Basic auth loop problem

[jakublw]

Hey,

I'm trying to my prestashop API on my cpanel server, but when I''m typing my api key as username in basic auth I have login loop.

This same is with my custom PHP file - cannot login via basic auth, because I have login loop (after send data from dialog box this are refreshing and showing dialog box again)


PHP example:

public function checkAuth()
    {
        if (PHP_SAPI === 'cli' ||
            empty($this->login)
        ) {
            return;
        }

        if (!isset($_SERVER['PHP_AUTH_USER']) ||
            $_SERVER['PHP_AUTH_PW'] != $this->password ||
            $_SERVER['PHP_AUTH_USER'] != $this->login
        ) {
            header('WWW-Authenticate: Basic realm="Authentification"');
            header('HTTP/1.0 401 Unauthorized');
            echo '401 Unauthorized';
            exit(401);
        }
    }

In httaccess I have:

<IfModule mod_fcgid.c>
    RewriteCond %{HTTP:Authorization} .
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
</IfModule>
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

 

[SamuelM]

Hello @jakublw

It's not clear to me from your example exactly why you are observing an authentication loop. However, I would suggest you refer to the following resources which provide examples for PHP authentication:

https://www.php.net/manual/en/features.http-auth.php

https://gist.github.com/rchrd2/c94eb4701da57ce9a0ad4d2b00794131

I am also curious to know whether disabling your .htaccess file by renaming it temporarily causes the authentication loop to disappear, or if it persists.

Best regards.