16

I am building a web service with Zend and i have to authenticate the users before sending them response. The user will send a request to a server page, using curl, passing his credentials in the form of curl_setopt($curl, CURLOPT_USERPWD, 'key:pass');

Iam using Zend framework and so the server side page is denoted like:

http://www.example.com/app_name/public/controller/action/parameter

Here is the total code for user's request (client.php):

<?php
$curl = curl_init('http://www.example.com/app/public/user/add/1');

curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);                         
curl_setopt($curl, CURLOPT_USERPWD, 'username:password');
curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_ANY);                    
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);                          
curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);                           
curl_setopt($curl, CURLOPT_USERAGENT, 'Sample Code');

$response = curl_exec($curl);                                          
$resultStatus = curl_getinfo($curl);                                   

if($resultStatus['http_code'] == 200) {
    echo $response;
} else {
    echo 'Call Failed '.print_r($resultStatus);                         
}

?>

Now what i want is that, i must be able to retrieve the username and password at the server side (in my zend controller), so that i can verify the user credentials from database and send the response accordingly. So how can i do authentication in another page?

Improve this question
1
  • Well, i have been using CURLOPT_HTTPHEADER for sending the params in header and iam able to retrieve them in the controller, like: $request->getHeader('param'); Commented Feb 11, 2011 at 13:18

3 Answers 3

Reset to default
9

Zend Framework has a ready-made component for handling HTTP authentication.

Checkout the examples at

If you don't want to use that, you can still go the "old-school" way, as described in

and manually check on $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW']

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

but, for the second case, as i said in the below comment, iam not getting those variables in the $_SERVER array. They appear only if the target page is a php file, which exists in the root directory.
@dskanth depending on what authentication negotiated, you might have Digest authentication. See the second example in the PHP Manual and verify whether you have PHP_AUTH_DIGEST set
Oh... yes, i have PHP_AUTH_DIGEST set, how can i modify this example to validate the credentials at the server side?
@dskanth the example already does what you are asking for. I suggest you either read up on the used functions in the example or use the Zend_Auth component.
6

You need to set CURLOPT_HTTPAUTH to CURLAUTH_BASIC.

That way, in the target script, PHP_AUTH_USER and PHP_AUTH_PW (plain text) will be available.

Calling script:

<?php
$ch = curl_init('https://localhost/target.php');
// ...
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_exec($ch);
?>

In target.php:

$user = $_SERVER['PHP_AUTH_USER'];
$pass = $_SERVER['PHP_AUTH_PW'];

I suggest executing the cURL request over HTTPS since username and password are transmitted plain text.

Improve this answer

5 Comments

Iam able to get those values only if i give the target file as .php, which is located inside the root directory. But iam using zend and the target file is a controller file with an action, that takes a parameter. I have edited the question with more information.
Iam also able to get those values in $_SERVER array, if iam not using zend framework, and specify my curl url something like: localhost/pt1/public/api/v1/target.php, which is not part of zend application, and which is just a folder hierarchy. But how do i do it with zend controller and action?
I'm sorry, @dskanth. I have no idea. Me and Zend Framework aren't particular friends.
Correction: $pass = $_SERVER['PHP_AUTH_PW'];, see php.net/manual/en/features.http-auth.php
@mikiqex Thanks for pointing that out. I corrected the answer accordingly.
1

you can send username and password as post fields 

$post_data = $user.":".$pass
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);

you can get the credentials using $_POST

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.