Geek Answers Handbook

Why is $ _SERVER ["PHP_AUTH_USER"] and $ _SERVER ["PHP_AUTH_PW"] not installed?

Before starting, I would like to indicate that I looked at Qaru and found other similar questions - PHP_AUTH_USER not installed? and HTTP Auth via PHP - PHP_AUTH_USER not installed? - and they indicated that the authentication variables $ _SERVER will not be set if the "Server API" is set to "CGI / FCGI", but I checked my output "phpinfo ()" and my "Server API" is set to "Apache 2.0 Handler."

So, I have a simple script as follows:

<?php echo "Username: " . $_SERVER["PHP_AUTH_USER"] . ", Password: " . $_SERVER["PHP_AUTH_PW"]; ?>

... which I call remotely through the following:

 wget -v --http-user=johnsmith --http-password=mypassword http://www.example.com/myscript.php

... but which only outputs:

 Username: , Password:

I also tried calling the script using PHP cURL and setting the authentication parameters correctly as follows:

  curl_setopt($ch, CURLOPT_USERPWD, "johnsmith:mypassword");

... but I get the same result as above.

Any idea what I'm doing wrong? Perhaps there is something else that I need to enable / configure?

+6
source share
3 answers

I finally found the answer thanks to the help of Naktibaldy in ## php on irc.freenode.net

The following page shows the problem: http://php.net/manual/en/features.http-auth.php

To quote the corresponding bits:

As in the case of PHP 4.3.0, so that someone does not write a script that shows the password for the page authenticated through the traditional external mechanism, the PHP_AUTH variables will not be set if external authentication is enabled, this particular page and safe mode are enabled. Regardless, REMOTE_USER can be used to identify an authenticated user. That way you can use $ _SERVER ['REMOTE_USER'].

...

PHP uses the AuthType directive to determine if external authentication is valid.

+5
source

For PHP-CGI:

in .htaccess add this:

 <IfModule mod_rewrite.c> RewriteEngine on RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L] </IfModule>

and at the beginning of your script add this:

 list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':' , base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
+10
source

it should be like

 echo "Username: " . $_SERVER[PHP_AUTH_USER] . ", Password: " . $_SERVER[PHP_AUTH_PW];
-4
source

More articles:


All Articles