PHP_AUTH_USER not set?

There is a 'sensible way' to use HTTP Basic Auth in CGI-mode PHP: in the .htaccess use

RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

and in the PHP use

list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = 
  explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));

try this

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
</IfModule>

on your .htaccess file which you will have to place into the root directory

and then

list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':' , base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));

in the begining of your php scripts

I am using Symfony 2.5.7 running on PHP-PFM + Apache 2.4 on Ubuntu 14.04. I have BASIC_AUTH working, it needs to correctly configure the Apache VirtualHost by adding:

SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

as also mentioned here.

Starting from Apache 2.4.13, you simply need to use CGIPassAuth directive in your .htaccess:

CGIPassAuth On

According to phpinfo(), my server API is CGI/Fast CGI, so I've solved the problem by putting the following in my .htaccess file:

RewriteEngine on
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ app.php [QSA,L]