summaryrefslogtreecommitdiff
path: root/inc/auth.php
diff options
context:
space:
mode:
authorMichael Hamann <michael@content-space.de>2010-12-27 22:53:18 +0100
committerMichael Hamann <michael@content-space.de>2011-01-15 12:29:02 +0100
commitb2665af72cdba76ca409b7e00e150746f2f83ced (patch)
tree80ca5835bc7051695869369626ae25ef1db42766 /inc/auth.php
parent0c94c420c9dc14fc16700de5cca04959ca38e2c1 (diff)
downloadrpg-b2665af72cdba76ca409b7e00e150746f2f83ced.tar.gz
rpg-b2665af72cdba76ca409b7e00e150746f2f83ced.tar.bz2
Handle renamed authorization variables
Sometimes (when using rewriting with the workaround for CGI mode described at http://www.besthostratings.com/articles/http-auth-php-cgi.html) the HTTP_AUTHORIZATION variable is renamed, this change detects this renaming and uses the renamed variable.
Diffstat (limited to 'inc/auth.php')
-rw-r--r--inc/auth.php6
1 files changed, 6 insertions, 0 deletions
diff --git a/inc/auth.php b/inc/auth.php
index 5cdcec830..38d1c925d 100644
--- a/inc/auth.php
+++ b/inc/auth.php
@@ -70,6 +70,12 @@ function auth_setup(){
$_REQUEST['http_credentials'] = false;
if (!$conf['rememberme']) $_REQUEST['r'] = false;
+ // handle renamed HTTP_AUTHORIZATION variable (can happen when a fix like
+ // the one presented at
+ // http://www.besthostratings.com/articles/http-auth-php-cgi.html is used
+ // for enabling HTTP authentication with CGI/SuExec)
+ if(isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION']))
+ $_SERVER['HTTP_AUTHORIZATION'] = $_SERVER['REDIRECT_HTTP_AUTHORIZATION'];
// streamline HTTP auth credentials (IIS/rewrite -> mod_php)
if(isset($_SERVER['HTTP_AUTHORIZATION'])){
list($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW']) =