The method of sending and interpreting is very simple. It is basic ;)
Shipping Code
<?php
ob_start();
$user = 'usuário';
$pass = 'senha';
$ch = curl_init();
curl_setopt( $ch, CURLOPT_URL, 'http://meusite.com.br/arquivo.php' );
curl_setopt( $ch, CURLOPT_HEADER, 0 );
curl_setopt( $ch, CURLOPT_HTTPHEADER, array('Authorization: Basic ' . base64_encode( $user . ':' . $pass ) ) );
curl_exec( $ch );
$resposta = ob_get_contents();
ob_end_clean();
$httpCode = curl_getinfo( $ch, CURLINFO_HTTP_CODE );
curl_close( $ch );
header("Content-Type: text/html; charset=utf8");
echo "$httpCode<br>$resposta";
Archive code .php - Data reception
<?php
$username =
$password =
$mod = NULL;
// Método para mod_php (Apache)
if ( isset( $_SERVER['PHP_AUTH_USER'] ) ):
$username = $_SERVER['PHP_AUTH_USER'];
$password = $_SERVER['PHP_AUTH_PW'];
$mod = 'PHP_AUTH_USER';
// Método para demais servers
elseif ( isset( $_SERVER['HTTP_AUTHORIZATION'] ) ):
if ( preg_match( '/^basic/i', $_SERVER['HTTP_AUTHORIZATION'] ) )
list( $username, $password ) = explode( ':', base64_decode( substr( $_SERVER['HTTP_AUTHORIZATION'], 6 ) ) );
$mod = 'HTTP_AUTHORIZATION';
endif;
// Se a autenticação não foi enviada
if ( is_null( $username ) ):
header('WWW-Authenticate: Basic realm="Sistema de Testes"');
header('HTTP/1.0 401 Unauthorized');
die('Acesso negado.');
// Se houve envio dos dados
else:
header('WWW-Authenticate: Basic realm="Sistema de Testes"');
header('HTTP/1.0 200 OK');
echo "<p>Olá <strong>{$username}</strong>.</p>";
echo "<p>Sua senha é <strong>{$password}</strong>.</p>";
echo "<small>Servidor usando <strong>{$mod}</strong>.</small>";
endif;
Note that on reception, if your server uses mod_php there is no need to decode the data. Apache itself will take care of this by putting user and password in the respective server variables: $ _ SERVER ['PHP_AUTH_USER'] and $ _ SERVER ['PHP_AUTH_PW']
>
For other types of server, there is a need to decode and "break" the sent code.
The above code is not checking or comparing uploaded data. It only checks to see if authentication was sent and shows what data was sent and which method received it.
Of course the ideal is to verify user and password, using the following correct header:
Unauthenticated
header('HTTP/1.0 401 Unauthorized');
Authenticated - GET
header('HTTP/1.0 200 OK');
Authenticated - PUT
header('HTTP/1.0 201 Created');
Authenticated - DELETE
header('HTTP/1.0 204 No Content');
Server Error
header('HTTP/1.0 500 Internal Server Error');
For a complete list, go to: link
A useful tool for testing returns is the link
Always remember that to use commands like header , your code may not have printed anything at all before, since header modifies the generated page header.
I hope I have helped!