Using HTTP Authentication


Here's a final topic for this chapterdetermining whether the user has logged in. Most servers allow you to restrict access to sections of your web site by supporting usernames and passwords, which you add to configuration files in the server. When you try to access a restricted part of a web site, you'll get a dialog box that asks for your username and password, as shown in Figure 6-23.

Figure 6-23. Entering username and password.


PHP allows you to determine whether the user has been authorized by checking the "PHP_AUTH_USER" key in $_SERVER. Here's an exampleif $_SERVER['PHP_AUTH_USER'] has been set, we welcome the user by nameotherwise, we terminate the current script with the PHP exit function:

 <?php     if (!isset($_SERVER['PHP_AUTH_USER'])) {         header('WWW-Authenticate: Basic realm="workgroup"');         header('HTTP/1.0 401 Unauthorized');         echo 'Sorry, you are not authorized.';         exit;     }     else {         echo "Welcome, {$_SERVER['PHP_AUTH_USER']}.";     } ?> 

That completes our work with web applications for the moment. In the next chapter, we're going to add still more PHP power to our arsenal by doing some object-oriented programming and by working with files.



    Spring Into PHP 5
    Spring Into PHP 5
    ISBN: 0131498622
    EAN: 2147483647
    Year: 2006
    Pages: 254

    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net