On a professional Web site, users often need the user's account number and password, that is, identity confirmation action. The early NCSA httpd server did not provide this user-confirmed feature, and webmaster only had to hand-create an identity-confirmed CGI program.
Most of the WEB servers since the CERN httpd provide user identity recognition functionality. The settings for each set of WEB servers are not the same, but they are similar in settings.
The following is the user identification setting on the Apache server.
<Directory/home/MyMember>
AuthType Basic
AuthName Mymember
Authuserfile/usr/local/mymember.txt
Options Includes execcgi
<limit Get post>
Require Valid-user
</Limit>
</Directory>
In this example, when users look at all the files in the Mymember directory, including picture files and other types of files, users need to confirm the user's account password. And the user's account number and password file are in the/usr/local/mymember.txt.
This account password file/usr/local/mymember.txt may look like the following example. Where the string before the colon is the user account, the string after the colon is not restored encrypted password, encoding is generally used in the traditional DES code, the first two words of the password is similar to the seed character (salt), in this case are 3P. Each line represents a user. Of course, webmaster to control the repeated account situation. More specifically, in the case of Apache on the WIN32 system, the password after the colon is not encrypted because WIN32 does not provide this encoding
API, so the user password exists in plaintext.
On the Apache 1.3.6 version, you can use ~APACHE/BIN/HTPASSWD to generate a single pen account and password, but for commercial platforms that require large amounts of data, you may need to write your own programs to deal with them. You need to call crypt () on UNIX to process the encoding.
After everything is set up, the line will appear in the browser to check the password of the window, such as the image above is SeedNet's Myseed website user audit mechanism. After entering the account number and password, the browser will encode it with BASE64 and upload it to the server side. Of course, BASE64 is just encoding, not encryption, therefore, the security of this transmission on the network is still not high, or may be the middle of the executioner, and then the BASE64 restore, which is the user certification of the most in the most defects, perhaps in the future Support summary certification (DIGEST) and the use of MD5 coding, can solve this problem. After each page still need the account number and password, but the browser will help you take the initiative to send out, no longer enter the account password. In this respect, the browser will remain until it is closed, and the next time the browser still needs to be entered for the first time.
In the number of users, using the above method is easy and convenient. But when the user has tens of thousands of people, or even hundreds of thousands of, the efficiency of the entire server will be dragged down by the search account password, which can take up to 10 seconds to a few minutes to read a page. It would be unwise to use the password-checking mechanism provided by the server in this situation. You may be able to use NSAPI on Netscape Enterprise Server to develop your own audit methods, which can also be developed with ISAPI filters on IIS. Write C + + program call Nsapi/isapi is always very tired, in PHP has another choice, this is also the theme of this section.
PHP's HTTP-related library provides a function of header (). Many WEB servers interact with the client, and you can use this function to juggle. For example, at the very beginning of a PHP page, the first or second line, add the following program to redirect the user to the author's web page.
Of course, the HTML text or PHP program after the above program will never appear on the user side.
In the same way, we use header () to change the user authentication trick. You can send a string to the user at the very beginning of PHP, and the following image will appear on the user side.
In the program string realm= "member" in the word "Member" appears in the diagram, of course, if the use of text replaced, browser side will also appear in the text, such as the above Myseed figure. If Web site users have other languages, such as English or Japanese, sending Chinese realm strings seems less appropriate. In any case, it depends on the nature of the platform and the location of the user.
Of course, this is still very rough, because in addition to send out the window, there is no context, the account input is correct or input errors, there will be no results. We need more advanced programs to deal with.
On the back-end authentication, consider using the database as the backend for storing accounts and passwords, which can accommodate many users, 10,000 users or 100,000 users. If your station has hundreds of thousands of user accounts, then congratulations, your station is a world-class big stations. MySQL is a good choice, and many platforms, even commercial platforms, use it as a back-end database. Of course, if you want a real business platform where money is not a problem, you can use the most widely used Oracle database series.
To use any database in PHP, you have to set the database server and the client before compiling the PHP and Apache systems.
Ready MySQL and PHP, first in MySQL to add a new database, this example is to join the Mymember, with other names of course you can. MySQL to join the database (database) is easy, as long as the MySQL storage database where the mkdir can be. Like playing under a UNIX Shell
hahaha:/usr/local/mysql/data# mkdir Mymember
After you have established the database, you still need to create a table (table) before you can use it. The form is set as follows, which can be stored in/tmp/memberauth.sql
CREATE TABLE Memberauth (
Serial Mediumint (9) Not NULL auto_increment,
Username Char (8) Not NULL,
Password Char (8) Not NULL,
Enable char (1) DEFAULT ' 0 ' not NULL,
PRIMARY KEY (serial)
);
File Memberauth.sql
Let's take a look at these fields memberauth.sql. Serial is an automatically added integer field, each input a piece of information, it will automatically add one, which of course can not be empty field, so use NOT NULL. The second field is Username, which represents the user's account number, and is set to eight words for the sake of unification and adaptation to each system, and of course this field cannot be empty. Password is the third field, which is the user's password. The fourth field enabled as the account is valid flag, design 0 means useless, 1 tables available, in the future can also add other values for different purposes.
After you have designed the table, you must add the table to the database. Because the MySQL database is often used, you can download phpMyAdmin to Http://www.phpwizard.net/phpMyAdmin, and it is easy and convenient to use the browser to manipulate and manage MySQL. If you use this set of phpMyAdmin, you can enter memberauth.sql into MySQL on its user interface. Or you can enter the next type under the UNIX Shell, which has the same effect.
MySQL Mymember </tmp/memberauth.sql
Once you are ready, you can enter the user account and password in the Memberauth table. Of course, the use of phpmyadmin convenient, with the MySQL program will be a pen INSERT.
Then entered the stage of the design function.
<?php
file://---------------------------
User Authentication function Auth.inc
Author:wilson Peng
Copyright (C) 1999
file://---------------------------
$error 401 = "/home/phpdocs/error/401.php";
if ($PHP _auth_pw== "") {
Header ("Www-authenticate:basic realm=" "Super Gold Member");
Header ("http/1.0 401 Unauthorized");
Include ($error 401);
Exit
} else {
To use this auth.inc, add the first line of PHP to the
? Require ("Auth.inc");?>.
In the program's PHP file will check the account password, pictures, etc. will not be checked, compared to the use of WEB server functions under a directory all check, PHP appears to be more flexible.
$error 401 = "/home/phpdocs/error/401.php";
This line indicates the file to be displayed to the user when the user presses the cancellation, or if the check fails.
Before else, if there is no incoming password, send a window of the password. of which
$PHP _auth_user, $PHP _AUTH_PW is a special variable in PHP, representing user ID and password respectively. The above program also uses these two variables to handle user authentication.
If the user has entered the account number and password, then to the database query. Also check if the consumer is still available.
if ($MemberEnable ==0) {
echo "Your account has been deactivated";
Exit
}
The four-line program is the case where the account is deactivated.
if ($PHP _auth_pw!= $MemberPasswd) {
Header ("Www-authenticate:basic realm=" "Super Gold Member");
Header ("http/1.0 401 Unauthorized");
Include ($error 401);
Exit
}
If the password is wrong, the user is asked to enter the account number and password again.
In the actual use, you can add to the page as needed to add auth.inc this file, you do not have to look at the graphics also need to check the password, reduce the server and user two-end resources. Of course, with MySQL, you can use Mysql_pconnect () to connect to the MySQL server. or use mysql_connect () to reconnect each time, use this function to remember to use Mysql_close () to shut down the repository earlier. The following program Auth1.inc is another version of the authentication program, that is, open the connection immediately after the shutdown, the release of resources examples.
<?php
file://---------------------------
User authentication function -1 auth1.inc
Author:wilson Peng
Copyright (C) 1999
file://---------------------------
$error 401 = "/home/phpdocs/error/401.php";
if ($PHP _auth_pw== "") {
Header ("Www-authenticate:basic realm=" "Super Gold Member");
Header ("http/1.0 401 Unauthorized");
Include ($error 401);
Exit
} else {
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.