Apache is running standalone as a daemon. But even so, why would both sides
of the IF statement run?

Did you try this and get the same results?


-----Original Message-----
From: Bug Database [mailto:[EMAIL PROTECTED]]
Sent: Friday, March 30, 2001 11:35 AM
Subject: PHP 4.0 Bug #10079 Updated: Header Function Within IF construct

ID: 10079
Updated by: cnewbill
Status: Open
Bug Type: Scripting Engine problem
Assigned To: 

Are you running Apache as standalone or inetd?

If I remember right, PHP/Apache/inetd likes to lose env variables.


Previous Comments:

[2001-03-30 11:38:36] [EMAIL PROTECTED]

// Header("WWW-Authenticate: Basic realm="Realm"");

if (!$PHP_AUTH_USER) {
        Header("WWW-Authenticate: Basic realm="Realm"");
        Header("HTTP/1.0 401 Unauthorized");
} else
        echo "else";


Compiler: gcc 2.95.2
Make: GNU 3.79
FSU Pthreads: 3.8

Apache: 1.3.19
MySQL: 3.23.36
PHP: 4.0.4pl1
Freetype: 2.0
LibPNG: 1.0.9
LibJPEG: 6b
Libgd: 1.8.4

PHP is compiled as an Apache module with the following options:

--with-mysql --with-apache --with-pdflib --with-gd --with-trans-sid
--enable-track-vars --enable-sysvsem --enable-sysvshm

Description of problem:

Both sides of the IF construct are being executed when testing the
$PHP_AUTH_USER variable AND issuing the header function. I posted this
question in the general mail list but have received any reponse from

Using the script list above, follow the steps shown below to produce this

1. Close all instances of your browser (I am using IE-5.01 and I have not
tried any other browsers). However I don't believe it is a browser issue.

2. Run the script shown above.

3. Enter some user ID and password... Everything so far works fine.

4. Look in the directory where the script is stored. There should be a file
called xxxx. This indicates that $PHP_AUTH_USER was NOT set.

5. Remove the file xxxx.

6. Refresh the browser. Look for the file xxxx. Notice that xxxx is present;
which should only happen if $PHP_AUTH_USER is NOT set....YET "else" was
printed on screen which indicates that $PHP_AUTH_USER IS set.

7. Uncomment the commented "header" line and notice that a user ID and
password prompt is always issued in this case.

My questions are:

1. Why are both sides of the conditional "If (!isset($PHP_AUTH_USER))" being

2. Why, when $PHP_AUTH_USER is not set, the 'exec(">xxxx")' runs on
subsequent refreshes, but no prompt for a new user ID and password is

3. Why, if a authenticate header is sent before testing, a user ID and
password prompt is issued?

Thanks for taking a look at this.



ATTENTION! Do NOT reply to this email!
To reply, use the web interface found at

PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to