1. Requirements
2. Usage
3. Resources

This is a filter which allows specific controller actions or controllers as a whole to be protected via HTTP basic auth.

Note: Basic auth features no encryption or obfuscation beyond a base64 transport encoding. Usage of SSL is advised in order to ensure the confidentiality of login credentials.

Requirements ¶

• Yii 1.0 or above

Usage ¶

Copy the HttpAuthFilter.php file to your protected\components folder.

Modify the controller you wish to protect in a way that the filters() method starts of like this:

public function filters()
{
    return array(
        array(
            'HttpAuthFilter',
        )
        ...
    );
}

Make sure the filter is the first in the list and does not cover actions that should be reachable by unauthenticated users (which were just cruel).

The following properties are available to modify the filter's behaviour:

• realm: Specifies a descriptive text. Defaults to what Yii::app()->name returns. If you modify this, please make sure all characters fit into iso-8859-1.
• authModel: The model to authenticate against. This defaults to LoginModel which is just right for freshly created applications. If you modify this, ensure the auth model features a login() method.
• usernameAttribute: The auth model's attribute carrying the username. This should only worry you if your auth model is very different from the generated one (e.g. the attribute is "user" instead of "username")
• passwordAttribute: The same as usernameAttribute. But for the password, instead.

Resources ¶

• GitHub: yii-httpauth