How to set PHP_AUTH_USER

Question

PHP_AUTH_USER is empty. And system using the Windows login credentials.

How can I change it.

I wanna use the username and password entered by the user

Answer 1

See HTTP Authentication with PHP

<?php
  if (!isset($_SERVER['PHP_AUTH_USER'])) {
       Header("WWW-Authenticate: Basic realm=\"My Realm\"");
       Header("HTTP/1.0 401 Unauthorized");
       echo "Text to send if user hits Cancel button\n";
       exit;
       } else {
   echo "Hello {$_SERVER['PHP_AUTH_USER']}";
   echo "<p>You entered {$_SERVER['PHP_AUTH_PW']} as your password.</p>";
  }
?> 

And the description of inidices in $_SERVER:

• 'PHP_AUTH_USER': When running under Apache or IIS (ISAPI on PHP 5) as module doing HTTP authentication this variable is set to the username provided by the user.

• 'PHP_AUTH_PW': When running under Apache or IIS (ISAPI on PHP 5) as module doing HTTP authentication this variable is set to the password provided by the user.

Answer 2

If you're running PHP under IIS and using Windows Authentication you shoud find the username under one (or more) of these:

• $_SERVER['LOGON_USER']
• $_SERVER['AUTH_USER']
• $_SERVER['REDIRECT_LOGON_USER']
• $_ENV['REDIRECT_LOGON_USER']

Forget about the password - when PHP starts the user has already been authorized and the script is not supposed to need it.

You can use Windows Authentication to log into SQL server as the user: look at the documentaion for fastcgi.impersonate. This works as long as IIS and SQL Server are on the same system. If you keep your database elsewhere... well, you may google for Double Hop issue if you want the gory details, but the short story is that it doesn't work. I've lost a month waiting for a customer to give up and allow a plain user/pass login into his database.