PHP 4.3.10 broke HTTP authentication!

[Jambooo]

I recently upgraded to PHP 4.3.10 on Apache 2 - Windows XP. The transition was smooth and successful, except one recurring little bug I keep finding.

The problem is HTTP authentication. It seems that PHP still manages to deliver auth headers to the browser (resulting in a password prompt), but neither PHP_AUTH_USER or PHP_AUTH_PW are passed back to the script.

I'm sure it's not a problem with my code (even broke phpMyAdmin), or apache (didn't make any configuration changes). Can anyone help mt fix the problem?

Thanks, Lee.

[Jambooo]

Why doesn't anyone want to answer my questions today :(

[metal_dragen Veteran]

Fix your problem? Revert to 4.3.9 until PHP posts a fix.

[Jambooo]

So it's definately a PHP bug?

[GatorV]

Look at the PHP bug list:

http://bugs.php.net/

I have done a search and nothing came up, maybe try to post a bug there :D

[HeyRatFans]

I've found one reference to PHP_AUTH_USER not being declared in PHP/5.0.0 (which was fixed pretty promptly in CVS and in the next release) but not in any of the PHP/4.x builds

Only thing that springs to mind is how you are referencing the authentication variables. If you're using $PHP_AUTH_USER and $PHP_AUTH_PW you will need to switch to the new super globals method of using $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'].

If you're already using the super globals ignore me.