Basic HTTP Authentication with Apache’s .htaccess file May 25, 2011Posted by Tournas Dimitrios in PHP.
My previous article demonstrated how to implement a basic authentication mechanism on your web-pages with PHP . Authentication can also be achieved on the server deamon level (httpd) with the help of the well known “.htaccess” file . On an hosting environment an developer has no access on the web- server’s central configuration file ( httpd.conf) , so any configurations can be applied by iniset() statements inside the PHP file or with directives inside an .htaccess file .
Each directory that contain a .htaccess file, and all it’s sub-directories , will inherit all the options that are listed inside this file . Most importantly the web-server doesn’t need to be restarted , each time a modification on the .htaccess file needs to be done .
A practical use for our .htaccess files is to allow access to only specific users, or user groups, in other words; password protected folders. a simple authorisation mechanism might look something like this..
AuthUserFile "C:/Program Files/wamp/www/Book/.htpasswd" AuthName "Server" AuthType Basic Require valid-user
The file “.htpasswd” will contain the username/password credentials in the form -> username:pass
You can find loads of online examples of how to setup authorization using .htaccess .
This is the directory structure :