Master PHP HTTP 401 Unauthorized Error and Improve Website Security

Handle HTTP 401 Unauthorized errors in PHP, strengthen website security and send HTTP 401 errors: header('HTTP/1.1 401 Unauthorized');http_response_code(401);Add authentication: header('WWW-Authenticate: Basic realm="Realm Name"');Practical case: secure_page.php uses basic authentication to handle HTTP 401 errors.

Master PHP HTTP 401 Unauthorized Error and Strengthen Website Security

Introduction

HTTP 401 Unauthorized error is a server response indicating that the client attempted to access a resource that requires authentication, but the supplied credentials were invalid or did not exist. Handling this kind of error is critical to keeping your website secure. This article will delve into the handling of HTTP 401 Unauthorized errors in PHP and provide practical cases.

Handling HTTP 401 Errors

In PHP, you can send HTTP 401 errors through the header() function:

header('HTTP/1.1 401 Unauthorized');

Additionally, the HTTP status code can be set via the http_response_code() function:

http_response_code(401);

Add authentication

To resolve HTTP 401 errors, you can request Add authentication information. A common practice is to use basic HTTP authentication:

header('WWW-Authenticate: Basic realm="My Realm"');

This prompts the user for a username and password. After successful authentication, the $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] variables will contain the username and password respectively.

Practical case

Suppose you have a protected page named secure_page.php and want to handle HTTP 401 errors and force basic authentication :

<?php
if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW'])) {
    header('HTTP/1.1 401 Unauthorized');
    header('WWW-Authenticate: Basic realm="Secure Page"');
    exit;
}

$username = $_SERVER['PHP_AUTH_USER'];
$password = $_SERVER['PHP_AUTH_PW'];

// 在数据库中检查用户名和密码
$valid = check_credentials($username, $password);

if (!$valid) {
    header('HTTP/1.1 401 Unauthorized');
    exit;
}

// 验证成功，显示受保护页面
?>

check_credentials() The function is responsible for querying the database and validating the provided username and password.

Conclusion

With a deep understanding of HTTP 401 errors in PHP, you can improve the security of your website by properly handling authentication requests and enforcing Basic Authentication . This helps protect sensitive data and prevent unauthorized access.

The above is the detailed content of Master PHP HTTP 401 Unauthorized Error and Improve Website Security. For more information, please follow other related articles on the PHP Chinese website!