php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #35170 PHP_AUTH_DIGEST differs under Apache 1.x and 2.x
Submitted: 2005-11-09 13:20 UTC Modified: 2005-11-25 06:13 UTC
Votes:3
Avg. Score:3.3 ± 1.7
Reproduced:2 of 3 (66.7%)
Same Version:2 (100.0%)
Same OS:1 (50.0%)
From: lacak at users dot sourceforge dot net Assigned: iliaa
Status: Closed Package: Apache2 related
PHP Version: 5.1.0 OS: *
Private report: No CVE-ID:
 [2005-11-09 13:20 UTC] lacak at users dot sourceforge dot net
Description:
------------
PHP_AUTH_DIGEST differs under Apache 1.x and 2.x

Apache 1.x:
 _SERVER["PHP_AUTH_DIGEST"]='username="user1", realm="www.realm.sk-0", qop="auth", algorithm="MD5", uri="/devel/php_auth.php", nonce="nonce", nc=00000001, cnonce="11a85ba98273fe0f5578597b1dbf3082", opaque="opaque", response="088685b1533e542920e1c47b59696b9c"';
Apache 2.x:
 _SERVER["PHP_AUTH_DIGEST"]='Digest username="cd", realm="www.realm.sk", nonce="nonce", uri="/~cb/php_auth.php", response="bedf1a35418a3712adc0aea22e94d9f2", opaque="opaque", qop=auth, nc=00000001, cnonce="082c875dcb2ca740"';

Under Apache 2.x the word "Digest " is at the begining. Under Apache 1.x is not.

Resolution:
1. strip out leading "Digest " from PHP_AUTH_DIGEST in Apache 2.x
2. or add "Digest " at the begining PHP_AUTH_DIGEST in Apache 1.x (but is redundant)
3. or the best solution is change PHP_AUTH_DIGEST to associative array (parse string and build array elements from it; similar way how cookies are parsed) :
(Otherwise this step must be always done in php script)
PHP_AUTH_DIGEST["username"]="user1";
PHP_AUTH_DIGEST["realm"]="www.realm.sk-0";
...
This is example in PHP how to convert PHP_AUTH_DIGEST string to array :
 foreach(explode(", ", $_SERVER["PHP_AUTH_DIGEST"] as $auth1) {
    list($authkey,$authvalue)=explode("=",$auth1,2);
    if (substr($authvalue,0,1)=='"' && substr($authvalue,-1,1)=='"') $authvalue=substr($authvalue,1,-1); /*strip out double quotes*/
    $auth[$authkey]=$authvalue;
 }
 /* at this point $auth array contains what we need */

Please incorporate this feature to php source code.
Thank you very much for your time and effort.
Laco.


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-11-24 09:05 UTC] sesser@php.net
Advertised new features should actually work. 
 [2005-11-25 01:02 UTC] iliaa@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 [2005-11-25 06:13 UTC] lacak at users dot sourceforge dot net
Thank you Iliaa, for fixing bug.
It is hard work to make PHP_AUTH_DIGEST assoc.array as I propose in this report ?
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Wed Apr 16 13:02:46 2014 UTC