From f0807efea0efbb16c65f95d3ea1a8a450b1abe04 Mon Sep 17 00:00:00 2001
From: cdujeu <charles@ajaxplorer.info>
Date: Mon, 2 Feb 2015 15:53:03 +0100
Subject: [PATCH] Fix API Auth form some server+php configs

---
 .../class.BasicHttpAuthFrontend.php           | 20 +++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/core/src/plugins/authfront.http_basic/class.BasicHttpAuthFrontend.php b/core/src/plugins/authfront.http_basic/class.BasicHttpAuthFrontend.php
index 158c7d8d7e..03ab312982 100644
--- a/core/src/plugins/authfront.http_basic/class.BasicHttpAuthFrontend.php
+++ b/core/src/plugins/authfront.http_basic/class.BasicHttpAuthFrontend.php
@@ -27,6 +27,26 @@ function tryToLogUser(&$httpVars, $isLast = false){
 
         $localHttpLogin = $_SERVER["PHP_AUTH_USER"];
         $localHttpPassw = $_SERVER['PHP_AUTH_PW'];
+
+        // mod_php
+        if (isset($_SERVER['PHP_AUTH_USER'])) {
+            $localHttpLogin = $_SERVER['PHP_AUTH_USER'];
+            $localHttpPassw = $_SERVER['PHP_AUTH_PW'];
+
+        // most other servers
+        } elseif (isset($_SERVER['HTTP_AUTHORIZATION'])) {
+            if (strpos(strtolower($_SERVER['HTTP_AUTHORIZATION']),'basic')===0){
+                list($localHttpLogin,$localHttpPassw) = explode(':',base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
+            }
+        // Sometimes prepend a REDIRECT
+        } elseif (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])) {
+
+            if (strpos(strtolower($_SERVER['REDIRECT_HTTP_AUTHORIZATION']),'basic')===0){
+                list($localHttpLogin,$localHttpPassw) = explode(':',base64_decode(substr($_SERVER['REDIRECT_HTTP_AUTHORIZATION'], 6)));
+            }
+
+        }
+
         if($isLast && empty($localHttpLogin)){
             header('WWW-Authenticate: Basic realm="Pydio API"');
             header('HTTP/1.0 401 Unauthorized');