While following leads from Zend’s weekly summary, ran in Thomas Pike’s HTTP Digest Class: http://www.xiven.com/sourcecode/digestauthentication – a pure PHP implementation which relies on getallheaders() (i.e. requires Apache as well). Thomas introduces it here on his blog.
PHP comes with built in support for HTTP basic authentication but the problem there is, unless you’re using SSL (https), visitors will be sending passwords in clear text, which could be easily “sniffed” between their browser and your server.
HTTP Digest Authentication is a somewhat more secure mechanism, where, essentially, the server begins by sending a “seed” value to the browser, which the browser then uses to (one way) encrypt the password before sending.
Good to see this finally well-done in PHP.