When you want to secure some pages in a directory and want to use http authentication. (this popup with username and password), then normally you do the following.

First create a file name for example auth.php with the following code

function validateUser () {

    $user = @addslashes($_SERVER['PHP_AUTH_USER']);
    $password = @addslashes($_SERVER['PHP_AUTH_PW']);

    $sql = "SELECT Count(*) as Number FROM auth_users WHERE username='" . $user . "' AND password='" . $password . "'";
    $query = mysql_query($sql) or die(mysql_error());
    $result = mysql_fetch_array($query);
    $NumberOfUsers = $result['Number'];

    if ($NumberOfUsers != 1) {
        header('WWW-Authenticate: Basic realm="Members Area"');
        header('Status: 401 Unauthorized');
        header('HTTP-Status: 401 Unauthorized');

<title>Access Unauthorized</title>
<h1>Access to the requested page denied</h1>
You have been denied access to this page for entering an
incorrect or non-exist username and password.<br><br>


Tip: When you have PHP with CGI you have to use the following code also before reading server variables

explode(':' , base64_decode(substr($_SERVER['REDIRECT_REMOTE_USER'], 6)));

Then in the pages you want to secure you include the previous page


You also have to create an .htaccess file in the folder your files exist with the following content

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule .* - [E=REMOTE_USER:%{HTTP:Authorization},L]

By admin