Login | Register
My pages Projects Community openCollabNet

Discussions > issues > [WebSVN issue] Access Control and PHP CGI

websvn
Discussion topic

There will be a brief maintenance window every Friday at 17:00 Pacific.
For further details, see CollabNet's maintenance and upgrade policy.

Back to topic list

[WebSVN issue] Access Control and PHP CGI

Reply

Author webpost at tigris dot org
Full name webpost at tigris dot org
Date 2011-10-30 03:35:53 PDT
Message I discovered that Access control fails when using PHP as a CGI script, as PHP will not contain the $_SERVER['PHP_AUTH_USER'] variable, so I found a hack around this on PHP.net (http://www.php.net/m​anual/en/features.ht​tp-auth.php#106285)
All I needed to do was add the following lines to my .htaccess file

RewriteEngine on
RewriteRule .* - [env=HTTP_AUTHORIZAT​ION:%{HTTP:Authoriza​tion},last]

Then I added this to the top of include/setup.php

//set http auth headers for apache+php-cgi work around
if (isset($_SERVER['HT​TP_AUTHORIZATION']) && preg_match('/Basic\s+(.*)$/i', $_SERVER['HTTP_AUTHORIZATION'], $matches)) {
    list($name, $password) = explode(':', base64_decode($matches[1]));
    $_SERVER['PHP_AUTH_USER'] = strip_tags($name);
    $_SERVER['PHP_AUTH_PW'] = strip_tags($password);
}elseif (isset($_SERVER['RE​DIRECT_HTTP_AUTHORIZ​ATION']) && preg_match('/Basic\s+(.*)$/i', $_SERVER['REDIRECT_​HTTP_AUTHORIZATION']​, $matches)) {
    //set http auth headers for apache+php-cgi work around if variable gets renamed by apache
    list($name, $password) = explode(':', base64_decode($matches[1]));
    $_SERVER['PHP_AUTH_USER'] = strip_tags($name);
    $_SERVER['PHP_AUTH_PW'] = strip_tags($password);
}

That did the magic.

« Previous message in topic | 1 of 1 | Next message in topic »

Messages

Show all messages in topic

Subject
Author
Full name
+
Date posted
[WebSVN issue] Access Control and PHP CGI webpost at tigris dot org webpost at tigris dot org 2011-10-30 03:35:53 PDT
Messages per page: