PHP uses Header function, PHP_AUTH_PW and PHP_AUTH_USER for user authentication_php tips

The example in this article describes how PHP uses the Header function, PHP_AUTH_PW and PHP_AUTH_USER for user authentication. Share it with everyone for your reference, the details are as follows:

In PHP, you can use the Header function to do some interesting things. User verification is one of the interesting functions. Specific usage:

Header("WWW-Authenticate: Basic realm="USER LOGIN"");
Header("HTTP/1.0 401 Unauthorized");

Design these two Header functions at the top of the page. A login box will appear before the page is loaded, requiring user name and password. For those of us who are used to logging in on the web, do we think this kind of login is original and novel?

In order to obtain the username and password passed from this dialog box, you need to use the two special variables $PHP_AUTH_USER and $PHP_AUTH_PW provided by PHP. To use these two special variables in this way, it seems that you need to set the relevant settings in php.ini option, otherwise you can only quote it like this:

$_SERVER['PHP_AUTH_USER']
$_SERVER['PHP_AUTH_PW']

After obtaining the username and password submitted by the user, how to process the logic is no different from our general program processing. Two routines are provided below for reference:

<&#63;php
if(!isset($PHP_AUTH_USER)) {
Header("WWW-authenticate: basic realm="XXX"");
Header("HTTP/1.0 401 Unauthorized");
$title="Login Instructions";
&#63;>
<blockquote>
In order to enter this section of the web site, you must be an XXX
subscriber. If you are a subscriber and you are having trouble logging
in,
please contact <a href="mailto:support@xxx.com">support@xxx.com</a>.
</blockquote>
<&#63;php
exit;
} else {
mysql_pconnect("localhost","nobody","") or die("Unable to connect to SQL server");
mysql_select_db("xxx") or die("Unable to select database");
$user_id=strtolower($PHP_AUTH_USER);
$password=$PHP_AUTH_PW;
$query = mysql_query("select * from users where user_id='$user_id' and password='$password'");
if(!mysql_num_rows($query)) {
Header("WWW-authenticate: basic realm="XXX"");
Header("HTTP/1.0 401 Unauthorized");
$title="Login Instructions";
&#63;>
<blockquote>
In order to enter this section of the web site, you must be an XXX
subscriber. If you are a subscriber and you are having trouble
logging in,
please contact <a href="mailto:support@xxx.com">support@xxx.com</a>.
</blockquote>
<&#63;php
exit;
}
$name=mysql_result($query,0,"name");
$email=mysql_result($query,0,"email");
mysql_free_result($query);
}
&#63;>

Another reference routine:

<&#63;php
//assume user is not authenticated
$auth = false;
$user = $_SERVER['PHP_AUTH_USER'];
$pass = $_SERVER['PHP_AUTH_PW'];
if ( isset($user) && isset($pass) )
{
//connect to db
include 'db_connect.php';
//SQL query to find if this entered username/password is in the db
$sql = "SELECT * FROM healthed_workshop_admin WHERE
user = '$PHP_AUTH_USER' AND
pass = '$PHP_AUTH_PW'";
//put the SQL command and SQL instructions into variable
$result = mysql_query($sql) or die('Unable to connect.');
//get number or rows in command; if more than 0, row is found
$num_matches = mysql_num_rows($result);
if ($num_matches !=0)
{
//matching row found authenticates user
$auth = true;
}
}
if (!$auth)
{
header('WWW-Authenticate: Basic realm="Health Ed Presentation Admin"');
header('HTTP/1.0 401 Unauthorized');
echo 'You must enter a valid username & password.';
exit;
}
else
{
echo 'Success!';
}
&#63;>

Readers who are interested in more PHP-related content can check out the special topics on this site: "Summary of PHP network programming skills", "Introduction to PHP basic syntax tutorial", "Summary of PHP operating office document skills (including word, excel, access, ppt)", "Summary of PHP date and time usage", "PHP object-oriented programming introductory tutorial》, "php string (string) usage summary", "php mysql database operation introductory tutorial" and "php common database operation skills summary"

I hope this article will be helpful to everyone in PHP programming.