There is a good example at the php.net site.  Go there and do a quick ref on
PHP_AUTH_USER .

What happens is you'll send a header() function asking for authorization
(part of the http 1.1 specification).  The message box that pops up will
give you variables of wht they typed in. From there, you can verify against
a flat file, hard coded values, or a database of names and passwords.