PHP_AUTH_USER not getting set

software development

#1

I just signed up for dreamhost today and am moving all my php projects over. One of the snags I’ve hit is in a blog app that uses HTTP AUTH headers to manage login. I do this using the PHP_AUTH_USER attribute on the session data.

On the dreamhost servers, this attribute isn’t getting set. The script is designed to prompt for it if the value isn’t set, so it just keeps presenting the authentication dialog.

Here’s the code I’m using:

if (!isset($_SERVER[‘PHP_AUTH_USER’])) {
header(‘WWW-Authenticate: Basic realm="’.$realm.’"’);
header(‘HTTP/1.0 401 Unauthorized’);
print ‘Access Denied’;
exit;
} else {
$login = $_SERVER[‘PHP_AUTH_USER’];
$pass = $_SERVER[‘PHP_AUTH_PW’];

$val1 = array_search($login,$authusers);
$val2 = array_search($pass,$authpassw);

if ($val1===false || $val2===false || ($val1 !== $val2)) {
header(‘WWW-Authenticate: Basic realm="’.$realm.’"’);
header(‘HTTP/1.0 401 Unauthorized’);
print “Access Denied, $login”;
exit;
} else { //authorization succeeded
$AdminAuthorized = true;
}
}

Any suggestions on what’s causing this?


#2

Yep. DreamHost by default runs PHP-CGI, not mod_apache, and as stated in the PHP manual:

“The HTTP Authentication hooks in PHP are only available when it is running as an Apache module and is hence not available in the CGI version.”

–rlparker


#3

The default PHP in DH runs as CGI. If you want to use Authentication function, you need to switch to module.

To switch to PHP module, you may refer to this article in wiki

Save $97 (MAX Discount) with code: [color=#CC0000]97YES[/color] Sign Up NOW or More Codes here


#4

That method is one of the ways to deal with this issue, though you should note that this ability to use mod_php via a handler is “unsupported”, and could be removed by DreamHost at any time. :wink:

Because of that, I generally only recommend folks use this method to test if the problem is actually related to PHP-CGI vs mod_php (in this OP’s case, it most certainly is!) and, if at all possible, develop a different method of coding to eliminate the dependency on one mode or the other.

For instance, in some circumstances simply changing which environment variable is used will fix a “borken” program so that it will run properly in either mode; other situations may require more work (as in this poster’s case).

A couple of alternatives are available to him to make his code work in either php mode These include using a generic authentication module that does not require apache authentication and/or using one of the snippets of workaround code that are available for exactly this purpose (see the comment section of the PHP manual page I linked in my prior response).

Of course, if the “add handler” method works for now, and he is not worried about it suddenly breaking his site should DreamHost make it unavailable, your suggestion is probably the easiest “fix” for his problem. :slight_smile:

–rlparker


#5

Haiz…

Think about the solution again

If php mod is not stable in the future, I think he has to replace PHP_Auth with something else :frowning:

Save $97 (MAX Discount) with code: [color=#CC0000]97YES[/color] Sign Up NOW or More Codes here