php 为什么 $_SERVER["PHP_AUTH_USER"] 和 $_SERVER["PHP_AUTH_PW"] 没有设置?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/14724127/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Why are $_SERVER["PHP_AUTH_USER"] and $_SERVER["PHP_AUTH_PW"] not set?
提问by Kosta Kontos
Before I begin, I'd like to point out that I've browsed Stack Overflow and found other similar questions - PHP_AUTH_USER not set?and HTTP Auth via PHP - PHP_AUTH_USER not set?- and these have pointed out that the authentication $_SERVER variables won't be set if ''Server API'' is set to ''CGI/FCGI'', but I checked my ''phpinfo()'' output and my ''Server API'' is set to ''Apache 2.0 Handler''.
在开始之前,我想指出我已经浏览了 Stack Overflow 并发现了其他类似的问题 - PHP_AUTH_USER 未设置?和通过 PHP 进行的 HTTP 身份验证 - PHP_AUTH_USER 未设置?- 这些已经指出,如果“服务器 API”设置为“CGI/FCGI”,则不会设置身份验证 $_SERVER 变量,但我检查了我的“phpinfo()”输出和我的“ “服务器 API”设置为“Apache 2.0 处理程序”。
Ok so I have a simple script as follows:
好的,所以我有一个简单的脚本如下:
<?php
echo "Username: " . $_SERVER["PHP_AUTH_USER"] . ", Password: " . $_SERVER["PHP_AUTH_PW"];
?>
... which I am calling remotely via the following:
...我通过以下方式远程调用:
wget -v --http-user=johnsmith --http-password=mypassword http://www.example.com/myscript.php
... but which only outputs:
...但只输出:
Username: , Password:
I have also tried calling the script using PHP cURL and setting the authentication parameters appropriately as follows:
我还尝试使用 PHP cURL 调用脚本并按如下方式适当设置身份验证参数:
curl_setopt($ch, CURLOPT_USERPWD, "johnsmith:mypassword");
... but I get the same output as above.
...但我得到与上面相同的输出。
Any idea what I'm doing wrong? Perhaps there is something else I need to enable / configure?
知道我做错了什么吗?也许我还需要启用/配置其他东西?
采纳答案by Kosta Kontos
I've finally discovered the answer thanks to the of help of Naktibalda in ##php on irc.freenode.net
在 irc.freenode.net 上 ##php 中 Naktibalda 的帮助下,我终于找到了答案
The following page summarises the issue: http://php.net/manual/en/features.http-auth.php
以下页面总结了该问题:http: //php.net/manual/en/features.http-auth.php
To quote the relevant bits:
引用相关位:
As of PHP 4.3.0, in order to prevent someone from writing a script which reveals the password for a page that was authenticated through a traditional external mechanism, the PHP_AUTH variables will not be set if external authentication is enabled for that particular page and safe mode is enabled. Regardless, REMOTE_USER can be used to identify the externally-authenticated user. So, you can use $_SERVER['REMOTE_USER'].
...
PHP uses the presence of an AuthType directive to determine whether external authentication is in effect.
从 PHP 4.3.0 开始,为了防止有人编写脚本来显示通过传统外部机制进行身份验证的页面的密码,如果为该特定页面启用了外部身份验证并且安全,则不会设置 PHP_AUTH 变量模式已启用。无论如何,REMOTE_USER 可用于识别外部身份验证的用户。因此,您可以使用 $_SERVER['REMOTE_USER']。
...
PHP 使用 AuthType 指令来确定外部身份验证是否有效。
回答by Teddy
For PHP-CGI:
对于 PHP-CGI:
in .htaccess add this:
在 .htaccess 中添加:
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
</IfModule>
and at the beginning of your script add this:
并在脚本的开头添加:
list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':' , base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
回答by Matt
Tried the previous suggestions, did not work, also discovered
尝试了之前的建议,没有用,还发现
CGIPassAuth On
is a more up to date version of the suggested htaccess addition, but that still did not work for me, instead I used
是建议的 htaccess 添加的更新版本,但这对我仍然不起作用,而是我使用了
SetEnvIf Authorization .+ HTTP_AUTHORIZATION=list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':' , base64_decode(substr($_SERVER['REDIRECT_HTTP_AUTHORIZATION'], 6)));
(must be in your root htaccess file) then in the php file
(必须在您的根 htaccess 文件中)然后在 php 文件中
echo "Username: " . $_SERVER[PHP_AUTH_USER] . ", Password: " . $_SERVER[PHP_AUTH_PW];
If anyone still has trouble I suggest they check the server vars, as the data may be in a different var, your looking for something that start with basic
如果有人仍然遇到问题,我建议他们检查服务器变量,因为数据可能位于不同的变量中,您正在寻找以 basic 开头的内容
回答by jyoti singh
this should be like this
这应该是这样的
##代码##