Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
PHP basic auth example
<?php
function require_auth() {
$AUTH_USER = 'admin';
$AUTH_PASS = 'admin';
header('Cache-Control: no-cache, must-revalidate, max-age=0');
$has_supplied_credentials = !(empty($_SERVER['PHP_AUTH_USER']) && empty($_SERVER['PHP_AUTH_PW']));
$is_not_authenticated = (
!$has_supplied_credentials ||
$_SERVER['PHP_AUTH_USER'] != $AUTH_USER ||
$_SERVER['PHP_AUTH_PW'] != $AUTH_PASS
);
if ($is_not_authenticated) {
header('HTTP/1.1 401 Authorization Required');
header('WWW-Authenticate: Basic realm="Access denied"');
exit;
}
}
@EvilFreelancer

This comment has been minimized.

Copy link

EvilFreelancer commented Sep 8, 2017

Nice solution, thanks!

@rrgarciach

This comment has been minimized.

Copy link

rrgarciach commented Nov 10, 2017

thanks! thumbs up!

@mathritter

This comment has been minimized.

Copy link

mathritter commented Feb 22, 2018

Give this man a cookie! Thumbs up!

@orhanbhr

This comment has been minimized.

Copy link

orhanbhr commented May 24, 2018

Thank you for your code :)

@iranwz

This comment has been minimized.

Copy link

iranwz commented Jun 30, 2018

Thank you <3

@infabo

This comment has been minimized.

Copy link

infabo commented Aug 1, 2018

does not work

@crackhd0

This comment has been minimized.

Copy link

crackhd0 commented Aug 9, 2018

Appreciate that, works.

@bazuzu931

This comment has been minimized.

Copy link

bazuzu931 commented Oct 24, 2018

thanks

@namcoder

This comment has been minimized.

Copy link

namcoder commented Jan 11, 2019

awesome

@CriptoCosmo

This comment has been minimized.

Copy link

CriptoCosmo commented Jan 14, 2019

Nice solution 👍

@Kaoschuks

This comment has been minimized.

Copy link

Kaoschuks commented Mar 10, 2019

Beautiful solution.
Can I have digest authentication ???

@Cozy19

This comment has been minimized.

Copy link

Cozy19 commented Apr 26, 2019

Great! Thank you MAN!

@Pax125

This comment has been minimized.

Copy link

Pax125 commented May 10, 2019

Thank you. This is testing if authentication is properly set.
What I need to know is, how to setup $_SERVER['PHP_AUTH_USER']
Do I just, assign it a parameter $_SERVER['PHP_AUTH_USER'] = $enteredvalue; ?

@PandCar

This comment has been minimized.

Copy link

PandCar commented Jun 30, 2019

function require_http_auth()
{
/*
# Если CGI, то в .htaccess
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.)
RewriteRule .
- [e=HTTP_AUTHORIZATION:%1]
*/

header('Cache-Control: no-cache, must-revalidate, max-age=0');

if (! empty($_SERVER['REDIRECT_HTTP_AUTHORIZATION']))
{
	preg_match('/^Basic\s+(.*)$/i', $_SERVER['REDIRECT_HTTP_AUTHORIZATION'], $user_pass);
	
	$str = base64_decode($user_pass[1]);
	
	list( $_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'] ) = explode(':', $str);
}

$has_supplied_credentials = !(empty($_SERVER['PHP_AUTH_USER']) && empty($_SERVER['PHP_AUTH_PW']));

$is_not_authenticated = (
	! $has_supplied_credentials 
	|| $_SERVER['PHP_AUTH_USER'] != AUTH_USER 
	|| $_SERVER['PHP_AUTH_PW']   != AUTH_PASS
);

if ($is_not_authenticated)
{
	header('HTTP/1.1 401 Authorization Required');
	header('WWW-Authenticate: Basic realm="Access denied"');
	exit;
}

}

@rchrd2

This comment has been minimized.

Copy link
Owner Author

rchrd2 commented Jul 1, 2019

@mathritter someone just gave me a cookie!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.