How to enable Apache HTTP Authentication using PHP

The easiest way to password-protect a site is to use HTTP Authentication, where if a browser’s request for a protected page is not accompanied by the correct username and password, the Web server replies with an HTTP 401 error – which means “Unauthorized Access” – and an invitation for the browser to re-submit the request with a proper username and password. From the user’s point of view, most of this dialogue is hidden. Following that first failed request, the browser prompts the user (in a dialog box) for a username and password, and then re-submits the request, this time with the authentication information attached. Assuming the username/password combo is on the list of allowed users, the Web server then sends the page requested. The Web browser will likewise continue to send that username/password with all subsequent requests.

Look at the following code:



 Authorization Failed
 
 

Authorization Failed

Without a valid username and password, access to this page cannot be granted. Please click 'reload' and enter a username and password when prompted.

"; if (!isset($_SERVER['PHP_AUTH_USER']) || $_SERVER['PHP_AUTH_USER']!==$site_user || $_SERVER['PHP_AUTH_PW']!==$site_pass) { header("WWW-Authenticate: Basic realm=\"Protected Page: Enter your username and password for access.\""); header("HTTP/1.0 401 Unauthorized"); exit($failure_msg); } ?>

For each page, you want to authenticate user, each page must have the above code. You can save this code to a script (for example auth.php) and include auth.php to any page, hence save yourself from rewriting the code for each page.