Publishing System Settings Logout Login Register
Using PHP for HTTP Authentication Single User
TutorialCommentsThe AuthorReport Tutorial
Tutorial Avatar
Rating
Add to Favorites
Posted on May 8th, 2008
5661 views
PHP Coding
PHP Coding
Security
Ok, in this tutorial, I will show you how to create a very basic script to add to the top of any page you want to restrict access to. This is my first tutorial too, so please C&C.

I will you the code in two sections, then go through and try (as best I can) to explain each part of the code. Ok? here we go:


<?php

$login=xxx;       

// The username you wish to login with.



$pass=xxx;

// The password you wish to use.           

                            

   $host_allow=array("*");

// Set this to "*" to enable connections from any host. 

// If you are operating a home server, set this to 

// "localhost." 

?>







<?php

   $tmp=array();

   foreach ($host_allow as $k=>$v)

      $tmp[]=str_replace("*",".*",preg_quote($v));

   $s="!^(".implode("|",$tmp).")$!i";

   if (!preg_match($s,getenv("REMOTE_ADDR")) && !preg_match($s,gethostbyaddr(getenv("REMOTE_ADDR")))) 

      exit("<a href=YOUR URL>YOUR PAGE TITLE</a>: Access Denied.n");

   if ($login!==false && (!isset($HTTP_SERVER_VARS['PHP_AUTH_USER']) || 

      $HTTP_SERVER_VARS['PHP_AUTH_USER']!=$login || $HTTP_SERVER_VARS['PHP_AUTH_PW']!=$pass)) {

      header("WWW-Authenticate: Basic realm="YOUR TITLE"");

      header("HTTP/1.0 401 Unauthorized");

      exit("<a href=YOUR URL>YOUR PAGE TITLE</a>: Access Denied.n");

   }?>

Now, both of these codes should be together at the top of any page you want to restrict, alternatively, you can put the first part in a seperate file, and put require_once('file name'); at the top of the second part.

I think the first part is fairly self explanatory, so onto the second part of the code.



   $tmp=array();

   foreach ($host_allow as $k=>$v)

      $tmp[]=str_replace("*",".*",preg_quote($v));

   $s="!^(".implode("|",$tmp).")$!i";

This checks to see where the client is connecting from.



if (!preg_match($s,getenv("REMOTE_ADDR")) && !preg_match($s,gethostbyaddr(getenv("REMOTE_ADDR")))) 

exit("<a href=YOUR URL>YOUR PAGE TITLE</a>: Access Denied.n");

Tells the server that if someone connects from an unspecified host, to give the error message "YOUR PAGE TITLE: Access Denies" (with a link to your site).



  if ($login!==false && (!isset($HTTP_SERVER_VARS['PHP_AUTH_USER']) || 

      $HTTP_SERVER_VARS['PHP_AUTH_USER']!=$login || $HTTP_SERVER_VARS['PHP_AUTH_PW']!=$pass)) {

This says that if the username entered is NOT the same as the one specified OR if the password entered is not the same as the one specified, then to give error message:



      header("WWW-Authenticate: Basic realm="YOUR TITLE"");

      header("HTTP/1.0 401 Unauthorized");

      exit("<a href=YOUR URL>YOUR PAGE TITLE</a>: Access Denied.n");

   }

Same as before, only with a 401 Unauthorised message attached...

Hope you enjoy this tutorial, and I hope it benefits you in some way :D
Dig this tutorial?
Thank the author by sending him a few P2L credits!

Send
CB Productions

This author is too busy writing tutorials instead of writing a personal profile!
View Full Profile Add as Friend Send PM
Pixel2Life Home Advanced Search Search Tutorial Index Publish Tutorials Community Forums Web Hosting P2L On Facebook P2L On Twitter P2L Feeds Tutorial Index Publish Tutorials Community Forums Web Hosting P2L On Facebook P2L On Twitter P2L Feeds Pixel2life Homepage Submit a Tutorial Publish a Tutorial Join our Forums P2L Marketplace Advertise on P2L P2L Website Hosting Help and FAQ Topsites Link Exchange P2L RSS Feeds P2L Sitemap Contact Us Privacy Statement Legal P2L Facebook Fanpage Follow us on Twitter P2L Studios Portal P2L Website Hosting Back to Top