PivotX Support Community

[hansfn]

I guess it's related to the server configuration - which is different on the two servers. It can be many things. (How PHP is run on the server for example.) Ask your hoster.

[scoude]

Hi all,

I'm a french user of PivotX and my host compagny OVH had defined some security rules for its apache servers on shared environment (Apache seems running in CGI mode).

So, when I installed Password protect extension and configured it to protect all my site, it did not work.
Why ? Because $_SERVER["PHP_AUTH_USER"] and $_SERVER["PHP_AUTH_USER"] variables are not set (for some security reasons) in CGI mode.

After a litle search with google, I found the solution in two steps :

First step : if there is no .htaccess file in root of your site, create this and/or add this content into it :

Code: Select all

SetEnv PHP_VER 5_3
<IfModule mod_rewrite.c>
   RewriteEngine on
   RewriteRule .* - [E=REMOTE_USER:%{HTTP:Authorization},L]
</IfModule>

The RewriteRule set the $_SERVER["REMOTE_USER"] variable with the couple login:password encoded in base64, a variable always sent in any running mode of Apache

Second step : insert in the file pivotx/extensions/passwordprotect/admin_passwordprotect.php the instructions in red code block in the function passwordcheck_login

Code: Select all

.
.
.
/**
 * Helper function, checks for login..
 *
 */
function passwordcheck_login($page) {
    global $PIVOTX;

    if (trim($PIVOTX['config']->get('passwordprotect_allaccessip')) != '') {
        $allaccessip = trim($PIVOTX['config']->get('passwordprotect_allaccessip'));
        $ipnumbers = explode(',',$allaccessip);

        $granted = false;
        foreach($ipnumbers as $ipnumber) {
            $ipnumber = trim($ipnumber);

            if (substr($ipnumber,-1) == '.') {
                // simple pattern
                if (strpos($_SERVER['REMOTE_ADDR'],$ipnumber) !== false) {
                    $granted = true;
                }
            }
            else if ($ipnumber == $_SERVER['REMOTE_ADDR']) {
                $granted = true;
            }
        }

        if ($granted === true) {
            return true;
        }
    }

Code to be added at that position :

Code: Select all

if((!$_SERVER['PHP_AUTH_USER'] || !$_SERVER['PHP_AUTH_USER'])
       && preg_match('/Basic\s+(.*)$/i',$_SERVER['REMOTE_USER'], $matches)) {
        list($name, $password) = explode(':', base64_decode($matches[1]));
        $_SERVER['PHP_AUTH_USER'] = strip_tags($name);
        $_SERVER['PHP_AUTH_PW'] = strip_tags($password);
    }

Code: Select all

    $user = $_SERVER['PHP_AUTH_USER'];
    $passed_password = $_SERVER['PHP_AUTH_PW'];

    $default_password = $PIVOTX['config']->get('passwordprotect_default');
    .
    .
    .
   

These instructions set the two "classical" variables with the values passed by the browser via a variable always sent to PHP by Apache.

After that, Password Protect work on OVH environment !

Best regards

[hansfn]

Thx for the suggestion. I'll see if we can add the code (and update the documentation).

[Sanzine]

I have installed Password protect extension 1.3 to PivotX 2.3.10. Put a password on a specific entry, believe I put all settings correctly (as I already used this extension several times before), when going to that entry the pop-up with the request for the password appears, but when I enter the correct password, it keeps asking for a password.

Why?

[hansfn]

Maybe you have the same problem as scoude above?

I see that you have used the extension before. On the same server? If so, this is strange. Are you using accented characters in the password?

[Sanzine]

Thanks Hans! I have now tried the solution of scoude. The code that needed to be added to the .htaccess file, was already there. So I only added the red code in admin_passwordprotect.php. Unfortunately, that didn't help.

I have indeed used this extension before on multiple sites. In this case it was working on a website, but I have to move this site to another server platform with the same hoster. And while testing the site on this new server, the extension isn't working anymore.

I have no clue what other steps I have to take to get it to work. Hope you can help me.

[hansfn]

You might have added the code in the wrong place or something. Maybe give me FTP and/or PivotX access? Contact me at hansfn@pivotx.net

If scoude's fix is needed for you too, I'll update and make a new release of the extension.

[Sanzine]

I have sent you a message. Thanks in advance!

[hansfn]

Problem fixed.

You had the same problem as scoude - PHP running in CGI mode, but for some reason on your server we have to use $_SERVER['REDIRECT_REMOTE_USER'] in stead of $_SERVER['REMOTE_USER'] (in the code above).

[Sanzine]

Thanks Hans, for all your help!