txt");
// Search array for authentication match
// If using Windows, use \r\n
if (in_array($_SERVER['PHP_AUTH_USER'].
":"
.md5($_SERVER['PHP_AUTH_PW'])."\n", $authFile))
$authorized = TRUE;
}
// If not authorized, display authentication prompt or 401 error
if (! $authorized) {
header('WWW-Authenticate: Basic Realm="Secret Stash"');
header('HTTP/1.0 401 Unauthorized');
print('You must provide the proper credentials!');
exit;
}
// restricted material goes here...
?>
Although the file-based authentication system works great for relatively small,
static authentication lists, this strategy can become somewhat inconvenient when
you??™re handling a large number of users, when users are regularly being added, deleted,
and modified, or when you need to incorporate an authentication scheme into a
CHAPTER 14 ?– AUTHENTICATING YOUR USERS 373
larger information infrastructure (into a preexisting user table, for example). Such
requirements are better satisfied by implementing a database-based solution. The
following section demonstrates just such a solution, using a database to store authentication
pairs.
Database-based Authentication
Of all the various authentication methodologies discussed in this chapter, implementing
a database-driven solution is the most powerful, because it not only enhances administrative
convenience and scalability, but also can be integrated into a larger database
infrastructure.
Pages:
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451