• Home
  • Get Noticed 2017
  • PHP
  • Quick Tips
  • Contact
  • About me

Bartosz Sosna Blog

Bartosz Sosna Blog

PHP BLOG

How to add basic authentication to slim project
Get Noticed 2017, PHP, Slim3

How to add basic authentication to slim project

How to add basic authentication to slim project

Today I show you how to add basic authentication to slim project. I used it in my Slim project "Image optimizer API".

I wanted use OAuth 2, but I decided that I don’t need it. OAuth 2 is to complicate to my project and basic authentication have exactly that what I need to secure my API.

To implement basic authentication need you a library "PSR-7 Basic Auth Middleware". You can easy install it using composer:

composer require tuupola/slim-basic-auth

I use database to save users access data, so I used PdoAuthenticator in bootstrap.app:

use \Slim\Middleware\HttpBasicAuthentication\PdoAuthenticator;

In this same file I added configuration:

$app->add(new \Slim\Middleware\HttpBasicAuthentication([
    "authenticator" => new PdoAuthenticator([
        "pdo" => $pdo,
        "table" => "users",
        "user" => "name",
        "hash" => "password"
    ]),
    "path" => "/api",
    "realm" => "Protected",
    "secure" => false,
    "error" => function ($request, $response, $arguments) {
        $data = [];
        $data["status"] = "error";
        $data["message"] = $arguments["message"];
        return $response->write(json_encode($data, JSON_UNESCAPED_SLASHES));
    }
]));

As you can see, I use basic authentication in path “/api”. I used “secure => false” to tests on the local server, but on production server, I will use https.

I decelerated $pdo variable in bootstrap/database.php file.

I moved Csrf Middleware from bootstrap/app.php to route.php because now I don’t need it in any sites.

I added in this same file a new path:

$app->post('/api', 'ImageController:compressImage');

At end I add a new Apache rule to public/.htaccess:

RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

From now when user send the request to “/api”, must add username and password to header too.

Share this:

  • Click to share on Twitter (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • Click to share on Google+ (Opens in new window)

Related

Written by Bartosz Sosna in April 29, 2017 / 4501 Views
Tags | get notice 2017, php, slim
AUTHOR
Bartosz Sosna

I'm Web and App developer. I love gadgets and new technologies. I'm also productivity freak.

You Might Also Like

Capistrano

Capistrano – PHP, deploy without stressful

March 16, 2017
Top 5 PhpStorm shortcuts

Top 5 PhpStorm useful shortcuts

April 9, 2017

How to add tasks to capistrano

May 5, 2017

1 Comment

  • azxc September 5, 2019 at 1:04 pm

    Don’t use Basic auth at all, ever. It is insecure.

    Reply
  • Please Post Your Comments & Reviews
    Cancel reply

    Your email address will not be published. Required fields are marked *

    This site uses Akismet to reduce spam. Learn how your comment data is processed.

    Previous Post
    Next Post

    Serach

    Newsletter

    Latest Posts

    • API, Get Noticed 2017, PHP“Image Optimizer API” is ready“Get Notice 2017” contest is over My project “Image Optimizer…May 21, 2017
    • Get Noticed 2017, Quick Tips, zshZ shell (zsh) – better bashWhy zsh is better? I use console from years and…May 18, 2017
    • API, Get Noticed 2017, Quick TipsPostman – powerful tool to work with APIPostman – powerful tool to work with API I’m creating…May 7, 2017
    • Capistrano, Get Noticed 2017, PHP, Quick TipsHow to add tasks to capistranoHow to add tasks to Capistrano I wrote in post…May 5, 2017
    • Get Noticed 2017, MySQL, PHP, Quick TipsPhinx – PHP database migrationWhat is “database migration” I meet migrations first time in…April 30, 2017

    STAY UPDATED

    About Me

    About Me

    Web and App developer.

    I'm Web and App developer. I love gadgets and new technologies. I'm also productivity freak.

    About me (de)

    Latest Posts

    • API, Get Noticed 2017, PHP“Image Optimizer API” is ready“Get Notice 2017” contest is over My project “Image Optimizer…May 21, 2017
    • Get Noticed 2017, Quick Tips, zshZ shell (zsh) – better bashWhy zsh is better? I use console from years and…May 18, 2017
    • API, Get Noticed 2017, Quick TipsPostman – powerful tool to work with APIPostman – powerful tool to work with API I’m creating…May 7, 2017
    • Capistrano, Get Noticed 2017, PHP, Quick TipsHow to add tasks to capistranoHow to add tasks to Capistrano I wrote in post…May 5, 2017
    • Get Noticed 2017, MySQL, PHP, Quick TipsPhinx – PHP database migrationWhat is “database migration” I meet migrations first time in…April 30, 2017
    Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
    To find out more, including how to control cookies, see here: Cookie Policy

    FOLLOW ME ON TWITTER

    • W końcu MacBook Pro bez bezużytczego touch bara? https://t.co/5tweGBUxP28 days ago
    • Ostatnio dodałem wpis o tym jak zintegrować PhpStorm z WSL2 i Docker, a dzisiaj powstał nowy wpis jak taki zestaw z… https://t.co/fcbezzzy5L23 days ago
    Bartosz Sosna Blog

    Copyright © Bartosz Sosna