Basic HTTP Authentication & PHP-FastCGI
igor at pokelondon.com
Thu Jul 24 12:46:09 MSD 2008
On 23 Jul 2008, at 19:09, mike wrote:
> On 7/23/08, Igor Sysoev <is at rambler-co.ru> wrote:
>> There is $remote_user variable, but there is no $remote_password.
> Okay, then you should be able to add in your fastcgi params
> fastcgi_param REMOTE_USER $remote_user;
> and it should pass it to PHP, only if the user is properly
> authenticated right? $remote_user is only populated if the
> authentication is passed, I assume.
> I don't think people typically need the password. They either need to
> choose to let the webserver handle auth, or the PHP/scripting language
> to handle it.
> re: Igor Clark - no, it won't be doing the auth twice. This is
> assuming nginx is doing all the auth stuff, you're simply passing the
> user to the script so you can grab the username.
The original question was "How would I pass the Basic HTTP
Authentication user & password over to PHP to do the check?"
Meaning that if nginx was also doing auth, it would be 2 checks, and
all Philip needed was HTTP_AUTHORIZATION header, as has been stated.
But sure, in the case you describe, the auth is only done by nginx.
> If you need more flexibility and password info, I'd suggest going a
> pure PHP route then.
> (Also I assume that if $remote_user is not set - because it's not
> under an authed directory, or it's an invalid password/etc, that it
> will not show an error, but just pass an empty REMOTE_USER string - so
> your PHP app would want to understand a non-existent
> $_SERVER['REMOTE_USER'] or an empty one means invalid auth)
Igor Clark • POKE • 10 Redchurch Street • E2 7DD • +44 (0)20 7749 5355
More information about the nginx