If you use .htaccess, the web server will handle everything for you without any problems. You can assume (if you have not made a mistake) that the person is authorized.
http auth , script, , .
http://php.net/manual/en/features.http-auth.php
curl . http, -.
auth, , . http auth - .
DC
, , , . , , , .
.htaccess .htpasswd, , - . HTTP-, , , , , , .
, ... - , , , , .
, , http://localhost/controller/action/page.xml , . , , , .
http://localhost/controller/action/page.php
DC
:
curl ---> page.php (first request)
curl <--- page.php (first reply) "Please identify yourself" ('401 unauthorised' http code)
curl username:password ---> page.php (second request now includes user auth)
curl <--- page.php (second reply) ok here is the page (if id succesfull)
,
2 php
auth.php - , , .
<?php
if (!isset($_SERVER['PHP_AUTH_USER'])) {
header('WWW-Authenticate: Basic realm="My Realm"');
header('HTTP/1.0 401 Unauthorized');
echo "User name and password is required. Please try again.\n";
} else {
echo "Hello {$_SERVER['PHP_AUTH_USER']}\n";
echo "You entered {$_SERVER['PHP_AUTH_PW']} as your password.\n";
}
?>
curlfetch.php script
<?php
$curl = curl_init('http://localhost/auth.php');
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_USERPWD, 'key:123456');
curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($curl, CURLOPT_USERAGENT, 'Sample Code');
$response = curl_exec($curl);
$resultStatus = curl_getinfo($curl);
if($resultStatus['http_code'] == 200) {
echo $response;
} else {
echo 'Call Failed '.print_r($resultStatus);
}
?>
script 1
curl http://localhost/auth.php
...
User name and password is required. Please try again.
curl -u user:pass http://localhost/auth.php
...
Hello user
You entered pass as your password.
script, , , script
curl http://localhost/curlfetch.php
...
Hello key
You entered 123456 as your password.
DC