CODEWITHSUNDEEP
phpapachefastcgi
ro ko
ro ko

Reputation: 2986

HTTP Authentication with PHP running as FCGI

I Cannot get the basic HTTP Authentication to work in PHP which is installed and working as FCGI. It works perfectly when PHP is installed as a module though.

Is there any way I can get it to work ???

I am running PHP Version 5.2.6 in ubuntu.

<?Php 
if ( !$_SERVER['PHP_AUTH_USER'] ) {
    $this->getResponse()->setHeader('WWW-Authenticate',  'Basic realm="Testing"');
    $this->getResponse()->setBody('Unauthorized');
    $this->getResponse()->setHttpResponseCode(401);
} else { 
    var_dump($_SERVER['PHP_AUTH_USER']);
    var_dump($_SERVER['PHP_AUTH_PW']);
}

I did try 

[Rewrite rule on .htaccess]
 RewriteEngine on
 RewriteRule .* - [E=REMOTE_USER:%{HTTP:Authorization},L]

[user:pass on PHP-script]
list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':',     base64_decode(substr($_SERVER['REDIRECT_REMOTE_USER'], 6)));

but it doesnt seem to be working.

Upvotes: 4

Views: 6531

Answers (3)

Max
Max

Reputation: 160

Thanks to the comment from @john-doe this one worked for me:

in .htaccess (IfModule mod_rewrite.c)

SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0

RewriteEngine on

RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]

in PHP

if (preg_match ( '/Basic+(.*)$/i', $_SERVER ['REDIRECT_HTTP_AUTHORIZATION'], $matches )) {
        list ( $_SERVER ['PHP_AUTH_USER'], $_SERVER ['PHP_AUTH_PW'] ) = explode ( ':', base64_decode ( substr ( $_SERVER ['REDIRECT_HTTP_AUTHORIZATION'], 6 ) ) );
    }

    if (! isset ( $_SERVER ['PHP_AUTH_USER'] ) || empty ( $_SERVER ['PHP_AUTH_USER'] )) {
        header ( 'WWW-Authenticate: Basic realm="WFS"' );
        header ( 'HTTP/1.0 401 Unauthorized' );
        echo 'My protected realm!';
        exit ();
    }
    else {
        

        $error = $loginModel->login ( $_SERVER ['PHP_AUTH_USER'], $_SERVER ['PHP_AUTH_PW'] );
        if ($error == 0 && Authentication::checkModulRights ( __CLASS__ ) == true) {
            // user is valid
        }
        else {
            header ( 'WWW-Authenticate: Basic realm="My realm"' );
            header ( 'HTTP/1.0 401 Unauthorized' );
            exit ();
        }
    }

Upvotes: 0

Peter Kalef &#39; DidiSoft
Peter Kalef &#39; DidiSoft

Reputation: 1464

Delete your .htaccess and write a new one with this line:

SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0

and your PHP will work fine.

Upvotes: 10

maartenh
maartenh

Reputation: 188

You need to pass $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] to PHP FCGI manually. The CGI protocol simply does not support those variables.

If you still want to use those, I found something interesting (and confirming what I just said) on https://www.php.net/manual/en/features.http-auth.php#108132

Upvotes: 1

Related Questions