10

I tried to implement a small authentication via http and copied this bit of code from the net to check whether this will work properly:

<?php
    if(!isset($_SERVER['PHP_AUTH_USER'])) {
        header('WWW-Authenticate: Basic realm="My Realm"');
        header('HTTP/1.0 401 Unauthorized');
        echo 'Text to send if user hits Cancel button';
        exit;
    } else {
        echo "<p>Hello {$_SERVER['PHP_AUTH_USER']}.</p>";
        echo "<p>You entered {$_SERVER['PHP_AUTH_PW']} as your password.</p>";
    }
?>

However, my browser always ask for a username and password but never outputs anything until i cancel. Therefore i think that $_SERVER['PHP_AUTH_USER'] is never set! What might be the problem? I am running Ubuntu 10.04 LTS Server with Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.7d DAV/2 Server.

Improve this question
1
  • @Jonny Keogh: Safari 5 and Firefox 5, however andreas already solved the problem by checking for CGI/FCGI. Commented Aug 13, 2011 at 21:23

3 Answers 3

Reset to default
24

For PHP-CGI:

in .htaccess add this:

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
</IfModule>

and at the beginning of your script add this:

list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':' , base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

Praise the lord for your answer. I was sharpening my wrist slitting knife when this finally solved my problems.
looks like you don't need this line: list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':' , base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
@Shawn list($... is for the requesting client.
The .htaccess fix is what worked for me. Notice I had to put it at the end of it, else my codeigniter installation wouldn't work
21

Run phpinfo(). if "Server API" is CGI/FCGI, you can pretty much forget it as there is no sensible way to use HTTP auth from PHP.

Improve this answer

1 Comment

Actually, it will work with FastCGI. See my answer here: stackoverflow.com/a/56715271/1772821
0

Enable PHP-FPM and it will start working.

$valid_passwords = array ("test" => "test");
$valid_users = array_keys($valid_passwords);

$user = $_SERVER['PHP_AUTH_USER'];
$pass = $_SERVER['PHP_AUTH_PW'];

$validated = (in_array($user, $valid_users)) && ($pass == $valid_passwords[$user]);

if (!$validated) {
    header('WWW-Authenticate: Basic realm="Test"');
    header('HTTP/1.0 401 Unauthorized');
    die ("Not authorized");
}
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.