Forked from westonruter/test-php-basic-auth.php
Last active
February 1, 2024 21:18
-
-
Save rchrd2/c94eb4701da57ce9a0ad4d2b00794131 to your computer and use it in GitHub Desktop.
PHP basic auth example
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| function require_auth() { | |
| $AUTH_USER = 'admin'; | |
| $AUTH_PASS = 'admin'; | |
| header('Cache-Control: no-cache, must-revalidate, max-age=0'); | |
| $has_supplied_credentials = !(empty($_SERVER['PHP_AUTH_USER']) && empty($_SERVER['PHP_AUTH_PW'])); | |
| $is_not_authenticated = ( | |
| !$has_supplied_credentials || | |
| $_SERVER['PHP_AUTH_USER'] != $AUTH_USER || | |
| $_SERVER['PHP_AUTH_PW'] != $AUTH_PASS | |
| ); | |
| if ($is_not_authenticated) { | |
| header('HTTP/1.1 401 Authorization Required'); | |
| header('WWW-Authenticate: Basic realm="Access denied"'); | |
| exit; | |
| } | |
| } |
Thank you. This is testing if authentication is properly set.
What I need to know is, how to setup $_SERVER['PHP_AUTH_USER']
Do I just, assign it a parameter $_SERVER['PHP_AUTH_USER'] = $enteredvalue; ?
function require_http_auth()
{
/*
# Если CGI, то в .htaccess
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.)
RewriteRule . - [e=HTTP_AUTHORIZATION:%1]
*/
header('Cache-Control: no-cache, must-revalidate, max-age=0');
if (! empty($_SERVER['REDIRECT_HTTP_AUTHORIZATION']))
{
preg_match('/^Basic\s+(.*)$/i', $_SERVER['REDIRECT_HTTP_AUTHORIZATION'], $user_pass);
$str = base64_decode($user_pass[1]);
list( $_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'] ) = explode(':', $str);
}
$has_supplied_credentials = !(empty($_SERVER['PHP_AUTH_USER']) && empty($_SERVER['PHP_AUTH_PW']));
$is_not_authenticated = (
! $has_supplied_credentials
|| $_SERVER['PHP_AUTH_USER'] != AUTH_USER
|| $_SERVER['PHP_AUTH_PW'] != AUTH_PASS
);
if ($is_not_authenticated)
{
header('HTTP/1.1 401 Authorization Required');
header('WWW-Authenticate: Basic realm="Access denied"');
exit;
}
}
@mathritter someone just gave me a cookie!
Awesome. Thanks!
Hi! Is safe for protect a directory or url adding these precautions?
- Are hidden url/folder, don't visible from external
- Connection is HTTPS
I hope there are no errors in my function.
public function require_auth()
{
/*
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.)
RewriteRule . - [e=HTTP_AUTHORIZATION:%1]
*/
$AUTH_USER = 'myUser';
$AUTH_PASS = 'myPass';
header('Cache-Control: no-cache, must-revalidate, max-age=0');
if (! empty($_SERVER['REDIRECT_HTTP_AUTHORIZATION']))
{
preg_match('/^Basic\s+(.*)$/i', $_SERVER['REDIRECT_HTTP_AUTHORIZATION'], $AUTH_PASS);
$str = base64_decode($AUTH_PASS[1]);
list( $_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'] ) = explode(':', $str);
}
$has_supplied_credentials = !(empty($_SERVER['PHP_AUTH_USER']) && empty($_SERVER['PHP_AUTH_PW']));
$is_not_authenticated = (
!$has_supplied_credentials ||
$_SERVER['PHP_AUTH_USER'] != $AUTH_USER || $_SERVER['PHP_AUTH_PW'] != $AUTH_PASS
);
if ($is_not_authenticated) {
header('HTTP/1.1 401 Authorization Required');
header('WWW-Authenticate: Basic realm="Access denied"');
exit;
}
}
Thanks!
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Great! Thank you MAN!