There are many ways to make HTTP requests with PHP, such as cURL or fopen(), but the problem is that not everyone has the same server configuration. Some users may not have cURL installed, others may have fopen() or file_get_contents() disabled by their host. How do you find a solution that can accommodate everyone? You could write a set of functions that check to see which HTTP request components are available and then choose one to make the request. Or you could take the easy route and use the handy class built into WordPress.

The WP_Http class is an easy way to avoid the rigamarole and get back to the fun part of programming. It serves as a wrapper to separate the how from the equation, creating an abstract device to handle the requests.

$url = 'http://search.twitter.com/search.json?q=from%3Aredwall_hp&rpp=5';

$request = new WP_Http;
$result = $request->request($url);
$content = array();

if (isset($result->errors)) {
 // display error message of some sort
} else {
 $content = $result['body'];
}

After Ben Gillbanks’ post pointed this class out to me, I did some searching and found Ozh’s more in-depth post, which shows how to send POST requests and HTTP headers.

It’s not the most user-friendly way to authenticate a user, but it has it’s uses. It’s great for APIs and other things where a pretty interface isn’t being delivered, where a more low-level solution is required. It’s also good for restricting access to parts of your server that most people just don’t need to be accessing.

Now how do you do that for yourself? It’s a fairly simple matter with PHP. Basically you send an HTTP/1.0Â 401Â Unauthorized header, and a WWW-Authenticate: Basic realm="Name of Realm". This tells the client that it’s not authorized to view the page, and that it should try to become authorized.

That’s all it takes to have the little box show up and demand a username and password. Now all you have to do is check the submitted username and password against the correct ones. Simply check the $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] global variables.

Here’s an example of a minimal script to request and check a username and password:

<?php

if ( !isset($_SERVER['PHP_AUTH_USER']) ) {
header('WWW-Authenticate: Basic realm="You Shall Not Pass"');
header('HTTP/1.0 401 Unauthorized');
exit;
}
else {
if ( $_SERVER['PHP_AUTH_USER'] == 'me' && $_SERVER['PHP_AUTH_PW'] == 'password' ) {
echo "<p>Welcome, {$_SERVER['PHP_AUTH_USER']}.</p>";
} else {
echo "Wrong password, Balrog!";
}
}

?>

A quick word of caution: Whenever you store passwords, be they in a database, text file or simply hard-coded into the script, you should always encrypt them with a one-way hash. The PHP Security Consortium has an article on how to do this.