php 通过表单发送基本认证信息
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/4460543/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Sending basic authentication information via form
提问by VolatileStorm
I am working on a site that currently uses a basic authentication dialog box login system, that is the type of dialog that you get if you go here: http://www.dur.ac.uk/vm.boatclub/password/index.phpI did not set this system up and am not in a position to easily/quickly work around it, but it DOES work. The issue however is that the dialog box is not very helpful in telling you what login information you have to use (that is which username and password combination), and so I would like to replace it with a form. I had been thinking that this wasn't possible but I wanted to ask in order to find out.
我正在一个当前使用基本身份验证对话框登录系统的站点上工作,这是您访问此处时获得的对话框类型:http: //www.dur.ac.uk/vm.boatclub/password/index .php我没有设置这个系统,也不能轻松/快速地解决它,但它确实有效。然而,问题是该对话框在告诉您必须使用哪些登录信息(即哪个用户名和密码组合)方面不是很有帮助,因此我想用表单替换它。我一直认为这是不可能的,但我想询问以找出答案。
Is it possible to set up an HTML form that sends the data to the server such that it accepts it in the same way that it would using this dialog box? Alternatively is it possible to set up a PHP script that would take normal form data and process it somehow passing it to the server such that it logs in?
是否可以设置一个 HTML 表单将数据发送到服务器,以便它以与使用此对话框相同的方式接受数据?或者,是否可以设置一个 PHP 脚本,该脚本将采用正常形式的数据并以某种方式处理它,将其传递给服务器以便它登录?
Edit: After being told that this is basic authentication I went around and have managed to find a way that works and keeps the user persistently logged in. However, this does not work in internet explorer. The solution was simply to redirect the user to: http://username:[email protected]/vm.boatclub/password/index.phpBut Internet Explorer removed it due to phishing uses about 3 years ago. Is there a way to use javascript to get the browser to access the site in this way? Or will I have to simply change my UI?
编辑:在被告知这是基本身份验证后,我四处走动,并设法找到了一种有效的方法并使用户始终保持登录状态。但是,这在 Internet Explorer 中不起作用。解决方案只是将用户重定向到: http://username:[email protected]/vm.boatclub/password/index.php但是 Internet Explorer 大约在 3 年前由于网络钓鱼使用而将其删除。有没有办法使用javascript让浏览器以这种方式访问网站?还是我必须简单地更改我的用户界面?
采纳答案by VolatileStorm
After a fair bit of research I found a way that works in both Chrome and IE, that is all that I've tested it in, but the logic of the code does not suggest it should break anywhere. It is based upon this article:
经过大量研究,我找到了一种在 Chrome 和 IE 中都可以使用的方法,这就是我对其进行测试的全部内容,但是代码的逻辑并不表明它应该在任何地方中断。它基于这篇文章:
http://www.peej.co.uk/articles/http-auth-with-html-forms.html
http://www.peej.co.uk/articles/http-auth-with-html-forms.html
Which is rather in depth but the crux of it is this - on the form submit you make an AJAX request into the basic authenticated folder. AJAX requests can accept username and password information for basic auth, and once the browser has authed once it's authorised in that realm, i.e. it will stay logged in. The previous article does it in pure javascript, so to add something other than simply explaining the link here's a (hopefully fairly transparent) implementation using jQuery:
这是相当深入的,但关键是这个 - 在表单提交上,您将 AJAX 请求发送到基本经过身份验证的文件夹中。AJAX 请求可以接受用户名和密码信息进行基本身份验证,一旦浏览器在该领域获得授权,即会保持登录状态。链接这里是一个(希望相当透明)使用 jQuery 的实现:
$(document).ready(function()
{
$('#loginForm').submit(function()
{
var username = $('#usernameInput').val();
var password = $('#passwordInput').val();
$.ajax(
{
'password' : password,
'username' : username,
'url' : 'http://www.website.com/basic-auth-file.php',
'type' : 'GET',
'success' : function(){ window.location = 'http://www.website.com/basic-auth-file.php'; },
'error' : function(){ alert('Bad Login Details');},
}
);
return false;
});
});
This achieved what I wanted, and is relatively simple to understand, however I would implore anyone who wanted this to go out and didn't know about basic auth to go out and do the research!
这实现了我想要的,并且相对容易理解,但是我恳请任何想要这样做并且不了解基本身份验证的人出去进行研究!
回答by Alfred
You can replace it with a form. http://www.dur.ac.uk/vm.boatclub/password/index.phpuses basic access authentication.
您可以将其替换为表格。http://www.dur.ac.uk/vm.boatclub/password/index.php使用基本访问身份验证。
basic access authentication
基本访问认证
What you could do is perform basic authentication via curl
您可以做的是通过 curl 执行基本身份验证
<?php
// HTTP authentication
$url = "http://www.dur.ac.uk/vm.boatclub/password/index.php";
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_USERPWD, "myusername:mypassword");
$result = curl_exec($ch);
curl_close($ch);
//echo $result;
?>
Option 1
选项1
Proxy everything just echo'ing $result
代理一切只是回声 $result
Option 2
选项 2
Read headersfrom $resultand if status code != 200 then wrong login information has been entered. User should enter form again. If status code == 200 right credentials have been entered and you should do http basic authentication by sending headers.
读头从$result,如果状态码!= 200则错误登录信息已经输入。用户应再次输入表单。如果已输入状态代码 == 200 个正确的凭据,则您应该通过发送标头来进行 http 基本身份验证。
header("Authorization: Basic " . base64_encode($username . ":" . $password);
You should not echo any data($result) before sending header else you will get an error
在发送标头之前你不应该回显任何数据($result),否则你会得到一个错误
