How to use basic authentication

Index	Description
PHP_AUTH_USER	Returns the username from the authentication dialog box or a NULL value if the dialog box hasn’t been displayed.
PHP_AUTH_PW	Returns the password from the authentication dialog box or a NULL value if the dialog box hasn’t been displayed.

      <?php
require_once('model/database.php');
require_once('model/admin_db.php');

$email = '';
$password = '';    
if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
    $email = $_SERVER['PHP_AUTH_USER'];
    $password = $_SERVER['PHP_AUTH_PW'];    
}

if (!is_valid_admin_login($email, $password)) {
    header('WWW-Authenticate: Basic realm="Admin"');
    header('HTTP/1.0 401 Unauthorized');
    include('unauthorized.php');
    exit();
}
?>
      

      <?php 
      require_once('util/secure_conn.php'); // require a secure connection
      require_once('util/valid_admin.php'); // require a valid admin user
      ?>      
      

Description

• The 401 (Unauthorized) response header doesn’t display the requested page and causes most modern browsers to display a dialog box that prompts the user for a username and password.in this figure.
• The WWW-Authenticate header must also be included in a 401 (Unauthorized) response. This header can specify the type of authentication (usually Basic) and a name for the authentication realm.
• The code at the top of all protected pages should force a secure connection. To do that, it can include a secure_conn.php file like the one shown on this page.
• The code at the top of all protected pages should also force a valid admin user. To do that, it can include a valid_admin.php file like the one shown on this page.
• Due to a bug, you can’t use the filter_input() function to access the PHP_AUTH_USER and PHP_AUTH_PW indexes of the $_SERVER array. As a result, you must access them directly.