Re: Atom API problem: PHP can't deal with Atom-Authenticate headers

[Ken MacLeod <ken@xxxxxxxxxxxxxxxx>]

Simon Willison <cs1spw@xxxxxxxxxx> writes:

> I just read Mark's blog entry about the Atom API draft. I understand
> the reasoning behind the custom authentication system, but I can see
> a major problem with it: To my knowledge, PHP does not provide a way
> of accessing custom HTTP headers sent by the user agent (standard
> headers such as ACCEPT_ENCODING, are available via the $_SERVER
> array). This means that PHP implementations of the Atom API will be
> unable to support the recommended authentication method. Since PHP
> is the most popular open source web scripting technology by a very
> wide margin, this issue needs serious consideration.

I'm not a PHP user and didn't get a chance to fully check this out
before I had to go, but if I read

  http://www.phpfreaks.com/phpmanual/page/reserved.variables.html#reserved.variables.server

correctly, $_SERVER should follow the CGI 1.1 spec and pass all the
CGI variables through, even if they are not listed among the common
CGI variables on that page.  Thus, the following 'atom-auth.php' PHP
script:

  <?php
    echo "<p>Atom-Authentication is {$_SERVER['HTTP_ATOM_AUTHENTICATION']}.</p>";
  ?>

should work just fine when called by this curl command:

  curl --header "Atom-Authentication: blah" http://example.org/atom-auth.php

and display "Atom-Authentication is blah."

If someone more familiar with PHP could check that out and let us
know, thanks!

  -- Ken