How does this portal page work?

Source: Internet
Author: User
Tags http authentication
How does this portal page work?
For example, we have WiFi internet access in college, but the account password. With a computer or mobile phone on the internet, first appeared a landing page (I call this "portal", I do not know this is the correct address?) Or should I call it "portal page"? ), lost the account password, click on a "Go online" button, and then the page prompts have been online. Then you will have free access to other Web pages.
This kind of entrance page a lot of, casually go to the street, found that there are chinanet, CMCC, chinaunicom these seemingly unlocked wifi, but if you connect these networks, an Internet, the first page is to you to lose the account password, You have an account password to get through this portal and then surf the internet freely. Not only WiFi, some cell Ethernet is also the case, I lived in a community, the Great Wall of broadband, is also the way to surf the internet, to first pass through an Import page account password.

I want to know how to do this kind of Web page? How to use a Web page to control the Internet access of users in the LAN?

I have a project that needs to make a Web page like this, hurry! Everybody help me! Kneel, thank you!
------Solution--------------------
Like a proxy ....
------Solution--------------------
The main task of this gateway is to control the permissions and then route the packet, relative to the general Web server, he should be implemented at a lower level, I guess the login page is just a CGI, the main program is high-performance c/java based on the socket work
Not quite, very interested in watching
------Solution--------------------
You seem to have forgotten this. Let's show you the Handbook, and don't want to. Simply Paste
Chapter 34. HTTP Authentication with PHP
PHP's HTTP authentication mechanism only works when PHP is running as an Apache module, so this feature is not available for CGI versions. In the Apache module PHP script, you can use the header () function to send the "authentication Required" message to the client browser, which pops up a username/Password Entry window. When the user enters the user name and password, the PHP script containing the URL will be prefixed with the predefined variables PHP_AUTH_USER,PHP_AUTH_PW and auth_type are called again, these three variables are set to the user name, password and authentication type respectively. The predefined variables are saved in the $_server or $HTTP _server_vars array. Support for "Basic" and "Digest" (since PHP 5.1.0) authentication method. See the header () function for more information.

PHP version problem: Autoglobals global variables, including $_server, since PHP 4.1.0 effective, $HTTP _server_vars starting from PHP 3.

The following is an example of a script that forces client authentication on a page:

Example 34-1. Basic HTTP Authentication Example

if (!isset ($_server[' Php_auth_user ')) {
Header (' Www-authenticate:basic realm= ' My realm ');
Header (' http/1.0 401 Unauthorized ');
Echo ' Text to send if user hits Cancel button ';
Exit
} else {
echo "

Hello {$_server[' Php_auth_user '}.

";
echo "

You entered {$_server[' PHP_AUTH_PW '}} as your password.

";
}
?>



Example 34-2. Digest HTTP Authentication Example

This example shows how to implement a simple Digest HTTP authentication script. For more information, refer to RFC 2617.

$realm = ' Restricted area ';

user = password
$users = Array (' admin ' = = ' Mypass ', ' guest ' = ' guest ');


if (!isset ($_server[' php_auth_digest ')) {
Header (' http/1.1 401 Unauthorized ');
Header (' Www-authenticate:digest realm= '. $realm.
' "qop=" auth "nonce=" '. Uniqid (). ' Opaque= ' '. MD5 ($realm). ' ";

Die (' Text to send if user hits Cancel button ');
}

Analize the php_auth_digest variable
Preg_match ('/username= ' (? P . *) ", \s*realm=" (? P . *) ", \s*nonce=" (? P . *) ", \s*uri=" (? P . *) ", \s*response=" (? P . *) ", \s*opaque=" (? P . *) ", \s*qop= (? P . *), \s*nc= (? P . *), \s*cnonce= "(? P . *) "/', $_server[' php_auth_digest '), $digest);

if (!isset ($users [$digest [' username ']])
Die (' Username not valid! ');


Generate the valid response
$A 1 = MD5 ($digest [' username ']. ':' . $realm. ':' . $users [$digest [' username ']];
$A 2 = MD5 ($_server[' Request_method '). ': '. $digest [' URI ']);
$valid _response = MD5 ($A 1. ': ' $digest [' nonce ']. ': ' $digest [' NC ']. ': '. $digest [' cnonce ']. ': '. $digest [' Qop ']. ': '. $ A2);

if ($digest [' response ']! = $valid _response)
Die (' wrong credentials! ');

OK, valid username & password
Echo ' Your is logged in as: '. $digest [' username '];

?>



Compatibility issues: Be cautious when writing HTTP header code. In order to guarantee compatibility for all clients, the first letter of the keyword "Basic" must be capitalized as "B", and the delimited string must be quoted in double quotation marks (not single quotes), and in the header row http/1.0 401, must have only one space before 401.

In the above example, only the values of Php_auth_user and PHP_AUTH_PW are printed, but in practice, the legality of the user name and password may need to be checked. Perhaps a query for the database may be retrieved from the dbm file.

Note that some Internet Explorer browsers themselves have problems. It seems a bit fastidious about the order of the headers. It seems to be possible to resolve this issue by sending the Www-authenticate header before sending http/1.0 401.

Since PHP 4.3.0, in order to prevent someone from writing a script from the traditional external mechanism authentication on the page to obtain the password, when the external authentication is valid for a specific page, and the security mode is turned on, the Php_auth variable will not be set. However, Remote_user can be used to identify external authentication users, so you can use $_server[' remote_user '] variables.

Configuration Description: PHP uses the AUTHTYPE directive to determine whether an external authentication mechanism is valid.

Note that this still does not prevent someone from stealing passwords from authenticated URLs on the same server through an unauthenticated URL.

Netscape Navigator and Internet Explorer browsers will empty the Windows authentication cache for the entire domain of all local browsers when they receive 401 of the service-side return information. This effectively unregisters a user and forces them to re-enter their user name and password. Some people use this method to "expire" the login status, or as a response behavior for the logout button.

Example 34-3. Example of forcing re-entering HTTP authentication for username and password

function Authenticate () {
Header (' Www-authenticate:basic realm= ' Test authentication System "');
Header (' http/1.0 401 Unauthorized ');
  • Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    • Sales Support

      1 on 1 presale consultation

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.