用PHP基本身份验证提供了一个无限循环 [英] Basic Authentication with PHP gives an endless loop
问题描述
出于某种原因,我不能得到基本身份验证使用我的服务器上的PHP工作。我现在用的确切code从手册页:
For some reason I can't get Basic Authentication to work using PHP on my server. I am using the exact code from the manual page:
<?php
if (!isset($_SERVER['PHP_AUTH_USER'])) {
header('WWW-Authenticate: Basic realm="My Realm"');
header('HTTP/1.0 401 Unauthorized');
echo 'Text to send if user hits Cancel button';
exit;
} else {
echo "<p>Hello {$_SERVER['PHP_AUTH_USER']}.</p>";
echo "<p>You entered {$_SERVER['PHP_AUTH_PW']} as your password.</p>";
}
?>
然而,当我运行它,我永远无法超越的提示。
However, when I run it, I can never get beyond the prompt.
如果我把这个相同的code我的另一台服务器上,它工作正常。
If I put this same code on my other server, it works fine.
有谁知道这可能是导致此?两台服务器都WAMP栈和Apache启用了auth_basic_module。在php.ini文件实际上是相同的为好。
Does anyone know what could be causing this? Both servers are WAMP stacks and Apache has the auth_basic_module enabled. The PHP.ini files are practically identical as well.
我看了一下头后输入我的用户名/密码,有授权:基本XXXXXX。发送标题
I glanced at the headers and after I enter my username/password, there is the "Authorization: Basic XXXXXX" header being sent.
推荐答案
这取决于所使用的PHP接口。环境变量 PHP_AUTH_USER 仅用于mod_php,并且,如果Apache的帮助。
This depends on the used PHP interface. The environment variable PHP_AUTH_USER is only used for mod_php and if Apache helped.
如果您从脚本初始化授权,那么你必须去寻找 HTTP_AUTHORIZATION 头,和去code和分裂它自己。看看这个评论:<一href=\"http://www.php.net/manual/en/features.http-auth.php#94349\">http://www.php.net/manual/en/features.http-auth.php#94349
If you initialize the authorization from the script, then you have to look for the HTTP_AUTHORIZATION header, and decode and split it up yourself. Look at this comment: http://www.php.net/manual/en/features.http-auth.php#94349
有关FastCGI的设置或suexec的invokations你甚至可能没有在环境变量头present。它过滤掉了保安precaution。常见的解决方法是使用的.htaccess规则重写头:
For FastCGI setups or suexec invokations you might not even have that header present in the environment variables. It's filtered out as security precaution. The common workaround is to rewrite the header using a .htaccess rule:
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
因此,可用与混合情况下 $ _ SERVER [HTTP_AUTHORIZATION] 。
这篇关于用PHP基本身份验证提供了一个无限循环的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
