Member
Hi friends,
I have done some basic programs in PHP programming language. In that I have even done the topics that are related to the forms. Now I want to do the HTTP authentications with that forms. But I don't know much about that.!! I have done the authentication in HTML forms using the ASP, but this is new for me. So please tell me something about the HTTP authentication with PHP..!! Any other information related to the topic would be appreciable.!!
The most overlooked advantage to owning a computer is that if they foul up there's no law against wacking them around a little.
-Joe Martin
Member
The HTTP Authentication hooks in PHP are only available if PHP is running as an Apache module, not as a CGI. In this form it is possible to use the header () to request identification ( "Authentication Required") to the client, thus generating the appearance of a window requesting user and password. Once the fields have been filled, the URL will be called again with the predefined variables PHP_AUTH_USER, PHP_AUTH_PW and AUTH_TYPE respectively containing the username, password and authentication type. These predefined variables are found in Tables $ _SERVER and $ HTTP_SERVER_VARS.
Member
According to me, using the HTTP Authentication is the easiest way to protect the site by the password. By doing this, if the user-name and the password is not correct then the requested page will not be displayed. And by doing this you may get an error of HTTP 401, which is the "Unauthorized Access" error. When such error occurs you will have to submit again that page by providing the proper user-name and the password. And most of the dialogue are hidden from the user’s point of view.
3.2 (northwood)
2gig ram
ATI AIW X800xt 256mb
Gigabyte GA-8knxp 875p Chipset
Optiwrite 8X DVD Burner
Win XP PRO Sp2 (Works Perfectly)
2 SATA Raptor 74gig Raid 0
2 7200 IDE 320gig HD
Member
I think that once you look at the coding, you will understand the concepts very clearly. So I have provided you with a sample of the PHP script that uses the HTTP Authentication :
PHP Code:<?php
list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
if (!isset($_SERVER['PHP_AUTH_USER'])) {
header('WWW-Authenticate: Basic realm="My Example"');
header('HTTP/1.0 401 Unauthorized');
echo 'Text to send if user hits Cancel button';
exit;
} else {
echo "<p>Hello, </p>".$_SERVER['PHP_AUTH_USER'];
echo "<p>You entered as your password: </p>".$_SERVER['PHP_AUTH_PW'];
}
?>
Member
I have also given an example of a script that has minimum script to request and check a user-name and password :
PHP Code:<?php
if ( !isset($_SERVER['PHP_AUTH_USER']) ) {
header('WWW-Authenticate: Basic realm="This is Invalid"');
header('HTTP/1.0 401 Unauthorized');
exit;
}
else {
if ( $_SERVER['PHP_AUTH_USER'] == 'me' && $_SERVER['PHP_AUTH_PW'] == 'password' ) {
echo "<p>Welcome, {$_SERVER['PHP_AUTH_USER']}.</p>";
} else {
echo "Invalid password !!";
}
}
?>
IF you hate me, please don't mention it. I know who hates me and who doesn't. You really do not have to make fun of people....
Member
While doing the coding for the HTTP authentication, there are some things that you should keep in mind. Be careful when coding the HTTP header. To ensure maximum compatibility between browsers, the keyword "Basic" should be written with an uppercase B, and the string must be enclosed in single quotes, and exactly one space should precede the 401 code in the HTTP/1.0 401 header. Instead of simply displaying the global variables PHP_AUTH_USER and PHP_AUTH_PW, you may want to check the validity of the username and password. Netscape and Internet Explorer will clear the cache of identification upon receiving a 401 response. This will disconnect a user, forcing them to re-enter their account name and password. Some people use this to give a timeout or, then, provide a logout button.
"When they give you ruled paper, write the other way..." J.R.J.
Posting Permissions
Reply With Quote
Bookmarks