我正在使用PHP Basic Authorization,但它无效。用户名和密码按预期弹出,但即使我插入了错误的用户名和密码,它也允许我访问该页面
public function __construct()
{
parent::__construct();
$this->load->library('session');
if (!isset($_SERVER['PHP_AUTH_USER']))
{
header("WWW-Authenticate: Basic realm=\"Admin Area\"");
header("HTTP/1.0 401 Unauthorized");
print "Sorry - you need valid credentials to be granted access!\n";
exit;
} else {
list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':' , base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
if (!($_SERVER['PHP_AUTH_USER'] == 'admin') && ($_SERVER['PHP_AUTH_PW'] == 'admin')) {
header("WWW-Authenticate: Basic realm=\"Admin Area\"");
header("HTTP/1.0 401 Unauthorized");
print "Sorry - you need valid credentials to be granted access!\n";
exit;
}
}
}
.htaccess:
RewriteEngine on
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ http://%1/$1 [R=301,L]
RewriteCond $1 !^(index\.php|images|css|js|robots\.txt|favicon\.ico)
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ ./index.php?/$1 [L,QSA]
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
答案 0 :(得分:0)
缺少括号,如果你想要" admin"对于登录名和密码,您应该这样做:
if (!(($_SERVER['PHP_AUTH_USER'] == 'admin') && ($_SERVER['PHP_AUTH_PW'] == 'admin'))) {