If you want to implement password protection based on each script, you can combine the header () function and $ PHP_AUTH_USER and $ PHP_AUTH_PW global variables to create a basic authentication plan. Generally, server-based authentication requests/sounds. if you want to implement password protection based on every script, you can combine the application header () function and $ PHP_AUTH_USER and $ PHP_AUTH_PW global variables to create a basic authentication plan. Generally, server-based authentication requests/response rounds look like the following:
1. the user requests a file from a Web server. If the file is in a protected area, the server adds a 401 (invalid user) string to the response file header.
2. after the browser sees the response, the user name/password dialog box is displayed.
3. enter the user name and password in the dialog box, and then click "OK" to send the information back to the server.
4. if the user name and password are valid, the protected file will be displayed to the user, and as long as the verified user remains in the protected area. The above authentication process is valid.
A simple PHP script can imitate the HTTP authentication request/response system by sending an appropriate HTTP header so that the user name/password dialog box is displayed on the client's screen. PHP stores the user input dialog box information in the $ PHP_AUTH_USER and $ PHP_AUTH_PW variables. With these variables, you can store a list of non-real user name/password checks in a text file, database, or any location you specify.
Note: $ PHP_AUTH_USER, $ PHP_AUTH_PW, and $ PHP_AUTH_TYPE are valid only when PHP is installed as a module. If you are applying the CGI version of PHP, you can only use. htaccess authentication or database-based authentication method. in this way, you must design an HTML form to allow users to enter the user name and password, and then check the validity of PHP.
The following example shows two sets of values, but theoretically there is no essential difference between the above username and password checks.
/* Check for values in $ PHP_AUTH_USER and $ PHP_AUTH_PW */
If ((! Isset ($ PHP_AUTH_USER) | (! Isset ($ PHP_AUTH_PW ))){
/* No values: send headers causing dialog box to appear */
Header ('www-Authenticate: Basic realm = 'My Private buffer '');
Header ('http/1.0 401 unauthorized ');
Echo 'authorization Required .';
Exit;
} Else if (isset ($ PHP_AUTH_USER) & (isset ($ PHP_AUTH_PW ))){
/* Values contain some values, so check to see if they're correct */
If ($ PHP_AUTH_USER! = 'Validname') | ($ PHP_AUTH_PW! = 'Goodpassword ')){
/* If either the username entered is incorrect, or the password entered is incorrect, send the headers causing dialog box to appear */
Header ('www-Authenticate: Basic realm = 'My Private buffer '');
Header ('http/1.0 401 unauthorized ');
Echo 'authorization Required .';
Exit;
} Else if ($ PHP_AUTH_USER = 'validname') | ($ PHP_AUTH_PW = 'goodpassword ')){
/* If both values are correct, print success message */
Echo'
You're authorized!
';
}
}
?>
Remember, when you are applying file-based protection measures, this method is not a security blanket that protects directories. This is obvious to most of you, but if your brain establishes a connection between the pop-up dialog box and the protection of a given directory, you need to be familiar with this process.
