vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   Programming Articles (https://vborg.vbsupport.ru/forumdisplay.php?f=188)
-   -   Getting HTTP Authorization to work with PHP CGI mode (https://vborg.vbsupport.ru/showthread.php?t=128537)

TECK 10-07-2006 10:00 PM
Getting HTTP Authorization to work with PHP CGI mode
 
This tutorial is vBulletin.org and cPublisher.com copywrited. All rights reserved.
Please ask permission in this thread to copy the tutorial. If granted, post a link that points to this page.

As you all know, using PHP-CGI is more secure then the ole Apache module flavour.
However, with PHP-CGI you cannot use anymore real user authentification, based on a .htaccess/.htpasswd file.

The fix is really easy (and secure), all you need is to have Apache mod_rewrite enabled.

Create a .htaccess file, with the content:
Code:
RewriteEngine On

... your RewriteCond/RewriteRules here ...

RewriteRule .* - [E=REMOTE_USER:%{HTTP:Authorization},L]
Make sure the line above is the last one in your .htaccess file, if you already have one in place.
Then, in your PHP file, use:
PHP Code:
<?php

$auth base64_decode(substr($_SERVER['REMOTE_USER'], 6));
if (strlen($auth) > OR strcasecmp($auth':') > 0)
{
    list($name$password) = explode(':'$auth);
    $_SERVER['PHP_AUTH_USER'] = $name;
    $_SERVER['PHP_AUTH_PW'] = $password;

    $user_authorized true;
}
else
{
    header('WWW-Authenticate: Basic realm="My Realm"');
    header('HTTP/1.0 401 Unauthorized');
    echo 'Go away!';
}

if ($user_authorized)
{
    // do your thing here ...
}

?>
I needed this for the apc.php file, running on my server PHP 5.1.6 with FastCGI mode enabled.
For those who want to fix the apc.php file, find:
PHP Code:
// authentication needed?
//
if (!USE_AUTHENTICATION) {
    $AUTHENTICATED=1;
} else {
    $AUTHENTICATED=0;
    if (ADMIN_PASSWORD!='password' && ($MYREQUEST['LO'] == || isset($_SERVER['PHP_AUTH_USER']))) { 
Replace with:
PHP Code:
// authentication needed?
//
if (!USE_AUTHENTICATION)
{
    $AUTHENTICATED 1;
}
else
{
    $auth base64_decode(substr($_SERVER['REMOTE_USER'], 6));
    if (strlen($auth) > OR strcasecmp($auth':') > 0)
    {
        list($name$password) = explode(':'$auth);
        $_SERVER['PHP_AUTH_USER'] = $name;
        $_SERVER['PHP_AUTH_PW'] = $password;
    }

    $AUTHENTICATED 0;
    if (ADMIN_PASSWORD!='password' && ($MYREQUEST['LO'] == || isset($_SERVER['PHP_AUTH_USER']))) { 


All times are GMT. The time now is 09:34 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01800 seconds
  • Memory Usage 1,725KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_code_printable
  • (3)bbcode_php_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (1)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete