0

I have CGI-handled PHP server and basic authentication is not working since PHP_AUTH_USER returns empty string.

I've searched a lot and there was only one solution to this: using .htaccess rewriterule.

The problem is I can't edit .htaccess for some reasons. I want to know if there's a way to do the authentication without changing the htaccess file?

hakre
  • 193,403
  • 52
  • 435
  • 836
Hossain Alhaidari
  • 767
  • 3
  • 11
  • 24
  • I assume since you can't even change the htaccess file, you can't change your server or vhost config. If you can't change any of those things, you can't change your BASIC authentication. You're probably going to have to use some sort of FORMs authentication or something through php and track your login sessions through that – Jon Lin Sep 10 '13 at 06:00
  • Do you mean this problem: [PHP_AUTH_USER not set?](http://stackoverflow.com/q/3663520/367456) - and please reference the solution with the rewrite rule that didn't work for you so that it is linked. – hakre Sep 10 '13 at 06:01
  • @JonLin well, actually I have to do it by basic authentication and not forms...I just managed to edit the htaccess but still not working!! HTTP_AUTHORIZATION is empty – Hossain Alhaidari Sep 10 '13 at 06:04
  • 1
    @hakre yes that is my problem. The most voted answer in link you provided was my solution! – Hossain Alhaidari Sep 10 '13 at 06:05
  • To be more specific, actually I CAN edit htaccess but, I should do it without editing that file! That's my problem... – Hossain Alhaidari Sep 10 '13 at 06:07
  • The second best answer in the question linked above tells you that it isn't possible then. The `PHP_AUTH_*` variables are only available in certain circumstances (e.g. PHP running as mod_php in Apache) - the rewrite rule is a hack to actually pass the autorization header as a different one, so it not filtered out when PHP gets the HTTP headers. There are probably more ways to work around this, but all would need to edit some internals of the server setup - if you are already not allowed to edit .htaccess, anything else will also be disallowed, I think. – Sven Sep 10 '13 at 06:39
  • OK then....so why when I edit my htaccess still it returns nothing in HTTP_AUTHORIZATION? Do I need to reset apache server or something? – Hossain Alhaidari Sep 10 '13 at 06:41

0 Answers0