Reply to http authentication with safe mode enabled?!

Your name:

Reply:


Posted by Roman Stφckl-Schmidt on 03/20/05 14:46

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi to you all.

I've been pulling my hair out over this issue and I really hope YOU can
help me. A part of the website that I'm having the problems with should
be password protected (nothing much, just to have a slight notion of it
not being publicly available, so no SSL or other Stuff) so I wrote this
function based on an example from the php manual which does just that.

Problem is that on my ISPs server safe_mode is enabled and so as it says
in the manual:

| As of PHP 4.3.0, in order to prevent someone from writing a script
| which reveals the password for a page that was authenticated through
| a traditional external mechanism, the PHP_AUTH variables will not be
| set if external authentication is enabled for that particular page
| and safe mode is enabled. Regardless, REMOTE_USER can be used to
| identify the externally-authenticated user. So, you can use
| $_SERVER['REMOTE_USER'].

My code looks like this:

function auth($file) {
$username = $_SERVER['PHP_AUTH_USER'];
$password = $_SERVER['PHP_AUTH_PW'];
$http_401 = './auth/unauthorized.html';
$realm = 'Intern';
if (!isset($username) || !isset($password)) {
header("WWW-Authenticate: Basic realm=\"$realm\"");
header('HTTP/1.0 401 Unauthorized');
include $http_401;
} else {
if (($username != 'XXXXXXX') && (crypt($password, 'XX') !=
'XXXXXXXXXXXXX')) {
include $http_401;
} else {
include $file;
}
~ }
}

Now as you can see I'm also checking wether there was no password
entered in contrast to the example from the manual. Of course I could
leave that part out and set

$username = $_SERVER['REMOTE_USER'];

But how the hell am I supposed to check for a correct password if
$_SERVER['PHP_AUTH_PW'] is not set? If safe mode is disabled everything
works just fine (checked on my on box with apache 1.3), so in theory
it's working.

Please help me guys I'd be grateful for any help provided.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCPXCen0kyIx7rF68RAmq5AJsHC5HIm4lvnHp3gbOVVR0NcArTkwCgj7y5
8cU2qnxDeeWaDDIeFElroQk=
=F0Wq
-----END PGP SIGNATURE-----

[Back to original message]


УдалСнная Ρ€Π°Π±ΠΎΡ‚Π° для программистов  •  Как Π·Π°Ρ€Π°Π±ΠΎΡ‚Π°Ρ‚ΡŒ Π½Π° Google AdSense  •  England, UK  •  ΡΡ‚Π°Ρ‚ΡŒΠΈ Π½Π° английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Π‘Π°ΠΉΡ‚ ΠΈΠ·Π³ΠΎΡ‚ΠΎΠ²Π»Π΅Π½ Π² Π‘Ρ‚ΡƒΠ΄ΠΈΠΈ Π’Π°Π»Π΅Π½Ρ‚ΠΈΠ½Π° ΠŸΠ΅Ρ‚Ρ€ΡƒΡ‡Π΅ΠΊΠ°
ΠΈΠ·Π³ΠΎΡ‚ΠΎΠ²Π»Π΅Π½ΠΈΠ΅ ΠΈ ΠΏΠΎΠ΄Π΄Π΅Ρ€ΠΆΠΊΠ° Π²Π΅Π±-сайтов, Ρ€Π°Π·Ρ€Π°Π±ΠΎΡ‚ΠΊΠ° ΠΏΡ€ΠΎΠ³Ρ€Π°ΠΌΠΌΠ½ΠΎΠ³ΠΎ обСспСчСния, поисковая оптимизация