[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


Is $_SERVER['PHP_AUTH_USER'] widely supported by servers and clients?

Posted on 2009-02-23
Medium Priority
Last Modified: 2012-05-06
I would like to use the following code to manage access to a restricted area.

Will it work with all, most or some PHP4/PHP5 installations?  

Will it work with all, most or some browsers?  

if ($_SERVER['PHP_AUTH_USER']=='user' && $_SERVER['PHP_AUTH_PW']=='password'){
    echo '<h1>Hello, '. $_SERVER['PHP_AUTH_USER'] .'. You are now authorized!</h1>';
} else {
    header('WWW-Authenticate: Basic realm="Protected Area"');
    header('HTTP/1.0 401 Unauthorized');
    header('Status: 401 Unauthorized');
    header('HTTP-Status: 401 Unauthorized');	
    echo '<h1>You are not authorized.</h1>';

Open in new window

Question by:hankknight
LVL 111

Expert Comment

by:Ray Paseur
ID: 23711244
Since it is a server-based variable, wouldn't it be mostly important to identify whether it's available on your server?
LVL 111

Expert Comment

by:Ray Paseur
ID: 23711253
Looking at the description here leads me to believe that support may be spotty.  I don't know how many installations use CGI, but some of my clients do.
LVL 111

Accepted Solution

Ray Paseur earned 1520 total points
ID: 23711279
And as I read it more, I see a collection of "notes" that do not inspire much confidence.  To wit:

Instead of simply printing out PHP_AUTH_USER and PHP_AUTH_PW, as done in the above example, you may want to check the username and password for validity. Perhaps by sending a query to a database, or by looking up the user in a dbm file.

Watch out for buggy Internet Explorer browsers out there. They seem very picky about the order of the headers. Sending the WWW-Authenticate header before the HTTP/1.0 401 header seems to do the trick for now.

So I guess the keys are (1) you're using Apache and (2) you control the client's choice of browsers.  Absent that, you might want to use a different form of authentication.

Best regards, ~Ray
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Assisted Solution

agamal earned 80 total points
ID: 23712422
supposedly working for php4 and php5

Assisted Solution

basselkh earned 400 total points
ID: 23713049
even if you use apache some ISPs use (PHPSuExec) like hostgator that means $_SERVER['PHP_AUTH_USER'] will never work,
HTTP authentication work only if PHP  run as a module not CGI,
LVL 16

Author Comment

ID: 23714580
Thanks. To be safe, I will not use it.

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many old projects have bad code, but the budget doesn't exist to rewrite the codebase. You can update this code to be safer by introducing contemporary input validation, sanitation, and safer database queries.
Originally, this post was published on Monitis Blog, you can check it here . In business circles, we sometimes hear that today is the “age of the customer.” And so it is. Thanks to the enormous advances over the past few years in consumer techno…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
Suggested Courses

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question