Menu
I’ve been struggling with this for days, please help…at least let me know if I’m banging my head against a brick wall so I can stop!
My server is running PHP as CGI, not as a module on Apache.
I have an “admin” directory that contains all the files (at least 40 of them) to run a content management system. I don’t want anyone without authorization to be able to just type the full path to any of these files and have it come up where they can upload or edit the content to something inappropriate.
After agonizing over this, trying to figure out why password-protection wasn’t working, I learned that HTTP authentication for PHP doesn’t work when it’s installed as CGI. *sigh
I have found a couple workarounds on the web and tried them, but I’m still coming up with blanks. Can anyone tell me why this might not be working?
The .htaccess file:
[CODE]
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule .* – [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
</IfModule>
The PHP test file:
[CODE]
<?php
// split user/pass parts
list($_SERVER[‘PHP_AUTH_USER’], $_SERVER[‘PHP_AUTH_PW’]) = explode(‘:’, base64_decode(substr($_SERVER[‘HTTP_AUTHORIZATION’], 6)));
// open user/pass prompt
if (!isset($_SERVER[‘PHP_AUTH_USER’])) {
header(‘WWW-Authenticate: Basic realm=”Your Realm”‘);
header(‘HTTP/1.0 401 Unauthorized’);
echo ‘Text to send if Cancel button is used’;
exit;
} else {
echo “<p>Greetings: </p>”.$_SERVER[‘PHP_AUTH_USER’];
echo “<p>Password you entered: </p>”.$_SERVER[‘PHP_AUTH_PW’];
}
?>
When I try this, no password prompt comes up and I get a blank page with “Greetings: Password you entered:” and nothing else. Obviously PHP_AUTH_USER and PHP_AUTH_PW aren’t being passed. How can I make this work?