Since I’m not a ninja from this point of view, any better solution is welcome.
You only need to edit your application’s front controller:
if ($_SERVER['PHP_AUTH_USER'] !== 'username' || $_SERVER['PHP_AUTH_PW'] !== 'password')
header('WWW-Authenticate: Basic realm="Site Administration Area"');
header('Status: 401 Unauthorized');
/* Special Header for CGI mode */
header('HTTP-Status: 401 Unauthorized');
$configuration = ProjectConfiguration::getApplicationConfiguration('backend', 'prod', false);
The IF block is not something I’ve done by myself ( although it’s really easy ), I’ve taken it from an article on PHPnerds: since the code in the article has a huge flaw don’t use it.
The problem lies in the IF conditions:
$_SERVER['PHP_AUTH_USER'] !== 'username' && $_SERVER['PHP_AUTH_PW'] !== 'password'
which are concatenated by an AND and not an OR, leading through a possible unauthorized authentication knowing only the username or the password ( the negative operator ! supports the trick, damn ).
A better solution is to use a more direct approach:
if ($_SERVER['PHP_AUTH_USER'] == 'username' && $_SERVER['PHP_AUTH_PW'] == 'password')