[phpesp-dev] [Fwd: About HTTP authentication with PHP running as CGI.]

[James E. F. <jf...@uv...>]

-------- Original Message --------
Subject: 	About HTTP authentification with PHP running as CGI.
Date: 	Mon, 11 Apr 2005 13:19:21 +0100
From: 	jul...@ne... <jul...@ne...>
To: 	jimmerman <jim...@us...>



Hello,

I don't know if you're interesting about that problem but here's a
solution to run PHPESP w/ PHP running as CGI. (maybe you already know
about that ???). This solution is based on the mod_rewrite module for
Apache (need to be installed on the web server to work).

Step 1 :
Add a rewrite rule in a .htaccess file in the admin directory. Here's
the rule
<IfModule mod_rewrite.c>
    RewriteEngine on
    RewriteRule .* - [E=REMOTE_USER:%{HTTP:Authorization},L]
</IfModule>

> >> write in the $_SERVER[REMOTE_USER] variable all datas stored in the 
http_authorization variable

Step 2 : Add at the beginning of the /admin/manage.php, the following
lines :
     if (
           (!isset($_SERVER['PHP_AUTH_USER']) ||
!isset($_SERVER['PHP_AUTH_PW']) )
           && preg_match('/Basic\s+(.*)$/i',$_SERVER['REMOTE_USER'],
$matches)
         )
     {
        list($name, $password) = explode(':', base64_decode($matches[1]));
        $HTTP_SERVER_VARS['PHP_AUTH_USER'] = strip_tags($name);
        $HTTP_SERVER_VARS['PHP_AUTH_PW']    = strip_tags($password);
     }

> >> Extracts vars stored in REMOTE_USER (written by the htaccess) and 
write the 'PHP_AUTH_USER' & 'PHP_AUTH_PW' vars.

Step 3 : Updating the config file

Delete "cgi" in this array.
$ESPCONFIG['unsupported'] = array('cgi', 'sapi');

That's all. Hope it'll help
Julien.