How to get username & password on HTTPS request on serverside in php
But this is fine for HTTP connection. I have never used HTTPS connection for web services, So i want to know Is there some other way to pass username & password over HTTPS connection? So how to retrieve data from that request. My client wants to send these data in header information some thing like
Method: POST Content-Type: application/x-www-form-urlencoded Content: username=mynames&password=abcabc i agree that protocol does not matter, But if this information in coming in header as i have mentioned now in question. and i have clue to retrieve this data.
U use $_REQUEST it is not a header information, If U want use HTTP Auth Basic (or same) ask right question ))
3 Answers 3
HTTPS is effectively transparent to PHP code. It’s entirely handled by the browser and the server. You can access the $_REQUEST variables exactly the same as with an HTTP request.
Edit (slightly modified question):
If your client wants you to have a login form to submit the username and password (as your changes to the question indicate), you just make form inputs the same as you would normally in an HTTP connection. Name them «username» and «password», respectively, and then pull their data from $_POST on the page you’re posting the form to. Setting up the server to respond on HTTPS will make it handle everything else transparently, as I mentioned previously.
PHP Get username from another php page
How do I get my Username and password from one php page that checks to see if the username and password is correct then to another which simply prints out what the user typed in on the page before. I don’t want to use ‘include’ because that executes my entire php file which will not work because it runs the login form twice and it then redirects me to my invalid login form page. On a lot of website where you login in on one page then on the next page it says welcome, your name, this is pretty much what I am trying to do. I have tried to include it, used ob_start() and then include then ob_end_clean(), after the user types they info I tried to put that in one php file, all of these didn’t work. I feel it is a lot simpler than all of this but I just don’t know how to do it. Here is my php file that checks if the username and password are correct.
At what point did you assign them into the session? I see you reading from it $usr = $_SESSION[‘username’] but I don’t see you writing to it: $_SESSION[‘username’] = $usrArray[0] (Shawn).
Is there a reason you want to store passwords in the session? That is generally not a good idea and there is almost always another way to do it.
The only reason I am storing them in a session is because I thought that is the way to get it from file to file but I used to store it in a post so maybe I should go back to that
Michael, I think I don’t want to set it equal to $usrArray[0] because I want to check to see if $usr and $usrArray are the same which I do in my if statement. Thanks, Shawn
Get a user by username and password with Laravel
I need to do some extra checks on a user, I would like to get the user by username and password. Firstly: Is there a built in function that gets a user by username and password without authenticating them? Secondly: If the above is no, then how do I correctly hash the password, because if I use Hash::make( $password ) and then compare to the database, it is not the same. You would usually use Hash::check but I need to actually get the user by username and password.
4 Answers 4
In Laravel 5.2
You can use Auth::once($credentials) to validate credentials and thereafter Auth::getUser(); to get the user.
$credentials = Request::only('username', 'password'); if(!Auth::once($credentials)) < // Invalid user credentials; throw Exception. >$user = Auth::getUser(); I like that this method doesn’t require getting the User model involved to write a DB query, but I’m hesitant to use this, since the documents state the user is still authenticated as part of this process. Makes me wonder if I’m opening myself up to some potential issues down the road. After reading Laravel 8.x docs, I’m unable to find a better alternative, though.
If you want to check if user data to authentication is correct you can use:
if (Auth::validate($credentials)) < // >But if you want to get user from database with user and password, you can use:
$user = User::whereName($username)->wherePassword(Hash::make($password))->first(); To store password in database you should use Hash::make($password) as you showed and it works without any problems. Using Auth::validate should solve the issue.
@Jimmyt1988 Yes, you use it the same as attempt function but attempt will log user and this one won’t
Hash::make($password) does not create the same password as is in the database (at least with Laravel 5.7). So this doesn’t work.
Yes, there is a built in function you should use. I recommend you to read the docs. But here’s a good example, it’s pretty self-evident:
$input = array( 'username' => Input::get('username'), 'password' => Input::get('password'), ); $remember = (boolean)Input::get('remember'); //'Remember me' checkbox if (Auth::attempt($input, $remember)) < return Redirect::intended('dashboard')->with("success", "You're logged in!"); //Redirect the user to the page intended to go to, with the dashboard page as default > Registering a user looks something like this:
$input = array( 'username' => Input::get('username'), 'email' => Input::get('email'), 'password' => Hash::make(Input::get('password')) //Encrypt password ); $user = User::create($input); I also recommend you to read about input validation. I hope this helps, good luck.
Edit: I didn’t read the «without authenticating them» part. You should use Auth::validate($input) as Marcin already explained.
How to get included username and password from URLs
In PHP I tried to get user and Password via $_SERVER[«PHP_AUTH_USER»]. But this is not set. How do I get access to the variable? Please: I know that there are other possibilities to transport username etc. like domain.com/file.php?USR=’hello’ . My approach is to get a solution by sending it with . @ in front of the domain. THX in advance for any hint. var_dump($_SERVER) gives the following:
array(38) < ["PATH"]=>string(60) "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" ["USER"]=> string(8) "12345" ["HOME"]=> string(20) "/www/htdocs/12345" ["FCGI_ROLE"]=> string(9) "RESPONDER" ["UNIQUE_ID"]=> string(27) "dhdhgdh-0rIG@VoNnAAAABA" ["HTTP_AUTHORIZATION"]=> string(0) "" ["HTTP_HOST"]=> string(17) "host.de" ["HTTP_USER_AGENT"]=> string(77) "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:74.0) Gecko/20100101 Firefox/74.0" ["HTTP_ACCEPT"]=> string(74) "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8" ["HTTP_ACCEPT_LANGUAGE"]=> string(23) "de,en-US;q=0.7,en;q=0.3" ["HTTP_ACCEPT_ENCODING"]=> string(13) "gzip, deflate" ["HTTP_CONNECTION"]=> string(10) "keep-alive" ["HTTP_COOKIE"]=> string(177) "hys_autoplay=false; _pk_id.2.459d=c9b4d5b7244b15e8.1582627031.1.1582627031.1582627031.; PHPSESSID=69c09a014b52db27b8a23ba739440e97; PIWIK_SESSID=2245baf1d465642b8b63c605cccd2c5c" ["HTTP_UPGRADE_INSECURE_REQUESTS"]=> string(1) "1" ["SERVER_SIGNATURE"]=> string(0) "" ["SERVER_SOFTWARE"]=> string(6) "Apache" ["SERVER_NAME"]=> string(17) "domain.de" ["SERVER_ADDR"]=> string(12) "85.12.123.25" ["SERVER_PORT"]=> string(2) "80" ["REMOTE_ADDR"]=> string(13) "101.12.12.193" ["DOCUMENT_ROOT"]=> string(36) "/www/htdocs/12345/hunting/" ["REQUEST_SCHEME"]=> string(4) "http" ["CONTEXT_PREFIX"]=> string(0) "" ["CONTEXT_DOCUMENT_ROOT"]=> string(36) "/www/htdocs/12345/hunting/" ["SERVER_ADMIN"]=> string(27) "webmaster@hunting.com" ["SCRIPT_FILENAME"]=> string(53) "/www/htdocs/12345/domain/test/analyser.php" ["REMOTE_PORT"]=> string(5) "10412" ["GATEWAY_INTERFACE"]=> string(7) "CGI/1.1" ["SERVER_PROTOCOL"]=> string(8) "HTTP/1.1" ["REQUEST_METHOD"]=> string(3) "GET" ["QUERY_STRING"]=> string(0) "" ["REQUEST_URI"]=> string(18) "/test/analyser.php" ["SCRIPT_NAME"]=> string(18) "/test/analyser.php" ["PHP_SELF"]=> string(18) "/test/analyser.php" ["REQUEST_TIME_FLOAT"]=> float(1584465038.95) ["REQUEST_TIME"]=> int(1584465038) ["argv"]=> array(0) < >["argc"]=> int(0) > RewriteEngine on RewriteRule .* - [E=HTTP_AUTHORIZATION:%,L]