PHP :: Bug #21620 :: $REMOTE_USER does not exist after a POST-request

Bug #21620	$REMOTE_USER does not exist after a POST-request
Submitted:	2003-01-13 11:36 UTC	Modified:	2003-01-13 16:29 UTC
From:	mklerx at eid dot nl	Assigned:
Status:	Not a bug	Package:	Scripting Engine problem
PHP Version:	4.3.0	OS:	Redhat 6.2
Private report:	No	CVE-ID:	None

View Developer Edit

[2003-01-13 11:36 UTC] mklerx at eid dot nl

In PHP 4.3.0 in safe mode the $PHP_AUTH_* variables do not exist anymore. It is recommended to use $REMOTE_USER instead.

The suggestion that $REMOTE_USER still works and can be used in Safe mode is only party true. I noticed that this variable is filled with the username supplied by the external basic auth mechanism (.htaccess) unless you are in a script which has been called by a <form action=XXX method="post">.
With method="get" it works OK.

I need the $REMOTE_USER to lookup users from the database and find their ID in the DB. The method="get" option is a workaround, but this does not work in upload scripts, which has to use "post".

Is this a new bug?

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2003-01-13 12:18 UTC] rasmus@php.net

Which web version of Apache?

I don't see anything on the PHP side of things that would make this behave differently based on the request type.

[2003-01-13 12:40 UTC] mklerx at eid dot nl

Forget about it. I just noticed that the .htaccess file contained 
<LIMIT GET>
  require valid-user
</LIMIT>

After deleteing the <LIMIT GET> and </LIMIT> tags the post version also worked. The $PHP_AUTH_USER worked even though the <LIMIT > tags were there, but the $REMOTE_USER obviously does not.

Forgive me for not thinking of this earlier.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Mon Apr 28 16:01:30 2025 UTC