There are two types:
One is: session, the other is HTTP certification
Below is an example of a PHP Chinese manual:
-------------------------------------------------- ------------------------------
User Authentication
-------------------------------------------------- ------------------------------
On a special Web site, users often need the user's account and password, which is the step of identity confirmation. Early NCSA HTTPD servers do not provide this user confirmation, WebMaster can only use manual to create an identified CGI program.
Most of the web servers after Cern HTTPD provides the functionality of user identity confirmation. Only the configuration of each web server is not very different, but it is similar in configuration.
Here is the configuration confirmed by the user's identity on the Apache server.
Authtype Basic
Authname mymember
Authiserfile /usr/local/mymember.txt
Options incrudes Execcgi
Require Valid-User
In this example, when the user is watching all the files in the Mymember directory, the user's account password is required to confirm. The user's account and password file are stored in /usr/local/mymember.txt.
This account password file /us r/local/mymember.txt is like a next example. The string before the colon is a user account. The string after the colon is a password that cannot be restored. The encoding is generally a traditional DES code encoding, the first two words of the password are character (SALT), this example All are 3P. Each line represents a user. Of course, WebMaster should control the situation of the revitalization of the account. It is also particularly the case where the Win32 system is on the shelf, the password after the colon is not encrypted because Win32 does not provide this coded API, so the user password exists in a clear manner.
John1234: 3pwudbljmiwro
Queenwan: 3PFNVLNPN9W0M
Noname00: 3PESXAJX5PK7E
Wilson49: 3pjowb0enag22
Rootboot: 3pit0sni6.84e
Sun_moon: 3PVYMMENOC.X.
Nobody38: 3pbskpkwv94hw
In Apache version 1.3.6, you can use ~ apache / bin / htpasswd to generate a single account and password, but for business websites that require large materials, you may need to write your own writing. You need to call CRYPT () on UNIX to process encoding.
After everything is configured, the window will appear in the browser when the browser will appear in the browser. If the above figure is the user check mechanism of the SEEDNET's MySeed website. After entering the account and password, the browser will use the base64 encoded to the server side. Of course, Base64 is just the encoding is not encryption, so the security of this transmission on the network is still not high, or it is possible to cut off the intermediate, and then the base64 is restored, which is the most beautiful place in the entire user authentication, maybe after the future This problem can be solved after supporting summary authentication (DiGest) and using MD5 encoding. After each page still needs an account number and password, but the browser will help you send out, no need to enter the account password. This browser will remain until closed, and then the next redirect browser still needs to enter the first time.
When the number of users is small, the above method is used to easily and save time. But when users have tens of thousands, even hundreds of thousands, the efficiency of the entire server will be dragged under the password, which may take a page for dozens of seconds to minutes. This situation is not very wise to use the password check mechanism provided by the server. You may use NSAPI on Netscape Enterprise Server, you can use NSAPI to develop your own check, you can also develop in ISAPI filters. Write C / C programs NSAPI / ISAPI is always tired, there is another choice on PHP, which is also the topic of this section. -------------------------------------------------- ------------------------------
Squiring: Sadly (www.phpx.com)
PHP's HTTP-related function library provides a function of header (). Many web servers interactions with the client can use this function to trick. For example, at a PHP page, the first row or second line is added, and the following programs can be redirected to the author's web.
Header ("Location: http://wilson.gs");
EXIT;
?>
Of course, the HTML text after the above program or the PHP program will never appear in the client.
The same reason, we use header () to change user-certified tricks. You can send a string to the user end at the top of the PHP, and the window below appears in the client.
Header ("WWW-Authenticate: Basic Realm = /" MEMBER / ");
Header ("http / 1.0 401 unauthorized);
?>
In the string realm = / "member /" in the program appears in the figure, of course, if the Chinese word is replaced, the browser side will also appear in the browser, as the MySeed diagram above. If the web website users have other languages, such as English or Japanese, the realm string sent in Chinese seems to be more appropriate. In any case, this is determined by the nature and user positioning of the website.
Of course, this is still very rough, because in addition to sending the window, there is no next, the account is entered correctly, and there will be no results. We need to process more advanced programs.
-------------------------------------------------- ------------------------------
Squiring: Sadly (www.phpx.com)
In the rear end, consider using the database as the rear end of the storage account and the password, in which the architecture can accommodate a lot of users, taking 10,000 users or 100,000 users. If you have hundreds of thousands of user accounts, please congratulations, your station is a world-class big station. MySQL is a good choice, many websites, or even commercial websites use it to do backend databases. Of course, you have a true business website, money is not a problem, then you can use the largest Oracle database series of reputation.
To use any database in PHP, you must first configure the server side of the database and the client, then compile the PHP and Apache system.
After preparing MySQL and PHP, add a new database in MySQL, this example is to join mymember, and other names can be used. Mysql is easy to join the database (Database), as long as MKDIR in mysql is stored in Database. For example, hAHAHA: / usr / local / mysql / data # mkdir mymember in UNIX shell
After the database is established, it is still necessary to establish a data sheet. The configured form is as follows, you can store it in /tmp/membrauth.sql
Create Table Membrauth
Serial Mediumint (9) Not Null Auto_Increment,
Username char (8) Not null,
Password char (8) Not null,
Enable char (1) Default '0' Not Null,
PRIMARY Key (Serial)
);
File MEMBERAUTH.SQL
Let's take a look at these fields of MEMBERAUTH.SQL. Serial is an automatic integer field. Each input is automatically added, and it certainly can't be empty field, so you will use Not null. The second field is UserName, represents the user's account, in order to unify and adapt to the system, it is configured to be eight words, of course, this field cannot be empty. Password is the third field for the user's password. The fourth field enable is a logo that is valid as an account, and the design is 0 indicates useless, 1 table is available, and other values can be added to different purposes in the future.
After designing the information sheet, add the information sheet to the database. Because of the usual use of the MySQL database, you can download phpMyAdmin to http://www.phpwizard.net/phpmyadmin, use browser to operate and manage mysql, easy and convenient. If you use this pHPMYAdmin to enter MESQL on its user interface. Or you can also enter the following formula under the UNIX shell, and the same effect.
mysql mymember
After you are ready, you can enter the user account and password in the Membrauth data table. Of course, use phpMyadmin to be convenient, using the MySQL program to have a pen's insert.
Then I entered the stage of design functions.
// ---------------------------
// User Certification Function Auth.inc
// Author: Wilson Peng
// CopyRight (C) 1999
// ---------------------------
$ Error401 = "/Home/phpdocs/error/401.php";
IF ($ PHP_AUTH_PW == "") {
Header ("WWW-Authenticate: Basic Realm = /" Super Gold Card Member / "");
Header ("http / 1.0 401 unauthorized);
Include ($ Error401);
EXIT;
} else {
$ db_id = mysql_pconnect ("localhost", "myid", "mypw");
$ Result = mysql_db_query ("Mymember", "SELECT Password, Enable from Membrauth Where Username = '$ PHP_AUTH_USER'); $ ROW = MySQL_FETCH_ARRAY ($ Result);
$ MeMberpasswd = $ row [0];
$ MEMBERENABLE = $ row [1];
IF ($ MEMBERENABLE == 0) {
Echo "Your account is deactivated";
EXIT;
}
IF ($ pHP_AUTH_PW! = $ memberpasswd) {
Header ("WWW-Authenticate: Basic Realm = /" Super Gold Card Member / "");
Header ("http / 1.0 401 unauthorized);
Include ($ Error401);
EXIT;
}
}
?>
Copyright (c) 1999, Wilson Peng
To use this auth.inc, join the first line of each PHP to join
. In the PHP file that joins this program, check the account password, the picture, etc., the picture is not checked, and all checks in a directory using the web server function, PHP seems to have more flexible.
$ Error401 = "/Home/phpdocs/error/401.php";
This line indicates that the user wants to see if the user presses cancel or checks the failure.
IF ($ PHP_AUTH_PW == "") {
Header ("WWW-Authenticate: Basic Realm = /" Super Gold Card Member / "");
Header ("http / 1.0 401 unauthorized);
Include ($ Error401);
EXIT;
} else {
Before the ELSE, if there is no password, the window input is sent. The $ PHP_AUTH_USER, $ PHP_AUTH_PW is a special variable in PHP, which represents the account and password confirmed by the user. The above program is also using these two variables to handle user authentication.
$ db_id = mysql_pconnect ("localhost", "myid", "mypw");
$ Result = mysql_db_query ("Mymember", "SELECT Password, Enable from MemberAuth Where UserName = '$ PHP_AUTH_USER');
$ row = mysql_fetch_array ($ result);
$ MeMberpasswd = $ row [0];
$ MEMBERENABLE = $ row [1];
If the user has an input account and password, query the database. At the same time, check if the user is still available.
IF ($ MEMBERENABLE == 0) {
Echo "Your account is deactivated";
EXIT;
}
The upper four line programs are suspended for the account.
IF ($ pHP_AUTH_PW! = $ memberpasswd) {
Header ("WWW-Authenticate: Basic Realm = /" Super Gold Card Member / "");
Header ("http / 1.0 401 unauthorized);
Include ($ Error401);
EXIT;
}
The password is incorrect, and then the account number and password are required to the user again.
When actually use, you can join the Auth.inc file as needed to join, you don't have to view the graphics, the resource of the second end of the car raise server and the user. Of course, with MySQL, you can use mysql_pconnect () to connect to the MySQL server. Or use mysql_connect () to reconnect each time, with this function to remember to use mysql_close () to close the database earlier. The following program auth1.inc is another version of the authentication program, which is turned off immediately and releases the resource immediately after opening the connection.
// ---------------------------
// User Certification Function - 1 Auth1.inc
// Author: Wilson Peng
// CopyRight (C) 1999
// ---------------------------
$ Error401 = "/Home/phpdocs/error/401.php";
IF ($ PHP_AUTH_PW == "") {
Header ("WWW-Authenticate: Basic Realm = /" Super Gold Card Member / "");
Header ("http / 1.0 401 unauthorized);
Include ($ Error401);
EXIT;
} else {
$ db_id = mysql_connect ("LocalHost", "MyID", "MyPW");
$ Result = mysql_db_query ("Mymember", "SELECT Password, Enable from MemberAuth Where UserName = '$ PHP_AUTH_USER');
$ row = mysql_fetch_array ($ result);
$ MeMberpasswd = $ row [0];
$ MEMBERENABLE = $ row [1];
MySQL_Close ($ db_id);
IF ($ MEMBERENABLE == 0) {
Echo "Your account is deactivated";
EXIT;
}
IF ($ pHP_AUTH_PW! = $ memberpasswd) {
Header ("WWW-Authenticate: Basic Realm = /" Super Gold Card Member / "");
Header ("http / 1.0 401 unauthorized);
Include ($ Error401);
EXIT;
}
}
?>
Copyright (c) 1999, Wilson Peng
In practical applications, more features can be added to the database, such as the functionality of the user group (CUG); or join the time field, you can do it. Among them, there is a clever thinking of the designer.
