Commit 0dd0d09a authored by fago's avatar fago

Issue #2101361 by maximilianmikus, fago: Fixed HTTP Basic auth headers not...

Issue #2101361 by maximilianmikus, fago: Fixed HTTP Basic auth headers not supported by Apache FastCGI.
parent 14ebc53b
......@@ -15,3 +15,14 @@ You can configure the regex (suitable for preg_match()) in your settings.php,
e.g.:
$conf['restws_basic_auth_user_regex'] = '/^web_service.*/';
Compatibility with Apache + PHP as CGI/FCGI:
--------------------------------------------
Unfortunately PHP_AUTH_USER & PHP_AUTH_PW server variables are not available
when PHP is run as CGI/FCGI under Apache. However, it is possible to make the
module work in such an environment by adding the following line to your
.htaccess file:
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
......@@ -11,6 +11,14 @@
* Performs a user login from the credentials in the HTTP Authorization header.
*/
function restws_basic_auth_init() {
// Try to fill PHP_AUTH_USER & PHP_AUTH_PW with REDIRECT_HTTP_AUTHORIZATION
// for compatibility with Apache PHP CGI/FastCGI.
// This requires the following line in your ".htaccess"-File:
// RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
if (!empty($_SERVER['REDIRECT_HTTP_AUTHORIZATION']) && !isset($_SERVER['PHP_AUTH_USER']) && !isset($_SERVER['PHP_AUTH_PW'])) {
$authentication = base64_decode(substr($_SERVER['REDIRECT_HTTP_AUTHORIZATION'], 6));
list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', $authentication);
}
if (user_is_anonymous() && isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
// Login only user names that match a pattern.
$user_regex = variable_get('restws_basic_auth_user_regex', '/^restws.*/');
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment