$_server['php_auth_user']

gregshelpdesk · 2009-07-29 11:34:14 UTC

Hi Guys,

I already know that the PHP version running at Dreamhost is somehow different, some functions not working, like fopen() with URL (worked around using cURL).
Now, I discovered one more function that does not work. I presume there is an another workaround for this. Or I’m missing someting…

What is a PHP function that does work at Dreamhost and returns username of a member who is at the moment surfing members’ area, authenticated by simple .htaccess/.htpasswd?

The .htaccess/.htpasswd protection of my numerous member’s areas works just fine on my Deamhost PS.

I tried $_SERVER[‘PHP_AUTH_USER’] and it didn’t work, comes out empty.
$_SERVER[‘PHP_AUTH_PW’] the same.

I’m trying to program a simple anti-abuse solution, reading IPs and users, to see how many concurrent IPs are acessing as the same user.

Thanks!
G.

www.SaintPaulGirls.com, www.g18spot.com, www.g18hdtv.com, www.18club.com, www.Forum18.com

Atropos7 · 2009-07-29 19:24:34 UTC

From the online documentation:

“The HTTP Authentication hooks in PHP are only available when it is running as an Apache module and is hence not available in the CGI version. In an Apache module PHP script, it is possible to use the header() function to send an “Authentication Required” message to the client browser causing it to pop up a Username/Password input window. Once the user has filled in a username and a password, the URL containing the PHP script will be called again with the predefined variables PHP_AUTH_USER, PHP_AUTH_PW, and AUTH_TYPE set to the user name, password and authentication type respectively. These predefined variables are found in the $_SERVER and $HTTP_SERVER_VARS arrays. Both “Basic” and “Digest” (since PHP 5.1.0) authentication methods are supported. See the header() function for more information.”

DreamHost doesn’t provide mod_php support anymore so you’re going to have to rely on Apache. The Apache documentation hides the list of environment variables available in the mod_rewrite documentation, and the authenticated username is stored in REMOTE_USER (ie like REMOTE_ADDR and REMOTE_HOST) and there is no variable for the password nor can your CGI interfere with Apache’s handling of the authentication process (its taking care of before your CGI is invoked).

Customer since 2000 openvein.org