ID: 32332
Comment by: lacak at users dot sourceforge dot net
Reported By: lacak at sourceforge dot net
Status: Open
Bug Type: Feature/Change Request
Operating System: ANY
PHP Version: 4.3.10
New Comment:
if safe_mode=On there is no possibility to obtain HTTP Authorization
header, so no validation can be make.
The solution : why not include Authorization header in
$_SERVER["Authorization"] ... ?
Sample code :
<?php
//phpinfo();
if (isset($_SERVER["PHP_AUTH_USER"])) {
echo $_SERVER["PHP_AUTH_USER"].":".$_SERVER["PHP_AUTH_PW"];
print_r(apache_request_headers());
phpinfo();
exit;
}
if (!empty($_SERVER["REMOTE_IDENT"])) {
echo $_SERVER["REMOTE_IDENT"];
print_r(apache_request_headers());
phpinfo();
exit;
}
if (!empty($_SERVER["Authorization"])) {
echo $_SERVER["Authorization"];
print_r(apache_request_headers());
phpinfo();
exit;
}
Header( "HTTP/1.0 401 Unauthorized");
Header( "WWW-Authenticate: Digest realm=\"www.horiaciker.sk\",
opaque=\"opaque\", nonce=\"nonce\", stale=\"false\", qop=\"auth\"");
Header( "WWW-Authenticate: Basic realm=\"www.horiaciker.sk\"",
false);
echo "K pr�stupu je potrebn� zada� platn� login a heslo\n";
print_r(getallheaders());
exit;
?>
Previous Comments:
------------------------------------------------------------------------
[2005-03-16 13:09:38] lacak at sourceforge dot net
Description:
------------
if PHP is running as Apache module in safe mode and I use "Digest
Authorization", there is no possibility obtain supplied Authorization
header.
When I use apache_request_headers() function, Authorization header is
not included !
So I can not authenticate request.
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=32332&edit=1
