HTTP authentication is quite popular for web applications. It is pretty easy to implement and works for a range of http applications; not to mention your browser.
Basic Auth
The two main authentication schemes are ‘basic’ and ‘digest’. Basic is pretty easy to implement and appears to be the most common:
$ch = curl_init(); // set url curl_setopt($ch, CURLOPT_URL, "$url"); curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_DIGEST); curl_setopt($ch, CURLOPT_USERPWD, "user:Password"); // first authentication with a head request curl_setopt($ch, CURLOPT_NOBODY, 1); curl_exec($ch); // the get the real output curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_HEADER, 1); curl_setopt($ch, CURLOPT_HTTPGET, 1); $output = curl_exec($ch); $xml = simplexml_load_string($output); $json = json_encode($xml); $array = json_decode($json,TRUE); echo ""; print_r($output); echo "";
Digest:
Digest is designed to be more secure. The password is never sent over the wire in plain text, but rather as a hash. The implications of the usage of a hash is that itcan never be decrypted. We can only validate the hash by applying the same hash function to the password we have. If the hashes match, the password was correct.
No comments:
Post a Comment