Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Cannot retrieve Apache environment variables in PHP

Tags:

authentication

php

environment-variables

apache

getenv

Background

I have an Apache/2.2.15 (Win32) with PHP/5.3.2 set up, handling authentication.

<Directory /usr/www/myhost/private>
  # core authentication and mod_auth_basic configuration
  # for mod_authn_dbd
  AuthType Basic
  AuthName "My Server"
  AuthBasicProvider dbd

  # core authorization configuration
  Require valid-user

  # mod_authn_dbd SQL query to authenticate a user
  AuthDBDUserPWQuery "SELECT Password,UserName,Realm,Access FROM authn WHERE user = %s"
</Directory>

The authentication works fine! No problems.

But regarding to the documentation, any extra field returned back from the AuthDBDUserPWQuery will be put into an AUTHENTICATION_fieldname variable in the Environment.

With phpinfo(), I can see these variables with he correct values under "Apache Environment".

AUTHENTICATE_USERNAME
AUTHENTICATE_REALM
AUTHENTICATE_ACCESS

Problem

I can't fetch those environment variables from my php. 

1 <?php
2   $Access = apache_getenv('AUTHENTICATE_ACCESS',true);
3   var_dump($Access);
4 ?>

Line 3 prints bool(false) indicating that the variable wasn't found!
However if I change to another Apache Environment variable such as 'HTTP_HOST' it works.
..and yes, I have tried getenv() also, same result.

There is also a note that the Apache server needs to be compiled with APR 1.3.0 to work. I used the Apache msi build from httpd.apache.org and it seems to be compiled with APR above version 2. Since I can see them with phpinfo() they must be accessible from PHP.

like image 754
Max Kielland Avatar asked Nov 29 '10 22:11

Max Kielland

People also ask

How to get environment variables in PHP?

Using getenv() In addition to using PHP's Superglobals, you can also use getenv() to retrieve an environment variable. If the function is called without an argument, then it returns all available environment variables. If an argument is passed, however, the value of an environment variable with that name is returned.

Where are Apache environment variables?

On Red Hat, Fedora, CentOS and ScientificLinux, with an Apache installed through YUM, Apache environment variables are defined in /etc/sysconfig/httpd . On macOS they are defined in /usr/sbin/envvars and /System/Library/LaunchDaemons/org. apache. httpd.

What is $_ ENV in PHP?

$_ENV is another superglobal associative array in PHP. It stores environment variables available to current script. $HTTP_ENV_VARS also contains the same information, but is not a superglobal, and now been deprecated. Environment variables are imported into global namespace.

2 Answers

I have used this mod_rewrite rule in an .htaccess file to make the HTTP Authorization header environment variable available in $_SERVER['HTTP_AUTHORIZATION']. I'm sure this could be adapted for your purposes. Not sure if it's the best solution, but it's a solution:

RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization},last]
like image 51
deceze Avatar answered Sep 30 '22 16:09

deceze

I made a work around,

It seems like this might be a PHP bug. Found some related bugs reported for PHP 4 and maybe they haven't fixed them yet...

I did a solution that I really don't like (because I'm accessing the Apache userdata table), but it seems that I have no choice.

//************************************************************* 
// If PHP failed to retrieve the AuthDBDUserPWQuery fields.
// Connect to Apache authentication databaseand create the
// envirnment variables manually
//
if (empty($_ENV['AUTHENTICATE_ACCESS'])) {
  $Apache = mysql_connect('MyServerIP','MyUserName','MyPassword',false,MYSQL_CLIENT_SSL|MYSQL_CLIENT_COMPRESS);
  mysql_select_db('MyDatabase',$Apache);
  $SQLSet = mysql_query("SELECT Realm, Access FROM authenticationtable WHERE UserName='".$_SERVER['PHP_AUTH_USER']."' AND Password='".$_SERVER['PHP_AUTH_PW']."'");
  $SQLRow = mysql_fetch_array($SQLSet);
  $_ENV['AUTHENTICATE_REALM'] = $SQLRow['Realm'];
  $_ENV['AUTHENTICATE_ACCESS']= $SQLRow['Access'];
  mysql_close($Apache);
}

If PHP has failed to update $_ENV correct, this will retrieve the current logged in user from the same database and table that Apache is using for authentication. Then the extra fields will be written into the global $_ENV variable so it can be used as it is supposed. Later when the "bug" is fixed, it will automatically use the original $_ENV.

If anyone can bring some up to date information on this topic, I would be happy...

like image 26
Max Kielland Avatar answered Sep 30 '22 16:09

Max Kielland
Sign in to Comment

Related questions

How can I create a Crypt::RSA object from modulus, exponent, and private exponent?
Write an array to config in Codeigniter?
nested foreach with iterator interface
How to parse actual HTML from page using CURL?
Sorting a PHP Array into Columns
Apache / PHP on Windows crashes with regular expression
unixODBC Freetds PHP Problem
Fingerprint authentication for php web app [closed]
Inheritance under the hood
Editable timetable using Drupal
PHP mb_ereg_replace not replacing while preg_replace works as intended
Is comparing a variable to $_SERVER['PHP_SELF'] safe usage?
How do I redistribute an array into another array of a certain "shape". PHP
Which image formats contain meta data, and how can I clear it in PHP?
Tools for analyzing cachegrind files in aggregate?
Apache - handling TCP connections, but not HTTP requests
Sync large local DB with server DB (MySQL)
Method return status: bool, string, const... (PHP)
Recognizing text as Simplified vs. Traditional Chinese
PHP ORM with full composite primary/foreign key support

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!