CURL HTTP Authentication at server side
Solution 1
Zend Framework has a ready-made component for handling HTTP authentication.
Checkout the examples at
If you don't want to use that, you can still go the "old-school" way, as described in
and manually check on $_SERVER['PHP_AUTH_USER']
and $_SERVER['PHP_AUTH_PW']
Solution 2
You need to set CURLOPT_HTTPAUTH
to CURLAUTH_BASIC
.
That way, in the target script, PHP_AUTH_USER
and PHP_AUTH_PW
(plain text) will be available.
Calling script:
<?php
$ch = curl_init('https://localhost/target.php');
// ...
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_exec($ch);
?>
In target.php:
$user = $_SERVER['PHP_AUTH_USER'];
$pass = $_SERVER['PHP_AUTH_PW'];
I suggest executing the cURL request over HTTPS since username and password are transmitted plain text.
Solution 3
you can send username and password as post fields
$post_data = $user.":".$pass
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);
you can get the credentials using $_POST
![shasi kanth](https://i.stack.imgur.com/Fuczv.jpg?s=256&g=1)
shasi kanth
I am a Web Developer, Husband, Father and Singer. [I am #SOreadytohelp] When not doing work, I would spend time with meditation and music. My Developer Story
Updated on June 28, 2020Comments
-
shasi kanth about 4 years
I am building a web service with Zend and i have to authenticate the users before sending them response. The user will send a request to a server page, using curl, passing his credentials in the form of
curl_setopt($curl, CURLOPT_USERPWD, 'key:pass')
;Iam using Zend framework and so the server side page is denoted like:
http://www.example.com/app_name/public/controller/action/parameter
Here is the total code for user's request (client.php):
<?php $curl = curl_init('http://www.example.com/app/public/user/add/1'); curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl, CURLOPT_USERPWD, 'username:password'); curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_ANY); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true); curl_setopt($curl, CURLOPT_USERAGENT, 'Sample Code'); $response = curl_exec($curl); $resultStatus = curl_getinfo($curl); if($resultStatus['http_code'] == 200) { echo $response; } else { echo 'Call Failed '.print_r($resultStatus); } ?>
Now what i want is that, i must be able to retrieve the username and password at the server side (in my zend controller), so that i can verify the user credentials from database and send the response accordingly. So how can i do authentication in another page?
-
shasi kanth over 13 yearsIam able to get those values only if i give the target file as .php, which is located inside the root directory. But iam using zend and the target file is a controller file with an action, that takes a parameter. I have edited the question with more information.
-
shasi kanth over 13 yearsbut, for the second case, as i said in the below comment, iam not getting those variables in the $_SERVER array. They appear only if the target page is a php file, which exists in the root directory.
-
shasi kanth over 13 yearsIam also able to get those values in $_SERVER array, if iam not using zend framework, and specify my curl url something like: localhost/pt1/public/api/v1/target.php, which is not part of zend application, and which is just a folder hierarchy. But how do i do it with zend controller and action?
-
Gordon over 13 years@dskanth depending on what authentication negotiated, you might have Digest authentication. See the second example in the PHP Manual and verify whether you have
PHP_AUTH_DIGEST
set -
Linus Kleen over 13 yearsI'm sorry, @dskanth. I have no idea. Me and Zend Framework aren't particular friends.
-
shasi kanth over 13 yearsOh... yes, i have PHP_AUTH_DIGEST set, how can i modify this example to validate the credentials at the server side?
-
Gordon over 13 years@dskanth the example already does what you are asking for. I suggest you either read up on the used functions in the example or use the Zend_Auth component.
-
mikiqex about 6 yearsCorrection:
$pass = $_SERVER['PHP_AUTH_PW'];
, see php.net/manual/en/features.http-auth.php -
Linus Kleen about 6 years@mikiqex Thanks for pointing that out. I corrected the answer accordingly.