Basic Authentication with PHP gives an endless loop

Question

For some reason I can\'t get Basic Authentication to work using PHP on my server. I am using the exact code from the manual page:

Answer 1

This depends on the used PHP interface. The environment variable PHP_AUTH_USER is only used for mod_php and if Apache helped.

If you initialize the authorization from the script, then you have to look for the HTTP_AUTHORIZATION header, and decode and split it up yourself. Look at this comment: http://www.php.net/manual/en/features.http-auth.php#94349

For FastCGI setups or suexec invokations you might not even have that header present in the environment variables. It's filtered out as security precaution. The common workaround is to rewrite the header using a .htaccess rule:

RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

Thus it becomes available with mixed-case as $_SERVER["HTTP_Authorization"].