So I’m trying to parse an incoming request in PHP which has the following header set:
Authorization: Custom Username
Simple question: how on earth do I get my hands on it? If it was Authorization: Basic
, I could get the username from $_SERVER["PHP_AUTH_USER"]
. If it was X-Custom-Authorization: Username
, I could get the username from $_SERVER["HTTP_X_CUSTOM_AUTHORIZATION"]
. But neither of these are set by a custom Authorization, var_dump($_SERVER)
reveals no mention of the header (in particular, AUTH_TYPE
is missing), and PHP5 functions like get_headers()
only work on responses to outgoing requests. I’m running PHP 5 on Apache with an out-of-the box Ubuntu install.
If you’re only going to use Apache you might want to have a look at apache_request_headers()
.
Answer:
For token based auth:
$token = null;
$headers = apache_request_headers();
if(isset($headers['Authorization'])){
$matches = array();
preg_match('/Token token="(.*)"/', $headers['Authorization'], $matches);
if(isset($matches[1])){
$token = $matches[1];
}
}
Answer:
Add this code into your .htaccess
RewriteEngine On
RewriteRule .* - [e=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
Pass your header like Authorization: {auth_code}
and finally you get the Authorization code by using $_SERVER['HTTP_AUTHORIZATION']
Answer:
For background, why Apache filters away the Authorization
header: https://stackoverflow.com/a/17490827
Solutions depending on which Apache module is used to pass the request to the application:
mod_wsgi, mod_fcgid:
cgi:
Other hacks – massaging the headers in this question:
Answer:
Juste use:
$headers = apache_request_headers();
$token = $headers['token'];
Tags: phpphp