Preserved Topic: apache authentication - get username (Page 1 of 1) $Pages that link to <a href="https://ozoneasylum.com/backlink?for=21049" title="Pages that link to Preserved Topic: apache authentication - get username (Page 1 of 1)" rel="nofollow" >Preserved Topic: apache authentication - get username <span class="small">(Page 1 of 1)</span>\$

GRUMBLE Paranoid (IV) Mad Scientist From: Omicron Persei 8 Insane since: Oct 2000	posted 01-09-2002 16:26 i just wondered, when i protect something on my webserver using apache's htaccess is it possible to get the logged in user into a PHP variable? (what about the password?)
mr.maX Maniac (V) Mad Scientist From: Belgrade, Serbia Insane since: Sep 2000	posted 01-09-2002 19:14 http://www.php.net/manual/en/features.http-auth.php
GRUMBLE Paranoid (IV) Mad Scientist From: Omicron Persei 8 Insane since: Oct 2000	posted 01-09-2002 20:09 thanks max. this requires php as a apache cgi module. so i'll have to configure that first... (do i have to uninstall first or can i do that on the fly?) edit: uhhh i noticed i am missing that file: php4apache.dll im downloading the new php version now. [This message has been edited by GRUMBLE (edited 01-09-2002).]
GRUMBLE Paranoid (IV) Mad Scientist From: Omicron Persei 8 Insane since: Oct 2000	posted 01-09-2002 20:54 i got it to work now. now isnt that a security risk? so easy can you get one's password... shakeshead
jiblet Paranoid (IV) Inmate From: Minneapolis, MN, USA Insane since: May 2000	posted 01-09-2002 20:55 I'm pretty sure you don't need PHP as a CGI module. Do your regular .htaccess/.htpasswd configuration to force authentication. Then Apache will pass the logged in username to the environment variable $PHP_AUTH_USER. I guess the preferred way to access that would be (correct me if I'm wrong Max): getenv('PHP_AUTH_USER'); Also of interest, if you want to force a re-login send these headers: header('WWW-Authenticate: Basic realm="Realm for display purposes"'); header('HTTP/1.0 401 Unauthorized'); -jiblet
mr.maX Maniac (V) Mad Scientist From: Belgrade, Serbia Insane since: Sep 2000	posted 01-09-2002 22:33 Regarding that Apache module vs. CGI module thing, this is the quote from PHP manual: The HTTP Authentication hooks in PHP are only available when it is running as an Apache module and is hence not available in the CGI version. Also, you can't use getenv() function in this case. You must use predefined variables $PHP_AUTH_USER, $PHP_AUTH_PW and $PHP_AUTH_TYPE ...

Preserved Topic: apache authentication - get username (Page 1 of 1) $Pages that link to <a href="https://ozoneasylum.com/backlink?for=21049" title="Pages that link to Preserved Topic: apache authentication - get username (Page 1 of 1)" rel="nofollow" >Preserved Topic: apache authentication - get username <span class="small">(Page 1 of 1)</span>\$

GRUMBLE
Paranoid (IV) Mad Scientist

From: Omicron Persei 8
Insane since: Oct 2000

posted 01-09-2002 16:26

i just wondered, when i protect something on my webserver using apache's htaccess is it possible to get the logged in user into a PHP variable? (what about the password?)

mr.maX
Maniac (V) Mad Scientist

From: Belgrade, Serbia
Insane since: Sep 2000

posted 01-09-2002 19:14

http://www.php.net/manual/en/features.http-auth.php

GRUMBLE
Paranoid (IV) Mad Scientist

From: Omicron Persei 8
Insane since: Oct 2000

posted 01-09-2002 20:09

thanks max. this requires php as a apache cgi module.
so i'll have to configure that first... (do i have to uninstall first or can i do that on the fly?)

edit: uhhh i noticed i am missing that file: php4apache.dll
im downloading the new php version now.

[This message has been edited by GRUMBLE (edited 01-09-2002).]

GRUMBLE
Paranoid (IV) Mad Scientist

From: Omicron Persei 8
Insane since: Oct 2000

posted 01-09-2002 20:54

i got it to work now.

now isnt that a security risk?
so easy can you get one's password... *shakeshead*

jiblet
Paranoid (IV) Inmate

From: Minneapolis, MN, USA
Insane since: May 2000

posted 01-09-2002 20:55

I'm pretty sure you don't need PHP as a CGI module. Do your regular .htaccess/.htpasswd configuration to force authentication. Then Apache will pass the logged in username to the environment variable $PHP_AUTH_USER. I guess the preferred way to access that would be (correct me if I'm wrong Max):

getenv('PHP_AUTH_USER');

Also of interest, if you want to force a re-login send these headers:

header('WWW-Authenticate: Basic realm="Realm for display purposes"');
header('HTTP/1.0 401 Unauthorized');

-jiblet

mr.maX
Maniac (V) Mad Scientist

From: Belgrade, Serbia
Insane since: Sep 2000

posted 01-09-2002 22:33

Regarding that Apache module vs. CGI module thing, this is the quote from PHP manual:

The HTTP Authentication hooks in PHP are only available when it is running as an Apache module and is hence not available in the CGI version.

Also, you can't use getenv() function in this case. You must use predefined variables $PHP_AUTH_USER, $PHP_AUTH_PW and $PHP_AUTH_TYPE ...