ID: 11578
User Update by: [EMAIL PROTECTED]
Old-Status: Feedback
Status: Open
Bug Type: HTTP related
Operating system: win32 (nt4 and 2000)
PHP Version: 4.0.5
Description: http header order not respected and messages not transmitted
I currently use the module version of php like indicated in my previous description.
I've separed the ""bug"" in two part to be more understandable (i'm not familiar with
english)
the first part is with the function header :
if i execute the following code :
header("HTTP/1.1 401 acces refuse");
header("www-authenticate: Negociate");
header("www-authenticate: NTLM");
(i know this not correct for rfc but IIS work like that..)
and on the network dump i see:
HTTP/1.1 401 unauthorized (not my message !!!)
www-authenticate: NTLM (squizzed the negociate!!)
now the second part of the message :
during my challenge to obtain ntlm auth 3 messages are exchanged like that :
c = client ; s = server
1 c -> s GET
2 s -> c http/1.1 401 unauthorized
www-authenticate : NTLM
3 c -> s authorization: <msg1>
4 s -> c http/1.1 401 unauthorized
www-authenticate : NTLM <msg2>
5 c -> s authorization: <msg3>
so on the number 2 i do calls to header
on the 3 i call getallheaders (return msg1)
on the 4 i call header
on the 5 i cal getallheaders
i write it to a file (for tests)
i close the file
my first suprise was : on the network layer all is correct : 3 msg, 3 corrects
contents and the 3 msg differents.
on the php layer : msg1 is the same that msg 3 !!!
if i do a redirection after have closed the file :
it contains no more messages !!!!!!!!
is the optmizer fault ?????
If i'am not clear i can try to reexplain
Previous Comments:
---------------------------------------------------------------------------
[2001-06-20 12:14:28] [EMAIL PROTECTED]
Are you using the Apache module version of PHP on Windows
or the standalone CGI binary version? And what do you
mean the headers are in the wrong order? The order of
HTTP headers is not significant.
---------------------------------------------------------------------------
[2001-06-20 09:10:55] [EMAIL PROTECTED]
<?
//------------------------------------
// description : ntlm authentification module
//------------------------------------
//get the msg wich is contained in the headers of the apache server.
function get_msg_auth() {
//$msg="no auth scheme//";
$headers = getallheaders();
while (list($header, $value) = each($headers)) {
if ($header == "Authorization") {
$msg=$value;
}
}
$msg=substr($msg,5,strlen($msg));
return $msg;
}
//return to the browser the first step of the ntlm authentification schema.
function beginntlm() {
header("HTTP/1.1 401 accès refusé");
header("WWW-Authenticate: NTLM");
}
//send the msg2 to the client.
function putmsg2($msg) {
header("HTTP/1.1 401 accès refusé");
header("www-authenticate: NTLM ".$msg);
return($msg);
}
//do the authentification
function ntlm_auth () {
$fp = fopen("c:/test.txt","w+");
beginntlm();
fwrite($fp,"msg1 = ");
fwrite($fp,get_msg_auth());
fwrite($fp,"nmsg2 = ");
//msg2 not in the script cause it is too big
fwrite($fp,putmsg2("TlRMTVNTUAACAAAADAAMADAAAAAFgoGgPhfzJ50JifsAAAAAAAAAAHIAcgA8AAAARABPAE0ARwBFAE4AAgAMAEQATwBNAEcARQBOAAEAHABTAFIAVgBHAEUAVABJAFQAXwBJAFMAUwBZADEABAAMAGQAbwBtAGcAZQBuAAMAKgBzAHIAdgBnAGUAdABpAHQAXwBpAHMAcwB5ADEALgBkAG8AbQBnAGUAbgAAAAAA"));
fwrite($fp,"nmsg3 = ");
fwrite($fp,get_msg_auth());
fclose($fp);
}
ntlm_auth();
// header("location: index.php");
?>
the following code is working(IE only..), i get the correct test.txt but if i
uncomment the last line "header(location..=) the redirection is done but the auth
header are not correct.. i've used tcpdump to see what is the problem and i've find
that the header are not transmitted in the correct order and are modified.... i
doesn't know if its the apache fault or the php optimer fault by my compagny really
wait for a php version that permit to send and to get the headers correctly..
Thanks a lot
the php used is the binary for win32 with default modules and default php.ini (apache
is used)
php is used an module of apache.
---------------------------------------------------------------------------
Full Bug description available at: http://bugs.php.net/?id=11578
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
