Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How can I use Basic HTTP Authentication in PHP?

Tags:

authentication

php

server-variables

http-authentication

basic-authentication

I'm trying to use Basic HTTP Authentication and followed the example on the PHP manual page. But it doesn't work for me. The variable $_SERVER['PHP_AUTH_USER'] doesn't seem to be set. When a user try to log in, the user is prompted whith a new login-dialog. The server is running PHP 5.3.3 and I have tried with Google Chrome and Internet Explorer.

Here is the simple example that I used:

<?php
if (!isset($_SERVER['PHP_AUTH_USER'])) {
    header('WWW-Authenticate: Basic realm="Jonas Realm"');
    header('HTTP/1.0 401 Unauthorized');
    echo 'User pressed Cancel';
    exit;
} else {
    echo "<p>Hello {$_SERVER['PHP_AUTH_USER']}.</p>";
    echo "<p>You entered {$_SERVER['PHP_AUTH_PW']} as you password.</p>";
}
?>

What is wrong? How can I use Basic HTTP Authentication in PHP?

like image 816
Jonas Avatar asked Nov 11 '10 00:11

Jonas

2 Answers

Try this::

<?php
    /*
    ** Define a couple of functions for
    ** starting and ending an HTML document
    */
    function startPage()
    {
        print("<html>\n");
        print("<head>\n");
        print("<title>Listing 24-1</title>\n");
        print("</head>\n");
        print("<body>\n");
    }

    function endPage()
    {
        print("</body>\n");
        print("</html>\n");
    }
    /*
    ** test for username/password
    */
    if( ( isset($_SERVER['PHP_AUTH_USER'] ) && ( $_SERVER['PHP_AUTH_USER'] == "leon" ) ) AND
      ( isset($_SERVER['PHP_AUTH_PW'] ) && ( $_SERVER['PHP_AUTH_PW'] == "secret" )) )
    {
        startPage();

        print("You have logged in successfully!<br>\n");

        endPage();
    }
    else
    {
        //Send headers to cause a browser to request
        //username and password from user
        header("WWW-Authenticate: " .
            "Basic realm=\"Leon's Protected Area\"");
        header("HTTP/1.0 401 Unauthorized");

        //Show failure text, which browsers usually
        //show only after several failed attempts
        print("This page is protected by HTTP " .
            "Authentication.<br>\nUse <b>leon</b> " .
            "for the username, and <b>secret</b> " .
            "for the password.<br>\n");
    }
?>
like image 186
Mazhar Ahmed Avatar answered Oct 07 '22 16:10

Mazhar Ahmed

For PHP-CGI:

in .htaccess add this:

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
</IfModule>

and at the beginning of your script add this:

list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':' , base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
like image 32
Teddy Avatar answered Oct 07 '22 17:10

Teddy
Sign in to Comment

Related questions

How to get request content (body) in PHP?
How can I trim just the left and right side of an image using Imagemagick in PHP?
POST arrays not showing unchecked Checkboxes
Regex to only allow alphanumeric, comma, hyphen, underscore and semicolon
Replace special characters before the file is uploaded using PHP
Undefined method on mock object implementing a given interface in PHPUnit?
How to convert string duration to ISO 8601 duration format? (e.g. "30 minutes" to "PT30M")
Can I use dynamic content in a Bootstrap popover?
How can I determine CodeIgniter speed?
How to block uploads of nude images? [closed]
Fatal error: Maximum execution time of 0 seconds exceeded
Is it possible to attack a user password with known salt
Disable HTML stack traces by Xdebug
PHP/Apache/AJAX - POST limit?
Combining Angularjs and CodeIgniter
Why BroadCastEvent are queued in Laravel? How to stop that?
Can you store a PHP Array in Memcache?
Extending PHP static classes
How to execute a large PHP Script?
PHP script: malicious JavaScript code at the end

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!