php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #35170 PHP_AUTH_DIGEST differs under Apache 1.x and 2.x
Submitted: 2005-11-09 13:20 UTC Modified: 2005-11-25 06:13 UTC
Votes:3
Avg. Score:3.3 ± 1.7
Reproduced:2 of 3 (66.7%)
Same Version:2 (100.0%)
Same OS:1 (50.0%)
From: lacak at users dot sourceforge dot net Assigned: iliaa (profile)
Status: Closed Package: Apache2 related
PHP Version: 5.1.0 OS: *
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: lacak at users dot sourceforge dot net
New email:
PHP Version: OS:

 

 [2005-11-09 13:20 UTC] lacak at users dot sourceforge dot net
Description:
------------
PHP_AUTH_DIGEST differs under Apache 1.x and 2.x

Apache 1.x:
 _SERVER["PHP_AUTH_DIGEST"]='username="user1", realm="www.realm.sk-0", qop="auth", algorithm="MD5", uri="/devel/php_auth.php", nonce="nonce", nc=00000001, cnonce="11a85ba98273fe0f5578597b1dbf3082", opaque="opaque", response="088685b1533e542920e1c47b59696b9c"';
Apache 2.x:
 _SERVER["PHP_AUTH_DIGEST"]='Digest username="cd", realm="www.realm.sk", nonce="nonce", uri="/~cb/php_auth.php", response="bedf1a35418a3712adc0aea22e94d9f2", opaque="opaque", qop=auth, nc=00000001, cnonce="082c875dcb2ca740"';

Under Apache 2.x the word "Digest " is at the begining. Under Apache 1.x is not.

Resolution:
1. strip out leading "Digest " from PHP_AUTH_DIGEST in Apache 2.x
2. or add "Digest " at the begining PHP_AUTH_DIGEST in Apache 1.x (but is redundant)
3. or the best solution is change PHP_AUTH_DIGEST to associative array (parse string and build array elements from it; similar way how cookies are parsed) :
(Otherwise this step must be always done in php script)
PHP_AUTH_DIGEST["username"]="user1";
PHP_AUTH_DIGEST["realm"]="www.realm.sk-0";
...
This is example in PHP how to convert PHP_AUTH_DIGEST string to array :
 foreach(explode(", ", $_SERVER["PHP_AUTH_DIGEST"] as $auth1) {
    list($authkey,$authvalue)=explode("=",$auth1,2);
    if (substr($authvalue,0,1)=='"' && substr($authvalue,-1,1)=='"') $authvalue=substr($authvalue,1,-1); /*strip out double quotes*/
    $auth[$authkey]=$authvalue;
 }
 /* at this point $auth array contains what we need */

Please incorporate this feature to php source code.
Thank you very much for your time and effort.
Laco.


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-11-24 09:05 UTC] sesser@php.net
Advertised new features should actually work. 
 [2005-11-25 01:02 UTC] iliaa@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 [2005-11-25 06:13 UTC] lacak at users dot sourceforge dot net
Thank you Iliaa, for fixing bug.
It is hard work to make PHP_AUTH_DIGEST assoc.array as I propose in this report ?
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Oct 12 14:01:27 2024 UTC