It is possible authentication will not work for those running php as CGI/SuExec
I found a good resource that provides a fix for this (or a workaround anyway):
https://www.besthostratings.com/articles/http-auth-php-cgi.html
In order to implement this with the API, first adjust your .htaccess file by adding
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule .* – [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
</IfModule>
then utilize the authentication filter to provide http authentication values (NOTE: This example is using base 64 decode which means that the authentication values were sent with base 64 encoding *base64_encode(“username:password”)*):
function fixTheCheckAuth(){
list($_SERVER[‘PHP_AUTH_USER’], $_SERVER[‘PHP_AUTH_PW’]) = explode(‘:’ , base64_decode(substr($_SERVER[‘HTTP_AUTHORIZATION’], 6)));
}
add_filter(‘json_check_authentication’, ‘fixTheCheckAuth’);
/8============================================8/
The above actually did not work for me. This did however, it is a method from a responder in the resource above (https://www.besthostratings.com/articles/http-auth-php-cgi.html)
Sébastien Marinier Said,
May 07, 2009 @ 10:57
With Apache 2.2 and PHP 5(cgi mode), i’ve used
SetEnvIfNoCase Authorization “Basic ([a-z0-9=]+)” REMOTE_AUTHORIZATION=$1
This gives me $_SERVER[“REDIRECT_REMOTE_AUTHORIZATION”] as a global var.
I don’t know if “REDIRECT_” prefix is due to my configuration/environment. You may try without it.
After, you can use the following code, before user both PHP_AUTH_* vars in a traditionnal way:
if (isset($_SERVER[“REDIRECT_REMOTE_AUTHORIZATION”]) && $_SERVER[“REDIRECT_REMOTE_AUTHORIZATION”]!=”){
$d = base64_decode($_SERVER[“REDIRECT_REMOTE_AUTHORIZATION”]);
list($_SERVER[‘PHP_AUTH_USER’], $_SERVER[‘PHP_AUTH_PW’]) = explode(‘:’, $d); }
