PHP HTTP Authentication Example Detailed _php example

HP to implement HTTP mandatory authentication is very simple, just a few lines of code can be implemented, the following we look at an example, and then combined with the example here I would like to give you a detailed introduction to the PHP implementation of HTTP authentication.

<?php
 if (!isset ($_server[' Php_auth_user ')) {
 header (' www-authenticate:basic realm= ' system name ');
 Header (' http/1.0 401 Unauthorized ');
 Echo ' failed HTTP authentication. '
 Exit;
 }
 else {
 echo ' authentication passed. '
 Echo ' username: '. $_server[' Php_auth_user ']. " \ n ";
 echo ' Password: '. $_server[' PHP_AUTH_PW ']. " \ n ";
 }
? >
 

1. Implementation Notes

How, see the above code, just a few lines to add to your program page can be achieved.
It uses the header () function to send "authentication Required" information to the client browser, forcing it to eject a username/password input window, and when the user enters a username and password, a PHP script containing a URL will be added to the predefined variable php_ Auth_User, PHP_AUTH_PW and Auth_type are then called again, and these three variables represent the username, password, and authentication type (starting from PHP5.0.1 to support both "Basic" and "Digest" authentication methods), which are saved in the $_ SERVER (valid from hp>>4.1.0) or $http_server_vars (valid from PHP3) array, we can write a few lines of validation code as a function, As long as the user variable does not exist or the validation is not correct to execute the function and pop-up window, but also can set the error login several times will not allow the user access, the specific use of the divergent thinking it.

2. Attention MATTERS:

1. This code must be placed at the beginning of the program and cannot have any output before it starts executing (if there is output, it will need to use the output buffer function).

The HTTP authentication mechanism of 2.PHP is only valid when PHP is running in the Apache module mode, it is easy to understand, it is an HTTP mandatory authentication, it is certainly not suitable for CGI version, cannot execute under the command line.

3.header Please be careful when sending header code. To ensure compatibility for all clients, the first letter of the keyword "Basic" must be capitalized to "B", the demarcation string must be quoted in double quotes (not single quotes), and there must be a space between http/1.0 and 401.

4. In the above Liezi, only the user name and password output, and in the actual system can be in accordance with the login verification process and the database or other ways to judge and verify.

5. From PHP4.3.0 onwards, in order to prevent someone from writing scripts to get the password from the page, when the external authentication is valid for a particular page, and safe mode is turned on, the Php_auth variable will not be set. You can use Remote_user to identify externally authenticated users, The authtype instruction is used to determine whether the external authentication mechanism is valid.

6. To enable HTTP authentication to work under IIS, the PHP configuration option cgi.rfc2616_headers must be set to 0 (the default value).

Thank you for reading, I hope to help you, thank you for your support for this site!