通过表单发送基本身份验证信息

发布于 2024-10-07 14:00:45 字数 855 浏览 7 评论 0原文

我正在开发一个当前使用基本身份验证对话框登录系统的网站,如果您转到此处,您会看到这种类型的对话框:http://www.dur.ac.uk/vm.boatclub/password/index.php 我没有设置这个系统,也无法轻松/快速地解决它,但它确实有效。然而问题是,该对话框对于告诉您必须使用哪些登录信息(即用户名和密码组合)并没有太大帮助,因此我想将其替换为表单。我一直认为这是不可能的,但我想问一下以找出答案。

是否可以设置一个 HTML 表单,将数据发送到服务器,以便服务器以与使用此对话框相同的方式接受数据?或者,是否可以设置一个 PHP 脚本,该脚本将采用正常形式的数据并以某种方式对其进行处理,将其传递到服务器以便其登录?

编辑:在被告知这是基本身份验证后,我四处寻找并设法找到一种有效并使用户持续登录的方法。但是,这在 Internet Explorer 中不起作用。解决方案很简单,将用户重定向到: http://用户名:[电子邮件受保护]/vm.boatclub/password/index.php 但大约 3 年前,Internet Explorer 由于网络钓鱼用途而将其删除。有没有办法使用javascript让浏览器以这种方式访问​​该网站?或者我必须简单地更改我的用户界面?

I am working on a site that currently uses a basic authentication dialog box login system, that is the type of dialog that you get if you go here: http://www.dur.ac.uk/vm.boatclub/password/index.php
I did not set this system up and am not in a position to easily/quickly work around it, but it DOES work. The issue however is that the dialog box is not very helpful in telling you what login information you have to use (that is which username and password combination), and so I would like to replace it with a form. I had been thinking that this wasn't possible but I wanted to ask in order to find out.

Is it possible to set up an HTML form that sends the data to the server such that it accepts it in the same way that it would using this dialog box? Alternatively is it possible to set up a PHP script that would take normal form data and process it somehow passing it to the server such that it logs in?

Edit: After being told that this is basic authentication I went around and have managed to find a way that works and keeps the user persistently logged in. However, this does not work in internet explorer. The solution was simply to redirect the user to:
http://username:[email protected]/vm.boatclub/password/index.php
But Internet Explorer removed it due to phishing uses about 3 years ago. Is there a way to use javascript to get the browser to access the site in this way? Or will I have to simply change my UI?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

怀念你的温柔 2024-10-14 14:00:45

经过相当多的研究后,我发现了一种在 Chrome 和 IE 中都有效的方法,这就是我测试过的所有方法,但代码的逻辑并不表明它应该在任何地方中断。它基于这篇文章:

http://www. peej.co.uk/articles/http-auth-with-html-forms.html

这相当深入,但关键在于 - 在表单提交上,您向基本的经过身份验证的文件夹发出 AJAX 请求。 AJAX 请求可以接受用户名和密码信息进行基本身份验证,一旦浏览器在该领域获得授权后进行身份验证,即它将保持登录状态。上一篇文章是用纯 JavaScript 实现的,因此除了简单解释之外,还需要添加一些内容链接这里是一个使用 jQuery 的(希望相当透明的)实现:

  $(document).ready(function()
  {
    $('#loginForm').submit(function()
    {
      var username = $('#usernameInput').val();
      var password = $('#passwordInput').val();

      $.ajax(
        {
          'password' : password,
          'username' : username,
          'url'      : 'http://www.website.com/basic-auth-file.php',
          'type'     : 'GET',
          'success'  : function(){ window.location = 'http://www.website.com/basic-auth-file.php'; },
          'error'    : function(){ alert('Bad Login Details');},
        }
      );

      return false;
    });
  });

这实现了我想要的,并且相对简单理解,但是我恳请任何想要这个出去并且不知道基本身份验证的人出去并执行研究!

After a fair bit of research I found a way that works in both Chrome and IE, that is all that I've tested it in, but the logic of the code does not suggest it should break anywhere. It is based upon this article:

http://www.peej.co.uk/articles/http-auth-with-html-forms.html

Which is rather in depth but the crux of it is this - on the form submit you make an AJAX request into the basic authenticated folder. AJAX requests can accept username and password information for basic auth, and once the browser has authed once it's authorised in that realm, i.e. it will stay logged in. The previous article does it in pure javascript, so to add something other than simply explaining the link here's a (hopefully fairly transparent) implementation using jQuery:

  $(document).ready(function()
  {
    $('#loginForm').submit(function()
    {
      var username = $('#usernameInput').val();
      var password = $('#passwordInput').val();

      $.ajax(
        {
          'password' : password,
          'username' : username,
          'url'      : 'http://www.website.com/basic-auth-file.php',
          'type'     : 'GET',
          'success'  : function(){ window.location = 'http://www.website.com/basic-auth-file.php'; },
          'error'    : function(){ alert('Bad Login Details');},
        }
      );

      return false;
    });
  });

This achieved what I wanted, and is relatively simple to understand, however I would implore anyone who wanted this to go out and didn't know about basic auth to go out and do the research!

翻身的咸鱼 2024-10-14 14:00:45

您可以将其替换为表格。 http://www.dur.ac.uk/vm.boatclub/password /index.php 使用基本访问身份验证

基本访问身份验证

您可以做的是通过curl执行基本身份验证

<?php 
// HTTP authentication 
$url = "http://www.dur.ac.uk/vm.boatclub/password/index.php"; 
$ch = curl_init();     
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);  
curl_setopt($ch, CURLOPT_URL, $url);  
curl_setopt($ch, CURLOPT_USERPWD, "myusername:mypassword");  
$result = curl_exec($ch);  
curl_close($ch);  
//echo $result; 
?> 

选项1

代理一切只是回显$result

选项2

$result 读取标头,如果状态代码 != 200,则输入了错误的登录信息。用户应再次输入表单。如果状态代码 == 200 已输入正确的凭据,您应该通过发送标头进行 http 基本身份验证。

header("Authorization: Basic " . base64_encode($username . ":" . $password);

在发送标头之前,您不应回显任何数据($result),否则您将收到错误

一些快速链接:

You can replace it with a form. http://www.dur.ac.uk/vm.boatclub/password/index.php uses basic access authentication.

basic access authentication

What you could do is perform basic authentication via curl

<?php 
// HTTP authentication 
$url = "http://www.dur.ac.uk/vm.boatclub/password/index.php"; 
$ch = curl_init();     
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);  
curl_setopt($ch, CURLOPT_URL, $url);  
curl_setopt($ch, CURLOPT_USERPWD, "myusername:mypassword");  
$result = curl_exec($ch);  
curl_close($ch);  
//echo $result; 
?> 

Option 1

Proxy everything just echo'ing $result

Option 2

Read headers from $result and if status code != 200 then wrong login information has been entered. User should enter form again. If status code == 200 right credentials have been entered and you should do http basic authentication by sending headers.

header("Authorization: Basic " . base64_encode($username . ":" . $password);

You should not echo any data($result) before sending header else you will get an error

Some quick links:

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文