PHP Alternative To Apache .Htpasswd
Web developers can perform HTTP authentication using PHP. The web server files can be password protected without using Apache’s .htaccess. PHP’s HTTP authentication requires a minimum of version 5.1.
One PHP file can handle the authentication. The PHP header function is is used to request a username and password.
This tutorial uses PHP and an HTTP Server.
- Tools are required:
- Text editor.
- Folder for web server.
- HTTP Server.
- Browser to view output.
Optional PHP as HTTP Server
In development environmental, PHP can be used as a web server. For more information about PHP Web Server read Ojambo.com PHP Web Development Without Web Server.
Index.php File
<?php
/*
* index.php
*
* Copyright 2013 edward <http://ojambo.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02110-1301, USA.
*
*
*/
// Check Username and password correct or ask for them
if(($_SERVER['PHP_AUTH_USER'] == "myusername") AND
($_SERVER['PHP_AUTH_PW'] == "mypassword"))
{
echo "<html><head><title>Ojambo.com PHP Protected Area</title></head><body><h1>Ojambo.com PHP Protected Area</h1></body></html>";
}
else
{
// Ask for username and password
header("WWW-Authenticate: " ."Basic realm=\"Ojambo.com's Protected Area\"");
header("HTTP/1.0 401 Unauthorized");
// Show failure text after several failed attempts
echo "This area is protected by a valid username and password";
}
?>
A username and password will be requested via the PHP header command. If the authentication fails, then the failure text will display. If authentication is successfully, the protected area message will display.
How to Use:
- Open Browser
- Enter path (might be IP) of web development folder.
- Input username and password.
- Check the output of PHP code.
Demonstration:
Ojambo.com PHP Password Protect Alternative To Apache .Htaccess Tutorial
Conclusion:
PHP can send authentication requests using the header function. Content can be password protected using PHP as a replacement for Apache’s .htaccess. Web developers can use one PHP file for authentication.
- Recommendations:
- Place your PHP code in a specific folder.
- Place sensitive files outside the document root of the server.
- Let PHP provide sensitive content after successful authentication.
Edward is a software engineer, web developer, and author dedicated to helping people achieve their personal and professional goals through actionable advice and real-world tools.