I have an Apache/2.2.15 (Win32) with PHP/5.3.2 set up, handling authentication.
<Directory /usr/www/myhost/private>
# core authentication and mod_auth_basic configuration
# for mod_authn_dbd
AuthType Basic
AuthName "My Server"
AuthBasicProvider dbd
# core authorization configuration
Require valid-user
# mod_authn_dbd SQL query to authenticate a user
AuthDBDUserPWQuery "SELECT Password,UserName,Realm,Access FROM authn WHERE user = %s"
</Directory>
The authentication works fine! No problems.
But regarding to the documentation, any extra field returned back from the AuthDBDUserPWQuery will be put into an AUTHENTICATION_fieldname variable in the Environment.
With phpinfo(), I can see these variables with he correct values under "Apache Environment".
AUTHENTICATE_USERNAME
AUTHENTICATE_REALM
AUTHENTICATE_ACCESS
I can't fetch those environment variables from my php.
1 <?php
2 $Access = apache_getenv('AUTHENTICATE_ACCESS',true);
3 var_dump($Access);
4 ?>
Line 3 prints bool(false) indicating that the variable wasn't found!
However if I change to another Apache Environment variable such as 'HTTP_HOST' it works.
..and yes, I have tried getenv() also, same result.
There is also a note that the Apache server needs to be compiled with APR 1.3.0 to work. I used the Apache msi build from httpd.apache.org and it seems to be compiled with APR above version 2. Since I can see them with phpinfo() they must be accessible from PHP.
I made a work around,
It seems like this might be a PHP bug. Found some related bugs reported for PHP 4 and maybe they haven't fixed them yet...
I did a solution that I really don't like (because I'm accessing the Apache userdata table), but it seems that I have no choice.
//*************************************************************
// If PHP failed to retrieve the AuthDBDUserPWQuery fields.
// Connect to Apache authentication databaseand create the
// envirnment variables manually
//
if (empty($_ENV['AUTHENTICATE_ACCESS'])) {
$Apache = mysql_connect('MyServerIP','MyUserName','MyPassword',false,MYSQL_CLIENT_SSL|MYSQL_CLIENT_COMPRESS);
mysql_select_db('MyDatabase',$Apache);
$SQLSet = mysql_query("SELECT Realm, Access FROM authenticationtable WHERE UserName='".$_SERVER['PHP_AUTH_USER']."' AND Password='".$_SERVER['PHP_AUTH_PW']."'");
$SQLRow = mysql_fetch_array($SQLSet);
$_ENV['AUTHENTICATE_REALM'] = $SQLRow['Realm'];
$_ENV['AUTHENTICATE_ACCESS']= $SQLRow['Access'];
mysql_close($Apache);
}
If PHP has failed to update $_ENV correct, this will retrieve the current logged in user from the same database and table that Apache is using for authentication. Then the extra fields will be written into the global $_ENV variable so it can be used as it is supposed. Later when the "bug" is fixed, it will automatically use the original $_ENV.
If anyone can bring some up to date information on this topic, I would be happy...