Current time: 04-27-2015, 01:42 PM Hello There, Guest! (LoginRegister)

Post Reply 
PHP and PHP_AUTH_USER
02-11-2007, 07:09 AM
Post: #1
PHP and PHP_AUTH_USER
Hi Guys and Gals,

Looking for some advice. I'm trying implement a simple authentication system in PHP, and I'm checking for the existence of the $_SERVER['PHP_AUTH_USER'] variable, but no matter what I do it appears that PHP isnt populating this variable.

I have my domain setup as PHP 5.1.2 (not FastCGI)

Does anyone have any reasons why this would be the case?

Cheers,

Ben
Find all posts by this user
Quote this message in a reply
02-11-2007, 07:21 AM
Post: #2
PHP and PHP_AUTH_USER
What you are experiencing is normal if using the default Dreamhost installation of PHP, as it runs as PHP-CGI (as your user, under suexec). As such, those variables are *not* populated.

Additional info can be found on php.net in the PHP manual section on HTTP authentication with PHP.

--rlparker
Find all posts by this user
Quote this message in a reply
02-20-2007, 08:11 AM
Post: #3
PHP and PHP_AUTH_USER
Okay, that makes sense.

If this is the case, how would I implement HTTP Authentication in PHP if these variables are not populated?
Find all posts by this user
Quote this message in a reply
02-20-2007, 09:11 AM
Post: #4
PHP and PHP_AUTH_USER
Ben
Unfortunately, the "short answer" is that you can't. This is one of the limitations of running PHP as CGI. Sad

You will either need to run mod_php, or use a different method of authentication.

Good eaxmples of working around this are found in any of the common open-source CMS systems, which implement their own authentication wholly in PHP, or in the many publicly available php classes that are available on the web.

--rlparker
Find all posts by this user
Quote this message in a reply
02-20-2007, 10:02 AM
Post: #5
PHP and PHP_AUTH_USER
Okay, one last effort:

If PHP doesnt have these variables populated, does Apache? Could I not use some mod_rewrite trickery to pass these through as environment variables, or does Apache not set these either?

Edit:
You mentioned I would need to run mod_php: is this possible with the shared hsoting on dreamhost? Would dedicated hosting provide "real" apache and PHP support ("real" in the sense that this is the first time I've ever come across these limitations Smile )
Find all posts by this user
Quote this message in a reply
02-20-2007, 11:09 AM
Post: #6
PHP and PHP_AUTH_USER
Quote:If PHP doesnt have these variables populated, does Apache? Could I not use some mod_rewrite trickery to pass these through as environment variables, or does Apache not set these either?[quote]The DH Apache's *do* support http authentication, and you can certainly use it to, for instance, protect a directory from public access. I have no idea if there might be some way to munge together a way to get at the environment variable to implement a workaround; I'm sorry, this is just an area in which I have no expertise.[quote]ou mentioned I would need to run mod_php: is this possible with the shared hsoting on dreamhost? Would dedicated hosting provide "real" apache and PHP support ("real" in the sense that this is the first time I've ever come across these limitations Smile )
You *can*, at present, run mod_php on DH, though it is not officially supported, and there is no guarantee that this functionality will always be available. For more information on this, check out this page on PHP available on Dreamhost, paying particular attention to this link on that page.

As for what facilities dedicated hosting would provide, that is completely subject to the arrangements made with the hosting provided; I would think in most such environments you would be able to run mod_php if you wanted, but it *does* depend on what you contract for.

--rlparker
Find all posts by this user
Quote this message in a reply
02-20-2007, 10:10 PM
Post: #7
PHP and PHP_AUTH_USER
Funny you mention using "mod_rewrite trickery" to pass the HTTP authentication values to PHP. Have a look at the following:

http://www.stevenroddis.com.au/2006/12/0...-auth-cgi/

I have to warn you that I could not get this to work. I'm using a custom compiled version of PHP running as CGI; I don't know if this would make a difference -- I don't see why it would.

If this works for you, please let me know.
Visit this user's website Find all posts by this user
Quote this message in a reply
07-02-2007, 04:59 AM
Post: #8
PHP and PHP_AUTH_USER
Hi I did have the same problem and solved it for my case. This is what I found out.

foreach($HTTP_SERVER_VARS as $FieldName => $FieldValue ) echo $FieldName." - ".$FieldValue."
";

That way I found out there can be another variable:

$_SERVER["REDIRECT_REMOTE_USER"] which, in my case, contains the sought after value of $_SERVER["PHP_AUTH_USER"]

I host two sites at Dreamhost under the same account (Both PHP 4, no extra security) . On the standard one $_SERVER["PHP_AUTH_USER"] is filled correctly, on the other one it is not but $_SERVER["REDIRECT_REMOTE_USER"] is. This second site is under a different user than my standard Dreamhost account and therefore in a different directory altogether. Maybe this different directory and user causes it to be redirected by Dreamhost or Apache.

Hope this has helped. It certainly did for me.

I added:

if (isset($_SERVER["REDIRECT_REMOTE_USER"]) and $_SERVER["PHP_AUTH_USER"]=="") $_SERVER["PHP_AUTH_USER"]=$_SERVER["REDIRECT_REMOTE_USER"];

Kind regards,

Von Mises
Find all posts by this user
Quote this message in a reply
01-05-2009, 09:24 AM
Post: #9
PHP and PHP_AUTH_USER
I've used this trick: http://www.besthostratings.com/articles/...p-cgi.html

It works! Smile
Find all posts by this user
Quote this message in a reply
Post Reply 


Forum Jump: