Description by link:
When using Apache's Basic Auth together with php in FastCGI Mode, the credentials of the User do not get passed to the PHP Script. When I configure FastCGI to pass the Authentication Headers (-pass-header Authorization), these get passed to the script, but they are ignored by PHP. This is because in cgi_main.c only the Env-Var "HTTP_AUTHORIZATION" gets checked and not "Authorization" which seems to be the correct Header value (at least with apache2). All the apache Handler correctly use that header to set the Authentication Env-Vars. Could the cgi handler also check for that header?
Solution:
-
1. create file .htaccess in the root of your PHP software with the following content:
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
</IfModule>
-
2. change variables PHP_AUTH_USER and PHP_AUTH_PW to new variables
$_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] inside your PHP scripts.
-
3. add before authentication code inside your PHP script the following lines:
if(preg_match('/Basic+(.*)$/i', $_SERVER['REDIRECT_HTTP_AUTHORIZATION'], $matches))
{
list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':' , base64_decode(substr($_SERVER['REDIRECT_HTTP_AUTHORIZATION'], 6)));
}
Example: fix (patch) for PhpWiki (1.2.10) to work with FastCGI PHP mode with Apache 1.3:
# Author: Stepan A. Baranov (rosmir@gmail.com)
# web-site: www.rosmir.org
diff -u ./admin.php.orig ./admin.php
--- ./admin.php.orig
+++ ./admin.php
@@ -18,9 +18,16 @@
exit;
}
+// ADDED by rosmir@gmail.com
+if(preg_match('/Basic+(.*)$/i', $_SERVER['REDIRECT_HTTP_AUTHORIZATION'], $matches))
+{
+ list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':' , base64_decode(substr($_SERVER['REDIRECT_HTTP_AUTHORIZATION'], 6)));
+}
+// END ADDED by rosmir@gmail.com
+
// From the manual, Chapter 16
- if (($PHP_AUTH_USER != $wikiadmin ) ||
- ($PHP_AUTH_PW != $adminpasswd)) {
+ if (($_SERVER['PHP_AUTH_USER'] != $wikiadmin ) ||
+ ($_SERVER['PHP_AUTH_PW'] != $adminpasswd)) {
Header("WWW-Authenticate: Basic realm=\"PhpWiki\"");
Header("HTTP/1.0 401 Unauthorized");
echo gettext("You entered an invalid login or password.");
For more see link
|
©2009 Rosmir - Stepan A. Baranov
$Id: FastCGI.html 414 2009-01-06 21:49:58Z rosmir $
|
|