PHP HTTP Authentication

Occasionally you may wish to make certain pages of your site only viewable to a select few. you can do this by using PHPs built in HTTP Authentication. The code needs to go right at the top of your php page so don’t get ‘Headers Already Sent’ errors. You can see that we’ve specified the username and password in the variables at the top of the script you can change these to reflect your own username and password.

You could easily make this authentication more dynamic by checking a database for the username and password. We can get whatever the user typed into the dropdown box by specifying the following superglobals.

<?php echo $_SERVER['PHP_AUTH_USER'];?>
<?php echo $_SERVER['PHP_AUTH_PW'];?>


$config['admin_username'] = "demo";
$config['admin_password'] = "demo";

if (!($_SERVER['PHP_AUTH_USER'] == $config['admin_username'] && $_SERVER['PHP_AUTH_PW'] == $config['admin_password'])) {
    header("WWW-Authenticate: Basic realm=\" Demo Admin\"");
    header("HTTP/1.0 401 Unauthorized");
	echo 'This is what happens if you press cancel';
// if the username and password match show the rest of the content


Be careful when coding the HTTP header lines. In order to guarantee  maximum compatibility with all browsers, the keyword “Basic” should be  written with an uppercase “B”,
the realm string must be enclosed in  double (not single) quotes, and exactly one space should precede the 401  code in the HTTP/1.0 401 header line.

Bir Cevap Yazın

E-posta hesabınız yayımlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir

Şu HTML etiketlerini ve özelliklerini kullanabilirsiniz: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>