You can
easily accomplish this by authenticating the user prior to performing any other
action on the restricted page, which typically means placing the authentication
code in a separate file and then including that file in the restricted page using
the require() function.
??? These variables do not function properly with the CGI version of PHP, nor do
they function on Microsoft IIS. See the sidebar about PHP authentication and IIS.
368 CHAPTER 14 ?– AUTHENTICATING YOUR USERS
PHP AUTHENTICATION AND IIS
If you??™re using IIS 6 or earlier in conjunction with PHP??™s ISAPI module, and you want to use PHP??™s HTTP
authentication capabilities, you need to make a minor modification to the examples offered throughout
this chapter. The username and password variables are still available to PHP when using IIS, but not via
$_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW']. Instead, these values must be
parsed from another server global variable, $_SERVER['HTTP_AUTHORIZATION']. So, for example,
you need to parse out these variables like so:
list($user, $pswd) =
explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
If you??™re running IIS 7 or newer, forms authentication is no longer restricted to ASP.NET pages,
meaning you??™re able to properly protect your PHP-driven applications. Consult the IIS 7 documentation
for more on this matter.
Useful Functions
Two standard functions are commonly used when handling authentication via PHP:
header() and isset().
Pages:
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445