开发者

PHP HTTP Basic Auth using Form

How can I use HTTP basic Authentication and have the user submit their Username and Password in a HTML form and have it Authenticate using HTTP Basic Authentication.

I heard that Internet Explorer no longer supports the use of http://user:password@website.com no more so I don't know the best way to approach this.

Use of PHP and javascript and HTML is OK. I don't want to use PERL and I perfer no big javascript libs.

If you don't think HTTP Basic Auth. is the bes开发者_C百科t way, please recommend something easy and simple to do. It will only be a login site for 5-6 people. No need to complicate it.


jQuery library has ajax function which has "password" and "user" parameter for Authentication. When user click login you can get value of login and password and passed to $.ajax function.

$('#submit').click(function() {
   $.ajax({
      url: 'authenticated.php',
      username: $('#login').val(),
      password: $('#passwd').val(),
      success: function(data) {
         //do something with data from the server
      }
   });
   return false;
});


IMHO, the whole point of using HTTP authentication is being able to delegate authentication tasks:

  1. The web server takes care of denying unauthorized access to protected resources
  2. The browser takes care of asking for username and password when required

So you have a working system with minimum effort.

Now, if you use an HTML form to ask for credentials, the server will know who you are but the browser won't: it'll ask for credentials as soon as it finds the WWW-Authenticate response header and the 401 status code. For this to work, the browser has to send an Authorization request header on every HTTP request; however, your form cannot instruct the browser to send the appropriate HTTP header.

Of course, you can write your own server-side authentication code in PHP, configure the server to parse static files through it and omit 401 and WWW-Authenticate as soon as you get valid credentials (which then need to be stored somewhere else, e.g., a PHP session). But then you've lost all the advantages of HTTP authentication: at this point, a custom login handler with PHP sessions will be a much easier solution.

To sum up:

  • If you need simplicity, forget about HTML forms
  • If you need HTML forms, write your own code


If i understand you correctly you need to use .htpasswd with .htaccess: http://tools.dynamicdrive.com/password/


How can I use HTTP basic Authentication and have the user submit their Username and Password in a HTML form

No way.

please recommend something easy and simple to do.

sessions, cookies.
google for PHP auth tutorial and get over 9000 articles

oh well, one of them

<?
if (isset($_POST['auth_name'])) {
  $name=mysql_real_escape_string($_POST['auth_name']);
  $pass=mysql_real_escape_string($_POST['auth_pass']);
  $query = "SELECT * FROM users WHERE name='$name' AND pass='$pass'";
  $res = mysql_query($query) or trigger_error(mysql_error().$query);
  if ($row = mysql_fetch_assoc($res)) {
    session_start();
    $_SESSION['user_id'] = $row['id'];
    $_SESSION['ip'] = $_SERVER['REMOTE_ADDR'];
  }
  header("Location: http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
  exit;
}
if (isset($_GET['action']) AND $_GET['action']=="logout") {
  session_start();
  session_destroy();
  header("Location: http://".$_SERVER['HTTP_HOST']."/");
  exit;
}
if (isset($_REQUEST[session_name()])) session_start();
if (isset($_SESSION['user_id']) AND $_SESSION['ip'] == $_SERVER['REMOTE_ADDR']) return;
else {
include 'your design here.php';
?>
<form method="POST">
<input type="text" name="auth_name"><br>
<input type="password" name="auth_pass"><br>
<input type="submit"><br>
</form>
<? 
}
exit;
?>

intended to be put into file and called as require '/path/auth.php'; at the top of your scripts

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜