HTTP协议中的 身份认证
客户端发起请求,未携带Authorization
头,服务端返回 401 Unauthorized
及响应头 WWW-Authenticate: Basic
告诉客户端以Basic方式进行身份验证,客户端会显示输入框,需要输入帐号密码,发起请求会携带Authorization: Basic base64_encode(username:password)
,服务端进行鉴权。
php代码实现如下
<?php
header("Content-Type: text/html; CharSet=UTF-8");
$requestHeaders = apache_request_headers();
if (array_key_exists('Authorization', $requestHeaders)) {
list($user, $pass) = explode(':', base64_decode(explode(' ', $requestHeaders['Authorization'])[1]));
if ($user === 'admin' && $pass === '123456') {
responCode(200);
echo "登录成功";
} else {
responCode(403);
}
} else {
responCode(401);
}
function responCode($code)
{
if (401 === $code) {
header("401 Unauthorized");
header("WWW-Authenticate: Basic");
} elseif (403 === $code) {
header("403 Forbidden");
}
else {
header('200 OK');
}
}