asked on

$_SERVER[PHP_AUTH_USER] availability

Using php and HTTP authentication.

Am I correct in assuming that the $_SERVER[PHP_AUTH_USER] variable is only available on pages that use HTTP authentication? Only on pages that are requiring auth via httpd.conf <Directory directives, or via php header?

Meaning, if I have the user auth on login.php, but do not require auth on test.php.. Then the $_SERVER[PHP_AUTH_USER] variable would not be available or set on test.php.

Thanks
David

ASKER CERTIFIED SOLUTION

cx323

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

CosminB

Hi

This is from the PHP manual(http://www.php.net/features.http-auth):

"
The HTTP Authentication hooks in PHP are only available when it is running as an Apache module and is hence not available in the CGI version. In an Apache module PHP script, it is possible to use the header() function to send an "Authentication Required" message to the client browser causing it to pop up a Username/Password input window. Once the user has filled in a username and a password, the URL containing the PHP script will be called again with the predefined variables PHP_AUTH_USER, PHP_AUTH_PW, and AUTH_TYPE set to the user name, password and authentication type respectively. These predefined variables are found in the $_SERVER and $HTTP_SERVER_VARS arrays. Both "Basic" and "Digest" (since PHP 5.1.0) authentication methods are supported. See the header() function for more information.
"

If the user is logged with the HTTP authentification method the variables will still be available for the "test.php" script but you can ignore them.