PHP Novice on the road (vii)

6. Password Authentication





Maybe you want to put your photo album on your website and just want to show your intimate friends that you need a password verification program.





6.1 based on HTTP authentication





How to use PHP to implement the function of password verification? We can use the short PHP code, use the function header () to send HTTP header enforcement authentication, the client browser pop-up for the user name and Password dialog box. In PHP, the information entered by the client user is automatically saved in $php_auth_user, $PHP _AUTH_PW, and $PHP _auth_type these three global variables. Using these variables, we can authenticate users based on the user account information saved in the data file or database.





but the point to be reminded here is that the PHP script can use $php_auth_user, $PHP _auth_pw, and $PHP _auth_type These three variables only when the Apache module works. If the user is using a CGI-mode PHP, then the HTTP based authentication capability is not possible.





6.2 Below, we'll explain how to use PHP to authenticate user identity.





in the following example, we use both the $php_auth_user and $PHP_AUTH_PW variables to verify that the entry is legitimate and allowed to enter. In this case, the user name and password pair that are allowed to log on are TNC and nature:


;?


if (!isset ($PHP _auth_user))


{


Header ("Www-authenticate:basic realm=" "My Realm");


Header ("http/1.0 401 Unauthorized");


echo "Text to send if user hits Cancel buttonn";


exit;


}


Else


{


if (!) ( $PHP _auth_user== "TNC" && $PHP _auth_pw== "nature")


{


//If the user name/password pair is incorrect, force re-verify


Header ("Www-authenticate:basic realm=" "My Realm");


Header ("http/1.0 401 Unauthorized");


echo "ERROR: $PHP _auth_user/$PHP _AUTH_PW is invalid.";


exit;


}


Else


{


echo "Welcome tnc!";


}


?>





In fact it is unlikely that the actual reference would be as obvious as the user name/password pair used in the code snippet above, but rather to access them using a database or encrypted password file.





6.3 Verify the identity of the user based on the specified authentication information





First, we can use the following code to determine whether the user has entered the user name and password, and displays the information entered by the user.





<?php





if (!isset ($PHP _auth_user)) {





header (' Www-authenticate:basic realm= ' my Private Stuff ');





header (' http/1.0 401 Unauthorized ');





Echo ' Authorization Required. '





exit;





}





else {





echo "<p>you have entered this username: $PHP _auth_user<br>





have entered this password: $PHP _auth_pw<br>





The authorization type is: $PHP _auth_type</p> ";





}





?>





Description:

The
isset () function is used to determine whether a variable has been assigned a value. Returns TRUE or false based on whether the value of the variable exists.

The
header () function is used to send a specific HTTP header. Note that when using the header () function, be sure to call the function before any HTML or PHP code that produces the actual output.





Although the above code is fairly simple and does not effectively validate user names and passwords that are entered according to any actual value, at least we know how to use PHP to generate input dialogs on the client.





below, we'll see how to verify the identity of the user based on the specified authentication information. The code is as follows:





<?php





if (!isset ($PHP _auth_user)) {





header (' Www-authenticate:basic realm= ' my Private Stuff ');





Header (' http/1.0 401 Unauthorized ');





Echo ' Authorization Required. '





exit;





}





Else if (isset ($PHP _auth_user)) {





if (($PHP _auth_user!= "admin") | | ($PHP _auth_pw!= "123")) {





header (' Www-authenticate:basic realm= ' my Private Stuff ');





header (' http/1.0 401 Unauthorized ');





Echo ' Authorization Required. '





exit;





} else {





echo "<p>you ' re authorized!</p>";





}





}





?>





here, we first check whether the user has entered the user name and password, if not, pop-up dialog box to require users to enter identity information. We then give users access or prompt the user to re-enter the correct information by determining whether the information entered by the user conforms to the specified user account admin/123. This approach applies to sites where all users use the same login account.





6.4 Another easy way to password authentication





If you are writing and running your PHP script under Windows98, or if you install PHP as a CGI program under Linux by default, you will not be able to use the PHP program above to implement the verification function. To this end, boundless to provide you with another simple method of password verification. Although the practicality is not very good, but takes the study to be quite fine.


<?php


$password = "123";





//Check password


if ($pass!= $password)


{


echo "<html><head><title> admin password </title></head><body>";


echo "<form method=" post "action= $PHP _self>";


echo "Please enter your admin password:<br>";


echo "<input type=" password "name=" pass ">";


echo "<input type=" submit "value=" continue ">";


echo "</form></body></html>";


}


Else


{


echo "<html><head><title> Congratulations, you have passed the password validation </title></head>";


echo "<script>";


echo ' window.location= ' http://gophp.heha.net/test/index.php3 ';


# The page that is passed through password authentication


echo "</script>";





}


?>