Php+apache method of realizing user argumentation

On the professional Web site, users often need the user's account number and password, that is, the action of identity recognition. The early NCSA httpd server did not provide this user-confirmed function, Webmaster can only manually create an identity-confirmed CGI program.
Most of the WEB servers since CERN httpd provide the user identity Confirmation feature. The settings for each set of WEB servers are not the same, but the settings are similar.

The following are the settings for user identification on the Apache server.


　
AuthType Basic
AuthName Mymember
Authuserfile/usr/local/mymember.txt
Options includes execcgi
　
Require Valid-user
　
　

In this case, users are required to confirm the user's account password when they look at all the files in the Mymember directory, including image files and other files. The user's account number and password file exist in/usr/local/mymember.txt.

This account password file/usr/local/mymember.txt may look like the following example. Where the string before the colon is the user account, the string after the colon is non-reversible encryption password, encoding is generally using the traditional DES encoding, the first two words of the password is similar to the seed of the character (salt), in this case is 3P. Each row represents one user. Of course Webmaster to control the case of repeat account. In particular, the WIN32 system on the Apache case, the password after the colon is not encrypted, because WIN32 does not provide this aspect of the code
API, so the user password exists in the form of a plaintext.


John1234:3pwudbljmiwro
queenwan:3pfnvlnpn9w0m
noname00:3pesxajx5pk7e
Wilson49:3pjowb0enag22
rootboot:3pit0sni6.84e
sun_moon:3pvymmenoc.x.
Nobody38:3pbskpkwv94hw

In the Apache version of 1.3.6, you can use ~APACHE/BIN/HTPASSWD to generate a single account and password, but for commercial platforms that require large amounts of information, you may need to write your own program to handle it. You need to call crypt () on UNIX to process the encoding.



After everything has been set up, the connection will appear in the browser to check the password window, such as the seednet of the Myseed site user check mechanism. After entering the account number and password, the browser will encode it with BASE64 and upload it to the server side. Of course BASE64 just encoding is not encryption, so the security of the transmission on the network is still not high, or it is possible to be intercepted by the middle executioner, and then the BASE64 restore, which is the most drawback of the entire user certification, perhaps in the Future Support Digest certification (DIGEST) and the use of MD5 code, can solve this problem. After each page still need the account number and password, but the browser will help you to actively send out, no longer enter the account password. In this regard, the browser will remain closed until the next re-execution of the browser still needs to enter the first time.

Using the above method is easy and hassle-free when the number of users is limited. But when users have tens of thousands of or even hundreds of thousands of people, the efficiency of the entire server is dragged down by the search account password, which can take a few 10 seconds to several minutes to read a page. It would be unwise to use the password-checking mechanism provided by the server in this situation. You may be able to use NSAPI to develop your own audit methods on Netscape EnterPRise Server, and you can also use ISAPI filters on IIS. It is always tiring to write a C + + program call Nsapi/isapi, and there is another choice on PHP, which is the subject of this section.


PHP's HTTP-related function library provides a function of the header (). Many WEB servers interact with the client and can use this function to juggle. For example, in the beginning of a PHP page, that is, the first row or the second line, add the following program, you can redirect the user to the author's web page.


Header ("Location:http://wilson.gs");
Exit
?>


Of course, the HTML text or PHP program after the above program will never appear on the user's side.

For the same reason, we use the header () to change the user authentication trick. You can send a string to the user's end at the very beginning of PHP, and it will appear in the user's side of the window.


Header ("Www-authenticate:basic realm=" Member "");
Header ("http/1.0 401 Unauthorized");
?>

In the program string realm= "Member" in the Member Word appears in the diagram, of course, if the use of Chinese characters, the browser will also appear in the text, such as the above Myseed chart. If Web site users have other languages, such as English or Japanese, the realm string sent out in Chinese seems to be more inappropriate. In any case, it depends on the nature of the platform and the location of the user.

Of course, this is still very rough, because in addition to send out the window, there is no following, the account input is correct, or input errors, will not have any results. We need a more advanced program to deal with.


In the back-end of the use of authentication, consider using the database as a storage account and password back end, in this architecture can accommodate a lot of users, whether it 10,000 users or 100,000 users. If your station has hundreds of thousands of user accounts, then congratulations, your station is a world-class major stations. MySQL is a good choice, and many platforms, even commercial platforms, use it to do backend repositories. Of course, you want a real business platform, money is not a problem, it can use the most widely-known Oracle database series.

To use any database in PHP, you must first set up the database server and client, before compiling the PHP and Apache system.

Once MySQL and PHP are ready, add a new database to MySQL, in this case add Mymember, and you can use a different name, of course. MySQL is easy to join the database (database), as long as the MySQL store database where mkdir. For example, under the UNIX Shell

hahaha:/usr/local/mysql/data# mkdir Mymember

Once the database has been established, it is still necessary to establish a data table (table) to be used. Set the table below and you can store it in/tmp/memberauth.sql


CREATE TABLE Memberauth (
Serial Mediumint (9) Not NULL auto_increment,
Username Char (8) Not NULL,
PassWord Char (8) Not NULL,
Enable char (1) DEFAULT ' 0 ' not NULL,
PRIMARY KEY (Serial)
);

Archive Memberauth.sql

First look at these fields of Memberauth.sql. Serial is an automatically added integer field, each input of a data, will automatically add one, which of course cannot be an empty field, so the use of not NULL. The second field is Username, representing the user's account number, in order to unify and adapt to the system for the sake of setting eight words, of course, this field can not be empty. Password is the third field, the password for the user. The fourth field enables you to make an account valid flag, the design of 0 is useless, 1 tables are available, in the future can add other values for different purposes.

Once you've designed the table, you're ready to add the table to the database. Because MySQL repositories are often used, it is easy and convenient to download phpMyAdmin to Http://www.phpwizard.net/phpMyAdmin, and to use the browser to operate and manage MySQL. If you use this set of PhpMyAdmin, you can enter MEMBERAUTH.SQL on its user interface to join MySQL. Or you can enter the next type under the UNIX Shell, and it has the same effect.

MySQL Mymember </tmp/memberauth.sql

After you are ready, you can enter the user account number and password in the Memberauth data sheet. Of course, the use of phpMyAdmin convenient, with the MySQL program will be a pen INSERT.

It then enters the stage of the design function.


file://---------------------------
User Authentication function Auth.inc
Author:wilson Peng
Copyright (C) 1999
file://---------------------------
$error 401 = "/home/phpdocs/error/401.php";
if ($PHP _auth_pw== "") {
Header ("Www-authenticate:basic realm=" Super Gold Member ");
Header ("http/1.0 401 Unauthorized");
Include ($error 401);
Exit
} else {

$db _id = mysql_pconnect ("localhost", "myID", "MYPW");
$result = Mysql_db_query ("Mymember", "Select password, enable
From Memberauth where username= ' $PHP _auth_user ' ");

$row = Mysql_fetch_array ($result);
$MemberPasswd = $row [0];
$MemberEnable = $row [1];
if ($MemberEnable ==0) {
echo "Your account has been deactivated";
Exit
}

if ($PHP _auth_pw!= $MemberPasswd) {
Header ("Www-authenticate:basic realm=" Super Gold Member ");
Header ("http/1.0 401 Unauthorized");
Include ($error 401);
Exit
}
}
?>

Copyright (C) 1999, Wilson Peng

To use this auth.inc, add the first line of each PHP
。
In the PHP file to join the program will check the account password, pictures and so on will not be checked, compared to the use of WEB server functions in a directory under all checks, PHP appears to be more flexible.

$error 401 = "/home/phpdocs/error/401.php";

This line indicates the file to be displayed to the user when the user presses Cancel, or if the check fails.

if ($PHP _auth_pw== "") {
Header ("Www-authenticate:basic realm=" Super Gold Member ");
Header ("http/1.0 401 Unauthorized");
Include ($error 401);
Exit
} else


Before else, if there is no incoming password, a window to enter the password is sent. One of the
$PHP _auth_user, $PHP _AUTH_PW is a special variable in PHP that represents the user's confirmed account number and password. The above program also uses these two variables to handle user authentication.

$db _id = mysql_pconnect ("localhost", "myID", "MYPW");
$result = Mysql_db_query ("Mymember", "Select password, enable from
Memberauth where username= ' $PHP _auth_user ' ");

$row = Mysql_fetch_array ($result);
$MemberPasswd = $row [0];
$MemberEnable = $row [1];

If the user has entered an account number and password, then query to the database. Also check if the user is still available.

if ($MemberEnable ==0) {
echo "Your account has been deactivated";
Exit
}

The four-line program is the case where the account is deactivated.

if ($PHP _auth_pw!= $MemberPasswd) {
Header ("Www-authenticate:basic realm=" Super Gold Member ");
Header ("http/1.0 401 Unauthorized");
Include ($error 401);
Exit
}

Password error will again ask the user to enter the account number and password.

In the actual use, can be added to the page as needed to add auth.inc this file, you do not have to look at a graphic also need to check the password, reduce the server and user two-end resources. Of course, with MySQL, you can use Mysql_pconnect () to connect with the MySQL server. or use mysql_connect () each time you reconnect, use this function to remember to close the database earlier with Mysql_close (). The following program Auth1.inc is another version of the authentication program, is to turn off the connection immediately after the release of resources examples.


file://---------------------------
User authentication function -1 auth1.inc
Author:wilson Peng
Copyright (C) 1999
file://---------------------------
$error 401 = "/home/phpdocs/error/401.php";
if ($PHP _auth_pw== "") {
Header ("Www-authenticate:basic realm=" Super Gold Member ");
Header ("http/1.0 401 Unauthorized");
Include ($error 401);
Exit
} else {

$db _id = mysql_connect ("localhost", "myID", "MYPW");
$result = Mysql_db_query ("Mymember", "Select password, enable
From Memberauth where username= ' $PHP _auth_user ' ");

$row = Mysql_fetch_array ($result);
$MemberPasswd = $row [0];
$MemberEnable = $row [1];
Mysql_close ($db _id);
if ($MemberEnable ==0) {
echo "Your account has been deactivated";
Exit
}

if ($PHP _auth_pw!= $MemberPasswd) {
Header ("Www-authenticate:basic realm=" Super Gold Member ");
Header ("http/1.0 401 Unauthorized");
Include ($error 401);
Exit
}
}
?>

