User authentication for Apache Server (EXT) _php

Source: Internet
Author: User
Keywords authentication user server file Apache password access directory
Apache

Frequent users of the Internet will encounter this situation: When accessing some of the site's resources, the browser pops up a dialog box that asks for a user name and password to gain access to the resource. This is a technology of user authentication. User authentication is the first line of defense to protect network system resources, it controls all logins and checks the legitimacy of access users, with the goal of only allowing legitimate users to access the resources of the network system with legitimate privileges. The basic user authentication technology is "user name + password".


Apache is a popular Web server, which can run in Linux, Unix, Windows and other operating systems, it is a good solution to the "User name + password" authentication problem. Apache user authentication requires a user name and password two different storage methods: One is a text file, the other is mSQL, Oracle, MySQL and other databases. The following example of the Linux Apache, for these two storage methods, respectively, how to implement the user authentication function, while the Windows Apache user certification for a brief description.

Use text file storage

The basic idea of this authentication method is that Apache starts the authentication function, it can establish a file named. htaccess under the directory that needs to restrict access, specify the authentication configuration command. When the user first accesses the directory's files, the browser displays a dialog box asking for a user name and password to confirm the user's identity. If the user is legitimate, the content of the page being accessed is displayed, and thereafter each page of the directory is accessed, and the browser automatically sends out the user name and password without entering it until the browser is closed. Here are the specific steps to implement:

Enter Linux as Superuser root, assuming that Apache 1.3.12 has been compiled and installed into the/usr/local/apache directory. By default, the Mod_auth module is added automatically when compiling Apache, which enables the authentication function of "User name + password" to be stored as a text file.

1. Modify the Apache configuration file/usr/local/apache/conf/httpd.conf to set the configuration command for the directory where the authentication resource resides. The following example is the configuration of the/usr/local/apache/htdocs/members directory:

<Directory/usr/local/apache/htdocs/members>

Options Indexes FollowSymLinks

AllowOverride authconfig

Order Allow,deny

Allow from all

</Directory>

Where the allowoverride authconfig line indicates that user authentication is allowed for files in the/usr/local/apache/htdocs/members directory.

2. Create a file under Restricted access directory/usr/local/apache/htdocs/members. htaccess, which reads as follows:

AuthName "Member Area"

AuthType Basic

Authuserfile/usr/local/apache/members.txt

Require Valid-user

Description: The configuration commands commonly used in file. Htaccess are as follows:

1) AuthName command: Specify the name of the authentication zone. The zone name is displayed to the user in the Prompt for Authentication dialog box (see Drawings).

2) AuthType command: Specify the authentication type. In HTTP1.0, there is only one type of authentication: Basic. There are several types of authentication in HTTP1.1, such as: MD5.

3) AuthUserFile command: Specify a text file containing the user name and password, one pair per line.

4) AuthGroupFile Command: Specifies a text file that contains a list of user groups and the members of those groups. The members of the group are separated by spaces, such as:

Managers:user1 User2

5) Require command: Specify which users or groups are authorized to access. Such as:

Require user User1 User2 (accessible only to users User1 and User2)

Requiresgroupsmanagers (only members in group managers can access it)

Require Valid-user (can be accessed by any user in the AuthUserFile specified file)

3. Using the program HTPASSWD included with Apache, generate a text file containing the user name and password:/usr/local/apache/members.txt, each line of content formatted as "User name: Password".

#cd/usr/local/apache/bin

#htpasswd-BC. /members.txt User1 1234

#htpasswd-B. /members.txt User2 5678

Text file Members.txt contains two users: User1, password is 1234;user2, password is 5678. Note that this text file should not be stored in the directory tree of the Web document to avoid being downloaded by the user.

For help with the HTPASSWD program, please perform htpasswd-h.

When the number of users is relatively small, this method of user authentication is convenient, easy, maintenance work is simple. But in the number of users tens of thousands of people, or even hundreds of thousands of person, will spend a certain amount of time to find users, thereby reducing the efficiency of the server. In this case, a database approach should be adopted.

Using Database storage

Currently, Apache, PHP4, and MySQL are the best partners for building Web sites under Linux, all three software free. Combining the three, through the HTTP protocol, using PHP4 and MySQL, to achieve the Apache user authentication function.

User authentication is only possible when the PHP4 is running in the Apache module mode. To do this, you need to add the PHP4 module to compile the Apache when compiling it. Suppose PHP4, as an Apache module, compiles, installs Apache to the/usr/local/apache directory, compiles and installs MySQL into the/usr/local/mysql directory. Then proceed to the following steps:

1. In MySQL, create a database member, where a table users are created to hold the user name and password of a legitimate user.

1) Create a SQL script file Auth.sql in the/tmp directory with the VI command, as follows:

Drop datebase if exists member;

Create database member;

Use member;

CREATE TABLE Users (

Username char () NOT NULL,

Password char () NOT NULL,

);

Insertsintosusers values ("user1", Password ("1234"));

Insertsintosusers values ("User2", Password ("5678"));

2) Start the MySQL client program MySQL, execute the above SQL script file Auth.sql command, add two user records to the table users.

#mysql-U root-pmypwd</tmp/auth.sql

2. Write a php script header file Auth.inc, the program content is:

<?php

function Authenticate () {

Header (' Www-authenticate:basic realm= ' member area "');

Header (' http/1.0 401 Unauthorized ');

echo "You must enter the correct user name and password. ";

Exit

}

function CheckUser (,) {

if (= = "" | | = = "") return 0;

= "Select Username,password from Usersswheresusername= ' and Password=password (')";

= mysql_connect (' localhost ', ' root ', ' mypwd ');

mysql_select_db (' member ',);

= mysql_query (,);

=mysql_num_rows ();

Mysql_close ();

if (>0) {

return 1; Valid login

} else {

return 0; Invalid login

}

}

? >

The function of authenticate () is to use the function header (' Www-authenticate:basic realm= ' member area ') to send an authentication request message to the browser, which causes the browser to pop up a username/password dialog box. When the user enters the user name and password, the URL containing this PHP script will be automatically called again, the user name, password, authentication types are stored in the PHP4 three special variables:,, in the PHP program can be based on these three variable values to determine whether legitimate users. In the Header () function, basic represents the Basic authentication type, and Realm's value represents the authentication area name.

The function header (' http/1.0 401 Unauthorized ') causes the browser user to receive an HTTP 401 error when entering the wrong user name or password several times in a row.

The function checkuser () is used to determine whether the user name or password sent by the browser user is the same as the MySQL database, and returns 1 if the same, otherwise returns 0. The database user name root and password mypwd of mysql_connect (' localhost ', ' root ', ' mypwd ') should be changed according to their MySQL settings.

3. Add the following program segments at the beginning of each PHP script that requires access restrictions:

<?php

Require (' auth.inc ');

if (CheckUser (,) ==0) {

Authenticate ();

} else {

echo "This is the Web page that the legitimate user wants to visit. "; Change this line to a Web page that is output to a legitimate user

}

? >

Place the page content that needs to be displayed to the legitimate user in the ELSE clause, replacing the line of the above program segment:

echo "This is the Web page that the legitimate user wants to visit. ";

This way, when the user accesses the PHP script, it is necessary to enter a user name and password to confirm the user's identity.

Apache User authentication for Windows

1. When the user name and password are stored in a text file, the method is the same as the previous one, but it is important to note that the name of the directory representing the path, the directory name and the file name are separated by a slash "/" instead of a backslash "".

2. When using the MySQL database to hold the user name and password, the PHP 4.0.3 is first run as the Apache module by the following method, and then the "User authentication with database store user name and password" method is completed.

1) Download the Windows version of Apache 1.3.12, PHP 4.0.3, MySQL 3.2.32, three software respectively extracted, installed to C:pache, C:PHP4, C:mysql directory.

2) C:php4sapi directory has several common Web server PHP module files, which php4apache.dll copied to the Apache Modules subdirectory (c:pachemodules).

3) Modify the Apache configuration file c:pachenfhttpd.conf, add the following lines:

LoadModule Php4_module Modules/php4apache.dll

AddType application/x-httpd-php. php3

AddType Application/x-httpd-php-source. Phps

AddType application/x-httpd-php. php

The first exercise PHP4 run in Apache mode, so that user authentication can be performed, and the following three lines define the PHP script extension.

4) in the path command of the Autoexec.bat file, increase the PHP4 location "C:PHP4" and restart the computer.


After my testing, the 2.0 version of Apache was not
  • Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    • Sales Support

      1 on 1 presale consultation

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.