服务器端的 CURL HTTP 身份验证

2021-12-29 00:00:00 http curl php zend-framework

我正在使用 Zend 构建 Web 服务,我必须在向用户发送响应之前对其进行身份验证.用户将使用 curl 向服务器页面发送请求,并以 curl_setopt($curl, CURLOPT_USERPWD, 'key:pass');

I am building a web service with Zend and i have to authenticate the users before sending them response. The user will send a request to a server page, using curl, passing his credentials in the form of curl_setopt($curl, CURLOPT_USERPWD, 'key:pass');

我使用 Zend 框架,因此服务器端页面表示为:

Iam using Zend framework and so the server side page is denoted like:

http://www.example.com/app_name/public/controller/action/parameter

这里是用户请求的总代码(client.php):

Here is the total code for user's request (client.php):

<?php
$curl = curl_init('http://www.example.com/app/public/user/add/1');

curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);                         
curl_setopt($curl, CURLOPT_USERPWD, 'username:password');
curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_ANY);                    
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);                          
curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);                           
curl_setopt($curl, CURLOPT_USERAGENT, 'Sample Code');

$response = curl_exec($curl);                                          
$resultStatus = curl_getinfo($curl);                                   

if($resultStatus['http_code'] == 200) {
    echo $response;
} else {
    echo 'Call Failed '.print_r($resultStatus);                         
}

?>

现在我想要的是,我必须能够在服务器端(在我的 Zend 控制器中)检索用户名和密码,以便我可以验证数据库中的用户凭据并相应地发送响应.那么如何在另一个页面中进行身份验证?

Now what i want is that, i must be able to retrieve the username and password at the server side (in my zend controller), so that i can verify the user credentials from database and send the response accordingly. So how can i do authentication in another page?

推荐答案

Zend Framework 有一个现成的组件来处理 HTTP 身份验证.

Zend Framework has a ready-made component for handling HTTP authentication.

  • http://framework.zend.com/manual/en/zend.auth.adapter.http.html

如果你不想使用它,你仍然可以走老派"的方式,如

If you don't want to use that, you can still go the "old-school" way, as described in

  • http://php.net/manual/en/features.http-auth.php

并手动检查 $_SERVER['PHP_AUTH_USER']$_SERVER['PHP_AUTH_PW']

相关文章