Building a simple interactive website (iii)
6. Password verification
Maybe you want to put your photo collection on your website, and just want to show your intimate friends that you need a password verification program.
6.1 HTTP-based authentication
How to use PHP to implement the function of password authentication? We can use the short PHP code, using the function header () to send HTTP headers to force authentication, the client browser pops up a dialog box for entering the user name and password. In PHP, the information entered by the client user is automatically saved in $php_auth_user, $PHP _AUTH_PW, and in the three global variables $PHP _auth_type, after being delivered to the server. Using these variables, we can verify the user's identity based on the user account information that is saved in the data file or database.
However, it is important to remind users that the PHP script can use $php_auth_user, $PHP _AUTH_PW, and the three variables $PHP _auth_type only when the Apache module is running. HTTP-based authentication is not possible if the user is using CGI mode PHP.
6.2 Below, let's go through the details of how to use PHP to authenticate the user.
In the following example, we use two variables, $php_auth_user and $PHP_AUTH_PW, to verify that the entrants are legitimate and allow entry. In this example, the user name and password pairs that are allowed to log in are TNC and nature, respectively:
if (!isset ($PHP _auth_user))
{
Header ("Www-authenticate:basic realm=" "My Realm");
Header ("http/1.0 401 Unauthorized");
echo "Text to send if user hits Cancel buttonn";
Exit
}
Else
{
if (! ( $PHP _auth_user== "TNC" && $PHP _auth_pw== "nature"))
{
If the user name/password pair is incorrect, force re-authentication
Header ("Www-authenticate:basic realm=" "My Realm");
Header ("http/1.0 401 Unauthorized");
echo "ERROR: $PHP _auth_user/$PHP _AUTH_PW is invalid.";
Exit
}
Else
{
echo "Welcome tnc!";
}
?>
In fact, it is unlikely that the actual references will be used to access them using either a database or an encrypted password file, as shown above with the explicit user name/password pair of the code snippet.
6.3 Verifying the identity of the user based on the specified authentication information
First, we can use the following code to determine whether a user has entered a user name and password and displays the information entered by the user.
if (!isset ($PHP _auth_user)) {
Header (' Www-authenticate:basic realm= ' My Private Stuff ');
Header (' http/1.0 401 Unauthorized ');
Echo ' Authorization Required. ';
Exit
}
else {
echo "
You are entered this username: $PHP _auth_user
You are entered this password: $PHP _AUTH_PW
The authorization type is: $PHP _auth_type
";
}
?>
Description
The Isset () function is used to determine whether a variable has been assigned a value. Returns TRUE or false depending on whether the value of the variable exists.
The header () function is used to send a specific HTTP header. Note that when using the header () function, be sure to call the function in front of any HTML or PHP code that produces the actual output.
Although the above code is fairly straightforward, there is no valid validation of user names and passwords entered by the user based on any actual values, but at least we have learned how to generate input dialogs in the client using PHP.
Below, let's look at how to verify the identity of the user based on the specified authentication information. The code is as follows:
if (!isset ($PHP _auth_user)) {
Header (' Www-authenticate:basic realm= ' My Private Stuff ');
Header (' http/1.0 401 Unauthorized ');
Echo ' Authorization Required. ';
Exit
}
else if (isset ($PHP _auth_user)) {
if ($PHP _auth_user! = "Admin") | | ($PHP _AUTH_PW! = "123")) {
Header (' Www-authenticate:basic realm= ' My Private Stuff ');
Header (' http/1.0 401 Unauthorized ');
Echo ' Authorization Required. ';
Exit
} else {
echo "
You ' re authorized!
";
}
}
?>
Here, we first check whether the user has entered the user name and password, if not, pop up the corresponding dialog box asks the user to enter the identity information. We then give the user access rights or prompt the user to enter the correct information again by judging whether the information entered by the user conforms to the specified user account named admin/123. This approach applies to sites where all users use the same login account.
6.4 Another easy password verification
If you are writing and running your PHP script under Windows98, or if you have installed PHP as a CGI program under Linux by default, you will not be able to use the PHP program above to implement the verification function. To this end, boundless provides you with another simple method of password verification. Although the practicality is not big, but take to study still very good.
$password = "123";
Check password
if ($pass! = $password)
{
echo " <title>Manage passwords</title>";
echo "";
}
Else
{
echo " <title>Congratulations, you've passed the password verification.</title>";
echo "";
}
?>
The above introduces the novice on the road driving skills PHP Novice on the road (vii), including the Novice on the road driving skills of the content, I hope that the PHP tutorial interested in a friend helpful.
