philip Wed Dec 25 05:19:32 2002 EDT
Modified files:
/phpdoc/en/features http-auth.xml
Log:
Reflect current behavior regarding external-auth and PHP_AUTH variables.
They are only disabled if safe mode is on as of 4.3.0 Before this time
they were not disabled.
Index: phpdoc/en/features/http-auth.xml
diff -u phpdoc/en/features/http-auth.xml:1.29 phpdoc/en/features/http-auth.xml:1.30
--- phpdoc/en/features/http-auth.xml:1.29 Sun Dec 15 10:48:39 2002
+++ phpdoc/en/features/http-auth.xml Wed Dec 25 05:19:32 2002
@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="iso-8859-1"?>
-<!-- $Revision: 1.29 $ -->
+<!-- $Revision: 1.30 $ -->
<chapter id="features.http-auth">
<title>HTTP authentication with PHP</title>
@@ -84,12 +84,13 @@
</para>
<simpara>
- In order to prevent someone from writing a script which reveals
- the password for a page that was authenticated through a
- traditional external mechanism, the PHP_AUTH variables will not be
+ As of PHP 4.3.0, in order to prevent someone from writing a script which
+ reveals the password for a page that was authenticated through a
+ traditional external mechanism, the PHP_AUTH variables will not be
set if external authentication is enabled for that particular
- page. In this case, <varname>REMOTE_USER</varname> can be used
- to identify the externally-authenticated user. So,
+ page and <link linkend="features.safe-mode">safe mode</link> is
+ enabled. Regardless, <varname>REMOTE_USER</varname> can be used
+ to identify the externally-authenticated user. So, you can use
<varname>$_SERVER['REMOTE_USER']</varname>.
</simpara>
@@ -98,9 +99,6 @@
<para>
PHP uses the presence of an <literal>AuthType</literal> directive
to determine whether external authentication is in effect.
- Remember to avoid this directive for the context where you want to
- use PHP authentication (otherwise each authentication attempt
- will fail).
</para>
</note>
--
PHP Documentation Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
