使用Apache的.htaccess特性:
如果只需对整个网站或特定的目录提供全局保护,.htaccess特性非常适合。
创建.htaccess的文件,把/path/to替换为另一个必要文件.htpasswd的路径
AuthUserFile /path/to/.htpasswd
AuthType Basic
AuthName "My Files"
Require valid-user
创建.htpasswd文件:
admin:TcmvAdAHiM7UY
client:f.i9PC3.ATcXE
用PHP验证用户
例:使用isset()验证一个变量是否包含值
1 if( !isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW'])) {
2 header('WWW-Authenticate: Basic Realm = "Book Projects"');
3 header('HTTP/1.1 401 Unanthorized');
4 } else {
5 echo "Your supplied username: {$_SERVER['PHP_AUTH_USER']}<br />";
6 echo "Your password: {$_SERVER['PHP_AUTH_PW']}<br />";
7 }
PHP验证方法
按照硬编码登录对身份进行验证
1 if(($_SERVER['PHP_AUTH_USER'] != 'wei') || ($_SERVER['PHP_AUTH_PW'] != 'xing')) { 2 header('WWW-Authenticate: Basic Realm = "weixing"'); 3 header('HTTP/1.1 401 Unanthorized'); 4 print("You must provide the proper credentials!"); 5 exit; 6 }
根据平面文件登录库来验证用户
包含加密密码的authenticationFile.txt文件
jason:60d99e58d66a5e0f4f89ec3ddd1d9a80
donald:d5fc4b0e45c8f9a333c0056492c191cf
mickey:bc180dbc583491c00f8a1cd134f7517b
1 <?php 2 $authorized = FALSE; 3 4 if(isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) { 5 6 $authFile = file("authenticationFile.txt"); 7 8 if(in_array($_SERVER['PHP_AUTH_USER']. 9 ":" 10 .md5($_SERVER['PHP_AUTH_PW'])." ", $authFile)) 11 $authorized = TRUE; 12 } 13 14 if( !$authorized) { 15 header('WWW-Authenticate: Basic Realm="Secret Stash"'); 16 header('HTTP/1.0 401 Unauthorized'); 17 print('You must provide the proper credentials'); 18 exit; 19 } 20 ?>
根据MySQL数据库验证用户
用户验证表
1 CREATE TABLE logins( 2 id INTEGER UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY, 3 username VARCHAR(255) NOT NULL, 4 pswd VARCHAR(32) NOT NULL 5 ); 6 7 INSERT INTO logins (username,pswd) VALUES('weixing','weixing'); 8 INSERT INTO logins (username,pswd) VALUES('yuliang','yuliang'); 9 INSERT INTO logins (username,pswd) VALUES('hujiang','hujiang');
1 <?php 2 function authenticate_user(){ 3 header('WWW-Authenticate: Basic Realm="Secret Stash"'); 4 header('HTTP/1.0 401 Unauthorized'); 5 print('You must provide the proper credentials'); 6 exit; 7 } 8 9 if( !isset($_SERVER['PHP_AUTH_USER'])) { 10 authenticate_user(); 11 }else{ 12 $db = new mysqli("127.0.0.1", "root", "", "test"); 13 14 $stmt = $db -> prepare("SELECT username, pswd from logins where username=? and pswd=?"); 15 16 $stmt -> bind_param('ss', $_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']); 17 18 $stmt -> execute(); 19 20 $stmt -> store_result(); 21 if( $stmt->num_rows == 0) { 22 authenticate_user(); 23 } 24 } 25 ?>