Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- PHP_AUTH_* and HTTP_AUTHORIZATION?
December 21, 2007, 7:58 pm
rate this thread
401 response code, you get prompted for a username / password.
On some servers, this username and password are then saved in
$_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW']. On others,
however, they aren't. So why, on these servers, isn't the value saved
in $_SERVER['HTTP_AUTHORIZE']? The authorize header in the HTTP
response is the header that contains the info that, anyway.
eg. Authorization: Basic YXNkZjphc2Rm
...which base64_decode()'s to 'asdf:asdf'.
It seems that most any header in the HTTP request is added to $_SERVER
via HTTP_* (even made up ones), so why is Authorize different?
- C. (http://symcbean.blogspot.com/)
December 24, 2007, 11:04 am
Re: PHP_AUTH_* and HTTP_AUTHORIZATION?
Because HTTP only defines how the webserver and browser negotiate
authentication - not what gets passed via CGI/other API.
(BTW you should never use BASIC authentication over a non-SSL
connection - use digest instead - but this still won't protect against
- » Same page works differently on two different servers.
- — Previous thread in » PHP Scripting Forum