User Authentication with PHP
If you want to implement password protection on a per-script basis, then you can use the header() function in conjunction with the $PHP_AUTH_USER and $PHP_AUTH_PW global variables to create a basic authentication scheme. A typical server-based authentication request/response round looks a lot like this:
1. The user requests a file from a Web server. If the file is within a protected area, the server responds by adding a 401 (illegal user) string to the response file header.
2. After the browser sees the response, the username/password dialog box pops up.
3. The user enters the username and password in the dialog box, and then clicks the "Confirm" button to send this information back to the server.
4. If the username and password are valid, the protected file will be displayed to the user, and as long as the currently verified user is within the protected area. The above authentication processes are all valid.
A simple PHP script can emulate the HTTP authentication request/response system by sending the appropriate HTTP headers to cause the username/password dialog to automatically appear on the client's screen. PHP stores user input dialog information in the $PHP_AUTH_USER and $PHP_AUTH_PW variables. Using these variables, you can store the list of non-compliant username/password checks in a text file, database, or any place you specify
Note: $PHP_AUTH_USER, $PHP_AUTH_PW and $PHP_AUTH_TYPE Global variables are only valid when PHP is installed as a module. If you are using the CGI version of PHP, then you are limited to using .htaccess-based authentication or database-based authentication, so you must design an HTML form to let the user enter a username and password, and then let PHP do the validation examine.
The following example shows a check for two settings, but in theory it is not essentially different from the above username and password check.
/* Check for values in $PHP_AUTH_USER and $PHP_AUTH_PW */
if ((!isset($PHP_AUTH_USER)) || (!isset($PHP_AUTH_PW) )) {
/* No values: send headers causing dialog box to appear */
header('WWW-Authenticate: Basic realm="My Private Stuff"');
header(' HTTP/1.0 401 Unauthorized');
echo 'Authorization Required.';
exit;
} else if ((isset($PHP_AUTH_USER)) && (isset($PHP_AUTH_PW))){
/* Values contain some values, so check to see if they're correct */
if (($PHP_AUTH_USER != "validname") || ($PHP_AUTH_PW != "goodpassword ")) {
/* If either the username entered is incorrect, or the password entered is incorrect, send the headers causing dialog box to appear */
header('WWW-Authenticate: Basic realm="My Private Stuff"');
header('HTTP/1.0 401 Unauthorized');
echo 'Authorization Required.';
exit;
} else if (($PHP_AUTH_USER == "validname") || ($PHP_AUTH_PW == "goodpassword")) {
/* if both values are correct, print success message */
echo "
You're authorized!
";
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
