Login/Register
$_SERVER['PHP_AUTH_USER'] empty
Asked Answered
Solved phpauthenticationtitaniumxmlhttprequestbasic-authentication
J

1

3

EDIT: Problem isn't with PHP, I was using cURL wrong. Updated question to show problem I'm having with XHR.

Summary: Can't get username to PHP using XHR:

var xhr = Ti.Network.createHTTPClient();
xhr.timeout = 1000000;
xhr.open("GET","http://myapi.com/test", false, 'user', 'pass');
xhr.send();

And in my PHP script, I'm trying to access the username with this:

<?php print $_SERVER['PHP_AUTH_USER']; ?>

No matter what I try it's always empty.

Is there some PHP setting that I need to configure?

More info: PHP Version 5.2.13, Apache, MAMP

Jackstraws answered 18/2, 2011 at 2:23 Comment(4)
Did you try sending the WWW-Authenticate header? See the example at php.net/manual/en/features.http-auth.phpOxygen
Have you checked to see if $_SERVER['HTTP_AUTHORIZATION'] is being set?Oxygen
You also have tried a normal request, to verify that your XHR is working at all, right? I don't see you calling xhr.send()Oxygen
Closing out this question for a better version here: #5037905Jackstraws
O
2
<script src="http://www.webtoolkit.info/djs/webtoolkit.base64.js"></script>
<script>
var xhr = Ti.Network.createHTTPClient();
xhr.timeout = 1000000;
xhr.onreadystatechange = function() {
    if (xhr.readyState != 4) return;
    alert('Server said: '+xhr.responseText);
};
xhr.open('GET', 'http://myapi.com/test', false);
xhr.setRequestHeader('Authorization', 'Basic ' + Base64.encode('user:pass') );
xhr.send('');
</script>

(For the sake of courtesy, you should download webtoolkit.base64.js and serve it from your own server.)

Keep in mind that you can't do cross-domain requests with XHR; your JavaScript and PHP have to be served from the same domain.

Oxygen answered 18/2, 2011 at 3:17 Comment(2)
$_SERVER['PHP_AUTH_USER'] can be empty if you are running php as CGI. Refer besthostratings.com/articles/http-auth-php-cgi.htmlCalciferol
@dskanth: Yeah, I also saw that in the comments in the PHP docs. But apparently that wasn't the problem in this case. Personally, I think using Basic Auth is usually a poor strategy - a security risk, and generally causes extra headaches here and there.Oxygen

© 2022 - 2024 — McMap. All rights reserved.