How can I get a user's input when using htaccess/htpasswd?

Question

I want to create a log in system using htaccess and htpasswd file and PHP for the server-side code, but when the user logs in I want to be able to identify that user, so how can I know what the user typed in as their username using PHP code (I assume I won't need to know the password if they've managed to access the restricted page)?

Many thanks, Ben

Answer 1

You just need the following to get the username that is currently in use for an authenticated session:

$_SERVER['PHP_AUTH_USER']

rev1

In light of @Ben's comment I've now found the section in the PHP documentation at HTTP authentication with PHP that explains what's going on:

As of PHP 4.3.0, in order to prevent someone from writing a script which reveals the password for a page that was authenticated through a traditional external mechanism, the PHP_AUTH variables will not be set if external authentication is enabled for that particular page and safe mode is enabled. Regardless, REMOTE_USER can be used to identify the externally-authenticated user. So, you can use _SERVER['REMOTE_USER'].