fix HTTP Basic Auth on FastCGI PHP

2024-11-15 03:18:26 +00:00 · 2016-08-28 19:16:59 +02:00 · 2016-08-28 19:16:59 +02:00 · 41851d60b4
commit 41851d60b4
parent 51963ab8fc
2 changed files with 10 additions and 0 deletions
--- a/app/webroot/.htaccess
+++ b/app/webroot/.htaccess
@ -6,6 +6,7 @@

 <IfModule mod_rewrite.c>
 	RewriteEngine On
+	RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
 	RewriteCond %{REQUEST_FILENAME} !-d
 	RewriteCond %{REQUEST_FILENAME} !-f
 	RewriteRule ^ index.php [L]
--- a/lib/Cake/Controller/Component/Auth/BasicAuthenticate.php
+++ b/lib/Cake/Controller/Component/Auth/BasicAuthenticate.php
@ -82,6 +82,15 @@ class BasicAuthenticate extends BaseAuthenticate {
 * @return mixed Either false or an array of user information
 */
 	public function getUser(CakeRequest $request) {
+		if(!isset($_SERVER['PHP_AUTH_USER'])) {
+		    if (isset($_SERVER['HTTP_AUTHORIZATION']) && (strlen($_SERVER['HTTP_AUTHORIZATION']) > 0)) {
+		        list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
+		        if( strlen($_SERVER['PHP_AUTH_USER']) == 0 || strlen($_SERVER['PHP_AUTH_PW']) == 0 ) {
+		            unset($_SERVER['PHP_AUTH_USER']);
+		            unset($_SERVER['PHP_AUTH_PW']);
+		        }
+		    }
+		}
 		$username = env('PHP_AUTH_USER');
 		$pass = env('PHP_AUTH_PW');