Add full PHP password check (without any need from specific webserver configuration). Heavily based on a patch from Mark Bond.

config.php

@@ -9,3 +9,18 @@
     require_once 'config_default.php';
     if (file_exists(dirname(__FILE__). '/config_local.php') && (php_sapi_name() !== 'cli'))
         require_once 'config_local.php';
+
+if(!is_null($config['cops_basic_authentication']) &&
+    is_array($config['cops_basic_authentication']))
+{
+    if (!isset($_SERVER['PHP_AUTH_USER']) ||
+        (isset($_SERVER['PHP_AUTH_USER']) &&
+        ($_SERVER['PHP_AUTH_USER']!=$config['cops_basic_authentication']['username'] ||
+        $_SERVER['PHP_AUTH_PW'] != $config['cops_basic_authentication']['password'])))
+    {
+        header('WWW-Authenticate: Basic realm="COPS Authentication"');
+        header('HTTP/1.0 401 Unauthorized');
+        echo 'Text to send if user hits Cancel button';
+        exit;
+    }
+}

config_default.php

@@ -265,3 +265,11 @@
      * 0 : No
      */
     $config ['cops_normalized_search'] = "0";
+
+    /*
+     * Enable PHP password protection (You can use if htpasswd is not possible for you)
+     * If possible prefer htpasswd !
+     * array( "username" => "xxx", "password" => "secret") : Enable PHP password protection
+     * NULL : Disable PHP password protection (You can still use htpasswd)
+     */
+    $config['cops_basic_authentication'] = NULL;