User:Sexytyranno/Sandbox
| The instructions provided in this article or section are considered advanced. You are expected to be knowledgeable in the UNIX shell. |
So you want to secure a folder on your website, but want all the passwords to be dynamic from a database? Not a worry at all! In fact, it's actually rather easy! While this guide specifically refers to getting it up and working using PHP, the basic changes to your .htaccess file will work with any CGI binary!
.htaccess Changes
The first thing you'll need to do is to add the following section of code to your .htaccess file.
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
</IfModule>
PHP Code
Here's a brief overview of the PHP code you'll use as an require()able authorization handler.
<?php
//
// http://wiki.dreamhost.com/HTTP_Auth_with_CGI
//
// We'll take the HTTP Authorization information and parse it out.
// The substr(,6) is to take off the prefixing string "Basic "
list($_SERVER['HTTP_AUTH_USER'], $_SERVER['HTTP_AUTH_PW']) = explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
function httpauth_sendRequireAuth() {
header('WWW-Authenticate: Basic realm="My Realm"');
header('HTTP/1.0 401 Unauthorized');
echo 'Text to send if user hits Cancel button';
exit;
}
// Show the log-in dialog
if (!isset($_SERVER['HTTP_AUTH_USER'])) {
httpauth_sendRequireAuth();
}
// So they submitted log-in credentials. This sample will only
// display the auth transmitted
printf('<p>Hello, <b>%s</b>!</p><p>You entered "<b>%s</b>" as your password.</p>',
$_SERVER['HTTP_AUTH_USER'], $_SERVER['HTTP_AUTH_PW']);
?>
