HTTP [basic] Auth via PHP

Hi mnb93,

The HTTP Authentication hooks in PHP are only available when it is running as an Apache module and is hence not available in the CGI version. In an Apache module PHP script, it is possible to use the header() function to send an "Authentication Required" message to the client browser causing it to pop up a Username/Password input window. Once the user has filled in a username and a password, the URL containing the PHP script will be called again with the predefined variables PHP_AUTH_USER, PHP_AUTH_PW, and AUTH_TYPE set to the user name, password and authentication type respectively. These predefined variables are found in the $_SERVER and $HTTP_SERVER_VARS arrays. Both "Basic" and "Digest" (since PHP 5.1.0) authentication methods are supported. See the header() function for more information.



<?php
 if (!isset($_SERVER['PHP_AUTH_USER'])) {
   header('WWW-Authenticate: Basic realm="My Realm"');
   header('HTTP/1.0 401 Unauthorized');
   echo 'Text to send if user hits Cancel button';
   exit;
 } else {
   echo "<p>Hello {$_SERVER['PHP_AUTH_USER']}.</p>";
   echo "<p>You entered {$_SERVER['PHP_AUTH_PW']} as your password.</p>";
 }
?>


Regards,

Richard Quadling.

I would like to use PHP to log into $x...

Are you saying you want to use PHP as a client to a web site which has a basic auth login form?

yes

Never knew that, neat... not very secure, but neat :)

URL auth is visible plain text.
BASIC auth is not a lot better.
NTLM auth is a LOT more secure.

You could cheat as basic auth is ...

http://user:password@www.site.com/page.html

So how do I know if it worked?

Your php script gets a response that is NOT a security error.

How are you making the call?