When you want to secure some pages in a directory and want to use http authentication. (this popup with username and password), then normally you do the following.
First create a file name for example auth.php with the following code
<?php function validateUser () { $user = @addslashes($_SERVER['PHP_AUTH_USER']); $password = @addslashes($_SERVER['PHP_AUTH_PW']); $sql = "SELECT Count(*) as Number FROM auth_users WHERE username='" . $user . "' AND password='" . $password . "'"; $query = mysql_query($sql) or die(mysql_error()); $result = mysql_fetch_array($query); $NumberOfUsers = $result['Number']; if ($NumberOfUsers != 1) { header('WWW-Authenticate: Basic realm="Members Area"'); header('Status: 401 Unauthorized'); header('HTTP-Status: 401 Unauthorized'); ?> <html> <head> <title>Access Unauthorized</title> </head> <body> <h1>Access to the requested page denied</h1> You have been denied access to this page for entering an incorrect or non-exist username and password.<br><br> </body> </html> <?php exit; } } ?>
Tip: When you have PHP with CGI you have to use the following code also before reading server variables
list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':' , base64_decode(substr($_SERVER['REDIRECT_REMOTE_USER'], 6)));
Then in the pages you want to secure you include the previous page
<?php require_once('auth.php'); validateUser();
You also have to create an .htaccess file in the folder your files exist with the following content
<IfModule mod_rewrite.c> RewriteEngine on RewriteRule .* - [E=REMOTE_USER:%{HTTP:Authorization},L] </IfModule>