Presentation is loading. Please wait.

Presentation is loading. Please wait.

PHP-based Authentication

Published byGeraldine Preston Modified over 9 years ago

Similar presentations

Presentation on theme: "PHP-based Authentication"— Presentation transcript:

1 PHP-based Authentication
From:

2 Methods to implement Authentication
Basic Authentication  Session Based Authentication (see in session) Basic Authentication Session Based Authentication

3 Compare..

4 Basic Authentication When you explicitly send the appropriate HTTP headers from a PHP script to a Web browser an authentication dialog box will be displayed. The dialog box prompts you to enter a username and password. PHP assigns the username and password entered to the global variables $_SERVER[‘PHP_AUTH_USER’] and $_SERVER[‘PHP_AUTH_PW’], respectively.

5 Header() PHP header() function enables you to output a specific HTTP header string, such as a location redirection, or in our case, a "401" response code: "Unauthorized“ This type of header, combined with a "WWW-Authenticate" header, will activate an authentication dialog box.

6 EX1 : <?php     header('WWW-Authenticate: Basic realm="Private"'); header('HTTP/1.0 401 Unauthorized'); exit; ?>

7 EX2: <?php     if ((!isset( $_SEVER[‘PHP_AUTH_USER’] )) || (!isset($_SERVER[‘PHP_AUTH_PW’]))) {     header( 'WWW-Authenticate: Basic realm="Private"' );     header( 'HTTP/1.0 401 Unauthorized' );     echo 'Authorization Required.';     exit; } else {     echo "You entered {$_SERVER[‘PHP_AUTH_USER’] }for a username.<BR>";     echo "You entered {$_SERVER[‘PHP_AUTH_PW’]} for a password.<BR>"; } ?>

8 Using Hard-Coded Values
<?php if ( ( !isset( $_SERVER['PHP_AUTH_USER'])) || (!isset($_SERVER['PHP_AUTH_PW'])) || ( $_SERVER['PHP_AUTH_USER'] != 'user' ) || ( $_SERVER['PHP_AUTH_PW'] != 'open' ) ) { header( 'WWW-Authenticate: Basic realm="Private"' ); header( 'HTTP/ Unauthorized' ); echo 'Authorization Required.'; exit; } else {echo 'Success!';} ?>

9 PHP-based authentication isn't like
PHP-based authentication isn't like .htaccess or server-based authentication A layer of security is not placed over all the contents of an entire directory

10 EX: redirect after success
<?php if ( ( !isset( $_SERVER['PHP_AUTH_USER'] )) || (!isset($_SERVER['PHP_AUTH_PW'])) || ( $_SERVER['PHP_AUTH_USER'] != 'user' ) || ( $_SERVER['PHP_AUTH_PW'] != 'open' ) ) { header( 'WWW-Authenticate: Basic realm="Private"' ); header( 'HTTP/ Unauthorized' ); echo 'Authorization Required.'; exit; } else { header( 'Location: ); } ?>

11 EX : print HTML after success
<?php if((!isset($_SERVER['PHP_AUTH_USER']))||(!isset($_SERVER['PHP_AUTH_PW']))||($_SERVER['PHP_AUTH_USER']!= 'user')||($_SERVER['PHP_AUTH_PW']!='open')) { header( 'WWW-Authenticate: Basic realm="Private"' ); header( 'HTTP/ Unauthorized' ); echo 'Authorization Required.'; exit; } else { echo ‘ <HTML><HEAD><TITLE>Secret Stuff</TITLE></HEAD> <BODY> <H1>SECRET!</H1> <P>This is a secret message.</P> </BODY> </HTML>'; }

12 In re-direction and links, can add parameters: header("Location:page2
In re-direction and links, can add parameters: header("Location:page2.php?user=$username"); For encrypt in php: crypt(), md5()

13 See also : Validate Username/Passwords Using a Flat File
Validate Username/Passwords Using a .htpasswd File Validate Username/Passwords Using a Database

Download ppt "PHP-based Authentication"

Similar presentations

PHP I.

PHP I.
UFCE8V-20-3 Information Systems Development 3 (SHAPE HK) Lecture 3 PHP (2) : Functions, User Defined Functions & Environment Variables.

UFCE8V-20-3 Information Systems Development 3 (SHAPE HK) Lecture 3 PHP (2) : Functions, User Defined Functions & Environment Variables.
CHAPTER 3 MORE ON FORM HANDLING INCLUDING MULTIPLE FILES WRITING FUNCTIONS.

CHAPTER 3 MORE ON FORM HANDLING INCLUDING MULTIPLE FILES WRITING FUNCTIONS.
Copyright © 2004 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
V 1.0 OE NIK 2013 PHP+SQL 5. Password management (password hashing) Stateless HTTP, storage methods Login form 1.

V 1.0 OE NIK 2013 PHP+SQL 5. Password management (password hashing) Stateless HTTP, storage methods Login form 1.
The Basic Authentication Scheme of HTTP. Access Restriction Sometimes, we want to restrict access to certain Web pages to certain users A user is identified.

The Basic Authentication Scheme of HTTP. Access Restriction Sometimes, we want to restrict access to certain Web pages to certain users A user is identified.
Http Web Authentication Web authentication is used to verify a users identity before allowing access to certain web pages On web browsers you get a login.

Http Web Authentication Web authentication is used to verify a users identity before allowing access to certain web pages On web browsers you get a login.
Securing web applications using Java EE Dr Jim Briggs 1.

Securing web applications using Java EE Dr Jim Briggs 1.
>> PHP: Access Control & Security. Authentication: Source Authentication Source Hard-coded File-Based The username and password is available inside the.

>> PHP: Access Control & Security. Authentication: Source Authentication Source Hard-coded File-Based The username and password is available inside the.
Browsers and Servers CGI Processing Model ( Common Gateway Interface ) © Norman White, 2013.

Browsers and Servers CGI Processing Model ( Common Gateway Interface ) © Norman White, 2013.
A simple PHP application We are going to develop a simple PHP application with a Web interface. The user enters two numbers and the application returns.

A simple PHP application We are going to develop a simple PHP application with a Web interface. The user enters two numbers and the application returns.
Chapter 10 Managing State Information Using Sessions.

Chapter 10 Managing State Information Using Sessions.
Crawling The Web. Motivation By crawling the Web, data is retrieved from the Web and stored in local repositories Most common example: search engines,

Crawling The Web. Motivation By crawling the Web, data is retrieved from the Web and stored in local repositories Most common example: search engines,
Cookies COEN 351 E-commerce Security. Client / Session Identification HTTP does not maintain state. State Information can be passed using: HTTP Headers.

Cookies COEN 351 E-commerce Security. Client / Session Identification HTTP does not maintain state. State Information can be passed using: HTTP Headers.
Martin Kruliš 2. 4. 2015 by Martin Kruliš (v1.0)1.

Martin Kruliš by Martin Kruliš (v1.0)1.
Advance Database Management Systems Lab no. 5 PHP Web Pages.

Advance Database Management Systems Lab no. 5 PHP Web Pages.
1 Chapter 6 – Creating Web Forms and Validating User Input spring into PHP 5 by Steven Holzner Slides were developed by Jack Davis College of Information.

1 Chapter 6 – Creating Web Forms and Validating User Input spring into PHP 5 by Steven Holzner Slides were developed by Jack Davis College of Information.
Lecture 7 – Form processing (Part 2) SFDV3011 – Advanced Web Development 1.

Lecture 7 – Form processing (Part 2) SFDV3011 – Advanced Web Development 1.
Session 11: Security with ASP.NET

Session 11: Security with ASP.NET
Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions.

Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions.

Similar presentations

Ads by Google