require username and password

Question

Please guide me accordingly if this question is noobish or a kind of duplicate.

I am wondering how to implement this kind of authentication?

I am asking because I'm quite lost and doesn't know which keywords to search for this. On my mind, I am planning to have this whenever a user wants to access my domain (eg. http://mysite.com and http://mysite.com/tools).

Answer 1

The keywords you are looking for are: htaccess, htpasswd, .htaccess. (Providing you use apache)

Ultimately you will put a .htaccess file in the dir you want to protect, and let it check the requirements with your htpasswdfile.

For example: on my server I don't want people seeing my private directory.

$ sudo htpasswd -c /etc/apache2/.htpasswd benjamin

Note that benjamin in the command above ^ is the username which we will use to log in.

We'd like the .htpasswd file outside our webfolder for some security.

Then in my private dir I'd put a .htaccess file that contains this:

AuthUserFile /etc/apache2/.htpasswd
AuthGroupFile /dev/null
AuthName Authenticate
AuthType Basic
require user benjamin

Answer 2

It is called HTTP Authentication

http://en.wikipedia.org/wiki/Basic_access_authentication

http://php.net/manual/en/features.http-auth.php

Send WWW-Authenticate header to prompt for authentication

<?php header('WWW-Authenticate: Basic realm="My Realm"');?>

The authentication credentials will be available in the following $_SERVER variables

Username - $_SERVER['PHP_AUTH_USER'] Password - $_SERVER['PHP_AUTH_PW']

Confirm the username and password and if they don't match, send HTTP/1.0 401 Unauthorized status to fail or send the WWW-Authenticate header again to prompt again.

As Benjamin mentioned, you could also use auth module

http://httpd.apache.org/docs/2.2/howto/auth.html#gettingitworking