I was hoping to authenticate my Google App Engine (GAE) website, making a "members only" page. I was hoping to match emails/member IDs in a Google SQL table to data input in the HTTP Authentication pop-up box, but I'm having difficulties. Below is the general outline of my PHP:
if (!isset($_SERVER['PHP_AUTH_USER'])) {
header('WWW-Authenticate: Basic realm="Please enter your email in the username box and member ID in the password box"');
header('HTTP/1.0 401 Unauthorized');
echo 'Login credentials required for this Premium Content page.';}
else {
//Verify that the user has the proper credentials
}
It seems like SERVER['PHP_AUTH_USER'] is never set, indicating that the PHP is run in CGI mode. How do I go about making this work on Google App Engine? There are other places that show directions on how to get HTTP Authentication working in CGI mode (see here http://www.besthostratings.com/articles/http-auth-php-cgi.html), but they all refer to the .htaccess file, which I don't think GAE uses (it uses a .yaml file instead). I could just make an authentication page, but was hoping I could authenticate through means that are less vulnerable.
Yes, you will need to write an authentication page that checks the username and password against your SQL table. If they match, then you can set the SERVER['PHP_AUTH_USER'] session variable. Remember to include a logout page that resets that variable.