php 服务器端的 CURL HTTP 身份验证
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/4957002/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
CURL HTTP Authentication at server side
提问by shasi kanth
I am building a web service with Zend and i have to authenticate the users before sending them response. The user will send a request to a server page, using curl, passing his credentials in the form of curl_setopt($curl, CURLOPT_USERPWD, 'key:pass');
我正在使用 Zend 构建一个 Web 服务,我必须在向用户发送响应之前对其进行身份验证。用户将使用 curl 向服务器页面发送请求,以curl_setopt($curl, CURLOPT_USERPWD, 'key:pass');的形式传递他的凭据;
Iam using Zend framework and so the server side page is denoted like:
我使用 Zend 框架,因此服务器端页面表示为:
http://www.example.com/app_name/public/controller/action/parameter
http://www.example.com/app_name/public/controller/action/parameter
Here is the total code for user's request (client.php):
这是用户请求的总代码(client.php):
<?php
$curl = curl_init('http://www.example.com/app/public/user/add/1');
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_USERPWD, 'username:password');
curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($curl, CURLOPT_USERAGENT, 'Sample Code');
$response = curl_exec($curl);
$resultStatus = curl_getinfo($curl);
if($resultStatus['http_code'] == 200) {
echo $response;
} else {
echo 'Call Failed '.print_r($resultStatus);
}
?>
Now what i want is that, i must be able to retrieve the username and password at the server side (in my zend controller), so that i can verify the user credentials from database and send the response accordingly. So how can i do authentication in another page?
现在我想要的是,我必须能够在服务器端(在我的 Zend 控制器中)检索用户名和密码,以便我可以验证数据库中的用户凭据并相应地发送响应。那么我如何在另一个页面中进行身份验证?
采纳答案by Gordon
Zend Framework has a ready-made component for handling HTTP authentication.
Zend Framework 有一个现成的组件来处理 HTTP 身份验证。
Checkout the examples at
查看示例
If you don't want to use that, you can still go the "old-school" way, as described in
如果你不想使用它,你仍然可以走“老派”的方式,如
and manually check on $_SERVER['PHP_AUTH_USER']and $_SERVER['PHP_AUTH_PW']
并手动检查$_SERVER['PHP_AUTH_USER']和$_SERVER['PHP_AUTH_PW']
回答by Linus Kleen
You need to set CURLOPT_HTTPAUTHto CURLAUTH_BASIC.
您需要设置CURLOPT_HTTPAUTH为CURLAUTH_BASIC.
That way, in the target script, PHP_AUTH_USERand PHP_AUTH_PW(plain text) will be available.
这样,在目标脚本中,PHP_AUTH_USER和PHP_AUTH_PW(纯文本)将可用。
Calling script:
调用脚本:
<?php
$ch = curl_init('https://localhost/target.php');
// ...
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_exec($ch);
?>
In target.php:
在 target.php 中:
$user = $_SERVER['PHP_AUTH_USER'];
$pass = $_SERVER['PHP_AUTH_PW'];
I suggest executing the cURL request over HTTPS since username and password are transmitted plain text.
我建议通过 HTTPS 执行 cURL 请求,因为用户名和密码是纯文本传输。
回答by aruna
you can send username and password as post fields
您可以将用户名和密码作为帖子字段发送
$post_data = $user.":".$pass
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);
you can get the credentials using $_POST
您可以使用 $_POST 获取凭据
