directory password protection w/ PHP

Anon

How can I password protect a whole directory with PHP?

I just started playing with PHP and followed a HOWTO on password protecting files with a MYSQL DB, however I can't figure out how to do directories.

Thanks,

Chad

mithril

What OS, server, and PHP installation type (ie. CGI or module/ISAPI) are you working with?

-geoff

Anon

geoff,

linux running apache with PHP4 scripting (version 4.0.6 currently)

I don't know what PHP installation type. I'm hosted by www.phpwebhosting.com.

Thanks,

Chad

mithril

According to Netcraft (www.netscraft.com) the installation is an Apache module. If you had access to httpd.conf you could setup a hybrid authentication between Apache and PHP (much less work)), but as it stands you can still do it. Create to files containing the following code:

auth_header.inc.

<?php

  if(!isset($PHP_AUTH_USER)) {

    header("WWW-Authenticate: Basic realm=\"Your Directory\"");
    header("HTTP/1.0 401 Unauthorized");
    echo "<h1 align=\"center\">The Cancel button won't get you in.  Try again or go away.</h1>\n";
    exit();
    }

  else {

      // set some valid username's and password combinations
    $user = "foo";
    $pass = "bar";

    if (($PHP_AUTH_USER == $user && $PHP_AUTH_PW == $pass)) {

auth_footer.inc

<?php

    }

    else {

      echo "<h1 align=\"center\">The credentials you supplied are bad.  Try again or go away.</h1>\n";
      header("WWW-Authenticate: Basic realm=\"Your directory\"");
      header("HTTP/1.0 401 Unauthorized");
      exit();
    }
  }

Just include auth_header.inc before any whitespace on whatever pages you wish to prtoect. Include auth_footer.inc as the last line of the page. Unfortunately you'll need to do this on every page you wish to protect. You can change the code in auth_header.inc to allow for login authentication's against a MySQL (or other) database if you choose. HTH.

-geoff