Php compiling http verification

Source: Internet
Author: User
& Amp; nbsp; PHP is very simple to implement HTTP forced authentication. it can be implemented with just a few lines of code, let's take a look at an example. I will introduce PHP to implement HTTP authentication in detail based on the example here.

 

PHP to implement HTTP forced authentication is very simple, only a few lines of code can be achieved, the following
Let's take a look at an example. I will introduce PHP to achieve HTTP authentication in detail.


 

1. implementation

How can I see the code above? just add a few lines to your program page.
It uses the header () function to send the "Authentication Required" message to the client browser, forcing it to pop up a user name/password input window. after the user enters the user name and password, the pre-defined variables PHP_AUTH_USER, PHP_AUTH_PW, and AUTH_TYPE will be added to the PHP script containing a URL, and then called again. these three variables represent the user name respectively, password and authentication type ("Basic" and "Digest" authentication methods are supported since PHP5.0.1). they are saved on $ _ SERVER (valid from HP> 4.1.0) or $ HTTP_SERVER_VARS (effective from PHP3) when using an array, we can write several lines of verification code into a function, as long as the user variable does not exist or the verification is incorrect, the function will be executed and a window will pop up. you can also set the number of logon errors so that the user is not allowed to access the function, let's think about how to use it.


2. notes:

1. This code must be placed at the beginning of the program, and no output is allowed before it starts to be executed (if there is output
You need to use the output buffer function ).
2. PHP's HTTP authentication mechanism is only effective when PHP runs in the Apache module mode. it is easy to understand that it is an HTTP forced authentication and is definitely not suitable for CGI versions, it cannot be executed in the command line.
3. be careful when sending the header code. to ensure compatibility with all clients, the first letter of the keyword "Basic" must be capitalized to "B", and the demarcation string must be referenced in double quotation marks (not single quotation marks ); there must be only one space between HTTP/1.0 and 401.
4. in the above column, only the user name and password are output, while in the actual system, the user name and password can be judged and verified according to the login verification process or other methods.
5. from PHP4.3.0, the PHP_AUTH variable will not be set when external authentication is effective for a specific page and the security mode is enabled to prevent users from getting a password from the page by writing scripts. REMOTE_USER can be used to identify external authenticated users and AuthType commands can be used to determine whether the external authentication mechanism is effective.
6. to enable HTTP authentication to work in IIS, set cgi. rfc2616_headers to 0 (default ).

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.