|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2004-04-27 02:32 UTC] amt@php.net
|
|||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Sat Oct 25 16:00:02 2025 UTC |
Description: ------------ after a browser sends the username and pass using a simple HTTP authentication script php fails to set $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] with the password and username i'm using CGI version of php and apache 1.3.29 this is my configure command ./configure --prefix=/usr/local/php5 --with-zlib --with-bz2 --with-curl --with-curlwrappers --with-gd=/usr/local/gd --with-mysql --enable-ftp --with-mysql-sock --with-ttf --with-freetype-dir --enable-calendar --with-jpeg-dir --with-png-dir --enable-force-cgi-redirect and i'm using the php.ini-recommended config file with no modifications the exact code i'm using works in php4.3.6 Reproduce code: --------------- $username = 'user'; $password = 'pass'; if (!isset($_SERVER['PHP_AUTH_USER'])){ header('WWW-Authenticate: Basic realm="realm"'); header('HTTP/1.0 401 Unauthorized'); echo '401 ERROR'; } elseif ($_SERVER['PHP_AUTH_USER'] != $username || $_SERVER['PHP_AUTH_PW'] != $password){ header('WWW-Authenticate: Basic realm="realm"'); header('HTTP/1.0 401 Unauthorized'); echo '401 ERROR'; exit(); } echo 'YOU logged in!!!'; Expected result: ---------------- should tell the browser to authenticate and send the username and pass to php, if its the wrong username and pass tell it to re-authenticate or echo "YOU logged in!!" if the username and pass are correct Actual result: -------------- it always tells the browser to re-authenticate because $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] are never set