Index: README.txt =================================================================== RCS file: /cvs/drupal-contrib/contributions/modules/securesite/README.txt,v retrieving revision 1.1.2.8 diff -u -F^f -r1.1.2.8 README.txt --- README.txt 16 Jun 2008 02:22:14 -0000 1.1.2.8 +++ README.txt 16 Jun 2008 02:23:19 -0000 @@ -119,7 +119,28 @@ **************************************************************************** Known Issues: -Authentication on PHP/CGI installations - If you are using HTTP Auth and unable to login, it could be that PHP is - running as a CGI binary. Please see - http://drupal.org/node/28408#comment-339150 for a work-around. + - Authentication on PHP/CGI installations + + If you are using HTTP Auth and are unable to login, PHP could be running in + CGI mode. When run in CGI mode, the normal HTTP Auth login variables are + not available to PHP. To work-around this issue, you'll need to add the + following rewrite rule at the end of the .htaccess file in Drupal's root + installation directory: + + RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L] + + After making the suggested change in Drupal 5.7, the rewrite rules would + look like this: + + # Rewrite current-style URLs of the form 'index.php?q=x'. + RewriteCond %{REQUEST_FILENAME} !-f + RewriteCond %{REQUEST_FILENAME} !-d + RewriteRule ^(.*)$ index.php?q=$1 [L,QSA] + RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L] + + + - Authentication when running Drupal via IIS + + If you are using HTTP Auth and are unable to login when Drupal is running on + an IIS server, make sure that the PHP directive cgi.rfc2616_headers is set to + 0 (the default value). Index: securesite.module =================================================================== RCS file: /cvs/drupal-contrib/contributions/modules/securesite/Attic/securesite.module,v retrieving revision 1.24.2.48 diff -u -F^f -r1.24.2.48 securesite.module --- securesite.module 15 Jun 2008 17:44:56 -0000 1.24.2.48 +++ securesite.module 16 Jun 2008 02:23:19 -0000 @@ -227,6 +227,18 @@ function securesite_init() { $edit = $_POST['edit']; } elseif ($securesite_enabled == SECURESITE_AUTH || $securesite_enabled == SECURESITE_AUTH_ALT) { + // PHP in CGI mode work-arounds + // Sometimes, "REDIRECT_" prefixes $_SERVER variables. See http://www.php.net/reserved.variables + if (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION']) && !isset($_SERVER['HTTP_AUTHORIZATION'])) { + $_SERVER['HTTP_AUTHORIZATION'] = $_SERVER['REDIRECT_HTTP_AUTHORIZATION']; + } + + // Auth variables set via Rewrite rules need to be decoded. See http://www.php.net/manual/en/features.http-auth.php#76708 + if (isset($_SERVER['HTTP_AUTHORIZATION'])) { + list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6))); + } + + // Process username and password normally. The correct $_SERVER variables are now set if PHP is run in CGI mode if (isset($_SERVER['PHP_AUTH_USER'])) { $edit['name'] = $_SERVER['PHP_AUTH_USER']; }