Welcome to a tutorial on how to do a PHP CURL call with HTTP basic authentication. Need to secure a server-to-server call without all the crazy encryption, verification, and login stuff? HTTP basic authentication is a good option.
To perform a PHP CURL call with HTTP basic authentication, we have to set the user and password in the CURL options.
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "HTTP://SITE.COM");
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_USERPWD, "USER:PASSWORD");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$result = curl_exec($ch);
curl_close($ch);
That should cover the basics, but read on for an actual example.
TABLE OF CONTENTS
DOWNLOAD & NOTES
Here is the download link to the example code, so you don’t have to copy-paste everything.
EXAMPLE CODE DOWNLOAD
Just click on “download zip” or do a git clone. I have released it under the MIT license, so feel free to build on top of it or use it in your own project.
SORRY FOR THE ADS...
But someone has to pay the bills, and sponsors are paying for it. I insist on not turning Code Boxx into a "paid scripts" business, and I don't "block people with Adblock". Every little bit of support helps.
Buy Me A Coffee Code Boxx eBooks
PHP CURL WITH HTTP AUTH
All right, let us now get into the example of CURL with HTTP basic authentication.
SERVER A) PHP CURL CALL
<?php
// (A) THE SETTINGS
$url = "http://localhost/protected/2-secret.php";
$user = "USER";
$password = "PASS";
// (B) CURL INIT
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_USERPWD, "$user:$password");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
if (substr($url, 0, 5)=="https") {
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
}
// (C) CURL EXEC
// NOTE: HTTP RESPONSE CODE 200 = OK
$result = curl_exec($ch);
if (curl_errno($ch)) { echo curl_error($ch); }
else {
$info = curl_getinfo($ch);
if ($info["http_code"] != 200) { print_r($info); }
else { echo $result; }
}
curl_close($ch);
This should be pretty self-explanatory.
- As in the introduction, all we need is to set CURL options (
CURLOPT_HTTPAUTH
andCURLOPT_USERPWD
) accordingly. - If you are having trouble with SSL (
https://
), try disabling the peer verification –curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false)
. - Take note of the “fetch results” part, we can use
curl_getinfo()
to get more information on the server response. Importantly, check thehttp_code
– A failed authentication will usually return 401 (unauthorized).
SERVER B) PROTECTED FOLDER
This is a small extra for you guys who are running Apache, and do not know how to secure folders with basic HTTP auth.
- Apache web servers come with a tool called
htpasswd
and we can use it to generate a user/password file –htpasswd -c "PATH/FOLDER/.htpasswd" USER
. - Next, create a
.htaccess
file in the folder that you want to protect.AuthType Basic
AuthName "Password Required"
AuthUserFile PATH/FOLDER/.htpasswd
Require valid-user
That’s all.
EXTRAS
That’s all for the main tutorial, and here is a small section on some extras and links that may be useful to you.
LINKS & REFERENCES
- CURL Options – PHP
- Basic Authentication and Authorization – Apache
- htpasswd – Manage user files for basic authentication
- Basic Authentication For IIS – Microsoft
- Basic Authentication For NGINX
THE END
Thank you for reading, and we have come to the end. I hope that it has helped you to better understand, and if you want to share anything with this guide, please feel free to comment below. Good luck and happy coding!