|
|
|
|
|
|
| |
People like and have always liked keeping secrets. It's in the essence of man. So there are times when you want to write a PHP script accesibile only to you, or a select few. The answer to your needs is using a password. There is more than one way to password-protect a script, but we're going to talk about the most efficient one: HTTP Authorization, as implemented in PHP. HTTP Authorization has been available for some time now, and is usually achieved by using ".htpasswd" files, along with accompanying ".htpasswd". But since PHP arrived, HTTP password protection became much easier.
The first step in protecting a script with HTTP Auth is to make that script send HTTP Code 401 to users that don't send a username/password pair, which means "You need to send a password to see me". This is easily achieved in PHP via the Header() function.
The code flow on that is, using the $auth variable to describe the authorization state of the current user: |
|
<?
if ( $auth != 1 ) { //if the user isn't authenticated
header( "WWW-Authenticate: Basic realm="Authorization Required!"" ); //this makes the browser generate a login box
header( "HTTP/1.0 401 Unauthorized" ); //this tells the browser that further viewing is not permitted
echo 'Authorization Required!'; //and this gets echoed if the user doesn't enter the correct username/password pair
exit; //this makes the script exit, and the user session ends. No script for you!
}
?>
|
|
|
Basically what that means is that any user not sending in his HTTP request a correct user/password pair is not going to see the page, and have a standard HTTP Login box appear (generated by his web browser). As we previously discussed this, HTTP Authorization is a long user method and 99% of browsers are fully capable of handling this sort of message.
On the next page, we'll discuss how to get PHP to check a user/password pair sent by the user.
Read More... |
|
|
|
| Writing A Port Scanner In PHP
Categories : PHP, HTTP, Security | | | User Authentication With patUser (part 2)
Categories : PHP, Authentication, Security | | | Referer Statistics
Categories : PHP, MySQL, HTTP, Databases | | | PHP5: Designing And Using Interfaces
Categories : PHP, Object Oriented, Interfaces, PHP Classes, Security | | | Send SMS Thru HTTP
Categories : PHP, SMS, HTTP | | | PHP for Beginners by a Beginner: Simple Login, Logout, and Session Handling
Categories : PHP, Sessions, Authentication | | | How to Develop a Simple yet Secure Password System
Categories : Authentication, Security | | | PHP, MySQL and Authentication 101
Categories : PHP, Databases, MySQL, Authentication | | | User Authentication With Apache and PHP
Categories : PHP, Web Servers, Apache, Authentication | | | Working with Permissions in PHP, Part 1
Categories : PHP, Security | | | Uploading files to the server with PHP
Categories : PHP, File System, HTML and PHP, HTTP | | | Watching The Web
Categories : PHP, Databases, MySQL, HTTP, MD5 | | | Exploring Session Security In PHP Web Applications
Categories : PHP, Security, Sessions, Web Applications | | | Developing a Security Policy, by Anna Johnson
Categories : Other, Security, Site Planning | | | Generating One-Time URLs with PHP
Categories : PHP, URLs | |
| |
|
|
