Extract data from HTTP Auth with PHP

Question

Extract data from HTTP Auth with PHP

Asked 7 years, 9 months ago

Viewed 86 times

0

I want to access a URL of my site as follows:

http://username:[email protected]

How do I, with PHP, receive data from Username and Password without using Curl? There is the possibility?

1

http://answall.com/questions/28235/colocar-authorization-basic-na-api/28316#28316

– Inkeliz

2017/02/06 at 16:17
Only using Curl? Can’t put in a link <a>?

– Thiago Santos

2017/02/06 at 16:19
I believe it is not possible using this format, and even if it were you would have serious security problems

– JuniorNunes

2017/02/06 at 16:20
Even if I use base64_encode? My question has an educational character, for I would like to know if it really is not possible.

– Thiago Santos

2017/02/06 at 16:24
I don’t think this will work: the rule is "http://host:port", what the browser will do is consider "username" a host and "[email protected]" a port (invalid)

– rmagalhaess

2017/02/06 at 16:29
Actually the navigation "works" and I am "redirected" to meusite.com.br, however no authentication data anywhere. The definitive answer would be: impossible?

– Thiago Santos

2017/02/06 at 16:31
@Thiagosantos there are several converters of Base64 online, if you type in google appear several... Then it would not be a solution for security

– JuniorNunes

2017/02/06 at 22:46

Show 2 more comments

1 answer

Browser other questions tagged php http

You are not signed in. Login or sign up in order to post.

by Rodrigo Jarouche • **756** points · Answer 1 · 2017-02-06T22:38:12+00:00

Yes there is the possibility, just use the variables to http authentication, follows a basic example, only for understanding the functioning

$valid_passwords = array("user" => "pass");
$valid_users = array_keys($valid_passwords);

//se você não colocou o user na url ele mostra a "caixa" autenticação
//caso queira obrigar o usuário a digitar ela url é só tirar o if
if(!isset($_SERVER['PHP_AUTH_USER'])){
    header('WWW-Authenticate: Basic realm="My Realm"');
}

$user = isset($_SERVER['PHP_AUTH_USER']) ? $_SERVER['PHP_AUTH_USER'] : '';
$pass = isset($_SERVER['PHP_AUTH_PW']) ? $_SERVER['PHP_AUTH_PW'] : '';



$validated = (in_array($user, $valid_users)) && ($pass == $valid_passwords[$user]);

if (!$validated) {

    header('HTTP/1.0 401 Unauthorized');
    echo $user." - ".$pass;
    die("Not authorized");


}

An important observation is that in IE they put an extra security protection, maybe it doesn’t work, more details here