Use PHP to simulate HTTP authentication_PHP tutorial
If you wish to implement password protection on a per-script basis, you can create a basic authentication mechanism by combining the header() function with the $PHP_AUTH_USER and $PHP_AUTH_PW global variables. The usual server-based authentication request/response process is as follows:
1. The user requests a file from a Web server. If the file is within a protected area, the server responds by adding a 401 (Illegal User) string to the header of the response data.
2. The browser pops up the username/password dialog box after seeing the response.
3. The user enters the username and password in the dialog box, and then clicks "OK" to send this information back to the server for authentication.
4. If the username and password are valid, the protected files will be displayed to the user. This confirmation will remain valid for as long as the verified user is within the protected area.
A simple PHP script can simulate the HTTP authentication request/response system by sending the appropriate HTTP headers to automatically display the username/password dialog on the client screen. PHP stores user input dialog information in the $PHP_AUTH_USER and $PHP_AUTH_PW variables. By using these variables, you can store the list of non-compliant username/password checks in a text file, database, or wherever you wish.
Note: The $PHP_AUTH_USER, $PHP_AUTH_PW and $PHP_AUTH_TYPE global variables are only valid when PHP is installed as a module. If you are using the CGI version of PHP, you will be limited to using htaccess-based authentication or database-based authentication, and letting users enter their username and password through an HTML form, and then letting PHP complete the validity check.
This example shows a validation check for two hardware-encoded values, which are theoretically identical regardless of where the username and password are stored.
/* Check the values of variables $PHP_AUTH_USER and $PHP_AUTH_PW*/
if ((!isset($PHP_AUTH_USER)) || (!isset( $PHP_AUTH_PW))) {
/* Null value: Send the data header to generate the display text box*/
header('WWW-Authenticate: Basic realm="My Private Stuff"' );
header('HTTP/1.0 401 Unauthorized');
echo 'Authorization Required.';
exit;
} else if ( (isset($PHP_AUTH_USER)) && (isset($PHP_AUTH_PW))){
/* The variable value exists, check whether it is correct*/
if (($PHP_AUTH_USER != "validname ") || ($PHP_AUTH_PW != "goodpassword")) {
/* If the user name is entered incorrectly or the password is entered incorrectly, the data header that generates the text box will be sent */
header ('WWW-Authenticate: Basic realm="My Private Stuff"');
header('HTTP/1.0 401 Unauthorized');
echo 'Authorization Required.';
exit;
} else if (($PHP_AUTH_USER == "validname") || ($PHP_AUTH_PW == "goodpassword")) {
/* Both username and password Correct, output success message*/
echo "
You're authorized!
";}
}
?>
It must be reminded that when you are using file-based protection, this method does not provide comprehensive security for the directory. . This may be obvious to most people, but if your brain makes a connection between popping up a dialog box and protecting a given directory, you should think about it further. .
Julie Meloni is the technical director of i2i Interactive and a strong promoter of the Linux and open source communities. She has written numerous books on PHP and other technologies, and is a long-time contributing expert to CNET Builder.com.
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
PHP 8.4 Installation and Upgrade guide for Ubuntu and Debian
Dec 24, 2024 pm 04:42 PM
PHP 8.4 brings several new features, security improvements, and performance improvements with healthy amounts of feature deprecations and removals. This guide explains how to install PHP 8.4 or upgrade to PHP 8.4 on Ubuntu, Debian, or their derivati
7 PHP Functions I Regret I Didn't Know Before
Nov 13, 2024 am 09:42 AM
If you are an experienced PHP developer, you might have the feeling that you’ve been there and done that already.You have developed a significant number of applications, debugged millions of lines of code, and tweaked a bunch of scripts to achieve op
How To Set Up Visual Studio Code (VS Code) for PHP Development
Dec 20, 2024 am 11:31 AM
Visual Studio Code, also known as VS Code, is a free source code editor — or integrated development environment (IDE) — available for all major operating systems. With a large collection of extensions for many programming languages, VS Code can be c
Explain JSON Web Tokens (JWT) and their use case in PHP APIs.
Apr 05, 2025 am 12:04 AM
JWT is an open standard based on JSON, used to securely transmit information between parties, mainly for identity authentication and information exchange. 1. JWT consists of three parts: Header, Payload and Signature. 2. The working principle of JWT includes three steps: generating JWT, verifying JWT and parsing Payload. 3. When using JWT for authentication in PHP, JWT can be generated and verified, and user role and permission information can be included in advanced usage. 4. Common errors include signature verification failure, token expiration, and payload oversized. Debugging skills include using debugging tools and logging. 5. Performance optimization and best practices include using appropriate signature algorithms, setting validity periods reasonably,
PHP Program to Count Vowels in a String
Feb 07, 2025 pm 12:12 PM
A string is a sequence of characters, including letters, numbers, and symbols. This tutorial will learn how to calculate the number of vowels in a given string in PHP using different methods. The vowels in English are a, e, i, o, u, and they can be uppercase or lowercase. What is a vowel? Vowels are alphabetic characters that represent a specific pronunciation. There are five vowels in English, including uppercase and lowercase: a, e, i, o, u Example 1 Input: String = "Tutorialspoint" Output: 6 explain The vowels in the string "Tutorialspoint" are u, o, i, a, o, i. There are 6 yuan in total
How do you parse and process HTML/XML in PHP?
Feb 07, 2025 am 11:57 AM
This tutorial demonstrates how to efficiently process XML documents using PHP. XML (eXtensible Markup Language) is a versatile text-based markup language designed for both human readability and machine parsing. It's commonly used for data storage an
Explain late static binding in PHP (static::).
Apr 03, 2025 am 12:04 AM
Static binding (static::) implements late static binding (LSB) in PHP, allowing calling classes to be referenced in static contexts rather than defining classes. 1) The parsing process is performed at runtime, 2) Look up the call class in the inheritance relationship, 3) It may bring performance overhead.
What are PHP magic methods (__construct, __destruct, __call, __get, __set, etc.) and provide use cases?
Apr 03, 2025 am 12:03 AM
What are the magic methods of PHP? PHP's magic methods include: 1.\_\_construct, used to initialize objects; 2.\_\_destruct, used to clean up resources; 3.\_\_call, handle non-existent method calls; 4.\_\_get, implement dynamic attribute access; 5.\_\_set, implement dynamic attribute settings. These methods are automatically called in certain situations, improving code flexibility and efficiency.
