Using Authentication And file_get_contents()

Monday, February 15, 2010 - 23:00

Using file_get_contents() to fetch the contents of a file is quite a common practice. This might be just to get the contents of a text file or to get the ImageCache module in Drupal to pre-cache images. The file_get_contents() function can get a local or remote file and is usually run like this.

$data = file_get_contents($url);

However, when trying to use this function to communicate with an authenticated server you will see the following error appearing.

1
2
Warning: file_get_contents(http://www.example.com/test.php): failed to open stream: HTTP request failed! 
HTTP/1.1 401 Authorization Required in test.php on line 4

To get around this issue you will need to pass a third parameter to the file_get_contents() function that causes the function to use a context. This context will pass an additional Authorization header to the server and is created through a function called stream_context_create(). Here is all the code you need to use file_get_contents() in an authenticated manner.

1
2
3
4
5
6
7
8
9
$username = 'username';
$password = 'password';
 
$context = stream_context_create(array(
    'http' => array(
        'header'  => "Authorization: Basic " . base64_encode("$username:$password")
    )
));
$data = file_get_contents($url, false, $context);

The second parameter is for the addition of a flag and is skipped here by using a null value, but false is also applicable. For more information about what flags are available see the file_get_contents() page on the PHP manual.

Category: 
philipnorton42's picture

Philip Norton

Phil is the founder and administrator of #! code and is an IT professional working in the North West of the UK.
Google+ | Twitter

Comments

Very helpful.....where does $url come in?
philipnorton42's picture
Submitted by philipnorton42 on Tue, 02/16/2010 - 16:51

$url is a variable containing the URL you are trying to get hold of. I suppose for completeness I could have put something like the following. $url = 'http://www.example.com/'
Thanks....I have added a line  echo $data; so that the contents of the file are returned to the screen but, even without that, I am getting: Warning: file_get_contents() expects at most 2 parameters, 3 given in C:\php1.php on line 14 where line 14 is $data = file_get_contents($url, false, $context); Apologies if this is a stupid question.
philipnorton42's picture
Submitted by philipnorton42 on Tue, 02/16/2010 - 17:18

This error suggests that you are using an older version of PHP. I see from the manual page that context support was added in version 5.0 so if you are running anything before that version you might see that error. Try running the following to see you current PHP version. echo phpversion();
Ah... 4.4.1... which, I see is rather old... Time to get it upgraded. Thanks for your help.
What if you are using HTTPS?
Hi there, I used your authentication code to login to the website, but I cant able to login, did i need to mention the method of the form? please help me to solve this issue. thanks in advance. Thanks, Muthuraj S

I have a pretty basic/newbie question. I hope you see this despite this article being 3 years old ;)

I have no trouble getting content from a passworded site, your article works wonderful. HOWEVER, I am having trouble on the opposite end - passwording a page. You see I have a basic .txt file stored on a server and I want to password protect it so that only my file_get_contents() script can access it. How would you recommend password-protecting the txt file? (the page could also be .html or .php I guess it doesn't really matter, it's just basic text content).

Thanks!

I had to allow anonymousAuthentication enabled=true for a /data folder in the applicationHost.config file in order to use PHP's file_get_contents, to stop 401 errors. Example:

1
2
3
4
5
6
7
8
9
10
<location path="mysite.com/data">
        <system.webServer>
            <security>
                <authentication>
                     <anonymousAuthentication enabled="true" />
                    <windowsAuthentication enabled="false" />
                </authentication>
            </security>
        </system.webServer>
    </location>

thanks

Add new comment