That's not true. At least the "From the beginning of time" part. This used to be a restriction, then it was lost, now it is back. You can go scour cvs for the exact versions affected.
I am personally not entirely happy about this change either. It is definitely a security issue for shared server environments, and as such perhaps the restriction should only be triggered when safe-mode is on. -Rasmus On Fri, 15 Nov 2002, Edin Kadribasic wrote: > Well actually you could. From the beginning of time up to 4.3.0. I > expect to see a lot of bug reports similar to this one. > > Edin > > ----- Original Message ----- > From: <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Friday, November 15, 2002 10:10 AM > Subject: #20441 [Opn->Bgs]: PHP_AUTH_USER isn't set > > > > ID: 20441 > > Updated by: [EMAIL PROTECTED] > > Reported By: [EMAIL PROTECTED] > > -Status: Open > > +Status: Bogus > > Bug Type: Apache related > > Operating System: Redhat Linux 7.1 kernel 2.4.2-2 > > PHP Version: 4.3.0-pre2 > > New Comment: > > > > You need to decide if you are using an external auth mechanism or > http > > auth from php. You can't do both. > > > > > > Previous Comments: > > ------------------------------------------------------------------ > ------ > > > > [2002-11-15 02:58:24] [EMAIL PROTECTED] > > > > I've upgraded PHP 4.2.3 to the beta 4.3.0-pre2 and I've set > register > > globals on in php.ini. > > > > My Apache version is 1.3.24. > > PHP configure: > > ./configure --with-apxs=/usr/local/apache/bin/apxs > > --with-mysql=/usr/local/mysql --enable-ftp --with-openssl > > > > The script is using this .htaccess-file > > > > AuthType Basic > > AuthName 'Urenregistratie' > > AuthUserFile /htpasswd/urenreg > > require valid-user > > > > I am sure that Apache is setting the PHP_AUTH_USER because the > > following script gives the correct output: > > > > // begin dirty hack > > $headers = apache_request_headers(); > > foreach ($headers as $header => $value) { > > if ($header == "Authorization") > > { > > $value = str_replace(" ", "", $value); > > $value = str_replace("Basic", "", $value); > > $userArray = explode(":", base64_decode($value)); > > $PHP_AUTH_USER = $userArray[0]; > > } > > } > > echo $PHP_AUTH_USER; > > // end dirty hack > > > > If I echo $PHP_AUTH_USER or $_SERVER["PHP_AUTH_USER"] above this > script > > I am getting a empty result. > > > > Note: the script was functioning 100% properly with php 4.2.3 > > > > > > > > > > ------------------------------------------------------------------ > ------ > > > > > > -- > > Edit this bug report at http://bugs.php.net/?id=20441&edit=1 > > > > > > > -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php