ID: 24021
User updated by: razorstrike at hotmail dot com
Reported By: razorstrike at hotmail dot com
-Status: Feedback
+Status: Open
Bug Type: Strings related
Operating System: WinNT 4.0
PHP Version: 4.3.2
New Comment:
Okay, opening in "rt" mode eliminated the space (EOL?) from showing up
in the var_dump() output. I removed the TRIMs I had added and the code
now works as originally written. For (my) sanity's sake I'm going to
leave the TRIMs in, as I do not want any spaces around those values
anyway, but at least I know what happened! Thanks to everyone for the
feedback.
Previous Comments:
------------------------------------------------------------------------
[2003-06-04 15:08:54] [EMAIL PROTECTED]
4.3.2 changed default opening mode on windows to binary due to the many
problems text mode caused. It appears that you have the opposite
problem. Could you try opening file in "rt" mode and see if that solves
the problem for you?
------------------------------------------------------------------------
[2003-06-04 15:04:13] razorstrike at hotmail dot com
I am using Apache 2.0.46 with the PHP4.3.2RC1 (php4apache.dll dated
Sept 9, 2002) currently.
Okay, I have come up with a solution. Now, I think it's either a bug
fix that broke my code, or it is a bug itself.
Here's what I did:
if (($username == "$PHP_AUTH_USER") && ($password == "$PHP_AUTH_PW"))
IS NOW
if ((trim($username) == "$PHP_AUTH_USER") && (trim($password) ==
"$PHP_AUTH_PW"))
Note the TRIMs. For some reason there is a space (or newline?) being
appended to each line during the "explode" that wasn't there
previously. I have verified that the password file doesn't have any
extraneous characters. It was overkill to trim the username, too, but
it can't hurt :)
BTW: Thanks for the var_dump suggestion! It helped me spot the space in
the raw var.
------------------------------------------------------------------------
[2003-06-04 12:21:09] [EMAIL PROTECTED]
Which SAPI are you actually using? (IIS? Apache1/2? or CGI?)
hint: try var_dump() to verify the contents of variables.
------------------------------------------------------------------------
[2003-06-04 12:03:44] razorstrike at hotmail dot com
I use basic authentication to grant users access to a page. I have
included the code below. This code no longer works after upgrading to
4.3.2. It has worked in ALL previous release I have used up to, and
including, 4.3RC1.
In short, I read a flat file of user info. The format is
"username:password" (no quotes). One per line. The code breaks out the
pairs into an array and tests against $PHP_AUTH_USER and _PW until a
match is made. Otherwise it displays a warning.
I have narrowed it down to the string comparison, and have tried strcmp
and strncmp (with modified logic) in place of "==" without success.
Also, I have output all of the variable values with various echo
statements. It appears all values are being set correctly.
Did something change with basic auth? FYI, I have used the same
PHP.INI file throughout, without modification.
<?
$auth = false; // Assume user is not authenticated
if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW']))
{
$PHP_AUTH_USER = $_SERVER['PHP_AUTH_USER'];
$PHP_AUTH_PW = $_SERVER['PHP_AUTH_PW'];
// Read the entire file into the variable $file_contents
$filename = 'c:\\pass.txt';
$fp = fopen( $filename, 'r' );
$file_contents = fread($fp, filesize($filename));
fclose( $fp );
// Place the individual lines from the file contents into an array.
$lines = explode("\n", $file_contents);
// Split each of the lines into a username and a password pair
// and attempt to match them to $PHP_AUTH_USER and $PHP_AUTH_PW.
foreach ($lines as $line) {
list($username, $password) = explode(':', $line);
if (($username == "$PHP_AUTH_USER") && ($password == "$PHP_AUTH_PW"))
{
// A match is found, meaning the user is authenticated. So,
stop the
search.
$auth = true;
break;
}
}
}
if (!$auth) {
$authhead = 'WWW-Authenticate: Basic realm="Login"';
header( "$authhead" );
header( 'HTTP/1.0 401 Unauthorized' );
echo "<CENTER>\n<BR><BR>\n<B><DIV STYLE=\"font-family: helvetica,
arial, verdana; font-size: 14pt;\">The username or password you entered
was invalid.</B>\n<BR><BR>\n";
echo "<INPUT TYPE=button VALUE=\"Try Again\"
onClick=\"window.location='';\"></DIV>";
exit;
}
?>
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=24021&edit=1
