[PHP] Re: https://...
Afan Pasalic wrote: > hi, > how can I check using php that I use SSL? > tried with > REQUEST_URI > HTTP_HOST > PATH_INFO > but any of these does show http:// > > Thanks! > > -afan from the command line... php -m should list openssl if ./configure --with-openssl option specified. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: https & sessions failing to persist
Luis Bernardo wrote: Apache or IIS? CGI or ISAPI module? Hi, Apache and, if possible, running on Linux or BSD. For me, Windows and IIS have to much security holes that we cannont solve (must wait that M$ want to release a security patch). Regards, Jordi. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: https & sessions failing to persist
On Fri, Apr 30, 2004 at 10:01:40PM -0500, Luis Bernardo wrote: > > Apache or IIS? CGI or ISAPI module? FreeBSD4.8 apache+mod_ssl-1.3.29+2.8.16_1 CGI > "Michael R. Wayne" <[EMAIL PROTECTED]> wrote in message > news:[EMAIL PROTECTED] > > > > Upgraded our PHP installation from 4.1.2 to 4.3.4, scripts that > > worked fine before are no longer doing so. The failure can be > > traced to the fact that sessions are never being reused (i.e. a new > > session gets started with each connection). The session files get > > written with proper information but never get read. > > > > The relevant session variables are: > >Session Support enabled > >session.auto_start On > >session.use_cookies Off > >session.use_trans_sid On > > and, as noted in the subject line, all connections are via https. > > > > Any suggestions on how to debug this? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: https & sessions failing to persist
Apache or IIS? CGI or ISAPI module? "Michael R. Wayne" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > > Upgraded our PHP installation from 4.1.2 to 4.3.4, scripts that > worked fine before are no longer doing so. The failure can be > traced to the fact that sessions are never being reused (i.e. a new > session gets started with each connection). The session files get > written with proper information but never get read. > > The relevant session variables are: >Session Support enabled >session.auto_start On >session.use_cookies Off >session.use_trans_sid On > and, as noted in the subject line, all connections are via https. > > Any suggestions on how to debug this? > > /\/\ \/\/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Https
Hello, On 12/23/2003 07:39 AM, Homer wrote: Sorry, but not. I have changed it to ssl and the message is the same: Notice: fopen(): Unable to find the wrapper "ssl" - did you forget to enable it when you configured PHP? If you read the warning message you can see that you can use your solution if you enable ssl streams in your configuration. I can use nothing that is out of the standard php package, because I'm doing a script for other users that can't change their php installation. In that case, you need to resort to a Curl based solution as Curl extension is available since much earlier PHP versions (PHP 4.0.2). In that case you may want to try that HTTP client class that simplifies a lot the access to the Web resources via SSL using Curl if available. It also supports accessing HTTPS pages via a proxy accessible http without SSL, so no Curl library is necessary. http://www.phpclasses.org/httpclient -- Regards, Manuel Lemos Free ready to use OOP components written in PHP http://www.phpclasses.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Https
Sorry, but not. I have changed it to ssl and the message is the same: Notice: fopen(): Unable to find the wrapper "ssl" - did you forget to enable it when you configured PHP? I can use nothing that is out of the standard php package, because I'm doing a script for other users that can't change their php installation. "Manuel Lemos" <[EMAIL PROTECTED]> escribió en el mensaje news:[EMAIL PROTECTED] > Hello, > > On 12/22/2003 05:26 AM, Homer wrote: > > Notice: fopen(): Unable to find the wrapper "https" - did you forget to > > enable it when you configured PHP? in > > C:\Inetpub\PostNuke-0.726\mpValidar.php on line 62 > > The line above says it all. I think the right scheme name is ssl, not > https . > > Alternatively you may want to use the Curl library. It is a bit more > complicated but using this HTTP client class it becomes much simpler and > you can make more complex request like posting forms and handling cookies. > > http://www.phpclasses.org/httpclient > > > -- > > Regards, > Manuel Lemos > > Free ready to use OOP components written in PHP > http://www.phpclasses.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Https
Hello, On 12/22/2003 05:26 AM, Homer wrote: Notice: fopen(): Unable to find the wrapper "https" - did you forget to enable it when you configured PHP? in C:\Inetpub\PostNuke-0.726\mpValidar.php on line 62 The line above says it all. I think the right scheme name is ssl, not https . Alternatively you may want to use the Curl library. It is a bit more complicated but using this HTTP client class it becomes much simpler and you can make more complex request like posting forms and handling cookies. http://www.phpclasses.org/httpclient -- Regards, Manuel Lemos Free ready to use OOP components written in PHP http://www.phpclasses.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: HTTPs ????
Scott Fletcher wrote: If the 's' in the HTTPs in the subject is indicating that you are trying to do this with an SSL server via the 'https' protocol, you are on the wrong track... You see, before you send all those headers to the SSL server, you'd have to first talk back and forth and negotiate a series of encryption keys. Then you'd have to encrypt each header you send with one of the keys, and decrypt what comes back with one of the other keys. Fortunately, there's a module to take care of all this crap for you, cuz it would be a MAJOR headache to do all that. http://php.net/curl > But the truth is it doesn't do anything. It *must* be doing something, even if it's not doing what you want :-) > -- demo script -- > $eq_one = "10xxx"; > $eq_two = "test"; > $eq_three = "DIAL999ZIDNT99xxxM3 J02"; > $post_string_len = > strlen("site_id=".$eq_one."&service_name=".$eq_two."&efx_request=".$eq_three > ); > > header("POST eq_test.php HTTP/1.1"); > header("Content-Transfer-Encoding: base64"); > header("Content-Location: > http://transport5.ec.equifax.com/servlet/stspost";); > header("Authorization: basic 10xxx:trwdwdxx"); > // header("Content-type: application/x-www-form-urlencoded"); > header("Content-length: $post_string_len"); > header("site_id=$eq_one&service_name=$eq_two&efx_request=$eq_three"); Like instead of using the header function, you should use http://php.net/fsockopen and then fputs and fgets to hold a conversation with the nice computer. You'll say, like, fputs($socket, "POST eq_test.php HTTP/1.1"); and the computer will be, like, answering so you'll do fgets($socket, 100) to "listen" to what it had to say. Disclaimer: I've never actually done this for HTTP, since Rasmus' posttohost function takes care of all that crap for me... Search the net for "posttohost and Rasmus" and you'll have it. > > echo ""; > echo " content='application/x-www-form-urlencoded'>"; > echo "Testing!"; -- Like music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] Re: HTTPS w/ header() ?
chicken or egg question here... assuming the directory requires authentication a la .htaccess or httpd.conf allow/deny does this methos encapsulate the authentication in the SSL or does this only eget applied after authenticating and reading the file to get the header portion. Example, current setup is to access the secure page via https://mypage this means the SSL layer is already in place when apache prompts for user/password, thus transmitting the user/pw pair securely to the server. without the SSL layer in place, your user/pw pair is essentially being snt open text for anyone to parse. If the header information contained in the if statement isn't parsed untill after the uid/pw pair is already sent. I would suspect that since PHP parses the file prior to delivering it to the user, that the lack of SSL is detected and the resulting login session is encapsulated in the SSL layer. Can anyone verify this? Dave >if(getenv("HTTPS")!="on") >{ >header ("Location: https://logon_screen";); >} > >every page has an include that checks $HTTPS as part of the sessions and >validation. If https!="on" then it kicks you back to the logon screen. > >you could do the same using > >if(getenv("HTTPS")!="on") >{ >header ("Location: https://$SERVER_NAME/$PHP_SELF";); >} -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Re: HTTPS w/ header() ?
I have done something like this. For the site I am working on, the user must log on. At the logon screen I check if(getenv("HTTPS")!="on") { header ("Location: https://logon_screen";); } every page has an include that checks $HTTPS as part of the sessions and validation. If https!="on" then it kicks you back to the logon screen. you could do the same using if(getenv("HTTPS")!="on") { header ("Location: https://$SERVER_NAME/$PHP_SELF";); } I think Don't know if that's what you're after, but it's what I've done and I have a high index of suspicion that it is working... Lee - Original Message - From: "Richard Lynch" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, August 19, 2001 12:50 PM Subject: [PHP] Re: HTTPS w/ header() ? > > Is there is a way with PHP (most probably headers) to go HTTPS mode? > > I don't want to specify https://www.myserver.com/secured_page.php > > I just want it normal but in it's header to tell the browser to initiate > an > > HTTPS mode. > > I don't think you can do that... > > You could send a header to do: > > header("Location: https://www.myserver.com/secured_page.php";); > > but pretty much the user will then see the https when the page shows up... > > What's the big picture here? I've got a feeling you've gone down a wrong > path that's making you ask this question... > > -- > WARNING [EMAIL PROTECTED] address is an endangered species -- Use > [EMAIL PROTECTED] > Wanna help me out? Like Music? Buy a CD: http://l-i-e.com/artists.htm > Volunteer a little time: http://chatmusic.com/volunteer.htm > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Re: HTTPS oddity
> Try throwing a on each port and see what else you are > getting... > > > > This has worked for ages - but sometime last night the behaviour of my/our > > server changed and now over an non-SSL connection, $HTTPS = ON and over a > > SSL connection $HTTPS = on (note the change in case). This is odd - and I > > can't find the source. I can't remember what I did, but this happened to me as well. I have a check https function. I restarted apache and I think it worked. phpinfo still showed the $HTTPS variable but I could not use it inside a function even though I had it set as a global variable. Try restarting... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Re: HTTPS oddity
Try throwing a on each port and see what else you are getting... -- WARNING [EMAIL PROTECTED] address is an endangered species -- Use [EMAIL PROTECTED] Wanna help me out? Like Music? Buy a CD: http://l-i-e.com/artists.htm Volunteer a little time: http://chatmusic.com/volunteer.htm - Original Message - From: Nigel Jewell <[EMAIL PROTECTED]> Newsgroups: php.general To: <[EMAIL PROTECTED]> Sent: Sunday, August 19, 2001 12:12 PM Subject: HTTPS oddity > Dear all, > > I have a SSL server set up and I check in PHP that its running over SSL by > doing: > > if ($HTTPS) { > .. > } > > This has worked for ages - but sometime last night the behaviour of my/our > server changed and now over an non-SSL connection, $HTTPS = ON and over a > SSL connection $HTTPS = on (note the change in case). This is odd - and I > can't find the source. > > Unfortunately I'm not the only one with admin access to the server - so > someone may have changed something :(. > > Anyone got any ideas? Where to start looking? > > Thanks, > > Nige. > > -- > URL: http://www.grufty.co.uk > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Re: HTTPS w/ header() ?
> Is there is a way with PHP (most probably headers) to go HTTPS mode? > I don't want to specify https://www.myserver.com/secured_page.php > I just want it normal but in it's header to tell the browser to initiate an > HTTPS mode. I don't think you can do that... You could send a header to do: header("Location: https://www.myserver.com/secured_page.php";); but pretty much the user will then see the https when the page shows up... What's the big picture here? I've got a feeling you've gone down a wrong path that's making you ask this question... -- WARNING [EMAIL PROTECTED] address is an endangered species -- Use [EMAIL PROTECTED] Wanna help me out? Like Music? Buy a CD: http://l-i-e.com/artists.htm Volunteer a little time: http://chatmusic.com/volunteer.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]