ID: 26606 User updated by: lutz dot schwarz at cgs dot de Reported By: lutz dot schwarz at cgs dot de -Status: Open +Status: Closed Bug Type: Variables related Operating System: Win NT PHP Version: 4.3.2 New Comment:
The value of PHP_AUTH_USER can be found in $_SERVER['PHP_AUTH_USER'] rather than in $GLOBALS['PHP_AUTH_USER'] ... I close the bug report. Previous Comments: ------------------------------------------------------------------------ [2003-12-12 11:15:18] lutz dot schwarz at cgs dot de Description: ------------ If registering global variables is enabled (php.ini: register_globals = on), the variables $PHP_AUTH_USER and $GLOBALS['PHP_AUTH_USER'] are implicitely set to the values the browser sent. That works fine. In case registering global variables is disabled (php.ini: register_globals = off), neither $PHP_AUTH_USER nor $GLOBALS['PHP_AUTH_USER'] is set. This IS desired for $PHP_AUTH_USER but it seems to be wrong for $GLOBALS['PHP_AUTH_USER']. Since I found no other way to get the username and password enterred by the user, a site can not use "WWW-Authenticate" if register_globals is off. I use PHP compiled as Apache module on a Windows-NT4. PHP Version: PHP 4.3.2 (cgi-fcgi), Copyright (c) 1997-2003 The PHP Group Zend Engine v1.3.0, Copyright (c) 1998-2003 Zend Technologies with DBG v2.11.23, (C) 2000,2001,2002,2003, by Dmitri Dmitrienko Apache version: Server version: Apache/2.0.46 Server built: Jun 2 2003 20:35:59 Reproduce code: --------------- <?php if (!isset($GLOBALS['PHP_AUTH_USER'])) { Header( "WWW-Authenticate: Basic realm=\"Test Authentication System\""); Header( "HTTP/1.0 401 Unauthorized"); echo "You must enter a valid login ID and password to access this resource.\n"; exit; } // never reached if "register_globals = Off" in php.ini echo "Hello {$GLOBALS['PHP_AUTH_USER']} !!<br>"; ?> Expected result: ---------------- Hello what_ever_i_entered_as_username !! Actual result: -------------- The browser repeats showing the authentication dialog until pressing cancel. Then the browser shows: You must enter a valid login ID and password to access this resource. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=26606&edit=1