Password protect a page using HTTP Authentication in PHP

Advertisement

Have ever been thorough cpanel ? when you open the link of cpanel, you can see a pop up which ask for entering user name and password for login. Well in my article I’m going to show you how you can build the same kind of page protecting mechanism using http authentication in PHP.

Somebody might say that I can also protect the page by making a login page to access the protected page. Well dude!! you are right, you can do that but the main benefits of this method is “you don’t have to create the login page at all”.

Let’s Start, First of all store the user name and password in the variables

$auth_user=”urusername”;
$auth_pwd=”urpassword”;

For better security, please store these values in database and authenticate from database.
Now let’s create the http authentication function called authenticate() using header() function available in PHP.

function authenticate()
{
header(‘WWW-Authenticate: Basic realm=”Enter Your Login detail to add money”‘);
header(‘HTTP/1.0 401 Unauthorized’);
echo “You must enter a valid login ID and password to access this resource\n”;
exit;
}

The first line of the function tell browser to open the pop up box to enter user name and password the “realm” element contains the string to be displayed in the pop up box.
And the other two lines are called only when user hits the cancel button of the pop up.

Now let’s start the code of authentication.

if ($_SERVER['PHP_AUTH_USER']==$auth_user && $_SERVER['PHP_AUTH_PW']==$auth_pwd && $_SESSION['authorized']==1)
{
echo “Your are logged in”;
}
else
{
$_SESSION['authorized']=1;
authenticate();
}

As you can see in the if statement there are two variables $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'], these are the two values which comes from the user name and password field of pop up and these two are the predefined variables of PHP.

I’ve also used the $_SESSION variable to ensure that the pop up box is displayed at least once in the page since the the else condition is executed first when the page is loaded.

Thats’a all dude, now your page is protected with user name and password but without need to built a login page.
Click here to download the full source code.

Enter your email address and get free tutorials, tips and tricks of PHP, Ajax, JavaScript and CSS directly delivered to you email inbox:

4 Comments on “Password protect a page using HTTP Authentication in PHP”

  • shakeel wrote on 18 February, 2008, 8:11

    I tried to use this script. I read the username and password from database. It worked fine in localhost. After I uploaded it, I was not authenticated inspite of the username and password being the same. I get the right username password when I print. What is the problem……………???

  • Roshan wrote on 18 February, 2008, 10:01

    Well as you can see here in compatibility note
    http://www.php.net/features.http-auth

    I think you are working on the windows sever and windows is case insensitive and your sever might be Linux and is case-sensitive. Please check all the cases letters…hope this helps

  • Ed O. wrote on 22 November, 2008, 23:17

    Hi,

    I have implemented this script on one of the sites I’ve been managing and I’ve learned that this script will not work with Internet Explorer versions. It works fine with Mozilla browsers and the ones that utilize the engine of Mozilla. Any ideas on how to get this to work on IE flavors?

  • Ed O. wrote on 22 November, 2008, 23:20

    Hi,

    I’ve implemented this script to protect a control panel that I’ve written for a few sites. I’ve learned in testing that this script will not work in Internet Explorer 7 and its predecessors. However the Mozilla engine and the browsers that utilize it will respond to this script. Any ideas on how to get this to work with IE?

    Thanks in advance!

Write a Comment

 


Copyright © 2014 Roshan Bhattarai's Blog. All rights reserved.
Powered by WordPress.org, Custom Theme and ComFi.com Calling Card Company.