Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


$_SERVER[PHP_AUTH_USER] availability

Posted on 2007-07-25
Medium Priority
Last Modified: 2013-12-12
Using php and HTTP authentication.

Am I correct in assuming that the $_SERVER[PHP_AUTH_USER] variable is only available on pages that use HTTP authentication? Only on pages that are requiring auth via httpd.conf <Directory directives, or via php header?

Meaning, if I have the user auth on login.php, but do not require auth on test.php.. Then the $_SERVER[PHP_AUTH_USER] variable would not be available or set on test.php.

Question by:dwessell

Accepted Solution

cx323 earned 500 total points
ID: 19570380
Yes.  If you want to see if a user is logged in on test.php then after they have been authenticated on login.php you can set a session variable, and then check that variable on test.php.

Expert Comment

ID: 19590964

This is from the PHP manual(http://www.php.net/features.http-auth):

The HTTP Authentication hooks in PHP are only available when it is running as an Apache module and is hence not available in the CGI version. In an Apache module PHP script, it is possible to use the header() function to send an "Authentication Required" message to the client browser causing it to pop up a Username/Password input window. Once the user has filled in a username and a password, the URL containing the PHP script will be called again with the predefined variables PHP_AUTH_USER, PHP_AUTH_PW, and AUTH_TYPE set to the user name, password and authentication type respectively. These predefined variables are found in the $_SERVER and $HTTP_SERVER_VARS arrays. Both "Basic" and "Digest" (since PHP 5.1.0) authentication methods are supported. See the header() function for more information.

If the user is logged with the HTTP authentification method the variables will still be available for the "test.php" script but you can ignore them.


Featured Post

Become an Android App Developer

Ready to kick start your career in 2018? Learn how to build an Android app in January’s Course of the Month and open the door to new opportunities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article discusses how to implement server side field validation and display customized error messages to the client.
It’s a season to be thankful, and we’re thankful for users like you who engage on site, solve technology problems, and network with others in the industry. What tech are we most thankful for? Keep reading.
This video teaches viewers how to create their own website using cPanel and Wordpress. Tutorial walks users through how to set up their own domain name from tools like Domain Registrar, Hosting Account, and Wordpress. More specifically, the order in…
Wufoo.com provides powerful tools for surveying targeted groups, and utilizing data from completed surveys to find trends, discover areas of demand or customer expectation, and make business decisions on products or services.
Suggested Courses

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question