http://wbex.ru/index.php?action=history&feed=atom&title=PHP%2FHTML%2FAuthentication
PHP/HTML/Authentication - История изменений
2026-04-05T11:49:24Z
История изменений этой страницы в вики
MediaWiki 1.30.0
http://wbex.ru/index.php?title=PHP/HTML/Authentication&diff=834&oldid=prev
в 10:37, 26 мая 2010
2010-05-26T10:37:33Z
<p></p>
<table class="diff diff-contentalign-left" data-mw="interface">
<tr style="vertical-align: top;" lang="ru">
<td colspan="1" style="background-color: white; color:black; text-align: center;">← Предыдущая</td>
<td colspan="1" style="background-color: white; color:black; text-align: center;">Версия 10:37, 26 мая 2010</td>
</tr><tr><td colspan="2" style="text-align: center;" lang="ru"><div class="mw-diff-empty">(нет различий)</div>
</td></tr></table>
http://wbex.ru/index.php?title=PHP/HTML/Authentication&diff=835&oldid=prev
Admin: 1 версия
2010-05-26T07:05:25Z
<p>1 версия</p>
<p><b>Новая страница</b></p><div>==Authentication Over HTTP==<br />
<br />
<br />
<br />
<br />
<!-- start source code --><br />
<br />
<source lang="html4strict"><br />
<br />
<?<br />
if (!isset($_SERVER["PHP_AUTH_USER"])) {<br />
header("WWW-Authenticate: Basic realm=\"Private Area\"");<br />
header("HTTP/1.0 401 Unauthorized");<br />
print "Sorry - you need valid credentials granted access to the private area!\n";<br />
exit;<br />
} else {<br />
print "Welcome to the private area, {$_SERVER["PHP_AUTH_USER"]}- you used {$_SERVER["PHP_AUTH_PW"]} as your password.";<br />
}<br />
?><br />
<br />
</source><br />
<br />
<br />
<br />
<br />
==Basic authentication prompt==<br />
<br />
<br />
<br />
<br />
<!-- start source code --><br />
<br />
<source lang="html4strict"><br />
<br />
<?<br />
header("WWW-Authenticate: Basic realm="Secret Family"");<br />
header("HTTP/1.0 401 Unauthorized");<br />
exit;<br />
?><br />
<br />
</source><br />
<br />
<br />
<br />
<br />
==Checking the values returned from the authentication prompt==<br />
<br />
<br />
<br />
<br />
<!-- start source code --><br />
<br />
<source lang="html4strict"><br />
<br />
<?php<br />
$username = "jon_doe";<br />
$password = "JonDoe";<br />
if (!isset($_SERVER["PHP_AUTH_USER"]) || !isset($_SERVER["PHP_AUTH_PW"])) {<br />
header("WWW-Authenticate: Basic realm="Member Area"");<br />
header("HTTP/1.0 401 Unauthorized");<br />
echo "You must enter in a username and password combination!";<br />
exit;<br />
}<br />
elseif (strcmp($_SERVER["PHP_AUTH_USER"], $username) !== 0 ||<br />
strcmp($_SERVER["PHP_AUTH_PW"], $password) !== 0) {<br />
header("WWW-Authenticate: Basic realm="Member Area"");<br />
header("HTTP/1.0 401 Unauthorized");<br />
echo "Your username and password combination was incorrect!";<br />
exit;<br />
}<br />
echo("You have successfully logged in!");<br />
?><br />
<br />
</source><br />
<br />
<br />
<br />
<br />
==Enforcing Basic authentication==<br />
<br />
<br />
<br />
<br />
<!-- start source code --><br />
<br />
<source lang="html4strict"><br />
<br />
<?php<br />
header("WWW-Authenticate: Basic realm="My Website"");<br />
header("HTTP/1.0 401 Unauthorized");<br />
echo "You need to enter a valid username and password.";<br />
exit();<br />
?><br />
<br />
</source><br />
<br />
<br />
<br />
<br />
==Get Users from users table==<br />
<br />
<br />
<br />
<br />
<!-- start source code --><br />
<br />
<source lang="html4strict"><br />
<br />
<html><head><title>Get Users</title></head><br />
<body><br />
<?php<br />
$conn=@mysql_connect("localhost", "userName", "password") or die("Could not connect");<br />
$rs = @mysql_select_db("my_database", $conn) or die("Could not select database");<br />
<br />
$sql="select * from users";<br />
<br />
$rs=mysql_query($sql,$conn) or die("Could not execute query");<br />
$list = "<table>";<br />
$list.="<tr><th>First Name</th>";<br />
$list.="<th>Last Name</th>";<br />
$list.="<th>User Name</th>";<br />
$list.="<th>Password</th></tr>";<br />
while($row= mysql_fetch_array($rs) )<br />
{<br />
$list .= "<tr>";<br />
$list .= "<td>".$row["first_name"]."</td>";<br />
$list .= "<td>".$row["last_name"]."</td>";<br />
$list .= "<td>".$row["user_name"]."</td>";<br />
$list .= "<td>".$row["password"]."</td>";<br />
$list .= "</tr>";<br />
}<br />
$list .= "</table>";<br />
echo($list);<br />
?><br />
</body></html><br />
<br />
</source><br />
<br />
<br />
<br />
<br />
==Hardcoding the username and password into a script==<br />
<br />
<br />
<br />
<br />
<!-- start source code --><br />
<br />
<source lang="html4strict"><br />
<br />
<?<br />
if ( (! isset ($PHP_AUTH_USER)) || (! isset ($PHP_AUTH_PW)) ||<br />
($PHP_AUTH_USER != "secret") || ($PHP_AUTH_PW != "") ) :<br />
<br />
header("WWW-Authenticate: Basic realm="Secret Family"");<br />
header("HTTP/1.0 401 Unauthorized");<br />
print "Authorization is required.";<br />
exit;<br />
endif;<br />
?><br />
<br />
</source><br />
<br />
<br />
<br />
<br />
==HTTP Authentication example==<br />
<br />
<br />
<br />
<br />
<!-- start source code --><br />
<br />
<source lang="html4strict"><br />
<br />
<?php<br />
if(!isset($PHP_AUTH_USER)) {<br />
Header("WWW-Authenticate: Basic realm=\"My Realm\"");<br />
Header("HTTP/1.0 401 Unauthorized");<br />
echo "Text to send if user hits Cancel button\n";<br />
exit;<br />
} else {<br />
echo "Hello $PHP_AUTH_USER.<P>";<br />
echo "You entered $PHP_AUTH_PW as your password.<P>";<br />
}<br />
?><br />
<br />
</source><br />
<br />
<br />
<br />
<br />
==HTTP Authentication example forcing a new name/password==<br />
<br />
<br />
<br />
<br />
<!-- start source code --><br />
<br />
<source lang="html4strict"><br />
<br />
<?php<br />
function authenticate() {<br />
Header( "WWW-authenticate: basic realm="Test System"");<br />
Header( "HTTP/1.0 401 Unauthorized");<br />
echo "You must enter a valid login ID and password to access this resource\n";<br />
exit;<br />
<br />
}<br />
if(!isset($PHP_AUTH_USER) || ($SeenBefore == 1 && !strcmp($OldAuth, $PHP_AUTH_USER)) ) {<br />
authenticate();<br />
}<br />
else {<br />
echo "Welcome: $PHP_AUTH_USER<BR>";<br />
echo "Old: $OldAuth";<br />
echo "<FORM ACTION=\"$PHP_SELF\" METHOD=POST>\n";<br />
echo "<INPUT TYPE=HIDDEN NAME=\"SeenBefore\" VALUE=\"1\">\n";<br />
echo "<INPUT TYPE=HIDDEN NAME=\"OldAuth\" VALUE=\"$PHP_AUTH_USER\">\n";<br />
echo "<INPUT TYPE=Submit VALUE=\"Re Authenticate\">\n";<br />
echo "</FORM>\n";<br />
}<br />
?><br />
<br />
</source><br />
<br />
<br />
<br />
<br />
==If user logged in==<br />
<br />
<br />
<br />
<br />
<!-- start source code --><br />
<br />
<source lang="html4strict"><br />
<br />
<?php <br />
$user = $_POST["user"];<br />
$pass = $_POST["pass"];<br />
$self = $_SERVER["PHP_SELF"];<br />
if( ( $user != null ) and ( $pass != null ) )<br />
{<br />
setcookie( "auth","ok" );<br />
header( "Location:loggedin.php" );<br />
exit();<br />
}<br />
?><br />
<br />
<html><br />
<head><br />
<title>Set Cookie Data</title><br />
</head><br />
<body><br />
<form action="<?php echo( $self ); ?>" method="post"><br />
Name: <input type="text" name="user" size="10"><br />
Password: <input type="text" name="pass" size="10"><br><br><br />
<input type="submit" value="Log Me In"><br />
</form><br />
</body><br />
</html><br />
<br />
</source><br />
<br />
<br />
<br />
<br />
==Only One Username and Password Is Valid==<br />
<br />
<br />
<br />
<br />
<!-- start source code --><br />
<br />
<source lang="html4strict"><br />
<br />
<?php<br />
if (isset($_SERVER["PHP_AUTH_USER"])) {<br />
$user = $_SERVER["PHP_AUTH_USER"];<br />
$pass = $_SERVER["PHP_AUTH_PW"];<br />
} elseif (isset($_SERVER["HTTP_AUTHORIZATION"])) {<br />
if (substr($_SERVER["HTTP_AUTHORIZATION"], 0, 5) == "Basic") {<br />
$userpass = split(":",<br />
base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"], 6)));<br />
$user = $userpass[0];<br />
$pass = $userpass[1]; }<br />
}<br />
if (!isset($user) || !isset($pass) || $user!="php5" || $pass!="iscool") {<br />
header("WWW-Authenticate: Basic realm=\"PHP Protected Area\"");<br />
header("HTTP/1.0 401 Unauthorized");<br />
} else {<br />
echo("Welcome, $user!");<br />
}<br />
?><br />
<br />
</source><br />
<br />
<br />
<br />
<br />
==Simple credentials checking:==<br />
<br />
<br />
<br />
<br />
<!-- start source code --><br />
<br />
<source lang="html4strict"><br />
<br />
<?<br />
if (!isset($_SERVER["PHP_AUTH_USER"])) {<br />
header("WWW-Authenticate: Basic realm=\"Private Area\"");<br />
header("HTTP/1.0 401 Unauthorized");<br />
print "Sorry - you need valid credentials to be granted access!\n";<br />
exit;<br />
} else {<br />
if (($_SERVER["PHP_AUTH_USER"] == "A") &&<br />
($_SERVER["PHP_AUTH_PW"] == "B")) {<br />
print "Welcome to the private area!";<br />
} else {<br />
header("WWW-Authenticate: Basic realm=\"Private Area\"");<br />
header("HTTP/1.0 401 Unauthorized");<br />
print "Sorry - you need valid credentials to be granted access!\n";<br />
exit;<br />
}<br />
}<br />
?><br />
<br />
</source><br />
<br />
<br />
<br />
<br />
==The Username and Password Are Retrieved for Both Apache and IIS==<br />
<br />
<br />
<br />
<br />
<!-- start source code --><br />
<br />
<source lang="html4strict"><br />
<br />
<?php<br />
if (isset($_SERVER["PHP_AUTH_USER"])) {<br />
$user = $_SERVER["PHP_AUTH_USER"];<br />
$pass = $_SERVER["PHP_AUTH_PW"];<br />
} elseif (isset($_SERVER["HTTP_AUTHORIZATION"])) {<br />
if (substr($_SERVER["HTTP_AUTHORIZATION"], 0, 5) == "Basic") {<br />
$userpass = split(":",<br />
base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"], 6)));<br />
$user = $userpass[0];<br />
$pass = $userpass[1];<br />
}<br />
}<br />
if (isset($user)) {<br />
echo("Username / password: ");<br />
echo(htmlspecialchars($user) . " / " . htmlspecialchars($pass));<br />
} else {<br />
header("WWW-Authenticate: Basic realm=\"PHP Protected Area\"");<br />
header("HTTP/1.0 401 Unauthorized");<br />
}<br />
?><br />
<br />
</source><br />
<br />
<br />
<br />
<br />
==Use database to store user name and password==<br />
<br />
<br />
<br />
<br />
<!-- start source code --><br />
<br />
<source lang="html4strict"><br />
<br />
//login.html<br />
<form method="post" action="<?php echo $_SERVER["PHP_SELF"]; ?>"><br />
Username:<br /><input type="text" name="username" size="10" /><br /><br />
Password:<br /><input type="password" name="pswd" SIZE="10" /><br /><br />
<input type="submit" value="Login" /> <br />
</form><br />
//index.php<br />
<?php<br />
session_start();<br />
if (! isset($_SESSION["name"])) {<br />
if (isset($_POST["username"])){<br />
$username = $_POST["username"];<br />
$pswd = $_POST["pswd"];<br />
$conn=pg_connect("host=localhost dbname=corporate user=root password=") or die(pg_last_error($conn));<br />
$query = "SELECT name FROM users WHERE username="$username" AND pswd="$pswd"";<br />
$result = pg_query($conn, $query);<br />
if (pg_num_rows($result) == 1){<br />
$_SESSION["name"] = pg_fetch_result($result,0,"name");<br />
$_SESSION["username"] = pg_fetch_result($result,0,"username");<br />
echo "You"re logged in. Feel free to return at a later time.";<br />
}<br />
} else {<br />
include "login.html";<br />
}<br />
} else {<br />
$name = $_SESSION["name"];<br />
echo "Welcome back, $name!";<br />
}<br />
?><br />
<br />
</source><br />
<br />
<br />
<br />
<br />
==User management with database==<br />
<br />
<br />
<br />
<br />
<!-- start source code --><br />
<br />
<source lang="html4strict"><br />
<br />
create table user_info (<br />
user_id char(18),<br />
fname char(15),<br />
email char(35));<br />
<?<br />
if (! isset($userid)) :<br />
$id = "15";<br />
setcookie ("userid", $id, time()+3600);<br />
print "A cookie is set. Please refresh the page";<br />
else:<br />
@mysql_connect("localhost", "root", "") or die("Could not connect to MySQL server!");<br />
@mysql_select_db("user") or die("Could not select user database!");<br />
$query = "SELECT * FROM user_info WHERE user_id = "$userid"";<br />
$result = mysql_query($query);<br />
$row = mysql_fetch_array($result);<br />
print "Hi ".$row["fname"].",<br>";<br />
print "Your email address is ".$row["email"];<br />
mysql_close();<br />
endif;<br />
?><br />
<br />
</source><br />
<br />
<br />
<br />
<br />
==Usernames and Passwords Are Checked Against Data in a Database==<br />
<br />
<br />
<br />
<br />
<!-- start source code --><br />
<br />
<source lang="html4strict"><br />
<br />
<?php<br />
if (isset($_SERVER["PHP_AUTH_USER"])) {<br />
$user = $_SERVER["PHP_AUTH_USER"];<br />
$pass = $_SERVER["PHP_AUTH_PW"];<br />
} elseif (isset($_SERVER["HTTP_AUTHORIZATION"])) {<br />
if (substr($_SERVER["HTTP_AUTHORIZATION"], 0, 5) == "Basic") {<br />
$userpass = split(":",<br />
base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"], 6)));<br />
$user = $userpass[0];<br />
$pass = $userpass[1];<br />
}<br />
}<br />
$auth = false;<br />
$pwdb = mysql_connect("localhost", "user", "pwd");<br />
mysql_select_db("auth", $pwdb);<br />
$rows = mysql_query("SELECT user, pass FROM users", $pwdb);<br />
while ($row = mysql_fetch_array($rows)) {<br />
if ($user == $row["user"] && crypt($pass, "pw") == $row["pass"]) {<br />
$auth = true;<br />
break;<br />
}<br />
}<br />
if (!$auth) {<br />
header("WWW-Authenticate: Basic realm=\"PHP Protected Area\"");<br />
header("HTTP/1.0 401 Unauthorized");<br />
}<br />
?><br />
<br />
</source><br />
<br />
<br />
<br />
<br />
==Usernames and Passwords Are Checked Against Data in a File==<br />
<br />
<br />
<br />
<br />
<!-- start source code --><br />
<br />
<source lang="html4strict"><br />
<br />
<?php<br />
if (isset($_SERVER["PHP_AUTH_USER"])) {<br />
$user = $_SERVER["PHP_AUTH_USER"];<br />
$pass = $_SERVER["PHP_AUTH_PW"];<br />
} elseif (isset($_SERVER["HTTP_AUTHORIZATION"])) {<br />
if (substr($_SERVER["HTTP_AUTHORIZATION"], 0, 5) == "Basic") {<br />
$userpass = split(":",<br />
base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"], 6)));<br />
$user = $userpass[0];<br />
$pass = $userpass[1];<br />
}<br />
}<br />
$auth = false;<br />
$pwfile = fopen("users.txt", "r");<br />
while (!feof($pwfile)) {<br />
$data = split(":", rtrim(fgets($pwfile, 1024)));<br />
if ($user == $data[0] && crypt($pass, "pw") == $data[1]) {<br />
$auth = true;<br />
break;<br />
}<br />
}<br />
fclose($pwfile);<br />
if (!$auth) {<br />
header("WWW-Authenticate: Basic realm=\"PHP\"");<br />
header("HTTP/1.0 401 Unauthorized");<br />
} else {<br />
echo("Welcome, $user!");<br />
}<br />
?><br />
<br />
</source><br />
<br />
<br />
<br />
<br />
==Using HTTP authentication with a PHP script==<br />
<br />
<br />
<br />
<br />
<!-- start source code --><br />
<br />
<source lang="html4strict"><br />
<br />
<?php<br />
if (!isset($_SERVER["PHP_AUTH_USER"]) || !isset($_SERVER["PHP_AUTH_PW"])) {<br />
header("WWW-Authenticate: Basic realm="Member Area"");<br />
header("HTTP/1.0 401 Unauthorized");<br />
echo "Please login with a valid username and password.";<br />
exit;<br />
} else {<br />
echo "You entered a username of: ".$_SERVER["PHP_AUTH_USER"]." ";<br />
echo "and a password of: ".$_SERVER["PHP_AUTH_PW"].".";<br />
}<br />
?><br />
<br />
</source></div>
Admin