Question about HTTP Authentication

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
smokinguns
Forum Newbie
Posts: 1
Joined: Wed Aug 26, 2009 10:28 am

Question about HTTP Authentication

Post by smokinguns »

Hey all,
I have a PHP(4.3.8, SERVER API:CGI/FastCGI ) shopping cart app running on IIS 5.0. I have restricted the admin section of this app. Whenever somebody tries to access the admin section, a dialog popup that require Username and Password comes up. Is there a way I can access the username entered in this dialog? I have checked 'anonymous access' and 'integrated windows authentication' for this website in IIS manager. Also PHP_AUTH_USER seems to not being defined in phpinfo() output. Any Ideas?
User avatar
Darhazer
DevNet Resident
Posts: 1011
Joined: Thu May 14, 2009 3:00 pm
Location: HellCity, Bulgaria

Re: Question about HTTP Authentication

Post by Darhazer »

print_r($_SERVER)
Maybe there is HTTP_AUTHORIZATION instead?
Also, from the manual:
IIS Note:
For HTTP Authentication to work with IIS, the PHP directive cgi.rfc2616_headers must be set to 0 (the default value).
Post Reply