Authenticating Users with HTTP Authentication in PHP

[Mike Dorfman]

Hello,

I'm hoping to have a "members only" section of my appspot page, but am hoping to use instead of authenticating with Google credentials.  I was hoping to use HTTP Authentication with PHP, but am having trouble.  I found that the PHP global variable 'PHP_AUTH_USER' is not set after submitting authentication credentials, making the authentication pop-up come back up until I hit "cancel".  You can see an example of this page here: http://xmountwashington.appspot.com/cscTesting.php and the php code behind it below.

if (!isset($_SERVER['PHP_AUTH_USER'])) {
    header('WWW-Authenticate: Basic realm="Please enter your email in the username box and member ID in the password box"');
    header('HTTP/1.0 401 Unauthorized');
    echo 'Login credentials required for this Premium Content page.';
    exit;
} else {
    //Verify that the user has the proper credentials
}

I've heard if you have the CGI version of PHP running, this type of user authentication won't work too easily.  According to the manual:

In order to get HTTP Authentication to work using IIS server with the CGI version of PHP you must edit your IIS configuration "Directory Security". Click on "Edit" and only check "Anonymous Access", all other fields should be left unchecked.

Does GAE PHP automatically run in CGI mode?  How can I get HTTP authentication working in GAE?  More generally, is there an easier way to authenticate users with a username/password table in MySQL than to use HTTP Authentication?

Thank you,

Mike

[Mars Lan]

Please file a feature request at https://code.google.com/p/googleappengine/issues/list?q=Language%3DPHP