ID: 32332 User updated by: lacak at users dot sourceforge dot net -Reported By: lacak at sourceforge dot net +Reported By: lacak at users dot sourceforge dot net Status: Open Bug Type: Feature/Change Request Operating System: ANY PHP Version: 4.3.10 New Comment:
if PHP is running as Apache module in safe_mode=On and I use "HTTP Digest Authorization", there is no possibility obtain supplied Authorization header. When I use apache_request_headers() function, Authorization header is not included (if safe_mode=On)! So I can not authenticate request. Previous Comments: ------------------------------------------------------------------------ [2005-03-18 07:35:37] lacak at users dot sourceforge dot net if safe_mode=On there is no possibility to obtain HTTP Authorization header, so no validation can be make. The solution : why not include Authorization header in $_SERVER["Authorization"] ... ? Sample code : <?php //phpinfo(); if (isset($_SERVER["PHP_AUTH_USER"])) { echo $_SERVER["PHP_AUTH_USER"].":".$_SERVER["PHP_AUTH_PW"]; print_r(apache_request_headers()); phpinfo(); exit; } if (!empty($_SERVER["REMOTE_IDENT"])) { echo $_SERVER["REMOTE_IDENT"]; print_r(apache_request_headers()); phpinfo(); exit; } if (!empty($_SERVER["Authorization"])) { echo $_SERVER["Authorization"]; print_r(apache_request_headers()); phpinfo(); exit; } Header( "HTTP/1.0 401 Unauthorized"); Header( "WWW-Authenticate: Digest realm=\"www.horiaciker.sk\", opaque=\"opaque\", nonce=\"nonce\", stale=\"false\", qop=\"auth\""); Header( "WWW-Authenticate: Basic realm=\"www.horiaciker.sk\"", false); echo "K prístupu je potrebné zadať platný login a heslo\n"; print_r(getallheaders()); exit; ?> ------------------------------------------------------------------------ [2005-03-16 13:09:38] lacak at users dot sourceforge dot net Description: ------------ if PHP is running as Apache module in safe mode and I use "Digest Authorization", there is no possibility obtain supplied Authorization header. When I use apache_request_headers() function, Authorization header is not included ! So I can not authenticate request. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=32332&edit=1