Securing PHP Files using HTTP AuthenticationBy Peter McNulty : 15-01-2005
4.33 (72)
Introduction
It is quite common to have the need to password protect a certain file or a set of files, in order to prevent unauthorized access to those files. There are many different alternatives on how to do this including, sessions, cookies, JavaScript and HTTP authentication. The latter of these is what we are going to concentrate on in this article.
Usually this form of authentication is called Apache HTTP Authentication as it is only available for Apache based web server. To be honest, that is a lie as it is also possible with Microsoft's IIS web server, however, is much more difficult to implement and requires many configuration changes in order for it to run successfully. Hence, we will only focus on getting this working under Apache. Apache For those of you who don't know what Apache is, it is a web server. Therefore, it is the 'program' that is running PHP and that accepts incoming requests for web pages and sends out the correct data. As we are focusing on Apache in this article, it is important to know if you are running Apache or not. This is fairly simple to find out, using the phpinfo() function. Simple create a PHP page with the following code: <?php Run this new file and you should get an output which contains a lot of information about your current PHP setup. The most important section is the top section, and should look something like the following: Look at the Server API field and make sure that it says Apache. If it does, then you are running the perfect configuration – Apache with PHP as a module. The field may say CGI, if it does, you will have to scroll down the page, and check if there is an 'Apache' section. If there isn't, it is likely that you aren't running Apache, hence this article probably won't be of much use. If you want, you can always install Apache on your PC by checking out this auto-installer. If you are running Apache and CGI-mode, then there is a slight chance that the code supplied will not work, however, I have modified it so that your chances are quite high. By default though, HTTP Authentication doesn't work in CGI mode, however with a small trick it can be made to work. What is HTTP Authentication? You may not consciously know what HTTP Authentication is; however, it is most likely that you have used it once or twice, if not many of times. It is used commonly as login interfaces to the administration areas of some PHP scripts, as well as some popular websites, such as vBulletin.com. To refresh your memory, here is a small image of the login process: Now that you know what HTTP Authentication is, it's time to find out how to implement it for single and multiple files. Page 1 of 3 >> Build Your Own Database Driven Website Using PHP & MySQL |
Ads
|