Welcome Guest, Not a member yet? Register   Sign In
Need a little help with PHP_AUTH_(USER|PW)
#1

So this question is a little more about PHP I guess, than it is specific to CodeIgniter, but I figure theres a bunch of very smart people her, so ill try!

My application will authenticate using the username and password from wherever it can get it from, heres the basic code:
PHP Code:
// First check for any POST credentials..
if( self::$CI->input->post('username') AND self::$CI->input->post('password') )
{
    
$username   self::$CI->input->post('username');
    
$password   self::$CI->input->post('password');
}

// For command line purposes, check for HTTP auth credentials, if they
// exist, then set the username and password posts as those values
elseif((isset($_SERVER['PHP_AUTH_USER'])) AND (isset($_SERVER['PHP_AUTH_PW'])))
{
    
$username $_SERVER['PHP_AUTH_USER'];
    
$password $_SERVER['PHP_AUTH_PW'];


So that works perfect when using POST, or when using curl on the command line and specifying the credentials via --user.

What I would also like to have it work with, is when you specify the credentials in the URL via http://user:password@application/.

I put a page with just the phpinfo() output, and when I visit it while specifying the credentials in the URL, it doesn't show that the PHP_AUTH_USER is set.

I also created a page with the following PHP:

PHP Code:
public function http_auth()
    {
        if( ! isset(
$_SERVER['PHP_AUTH_USER']))
        {
            
header('HTTP/1.0 401 Unauthorized');
        }

        echo 
"Username is " . @$_SERVER['PHP_AUTH_USER'] ?: "Not Set";
        echo 
"<br>Server Auth: " . @$_SERVER['HTTP_AUTHORIZATION']?: "Not Set";
    } 

and when I visit it with the credentials in the URL, the browser will alert that its logging me in, but PHP/Apache doesnt see it

Screenshot: http://d.pr/i/xRpN

I was wondering if anyone has a way around this? Id just like the users to be able to link directly to pages with the username/password, and have it login, as opposed to redirect them to the login page.

The authentication is done via PHP, not HTTP Basic Auth in Apache
Reply


Messages In This Thread
Need a little help with PHP_AUTH_(USER|PW) - by jLinux - 10-07-2015, 04:47 PM



Theme © iAndrew 2016 - Forum software by © MyBB