PHP :: Bug #14534 :: Variables $PHP_AUTH_* is set, when use a traditional external auth mechanism

Bug #14534	Variables $PHP_AUTH_* is set, when use a traditional external auth mechanism
Submitted:	2001-12-15 05:37 UTC	Modified:	2002-06-13 18:14 UTC
From:	sitnikov at infonet dot ee	Assigned:
Status:	Closed	Package:	Apache related
PHP Version:	4.1.0	OS:	Linux
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

[2001-12-15 05:37 UTC] sitnikov at infonet dot ee

.htaccess

AuthUserFile    .htpasswd
AuthName        "WARNING! ENTER ACCESS KEY!"
AuthType        Basic
Require         valid-user

index.php

<pre>
$PHP_AUTH_USER
<?
	var_dump($PHP_AUTH_USER);
?>
$PHP_AUTH_PW
<?
	var_dump($PHP_AUTH_PW);
?>
<pre>


http://www.php.net/manual/en/features.http-auth.php
<cut>
In order to prevent someone from writing a script which reveals the password for a page that was authenticated through a traditional external mechanism, the PHP_AUTH variables will not be set if external authentication is enabled for that particular page. In this case, the $REMOTE_USER variable can be used to identify the externally-authenticated user.
</cut>

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-06-13 18:14 UTC] sniper@php.net

This bug has been fixed in CVS. You can grab a snapshot of the
CVS version at http://snaps.php.net/. In case this was a documentation 
problem, the fix will show up soon at http://www.php.net/manual/.
In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites.
Thank you for the report, and for helping us make PHP better.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Apr 25 22:01:29 2024 UTC