The keys PHP_AUTH_USER and PHP_AUTH_PW are not present in the superglobal $_SERVER, so http basic authentication needs to be handled a little differently.
This also affects functional tests which require http basic auth to authenticate.
Basically the workaround is two parts:
-
A rewrite rule to pack the username and password into an environment variable:
RewriteEngine on
RewriteRule .\* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
-
Extract the info from the environment variable:
list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':' , base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
See below for more details.
http://orangejuiceliberationfront.com/http-auth-with-php-in-cgi-mode-e-g-on-dreamhost/
http://www.besthostratings.com/articles/http-auth-php-cgi.html
The keys PHP_AUTH_USER and PHP_AUTH_PW are not present in the superglobal $_SERVER, so http basic authentication needs to be handled a little differently.
This also affects functional tests which require http basic auth to authenticate.
Basically the workaround is two parts:
A rewrite rule to pack the username and password into an environment variable:
RewriteEngine on RewriteRule .\* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]Extract the info from the environment variable:
list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':' , base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
See below for more details.
http://orangejuiceliberationfront.com/http-auth-with-php-in-cgi-mode-e-g-on-dreamhost/
http://www.besthostratings.com/articles/http-auth-php-cgi.html