473,395 Members | 1,652 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > php > questions > php_auth_* and http_authorization?

Join Bytes to post your question to a community of 473,395 software developers and data experts.

PHP_AUTH_* and HTTP_AUTHORIZATION?

When the server sends out a WWW-Authenticate header combined with a
401 response code, you get prompted for a username / password.

On some servers, this username and password are then saved in
$_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW']. On others,
however, they aren't. So why, on these servers, isn't the value saved
in $_SERVER['HTTP_AUTHORIZE']? The authorize header in the HTTP
response is the header that contains the info that, anyway.

eg. Authorization: Basic YXNkZjphc2Rm

....which base64_decode()'s to 'asdf:asdf'.

It seems that most any header in the HTTP request is added to $_SERVER
via HTTP_* (even made up ones), so why is Authorize different?
Dec 21 '07 #1
1 5160
On 21 Dec, 19:58, yawnmoth <terra1...@yahoo.comwrote:
When the server sends out a WWW-Authenticate header combined with a
401 response code, you get prompted for a username / password.

On some servers, this username and password are then saved in
$_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW']. On others,
however, they aren't. So why, on these servers, isn't the value saved
in $_SERVER['HTTP_AUTHORIZE']? The authorize header in the HTTP
response is the header that contains the info that, anyway.

eg. Authorization: Basic YXNkZjphc2Rm

...which base64_decode()'s to 'asdf:asdf'.

It seems that most any header in the HTTP request is added to $_SERVER
via HTTP_* (even made up ones), so why is Authorize different?
Because HTTP only defines how the webserver and browser negotiate
authentication - not what gets passed via CGI/other API.

(BTW you should never use BASIC authentication over a non-SSL
connection - use digest instead - but this still won't protect against
MITM attacks)

C.
Dec 24 '07 #2
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

12
header()
by: Simone | last post by:
hi, why don't work this script? <?php if(!isset($PHP_AUTH_USER)) { header ('WWW-authenticate: basic realm="Area Privata"'); header ("Status: 401 Unauthorized"); echo "Non sei autorizzato";
PHP
4
IIS Auth
by: Hayden Kirk | last post by:
Hi I was wondering how I could get the username of the user that is logged in though the auth of IIS... Is also a way where I can get information on the current user from Active Directory, is...
PHP
1
Basic WWW Authentication function fails
by: Phil Powell | last post by:
/*-------------------------------------------------------------------------------------------- This function will utilize the ability to use HTTP-based WWW Authentication, checking for the global...
PHP
5
PHP4.3 - PHP_AUTH_USER and PHP_AUTH_PW are empty
by: BT3 | last post by:
(newbie) I have taken some code directly out of a book: <?php // if we are using IIS, we need to set $PHP_AUTH_USER and $PHP_AUTH_PW if (substr($SERVER_SOFTWARE, 0, 9) == 'Microsoft' &&...
PHP
0
Question on HTTP_AUTHORIZATION header..
by: Amit Lele | last post by:
Hi, Is there any manner in which I can reset the HTTP_AUTHORIZATION header? Here's why I would like to reset it :- My application uses IIS's basic authentication? I do not want the request...
ASP.NET
1
Passing the HTTP_AUTHORIZATION header
by: Charles | last post by:
I have a production server that has ichain working on it that authenticates users. On this production server I have a web page (.asp) that can display the results of...
ASP.NET
0
A question about HTTP_AUTHORIZATION
by: Charles | last post by:
Is it possible to forward the HTTP_AUTHORIZATION server variable to another web site? The setup follows Server Production The production server has a portal that returns the userid and password...
ASP.NET
1
Change in Request("HTTP_AUTHORIZATION") from W2k to W2k3?
by: Bob Murdoch | last post by:
I just moved my website from a Win2000 server to a Win2003 server. On the old server, we would prompt for the user name and password via the WWW-Authenticate header, retrieve the Base64 values...
ASP / Active Server Pages
1
PHP_AUTH_* doesn't work on Apache?
by: yawnmoth | last post by:
I was trying to test the following PHP script and am having some difficulty: <?php if (empty($_SERVER) || empty($_SERVER)) { header('WWW-Authenticate: Basic realm="Admin Control Panel"');...
PHP
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!