10 PHP script skills (5), 10 PHP script skills (5), PHP user authentication if you want to implement password protection based on each script, you can use the header () function, $ PHP_AUTH_USER, and $ PHP_AUTH_PW global variables to create a basic authentication scheme. Common server-based authentication requests/responses "> <LINKhre uses PHP user authentication
If you want to implement password protection based on each script, you can use the header () function, $ PHP_AUTH_USER, and $ PHP_AUTH_PW global variables to create a basic authentication scheme. The common server-based authentication request/response rounds look like the following:
1. the user requests a file from a Web server. If the file is in a protected area, the server adds a 401 (invalid user) string to the response file header as a response.
2. after the browser sees the response, the user name/password dialog box is displayed.
3. enter the user name and password in the dialog box, and then click "OK" to send the information back to the server.
4. if the user name and password are valid, the protected file will be displayed to the user, and as long as the verified user remains in the protected area. The above authentication process is valid.
A simple PHP script can imitate the HTTP authentication request/response system by sending an appropriate HTTP header to automatically display the user name/password dialog box on the client screen. PHP stores the user input dialog box information in the $ PHP_AUTH_USER and $ PHP_AUTH_PW variables. With these variables, you can store a list that does not comply with the user name/password test to a text file, database, or any location you specify.
Note: $ PHP_AUTH_USER, $ PHP_AUTH_PW, and $ PHP_AUTH_TYPE are valid only when PHP is installed as a module. If you are using the CGI version of PHP, you can only use. htaccess authentication or database-based authentication. in this way, you must design an HTML form for the user to enter the user name and password, and then let PHP check the validity.
The following example shows two sets of values, but theoretically there is no essential difference between the above username and password checks.
/* Check for values in $ PHP_AUTH_USER and $ PHP_AUTH_PW */
If ((! Isset ($ PHP_AUTH_USER) | (! Isset ($ PHP_AUTH_PW ))){
/* No values: send headers causing dialog box to appear */
Header ('www-Authenticate: Basic realm = "My Private Stuff "');
Header ('http/1.0 401 unauthorized ');
Echo 'authorization Required .';
Exit;
} Else if (isset ($ PHP_AUTH_USER) & (isset ($ PHP_AUTH_PW ))){
/* Values contain some values, so check to see if they're correct */
If ($ PHP_AUTH_USER! = "Validname") | ($ PHP_AUTH_PW! = "Goodpassword ")){
/* If either the username entered is incorrect, or the password entered is incorrect, send the headers causing dialog box to appear */
Header ('www-Authenticate: Basic realm = "My Private Stuff "');
Header ('http/1.0 401 unauthorized ');
Echo 'authorization Required .';
Exit;
} Else if ($ PHP_AUTH_USER = "validname") | ($ PHP_AUTH_PW = "goodpassword ")){
/* If both values are correct, print success message */
Echo"
You're authorized!
";
}
}
?>
Remember, when you are using file-based protection measures, this approach is not a security blanket that absolutely protects directories. This is obvious to most of you, but if your brain establishes a connection between the pop-up dialog box and the protection of a given directory, then you must get to know this process.