diff --git a/README.md b/README.md
index d5a8a72..a5c4481 100644
--- a/README.md
+++ b/README.md
@@ -14,7 +14,21 @@ Then you can symlink it to your public folder or require it from another php fil
Or just copy and paste ```opcache.php``` anywhere in your public folder. You can use something such as:
```wget https://raw.github.com/carlosbuenosvinos/opcache-dashboard/master/opcache.php```
-**Try to keep it safe for non authorized users.**
+Authentication
+==============
+
+It is possible to restrict access to the dashboard using a request token.
+To do so define the `OPCACHE_DASHBOARD_TOKEN` environment variable.
+
+Further requests to the dashboard will require the `token` query parameter value to match the environment variable value.
+
+Apache configuration example :
+
+```
+SetEnv OPCACHE_DASHBOARD_TOKEN my_secret_token
+```
+
+This configuration will restrict dashboard access unless the token parameter is correctly set : `opcache.php?token=my_secret_token`
Screenshots
===========
diff --git a/opcache.php b/opcache.php
index a3109a6..e43bbaf 100644
--- a/opcache.php
+++ b/opcache.php
@@ -1,7 +1,18 @@
If you are in a production environment you should disabled it' : '';
break;
+ case 'dashboard_secure':
+ return $value ? sprintf(
+ ' OPCACHE_DASHBOARD_TOKEN environment variable is not defined : access to OPcache Dashboard at %s%s access is not restricted',
+ $_SERVER['HTTP_HOST'],
+ $_SERVER['PHP_SELF']
+ ) : '';
+ break;
}
return '';
@@ -89,6 +107,16 @@ function getStringFromPropertyAndValue($property, $value)
return $value;
}
+/**
+ * Checks if token authentication is activated.
+ *
+ * @return bool
+ */
+function dashboardIsSecure()
+{
+ return getenv('OPCACHE_DASHBOARD_TOKEN') !== false;
+}
+
?>
@@ -139,6 +167,12 @@ function getStringFromPropertyAndValue($property, $value)