what is wrong if this authentication code doesn't work on a server?

Posted on 2011-05-07
Last Modified: 2012-06-27
I used example #6 of for testing: (right at the start of the page)

and on 1 server it works correct, and on the other server is doesn't.

no matter what i enter, it doesn't get passed the login-window. if i enter a username and pass, it keeps popping-up again, instead of showing what i entered..

help is really appreciated!

if (!isset($_SERVER['PHP_AUTH_USER'])) {
    header('WWW-Authenticate: Basic realm="My Realm"');
    header('HTTP/1.0 401 Unauthorized');
    echo 'Text to send if user hits Cancel button';
} else {
    echo "<p>Hello {$_SERVER['PHP_AUTH_USER']}.</p>";
    echo "<p>You entered {$_SERVER['PHP_AUTH_PW']} as your password.</p>";

Open in new window

Question by:peps03
    LVL 9

    Expert Comment

    What are the webservers running ? Are both apache ?

    Please beware that guide says :
    For HTTP Authentication to work with IIS, the PHP directive cgi.rfc2616_headers must be set to 0 (the default value).
    and another knowledge is
    If you are using PHP + IIS, make sure to set HTTP Error 401;5 to Default in IIS directory config. Otherwise it won't prompt for username and password but just show an error message.
    hope these helps

    Author Comment

    Thanks for your reaction erdincgc!

    in phpinfo it says: SERVER_SOFTWARE:      Apache
    LVL 9

    Expert Comment

    I assume both are same can you attach just  apache environment parts of php info outputs. (Clean rest for security) or just open both php info side by side check differences...

    Are php versions same ?

    Author Comment

    hope this helps:

    LVL 107

    Expert Comment

    by:Ray Paseur
    It might require some rethinking your application requirements, but this article can show you an example of client authentication.   I realize it is a lot of reading, but please see if it might be helpful.

    Best regards, ~Ray

    Author Comment

    Thanks for you reaction Ray!

    But the code posted above, in my original post, should work on every server right?

    Isn't that very basic php code, that shouldn't give any problems?

    Accepted Solution

    This worked for me for some reason:

    I added this in .htaccess. (Change test.php to your script name)

    RewriteEngine on
    RewriteCond %{HTTP:Authorization} !^$
    RewriteRule^test.php$ test.php?login=%{HTTP:Authorization}

    And then in my PHP script, i added the following, right before my user/pass check routine:

    $d = base64_decode(substr($_GET['login'],6) );
    list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', $d);

    Author Closing Comment

    it worked

    Featured Post

    Better Security Awareness With Threat Intelligence

    See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

    Join & Write a Comment

    This is a general how to create your own custom plugin system for your PHP application that you designed (or wish to extend a third party program to have plugin functionality that doesn't have it yet).  This is not how to make plugins for existing s…
    Author Note: Since this E-E article was originally written, years ago, formal testing has come into common use in the world of PHP.  PHPUnit ( and similar technologies have enjoyed wide adoption, making it possib…
    The viewer will learn how to dynamically set the form action using jQuery.
    This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now