On a professional Web platform, the user's account and password are often required, that is, the identity confirmation action. The early NCSAhttpd server did not provide this user validation function. the Webmaster can only create an identity validation CGI program manually. Most Web servers after CERNhttpd provide user identity confirmation. Only Apache
On a professional Web platform, the user's account and password are often required, that is, the identity confirmation action. The early NCSA httpd server did not provide this user validation function. the Webmaster can only create an identity validation CGI program manually.
Most Web servers after CERN httpd provide user identity confirmation. Although the settings of each Web server are not the same, the settings are similar.
The following are the user identity confirmation settings on the Apache server.
AuthType Basic
AuthName MyMember
AuthUserFile/usr/local/MyMember.txt
Options shortdes ExecCGI
Require valid-user
In this example, you need to confirm the user's account and password when viewing all files under the MyMember Directory, including image files and other types of files. The user's account and password are stored in/usr/local/MyMember.txt.
This account password file/usr/local/MyMember.txt may look like the following example. The string before the colon is the user account, and the string after the colon is the password that cannot be restored and encrypted. the encoding is generally based on the traditional DES encoding, the first two characters of the password are similar to the seed characters (salt). In this example, they are all 3 P. Each row represents one user. Of course, the Webmaster must manually control the account overwriting situation. Especially when Apache is installed on the Win32 system, the password after the colon cannot be encrypted because Win32 does not provide this encoding.
API, so the user password is in plaintext format.
John1234: 3 PWudBlJMiwro
Queenwan: 3PFNVLNPN9W0M
Noname00: 3PEsXaJx5pk7E
Wilson49: 3PjoWb0EnaG22
Rootboot: 3PIt0snI6. 84E
Sun_moon: 3PvymMeNOc. x.
Nobody38: 3PbskPKwV94hw
On Apache 1.3.6, you can use ~ Apache/bin/htpasswd to generate a single account and password. However, for commercial platforms that require large volumes of data, you may need to write a program to process them. On UNIX, you need to call crypt () to process the encoding.
After everything is set up, the password check window appears in the browser when connecting, for example, the user check mechanism of the MySEED website of SEEDNet. After the account and password are entered, the browser uses BASE64 encoding to transmit the password to the server. Of course, BASE64 is only encoded rather than encrypted, so the transmission security on the network is still not high. it may still be intercepted by the middle hacker and restored by BASE64, this is also the most challenging aspect of user authentication. it may be possible to solve this problem after Digest Authentication (Digest) and MD5 encoding are supported in the future. After that, the account and password are still required for each page, but the browser will help you send them out, without entering the account password. In this regard, the browser will be retained until it is closed, and the next re-execution of the browser still requires the first input.
When there are few users, the above method is easy and easy to use. However, when there are tens of thousands or even hundreds of thousands of users, the efficiency of the entire server is dragged down by the search account and password. it may take tens of seconds to minutes to read a page. In this case, it is unwise to use the password checking mechanism provided by the server. On Netscape Enterprise Server, you may be able to use NSAPI to develop your own checking method. on IIS, you can also use ISAPI filter for development. Writing C/C programs to call NSAPI/ISAPI is always tiring. you have another option on PHP, which is also the topic of this section.
The HTTP-related function library of PHP provides the header () function. Many Web servers and clients can use this function to perform tricks. For example, at the beginning of a PHP page, that is, the first line or the second line, add the following program to re-export the user to the author's webpage.
Header ("Location: http://wilson.gs ");
Exit;
?>
Of course, the HTML text or PHP program after the above program will never appear on the user end.
Similarly, we use header () to change user authentication. You can send a string at the beginning of PHP to the user, and the window appears on the user.
Header ("WWW-Authenticate: Basic realm = \" Member \"");
Header ("HTTP/1.0 401 Unauthorized ");
?>
In the program, the word "Member" in the string realm = \ "Member \" appears in the figure. of course, if you replace the text with the text, the browser will also see the text, as shown in the MySEED figure above. If the Web platform user has other languages, such as English or Japanese, it seems inappropriate to send Chinese realm strings. In any case, this depends on the nature of the platform and user positioning.
Of course, this is still very rough, because after the window is sent out, there will be no following, the account is entered correctly or wrong, there will be no results. We need more advanced programs for processing.
In terms of backend usage authentication, database is considered as the backend for storing accounts and passwords. In this architecture, it can accommodate many users, regardless of whether it has 10 thousand users or 100,000 users. If your website already has 100,000 user accounts, congratulations! your website is a world-class website. MySQL is a good choice. many platforms, or even commercial platforms, use it for back-end databases. Of course, if you want to build a real business platform, and money is not a problem, you can use the Oracle database series with the widest reputation.
To use any database in PHP, you must first set the database server and client before compiling PHP and Apache systems.
After preparing MySQL and PHP, add a new database to MySQL. In this example, add mymember. you can also use other names. It is easy to add MySQL to a Database, as long as mkdir is the place where MySQL stores the Database. For example
Hahaha:/usr/local/mysql/data # mkdir mymember
After creating a database, you still need to create a data Table. The set table is as follows, which can be stored in/tmp/memberauth. SQL.
Create table MemberAuth (
Serial mediumint (9) not null auto_increment,
Username char (8) not null,
Password char (8) not null,
Enable char (1) DEFAULT '0' not null,
Primary key (Serial)
);
File memberauth. SQL
First look at the columns of memberauth. SQL. Serial is an automatically added integer column. each input of a piece of information will automatically add one. this is certainly NOT an empty column, so it is not null. The second column is Username, which represents the user's account. to unify and adapt to various systems, it is set to eight words. of course, this column cannot be blank. Password is the third column, which is the user's Password. The fourth column Enable is used as the flag for account validity. 0 indicates useless, 1 table is available, and other values can be added for different purposes in the future.
After the data table is designed, you need to add the data table to the database. Because often use MySQL database, you can download phpMyAdmin to the http://www.phpwizard.net/phpMyAdmin, use the browser to operate and manage MySQL, easy and convenient. If you use phpMyAdmin, you can enter memberauth. SQL on its user interface to add it to MySQL. Alternatively, you can enter the following formula in the UNIX Shell to achieve the same effect.
Mysql mymember </tmp/memberauth. SQL
After preparation, you can enter the user account and password in the memberauth table. Of course, it is easy to use phpMyAdmin. you need to write an INSERT statement to use the mysql program.
Then we enter the design function stage.
File ://---------------------------
// User authentication function auth. inc
// Author: Wilson Peng
// Copy right (C) 1999
File ://---------------------------
$ Error401 = "/home/phpdocs/error/401.php ";
If ($ PHP_AUTH_PW = ""){
Header ("WWW-Authenticate: Basic realm = \" Super Gold card member \"");
Header ("HTTP/1.0 401 Unauthorized ");
Include ($ error401 );
Exit;
} Else {
$ Db_id = mysql_pconnect ("localhost", "myid", "mypw ");
$ Result = mysql_db_query ("mymember", "select password, enable
From MemberAuth where username = '$ PHP_AUTH_USER '");
$ Row = mysql_fetch_array ($ result );
$ MemberPasswd = $ row [0];
$ MemberEnable = $ row [1];
If ($ MemberEnable = 0 ){
Echo "your account has been disabled ";
Exit;
}
If ($ PHP_AUTH_PW! = $ MemberPasswd ){
Header ("WWW-Authenticate: Basic realm = \" Super Gold card member \"");
Header ("HTTP/1.0 401 Unauthorized ");
Include ($ error401 );
Exit;
}
}
?>
Copyright (C) 1999, Wilson Peng
To use auth. inc, add
.
The PHP files added to this program will check the account and password, and images will not be checked. PHP is much more flexible than checking all directories using the Web server features.
$ Error401 = "/home/phpdocs/error/401.php ";
This line indicates the file to be displayed to the user when the user presses cancel or the check fails.
If ($ PHP_AUTH_PW = ""){
Header ("WWW-Authenticate: Basic realm = \" Super Gold card member \"");
Header ("HTTP/1.0 401 Unauthorized ");
Include ($ error401 );
Exit;
} Else
If no password is input before else, the password window is displayed. The
$ PHP_AUTH_USER and $ PHP_AUTH_PW are special variables in PHP, representing the account and password confirmed by the user respectively. The above program also uses these two variables to process user authentication.
$ Db_id = mysql_pconnect ("localhost", "myid", "mypw ");
$ Result = mysql_db_query ("mymember", "select password, enable from
MemberAuth where username = '$ PHP_AUTH_USER '");
$ Row = mysql_fetch_array ($ result );
$ MemberPasswd = $ row [0];
$ MemberEnable = $ row [1];
If the user has entered the account and password, query the database. Check whether the user is still usable.
If ($ MemberEnable = 0 ){
Echo "your account has been disabled ";
Exit;
}
The last four steps are the case where the account is disabled.
If ($ PHP_AUTH_PW! = $ MemberPasswd ){
Header ("WWW-Authenticate: Basic realm = \" Super Gold card member \"");
Header ("HTTP/1.0 401 Unauthorized ");
Include ($ error401 );
Exit;
}
If the password is incorrect, the user is requested to enter the account and password again.
In actual use, you can add the auth. inc file to the webpage as needed, so that you do not need to check the password even if you want to view the image, reducing the resources of the server and the user. Of course, you can use mysql_pconnect () to connect to the MySQL server. Or use mysql_connect () to reconnect each time. remember to use mysql_close () to close the database earlier. The following program auth1.inc is another version of the authentication program. it is an example of how to release resources after the connection is enabled.
File ://---------------------------
// User authentication function-1 auth1.inc
// Author: Wilson Peng
// Copy right (C) 1999
File ://---------------------------
$ Error401 = "/home/phpdocs/error/401.php ";
If ($ PHP_AUTH_PW = ""){
Header ("WWW-Authenticate: Basic realm = \" Super Gold card member \"");
Header ("HTTP/1.0 401 Unauthorized ");
Include ($ error401 );
Exit;
} Else {
$ Db_id = mysql_connect ("localhost", "myid", "mypw ");
$ Result = mysql_db_query ("mymember", "select password, enable
From MemberAuth where username = '$ PHP_AUTH_USER '");
$ Row = mysql_fetch_array ($ result );
$ MemberPasswd = $ row [0];
$ MemberEnable = $ row [1];
Mysql_close ($ db_id );
If ($ MemberEnable = 0 ){
Echo "your account has been disabled ";
Exit;
}
If ($ PHP_AUTH_PW! = $ MemberPasswd ){
Header ("WWW-Authenticate: Basic realm = \" Super Gold card member \"");
Header ("HTTP/1.0 401 Unauthorized ");
Include ($ error401 );
Exit;
}
}
?>
In actual applications, you can add more functions to the database, such as the user group (CUG) function, or add time bars to perform expiration check. The changes depend on the clever thinking of the designers.
