HTTP Authentication

Tim · 12-04-2005, 00:50

Have you ever wanted a log in system for your site, to protect your admin cp, or to protect an important file? With php, and a little feature in apache, you can easily do this using "HTTP Authentication." Let's get started by defining the username and password for the page.

PHP Code:

  <?php

$username = "Bob";

$password = "hello2";

Simple, right? There are a few variables that php will set automatically when a user authentication form has been submitted. One of them being $PHP_AUTH_USER -- and the other $PHP_AUTH_PW. With that, let's do this:

PHP Code:

  if (($PHP_AUTH_USER !== $username) || ($PHP_AUTH_PW !== $password))

{

header('WWW-Authenticate: Basic realm="Protected Area"');

header('HTTP/1.0 401 Unauthorized');

die("You do not have access to this file.");

}

?>

With this, if the user is not authenticated, a log-in box is generated, a 401 message sent to the browser, and the text to display if the log in fails a few times (triggered by the browser. You can guess what will happen after the conditional if- if the user is authenticated, you can continue with outputting your file, or executing php.
Here is what the log in box will look like in IE6:

And in FireFox 1.0:

Hopefully, your website is a lot more secure now.

Tim

mck9235 · 12-04-2005, 23:51

Aw, thanks Tim.

I never knew how to make one of those screens before, and how it easy it is to make one.

Excellent!

asgsoft · 12-05-2005, 19:46

tim when i add this to index.php

PHP Code:

  <?php

$username = "admin"; 

$password = "admin";

if (($PHP_AUTH_USER !== $username) || ($PHP_AUTH_PW !== $password)) 

{ 

header('WWW-Authenticate: Basic realm="Protected Area"'); 

header('HTTP/1.0 401 Unauthorized'); 

die("You do not have access to this file."); 

} 

 
?>

it just keeps asking for the password and then says i cannot access the file

**robertall** · 12-05-2005, 20:18

Quote:

Warning: Cannot modify header information - headers already sent by (output started at /home/robert/public_html/teen games/index.php:8) in /home/robert/public_html/teen games/index.php on line 13

Warning: Cannot modify header information - headers already sent by (output started at /home/robert/public_html/teen games/index.php:8) in /home/robert/public_html/teen games/index.php on line 14
You do not have access to this file.

http://www.robertall.com/teen%20games/index.php

Have i done something wrong?

Code:

<html>
<head>
<title></title>
</head>


<body bgcolor="#FFFFFF">
<?php
$username = "admin";
$password = "admin";
if (($PHP_AUTH_USER !== $username) || ($PHP_AUTH_PW !== $password))
{
header('WWW-Authenticate: Basic realm="Protected Area"');
header('HTTP/1.0 401 Unauthorized');
die("You do not have access to this file.");
}

?> 
</body>


</html>

I named it index.php.

It could be that i am doing it incorrectly by the PHP version, do i need 4.x or 5.x?

**monaghan** · 12-05-2005, 23:17

You need to put the php code before any browser output otherwise the header() function will fail as you are seeing. Move the <?php.... ?> above the <html> and it should be fine.

**robertall** · 13-05-2005, 11:13

Ah, ok, thanks for the help, i will try again when i get home

12-04-2005, 00:50	#1 (permalink)
Tim Cool Newbie Join Date: Apr 2005 Posts: 32 iTrader: 0 / 0%	HTTP Authentication Have you ever wanted a log in system for your site, to protect your admin cp, or to protect an important file? With php, and a little feature in apache, you can easily do this using "HTTP Authentication." Let's get started by defining the username and password for the page. PHP Code: `<?php $username = "Bob"; $password = "hello2";` Simple, right? There are a few variables that php will set automatically when a user authentication form has been submitted. One of them being $PHP_AUTH_USER -- and the other $PHP_AUTH_PW. With that, let's do this: PHP Code: `if (($PHP_AUTH_USER !== $username) \|\| ($PHP_AUTH_PW !== $password)) { header('WWW-Authenticate: Basic realm="Protected Area"'); header('HTTP/1.0 401 Unauthorized'); die("You do not have access to this file."); } ?>` With this, if the user is not authenticated, a log-in box is generated, a 401 message sent to the browser, and the text to display if the log in fails a few times (triggered by the browser. You can guess what will happen after the conditional if- if the user is authenticated, you can continue with outputting your file, or executing php. Here is what the log in box will look like in IE6: And in FireFox 1.0: Hopefully, your website is a lot more secure now. Tim

12-05-2005, 19:46	#3 (permalink)
asgsoft WMT Addict Join Date: Apr 2005 Location: Brighton,UK Posts: 162 iTrader: 0 / 0%	tim when i add this to index.php PHP Code: `<?php $username = "admin"; $password = "admin"; if (($PHP_AUTH_USER !== $username) \|\| ($PHP_AUTH_PW !== $password)) { header('WWW-Authenticate: Basic realm="Protected Area"'); header('HTTP/1.0 401 Unauthorized'); die("You do not have access to this file."); } ?>` it just keeps asking for the password and then says i cannot access the file

12-05-2005, 23:17	#5 (permalink)
monaghan Super Moderator Join Date: Mar 2005 Location: Herts, UK Posts: 1,026 iTrader: 1 / 100%	You need to put the php code before any browser output otherwise the header() function will fail as you are seeing. Move the <?php.... ?> above the <html> and it should be fine. __________________ Alex Monaghan - Monaghan Consultants Ltd Web hosting, ADSL, IT & Database consultancy Custom Web hosting on UK or USA servers using Linux (cPanel) or Windows (DotNetPanel) Mobile Phone Ringtones, Logos, Java Games & more

13-05-2005, 11:13	#6 (permalink)
robertall Moderator Join Date: Jan 2005 Location: post is there >> Posts: 1,586 iTrader: 0 / 0%	Ah, ok, thanks for the help, i will try again when i get home __________________ Free .org domain - Click for details! Do not pm asking for things. My inbox is full. Add me to MSN!

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

12-04-2005, 23:51	#2 (permalink)
mck9235 poke poke Join Date: Apr 2005 Posts: 134 iTrader: 0 / 0%	Aw, thanks Tim. I never knew how to make one of those screens before, and how it easy it is to make one. Excellent!

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
http://www.wallpaperseek.com	tulip4heaven	Website Reviews	0	26-12-2005 15:29
http://www.bintangor.com	Bmg	Ads, Offers & Services	7	06-04-2005 04:07
http://www.knot.in	knot	Buy and Sell Ad Space	0	02-04-2005 14:34

HTTP Authentication

HTTP Authentication

Similar Threads