[英]PHP HTTP Authentication Failing To Authenticate
我正在用PHP为不支持SSL的服务器创建Web应用程序。 如果您想炫耀SSL认证的质量,请在其他地方进行。 我正在使用HTTP身份验证和PHP以及一些javascript。 这是登录表单页面:
<?php header('Content-type: text/html; charset=utf-8'); ?>
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" href="/assets/style.css"/>
<script>
function getHTTPObject() {
if (typeof XMLHttpRequest != 'undefined') {
return new XMLHttpRequest();
}
try {
return new ActiveXObject("Msxml2.XMLHTTP");
} catch (e) {
try {
return new ActiveXObject("Microsoft.XMLHTTP");
} catch (e) {}
}
return false;
}
function login(form, action)
{
var http = getHTTPObject();
var username = form.citizenid.value + "-username";
var password = form.cikatid.value + form.redid.value + "-password";
http.open("get", action, false, username, password);
http.send("");
if (http.status == 200) {
document.location = action;
} else {
alert("Incorrect username and/or password.");
}
return false;
}
</script>
<title>
Corstekistan - eVote
</title>
</head>
<body>
<?php
include $_SERVER['DOCUMENT_ROOT'] . "/assets/headevote.php";
?>
<hr/>
<span class="title">eVote - By The Republic of Corstekistan</span>
<p>eVote lets you participate in Corsteki elections and referendums online. To begin, please fill out the information below to prove that you are a citizen of The Republic of Corstekistan.</p>
<span style="text-align: center;margin-left: auto;margin-right:auto">
<form name="citizenproof" action="" method="get">
<fieldset style="width: 400px;margin-left: auto;margin-right: auto">
<legend>Provide Proof Of Citizenship</legend>
<noscript><span style="font-weight: bold;color: red">This webpage requires JavaScript to function. Please enable it or use a modern web browser.<br/></span></noscript>
<span style="font-weight: bold;color: red" id="err"></span>
Citizen ID: <input type="text" name="citizenid" required="true"/>
<br/>
CĪKAT ID: <input type="text" name="cikatid" required="true"/>
<br/>
Red ID: <input type="text" name="redid" required="true"/>
<br/>
<input type="button" value="Sign In" onclick="login(this.form, '/evote/votesys')"/>
</fieldset>
</form>
<p>Don't know how to find the CĪKAT and Red IDs on your National ID Card? Click <a href="idguide.php">here</a></p>
</span>
这是受保护的页面:
<?php
if (!isset($_SERVER['PHP_AUTH_USER'])) {
header('WWW-Authenticate: Basic realm="eVote"');
header('HTTP/1.0 401 Unauthorized');
echo 'Text to send if user hits Cancel button';
exit;
} else {
echo "<p>Hello {$_SERVER['PHP_AUTH_USER']}.</p>";
echo "<p>You entered {$_SERVER['PHP_AUTH_PW']} as your password.</p>";
}
?>
当我单击“登录”时,它不会像应有的那样将我重定向到受保护的页面。 而是弹出一个对话框,要求我进行身份验证。 我究竟做错了什么?
您正在使用AJAX执行此登录(它是异步的)。 这意味着它不会重定向您。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.