So there are times when you want to write a PHP script accesibile only to you, or a select few. The answer to your needs is using a password. There is more than one way to password-protect a script, but we're going to talk about the most efficient one: HTTP Authorization, as implemented in PHP. HTTP Authorization has been available for some time now, and is usually achieved by using ".htpasswd" files, along with accompanying ".htpasswd". But since PHP arrived, HTTP password protection became much easier.
The first step in protecting a script with HTTP Auth is to make that script send HTTP Code 401 to users that don't send a username/password pair, which means "You need to send a password to see me". This is easily achieved in PHP via the Header() function.
The code flow on that is, using the $auth variable to describe the authorization state of the current user:

if ( $auth != 1 ) {        //if the user isn't authenticated

    header( "WWW-Authenticate: Basic realm="Authorization Required!"" ); //this

 makes the browser generate a login box
    header( "HTTP/1.0 401 Unauthorized" ); //this tells the browser that further 

viewing is not permitted
    echo 'Authorization Required!'; //and this gets echoed if the user doesn't enter 

the correct username/password pair
    exit; //this makes the script exit, and the user session ends. No script for you!
}

So, if no password is entered, a user gets booted. But if a password is entered, how do we check it? Well, PHP has two built-in variables especially for this method. They are $PHP_AUTH_USER and $PHP_AUTH_PW. These contain the username, and respectively the password, that the web user has entered. These should be compared with a stored value, and if the username/password combination is correct, the HTTP 401 Code will not be repeated and the script will be executed.
The code on that looks like this:

$auth = 0; // Assume user is not authenticated
if (($PHP_AUTH_USER == "foo" ) && ($PHP_AUTH_PW == "bar" )) $auth = 1; //If 

all is well, consider the user authenticated

So that means that if the user has entered the correct username/password pair, the $auth variable will be set to "1", hence the authorization header will not be sent, and the script won't exit().
Of course comparing the $PHP_AUTH_* variables to another string can be a lot more creative than that. For example, you could use a MySQL database table to store username/password combinations, and then check the pair sent by the user to one of these. This way you can also get user-sensitive material on your website. Read phpFreak's "MySQL with PHP" categoryof tutorials for more info on using PHP to access MySQL databases.
Finally, here's the final code that should be added to your script to make it HTTP Authorization dependant. Remember! You have to add this at the beginning of your script, before anything is actually sent to the user's browser, since Header()s aren't headers if they don't come first.

Credit: www.phpfreaks.com

---