This article describes how php uses the Header function, PHP_AUTH_PW and PHP_AUTH_USER for user authentication. Share it with everyone for your reference, the details are as follows:
In PHP, you can use the Header function to do some interesting things, and user verification is one of the interesting functions. Specific usage:
Header("WWW-Authenticate: Basic realm="USER LOGIN""); Header("HTTP/1.0 401 Unauthorized");
Design these two Header functions at the top of the page. A login box will appear before the page is loaded, requiring user name and password. For those of us who are used to logging in on the web, do we think this kind of login is original and novel?
In order to obtain the username and password passed from this dialog box, you need to use the two special variables $PHP_AUTH_USER and $PHP_AUTH_PW provided by PHP. To use these two special variables in this way, it seems that you need to set the relevant settings in php.ini option, otherwise you can only quote it like this:
$_SERVER['PHP_AUTH_USER'] $_SERVER['PHP_AUTH_PW']
After obtaining the username and password submitted by the user, how to process the logic is no different from our general program processing. Two routines are provided below for reference:
<?php if(!isset($PHP_AUTH_USER)) { Header("WWW-authenticate: basic realm="XXX""); Header("HTTP/1.0 401 Unauthorized"); $title="Login Instructions"; ?> <blockquote> In order to enter this section of the web site, you must be an XXX subscriber. If you are a subscriber and you are having trouble logging in, please contact <a href="mailto:support@xxx.com">support@xxx.com</a>. </blockquote> <?php exit; } else { mysql_pconnect("localhost","nobody","") or die("Unable to connect to SQL server"); mysql_select_db("xxx") or die("Unable to select database"); $user_id=strtolower($PHP_AUTH_USER); $password=$PHP_AUTH_PW; $query = mysql_query("select * from users where user_id='$user_id' and password='$password'"); if(!mysql_num_rows($query)) { Header("WWW-authenticate: basic realm="XXX""); Header("HTTP/1.0 401 Unauthorized"); $title="Login Instructions"; ?> <blockquote> In order to enter this section of the web site, you must be an XXX subscriber. If you are a subscriber and you are having trouble logging in, please contact <a href="mailto:support@xxx.com">support@xxx.com</a>. </blockquote> <?php exit; } $name=mysql_result($query,0,"name"); $email=mysql_result($query,0,"email"); mysql_free_result($query); } ?>
Another reference routine:
<?php //assume user is not authenticated $auth = false; $user = $_SERVER['PHP_AUTH_USER']; $pass = $_SERVER['PHP_AUTH_PW']; if ( isset($user) && isset($pass) ) { //connect to db include 'db_connect.php'; //SQL query to find if this entered username/password is in the db $sql = "SELECT * FROM healthed_workshop_admin WHERE user = '$PHP_AUTH_USER' AND pass = '$PHP_AUTH_PW'"; //put the SQL command and SQL instructions into variable $result = mysql_query($sql) or die('Unable to connect.'); //get number or rows in command; if more than 0, row is found $num_matches = mysql_num_rows($result); if ($num_matches !=0) { //matching row found authenticates user $auth = true; } } if (!$auth) { header('WWW-Authenticate: Basic realm="Health Ed Presentation Admin"'); header('HTTP/1.0 401 Unauthorized'); echo 'You must enter a valid username & password.'; exit; } else { echo 'Success!'; } ?>
Readers who are interested in more PHP-related content can check out the special topics of this site: "Summary of PHP Network Programming Skills", "Introduction Tutorial on PHP Basic Grammar", "Summary of PHP Office Document Skills (including word, excel, access, ppt)", "php date and time usage summary", "php object-oriented programming introductory tutorial", "php string (string) usage summary", "php mysql database operation introductory tutorial" and "php common database operation skills summary" 》
I hope this article will be helpful to everyone in PHP programming.