features/http-auth.xml
2d1981cc3003cd94f5fb88e0473eed2c5b26efde
...
...
@@ -13,8 +13,8 @@
13
13
<varname>PHP_AUTH_USER</varname>, <varname>PHP_AUTH_PW</varname>,
14
14
and <varname>AUTH_TYPE</varname> set to the user name, password and
15
15
authentication type respectively. These predefined variables are found
16
-
in the <varname>$_SERVER</varname> array. Both "Basic" and "Digest"
17
-
(since PHP 5.1.0) authentication methods are supported. See the
16
+
in the <varname>$_SERVER</varname> array. <emphasis>Only</emphasis> "Basic" and "Digest"
17
+
authentication methods are supported. See the
18
18
<function>header</function> function for more information.
19
19
</simpara>
20
20

...
...
@@ -138,17 +138,6 @@ function http_digest_parse($txt)
138
138
for now.
139
139
</para>
140
140

141
-
<simpara>
142
-
In order to prevent someone from writing a script which
143
-
reveals the password for a page that was authenticated through a
144
-
traditional external mechanism, the PHP_AUTH variables will not be
145
-
set if external authentication is enabled for that particular
146
-
page and &safemode; is enabled. Regardless,
147
-
<varname>REMOTE_USER</varname> can be used
148
-
to identify the externally-authenticated user. So, you can use
149
-
<varname>$_SERVER['REMOTE_USER']</varname>.
150
-
</simpara>
151
-

152
141
<note>
153
142
<title>Configuration Note</title>
154
143
<para>
...
...
@@ -223,13 +212,6 @@ if (!isset($_SERVER['PHP_AUTH_USER']) ||
223
212
be set to <literal>0</literal> (the default value).
224
213
</simpara>
225
214
</note>
226
-
<note>
227
-
<para>
228
-
If <link linkend="ini.safe-mode">safe mode</link> is enabled, the
229
-
uid of the script is added to the <literal>realm</literal> part of
230
-
the <literal>WWW-Authenticate</literal> header.
231
-
</para>
232
-
</note>
233
215

234
216
</chapter>
235
217

236
218