10 Tips for PHP scripts (from ZDNet)--using PHP's user authentication

Source: Internet
Author: User
Tags exit header html form http authentication variables php script valid password protection
Skill | script with PHP user authentication

If you want to implement password protection on a per-script basis, you can use the header () function together with the $php_auth_user, $PHP _AUTH_PW Global variables to create a Basic authentication scheme. A common, server-based authentication request/Response round looks like this:

1. The user requests a file from a Web server. If the file is within a protected area, the server responds with a 401 (illegal user) string in the file header of the response.

2. The User name/password dialog box is displayed when the browser sees the response.

3. The user enters the user name and password in the dialog box, and then clicks the "Confirm" button to send the information back to the server.

4. If the username and password are valid, the protected file will be displayed to the user and, as long as the currently authenticated user is within the protected area. The above certification process is valid.


A simple PHP script can mimic an HTTP authentication request/Response system by sending the appropriate HTTP headers to enable the username/password dialog to automatically appear on the client's screen. PHP stores the information in the User Input dialog box in the $php_auth_user and $PHP_AUTH_PW variables. Using these variables, you can store lists that do not conform to the username/password test to a text file, a database, or any place you specify.

Note: The three global variables $PHP _auth_user, $PHP _AUTH_PW, and $php_auth_type are valid only when PHP is installed as a module. If you are using the CGI version of PHP, you can only be limited to using a. htaccess authentication or a database based authentication method, so you must design an HTML form to allow the user to enter a username and password, and then allow PHP to check for validity.

The following example shows a check of 2 settings, but in theory there is no intrinsic difference between the username and password checks.

/* Check for values in $PHP _auth_user and $PHP _AUTH_PW * *

if ((!isset ($PHP _auth_user)) | | (!isset ($PHP _AUTH_PW)) {

/* No values:send Headers causing dialog box to appear * *
Header (' Www-authenticate:basic realm= ' my Private Stuff ');
Header (' http/1.0 401 Unauthorized ');
Echo ' Authorization Required. '

else if ((Isset ($PHP _auth_user)) && (Isset ($PHP _auth_pw)) {

/* values contain some values, so check to the if they ' re correct * *

if (($PHP _auth_user!= "Validname") | | ($PHP _auth_pw!= "Goodpassword")) {
/* If Either the username entered is incorrect, or the password entered is incorrect, send the headers causing dialog box to appear * *
Header (' Www-authenticate:basic realm= ' my Private Stuff ');
Header (' http/1.0 401 Unauthorized ');
Echo ' Authorization Required. '
else if (($PHP _auth_user = = "Validname") | | ($PHP _AUTH_PW = = "Goodpassword")) {
/* If both values are correct, print success message * *
echo "<p>you ' re authorized!</p>";

Remember, when you are using file-based protection, this is not an absolute security blanket to protect the directory. This is obvious to most of you, but if your brain creates a connection between the pop-up dialog and the protection of the given directory, you need to take some effort to understand the process.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.