PHP’s HTTP authentication mechanism only works when PHP is running as an Apache module, so this feature does not apply to the CGI version. In the PHP script of the Apache module, you can use the header() function to send "Authentication Required" information to the client browser, causing it to pop up a username/password input window. When the user enters the username and password, the PHP script containing the URL will be called again with the predefined variables PHP_AUTH_USER, PHP_AUTH_PW and AUTH_TYPE. These three variables are set to the username, password and authentication type respectively. Predefined variables are stored in the $_SERVER or $HTTP_SERVER_VARS array. The system only supports "Basic" authentication
$authorized = FALSE;
if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
$authFile = file("./password.txt");foreach ($authFile as $login) {
list($username, $password) = explode(":", $login);
$password = trim($password);
If (($username == $_SERVER['PHP_AUTH_USER']) && ($password == md5($_SERVER['PHP_AUTH_PW']))) {
$authorized = TRUE;
break;
}
}
}// If not authorized, display authentication prompt or 401 error
if (! $authorized) {
header('WWW-Authenticate: Basic Realm="Secret Stash"');
header('HTTP/1.0 401 Unauthorized');
print('You must provide the proper credentials!');
exit;
}?>