December 16, 2015 8:59 pm

Using HTTP Basic Auth in PHP the easy way

HTTP Basic Auth can help you authenticate users for certain webpages without having to put too much effort in building registration or login systems. There are cases, when all you need is a simple authentication mechanism and the webpage does not contain the most sensitive types of data and adding extra dependencies or typing code for hours or day is not worth it. Then, HTTP Basic Auth comes to the rescue!

Using HTTP Basic Auth in PHP the easy way

HTTP Basic Auth can be used to request a username and a password from users before showing them the page. There are several ways to do it, you can set your own .htpasswd file and request credentials for folders by adding several lines to the .htaccess file or you can just do it all with PHP and no .htpasswd or .htaccess.

Read, Also: How to create Login and Signup System in PHP

We will start developing a tool that will authenticate your users with HTTP Basic Auth in incremental steps.
In the first snippet, we check if the array key in the $_SERVER superglobal called PHP_AUTH_USER is set. If it is not set, then we know that the user has not been authenticated or has not attempted to authenticate yet.

Therefore, we send the necessary headers that will instruct his browsers to show him a prompt box requesting a username and password. If he has attempted to authenticate, we first check if the username is present in the hardcoded array as a key. If it is present in the array, we check to see if the passwords match and if they do not match we stop further code execution. Otherwise, nothing happens and the page renders (in our case, Hello, Authenticated User. Is shown).

Snippet 1

Next, we edit the case when the user has attempted to authenticate himself by adding the headers in that case as well. This will allow the user to try to authenticate as much times as he like. In the previous case, once he entered incorrect credentials he would have to restart his browser.

Snippet 2

Moving to OOP

Now, let us edit the code above to use OOP and be more useful. We will create a separate namespace and create a class in it called BasicAuth. You can rename it and add more authentication mechanisms to it. We create a private variable called $users which is empty. When the class is initialized, we either set $users to be an array with default usernames and passwords or use the one given by the user. This would allow the user to request different usernames and passwords for every page and time he requests authentication. Finally, we call the authenticate method.

The authenticate method does the things we have seen before but calls another method, setAuthHeaders which would set the necessary headers so we do not have to add them in two different places.

Finally, to use the class and protect your page with arbitrary passwords all you have to do is add a few lines to the top of your existing page:

Browsers requesting credentials for HTTP Basic Auth

HTTP Basic Auth is fast, provides a little bit of extra security and there is no reason why not to use it when the project you are working on is small and you need to prevent it from being public.

Author Ivan Dimov

Ivan is a student of IT, a freelance web designer/developer and a tech writer. He deals with both front-end and back-end stuff. Whenever he is not in front of an Internet-enabled device he is probably reading a book or traveling. You can find more about him at: facebook, twitter

Tutorial Categories:
  • MarioMonaro

    What’s the second parameter (“DRQKQDDD”) for?

    • Ivan Dimov

      It is some kind of a typo. It shouldn’t be there.

    • Ivan Dimov

      It is some kind of a typo. It shouldn’t be there.