1

I need to set up HTTP authentication. I'm lost, I've researched and found the technique and code to validate $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'], and I think I understand that. However I don't understand how to set PHP_AUTH_USER and PHP_AUTH_PW ? I used print-r on $_SERVER and didn't see either? Do I somehow set these in a file somewhere on the server, or do I set using code?

I'm on a shared server hosted by Webfaction.

I realize this might not be a great question, but if someone would point me in the right direction it would be great..

Improve this question
2
  • I can't understand if you don't know how to set valid user/pass values or how to let user input those values? Commented Mar 29, 2013 at 16:30
  • I don't understand how to set the value... Commented Mar 29, 2013 at 16:47

3 Answers 3

Reset to default
2 
<?php
if (!isset($_SERVER['PHP_AUTH_USER'])) {
    header('WWW-Authenticate: Basic realm="My Realm"');
    header('HTTP/1.0 401 Unauthorized');
    echo 'Text to send if user hits Cancel button';
    exit;
} else {
    echo "<p>Hello {$_SERVER['PHP_AUTH_USER']}.</p>";
    echo "<p>You entered {$_SERVER['PHP_AUTH_PW']} as your password.</p>";
}

When the page is called, $_SERVER['PHP_AUTH_USER'] is not set. So the page return header HTTP/1.0 401 Unauthorized that show the modal on your browser.

And when the browser send se second request with ID and password. It send this request:

Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==

And the super global vars PHP_AUTH_USER and PHP_AUTH_PW are automaticaly setted by PHP.

Sources:

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

Here's all the code you need:

$successful = FALSE;

if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW']))
{
    $username = $_SERVER['PHP_AUTH_USER'];
    $password = $_SERVER['PHP_AUTH_PW'];

    if ($username == '-- username --' && $password == '-- password --')
    {
        $successful = TRUE;
    }
}

if ( ! $successful)
{
    header('WWW-Authenticate: Basic realm="Secret page"');
    header('HTTP/1.0 401 Unauthorized');
}

It would ask for username and password, see if they match and if they don't - ask for them again.

Note that, depending on server configuration, HTTP Basic Authentication may not work.

p.s. You should replace -- username -- and -- password -- with username and password of your own.

Improve this answer

4 Comments

I guess I'm still confused - in your code you set $username to $_SERVER['PHP_AUTH_USER']; which as I understand it is a superglobals so we have a variable set to a superglobals variable then the IF statement tests if the $username is set to a value - but I still don't see where the $_SERVER['PHP_AUTH_PW'] value is set?
I'm not sure I understand your question. Both $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] are global. They contain the username and the password provided by the user who attempts to access the page.
I think I'm starting to get it, will go back and try again. Thanks for your help, I have a fundamental misunderstanding of how it works, and I think I'm slowly getting it..
turns out that this won't work on the server where I have my site hosted (webfaction) they gave me a work around that I'm trying. But I also now understand that the $_SERVER['PHP_AUTH_PW'] is passing back what the user entered into the form - that was the part I was confused on...thanks again.
0

To set an environment variable (aka superglobals), the format is:
$_SERVER['variable'] = value (or variable);

http://php.net/manual/en/language.variables.superglobals.php - good info on PHP superglobal variables.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.