I am on the process of migrating php-4.3 to php 5.1 on centOS 5.2. After migrating I found that, httpd authentication is not working. $SERVER['PHP_AUTH_USER'] & $SERVER['PHP_AUTH_PW'] returns blank.register_globals is turned on in my php.ini. O searching in net, I found that httpd authentication is not work if php is installed as CGI. How can I find that whether my php is installed as CGI or Apache module? If it has installed as CGI, should I need to remove both apache (2.0) and php and re-install the same? How to install php as apache module through yum?

Any help will be highly appreciated.

Regd,

Thanks.

    If you use [man]phpinfo[/man], a little ways down it will tell you the Server API. It should say Apache2 Handler or CGI (Fast/CGI) or something similar. register_globals is for auto-converting $POST['something'] into $something and doesn't affect the $SERVER superglobal in that way.

      dev_silent wrote:

      register_globals is turned on in my php.ini

      Might I recommend that you disable this directive? It has been disabled by default and even removed from future versions of PHP due to the security risks it presents. More info on that can be found here: [man]security.globals[/man].

      dev_silent wrote:

      httpd authentication is not work if php is installed as CGI. How can I find that whether my php is installed as CGI or Apache module?

      Yep; Apache can't pass that information if PHP is called as a separate executable. To check how PHP was installed, simply do a phpinfo(); look for the "Server API" row in the very first table. That should tell you whether your'e using CGI (/FastCGI) or an Apache Module/Handler (I can't remember the exact wording offhand).

      EDIT: Threads merged. Please do not crosspost the same thread across multiple forums.

        Thanks you both Kudose & Brad,

        I have now checked in phpinfo and found that it's saying Apache 2 Hnadler i.e it is not working as CGI. I should definitely turn off the register_globals. Any idea why I am not getting value in $SERVER['PHP_AUTH_USER'], $SERVER['PHP_AUTH_PW'] etc?

          Can you show us what your PHP code looks like that isn't working so we can try to reproduce it?

            Here it is:

            The same code is working in earlier set-up ie in php-4. & Apache 1.3..

            <?php

            function showLogonBox()
            {
            Header("WWW-Authenticate: Basic realm=\"Test Site\"");
            Header("HTTP/1.0 401 Unauthorized");

             unset($PHP_AUTH_USER);
 unset($PHP_AUTH_PW);
 echo "<p align=\"left\"><font face=\"Arial\" size=\"3\">Please logon.</p><br>"; 
 echo "<p>Click Refresh/Reload to try again.</p></font>"; // user comes here if he hits cancel
 exit;

            }

            echo $SERVER['PHP_AUTH_USER'];
            echo "<br>";
            echo $            SERVER['PHP_AUTH_PW'];

            ?>

              You never call the showLogonBox() function? Also, this:

              unset($PHP_AUTH_USER);
unset($PHP_AUTH_PW);

              is unnecessary; those variables were never defined to begin with.

                Write a Reply...