php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #7774 PHP_AUTH_USER and PHP_AUTH_PW are set when using external authentication.
Submitted: 2000-11-12 21:33 UTC Modified: 2001-04-16 06:19 UTC
From: sbg at it dot uts dot edu dot au Assigned:
Status: Closed Package: *Configuration Issues
PHP Version: 4.0.3pl1 OS: Solaris 8
Private report: No CVE-ID: None
 [2000-11-12 21:33 UTC] sbg at it dot uts dot edu dot au
*** Server Version: Apache/1.3.14 (Unix) PHP/4.0.3pl1 PHP/3.0.9 mod_perl/1.24_01

*** PHP configure line:
  CC=gcc ./configure --prefix=/opt/Apache/PHP \
        --with-config-file-path=/opt/Apache/PHP/php.ini \
        --with-apxs=$APXS \
        --with-config-file=/opt/Apache/conf \
        --with-mysql \
        --with-zlib \
        --with-imap=$NETPREFIX/local/build/packages/imap/imap-4.2/c-client \
        --enable-debug=no \
        --enable-track-vars=yes --enable-bcmath=yes \
        --enable-memory-limit=yes \
        --enable-versioning \
        --with-pgsql=/opt/PostgreSQL ;

*** php.ini is empty.

*** php4.conf included in Apache/conf/httpd.conf:
LoadModule php4_module        libexec/libphp4.so
AddModule mod_php4.c

AddType application/x-httpd-php .php
AddType application/x-httpd-php .php4
AddType application/x-httpd-php-source .phps

<IfModule !mod_php3.c>
        AddType application/x-httpd-php .php3
</IfModule>

php_flag track_vars on
php_flag magic_quotes_gpc off

*** authentication config from Apache/conf/httpd.conf:
<Directory /home/*>

Options Includes Indexes FollowSymLinks ExecCGI
AllowOverride All

AuthSystem On
AuthSystemAuthorative On
AuthType Basic
AuthName "your MCS account"

<Limit GET PUT POST DELETE CONNECT OPTIONS>
require valid-user
</Limit>

</Directory>
*** php4 script that demonstrates the problem:
<?php echo phpinfo(); ?>

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2001-04-16 06:19 UTC] jmoore@php.net
THis is now the expected behaviour, use safemode to disable it. There is very little we can do about this other than to remove all PHP_AUTH_* from PHP.

- James
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Dec 30 14:01:28 2024 UTC