[mapguide-users] Apache as CGI cannot customize authentication

Daniel Morissette dmorissette at mapgears.com
Thu Jun 29 08:46:53 EDT 2006

I realize this won't fix the issue completely, but as a workaround, if 
you can afford to let Apache handle the user/password validation (i.e. 
create a .htaccess and htpasswd file, etc.) then you can get the user 
name of the authenticated visitor with the $_SERVER['REMOTE_USER'] 
variable. This variable works with the PHP CGI.


newjim wrote:
> PHP in Apache2 in MapGuide is loaded as a CGI executable, as this line in
> httpd.conf shows:
> Action application/x-httpd-php "/php/php-cgi.exe"
> However, you cannot customize your authentication unless PHP runs as a
> module, that is, by commenting out this line and replacing it with:
> LoadModule php5_module c:/php/php5apache2.dll
> When you do that and restart Apache, you can trap the user login and
> password. For example:
> <?php
> {
>     print "<script language='javascript'>alert('Hello
> $_SERVER[PHP_AUTH_USER]')</script>";
> 	//unset($_SERVER[PHP_AUTH_USER]);
> }
> elseif($_REQUEST['auth'])
> {
>     Header("WWW-Authenticate: Basic realm=\"MapGuide Test Site\"");
>     Header("HTTP/1.0 401 Unauthorized");
> }
> ?>
> <form>
> <input type="submit" name="auth" value= "Authenticate" />
> </form>
> However, when you do that you lose the MG functions, which I presume are in
> php_MapGuideApi.dll, such as MgInitializeWebTier
> Is there a way that you can make the MG functions available to PHP when you
> load it as a module?

Daniel Morissette

More information about the Mapguide-users mailing list