http basic authentication

http basic authentication 的验证其实是不安全的，但是我们整个系统只用于内部使用作为开源系统redmine 的一个接口，而且密码也用了hash加密算法和salt加密，所以还是可以勉强用用的。

 

这个是代码的实现部分：

<?php

include_once("Connstrings.php");

$username = $_SERVER['PHP_AUTH_USER'];
$password = $_SERVER['PHP_AUTH_PW'];

if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW']))
{
Header("WWW-Authenticate: Basic realm=\"Test Authentication System\"");
Header("HTTP/1.0 401 Unauthorized");
echo "You must enter a valid login ID and password to access this resource\n";
}
else
{
//$username = mysql_real_escap_string($username);
// $password = mysql_real_escap_string($password);
//query redmine table
$query = "select login, hashed_password
from {$RedmineTable}
WHERE login = '{$username}'
AND hashed_password=SHA1(CONCAT(salt, SHA1(\"{$password}\")))";

$res = $mysqli->query($query) or die('Could not query database' . $mysqli->errno . ":" . $mysqli->error);

if ($res->num_rows == 1)
{
die("login sucess");
// header("HTTP/1.0 200 OK");
}
else
{
header("HTTP/1.0 401 Unauthorized");
}
}

 

 

以及数据库的实现部分：

<?php
//connect database
$mysqli= new mysqli('localhost','root','','redmine');
if(mysqli_connect_error())
{
echo<<<END
<div class="alert">There was a problem with Database.Please try again.</div>
END;
exit();
}

$RedmineTable="users";