PHP beginners (7)

Building a simple interaction website (3)

6. Password Verification

Maybe you want to put your photo set on your website, and you just want to show it to your friends. At this time, you need a password for verification.Program.

6.1 HTTP-based verification

How can I use PHP to implement password verification? We can use a short PHPCode, Use the function header () to send HTTP header mandatory authentication, and the client browser will pop up a dialog box for you to enter the user name and password. In PHP, the information entered by the client user is automatically stored in three global variables: $ php_auth_user, $ php_auth_pw, and $ php_auth_type. With these variables, we can verify the user identity based on the user account information stored in the data file or database.

Note that only when running the Apache module can the PHP script use the $ php_auth_user, $ php_auth_pw, and $ php_auth_type variables. If you are using cgi php, you cannot implement HTTP-based authentication.

6.2 next, we will introduce in detail how to use PHP to authenticate user identities.

In the following example, the variables $ php_auth_user and $ php_auth_pw are used to verify whether the entrant is valid and allow access. In this example, the user names and password pairs that are allowed to log on are TNC and nature:
<?
If (! Isset ($ php_auth_user ))
{
Header ("www-Authenticate: Basic realm =" my realm "");
Header ("HTTP/1.0 401 unauthorized ");
Echo "text to send if user hits cancel buttonn ";
Exit;
}
Else
{
If (! ($ Php_auth_user = "TNC" & $ php_auth_pw = "nature "))
{
// If the user name or password pair is incorrect, force re-verification
Header ("www-Authenticate: Basic realm =" my realm "");
Header ("HTTP/1.0 401 unauthorized ");
Echo "error: $ php_auth_user/$ php_auth_pw is invalid .";
Exit;
}
Else
{
Echo "Welcome TNC! ";
}
?>

In fact, in actual reference, it is unlikely that the above user name/password pairs are used, but the database or encrypted password files are used to access them.

6.3 verify the user identity based on the specified authentication information

First, we can use the following code to determine whether the user has entered the user name and password, and display the information entered by the user.

<? PHP

If (! Isset ($ php_auth_user )){

Header ('www-Authenticate: Basic realm = "my private stuff "');

Header ('HTTP/1.0 401 unauthorized ');

Echo 'authorization required .';

Exit;

}

Else {

Echo "<p> you have entered this username: $ php_auth_user <br>

You have entered this password: $ php_auth_pw <br>

The authorization type is: $ php_auth_type </P> ";

}

?>

Note:
The isset () function is used to determine whether a variable has been assigned a value. Returns true or false based on whether the variable value exists.
The Header () function is used to send specific HTTP headers. Note: when using the header () function, you must call this function before any HTML or PHP code that generates the actual output.

Although the above Code is quite simple and does not validate the user name and password entered by the user based on any actual value, at least we understand how to use PHP to generate an input dialog box on the client.

Next, let's take a look at how to verify the user identity based on the specified authentication information. The Code is as follows:

<? PHP

If (! Isset ($ php_auth_user )){

Header ('www-Authenticate: Basic realm = "my private stuff "');

Header ('HTTP/1.0 401 unauthorized ');

Echo 'authorization required .';

Exit;

}

Else if (isset ($ php_auth_user )){

If ($ php_auth_user! = "Admin") | ($ php_auth_pw! = "123 ")){

Header ('www-Authenticate: Basic realm = "my private stuff "');

Header ('HTTP/1.0 401 unauthorized ');

Echo 'authorization required .';

Exit;

} Else {

Echo "<p> You're authorized! </P> ";

}

}

?>

Here, we first check whether the user has entered the user name and password. If not, a dialog box is displayed asking the user to enter the identity information. Then, we determine whether the information entered by the user complies with the specified admin/123 user account to grant the user access permission or prompt the user to enter the correct information again. This method applies to websites where all users use the same Logon account.

6.4 another simple password verification

If you write and run your PHP script under Windows 98, Or you install PHP into a CGI program by default under Linux, you will not be able to use the above PHP program for verification. To this end, we provide you with another simple password verification method. Although it is not practical, it is good to learn it.
<? PHP
$ Password = "123 ";

// Check Password
If ($ pass! = $ Password)
{
Echo "<HTML> Echo "<form method =" Post "Action = $ php_self> ";
Echo "Enter your management password: <br> ";
Echo "<input type =" password "name =" pass "> ";
Echo "<input type =" Submit "value =" continue "> ";
Echo "</form> </body> }
Else
{
Echo "<HTML> Echo "<SCRIPT> ";
Echo 'window. Location = "http://gophp.heha.net/test/index.php3 "';
# Transfer page after password verification
Echo "</SCRIPT> ";

}
?>