2. Tech
  3. User authentication implementation in PHP

User authentication implementation in PHP

zhaozj2021-02-17  49

User authentication implementation in PHP

(Wangfeng April 29, 2001 15:46) When the user is designed and maintained, it is often necessary to limit access to certain important documents or information. Typically, we can adopt an HTTP-based user authentication mechanism based on the web server. When the visitor browses the protected page, the client browser pops up the dialog window asks the user to enter the username and password, verify the user's identity to determine if the user has the right to access the page. The following is used in two ways to illustrate its implementation principle. First, use the HTTP header to implement the header is the server that the server transmits HTML information to the browser to send HTML information to the browser. HTTP uses a challenge / response mode to identify users attempting to enter the password protection area. Specifically, when the user issues a request for a protected area for the first time, the challenge process is started, the server returns a special 401 header, indicating that the user's identity is not verified. The client browser automatically pops up the dialog after detecting the above response, requiring the user to enter the username and password. After the user completes the input, click OK, and its identification information is transmitted to the server for verification. If the username and password entered by the user are valid, the web server will allow the user to enter the protected area and maintain the validity of their identity during the entire access. Conversely, if the user name or password entered by the user cannot be verified, the client browser will continue to pop up the input window to ask the user to try the correct information again. The entire process will continue until the user input the correct information location, or you can set the maximum number of times that allows the user to try, and will automatically reject the user's access request. In the PHP script, use the function header () to send the HTTP header directly to the client's browser, so that the client will automatically pop up the username and password input window to implement our identity authentication. In PHP, the information entered by the client user automatically saves the three global variables of $ PHP_AUTH_USER, $ PHP_AUTH_PW, and $ PHP_AUTH_TYPE. With these three variables, we can verify the user's identity according to the user account information stored in a data file or database! However, you need to remind the user to pay attention to: Only $ PHP_AUTH_USER, $ PHP_AUTH_USER, $ PHP_AUTH_USER, $ PHP_AUTH_USER And the three variables of $ PHP_AUTH_TYPE. If the user uses the PHP of the CGI mode, the verification function cannot be implemented. Module mounting method with PHP is attached to this section. Below we use the MySQL database to store the user's identity. We need to extract the usernames and passwords of each account from the database to compare the $ PHP_AUTH_USER and $ PHP_AUTH_PW variables to determine the authenticity of the user.

First, establish a database database named XINXIKU in MySQL, named User; Table is as follows:

Create Table User (ID INT (4) Not Null Auto_Increment, Name Varchar (8) Not Null, Password Char (8) Not Null, PRIMARY Key (ID))

Description: 1, ID is a serial number, not zero and automatically increment, for the primary key; 2, name is the user name, can not be empty; 3, Password is the user password, can not be empty;

The following is the user verification file login.php

/ / Judgment if the username is set if (! Isset ("www-authenticate: Basic realm =" authentication function "); Header (" http / 1.0 401 unauthorized "); ECHO" authentication Failure, you have no access to network resources! "; Exit ();} / * Connection database * / $ db = mysql_connect (" localhost "," root ","); // Select Database mysql_select_db ("xinxiku", $ DB); // Query if the user has $ Result = mysql_query ("SELECT * from user where name = '$ pHP_AUTH_USER' AND password = '$ PHP_AUTH_PW'", $ dB); if ($ myrow = mysql_fetch_row ($ result)) {// The following is a related operation after authentication ...} else {// authentication is unsuccessful, prompting users to re-enter header ("WWW-Authenticate: Basic Realm =" Authentication Function "); Header (" " HTTP / 1.0 401 Unauthorized "); Echo" Authentication Failed, you have no access to network resources! "; Exit ();}?> Program Description: In the program, first check whether the variable $ php_auth_user is set. If there is no setting, you need to verify, the script issues an HTTP 401 error number header, telling the client's browser to authenticate, pop up a authentication window by the client's browser, prompting the user to enter the username and password, after the input is complete, connect Database, query that the username and password are correct, if correct, allow login to perform related operations, if not correct, continue to enter the username and password.

Function Description: 1. Isset (): Used to determine if a variable has been assigned. Returns True or False 2 based on whether the variable value exists, header (): is used to send a specific HTTP header. Note that when using the header () function, you must call the function in front of any HTML or PHP code that generates the actual output. 3, mysql_connect (): Open the MySQL server connection. 4, mysql_db_query (): Send query string (query) to the MySQL database. 5, MySQL_FETCH_ROW (): Returns a single column of fields. Second, use the session to implement server verification For pages that require authentication, using Apache server authentication is the best. However, the interface of the Apache server verification is not friendly. Moreover, the PHP of the CGI mode PHP under IIS cannot use the Apache server to verify. In this way, we can use the session to save the user identity between different pages to achieve the purpose of authentication. On the backend we also use the above MySQL data inventory to place user information.

Let's write a user login interface, a file called login.php, under the Code post: ____________________________________________________________

User Name:
password :
____________________________________________________________ login1.php form submission process, as follows:

$ db = mysql_connect ("localhost", "root", ""); mysql_select_db ("xinxiku", $ db); $ result = mysql_query ("SELECT * from user where name = '$ name' and password = '$ Pass '", $ db); if ($ error) {// Registered User session_start (); session_register (" user "); $ user = $ myrow [" user "]; // Authentication success Performing related operations ...} else {echo "Authentication failed, you have no access to network resources!";}?> Here, the user can use ** http: // DomainName in subsequent operations /Next.php?User= User name ** to bypass authentication. Therefore, the subsequent operation should first check if the variable is registered: has been registered, and the corresponding operation is performed, otherwise it is considered illegally logged in. The relevant code is as follows:

Session_start (); if (! ")) {echo" authentication failed, belonging to illegal login! ";} else {// Successfully logged in to perform related operations ...}?>

Appendix: PHP is installed in module 1, first download the file: mod_php4-4.0.1-pl2. [If you are not PHP4, then upgrade!] After the unwrapping, there are three files: mod_php4.dll, mod_php4.conf, readme.txt 2, related file copiers copy MOD_PHP4.DLL to the MODULES directory of the Apache installation directory below Copy MOD_PHP4.CONF to the confed directory of the Apache installation directory to copy the msvcrt.dll file to the Apache installation directory below 3, open the conf / srm.conf file, plus include include conf / mod_php4.conf is doing this Before you, please set the statement in your httpd.conf, so set the statement, which is similar to the following!

转载请注明原文地址:https://www.9cbs.com/read-29398.html

9cbs

New Post(0)