Two methods for implementing user identity authentication in PHP

When designing and protecting websites, users often need to restrict access to some important files or information. Generally, we can adopt an HTTP-based user authentication mechanism built into the WEB server. When visitors browse protected pages

When designing and protecting websites, users often need to restrict access to some important files or information. Generally, we can adopt an HTTP-based user authentication mechanism built into the WEB server. When a visitor browses a protected page, the client browser will pop up a dialog window asking the user to enter the user name and password to verify the user's identity to determine whether the user has the right to visit the page. The following two methods are used to illustrate the principle of reality.

　　1. implement HTTP headers

The header is the string sent by the server before the server sends HTML information to the browser over HTTP. HTTP uses a provocative/responsive mode to authenticate users attempting to enter the password-protected area. Specifically, when a user makes a request to visit a protected area to the WEB server for the first time, the provocation process is started, and the server returns a special 401 header, indicating that the user's identity is not verified. After detecting the above response, the client browser automatically rotates the dialog box and requests the user to enter the user name and password. After the user completes the input, click "OK". the user's identification information is sent to the server for verification. If the user name and password entered by the user are valid, the WEB server will use the user to enter the protected area and maintain the validity of the user's identity during all visits. On the contrary, if the user name or password entered by the user cannot be verified, the client browser will continuously pop up the input window requesting the user to attempt to enter the correct information again. The entire process will continue until the user enters an accurate information Status. you can also set the maximum number of attempts made by the user to answer questions. when the limit is exceeded, the user's request for visiting will be rejected.

In the PHP script, the application function header () directly sends the HTTP header to the client's browser, so that the client will automatically rotate the user name and password to enter the window, to achieve our identity authentication function. In PHP, the information transmitted by the client user is automatically stored in three global variables: $ PHP_AUTH_USER, $ PHP_AUTH_PW, and $ PHP_AUTH_TYPE. With these three variables, we can verify the user identity based on the user account information retained in the data file or database!

However, you must note that the application only applies the $ PHP_AUTH_USER, $ PHP_AUTH_PW, and $ PHP_AUTH_TYPE variables in PHP installed using the module method. If the user applies the CGI mode PHP, the verification effect cannot be achieved. Install the PHP module method after this section.

Next we will use the Mysql database to store the user's identity. We need to extract the username and password of each account from the database to compare with the $ PHP_AUTH_USER and $ PHP_AUTH_PW variables to determine the authenticity of the user.

First, create a database for storing user information in MySql.

The database name is XinXiKu and the table name is user. The Table definition is as follows:

Create table user (
Id int (4) not null AUTO_INCREMENT,
Name VARCHAR (8) not null,
Password CHAR (8) not null,
Primary key (ID)
)

Clarification:

1. ID is a serial number, which is not zero and increases progressively. it is the primary key;

2. name is the user name and cannot be blank;

3. the password is a user password and cannot be blank;