开发者

CURL HTTP Authentication at server side

问答 作者:

I am building a web service with Zend and i have to authenticate the users before sending them response. The user will send a request to a server page, using curl, passing his credentials in the form of curl_setopt($curl, CURLOPT_USERPWD, 'key:pass');

Iam using Zend framework and so the server side page is denoted like:

http://www.example.com/app_name/public/controller/action/parameter

Here is the total code for user's request (client.php):

<?php
$curl = curl_init('http://www.example.com/app/public/user/add/1');

curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);                         
curl_setopt($curl, CURLOPT_USERPWD, 'username:password');
curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_ANY);                    
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);                          
curl_setopt($curl, CURLOP开发者_如何学运维T_FOLLOWLOCATION, true);                           
curl_setopt($curl, CURLOPT_USERAGENT, 'Sample Code');

$response = curl_exec($curl);                                          
$resultStatus = curl_getinfo($curl);                                   

if($resultStatus['http_code'] == 200) {
    echo $response;
} else {
    echo 'Call Failed '.print_r($resultStatus);                         
}

?>

Now what i want is that, i must be able to retrieve the username and password at the server side (in my zend controller), so that i can verify the user credentials from database and send the response accordingly. So how can i do authentication in another page?

Zend Framework has a ready-made component for handling HTTP authentication.

Checkout the examples at

  • http://framework.zend.com/manual/en/zend.auth.adapter.http.html

If you don't want to use that, you can still go the "old-school" way, as described in

  • http://php.net/manual/en/features.http-auth.php

and manually check on $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW']

You need to set CURLOPT_HTTPAUTH to CURLAUTH_BASIC.

That way, in the target script, PHP_AUTH_USER and PHP_AUTH_PW (plain text) will be available.

Calling script:

<?php
$ch = curl_init('https://localhost/target.php');
// ...
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_exec($ch);
?>

In target.php:

$user = $_SERVER['PHP_AUTH_USER'];
$pass = $_SERVER['PHP_AUTH_PW'];

I suggest executing the cURL request over HTTPS since username and password are transmitted plain text.

you can send username and password as post fields 

$post_data = $user.":".$pass
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);

you can get the credentials using $_POST

继续阅读:curlhttpphpzend-framework

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9