ID: 47116 Updated by: j...@php.net Reported By: kabute at gulo dot org -Status: Open +Status: Bogus Bug Type: Apache2 related Operating System: GNU/Linux (Debian) PHP Version: 5.2.8 New Comment:
Sorry, but your problem does not imply a bug in PHP itself. For a list of more appropriate places to ask for help using PHP, please visit http://www.php.net/support.php as this bug system is not the appropriate forum for asking support questions. Due to the volume of reports we can not explain in detail here why your report is not a bug. The support channels will be able to provide an explanation for you. Thank you for your interest in PHP. Previous Comments: ------------------------------------------------------------------------ [2009-01-15 16:20:32] kabute at gulo dot org Description: ------------ If you create a directory with a .htaccess and a .htpassword inside (and Apache2 correctly configured), and you create a .php file with the next code: <?php $user = $_SERVER['PHP_AUTH_USER']; $pass = $_SERVER['PHP_AUTH_PW']; $validated = ($user=="user") && (($pass) == "pass"); if (!$validated) { header('WWW-Authenticate: Basic realm="Realm"'); header('HTTP/1.0 401 Unauthorized'); die ("Authentification failed."); } ?> In the second authetification the browser will start loading the page waiting for response. Looking at the apache's error log it will show an "user not found" error. I've tried it with PHP 5.2.6 and PHP 5.2.7 . Reproduce code: --------------- <?php //Remember to create .htaccess and .htpasswd $user = $_SERVER['PHP_AUTH_USER']; $pass = $_SERVER['PHP_AUTH_PW']; $validated = ($user=="user") && (($pass) == "pass"); if (!$validated) { header('WWW-Authenticate: Basic realm="Realm"'); header('HTTP/1.0 401 Unauthorized'); die ("Authentification failed."); } ?> Expected result: ---------------- Resources comsuption, maybe DOS. Actual result: -------------- Very high memory load. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=47116&edit=1
