Why Are $_Server["Php_Auth_User"] and $_Server["Php_Auth_Pw"] Not Set

Why are $_SERVER[PHP_AUTH_USER] and $_SERVER[PHP_AUTH_PW] not set?

I've finally discovered the answer thanks to the of help of Naktibalda in ##php on irc.freenode.net

The following page summarises the issue: http://php.net/manual/en/features.http-auth.php

To quote the relevant bits:

As of PHP 4.3.0, in order to prevent someone from writing a script which reveals the password for a page that was authenticated through a traditional external mechanism, the PHP_AUTH variables will not be set if external authentication is enabled for that particular page and safe mode is enabled. Regardless, REMOTE_USER can be used to identify the externally-authenticated user. So, you can use $_SERVER['REMOTE_USER'].

...

PHP uses the presence of an AuthType directive to determine whether external authentication is in effect.

$_SERVER['PHP_AUTH_USER'] is empty

I finally found the answer thanks to 'mbinette'.

In my PHP configuration, the handler of PHP 5 was CGI, and this type of authentication doesn't work with PHP CGI. So i changed it to suPHP (which is supposed to be the default one on APACHE).

Find here a post explaining a way to use CGI and PHP_AUTH, but i tried and it wasn't working.

Find here some explanations about php handlers

HTTP Auth via PHP - PHP_AUTH_USER not set?

Run phpinfo(). if "Server API" is CGI/FCGI, you can pretty much forget it as there is no sensible way to use HTTP auth from PHP.

$_SERVER['PHP_AUTH_USER'] empty

<script src="http://www.webtoolkit.info/djs/webtoolkit.base64.js"></script>
<script>
var xhr = Ti.Network.createHTTPClient();
xhr.timeout = 1000000;
xhr.onreadystatechange = function() {
if (xhr.readyState != 4) return;
alert('Server said: '+xhr.responseText);
};
xhr.open('GET', 'http://myapi.com/test', false);
xhr.setRequestHeader('Authorization', 'Basic ' + Base64.encode('user:pass') );
xhr.send('');
</script>

(For the sake of courtesy, you should download webtoolkit.base64.js and serve it from your own server.)

Keep in mind that you can't do cross-domain requests with XHR; your JavaScript and PHP have to be served from the same domain.



Related Topics



Leave a reply



Submit