From: Brion Vibber Date: Wed, 17 Mar 2010 17:52:11 +0000 (-0700) Subject: Workaround for HTTP authentication in the API when running PHP as CGI/FastCGI. Exampl... X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=22f827134c3be845494bebd76bda9e4a074e710b;p=quix0rs-gnu-social.git Workaround for HTTP authentication in the API when running PHP as CGI/FastCGI. Example rewrite lines added as comments in htaccess.sample, API tweaked to accept alternate environment var form. --- diff --git a/htaccess.sample b/htaccess.sample index 37eb8e01ec..18a868698c 100644 --- a/htaccess.sample +++ b/htaccess.sample @@ -5,6 +5,11 @@ RewriteBase /mublog/ + ## Uncomment these if having trouble with API authentication + ## when PHP is running in CGI or FastCGI mode. + #RewriteCond %{HTTP:Authorization} ^(.*) + #RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1] + RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule (.*) index.php?p=$1 [L,QSA] diff --git a/lib/apiauth.php b/lib/apiauth.php index 32502399f9..17f803a1ca 100644 --- a/lib/apiauth.php +++ b/lib/apiauth.php @@ -294,11 +294,15 @@ class ApiAuthAction extends ApiAction function basicAuthProcessHeader() { - if (isset($_SERVER['AUTHORIZATION']) - || isset($_SERVER['HTTP_AUTHORIZATION']) - ) { - $authorization_header = isset($_SERVER['HTTP_AUTHORIZATION']) - ? $_SERVER['HTTP_AUTHORIZATION'] : $_SERVER['AUTHORIZATION']; + $authHeaders = array('AUTHORIZATION', + 'HTTP_AUTHORIZATION', + 'REDIRECT_HTTP_AUTHORIZATION'); // rewrite for CGI + $authorization_header = null; + foreach ($authHeaders as $header) { + if (isset($_SERVER[$header])) { + $authorization_header = $_SERVER[$header]; + break; + } } if (isset($_SERVER['PHP_AUTH_USER'])) {