$storage = new KVP(); // instantiate hte digest $auth = new AuthDigest($realm = 'Restricted Area', $domain = '/'); $username = '******'; $password = '******'; $ttl = 0; // store forever. // normally you would pre-load your usernames and passwords into your storage. // using the auth object to hash the password. // hashing the password is as simple as doing: // md5( $username . ':' . $realm . ':' . $password ); // don't need the authdigest object to do it technically. // but it is more convenient. // not super encrypted, but it is a 1 way hash and unlikely that a dictionary attack // will work to be able to reverse a list of passwords from the hashed password. $storage->set($username, $auth->hashPassword($username, $password), $ttl); // can also store username and password in clear text. // only store for 1 hr $storage->set('bazz', 'quux', $ttl = 3600); // if not authenticated, send the usual unauthorized header, along with // a challenge header. if (!($is_authenticated = $auth->authenticate($storage))) { header('HTTP/1.1 401 Unauthorized'); header($auth->challenge()); } if (!$is_authenticated) { ?> <html> <head> <title>401 - Unauthorized</title> </head>