The following is simple password protection scheme.
Create a folder and place the following two files into it, namely "index.php" and "auth.php".
The secret is simply to call the auth.php (require_once) for any document you want to protect in the folder. That way if your script is called, it first loads in the auth.php script and checks the user ID and password. If user ID and password don't match, then the auth script ends prohibiting access to the remaining script. However -- if they do match, then the auth script allows any code thereafter to run. Pretty simple.
So, replace the index.php with whatever you want (keeping the require_once segment) and use the auth.php "as is". Oh, remember to replace the user ID and password to what you want.
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="content-type" content="text/html;charset=ISO-8859-1">
<title>Password by tedd</title>
</head>
<body>
<h1>tedd's password demo</h1>
</body>
</html>
auth.php
<?php
$id = "test"; // user id
$pw = "test"; // password
// Check to see if $PHP_AUTH_USER already contains info
if (!isset($_SERVER['PHP_AUTH_USER']))
{
// If empty, send header causing dialog box to appear
header('WWW-Authenticate: Basic realm="My Private Stuff"');
header('HTTP/1.0 401 Unauthorized');
exit;
}
else if (isset($_SERVER['PHP_AUTH_USER']))
{
if (($_SERVER['PHP_AUTH_USER'] != $id) || ($_SERVER['PHP_AUTH_PW'] != $pw))
{
header('WWW-Authenticate: Basic realm="My Private Stuff"');
header('HTTP/1.0 401 Unauthorized');
exit;
}
else
{
// do nothing, everything is OK -- all programs that call this will pass here
}
}
?>
