[pmwiki-users] Re: Allowing password extraction from URI
chr at home.se
chr at home.se
Mon Jul 25 03:04:07 CDT 2005
On Mon, 25 Jul 2005, Thomas -Balu- Walter wrote:
> On Sun, Jul 24, 2005 at 02:40:46PM -0500, Patrick R. Michaud wrote:
> > On Sun, Jul 24, 2005 at 06:19:54PM +0200, chr at home.se wrote:
> > > http://user:password@www.pmwiki.org/wiki/Test/Password
> >
> > Sure, but to be honest I have absolutely no clue how to obtain
> > the "user:password" information out of a url like the one above.
> > In my testing only Apache ever sees this information and it only
> > makes the username available (as REMOTE_USER) when Apache is handling
> > the authentication and the authentication was successful.
>
> AFAIK that is the standard mechanism to provide the server directly with
> username and password in case it needs HTTP authentication (as in
> http://www.php.net/manual/en/features.http-auth.php).
>
> So
> header('WWW-Authenticate: Basic realm="My Realm"');
> header('HTTP/1.0 401 Unauthorized');
>
> might need to be sent to get the following two
> $_SERVER['PHP_AUTH_USER']
> $_SERVER['PHP_AUTH_PW']
>
> This does not work in CGI versions of PHP though and has other drawbacks.
I'm not sure I follow you completely... are you saying pmwiki.php could
extract user/password if pmwiki-mode (from within Emacs) appended
header('WWW-Authenticate: Basic realm="My Realm"');
header('HTTP/1.0 401 Unauthorized');
to it's 'http-get' request?
/Christian
--
Christian Ridderström, +46-8-768 39 44 http://www.md.kth.se/~chr
More information about the pmwiki-users
mailing list