Php_Auth_User Not Set

HTTP Auth via PHP - PHP_AUTH_USER not set?

Run phpinfo(). if "Server API" is CGI/FCGI, you can pretty much forget it as there is no sensible way to use HTTP auth from PHP.

Why are $_SERVER[PHP_AUTH_USER] and $_SERVER[PHP_AUTH_PW] not set?

I've finally discovered the answer thanks to the of help of Naktibalda in ##php on irc.freenode.net

The following page summarises the issue: http://php.net/manual/en/features.http-auth.php

To quote the relevant bits:

As of PHP 4.3.0, in order to prevent someone from writing a script which reveals the password for a page that was authenticated through a traditional external mechanism, the PHP_AUTH variables will not be set if external authentication is enabled for that particular page and safe mode is enabled. Regardless, REMOTE_USER can be used to identify the externally-authenticated user. So, you can use $_SERVER['REMOTE_USER'].

...

PHP uses the presence of an AuthType directive to determine whether external authentication is in effect.

Http Auth dosen't work with PHP

The problem is solved.

I checked phpinfo() on our Server and SERVER API was on CGI/FastCGI.

HTTP Auth via PHP - PHP_AUTH_USER not set?

Run phpinfo(). if "Server API" is CGI/FCGI, you can pretty much forget
it as there is no sensible way to use HTTP auth from PHP.

Now I knew where the problem is and I solved the Issue while adding the following part into my public/.htacces .

SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0

$_SERVER['PHP_AUTH_USER'] is empty

I finally found the answer thanks to 'mbinette'.

In my PHP configuration, the handler of PHP 5 was CGI, and this type of authentication doesn't work with PHP CGI. So i changed it to suPHP (which is supposed to be the default one on APACHE).

Find here a post explaining a way to use CGI and PHP_AUTH, but i tried and it wasn't working.

Find here some explanations about php handlers

---

Related Topics