from the manual on predefined $_SERVER variables

'PHP_AUTH_USER'
When running under Apache or IIS (ISAPI on PHP 5) as module doing HTTP authentication this variable is set to the username provided by the user.

'PHP_AUTH_PW'
When running under Apache or IIS (ISAPI on PHP 5) as module doing HTTP authentication this variable is set to the password provided by the user.

if you are running PHP as an apache module you can access these. if you are running as a CGI process then you cannot.

For information I solved this a different way and this is in case anyone is interested.
What I wanted to do was to have files accessible only to members (of my sports club). An easy way to protect files is with HTTP basic authentication the problem then is you need to authenticate yourself with that as well as your site logon - very boring.

The solution I thought is to "fix" authentication on the client somehow - but I did not know how to do this and the solution suggested using $_SERVER variables did not work.

The solution I found is to recognise something I did not realise, namely that Apache protected files can still be read using fread and even included using include in php scripts. Problem solved - instead of directing the browser to the file, I just read it and echo it out.

Very handy to know I think.

Dave