Apache server user authentication

Source: Internet
Author: User


Readers who frequently access the Internet may encounter this situation: when accessing some resources of some websites, a dialog box pops up in the browser asking users and passwords to access resources. This is a technology used for user authentication. User authentication is the first line of defense to protect network system resources. It controls all logins and checks the validity of users, the goal is to only allow legal users to access network system resources with legal permissions. The basic user authentication technology is "User Name + password ".

Apache is a popular Web server that runs on Linux, UNIX, windows, and other operating systems. It can well solve the authentication problem of "User Name + password. The username and password required for Apache user authentication are stored in two different ways: text files and databases such as msql, Oracle, and MySQL. The following uses Apache in Linux as an example to describe how to implement user authentication based on these two storage methods. It also briefly introduces Apache user authentication for Windows.

Use text file storage

The basic idea of this authentication method is: after Apache starts the authentication function, you can create a file named. htaccess in the directory to which access is restricted and specify the authentication configuration command. When you access the file in this directory for the first time, the browser displays a dialog box asking you to enter the user name and password to confirm your identity. If the user is a legal user, the content of the accessed page is displayed. After that, the browser automatically sends out the user name and password and does not need to enter the password until the browser is closed. The specific steps are as follows:

Run root as the super user to enter Linux. Assume that Apache 1.3.12 has been compiled and installed in the/usr/local/Apache directory. By default, the mod_auth module is automatically added when Apache is compiled. This module can be used to implement the authentication function of "User Name + password" stored in text files.

1. Modify the Apache configuration file/usr/local/Apache/CONF/httpd. conf and set the configuration command for the directory where the authentication resource is located. In the following example, configure the/usr/local/Apache/htdocs/members directory:

<Directory/usr/local/Apache/htdocs/members>

Options indexes followsymlinks

AllowOverride authconfig

Order allow, deny

Allow from all

</Directory>

AllowOverride authconfig indicates that user authentication is allowed for files in the/usr/local/Apache/htdocs/members directory.

2. Create a file. htaccess under the/usr/local/Apache/htdocs/members directory with the following content:

Authname "member Zone"

Authtype basic

Authuserfile/usr/local/Apache/members.txt

Require valid-user

Note: common configuration commands in file. htaccess include the following:

1) authname command: Specify the authentication region name. The region name is displayed to the user in the prompt for authentication dialog box (see the figure below ).

2) authtype command: Specify the authentication type. In http1.0, there is only one authentication type: Basic. There are several authentication types in http1.1, such as MD5.

3) authuserfile command: specify a text file containing the user name and password. Each line has a pair.

4) authgroupfile: Specifies a text file that contains a list of user groups and a list of members of these groups. Group members are separated by spaces, for example:

Managers: user1 user2

5) require command: Specify which users or groups can be accessed with authorization. For example:

Require user user1 user2 (only users user1 and user2 can access)

Requiresgroupsmanagers (only members in the group manager can access it)

Require valid-user (any user can access the file specified by authuserfile)

3. UseProgramHtpasswd: generate a text file containing the user name and password:/usr/local/Apache/members.txt. The format of each line is "User name: Password ".

# Cd/usr/local/Apache/bin

# Htpasswd-BC./members.txt user1 1234

# Htpasswd-B ../members.txt user2 5678

The hosts file members.txt contains two users: user1, password 1234, user2, and password 5678. Note: Do not store this text file in the directory tree of the Web document to avoid being downloaded by users.

To learn more about the htpasswd program, run htpasswd-H.

When the number of users is small, this method is convenient and easy to authenticate, And the maintenance work is also simple. However, when there are tens of thousands or even hundreds of thousands of users, it takes some time to find users, thus reducing server efficiency. In this case, the database method should be used.

Database storage

Currently, Apache, PhP4, and MySQL are the best web site construction partners in Linux. These three software are free software. Combine the three methods and use PhP4 and MySQL through http to implement Apache user authentication.

User authentication can be performed only when PhP4 runs in Apache module mode. Therefore, you must add the PhP4 module to compile Apache. Assume that PhP4 is used as the Apache module to compile and install Apache to the/usr/local/Apache directory, and compile and install MySQL to the/usr/local/MySQL directory. Perform the following steps:

1. Create a database member in MySQL, and create a table users in it to store the username and password of Valid users.

1) Use the VI command to create an SQL script file Auth. SQL IN THE/tmp directory. The content is:

Drop database if exists member;

Create Database member;

Use member;

Create Table users (

Username char (20) not null,

Password char (20) not null,

);

Insertsintosusers values ("user1", password ("1234 "));

Insertsintosusers values ("user2", password ("5678 "));

2) Start MYSQL client program MySQL, execute the auth. SQL command in the preceding SQL script file, and add two user records in the users table.

# Mysql-u root-pmypwd </tmp/auth. SQL

2. Write a PHP script header file Auth. Inc. The program content is:

<? PHP

Function authenticate (){

Header ('www-Authenticate: Basic realm = "member zone "');

Header ('HTTP/1.0 401 unauthorized ');

Echo "you must enter the correct user name and password. ";

Exit;

}

Function checkuser (,){

If (= ""
= "") Return 0;

= "Select username, password from usersswheresusername ='' and Password = PASSWORD ('')";

= Mysql_connect ('localhost', 'root', 'mypwd ');

Mysql_select_db ('member ',);

= Mysql_query (,);

= Mysql_num_rows ();

Mysql_close ();

If (> 0 ){

Return 1; // valid logon

} Else {

Return 0; // invalid logon

}

}

?>

The authenticate () function uses the function header ('www-Authenticate: Basic realm = "member zone" ') to send an authentication request message to the browser, make the browser pop up a user name/Password dialog box. After the user enters the user name and password, the URL containing the PHP script will be automatically called again, and the user name, password, and authentication type will be stored in three special variables of PhP4 :,,, in PHP, you can determine whether the user is valid based on the three variable values. In the header () function, basic indicates the basic authentication type, and the value of realm indicates the authentication region name.

The function header ('HTTP/1.0 401 unauthorized ') enables browser users to receive HTTP 401 errors when they enter incorrect usernames or passwords multiple times in a row.

The checkuser () function is used to determine whether the user name and password sent by the browser are the same as those sent by the MySQL database. If they are the same, 1 is returned; otherwise, 0 is returned. Here, the database username root and password mypwd for mysql_connect ('localhost', 'root', 'mypwd') should be changed according to your MySQL settings.

3. Add the following program segments at the beginning of each PHP script program that requires restricted access:

<? PHP

Require ('auth. inc ');

If (checkuser (,) = 0 ){

Authenticate ();

} Else {

Echo "this is the webpage that a legal user wants to access. "; // Change this row to a webpage output to a valid user

}

?>

Place the webpage content that needs to be displayed to a valid user in the else clause to replace the line in the preceding section:

Echo "this is the webpage that a legal user wants to access. ";

In this way, when a user accesses the PHP script program, the user name and password must be entered to confirm the user's identity.

Apache user authentication for Windows

1. when a text file is used to store the user name and password, the method is the same as before. However, note that the slash "/" is used to separate the directory names in the path and between the directory names and file names, instead of the Backslash "".

2. when using the MySQL database to store user names and passwords, run php 4.0.3 as the Apache module in the following ways, then follow the above "user authentication using the database to store user names and passwords" method.

1) download Apache 1.3.12, PHP 4.0.3, and MySQL 3.2.32 for Windows, decompress and install the three software in C:

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.