Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

General Questions /

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

BasicAuth::protect_entire_site() not working


Reply


7 Posts   1769 Views

Avatar
amdayton

Community Member, 8 Posts

9 July 2010 at 10:17am

Hello,

I am setting up a staging site on a Dreamhost account, using the _ss_environment.php environment management setup [url=http://doc.silverstripe.org/environment-management]described here[/url]. More specifically, in my _config.php I include the following line:

if(Director::isTest()) BasicAuth::protect_entire_site();

So I uploaded the site, setup the db + user accounts, etc. But then when I set it to "test," I get the login dialogue when visiting the site but none of the logins work. So essentially it is protecting the entire site, but none of the logins work! Any ideas?

Thanks

Avatar
Willr

Forum Moderator, 5513 Posts

9 July 2010 at 12:15pm

Do the logins work normally? (in the cms).

Try set a user for it using Security::setDefaultAdmin('user', 'pass'); and logging in with those details.

Avatar
amdayton

Community Member, 8 Posts

10 July 2010 at 12:25am

I have DefaultAdmin set in the _ss_environment.php file, and CMS logins are working fine. I tried defining DefaultAdmin in the _config.php file instead, still didn't work. Hmmm...

Avatar
amdayton

Community Member, 8 Posts

1 April 2011 at 10:43am

Argh, I gave up last time and ran into the same issue again, was hoping there might be a fix out there by now. All I found was my own forum post with no new answers. :/

Avatar
pepe_legal

Community Member, 1 Post

23 May 2011 at 11:43am

hi there!!

I had the same problem as you described! When I had:

Director::isDev()) BasicAuth::protect_entire_site();

In windows it worked fine, but when i uploaded the code to a linux server...i couldn't pass the protection...so i searched a couple of things....and i found a solution for my problem.

(http://www.besthostratings.com/articles/http-auth-php-cgi.html)

in .htacess, inside <IfModule mod_rewrite.c>

i added this: RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]

after i done a incursion inside the core (i didn't like that but for a major reason...), file: BasiAuth,php

and in the function

static function requireLogin($realm, $permissionCode = null, $tryUsingSessionLogin = true) {
...

and after
   if(!Security::database_is_ready() || (Director::is_cli() && !$isRunningTests)) return true;
i added:

if(isset($_SERVER['HTTP_AUTHORIZATION'])&& !empty($_SERVER['HTTP_AUTHORIZATION'])){
         list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':' , base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
      }

And...this done the trick!

Hope this help you and other people with the same problem!

Regards!

Avatar
Juanitou

Community Member, 323 Posts

14 October 2011 at 3:43am

Edited: 14/10/2011 3:44am

Thank you!

I had the same problem and your post resolved it. Did you submitted this issue as a bug? I’m not an expert, but I think this could be considered as such.

Best regards,
Juan

Avatar
SheaDawson

Community Member, 46 Posts

19 September 2014 at 12:11pm

Thanks pepe I also just came across this issue and your solution worked :)