|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2005-03-16 13:09 UTC] lacak at users dot sourceforge dot net
Description: ------------ if PHP is running as Apache module in safe mode and I use "Digest Authorization", there is no possibility obtain supplied Authorization header. When I use apache_request_headers() function, Authorization header is not included ! So I can not authenticate request. PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Thu Oct 17 07:01:28 2024 UTC |
if safe_mode=On there is no possibility to obtain HTTP Authorization header, so no validation can be make. The solution : why not include Authorization header in $_SERVER["Authorization"] ... ? Sample code : <?php //phpinfo(); if (isset($_SERVER["PHP_AUTH_USER"])) { echo $_SERVER["PHP_AUTH_USER"].":".$_SERVER["PHP_AUTH_PW"]; print_r(apache_request_headers()); phpinfo(); exit; } if (!empty($_SERVER["REMOTE_IDENT"])) { echo $_SERVER["REMOTE_IDENT"]; print_r(apache_request_headers()); phpinfo(); exit; } if (!empty($_SERVER["Authorization"])) { echo $_SERVER["Authorization"]; print_r(apache_request_headers()); phpinfo(); exit; } Header( "HTTP/1.0 401 Unauthorized"); Header( "WWW-Authenticate: Digest realm=\"www.horiaciker.sk\", opaque=\"opaque\", nonce=\"nonce\", stale=\"false\", qop=\"auth\""); Header( "WWW-Authenticate: Basic realm=\"www.horiaciker.sk\"", false); echo "K pr?stupu je potrebn? zada? platn? login a heslo\n"; print_r(getallheaders()); exit; ?>