Basic auth with curl php

Содержание

HTTP Basic Authentication with PHP
Example of HTTP Basic Auth
Hashing passwords
Testing with curl
Conclusion
References
PHP: Using cURL with Basic HTTP Authentication.
401 Unauthorized.
Using the CURLOPT_USERPWD option.
Using CURLOPT_HTTPHEADER.
How to make a PHP curl request with basic authentication
How to use Basic Authentication with PHP Curl
What is Basic Authentication?
Using Basic Authentication with PHP Curl
How to use basic authorization in PHP curl
Join the world’s most active Tech Community!
Welcome back to the World’s most active Tech Community!
Subscribe to our Newsletter, and get personalized recommendations.
TRENDING CERTIFICATION COURSES
TRENDING MASTERS COURSES
COMPANY
WORK WITH US
DOWNLOAD APP
CATEGORIES
CATEGORIES

HTTP Basic Authentication with PHP

There many ways of performing authentication over the web. You can use a token and pass it as a special header. This is commonly done with API tokens. You can also use a cookie to store a session token. This is common for webservers that have a database session in the backend.

One simple method is to use HTTP Basic Access Authentication. This involves adding a header that contains your username and password. The proper format for the header is:

Authorization: Basic XXXXXX

Where XXXXXX is your credentials in the form of username:password with base64 encoding.

PHP automatically decodes and splits the username and password into special named constants:

PHP_AUTH_USER with the username as a plain-text string
PHP_AUTH_PW with the password as a plain-text string

We will look at how to restrict a page using HTTP basic authentication in PHP.

Example of HTTP Basic Auth

Access denied. You did not enter a password.
'; exit; // Be safe and ensure no other content is returned. > // If we get here, username was provided. Check password. if ($_SERVER['PHP_AUTH_PW'] == '$ecret') < echo 'Access granted. You know the password!
'; > else < echo 'Access denied! You do not know the password.
'; >

Hashing passwords

Really, you should never be storing passwords in plain-text. If you are storing user account information in a file or a database, the password should be hashed with a salt and each user should have a unique salt. The salt will be useful if the database is ever compromised by making it harder to crack the passwords by reducing the effectiveness of rainbow tables. It will also reduce the amount of identical hashes caused by people using the same password.

PHP’s password_hash() can take care of the hashing and the salt generation. Here is a quick example, but you can read more about Safe Password Hashing.

You use password_hash() to generate the hash that you want to store in your database or password file. This will include the salt.

When a user attempts to authenticate and they provide a password, you use crypt() and pass it the user-supplied password along with your stored hash and then compare that to the stored hash. See the example below.

Testing with curl

If you want to test, an easy way to send an HTTP request with a properly formatted header is with curl . It has a convenient —user option you can set like this:

curl --user my_username:my_password http://localhost:8000/

Conclusion

After reading this, you should understand how to restrict a page using simple HTTP basic authentication in PHP.

References

Источник

PHP: Using cURL with Basic HTTP Authentication.

This is a short PHP tutorial on how to use cURL to make a Basic Access Authentication request. In this post, I will show you how to configure PHP’s cURL functions to access a web resource that is protected by basic HTTP authentication.

401 Unauthorized.

If you send a cURL request to a URL that is protected by HTTP authentication, the response will probably look something like this:

401 Unauthorized: You need a valid user and password to access this content.

The issue here is that the resource is protected and you did not provide a valid username and password. As a result, the server responded with a 401 Unauthorized response.

Using the CURLOPT_USERPWD option.

To solve this, we can use the CURLOPT_USERPWD option. This option allows us to tell cURL what username and password to use while making the request.

An example of it being used:

//The URL of the resource that is protected by Basic HTTP Authentication. $url = 'http://site.com/protected.html'; //Your username. $username = 'myusername'; //Your password. $password = 'mypassword'; //Initiate cURL. $ch = curl_init($url); //Specify the username and password using the CURLOPT_USERPWD option. curl_setopt($ch, CURLOPT_USERPWD, $username . ":" . $password); //Tell cURL to return the output as a string instead //of dumping it to the browser. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); //Execute the cURL request. $response = curl_exec($ch); //Check for errors. if(curl_errno($ch)) < //If an error occured, throw an Exception. throw new Exception(curl_error($ch)); >//Print out the response. echo $response;

In the example above, we set the username and password using the CURLOPT_USERPWD option. As a result, our cURL client will end up sending the following header:

Authorization: Basic bXl1c2VybmFtZTpteXBhc3N3b3Jk

In some cases, the resource in question might be expecting a POST request. Therefore, you might need to change the request above from a GET request to a POST request.
The CURLOPT_USERPWD option sends the username and password combination in a base64 format. This means that a combination of “MyUsername:MyPassword” will become “TXlVc2VybmFtZTpNeVBhc3N3b3Jk”. However, it is important to note that base64 does not make this request any more secure. Therefore, it is advisable that you configure both the cURL client and the server to use SSL. This is to prevent man-in-the-middle attacks.
Other options may need to be configured depending on your situation. In other words, the code above might not work “straight out of the box”.

Using CURLOPT_HTTPHEADER.

Alternatively, you can use the CURLOPT_HTTPHEADER, which allows you manually create headers. In the example below, we manually set the Content-Type and Authorization headers:

//HTTP username. $username = 'myusername'; //HTTP password. $password = 'mypassword'; //Create the headers array. $headers = array( 'Content-Type: application/json', 'Authorization: Basic '. base64_encode("$username:$password") ); //Set the headers that we want our cURL client to use. curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);

The code above should be used in lieu of the CURLOPT_USERPWD option.

Hopefully, you found this guide to be useful!

Источник

How to make a PHP curl request with basic authentication

When accessing API request over PHP curl, some routes are authentication required. Also third party API mostly required to authenticate before accepting request. This can be done by Bearer or Basic authentication method.

In this article, we will see how to send PHP curl request on authentication protected url. You need to send user and password data with the request. Below example send the get request which requires basic authentication:

[email protected]'; $password = '123456'; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_USERPWD, $username.':'.$password); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $response = curl_exec($ch); curl_close($ch);

You can also send curl request using Authorization header. Curl CURLOPT_USERPWD option basically send Authorization header with value of username:password in a base64 format. You can do it as below:

[email protected]'; $password = '123456'; $headers = array( 'Authorization: Basic '. base64_encode($username.':'.$password) ); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_HEADER, 1); curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $response = curl_exec($ch); curl_close($ch);

This way, you can also make curl request over the routes which requires authentication. If you like the article,like our Facebook page and follow us on Twitter.

Источник

How to use Basic Authentication with PHP Curl

In this tutorial we will have a ‘basic’ look at Basic Authentication, and how to use Basic Authentication with PHP Curl.

When sending a request to an API, often it will require some form of Authentication. One of the most common forms of HTTP authentication is Basic Authentication, owing to how easy it is to use and implement.

Note: For this tutorial I am going to assume that you have the PHP Curl extension installed and enabled on your server.

What is Basic Authentication?

Basic authentication is a way for a HTTP user agent to pass a username and password during a request.

To use Basic authentication a client must attach an ‘Authorization’ field to their request. The ‘Authorization’ field contains the word ‘Basic’ followed by a colon seperated, Base64 encoded string containing the username and password.

The basic (decoded) header format is:

Authorization: Basic example_username:example_password

Which becomes (when Base64 encoded):

Authorization: Basic ZXhhbXBsZV91c2VybmFtZTpleGFtcGxlX3Bhc3N3b3Jk

It is worth considering that Basic Authentication has security limitations when compared to something like OAuth because your login credentials are included with each request. Despite this, you will still find fairly wide spread Basic Authentication usage because of how easy it is to implement and manage. For several simple security use-cases, Basic Authentication is a perfectly acceptable solution to use, as long as you are aware that it isn’t completely secure.

Using Basic Authentication with PHP Curl

If you want to make a login call using Basic Authentication via PHP Curl then the snippet below should help you.

$username = 'gav'; $password = 'blog'; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, 'https://www.gavsblog.com'); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC); curl_setopt($ch, CURLOPT_USERPWD, "$username:$password"); $response = curl_exec($ch); curl_close($ch);

After intialising curl, we are using curl_setopt to configure the options. Specifically, we are setting the following:

‘CURLOPT_URL’ is used to specify the URL to call. In this example I’ve added a placeholder URL.
‘CURLOPT_RETURNTRANSFER’ is being used to set the response to a string value.
‘CURLOPT_HTTPAUTH’ specifies the authentication method to use. We are setting this to ‘CURLAUTH_BASIC’, which is default. If this doesn’t work for you, try setting it to ‘CURLAUTH_ANY’ and have the library find the right usage.
‘CURLOPT_USERPWD’ sets the username and password for Basic Authentication. This will Base64 encode your string and set the right ‘Authorization’ headers, basically saving you from having to do it yourself.

Note: For a full explanation of the parameters we are using, please refer to the PHP manual for curl_setopt.

Next, we use curl_exec to run curl and save the response to the ‘$response’ variable (remember we are returning the response as a string) and, finally, we close curl.

At this point you can do whatever it is that you wanted to do with the response!

Источник