Purpose: Check path validity and user’s access rights.
Check auth-type, auth-user, or auth-group in rq->vars.
Return REQ_PROCEED if the user and group are authorized for this area (ppath in rq->vars).
If not authorized, insert WWW-Authenticate to rq->srvhdrs with a value such as: Basic; Realm=\\"Our private area\\". Call protocol_status() to set the HTTP response status to PROTOCOL_UNAUTHORIZED. Return REQ_ABORTED.