Authenticate username and password to individual PHP pages using 401 header

Want to be able to have users authenticate to individual pages, or even have a directory full of pages and only certain pages have authentication? It's as simple as saving the below code into something like "auth.php" and including it into the top of your page you want authenticated protection for.

Just edit the array in the below code with the usernames and passwords for each of your users. Then on the page you want to protect, put this line above any other code.

include('auth.php');

Or whatever filename you chose for the below code.

Please note that this works in PHP 5.0.1 and higher.

Click here to see it in action.

See source code below for username and password.

<?

//An array containing the username and password separated by comma.
//The below shows three user accounts; user1, user2, and anotheruser.
//NOTE: The last element does not have a comma after it.
$authAccounts = array("user1,password1",
                      "user2,password2",
                      "anotheruser,theirPassword");

function authenticate()
{
  header('WWW-Authenticate: Basic realm="Private"');
  header('HTTP/1.0 401 Unauthorized'); 
  echo "Access Denied! You need a valid username and password to access this page.\n";
  exit;
}

//If it's the first page load, then we send them right to the authenticate() function
if ((!isset($_SERVER['PHP_AUTH_USER'])) || (!isset($_SERVER['PHP_AUTH_PW'])))
{
  authenticate();
}

//They've typed in a username and password, let's see how they did
elseif ((isset($_SERVER['PHP_AUTH_USER'])) && (isset($_SERVER['PHP_AUTH_PW'])))
{
  foreach($authAccounts as $account)
  {
    if ($account == $_SERVER['PHP_AUTH_USER'] . "," . $_SERVER['PHP_AUTH_PW'])
    {
      $authenticated = "TRUE";
    }
  }
  if ($authenticated != "TRUE")
    authenticate();
}

?>