$PHP_AUTH_USER doesnt work

jacrewq

After users login using basic authentication the username would be echo'ed but PHP variables $PHP_AUTH_USER and $PHP_AUTH_PW
stopped working.
I also tried $_SERVER['PHP_AUTH_USER'] as used in the PHP online documentation but it didn't work.

code:
<?
echo $PHP_AUTH_USER ." and ". $PHP_AUTH_PW
?>

returns:

and

Please advise.

Thanks,
Alex

fredouille

got the same pb...

auth_user doesn't exist anymore with php 4.2 4.3..I'm alos fucked to get the user loggued in a member area...if somebody go the solution...

laserlight

PHP_AUTH_USER still exists.

Access using $_SERVER['PHP_AUTH_USER']

fredouille

Originally posted by laserlight
PHP_AUTH_USER still exists.

Access using $_SERVER['PHP_AUTH_USER']

nope man..in php 4.2.X dont remember whic X exactly, in cgi mode auth_user even with $_server has been removed...tested on unix and windows;..If you still got it on php 4.3.3 tell me how you have done !!

laserlight

ah yes, in cgi mode.

but there was no mention of cgi anywhere, so I presumed that you were running PHP the usual way.

fredouille

cgi mode on unix is the only secure way to run php ( 95% pro hosters config)....whatever on windows with the default config of php 4.2.x and above...there is no more auth_user..it is also writen in the docs.

which php version do your run ?

laserlight

hmm... I've only installed PHP once in my life, and that's on win98.

Had the impression that the cgi way was the sub-optimal way of doing it, though.

fredouille

Originally posted by laserlight
hmm... I've only installed PHP once in my life, and that's on win98.

Had the impression that the cgi way was the sub-optimal way of doing it, though.

what is exaclty our config on with aut_user works ?

laserlight

I'm not using my local PHP install, but a webhost's install.

On PHP 4.2.2 running as an apache module PHP_AUTH_USER works.

fredouille

Originally posted by laserlight
I'm not using my local PHP install, but a webhost's install.

On PHP 4.2.2 running as an apache module PHP_AUTH_USER works.

whar is a webhosts install ? I think aut_user has been removed on 4.3.0 version..

laserlight

I think it's not that PHP_AUTH_USER has been removed in PHP4.3.x, it's that you are not running PHP as an apache module.

My webhost's install meaning the version of PHP that my webhost has, not the one on my local comp.

fredouille

http://ro.php.net/manual/en/reserved.variables.php

you are right..it still exists when php runs as a module..but in cgi mode...it's fucked...as most of hosters uses cgi mode...don't know how to deal with that pb

Chimera

I very much doubt that "most hosters" use PHP in CGI mode. Maybe if they are hosting on Windows servers. I've had 4 different hosts in the last year, including some of the biggest names like NTT Verio and OLM.net, and they all run PHP in apache module mode.

fredouille

Originally posted by Chimera
I very much doubt that "most hosters" use PHP in CGI mode. Maybe if they are hosting on Windows servers. I've had 4 different hosts in the last year, including some of the biggest names like NTT Verio and OLM.net, and they all run PHP in apache module mode.

don't doubt..high security hosting was my job for a couple of year in one of the bigguest french hoster...high security in php is provided by the cgi mode...don't know well US hosters like verio and olm, just know that they are big but it doens't mean that they provide high security hosting (for billing, ecommerce...)..
bye. Statisticly I see more php running in cgi mode than in apache module

ps: it doesn't solve this question...

Moonglobe

The answer: you can't do it the way you're running PHP. i thought that would have been aparent by now. If you really want user authentacation, write it in PHP. The CGI does support sessions, right?

jacrewq

the problem was that my hosting company (domainsvision.com) turned on safe mode without letting me know so my scripts stopped functioning properly until i asked them to move my site to a server without safe mode
it's cool now

fredouille

safe mode doesn't interect with auth_user var...