I discovered that Access control fails when using PHP as a CGI script, as PHP will not contain the $_SERVER['PHP_AUTH_USER'] variable, so I found a hack around this on PHP.net (
http://www.php.net/manual/en/features.http-auth.php#106285)
All I needed to do was add the following lines to my .htaccess file
RewriteEngine on
RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization},last]
Then I added this to the top of include/setup.php
//set http auth headers for apache+php-cgi work around
if (isset($_SERVER['HTTP_AUTHORIZATION']) && preg_match('/Basic\s+(.*)$/i', $_SERVER['HTTP_AUTHORIZATION'], $matches)) {
list($name, $password) = explode(':', base64_decode($matches[1]));
$_SERVER['PHP_AUTH_USER'] = strip_tags($name);
$_SERVER['PHP_AUTH_PW'] = strip_tags($password);
}elseif (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION']) && preg_match('/Basic\s+(.*)$/i', $_SERVER['REDIRECT_HTTP_AUTHORIZATION'], $matches)) {
//set http auth headers for apache+php-cgi work around if variable gets renamed by apache
list($name, $password) = explode(':', base64_decode($matches[1]));
$_SERVER['PHP_AUTH_USER'] = strip_tags($name);
$_SERVER['PHP_AUTH_PW'] = strip_tags($password);
}
That did the magic.
------------------------------------------------------
http://websvn.tigris.org/ds/viewMessage.do?dsForumId=2390&dsMessageId=2867900
