PHP Version 5.3.10
I'm using Apache on a Windows network and when I call $_SERVER['REMOTE_USER'] it works fine until the user enters the password expiry grace period (you have x days until your password expires) when all they see is this message:
Authorization Required The server could not verify that you are authorized to access the document requested. Either you supplied the
wrong credentials (eg bad password), or your browser doesn’t
understand how to supply the credentials required.
Is there any way of catching this and presenting a more helpful message to the user?
Update
Thanks Fred for the useful information. I added the following line to .htaccess
ErrorDocument 401 /401.php
and added 401.php to the same folder as .htaccess and I immediately got the following error when trying to access the site:
Authorization Required This server could not verify that you are
authorized to access the document requested. Either you supplied the
wrong credentials (e.g., bad password), or your browser doesn't
understand how to supply the credentials required.
Additionally, a 401 Authorization Required error was encountered while
trying to use an ErrorDocument to handle the request.
As a test I also added
ErrorDocument 404 /404.php
and was correctly given the alternative page not found message.
I'm not sure what you mean by "Then to catch the error, you would just use a function to write to file". Do you have an example? Following is the code I use to get the user's username:
$domain = $_SERVER['REMOTE_USER'];
$domainarray = explode("\\",$domain);
$username = strtolower ($domainarray[1]);
Related
I have a dev URL that is behind HTTP authentication using a simple .htpasswd file - nothing special about that at all, all standard.
I am trying to hit a URL on that domain via cURL but am getting this message of course:
Unauthorized
This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.
Apache/2.4.29 (Ubuntu) Server
I have added what I believe to be the correct parameter to authorise the url but with no joy. Just the same message. I have echo'd out the username and password and these are exactly as I would enter into the browser prompt.
What is the next step to debug this?
I have solved this by NOT using curl_setopt_array, instead setting each 3 separately. Cannot currently explain why this is different but it works! :(
I'm using this php wrapper, successfully getting a code from pinterest using the link generated according to the docs:
$loginurl = $pinterest->auth->getLoginUrl($callback_url, array('read_public'));
Then when I run this:
$token = $pinterest->auth->getOAuthToken($_GET['code']);
It works fine on my local server, but when I try to run it on our Dreamhost server, I get:
Pinterest error (code: 403) with message: Forbidden
I looked through the error documentation Pinterest supplies, but I can't find anything relating to 403 errors when retrieving oauth tokens.
The only two places I've seen mention of 403 errors when requesting oauth tokens from Pinterest's API have concluded that Pinterest is blocking the ips or the user agent string.
I've tried manually overriding the user agent string to no avail.
I've tried contacting Pinterest to find out if there is anything I'm missing and they directed me here.
Make sure the Dreamhost server is using an HTTPS URL e.g. is using TLS. That could be the reason why you get a 403.
So I have a Python script that is being run on the server (PHP runs it). However, script has to authenticate user on youtube. When you run it localy it opens the browser, allows to authenticate and asks for permission. Everything works. When I allow users to run it on server, it will try to open the auth screen on server. I need to pass the response to the web browser.
Any ideas?
I use the auth script from the youtube api examples:
# The CLIENT_SECRETS_FILE variable specifies the name of a file that contains
# the OAuth 2.0 information for this application, including its client_id and
# client_secret. You can acquire an OAuth 2.0 client ID and client secret from
# the Google Developers Console at
# https://console.developers.google.com/.
# Please ensure that you have enabled the YouTube Data API for your project.
# For more information about using OAuth2 to access the YouTube Data API, see:
# https://developers.google.com/youtube/v3/guides/authentication
# For more information about the client_secrets.json file format, see:
# https://developers.google.com/api-client-library/python/guide/aaa_client_secrets
CLIENT_SECRETS_FILE = "client_secrets.json"
# This variable defines a message to display if the CLIENT_SECRETS_FILE is
# missing.
MISSING_CLIENT_SECRETS_MESSAGE = """
WARNING: Please configure OAuth 2.0
To make this sample run you will need to populate the client_secrets.json file
found at:
%s
with information from the Developers Console
https://console.developers.google.com/
For more information about the client_secrets.json file format, please visit:
https://developers.google.com/api-client-library/python/guide/aaa_client_secrets
""" % os.path.abspath(os.path.join(os.path.dirname(__file__),
CLIENT_SECRETS_FILE))
# This OAuth 2.0 access scope allows for full read/write access to the
# authenticated user's account.
YOUTUBE_READ_WRITE_SCOPE = "https://www.googleapis.com/auth/youtube"
YOUTUBE_API_SERVICE_NAME = "youtube"
YOUTUBE_API_VERSION = "v3"
flow = flow_from_clientsecrets(CLIENT_SECRETS_FILE,
message=MISSING_CLIENT_SECRETS_MESSAGE,
scope=YOUTUBE_READ_WRITE_SCOPE)
storage = Storage("%s-oauth2.json" % sys.argv[0])
credentials = storage.get()
if credentials is None or credentials.invalid:
flags = argparser.parse_args()
credentials = run_flow(flow, storage, flags)
youtube = build(YOUTUBE_API_SERVICE_NAME, YOUTUBE_API_VERSION,
http=credentials.authorize(httplib2.Http()))
The server side webapp is quiet simple, it allows to choose script variation and couple settings, that's all.
When you are authenticating your user credentials in your server, you need to use Oauth2 (in google's case).
It took me some time understanding it in the beginning as well...
The meaning of OAuth2 is that you redirect the user to a login address provided by google, tell the service "look, after the user logged in, send the token to URL X" (your server). Your server gets some sort of token that represents the user authorizing your "app" to do stuff on his behalf.
Check out https://developers.google.com/api-client-library/python/auth/web-app
Specifically in your case - you'll need to implement the endpoint in the PHP (it needs to "listen" on an address if you get my drift)
If you don't really need user credentials and only need to access youtube API as any authenticated user, it is easier - you need to have your own credentials and do "server to server" explained here:
https://developers.google.com/api-client-library/python/auth/service-accounts
I am trying to create a database in cpanel using the folowing comment
$result =file_get_contents("http://$cpanel_user:$cpanel_password#$cpanel_host:2082/frontend/$cpanel_skin/sql/adddb.html?db=$db_name")
echo $result;
this command gives me HTTP request failed! HTTP/1.1 401 Access Denied error. I have used the correct password and username for connecting. And i am able to create the database when i give this url(url in this format) in a browsers url field.
Can someone explain what seems to be the problem?
That is not the correct way to create databases using cPanel. I believe you are trying to replicate the form inside cPanel to create databases, which is not correct.
Also, you will not be able to create databases using your cPanel username and password. I think you should refer to this thread to resolve your issue.
I am trying to use file_get_contents.I have made sure that allow_url_fopen is enabled in php.ini. As of now it is telling me:
[function.file-get-contents]: failed to open stream: HTTP request failed! HTTP/1.1 401 Unauthorized
All I'm doing is the following, which I can access through browser without a problem.
$url=('http://site/#api/users/=john_smith#site.com/properties');
$xmlString=file_get_contents($url);
I believe this is an authentication issue but not sure how I can supply the proper credentials from within the script itself. Any ideas would be greatly appreciated.
In your url try:
http://user:password#site/
(append whatever the rest of the URL for your API should be)
Just put the user info into the URL:
$url = 'http://user:password#domain.tld/foo/bar/whatever';
The 401 Unauthorized status code means that you should have authenticated, but that you haven't, or that you have authenticated with the wrong credentials. It is most commonly used when using HTTP authentication, which is authentication built into the HTTP protocol, and therefore is universal, not only for HTML documents, but for anything transfered over the HTTP protocol.
To authenticate with HTTP authentication, simply add username:password# before the hostname in the URL. For instance:
http://foobar:mysupersecretpassword#example.com/passwordprotected/
This would request the /passwordprotected/ directory from example.com with the username foobar and the password mysupersecretpassword.
It's not any worse than that. :)