$_SERVER[PHP_AUTH_USER] availability

Posted on 2007-07-25
Last Modified: 2013-12-12
Using php and HTTP authentication.

Am I correct in assuming that the $_SERVER[PHP_AUTH_USER] variable is only available on pages that use HTTP authentication? Only on pages that are requiring auth via httpd.conf <Directory directives, or via php header?

Meaning, if I have the user auth on login.php, but do not require auth on test.php.. Then the $_SERVER[PHP_AUTH_USER] variable would not be available or set on test.php.

Question by:dwessell
    LVL 4

    Accepted Solution

    Yes.  If you want to see if a user is logged in on test.php then after they have been authenticated on login.php you can set a session variable, and then check that variable on test.php.
    LVL 6

    Expert Comment


    This is from the PHP manual(

    The HTTP Authentication hooks in PHP are only available when it is running as an Apache module and is hence not available in the CGI version. In an Apache module PHP script, it is possible to use the header() function to send an "Authentication Required" message to the client browser causing it to pop up a Username/Password input window. Once the user has filled in a username and a password, the URL containing the PHP script will be called again with the predefined variables PHP_AUTH_USER, PHP_AUTH_PW, and AUTH_TYPE set to the user name, password and authentication type respectively. These predefined variables are found in the $_SERVER and $HTTP_SERVER_VARS arrays. Both "Basic" and "Digest" (since PHP 5.1.0) authentication methods are supported. See the header() function for more information.

    If the user is logged with the HTTP authentification method the variables will still be available for the "test.php" script but you can ignore them.


    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    Suggested Solutions

    New Relic: Our company recently started researching several products to figure out what were the best ways for us to increase our web page speed and to quickly identify performance problems that we may be having. One of the products we evaluated wa…
    Thoughout my experience working on eCommerce web applications I have seen applications succumbing to increased user demand and throughput. With increased loads the response times started to spike, which leads to user frustration and lost sales. I ha…
    Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
    The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

    732 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now