HTTP authentication in PHP
Posted on 2007-06-12 - Comments
I’ve just discovered, totally by accident, how to get HTTP Authentication
(when the browser pops up a dialog asking for the username and password –
usually set with a .htaccess file) values within PHP. Previously, I’d just
assumed that the authentication was a “black box” and I was unable to use it
within my scripts. I had done some experimentation to see if any of the i
nformation was present in the _POST
or _COOKIE
arrays to no avail.
At work, we were using some software which, somewhat curiously, seemed to automatically log users in without them supplying the correct credentials. After much digging, inserting debug messages and experimentation, I found that PHP had the authentication values in the superglobal $_REQUEST array. The values you can use are as follows:
// Superglobal showing the username supplied
print $_SERVER['PHP_AUTH_USER'];
// Superglobal showing the password
print $_SERVER['PHP_AUTH_PW'];
// Authentication type (Basic or digest in PHP5)
print $_SERVER['AUTH_TYPE'];
This is immensely useful for me, because it opens all sorts of possibilities for single sign-on style systems. It also means I can work with non PHP files, without having to authenticate twice or rely on PHP sessions alone.
Of course, perhaps I should have looked at the PHP manual on HTTP authentication first!
- Next generation console wishlist 2013-02-18
- Digital conversations preserved 2011-02-21
- Pastel de Nata recipe 2011-01-10
- Fixing a bricked D-Link DSL-G624T 2010-01-22
- Learning PHP - Part 6: functions 2009-11-03
- Learning PHP - Part 5: your first dynamic web page 2009-11-03
- Learning PHP - Part 4: controlling flow 2009-11-02
- Symptoms of a Wordpress hack 2009-11-02
- Learning PHP - Part 3: array basics 2009-10-26
- Learning PHP - Part 2: variable basics 2009-10-25
- Learning PHP - Part 1: introduction 2009-10-24
- Unsetting HTTP headers in PHP 2008-08-06
- Intermittent 1px gap in Firefox 3 2008-07-30
- Understanding Linux file permissions 2008-07-29
- Step by step: Moving code between Subversion repositories 2008-07-23
- Novell client on OpenSuse 10.3 2007-10-08
- Removing Windows from Apple's Bootcamp 2007-10-01
- HTTP authentication in PHP 2007-06-12
- Microformats and me 2007-06-11