ID: 24021 Updated by: [EMAIL PROTECTED] Reported By: razorstrike at hotmail dot com -Status: Open +Status: Feedback Bug Type: Strings related Operating System: WinNT 4.0 PHP Version: 4.3.2 New Comment:
4.3.2 changed default opening mode on windows to binary due to the many problems text mode caused. It appears that you have the opposite problem. Could you try opening file in "rt" mode and see if that solves the problem for you? Previous Comments: ------------------------------------------------------------------------ [2003-06-04 15:04:13] razorstrike at hotmail dot com I am using Apache 2.0.46 with the PHP4.3.2RC1 (php4apache.dll dated Sept 9, 2002) currently. Okay, I have come up with a solution. Now, I think it's either a bug fix that broke my code, or it is a bug itself. Here's what I did: if (($username == "$PHP_AUTH_USER") && ($password == "$PHP_AUTH_PW")) IS NOW if ((trim($username) == "$PHP_AUTH_USER") && (trim($password) == "$PHP_AUTH_PW")) Note the TRIMs. For some reason there is a space (or newline?) being appended to each line during the "explode" that wasn't there previously. I have verified that the password file doesn't have any extraneous characters. It was overkill to trim the username, too, but it can't hurt :) BTW: Thanks for the var_dump suggestion! It helped me spot the space in the raw var. ------------------------------------------------------------------------ [2003-06-04 12:21:09] [EMAIL PROTECTED] Which SAPI are you actually using? (IIS? Apache1/2? or CGI?) hint: try var_dump() to verify the contents of variables. ------------------------------------------------------------------------ [2003-06-04 12:03:44] razorstrike at hotmail dot com I use basic authentication to grant users access to a page. I have included the code below. This code no longer works after upgrading to 4.3.2. It has worked in ALL previous release I have used up to, and including, 4.3RC1. In short, I read a flat file of user info. The format is "username:password" (no quotes). One per line. The code breaks out the pairs into an array and tests against $PHP_AUTH_USER and _PW until a match is made. Otherwise it displays a warning. I have narrowed it down to the string comparison, and have tried strcmp and strncmp (with modified logic) in place of "==" without success. Also, I have output all of the variable values with various echo statements. It appears all values are being set correctly. Did something change with basic auth? FYI, I have used the same PHP.INI file throughout, without modification. <? $auth = false; // Assume user is not authenticated if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) { $PHP_AUTH_USER = $_SERVER['PHP_AUTH_USER']; $PHP_AUTH_PW = $_SERVER['PHP_AUTH_PW']; // Read the entire file into the variable $file_contents $filename = 'c:\\pass.txt'; $fp = fopen( $filename, 'r' ); $file_contents = fread($fp, filesize($filename)); fclose( $fp ); // Place the individual lines from the file contents into an array. $lines = explode("\n", $file_contents); // Split each of the lines into a username and a password pair // and attempt to match them to $PHP_AUTH_USER and $PHP_AUTH_PW. foreach ($lines as $line) { list($username, $password) = explode(':', $line); if (($username == "$PHP_AUTH_USER") && ($password == "$PHP_AUTH_PW")) { // A match is found, meaning the user is authenticated. So, stop the search. $auth = true; break; } } } if (!$auth) { $authhead = 'WWW-Authenticate: Basic realm="Login"'; header( "$authhead" ); header( 'HTTP/1.0 401 Unauthorized' ); echo "<CENTER>\n<BR><BR>\n<B><DIV STYLE=\"font-family: helvetica, arial, verdana; font-size: 14pt;\">The username or password you entered was invalid.</B>\n<BR><BR>\n"; echo "<INPUT TYPE=button VALUE=\"Try Again\" onClick=\"window.location='';\"></DIV>"; exit; } ?> ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=24021&edit=1