mnb93
asked on
HTTP [basic] Auth via PHP
How can I login to $x and check to see if the user/pass is correct using HTTP [basic] Auth? (The one where the login window pops up)
ASKER
I would like to use PHP to log into $x...
Are you saying you want to use PHP as a client to a web site which has a basic auth login form?
ASKER
yes
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Never knew that, neat... not very secure, but neat :)
URL auth is visible plain text.
BASIC auth is not a lot better.
NTLM auth is a LOT more secure.
BASIC auth is not a lot better.
NTLM auth is a LOT more secure.
ASKER
You could cheat as basic auth is ...
http://user:password@www.site.com/page.html
So how do I know if it worked?
http://user:password@www.site.com/page.html
So how do I know if it worked?
Your php script gets a response that is NOT a security error.
How are you making the call?
How are you making the call?
The HTTP Authentication hooks in PHP are only available when it is running as an Apache module and is hence not available in the CGI version. In an Apache module PHP script, it is possible to use the header() function to send an "Authentication Required" message to the client browser causing it to pop up a Username/Password input window. Once the user has filled in a username and a password, the URL containing the PHP script will be called again with the predefined variables PHP_AUTH_USER, PHP_AUTH_PW, and AUTH_TYPE set to the user name, password and authentication type respectively. These predefined variables are found in the $_SERVER and $HTTP_SERVER_VARS arrays. Both "Basic" and "Digest" (since PHP 5.1.0) authentication methods are supported. See the header() function for more information.
<?php
if (!isset($_SERVER['PHP_AUTH
header('WWW-Authenticate: Basic realm="My Realm"');
header('HTTP/1.0 401 Unauthorized');
echo 'Text to send if user hits Cancel button';
exit;
} else {
echo "<p>Hello {$_SERVER['PHP_AUTH_USER']
echo "<p>You entered {$_SERVER['PHP_AUTH_PW']} as your password.</p>";
}
?>
Regards,
Richard Quadling.