Finding authenticated user name 1

[awingnut]

I need to get the user name of the current autenticated user. I found documentation about 2 way to do it:$_session['username'] and $_server['php_auth_user']

Neither seems to work. Maybe it is a version issue. I have Apache 2 which I think includes php v5. Can someone tell me how to get the current authenticated username? TIA.

 

[sleipnir214]

NOTE: PHP variable names are case-sensitive. You are incorrectly mentioning "$_server" and "$_session" in your question.


No element of the $_SESSION superglobal array will have any value that one of your script has not explicitly set. So any use of $_SESSION['username'] would necessitate an earlier assignment.

$_SERVER['PHP_AUTH_USER'] will have the authenticated user name if and only if you are running PHP as an Apache module (not as a CGI) with HTTP authentication. Is this the case here?

I'm not sure what you mean by "I have Apache 2 which I think includes php v5". Apache and PHP are published by two completely different groups of people. You often see PHP on the same systems where Apache is installed, but this is not necessarily the case.

Want the best answers? Ask the best questions!

TANSTAAFL!!

 

[awingnut]

Thanks for the reply. Sorry for the comfusion, I've been posting to the Mandrake list about other things and forgot where I was. When I said Apache 2 with PHP v5, I was talking about what is bundled on the Mandrake install CDs. I guess I am running php as a module although I can't seem to find a loadmodule for it. That makes me suspicious. I'll do a little research on that.

 

[awingnut]

I think I see what is wrong. There is an IfDef for the variable HAVE_PHP4 that loads the module. What I can't find is where that variable is/should be set. Any suggestions? TIA.

 

[awingnut]

I guess I was wrong. PHP info seems to indicate it is 4.3.8 and I guess it means it is a module. So the original problem remains.

$_SERVER['PHP_AUTH_USER'] is not set even though authentication was required and succesful. Suggestions? TIA.

 

[jpadie]

i don't think the version number will tell you whether php is loaded as a module. to tell definitively have a look at the output of phpinfo();

i would guess that you are not getting the PHP_AUTH_USER data because you are not running php as an asapi module.

if you're concerned about the IfDef and you know you have php 4* then take out the conditional statement from your httpd.conf file and just load the module.

 

[awingnut]

I am looking at phpinfo (that's where I got the version) but I don't see anything that says if its a module or not. Removing the 'IfDef' is not that easy. It appears in a bunch of different config files. Apache 2 has broken up the config files into many different ones (at least for Mandrake).

 

[ingresman]

Could you post the output from your PHPINFO() (with any sensitive stuff removed)?

 

[ingresman]

Actualy just had a thought,
The apache specific functions has one called apache_get_modules which returns all the modules in an array, if you had one in there called php_mod I would think you would be running under a module, this might not be perfect if apach lets you configure mod and cgi simultainlusly.
Or look at apache_request_headers which is only supported if you are runing as a module. I don't have apache on this machine so cant tell you what would happen if you were not running as a module.
Is this clear ??

 

[jpadie]

i think the server_api line (4th in the phpinfo output) should tell you whether you are running as a module. it will say asapi, isapi or CGI depending on how you are configured (there may be other values too).

 

[awingnut]

Thanks for the help. I think this is what you are looking for.

Loaded Modules core prefork http_core mod_so mod_access mod_auth mod_auth_anon mod_auth_mysql mod_auth_digest mod_include mod_log_config mod_env mod_expires mod_headers mod_usertrack mod_setenvif mod_mime mod_status mod_autoindex mod_asis mod_info mod_cgi mod_vhost_alias mod_negotiation mod_dir mod_imap mod_actions mod_userdir mod_alias mod_rewrite mod_proxy proxy_http mod_ssl mod_cache mod_disk_cache mod_suexec mod_php4 mod_perl

The Server API section just says Apache 2.0 handler. The above came from apache_get_modules in the section called apache2handler. I think that ties it together.

 

[jpadie]

just a thought (sorry if too obvious): you have set the headers correctly on your web page, haven't you?

<?
if (!isset($_SERVER['PHP_AUTH_USER'])):
header('[URL unfurl="true"]WWW-Authenticate:[/URL] Basic realm="My Realm"');
header('HTTP/1.0 401 Unauthorized');
exit;
endif;
?>

 

[awingnut]

I added phpinfo to my problem page. In the listed vairables there is this:

_SERVER["PHP_AUTH_USER"] gw1500se

Which is exactly what I'm looking for. I then looked at my web page source (stupid me for not doing this first) and the source has the right thing in the href (?username=blahblah. Although it is not passing it to the linked page, that is a completely different problem. Sorry for the bother but thanks for the help. At least I got a good debugging suggestion from you.

 

[ingresman]

no worries !