|
|
|
While developing a project using two factor authentication, with a key fob, I needed to use HTTP Basic Authentication over SSL, to prevent XSS as the project was a web based proxy. Now I had PHP5 running as a module, but PHP4 as CGI. There was the problem HTTP Authentication isn’t available under PHP running as CGI.
First you need to configure mod_rewrite:
.htaccess:
RewriteEngine on
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
What that will do is feed the base64′d user:pass into an environment variable named HTTP_AUTHORIZATION.
Then just add this above your script:
list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(’:’ , base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
That splits up the username and password, and makes it look as if you were running PHP as a module.
So for a sample script:
<?
// split the user/pass parts
list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(’:', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
// open a user/pass prompt
if (!isset($_SERVER['PHP_AUTH_USER'])) {
header(’WWW-Authenticate: Basic realm=”My Realm”‘);
header(’HTTP/1.0 401 Unauthorized’);
echo ‘Text to send if user hits Cancel button’;
exit;
} else {
echo ‘Hello, ‘.htmlentities($_SERVER['PHP_AUTH_USER']).’
‘;
echo ‘You entered as your password: ‘.htmlentities($_SERVER['PHP_AUTH_PW']).’
‘;
}
?> |
|
IP卡
狗仔卡
发表于 2008-10-19 22:56:36
QQ好友和群
QQ空间
腾讯微博
腾讯朋友
收藏
分享
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
显身卡
楼主