Question

我正在为我的移动应用构建一个后端系统。我想用基本的HTTP身份验证来保护内容。

我编写了以下代码，它在localhost上轻而易举地运行。

if ($_SERVER['PHP_AUTH_USER'] != 'admin@denda.in' && $_SERVER['PHP_AUTH_PW'] != '11test11') {
    header('WWW-Authenticate: Basic realm="Denda Backend"');
    header('HTTP/1.0 401 Unauthorized');
    echo "Wrong credentials :-(";
    exit;
}

但是当我将应用程序上传到GAE时，这不起作用。我一直在获得相同的对话框。在网上找不到任何可靠的帮助。

感谢， Krish

Answer 1

我知道这是一个古老的问题但很高兴知道它

if (isset($_SERVER['HTTP_AUTHORIZATION'])) {
    $nobasic = substr($_SERVER['HTTP_AUTHORIZATION'],6);            // removing 'Basic ' from the string
    $decoded = base64_decode($nobasic);                                   // decoding string with user:password
    list($client_user, $client_pass) = explode(':',$decoded);
    if ($client_user == "user" && $client_pass == "password") {
        // Successfully authenticated
    } else {
        // Authentication failed, username or password are wrong
        header('WWW-Authenticate: Basic realm="site"');
        header('HTTP/1.0 401 Unauthorized');
        echo "Wrong credentials :-(";
        exit;
    }
} else {
    // Not authenticated as there is no appropriate header in HTTP request
    header('WWW-Authenticate: Basic realm="site"');
    header('HTTP/1.0 401 Unauthorized');
    echo "Wrong credentials :-(";
    exit;
}

基本HTTP身份验证在Google App Engine中无效

1 个答案: