Is there a way to have PHP redirect to a new page, and pass along HTTP-AUTH?
I have been using cURL, as the second example here: Sending basic authentication information via form
Unfortunately, when I do this, the actual URL (as displayed in the browser URL bar) remains the originating PHP's URL, not the target that I'm browsing.
这是到目前为止我得到的:
<?php
$user = "xyz";
$pass = "abc";
$userpass = $user . ":" . $pass;
$url = "http://website/directory/";
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_USERPWD, $userpass);
$result = curl_exec($ch);
$httpcode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
if($httpcode == 200){
header("Authorization: Basic " . base64_encode($userpass));
echo $result;
}else{
header("Location: http://website/login.php");
}
?>
我也尝试过更换以上的尾端:
if($httpcode == 200){
header("Authorization: Basic " . base64_encode($userpass));
header("Location: http://website/directory/");
}else{
header("Location: http://website/login.php");
}
但是那失败了。它重定向到http://website.xyz/directory,但未通过user / pass,到达时会收到服务器的登录信息。
从技术上讲,以下工作。但是,与在HREF内部传递用户/传递相比,我更喜欢更优雅的解决方案:
header("Location: http://" . $userpass . "website/directory/");
尝试将身份验证与 url 一起传递。像这样:
header('Location: http://username:password@website/directory/');
由于 base64 与纯文本一样不安全,因此它不应该成为额外的安全风险。浏览器不会在地址栏中显示 url 中与 user:pass 相关的部分。但浏览器会显示一个消息框(或其他内容),让您确认您将使用用户名登录此网站:yourusername
| 归档时间: |
|
| 查看次数: |
4494 次 |
| 最近记录: |