Skill | script with PHP user authentication
If you want to implement password protection on a per-script basis, you can use the header () function together with the $php_auth_user, $PHP _AUTH_PW Global variables to create a Basic authentication scheme. A common, server-based authentication request/Response round looks like this:
1. The user requests a file from a Web server. If the file is within a protected area, the server responds with a 401 (illegal user) string in the file header of the response.
2. The User name/password dialog box is displayed when the browser sees the response.
3. The user enters the user name and password in the dialog box, and then clicks the "Confirm" button to send the information back to the server.
4. If the username and password are valid, the protected file will be displayed to the user and, as long as the currently authenticated user is within the protected area. The above certification process is valid.
A simple PHP script can mimic an HTTP authentication request/Response system by sending the appropriate HTTP headers to enable the username/password dialog to automatically appear on the client's screen. PHP stores the information in the User Input dialog box in the $php_auth_user and $PHP_AUTH_PW variables. Using these variables, you can store lists that do not conform to the username/password test to a text file, a database, or any place you specify.
Note: The three global variables $PHP _auth_user, $PHP _AUTH_PW, and $php_auth_type are valid only when PHP is installed as a module. If you are using the CGI version of PHP, you can only be limited to using a. htaccess authentication or a database based authentication method, so you must design an HTML form to allow the user to enter a username and password, and then allow PHP to check for validity.
The following example shows a check of 2 settings, but in theory there is no intrinsic difference between the username and password checks.
?
/* Check for values in $PHP _auth_user and $PHP _AUTH_PW * *
if ((!isset ($PHP _auth_user)) | | (!isset ($PHP _AUTH_PW)) {
/* No values:send Headers causing dialog box to appear * *
Header (' Www-authenticate:basic realm= ' my Private Stuff ');
Header (' http/1.0 401 Unauthorized ');
Echo ' Authorization Required. '
Exit
else if ((Isset ($PHP _auth_user)) && (Isset ($PHP _auth_pw)) {
/* values contain some values, so check to the if they ' re correct * *
if (($PHP _auth_user!= "Validname") | | ($PHP _auth_pw!= "Goodpassword")) {
/* If Either the username entered is incorrect, or the password entered is incorrect, send the headers causing dialog box to appear * *
Header (' Www-authenticate:basic realm= ' my Private Stuff ');
Header (' http/1.0 401 Unauthorized ');
Echo ' Authorization Required. '
Exit
else if (($PHP _auth_user = = "Validname") | | ($PHP _AUTH_PW = = "Goodpassword")) {
/* If both values are correct, print success message * *
echo "<p>you ' re authorized!</p>";
}
}
?>
Remember, when you are using file-based protection, this is not an absolute security blanket to protect the directory. This is obvious to most of you, but if your brain creates a connection between the pop-up dialog and the protection of the given directory, you need to take some effort to understand the process.
