Using PHP analog HTTP authentication If you want to implement password protection based on each script, you can create a basic authentication mechanism by combining a Header () function and $ PHP_AUTH_USER, $ PHP_AUTH_PW global variable. Usually the server-based authentication request / response process is as follows: 1. The user requests a file to a web server. If the file is within a protected area, the server will respond to the 401 (illegal user) string within the header of the response data. 2. The browser will pop up the username / password dialog after this response. 3. Users enter the username and password in the dialog, and then click "OK" to send this information back to the server for authentication. 4. If the username and password are valid, the protected file will be displayed to the user. This confirmation will continue to be effective in the protection area. A simple PHP script can automatically display the username / password dialog box to analog HTTP authentication request / response system by sending an appropriate HTTP header to analog HTTP authentication request / response system. PHP stores the information of the user input dialog in $ PHP_AUTH_USER and $ PHP_AUTH_PW variable. By using these variables, you can store a list that does not conform to the username / password test to a text file, a database, or anywhere you want. Note: $ PHP_AUTH_USER, $ PHP_AUTH_PW and $ PHP_AUTH_TYPE global variables are valid only when PHP is installed as a module. If you are using the PHP's CGI version, you will only be limited to HTACCESS authentication or database-based authentication methods, and allow users to enter user names and passwords via HTML forms, then let PHP complete valid checks. This example shows an acknowledgment check for two hardware coding values, regardless of where the user name and password are stored, which is theoretically identical.
