Using HTTP Basic Authentication
Saturday, March 8th, 2008You want to use PHP to protect parts of your web site with passwords. Instead of
storing the passwords in an external file and letting the web server handle the
authentication, you want the password verification logic to be in a PHP program.
Solution
The $_SERVER[’PHP_AUTH_USER’] and $_SERVER[’PHP_AUTH_PW’] global variables contain
the username and password supplied by the user,if any. To deny access to a
page,send a WWW-Authenticate header identifying the authentication realm as part of
a response with status code 401:
header('WWW-Authenticate: Basic realm="My Website"');
header('HTTP/1.0 401 Unauthorized');
echo "You need to enter a valid username and password.";
exit;
