PHP_AUTH_PW variable disappeared

Chisel

Hi all!

Recently I upgraded from Apache/1.3.27 (Unix) AuthMySQL/2.20 mod_ssl/2.8.12 OpenSSL/0.9.7 PHP/4.3.0 to Apache/1.3.29 (Unix) AuthMySQL/2.20 mod_ssl/2.8.16 OpenSSL/0.9.7 PHP/4.3.4. I preserved all compiled in Apache modules in the new configuration.

Everything works perfectly, but when using .htaccess access control authenticated user's name and password are not stored in $PHP_AUTH_USER and $PHP_AUTH_PW, nor they are available somewhere in $_SERVER array. I could not find anything on how to make these variables available.

I have not changed anything in the configuration files. The only addition is that the new PHP has GD2 enabled, but i doubt that it causes the problem.

Any help would be appreciated! Thanks!

keith73

it hasn't disappeared, it's now in $_SERVER['PHP_AUTH_PW']
http://us2.php.net/manual/en/reserved.variables.php#reserved.variables.server

since php 4.x register_globals is off by default.

keith

Chisel

The problem is that PHP_AUTH_PW and PHP_AUTH_USER are not available in $SERVER array too. None of PHP_AUTH* variable exists in $_SERVER or as registered global, which makes a big mess in .htaccess protected realms where PHP scripts rely on username and/or password.

PHP manual states that everything in $_SERVER is provided by the web server (in my case apache 1.3.29). Maybe I should recompile apache with different configuration?

keith73

Originally posted by Chisel
The problem is that PHP_AUTH_PW and PHP_AUTH_USER are not available in $SERVER array too. None of PHP_AUTH* variable exists in $_SERVER or as registered global, which makes a big mess in .htaccess protected realms where PHP scripts rely on username and/or password.

PHP manual states that everything in $_SERVER is provided by the web server (in my case apache 1.3.29). Maybe I should recompile apache with different configuration?

from the page linked to in my previous post:

$_SERVER is an array containing information such as headers, paths, and script locations. The entries in this array are created by the webserver. There is no guarantee that every webserver will provide any of these; servers may omit some, or provide others not listed here.

'PHP_AUTH_USER'

When running under Apache as module doing HTTP authentication this variable is set to the username provided by the user.

'PHP_AUTH_PW'

When running under Apache as module doing HTTP authentication this variable is set to the password provided by the user.

'AUTH_TYPE'

When running under Apache as module doing HTTP authenticated this variable is set to the authentication type.

so those variables are available. perhaps there is an issue with your apache configuration.

are you you using a virtual host/shared hosting account? if so, incquire of your host the possibility of moving up to apache 2.x. Check your php.ini and httpd.conf settings if you can.

keith