[geeklog-devel] Atom WebServices and Hosted Server Authentication

Blaine Lang devel at portalparts.com
Sat Dec 1 13:29:03 EST 2007


On my hosted server, I was not seeing the variable 
$_SERVER['PHP_AUTH_USER'] set.

Server Environment is PHP 5.2.4 on Linux. Server PHP API is reporting 
CGI/FastCGI

Doing some googling, I found the following .htaccess fix to pass in the 
authentication credentials
<<>>
RewriteEngine on
RewriteRule .* - [E=REMOTE_USER:%{HTTP:Authorization},L]
RewriteCond %{HTTP:Authorization} username=\"([^\"]+)\"
<<.>>

I then had to modify system/lib-webservices WS_authenticate function to 
test for $_SERVER['REMOTE_USER']

    if (isset($_SERVER['PHP_AUTH_USER'])) {
        $username = $_SERVER['PHP_AUTH_USER'];
        $password = $_SERVER['PHP_AUTH_PW'];

        $status = SEC_authenticate($username, $password, $uid);
    } elseif (!empty($_SERVER['REMOTE_USER'])) {
        /* PHP installed as CGI may not have access to authorization 
headers of
         * Apache. In that case, use .htaccess to store the auth header as a
         * request variable called gl_auth_digest
         */
        list($auth_type, $auth_data) = explode(' ', 
$_SERVER['REMOTE_USER']);
        list($username, $password) = explode(':', 
base64_decode($auth_data));
        $status = SEC_authenticate($username, $password, $uid);
    } else {
        return;
    }

Ramnath, I noticed you were testing for $_REQUEST['gl_auth_header'] - 
how would this variable be set?
You may have wanted to use a similar .htaccess mod but then be setting 
$_REQUEST['gl_auth_header'] instead of $_SERVER['REMOTE_USER']

Please advise.

Regards,
Blaine



More information about the geeklog-devel mailing list