[geeklog-devel] Atom WebServices and Hosted Server Authentication
Ramnath R Iyer
casual.dodo at gmail.com
Sat Dec 1 13:55:01 EST 2007
Hi,
First - is the problem fixed?
You're right; when I wrote this part of the code, I realized there would be a
problem with PHP running as a CGI script, but since I was working with a PHP
as an Apache module, I could not implement a solution then. What you have
done is precisely what I had in mind, except that I assumed that
the .htaccess file would set $_REQUEST['gl_auth_digest'] instead of
$_SERVER['REMOTE_USER'].
Thanks,
--
Ramnath R Iyer
On Saturday 01 December 2007 13:29:03 Blaine Lang wrote:
> On my hosted server, I was not seeing the variable
> $_SERVER['PHP_AUTH_USER'] set.
>
> Server Environment is PHP 5.2.4 on Linux. Server PHP API is reporting
> CGI/FastCGI
>
> Doing some googling, I found the following .htaccess fix to pass in the
> authentication credentials
> <<>>
> RewriteEngine on
> RewriteRule .* - [E=REMOTE_USER:%{HTTP:Authorization},L]
> RewriteCond %{HTTP:Authorization} username=\"([^\"]+)\"
> <<.>>
>
> I then had to modify system/lib-webservices WS_authenticate function to
> test for $_SERVER['REMOTE_USER']
>
> if (isset($_SERVER['PHP_AUTH_USER'])) {
> $username = $_SERVER['PHP_AUTH_USER'];
> $password = $_SERVER['PHP_AUTH_PW'];
>
> $status = SEC_authenticate($username, $password, $uid);
> } elseif (!empty($_SERVER['REMOTE_USER'])) {
> /* PHP installed as CGI may not have access to authorization
> headers of
> * Apache. In that case, use .htaccess to store the auth header as
> a * request variable called gl_auth_digest
> */
> list($auth_type, $auth_data) = explode(' ',
> $_SERVER['REMOTE_USER']);
> list($username, $password) = explode(':',
> base64_decode($auth_data));
> $status = SEC_authenticate($username, $password, $uid);
> } else {
> return;
> }
>
> Ramnath, I noticed you were testing for $_REQUEST['gl_auth_header'] -
> how would this variable be set?
> You may have wanted to use a similar .htaccess mod but then be setting
> $_REQUEST['gl_auth_header'] instead of $_SERVER['REMOTE_USER']
>
> Please advise.
>
> Regards,
> Blaine
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://eight.pairlist.net/mailman/listinfo/geeklog-devel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
URL: <https://pairlist8.pair.net/pipermail/geeklog-devel/attachments/20071201/a9936779/attachment.sig>
More information about the geeklog-devel
mailing list