ID: 20441
Comment by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
Status: Bogus
Bug Type: Apache related
Operating System: Redhat Linux 7.1 kernel 2.4.2-2
PHP Version: 4.3.0-pre2
New Comment:
I agree with the previous poster that this is a serious bug. When we
upgraded to 4.3.0RC2 our development application broke.
Previous Comments:
------------------------------------------------------------------------
[2002-11-22 02:40:55] [EMAIL PROTECTED]
This is not bogus!! This is a genuine bug. PHP_AUTH_USER was set in
4.2.3 why has the functionality been changed without warning? This will
break so many peoples scripts it is not true. This *HAS TO BE FIXED* os
that it works as it did before. Please stop trying to pretend that this
is not a bug. It is, and a serious one at that.
------------------------------------------------------------------------
[2002-11-15 09:10:09] [EMAIL PROTECTED]
It was fixed to be like it should be since PHP 3.
------------------------------------------------------------------------
[2002-11-15 03:52:04] [EMAIL PROTECTED]
So I should use $_SERVER["REMOTE_USER"] if I use .htaccess and
$_SERVER["PHP_AUTH_USER"] when I header the authentication?
Why is this behaviour changed without notice?
------------------------------------------------------------------------
[2002-11-15 03:10:35] [EMAIL PROTECTED]
You need to decide if you are using an external auth mechanism or http
auth from php. You can't do both.
------------------------------------------------------------------------
[2002-11-15 02:58:24] [EMAIL PROTECTED]
I've upgraded PHP 4.2.3 to the beta 4.3.0-pre2 and I've set register
globals on in php.ini.
My Apache version is 1.3.24.
PHP configure:
./configure --with-apxs=/usr/local/apache/bin/apxs
--with-mysql=/usr/local/mysql --enable-ftp --with-openssl
The script is using this .htaccess-file
AuthType Basic
AuthName 'Urenregistratie'
AuthUserFile /htpasswd/urenreg
require valid-user
I am sure that Apache is setting the PHP_AUTH_USER because the
following script gives the correct output:
// begin dirty hack
$headers = apache_request_headers();
foreach ($headers as $header => $value) {
if ($header == "Authorization")
{
$value = str_replace(" ", "", $value);
$value = str_replace("Basic", "", $value);
$userArray = explode(":", base64_decode($value));
$PHP_AUTH_USER = $userArray[0];
}
}
echo $PHP_AUTH_USER;
// end dirty hack
If I echo $PHP_AUTH_USER or $_SERVER["PHP_AUTH_USER"] above this script
I am getting a empty result.
Note: the script was functioning 100% properly with php 4.2.3
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=20441&edit=1
