|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #35170 PHP_AUTH_DIGEST differs under Apache 1.x and 2.x
Submitted: 2005-11-09 13:20 UTC Modified: 2005-11-25 06:13 UTC
Avg. Score:3.3 ± 1.7
Reproduced:2 of 3 (66.7%)
Same Version:2 (100.0%)
Same OS:1 (50.0%)
From: lacak at users dot sourceforge dot net Assigned: iliaa
Status: Closed Package: Apache2 related
PHP Version: 5.1.0 OS: *
Private report: No CVE-ID:
 [2005-11-09 13:20 UTC] lacak at users dot sourceforge dot net
PHP_AUTH_DIGEST differs under Apache 1.x and 2.x

Apache 1.x:
 _SERVER["PHP_AUTH_DIGEST"]='username="user1", realm="", qop="auth", algorithm="MD5", uri="/devel/php_auth.php", nonce="nonce", nc=00000001, cnonce="11a85ba98273fe0f5578597b1dbf3082", opaque="opaque", response="088685b1533e542920e1c47b59696b9c"';
Apache 2.x:
 _SERVER["PHP_AUTH_DIGEST"]='Digest username="cd", realm="", nonce="nonce", uri="/~cb/php_auth.php", response="bedf1a35418a3712adc0aea22e94d9f2", opaque="opaque", qop=auth, nc=00000001, cnonce="082c875dcb2ca740"';

Under Apache 2.x the word "Digest " is at the begining. Under Apache 1.x is not.

1. strip out leading "Digest " from PHP_AUTH_DIGEST in Apache 2.x
2. or add "Digest " at the begining PHP_AUTH_DIGEST in Apache 1.x (but is redundant)
3. or the best solution is change PHP_AUTH_DIGEST to associative array (parse string and build array elements from it; similar way how cookies are parsed) :
(Otherwise this step must be always done in php script)
This is example in PHP how to convert PHP_AUTH_DIGEST string to array :
 foreach(explode(", ", $_SERVER["PHP_AUTH_DIGEST"] as $auth1) {
    if (substr($authvalue,0,1)=='"' && substr($authvalue,-1,1)=='"') $authvalue=substr($authvalue,1,-1); /*strip out double quotes*/
 /* at this point $auth array contains what we need */

Please incorporate this feature to php source code.
Thank you very much for your time and effort.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2005-11-24 09:05 UTC]
Advertised new features should actually work. 
 [2005-11-25 01:02 UTC]
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
Thank you for the report, and for helping us make PHP better.

 [2005-11-25 06:13 UTC] lacak at users dot sourceforge dot net
Thank you Iliaa, for fixing bug.
It is hard work to make PHP_AUTH_DIGEST assoc.array as I propose in this report ?
PHP Copyright © 2001-2015 The PHP Group
All rights reserved.
Last updated: Fri Nov 27 06:02:02 2015 UTC