HTTP authentication is only available when PHP is running in the Apache module mode. In the Apache module PHP script, you can use the header () function to send a "authentication Required" message to the client, causing the browser to pop up a username/password (username/password) input window, When the user enters the user name and password, the URL containing the PHP script will be called again, using the $php_auth_user, which represents the user name, password, and confirmation method, $PHP _AUTH_PW, $PHP the _auth_type variable. Only the "BASIC" confirmation method is now supported.
Examples of code snippets that force users to authenticate in one page are as follows:
Example 2-1. HTTP Authentication Examples:
if (!isset ($PHP _auth_user)) {
Header ("Www-authenticate:basic realm=" "My Realm");
Header ("http/1.0 401 Unauthorized");
echo "Text to send if user hits Cancel button";
Exit
}
else {
echo "Hello $PHP _auth_user.
";
echo "You entered $PHP _AUTH_PW as your password.
";
}
?>
In addition to the simple output $php_auth_user and $PHP the value of the _AUTH_PW variable, you can also check the legitimacy of the user name and password, perhaps querying the database, perhaps searching for the user in the dbm file.
Beware of the bug piles of Internet Explorer browsers, who are very picky about the order of hearders. So it is a good solution to send Www-authenticate header requests before sending out the http/1.0 401 header request.
To prevent some people from writing scripts to display a password for a page that has been validated by a traditional external mechanism, use the following method: If this page uses an external validation mechanism, the Php_auth variable will not be generated. In this way, the $REMOTE _user variable can be used to represent a user who has been authenticated by an external mechanism.
Note that the above method does not prevent some people from stealing the password of an authenticated URL on the same server using a non-authenticated URL.
Whether Netscape or IE, after 401 replies to the server, the authentication cache for the local browser window is emptied. This practice can effectively use the user login to exit, forcing them to re-enter their username and password. Some people use this method to implement a "timeout" registration, or to provide a login exit button.
This method is not required for standard HTTP Basic authentication, so you may never rely on it. Tests using Lynx did not identify the 401 server response, so if the "forward" or "backward" feature is used, the source file will be opened (as long as the credit requirements have not been changed).
Although it has been noted that this language does not work on Microsoft's IIS servers, the PHP language CGI version will be restricted by IIS.
http://www.bkjia.com/PHPjc/531914.html www.bkjia.com true http://www.bkjia.com/PHPjc/531914.html techarticle HTTP authentication is only available when PHP is running in the Apache module mode. In Apache's module PHP script, you can use the header () function to send the client a "...
