|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2011-10-13 16:37 UTC] david dot gero at ec dot gc dot ca
Description: ------------ The attached "Patch file" is actually a PHP program that shows the problem. Command line was: php -S 127.0.0.1:8000 -t \html In a browser, goto http://localhost:8000/basic-auth-test.php 1. First error is that the browser's authorization request displays "at 0" instead of "at Admin Area", meaning the PHP CLI server is not sending the realm correctly. 2. Second error is that the PHP CLI server crashes when the browser sends the Authorization: Basic <base64 userid:password> Test script: --------------- Patch file below is test script Expected result: ---------------- Expect the PHP CLI server not to crash, and to see the following at the browser: Success! You have been authorized as user: foo Actual result: -------------- Windows PHP CLI server crashes PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Wed Dec 10 06:00:02 2025 UTC |
Sigh. Your bug system wouldn't let me upload the PHP file, saying it was "text/x-php", which apparently isn't text. So here it is: <?php /*! \file basic-auth-test.php * \brief Test that basic authorization works even if web server doesn't do it */ function doauthreq() { header('WWW-Authenticate: Basic realm="Admin Area"'); header((isset($_SERVER["SERVER_PROTOCOL"]) ? $_SERVER["SERVER_PROTOCOL"] : 'HTTP/1.0') . ' 401 Unauthorized'); ?><!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>401 Authorization Required</title> </head><body> <h1>Authorization Required</h1> <p>This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.</p> <?php if (isset($_SERVER['SERVER_SIGNATURE'])) echo '<hr>', PHP_EOL, $_SERVER['SERVER_SIGNATURE'], PHP_EOL; ?> </body></html> <?php exit(); } if ((!isset($_SERVER["PHP_AUTH_USER"])) || !isset($_SERVER["PHP_AUTH_PW"])) { if (isset($_SERVER["REMOTE_USER"]) && ini_get("safe_mode")) { // web server did authentication, but safe_mode is hiding PHP_AUTH_PW $php_auth_user = preg_replace('/[^[:alnum:]\\xC0-\\xD6\\xD8-\\xF6\\xF8-\\xFF @.\'_-]+/', '', $_SERVER["REMOTE_USER"]); $_SERVER["PHP_AUTH_USER"] = $php_auth_user; $_SERVER["PHP_AUTH_PW"] = 'testing'; } else { // web server not restricting access, request browser authentication doauthreq(); } } else if (!isset($_SERVER["REMOTE_USER"])) { // web server not restricting access, browser has responded with authentication if (strcmp($_SERVER['PHP_AUTH_PW'], 'testing') != 0) doauthreq(); } ?> <html> <head> <title>Basic Authorization Test</title> </head> <body bgcolor="white"> <h1>Basic Authorization Test</h1> <p>Success!<br /> You have been authorized as user: <?php echo $_SERVER["PHP_AUTH_USER"]; ?></p> </body> </html>