Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
txp:password_protect worked fine yesterday, but not today.
Hi,
I have been using txp:password_protect to protect a site under development.
Yesterday, it worked fine: when I was trying to access to the homepage, I was prompted to enter a user and a password. I filled the user/password and then I get access to the homepage.
Now, when I am prompted to enter the user/password, I fill them and after pressing OK, the prompt for user/pass appears again and again and again.
What happened between yesterday and today?
I just can say that the hosting company has made some changes in their servers (i hated them, because they made some mistakes that now I have corrected).
I dont know exactly what those changes were.
I suspect that they changed from PHP as Apache module to PHP as CGI.
Could this be related to my password protection problem?
Finally I add this information:
until yesterday, I have been using “php_value register_globals 0” in my .htaccess (if not, a warning will pop-up in the TXP diagnostic tool)..
Today, I must comment (#) that line. If not, I would get an “500 Internal Server Error” .
I’m not receiving any warning from the TXP diagnostic tool, so I’m very calm.
I add that information because I think that you, experts, may conclude something about the changes in my hosting provider.
Thanks in advance <small>and excuse my english</small>
Offline
Re: txp:password_protect worked fine yesterday, but not today.
> I suspect that they changed from PHP as Apache module to PHP as CGI.
Yes, your thoughts seem to be correct. Especially together with the observation that you are no longer able to use php_value.
You can ask them about the concrete problem, sometimes it’s possible to configure it such, that HTTP-Auth header are passed (but I am not sure if that’s limited to FCGI and/or limited to certain webservers). It’s worth a try.
Offline
Re: txp:password_protect worked fine yesterday, but not today.
Thanks, Sencer.
<blockquote>You can ask them about the concrete problem, sometimes it’s possible to configure it such, that HTTP-Auth header are passed (but I am not sure if that’s limited to FCGI and/or limited to certain webservers). It’s worth a try.</blockquote>I’m not sure if I understand what you mean I should ask to the hosting provider. Maybe, you can help me about how to ask that. :D
First, I dont want to tell them (the hosting provider) all the history: that i’m using a Textpattern, and blablabla. Because they will tell me, for sure, something like: “we dont give support over the scripts installed by the user, blabla”.
I dont want to ask them: “i’m using a password protection, but it’s not the password protection done by the cPanel tools, and .htaccess, and .htpasswd, etc. It’s managed by an script”.
So, I want to reduce the explanation/question to the minimum expression, but I also want to use some “technical language” to explain the problem, because I want them to give me a possible solution.
Finally, is there any good explanation about the differences between PHP as a module and PHP as CGI? I mean, a comparative for non-technical enthusiasts.
I ask because the hosting provider is doing some changes related to this, and I dont know if they are giving a better service or not.
Thanks again.
Offline
Re: txp:password_protect worked fine yesterday, but not today.
In shared environments, PHP as CGI will (almost?) always be more secure. While mod_php will be less resource-intense.
I just checked, and it seems that all workarounds require you to change your php source. They are explained here: http://www.php.net/features.http-auth.
If you still want to ask them about what can be done, you can tell them that your scripts use PHP’s HTTP-Auth feature which is now broken, and whether they can do anything to fix it.
Offline