Scroll to top
PHP HTTP Authentication

PHP HTTP Authentication

1 Star2 Stars3 Stars4 Stars5 Stars
Posted on October 10, 2009

Occasionally you may wish to make certain pages of your site only viewable to a select few. you can do this by using PHPs built in HTTP Authentication. The code needs to go right at the top of your php page so don’t get ‘Headers Already Sent’ errors. You can see that we’ve specified the username and password in the variables at the top of the script you can change these to reflect your own username and password.

You could easily make this authentication more dynamic by checking a database for the username and password. We can get whatever the user typed into the dropdown box by specifying the following superglobals.

//Username:
<?php echo $_SERVER['PHP_AUTH_USER'];?>
//Password:
<?php echo $_SERVER['PHP_AUTH_PW'];?>

The Code

<?php 

$config['admin_username'] = "demo";
$config['admin_password'] = "demo";

if (!($_SERVER['PHP_AUTH_USER'] == $config['admin_username'] && $_SERVER['PHP_AUTH_PW'] == $config['admin_password'])) {
    header("WWW-Authenticate: Basic realm=\"Papermashup.com Demo Admin\"");
    header("HTTP/1.0 401 Unauthorized");
	echo 'This is what happens if you press cancel';
	?>
<?php
    exit;
}
// if the username and password match show the rest of the content

?>

Be careful when coding the HTTP header lines. In order to guarantee maximum compatibility with all browsers, the keyword “Basic” should be written with an uppercase “B”, the realm string must be enclosed in double (not single) quotes, and exactly one space should precede the 401 code in the HTTP/1.0 401 header line.

demo

More tutorials from Papermashup
Comments
9 discussions around PHP HTTP Authentication
  1. Ans says:
    August 22, 2011 at 4:13 am

    Yes old article, but YES very helpful :)
    Thanks.

    Reply
  2. Nick Yeoman says:
    August 3, 2011 at 7:01 am

    Great article! I’ll have to research this further.

    Reply
  3. MexiChriS says:
    December 23, 2009 at 2:00 pm

    This is exactly what I’ve been looking for! Was wondering how to go about it, always had an itch for this, like I had to know what was going on ‘behind the scene’ of it all. Thanks for the write up, enjoyed it a lot! :)

    - MexiChriS

    Reply
  4. Thomas Scholz says:
    October 15, 2009 at 9:44 pm

    If you want to work with non ASCII chars (€ä£) in usernames and passwords, you need something better.

    I’ve written a standalone class for basic authentication which does this: http://github.com/toscho/PHP-HTTP-Tools/blob/master/class.HTTP_Auth.php

    Reply
  5. jkochis says:
    October 15, 2009 at 12:16 am

    One thing to note is that this method does not work when running PHP as CGI. This example details a workaround if that is the case for you.

    http://www.sslcatacombnetworking.com/articles/http-authentication-php-cgi.html

    Reply

  6. Pingback: 25 New & Useful PHP Techniques & Tutorials

  7. Phil says:
    October 12, 2009 at 10:23 am

    Nice, how would you use other methods other than “Basic” – eg so that the string is encoded and users reading the script cannot reverse the password?

    Reply
    • Ashley says:
      October 12, 2009 at 2:47 pm

      @Phil you could use and MD5 hash so when the user types in the password you take that variable, convert it into an MD5 hash then compare it to see if it’s valid. instead of that you could connect it upto a database to store your passwords.

  8. Ben says:
    October 11, 2009 at 1:50 am

    Cool! I always wonderd how to do that, just never looked it up. Thanks.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Looking for a registry cleaner to speed up your PC and show a full diagnostics?
Faster surfing with Dish Network High Speed Internet
| About Me | Contact

Never miss an update from Papermashup

Get notified about the latest tutorials and downloads.

Subscribe by Email

Get alerts directly into your inbox after each post and stay updated.
Subscribe
OR

Subscribe by RSS

Add our RSS to your feedreader to get regular updates from us.
Subscribe

Get in contact

Please use the form below to get in touch.

About Me

I'm Ashley Ford, Co-founder and Technical Director at Harkable.com London, UK. Previously I worked at InMobi, Spotify and MySpace. My interests include photography and making short videos I'm also an avid F1 fan. I'm always working on side projects. Here are a few: Easy Poll, We Deliver.



What do you specialise in?

I spend a lot of time coding in PHP and MySQL, as well as front end XHTML and CSS. I also specialise in javascript and the jQuery framework as well as being an avid designer. You can find me on dribbble

Interested in advertising?

If you'd like to advertise on Papermashup.com you can find details here Or use the contact link below for further advertising opportunities.

How do I contact you

You can contact me here. and I'm available for consultation, freelance, programming book reviews.

Get on the mailing list

Join over 3000 people who have subscribed to the Papermashup inbox message, and be the first to find out about tutorial, competitions and giveaways.