User Authentication with PHP
If you want to implement password protection on a per-script basis, then you can use the header() function in conjunction with the $PHP_AUTH_USER and $PHP_AUTH_PW global variables to create a basic authentication scheme. A typical server-based authentication request/response round looks much like the following:
1. The user requests a file from a Web server. If the file is within a protected area, the server responds by adding a 401 (illegal user) string to the response file header.
2. After the browser sees the response, a username/password dialog box pops up.
3. The user enters the user name and password in the dialog box, and then clicks the "Confirm" button to send this information back to the server.
4. If the username and password are valid, the protected file will be displayed to the user, and as long as the currently verified user is within the protected area. The above authentication processes are all valid.
A simple PHP script can emulate the HTTP authentication request/response system by sending the appropriate HTTP headers to cause the username/password dialog to automatically appear on the client's screen. PHP stores user input dialog information in the $PHP_AUTH_USER and $PHP_AUTH_PW variables. Using these variables, you can store the list that does not meet the username/password check to a text file, database or any place you specify. Note: The three global variables $PHP_AUTH_USER, $PHP_AUTH_PW and $PHP_AUTH_TYPE are only available in PHP is only available when installed as a module. If you are using the CGI version of PHP, then you are limited to using .htaccess-based authentication or database-based authentication, so you must design an HTML form to let the user enter a username and password, and then let PHP do the validation examine.
The example below shows a check for two settings, but in theory it is not essentially different from the above username and password check.
/* Check for values in $PHP_AUTH_USER and $PHP_AUTH_PW */
if ((!isset($PHP_AUTH_USER)) || (!isset($PHP_AUTH_PW))) {
/* No values: send headers causing dialog box to appear */
header('WWW-Authenticate: Basic realm="My Private Stuff"');
header('HTTP/1.0 401 Unauthorized');
echo 'Authorization Required.';
exit;
} else if ((isset($PHP_AUTH_USER)) && (isset($PHP_AUTH_PW))){
/* Values contain some values, so check to see if they're correct */
if (($PHP_AUTH_USER != "validname" ) || ($PHP_AUTH_PW != "goodpassword")) {
/* If either the username entered is incorrect, or the password entered is incorrect, send the headers causing dialog box to appear */
header('WWW-Authenticate: Basic realm="My Private Stuff"');
header('HTTP/1.0 401 Unauthorized');
echo 'Authorization Required.';
exit;
} else if (($PHP_AUTH_USER == "validname") || ($PHP_AUTH_PW == "goodpassword")) {
print success message */ print success message >
Remember that when you are using file-based protection, this approach is not a security blanket that will definitely protect the directory. This will be obvious to most of you, but if your brain makes a connection between the pop-up dialog box and protecting a given directory, you have to work hard to recognize this process.
The above introduces the 10 tips 5 of acronis disk director suite 10 PHP scripts, including the content of acronis disk director suite 10. I hope it will be helpful to friends who are interested in PHP tutorials.
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
