Username and password are asked during Apache's authentication phase, while your script is executed later during content generation phase. These two phases don't share user's password, because it is not needed and dangerous. So there is no way to obtain a password from a plain Apache.

You need a special handler and mod_perl would be a nice solution, but you can't use it :( so what suggested Mr Person (++) seems to be the only viable solution. It has also an advantage over basic authentication: you can logout users without forcing them to close their browsers.

Ciao, Valerio