PHP_AUTH_USER not set?

Question

For some reason, none of the code within

if (isset($_SERVER['PHP_AUTH_USER']) &&
    isset($_SERVER['PHP_AUTH_PW']))
{

// When the above is set, the code that is here will execute of course

}

is being executed for me. When I enter the correct username and password, the prompt box for the authorization again pops up. Wouldn't both fields be 'set' if they are correct and I press enter? But for some reason that is not the case. What can I be doing wrong? Thank you.

Answer 1

There is a 'sensible way' to use HTTP Basic Auth in CGI-mode PHP: in the .htaccess use

RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

and in the PHP use

list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = 
  explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));

Answer 2

try this

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
</IfModule>

on your .htaccess file which you will have to place into the root directory

and then

list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':' , base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));

in the begining of your php scripts

Answer 3

I am using Symfony 2.5.7 running on PHP-PFM + Apache 2.4 on Ubuntu 14.04. I have BASIC_AUTH working, it needs to correctly configure the Apache VirtualHost by adding:

SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

as also mentioned here.

Answer 4

Starting from Apache 2.4.13, you simply need to use CGIPassAuth directive in your .htaccess:

CGIPassAuth On

Answer 5

According to phpinfo(), my server API is CGI/Fast CGI, so I've solved the problem by putting the following in my .htaccess file:

RewriteEngine on
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ app.php [QSA,L]