Reflect current behavior regarding external-auth and PHP_AUTH variables.

They are only disabled if safe mode is on as of 4.3.0  Before this time
they were not disabled.


git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@108997 c90b9560-bf6c-de11-be94-00142212c4b1
This commit is contained in:
Philip Olson 2002-12-25 10:19:32 +00:00
parent 1f93d7bade
commit 6a41f13399

View file

@ -1,5 +1,5 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!-- $Revision: 1.29 $ -->
<!-- $Revision: 1.30 $ -->
<chapter id="features.http-auth">
<title>HTTP authentication with PHP</title>
@ -84,12 +84,13 @@
</para>
<simpara>
In order to prevent someone from writing a script which reveals
the password for a page that was authenticated through a
traditional external mechanism, the PHP_AUTH variables will not be
As of PHP 4.3.0, in order to prevent someone from writing a script which
reveals the password for a page that was authenticated through a
traditional external mechanism, the PHP_AUTH variables will not be
set if external authentication is enabled for that particular
page. In this case, <varname>REMOTE_USER</varname> can be used
to identify the externally-authenticated user. So,
page and <link linkend="features.safe-mode">safe mode</link> is
enabled. Regardless, <varname>REMOTE_USER</varname> can be used
to identify the externally-authenticated user. So, you can use
<varname>$_SERVER['REMOTE_USER']</varname>.
</simpara>
@ -98,9 +99,6 @@
<para>
PHP uses the presence of an <literal>AuthType</literal> directive
to determine whether external authentication is in effect.
Remember to avoid this directive for the context where you want to
use PHP authentication (otherwise each authentication attempt
will fail).
</para>
</note>