10 tips for PHP scripts (5)

Source: Internet
Author: User
Tags http authentication password protection
10 PHP script skills (5) use PHP user authentication
If you want to implement password protection based on each script, you can use the header () function, $ PHP_AUTH_USER, and $ PHP_AUTH_PW global variables to create a basic authentication scheme. The common server-based authentication request/response rounds look like the following:

1. the user requests a file from a Web server. If the file is in a protected area, the server adds a 401 (invalid user) string to the response file header as a response.

2. after the browser sees the response, the user name/password dialog box is displayed.

3. enter the user name and password in the dialog box, and then click "OK" to send the information back to the server.

4. if the user name and password are valid, the protected file will be displayed to the user, and as long as the verified user remains in the protected area. The above authentication process is valid.


A simple PHP script can imitate the HTTP authentication request/response system by sending an appropriate HTTP header to automatically display the user name/password dialog box on the client screen. PHP stores the user input dialog box information in the $ PHP_AUTH_USER and $ PHP_AUTH_PW variables. With these variables, you can store a list that does not comply with the user name/password test to a text file, database, or any location you specify.

Note: $ PHP_AUTH_USER, $ PHP_AUTH_PW, and $ PHP_AUTH_TYPE are valid only when PHP is installed as a module. If you are using the CGI version of PHP, you can only use. htaccess authentication or database-based authentication. in this way, you must design an HTML form for the user to enter the user name and password, and then let PHP check the validity.

The following example shows two sets of values, but theoretically there is no essential difference between the above username and password checks.

/* Check for values in $ PHP_AUTH_USER and $ PHP_AUTH_PW */

If ((! Isset ($ PHP_AUTH_USER) | (! Isset ($ PHP_AUTH_PW ))){

/* No values: send headers causing dialog box to appear */
Header ('www-Authenticate: Basic realm = "My Private Stuff "');
Header ('http/1.0 401 unauthorized ');
Echo 'authorization Required .';

} Else if (isset ($ PHP_AUTH_USER) & (isset ($ PHP_AUTH_PW ))){

/* Values contain some values, so check to see if they're correct */

If ($ PHP_AUTH_USER! = "Validname") | ($ PHP_AUTH_PW! = "Goodpassword ")){
/* If either the username entered is incorrect, or the password entered is incorrect, send the headers causing dialog box to appear */
Header ('www-Authenticate: Basic realm = "My Private Stuff "');
Header ('http/1.0 401 unauthorized ');
Echo 'authorization Required .';
} Else if ($ PHP_AUTH_USER = "validname") | ($ PHP_AUTH_PW = "goodpassword ")){
/* If both values are correct, print success message */

You're authorized!


Remember, when you are using file-based protection measures, this approach is not a security blanket that absolutely protects directories. This is obvious to most of you, but if your brain establishes a connection between the pop-up dialog box and the protection of a given directory, then you must get to know this process.
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.