Merge pull request #3689 from guru-digital/patch-2

Add ability to use Basic Auth when running PHP in CGI mode in Apache
2024-10-22 12:05:37 +00:00 · 2014-12-08 18:39:42 +00:00 · 2014-12-08 18:39:42 +00:00 · b2ace2b76c
commit b2ace2b76c
parent 18f0cb650e fbebf96d66
4 changed files with 51 additions and 26 deletions
--- a/dev/install/install.php5
+++ b/dev/install/install.php5
@ -1494,6 +1494,8 @@ HTML;

 		if($base != '.') $baseClause = "RewriteBase '$base'\n";
 		else $baseClause = "";
+		if(strpos(strtolower(php_sapi_name()), "cgi") !== false) $cgiClause = "RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]\n";
+		else $cgiClause = "";
 		$modulePath = FRAMEWORK_NAME;
 		$rewrite = <<<TEXT
 # Deny access to templates (but allow from localhost)
@ -1523,6 +1525,7 @@ ErrorDocument 500 /assets/error-500.html
 	SetEnv HTTP_MOD_REWRITE On
 	RewriteEngine On
 	$baseClause
+	$cgiClause

 	# Deny access to potentially sensitive files and folders
 	RewriteRule ^vendor(/|$) - [F,L,NC]
--- a/docs/en/changelogs/3.1.9.md
+++ b/docs/en/changelogs/3.1.9.md
@ -0,0 +1,14 @@
+# 3.1.9
+
+# Overview
+
+This release replaces the 3.1.8 release, and resolves an issue where basic authentication would not work when PHP is running under CGI mode with Apache.
+
+## Upgrading
+ * Add the rule ```	RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]``` to the .htacces file in your sites root directory after the line ```RewriteEngine On```.  
+
+### Bugfixes
+
+
+## Changelog
+
--- a/docs/en/topics/environment-management.md
+++ b/docs/en/topics/environment-management.md
@ -119,7 +119,7 @@ This is my `_ss_environment.php` file. I have it placed in `/var`, as each of th
 | `SS_ENVIRONMENT_TYPE`| The environment type: dev, test or live.|
 | `SS_DEFAULT_ADMIN_USERNAME`| The username of the default admin. This is a user with administrative privileges.|
 | `SS_DEFAULT_ADMIN_PASSWORD`| The password of the default admin. This will not be stored in the database.|
-| `SS_USE_BASIC_AUTH`| Protect the site with basic auth (good for test sites)|
+| `SS_USE_BASIC_AUTH`| Protect the site with basic auth (good for test sites).<br/>When using CGI/FastCGI with Apache, you will have to add the `RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]` rewrite rule to your `.htaccess` file|
 | `SS_SEND_ALL_EMAILS_TO`| If you set this define, all emails will be redirected to this address.|
 | `SS_SEND_ALL_EMAILS_FROM`| If you set this define, all emails will be send from this address.|
 | `SS_ERROR_LOG` | |
--- a/security/BasicAuth.php
+++ b/security/BasicAuth.php
@ -50,6 +50,14 @@ class BasicAuth {
 		$isRunningTests = (class_exists('SapphireTest', false) && SapphireTest::is_running_test());
 		if(!Security::database_is_ready() || (Director::is_cli() && !$isRunningTests)) return true;

+		$matches = array();
+		if (isset($_SERVER['HTTP_AUTHORIZATION']) &&
+			preg_match('/Basic\s+(.*)$/i', $_SERVER['HTTP_AUTHORIZATION'], $matches)) {
+			list($name, $password) = explode(':', base64_decode($matches[1]));
+			$_SERVER['PHP_AUTH_USER'] = strip_tags($name);
+			$_SERVER['PHP_AUTH_PW'] = strip_tags($password);
+		}
+
 		$member = null;
 		if(isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
 			$member = MemberAuthenticator::authenticate(array(