Go Back   vb.org Archive > vBulletin Article Depository > Read An Article > Programming Articles
Reload this Page Getting HTTP Authorization to work with PHP CGI mode
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools
Getting HTTP Authorization to work with PHP CGI mode
TECK's Avatar
TECK
Join Date: Nov 2001
Posts: 4,182

 

Canada
Show Printable Version Email this Page Subscription
TECK TECK is offline 10-07-2006, 10:00 PM
This tutorial is vBulletin.org and cPublisher.com copywrited. All rights reserved.
Please ask permission in this thread to copy the tutorial. If granted, post a link that points to this page.

As you all know, using PHP-CGI is more secure then the ole Apache module flavour.
However, with PHP-CGI you cannot use anymore real user authentification, based on a .htaccess/.htpasswd file.

The fix is really easy (and secure), all you need is to have Apache mod_rewrite enabled.

Create a .htaccess file, with the content:
Code:
RewriteEngine On

... your RewriteCond/RewriteRules here ...

RewriteRule .* - [E=REMOTE_USER:%{HTTP:Authorization},L]
Make sure the line above is the last one in your .htaccess file, if you already have one in place.
Then, in your PHP file, use:
PHP Code:
<?php

$auth base64_decode(substr($_SERVER['REMOTE_USER'], 6));
if (strlen($auth) > OR strcasecmp($auth':') > 0)
{
    list($name$password) = explode(':'$auth);
    $_SERVER['PHP_AUTH_USER'] = $name;
    $_SERVER['PHP_AUTH_PW'] = $password;

    $user_authorized true;
}
else
{
    header('WWW-Authenticate: Basic realm="My Realm"');
    header('HTTP/1.0 401 Unauthorized');
    echo 'Go away!';
}

if ($user_authorized)
{
    // do your thing here ...
}

?>
I needed this for the apc.php file, running on my server PHP 5.1.6 with FastCGI mode enabled.
For those who want to fix the apc.php file, find:
PHP Code:
// authentication needed?
//
if (!USE_AUTHENTICATION) {
    $AUTHENTICATED=1;
} else {
    $AUTHENTICATED=0;
    if (ADMIN_PASSWORD!='password' && ($MYREQUEST['LO'] == || isset($_SERVER['PHP_AUTH_USER']))) { 
Replace with:
PHP Code:
// authentication needed?
//
if (!USE_AUTHENTICATION)
{
    $AUTHENTICATED 1;
}
else
{
    $auth base64_decode(substr($_SERVER['REMOTE_USER'], 6));
    if (strlen($auth) > OR strcasecmp($auth':') > 0)
    {
        list($name$password) = explode(':'$auth);
        $_SERVER['PHP_AUTH_USER'] = $name;
        $_SERVER['PHP_AUTH_PW'] = $password;
    }

    $AUTHENTICATED 0;
    if (ADMIN_PASSWORD!='password' && ($MYREQUEST['LO'] == || isset($_SERVER['PHP_AUTH_USER']))) { 
Reply With Quote
Reply

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 07:10 AM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.03344 seconds
  • Memory Usage 2,203KB
  • Queries Executed 14 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)bbcode_code
  • (3)bbcode_php
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_article
  • (1)navbar
  • (4)navbar_link
  • (120)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete