apache|session| Server
For pages that require authentication, it is best to use the Apache server authentication.
However, the Apache Server Authentication interface is not friendly enough. And, not all the circumstances
You can use Apache server authentication, such as PHP under the Php,iis of CGI mode.
Use session to save user identities between different pages, such as
login.php
?
if ($name = = "" && $pass = "")
{
?>
<form action= "login.php" >
User:<input type= "text" name= "name" ><br>
Pass:<input type= "text" name= "pass" ><br>
<input type= "Submit" value= "OK" >
</form>
?
}
Else
{
if ($name!= "UUU" | | $pass!= "PPP")
{
echo "Login fail!";
}
Else
{
Session_register ("user");
Session_register ("passwd");
$user = $name;
$passwd = $pass;
echo "Ok!<br><a href=\" next.php\ ">next page</a>";
}
}
?>
next.php
?
Session_Start ();
echo "Username: $user";
?>
However, users can use the HTTP://DOMAIN.NAME.COM/NEXT.PHP?USER=UUU
To circumvent authentication.
So, the actual next.php must be this:
?
Session_Start ();
if (!session_is_registered ("user"))
{
echo "Login fail";
}
Else
{
echo "Username: $user";
}
?>
Use session_is_registered () to detect the session variable,
In this way, using session has basically realized the reliable authentication of identity