PHP :: Request #21326 :: Create a PHP_AUTH

Request #21326	Create a PHP_AUTH_* on/off directive
Submitted:	2003-01-01 22:34 UTC	Modified:	2013-10-28 07:33 UTC
From:	luci at conexim dot com dot au	Assigned:	krakjoe (profile)
Status:	Closed	Package:	*General Issues
PHP Version:	4.3.0	OS:	RHL7.3
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	luci at conexim dot com dot au
New email:
PHP Version:		OS:

New Comment:

[2003-01-01 22:34 UTC] luci at conexim dot com dot au

Quoting 4.3.0 changelog:
> Make PHP_AUTH_* variables not available in safe mode under Apache when an external basic auth mechanism is used. (Philip)

You cannot just change this behaviour. I don't think anyone asked for this either. While the reasoning for this change seems to be that you can't mix 2 authentication modes, you may still wish to authenticate using basic external auth, and then get the AUTH_USER name passed to PHP for further processing/dynamic content generation.

Please restore old behaviour.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2003-01-01 23:40 UTC] philip@php.net

This was discussed quite a bit and that change was decided upon.  In the future there may be a directive to turn this on or off despite safe_mode.  So, I'm marking this as a feature request for that and changing the title to reflect it.

And for the record, the docs had forever noted that mixing the two should never work despite the safe_mode setting.

Regardless, you can always use REMOTE_USER to get the username so it sounds like that's what you want to do.  It is available regardless of safe_mode setting.

[2013-10-28 07:33 UTC] krakjoe@php.net

-Status: Open +Status: Closed -Package: Feature/Change Request +Package: *General Issues -Assigned To: +Assigned To: krakjoe

[2013-10-28 07:33 UTC] krakjoe@php.net

Auth vars are not longer dependent on safe_mode, they are registered if present, no special action is taken for Apache.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Tue Dec 09 03:00:01 2025 UTC