CURL HTTP Authentication at server side

2019-02-04 16:07发布

问题:

I am building a web service with Zend and i have to authenticate the users before sending them response. The user will send a request to a server page, using curl, passing his credentials in the form of curl_setopt($curl, CURLOPT_USERPWD, 'key:pass');

Iam using Zend framework and so the server side page is denoted like:

http://www.example.com/app_name/public/controller/action/parameter

Here is the total code for user's request (client.php):

<?php
$curl = curl_init('http://www.example.com/app/public/user/add/1');

curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);                         
curl_setopt($curl, CURLOPT_USERPWD, 'username:password');
curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_ANY);                    
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);                          
curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);                           
curl_setopt($curl, CURLOPT_USERAGENT, 'Sample Code');

$response = curl_exec($curl);                                          
$resultStatus = curl_getinfo($curl);                                   

if($resultStatus['http_code'] == 200) {
    echo $response;
} else {
    echo 'Call Failed '.print_r($resultStatus);                         
}

?>

Now what i want is that, i must be able to retrieve the username and password at the server side (in my zend controller), so that i can verify the user credentials from database and send the response accordingly. So how can i do authentication in another page?

回答1:

Zend Framework has a ready-made component for handling HTTP authentication.

Checkout the examples at

  • http://framework.zend.com/manual/en/zend.auth.adapter.http.html

If you don't want to use that, you can still go the "old-school" way, as described in

  • http://php.net/manual/en/features.http-auth.php

and manually check on $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW']



回答2:

You need to set CURLOPT_HTTPAUTH to CURLAUTH_BASIC.

That way, in the target script, PHP_AUTH_USER and PHP_AUTH_PW (plain text) will be available.

Calling script:

<?php
$ch = curl_init('https://localhost/target.php');
// ...
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_exec($ch);
?>

In target.php:

$user = $_SERVER['PHP_AUTH_USER'];
$pass = $_SERVER['PHP_AUTH_PW'];

I suggest executing the cURL request over HTTPS since username and password are transmitted plain text.



回答3:

you can send username and password as post fields

$post_data = $user.":".$pass
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);

you can get the credentials using $_POST