English
English
In web development, it is often necessary to perform user login authentication to protect sensitive information. This article will detail how to implement HTTP login authentication using PHP.
HTTP login authentication is based on the basic authentication mechanism of the HTTP protocol. When a client sends a request, it includes a username and password. The server verifies the correctness of this information upon receiving the request. If authentication is successful, the server returns a 200 OK status code; if unsuccessful, it returns a 401 Unauthorized status code.
The credentials for HTTP login authentication are typically stored in the Authorization field of the request header, formatted as "Basic base64(username:password)".
function getAuthorizationHeader() {
$headers = apache_request_headers();
if (isset($headers['Authorization'])) {
return $headers['Authorization'];
}
return null;
}
$authHeader = getAuthorizationHeader();
We can parse the username and password from the Authorization field.
function parseBasicAuth($authHeader) {
list($username, $password) = explode(':', base64_decode(substr($authHeader, 6)));
return array(
'username' => $username,
'password' => $password
);
}
$credentials = parseBasicAuth($authHeader);
Next, we will explain how to implement HTTP login authentication using PHP.
First, we need to verify the correctness of the username and password. Typically, the username and password are stored in a database and compared with the user’s input.
function authenticate($username, $password) {
// Retrieve the password of the corresponding user from the database
$storedPassword = '...';
if ($password == $storedPassword) {
return true;
} else {
return false;
}
}
if (authenticate($credentials['username'], $credentials['password'])) {
echo 'Authentication successful';
} else {
header('HTTP/1.1 401 Unauthorized');
echo 'Authentication failed';
exit;
}
After successful authentication, the login state can be saved in a session for subsequent visits.
session_start();
$_SESSION['isLoggedIn'] = true;
On pages or requests requiring login validation, check the login status. If the user is not logged in, return an unauthorized status code.
function checkLoginStatus() {
session_start();
if (isset($_SESSION['isLoggedIn']) && $_SESSION['isLoggedIn'] === true) {
return true;
} else {
return false;
}
}
if (!checkLoginStatus()) {
header('HTTP/1.1 401 Unauthorized');
echo 'Not logged in';
exit;
}
Through the steps above, we can implement basic HTTP login authentication with PHP. This method is simple and versatile, suitable for most web applications. In practical applications, the security of login authentication should be enhanced based on specific requirements.
