ID: 20441
User updated by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
-Status: Bogus
+Status: Open
Bug Type: Apache related
Operating System: Redhat Linux 7.1 kernel 2.4.2-2
PHP Version: 4.3.0-pre2
New Comment:
So I should use $_SERVER["REMOTE_USER"] if I use .htaccess and
$_SERVER["PHP_AUTH_USER"] when I header the authentication?
Why is this behaviour changed without notice?
Previous Comments:
------------------------------------------------------------------------
[2002-11-15 03:10:35] [EMAIL PROTECTED]
You need to decide if you are using an external auth mechanism or http
auth from php. You can't do both.
------------------------------------------------------------------------
[2002-11-15 02:58:24] [EMAIL PROTECTED]
I've upgraded PHP 4.2.3 to the beta 4.3.0-pre2 and I've set register
globals on in php.ini.
My Apache version is 1.3.24.
PHP configure:
./configure --with-apxs=/usr/local/apache/bin/apxs
--with-mysql=/usr/local/mysql --enable-ftp --with-openssl
The script is using this .htaccess-file
AuthType Basic
AuthName 'Urenregistratie'
AuthUserFile /htpasswd/urenreg
require valid-user
I am sure that Apache is setting the PHP_AUTH_USER because the
following script gives the correct output:
// begin dirty hack
$headers = apache_request_headers();
foreach ($headers as $header => $value) {
if ($header == "Authorization")
{
$value = str_replace(" ", "", $value);
$value = str_replace("Basic", "", $value);
$userArray = explode(":", base64_decode($value));
$PHP_AUTH_USER = $userArray[0];
}
}
echo $PHP_AUTH_USER;
// end dirty hack
If I echo $PHP_AUTH_USER or $_SERVER["PHP_AUTH_USER"] above this script
I am getting a empty result.
Note: the script was functioning 100% properly with php 4.2.3
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=20441&edit=1
