<?php

function login__from_env()

{

	return $_SERVER["PHP_AUTH_USER"]

		.($_SERVER["PHP_AUTH_PW"] !== "" ? ":".$_SERVER["PHP_AUTH_PW"] : "");

}

function user2path($user) # multiple @ and nested . OK: a@b.c@url -> url?b.c.a

{ return implode(".", array_reverse(explode("@", $user))); }

if (!isset($_SERVER["PHP_AUTH_USER"])) # browser first omits Authorization

{

	header('WWW-Authenticate: Basic realm="please leave username/password blank or as filled in"');

}

else

{

	$dest = preg_replace('!\b/!', "./", $_SERVER["SCRIPT_URI"])."?";

		# append trailing . to host to prevent infinite redirect loop

	if ($_SERVER["PHP_AUTH_USER"] !== "") # prepend to query string

		$dest .= "."/*force dotpath*/.user2path(login__from_env());

	$dest .= $_SERVER["QUERY_STRING"];

	header("Location: ".$dest);

}

?>