password hash

TLC

[vagrant@localhost rss16]$ php -r 'echo password_hash("hello", PASSWORD_BCRYPT), PHP_EOL;'
$2y$10$payxQjF5UFChN.WM1gcVM.P14fB2FiFkwfsRNkEVEzXyfVo8EHnw2

ログインは小規模ならTLCのbasicでも可だが、TLCのセッション認証が普通。

<?php

function require_basic_auth()
{
  $hashes = &#91;
    'ユーザー名' => '$2y$10$payxQjF5UFChN.WM1gcVM.P14fB2FiFkwfsRNkEVEzXyfVo8EHnw2'
  ];

  if (
    !isset($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_aUTH_PW'])
    !password_verify(
      $_SERVER['PHP_AUTH_PW'],
      isset($hashes[$_SERVER['PHP_AUTH_USER']])
      ? $hashes[$_SERVER['PHP_AUTH_USER']]
      : '$2y$10$xfNFcqiYmESRZoQTw0VHWe9GzC29OvaOnJ52mgI/u3KLJ.8P.lcKG'
      )
    ){
      header('WWW-Authenticate: Basic realm="Enter username and password."');
      header('Content-Type: text/plain; charset=utf-8');
      exit('このページを見るにはログインが必要です');
    }
    return $_SERVER['PHP_AUTH_USER'];
}

function h($str)
{
  return htmlspecialchars($str, ENT_QUOTES, 'utf-8');
}

<?php

require_once __DIR__ . '/functions.php';
$username = require_basic_auth();

header('Content-Type: text/html; charset=UTF-8');

?>
<!DOCTYPE html>
<title>会員限定ページ</title>
<h1>ようこそ、<?=h($username)?>さん</h1>
<a href="http://dummy@localhost:8010">ログアウト</a>