PHP HTTP Basic Auth using Form
How can I use HTTP basic Authentication and have the user submit their Username and Password in a HTML form and have it Authenticate using HTTP Basic Authentication.
I heard that Internet Explorer no longer supports the use of http://user:password@website.com no more so I don't know the best way to approach this.
Use of PHP and javascript and HTML is OK. I don't want to use PERL and I perfer no big javascript libs.
If you don't think HTTP Basic Auth. is the bes开发者_C百科t way, please recommend something easy and simple to do. It will only be a login site for 5-6 people. No need to complicate it.
jQuery library has ajax function which has "password" and "user" parameter for Authentication. When user click login you can get value of login and password and passed to $.ajax function.
$('#submit').click(function() { $.ajax({ url: 'authenticated.php', username: $('#login').val(), password: $('#passwd').val(), success: function(data) { //do something with data from the server } }); return false; });
IMHO, the whole point of using HTTP authentication is being able to delegate authentication tasks:
- The web server takes care of denying unauthorized access to protected resources
- The browser takes care of asking for username and password when required
So you have a working system with minimum effort.
Now, if you use an HTML form to ask for credentials, the server will know who you are but the browser won't: it'll ask for credentials as soon as it finds the WWW-Authenticate
response header and the 401
status code. For this to work, the browser has to send an Authorization
request header on every HTTP request; however, your form cannot instruct the browser to send the appropriate HTTP header.
Of course, you can write your own server-side authentication code in PHP, configure the server to parse static files through it and omit 401
and WWW-Authenticate
as soon as you get valid credentials (which then need to be stored somewhere else, e.g., a PHP session). But then you've lost all the advantages of HTTP authentication: at this point, a custom login handler with PHP sessions will be a much easier solution.
To sum up:
- If you need simplicity, forget about HTML forms
- If you need HTML forms, write your own code
If i understand you correctly you need to use .htpasswd with .htaccess: http://tools.dynamicdrive.com/password/
How can I use HTTP basic Authentication and have the user submit their Username and Password in a HTML form
No way.
please recommend something easy and simple to do.
sessions, cookies.
google for PHP auth tutorial and get over 9000 articles
oh well, one of them
<?
if (isset($_POST['auth_name'])) {
$name=mysql_real_escape_string($_POST['auth_name']);
$pass=mysql_real_escape_string($_POST['auth_pass']);
$query = "SELECT * FROM users WHERE name='$name' AND pass='$pass'";
$res = mysql_query($query) or trigger_error(mysql_error().$query);
if ($row = mysql_fetch_assoc($res)) {
session_start();
$_SESSION['user_id'] = $row['id'];
$_SESSION['ip'] = $_SERVER['REMOTE_ADDR'];
}
header("Location: http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
exit;
}
if (isset($_GET['action']) AND $_GET['action']=="logout") {
session_start();
session_destroy();
header("Location: http://".$_SERVER['HTTP_HOST']."/");
exit;
}
if (isset($_REQUEST[session_name()])) session_start();
if (isset($_SESSION['user_id']) AND $_SESSION['ip'] == $_SERVER['REMOTE_ADDR']) return;
else {
include 'your design here.php';
?>
<form method="POST">
<input type="text" name="auth_name"><br>
<input type="password" name="auth_pass"><br>
<input type="submit"><br>
</form>
<?
}
exit;
?>
intended to be put into file and called as require '/path/auth.php';
at the top of your scripts
精彩评论