From 6a41f13399f037557153180a7d9e81d6083ad3a5 Mon Sep 17 00:00:00 2001 From: Philip Olson Date: Wed, 25 Dec 2002 10:19:32 +0000 Subject: [PATCH] Reflect current behavior regarding external-auth and PHP_AUTH variables. They are only disabled if safe mode is on as of 4.3.0 Before this time they were not disabled. git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@108997 c90b9560-bf6c-de11-be94-00142212c4b1 --- features/http-auth.xml | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/features/http-auth.xml b/features/http-auth.xml index e3f07bdc4c..43f80f826a 100644 --- a/features/http-auth.xml +++ b/features/http-auth.xml @@ -1,5 +1,5 @@ - + HTTP authentication with PHP @@ -84,12 +84,13 @@ - In order to prevent someone from writing a script which reveals - the password for a page that was authenticated through a - traditional external mechanism, the PHP_AUTH variables will not be + As of PHP 4.3.0, in order to prevent someone from writing a script which + reveals the password for a page that was authenticated through a + traditional external mechanism, the PHP_AUTH variables will not be set if external authentication is enabled for that particular - page. In this case, REMOTE_USER can be used - to identify the externally-authenticated user. So, + page and safe mode is + enabled. Regardless, REMOTE_USER can be used + to identify the externally-authenticated user. So, you can use $_SERVER['REMOTE_USER']. @@ -98,9 +99,6 @@ PHP uses the presence of an AuthType directive to determine whether external authentication is in effect. - Remember to avoid this directive for the context where you want to - use PHP authentication (otherwise each authentication attempt - will fail).