[eluser]cfraz[/eluser]
Nice and simple - I'm doing something similar for Windows Integrated Authentication on an intranet application that runs on IIS.
Take a look at the CI input library.
Code:
$this->input->server('PHP_AUTH_USER');
filters input, returns false if it's not set, and optionally screens xss content. I'm not sure but that might be a vulnerability for PHP_AUTH_USER?
Also, I think that parameter is only returned for Apache running PHP module, so it limits applicability.