php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #21620 $REMOTE_USER does not exist after a POST-request
Submitted: 2003-01-13 11:36 UTC Modified: 2003-01-13 16:29 UTC
From: mklerx at eid dot nl Assigned:
Status: Not a bug Package: Scripting Engine problem
PHP Version: 4.3.0 OS: Redhat 6.2
Private report: No CVE-ID: None
 [2003-01-13 11:36 UTC] mklerx at eid dot nl
In PHP 4.3.0 in safe mode the $PHP_AUTH_* variables do not exist anymore. It is recommended to use $REMOTE_USER instead.

The suggestion that $REMOTE_USER still works and can be used in Safe mode is only party true. I noticed that this variable is filled with the username supplied by the external basic auth mechanism (.htaccess) unless you are in a script which has been called by a <form action=XXX method="post">.
With method="get" it works OK.

I need the $REMOTE_USER to lookup users from the database and find their ID in the DB. The method="get" option is a workaround, but this does not work in upload scripts, which has to use "post".

Is this a new bug?

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-01-13 12:18 UTC] rasmus@php.net
Which web version of Apache?

I don't see anything on the PHP side of things that would make this behave differently based on the request type.
 [2003-01-13 12:40 UTC] mklerx at eid dot nl
Forget about it. I just noticed that the .htaccess file contained 
<LIMIT GET>
  require valid-user
</LIMIT>

After deleteing the <LIMIT GET> and </LIMIT> tags the post version also worked. The $PHP_AUTH_USER worked even though the <LIMIT > tags were there, but the $REMOTE_USER obviously does not.

Forgive me for not thinking of this earlier.
 
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Sat May 28 20:05:44 2022 UTC