PHP Security: HTTP Authentication

PHP Security HTTP Authentication Step By Step Tutorial – Part 1:You possible have found a web page that you want to open, sudden peep out a dialog window asking for username and password. common example is early page at cpanel (control panel to manage the web server use web based). It use HTTP Authentication.

In protecting web page with HTTP authentication, you have to deliver two header. header WWW-AUTHENTICATE tell to browser that an username and password needed. The other header is the status, which should be HTTP/1.0 401 Unauthorized. Compare this to the usual header, HTTP/1.0 200 OK.

Example, create a file named “protectHTTP.php” within www\test\phpsecurity. Enter following code:


// test for username/password
if(($_SERVER[‘PHP_AUTH_USER’] == “mia”) AND

($_SERVER[‘PHP_AUTH_PW’] == “secret”))






//Send headers to cause a browser to request

//username and password from user

header(“WWW-Authenticate: ” .

“Basic realm=\”PHPEveryDay’s Protected Area\””);

header(“HTTP/1.0 401 Unauthorized”);

//Show failure text, which browsers usually

//show only after several failed attempts

print(“This page is protected by HTTP “);



Point your browser to http://localhost/test/phpsecurity/protecthttp.php. You will get like this:



PHP creates the PHP_AUTH_USER and PHP_AUTH_PW elements of the _SERVER array automatically if the browser passes a username and password.



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s