Missing authentication variables PHP_AUTH_USER etc.

Re: Missing authentication variables PHP_AUTH_USER etc.

Bernard Higonnet wrote:[color=blue]
> I'm running Apache/2.0.52 (Unix) mod_perl/1.99_16 Perl/v5.8.5 PHP/5.0.1
> under FreeBSD 4.11-RELEASE #0.
>
> I suddenly (sic) no longer have PHP_AUTH_USER, PHP_AUTH_PW, and AUTH_TYPE or
> REMOTE_USER or any such variables. They do not show up in phpinfo() nor do
> they work as expected programmaticall y.
>
> I used to have them a few weeks ago.
>
> I have not changed any of versionned packages shown above in months.
>
> My Apache authentication directives taken from server-info (unchanged
> AFAIcanremember ) are:
>
> <Directory "/usr/local/apache2/htdocs/pictures">
> AuthType Basic
> AuthName "family server"
> Require valid-user
> Options Indexes FollowSymLinks MultiViews
> AllowOverride None
> </Directory>[/color]

I think you should have a "AuthUserFi le" option in there. Otherwise
Apache wouldn't know any "valid-user".

But I don't understand how you can access the directory, if the
missing option is your problem. My Apache returns a status 500, if it
is missing the passwordfile when the browser tries to authenticate. So
it could be something else.

[snip]

/Bent

Re: Missing authentication variables PHP_AUTH_USER etc.

Bent Stigsen wrote:
[color=blue]
> Bernard Higonnet wrote:[color=green]
>> I'm running Apache/2.0.52 (Unix) mod_perl/1.99_16 Perl/v5.8.5 PHP/5.0.1
>> under FreeBSD 4.11-RELEASE #0.
>>
>> I suddenly (sic) no longer have PHP_AUTH_USER, PHP_AUTH_PW, and AUTH_TYPE
>> or REMOTE_USER or any such variables. They do not show up in phpinfo()
>> nor do they work as expected programmaticall y.
>>
>> I used to have them a few weeks ago.
>>
>> I have not changed any of versionned packages shown above in months.
>>
>> My Apache authentication directives taken from server-info (unchanged
>> AFAIcanremember ) are:
>>
>> <Directory "/usr/local/apache2/htdocs/pictures">
>> AuthType Basic
>> AuthName "family server"
>> Require valid-user
>> Options Indexes FollowSymLinks MultiViews
>> AllowOverride None
>> </Directory>[/color]
>
> I think you should have a "AuthUserFi le" option in there. Otherwise
> Apache wouldn't know any "valid-user".
>
> But I don't understand how you can access the directory, if the
> missing option is your problem. My Apache returns a status 500, if it
> is missing the passwordfile when the browser tries to authenticate. So
> it could be something else.[/color]

There is a "AuthUserFi le" option in the config file. This I know because
it's there, and because it does ask for a password and that works as it
should. I thought by posting the server-info this would be better than
showing the config file lines, but server-info doesn't show the file,
perhaps because showing it is bad from a security point of view...?

Bernard Higonnet

Re: Missing authentication variables PHP_AUTH_USER etc.

Bernard Higonnet wrote:
[snip][color=blue]
> There is a "AuthUserFi le" option in the config file. This I know because
> it's there, and because it does ask for a password and that works as it
> should. I thought by posting the server-info this would be better than
> showing the config file lines, but server-info doesn't show the file,
> perhaps because showing it is bad from a security point of view...?[/color]

Ok, it makes sense that it should work since the request gets passed
along to the PHP-interpreter.

Just to confirm that PHP gets the information it needs, try:
<?php
print_r(apache_ request_headers ());
?>

Verify the presence and content of the Authorization-header. Its
content should be something like "Basic Zm9vOmZvby4u", where the
gibberish is base64 encoded "user:pass" .


/Bent