有没有办法记录在PHP页面上尝试的基本身份验证请求?我正在尝试确定用户发送的内容以帮助排除故障。
答案 0 :(得分:1)
假设您使用的是apache,请查看此解决方案https://serverfault.com/a/475386
.htaccess文件:
# script that will store invalid login attempts
ErrorDocument 401 /logging.php
AuthName "My Password Protected Site"
AuthUserFile /<FULLPATH>/.htpasswd
AuthType Basic
Require valid-user
# Set REMOTE_USER env variable on 401 ErrorDocument
RewriteEngine On
RewriteBase /
RewriteCond %{ENV:REDIRECT_STATUS} ^401$
RewriteRule .* - [E=REMOTE_USER:%{ENV:REDIRECT_REMOTE_USER}]
Then the actual script that will do the logging:
PHP
if(isset($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'])):
$fp = fopen(MYLOGFILE, 'a+');
$password = $_SERVER['PHP_AUTH_PW'];
$username = $_SERVER['PHP_AUTH_USER'];
$time = date('y-m-d/H:i:s');
$request = $_SERVER['REDIRECT_URL'];
fwrite($fp, $time."\t".$request."\t".$username."/".$password."\r\n");
fclose($fp);
endif;
ob_start();
header("HTTP/1.1 401 Authorization Required",1);
header("Status: 401 Authorization Required",1);
echo '<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head><title>401 Authorization Required</title></head><body>
<h1>Authorization Required</h1>
<p>This server could not verify that you are authorized to
access the document
requested. Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn\'t understand how to supply
the credentials required.</p>';
exit();