Yes, %ENV{} is fairly magical (but good majic), and depends what's done outside the program, usually by the shell, but you mentioned

Using $ENV{'AUTH_USER'}, and (HTTP_PROXY_USER) and (REMOTE_USER) to check what is being pickde up as a user logs in

So in this case it looks like your script is being run by a web server, probably Apache, because these are variables defined by Apache.

That's where the catch is. They are defined in Apache documentation, but because of vulnerabilities when programmers rely on them for security, they are usually not set, or not set by default. So you're probably doing a fine job of looking for them, they are just not there, or aren't there in the more recent versions. Try looking for other Apache CGI defined variables, one's that don't depend on who the user is, and that will tell you if your use of %ENV{} is working OK. If it is, then you know that it's just that those particular variables related to the user just aren't there, and it's not your fault.

There's more info on this, if you want, in the Apache updated.

By the way: The best I've been able to do when the user variables were not available was to identify the IP address that the connection was coming from, but I had fixed IP addresses to work with, and you may not be this lucky.