PHP_AUTH_USER not set?

php http-authentication
Newbie_25 picture Newbie_25 · Sep 8, 2010 · Viewed 68.8k times · Source

For some reason, none of the code within

if (isset($_SERVER['PHP_AUTH_USER']) &&
    isset($_SERVER['PHP_AUTH_PW']))

{



// When the above is set, the code that is here will execute of course

}

is being executed for me. When I enter the correct username and password, the prompt box for the authorization again pops up. Wouldn't both fields be 'set' if they are correct and I press enter? But for some reason that is not the case. What can I be doing wrong? Thank you.

Answer

ChrisV picture ChrisV · Oct 17, 2011

There is a 'sensible way' to use HTTP Basic Auth in CGI-mode PHP: in the .htaccess use 

RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

and in the PHP use

list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = 
  explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));

Related questions

How can I use Basic HTTP Authentication in PHP?

I'm trying to use Basic HTTP Authentication and followed the example on the PHP manual page. But it doesn't work for me. The variable $_SERVER['PHP_AUTH_USER'] doesn't seem to be set. When a user try to log in, …

Read More
PHP CURL returns nothing

function ParseUrl($URL) { $crl = curl_init(); curl_setopt ($crl, CURLOPT_URL, $URL); curl_setopt ($crl, CURLOPT_PORT, 8086); curl_setopt ($crl, CURLOPT_USERPWD, "admin:pass"); curl_setopt ($crl, CURLOPT_RETURNTRANSFER, 1); curl_setopt ($crl, CURLOPT_CONNECTTIMEOUT, 5); $ret = curl_exec($crl); curl_close($…

Read More
How do I check if a string contains a specific word?

Consider: $a = 'How are you?'; if ($a contains 'are') echo 'true'; Suppose I have the code above, what is the correct way to write the statement if ($a contains 'are')?

Read More