使用 PHP 进行 HTTP 标头授权
我正在尝试使用 PHP 将 HTTP 身份验证添加到我的管理页面。我逐字复制了一堆不同的例子,但没有一个起作用。有谁知道您是否需要在服务器端执行某些操作,或者此代码是否不适用于较新版本的 PHP?请帮忙!
这是我的测试“authorize.php”文件。我只是在每个管理页面上使用 require_once 。
<?php
if (!isset($_SERVER['PHP_AUTH_USER'])) {
header('WWW-Authenticate: Basic realm="My Realm"');
header('HTTP/1.0 401 Unauthorized');
echo 'Text to send if user hits Cancel button';
exit;
} else {
echo "<p>Hello {$_SERVER['PHP_AUTH_USER']}.</p>";
echo "<p>You entered {$_SERVER['PHP_AUTH_PW']} as your password.</p>";
}
?>
所发生的情况是授权一次又一次地弹出。 PHP_AUTH_USER 永远不会被设置。
I'm trying to add an HTTP Authentication to my admin page using PHP. I've verbatim copied a bunch of different examples and none are working. Does anyone know if there are certain things you need to do on the server side or if this code doesn't work with newer versions of PHP? Please help!
Here is my test 'authorize.php' file. I am just using require_once on this for each admin page.
<?php
if (!isset($_SERVER['PHP_AUTH_USER'])) {
header('WWW-Authenticate: Basic realm="My Realm"');
header('HTTP/1.0 401 Unauthorized');
echo 'Text to send if user hits Cancel button';
exit;
} else {
echo "<p>Hello {$_SERVER['PHP_AUTH_USER']}.</p>";
echo "<p>You entered {$_SERVER['PHP_AUTH_PW']} as your password.</p>";
}
?>
What happens is that the authorization just pops up over and over. PHP_AUTH_USER never gets set.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
如果你的 PHP 作为 CGI/FastCGI 工作,那么你就没有运气了。尝试将其切换为非cgi模式。
If your PHP working as CGI/FastCGI, then you will have no luck. Try to switch it in non-cgi mode.
对于遇到此问题的其他人,您可以在 .htaccess 中添加重写规则。
通过此更改,HTTP 基本/摘要式身份验证将在 Godaddy 上运行。
For others who come across this problem, you can add rewrite rule in .htaccess.
HTTP Basic/Digest Authentication will work on Godaddy with this change.
您需要查明他们是否将其传递给 PHP,以及哪个服务器变量中有您的用户名。
制作一个小的 PHP 测试页面,将下面的代码放入其中,然后将其上传到受 .htaccess 保护的目录,即要求用户/密码的目录。
这段代码将显示所有服务器变量,您可以看到哪个变量中有您的用户名,然后使用该变量:
我认为它不会传递密码,而只会传递用户。而且您无论如何也不想通过网站回显密码。
You need to find out if they're passing it to PHP, and which Server variable has your user name in it.
Make a small PHP Test page, put the code below in it, and upload it to the directory that's being protected by .htaccess, i.e. where it's asking for a user/pw.
This code will show all the server variables, and you can see which one has your user name in it, then use that variable instead:
I don't think it's going to pass the password though, just the user. And you don't want to echo the password through a website anyway.