I'm running Laravel 4.1 on a shared-hosting site called iPage. It seems to meet all the requirements of running a laravel-4 (mcrypt, PHP 5.3.13). In fact, all of my services and site seems to work...
Except for HTTP-Basic authentication.
I have my routes.php setup like so:
Route::get('/', array('before' => 'auth.basic', function() { // }
And I've set up an email/password in the users table.
This authentication all works on my local XAMPP box (running PHP 5.4), but I'm having difficulty trying to figure out what could possibly be happening on the server. All I get is 'Invalid Credentials', no matter how I try to login.
Has anyone run into this before? Or is there any good way of debugging this on a site I don't have SSH/CLI access to?
Thank you in advance for any help anyone can provide
Finally found the issue and got a workaround.
Apparently my server is eating the HTTP Auth request. I tried using Laravel's recommended .htaccess Rewrite rules, but that never worked for me. I found something on php's HTTP Auth page that really helped me that user gbleyh wrote 6 years ago (http://www.php.net/manual/en/features.http-auth.php#76708)
In my root .htaccess file, I added the following line:
RewriteRule .* - [E=REMOTE_USER:%{HTTP:Authorization}]
Which rewrites the auth rule to $_SERVER['REMOTE_USER'] where the cgi server doesn't know to consume it.
After that, I went into the compiled.php file (or the Symfony\Component\HttpFoundation Request.php if you don't have it compiled yet), and added the following lines to the top of my createRequestFromFactory function:
if (array_key_exists('REDIRECT_REMOTE_USER', $server))
{
$userpass = base64_decode(substr($server["REDIRECT_REMOTE_USER"],6)) ;
$userpass = explode(":", $userpass);
if ( count($userpass) == 2 ){
$server['PHP_AUTH_USER'] = $userpass[0];
$server['PHP_AUTH_PW'] = $userpass[1];
}
}
This seems like a big hack, and remembering to add this every time I want to update laravel packages is a pain, but hopefully this helps some noobs like me in the future
oh yeah! That's was the solution.
Thanks you very much !
I just ran into this same problem with 4.1 on a server running PHP 5.3.27 and can confirm the solution does "fix" it.
But I totally agree with Calvin1864 that editing compiled.pphp or some file deep down in the vendor dir is not a great solution.
Would there be another way to fix this? Inside the laravel code base I mean? Or would a pull request to the symfony project be more appropriate?
Hi, I just installed Laravel 5 on my webhost and had the same issue: basic auth not accepting my credentials.
Your solution worked, but instead of adding the code to the compiled file or the vendor file, I changed it a little bit and added it to the top of public/index.php:
if (array_key_exists('REDIRECT_REMOTE_USER', $_SERVER))
{
$userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"],6));
$userpass = explode(":", $userpass);
if (count($userpass) == 2)
{
$_SERVER['PHP_AUTH_USER'] = $userpass[0];
$_SERVER['PHP_AUTH_PW'] = $userpass[1];
}
}
It seems to work just fine and you can composer update.
Thanks!
I've run into this exact same issue in Laravel 5 and I tried implementing @ivanvermeyen's version of the fix, but it's still not working for me. Any ideas? Am I missing a step?
Sign in to participate in this thread!
Laravel
Laravel News
Laracasts
Laravel Podcast