I host (on IIS 7.5) a basic php site that just returns the contents of the SERVER variable to me. I did not notice that there are fields in the AUTH * array:
["AUTH_USER"]=>
string(18) "MYDOMAIN\my_username"
["AUTH_PASSWORD"]=>
string(0) ""
["AUTH_TYPE"]=>
string(9) "Negotiate"
["HTTP_AUTHORIZATION"]=>
string(174) "Negotiate (token_here)"
Why is AUTH_PASSWORD empty? Also, should I trust this variable? Can we safely assume that the user "my_username" has been successfully registered? Should I also do something with the HTTP_AUTHORIZATION token? Should I check it out?
I would be grateful for any help.
EDIT: Someone asked about the code, there is no code, only this:
var_dump($_SERVER);
source
share