php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #28174 $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] not set
Submitted: 2004-04-27 02:24 UTC Modified: 2004-04-27 02:32 UTC
From: edman007x at mac dot com Assigned:
Status: Not a bug Package: Variables related
PHP Version: 5.0.0RC2 OS: Slackware-current
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: edman007x at mac dot com
New email:
PHP Version: OS:

 

 [2004-04-27 02:24 UTC] edman007x at mac dot com
Description:
------------
after a browser sends the username and pass using a simple HTTP authentication script php fails to set $_SERVER['PHP_AUTH_USER']  and $_SERVER['PHP_AUTH_PW'] with the password and username

i'm using CGI version of php and apache 1.3.29

this is my configure command

./configure --prefix=/usr/local/php5 --with-zlib --with-bz2 --with-curl --with-curlwrappers --with-gd=/usr/local/gd --with-mysql --enable-ftp --with-mysql-sock --with-ttf --with-freetype-dir --enable-calendar --with-jpeg-dir --with-png-dir --enable-force-cgi-redirect

and i'm using the php.ini-recommended config file with no modifications

the exact code i'm using works in php4.3.6

Reproduce code:
---------------
$username = 'user';
$password = 'pass';
if (!isset($_SERVER['PHP_AUTH_USER'])){
	header('WWW-Authenticate: Basic realm="realm"');
	header('HTTP/1.0 401 Unauthorized');
	echo '401 ERROR';
} elseif ($_SERVER['PHP_AUTH_USER'] != $username || $_SERVER['PHP_AUTH_PW'] != $password){
	header('WWW-Authenticate: Basic realm="realm"');
	header('HTTP/1.0 401 Unauthorized');
	echo '401 ERROR';
	exit();
}
echo 'YOU logged in!!!';

Expected result:
----------------
should tell the browser to authenticate and send the username and pass to php, if its the wrong username and pass tell it to re-authenticate or echo "YOU logged in!!" if the username and pass are correct

Actual result:
--------------
it always tells the browser to re-authenticate because $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] are never set

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-04-27 02:32 UTC] amt@php.net
$_SERVER['PHP_AUTH_USER']and $_SERVER['PHP_AUTH_PW'] do 
not work with the CGI version of PHP.

You'r probably using the Apache module version of 4.3.6.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Wed Apr 17 00:01:28 2024 UTC