我正在为我的移动应用构建一个后端系统。我想用基本的HTTP身份验证来保护内容。
我编写了以下代码,它在localhost上轻而易举地运行。
if ($_SERVER['PHP_AUTH_USER'] != 'admin@denda.in' && $_SERVER['PHP_AUTH_PW'] != '11test11') {
header('WWW-Authenticate: Basic realm="Denda Backend"');
header('HTTP/1.0 401 Unauthorized');
echo "Wrong credentials :-(";
exit;
}
但是当我将应用程序上传到GAE时,这不起作用。我一直在获得相同的对话框。在网上找不到任何可靠的帮助。
感谢, Krish
答案 0 :(得分:1)
我知道这是一个古老的问题但很高兴知道它
if (isset($_SERVER['HTTP_AUTHORIZATION'])) {
$nobasic = substr($_SERVER['HTTP_AUTHORIZATION'],6); // removing 'Basic ' from the string
$decoded = base64_decode($nobasic); // decoding string with user:password
list($client_user, $client_pass) = explode(':',$decoded);
if ($client_user == "user" && $client_pass == "password") {
// Successfully authenticated
} else {
// Authentication failed, username or password are wrong
header('WWW-Authenticate: Basic realm="site"');
header('HTTP/1.0 401 Unauthorized');
echo "Wrong credentials :-(";
exit;
}
} else {
// Not authenticated as there is no appropriate header in HTTP request
header('WWW-Authenticate: Basic realm="site"');
header('HTTP/1.0 401 Unauthorized');
echo "Wrong credentials :-(";
exit;
}