There is a ‘sensible way’ to use HTTP Basic Auth in CGI-mode PHP: in the .htaccess use
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
and in the PHP use
list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) =
explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));