我想用htaccess以及htpasswd的文件和PHP的服务器端code创建一个登录系统,但是当我在用户登录希望能够识别用户,所以我怎么能知道用户输入在为自己的用户名使用PHP code(我想我不需要知道密码,如果他们已经成功地访问受限页)?
I want to create a log in system using htaccess and htpasswd file and PHP for the server-side code, but when the user logs in I want to be able to identify that user, so how can I know what the user typed in as their username using PHP code (I assume I won't need to know the password if they've managed to access the restricted page)?
非常感谢, 本
您只需要下面来获取用户名是当前用于身份验证的会话:
You just need the following to get the username that is currently in use for an authenticated session:
$_SERVER['PHP_AUTH_USER']
鉴于@奔的评论我现在已经找到了PHP文档中的部分在与 HTTP认证PHP 解释这是怎么回事:
In light of @Ben's comment I've now found the section in the PHP documentation at HTTP authentication with PHP that explains what's going on:
对于PHP 4.3.0,以prevent
有人写一个脚本
揭示的密码的页面
通过了身份验证
传统的外部机制,
PHP_AUTH变量将不会被如果设置
启用了外部认证
特定页面和安全模式
启用。无论如何, REMOTE_USER
即可
被用于识别
外部认证的用户。那么你
可以使用 _ SERVER ['REMOTE_USER']
。
As of PHP 4.3.0, in order to prevent
someone from writing a script which
reveals the password for a page that
was authenticated through a
traditional external mechanism, the
PHP_AUTH variables will not be set if
external authentication is enabled for
that particular page and safe mode is
enabled. Regardless, REMOTE_USER
can
be used to identify the
externally-authenticated user. So, you
can use _SERVER['REMOTE_USER']
.