1

I have set up a basic authentication on one section of my website as documented here, it works fine, but now I need to be able to access the user name in order to filter certain results. But $_SERVER['PHP_AUTH_USER'] wont work. Is there any other way to see who is logged in?

My .htaccess file: 

AuthType Basic

AuthName "You need to login to access this page."
AuthUserFile /usr/local/..../.htpasswd
Require valid-user

RewriteEngine on
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]

It is marked as duplicate, but I don't see where is the answer to my problem? Can someone help please? Admin?

Improve this question
8
  • Ask the user for it, auth them against stored username and password from database, cache the result of the username in session. $_SERVER is designed for server related info (paths, uri etc.) whereas $_SESSION is designed for things related to the users current session (username, breadcrumbs, auth token maybe?). Just make sure to session_start() before that :P Commented Jun 25, 2018 at 8:58
  • Do a var_dump($_SERVER); and see if you can find the username somewhere in the output. Depending on how specifically PHP is embedded into the web server, you might find this info in slightly different fields. Also, read what php.net/manual/en/features.http-auth.php has to say about when HTTP Auth is triggered from “outside” PHP, on the web server level. Commented Jun 25, 2018 at 9:11
  • What do you mean by "But $_SERVER['PHP_AUTH_USER'] wont work"? Is the field blank? Commented Jun 25, 2018 at 9:24
  • @CBroe did a var_dump, not one variable had my user name, does that mean my user name is not being stored with PHP? Is there a way to change that? Commented Jun 25, 2018 at 9:50
  • @MrGlass it returns null when called, in other words variable is not set. Commented Jun 25, 2018 at 9:51

3 Answers 3

Reset to default
0

When a user logs in use the session variable to store the user name and then access it..

session_start();
$_SESSION['username'] = $username 

//$username is whatever you grabbed as the supplied login details
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

Say for instance, you have the following login function;

<?php
function doLogin($uname, $pword)
{
    global $connection;
    $query = "SELECT psswd FROM users WHERE (uname = '{$uname}' OR email = '{$uname}')";
    $result = $connection->query($query);
    $row = $connection->fetch_assoc($result);
    $password = $row['psswd'];

    if (password_verify($pword, $password))
    {
        session_start();
        $_SESSION['user_logged_in'] = true;
        $_SESSION['username'] = $uname;
        return true;
    }
    return false;
}

Using verification, we can see that the password was found from the database, it was verified using php's functions for this, and we set variables on the session (after starting it & a valid login) to say as such, as well as store the username for future use

Improve this answer

Comments

0

In your .htaccess you are populating $_SERVER['HTTP_AUTHORIZATION'] - have you tried with that ?

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.