Extract data from HTTP Auth with PHP

Asked

Viewed 86 times

0

I want to access a URL of my site as follows:

http://username:[email protected]

How do I, with PHP, receive data from Username and Password without using Curl? There is the possibility?

  • 1

    http://answall.com/questions/28235/colocar-authorization-basic-na-api/28316#28316

  • Only using Curl? Can’t put in a link <a>?

  • I believe it is not possible using this format, and even if it were you would have serious security problems

  • Even if I use base64_encode? My question has an educational character, for I would like to know if it really is not possible.

  • I don’t think this will work: the rule is "http://host:port", what the browser will do is consider "username" a host and "[email protected]" a port (invalid)

  • Actually the navigation "works" and I am "redirected" to meusite.com.br, however no authentication data anywhere. The definitive answer would be: impossible?

  • @Thiagosantos there are several converters of Base64 online, if you type in google appear several... Then it would not be a solution for security

Show 2 more comments

1 answer

0


Yes there is the possibility, just use the variables to http authentication, follows a basic example, only for understanding the functioning

$valid_passwords = array("user" => "pass");
$valid_users = array_keys($valid_passwords);

//se você não colocou o user na url ele mostra a "caixa" autenticação
//caso queira obrigar o usuário a digitar ela url é só tirar o if
if(!isset($_SERVER['PHP_AUTH_USER'])){
    header('WWW-Authenticate: Basic realm="My Realm"');
}

$user = isset($_SERVER['PHP_AUTH_USER']) ? $_SERVER['PHP_AUTH_USER'] : '';
$pass = isset($_SERVER['PHP_AUTH_PW']) ? $_SERVER['PHP_AUTH_PW'] : '';



$validated = (in_array($user, $valid_users)) && ($pass == $valid_passwords[$user]);

if (!$validated) {

    header('HTTP/1.0 401 Unauthorized');
    echo $user." - ".$pass;
    die("Not authorized");


}

An important observation is that in IE they put an extra security protection, maybe it doesn’t work, more details here

Browser other questions tagged

You are not signed in. Login or sign up in order to post.