Welcome to a tutorial on how to do a PHP CURL call with HTTP basic authentication. Need to secure a server-to-server call without all the crazy encryption, verification, and login stuff? HTTP basic authentication is a good option.
To perform a PHP CURL call with HTTP basic authentication, we have to set the user and password in the CURL options.
$ch = curl_init();curl_setopt($ch, CURLOPT_URL, "HTTP://SITE.COM");curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);curl_setopt($ch, CURLOPT_USERPWD, "USER:PASSWORD");curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);$result = curl_exec($ch);curl_close($ch);
That should cover the basics, but read on for an actual example.
TLDR – QUICK SLIDES
Fullscreen Mode – Click Here
TABLE OF CONTENTS
PHP CURL WITH HTTP AUTH
All right, let us now get into the example of CURL with HTTP basic authentication.
SERVER A) PHP CURL CALL
<?php
// (A) THE SETTINGS
$url = "http://localhost/protected/2-secret.php";
$user = "USER";
$password = "PASS";
// (B) CURL INIT
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_USERPWD, "$user:$password");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
if (substr($url, 0, 5)=="https") {
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
}
// (C) CURL EXEC
// NOTE: HTTP RESPONSE CODE 200 = OK
$result = curl_exec($ch);
if (curl_errno($ch)) { echo curl_error($ch); }
else {
$info = curl_getinfo($ch);
if ($info["http_code"] != 200) { print_r($info); }
else { echo $result; }
}
curl_close($ch);This should be pretty self-explanatory.
- As in the introduction, all we need is to set CURL options (
CURLOPT_HTTPAUTHandCURLOPT_USERPWD) accordingly. - If you are having trouble with SSL (
https://), try disabling the peer verification –curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false). - Take note of the “fetch results” part, we can use
curl_getinfo()to get more information on the server response. Importantly, check thehttp_code– A failed authentication will usually return 401 (unauthorized).
SERVER B) PROTECTED FOLDER
This is a small extra for you guys who are running Apache, and do not know how to secure folders with basic HTTP auth.
- Apache web servers come with a tool called
htpasswdand we can use it to generate a user/password file –htpasswd -c "PATH/FOLDER/.htpasswd" USER. - Next, create a
.htaccessfile in the folder that you want to protect.AuthType BasicAuthName "Password Required"AuthUserFile PATH/FOLDER/.htpasswdRequire valid-user
That’s all.
DOWNLOAD & NOTES
Here is the download link to the example code, so you don’t have to copy-paste everything.
SUPPORT
600+ free tutorials & projects on Code Boxx and still growing. I insist on not turning Code Boxx into a "paid scripts and courses" business, so every little bit of support helps.
Buy Me A Meal Code Boxx eBooks
EXAMPLE CODE DOWNLOAD
Click here for the source code on GitHub gist, just click on “download zip” or do a git clone. I have released it under the MIT license, so feel free to build on top of it or use it in your own project.
EXTRA BITS & LINKS
That’s all for the main tutorial, and here is a small section on some extras and links that may be useful to you.
LINKS & REFERENCES
- CURL Options – PHP
- Basic Authentication and Authorization – Apache
- htpasswd – Manage user files for basic authentication
- Basic Authentication For IIS – Microsoft
- Basic Authentication For NGINX
INFOGRAPHIC CHEAT SHEET
THE END
Thank you for reading, and we have come to the end. I hope that it has helped you to better understand, and if you want to share anything with this guide, please feel free to comment below. Good luck and happy coding!
