the loop
 echo "<meta http-equiv="Refresh" content="5; URL=http://testik.ru/index2.php">";//we reset the page reset button events
 } 
if($_POST['spam']){
 mysql_query("delete from `otzivi1` where `id`=".$_POST['id']);
 echo "<span style="color: darkred;">Review deleted! After 5 seconds the page will restart!</span>";
 $_POST['spam']=false;//get rid of event of the button during the next pass through the loop
 echo "<meta http-equiv="Refresh" content="5; URL=http://testik.ru/index2.php">";//we reset the page reset button events
}
 //output of user data
 echo "<br><br>
".$a['id']."
 <h2>username:</h2>".$a['name']."
 <h2>user Email:</h2>".$a['email']."
<h2>Ratings:</h2>".$a['stars']."
<h2>Feedback:</h2>".$a['comment']."
";
 echo "
<form action method="post">
<input type="submit" name="access" value="Publish">
<input type="hidden" value="".$a[" id']."' name="id">
<input type="submit" name="spam" value="This is spam!">
</form>
";

echo "<form action="//x:x@".$_SERVER[" http_host'].$_server['request_uri']."' method="post">
<input type="submit" name="logout" value="sign out">
</form>";

 echo "</center>";
}
}
?>


I would also like to know how can I lose user data? For example - he worked with this page(authorized) and his login and password when leaving a page are reset. Thank you for any response.
July 8th 19 at 15:52
1 answer
July 8th 19 at 15:54
Solution
Try to do two things.
1)
($PHP_AUTH_USER!="login")||($PHP_AUTH_PW!= "parol")
replace
($_SERVER['PHP_AUTH_USER']!="login")||($_SERVER['PHP_AUTH_PW']!= "parol")

2)
Header("WWW-Authenticate: Basic realm="Protected area"");
replace
Header("WWW-Authenticate: Basic realm=\"Private area\"");
Yes, thank you so much, did not notice that the server is not. But could please tell one more thing - as you correctly entered the login and password to remove? To come back the next day to this same page again the authorization was given? Is the idea to register - $_SERVER['Login(too lazy to write correctly)'] =false and the password as well but I think it is not quite correct? And no idea at what point to do FALS. - Davon commented on July 8th 19 at 15:57
_SERVER not that no, in previous versions of php, the default was enabled and register_globals variables $PHP_AUTH_USER and $PHP_AUTH_PW you can turn to.
The simplest is the logout header("Location: http://x:x@mysite.ru/admin/"); that is, a redirect to the same page, but with the wrong username and password. - Daphne_Roob commented on July 8th 19 at 16:00
: I do not understand how to specify the wrong login and password. Tried just to the variable drive value effect 0. The page I have this: header("Location: testik.ru/otzadedit.php") - Davon commented on July 8th 19 at 16:03
And write -
header("Location: http://x:x@testik.ru/otzadedit.php");
. Right from x:x in the link. This is the username and password. To "walk" through a basic authorized login and password to specify in the url: http://login:password@site.ru/ - Daphne_Roob commented on July 8th 19 at 16:06
: okay, I'll try) - Davon commented on July 8th 19 at 16:09
: Yes, well it works - when you press the button it goes username-password. And again displayed is the login window - and is it possible that he came out of the authorization and forwarded to another page? Because I tried to do header("Location: http://x:x@testik.ru"); it goes there, but the login and password are not reset. Will still remain. - Davon commented on July 8th 19 at 16:12
Will offer this option (conditional code)
if (login == 'x' and password == 'x') { header location there where it is necessary } else {
Header("WWW-Authenticate: Basic realm="Protected area"");
Header("HTTP/1.0 401 Unauthorized");
echo "Error";
exit;
} - Daphne_Roob commented on July 8th 19 at 16:15
: doesn't want to send at all(. The same goes authorization, but the form appears on the main throws. Direct some trouble with these headlines... - Davon commented on July 8th 19 at 16:18
Show the code, maybe something is wrong. - Daphne_Roob commented on July 8th 19 at 16:21
: updated my post with the question - Davon commented on July 8th 19 at 16:24
This piece:
if ($_SERVER['PHP_AUTH_USER'] == 'x' and $_SERVER['PHP_AUTH_PW'] == 'x') { 
 header("location: http://testik.ru"); 
 } 
 if (($_SERVER['PHP_AUTH_USER']!=$log)||($_SERVER['PHP_AUTH_PW']!= $pass))
{
Header("WWW-Authenticate: Basic realm="Protected area"");
Header("HTTP/1.0 401 Unauthorized");
echo "Error";
exit;
}

replace:
if (($_SERVER['PHP_AUTH_USER']!=$log)||($_SERVER['PHP_AUTH_PW']!= $pass))
{
 if ($_SERVER['PHP_AUTH_USER'] == 'x' and $_SERVER['PHP_AUTH_PW'] == 'x') { 
 header("location: http://testik.ru"); 
 } else {
Header("WWW-Authenticate: Basic realm="Protected area"");
Header("HTTP/1.0 401 Unauthorized");
echo "Error";
}
exit;
}
- Daphne_Roob commented on July 8th 19 at 16:27
: have updated the question - now it does not go to the page with authorization, something weird is going on - Davon commented on July 8th 19 at 16:30
: Now I will try the live code to write and imagine. - Daphne_Roob commented on July 8th 19 at 16:33
Yes there's a problem. Now think what to do with that. - Daphne_Roob commented on July 8th 19 at 16:36
In General it is not so simple with this non-existent password.
Here is an option with the cookie:
$login = 'test';
 $password = 'test';
 $site = 'http://ya.ru';
 $auth_login = $_SERVER['PHP_AUTH_USER'];
 $auth_password = $_SERVER['PHP_AUTH_PW'];
 $auth_cookie_name = 'private_area_login';
 $auth_cookie = $_COOKIE[$auth_cookie_name];
 if (($auth_login != $login) or ($auth_password != $password)) {
 if (($auth_login == 'x') and ($auth_password == 'x') and ($auth_cookie == 'ok')) {
 setcookie($auth_cookie_name, ");
 header('Location: '.$site);
 } else {
 header("WWW-Authenticate: Basic realm=\"Private\"");
 header("HTTP/1.0 401 Unauthorized");
 echo "Error";
}
exit;
 } else {
 setcookie($auth_cookie_name, 'ok');
 echo('Ok <a href="//x:x@'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'].'">Logout</a>');
 }

Works, I checked. - Daphne_Roob commented on July 8th 19 at 16:39
Here Cookie is only used to distinguish "x:x" used to logout from the "x:x", transferred to the browsers automatically, when entering to this page after logout. - Daphne_Roob commented on July 8th 19 at 16:42
: thank you. Everything works as it should(updated my question), the latter is what worries me this title, maybe You know, but no well then leave it as it is. If you enter it improper(false) logins-passwords, is it possible to close an authorization form? So of course, when the next request for the page it opened again of course. I think that is unlikely. What do you think? - Davon commented on July 8th 19 at 16:45
: I think the easy way it not to make - will be the same cameo as with the "x:x" when re-entering the page will be automatically inserted previous username:password. While I will do, if you think of something - write here. - Daphne_Roob commented on July 8th 19 at 16:48
: thank you very much for your help and time spent) - Davon commented on July 8th 19 at 16:51

Find more questions by tags PHP