require username and password
Question
Please guide me accordingly if this question is noobish or a kind of duplicate.
I am wondering how to implement this kind of authentication?
I am asking because I'm quite lost and doesn't know which keywords to search for this. On my mind, I am planning to have this whenever a user wants to access my domain (eg. http://mysite.com and http://mysite.com/tools).
La solution
The keywords you are looking for are: htaccess
, htpasswd
, .htaccess
.
(Providing you use apache)
Ultimately you will put a .htaccess
file in the dir you want to protect, and let it check the requirements with your htpasswd
file.
For example: on my server I don't want people seeing my private
directory.
$ sudo htpasswd -c /etc/apache2/.htpasswd benjamin
Note that benjamin
in the command above ^ is the username which we will use to log in.
We'd like the .htpasswd
file outside our webfolder for some security.
Then in my private
dir I'd put a .htaccess
file that contains this:
AuthUserFile /etc/apache2/.htpasswd
AuthGroupFile /dev/null
AuthName Authenticate
AuthType Basic
require user benjamin
Autres conseils
It is called HTTP Authentication
http://en.wikipedia.org/wiki/Basic_access_authentication
http://php.net/manual/en/features.http-auth.php
Send WWW-Authenticate
header to prompt for authentication
<?php header('WWW-Authenticate: Basic realm="My Realm"');?>
The authentication credentials will be available in the following $_SERVER
variables
Username - $_SERVER['PHP_AUTH_USER']
Password - $_SERVER['PHP_AUTH_PW']
Confirm the username and password and if they don't match, send HTTP/1.0 401 Unauthorized
status to fail or send the WWW-Authenticate
header again to prompt again.
As Benjamin mentioned, you could also use auth module
http://httpd.apache.org/docs/2.2/howto/auth.html#gettingitworking