Header function and Php_auth_user do user authentication

Header function and Php_auth_user do user authentication 2009-12-16 01:32

php Header php_auth_user PHP_AUTH_PW user authentication

In PHP, you can use the header function to do some interesting things, and user authentication is one of the most interesting features. Specific usage:

Header ("Www-authenticate:basic realm=\" USER login\ "");

Header ("http/1.0 401 Unauthorized");

The two header functions are designed at the top of the page, and a login box appears before the page is loaded, asking for a username and password. Accustomed to the page login, whether we feel that such a login is very original, and very novel it.

To get the username and password from this dialog box, you need to use the two special variables $php_auth_user and $PHP_AUTH_PW that PHP provides. Using these two special variables like this requires that you set the relevant options in php.ini, or you can only refer to the following as follows:

$_server[' Php_auth_user ']

$_server[' PHP_AUTH_PW ']

After obtaining the user name and password submitted by the user, how to deal with the logic is no different from our normal program processing. The following two routines are available for reference:

?

if (!isset ($PHP _auth_user)) {

Header ("Www-authenticate:basic realm=\" xxx\ "");

Header ("http/1.0 401 Unauthorized");

$title = "Login instructions";

?>

<blockquote>

In order to enter this section of the Web site, you must is an XXX

Subscriber. If you are are a subscriber and you are have trouble logging

In,

Please contact <a href= "mailto:support@xxx.com" >SUPPORT@XXX.COM</A>.

</blockquote>

?

Exit

} else {

Mysql_pconnect ("localhost", "Nobody", "") or Die ("Unable to connect to

SQL Server ");

mysql_select_db ("xxx") or Die ("Unable to select database");

$user _id=strtolower ($PHP _auth_user);

$password = $PHP _AUTH_PW;

$query = mysql_query ("SELECT * from Users where user_id= ' $user _id ' and

password= ' $password ');

if (!mysql_num_rows ($query)) {

Header ("Www-authenticate:basic realm=\" xxx\ "");

Header ("http/1.0 401 Unauthorized");

$title = "Login instructions";

?>

<blockquote>

In order to enter this section of the Web site, you must is an XXX

Subscriber. If you are are a subscriber and you are have trouble

Logging in,

Please contact <a href= "mailto:support@xxx.com" >SUPPORT@XXX.COM</A>.

</blockquote>

?

Exit

}

/I pick out some the other useful info

Then available to any script so includes this file * *

$name =mysql_result ($query, 0, "name");

$email =mysql_result ($query, 0, "email");

Mysql_free_result ($query);

}

?>

SOURCE page: http://www.weberdev.com/get_example-82.html

Another reference routine:

<?php

Assume user is not authenticated

$auth = false;

$user = $_server[' Php_auth_user '];

$pass = $_server[' PHP_AUTH_PW '];

if (Isset ($user) && isset ($pass))

{

Connect to DB

Include ' db_connect.php ';

SQL query to find if this entered Username/password are in the DB

$sql = "SELECT * FROM Healthed_workshop_admin WHERE

user = ' $PHP _auth_user ' and

pass = ' $PHP _auth_pw ' ";

Put the SQL command and SQL instructions into variable

$result = mysql_query ($sql) or Die (' Unable to connect. ');

Get number or rows in command; If more than 0, the row is found

$num _matches = mysql_num_rows ($result);

if ($num _matches!=0)

{

Matching row found authenticates user

$auth = true;

}

}

if (! $auth)

{

Header (' Www-authenticate:basic realm= "Health Ed presentation Admin");

Header (' http/1.0 401 Unauthorized ');

Echo ' You must enter a valid username & password. '

Exit

}

Else

{

Echo ' success! ';

}

?>