猿问

PHP 的HTTP验证不弹框

问题描述

在本地访问页面http://www.phptest.loc/authenticate.php后返回了:

Please enter your username and password

为什么没有弹出提示框叫我输入用户名和密码?而在index.php中则提示我输入了。

问题出现的环境背景及自己尝试过哪些方法

开发环境为lnmp1.5

将两个文件(index.php和authenticate.php)的代码交换后发现authenticate.php会弹框,但index.php不会
怀疑是不是用了数据库的问题?

相关代码

index.php

<?php
$username = 'admin';
$password = 'admin';

if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
    if ($_SERVER['PHP_AUTH_USER'] === $username && $_SERVER['PHP_AUTH_PW'] === $password) {
        echo "You are now logged in <br/>";
    } else {
        exit("Invalid username / password combination");
    }
    echo 'Welcome User: '.$_SERVER['PHP_AUTH_USER'].' Pssword: '.$_SERVER['PHP_AUTH_PW'];
} else {
    header('WWW-Authenticate: Basic realm="Restricted Sectoin"');
    header('HTTP/1.0 401 Unauthorized');
    exit('Please enter your username and password');
}

authenticate.php

<?php
$db_hostname = 'localhost';
$db_username = 'root';
$db_database = 'phptest';
$db_password = '123456';

$connection = new mysqli($db_hostname, $db_username, $db_password, $db_database);

if ($connection->connect_error) exit($connection->connect_error);

if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
    $un_temp = mysql_entities_fix_string($connection, $_SERVER['PHP_AUTH_USER']);
    $pw_temp = mysql_entities_fix_string($connection, $_SERVER['PHP_AUTH_PW']);

    $query = "SELECT * FROM users WHERE username='$un_temp'";
    $result = $connection->query($query);
    if (!$result) exit($connection->error);
    elseif ($result->num_rows) {
        $row = $result->fetch_array(MYSQLI_NUM);
        $result->close();

        $salt1 = 'qm&h*';
        $salt2 = 'pg!@';
        $token = hash('ripemd128', $salt1.$pw_temp.$salt2);

        if ($token === $row[3]) echo "$row[0] $row[1] : Hi $row[0], you are now logged in as '$row[2]'";
        else exit('Invalid username/password combination');
    } else {
        exit('Invalid username/password combination');
    }
} else {
    header('WWWW-Authenticate: Basic realm="Restricted Section"');
    header('HTTP/1.0 401 Unauthorized');
    exit('Please enter your username and password');
}

$connection->close();

function mysql_entities_fix_string($connection, $string) {
    return htmlentities(mysql_fix_string($connection, $string));
}

function mysql_fix_string($connection, $string) {
    if (get_magic_quotes_gpc()) $string = stripslashes($string);
    return $connection->real_escape_string($string);
}

setupuser.php

<?php
$db_hostname = 'localhost';
$db_username = 'root';
$db_database = 'phptest';
$db_password = '123456';

$connection = new mysqli($db_hostname, $db_username, $db_password, $db_database);

if ($connection->connect_error) exit($connection->connect_error);

$query = "
CREATE TABLE users (
forename VARCHAR(32) NOT NULL,
surname VARCHAR(32) NOT NULL,
username VARCHAR(32) NOT NULL UNIQUE,
password VARCHAR(32) NOT NULL
)
";
$result = $connection->query($query);
if (!$result) exit($connection->error);

$salt1 = 'qm&h*';
$salt2 = 'pg!@';

$forename = 'Bill';
$surname  = 'Smith';
$username = 'bsmith';
$password = 'mysecret';
$token = hash('ripemd128', $salt1.$password.$salt2);

add_user($connection, $forename, $surname, $username, $token);

$forename = 'Pauline';
$surname = 'Jones';
$username = 'pjones';
$password = 'acrobat';
$token = hash('ripemd128', $salt1.$password.$salt2);

add_user($connection, $forename, $surname, $username, $token);

function add_user($connection, $fn, $sn, $un, $pw)
{
    $query = "INSERT INTO users VALUES('$fn', '$sn', '$un', '$pw')";
    $result = $connection->query($query);
    if (!$result) exit($connection->error);
}

你期待的结果是什么?实际看到的错误信息又是什么?

弹框提示:


实际看到的结果:

https://img3.mukewang.com/5c8f39db0001e30405290197.jpg

泛舟湖上清波郎朗
浏览 541回答 1
1回答

HUX布斯

比较直观能看到的一处拼写错误是WWWW-Authenticate多了个W。
0
随时随地看视频慕课网APP

相关分类

PHP
php如何把参数放在Http Request Heade???? 1 回答
我要回答