身份验证

使用Apache的.htaccess特性：

如果只需对整个网站或特定的目录提供全局保护，.htaccess特性非常适合。

创建.htaccess的文件，把/path/to替换为另一个必要文件.htpasswd的路径

AuthUserFile /path/to/.htpasswd
AuthType Basic
AuthName "My Files"
Require valid-user

创建.htpasswd文件：

admin:TcmvAdAHiM7UY
client:f.i9PC3.ATcXE

用PHP验证用户

例：使用isset()验证一个变量是否包含值

1 if( !isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW'])) {
2         header('WWW-Authenticate: Basic Realm = "Book Projects"');
3         header('HTTP/1.1 401 Unanthorized');
4     } else {
5         echo "Your supplied username: {$_SERVER['PHP_AUTH_USER']}<br />";
6         echo "Your password: {$_SERVER['PHP_AUTH_PW']}<br />";
7     }

PHP验证方法

按照硬编码登录对身份进行验证

1 if(($_SERVER['PHP_AUTH_USER'] != 'wei') || ($_SERVER['PHP_AUTH_PW'] != 'xing')) {
2         header('WWW-Authenticate: Basic Realm = "weixing"');
3         header('HTTP/1.1 401 Unanthorized');
4         print("You must provide the proper credentials!");
5         exit;
6     }

根据平面文件登录库来验证用户

　　包含加密密码的authenticationFile.txt文件

jason:60d99e58d66a5e0f4f89ec3ddd1d9a80
donald:d5fc4b0e45c8f9a333c0056492c191cf
mickey:bc180dbc583491c00f8a1cd134f7517b

 1 <?php
 2     $authorized = FALSE;
 3 
 4     if(isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
 5 
 6         $authFile = file("authenticationFile.txt");
 7 
 8         if(in_array($_SERVER['PHP_AUTH_USER'].
 9                 ":"
10                 .md5($_SERVER['PHP_AUTH_PW'])."
", $authFile))
11             $authorized = TRUE;
12     }
13 
14     if( !$authorized) {
15         header('WWW-Authenticate: Basic Realm="Secret Stash"');
16         header('HTTP/1.0 401 Unauthorized');
17         print('You must provide the proper credentials');
18         exit;
19     }
20 ?>

根据MySQL数据库验证用户

用户验证表

1 CREATE TABLE logins(
2     id INTEGER UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY,
3     username VARCHAR(255) NOT NULL,
4     pswd VARCHAR(32) NOT NULL
5 );
6 
7 INSERT INTO logins (username,pswd) VALUES('weixing','weixing');
8 INSERT INTO logins (username,pswd) VALUES('yuliang','yuliang');
9 INSERT INTO logins (username,pswd) VALUES('hujiang','hujiang');

 1 <?php
 2     function authenticate_user(){
 3         header('WWW-Authenticate: Basic Realm="Secret Stash"');
 4         header('HTTP/1.0 401 Unauthorized');
 5         print('You must provide the proper credentials');
 6         exit;
 7     }
 8 
 9     if( !isset($_SERVER['PHP_AUTH_USER'])) {
10         authenticate_user();
11     }else{
12         $db = new mysqli("127.0.0.1", "root", "", "test");
13 
14         $stmt = $db -> prepare("SELECT username, pswd from logins where username=? and pswd=?");
15 
16         $stmt -> bind_param('ss', $_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
17 
18         $stmt -> execute();
19 
20         $stmt -> store_result();
21         if( $stmt->num_rows == 0) {
22             authenticate_user();
23         }
24     }
25 ?>