[pmwiki-users] Allowing password extraction from URI
Thomas -Balu- Walter
list+pmwiki-users at b-a-l-u.de
Mon Jul 25 02:44:39 CDT 2005
On Sun, Jul 24, 2005 at 02:40:46PM -0500, Patrick R. Michaud wrote:
> On Sun, Jul 24, 2005 at 06:19:54PM +0200, chr at home.se wrote:
> > http://user:password@www.pmwiki.org/wiki/Test/Password
>
> Sure, but to be honest I have absolutely no clue how to obtain
> the "user:password" information out of a url like the one above.
> In my testing only Apache ever sees this information and it only
> makes the username available (as REMOTE_USER) when Apache is handling
> the authentication and the authentication was successful.
AFAIK that is the standard mechanism to provide the server directly with
username and password in case it needs HTTP authentication (as in
http://www.php.net/manual/en/features.http-auth.php).
So
header('WWW-Authenticate: Basic realm="My Realm"');
header('HTTP/1.0 401 Unauthorized');
might need to be sent to get the following two
$_SERVER['PHP_AUTH_USER']
$_SERVER['PHP_AUTH_PW']
This does not work in CGI versions of PHP though and has other drawbacks.
Balu
More information about the pmwiki-users
mailing list