Reflect current behavior regarding external-auth and PHP_AUTH variables.

They are only disabled if safe mode is on as of 4.3.0 Before this time they were not disabled. git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@108997 c90b9560-bf6c-de11-be94-00142212c4b1
2025-03-17 01:18:55 +00:00 · 2002-12-25 10:19:32 +00:00 · 2002-12-25 10:19:32 +00:00 · 6a41f13399
commit 6a41f13399
parent 1f93d7bade
1 changed files with 7 additions and 9 deletions
--- a/features/http-auth.xml
+++ b/features/http-auth.xml
@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="iso-8859-1"?>
-<!-- $Revision: 1.29 $ -->
+<!-- $Revision: 1.30 $ -->
 <chapter id="features.http-auth">
  <title>HTTP authentication with PHP</title>

@ -84,12 +84,13 @@
  </para>

  <simpara>
-   In order to prevent someone from writing a script which reveals
-   the password for a page that was authenticated through a
-   traditional external mechanism, the PHP_AUTH variables will not be
+   As of PHP 4.3.0, in order to prevent someone from writing a script which
+   reveals the password for a page that was authenticated through a
+   traditional external mechanism, the PHP_AUTH variables will not be 
   set if external authentication is enabled for that particular
-   page. In this case, <varname>REMOTE_USER</varname> can be used 
-   to identify the externally-authenticated user.  So, 
+   page and <link linkend="features.safe-mode">safe mode</link> is
+   enabled.  Regardless, <varname>REMOTE_USER</varname> can be used 
+   to identify the externally-authenticated user.  So, you can use  
   <varname>$_SERVER['REMOTE_USER']</varname>.
  </simpara>

@ -98,9 +99,6 @@
   <para>
    PHP uses the presence of an <literal>AuthType</literal> directive
    to determine whether external authentication is in effect.
-    Remember to avoid this directive for the context where you want to
-    use PHP authentication (otherwise each authentication attempt
-    will fail).
   </para>
  </note>