HTTP authentication using PHP3_PHP tutorial

The HTTP authentication function can only be used when PHP is running as an Apache module. In Apache's module PHP script, you can use the Header() function to send an "Authentication Required" message to the client's browser, causing the browser to pop up an input window for username/password. After the name and password are passed, the URL containing the PHP script will be called again, using the $PHP_AUTH_USER, $PHP_AUTH_PW, and $PHP_AUTH_TYPE variables representing the username, password, and confirmation method respectively. Currently only the "BASIC" confirmation method is supported.
An example of a code snippet that forces users to authenticate on a page is as follows:
Example 2-1. HTTP authentication example:
if(!isset($PHP_AUTH_USER)) {
Header("WWW-Authenticate: Basic realm="My Realm"");
Header("HTTP/1.0 401 Unauthorized");
echo "Text to send if user hits Cancel button ";
exit;
}
else {
echo "Hello $PHP_AUTH_USER.
";
echo "You entered $PHP_AUTH_PW as your password.
";
}
?>
In addition to simply outputting the values ​​​​of the $PHP_AUTH_USER and $PHP_AUTH_PW variables, you can also check the validity of the username and password, perhaps querying the database, perhaps searching for the user in the dbm file .
Beware of the buggy Internet Explorer browser, which is very picky about the order of headers. So sending the WWW-Authenticate header request before sending the HTTP/1.0 401 header request is a good solution.

In order to prevent some people from writing some scripts to display the password of a page that has been verified by a traditional external mechanism, the following method is adopted: if this page uses an external verification mechanism, the PHP_AUTH variable will not be generated. In this way, the $REMOTE_USER variable can Used to represent users who have been authenticated by an external mechanism.
Note that the above method does not prevent someone from using an unauthenticated URL to steal the password of an authenticated URL
Both Netscape and IE will clear the local browser window's authentication cache after receiving a 401 response from the server. This can effectively log users out, forcing them to enter their username and password again. Use this method to implement "timeout" registration, or provide login and logout buttons.
This method is not required for standard HTTP basic authentication, so you may never rely on it for testing with Lynx. Figure out 401 server responses for authentication, so the source file will be opened if using the "forward" or "backward" functions (as long as the credit requirements haven't been changed)
Although it has been pointed out that this language does not work on Microsoft. on the IIS server, but the PHP language CGI version will be restricted by IIS

http://www.bkjia.com/PHPjc/531914.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/531914.htmlTechArticleThe HTTP authentication function can only be used when PHP is running as an Apache module. In Apache's module PHP script, you can use the Header() function to send a "...

to the client's browser