PHP-based Authentication

Slides:



Advertisements
Similar presentations
PHP I.
Advertisements

UFCE8V-20-3 Information Systems Development 3 (SHAPE HK) Lecture 3 PHP (2) : Functions, User Defined Functions & Environment Variables.
CHAPTER 3 MORE ON FORM HANDLING INCLUDING MULTIPLE FILES WRITING FUNCTIONS.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
V 1.0 OE NIK 2013 PHP+SQL 5. Password management (password hashing) Stateless HTTP, storage methods Login form 1.
The Basic Authentication Scheme of HTTP. Access Restriction Sometimes, we want to restrict access to certain Web pages to certain users A user is identified.
Http Web Authentication Web authentication is used to verify a users identity before allowing access to certain web pages On web browsers you get a login.
Securing web applications using Java EE Dr Jim Briggs 1.
>> PHP: Access Control & Security. Authentication: Source Authentication Source Hard-coded File-Based The username and password is available inside the.
Browsers and Servers CGI Processing Model ( Common Gateway Interface ) © Norman White, 2013.
A simple PHP application We are going to develop a simple PHP application with a Web interface. The user enters two numbers and the application returns.
Chapter 10 Managing State Information Using Sessions.
Crawling The Web. Motivation By crawling the Web, data is retrieved from the Web and stored in local repositories Most common example: search engines,
Cookies COEN 351 E-commerce Security. Client / Session Identification HTTP does not maintain state. State Information can be passed using: HTTP Headers.
Martin Kruliš by Martin Kruliš (v1.0)1.
Advance Database Management Systems Lab no. 5 PHP Web Pages.
1 Chapter 6 – Creating Web Forms and Validating User Input spring into PHP 5 by Steven Holzner Slides were developed by Jack Davis College of Information.
Lecture 7 – Form processing (Part 2) SFDV3011 – Advanced Web Development 1.
Session 11: Security with ASP.NET
Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions.
Website Security ISYS 475. Authentication Authentication is the process that determines the identity of a user.
Cookies Set a cookie – setcookie() Extract data from a cookie - $_COOKIE Augment user authentication script with a cookie.
Class 8Intro to Databases Authentication and Security Note: What we discuss in class today covers moderate to low security. Before you involve yourself.
CHAPTER 12 COOKIES AND SESSIONS. INTRO HTTP is a stateless technology Each page rendered by a browser is unrelated to other pages – even if they are from.
CSC 2720 Building Web Applications Cookies, URL-Rewriting, Hidden Fields and Session Management.
PHP Hypertext PreProcessor. Documentation Available SAMS books O’Reilly Books.
A little PHP. Enter the simple HTML code seen below.
SHOPPING CARTS CHAPTER 19. E-COMMERCE Typically, an e-commerce site will have public pages and admin pages.
User authentication, passwords
Oracle Application Express Security. © 2009 Oracle Corporation Authentication Out-of-the-Box Pre-Configured Schemes LDAP Directory credentials Oracle.
12/3/2012ISC329 Isabelle Bichindaritz1 PHP and MySQL Advanced Features.
Week seven CIT 354 Internet II. 2 Objectives Database_Driven User Authentication Using Cookies Session Basics Summary Homework and Project 2.
Nic Shulver, Introduction to Sessions in PHP Sessions What is a session? Example Software Software Organisation The login HTML.
Chapter 6: Authentications. Training Course, CS, NCTU 2 Overview  Getting Username and Password  Verifying Username and Password  Keeping The Verification.
Website Development with PHP and MySQL Saving Data.
ITM © Port, Kazman1 ITM 352 More on Forms Processing.
Variables and ConstantstMyn1 Variables and Constants PHP stands for: ”PHP: Hypertext Preprocessor”, and it is a server-side programming language. Special.
CSC 2720 Building Web Applications Server-side Scripting with PHP.
More on Variables Some related techniques. Header() function void header ( string $string [, bool $replace = true [, int $http_response_code ]] ) header()
Chapter 3: Authentication, Authorization, and Accounting
Web Database Programming Week 7 Session Management & Authentication.
Cookies and Sessions IDIA 618 Fall 2014 Bridget M. Blodgett.
Date : 2/12/2010 Web Technology Solutions Class: Adding Security and Authentication Features to Your Application.
ITM © Port, Kazman1 ITM 352 More on Forms Processing.
Controlling Web Site Access Using Logins CS 320. Basic Approach HTML form a php page that collects the username and password  Sends them to second PHP.
Cookies COEN 351 E-commerce Security. Client / Session Identification HTTP Headers Client IP Address HTTP User Login FAT URLs Cookies.
>> PHP: Insert Query & Form Processing. Insert Query Step 1: Define Form Variables Step 2: Make DB Connection Step 3: Error Handling Step 4: Define the.
הרצאה 4. עיבוד של דף אינטרנט דינמי מתוך Murach’s PHP and MySQL by Joel Murach and Ray Harris.  דף אינטרנט דינמי משתנה עפ " י הרצת קוד על השרת, יכול להשתנות.
PHP Secure Communications Web Technologies Computing Science Thompson Rivers University.
Web Scripting [PHP] CIS166AE Wednesdays 6:00pm – 9:50pm Rob Loy.
ECMM6018 Enterprise Networking for Electronic Commerce Tutorial 7
Access control 2/18/2009. TOMCAT Security Model Declarative Security:  the expression of application security external to the application, and it allows.
Modal Dialogs. What is a Modal Dialog? A modal dialog is a separate window that remains in focus until it is closed by the user. During this time the.
Various Notes on PHP Several useful tidbits not discussed in class.
CSC 2720 Building Web Applications Basic Frameworks for Building Dynamic Web Sites / Web Applications.
 A cookie is often used to identify a user. A cookie is a small file that the server embeds on the user's computer. Each time the same computer requests.
The Shaw Group Inc. WebVPN - Access Anywhere Users Manual.
1 PHP HTTP After this lecture, you should be able to know: How to create and process web forms with HTML and PHP. How to create and process web forms with.
Securing Web Applications Lesson 4B / Slide 1 of 34 J2EE Web Components Pre-assessment Questions 1. Identify the correct return type returned by the doStartTag()
Session 11: Cookies, Sessions ans Security iNET Academy Open Source Web Development.
PHP Overview. What is PHP Widely available scripting language Free Alternative to Microsoft’s ASP Runs on the Web Server; not in the browser Example:
SlideSet #20: Input Validation and Cross-site Scripting Attacks (XSS) SY306 Web and Databases for Cyber Operations.
Authentication & Authorisation Is the user allowed to access the site?
PHP Secure Communications
Authentication & .htaccess
Example of a table. Note that I looked at an example under CIS44.
19.10 Using Cookies A cookie is a piece of information that’s stored by a server in a text file on a client’s computer to maintain information about.
Web Systems Development (CSC-215)
PHP: Database connection
PHP Secure Communications
Presentation transcript:

PHP-based Authentication From: http://www.zend.com/zend/tut/authentication.php

Methods to implement Authentication Basic Authentication  Session Based Authentication (see in session) Basic Authentication Session Based Authentication

Compare..

Basic Authentication When you explicitly send the appropriate HTTP headers from a PHP script to a Web browser an authentication dialog box will be displayed. The dialog box prompts you to enter a username and password. PHP assigns the username and password entered to the global variables $_SERVER[‘PHP_AUTH_USER’] and $_SERVER[‘PHP_AUTH_PW’], respectively.

Header() PHP header() function enables you to output a specific HTTP header string, such as a location redirection, or in our case, a "401" response code: "Unauthorized“ This type of header, combined with a "WWW-Authenticate" header, will activate an authentication dialog box.

EX1 : <?php     header('WWW-Authenticate: Basic realm="Private"'); header('HTTP/1.0 401 Unauthorized'); exit; ?>

EX2: <?php     if ((!isset( $_SEVER[‘PHP_AUTH_USER’] )) || (!isset($_SERVER[‘PHP_AUTH_PW’]))) {     header( 'WWW-Authenticate: Basic realm="Private"' );     header( 'HTTP/1.0 401 Unauthorized' );     echo 'Authorization Required.';     exit; } else {     echo "You entered {$_SERVER[‘PHP_AUTH_USER’] }for a username.<BR>";     echo "You entered {$_SERVER[‘PHP_AUTH_PW’]} for a password.<BR>"; } ?>

Using Hard-Coded Values <?php if ( ( !isset( $_SERVER['PHP_AUTH_USER'])) || (!isset($_SERVER['PHP_AUTH_PW'])) || ( $_SERVER['PHP_AUTH_USER'] != 'user' ) || ( $_SERVER['PHP_AUTH_PW'] != 'open' ) ) { header( 'WWW-Authenticate: Basic realm="Private"' ); header( 'HTTP/1.0 401 Unauthorized' ); echo 'Authorization Required.'; exit; } else {echo 'Success!';} ?>

PHP-based authentication isn't like PHP-based authentication isn't like .htaccess or server-based authentication A layer of security is not placed over all the contents of an entire directory

EX: redirect after success <?php if ( ( !isset( $_SERVER['PHP_AUTH_USER'] )) || (!isset($_SERVER['PHP_AUTH_PW'])) || ( $_SERVER['PHP_AUTH_USER'] != 'user' ) || ( $_SERVER['PHP_AUTH_PW'] != 'open' ) ) { header( 'WWW-Authenticate: Basic realm="Private"' ); header( 'HTTP/1.0 401 Unauthorized' ); echo 'Authorization Required.'; exit; } else { header( 'Location: http://www.cs.su.ac.th/~wasara/517412' ); } ?>

EX : print HTML after success <?php if((!isset($_SERVER['PHP_AUTH_USER']))||(!isset($_SERVER['PHP_AUTH_PW']))||($_SERVER['PHP_AUTH_USER']!= 'user')||($_SERVER['PHP_AUTH_PW']!='open')) { header( 'WWW-Authenticate: Basic realm="Private"' ); header( 'HTTP/1.0 401 Unauthorized' ); echo 'Authorization Required.'; exit; } else { echo ‘ <HTML><HEAD><TITLE>Secret Stuff</TITLE></HEAD> <BODY> <H1>SECRET!</H1> <P>This is a secret message.</P> </BODY> </HTML>'; }

In re-direction and links, can add parameters: header("Location:page2 In re-direction and links, can add parameters: header("Location:page2.php?user=$username"); For encrypt in php: crypt(), md5()

See also : Validate Username/Passwords Using a Flat File Validate Username/Passwords Using a .htpasswd File Validate Username/Passwords Using a Database

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.