我正在用PHP创建一个没有SSL支持的服务器的Web应用程序。如果您想吹嘘SSL有多好用于身份验证,请在其他地方执行此操作。我正在使用PHP身份验证和一些JavaScript的HTTP身份验证。这是登录表单页面:
<?php header('Content-type: text/html; charset=utf-8'); ?>
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" href="/assets/style.css"/>
<script>
function getHTTPObject() {
if (typeof XMLHttpRequest != 'undefined') {
return new XMLHttpRequest();
}
try {
return new ActiveXObject("Msxml2.XMLHTTP");
} catch (e) {
try {
return new ActiveXObject("Microsoft.XMLHTTP");
} catch (e) {}
}
return false;
}
function login(form, action)
{
var http = getHTTPObject();
var username = form.citizenid.value + "-username";
var password = form.cikatid.value + form.redid.value + "-password";
http.open("get", action, false, username, password);
http.send("");
if (http.status == 200) {
document.location = action;
} else {
alert("Incorrect username and/or password.");
}
return false;
}
</script>
<title>
Corstekistan - eVote
</title>
</head>
<body>
<?php
include $_SERVER['DOCUMENT_ROOT'] . "/assets/headevote.php";
?>
<hr/>
<span class="title">eVote - By The Republic of Corstekistan</span>
<p>eVote lets you participate in Corsteki elections and referendums online. To begin, please fill out the information below to prove that you are a citizen of The Republic of Corstekistan.</p>
<span style="text-align: center;margin-left: auto;margin-right:auto">
<form name="citizenproof" action="" method="get">
<fieldset style="width: 400px;margin-left: auto;margin-right: auto">
<legend>Provide Proof Of Citizenship</legend>
<noscript><span style="font-weight: bold;color: red">This webpage requires JavaScript to function. Please enable it or use a modern web browser.<br/></span></noscript>
<span style="font-weight: bold;color: red" id="err"></span>
Citizen ID: <input type="text" name="citizenid" required="true"/>
<br/>
CĪKAT ID: <input type="text" name="cikatid" required="true"/>
<br/>
Red ID: <input type="text" name="redid" required="true"/>
<br/>
<input type="button" value="Sign In" onclick="login(this.form, '/evote/votesys')"/>
</fieldset>
</form>
<p>Don't know how to find the CĪKAT and Red IDs on your National ID Card? Click <a href="idguide.php">here</a></p>
</span>
以下是受保护的页面:
<?php
if (!isset($_SERVER['PHP_AUTH_USER'])) {
header('WWW-Authenticate: Basic realm="eVote"');
header('HTTP/1.0 401 Unauthorized');
echo 'Text to send if user hits Cancel button';
exit;
} else {
echo "<p>Hello {$_SERVER['PHP_AUTH_USER']}.</p>";
echo "<p>You entered {$_SERVER['PHP_AUTH_PW']} as your password.</p>";
}
?>
当我点击“登录”时,它不会将我重定向到受保护的页面,就像它应该的那样。而是弹出一个对话框,要求我进行身份验证。我做错了什么?
答案 0 :(得分:0)
您正在使用AJAX执行此登录(它是异步的)。这意味着它不会重定向您。