#282 (in 2.7.1) Apache PHP CGI http authentication

closed-fixed
1
2006-03-06
2005-12-07
Marcel Hamer
No

Hello,

Hereby I would like to post a message about a small
patch I wrote which
makes HTTP authentication mode work when running php as
cgi under Apache.
I succesfully tested it with phpmyadmin version
2.6.3-pl1 and 2.7.0.

Kind regards,

Marcel Hamer

Discussion

  • Marcel Hamer
    Marcel Hamer
    2005-12-07

    Apache-PHP-CGI-Auth

     
    Attachments
  • Michal Čihař
    Michal Čihař
    2005-12-08

    • assigned_to: nobody --> nijel
     
  • Michal Čihař
    Michal Čihař
    2005-12-08

    Logged In: YES
    user_id=192186

    Your patch is malformed, so it can not be directly applied,
    but thats only minor problem.

    What's content of $_SERVER["REMOTE_USER"] in your setup? I
    can not accept blind try to decode something.

     
  • Marcel Hamer
    Marcel Hamer
    2005-12-09

    Logged In: YES
    user_id=1304181

    I am sorry for the malformed patch.

    The $_SERVER["REMOTE_USER"] contains the following data:

    Basic dXNlcjpwYXNzd29yZA==

    In which 'dXNlcjpwYXNzd29yZA==' is a base64 encoding of
    <username>:<password>.

    I must note that the code in the patch is derived from the
    php.net website and the user comments posted there. The site
    can be found here:

    http://www.php.net/features.http-auth

     
  • Michal Čihař
    Michal Čihař
    2005-12-09

    Logged In: YES
    user_id=192186

    Can you please try whether attached library will work for
    you? Thanks.

     
  • Marcel Hamer
    Marcel Hamer
    2005-12-09

    Logged In: YES
    user_id=1304181

    The given file does NOT work. I have tested it using
    phpmyadmin cvs version and it does not function.

    I made some small changes to make it work, given the small
    patch. When applying these changes to the file you posted
    here it works fine.

     
  • Marcel Hamer
    Marcel Hamer
    2005-12-09

    Modified patch for posted http.auth.lib.php

     
    Attachments
  • Michal Čihař
    Michal Čihař
    2005-12-09

    Logged In: YES
    user_id=192186

    Another try ;-).

     
  • Michal Čihař
    Michal Čihař
    2005-12-09

     
    Attachments
  • Marcel Hamer
    Marcel Hamer
    2005-12-09

    Logged In: YES
    user_id=1304181

    Okay, works. Thank you.

    I saw that I had removed to many lines, sorry for that.

     
  • Michal Čihař
    Michal Čihař
    2005-12-09

    Logged In: YES
    user_id=192186

    Thanks for testing.

     
  • Michal Čihař
    Michal Čihař
    2005-12-09

    • priority: 5 --> 1
    • summary: Apache PHP CGI http authentication --> (in 2.7.1) Apache PHP CGI http authentication
    • status: open --> open-fixed
     
  • Marcel Hamer
    Marcel Hamer
    2006-01-18

    Logged In: YES
    user_id=1304181

    Hello,

    I'm sorry to send this message this late, but I recently
    discovered that on the machine I tested this patch on I use
    a rewrite rule in Apache. It totally slipped my mind when
    working on this patch. I discovered this when configuring a
    new machine using php-cgi and Apache.

    The rewrite rule I use in Apache is:

    RewriteRule .* - [E=REMOTE_USER:%{HTTP:Authorization},L]

    This means 'native' Apache PHP-CGI does not work at this point.
    I am very sorry for this inconvenience.

    Kind regards,

    Marcel Hamer

     
  • Michal Čihař
    Michal Čihař
    2006-01-18

    Logged In: YES
    user_id=192186

    Okay, I will add this rewrite rule to documentation, it
    might be useful for other people.

     
  • Michal Čihař
    Michal Čihař
    2006-01-18

    Logged In: YES
    user_id=192186

    Documentation updated.

     
  • Marc Delisle
    Marc Delisle
    2006-03-06

    • status: open-fixed --> closed-fixed