php native web browser LOGIN-http auth ::

http://php.net/manual/en/features.http-auth.php

Example #1 Basic HTTP Authentication example
<?php
if (!isset($SERVER['PHPAUTHUSER'])) {
header('WWW-Authenticate: Basic realm="My Realm"');
header('HTTP/1.0 401 Unauthorized');
echo 'Text to send if user hits Cancel button';
exit;
} else {
echo "<p>Hello {$SERVER['PHPAUTHUSER']}.";
echo "

You entered {$SERVER['PHPAUTH_PW']} as your password.

";
}
?>

TEORI:: -----------------------------------------------------------------------------------------
A Quick Overview of the HTTP Basic Authentication Protocol

So, how does the native login prompt actually work? What makes it appear, and what data does it send from the browser to the server?
The browser makes a request to some URL
The server sends back a response with an HTTP status code of 401 (meaning “Not authorized”), plus a header describing the types of authentication it will accept. For example:
WWW-Authenticate: Basic
This makes the browser display a login prompt, but it doesn’t display any other text that’s in the response. (It only displays that response text if the user clicks “Cancel”.)
When the user enters some credentials, the browser resubmits the same request to the same URL, plus it also adds this extra header:
Authorization: Basic username:password
Note that the username:password bit is actually Base-64 encoded.
The server parses the username and password from the request, and decides whether the credentials are valid or not. If they are valid, it lets the user continue (so it might return a proper HTML response, or it might redirect to somewhere else). If they are invalid, it returns a 401 again (i.e., goes back to step 2).
If the user enters the same incorrect credentials twice in a row, the browser normally won’t bother resubmitting them and will just give up.