PodPress 8.8.1 Premium Content Authentication Problems

  • thefuzzyslug

    (@thefuzzyslug)


    16 years ago

    I’m currently experiencing issues with viewing the Premium Content RSS (using the https://sitename/?feed=premium rss url) feed in both a web browser and itunes. It will prompt for a username and password, but when those are entered and submitted, it will keep asking for the username and password. I know the username and password are correct and that the user is a premium subscriber. Is there some setting that needs to be adjusted to get authentication to work properly? I’m using WordPress 2.7.
    Thanks.

Viewing 3 replies - 1 through 3 (of 3 total)
  • ctmiller

    (@ctmiller)

    You might be hosted on a service that does not use PHP as the Apapche module. When running as a CGI, the authentication methods used by podpress do not work (source: https://us3.php.net/features.http-auth).

    Note: CGI is the default mode for Dreamhost, per their docs. There are instructions there on how to switch to the module, if you need to.

    From what I’ve been able to see, podpress is looking for the HTTP_AUTHORIZATION header in the request headers for the premium feed. I found this odd, and am now wondering how old this code is. The docs list the proper $_SERVER variables as PHP_AUTH_USER and PHP_AUTH_PW. I cannot find another reference for the HTTP_AUTHORIZATION headers except for use in IIS:

    Another limitation is if you’re using the IIS module (ISAPI) and PHP 4, you may not use the PHP_AUTH_* variables but instead, the variable HTTP_AUTHORIZATION is available. For example, consider the following code: list($user, $pw) = explode(‘:’, base64_decode(substr($_SERVER[‘HTTP_AUTHORIZATION’], 6)));

    For reference, this is all happening in the podPress_validateLogin() function of podpress_premium_functions.php.

    I’m going to keep digging into this, and would welcome any input people have.

    Thread Starter thefuzzyslug

    (@thefuzzyslug)

    Thanks for the incite, I see what you are saying. The ‘AUTHORIZATION’ key of the getallheaders() function doesn’t exist if PHP is being run as CGI, only as Apache Module. I was able to find some replacements for this, (one is actually in the podpress_premium_funtions.php at the top when it checks to see if the getallheaders() function exists) however I was unable to get any of those to work. This was probably because AUTHORIZATION is missing. I also looked at Dreamhost, and as far as I can tell, they no longer offer you the option in the panel to switch between CGI and Apache Module. Still looking for any ideas. If I was more PHP literate I might consider rewriting the podPress_validateLogin() function to use those $_SERVER variables. There has to be some way to ninja this thing into authenticating properly.

    ctmiller

    (@ctmiller)

    I’ve considered the rewrite as well, but honestly, there’s no way to authenticate that I can find when running PHP as CGI. The headers simply do not exist.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘PodPress 8.8.1 Premium Content Authentication Problems’ is closed to new replies.