Covers some rough aspects about http authentification for RSS feeds.
HTTP-Auth with php-cgi
from .htaccess
RewriteEngine on
# PHP (CGI mode) HTTP Authorization with ModRewrite:
RewriteCond %{REQUEST_METHOD} =GET
RewriteCond %{HTTP:Authorization} !^$
RewriteRule ^(.*)$ index.php?go=playground&HTTP_AUTHORIZATION=%{HTTP:Authorization}
The main issue here, is adding the authentification data to the URLs. Sadly, this does not work as expected, because...
RewriteRule ^(.*)$ $1&HTTP_AUTHORIZATION=%{HTTP:Authorization}
...truncates a request like
index.php?go=XYZ to the
index.php. Of course we need the go parameters as well.
This sample code tries to get the http authentification username and login.
from pages/playground.inc.php
if(!isset(
$_SERVER['PHP_AUTH_USER'])
&&
!get('HTTP_AUTHORIZATION')
){
header('WWW-Authenticate: Basic realm="blabl"');
header('HTTP/1.0 401 Unauthorized');
echo 'Sorry. You need to authenticate';
exit;
}
else {
$username='';
$password= '';
if(isset($_SERVER['PHP_AUTH_USER'])) {
$user_name=asCleanString($_SERVER['PHP_AUTH_USER']);
if(isset($_SERVER['PHP_AUTH_PW'])) {
$user_name=asCleanString($_SERVER['PHP_AUTH_USER']);
}
}
/**
* if php runs in CGI-mode we need mod_rewrite to enable HTTP-auth:
* read more at http://www.php.net/manual/en/features.http-auth.php#70864
*/
else if(get('HTTP_AUTHORIZATION')) {
$tmp= base64_decode( substr(get('HTTP_AUTHORIZATION'),6));
list($username, $password) = explode(':', $tmp);
}
print("<br>username='" . $username . "'");
print("<br>password='" . $password . "'");
}
Any ideas on this subject would be very nice.
Another problemπ
is that relative linking of stylesheets sometimes breaks with
mod_rewrite. Although all links seem to work just fine and the sourcecode looks ok, styles and images are no loaded. I cannot reproduce this behaviour.
Replacing Authorization in php-cgiπ
from:
http://translate.google.com/translate?hl=en&sl=fr&u=http://www.yetanothercommunitysystem.com/yacs/articles/view.php/321&sa=X&oi=translate&resnum=1&ct=result&prev=/search%3Fq%3D%255BR%25C3%25A9gl%25C3%25A9%255D%2BComment%2Butiliser%2Bl%2527authentification%2BHTTP%2Ben%2BPHP%2Bchez%2BOVH%2B%253F%26hl%3Den%26lr%3D%26client%3Dfirefox-a%26rls%3Dorg.mozilla:en-US:official%26hs%3DW5xHow to make then?
The solution is to select an Apache variable which is actually transmitted to PHP even in mode cgi, and to stick to it the data of authentification transmitted by the navigator (or by the newsreader).
Throw a glance with the directive added to the file .htaccess:
RewriteEngine one
RewriteRule. * - [E=REMOTE_USER: % {HTTP: Authorization}, L]
This directive says that, if the module mod_rewrite is available, attribute HTTP Authorization must be placed in the variable $_SERVER [“REMOTE_USER”].
To follow upon the RFC 2617 concerning HTTP Authentication, if the surfer indicates the name “Aladdin” and the password “open sesame”, the user agent (the navigator or the newsreader) must add the following attribute to request HTTP:
Authorization: BASIC QWxhZGRpbjpvcGVuIHNlc2FtZQ==
Thanks to the directive of rewriting put in .htaccess, script PHP carried out will as follows be able accèder with these elements in $_SERVER [“REMOTE_USER”]:
$_SERVER [“REMOTE_USER”] = BASIC QWxhZGRpbjpvcGVuIHNlc2FtZQ==
From there, there is no more that to decode the base64, and to separate the name from the password, as indicated in the RFC 2617. You follow me?