php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #14534 Variables $PHP_AUTH_* is set, when use a traditional external auth mechanism
Submitted: 2001-12-15 05:37 UTC Modified: 2002-06-13 18:14 UTC
From: sitnikov at infonet dot ee Assigned:
Status: Closed Package: Apache related
PHP Version: 4.1.0 OS: Linux
Private report: No CVE-ID: None
 [2001-12-15 05:37 UTC] sitnikov at infonet dot ee
.htaccess

AuthUserFile    .htpasswd
AuthName        "WARNING! ENTER ACCESS KEY!"
AuthType        Basic
Require         valid-user

index.php

<pre>
$PHP_AUTH_USER
<?
	var_dump($PHP_AUTH_USER);
?>
$PHP_AUTH_PW
<?
	var_dump($PHP_AUTH_PW);
?>
<pre>


http://www.php.net/manual/en/features.http-auth.php
<cut>
In order to prevent someone from writing a script which reveals the password for a page that was authenticated through a traditional external mechanism, the PHP_AUTH variables will not be set if external authentication is enabled for that particular page. In this case, the $REMOTE_USER variable can be used to identify the externally-authenticated user.
</cut>



Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-06-13 18:14 UTC] sniper@php.net
This bug has been fixed in CVS. You can grab a snapshot of the
CVS version at http://snaps.php.net/. In case this was a documentation 
problem, the fix will show up soon at http://www.php.net/manual/.
In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites.
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Dec 26 22:01:28 2024 UTC