PHP HTTP Basic Auth using Form

Question

How can I use HTTP basic Authentication and have the user submit their Username and Password in a HTML form and have it Authenticate using HTTP Basic Authentication.

I heard that Internet Explorer no longer supports the use of http://user:[email protected] no more so I don't know the best way to approach this.

Use of PHP and javascript and HTML is OK. I don't want to use PERL and I perfer no big javascript libs.

If you don't think HTTP Basic Auth. is the best way, please recommend something easy and simple to do. It will only be a login site for 5-6 people. No need to complicate it.

Answer 1

If i understand you correctly you need to use .htpasswd with .htaccess: http://tools.dynamicdrive.com/password/

Answer 2

IMHO, the whole point of using HTTP authentication is being able to delegate authentication tasks:

1. The web server takes care of denying unauthorized access to protected resources
2. The browser takes care of asking for username and password when required

So you have a working system with minimum effort.

Now, if you use an HTML form to ask for credentials, the server will know who you are but the browser won't: it'll ask for credentials as soon as it finds the WWW-Authenticate response header and the 401 status code. For this to work, the browser has to send an Authorization request header on every HTTP request; however, your form cannot instruct the browser to send the appropriate HTTP header.

Of course, you can write your own server-side authentication code in PHP, configure the server to parse static files through it and omit 401 and WWW-Authenticate as soon as you get valid credentials (which then need to be stored somewhere else, e.g., a PHP session). But then you've lost all the advantages of HTTP authentication: at this point, a custom login handler with PHP sessions will be a much easier solution.

To sum up:

• If you need simplicity, forget about HTML forms
• If you need HTML forms, write your own code

Answer 3

How can I use HTTP basic Authentication and have the user submit their Username and Password in a HTML form

No way.

please recommend something easy and simple to do.

sessions, cookies.
google for PHP auth tutorial and get over 9000 articles

oh well, one of them

<?
if (isset($_POST['auth_name'])) {
  $name=mysql_real_escape_string($_POST['auth_name']);
  $pass=mysql_real_escape_string($_POST['auth_pass']);
  $query = "SELECT * FROM users WHERE name='$name' AND pass='$pass'";
  $res = mysql_query($query) or trigger_error(mysql_error().$query);
  if ($row = mysql_fetch_assoc($res)) {
    session_start();
    $_SESSION['user_id'] = $row['id'];
    $_SESSION['ip'] = $_SERVER['REMOTE_ADDR'];
  }
  header("Location: http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
  exit;
}
if (isset($_GET['action']) AND $_GET['action']=="logout") {
  session_start();
  session_destroy();
  header("Location: http://".$_SERVER['HTTP_HOST']."/");
  exit;
}
if (isset($_REQUEST[session_name()])) session_start();
if (isset($_SESSION['user_id']) AND $_SESSION['ip'] == $_SERVER['REMOTE_ADDR']) return;
else {
include 'your design here.php';
?>
<form method="POST">
<input type="text" name="auth_name"><br>
<input type="password" name="auth_pass"><br>
<input type="submit"><br>
</form>
<? 
}
exit;
?>

intended to be put into file and called as require '/path/auth.php'; at the top of your scripts

Answer 4

jQuery library has ajax function which has "password" and "user" parameter for Authentication. When user click login you can get value of login and password and passed to $.ajax function.

$('#submit').click(function() {
   $.ajax({
      url: 'authenticated.php',
      username: $('#login').val(),
      password: $('#passwd').val(),
      success: function(data) {
         //do something with data from the server
      }
   });
   return false;
});