Can somone please tell me why this code fails?

I use this on another server and it works great… I realize that Dreamhost has some different security settings, can someone please tell me what I have to do to get this to work?

<?php $auth = false; // Assume user is not authenticated if ((!isset($PHP_AUTH_USER)) || (!isset($PHP_AUTH_PW))) { // Connect to MySQL include("conn.php"); mysql_connect("",$username,$password); @mysql_select_db($database) or die( "Unable to select database"); // Formulate the query $sql = "SELECT * FROM users WHERE username = '$PHP_AUTH_USER' AND password = '$PHP_AUTH_PW'"; // Execute the query and put results in $result $result = mysql_query( $sql ) or die ( 'Unable to execute query.' ); // Get number of rows in $result. $num = mysql_numrows( $result ); if ( $num != 0 ) { // A matching row was found - the user is authenticated. $auth = true; } } if ( ! $auth ) { header( 'WWW-Authenticate: Basic realm="Private"' ); header( 'HTTP/1.0 401 Unauthorized' ); echo 'Authorization Required.'; exit; } ?>


Is $database set in conn.php and is conn.php available to the script?

Or don’t you need to specify the connection in the mysql_select DB line? Like:

$link = mysql_connect(“”,$username,$password);

This signature line intentionally blank.

I think the issue is that the default DH php runs as CGI - and apache authentication only works with PHP if running mod_php. :wink:


I think the issue is that the default DH php runs as CGI - and apache authentication only works with PHP if running mod_php.


How do I know this?

My options are:

PHP Version: 5.1.2 or 4.4.2
Extra Web Security? (highly recommended)
FastCGI Support? (advanced)

Which do I choose for this to work?


None of those choices will do it for you. There is a lot of information about this situation in the articles mentioned


The problem is it says:

  • Go to the “Domains > Manage Domains” area of the web panel.
  • Click the “Edit” link for the http or https service for your domain you’d like to switch PHP’s type on.
  • There should be a a checkbox which says “Run PHP as a CGI?”. Just uncheck (or check) that, and then submit the form.

But there is no checkbox which says “Run PHP as a CGI?”.

You need to read that link I referred you to more carefully - that option has not been available for quite some time now. The panel will no longer give you the opportunity to set your domain to run mod_php.

Did you see/read this link about mod_php on Dreamhost in the page I linked you to before?


Ah… Thanks, I am still getting my feet wet with a lot of this stuff…

So, would you say .htaccess is the best way to go for password protecting a directory?

I used to just include that script on every page, that is why I like it so much… I need to password protect a site and I was hoping to store passwords in a database…

It seems to me that there are a couple of readily apparent workarounds for your situation:

  1. Abandon that script and employ an totally php-based authentication system for your pages (there are many such code examples on the web; you can locate them via google).

  2. Use the information in the last link I provided to create an .htaccess file that will cause your php files to be run under mod_php.

The first idea involves a bit more work, but has the advantage of you being able to free yourself from the mod_php requirement and would be highly portable. The second suggestion allows you to keep using the same code you are accustomed to, at the expense (on DH, at least) of running the latest version(s) of php.


Thanks for all the help, I really appreciate it… After reading a bit more I found the htaccess option under “goodies” and I just set that up for a folder on the domain I was trying password protect. Works like a charm!

Thanks again for all your help!!!