PHP Security: HTTP Authentication

P

You possible have found a web page that you want to open, sudden peep out a dialog window asking for username and password. common example is early page at cpanel (control panel to manage the web server use web based). It use HTTP Authentication.

In protecting web page with HTTP authentication, you have to deliver two header. header WWW-AUTHENTICATE tell to browser that an username and password needed.

Example, create a file named “protectHTTP.php” within wwwphpsecurity.php. Enter following code:

<?php
  // test for username/password
  if(($_SERVER['PHP_AUTH_USER'] == "mia") AND
    ($_SERVER['PHP_AUTH_PW'] == "secret"))
  {
    echo("successfully!<br>n");
  }
  else
  {
    //Send headers to cause a browser to request
    //username and password from user
    header("WWW-Authenticate: " .
    "Basic realm="PHPEveryDay's Protected Area"");

	header("HTTP/1.0 401 Unauthorized");

    //Show failure text, which browsers usually
    //show only after several failed attempts
    print("This page is protected by HTTP ");
  }
?>

PHP creates the PHP_AUTH_USER and PHP_AUTH_PW  elements of the _SERVER array automatically if the browser passes a  username and password.

About the author

nilesh.borse
By nilesh.borse

Category