no php environment when using pipe

[GoogleCodeExporter]

What steps will reproduce the problem?
1. use mod-auth-external

What is the expected output? What do you see instead?
$_ENV containing vars like the AUTHENTICATORS file says
Nothing there ...

What version of the product are you using? On what operating system?
Gentoo, apache 2.4.7, mod-auth-external-3.3.2

Please provide any additional information below.

I have the following auth php script .. 

#!/usr/bin/php
<?php
function flog($msg){
        $fh = fopen("/tmp/apache_auth", "a");
        fwrite($fh, date("Y-m-d H:i:s")." - ".$msg."\n");
        fclose($fh);
}
$user = trim(fgets(STDIN));
$pass = trim(fgets(STDIN));
$pass = sha1($pass);
flog($user." - ".$pass);
flog(print_r($_ENV, 1));
foreach ($_ENV as $k => $v){
        flog($k . '=' . $v);
}
$conn = mysql_connect(...);
mysql_select_db(...);
$checkquery = "SELECT `id`, `expiry` FROM `auth` WHERE `user` = 
'".mysql_real_escape_string($user)."' AND `password` = 
'".mysql_real_escape_string($pass)."' AND `enabled` = '1' AND (`expiry` > NOW() 
OR `expiry` = '0000-00-00 00:00:00') LIMIT 1;";
flog($checkquery);
$check = mysql_query($checkquery, $conn) or die(mysql_error($conn));
if (mysql_num_rows($check) > 0){
        $row = mysql_fetch_array($check);
        if($row['expiry'] != '0000-00-00 00:00:00'){
                $update = "UPDATE `auth` SET `expiry` = NOW()+INTERVAL 1 MONTH WHERE `id` = '".$row['id']."' LIMIT 1;";
                $update = mysql_query($update, $conn) or die(mysql_error($conn));
        }
        flog("Yes");
        exit(0);
}else{
        flog("NO");
        exit(1);
}
?>

Here's what /tmp/apache_auth contains:
2013-12-12 19:30:17 - SELECT `id`, `expiry` FROM `auth` WHERE `user` = '...' 
AND `password` = '...' AND `enabled` = '1' AND (`expiry` > NOW() OR `expiry` = 
'0000-00-00 00:00:00') LIMIT 1;
2013-12-12 19:30:17 - Yes
2013-12-12 19:30:17 - dex - ...
2013-12-12 19:30:17 - Array
(
)

Am I doing it wrong ? Do I need to enable special flags in php/apache ?

Original issue reported on code.google.com by dex...@d3xt3r01.tk on 12 Dec 2013 at 5:35

[GoogleCodeExporter]

Nevermind .. it seems that at least in my php .. it's not done like this
d3xt3r01 tmp # php -v
PHP 5.5.6-pl0-gentoo (cli) (built: Dec  2 2013 01:18:37) 
Copyright (c) 1997-2013 The PHP Group
Zend Engine v2.5.0, Copyright (c) 1998-2013 Zend Technologies
    with Zend OPcache v7.0.3-dev, Copyright (c) 1999-2013, by Zend Technologies

Piece of code that does seem to do the job:
$env = array("AUTHTYPE", "CONTEXT", "IP", "HOST", "PATH", "COOKIE", 
"HTTP_HOST", "URI");
foreach($env as $v){
        flog($v.'='.getenv($v));
}

Results:
2013-12-12 19:42:00 - SELECT `id`, `expiry` FROM `auth` WHERE `user` = 'dex' 
AND `password` = '...' AND `enabled` = '1' AND (`expiry` > NOW() OR `expiry` = 
'0000-00-00 00:00:00') LIMIT 1;
2013-12-12 19:42:00 - Yes
2013-12-12 19:42:00 - dex - ...
2013-12-12 19:42:00 - AUTHTYPE=PASS
2013-12-12 19:42:00 - CONTEXT=
2013-12-12 19:42:00 - IP=192.168.1.1
2013-12-12 19:42:00 - HOST=
2013-12-12 19:42:00 - 
PATH=/bin:/sbin:/bin:/sbin:/usr/bin:/usr/sbin:/usr/bin:/usr/sbin:/usr/local/bin:
/usr/local/sbin:/opt/bin:/usr/x86_64-pc-linux-gnu/gcc-bin/4.7.3:/opt/nvidia-cg-t
oolkit/bin:/opt/cuda/bin
2013-12-12 19:42:00 - COOKIE=
2013-12-12 19:42:00 - HTTP_HOST=d3x...
2013-12-12 19:42:00 - URI=/some/index.php

Hope this saves some time .. maybe it can be modified in the example

Original comment by dex...@d3xt3r01.tk on 12 Dec 2013 at 5:45

[GoogleCodeExporter]

A cleaner way:

$env = array("AUTHTYPE", "CONTEXT", "IP", "HOST", "PATH", "COOKIE", 
"HTTP_HOST", "URI");
foreach($env as $k){
        $v = getenv($v);
        if(empty($v)){ continue; }
        flog($k.'='.$v);
}

Also, one could do it like this:

ob_start();
phpinfo(INFO_ENVIRONMENT);
$phpinfo = ob_get_contents();
ob_get_clean();
flog($phpinfo);

Original comment by dex...@d3xt3r01.tk on 12 Dec 2013 at 5:52

[GoogleCodeExporter]

[deleted comment]

[GoogleCodeExporter]

Hmmm...I can confirm that the test.pipe.php script in the distribution fails to 
print any environment variables on my computer either.

That was a contributed script. I didn't write it, and I don't know PHP at all.

My minimal web research suggests that the original version is kind of supposed 
to work. And there ought to be a way to print out everything in the 
environment, not just stuff from a list of names (we add environment variables 
fairly often - I don't want to have to remember to update this script the next 
time that happens). Your last version might do that, but it seems rather weird. 
If we are doing sample programs, they ought to be good, generalizable samples.

I could use some input from other actual PHP programmers on the right solution 
to this problem.

Original comment by j...@unixpapa.com on 15 Jan 2014 at 2:50

• Changed state: Accepted

[GoogleCodeExporter]

It looks like the original code will work if and only if the "variables_order" 
string defined in your "php.ini" file includes an "E" in it's value.  On my 
system it is set to

  variables_order = "GPCS"

The "php.ini" file also says:

; This directive determines which super global arrays are registered when PHP
; starts up. If the register_globals directive is enabled, it also determines
; what order variables are populated into the global space. G,P,C,E & S are
; abbreviations for the following respective super globals: GET, POST, COOKIE,
; ENV and SERVER. There is a performance penalty paid for the registration of
; these arrays and because ENV is not as commonly used as the others, ENV is
; is not recommended on productions servers. You can still get access to
; the environment variables through getenv() should you need to.

So probably we should default to one of the getenv() solutions.

Original comment by j...@unixpapa.com on 15 Jan 2014 at 3:03