|
|
|
|
|
|
| |
People like and have always liked keeping secrets. It's in the essence of man. So there are times when you want to write a PHP script accesibile only to you, or a select few. The answer to your needs is using a password. There is more than one way to password-protect a script, but we're going to talk about the most efficient one: HTTP Authorization, as implemented in PHP. HTTP Authorization has been available for some time now, and is usually achieved by using ".htpasswd" files, along with accompanying ".htpasswd". But since PHP arrived, HTTP password protection became much easier.
The first step in protecting a script with HTTP Auth is to make that script send HTTP Code 401 to users that don't send a username/password pair, which means "You need to send a password to see me". This is easily achieved in PHP via the Header() function.
The code flow on that is, using the $auth variable to describe the authorization state of the current user: |
|
<?
if ( $auth != 1 ) { //if the user isn't authenticated
header( "WWW-Authenticate: Basic realm="Authorization Required!"" ); //this makes the browser generate a login box
header( "HTTP/1.0 401 Unauthorized" ); //this tells the browser that further viewing is not permitted
echo 'Authorization Required!'; //and this gets echoed if the user doesn't enter the correct username/password pair
exit; //this makes the script exit, and the user session ends. No script for you!
}
?>
|
|
|
Basically what that means is that any user not sending in his HTTP request a correct user/password pair is not going to see the page, and have a standard HTTP Login box appear (generated by his web browser). As we previously discussed this, HTTP Authorization is a long user method and 99% of browsers are fully capable of handling this sort of message.
On the next page, we'll discuss how to get PHP to check a user/password pair sent by the user.
Read More... |
|
|
|
| User Authentication With patUser (part 2)
Categories : PHP, Authentication, Security | | | Writing A Port Scanner In PHP
Categories : PHP, HTTP, Security | | | User Authentication With Apache and PHP
Categories : PHP, Web Servers, Apache, Authentication | | | PHP5: Designing And Using Interfaces
Categories : PHP, Object Oriented, Interfaces, PHP Classes, Security | | | Working with Permissions in PHP, Part 1
Categories : PHP, Security | | | How to Develop a Simple yet Secure Password System
Categories : Authentication, Security | | | Watching The Web
Categories : PHP, Databases, MySQL, HTTP, MD5 | | | Referer Statistics
Categories : PHP, MySQL, HTTP, Databases | | | Send SMS Thru HTTP
Categories : PHP, SMS, HTTP | | | Exploring Session Security In PHP Web Applications
Categories : PHP, Security, Sessions, Web Applications | | | Uploading files to the server with PHP
Categories : PHP, File System, HTML and PHP, HTTP | | | PHP, MySQL and Authentication 101
Categories : PHP, Databases, MySQL, Authentication | | | PHP for Beginners by a Beginner: Simple Login, Logout, and Session Handling
Categories : PHP, Sessions, Authentication | | | tracking where and what on your site people are clicking
Categories : PHP, MySQL, HTML and PHP, HTML | | | Installing PHP Under Personal Web Server
Categories : Personal Web Server (PWS), PHP, Web Servers, Installation | |
| |
|
|
