No that doesn't work. Have a look here: http://httpd.apache.org/docs/1.3/mod/mod_auth.html
The AuthUserFile directive sets the name of a textual file containing the list of users and passwords for user authentication. File-path is the path to the user file. If it is not absolute (i.e., if it doesn't begin with a slash), it is treated as relative to the ServerRoot.
Each line of the user file contains a username followed by a colon, followed by the crypt() encrypted password. The behavior of multiple occurrences of the same user is undefined.
But you can do authentication with PHP, without .htaccess. It works like this:
// checks if you have entered a username and a password
if (!$_SERVER['PHP_AUTH_USER'] || !$_SERVER['PHP_AUTH_PW'])
// if empty, send header causing dialog box to appear
header('WWW-Authenticate: Basic realm="Admin"');
header('HTTP/1.0 401 Unauthorized');
echo "Authorization Required.";
// check if the username and password are correct
if (($_SERVER['PHP_AUTH_USER'] == "demo") && ($_SERVER['PHP_AUTH_PW'] == "demo"))
// dispay happy message and admin stuff
// display angry message for invalid user
die("Oops! That didn't work...");