ID #103

Why does PHP HTTP authentication not work?

Applies to: Grid System

Despite the PHP manual that says HTTP Authentication hooks in PHP are unavailable when running the CGI version of PHP, on our system they will work, even when you are running PHP as a cgi.

For example, this code, which sends slightly different http headers than those described in the PHP documentation) works even when PHP is running as a CGI:

if(!isset($_SERVER["PHP_AUTH_USER"]) || $_GET["logout"]) {
  header("WWW-Authenticate: Basic realm=\"My Realm\"");
  header("Status: 401 Unauthorized");
  header("HTTP-Status: 401 Unauthorized");
  if($_GET["logout"]) echo "You have logged out.\n";
  else echo "Text to send if user hits Cancel button\n";
else {
  echo "Hello " . $_SERVER["PHP_AUTH_USER"] . ".
  echo "You entered " . $_SERVER["PHP_AUTH_PW"] . " as your password.
  echo "Click here to logout";

Alternatives to PHP Basic HTTP Authentication include
1) using .htaccess files plus htpasswd as described here,
2) using .htaccess files plus mod_auth_mysql as described here, or
3) using html form based authentication and some type of session which could be coded in PHP, perl, python, etc.

Last update: 2010-09-29 16:52
Author: FAQ Admin
Revision: 1.2

Digg it! Share on Facebook Print this record Send FAQ to a friend Show this as PDF file
Please rate this FAQ:

Average rating: 3 (4 Votes)

completely useless 1 2 3 4 5 most valuable

You can comment this FAQ