标题: HTTP Authentication with PHP running as CGI [打印本页] 作者: 翔子 时间: 2008-10-19 22:56 标题: HTTP Authentication with PHP running as CGI While developing a project using two factor authentication, with a key fob, I needed to use HTTP Basic Authentication over SSL, to prevent XSS as the project was a web based proxy. Now I had PHP5 running as a module, but PHP4 as CGI. There was the problem HTTP Authentication isn’t available under PHP running as CGI.
First you need to configure mod_rewrite:
.htaccess:
RewriteEngine on
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
What that will do is feed the base64′d user:pass into an environment variable named HTTP_AUTHORIZATION.
That splits up the username and password, and makes it look as if you were running PHP as a module.
So for a sample script:
<?
// split the user/pass parts
list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(’:', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
// open a user/pass prompt
if (!isset($_SERVER['PHP_AUTH_USER'])) {
header(’WWW-Authenticate: Basic realm=”My Realm”‘);
header(’HTTP/1.0 401 Unauthorized’);
echo ‘Text to send if user hits Cancel button’;
exit;
} else {
echo ‘Hello, ‘.htmlentities($_SERVER['PHP_AUTH_USER']).’
‘;
echo ‘You entered as your password: ‘.htmlentities($_SERVER['PHP_AUTH_PW']).’
‘;
}
?>作者: 翔子 时间: 2008-10-19 23:02 标题: zeus Request Rewriting RULE_0_START:
match URL into $ with .*
if not matched then goto RULE_0_END
# Source line 2
# Second half of: RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
set ENV:HTTP_AUTHORIZATION = %{IN:Authorization}
# This rule has [L]
goto END
RULE_0_END:作者: 翔子 时间: 2008-10-19 23:05
http://support.zeus.com/zws/integration/2005/12/16/zope
here says:
.htaccess
<Location /zope/>
PassEnvAuthorization on
</Location>
but not work for me. it deny all access. i even try Restricting Access Rule.