Http Auth不适用于PHP [英] Http Auth dosen't work with PHP
问题描述
我使用Laravel/Lumen Shield扩展程序进行Http身份验证,但是在我的本地计算机上,一切都很完美,我的服务器上只有问题.
I use the Laravel/Lumen Shield Extension for my Http Authentication, however on my local machine everything is perfect, I had only problems on our server.
问题是我提交正确的登录数据后,再次出现登录屏幕.我尝试了不同的登录数据,不同的浏览器,登录屏幕一次又一次出现.
The problem is after I submit the correct login data the login screen appears again. I tried different login data, different browsers, the login screen appears again and again.
我检查的最后一件事是使用以下命令更改.htaccess:
The last thing I checked up was to change my .htaccess with:
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
但是我只有一个404 ...
But I got only a 404 ...
如果我使用htaccess/htpasswd,则Http Auth进程可以工作,但是我想使用PHP进行处理,首先我想了解问题出在哪里.
The Http Auth process works if I used htaccess/htpasswd, but I want to handle this with PHP and first of all I want to understand where is the problem.
为限制问题,我尝试使用此代码进行PHP Http Auth:
To limit the problem I tried a PHP Http Auth with this code:
<?php
$realm = 'Geschützter Bereich';
// Benutzer => Passwort
$benutzer = array('admin' => 'mypass', 'gast' => 'gast');
if (empty($_SERVER['PHP_AUTH_DIGEST'])) {
header('HTTP/1.1 401 Unauthorized');
header('WWW-Authenticate: Digest realm="' . $realm .
'",qop="auth",nonce="' . uniqid() . '",opaque="' . md5($realm) .
'"');
die('Text, der gesendet wird, falls der Benutzer auf Abbrechen drückt');
}
// Analysieren der Variable PHP_AUTH_DIGEST
if (!($daten = http_digest_parse($_SERVER['PHP_AUTH_DIGEST'])) ||
!isset($benutzer[$daten['username']]))
die('Falsche Zugangsdaten!');
// Erzeugen einer gültigen Antwort
$A1 = md5($daten['username'] . ':' . $realm . ':' .
$benutzer[$daten['username']]);
$A2 = md5($_SERVER['REQUEST_METHOD'] . ':' . $daten['uri']);
$gueltige_antwort = md5($A1 . ':' . $daten['nonce'] . ':' . $daten['nc'] .
':' . $daten['cnonce'] . ':' . $daten['qop'] . ':' .
$A2);
if ($daten['response'] != $gueltige_antwort)
die('Falsche Zugangsdaten!');
// OK, gültige Benutzername & Passwort
echo 'Sie sind angemeldet als: ' . $daten['username'];
// Funktion zum analysieren der HTTP-Auth-Header
function http_digest_parse($txt) {
// gegen fehlende Daten schützen
$noetige_teile = array('nonce'=>1, 'nc'=>1, 'cnonce'=>1, 'qop'=>1,
'username'=>1, 'uri'=>1, 'response'=>1);
$daten = array();
$schluessel = implode('|', array_keys($noetige_teile));
preg_match_all('@(' . $schluessel . ')=(?:([\'"])([^\2]+?)\2|([^\s,]+))@',
$txt, $treffer, PREG_SET_ORDER);
foreach ($treffer as $t) {
$daten[$t[1]] = $t[3] ? $t[3] : $t[4];
unset($noetige_teile[$t[1]]);
}
return $noetige_teile ? false : $daten;
}
?>
与以前相同的情况,该代码在我的本地计算机上正常工作,但是问题仍然存在于我的服务器上.
Same situation as before, on my local machine this code working, but the problem is still alive on my server.
有关环境的一些信息..
Some information about the environment ..
本地:使用PHP 5.6的Debian 服务器:带有PHP 5.6的Gentoo
Local: Debian with PHP 5.6 Server: Gentoo with PHP 5.6
对于该项目,我使用Lumen 5.1代替Laravel.
For the project I used Lumen 5.1 instead of Laravel.
感谢您的帮助:)
推荐答案
问题已解决.
我检查了服务器和SERVER API上的phpinfo()是否在CGI/FastCGI上.
I checked phpinfo() on our Server and SERVER API was on CGI/FastCGI.
通过PHP进行HTTP身份验证-PHP_AUTH_USER不是设置吗?
运行phpinfo().如果服务器API"是CGI/FCGI,您几乎会忘记 因为没有明智的方法来使用PHP的HTTP身份验证.
Run phpinfo(). if "Server API" is CGI/FCGI, you can pretty much forget it as there is no sensible way to use HTTP auth from PHP.
现在,我知道问题出在哪里,并且在将以下部分添加到public/.htacces中时,我解决了该问题.
Now I knew where the problem is and I solved the Issue while adding the following part into my public/.htacces .
SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
这篇关于Http Auth不适用于PHP的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!