I'm running Apache/2.0.52 (Unix) mod_perl/1.99_16 Perl/v5.8.5 PHP/5.0.1
under FreeBSD 4.11-RELEASE #0.
I suddenly (sic) no longer have PHP_AUTH_USER, PHP_AUTH_PW, and AUTH_TYPE or
REMOTE_USER or any such variables. They do not show up in phpinfo() nor do
they work as expected programmaticall y.
I used to have them a few weeks ago.
I have not changed any of versionned packages shown above in months.
My Apache authentication directives taken from server-info (unchanged
AFAIcanremember ) are:
<Directory "/usr/local/apache2/htdocs/pictures">
AuthType Basic
AuthName "family server"
Require valid-user
Options Indexes FollowSymLinks MultiViews
AllowOverride None
</Directory>
Looking around in google groups it seems some other people have had this or
a similar problem, but I saw no clear-cut indication of what prompts it.
The simple explanation is that I made some change which I thought
minor/irrelevant and I have a mental block...
If someone knows what prompts such behavior by Apache/PHP I'd be grateful to
know!
TIA
Bernard Higonnet
3  2835 
Bernard Higonnet wrote: I'm running Apache/2.0.52 (Unix) mod_perl/1.99_16 Perl/v5.8.5 PHP/5.0.1
under FreeBSD 4.11-RELEASE #0.
I suddenly (sic) no longer have PHP_AUTH_USER, PHP_AUTH_PW, and AUTH_TYPE or
REMOTE_USER or any such variables. They do not show up in phpinfo() nor do
they work as expected programmaticall y.
I used to have them a few weeks ago.
I have not changed any of versionned packages shown above in months.
My Apache authentication directives taken from server-info (unchanged
AFAIcanremember ) are:
<Directory "/usr/local/apache2/htdocs/pictures">
AuthType Basic
AuthName "family server"
Require valid-user
Options Indexes FollowSymLinks MultiViews
AllowOverride None
</Directory>
I think you should have a "AuthUserFi le" option in there. Otherwise
Apache wouldn't know any "valid-user".
But I don't understand how you can access the directory, if the
missing option is your problem. My Apache returns a status 500, if it
is missing the passwordfile when the browser tries to authenticate. So
it could be something else.
[snip]
/Bent
Bent Stigsen wrote: Bernard Higonnet wrote: I'm running Apache/2.0.52 (Unix) mod_perl/1.99_16 Perl/v5.8.5 PHP/5.0.1
under FreeBSD 4.11-RELEASE #0.
I suddenly (sic) no longer have PHP_AUTH_USER, PHP_AUTH_PW, and AUTH_TYPE
or REMOTE_USER or any such variables. They do not show up in phpinfo()
nor do they work as expected programmaticall y.
I used to have them a few weeks ago.
I have not changed any of versionned packages shown above in months.
My Apache authentication directives taken from server-info (unchanged
AFAIcanremember ) are:
<Directory "/usr/local/apache2/htdocs/pictures">
AuthType Basic
AuthName "family server"
Require valid-user
Options Indexes FollowSymLinks MultiViews
AllowOverride None
</Directory>
I think you should have a "AuthUserFi le" option in there. Otherwise
Apache wouldn't know any "valid-user".
But I don't understand how you can access the directory, if the
missing option is your problem. My Apache returns a status 500, if it
is missing the passwordfile when the browser tries to authenticate. So
it could be something else.
There is a "AuthUserFi le" option in the config file. This I know because
it's there, and because it does ask for a password and that works as it
should. I thought by posting the server-info this would be better than
showing the config file lines, but server-info doesn't show the file,
perhaps because showing it is bad from a security point of view...?
Bernard Higonnet
Bernard Higonnet wrote:
[snip] There is a "AuthUserFi le" option in the config file. This I know because
it's there, and because it does ask for a password and that works as it
should. I thought by posting the server-info this would be better than
showing the config file lines, but server-info doesn't show the file,
perhaps because showing it is bad from a security point of view...?
Ok, it makes sense that it should work since the request gets passed
along to the PHP-interpreter.
Just to confirm that PHP gets the information it needs, try:
<?php
print_r(apache_ request_headers ());
?>
Verify the presence and content of the Authorization-header. Its
content should be something like "Basic Zm9vOmZvby4u", where the
gibberish is base64 encoded "user:pass" .
/Bent This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: jorntk |
last post by:
if ((!isset( $PHP_AUTH_USER )) || (!isset($PHP_AUTH_PW))) {
header( 'WWW-Authenticate: Basic realm="Private"' );
header( 'HTTP/1.0 401 Unauthorized' );
echo 'Authorization Required.';
exit;
} else {
echo "You entered $PHP_AUTH_USER for a username.<BR>";
|
by: Stephen Poley |
last post by:
I'm trying to understand sessions and authentication.
I gathered that the only way of preserving data across script
invocations was to use a session. However I note that
$_SERVER and $_SERVER are also preserved
across invocations and even from one script to another. How does this
work? (Are they repeatedly sent from the browser every time? If so, what
stops a site author from collecting a user name and password originally
entered for...
|
by: Christian Luszick |
last post by:
hi,
I am concerned about the following statement in php doc on
http://www.php.net/manual/en/features.http-auth.php
----- sschippp -----
As of PHP 4.3.0, in order to prevent someone from writing a script
which reveals the password for a page that was authenticated through a
traditional external mechanism, the PHP_AUTH variables will not be set
|
by: Alliss |
last post by:
The code below comes from a Webmonkey tutorial ( with a couple of
modifications tagged by // which I do not think are relevant)
I cannot get it to work. Any help would be appreciated.
The php file is in the same directory as the .htpasswd file and there is no
..htaccess file.
When I click on a link to the file the initial header('WWW-Authenticate:
Basic realm="My Realm"') dialog pops up and asks for username and
password.
When I...
|
by: teho |
last post by:
Hello,
Is this kind of code much used for authentication?
...
if (!isset($_SERVER)) {
header('WWW-Authenticate: Basic realm="Log in"');
header("HTTP/1.0 401 Unauthorized");
....
I have tried to play with it and downloaded a lot of codeexamples. I find
| | |
by: Phil Powell |
last post by:
/*--------------------------------------------------------------------------------------------
This function will utilize the ability to use HTTP-based WWW
Authentication, checking for the global authorized password against
the password entered in the client project's CSV file. Will not
function
unless this password exists.
See http://www.php.net/manual/en/features.http-auth.php for more
info...
|
by: redneck_kiwi |
last post by:
All:
I have an application that has been working well for 3-4 months now
without any issues (that I am aware of). A day or two ago, one of our
employees that use this application called to say she was getting a
weird message:
"Warning: Cannot modify header information - headers already sent by
(output started at /www/htdocs/sys36/viewhist.php:2) in
/www/htdocs/sys36/viewhist.php on line 5"
|
by: Sparkplug |
last post by:
I have used the simple example of HTTP Authentication from the PHP website
as follows:
<?php
if (!isset($_SERVER)) {
header('WWW-Authenticate: Basic realm="My Realm"');
header('HTTP/1.0 401 Unauthorized');
echo 'Text to send if user hits Cancel button';
exit;
} else {
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
| | |
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| |
