php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #18359 PHP module seem to make trouble with authentication under Apache 2
Submitted: 2002-07-15 13:10 UTC Modified: 2003-03-09 18:41 UTC
Votes:11
Avg. Score:4.3 ± 0.9
Reproduced:11 of 11 (100.0%)
Same Version:5 (45.5%)
Same OS:1 (9.1%)
From: hubweb at hotmail dot com Assigned:
Status: No Feedback Package: Apache2 related
PHP Version: 4.2.1 OS: Windows 2000
Private report: No CVE-ID: None
View Developer Edit
 [2002-07-15 13:10 UTC] hubweb at hotmail dot com 
-- Some days ago...

In my configuration file, I had :
AddType application/x-httpd-php .php .php3 .php4 .phtml
Every PHP page worked perfectly, but when I tried to open protected 
directories, I had no authentication window, only a 401 error.

Presently, I have :
AddType application/x-httpd-php .php3
Every PHP (.php3) page works perfectly and authentications are ok.

So, why with more than one extension for php I have authentication problems ??

-- Yesterday...

I tried another time the protected folder and now, if any extension is 
associated with the PHP module, I get a 401 error, no prompt window.

LoadModule php4_module modules/php4apache2.dll
AddType application/x-httpd-php .php3
=> 401

LoadModule php4_module modules/php4apache2.dll
<Files *.php*>
SetOutputFilter PHP
SetInputFilter PHP
</Files>
=> 401

LoadModule php4_module modules/php4apache2.dll
#AddType application/x-httpd-php .php3
=> Authentication is ok

LoadModule php4_module modules/php4apache2.dll
#<Files *.php*>
#SetOutputFilter PHP
#SetInputFilter PHP
#</Files>
=> Authenticatio is ok

I really really really don't understand !

(This problem occured on Apache 2.0.36 and 2.0.39, the only two version of Apache 2 I installed)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-07-24 18:22 UTC] digex at web dot de 
I've noticed the same since PHP4.2.1 and it still happens with PHP4.2.2. First I thought this was an Apache2-issue, but it ain't (Win32-Env btw).

Using static .htm(l)-> auth ok
using text-output for 401->auth ok
using .php(3|4) ->leads directly to 401-Page

it really seems like the php-parser is overriding some apache2-parts, which checks for ht-files.

Trying to force the correct header
<?
   if(!isset($PHP_AUTH_USER)) {
     header("WWW-Authenticate: Basic realm=\"secured\"");
     header("HTTP/1.0 401 Unauthorized");
 (X) header("Location: error.php");
     exit;}
     else {
     echo "works";
   }?>
doesnt work either, when the (X)-marked Line contains a php-file.
Again the PHP-Parser processes the scripts without Apache2 interpreting any ht-file.
 [2002-07-25 01:40 UTC] derick@php.net 
YOu know that the Location: header should always be a full absolute URL, including http://hostname/ ?

Derick
 [2002-07-25 06:51 UTC] digex at web dot de 
Yes, I know that. I inserted the wrong value in my comment, since I'm always working with variables and I thought it'd look to confusing this way. :) Before you ask, the variables were set correctly.
 [2002-07-25 09:23 UTC] hubweb at hotmail dot com 
My problem isn't with PHP authentication, but with .htaccess files. If PHP is not loaded, they work, but if it is loaded, I automatically get a 401 error. But if I use PHP authentication ($_SERVER["PHP_AUTH_USER"], $_SERVER["PHP_AUTH_PW"]) it works perfectly, but I want .htaccess files to work correctly...
 [2002-07-25 11:07 UTC] digex at web dot de 
Sir, by ht-files I actually mean .htaccess-files... :-)
My Problem is exactly the same and it REALLY suxx!
 [2002-08-08 18:16 UTC] php at a0z dot org 
same thing happens to me, commenting out
# ErrorDocument 401 /errors/401.php
works around the problem
 [2002-08-08 18:20 UTC] php at a0z dot org 
Sorry, forgot to say:
apache 2.0.39
php 4.2.2
FreeBSD 4.6-STABLE
 [2002-08-26 01:00 UTC] php-bugs at lists dot php dot net 
No feedback was provided for this bug for over a month, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 [2002-12-18 04:34 UTC] dreamlab at epost dot de 
The problem still exists.
Whenever I use a .php-file as Errordocument for 401, authentification failes and directly shows the .php-file. Static html works.
 [2002-12-18 08:05 UTC] hubweb at hotmail dot com 
After having made tests, if ErrorDocument 401 is set with a .php3 file, the server doesn't show authencations anymore ! The solution is simple, simply make a HTML page that contains a redirect to the PHP error page, don't forget to send the "bad" URL if you show it in the file...
 [2003-02-26 19:24 UTC] iliaa@php.net 
Please try using this CVS snapshot:

  http://snaps.php.net/php4-STABLE-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php4-win32-STABLE-latest.zip
 [2003-03-09 18:41 UTC] sniper@php.net 
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Sun Oct 26 02:00:01 2025 UTC