Something that has been racking my brain this morning…
I recently moved all the sites I host (including my own) to a new VPS server, everything went far smoother than I could have imagined and I thought I had escaped the pains that you could expect from a server transfer, such as broken scripts due to path changes, feature differences, security differences etc..
Then I noticed that the Google Checkout module used by various clients was not working correctly, Google could not get access to the script. Google Checkout uses HTTP Authentication to login to a page and do it’s business (not in scope for this blog post), however for some reason the login was no longer working.
I quickly discovered that PHP_AUTH_USER and PHP_AUTH_PW were not being set at all, and when I tried to echo $_SERVER['PHP_AUTH_USER'] I would get a undefined variable error. I knew right away that this was a very bad situation, I checked online and instantly fcgi was named as the culprit.
Apparently PHP_AUTH_USER and PHP_AUTH_PW are not sent to Apache when using fcgi as your PHP Handler, and it is recommended to not use a CGI Handler at all. I quickly changed to DSO which fixed my issue. However now it was causing other issues, files needed to be CHMOD 777 in order for PHP scripts to be able to write, which is ridiculous!
Using PHP_AUTH with fcgi!
After hours and hours of searching I found the solution, apparently PHP_AUTH is not a standard header and this is why CGI Handlers do not send them through to PHP, however our best friend .htaccess can help us out!
All you need to do is add these lines to a .htaccess file in the folder where you need the variables:
RewriteEngine on
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L] That’s It!!
Twitter
Facebook
Linkedin
It worked!