From 453daad7124c8366cbd70a9b738e4235463f0e4c Mon Sep 17 00:00:00 2001
From: Alliballibaba <alliballibaba@gmail.com>
Date: Sun, 25 Jan 2026 19:56:35 +0100
Subject: [PATCH] Lets PHP handle basic auth.

---
 cgi.go       | 21 +++++++++------------
 frankenphp.c | 15 ++++++++-------
 2 files changed, 17 insertions(+), 19 deletions(-)

diff --git a/cgi.go b/cgi.go
index 63fb1339b9..9804c969df 100644
--- a/cgi.go
+++ b/cgi.go
@@ -277,23 +277,13 @@ func splitPos(path string, splitPath []string) int {
 // See: https://github.com/php/php-src/blob/345e04b619c3bc11ea17ee02cdecad6ae8ce5891/main/SAPI.h#L72
 //
 //export go_update_request_info
-func go_update_request_info(threadIndex C.uintptr_t, info *C.sapi_request_info) {
+func go_update_request_info(threadIndex C.uintptr_t, info *C.sapi_request_info) *C.char {
 	thread := phpThreads[threadIndex]
 	fc := thread.frankenPHPContext()
 	request := fc.request
 
 	if request == nil {
-		return
-	}
-
-	authUser, authPassword, ok := request.BasicAuth()
-	if ok {
-		if authPassword != "" {
-			info.auth_password = thread.pinCString(authPassword)
-		}
-		if authUser != "" {
-			info.auth_user = thread.pinCString(authUser)
-		}
+		return nil
 	}
 
 	info.request_method = thread.pinCString(request.Method)
@@ -311,6 +301,13 @@ func go_update_request_info(threadIndex C.uintptr_t, info *C.sapi_request_info)
 	info.request_uri = thread.pinCString(request.URL.RequestURI())
 
 	info.proto_num = C.int(request.ProtoMajor*1000 + request.ProtoMinor)
+
+	authorizationHeader := request.Header.Get("Authorization")
+	if authorizationHeader == "" {
+		return nil
+	}
+
+	return thread.pinCString(authorizationHeader)
 }
 
 // SanitizedPathJoin performs filepath.Join(root, reqPath) that
diff --git a/frankenphp.c b/frankenphp.c
index fd487edb8e..cb910c81ae 100644
--- a/frankenphp.c
+++ b/frankenphp.c
@@ -85,7 +85,11 @@ static void frankenphp_update_request_context() {
   /* status It is not reset by zend engine, set it to 200. */
   SG(sapi_headers).http_response_code = 200;
 
-  go_update_request_info(thread_index, &SG(request_info));
+  char *authorization_header =
+      go_update_request_info(thread_index, &SG(request_info));
+
+  /* let PHP handle basic auth */
+  php_handle_auth_data(authorization_header);
 }
 
 static void frankenphp_free_request_context() {
@@ -95,8 +99,6 @@ static void frankenphp_free_request_context() {
   }
 
   /* freed via thread.Unpin() */
-  SG(request_info).auth_password = NULL;
-  SG(request_info).auth_user = NULL;
   SG(request_info).request_method = NULL;
   SG(request_info).query_string = NULL;
   SG(request_info).content_type = NULL;
@@ -187,9 +189,9 @@ static void frankenphp_worker_request_shutdown() {
   zend_end_try();
 
   /* SAPI related shutdown (free stuff) */
-  frankenphp_free_request_context();
   zend_try { sapi_deactivate(); }
   zend_end_try();
+  frankenphp_free_request_context();
 
   zend_set_memory_limit(PG(memory_limit));
 }
@@ -609,8 +611,8 @@ static zend_module_entry frankenphp_module = {
     STANDARD_MODULE_PROPERTIES};
 
 static void frankenphp_request_shutdown() {
-  frankenphp_free_request_context();
   php_request_shutdown((void *)0);
+  frankenphp_free_request_context();
 }
 
 static int frankenphp_startup(sapi_module_struct *sapi_module) {
@@ -1055,8 +1057,7 @@ static int frankenphp_request_startup() {
     return SUCCESS;
   }
 
-  frankenphp_free_request_context();
-  php_request_shutdown((void *)0);
+  frankenphp_request_shutdown();
 
   return FAILURE;
 }