在本地访问页面http://www.phptest.loc/authenticate.php
后返回了:
Please enter your username and password
为什么没有弹出提示框叫我输入用户名和密码?而在index.php中则提示我输入了。
开发环境为lnmp1.5
将两个文件(index.php和authenticate.php)的代码交换后发现authenticate.php会弹框,但index.php不会
怀疑是不是用了数据库的问题?
index.php
<?php
$username = 'admin';
$password = 'admin';
if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
if ($_SERVER['PHP_AUTH_USER'] === $username && $_SERVER['PHP_AUTH_PW'] === $password) {
echo "You are now logged in <br/>";
} else {
exit("Invalid username / password combination");
}
echo 'Welcome User: '.$_SERVER['PHP_AUTH_USER'].' Pssword: '.$_SERVER['PHP_AUTH_PW'];
} else {
header('WWW-Authenticate: Basic realm="Restricted Sectoin"');
header('HTTP/1.0 401 Unauthorized');
exit('Please enter your username and password');
}
authenticate.php
<?php
$db_hostname = 'localhost';
$db_username = 'root';
$db_database = 'phptest';
$db_password = '123456';
$connection = new mysqli($db_hostname, $db_username, $db_password, $db_database);
if ($connection->connect_error) exit($connection->connect_error);
if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
$un_temp = mysql_entities_fix_string($connection, $_SERVER['PHP_AUTH_USER']);
$pw_temp = mysql_entities_fix_string($connection, $_SERVER['PHP_AUTH_PW']);
$query = "SELECT * FROM users WHERE username='$un_temp'";
$result = $connection->query($query);
if (!$result) exit($connection->error);
elseif ($result->num_rows) {
$row = $result->fetch_array(MYSQLI_NUM);
$result->close();
$salt1 = 'qm&h*';
$salt2 = 'pg!@';
$token = hash('ripemd128', $salt1.$pw_temp.$salt2);
if ($token === $row[3]) echo "$row[0] $row[1] : Hi $row[0], you are now logged in as '$row[2]'";
else exit('Invalid username/password combination');
} else {
exit('Invalid username/password combination');
}
} else {
header('WWWW-Authenticate: Basic realm="Restricted Section"');
header('HTTP/1.0 401 Unauthorized');
exit('Please enter your username and password');
}
$connection->close();
function mysql_entities_fix_string($connection, $string) {
return htmlentities(mysql_fix_string($connection, $string));
}
function mysql_fix_string($connection, $string) {
if (get_magic_quotes_gpc()) $string = stripslashes($string);
return $connection->real_escape_string($string);
}
setupuser.php
<?php
$db_hostname = 'localhost';
$db_username = 'root';
$db_database = 'phptest';
$db_password = '123456';
$connection = new mysqli($db_hostname, $db_username, $db_password, $db_database);
if ($connection->connect_error) exit($connection->connect_error);
$query = "
CREATE TABLE users (
forename VARCHAR(32) NOT NULL,
surname VARCHAR(32) NOT NULL,
username VARCHAR(32) NOT NULL UNIQUE,
password VARCHAR(32) NOT NULL
)
";
$result = $connection->query($query);
if (!$result) exit($connection->error);
$salt1 = 'qm&h*';
$salt2 = 'pg!@';
$forename = 'Bill';
$surname = 'Smith';
$username = 'bsmith';
$password = 'mysecret';
$token = hash('ripemd128', $salt1.$password.$salt2);
add_user($connection, $forename, $surname, $username, $token);
$forename = 'Pauline';
$surname = 'Jones';
$username = 'pjones';
$password = 'acrobat';
$token = hash('ripemd128', $salt1.$password.$salt2);
add_user($connection, $forename, $surname, $username, $token);
function add_user($connection, $fn, $sn, $un, $pw)
{
$query = "INSERT INTO users VALUES('$fn', '$sn', '$un', '$pw')";
$result = $connection->query($query);
if (!$result) exit($connection->error);
}
弹框提示:
实际看到的结果:
HUX布斯