Login/Register
HTTP Auth via PHP - PHP_AUTH_USER not set?
Asked Answered
Solved phphttpauthenticationserver-variables
E

3

9

I tried to implement a small authentication via http and copied this bit of code from the net to check whether this will work properly:

<?php
    if(!isset($_SERVER['PHP_AUTH_USER'])) {
        header('WWW-Authenticate: Basic realm="My Realm"');
        header('HTTP/1.0 401 Unauthorized');
        echo 'Text to send if user hits Cancel button';
        exit;
    } else {
        echo "<p>Hello {$_SERVER['PHP_AUTH_USER']}.</p>";
        echo "<p>You entered {$_SERVER['PHP_AUTH_PW']} as your password.</p>";
    }
?>

However, my browser always ask for a username and password but never outputs anything until i cancel. Therefore i think that $_SERVER['PHP_AUTH_USER'] is never set! What might be the problem? I am running Ubuntu 10.04 LTS Server with Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.7d DAV/2 Server.

Electrocute answered 13/8, 2011 at 21:10 Comment(1)
@Jonny Keogh: Safari 5 and Firefox 5, however andreas already solved the problem by checking for CGI/FCGI.Electrocute
C
22

Run phpinfo(). if "Server API" is CGI/FCGI, you can pretty much forget it as there is no sensible way to use HTTP auth from PHP.

Canasta answered 13/8, 2011 at 21:13 Comment(1)
Actually, it will work with FastCGI. See my answer here: https://mcmap.net/q/753442/-http-auth-dosen-39-t-work-with-phpSyncope
E
23

For PHP-CGI:

in .htaccess add this:

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
</IfModule>

and at the beginning of your script add this:

list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':' , base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
Ellerd answered 21/3, 2014 at 8:48 Comment(4)
Praise the lord for your answer. I was sharpening my wrist slitting knife when this finally solved my problems.Cardona
looks like you don't need this line: list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':' , base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));Audry
@Audry list($... is for the requesting client.Shatter
The .htaccess fix is what worked for me. Notice I had to put it at the end of it, else my codeigniter installation wouldn't workOrchidectomy
C
22

Run phpinfo(). if "Server API" is CGI/FCGI, you can pretty much forget it as there is no sensible way to use HTTP auth from PHP.

Canasta answered 13/8, 2011 at 21:13 Comment(1)
Actually, it will work with FastCGI. See my answer here: https://mcmap.net/q/753442/-http-auth-dosen-39-t-work-with-phpSyncope
H
0

Enable PHP-FPM and it will start working.

$valid_passwords = array ("test" => "test");
$valid_users = array_keys($valid_passwords);

$user = $_SERVER['PHP_AUTH_USER'];
$pass = $_SERVER['PHP_AUTH_PW'];

$validated = (in_array($user, $valid_users)) && ($pass == $valid_passwords[$user]);

if (!$validated) {
    header('WWW-Authenticate: Basic realm="Test"');
    header('HTTP/1.0 401 Unauthorized');
    die ("Not authorized");
}
Howland answered 19/9, 2019 at 8:56 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.