Issue
Before I begin, I'd like to point out that I've browsed Stack Overflow and found other similar questions - PHP_AUTH_USER not set? and HTTP Auth via PHP - PHP_AUTH_USER not set? - and these have pointed out that the authentication $_SERVER variables won't be set if ''Server API'' is set to ''CGI/FCGI'', but I checked my ''phpinfo()'' output and my ''Server API'' is set to ''Apache 2.0 Handler''.
Ok so I have a simple script as follows:
<?php
echo "Username: " . $_SERVER["PHP_AUTH_USER"] . ", Password: " . $_SERVER["PHP_AUTH_PW"];
?>
... which I am calling remotely via the following:
wget -v --http-user=johnsmith --http-password=mypassword http://www.example.com/myscript.php
... but which only outputs:
Username: , Password:
I have also tried calling the script using PHP cURL and setting the authentication parameters appropriately as follows:
curl_setopt($ch, CURLOPT_USERPWD, "johnsmith:mypassword");
... but I get the same output as above.
Any idea what I'm doing wrong? Perhaps there is something else I need to enable / configure?
Solution
I've finally discovered the answer thanks to the of help of Naktibalda in ##php on irc.freenode.net
The following page summarises the issue: http://php.net/manual/en/features.http-auth.php
To quote the relevant bits:
As of PHP 4.3.0, in order to prevent someone from writing a script which reveals the password for a page that was authenticated through a traditional external mechanism, the PHP_AUTH variables will not be set if external authentication is enabled for that particular page and safe mode is enabled. Regardless, REMOTE_USER can be used to identify the externally-authenticated user. So, you can use $_SERVER['REMOTE_USER'].
...
PHP uses the presence of an AuthType directive to determine whether external authentication is in effect.
Answered By - Kosta Kontos Answer Checked By - Candace Johnson (PHPFixing Volunteer)
0 Comments:
Post a Comment
Note: Only a member of this blog may post a comment.