HTTP Authentication with PHP running as CGI
While developing a project using two factor authentication, with a key fob, I needed to use HTTP Basic Authentication over SSL, to prevent XSS as the project was a web based proxy. Now I had PHP5 running as a module, but PHP4 as CGI. There was the problem HTTP Authentication isn’t available under PHP running as CGI.First you need to configure mod_rewrite:
.htaccess:
RewriteEngine on
RewriteRule .* -
What that will do is feed the base64′d user:pass into an environment variable named HTTP_AUTHORIZATION.
Then just add this above your script:
list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(’:’ , base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
That splits up the username and password, and makes it look as if you were running PHP as a module.
So for a sample script:
<?
// split the user/pass parts
list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(’:', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
// open a user/pass prompt
if (!isset($_SERVER['PHP_AUTH_USER'])) {
header(’WWW-Authenticate: Basic realm=”My Realm”‘);
header(’HTTP/1.0 401 Unauthorized’);
echo ‘Text to send if user hits Cancel button’;
exit;
} else {
echo ‘Hello, ‘.htmlentities($_SERVER['PHP_AUTH_USER']).’
‘;
echo ‘You entered as your password: ‘.htmlentities($_SERVER['PHP_AUTH_PW']).’
‘;
}
?>
zeus Request Rewriting
RULE_0_START:match URL into $ with .*
if not matched then goto RULE_0_END
# Source line 2
# Second half of: RewriteRule .* -
set ENV:HTTP_AUTHORIZATION = %{IN:Authorization}
# This rule has
goto END
RULE_0_END: http://support.zeus.com/zws/integration/2005/12/16/zope
here says:
.htaccess
<Location /zope/>
PassEnvAuthorization on
</Location>
but not work for me. it deny all access. i even try Restricting Access Rule.
页:
[1]