php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #10464 PHP_AUTH_PW is not set altough PHP_AUTH_USER is
Submitted: 2001-04-23 15:26 UTC Modified: 2001-04-26 12:13 UTC
From: tisc at informatik dot tu-chemnitz dot de Assigned:
Status: Closed Package: Apache related
PHP Version: 4.0.4pl1 OS: Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
 [2001-04-23 15:26 UTC] tisc at informatik dot tu-chemnitz dot de 
I tried to authenticate via PHP. It worked with PHP3.
After tracing back and forth, I found that the global
variable PHP_AUTH_PW is not set or empty.
HTTP_SERVER_VARS["HTTP_AUTH_PW"] still contains the
right value.

I do not write to that variable (I checked with grep...)

See http://www-usercgi.tu-chemnitz.de/~tisc/authtest.php3 
for a demonstration.

HTH! Tino.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2001-04-23 17:00 UTC] cmv@php.net 
Sound like you don't have register_globals turned on in your php.ini.

- Colin
 [2001-04-24 03:49 UTC] tisc at informatik dot tu-chemnitz dot de 
The, why is PHP_AUTH_USER set at all?
 [2001-04-24 03:55 UTC] tisc at informatik dot tu-chemnitz dot de 
Update: register_globals is turned on.
(see
http://www-usercgi.tu-chemnitz.de/~tisc/authtest.php3
for output of phpinfo() after authentication.)
 [2001-04-26 12:13 UTC] tisc at informatik dot tu-chemnitz dot de 
I figured out that our webmaster took special care
for passwords - we have AFS here and AFS passwords are
often used to authenticate Web stuff.

Therefore he somehow deletes PHO_AUTH_PW before my script
gets executed.

Sorry for the wrong bug - the real bug is that I need to
be able to tell PHP not to reveal passwords already used
by Apache for some kind of authentication.

(This is bug #8827).
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Apr 19 07:01:27 2024 UTC