Skip to main content

PHP Authentication

When addressing the need to authenticate a web page (and subsequent pages/resources), integrating user
authentication directly into the design of the web application logic is both convenient (in the sense that
additional layers of communication is unnecessary) and flexible (in the sense that it is easier to integrate
into other applications/scripts when contained in one location). PHP allows three types of authentication:
Hard-coded, file-based and database authentication.

Authentication Variables

Within PHP, there are two pre-defined variables that are used in the authentication of users:
• $_SERVER['PHP_AUTH_USER'] - This variable holds the username that is needed for
authentication.
• $_SERVER['PHP_AUTH_PW'] - This variable holds the password that is needed for
authentication.

Limitations of Authentication Variables

When using the predefined authentication variables, it is important to keep in mind the following
limitations:

• Both variables must be verified at the start of every page. This limitation can be overcome by
having each restricted page wrapped in authentication code (in a separate file) using the REQUIRE()
function.

• The functions do not work properly with the CGI version of PHP - When running PHP through a
web server, there are two distinct options: running it using PHP's CGI SAPI, or running it as a module
for the web server. The CGI version has the advantage of having the php.ini read every time a PHP
page is called up; thus allowing changes in the php.ini to take place immediately (not requiring a
restart of the web server). However, the fact that every time a PHP file is read, the php.ini has to be
read, set its settings and load all of its extensions prior to actually reading the script makes this choice
an unreasonable choice for production environments (may be appropriate in development because
changes made can be seen immediately).

• These functions do not work on Microsoft's IIS server - the username and password are assigned
to the $_SERVER['HTTP_AUTHENTICATION'] variable and must be parsed to obtain the separate
username and password

Comments

Popular posts from this blog

PHP INTRODUCTION

                     PHP  (recursive acronym for  PHP: Hypertext Preprocessor ) is a widely-used open source general-purpose scripting language that is especially suited for web development and can be embedded into HTML. PHP stands for  P HP:  H ypertext  P reprocessor PHP is a server-side scripting language, like ASP PHP scripts are executed on the server PHP supports many databases (MySQL, Informix, Oracle, Sybase, Solid, PostgreSQL, Generic ODBC, etc.) PHP is an open source software PHP is free to download and use Why PHP? PHP runs on different platforms (Windows, Linux, Unix, etc.) PHP is compatible with almost all servers used today (Apache, IIS, etc.) PHP is FREE to download from the official PHP resource:  www.php.net PHP is easy to learn and runs efficiently on the server side What can PHP do? Anything. PHP is mainly focused on server-side scripting, so you can...

Data Encryption

Data encryption is the process of scrambling stored or transmitted information so that it is unintelligible until it is unscrambled by the intended recipient. The intended recipient can then decode (or decrypt) the information. PHP offers multiple means to make this happen. However, none of these solutions are very effective without the applications running on secure servers and connections. The following are a list of the more common encryption functions in PHP: • md5() - MD5 is a third-party hash algorithm that PHP can use to create a digital fingerprint of a piece of data. It is next to impossible to (efficiently) recover the original text when a piece of data has been encrypted with the md5 hash algorithm. It is also vastly unlikely that any different text string will create an identical hash - a 'hash collision'. These properties make hashes ideally suited for storing an application's passwords because although an attacker may compromise a part of the system...

Delimiting PHP Code

                           PHP was originally designed to be used in conjunction with a web server, and in the case of the LAMP architecture, the Apache Web Server.  PHP applications are designed embedding PHP scripts within a web page along with its HTML.  Unlike standard HTML pages which are sent directly from the web server to the end user, PHP files are first interpreted by the PHP application which then converts the PHP script into another form for display.  This process eliminates the end user from being able to see the original PHP script that was embedded in the HTML and provides  true interaction in HTML files.  This process is similar to proprietary applications such as ASP and Coldfusion; however, PHP is Open Source and cross- platform. PHP Tags             PHP scripts are distinguished from the HTML scripts by using delimiting characters ...