There is a workaround available which can make HTTP Auth
for PHP working even when in CGI SUEXEC mode.
First you need to create the following .htaccess file:
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
</IfModule>
The lines above will assign the username/pass pairs to an environment
variable named HTTP_AUTHORIZATION.
Then in your PHP script you should add the following, right before your
user/pass check routine:
list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':' ,
base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
So here it is how a sample PHP script using HTTP Authentication would look
like:
<?php
// split the user/pass parts
list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':',
base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
// open a user/pass prompt
if (!isset($_SERVER['PHP_AUTH_USER'])) {
header('WWW-Authenticate: Basic realm="My Realm"');
header('HTTP/1.0 401 Unauthorized');
echo 'Text to send if user hits Cancel button';
exit;
} else {
echo "<p>Hello, </p>".$_SERVER['PHP_AUTH_USER'];
echo "<p>You entered as your password: </p>".$_SERVER['PHP_AUTH_PW'];
}
?>
NoMonthlyFees.com Support Staff
