curl http验证 [英] curl http authentication with Zend

问题描述

我使用Zend Rest控制器开发Web服务，现在我需要验证用户，然后才能访问我的页面。

为此，iam计划使用带有curl的HTTP验证，如下所示：

  curl_setopt（$ ch，CURLOPT_USERPWD，myusername：mypassword）; 
  

我这样调用curl页面：

  curl -u myusername：mypassword http：//localhost/controller/action/page.xml 
  

我有一个很大的疑问。

我需要将用户名和密码存储在.htpasswd文件中吗？

解决方案

如果你使用.htaccess，webserver会默认处理一切为你。您可以假设（除非您犯了错误）该人员已被授权。

但如果您想使用http auth并获取用户名和密码，您自己的登录系统，那么您需要编写正在调用的脚本，如此处所示。

http://php.net/manual/en/features.http-auth.php

除了通过用户名和密码发送卷发真的与它无关。它只是作为一个http客户端，就像一个webbrowser是。

你如何执行验证，得到你想要实现的。 http auth是一个简单的身份验证系统。

DC

我给你的链接告诉你如何做它。您所呼叫的页面必须发送认证请求，否则curl将不转发认证详细信息。

如果您使用.htaccess和.htpasswd文件，您将无法看到身份验证，因为Web服务器将删除这些头。如果您使用的自定义http验证，如我提供的链接，那么您将只能在发送验证请求后访问他们，这意味着第一次加载页面将不会得到他们。

我的意思是..第一个curl要求页面没有任何凭据，如果它获取页面，然后它停止，如果它获得一个请求凭据，然后发送。

这意味着如果您想要 http：//localhost/controller/action/page.xml 那么它必须要求他们。如果它的静态页面看起来像它是，那么它不会要求凭据。

是否要输入 http：//localhost/controller/action/page.php

DC

过程如下：

  curl ---> page.php（第一个请求）
 curl< --- page.php（第一个回复）请识别自己（'401未授权'http代码）
 curl username：password ---& （第二个请求现在包括用户auth）
 curl <--- page.php（第二个回复）ok这里是页面（如果id succesfull）
  

确定为一些工作示例

首先创建2个php脚本

auth.php是从上面发布的链接提供的示例的修改版本

 < ;？php 
 
 if（！isset（$ _ SERVER ['PHP_AUTH_USER']））{
 header（'WWW-Authenticate：Basic realm =My Realm'）; 
 header（'HTTP / 1.0 401 Unauthorized'）; 
 echo需要用户名和密码，请重试。 
} else {
 //我们现在可以访问用户和密码:) 
 echoHello {$ _SERVER ['PHP_AUTH_USER']} \\\
; 
 echo您输入了{$ _SERVER ['PHP_AUTH_PW']}作为您的密码。 
} 
 
？> 
 

curlfetch.php是您的其他帖子的脚本副本

 <？php 
 
 $ curl = curl_init（'http：//localhost/auth.php'）; 
 curl_setopt（$ curl，CURLOPT_RETURNTRANSFER，1）; 
 curl_setopt（$ curl，CURLOPT_USERPWD，'key：123456'）; 
 curl_setopt（$ curl，CURLOPT_HTTPAUTH，CURLAUTH_ANY）; 
 curl_setopt（$ curl，CURLOPT_SSL_VERIFYPEER，false）; 
 curl_setopt（$ curl，CURLOPT_FOLLOWLOCATION，true）; 
 curl_setopt（$ curl，CURLOPT_USERAGENT，'Sample Code'）; 
 
 $ response = curl_exec（$ curl）; 
 $ resultStatus = curl_getinfo（$ curl）; 
 
 if（$ resultStatus ['http_code'] == 200）{
 echo $ response; 
} else {
 echo'Call Failed'.print_r（$ resultStatus）; 
} 
？> 
  

在您的服务器上创建并保存这些脚本

现在没有密码的测试脚本1

  curl http：//localhost/auth.php 
  
 
 
 
这会导致... 
 需要用户名和密码。请再试一次。 
  
现在尝试使用密码
  curl -u user：pass http：//localhost/auth.php 
  
这导致... 
 您好用户
您输入pass作为密码。 
  
现在尝试第二个脚本，注意我们不提供用户名或密码脚本
  curl http：//localhost/curlfetch.php 
  
这会导致... 
  b您输入123456作为密码。 
  
现在作为参考，尝试从浏览器调用这两个脚本
 
 
 
 DC 
 
i used Zend Rest Controller for developing a web service, and now i need to authenticate users before they can access my page. 

For this, iam planning to use HTTP Authentication with curl, like this:
curl_setopt($ch, CURLOPT_USERPWD, "myusername:mypassword"); 
And i call that curl page like this:
curl -u myusername:mypassword http://localhost/controller/action/page.xml
I have a big doubt.

Do i need to store the usernames and passwords in a .htpasswd file? If so, how do i need to retrieve parameters and validate them ?
解决方案
If you use .htaccess the webserver will silently handle everything for you. you can assume (unless you have made a mistake) that the person is authorised.

But if you want to use http auth and get the user name and password to use in your own login system then you need to write the script thats being called like shown here.

http://php.net/manual/en/features.http-auth.php

Apart from sending through the username and password curl really has nothing to do with it. it just acts as a http client, just like a webbrowser is.

How you perform auth comes down to what you are trying to achieve. http auth is a simple authentication system.

DC

The link that I gave you shows you how to do it. The page you are calling MUST send back an authentication request otherwise curl will not forward the authentication details. 

if you use a .htaccess and .htpasswd file you WILL NOT get to see the authentication because the webserver will remove those headers. If you are using a custom http auth like the one in the link I provided then you will get access to them ONLY after the auth request is sent, which means the first time the page is loaded you won't get them.

What I mean by that is.. first curl asks for the page without any credentials, if it gets the page then it stops, if it gets a request for credentials it then sends them. 

This means if you want http://localhost/controller/action/page.xml to see the credentials then it must ask for them. if its a static page which it looks like it is, then it will not ask for the credentials. 

did you mean to type http://localhost/controller/action/page.php

DC

the process goes like this...
curl                   ---> page.php (first request)
curl                   <--- page.php (first reply) "Please identify yourself" ('401 unauthorised' http code)
curl username:password ---> page.php (second request now includes user auth)
curl                   <--- page.php (second reply) ok here is the page (if id succesfull)
Ok as promised some working examples

first create 2 php scripts

auth.php is a modified copy of the example provided from the link I posted above
<?php

if (!isset($_SERVER['PHP_AUTH_USER'])) {
    header('WWW-Authenticate: Basic realm="My Realm"');
    header('HTTP/1.0 401 Unauthorized');
    echo "User name and password is required. Please try again.\n";
} else {
    // we now have access to the user and password :)
    echo "Hello {$_SERVER['PHP_AUTH_USER']}\n";
    echo "You entered {$_SERVER['PHP_AUTH_PW']} as your password.\n";
}

?>  
curlfetch.php is a copy of your script from your other post
<?php

$curl = curl_init('http://localhost/auth.php');
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_USERPWD, 'key:123456');
curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($curl, CURLOPT_USERAGENT, 'Sample Code');

$response = curl_exec($curl);
$resultStatus = curl_getinfo($curl);

if($resultStatus['http_code'] == 200) {
    echo $response;
} else {
    echo 'Call Failed '.print_r($resultStatus);
}
?>
create and save those scripts on your server

now test script 1 without a password
curl http://localhost/auth.php
This results in...
User name and password is required. Please try again.
Now try with a password
curl -u user:pass http://localhost/auth.php
This results in...
Hello user
You entered pass as your password.
Now try the second script, Note we don't supply a username or password as that is supplied within the script
curl http://localhost/curlfetch.php 
That results in...
Hello key
You entered 123456 as your password.
Now as a reference try calling both scripts from your browser 

DC

                        
这篇关于curl http验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！