Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Test case for Nginx+PHP for passing along credentials
<?php
define('WPIZED_AUTH_USER', 'jsmith');
define('WPIZED_AUTH_PASS', 'password');
header( 'Cache-Control: no-cache, must-revalidate, max-age=0' );
$has_supplied_credentials = !(empty($_SERVER['PHP_AUTH_USER']) && empty($_SERVER['PHP_AUTH_PW']));
$is_not_authenticated = (
!$has_supplied_credentials ||
$_SERVER['PHP_AUTH_USER'] != WPIZED_AUTH_USER ||
$_SERVER['PHP_AUTH_PW'] != WPIZED_AUTH_PASS
);
if( $is_not_authenticated ){
header( 'HTTP/1.1 401 Authorization Required' );
header( sprintf('WWW-Authenticate: Basic realm="Test case, user: %s, pass: %s"', WPIZED_AUTH_USER, WPIZED_AUTH_PASS) );
if (!$has_supplied_credentials) {
print "<p style='color:red'><strong>FAIL</strong> (If you supplied credentials, they were not received.)</p>";
}
else {
print "<p style='color:green'><strong>PASS</strong> (bad credentials, but something was received)</p>";
}
}
else {
print "<p style='color:green'><strong>PASS</strong> (credentials good)</p>";
}
print '<pre>';
print '$_SERVER[PHP_AUTH_USER] => ' . (!isset($_SERVER['PHP_AUTH_USER']) ? '(not set)' : htmlspecialchars(json_encode($_SERVER['PHP_AUTH_USER'])));
print "\n";
print '$_SERVER[PHP_AUTH_PW] => ' . (!isset($_SERVER['PHP_AUTH_PW']) ? '(not set)' : htmlspecialchars(json_encode($_SERVER['PHP_AUTH_PW'])));
print "\n";
print '$_SERVER[HTTP_AUTHORIZATION] => ' . (!isset($_SERVER['HTTP_AUTHORIZATION']) ? '(not set)' : htmlspecialchars(json_encode($_SERVER['HTTP_AUTHORIZATION'])));
print "\n";
print '</pre>';
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.