Demystifying HTTP 401 Unauthorized: Access Restriction Issues in PHP Development

HTTP 401 Unauthorized error indicates that the server cannot accept unauthenticated requests. To resolve this issue, you can follow these steps: Enable HTTP Basic Authentication to prompt the user for credentials. Verify the provided credentials and only allow access to authorized users.

Revealing HTTP 401 Unauthorized: Access Restriction Issues in PHP Development

HTTP 401 Unauthorized error code indicates that the server is not authorized Deny request without verification. This means that the server requires valid credentials to access protected resources. In PHP, you can easily generate this error code by using the HTTP_UNAUTHORIZED constant:

header('HTTP/1.1 401 Unauthorized');

To prevent unauthorized access, you can implement the following steps in your PHP application:

1. Enable HTTP Basic Authentication

// 在 PHP 脚本的顶部添加以下行：
header('WWW-Authenticate: Basic realm="Restricted Area"');

This will prompt the user to enter their username and password through a pop-up dialog box.

2. Verify credentials

if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
  // 从服务器变量中获取提供的凭据
  $username = $_SERVER['PHP_AUTH_USER'];
  $password = $_SERVER['PHP_AUTH_PW'];
  
  // 检查凭据的有效性，例如：
  if ($username === 'admin' && $password === 'password') {
    // 授权已验证的用户
  } else {
    // 拒绝访问
    header('HTTP/1.1 401 Unauthorized');
  }
} else {
  // 拒绝访问，因为未提供凭据
  header('HTTP/1.1 401 Unauthorized');
}

Practical case

The following is a simple PHP script that shows how to protect the page And only allow access to authorized users:

<?php
// 启用 HTTP 基本身份验证
header('WWW-Authenticate: Basic realm="Protected Area"');

// 验证凭据
if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
  $username = $_SERVER['PHP_AUTH_USER'];
  $password = $_SERVER['PHP_AUTH_PW'];

  // 检查凭据的有效性（例如，从数据库中检索）
  if ($username === 'john' && $password === 'example') {
    // 授权用户，显示受保护的内容
    echo '<h1>欢迎，' . $username . '!</h1>';
  } else {
    // 凭据无效，拒绝访问
    header('HTTP/1.1 401 Unauthorized');
  }
} else {
  // 未提供凭据，拒绝访问
  header('HTTP/1.1 401 Unauthorized');
}
?>

By following these steps, you can easily implement access restrictions in your PHP application to ensure that only authorized users can access sensitive data or resources.

The above is the detailed content of Demystifying HTTP 401 Unauthorized: Access Restriction Issues in PHP Development. For more information, please follow other related articles on the PHP Chinese website!