2

I've looked at several other questions on stackoverflow dealing with this issue HTTP Auth via PHP - PHP_AUTH_USER not set? and PHP_AUTH_USER not set? , but they all point at issues with "Server API" being set to CGI, for me it's set to "Apache 2.0 Handler".

I'm using UBUNTU 12.04LTS.

I have a simple script in my docroot called my.php:

<?php
echo "Username: " . $_SERVER["PHP_AUTH_USER"] . ", Password: " . $_SERVER["PHP_AUTH_PW"];
?

When I run wget, I can see that both are empty:

wget -v --http-user=johnsmith --http-password=mypassword http://192.168.1.163/my.php

returns:

Username: , Password:

I have the following apache modules enabled:

/etc/apache2/mods-enabled
alias.conf       authn_file.load       authz_host.load  autoindex.load  deflate.load  env.load   negotiation.conf  php5.load        rewrite.load   status.conf
alias.load       authz_default.load    authz_user.load  cgi.load        dir.conf      mime.conf  negotiation.load  reqtimeout.conf  setenvif.conf  status.load
auth_basic.load  authz_groupfile.load  autoindex.conf   deflate.conf    dir.load      mime.load  php5.conf         reqtimeout.load  setenvif.load

I also tried adding a line to my .htaccess for "AuthType Basic" to no avail.

Is there something else that needs to be set or config'ed?

Improve this question
3
  • is that page actually PW protected? as far as I remember, wget won't send the credentials unless it gets a 401 response code. Commented Jul 24, 2013 at 18:31
  • Seconding @MarcB -- I believe .htaccess is considered to be "external" authentication and will not show up as php_auth_user. Modify your script to send the proper 401 request -- without it, the credentials won't be sent (otherwise, you'd be sending your credentials unnecessarily to every page, which is a security issue). Read the php http-auth documentation on this subject for "proper" use of HTTP authentication. Commented Jul 24, 2013 at 18:42
  • will the 401 request work with a rest call? What I'm trying to get is the ability to pass username/password in a rest call. Commented Jul 24, 2013 at 19:03

2 Answers 2

Reset to default
1

It appears to me that you're not sending the needed parameters properly!
Have you tried wget http://johnsmith:[email protected]/my.php?

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

For PHP-CGI:

in .htaccess add this:

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
</IfModule>

and at the beginning of your script add this:

list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':' , base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
Improve this answer

1 Comment

The author of the question specifically mentioned that his/her "Server API" was set to "Apache 2.0 Handler" and not CGI

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.