php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #10464 PHP_AUTH_PW is not set altough PHP_AUTH_USER is
Submitted: 2001-04-23 15:26 UTC Modified: 2001-04-26 12:13 UTC
From: tisc at informatik dot tu-chemnitz dot de Assigned:
Status: Closed Package: Apache related
PHP Version: 4.0.4pl1 OS: Linux
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: tisc at informatik dot tu-chemnitz dot de
New email:
PHP Version: OS:

 

 [2001-04-23 15:26 UTC] tisc at informatik dot tu-chemnitz dot de 
I tried to authenticate via PHP. It worked with PHP3.
After tracing back and forth, I found that the global
variable PHP_AUTH_PW is not set or empty.
HTTP_SERVER_VARS["HTTP_AUTH_PW"] still contains the
right value.

I do not write to that variable (I checked with grep...)

See http://www-usercgi.tu-chemnitz.de/~tisc/authtest.php3 
for a demonstration.

HTH! Tino.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2001-04-23 17:00 UTC] cmv@php.net 
Sound like you don't have register_globals turned on in your php.ini.

- Colin
 [2001-04-24 03:49 UTC] tisc at informatik dot tu-chemnitz dot de 
The, why is PHP_AUTH_USER set at all?
 [2001-04-24 03:55 UTC] tisc at informatik dot tu-chemnitz dot de 
Update: register_globals is turned on.
(see
http://www-usercgi.tu-chemnitz.de/~tisc/authtest.php3
for output of phpinfo() after authentication.)
 [2001-04-26 12:13 UTC] tisc at informatik dot tu-chemnitz dot de 
I figured out that our webmaster took special care
for passwords - we have AFS here and AFS passwords are
often used to authenticate Web stuff.

Therefore he somehow deletes PHO_AUTH_PW before my script
gets executed.

Sorry for the wrong bug - the real bug is that I need to
be able to tell PHP not to reveal passwords already used
by Apache for some kind of authentication.

(This is bug #8827).
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Wed May 07 06:01:29 2025 UTC