Basic HTTP Authentication using PHP
In this post, you will learn basic HTTP authentication using the PHP programming language.
HTTP authentication is a process of protecting web resources by providing a username and password when making a request to a web resource. It uses the standard fields in the HTTP header, so there is no need to store the passwords in external files. The web server is responsible for handling the authentication.
HTTP Authentication Process
PHP provides superglobal variables for HTTP authentication. The $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] contain the username and password provided by the user for authentication. In this, the server responds to the user with an unauthorized 401 response status, and it pop ups a dialog box and asks the user to enter credentials for WWW-Authenticate. The user sends the credentials with an Authenticate header. The server executes this and sends the webpage content to the browser.
Here, we create a PHP function authenticate(), that contains two sets of username and password in a PHP array. This function accepts the entered username and password as parameters of the user and matches them with the credentials stored in an array. If both username and password match with the stored credentials, then returns TRUE, means the user can access the web page content, otherwise it returns FALSE and again asks for credentials.
<?php
function authenticate($user, $pass) {
$users = array('rocky' => '@12etp',
'mufasa' => 'Y1907JL');
if (isset($users[$user]) && ($users[$user] === $pass)) {
return true;
} else {
return false;
}
}
?>
Next, we create a condition that checks whether or not the authentication failed. It sets the HTTP response header to 401 and asks for the credential again.
if (! authenticate($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'])) {
http_response_code(401);
header('WWW-Authenticate: Basic realm="Website"');
echo "Please enter a valid username and password.";
exit;
}
In the above code, the HTTP WWW-Authenticate response header defines the authentication method that should be used to gain access to a resource. Here, it is sent along with a 401 unauthorized response. When the browser sees the 401 header, it again pops up a dialog box for username and password. The 'realm' is a security policy domain defined for a web. It may contain any value to identify a secure area. The value in it will be displayed in the dialog box.
Complete Code: Basic HTTP Authentication using PHP
<?php
function authenticate($user, $pass) {
$users = array('rocky' => '@12etp',
'mufasa' => 'Y1907JL');
if (isset($users[$user]) && ($users[$user] === $pass)) {
return true;
} else {
return false;
}
}
if (! authenticate($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'])) {
http_response_code(401);
header('WWW-Authenticate: Basic realm="Please Login"');
echo "Please enter a valid username and password.";
exit;
}
echo 'Welcome to this website';
?>
So, this is how we can secure our web page using simple, basic HTTP authentication. We can also secure login forms, some important messages and much more using this.
Related Articles
SQL Injection Prevention TechniquesHow to display PDF file in PHP from database
Submit a form data without page refresh using PHP, Ajax and Javascript
PHP Server Side Form Validation
How to add google reCAPTCHA v2 in registration form using PHP
Complete HTML Form Validation in PHP
Simple star rating system using PHP, jQuery and Ajax
jQuery File upload progress bar with file size validation
How to read CSV file in PHP and store in MySQL
Generating word documents with PHP
PHP SplFileObject Examples
How to Upload a File in PHP
Simple PHP email form
Password reset system in PHP
HTTP authentication with PHP
PHP file cache library