ID: 20461 Updated by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] -Status: Open +Status: Bogus Bug Type: Apache related Operating System: Linux 2.4.8 PHP Version: 4CVS-2002-11-17 New Comment:
Then that is an external auth mechanism and means this is not a bug in PHP: From: http://www.php.net/manual/en/features.http-auth.php "In order to prevent someone from writing a script which reveals the password for a page that was authenticated through a traditional external mechanism, the PHP_AUTH variables will not be set if external authentication is enabled for that particular page. In this case, REMOTE_USER can be used to identify the externally-authenticated user. So, $_SERVER['REMOTE_USER']. Configuration Note: PHP uses the presence of an AuthType directive to determine whether external authentication is in effect. Remember to avoid this directive for the context where you want to use PHP authentication (otherwise each authentication attempt will fail). " There was a bug in previous PHP 4 versions which let the external authenticated usernames and passwords to be revealed for scripts. This is fixed in PHP 4.3.0. (btw. you really should upgrade your apache to 1.3.27! And forget Apache2, it really is not ready for production use) Previous Comments: ------------------------------------------------------------------------ [2002-11-17 22:45:43] [EMAIL PROTECTED] forgot to answer your other question.. using apache 1.3.20 -- been wanting to upgrade to 2.0 but have had a whole different set of problems w/ that, so taking things one step at a time... ------------------------------------------------------------------------ [2002-11-17 22:43:25] [EMAIL PROTECTED] tried using $_SERVER already, no dice. i meant using the mod_auth module in apache to protect certain directories.. when those directories are accessed, the browser pops up a window for the user to enter in their username/password for that resource... ------------------------------------------------------------------------ [2002-11-17 22:23:00] [EMAIL PROTECTED] I can not reproduce this, it works fine here. Try accessing the variables through $_SERVER variable: $_SERVER['PHP_AUTH_USER'] $_SERVER['PHP_AUTH_PW'] And what Apache version are you using? What do you mean with "regular http authentication through apache" ?? ------------------------------------------------------------------------ [2002-11-17 22:09:27] [EMAIL PROTECTED] not using any external auth... simply using regular http authentication through apache... certain directories on the webserver are protected, and so it pops up the box asking the user for username/password.. and then rather then ask them AGAIN for a login for some of my web-based apps, i simply pass the http auth info (via $PHP_AUTH_USER and $PHP_AUTH_PW) along to these apps. the only problem is, those 2 variables don't seem to exist anymore for me. nothing has changed in my configuration except for the fact that i'm now using the cvs version of php as opposed to 4.2.3 (if you read in my original bug report it explains why). ------------------------------------------------------------------------ [2002-11-17 20:13:05] [EMAIL PROTECTED] Are you using some external auth mechanism? ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/20461 -- Edit this bug report at http://bugs.php.net/?id=20461&edit=1
