Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
PHP basic auth example
<?php
function require_auth() {
$AUTH_USER = 'admin';
$AUTH_PASS = 'admin';
header('Cache-Control: no-cache, must-revalidate, max-age=0');
$has_supplied_credentials = !(empty($_SERVER['PHP_AUTH_USER']) && empty($_SERVER['PHP_AUTH_PW']));
$is_not_authenticated = (
!$has_supplied_credentials ||
$_SERVER['PHP_AUTH_USER'] != $AUTH_USER ||
$_SERVER['PHP_AUTH_PW'] != $AUTH_PASS
);
if ($is_not_authenticated) {
header('HTTP/1.1 401 Authorization Required');
header('WWW-Authenticate: Basic realm="Access denied"');
exit;
}
}
@EvilFreelancer

This comment has been minimized.

Copy link

EvilFreelancer commented Sep 8, 2017

Nice solution, thanks!

@rrgarciach

This comment has been minimized.

Copy link

rrgarciach commented Nov 10, 2017

thanks! thumbs up!

@mathritter

This comment has been minimized.

Copy link

mathritter commented Feb 22, 2018

Give this man a cookie! Thumbs up!

@orhanbhr

This comment has been minimized.

Copy link

orhanbhr commented May 24, 2018

Thank you for your code :)

@iranwz

This comment has been minimized.

Copy link

iranwz commented Jun 30, 2018

Thank you <3

@infabo

This comment has been minimized.

Copy link

infabo commented Aug 1, 2018

does not work

@matryoshkababushka

This comment has been minimized.

Copy link

matryoshkababushka commented Aug 9, 2018

Appreciate that, works.

@bazuzu931

This comment has been minimized.

Copy link

bazuzu931 commented Oct 24, 2018

thanks

@namcoder

This comment has been minimized.

Copy link

namcoder commented Jan 11, 2019

awesome

@CriptoCosmo

This comment has been minimized.

Copy link

CriptoCosmo commented Jan 14, 2019

Nice solution 👍

@Kaoschuks

This comment has been minimized.

Copy link

Kaoschuks commented Mar 10, 2019

Beautiful solution.
Can I have digest authentication ???

@Cozy19

This comment has been minimized.

Copy link

Cozy19 commented Apr 26, 2019

Great! Thank you MAN!

@Pax125

This comment has been minimized.

Copy link

Pax125 commented May 10, 2019

Thank you. This is testing if authentication is properly set.
What I need to know is, how to setup $_SERVER['PHP_AUTH_USER']
Do I just, assign it a parameter $_SERVER['PHP_AUTH_USER'] = $enteredvalue; ?

@PandCar

This comment has been minimized.

Copy link

PandCar commented Jun 30, 2019

function require_http_auth()
{
/*
# Если CGI, то в .htaccess
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.)
RewriteRule .
- [e=HTTP_AUTHORIZATION:%1]
*/

header('Cache-Control: no-cache, must-revalidate, max-age=0');

if (! empty($_SERVER['REDIRECT_HTTP_AUTHORIZATION']))
{
	preg_match('/^Basic\s+(.*)$/i', $_SERVER['REDIRECT_HTTP_AUTHORIZATION'], $user_pass);
	
	$str = base64_decode($user_pass[1]);
	
	list( $_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'] ) = explode(':', $str);
}

$has_supplied_credentials = !(empty($_SERVER['PHP_AUTH_USER']) && empty($_SERVER['PHP_AUTH_PW']));

$is_not_authenticated = (
	! $has_supplied_credentials 
	|| $_SERVER['PHP_AUTH_USER'] != AUTH_USER 
	|| $_SERVER['PHP_AUTH_PW']   != AUTH_PASS
);

if ($is_not_authenticated)
{
	header('HTTP/1.1 401 Authorization Required');
	header('WWW-Authenticate: Basic realm="Access denied"');
	exit;
}

}

@rchrd2

This comment has been minimized.

Copy link
Owner Author

rchrd2 commented Jul 1, 2019

@mathritter someone just gave me a cookie!

@sruthibc

This comment has been minimized.

Copy link

sruthibc commented Feb 5, 2020

Awesome. Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.