User not logged under Apache2

Bug #22672	User not logged under Apache2
Submitted:	2003-03-13 03:11 UTC	Modified:	2003-03-17 15:31 UTC
From:	bugzilla at ab dot thatcow dot com	Assigned:	ianh (profile)
Status:	Closed	Package:	Apache2 related
PHP Version:	4.3.1	OS:	SunOS 5.9
Private report:	No	CVE-ID:	None

[2003-03-13 03:11 UTC] bugzilla at ab dot thatcow dot com

I send headers through PHP to force authentication. Under apache1.3, the username would show up properly under my combined logs - under apache2.0.44, I always see "-". The folks over at Apache (see their bug #8500) suggest PHP needs to be setting user in the request structure.

I've add one line in php_apache_request_ctor() in sapi_apache2.c to set this. This hack is fairly ignorant of the internals of both php and apache, but here it is anyway. Do with as you wish. Forgive the formatting here if it doesn't come out right.

<pre>
        if (!PG(safe_mode)) {
                auth = apr_table_get(f->r->headers_in, "Authorization");
                php_handle_auth_data(auth TSRMLS_CC);
+               ctx->r->user = apr_pstrdup(ctx->r->pool,SG(request_info).auth_user);
        } else {
                SG(request_info).auth_user = NULL;
                SG(request_info).auth_password = NULL;
</pre>

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2003-03-13 23:18 UTC] ianh@php.net

Hi.
Can you mail me some php script which does user-authentication. so I can test the patch.
I want to verify it works if a user does user-authentication via apache before I commit it.

TIA
Ian

[2003-03-14 10:01 UTC] sniper@php.net

[To: Ian] Always set the status also to 'Assigned'

[2003-03-17 15:29 UTC] ianh@php.net

Thanks Andrew.
I've commited your patch into the CVS HEAD.
Jani -- are you ok with this going into 4_3 ?