Property changes on: .
___________________________________________________________________
Modified: svn:mergeinfo
   Merged /branches/dev/ZBX-7703-20:r41927-42010
   Merged /branches/2.0:r42011
   Merged /branches/2.2:r42012

Index: frontends/php/api/classes/CUser.php
===================================================================
--- frontends/php/api/classes/CUser.php	(revision 42404)
+++ frontends/php/api/classes/CUser.php	(working copy)
@@ -914,6 +914,21 @@
 				/* fall through */
 		}
 
+		if ($authType == ZBX_AUTH_HTTP) {
+			// if PHP_AUTH_USER is not set, it means that HTTP authentication is not enabled
+			if (!isset($_SERVER['PHP_AUTH_USER'])) {
+				self::exception(ZBX_API_ERROR_PARAMETERS, _('Cannot login.'));
+			}
+			// check if the user name used when calling the API matches the one used for HTTP authentication
+			elseif ($name !== $_SERVER['PHP_AUTH_USER']) {
+				self::exception(ZBX_API_ERROR_PARAMETERS,
+					_s('Login name "%1$s" does not match the name "%2$s" used to pass HTTP authentication.',
+						$name, $_SERVER['PHP_AUTH_USER']
+					)
+				);
+			}
+		}
+
 		try {
 			switch ($authType) {
 				case ZBX_AUTH_LDAP: