• Finish
  • Require secure channel (SSL)
  • Authentication under IIS
  • Anonymous access option , and check Basic authentication( password sent in clear text) option
  • Encrypting Passwords in PHP
    		•

    Server Side Programming with php cpan542




    Download 0.5 Mb.
    bet4/4
    Sana20.06.2020
    Hajmi0.5 Mb.
    #10315
    1   2   3   4
    .cer).

     

    To complete installing the pending certificate request, perform the following steps:



    • start the IIS certificate again, and check Process the pending request and install the certificate option:

     



    • Browse to the downloaded certification file: 







    • Click OK button on the Secure Communications dialog and OK button on the Default Web Site Properties dialog.

    The certificate is now installed. The HTTPS requests must start with https://, for example https://localhost.  The browser will display the certificate when you make an HTTPS request.

     

       


    Authentication under IIS:

    The following steps illustrate the process of setting authentication under IIS for the Default Web Site. The same steps can be used to setup authentication for separate virtual directories:



    • From the Default Web Site Properties dialog box, select Directory Security tab.

    • Select the Edit  button under Anonymous access and authentication protocol

    • Uncheck Anonymous access option , and check Basic authentication( password sent in clear text) option

     

     



    • Click OK button and close the properties dialog box. When you access your website under IIS, you will be prompt to enter an existing Windows  user name /user password before you can access the web site.  You need to create separate Windows account for each user before he/ she can access the website.

     

    Encrypting Passwords in PHP:

    The PHP function string crypt(string[,salt] ) provides a one-way string encryption. The first argument to this function is a string to be encrypted and the second argument  is an optional salt string to base the encryption on. If the salt argument is not provided, one will be randomly generated by PHP.

    PHP doesn't provide a decryption function, therefore encrypted string cannot be decrypted back to the original string. However, the function crypt return the same result every time it runs. For example crypt("abcd","john") will always return joL7ydHPSHiwk. The following simple example  called pass.php shows how to validate an encrypted password:

     


    $user_id=$_POST["userID"];
    $user_password=$_POST["userPassword"];

    if ( strcmp($user_id,'john')==0 && strcmp(crypt($user_password,$user_id ),'joL7ydHPSHiwk')==0)


    {
    echo "Login successful";
    }

    else
    {


    echo "login unseccessful";
    }

    ?>


     

    Following is the HTML form that will be use to submit the user login to pass.php:



    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


    login form



    User ID:

    User Password







    Download 0.5 Mb.
    1   2   3   4




    Download 0.5 Mb.
    Bosh sahifa
    Aloqalar
        Bosh sahifa
    Dərs
    Mühazirə
    Qaydalar
    Referat
    Xülasə
    Yazı


    Server Side Programming with php cpan542

    Download 0.5 Mb.