为什么 $_SERVER[“PHP_AUTH_USER"] 和 $_SERVER[“PHP_AUTH_PW"] 没有设置? [英] Why are $_SERVER["PHP_AUTH_USER"] and $_SERVER["PHP_AUTH_PW"] not set?
问题描述
在开始之前,我想指出我已经浏览了 Stack Overflow 并发现了其他类似的问题 - PHP_AUTH_USER 未设置? 和 通过 PHP 进行 HTTP 身份验证 - PHP_AUTH_USER 未设置? - 这些指出如果服务器 API"设置为CGI/FCGI",则不会设置身份验证 $_SERVER 变量,但我检查了我的 ''phpinfo()'' 输出,我的 ''Server API'' 设置为 ''Apache 2.0 Handler''.
Before I begin, I'd like to point out that I've browsed Stack Overflow and found other similar questions - PHP_AUTH_USER not set? and HTTP Auth via PHP - PHP_AUTH_USER not set? - and these have pointed out that the authentication $_SERVER variables won't be set if ''Server API'' is set to ''CGI/FCGI'', but I checked my ''phpinfo()'' output and my ''Server API'' is set to ''Apache 2.0 Handler''.
好的,我有一个简单的脚本如下:
Ok so I have a simple script as follows:
<?php
echo "Username: " . $_SERVER["PHP_AUTH_USER"] . ", Password: " . $_SERVER["PHP_AUTH_PW"];
?>
...我通过以下方式远程调用:
... which I am calling remotely via the following:
wget -v --http-user=johnsmith --http-password=mypassword http://www.example.com/myscript.php
...但只输出:
Username: , Password:
我还尝试使用 PHP cURL 调用脚本并按如下方式适当设置身份验证参数:
I have also tried calling the script using PHP cURL and setting the authentication parameters appropriately as follows:
curl_setopt($ch, CURLOPT_USERPWD, "johnsmith:mypassword");
...但我得到与上面相同的输出.
... but I get the same output as above.
知道我做错了什么吗?也许我还需要启用/配置其他东西?
Any idea what I'm doing wrong? Perhaps there is something else I need to enable / configure?
推荐答案
感谢 Naktibalda 在 ##php on irc.freenode.net 的帮助下,我终于找到了答案
I've finally discovered the answer thanks to the of help of Naktibalda in ##php on irc.freenode.net
以下页面总结了该问题:http://php.net/manual/en/features.http-auth.php
The following page summarises the issue: http://php.net/manual/en/features.http-auth.php
引用相关位:
从 PHP 4.3.0 开始,为了防止有人编写脚本来泄露通过传统外部机制验证的页面的密码,如果为特定的外部机制启用了外部验证,则不会设置 PHP_AUTH 变量页面和安全模式已启用.无论如何,REMOTE_USER 可用于识别外部验证用户.因此,您可以使用 $_SERVER['REMOTE_USER'].
As of PHP 4.3.0, in order to prevent someone from writing a script which reveals the password for a page that was authenticated through a traditional external mechanism, the PHP_AUTH variables will not be set if external authentication is enabled for that particular page and safe mode is enabled. Regardless, REMOTE_USER can be used to identify the externally-authenticated user. So, you can use $_SERVER['REMOTE_USER'].
...
PHP 使用 AuthType 指令来确定外部身份验证是否有效.
PHP uses the presence of an AuthType directive to determine whether external authentication is in effect.
这篇关于为什么 $_SERVER[“PHP_AUTH_USER"] 和 $_SERVER[“PHP_AUTH_PW"] 没有设置?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
