Test case for Nginx+PHP for passing along credentials
<?php | |
define('WPIZED_AUTH_USER', 'jsmith'); | |
define('WPIZED_AUTH_PASS', 'password'); | |
header( 'Cache-Control: no-cache, must-revalidate, max-age=0' ); | |
$has_supplied_credentials = !(empty($_SERVER['PHP_AUTH_USER']) && empty($_SERVER['PHP_AUTH_PW'])); | |
$is_not_authenticated = ( | |
!$has_supplied_credentials || | |
$_SERVER['PHP_AUTH_USER'] != WPIZED_AUTH_USER || | |
$_SERVER['PHP_AUTH_PW'] != WPIZED_AUTH_PASS | |
); | |
if( $is_not_authenticated ){ | |
header( 'HTTP/1.1 401 Authorization Required' ); | |
header( sprintf('WWW-Authenticate: Basic realm="Test case, user: %s, pass: %s"', WPIZED_AUTH_USER, WPIZED_AUTH_PASS) ); | |
if (!$has_supplied_credentials) { | |
print "<p style='color:red'><strong>FAIL</strong> (If you supplied credentials, they were not received.)</p>"; | |
} | |
else { | |
print "<p style='color:green'><strong>PASS</strong> (bad credentials, but something was received)</p>"; | |
} | |
} | |
else { | |
print "<p style='color:green'><strong>PASS</strong> (credentials good)</p>"; | |
} | |
print '<pre>'; | |
print '$_SERVER[PHP_AUTH_USER] => ' . (!isset($_SERVER['PHP_AUTH_USER']) ? '(not set)' : htmlspecialchars(json_encode($_SERVER['PHP_AUTH_USER']))); | |
print "\n"; | |
print '$_SERVER[PHP_AUTH_PW] => ' . (!isset($_SERVER['PHP_AUTH_PW']) ? '(not set)' : htmlspecialchars(json_encode($_SERVER['PHP_AUTH_PW']))); | |
print "\n"; | |
print '$_SERVER[HTTP_AUTHORIZATION] => ' . (!isset($_SERVER['HTTP_AUTHORIZATION']) ? '(not set)' : htmlspecialchars(json_encode($_SERVER['HTTP_AUTHORIZATION']))); | |
print "\n"; | |
print '</pre>'; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment