-
-
Save rchrd2/c94eb4701da57ce9a0ad4d2b00794131 to your computer and use it in GitHub Desktop.
<?php | |
function require_auth() { | |
$AUTH_USER = 'admin'; | |
$AUTH_PASS = 'admin'; | |
header('Cache-Control: no-cache, must-revalidate, max-age=0'); | |
$has_supplied_credentials = !(empty($_SERVER['PHP_AUTH_USER']) && empty($_SERVER['PHP_AUTH_PW'])); | |
$is_not_authenticated = ( | |
!$has_supplied_credentials || | |
$_SERVER['PHP_AUTH_USER'] != $AUTH_USER || | |
$_SERVER['PHP_AUTH_PW'] != $AUTH_PASS | |
); | |
if ($is_not_authenticated) { | |
header('HTTP/1.1 401 Authorization Required'); | |
header('WWW-Authenticate: Basic realm="Access denied"'); | |
exit; | |
} | |
} |
thanks! thumbs up!
Give this man a cookie! Thumbs up!
Thank you for your code :)
Thank you <3
does not work
Appreciate that, works.
thanks
awesome
Nice solution 👍
Beautiful solution.
Can I have digest authentication ???
Great! Thank you MAN!
Thank you. This is testing if authentication is properly set.
What I need to know is, how to setup $_SERVER['PHP_AUTH_USER']
Do I just, assign it a parameter $_SERVER['PHP_AUTH_USER'] = $enteredvalue; ?
function require_http_auth()
{
/*
# Если CGI, то в .htaccess
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.)
RewriteRule . - [e=HTTP_AUTHORIZATION:%1]
*/
header('Cache-Control: no-cache, must-revalidate, max-age=0');
if (! empty($_SERVER['REDIRECT_HTTP_AUTHORIZATION']))
{
preg_match('/^Basic\s+(.*)$/i', $_SERVER['REDIRECT_HTTP_AUTHORIZATION'], $user_pass);
$str = base64_decode($user_pass[1]);
list( $_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'] ) = explode(':', $str);
}
$has_supplied_credentials = !(empty($_SERVER['PHP_AUTH_USER']) && empty($_SERVER['PHP_AUTH_PW']));
$is_not_authenticated = (
! $has_supplied_credentials
|| $_SERVER['PHP_AUTH_USER'] != AUTH_USER
|| $_SERVER['PHP_AUTH_PW'] != AUTH_PASS
);
if ($is_not_authenticated)
{
header('HTTP/1.1 401 Authorization Required');
header('WWW-Authenticate: Basic realm="Access denied"');
exit;
}
}
@mathritter someone just gave me a cookie!
Awesome. Thanks!
Hi! Is safe for protect a directory or url adding these precautions?
- Are hidden url/folder, don't visible from external
- Connection is HTTPS
I hope there are no errors in my function.
public function require_auth()
{
/*
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.)
RewriteRule . - [e=HTTP_AUTHORIZATION:%1]
*/
$AUTH_USER = 'myUser';
$AUTH_PASS = 'myPass';
header('Cache-Control: no-cache, must-revalidate, max-age=0');
if (! empty($_SERVER['REDIRECT_HTTP_AUTHORIZATION']))
{
preg_match('/^Basic\s+(.*)$/i', $_SERVER['REDIRECT_HTTP_AUTHORIZATION'], $AUTH_PASS);
$str = base64_decode($AUTH_PASS[1]);
list( $_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'] ) = explode(':', $str);
}
$has_supplied_credentials = !(empty($_SERVER['PHP_AUTH_USER']) && empty($_SERVER['PHP_AUTH_PW']));
$is_not_authenticated = (
!$has_supplied_credentials ||
$_SERVER['PHP_AUTH_USER'] != $AUTH_USER || $_SERVER['PHP_AUTH_PW'] != $AUTH_PASS
);
if ($is_not_authenticated) {
header('HTTP/1.1 401 Authorization Required');
header('WWW-Authenticate: Basic realm="Access denied"');
exit;
}
}
Thanks!
Nice solution, thanks!