PHP Security HTTP Authentication Step By Step Tutorial – Part 1:You possible have found a web page that you want to open, sudden peep out a dialog window asking for username and password. common example is early page at cpanel (control panel to manage the web server use web based). It use HTTP Authentication.
In protecting web page with HTTP authentication, you have to deliver two header. header WWW-AUTHENTICATE tell to browser that an username and password needed. The other header is the status, which should be HTTP/1.0 401 Unauthorized. Compare this to the usual header, HTTP/1.0 200 OK.
Example, create a file named “protectHTTP.php” within www\test\phpsecurity. Enter following code:
// test for username/password
if(($_SERVER[‘PHP_AUTH_USER’] == “mia”) AND
($_SERVER[‘PHP_AUTH_PW’] == “secret”))
//Send headers to cause a browser to request
//username and password from user
header(“WWW-Authenticate: ” .
“Basic realm=\”PHPEveryDay’s Protected Area\””);
header(“HTTP/1.0 401 Unauthorized”);
//Show failure text, which browsers usually
//show only after several failed attempts
print(“This page is protected by HTTP “);
Point your browser to http://localhost/test/phpsecurity/protecthttp.php. You will get like this:
PHP creates the PHP_AUTH_USER and PHP_AUTH_PW elements of the _SERVER array automatically if the browser passes a username and password.