I checked this problem again, and I found getallheaders() can have "authorization" even if safe_mode is "On". So, $_SERVER['PHP_AUTH_DIGEST'] in my patch is not necessary to use with PEAR::Auth_HTTP and Apache. I am not sure it is useful or not with another SAPI such as ISAPI.
Rui > > HTTP Digest Authorization is supported by PEAR::Auth_HTTP. > But, as you said, it cannot be used when safe_mode = On. > > To solve this problem, > I made a simple patch based on your suggestion based on php5 CVS HEAD. > Applying this patch, we can access $_SERVER['PHP_AUTH_DIGEST'] , > which will be like, > 'Digest username="taro", realm="php-users-digest", > nonce="MTExMTkwNjQ2OA==399347e5e0e2688ede69bfe5e707e3a3", > uri="/php/auth/test_digest_simple.php", algorithm=MD5, > response="6ba162b80d63f8960c73405519cea861", > opaque="b7d192a44e0da16cd180ebe85efb7c8f", qop=auth, nc=00000001, > cnonce="082c875dcb2ca740"'. > > The Digest Authentication can be performed in Auth_HTTP using this > server variable. > > Some utility function such as http_digest_params() to decode > parameters from $_SERVER['PHP_AUTH_DIGEST'] will be also useful > to make the authentication code. > > I hope apply this patch into CVS HEAD if there is no objection. > > Rui > -- Rui Hirokawa <[EMAIL PROTECTED]> -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
