Home arrow PHP arrow Page 2 - User Authentication With Apache And PHP

Back To Basics - PHP

Want to restrict access to certain sections of your Web site?Or customize page content on the basis of user preferences? Or eventrack user movement across your site? Well, the bad news is that you'llneed to learn how to authenticate users on your site. The good news isthat this tutorial has everything you need to get started.

TABLE OF CONTENTS:
  1. User Authentication With Apache And PHP
  2. Back To Basics
  3. The Right Creds
  4. Hidden Costs
  5. Logging In
  6. Rank And File
  7. Heavy Iron
  8. Sock It To Me, Baby!
  9. Time To Live
  10. A Stitch In Time
  11. Closing Time
By: The Disenchanted Developer, (c) Melonfire
Rating: starstarstarstarstar / 59
March 13, 2002

print this article
SEARCH DEV SHED

TOOLS YOU CAN USE

advertisement
Now, there are a couple of different ways to go about adding this type of security to your application. The first (and most primitive, though also the simplest) is to simply have your Web server handle authentication for you. If you're using the Apache Web server (you probably are), you can access the server's authentication features to add basic security to your Web site.

In order to illustrate how this works, let's consider a simple example. Let's assume the existence of the following directory structure:

/usr/local/apache/htdocs/ index.html alpha.html beta.html admin/ index.cgi
Now, let's suppose that I want to protect the directory "admin". It's fairly simple to do with HTTP authentication.

The first step is to ensure that your Apache build includes support for the "mod_auth" module. You can check this by executing the Apache binary with the "-l" command-line option.

$ /usr/local/apache/bin/httpd -l Compiled-in modules: http_core.c mod_env.c mod_log_config.c mod_mime.c mod_negotiation.c mod_status.c mod_include.c mod_autoindex.c mod_dir.c mod_cgi.c mod_asis.c mod_imap.c mod_actions.c mod_userdir.c mod_alias.c mod_access.c mod_auth.c mod_setenvif.c mod_php4.c
If you don't see "mod_auth" in the list, you'll need to recompile Apache with support for that module.

Next, check Apache's configuration file, "httpd.conf", and ensure that the option

AllowOverride All
is present in the section for the server document root. This allows you to override global server settings via per-directory ".htaccess" control files.

Next, create a file named ".htaccess" in the "admin" directory, and put the following lines into it:

AuthType Basic AuthUserFile /usr/local/apache/users AuthName "Administration Module" Require valid-user
This tells the server that access to the "admin" directory (the directory in which the ".htaccess" file is located) is to be controlled, and access is to be granted to users based on the username/password information in the file "/usr/local/apache/users"

The final step is to create the "users" file. Change to the "/usr/local/apache" directory (or whichever directory you've decided to store the user data in) and use the "htpasswd" command:

$ htpasswd -c users john New password: **** Re-type new password: **** Adding password for user john
You can add more users to this file if you like (remember to omit the "-c" parameter for all subsequent additions, as that parameter creates a brand-new, empty file).

Remember *not* to store the "users" file in a directory under the server document root, or else malicious users will be able to view and download the password database through a browser.

Now, attempt to access the "admin" directory via your Web browser. The browser should pop up a dialog box and prompt you for a username and password. Access to the "admin" directory will be granted only if you enter a correct username and password, as defined in the "users" file.



 
 
>>> More PHP Articles          >>> More By The Disenchanted Developer, (c) Melonfire
 

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort
   

PHP ARTICLES

- Hackers Compromise PHP Sites to Launch Attac...
- Red Hat, Zend Form OpenShift PaaS Alliance
- PHP IDE News
- BCD, Zend Extend PHP Partnership
- PHP FAQ Highlight
- PHP Creator Didn't Set Out to Create a Langu...
- PHP Trends Revealed in Zend Study
- PHP: Best Methods for Running Scheduled Jobs
- PHP Array Functions: array_change_key_case
- PHP array_combine Function
- PHP array_chunk Function
- PHP Closures as View Helpers: Lazy-Loading F...
- Using PHP Closures as View Helpers
- PHP File and Operating System Program Execut...
- PHP: Effects of Wrapping Code in Class Const...

Developer Shed Affiliates

 


Dev Shed Tutorial Topics: