{"id":2449,"date":"2009-08-09T23:11:59","date_gmt":"2009-08-09T21:11:59","guid":{"rendered":"http:\/\/localhost\/helpcentre\/?p=2449"},"modified":"2022-11-10T12:19:48","modified_gmt":"2022-11-10T10:19:48","slug":"php_auth-fastcgi","status":"publish","type":"post","link":"https:\/\/xneelo.co.za\/help-centre\/website\/php_auth-fastcgi\/","title":{"rendered":"How to pass authentication headers in PHP on a Fast-CGI enabled server"},"content":{"rendered":"<p>When using <b>Fast-CGI<\/b> to pass authentication headers, these headers are passed to the script however they are ignored by PHP. This is because only the \u201cHTTP_AUTHORIZATION\u201d environmental variable gets checked while the \u201cAuthorization\u201d variable is ignored. The following steps can be used to overcome this problem:<br \/>\nCreate a .htaccess file in the root directory of the script\/application you are using:<\/p>\n<div class=\"codeblock\"><code><span style=\"color: #000000;\"><br \/>\n<span style=\"color: #0000bb;\">RewriteEngine onRewriteRule <\/span><span style=\"color: #007700;\">.* - <\/span><span style=\"color: #0000bb;\">[E<\/span><span style=\"color: #007700;\">=<\/span><span style=\"color: #0000bb;\">HTTP_AUTHORIZATION<\/span><span style=\"color: #007700;\">:%<br \/>\n<\/span><span style=\"color: #0000bb;\">{HTTP<\/span><span style=\"color: #007700;\">:<\/span><span style=\"color: #0000bb;\">Authorization}<\/span><span style=\"color: #007700;\">,<\/span><span style=\"color: #0000bb;\">L]<\/span><span style=\"color: #007700;\">. <\/span><br \/>\n<\/span><br \/>\n<\/code><\/div>\n<p>Next you need to change all the PHP_AUTH_USER and PHP_AUTH_PW variables in your web content to<\/p>\n<div class=\"codeblock\"><code><span style=\"color: #000000;\"><br \/>\n<span style=\"color: #0000bb;\">$_SERVER[<\/span><span style=\"color: #dd0000;\">'PHP_AUTH_USER'<\/span><span style=\"color: #0000bb;\">] <\/span><span style=\"color: #007700;\">and<br \/>\n<\/span><span style=\"color: #0000bb;\">$_SERVER[<\/span><span style=\"color: #dd0000;\">'PHP_AUTH_PW'<\/span><span style=\"color: #0000bb;\">] <\/span><br \/>\n<\/span><br \/>\n<\/code><\/div>\n<p>.<\/p>\n<p>Finally you will need to add the following lines of code preceding the authentication code used in your application \/ script:<\/p>\n<div class=\"codeblock\"><code><span style=\"color: #000000;\"><br \/>\n<span style=\"color: #007700;\">:if(<\/span><span style=\"color: #0000bb;\">preg_match<\/span><span style=\"color: #007700;\">(<\/span><span style=\"color: #dd0000;\">'\/Basic+(.*)$\/i'<\/span><span style=\"color: #007700;\">,&amp;<\/span><span style=\"color: #0000bb;\">nbsp<\/span><span style=\"color: #007700;\">;&amp;<\/span><span style=\"color: #0000bb;\">nbsp<\/span><span style=\"color: #007700;\">;<br \/>\n<\/span><span style=\"color: #0000bb;\">$_SERVER[<\/span><span style=\"color: #dd0000;\">'REDIRECT_HTTP_AUTHORIZATION'<\/span><span style=\"color: #0000bb;\">]<\/span><span style=\"color: #007700;\">,<br \/>\n<\/span><span style=\"color: #0000bb;\">$matches<\/span><span style=\"color: #007700;\">))<br \/>\n<\/span><span style=\"color: #0000bb;\">{<br \/>\n<\/span><span style=\"color: #007700;\">list(<\/span><span style=\"color: #0000bb;\">$_SERVER[<\/span><span style=\"color: #dd0000;\">'PHP_AUTH_USER'<\/span><span style=\"color: #0000bb;\">]<\/span><span style=\"color: #007700;\">,<br \/>\n<\/span><span style=\"color: #0000bb;\">$_SERVER[<\/span><span style=\"color: #dd0000;\">'PHP_AUTH_PW'<\/span><span style=\"color: #0000bb;\">]<\/span><span style=\"color: #007700;\">) = <\/span><span style=\"color: #0000bb;\">explode<\/span><span style=\"color: #007700;\">(<\/span><span style=\"color: #dd0000;\">':' <\/span><span style=\"color: #007700;\">,<br \/>\n<\/span><span style=\"color: #0000bb;\">base64_decode<\/span><span style=\"color: #007700;\">(<\/span><span style=\"color: #0000bb;\">substr<\/span><span style=\"color: #007700;\">(<\/span><span style=\"color: #0000bb;\">$_SERVER[<\/span><span style=\"color: #dd0000;\">'REDIRECT_HTTP_AUTHORIZATION'<\/span><span style=\"color: #0000bb;\">]<\/span><span style=\"color: #007700;\">, <\/span><span style=\"color: #0000bb;\">6<\/span><span style=\"color: #007700;\">)));<\/span><span style=\"color: #0000bb;\">} <\/span><br \/>\n<\/span><br \/>\n<\/code><\/div>\n<p>As an example please see the patch for phpWiki below:<\/p>\n<div class=\"codeblock\"><code><code><span style=\"color: #000000;\"><br \/>\n<span style=\"color: #ff8000;\"># Author: Stepan A. Baranov (rosmir@gmail.com)<br \/>\n# web-site: www.rosmir.org<\/span><\/span><\/code><\/code><code><code><span style=\"color: #000000;\"><span style=\"color: #0000bb;\">diff <\/span><span style=\"color: #007700;\">-<\/span><span style=\"color: #0000bb;\">u <\/span><span style=\"color: #007700;\">.\/<\/span><span style=\"color: #0000bb;\">admin<\/span><span style=\"color: #007700;\">.<\/span><span style=\"color: #0000bb;\">php<\/span><span style=\"color: #007700;\">.<\/span><span style=\"color: #0000bb;\">orig <\/span><span style=\"color: #007700;\">.\/<\/span><span style=\"color: #0000bb;\">admin<\/span><span style=\"color: #007700;\">.<\/span><span style=\"color: #0000bb;\">php<\/span><\/span><\/code><\/code><\/p>\n<p><code><code><span style=\"color: #000000;\"><span style=\"color: #007700;\">--- .\/<\/span><span style=\"color: #0000bb;\">admin<\/span><span style=\"color: #007700;\">.<\/span><span style=\"color: #0000bb;\">php<\/span><span style=\"color: #007700;\">.<\/span><span style=\"color: #0000bb;\">orig<\/span><\/span><\/code><\/code><\/p>\n<p><code><code><span style=\"color: #000000;\"><span style=\"color: #007700;\">+++ .\/<\/span><span style=\"color: #0000bb;\">admin<\/span><span style=\"color: #007700;\">.<\/span><span style=\"color: #0000bb;\">php<\/span><\/span><\/code><\/code><\/p>\n<p><code><code><span style=\"color: #000000;\"><span style=\"color: #007700;\">@@ -<\/span><span style=\"color: #0000bb;\">18<\/span><span style=\"color: #007700;\">,<\/span><span style=\"color: #0000bb;\">9 <\/span><span style=\"color: #007700;\">+<\/span><span style=\"color: #0000bb;\">18<\/span><span style=\"color: #007700;\">,<\/span><span style=\"color: #0000bb;\">16 <\/span><span style=\"color: #007700;\">@@<\/span><\/span><\/code><\/code>exit;<\/p>\n<p><code><code><\/code><\/code><\/p>\n<p><code><code><span style=\"color: #000000;\"><span style=\"color: #0000bb;\">}<\/span><\/span><\/code><\/code><\/p>\n<p><code><code><span style=\"color: #000000;\"><span style=\"color: #ff8000;\">\/\/ ADDED by rosmir@gmail.com<\/span><\/span><\/code><\/code><\/p>\n<p><code><code><span style=\"color: #000000;\"><span style=\"color: #007700;\">if(<\/span><span style=\"color: #0000bb;\">preg_match<\/span><span style=\"color: #007700;\">(<\/span><span style=\"color: #dd0000;\">'\/Basic+(.*)$\/i'<\/span><span style=\"color: #007700;\">, <\/span><span style=\"color: #0000bb;\">$_SERVER[<\/span><span style=\"color: #dd0000;\">'REDIRECT_HTTP_AUTHORIZATION'<\/span><span style=\"color: #0000bb;\">]<\/span><span style=\"color: #007700;\">, <\/span><span style=\"color: #0000bb;\">$matches<\/span><span style=\"color: #007700;\">))<\/span><\/span><\/code><\/code><\/p>\n<p><code><code><span style=\"color: #000000;\"><span style=\"color: #0000bb;\">{<\/span><\/span><\/code><\/code><\/p>\n<p><code><code><span style=\"color: #000000;\"><span style=\"color: #007700;\">list(<\/span><span style=\"color: #0000bb;\">$_SERVER[<\/span><span style=\"color: #dd0000;\">'PHP_AUTH_USER'<\/span><span style=\"color: #0000bb;\">]<\/span><span style=\"color: #007700;\">, <\/span><span style=\"color: #0000bb;\">$_SERVER[<\/span><span style=\"color: #dd0000;\">'PHP_AUTH_PW'<\/span><span style=\"color: #0000bb;\">]<\/span><span style=\"color: #007700;\">) = <\/span><span style=\"color: #0000bb;\">explode<\/span><span style=\"color: #007700;\">(<\/span><span style=\"color: #dd0000;\">':' <\/span><span style=\"color: #007700;\">,<br \/>\n<\/span><span style=\"color: #0000bb;\">base64_decode<\/span><span style=\"color: #007700;\">(<\/span><span style=\"color: #0000bb;\">substr<\/span><span style=\"color: #007700;\">(<\/span><span style=\"color: #0000bb;\">$_SERVER[<\/span><span style=\"color: #dd0000;\">'REDIRECT_HTTP_<br \/>\nAUTHORIZATION'<\/span><span style=\"color: #0000bb;\">]<\/span><span style=\"color: #007700;\">, <\/span><span style=\"color: #0000bb;\">6<\/span><span style=\"color: #007700;\">)));<\/span><\/span><\/code><\/code><\/p>\n<p><code><code><span style=\"color: #000000;\"><span style=\"color: #0000bb;\">}<\/span><\/span><\/code><\/code><\/p>\n<p><code><code><span style=\"color: #000000;\"><span style=\"color: #ff8000;\">\/\/ END ADDED by rosmir@gmail.com<\/span><\/span><\/code><\/code>\/\/ From the manual, Chapter 16<\/p>\n<p><code><code><\/code><\/code><\/p>\n<p><code><code><span style=\"color: #000000;\"><span style=\"color: #007700;\">if ((<\/span><span style=\"color: #0000bb;\">$PHP_AUTH_USER <\/span><span style=\"color: #007700;\">!= <\/span><span style=\"color: #0000bb;\">$wikiadmin  <\/span><span style=\"color: #007700;\">)  ||<\/span><\/span><\/code><\/code>(<\/p>\n<p><code><code><span style=\"color: #000000;\"><span style=\"color: #0000bb;\">$PHP_AUTH_PW   <\/span><span style=\"color: #007700;\">!= <\/span><span style=\"color: #0000bb;\">$adminpasswd<\/span><span style=\"color: #007700;\">)) <\/span><span style=\"color: #0000bb;\">{<\/span><\/span><\/code><\/code><\/p>\n<p><code><code><span style=\"color: #000000;\"><span style=\"color: #007700;\">if ((<\/span><span style=\"color: #0000bb;\">$_SERVER[<\/span><span style=\"color: #dd0000;\">'PHP_AUTH_USER'<\/span><span style=\"color: #0000bb;\">] <\/span><span style=\"color: #007700;\">!= <\/span><span style=\"color: #0000bb;\">$wikiadmin  <\/span><span style=\"color: #007700;\">)  ||<\/span><\/span><\/code><\/code>(<\/p>\n<p><code><code><span style=\"color: #000000;\"><span style=\"color: #0000bb;\">$_SERVER[<\/span><span style=\"color: #dd0000;\">'PHP_AUTH_PW'<\/span><span style=\"color: #0000bb;\">]   <\/span><span style=\"color: #007700;\">!= <\/span><span style=\"color: #0000bb;\">$adminpasswd<\/span><span style=\"color: #007700;\">)) <\/span><span style=\"color: #0000bb;\">{<\/span><\/span><\/code><\/code>Header<\/p>\n<p><code><code><span style=\"color: #000000;\"><span style=\"color: #007700;\">(<\/span><span style=\"color: #dd0000;\">\"WWW-Authenticate: Basic realm=\"<\/span><span style=\"color: #0000bb;\">PhpWiki<\/span><span style=\"color: #dd0000;\">\"\"<\/span><span style=\"color: #007700;\">);<\/span><\/span><\/code><\/code><\/p>\n<p><code><code><span style=\"color: #000000;\"><span style=\"color: #0000bb;\">Header<\/span><span style=\"color: #007700;\">(<\/span><span style=\"color: #dd0000;\">\"HTTP\/1.0 401 Unauthorized\"<\/span><span style=\"color: #007700;\">);<\/span><\/span><\/code><\/code>echo<\/p>\n<p><code><span style=\"color: #000000;\"><span style=\"color: #0000bb;\">gettext<\/span><span style=\"color: #007700;\">(<\/span><span style=\"color: #dd0000;\">\"You entered an invalid login or password.\"<\/span><span style=\"color: #007700;\">); <\/span><br \/>\n<\/span><br \/>\n<\/code><\/p>\n<\/div>\n","protected":false,"plain":"When using <b>Fast-CGI<\/b> to pass authentication headers, these headers are passed to the script however they are ignored by PHP. This is because only the \u201cHTTP_AUTHORIZATION\u201d environmental variable gets checked while the \u201cAuthorization\u201d variable is ignored. The following steps can be used to overcome this problem:\r\nCreate a .htaccess file in the root directory of the script\/application you are using:\r\n<div class=\"codeblock\"><code><span >\r\n<span >RewriteEngine onRewriteRule <\/span><span >.* - <\/span><span >[E<\/span><span >=<\/span><span >HTTP_AUTHORIZATION<\/span><span >:%\r\n<\/span><span >{HTTP<\/span><span >:<\/span><span >Authorization}<\/span><span >,<\/span><span >L]<\/span><span >. <\/span>\r\n<\/span>\r\n<\/code><\/div>\r\nNext you need to change all the PHP_AUTH_USER and PHP_AUTH_PW variables in your web content to\r\n<div class=\"codeblock\"><code><span >\r\n<span >$_SERVER[<\/span><span >'PHP_AUTH_USER'<\/span><span >] <\/span><span >and\r\n<\/span><span >$_SERVER[<\/span><span >'PHP_AUTH_PW'<\/span><span >] <\/span>\r\n<\/span>\r\n<\/code><\/div>\r\n.\r\n\r\nFinally you will need to add the following lines of code preceding the authentication code used in your application \/ script:\r\n<div class=\"codeblock\"><code><span >\r\n<span >:if(<\/span><span >preg_match<\/span><span >(<\/span><span >'\/Basic+(.*)$\/i'<\/span><span >,&amp;<\/span><span >nbsp<\/span><span >;&amp;<\/span><span >nbsp<\/span><span >;\r\n<\/span><span >$_SERVER[<\/span><span >'REDIRECT_HTTP_AUTHORIZATION'<\/span><span >]<\/span><span >,\r\n<\/span><span >$matches<\/span><span >))\r\n<\/span><span >{\r\n<\/span><span >list(<\/span><span >$_SERVER[<\/span><span >'PHP_AUTH_USER'<\/span><span >]<\/span><span >,\r\n<\/span><span >$_SERVER[<\/span><span >'PHP_AUTH_PW'<\/span><span >]<\/span><span >) = <\/span><span >explode<\/span><span >(<\/span><span >':' <\/span><span >,\r\n<\/span><span >base64_decode<\/span><span >(<\/span><span >substr<\/span><span >(<\/span><span >$_SERVER[<\/span><span >'REDIRECT_HTTP_AUTHORIZATION'<\/span><span >]<\/span><span >, <\/span><span >6<\/span><span >)));<\/span><span >} <\/span>\r\n<\/span>\r\n<\/code><\/div>\r\nAs an example please see the patch for phpWiki below:\r\n<div class=\"codeblock\"><code><code><span >\r\n<span ># Author: Stepan A. Baranov (rosmir@gmail.com)\r\n# web-site: www.rosmir.org<\/span><\/span><\/code><\/code><code><code><span ><span >diff <\/span><span >-<\/span><span >u <\/span><span >.\/<\/span><span >admin<\/span><span >.<\/span><span >php<\/span><span >.<\/span><span >orig <\/span><span >.\/<\/span><span >admin<\/span><span >.<\/span><span >php<\/span><\/span><\/code><\/code>\r\n\r\n<code><code><span ><span >--- .\/<\/span><span >admin<\/span><span >.<\/span><span >php<\/span><span >.<\/span><span >orig<\/span><\/span><\/code><\/code>\r\n\r\n<code><code><span ><span >+++ .\/<\/span><span >admin<\/span><span >.<\/span><span >php<\/span><\/span><\/code><\/code>\r\n\r\n<code><code><span ><span >@@ -<\/span><span >18<\/span><span >,<\/span><span >9 <\/span><span >+<\/span><span >18<\/span><span >,<\/span><span >16 <\/span><span >@@<\/span><\/span><\/code><\/code>exit;\r\n\r\n<code><code><\/code><\/code>\r\n\r\n<code><code><span ><span >}<\/span><\/span><\/code><\/code>\r\n\r\n<code><code><span ><span >\/\/ ADDED by rosmir@gmail.com<\/span><\/span><\/code><\/code>\r\n\r\n<code><code><span ><span >if(<\/span><span >preg_match<\/span><span >(<\/span><span >'\/Basic+(.*)$\/i'<\/span><span >, <\/span><span >$_SERVER[<\/span><span >'REDIRECT_HTTP_AUTHORIZATION'<\/span><span >]<\/span><span >, <\/span><span >$matches<\/span><span >))<\/span><\/span><\/code><\/code>\r\n\r\n<code><code><span ><span >{<\/span><\/span><\/code><\/code>\r\n\r\n<code><code><span ><span >list(<\/span><span >$_SERVER[<\/span><span >'PHP_AUTH_USER'<\/span><span >]<\/span><span >, <\/span><span >$_SERVER[<\/span><span >'PHP_AUTH_PW'<\/span><span >]<\/span><span >) = <\/span><span >explode<\/span><span >(<\/span><span >':' <\/span><span >,\r\n<\/span><span >base64_decode<\/span><span >(<\/span><span >substr<\/span><span >(<\/span><span >$_SERVER[<\/span><span >'REDIRECT_HTTP_\r\nAUTHORIZATION'<\/span><span >]<\/span><span >, <\/span><span >6<\/span><span >)));<\/span><\/span><\/code><\/code>\r\n\r\n<code><code><span ><span >}<\/span><\/span><\/code><\/code>\r\n\r\n<code><code><span ><span >\/\/ END ADDED by rosmir@gmail.com<\/span><\/span><\/code><\/code>\/\/ From the manual, Chapter 16\r\n\r\n<code><code><\/code><\/code>\r\n\r\n<code><code><span ><span >if ((<\/span><span >$PHP_AUTH_USER <\/span><span >!= <\/span><span >$wikiadmin  <\/span><span >)  ||<\/span><\/span><\/code><\/code>(\r\n\r\n<code><code><span ><span >$PHP_AUTH_PW   <\/span><span >!= <\/span><span >$adminpasswd<\/span><span >)) <\/span><span >{<\/span><\/span><\/code><\/code>\r\n\r\n<code><code><span ><span >if ((<\/span><span >$_SERVER[<\/span><span >'PHP_AUTH_USER'<\/span><span >] <\/span><span >!= <\/span><span >$wikiadmin  <\/span><span >)  ||<\/span><\/span><\/code><\/code>(\r\n\r\n<code><code><span ><span >$_SERVER[<\/span><span >'PHP_AUTH_PW'<\/span><span >]   <\/span><span >!= <\/span><span >$adminpasswd<\/span><span >)) <\/span><span >{<\/span><\/span><\/code><\/code>Header\r\n\r\n<code><code><span ><span >(<\/span><span >\"WWW-Authenticate: Basic realm=\"<\/span><span >PhpWiki<\/span><span >\"\"<\/span><span >);<\/span><\/span><\/code><\/code>\r\n\r\n<code><code><span ><span >Header<\/span><span >(<\/span><span >\"HTTP\/1.0 401 Unauthorized\"<\/span><span >);<\/span><\/span><\/code><\/code>echo\r\n\r\n<code><span ><span >gettext<\/span><span >(<\/span><span >\"You entered an invalid login or password.\"<\/span><span >); <\/span>\r\n<\/span>\r\n<\/code>\r\n\r\n<\/div>"},"excerpt":{"rendered":"<p>When using Fast-CGI to pass authentication headers, these headers are ignored by PHP. The following steps can be used to overcome this problem.<\/p>\n","protected":false},"author":7,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"lsx_disable_title":"0","_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"","_relevanssi_noindex_reason":"","footnotes":""},"categories":[179,166],"tags":[],"topics":[],"class_list":["post-2449","post","type-post","status-publish","format-standard","hentry","category-php","category-website"],"acf":[],"additional_meta":{"category_title":[{"term_id":179,"name":"PHP","slug":"php","term_group":0,"term_taxonomy_id":179,"taxonomy":"category","description":"Allowing you to create dynamic content that interacts with databases","parent":168,"count":20,"filter":"raw","term_order":"97","cat_ID":179,"category_count":20,"category_description":"Allowing you to create dynamic content that interacts with databases","cat_name":"PHP","category_nicename":"php","category_parent":168},{"term_id":166,"name":"Website","slug":"website","term_group":0,"term_taxonomy_id":166,"taxonomy":"category","description":"About your Website(s)","parent":0,"count":169,"filter":"raw","term_order":"120","cat_ID":166,"category_count":169,"category_description":"About your Website(s)","cat_name":"Website","category_nicename":"website","category_parent":0}],"tag_title":false},"featured_image_src":null,"author_info":{"display_name":"marketing","author_link":"https:\/\/xneelo.co.za\/help-centre\/author\/marketing\/","author_avatar":"https:\/\/secure.gravatar.com\/avatar\/a6ea315e112423b2b955cb020fbce2b0835956c6ad85ff0f13f1db298977eaaa?s=96&d=mm&r=g"},"_links":{"self":[{"href":"https:\/\/xneelo.co.za\/help-centre\/wp-json\/wp\/v2\/posts\/2449","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/xneelo.co.za\/help-centre\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/xneelo.co.za\/help-centre\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/xneelo.co.za\/help-centre\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/xneelo.co.za\/help-centre\/wp-json\/wp\/v2\/comments?post=2449"}],"version-history":[{"count":0,"href":"https:\/\/xneelo.co.za\/help-centre\/wp-json\/wp\/v2\/posts\/2449\/revisions"}],"wp:attachment":[{"href":"https:\/\/xneelo.co.za\/help-centre\/wp-json\/wp\/v2\/media?parent=2449"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/xneelo.co.za\/help-centre\/wp-json\/wp\/v2\/categories?post=2449"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/xneelo.co.za\/help-centre\/wp-json\/wp\/v2\/tags?post=2449"},{"taxonomy":"topics","embeddable":true,"href":"https:\/\/xneelo.co.za\/help-centre\/wp-json\/wp\/v2\/topics?post=2449"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}