http authentication, php 5.3

Question

I like this simple http authenticating for some non-critical pages.

<?php
if (!isset($_SERVER['PHP_AUTH_USER'])) {
  header('WWW-Authenticate: Basic realm="My Realm"');
  header('HTTP/1.0 401 Unauthorized');
  echo 'Text, der gesendet wird, falls der Benutzer auf Abbrechen drückt';
  exit;
} else {
  echo "<p>Hallo {$_SERVER['PHP_AUTH_USER']}.</p>";
  echo "<p>Sie gaben {$_SERVER['PHP_AUTH_PW']} als Passwort ein.</p>";
}
?>

Now I am trying to implement it on server with php 5.3 and it doesnt work. Whats wrong?

I type name and password, press enter and pages show me dialog again. No values in $_SERVER['PHP_AUTH_USER'].

Answer 1

I am experiencing the same problem. According to me service provider, this is an old version of php that doesn't work on php 5.5 & higher. You will have to find a newer version of php.

Answer 2

From the HTTP Authentication with PHP page on php.net:

As of PHP 4.3.0, in order to prevent someone from writing a script which reveals the password for a page that was authenticated through a traditional external mechanism, the PHP_AUTH variables will not be set if external authentication is enabled for that particular page and safe mode is enabled. Regardless, REMOTE_USER can be used to identify the externally-authenticated user. So, you can use $_SERVER['REMOTE_USER'].

Perhaps this applied to this case. (just noticed this is an old question :)