Home > Developer > PHP

Simulate http authentication using php

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >
Use php to implement basic identity authentication. you can create a basic authentication mechanism by combining the header () function with the $ PHP_AUTH_USER and $ PHP_AUTH_PW global variables. Generally, the server-based authentication request/response process is as follows: use php to implement basic identity authentication. you can combine header () function and $ PHP_AUTH_USER and $ PHP_AUTH_PW global variables to create a basic authentication mechanism. Generally, the server-based authentication request/response process is as follows:
1. the user requests a file from a Web server. If the file is in a protected area, the server adds a 401 (invalid user) string to the response data header as a response.
2. the user name/password dialog box is displayed after the browser sees the response.
3. enter the user name and password in the dialog box, and click "OK" to send the information back to the server for authentication.
4. if the user name and password are valid, the protected file will be displayed to the user. This validation will continue to be valid for the duration of the verified user in the protected area.
A simple PHP script can simulate the HTTP authentication request/response system by sending an appropriate HTTP header to automatically display the username/password dialog box on the client screen. PHP stores the user input dialog box information in the $ PHP_AUTH_USER and $ PHP_AUTH_PW variables. By using these variables, you can store a list that does not comply with the user name/password test to a text file, database, or wherever you want.
Note: The global variables $ PHP_AUTH_USER, $ PHP_AUTH_PW, and $ PHP_AUTH_TYPE are valid only when PHP is installed as a module. If you are using the CGI version of PHP, you will be limited to using htaccess-based or database-based authentication methods. you can enter the user name and password through the HTML form, and then let PHP check the validity.
This example shows a confirmation check for the two hardware encoding values, regardless of where the user name and password are stored, which is theoretically identical.
// Check the values of $ PHP_AUTH_USER and $ PHP_AUTH_PW.
If ((! Isset ($ PHP_AUTH_USER) | (! Isset ($ PHP_AUTH_PW ))){
// Null value: send the data header that generates the display text box
Header ('www-Authenticate: Basic realm = "My Private Stuff "');
Header ('http/1.0 401 unauthorized ');
Echo 'authorization Required .';
Exit;
}
Else if (isset ($ PHP_AUTH_USER) & (isset ($ PHP_AUTH_PW ))){
// Check whether the variable value exists.
If ($ PHP_AUTH_USER! = "Username") | ($ PHP_AUTH_PW! = "Password ")){
// User name input error or password input error, send the data header that generates the display text box
Header ('www-Authenticate: Basic realm = "My Private Stuff "');
Header ('http/1.0 401 unauthorized ');
Echo 'authorization Required .';
Exit;
}
Else if ($ PHP_AUTH_USER = "username") | ($ PHP_AUTH_PW = "password ")){
// The user name and password are correct and the success information is output.
Echo"

You're authorized!

";
}
}
?>

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
sending mail from php using smtp authentication http authentication error code http based authentication http basic authentication http get authentication what http authentication apache http authentication

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More