• 9

A PHP Error was encountered

Severity: Notice

Message: Undefined index: userid

Filename: views/question.php

Line Number: 191


File: /home/prodcxja/public_html/questions/application/views/question.php
Line: 191
Function: _error_handler

File: /home/prodcxja/public_html/questions/application/controllers/Questions.php
Line: 433
Function: view

File: /home/prodcxja/public_html/questions/index.php
Line: 315
Function: require_once

Before I begin, I'd like to point out that I've browsed Stack Overflow and found other similar questions - PHP_AUTH_USER not set? and HTTP Auth via PHP - PHP_AUTH_USER not set? - and these have pointed out that the authentication $_SERVER variables won't be set if ''Server API'' is set to ''CGI/FCGI'', but I checked my ''phpinfo()'' output and my ''Server API'' is set to ''Apache 2.0 Handler''.

Ok so I have a simple script as follows:

    echo "Username: " . $_SERVER["PHP_AUTH_USER"] . ", Password: " . $_SERVER["PHP_AUTH_PW"];

... which I am calling remotely via the following:

wget -v --http-user=johnsmith --http-password=mypassword http://www.example.com/myscript.php

... but which only outputs:

Username: , Password:

I have also tried calling the script using PHP cURL and setting the authentication parameters appropriately as follows:

 curl_setopt($ch, CURLOPT_USERPWD, "johnsmith:mypassword");

... but I get the same output as above.

Any idea what I'm doing wrong? Perhaps there is something else I need to enable / configure?


in .htaccess add this:

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]

and at the beginning of your script add this:

list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':' , base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
  • 14
Reply Report

I've finally discovered the answer thanks to the of help of Naktibalda in ##php on irc.freenode.net

The following page summarises the issue: http://php.net/manual/en/features.http-auth.php

To quote the relevant bits:

As of PHP 4.3.0, in order to prevent someone from writing a script which reveals the password for a page that was authenticated through a traditional external mechanism, the PHP_AUTH variables will not be set if external authentication is enabled for that particular page and safe mode is enabled. Regardless, REMOTE_USER can be used to identify the externally-authenticated user. So, you can use $_SERVER['REMOTE_USER'].


PHP uses the presence of an AuthType directive to determine whether external authentication is in effect.

  • 6
Reply Report

Tried the previous suggestions, did not work, also discovered

CGIPassAuth On 

is a more up to date version of the suggested htaccess addition, but that still did not work for me, instead I used

SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0

(must be in your root htaccess file) then in the php file

list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':' , base64_decode(substr($_SERVER['REDIRECT_HTTP_AUTHORIZATION'], 6)));

If anyone still has trouble I suggest they check the server vars, as the data may be in a different var, your looking for something that start with basic

  • 1
Reply Report

Warm tip !!!

This article is reproduced from Stack Exchange / Stack Overflow, please click

Trending Tags

Related Questions