[pmwiki-users] Allowing password extraction from URI

Thomas -Balu- Walter list+pmwiki-users at b-a-l-u.de
Mon Jul 25 02:44:39 CDT 2005


On Sun, Jul 24, 2005 at 02:40:46PM -0500, Patrick R. Michaud wrote:
> On Sun, Jul 24, 2005 at 06:19:54PM +0200, chr at home.se wrote:
> >  	http://user:password@www.pmwiki.org/wiki/Test/Password
> 
> Sure, but to be honest I have absolutely no clue how to obtain
> the "user:password" information out of a url like the one above.  
> In my testing only Apache ever sees this information and it only
> makes the username available (as REMOTE_USER) when Apache is handling
> the authentication and the authentication was successful.

AFAIK that is the standard mechanism to provide the server directly with
username and password in case it needs HTTP authentication (as in
http://www.php.net/manual/en/features.http-auth.php).

So    
   header('WWW-Authenticate: Basic realm="My Realm"');
   header('HTTP/1.0 401 Unauthorized');

might need to be sent to get the following two
   $_SERVER['PHP_AUTH_USER']
   $_SERVER['PHP_AUTH_PW']

This does not work in CGI versions of PHP though and has other drawbacks.

     Balu




More information about the pmwiki-users mailing list