User Authentication with PHP
If you want to implement password protection on a per-script basis, you can use the header () function together with the $php_auth_user, $PHP _AUTH_PW Global variables to create a Basic authentication scheme. The usual server-based authentication request/Response rounds look like this:
1. The user requests a file from a Web server. If the file is within a protected area, the server responds with a 401 (illegal user) string in the file header of the response.
2. When the browser sees the response, the User name/password dialog box pops up.
3. The user enters the user name and password in the dialog box, and then clicks the "Confirm" button to send the information back to the server.
4. If the user name and password are valid, the protected file will be displayed to the user and, as long as the confirmed user has been in the protected area. The above certification process is effective.
A simple PHP script can mimic the HTTP authentication request/Response system by sending an appropriate HTTP header to allow the Username/Password dialog box to appear automatically on the client's screen. PHP stores the User Input dialog box information in the $php_auth_user and $PHP_AUTH_PW variables. Using these variables, you can store a list of non-compliant user name/password checks in a text file, database, or any place you specify.
Note: The three global variables $PHP _auth_user, $PHP _AUTH_PW, and $php_auth_type are valid only if PHP is installed as a module. If you are using a CGI version of PHP, you can only be limited to using. htaccess-based authentication or database-based authentication, so you must design HTML forms that allow users to enter usernames and passwords, and then allow PHP to check for validity.
The following example shows a check of 2 settings, but in theory there is no intrinsic difference between the user name and password checks.
/* Check for values in $PHP _auth_user and $PHP _AUTH_PW */
if ((!isset ($PHP _auth_user)) | | (!isset ($PHP _AUTH_PW))) {
/* No values:send Headers causing dialog box to appear */
Header (' Www-authenticate:basic realm= ' My Private Stuff ');
Header (' http/1.0 401 Unauthorized ');
Echo ' Authorization Required. ';
Exit
} else if ((Isset ($PHP _auth_user)) && (Isset ($PHP _auth_pw)) {
/* values contain some values, so check to see if they ' re correct */
if ($PHP _auth_user! = "Validname") | | ($PHP _AUTH_PW! = "Goodpassword")) {
/* If Either the username entered is incorrect, or the password entered is incorrect, send the headers causing dialog box to appear */
Header (' Www-authenticate:basic realm= ' My Private Stuff ');
Header (' http/1.0 401 Unauthorized ');
Echo ' Authorization Required. ';
Exit
} else if (($PHP _auth_user = = "Validname") | | ($PHP _AUTH_PW = = "Goodpassword")) {
/* If both values is correct, print success message */
echo "
You ' re authorized!
";
}
}
?>
Remember that when you are using file-based protection, this is not an absolute security blanket to protect your catalog. This is obvious to most of you, but if your brain creates a connection between the popup dialog and the protection of the given directory, then you need to be a little bit more aware of the process.
The above describes 10 tips for Acronis Disk Director suite PHP scripts 5, including Acronis Disk Director Suite 10, and I hope you will be interested in the PHP tutorial friends helpful.