How to use form-based authentication

A login form

login image

A protected page

protected page image

A utility file that forces a valid admin user (util/valid_admin.php)

      <?php
require_once('model/database.php');
require_once('model/admin_db.php');

$email = '';
$password = '';    
if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
    $email = $_SERVER['PHP_AUTH_USER'];
    $password = $_SERVER['PHP_AUTH_PW'];    
}

if (!is_valid_admin_login($email, $password)) {
    header('WWW-Authenticate: Basic realm="Admin"');
    header('HTTP/1.0 401 Unauthorized');
    include('unauthorized.php');
    exit();
}
?>

Code that’s included at the top of the login page

      <?php 
      require_once('util/secure_conn.php'); // require a secure connection
      ?>

Code that’s included at the top of the other protected pages

      <?php 
      require_once('util/secure_conn.php'); // require a secure connection
      require_once('util/valid_admin.php'); // require a valid admin user
      ?>

Description

Back