rchrd2/test-php-basic-auth.php

rrgarciach · 2017-11-10T08:10:41Z

thanks! thumbs up!

mathritter · 2018-02-22T18:44:28Z

Give this man a cookie! Thumbs up!

orhanbhr · 2018-05-24T09:35:36Z

Thank you for your code :)

iranwz · 2018-06-30T23:53:02Z

Thank you <3

infabo · 2018-08-01T13:27:27Z

does not work

akasandra · 2018-08-09T01:11:23Z

Appreciate that, works.

bazuzu931 · 2018-10-24T14:12:42Z

thanks

namcoder · 2019-01-11T03:52:36Z

awesome

CriptoCosmo · 2019-01-14T14:48:58Z

Nice solution 👍

Kaoschuks · 2019-03-10T12:17:17Z

Beautiful solution.
Can I have digest authentication ???

Cozy19 · 2019-04-26T11:45:59Z

Great! Thank you MAN!

Pax125 · 2019-05-10T08:19:45Z

Thank you. This is testing if authentication is properly set.
What I need to know is, how to setup $_SERVER['PHP_AUTH_USER']
Do I just, assign it a parameter $_SERVER['PHP_AUTH_USER'] = $enteredvalue; ?

PandCar · 2019-06-30T12:03:00Z

function require_http_auth()
{
/*
# Если CGI, то в .htaccess
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.)
RewriteRule . - [e=HTTP_AUTHORIZATION:%1]
*/

header('Cache-Control: no-cache, must-revalidate, max-age=0');

if (! empty($_SERVER['REDIRECT_HTTP_AUTHORIZATION']))
{
	preg_match('/^Basic\s+(.*)$/i', $_SERVER['REDIRECT_HTTP_AUTHORIZATION'], $user_pass);
	
	$str = base64_decode($user_pass[1]);
	
	list( $_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'] ) = explode(':', $str);
}

$has_supplied_credentials = !(empty($_SERVER['PHP_AUTH_USER']) && empty($_SERVER['PHP_AUTH_PW']));

$is_not_authenticated = (
	! $has_supplied_credentials 
	|| $_SERVER['PHP_AUTH_USER'] != AUTH_USER 
	|| $_SERVER['PHP_AUTH_PW']   != AUTH_PASS
);

if ($is_not_authenticated)
{
	header('HTTP/1.1 401 Authorization Required');
	header('WWW-Authenticate: Basic realm="Access denied"');
	exit;
}

}

rchrd2 · 2019-07-01T18:18:20Z

@mathritter someone just gave me a cookie!

sruthibc · 2020-02-05T05:48:08Z

Awesome. Thanks!

cloudeweb · 2021-02-14T10:56:14Z

Hi! Is safe for protect a directory or url adding these precautions?

Are hidden url/folder, don't visible from external
Connection is HTTPS

I hope there are no errors in my function.

           public function require_auth()
            {
                
                /*
                    RewriteEngine On
                    RewriteCond %{HTTP:Authorization} ^(.)
                    RewriteRule . - [e=HTTP_AUTHORIZATION:%1]
                */

                $AUTH_USER = 'myUser';
                $AUTH_PASS = 'myPass';

                header('Cache-Control: no-cache, must-revalidate, max-age=0');

                if (! empty($_SERVER['REDIRECT_HTTP_AUTHORIZATION']))
                {
                    preg_match('/^Basic\s+(.*)$/i', $_SERVER['REDIRECT_HTTP_AUTHORIZATION'], $AUTH_PASS);
                    
                    $str = base64_decode($AUTH_PASS[1]);
                    
                    list( $_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'] ) = explode(':', $str);
                }
    
                $has_supplied_credentials = !(empty($_SERVER['PHP_AUTH_USER']) && empty($_SERVER['PHP_AUTH_PW']));

                $is_not_authenticated = (
                    !$has_supplied_credentials ||
                    $_SERVER['PHP_AUTH_USER'] != $AUTH_USER || $_SERVER['PHP_AUTH_PW']   != $AUTH_PASS
                );

                if ($is_not_authenticated) {
                    header('HTTP/1.1 401 Authorization Required');
                    header('WWW-Authenticate: Basic realm="Access denied"');
                    exit;
                }

            }

Thanks!

rchrd2/test-php-basic-auth.php

rrgarciach commented Nov 10, 2017

mathritter commented Feb 22, 2018

orhanbhr commented May 24, 2018

iranwz commented Jun 30, 2018

infabo commented Aug 1, 2018

akasandra commented Aug 9, 2018

bazuzu931 commented Oct 24, 2018

namcoder commented Jan 11, 2019

CriptoCosmo commented Jan 14, 2019

Kaoschuks commented Mar 10, 2019

Cozy19 commented Apr 26, 2019

Pax125 commented May 10, 2019 •

edited

Loading

PandCar commented Jun 30, 2019

rchrd2 commented Jul 1, 2019

sruthibc commented Feb 5, 2020

cloudeweb commented Feb 14, 2021 •

edited

Loading

	<?php
	function require_auth() {
	$AUTH_USER = 'admin';
	$AUTH_PASS = 'admin';
	header('Cache-Control: no-cache, must-revalidate, max-age=0');
	$has_supplied_credentials = !(empty($_SERVER['PHP_AUTH_USER']) && empty($_SERVER['PHP_AUTH_PW']));
	$is_not_authenticated = (
	!$has_supplied_credentials \|\|
	$_SERVER['PHP_AUTH_USER'] != $AUTH_USER \|\|
	$_SERVER['PHP_AUTH_PW'] != $AUTH_PASS
	);
	if ($is_not_authenticated) {
	header('HTTP/1.1 401 Authorization Required');
	header('WWW-Authenticate: Basic realm="Access denied"');
	exit;
	}
	}

rchrd2/test-php-basic-auth.php

rrgarciach commented Nov 10, 2017

mathritter commented Feb 22, 2018

orhanbhr commented May 24, 2018

iranwz commented Jun 30, 2018

infabo commented Aug 1, 2018

akasandra commented Aug 9, 2018

bazuzu931 commented Oct 24, 2018

namcoder commented Jan 11, 2019

CriptoCosmo commented Jan 14, 2019

Kaoschuks commented Mar 10, 2019

Cozy19 commented Apr 26, 2019

Pax125 commented May 10, 2019 • edited Loading

PandCar commented Jun 30, 2019

rchrd2 commented Jul 1, 2019

sruthibc commented Feb 5, 2020

cloudeweb commented Feb 14, 2021 • edited Loading

Pax125 commented May 10, 2019 •

edited

Loading

cloudeweb commented Feb 14, 2021 •

edited

Loading