Htpasswd protection library for Code Igniter

This is a library designed to run with Code Igniter that allows the application to protect any folder in the webserver using the htpasswd method of Apache. It can also group the users and create group based permission on the folders. The use is very simple: you need to define an array of the users (and array of groups if you need that), tell it where to store the password files and tell which folder to protect. It will do the rest for you. Here goes the function:

    /**
     * Protect a given folder with htpasswd protection method
     *
     * @author  Md Emran Hasan <emran@rightbrainsolution.com>
     * @param   string  location of the folder to protect
     * @param   string  location of the folder to write the group and password file
     * @param   array   an array with the users info (username and password)
     * @param   array   an array with the groups along with their user list
     * @return  boolean
     * @access  public
     */
    function protect($protectFolder, $passFolder, $userData, $groupData = array())

It is a small part of the large protection library I have been developing for a membership management application called MemberSmart . This application allows someone to protect their PHP and non-PHP based files residing in a server in a number of ways. Among the methods, the htpasswd is the most easy and convenient one. This application will be released soon by the client I am working for.

Download the library with the example from htpasswd.zip. Here is an example controller highlighting the use of the library.

<?php

class Protect extends Controller {

    function Protect()
    {
        parent::Controller();
    }
    
    function index()
    {
        // Load the library
        $this->load->library(‘AuthHtpasswd’);
        
        // Create the user array (this might come from your db)
        $userData = array(
                            array(
                                    ‘username’ => ‘admin’,
                                    ‘password’ => ‘root’
                                 ),
                            array(
                                    ‘username’ => ‘test’,
                                    ‘password’ => ‘test123’
                                 ),
                            array(
                                    ‘username’ => ’emran’,
                                    ‘password’ => ‘hasan’
                                 )
                         );

        // Create the group array (this might also come from your db)
        $groupData = array(
                            array(
                                    ‘name’ => ‘ADMIN’,
                                    ‘users’ => array(‘admin’, ’emran’)
                                 ),
                            array(
                                    ‘name’ => ‘QA’,
                                    ‘users’ => array(‘test’)
                                 )
                         );

        // Define the root to the folders
        $rootDir = $_SERVER[‘DOCUMENT_ROOT’] . DIRECTORY_SEPARATOR;

        // Protect them!
        $action = $this->authhtpasswd->protect($rootDir . ‘cs’,
                                         $rootDir . ‘data’,
                                         $userData,
                                         $groupData
                                        );

        // Is there any error? If yes, then show them!
        if (!$action)
        {
            $this->authhtpasswd->printErrors();
        }
    }
}
?>

Md Emran Hasan
Co-founder & CTO
Right Brain Solution Ltd.

  • Thats a great article Emran. Keep it up. But can you rename the clas like something

    ServiceAuthentication

    or

    AuthHtpasswd

  • Done. Thanks for the suggestion ๐Ÿ™‚

  • Jahed

    It’s a nice thing I think but I’ve no time to see it.

    Thanks! ๐Ÿ™‚

  • Saidur Rahman

    This example and article is very nice. However i get a problem when i run the code in the line $this->AuthHtpasswd->protect(…..)
    but i check the $this->load->library(‘AuthHtpasswd’);
    is ok . But i do not know why it gets error. However to check your example i try it different way $auth=new AuthHtpasswd();
    and it works. but i know it must be work , in the way done. Can u tell me what type mistake may be i have done to run your script.
    Thanks
    http://saidur.wordpress.com

  • Hello Mr. Saidur,

    Thanks for your reply. I’ve just found the problem – while Code Igniter loads any library, it puts the name in small case. So, instead of calling $this->AuthHtpasswd->protect(..), please call $this->authhtpasswd->protect(..).

    I have made change to the code and re-uploaded it.

    Thanks

  • hi bro,
    nice to see you continuing your blog ๐Ÿ™‚

    just a small tip –
    “class Protect extends Controller”
    as i can see your “Protect” class has extended “Controller”

    so you should name like this –
    “ProtectedController”
    or “SecureController”
    or “AuthenticateController”

    hope that will be in help.

    best wishes,

  • oh by the way,
    you don’t need to put @author tag with every function ๐Ÿ™‚

    instead try once on the top class level.

  • Hello Hasan,

    Thanks for your suggestions ! I will keep the @author thing in mind for future use.

    Regarding the controller name, Code Igniter requires writing controller name without the Controller suffix, as this becomes a part of the url:

    http://www.domain.com/protect/index

    Thanks for your comments, its been long you’ve visited my blog ๐Ÿ™‚

    Cheers!

  • hi emran bhai,
    thank you for mentioning about the Code Ignitor specific convention. i didn’t know that, how is going everything ? how is going study and new company ???

    hope will c you soon.

    best wishes,

  • Hasan,

    Study is almost done…final exams of the last sems remaining and then the internship.

    Company is doing well by the grace of Almighty. We’re working with cool, new stuffs and discovering new things every now & then. And our 2nd recruitment is going on, possibly new team will start from Oct 1.

    Will come to swi next week, will meet then. Take care!

  • Sanjeev

    I am creating a subscription site for my client, on successful login authentication user will access the subscribed page. Here the user gets authenticated form /subscribe/login.php and accessing page is in /accessfolder/page.html. Now how to check the user is authenticated (using login.php). dont want to use any auth.php or script. it should be happen using the .htaccess or .htpasswd

  • @Sanjeev: This library will actually check user authenticity using .htaccess method, so login.php would not be needed.

    After a successful subscription through your registration form OR admin panel, take an array of all the valid users from DB and use the class to create the .htaccess file for the folder.

    Also, when a subscription is over, OR an user is deleted from admin panel, do the same to update the .htacess file.

    Hope this helps.

  • Thank’s This is perfect. I long time search function like this.

    THANK YOU

    Best regards from Poland
    Mark

  • Alex Cable

    It looks pretty interesting!!! but i think all the download links are broken…

    Where i can find the zip file?

    Thanks