New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Basic Auth is not passed through with PHP in CGI mode #1

Open
rmccue opened this Issue Apr 29, 2014 · 5 comments

Comments

Projects
None yet
4 participants
@rmccue
Copy link
Member

rmccue commented Apr 29, 2014

Migrated from WP-API/WP-API#8.

@rmccue rmccue added the bug label Apr 29, 2014

@vlood

This comment has been minimized.

@graham73may

This comment has been minimized.

Copy link

graham73may commented Mar 21, 2016

Ran into this problem today, the solution we are using is to add:

    if (!isset($_SERVER['PHP_AUTH_USER']) && (isset($_SERVER['HTTP_AUTHORIZATION']) || isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION']))) {
        if (isset($_SERVER['HTTP_AUTHORIZATION'])) {
            $header = $_SERVER['HTTP_AUTHORIZATION'];
        } else {
            $header = $_SERVER['REDIRECT_HTTP_AUTHORIZATION'];
        }

        list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode(substr($header, 6)));
    }

To basic-auth.php in at line 22 underneath:

    // Don't authenticate twice
    if (!empty($user)) {
        return $user;
    }

We also added the following to the .htaccess (replacing the normal index.php rewrite rule):

RewriteRule . /index.php [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
@graham73may

This comment has been minimized.

Copy link

graham73may commented Mar 21, 2016

Pull request created

#32

@mnelson4

This comment has been minimized.

Copy link

mnelson4 commented May 6, 2016

ran into this same issue; specifically I needed to change my .htaccess file to

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
@mnelson4

This comment has been minimized.

Copy link

mnelson4 commented May 9, 2016

FYI we also created a branch https://github.com/eventespresso/Basic-Auth/tree/automatic-update-htaccess-for-fcgi which adds a setting onto the WP permalinks page which should automatically update the .htaccess file, but it's untested

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment