a...@ice-sa.com wrote:
> alexander.elg...@t-systems.com wrote:
> > Hello,
> >
> > I am looking for a way to retrieve the AUTH password, without using
> > mod_rewrite ...
>
> I'd be interested in how you would do it, using mod_rewrite.
> For my personal education..
mod_rewrite is really powerful, you are able to pass any header information to
any output.
I just tried the following rule, it just appends the header to the GET Request.
RewriteEngine On
RewriteRule (.*) $1?HTTP_Authorization=%{HTTP:Authorization} [PT]
Or pass it to ENV:
RewriteRule / - [PT,E=HTTP_Authorization:%{HTTP:Authorization}]
http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html
In PHP you just need a single line to decode it:
var_dump(base64_decode(str_replace('Basic ', '',
$_REQUEST['HTTP_Authorization'])));
var_dump(base64_decode(str_replace('Basic ', '',
$_SERVER['HTTP_Authorization'])));
And please do not talk about security, it is just base64, if there is no SSL,
anyone in the middle is able to read the password.
Greetings,
Alexander
