PHP_AUTH_USER is empty. And system using the Windows login credentials.

How can I change it.

I wanna use the username and password entered by the user

If you're running PHP under IIS and using Windows Authentication you shoud find the username under one (or more) of these:

• $_SERVER['LOGON_USER']
• $_SERVER['AUTH_USER']
• $_SERVER['REDIRECT_LOGON_USER']
• $_ENV['REDIRECT_LOGON_USER']

Forget about the password - when PHP starts the user has already been authorized and the script is not supposed to need it.

You can use Windows Authentication to log into SQL server as the user: look at the documentaion for fastcgi.impersonate. This works as long as IIS and SQL Server are on the same system. If you keep your database elsewhere... well, you may google for Double Hop issue if you want the gory details, but the short story is that it doesn't work. I've lost a month waiting for a customer to give up and allow a plain user/pass login into his database.

See HTTP Authentication with PHP

<?php
  if (!isset($_SERVER['PHP_AUTH_USER'])) {
       Header("WWW-Authenticate: Basic realm=\"My Realm\"");
       Header("HTTP/1.0 401 Unauthorized");
       echo "Text to send if user hits Cancel button\n";
       exit;
       } else {
   echo "Hello {$_SERVER['PHP_AUTH_USER']}";
   echo "<p>You entered {$_SERVER['PHP_AUTH_PW']} as your password.</p>";
  }
?> 

And the description of inidices in $_SERVER:

• 'PHP_AUTH_USER': When running under Apache or IIS (ISAPI on PHP 5) as module doing HTTP authentication this variable is set to the username provided by the user.

• 'PHP_AUTH_PW': When running under Apache or IIS (ISAPI on PHP 5) as module doing HTTP authentication this variable is set to the password provided by the user.

As this came up when searching for IIS and auth_user missing, I probably found an explanation why : if you set the folder permissions to everyone : read and execute, the $_SERVER['_USER'] get no value.

On JodoHost use $_SERVER['REDIRECT_REMOTE_USER'] instead of $_SERVER['PHP_AUTH_USER'].

Also, if you want to see all the Server Variables, make a small PHP Test page and put the PHP Code below in it.

If you've logged in as a user, you'll see which field has your user name.

Also, put this test file into the directory that is protected by .htaccess:

PHP CODE:

foreach($_SERVER as $key_name => $key_value) 
{
    print $key_name . " = " . $key_value . "<br>";
}