Menu
I am building a web service with Zend and i have to authenticate the users before sending them response. The user will send a request to a server page, using curl, passing his credentials in the form of curl_setopt($curl, CURLOPT_USERPWD, 'key:pass');
Iam using Zend framework and so the server side page is denoted like:
http://www.example.com/app_name/public/controller/action/parameter
Here is the total code for user's request (client.php):
<?php
$curl = curl_init('http://www.example.com/app/public/user/add/1');
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_USERPWD, 'username:password');
curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($curl, CURLOPT_USERAGENT, 'Sample Code');
$response = curl_exec($curl);
$resultStatus = curl_getinfo($curl);
if($resultStatus['http_code'] == 200) {
echo $response;
} else {
echo 'Call Failed '.print_r($resultStatus);
}
?>
Now what i want is that, i must be able to retrieve the username and password at the server side (in my zend controller), so that i can verify the user credentials from database and send the response accordingly. So how can i do authentication in another page?
641
To send basic auth credentials with Curl, use the "-u login: password" command-line option. Curl automatically converts the login: password pair into a Base64-encoded string and adds the "Authorization: Basic [token]" header to the request.
For example, if a website has protected content curl allows you to pass authentication credentials. To do so use the following syntax: curl --user "USERNAME:PASSWORD" https://www.domain.com . “USERNAME” must be replaced with your actual username in quotes.
Sending the Bearer Token with a Curl POST request is similar to sending the Bearer Token with a Curl GET request. POST data is passed with the -d command-line option, and the authorization header and the bearer token are passed with the -H command-line option.
Once the user has filled in a username and a password, the URL containing the PHP script will be called again with the predefined variables PHP_AUTH_USER , PHP_AUTH_PW , and AUTH_TYPE set to the user name, password and authentication type respectively. These predefined variables are found in the $_SERVER array.
Zend Framework has a ready-made component for handling HTTP authentication.
Checkout the examples at
If you don't want to use that, you can still go the "old-school" way, as described in
and manually check on $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW']
187
You need to set CURLOPT_HTTPAUTH to CURLAUTH_BASIC.
That way, in the target script, PHP_AUTH_USER and PHP_AUTH_PW (plain text) will be available.
Calling script:
<?php
$ch = curl_init('https://localhost/target.php');
// ...
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_exec($ch);
?>
In target.php:
$user = $_SERVER['PHP_AUTH_USER'];
$pass = $_SERVER['PHP_AUTH_PW'];
I suggest executing the cURL request over HTTPS since username and password are transmitted plain text.
44
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
