This is called Basic Auth. See this example from the documentation:
<?php if (!isset($_SERVER['PHP_AUTH_USER'])) { header('WWW-Authenticate: Basic realm="My Realm"'); header('HTTP/1.0 401 Unauthorized'); echo 'Text to send if user hits Cancel button'; exit; } else { echo "<p>Hello {$_SERVER['PHP_AUTH_USER']}.</p>"; echo "<p>You entered {$_SERVER['PHP_AUTH_PW']} as your password.</p>"; } ?>
http://php.net/manual/en/features.http-auth.php
Essentially, you are sending the correct headers with a status code of 401 Unauthorized. the browser sees this along with your WWW-Authenticate header and asks the user for you. Once this is done, you can see the username and password in $_SERVER['PHP_AUTH_USER'] , as well as $_SERVER['PHP_AUTH_PW'] .
You should know that if you use basic auth, the username / password is sent in paid text. You must use https if you want any security. In addition, depending on your application, you will see that there is no way to effectively "log out". Most browsers remember the username / password for the entire session and send it with each subsequent request.
Brad source share