Every time you access the members area, a popup window will show, asking you to enter the license number and pass:
"vBulletin Members Area: Please enter your customer number (username) and password:"

I would like to know what is the code used. Thanks.

Isn't that just a plain .htaccess popup?

~Regs.

PHP has a function for this as well. You use the header() thing hold on I think I saw a function to do this.

Here is what you could put at the top of your webpage:

if (empty($PHP_AUTH_USER))
{
authenticate($realm,$errmsg,"header");
}
else
{
$query = "SELECT username FROM author WHERE password = md5(lower('$PHP_AUTH_PW')) and username = lower('$PHP_AUTH_USER')";
$result = mysql_query($query);
if ($result)
{
list($valid_user) = mysql_fetch_row($result);
}
if (!$result || empty($valid_user))
{
authenticate($realm, $errmsg, "query");
}
}


The authenticate function would look something like this:

function authenticate ($realm="Secure Area"
,$errmsg="Please enter a username and password"
)
{
Header("WWW-Authenticate: Basic realm=\"$realm\"");
Header("HTTP/1.0 401 Unauthorized");
die($errmsg);
}

Thanks. That's what I needed. :)

Where does it get the username and password from?

You have to manually enter it.

Hmmm. But i mean how does it compare the password entered in this pop-up to another one to see if its correct?

- miSt

Search around on php.net for HTTP authentication. They give an example there. I also used it a year ago in a project at work where it used a MySQL database and it worked nicely (no cookies, too).

Today at 03:21 PM Mist said this in Post #7 (https://vborg.vbsupport.ru/showthread.php?postid=405724#post405724)
Hmmm. But i mean how does it compare the password entered in this pop-up to another one to see if its correct?

- miSt

$_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW']

Yesterday at 08:21 PM Mist said this in Post #7 (https://vborg.vbsupport.ru/showthread.php?postid=405724#post405724)
Hmmm. But i mean how does it compare the password entered in this pop-up to another one to see if its correct?

- miSt

Yes I was going to stay look at the query again it has the password listed in there. Also I don't know if I did it up there but you could md5 the password as well if you have md5 protection on your passwords.

Today at 04:34 PM MUG said this in Post #9 (https://vborg.vbsupport.ru/showthread.php?postid=405752#post405752)
$_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW']

Important to note that $_SERVER['PHP_AUTH_PW'] is the unhashed/unencrypted/plain text version of the password, so obviously never display it on a page. ;)

HTTP authentication eh ;)...

Ok i did a little research into this earlier today using the functions given on php.net...

It's very odd i must say...

For starters you're not comparing usernames from anywhere and seeing if the login is correct. I simply put anything in the box and it works...

Am i missing something here ;)?

- miSt

Here is a very simple example that doesn't check anything against a database.

if(ini_get('register_globals') == false) {
extract($HTTP_SERVER_VARS);
}

if(!isset($PHP_AUTH_USER, $PHP_AUTH_PW) or $PHP_AUTH_USER != 'username' or $PHP_AUTH_PW != 'seekrit') {
header("HTTP/1.0 401 Authorization Required");
header('WWW-Authenticate: Basic realm="please login"');
die('You entered an incorrect username/password combination.');
}
Username/User ID is 'username'
Password is 'seekrit'

Ok that works pretty well.. i'm pretty sure i can modify that myself to work with a user database... however where do i change the code so for example it does something when its logged in...

I.e. displays a message "You are logged in" if the authentication works :)

- miSt

Today at 08:08 AM Mist said this in Post #15 (https://vborg.vbsupport.ru/showthread.php?postid=406060#post406060)
Ok that works pretty well.. i'm pretty sure i can modify that myself to work with a user database... however where do i change the code so for example it does something when its logged in...

I.e. displays a message "You are logged in" if the authentication works :)

- miSt
if(ini_get('register_globals') == false) {
extract($HTTP_SERVER_VARS);
}

if(!isset($PHP_AUTH_USER, $PHP_AUTH_PW) or $PHP_AUTH_USER != 'username' or $PHP_AUTH_PW != 'seekrit') {
header("HTTP/1.0 401 Authorization Required");
header('WWW-Authenticate: Basic realm="please login"');
die('You entered an incorrect username/password combination.');
}

echo "You are logged in.";