Geek Answers Handbook

PHP HTTP Basic Auth Using Form

How can I use basic HTTP authentication and the user must provide their username and password in HTML form and authenticate using basic HTTP authentication.

I heard that Internet Explorer no longer supports the use of http: // user: password@website.com , so I don’t know how best to approach this.

Using PHP, javascript and HTML is fine. I do not want to use PERL, and I do not have large javascript libraries.

If you do not think that HTTP Basic Auth. this is the best way, please recommend something easy and simple to do. This will be the only entry site for 5-6 people. No need to complicate it.

+4
source share
4 answers

The jQuery library has an ajax function that has a password and user parameter for authentication. When the user clicks on the username, you can get the username and password and pass the function $ .ajax.

  $ ('# submit'). click (function () {
    $ .ajax ({
       url: 'authenticated.php',
       username: $ ('# login'). val (),
       password: $ ('# passwd'). val (),
       success: function (data) {
          // do something with data from the server
       }
    });
    return false;
 });
+3
source

IMHO, the whole point of using HTTP authentication is to delegate authentication tasks:

  • The web server will take care of refusing unauthorized access to protected resources.
  • The browser will take care of the need to request a username and password

So, you have a working system with minimal effort.

Now, if you use the HTML form to request credentials, the server will know who you are, but the browser will not: it will request credentials as soon as it finds a WWW-Authenticate response header and 401 status code. To do this, the browser must send an Authorization request header for each HTTP request; however, your form cannot tell the browser to send the appropriate HTTP header.

Of course, you can write your own server-side authentication code in PHP, configure the server to parse it using static files, and omit 401 and WWW-Authenticate as soon as you get valid credentials (which should then be stored somewhere else location, for example, a PHP session). But then you lost all the benefits of HTTP authentication: for now, a custom login handler with PHP sessions will be much simpler.

Summarizing:

  • If you need simplicity, forget HTML forms
  • If you need HTML forms, write your own code.
+2
source

If I understand you correctly, you need to use .htpasswd with .htaccess: http://tools.dynamicdrive.com/password/

0
source

How can I use basic HTTP authentication and the user must provide their username and password in HTML form

In no case.

Please recommend something easy and simple.

sessions, cookies.
google for a PHP tutorial and get over 9000 articles

ok, one of them

 <? if (isset($_POST['auth_name'])) { $name=mysql_real_escape_string($_POST['auth_name']); $pass=mysql_real_escape_string($_POST['auth_pass']); $query = "SELECT * FROM users WHERE name='$name' AND pass='$pass'"; $res = mysql_query($query) or trigger_error(mysql_error().$query); if ($row = mysql_fetch_assoc($res)) { session_start(); $_SESSION['user_id'] = $row['id']; $_SESSION['ip'] = $_SERVER['REMOTE_ADDR']; } header("Location: http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']); exit; } if (isset($_GET['action']) AND $_GET['action']=="logout") { session_start(); session_destroy(); header("Location: http://".$_SERVER['HTTP_HOST']."/"); exit; } if (isset($_REQUEST[session_name()])) session_start(); if (isset($_SESSION['user_id']) AND $_SESSION['ip'] == $_SERVER['REMOTE_ADDR']) return; else { include 'your design here.php'; ?> <form method="POST"> <input type="text" name="auth_name"><br> <input type="password" name="auth_pass"><br> <input type="submit"><br> </form> <? } exit; ?>

intended for input into a file and is called require '/path/auth.php'; at the top of your scripts

-1
source

More articles:


All Articles