When using Fast-CGI to pass authentication headers, these headers are passed to the script however they are ignored by PHP. This is because only the “HTTP_AUTHORIZATION” environmental variable gets checked while the “Authorization” variable is ignored. The following steps can be used to overcome this problem:
Create a .htaccess file in the root directory of the script/application you are using:


RewriteEngine onRewriteRule .* - [E=HTTP_AUTHORIZATION:%
{HTTP:Authorization},L].

Next you need to change all the PHP_AUTH_USER and PHP_AUTH_PW variables in your web content to


$_SERVER['PHP_AUTH_USER'] and
$_SERVER['PHP_AUTH_PW']

.

Finally you will need to add the following lines of code preceding the authentication code used in your application / script:


:if(preg_match('/Basic+(.*)$/i',  
$_SERVER['REDIRECT_HTTP_AUTHORIZATION'],
$matches))
{
list($_SERVER['PHP_AUTH_USER'],
$_SERVER['PHP_AUTH_PW']) = explode(':' ,
base64_decode(substr($_SERVER['REDIRECT_HTTP_AUTHORIZATION'], 6)));}

As an example please see the patch for phpWiki below:


# Author: Stepan A. Baranov (rosmir@gmail.com)
# web-site: www.rosmir.org
diff -u ./admin.php.orig ./admin.php

--- ./admin.php.orig

+++ ./admin.php

@@ -18,9 +18,16 @@exit;

}

// ADDED by rosmir@gmail.com

if(preg_match('/Basic+(.*)$/i', $_SERVER['REDIRECT_HTTP_AUTHORIZATION'], $matches))

{

list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':' ,
base64_decode(substr($_SERVER['REDIRECT_HTTP_
AUTHORIZATION'
], 6)));

}

// END ADDED by rosmir@gmail.com// From the manual, Chapter 16

if (($PHP_AUTH_USER != $wikiadmin ) ||(

$PHP_AUTH_PW != $adminpasswd)) {

if (($_SERVER['PHP_AUTH_USER'] != $wikiadmin ) ||(

$_SERVER['PHP_AUTH_PW'] != $adminpasswd)) {Header

("WWW-Authenticate: Basic realm=\"PhpWiki\"");

Header("HTTP/1.0 401 Unauthorized");echo

gettext("You entered an invalid login or password.");

Do you need further assistance? Contact us