Place Authorization: Basic on api

4

I'm creating an API as I said, and I need to use Authorization: Basic KEY to send login and password via header. Unfortunately I have no concept

header('Authorization: Basic dXNlcjpwYXNzd29yZA==');

This code I have to send and in other interpret code .. get this encoded data

    
asked by anonymous 08.08.2014 / 03:17

1 answer

8

The method of sending and interpreting is very simple. It is basic ;)

Shipping Code

<?php
ob_start();

$user = 'usuário';
$pass = 'senha';

$ch = curl_init();
curl_setopt( $ch, CURLOPT_URL, 'http://meusite.com.br/arquivo.php' ); 
curl_setopt( $ch, CURLOPT_HEADER, 0 );
curl_setopt( $ch, CURLOPT_HTTPHEADER, array('Authorization: Basic ' . base64_encode( $user . ':' . $pass ) ) );
curl_exec( $ch );
$resposta = ob_get_contents();
ob_end_clean();
$httpCode = curl_getinfo( $ch, CURLINFO_HTTP_CODE );
curl_close( $ch );

header("Content-Type: text/html; charset=utf8");
echo "$httpCode<br>$resposta";

Archive code .php - Data reception

<?php
$username =
$password = 
$mod = NULL;

// Método para mod_php (Apache)
if ( isset( $_SERVER['PHP_AUTH_USER'] ) ):
    $username = $_SERVER['PHP_AUTH_USER'];
    $password = $_SERVER['PHP_AUTH_PW'];
    $mod = 'PHP_AUTH_USER';

// Método para demais servers
elseif ( isset( $_SERVER['HTTP_AUTHORIZATION'] ) ):

    if ( preg_match( '/^basic/i', $_SERVER['HTTP_AUTHORIZATION'] ) )
      list( $username, $password ) = explode( ':', base64_decode( substr( $_SERVER['HTTP_AUTHORIZATION'], 6 ) ) );

    $mod = 'HTTP_AUTHORIZATION';

endif;

// Se a autenticação não foi enviada
if ( is_null( $username ) ):

    header('WWW-Authenticate: Basic realm="Sistema de Testes"');
    header('HTTP/1.0 401 Unauthorized');
    die('Acesso negado.');

// Se houve envio dos dados
else:
    header('WWW-Authenticate: Basic realm="Sistema de Testes"');
    header('HTTP/1.0 200 OK');

    echo "<p>Olá <strong>{$username}</strong>.</p>";
    echo "<p>Sua senha é <strong>{$password}</strong>.</p>";
    echo "<small>Servidor usando <strong>{$mod}</strong>.</small>";

endif;

Note that on reception, if your server uses mod_php there is no need to decode the data. Apache itself will take care of this by putting user and password in the respective server variables: $ _ SERVER ['PHP_AUTH_USER'] and $ _ SERVER ['PHP_AUTH_PW']

>

For other types of server, there is a need to decode and "break" the sent code.

The above code is not checking or comparing uploaded data. It only checks to see if authentication was sent and shows what data was sent and which method received it.

Of course the ideal is to verify user and password, using the following correct header:

Unauthenticated

header('HTTP/1.0 401 Unauthorized');

Authenticated - GET

header('HTTP/1.0 200 OK');

Authenticated - PUT

header('HTTP/1.0 201 Created');

Authenticated - DELETE

header('HTTP/1.0 204 No Content');

Server Error

header('HTTP/1.0 500 Internal Server Error');

For a complete list, go to: link

A useful tool for testing returns is the link

Always remember that to use commands like header , your code may not have printed anything at all before, since header modifies the generated page header.

I hope I have helped!

    
08.08.2014 / 19:33