HTTP Authentication with PHP as CGI

software development



I’m just wondering if it is possible to use the php $SERVER['HTTP_AUTH*’] when using php as a cgi.

Officially it doesnt seem to be supported, but if there is a way i would love to know.



HTTP_AUTH is the old long array vars. The new name is: $_SERVER[‘PHP_AUTH_USER’] and $_SERVER[‘PHP_AUTH_PW’]. Both of which should work in PHP CGI.


Sorry, i meant PHP_AUTH_* ,

And Unfortunately they don’t seem to work with php as cgi:

When running under Apache or IIS (ISAPI on PHP 5) as module doing HTTP authentication this variable is set to the username provided by the user.

(taken from php website)
Also, from my own script, when using php as a cgi, they were both empty, but after i switched it across to being an apache module, they worked once more.

So does anyone know of another way of accessing HTTP Authentication values using php as a cgi?



Interesting…What i read in the books I have said that authentication does not work with cgi, and it was necessary to create your own. I never tested it to see if they were wrong.


You can’t. PHP has to be an Apache module so it can hook into the reqeust handling process.

The PHP web site has this documented:

:cool: Perl / MySQL / HTML CSS


I’m pretty sure CGI ainta gonna work that way.
However, if you’re using the usual Apache “.htaccess” and “.htpasswd” setup, even in CGI mode PHP will give you the user’s name in both of “$_SERVER[‘REMOTE_USER’]” and “$_ENV[‘REMOTE_USER’]” global variables even though the AUTH_USER variable isn’t set and (obivously) the corresponding password variable isn’t available.

Dunno if that’ll help ya worth a lick though.