Description: ------------ http://test.ttweesp.nl/test_db_pear.php popup enter username / password Popup getting back 100% that the username is correct in the db (md5) phpinfo: http://test.ttweesp.nl/phpinfo.php Test script: --------------- <?php require_once 'DB.php'; require_once "Auth/HTTP.php"; ini_set("include_path", ".;d:/inetpub/vhosts/test.ttweesp.nl/httpdocs/PEAR"); $dsn = 'mysql://ttw:*****@localhost/ttw'; $options = array( 'debug' => 2, 'portability' => 'DB_PORTABILITY_ALL', ); $db =& DB::connect($dsn, $options); if (PEAR::isError($db)) { die($db->getMessage()); } $AuthOptions = array( 'dsn'=>$dsn, 'table'=>'TblUsers', // your table name 'usernamecol'=>'USE_UserName', // the table username column 'passwordcol'=>'USE_Password', // the table password column 'cryptType'=>'md5', // password encryption type in your db 'db_fields'=>'*', // enabling fetch for other db columns ); $a = new Auth_HTTP("DB", $AuthOptions); if($a->getAuth()) // checking for autenticated user { echo "Hello $a->USE_UserName welcome to my secret page"; }; $db->disconnect(); ?> Expected result: ---------------- You get the Hello bjorn welcome to my secret page message Actual result: -------------- The auth_http login box

This is definitely something NOT covered by the documentation. The implementation of digest authentication is VERY VERY poorly documented...in otherwords you will never be able to get digest working using the docs provided with pear. Observe the following code snippet that I use for digest. <?php ini_set("include_path","/usr/share/pear"); require_once("Auth/HTTP.php"); require_once("DB.php"); require_once("DB/Table.php"); $loginrow = array(); $operation = ""; $AuthOptions = array( 'authType' => "digest", 'forceDigestOnly'=>"true", 'dsn'=>"pgsql://user:password@localhost/databasename", 'table'=>"login", // your table name 'usernamecol'=>"username", // the table username column 'passwordcol'=>"password", // the table password column 'cryptType'=>"md5", // password encryption type in your db 'digestRealm'=>"MyRealm", 'db_fields'=>"username,password" ); $a = new Auth_HTTP("DB",$AuthOptions); $a->start(); // starting the authentication process if($a->getAuth()) // checking for authenticated user { echo "<TITLE>My Page</TITLE>"; echo "<BODY BGCOLOR='black' TEXT='white' LINK='yellow' VLINK='839590'>"; } else { echo "<TITLE>My Page</TITLE>"; echo "<BODY BGCOLOR='black' TEXT='white' LINK='yellow' VLINK='839590'>"; echo "Login/Password Invalid<BR>"; die(); } echo "Logged in<BR>"; ?> Yes, I had to alter the AUTH_HTTP to work with my current version of apache. This pear auth module appears to be....not maintained. I don't think the documentation is actually valid. At line 247 in Auth/HTTP.php I changed it to: if (!empty($this->server['PHP_AUTH_DIGEST'])) { //$this->digest_header = substr($this->server['PHP_AUTH_DIGEST'], // strpos($this->server['PHP_AUTH_DIGEST'],' ')+1); $this->digest_header = $this->server['PHP_AUTH_DIGEST']; $headers = getallheaders(); } else { $headers = getallheaders(); if(isset($headers['Authorization']) && !empty($headers['Authorization'])) { $this->digest_header = substr($headers['Authorization'], strpos($headers['Authorization'],' ')+1); } } I'm not saying the maintainer of this digest stuff is a dummy, but they totally ignored my pleas for sanity...maybe because the guy doesn't speak english? I hope this helps!!!

- What kind of web server are you using (Apache/Apache2/IIS)? - What kind of authentication method you want to use (HTTP Basic or Digest) ?

The website is running on a Windows machine. So it's IIS. I changed my scripts so I am using the Auth version now. I think I used the normal HTTP and not the digist version.