Re: [Ganglia-developers] [patch] private cluster authenticate fix

[Jeong Bae Kim]

Looks like a simple enough change to take the Apache basic authentication 
password from PHP built-in global array, _SERVER.
I am assuming using $PHP_AUTH_PW in global context requires 
"register_globals" option turned on, which is highly deprecated...

From: Martin Knoblauch <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: Ramon Bastiaans <[EMAIL PROTECTED]>,Ganglia Developers 
<ganglia-developers@lists.sourceforge.net>
Subject: Re: [Ganglia-developers] [patch] private cluster authenticate fix
Date: Sat, 10 Sep 2005 10:45:49 -0700 (PDT)

Hi,

 comments on the patch? My php is not good enough to evaluate the
change, but I am inclined to commit it if I get one or more ACKs.

Cheers
Martin

--- Ramon Bastiaans <[EMAIL PROTECTED]> wrote:

> Hi guys,
>
> I noticed that HTTP authentication was not working in auth.php. Since
>
> php4 the variables changed for this to work.
> I created a little patch that will make it work again.
>
> Kind regards,
> - Ramon.
>
> --
> .--------------------------------------------.
> | ing. Ramon Bastiaans                       |
> | HPC - Systems Programmer                   |
> |--------------------------------------------|
> | SARA - Computing and Networking Services   |
> | Kruislaan 415           PO Box 194613      |
> | 1098 SJ Amsterdam       1090 GP Amsterdam  |
> |--------------------------------------------|
> | Mail:  bastiaans ( a t ) sara ( d o t ) nl |
> | Web:   http://www.sara.nl/                 |
> | Phone: +31 (0)20 592 80 19                 |
> | Fax:   +31 (0)20 668 31 67                 |
> `--------------------------------------------'
>
> > --- ganglia-3.0.1/web/auth.php        2005-02-02 19:24:14.000000000 +0100
> +++ ./auth.php     2005-08-30 10:07:47.182962576 +0200
> @@ -43,19 +43,20 @@
>
>
#-------------------------------------------------------------------------------
>  function checkprivate()
>  {
> -   global $clustername, $context, $PHP_AUTH_PW;
> +   global $clustername, $context;
> +
>     # Allow the Meta context page.
>     if ($context=="meta") { return; }
>
>     $private=embarrassed();
>     if ($private[$clustername]) {
>        #echo "The password for $clustername is
> $private[$clustername]<br>";
> -      if (empty($PHP_AUTH_PW)) {
> +      if (empty($_SERVER['PHP_AUTH_PW'])) {
>     authenticate();
>        }
>        else {
>     # Check password (in md5 format). Username does not matter.
> -   if (md5($PHP_AUTH_PW) != $private[$clustername]) {
> +   if (md5($_SERVER['PHP_AUTH_PW']) != $private[$clustername]) {
>        authenticate();
>     }
>        }
> @@ -68,17 +69,17 @@
>  # The control room is always embarrassed.
>  function checkcontrol()
>  {
> -   global $context, $PHP_AUTH_PW;
> +   global $context;
>
>     if ($context != "control") { return; }
>
> -   if (empty($PHP_AUTH_PW)) {
> +   if (empty($_SERVER['PHP_AUTH_PW'])) {
>        authenticate();
>     }
>     else {
>        #echo "You entered password ". md5($PHP_AUTH_PW) ."
> ($PHP_AUTH_PW)<br>";
>        $private=embarrassed();
> -      if (md5($PHP_AUTH_PW) != $private["controlroom"]) {
> +      if (md5($_SERVER['PHP_AUTH_PW']) != $private["controlroom"]) {
>     authenticate();
>        }
>     }
>


------------------------------------------------------
Martin Knoblauch
email: k n o b i AT knobisoft DOT de
www:   http://www.knobisoft.de


-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
Ganglia-developers mailing list
Ganglia-developers@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ganglia-developers