PHP Password Protect Alternative To Apache .Htaccess

PHP Alternative To Apache .Htpasswd

Web developers can perform HTTP authentication using PHP. The web server files can be password protected without using Apache’s .htaccess. PHP’s HTTP authentication requires a minimum of version 5.1.

One PHP file can handle the authentication. The PHP header function is is used to request a username and password.

This tutorial uses PHP and an HTTP Server.

    Tools are required:

  • Text editor.
  • Folder for web server.
  • HTTP Server.
  • Browser to view output.

Optional PHP as HTTP Server

In development environmental, PHP can be used as a web server. For more information about PHP Web Server read PHP Web Development Without Web Server.

Index.php File

 * index.php
 * Copyright 2013 edward <>
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * GNU General Public License for more details.
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
 * MA 02110-1301, USA.

// Check Username and password correct or ask for them 
if(($_SERVER['PHP_AUTH_USER'] == "myusername") AND
	($_SERVER['PHP_AUTH_PW'] == "mypassword"))
	echo "<html><head><title> PHP Protected Area</title></head><body><h1> PHP Protected Area</h1></body></html>";
	// Ask for username and password
	header("WWW-Authenticate: " ."Basic realm=\"'s Protected Area\"");
	header("HTTP/1.0 401 Unauthorized");

	// Show failure text after several failed attempts
	echo "This area is protected by a valid username and password";

A username and password will be requested via the PHP header command. If the authentication fails, then the failure text will display. If authentication is successfully, the protected area message will display.

How to Use:

    Open Browser

  • Enter path (might be IP) of web development folder.
  • Input username and password.
  • Check the output of PHP code.

Demonstration: PHP Password Protect Alternative To Apache .Htaccess Tutorial

Image Missing PHP Authentication Failure

Image Missing PHP Authentication Empty Input Form

Image Missing PHP Authentication Filled Input Form

Image Missing PHP Authentication Success


PHP can send authentication requests using the header function. Content can be password protected using PHP as a replacement for Apache’s .htaccess. Web developers can use one PHP file for authentication.


  1. Place your PHP code in a specific folder.
  2. Place sensitive files outside the document root of the server.
  3. Let PHP provide sensitive content after successful authentication.

Tags: , , , ,

This entry was posted on Wednesday, March 13th, 2013 at 12:00 am and is filed under Tips & Tricks. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One response to “PHP Password Protect Alternative To Apache .Htaccess”

  1. […] Video for the PHP Password Protect Alternative To Apache .Htaccess article. Part One of […]

Leave a Reply

Your email address will not be published. Required fields are marked *