Skip to content

Student Listing - Adding Basic Authentication

Create the authorizeaccess.php Script

The first thing we need to do is to create the authorizeaccess.php script which will require a user to enter the proper credentials

authorizeaccess.php - Student Listing: Authorization Access Script

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
<?php
    $username = 'student';
    $password = 'student';

    // IF Password OR Username are empty
    //  OR Password  OR Username don't match
    // send HTTP authentication headers
    if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW'])
        || $_SERVER['PHP_AUTH_USER'] !== $username
        || $_SERVER['PHP_AUTH_PW'] !== $password)
    {

        header('HTTP/1.1 401 Unauthorized');
        header('WWW-Authenticate: Basic realm="Student Listing"');
        $invalid_response = "<h2>Students</h2><h4>You must enter a "
                            . "valid username and password to access this page.</h4>";
        exit($invalid_response);
    }

Include the Authorization Access Script for access to the Protected Features

Next, we want to include the authorization access script to protect access to the add, edit, and remove features of the Student Listing application

Include the authorizeaccess.php script with the require_once() call just before the opening <html> element tag

addstudent.php - Add Student: Require Basic Authorization

1
2
3
4
5
6
7
8
<?php
    require_once('authorizeaccess.php');
?>
<!DOCTYPE html>
<html>
  <head>
    <title>Add Student</title>
    ...

editstudent.php - Edit Student: Require Basic Authorization

1
2
3
4
5
6
7
8
<?php
    require_once('authorizeaccess.php');
?>
<!DOCTYPE html>
<html>
  <head>
    <title>Edit Student</title>
    ...

removestudent.php - Remove Student: Require Basic Authorization

1
2
3
4
5
6
7
8
<?php
    require_once('authorizeaccess.php');
?>
<!DOCTYPE html>
<html>
  <head>
    <title>Remove Student</title>
    ...