Http authentication not working in linux hosted website

Question

I have a linux hosted website, i am trying to use the below code for http-authentication for access to one confidential page, but it doesn't seem to work, everytime i enter username and password, the authentication box pops up again! Can anybody tell me where m i going wrong?

 <?php
 // User name and password for authentication

$username='username';
$password='password';


if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW']) ||
($_SERVER['PHP_AUTH_USER'] !=$username) || ($_SERVER['PHP_AUTH_PW'] !=$password)) 
{
 // The user name/password are incorrect so send the authentication headers
   header('HTTP/1.1 401 Unauthorized');
  header('WWW-Authenticate: Basic realm="My Web Page:The Freedom Square Of Internet"');
  exit('<h2>My Web page</h2>Sorry, you must enter a valid user name and password to access this page.');
  }
?>

Answer 1

It's quite possible that your server 'eats' the 'Authorization' header, spitting out the contents of $_SERVER can help you get a better idea of what's going on. What server are you using?

Here's a mod_rewrite solution for Apache if you're using fastcgi and the above is your issue: http://search.cpan.org/~mramberg/Catalyst-Runtime-5.80012/lib/Catalyst/Engine/FastCGI.pm#Authorization_header_with_mod_fastcgi_or_mod_cgi

RewriteCond %{HTTP:Authorization} ^(.+)
RewriteRule ^(.*)$ $1 [E=HTTP_AUTHORIZATION:%1,PT]

You can then quite simply process the Authorization header if PHP doesn't do it for you.