Description by link:
When using Apache's Basic Auth together with php in FastCGI Mode, the credentials of the User do not get passed to the PHP Script. When I configure FastCGI to pass the Authentication Headers (-pass-header Authorization), these get passed to the script, but they are ignored by PHP. This is because in cgi_main.c only the Env-Var "HTTP_AUTHORIZATION" gets checked and not "Authorization" which seems to be the correct Header value (at least with apache2). All the apache Handler correctly use that header to set the Authentication Env-Vars. Could the cgi handler also check for that header?
Solution:
1. create file .htaccess in the root of your PHP software with the following content:
<IfModule mod_rewrite.c> RewriteEngine on RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L] </IfModule>
2. change variables PHP_AUTH_USER and PHP_AUTH_PW to new variables
$_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] inside your PHP scripts.
3. add before authentication code inside your PHP script the following lines:
if(preg_match('/Basic+(.*)$/i', $_SERVER['REDIRECT_HTTP_AUTHORIZATION'], $matches)) {
list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':' , base64_decode(substr($_SERVER['REDIRECT_HTTP_AUTHORIZATION'], 6)));
}
Example: fix (patch) for PhpWiki (1.2.10) to work with FastCGI PHP mode with Apache 1.3:
# Author: Stepan A. Baranov (rosmir@gmail.com) # web-site: www.rosmir.org diff -u ./admin.php.orig ./admin.php --- ./admin.php.orig +++ ./admin.php @@ -18,9 +18,16 @@ exit; } +// ADDED by rosmir@gmail.com +if(preg_match('/Basic+(.*)$/i', $_SERVER['REDIRECT_HTTP_AUTHORIZATION'], $matches)) +{
+ list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':' , base64_decode(substr($_SERVER['REDIRECT_HTTP_AUTHORIZATION'], 6)));
+} +// END ADDED by rosmir@gmail.com + // From the manual, Chapter 16 - if (($PHP_AUTH_USER != $wikiadmin ) || - ($PHP_AUTH_PW != $adminpasswd)) { + if (($_SERVER['PHP_AUTH_USER'] != $wikiadmin ) || + ($_SERVER['PHP_AUTH_PW'] != $adminpasswd)) { Header("WWW-Authenticate: Basic realm=\"PhpWiki\""); Header("HTTP/1.0 401 Unauthorized"); echo gettext("You entered an invalid login or password.");
For more see link
©2009 Rosmir - Stepan A. Baranov
$Id: FastCGI.html 414 2009-01-06 21:49:58Z rosmir $