PHP CURL With HTTP Basic Authentication – A Simple Example

Welcome to a tutorial on how to do a PHP CURL call with HTTP basic authentication. Need to secure a server-to-server call without all the crazy encryption, verification, and login stuff? HTTP basic authentication is a good option.

To perform a PHP CURL call with HTTP basic authentication, we have to set the user and password in the CURL options.

  • $ch = curl_init();
  • curl_setopt($ch, CURLOPT_URL, "HTTP://SITE.COM");
  • curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
  • curl_setopt($ch, CURLOPT_USERPWD, "USER:PASSWORD");
  • curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  • $result = curl_exec($ch);
  • curl_close($ch);

That should cover the basics, but read on for an actual example.

ⓘ I have included a zip file with all the source code at the start of this tutorial, so you don’t have to copy-paste everything… Or if you just want to dive straight in.

 

 

QUICK SLIDES

 

TABLE OF CONTENTS

Download & Notes CURL With AUTH Useful Bits & Links
The End

 

DOWNLOAD & NOTES

Firstly, here is the download link to the example code as promised.

 

QUICK NOTES

  1. This example is based on a XAMPP server.
  2. Edit protected/.htaccess, change AuthUserFile to your own file path – The default user and password in protected/.htpasswd is USER and PASS.
  3. Edit CURL-auth.php, change $url to your own.
If you spot a bug, feel free to comment below. I try to answer short questions too, but it is one person versus the entire world… If you need answers urgently, please check out my list of websites to get help with programming.

 

EXAMPLE CODE DOWNLOAD

Click here to download all the example source code, I have released it under the MIT license, so feel free to build on top of it or use it in your own project.

 

 

PHP CURL WITH HTTP AUTH

All right, let us now get into the example of CURL with HTTP basic authentication.

 

SERVER A) PHP CURL CALL

CURL-auth.php
<?php
// (A) THE SETTINGS
$url = "http://localhost/protected/secret.php";
$user = "USER";
$password = "PASS";

// (B) CURL INIT
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_USERPWD, "$user:$password");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
// curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);

// (C) CURL RUN
// (C1) GO!
$result = curl_exec($ch);

// (C2) CURL ERROR
if (curl_errno($ch)) {
  echo "CURL ERROR - " . curl_error($ch);
}

// (C3) CURL OK - FETCH RESULT
// NOTE: HTTP RESPONSE CODE 200 = OK
else {
  $info = curl_getinfo($ch);
  if ($info['http_code'] != 200) {
    print_r($info);
  } else {
    echo $result;
  }
}

// (C4) DONE
curl_close($ch);

This should be pretty self-explanatory.

  • As in the introduction, all we need is to set CURL options (CURLOPT_HTTPAUTH and CURLOPT_USERPWD) accordingly.
  • If you are having trouble with SSL (https://), try disabling the peer verification – CURLOPT_SSL_VERIFYPEER.
  • Take note of the “fetch results” part, we can use curl_getinfo() to get more information on the server response. Importantly, check the http_code – A failed authentication will usually return 401 (unauthorized).

 

 

SERVER B) PROTECTED FOLDER

This is a small extra for you guys who are running Apache, and not know how to secure folders with basic HTTP auth.

  1. Apache web servers come with a tool called htpasswd and we can use it to generate a user/password file –  htpasswd -c "PATH/FOLDER/.htpasswd" USER.
  2. Next, create a .htaccess file in the folder that you want to protect.
    • AuthType Basic
    • AuthName "Password Required"
    • AuthUserFile PATH/FOLDER/.htpasswd
    • Require valid-user

That’s all.

 

 

USEFUL BITS & LINKS

That’s all for the main tutorial, and here is a small section on some extras and links that may be useful to you.

 

LINKS & REFERENCES

 

INFOGRAPHIC CHEAT SHEET

PHP CURL With Basic HTTP Auth (click to enlarge)

 

THE END

Thank you for reading, and we have come to the end. I hope that it has helped you to better understand, and if you want to share anything with this guide, please feel free to comment below. Good luck and happy coding!

Leave a Comment

Your email address will not be published. Required fields are marked *