Use PHP3 for HTTP authentication. The HTTP authentication function can be used only when PHP runs in Apache module mode. In the Apache module PHP script, you can use the Header () function to send a "HTTP authentication function only when PHP runs in Apache module mode. In the Apache module PHP script, you can use the Header () function to send a "Authentication Required" message to the client's disconnected browser, so that a user name/password (username/password) pops up in the browser) in the input window, after the user enters the user name and password, the URL containing the PHP script will be called again, using $ PHP_AUTH_USER, $ PHP_AUTH_PW, which represents the user name, password, and confirmation method respectively, $ PHP_AUTH_TYPE variable. Currently, only the "BASIC" validation method is supported.
An example of a code segment that forces an identity authentication on a page is as follows:
Example 2-1. HTTP authentication Example:
If (! Isset ($ PHP_AUTH_USER )){
Header ("WWW-Authenticate: Basic realm =" My Realm "");
Header ("HTTP/1.0 401 Unauthorized ");
Echo "Text to send if user hits Cancel button ";
Exit;
}
Else {
Echo "Hello $ PHP_AUTH_USER.
";
Echo "You entered $ PHP_AUTH_PW as your password.
";
}
?>
In addition to the simple output of $ PHP_AUTH_USER and $ PHP_AUTH_PW variable values, you can also check the validity of the user name and password, maybe by querying the database or searching the user in the dbm file.
Beware of the pile of Internet Explorer browsers, which are very picky about the order of the Hearders. Therefore, it is a good solution to send the WWW-Authenticate header request before sending the HTTP/1.0 401 header request.
To prevent some people from writing scripts to display the password of a page that has been verified by the traditional external mechanism, the following method is used: if this page uses the external authentication mechanism, the PHP_AUTH variable will not be generated. in this way, the $ REMOTE_USER variable can be used to indicate users that have been verified by external mechanisms.
Note: The above method does not prevent some people from using unauthenticated URLs on the same server to steal the passwords of authenticated URLs.
Both Netscape and IE will clear the authentication cache in the local browser window after receiving a 401 response from the server. This method can effectively enable users to log out and force them to enter their usernames and passwords again. Some people use this method to achieve "timeout" registration, or provide the login exit button.
This method is not required for standard basic HTTP identity authentication, so you may never rely on it. The tests conducted using Lynx do not clarify the identity authentication of the 401 server response, so if you use the forward or backward feature, the source file will be opened (as long as the credit demand has not been changed ).
Although it has been pointed out that this language cannot work on Microsoft's IIS server, the CGI version of PHP language will be limited by IIS.
Bytes. In the Apache module PHP script, you can use the Header () function to send "...
