phphtml.htaccesshttpwww-authenticate

PHP www-authenticate Basic Popup Loop Issue


Since two days I try to find my issue in a simple sample code:

<?php

if (!isset($_SERVER['PHP_AUTH_USER'])) {
    header('WWW-Authenticate: Basic realm="My Realm"');
    header('HTTP/1.0 401 Unauthorized');
    echo 'Text to send if user hits Cancel button';
    exit;
} else {
    echo "<p>Hello {$_SERVER['REMOTE_USER']}.</p>";
    echo "<p>You entered {$_SERVER['PHP_AUTH_PW']} as your password.</p>";
}

?>

The Auth Popup open fine, I send User and Password. But the popup open again and again. If I cancel the popup the 401 message will displayed correctly.

I tried to fill a .htaccess with

RewriteRule ^(.*)$ index.php [E=REMOTE_USER:%{HTTP:Authorization},QSA,L]

But this change nothing. Thank you for any ideas to solve this!


Solution

  • What stack are you using on PHP? Assuming that it's PHP-CGI, try the following in your .htaccess:

    <IfModule mod_rewrite.c>
        RewriteEngine on
        RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
    </IfModule>
    

    Make sure, that mod_rewrite is avaliable on the server and .htaccess files got parsed (AllowOverride must be set to all in httpd.conf).

    Depending on your infrastructure, there may be some kind of proxy that drops the auth-header. For a clean testing environment, I recommend a local Apache2 installation. Stacks like xampp provide full development areas out of the box.