I tried to implement a small authentication via http and copied this bit of code from the net to check whether this will work properly:
<?php
if(!isset($_SERVER['PHP_AUTH_USER'])) {
header('WWW-Authenticate: Basic realm="My Realm"');
header('HTTP/1.0 401 Unauthorized');
echo 'Text to send if user hits Cancel button';
exit;
} else {
echo "<p>Hello {$_SERVER['PHP_AUTH_USER']}.</p>";
echo "<p>You entered {$_SERVER['PHP_AUTH_PW']} as your password.</p>";
}
?>
However, my browser always ask for a username and password but never outputs anything until i cancel. Therefore i think that $_SERVER['PHP_AUTH_USER'] is never set! What might be the problem? I am running Ubuntu 10.04 LTS Server with Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.7d DAV/2 Server.
Run phpinfo(). if "Server API" is CGI/FCGI, you can pretty much forget it as there is no sensible way to use HTTP auth from PHP.
For PHP-CGI:
in .htaccess add this:
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
</IfModule>
and at the beginning of your script add this:
list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':' , base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
来源:https://stackoverflow.com/questions/7053306/http-auth-via-php-php-auth-user-not-set