Hi Guys and Gals,

Looking for some advice. I’m trying implement a simple authentication system in PHP, and I’m checking for the existence of the $_SERVER[‘PHP_AUTH_USER’] variable, but no matter what I do it appears that PHP isnt populating this variable.

I have my domain setup as PHP 5.1.2 (not FastCGI)

Does anyone have any reasons why this would be the case?



What you are experiencing is normal if using the default Dreamhost installation of PHP, as it runs as PHP-CGI (as your user, under suexec). As such, those variables are not populated.

Additional info can be found on in the PHP manual section on HTTP authentication with PHP.


Okay, that makes sense.

If this is the case, how would I implement HTTP Authentication in PHP if these variables are not populated?

Unfortunately, the “short answer” is that you can’t. This is one of the limitations of running PHP as CGI. :frowning:

You will either need to run mod_php, or use a different method of authentication.

Good eaxmples of working around this are found in any of the common open-source CMS systems, which implement their own authentication wholly in PHP, or in the many publicly available php classes that are available on the web.


Okay, one last effort:

If PHP doesnt have these variables populated, does Apache? Could I not use some mod_rewrite trickery to pass these through as environment variables, or does Apache not set these either?

You mentioned I would need to run mod_php: is this possible with the shared hsoting on dreamhost? Would dedicated hosting provide “real” apache and PHP support (“real” in the sense that this is the first time I’ve ever come across these limitations :slight_smile: )

You can, at present, run mod_php on DH, though it is not officially supported, and there is no guarantee that this functionality will always be available. For more information on this, check out this page on PHP available on Dreamhost, paying particular attention to this link on that page.

As for what facilities dedicated hosting would provide, that is completely subject to the arrangements made with the hosting provided; I would think in most such environments you would be able to run mod_php if you wanted, but it does depend on what you contract for.


Funny you mention using “mod_rewrite trickery” to pass the HTTP authentication values to PHP. Have a look at the following:

I have to warn you that I could not get this to work. I’m using a custom compiled version of PHP running as CGI; I don’t know if this would make a difference – I don’t see why it would.

If this works for you, please let me know.

Hi I did have the same problem and solved it for my case. This is what I found out.

foreach($HTTP_SERVER_VARS as $FieldName => $FieldValue ) echo $FieldName." - “.$FieldValue.”

That way I found out there can be another variable:

$_SERVER[“REDIRECT_REMOTE_USER”] which, in my case, contains the sought after value of $_SERVER[“PHP_AUTH_USER”]

I host two sites at Dreamhost under the same account (Both PHP 4, no extra security) . On the standard one $_SERVER[“PHP_AUTH_USER”] is filled correctly, on the other one it is not but $_SERVER[“REDIRECT_REMOTE_USER”] is. This second site is under a different user than my standard Dreamhost account and therefore in a different directory altogether. Maybe this different directory and user causes it to be redirected by Dreamhost or Apache.

Hope this has helped. It certainly did for me.

I added:


Kind regards,

Von Mises

I’ve used this trick:

It works! :slight_smile: