..]])
It returns TRUE if the variable contains a value, and FALSE if it does not. As applied
to user authentication, the isset() function is useful for determining whether the
$_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] variables are properly set.
Listing 14-1 offers a usage example.
Listing 14-1. Using isset() to Verify Whether a Variable Contains a Value
// If the username or password isn't set, display the authentication window
if (! isset($_SERVER['PHP_AUTH_USER']) || ! isset($_SERVER['PHP_AUTH_PW'])) {
header('WWW-Authenticate: Basic Realm="Authentication"');
header("HTTP/1.1 401 Unauthorized");
// If the username and password are set, output their credentials
} else {
echo "Your supplied username: ".$_SERVER['PHP_AUTH_USER']."
";
echo "Your password: ".$_SERVER['PHP_AUTH_PW']."
";
}
?>
370 CHAPTER 14 ?– AUTHENTICATING YOUR USERS
PHP Authentication Methodologies
There are several ways you can implement authentication via a PHP script. In doing
so, you should always consider the scope and complexity of your authentication
needs. This section discusses five implementation methodologies: hard-coding a
login pair directly into the script, using file-based authentication, using databasebased
authentication, using IP-based authentication, and using PEAR??™s HTTP
authentication functionality. Examine each authentication approach and then
choose the solution that best fits your needs.
Pages:
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447