Chapter 6: Authentications. Training Course, CS, NCTU 2 Overview  Getting Username and Password  Verifying Username and Password  Keeping The Verification.

Slides:



Advertisements
Similar presentations
PHP Form and File Handling
Advertisements

UFCE8V-20-3 Information Systems Development 3 (SHAPE HK) Lecture 3 PHP (2) : Functions, User Defined Functions & Environment Variables.
Cookies, Sessions. Server Side Includes You can insert the content of one file into another file before the server executes it, with the require() function.
Lecture 6/2/12. Forms and PHP The PHP $_GET and $_POST variables are used to retrieve information from forms, like user input When dealing with HTML forms.
The Basic Authentication Scheme of HTTP. Access Restriction Sometimes, we want to restrict access to certain Web pages to certain users A user is identified.
>> PHP: Access Control & Security. Authentication: Source Authentication Source Hard-coded File-Based The username and password is available inside the.
HTML Form Processing Learning Web Design – Chapter 9, pp Squirrel Book – Chapter 11, pp
Chapter 10 Maintaining State Information Using Cookies.
Uploading Files. Why? By giving a user the option to upload a file you are creating an interactive page You can enable users have a greater web experience.
Cookies COEN 351 E-commerce Security. Client / Session Identification HTTP does not maintain state. State Information can be passed using: HTTP Headers.
15. User Authentication, Form Validation, Paging. M. Udin Harun Al Rasyid, S.Kom, Ph.D
Christopher M. Pascucci Basic Structural Concepts of.NET Browser – Server Interaction.
Martin Kruliš by Martin Kruliš (v1.0)1.
Web forms in PHP Forms Recap  Way of allowing user interaction  Allows users to input data that can then be processed by a program / stored in a back-end.
Reading Data in Web Pages tMyn1 Reading Data in Web Pages A very common application of PHP is to have an HTML form gather information from a website's.
Lecture 7 – Form processing (Part 2) SFDV3011 – Advanced Web Development 1.
Session 11: Security with ASP.NET
Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions.
Website Security ISYS 475. Authentication Authentication is the process that determines the identity of a user.
Cookies Set a cookie – setcookie() Extract data from a cookie - $_COOKIE Augment user authentication script with a cookie.
_______________________________________________________________________________________________________________ PHP Bible, 2 nd Edition1  Wiley and the.
CHAPTER 12 COOKIES AND SESSIONS. INTRO HTTP is a stateless technology Each page rendered by a browser is unrelated to other pages – even if they are from.
PHP Hypertext PreProcessor. Documentation Available SAMS books O’Reilly Books.
PHP Tutorial - Anas Jaghoub Chapter 2 Control Structures.
A little PHP. Enter the simple HTML code seen below.
© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Securing a Microsoft ASP.NET Web Application.
COMP3121 E-Commerce Technologies Richard Henson University of Worcester November 2011.
12/3/2012ISC329 Isabelle Bichindaritz1 PHP and MySQL Advanced Features.
School of Computing and Information Systems CS 371 Web Application Programming PHP – Forms, Cookies, Sessions and Database.
Multifarious Project A personal -system Team Members Abdullah Alghamdi Metaib Alenzai Mohammed Alshehri Hamd Alshamsi.
Lecture 8 – Cookies & Sessions SFDV3011 – Advanced Web Development 1.
Nic Shulver, Introduction to Sessions in PHP Sessions What is a session? Example Software Software Organisation The login HTML.
1 Chapter 9 – Cookies, Sessions, FTP, and More spring into PHP 5 by Steven Holzner Slides were developed by Jack Davis College of Information Science.
PHP2. PHP Form Handling The PHP $_GET and $_POST variables are used to retrieve information from forms, like user input. Name: Age:
ITM © Port, Kazman1 ITM 352 More on Forms Processing.
CSC 2720 Building Web Applications Server-side Scripting with PHP.
HTML FORMS GET/POST METHODS. HTML FORMS HTML Forms HTML forms are used to pass data to a server. A form can contain input elements like text fields, checkboxes,
COOKIES and SESSIONS. COOKIES A cookie is often used to identify a user. A cookie is a small file that the server embeds on the user's computer. Each.
Sessions in PHP – Page 1 of 13CSCI 2910 – Client/Server-Side Programming CSCI 2910 Client/Server-Side Programming Topic: Sessions in PHP Reading: Williams.
Web Database Programming Week 7 Session Management & Authentication.
ITM © Port, Kazman1 ITM 352 More on Forms Processing.
PHP-based Authentication
Controlling Web Site Access Using Logins CS 320. Basic Approach HTML form a php page that collects the username and password  Sends them to second PHP.
Sessions and Cookies State Management, Cookies, Sessions, Hidden Fields SoftUni Team Technical Trainers Software University
ASP. What is ASP? ASP stands for Active Server Pages ASP is a Microsoft Technology ASP is a program that runs inside IIS IIS stands for Internet Information.
PHP Secure Communications Web Technologies Computing Science Thompson Rivers University.
Chapter 7: Pratical Example – Implementation of Web File Sharer.
1 State and Session Management HTTP is a stateless protocol – it has no memory of prior connections and cannot distinguish one request from another. The.
PHP Session ISYS 475. Session The web server starts a session when a visitor visiting your web site and assigns a unique id, the session id for the session.
PHP and Sessions. Session – a general definition The GENERAL definition of a session in the “COMPUTER WORLD” is: The interactions (requests and responses)
IS2803 Developing Multimedia Applications for Business (Part 2) Lecture 1: Introduction to IS2803 Rob Gleasure
 A cookie is often used to identify a user. A cookie is a small file that the server embeds on the user's computer. Each time the same computer requests.
1 PHP HTTP After this lecture, you should be able to know: How to create and process web forms with HTML and PHP. How to create and process web forms with.
COEN 350: Network Security E-Commerce Issues. Table of Content HTTP Authentication Cookies.
1 CS428 Web Engineering Lecture 22 Building Dynamic Web pages (PHP - V)
Unit-6 Handling Sessions and Cookies. Concept of Session Session values are store in server side not in user’s machine. A session is available as long.
Sessions and cookies (part 2) MIS 3501, Fall 2015 Brad N Greenwood, PhD Department of MIS Fox School of Business Temple University 11/19/2015.
Securing Web Applications Lesson 4B / Slide 1 of 34 J2EE Web Components Pre-assessment Questions 1. Identify the correct return type returned by the doStartTag()
Session 11: Cookies, Sessions ans Security iNET Academy Open Source Web Development.
COOKIES AND SESSIONS.
LOGIN FORMS.
PHP: Further Skills 02 By Trevor Adams. Topics covered Persistence What is it? Why do we need it? Basic Persistence Hidden form fields Query strings Cookies.
CHAPTER 5 SERVER SIDE SCRIPTING
PHP Secure Communications
Authentication & .htaccess
19.10 Using Cookies A cookie is a piece of information that’s stored by a server in a text file on a client’s computer to maintain information about.
Chapter 19 PHP Part III Credits: Parts of the slides are based on slides created by textbook authors, P.J. Deitel and H. M. Deitel by Prentice Hall ©
Web Programming Language
PHP Secure Communications
Presentation transcript:

Chapter 6: Authentications

Training Course, CS, NCTU 2 Overview  Getting Username and Password  Verifying Username and Password  Keeping The Verification Result

Training Course, CS, NCTU 3 Getting Username and Password (1)  Two methods to get username and password from browser. HTTP Authentication with PHP Taking use of HTML ‘ ’ tag.  HTTP Authentication with PHP Taking use of HTTP Header Headers Sent:  WWW-Authenticate: Basic realm="My Realm”  HTTP/ Unauthorized Example <?php header('WWW-Authenticate: Basic realm="PHP Tranning"'); header("HTTP/ Unauthorized"); ?>

Training Course, CS, NCTU 4 Getting Username and Password (2) To get user’s input  Using the super-global: $_SERVER[‘'PHP_AUTH_USER ’]  The basic HTTP authentication example <?php if (!isset($_SERVER['PHP_AUTH_USER'])) { header('WWW-Authenticate: Basic realm="PHP Tranning"'); header('HTTP/ Unauthorized'); echo 'Text to send if user hits Cancel button'; } else { echo " Hello {$_SERVER['PHP_AUTH_USER']}. "; echo " You entered {$_SERVER['PHP_AUTH_PW']} as your password. "; } ?>

Training Course, CS, NCTU 5 Getting Username and Password (3)  Digest HTTP Authentication example –When using HTTP Basic Authentication, the username-password pair is effectively transmitted in the clear. –Using digest authentication, your password is never sent across the network in the clear, but is always transmitted as an MD5 digest of the user's password. –This mechanism is alternative authentication method. Hence, We don’t describe more detail about it. –If you are interesting in this method, you can refer the example of PHP manual.

Training Course, CS, NCTU 6 Getting Username and Password (4)  Taking use of html ‘ ’ tag Using POST method to get user’s input.  Note: GET is not recommended because it appears in URL. Example Username: Password: <?php echo " Hello {$_POST['user']}. "; echo " You entered {$_POST['pass']}", " as your password. "; ?>

Training Course, CS, NCTU 7 Getting Username and Password (5)  Practicing Creating a HTML page in order to input username, password, and others data which you want to know, for example, name, birthday, mail address, or simple math question. Creating a PHP page which can receive authentication information from above HTML page with POST method. If it cannot reveice authentication data from POST method, it must produce a authentication input message box itself. When it received username, password, and others user’s input, show it on browser

Training Course, CS, NCTU 8 Verifying Username and Password (1)  Verification After getting the username and password from users, the coming problem is “how to check” the correctness. How to encrypt the password? We do not mention here.  We only protect service from malformed connections.  Approaches To record the username/password in  PHP Arrays  Databases To take use of existing services.  FTP  POP3/IMAP …etc.

Training Course, CS, NCTU 9 Verifying Username and Password (2)  Verification using PHP array To record the “username => password” maps in an array Example $users = array( 'Mary' => 'aa123', 'John' => 'uupx', 'Jerry'=> 'password'); function auth(){ header('WWW-Authenticate: Basic realm="PHP Tranning"'); header('HTTP/ Unauthorized'); echo 'Text to send if user hits Cancel button'; } function check_auth($usr, $pwd){ global $users; if ($users[$usr] == $pwd) return TRUE; else return FALSE; } $un = $_SERVER['PHP_AUTH_USER']; $up = $_SERVER['PHP_AUTH_PW']; if (!isset($un) || !check_auth($un, $up) ) { auth(); } else { echo " Hello {$un}. "; echo " You entered $up as your password. "; }

Training Course, CS, NCTU 10 Verifying Username and Password (3)  Verification using databases To record the “username => password” maps in a database table. Example (change the check_auth function in previous example) $link = mysql_connect("localhost", "ystseng", “xxxxxx") or die(mysql_errno($link).": ".mysql_error($link)); mysql_select_db("ystseng_tphp", $link) or die(mysql_errno($link).": ".mysql_error($link)); function check_auth($usr, $pwd){ global $link; $sql = "Select ID From auth Where username='$usr' And password='$pwd'"; if (!($result = mysql_query($sql, $link))) return false; if (mysql_num_rows($result) == 1) return true; else return false; }

Training Course, CS, NCTU 11 Verifying Username and Password (4)  Verification using existing FTP Service Try to login to an existing FTP site, if FTP site accepts the username and password, we accept it too. Example (change the check_auth function in previous example) function check_auth($usr, $pwd){ $ftp_server="tphp.cs.nctu.edu.tw"; $conn_id = ftp_connect($ftp_server); // login with username and password $login_result = ftp_login($conn_id, $usr, $pwd); // check connection if ((!$conn_id) || (!$login_result)) $result = FALSE; else $result = TRUE; ftp_close($conn_id); return $result; }

Training Course, CS, NCTU 12 Verifying Username and Password (5)  Verification using existing Service Try to login to an existing Mail Server, check if the username and password accepted by the Server (Protocol: POP3, IMAP). Example (change the check_auth function in previous example) function check_auth($usr, $pwd){ $ret "$usr", "$pwd", OP_HALFOPEN)); $auth = $ret ? true : false; if ($ret) imap_close($ret); return $auth; }

Training Course, CS, NCTU 13 Verifying Username and Password (6)  Practicing Creating a HTML page in order to input username, password, and others data which you want to know, for example, name, birthday, mail address, or simple math question. Creating a PHP page which can receive authentication information from above HTML page with POST method. If it cannot reveice authentication data from POST method, it must produce a authentication input message box itself. When authentication information is correct, it will show “hello message” and visited counter. This visited counter can store in cookie (remember to set expire time) Hits:  You can use array variable in your PHP code or database to store username and password which be compared with user’s input

Training Course, CS, NCTU 14 Keeping The Verification Result (1)  After authentication, we have to keep username and password that user types. While using the “HTTP Authentication”, browsers will send the user/pass in header before closed. While using “HTML tag”, we have to keep data ourselves. Methods  Using while jumping between pages. –Not suitable, easily loss, and username/password will appear in HTML.  cookie and session mentioned in chapter 4. –Difference »cookie stores in client side, session in server side. »session ends with browser closed, cookie can be kept for longer time.

Training Course, CS, NCTU 15 Keeping The Verification Result (2) Examples  We design a function to check whether login successfully  If no, redirect browsing page to login page  Login procedure will check username and password  When it login successfully, it will redirect again to original page.     

Training Course, CS, NCTU 16 Keeping The Verification Result (3)  ex6-3_inc.php –library function. It will be include all PHP pages. <?php $users = array("peter" => "1234", "mary" => "abcd"); function check_auth() { global $users; if ($_COOKIE['PASS'] === null || $_COOKIE['USER'] === null) { header("Location: ex6-3_login.php?URL=$_SERVER[PHP_SELF]"); } if (md5($users[$_COOKIE['USER']]) != $_COOKIE['PASS']) { header("Location: ex6-3_login.php?URL=$_SERVER[PHP_SELF]"); } ?>

Training Course, CS, NCTU 17 Keeping The Verification Result (4)  ex6-3_login.php –Login PHP page. … "> Username: Password: …

Training Course, CS, NCTU 18 Keeping The Verification Result (5)  ex6-3_auth.php –Login procedure PHP page. <?php require_once("ex6-3_inc.php"); if ($users[$_POST['USER']] == $_POST['PASS']) { setcookie("USER", $_POST['USER'], time() ); setcookie("PASS", md5($_POST['PASS']), time() ); if ($_POST['URL']) { /* redirect to original page */ header("Location: } else { header("Location: ex6-3_1.php"); } else { echo "Wrong username or password"; } ?>

Training Course, CS, NCTU 19 Keeping The Verification Result (6)  ex6-3_1.php –Data PHP page.  ex6-3_2.php –Data PHP page. <?php require_once("ex6-3_inc.php"); check_auth(); echo "Hello, $_COOKIE[USER], this file is ex6-3_1.php"; ?> <?php require_once("ex6-3_inc.php"); check_auth(); echo "hay!, $_COOKIE[USER], this file is ex6-3_2.php"; ?>

Training Course, CS, NCTU 20 Q&A

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.