3

I Cannot get the basic HTTP Authentication to work in PHP which is installed and working as FCGI. It works perfectly when PHP is installed as a module though.

Is there any way I can get it to work ???

I am running PHP Version 5.2.6 in ubuntu.

<?Php 
if ( !$_SERVER['PHP_AUTH_USER'] ) {
    $this->getResponse()->setHeader('WWW-Authenticate',  'Basic realm="Testing"');
    $this->getResponse()->setBody('Unauthorized');
    $this->getResponse()->setHttpResponseCode(401);
} else { 
    var_dump($_SERVER['PHP_AUTH_USER']);
    var_dump($_SERVER['PHP_AUTH_PW']);
}

I did try 

[Rewrite rule on .htaccess]
 RewriteEngine on
 RewriteRule .* - [E=REMOTE_USER:%{HTTP:Authorization},L]

[user:pass on PHP-script]
list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':',     base64_decode(substr($_SERVER['REDIRECT_REMOTE_USER'], 6)));

but it doesnt seem to be working.

ro ko
  • 2,736
  • 2
  • 34
  • 54
  • FWIW, I have researched the same thing recently and it seems that it just doesn't work. I'd love it if someone could come back with a solution here though. – deceze Oct 25 '11 at 04:39
  • Your first code fragment looks like part of a method - but there's no class? – symcbean Oct 25 '11 at 08:39

2 Answers2

8

Delete your .htaccess and write a new one with this line:

SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0

and your PHP will work fine.

Peter Kalef ' DidiSoft
  • 1,364
  • 14
  • 19
  • I just added it as the first line in my `.htaccess` and it worked too. – Martijn Jul 27 '16 at 11:04
  • Using your snippet, I get the basic auth header. But not the authenticated user as `PHP_AUTH_USER` would. – Daniel Jun 19 '19 at 07:19
  • 1
    In case of my QNAP NAS I also needed to add the php code from https://stackoverflow.com/a/53196779. So the variable $_SERVER['REDIRECT_HTTP_AUTHORIZATION'] was set in my case which must be parsed on your own as it seems - using php 7.3.7 fcgi – John Doe Dec 27 '19 at 19:58
1

You need to pass $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] to PHP FCGI manually. The CGI protocol simply does not support those variables.

If you still want to use those, I found something interesting (and confirming what I just said) on http://be2.php.net/manual/en/features.http-auth.php#108132

maartenh
  • 188
  • 11