|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #14550 Basic Authentication fails
Submitted: 2001-12-16 15:25 UTC Modified: 2001-12-16 18:58 UTC
From: sloetz at web dot de Assigned:
Status: Closed Package: Apache related
PHP Version: 4.1.0 OS: Debian Linux 2.4.12
Private report: No CVE-ID: None
 [2001-12-16 15:25 UTC] sloetz at web dot de
HTTP: Basic Authentication fails

PHP: 4.1.0
Server API: Apache (1.3.22)
OS: Linux 2.4.12 (Debian)

The following PHP script should trigger a basic authentication dialog in the client browser (see


    header("WWW-Authenticate: Basic realm=\"MyRealm\"");
    header("HTTP/1.0 401 Unauthorized");
    echo "Text to send if user hits Cancel button\n";
      echo "<p>Hello $PHP_AUTH_USER.</p>";
      echo "<p>You entered $PHP_AUTH_PW as your password.</p>";


Under PHP 4.0.6. the script worked fine and the user was prompted for username and password.

After the upgrade to PHP 4.1.0. the script does not produce the expected results, but leads to browser errors on the client side in most cases.

In rare cases the authentication dialog appears and the script works as expected. Most of the times the browser reports an error message or shows an empty document:

Netscape 4.77/Linux: "the document contained no data"
Lynx/Linux: "Unexpected network read error; connection aborted."

Netscape 4.7/Win2k: "the document contained no data"
Netscape 3.0/Win2k: "the document contained no data"
IE 6.0/Win2k: "server or dns not found"
Opera 5.01/Win2k: "The server requested a login authentication method that is not supported"

Opera 6.0 (Beta TP1) / Linux: shows an empty document

If examined via telnet, the server closes the connection after the URL with the above script has been requested, e.g.

telnet (domain name) 80
GET /auth.php HTTP/1.1
Host: (domain name)

-> connection closed by server



Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2001-12-16 15:36 UTC]
fixing type. (website problem is for problems with websites.)
 [2001-12-16 16:19 UTC]
This should be fix in CVS now. Can you try the latest snapshot from

 [2002-01-09 10:47 UTC] peter at mezzo dot net
The problem is not solved in 4.1.1, if the debian package
4.1.1-1 contains the recent bug fixes.

If this is the same effect, the error shows up only if safe_mode is On.

environment: debian "woody" on 
Linux finnegan 2.4.17 #11 SMP Fri Dec 28 14:41:15 CET 2001 i686 unknown
apache 1.3.22-5,
php4 4.1.1-1 

test browsers: netscape navigator 4.77, opera 6.0 TP2
Tested with the following script:

        if ( !isset($PHP_AUTH_USER) || $PHP_AUTH_USER == "" ) {
$aLog = fopen( "/tmp/test.log", "a" );
fputs( $aLog, "noauth\n" );
fclose( $aLog );
                Header( "WWW-Authenticate: Basic realm=\"test\"" );
                Header( "HTTP/1.0 401 Unauthorized" );
                echo "Zugriff nicht gestattet.";
        else {
$aLog = fopen( "/tmp/test.log", "a" );
fputs( $aLog, "login: $PHP_AUTH_USER:$PHP_AUTH_PW => $bAuth\n" );
fclose( $aLog );
                echo "Autorisation: $PHP_AUTH_USER:$PHP_AUTH_PW";

BTW: the page seems to suffer from a similar problem. opera seemed to get into a loop for
a considerable amount of tries until this page did show up. or am i already seeing ghosts now? ;-)
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Apr 18 21:01:29 2024 UTC