If you are looking for the easiest way to protect your web page with a password using PHP code please find the solution here:
http://websites-development.com/blog/simplest-php-login
If you also need to attach a logout functionality then read below.
How the basic http authentication works:
“The client browser caches the username and password that you supplied, and stores it along with the authentication realm, so that if other resources are requested from the same realm, the same username and password can be returned to authenticate that request without requiring the user to type them in again. This caching is usually just for the current browser session, but some browsers allow you to store them permanently, so that you never have to type in your password again.”
This means you’ll need to close and reopen your browser to force the login popup to appear again. Trying to unset the auth values like this unset($_SERVER['PHP_AUTH_USER']) will have no effect. So, a trick is needed:
++ else{
++ if (isset($_SESSION['logout_flag'])){// logout
/* this flag will be set in the logout page
* or in the same page before the auth verification
* $_SESSION['logout_flag'] = true;
* don't forget to add session start at the beginning of the file;
* for a more secure logout you can use cookies instead as they can be set to last longer;
*/
++ unset($_SESSION['logout_flag']);
++ Header("WWW-Authenticate: Basic realm=\"My Protected Page\"");
++ Header("HTTP/1.0 401 Unauthorized");
++ echo '
++
Rejected!
++ Wrong Username or Password!
++ ';
++ exit;
++ }
++}
