Restrict access

In this section we are going to explain how to restrict access depending on the pages, so that only authorized personnel can access certain parts of our website.

Attention: Restricted access to pages using the global variables $PHP_AUTH_USER, $PHP_AUTH_PW and $PHP_AUTH_TYPE only work if PHP has been installed as an Apache module, if it has been installed as a CGI module the examples in this section will not work.

In order to get validation in the pages, we will use the HTTP protocol validation system, this system is based on the global variables $PHP_AUTH_USER and $PHP_AUTH_PW.

• $PHP_AUTH_USER. Username inserted.
• $PHP_AUTH_PW. Password inserted.

So the browser shows the window to request username and password, it is only necessary to send the following header:

This causes the user name and password window to appear and the data inserted is assigned to the variables $PHP_AUTH_USER and $PHP_AUTH_PW.

Starting here, we will perform the necessary verification to ensure data inserted is correct.

In the following example, we will request authorization and verify whether the username is Joe and the password 123, if so we will have access to the rest of the page.