tags:

views:

35

answers:

1
Q: 

How can I get a user's input when using htaccess/htpasswd?

Hi,
I want to create a log in system using htaccess and htpasswd file and PHP for the server-side code, but when the user logs in I want to be able to identify that user, so how can I know what the user typed in as their username using PHP code (I assume I won't need to know the password if they've managed to access the restricted page)?

Many thanks, Ben

A: 

You just need the following to get the username that is currently in use for an authenticated session:

$_SERVER['PHP_AUTH_USER']

rev1

In light of @Ben's comment I've now found the section in the PHP documentation at HTTP authentication with PHP that explains what's going on:

As of PHP 4.3.0, in order to prevent someone from writing a script which reveals the password for a page that was authenticated through a traditional external mechanism, the PHP_AUTH variables will not be set if external authentication is enabled for that particular page and safe mode is enabled. Regardless, REMOTE_USER can be used to identify the externally-authenticated user. So, you can use _SERVER['REMOTE_USER'].

Richard Harrison  2010-10-10 15:21:26
Thanks, but I can't get that to work, it just returns a empty result.
Ben  2010-10-11 15:00:40
Got it, this works: $_SERVER['REMOTE_USER']
Ben  2010-10-15 00:18:21
@ben - well done. FYI I've now found out why this is - I'll make corrections to the answer for the sake of completion.
Richard Harrison  2010-10-15 18:13:45

related questions

Is it safe to deny access to .ini file in .htaccess?
.htaccess redirect performance
How can I fix my .htaccess to resolve URLs that don't end in slashes
Find the page that the user intended to see
Configuring wordpress .htaccess to view subfolders
Getting file name of file directed by .htaccess?
Apache htaccess on Win2k is not being processed
How do I stop visitors directly accessing the directories in my website?
What happens first? .htaccess or php code?
Apache/php guru needed! htaccess files, php, includes directories, and windows XAMPP configuration nightmare!
Edit php.ini with .htaccess
Do you have to restart apache to make re-write rules in the .htaccess take effect?
Apache Mod-Rewrite Primers?
Dynamic IP-based blacklisting
.htaccess mod rewrite 301-redirect
How to make a web app appear at the root of the site?
Is it possible to use .htaccess to send six digit number URLs to a script but handle all other invalid URLs as 404s?
How do I use .htaccess to redirect to a URL containing HTTP_HOST?
How to convert Apache .htaccess files into Lighttpd rules?
Wildcard Subdomain Exceptions
Redirecting non-www URL to www
How can I use `scp` to deploy a website's `.htaccess` file?
How do I add a MIME type to .htaccess?
Mod-Rewrite loading files behind the DocumentRoot
.htaccess directives to *not* redirect certain URLs