Version: 1

Type: Full Script

Category: HTTP

License: GNU General Public License

Description: This is the basic code that I have used that allows users to authenticate using HTTP, PHP and simple mysql. This allows you to utilize your database without having to hard code your user/pass in the script or use the .htaccess or another flat/text file.

<?
header("Cache-control: private"); 

// turn off any unwanted errors for the users
error_reporting(0);

if (isset($PHP_AUTH_USER) && $PHP_AUTH_USER != ''){

// the database information can inserted into another file and 
// then inserted using the require(); statement
// ex) require("db_info.inc");

	$database="database";
	$username=strtolower($PHP_AUTH_USER);
	$password=strtolower($PHP_AUTH_PW);
	
	if (!mysql_connect(localhost,$username,$password))
		{ 
		  header('WWW-Authenticate: Basic realm="basic"');
		  header('HTTP/1.0 401 Unauthorized');
		  echo "Sorry, but you need to enter your <a href='login.php'>login information</a>.";
		}
	else {
		$redirect_to =  $_SERVER['HTTP_HOST'] . 
		dirname($_SERVER['PHP_SELF']) . "main.php" ;
			if( $_SERVER['SERVER_PORT'] == 43 ) // set to secure port #
				{
				$server = 'https';
				}
			else
				{ 
				$server = 'http';
				}
		print "<meta http-equiv=\"refresh\" content=\"0;URL=$server://$redirect_to\"> ";
		//echo "<P>You're authorized!</p>"; // for testing purposes
		mysql_close();
		}
		
	} //close the if isset
else if (!isset($PHP_AUTH_USER))
	{
   header('WWW-Authenticate: Basic realm="basic"');
   header('HTTP/1.0 401 Unauthorized');
   echo "Please enter your <a href='login.php'>login information</a>";
    exit;
  }
	 

?>