/** * Extract "login" and "password" credentials from HTTP-request * * Returns plain array with 2 items: login and password respectively * * @return array */ public function getCredentials() { $server = $this->request->getServerValue(); $user = ''; $pass = ''; if (empty($server['HTTP_AUTHORIZATION'])) { foreach ($server as $k => $v) { if (substr($k, -18) === 'HTTP_AUTHORIZATION' && !empty($v)) { $server['HTTP_AUTHORIZATION'] = $v; break; } } } if (isset($server['PHP_AUTH_USER']) && isset($server['PHP_AUTH_PW'])) { $user = $server['PHP_AUTH_USER']; $pass = $server['PHP_AUTH_PW']; } elseif (!empty($server['HTTP_AUTHORIZATION'])) { /** * IIS Note: for HTTP authentication to work with IIS, * the PHP directive cgi.rfc2616_headers must be set to 0 (the default value). */ $auth = $server['HTTP_AUTHORIZATION']; list($user, $pass) = explode(':', base64_decode(substr($auth, strpos($auth, " ") + 1))); } elseif (!empty($server['Authorization'])) { $auth = $server['Authorization']; list($user, $pass) = explode(':', base64_decode(substr($auth, strpos($auth, " ") + 1))); } return [$user, $pass]; }