Cannot retrieve Apache environment variables in PHP

StackOverflow https://stackoverflow.com/questions/4308886

Question

Background

I have an Apache/2.2.15 (Win32) with PHP/5.3.2 set up, handling authentication.

<Directory /usr/www/myhost/private>
  # core authentication and mod_auth_basic configuration
  # for mod_authn_dbd
  AuthType Basic
  AuthName "My Server"
  AuthBasicProvider dbd

  # core authorization configuration
  Require valid-user

  # mod_authn_dbd SQL query to authenticate a user
  AuthDBDUserPWQuery "SELECT Password,UserName,Realm,Access FROM authn WHERE user = %s"
</Directory>

The authentication works fine! No problems.

But regarding to the documentation, any extra field returned back from the AuthDBDUserPWQuery will be put into an AUTHENTICATION_fieldname variable in the Environment.

With phpinfo(), I can see these variables with he correct values under "Apache Environment".

AUTHENTICATE_USERNAME
AUTHENTICATE_REALM
AUTHENTICATE_ACCESS

Problem

I can't fetch those environment variables from my php. 

1 <?php
2   $Access = apache_getenv('AUTHENTICATE_ACCESS',true);
3   var_dump($Access);
4 ?>

Line 3 prints bool(false) indicating that the variable wasn't found!
However if I change to another Apache Environment variable such as 'HTTP_HOST' it works.
..and yes, I have tried getenv() also, same result.

There is also a note that the Apache server needs to be compiled with APR 1.3.0 to work. I used the Apache msi build from httpd.apache.org and it seems to be compiled with APR above version 2. Since I can see them with phpinfo() they must be accessible from PHP.

Was it helpful?

Solution 2

I made a work around,

It seems like this might be a PHP bug. Found some related bugs reported for PHP 4 and maybe they haven't fixed them yet...

I did a solution that I really don't like (because I'm accessing the Apache userdata table), but it seems that I have no choice.

//************************************************************* 
// If PHP failed to retrieve the AuthDBDUserPWQuery fields.
// Connect to Apache authentication databaseand create the
// envirnment variables manually
//
if (empty($_ENV['AUTHENTICATE_ACCESS'])) {
  $Apache = mysql_connect('MyServerIP','MyUserName','MyPassword',false,MYSQL_CLIENT_SSL|MYSQL_CLIENT_COMPRESS);
  mysql_select_db('MyDatabase',$Apache);
  $SQLSet = mysql_query("SELECT Realm, Access FROM authenticationtable WHERE UserName='".$_SERVER['PHP_AUTH_USER']."' AND Password='".$_SERVER['PHP_AUTH_PW']."'");
  $SQLRow = mysql_fetch_array($SQLSet);
  $_ENV['AUTHENTICATE_REALM'] = $SQLRow['Realm'];
  $_ENV['AUTHENTICATE_ACCESS']= $SQLRow['Access'];
  mysql_close($Apache);
}

If PHP has failed to update $_ENV correct, this will retrieve the current logged in user from the same database and table that Apache is using for authentication. Then the extra fields will be written into the global $_ENV variable so it can be used as it is supposed. Later when the "bug" is fixed, it will automatically use the original $_ENV.

If anyone can bring some up to date information on this topic, I would be happy...

OTHER TIPS

I have used this mod_rewrite rule in an .htaccess file to make the HTTP Authorization header environment variable available in $_SERVER['HTTP_AUTHORIZATION']. I'm sure this could be adapted for your purposes. Not sure if it's the best solution, but it's a solution:

RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization},last]

There is a clue in deceze's answer. He is fetching the data from $_SERVER instead of $_ENV.

I was setting a Apache Env Var with

SenEnv MY_VAR "true" in the main httpd.conf and couldn't see it in $_ENV. It was in $_SERVER though.

Recently i wrote a library to get values from environment variables and parse to the PHP data types. This library can be used to parse environment variables to PHP data types (like the casting to integer, float, null, boolean), parse the complex data structures like a JSON string and more with the contribution of the commnunity.

The library is available here: https://github.com/jpcercal/environment

Setup your environment variables with .htaccess by example:

SetEnv YOUR_ENV_VARIABLE_NAME the-value-of-your-env-var

And to get the values from environment variable (independently of the environment CLI, Apache, Nginx, PHP Built-in Server and more) to do it:

<?php
// ...
require "vendor/autoload.php";
// ...
var_dump(Cekurte\Environment\Environment::get("YOUR_ENV_VARIABLE_NAME"));

Enjoy it.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top