HTTP is a hypertext transfer protocol is provides a standard for web browsers and communicate with server. It is an application layer protocol designed within the framework of the Internet protocol suite.
HTTP is also called a stateless protocol because each command is executed without command knowledge. The main reason that it is difficult to implement web site that react intelligence to the user input. HTTP client and server communicate via HTTP request and response messages. When the client submits a HTTP request to the server the server provides resources such as HTML files and it returns a response message to the clients.
There are three main http messages type are:
By default HTTP utilize TCP port 80 and alternatively can used port 8080.
HTTP Basic Authentication
If a HTTP client web browser request pages, the server response with 401 unauthorized status code. It include WWW authentication header field in his response. Header list must contain at least one authentication challenge applicable for requested pages.
The Basic authentication scheme that has authorized issue consist of a username and password where this is secrete only to sever and you.
The server response 401 contains authentication challenge of the token “Basic’ and value and pair specifying the name of the protected realm.
HTTP/1.1 401 Access Denied
WWW-Authenticate: Basic realm=”control panel”
After receipt of server response 401, your web browser prompts username and password. The authentication header of browser’s follow up request again contains token “Basic” and base 64 encoded of the username and colon, password.
Authentication: Basic QWRtaW46Zm9vYmFy
The base 64 decode the string and compare against his username and password database.
HTTP Advance Authentication with PHP
For password protected site the easiest way to use HTTP authentication, where if a browser request a protected page is not with correct username and password. The web server replies with HTTP 401 error mean unauthorized access and an invitation for the browser with proper username and password.
For set up an HTTP authentication use an Apache. Use PHP for server side script language. When we installed Apache module PHP provide two special global variable $PHP_AUTH_USER and $PHP_AUTH_PW. It contains username and password with current HTTP request. If username and password both are incorrect it will respond with an HTTP 401 error.
The first line informs the web browser authentication is done with a username and password and realm option let the particular username and password should be used when a group of web pages.
To protect an entire site we would use PHP’s include the function to use the code that perform the username and password check in every file on your site.