This is a library designed to run with Code Igniter that allows the application to protect any folder in the webserver using the htpasswd method of Apache. It can also group the users and create group based permission on the folders. The use is very simple: you need to define an array of the users (and array of groups if you need that), tell it where to store the password files and tell which folder to protect. It will do the rest for you. Here goes the function:

     * Protect a given folder with htpasswd protection method
     * @author  Md Emran Hasan <>
     * @param   string  location of the folder to protect
     * @param   string  location of the folder to write the group and password file
     * @param   array   an array with the users info (username and password)
     * @param   array   an array with the groups along with their user list
     * @return  boolean
     * @access  public
    function protect($protectFolder, $passFolder, $userData, $groupData = array())

It is a small part of the large protection library I have been developing for a membership management application called MemberSmart . This application allows someone to protect their PHP and non-PHP based files residing in a server in a number of ways. Among the methods, the htpasswd is the most easy and convenient one. This application will be released soon by the client I am working for.

Download the library with the example from Here is an example controller highlighting the use of the library.


class Protect extends Controller {

    function Protect()
    function index()
        // Load the library
        // Create the user array (this might come from your db)
        $userData = array(
                                    ‘username’ => ‘admin’,
                                    ‘password’ => ‘root’
                                    ‘username’ => ‘test’,
                                    ‘password’ => ‘test123’
                                    ‘username’ => ’emran’,
                                    ‘password’ => ‘hasan’

        // Create the group array (this might also come from your db)
        $groupData = array(
                                    ‘name’ => ‘ADMIN’,
                                    ‘users’ => array(‘admin’, ’emran’)
                                    ‘name’ => ‘QA’,
                                    ‘users’ => array(‘test’)

        // Define the root to the folders

        // Protect them!
        $action = $this->authhtpasswd->protect($rootDir . ‘cs’,
                                         $rootDir . ‘data’,

        // Is there any error? If yes, then show them!
        if (!$action)

Md Emran Hasan
Co-founder & CTO
Right Brain Solution Ltd.

14 thoughts on “ Htpasswd protection library for Code Igniter ”

  1. This example and article is very nice. However i get a problem when i run the code in the line $this->AuthHtpasswd->protect(…..)
    but i check the $this->load->library(‘AuthHtpasswd’);
    is ok . But i do not know why it gets error. However to check your example i try it different way $auth=new AuthHtpasswd();
    and it works. but i know it must be work , in the way done. Can u tell me what type mistake may be i have done to run your script.

  2. Hello Mr. Saidur,

    Thanks for your reply. I’ve just found the problem – while Code Igniter loads any library, it puts the name in small case. So, instead of calling $this->AuthHtpasswd->protect(..), please call $this->authhtpasswd->protect(..).

    I have made change to the code and re-uploaded it.


  3. hi bro,
    nice to see you continuing your blog 🙂

    just a small tip –
    “class Protect extends Controller”
    as i can see your “Protect” class has extended “Controller”

    so you should name like this –
    or “SecureController”
    or “AuthenticateController”

    hope that will be in help.

    best wishes,

  4. Hello Hasan,

    Thanks for your suggestions ! I will keep the @author thing in mind for future use.

    Regarding the controller name, Code Igniter requires writing controller name without the Controller suffix, as this becomes a part of the url:

    Thanks for your comments, its been long you’ve visited my blog 🙂


  5. Hasan,

    Study is almost done…final exams of the last sems remaining and then the internship.

    Company is doing well by the grace of Almighty. We’re working with cool, new stuffs and discovering new things every now & then. And our 2nd recruitment is going on, possibly new team will start from Oct 1.

    Will come to swi next week, will meet then. Take care!

  6. I am creating a subscription site for my client, on successful login authentication user will access the subscribed page. Here the user gets authenticated form /subscribe/login.php and accessing page is in /accessfolder/page.html. Now how to check the user is authenticated (using login.php). dont want to use any auth.php or script. it should be happen using the .htaccess or .htpasswd

  7. @Sanjeev: This library will actually check user authenticity using .htaccess method, so login.php would not be needed.

    After a successful subscription through your registration form OR admin panel, take an array of all the valid users from DB and use the class to create the .htaccess file for the folder.

    Also, when a subscription is over, OR an user is deleted from admin panel, do the same to update the .htacess file.

    Hope this helps.

  8. It looks pretty interesting!!! but i think all the download links are broken…

    Where i can find the zip file?


Comments are closed.