php-general Digest 29 Jan 2001 21:29:50 -0000 Issue 481 Topics (messages 37091 through 37102): confused about getenv arguements 37091 by: Noel Akins 37094 by: Rasmus Lerdorf Thankz... 37092 by: [ rswfire ] IIS and PHP authorization 37093 by: Shane McBride 37095 by: Rasmus Lerdorf 37096 by: Shane McBride 37097 by: Rasmus Lerdorf Re: Using PHP to do centralized site authentication 37098 by: Kristofer Widholm PHP and Oracle resources 37099 by: Kristofer Widholm Re: VAR and variables 37100 by: Steve Edberg mail( ) question 37101 by: Fang Li Re: PHP Triad 37102 by: Paul Grant Administrivia: To subscribe to the digest, e-mail: [EMAIL PROTECTED] To unsubscribe from the digest, e-mail: [EMAIL PROTECTED] To post to the list, e-mail: [EMAIL PROTECTED] ----------------------------------------------------------------------
Hello, I found this script at zend. Please note the getenv("HTTP_REFFERER"). <? /* Anti-leech bandwidth protecter by Corey Milner, http://www.odey.com. Turn the refererring URL into a variable */ $from = getenv("HTTP_REFERER"); /* Check to see if the URL in the variable is a valid referrer. Add the page URL which you would like people to arrive from here. */ if ($from != "http://www.yoursite.com/validpage.htm") /* If the URL is valid, page loads now */ /* If URL is invalid the following error message and proper link appears, enter your custom error message and a hyperlink to the valid URL you entered above here*/ {print(" Sorry you have tried to link to a page which does not accept visitors directly. <br> <a href=http://www.yoursite.com/validpage.htm>CLICK HERE</a> to enter"); /* Prevent the rest of the page from loading */ exit;} ?> I went to check getenv in the php manual, and it said "You can see a list of all the environmental variables by using phpinfo(). You can find out what many of them mean by taking a look at the CGI specification, specifically the page on environmental variables. I made a php script phpinfo(INFO_ALL) to return everything for my host and did not see HTTP_REFFERER, not did I see any of the other args that were in the comments on the getenv page. I looked at the linked cgi pages and didn't find anything there either. If by not seeing these HTTP_like variables in my phpinfo, does that mean they are unavailable to me to use? Do they have to be setup during the install of php/apache? Where can I get more info on these getenv args/vars? Thanks
Just put <?phpinfo()?> in a file and read through it. Note that HTTP_REFERER (1 R) is only set if you click on a link to get to the page. Also note that relying on HTTP_REFERER for anything important is not safe. Anybody can spoof this variable. -Rasmus On Sat, 27 Jan 2001, Noel Akins wrote: > Hello, > I found this script at zend. Please note the getenv("HTTP_REFFERER"). > > <? > > /* Anti-leech bandwidth protecter by Corey Milner, http://www.odey.com. > Turn the refererring URL into a variable */ > $from = getenv("HTTP_REFERER"); > > /* Check to see if the URL in the variable is a valid referrer. Add the > page URL which you would like people to arrive from here. */ > if ($from != "http://www.yoursite.com/validpage.htm") > > /* If the URL is valid, page loads now */ > > /* If URL is invalid the following error message and proper link appears, > enter your custom error message and a hyperlink to the valid URL you > entered above here*/ > {print(" Sorry you have tried to link to a page which does not accept > visitors directly. <br> > <a href=http://www.yoursite.com/validpage.htm>CLICK HERE</a> to enter"); > > /* Prevent the rest of the page from loading */ > exit;} > > ?> > > I went to check getenv in the php manual, and it said "You can see a list > of all the environmental variables by using phpinfo(). You can find out > what many of them mean by taking a look at the CGI specification, > specifically the page on environmental variables. > > I made a php script phpinfo(INFO_ALL) to return everything for my host and > did not see HTTP_REFFERER, not did I see any of the other args that were in > the comments on the getenv page. > I looked at the linked cgi pages and didn't find anything there either. > > If by not seeing these HTTP_like variables in my phpinfo, does that mean > they are unavailable to me to use? Do they have to be setup during the > install of php/apache? > Where can I get more info on these getenv args/vars? > > Thanks > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] >
It took some work, but everything is working exactly as it should be across the entire network ... both with IIS and Apache. Thank you, everyone, for your help tonight! It was very much appreciated... _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com
I finally got PHP, MySQL and Win2k installed after a long hard battle with a Promise Ultra/66 controller card. Now, PHP seems to work fine exceot when I have a script that requires authorization, I never get the popup box to input the login and password. Here's the script: <? // Include the setup password file require 'setup.inc'; // Check to see if $PHP_AUTH_USER already contains info if (!isset($PHP_AUTH_USER)) { // If empty, send header causing dialog box to appear header('WWW-Authenticate: Basic realm="The Merchant Power Setup Area"'); header('HTTP/1.0 401 Unauthorized'); echo 'Authorization Required!'; exit; } else if (isset($PHP_AUTH_USER)) { if (($PHP_AUTH_USER !=$SETUP_USER) || ($PHP_AUTH_PW !=$SETUP_PASS)) { header('WWW-Authenticate: Basic realm="The Merchant Power Setup Area"'); header('HTTP/1.0 401 Unauthorized'); echo 'Authorization Required!'; exit; } } ?> Any ideas? TIA- Shane
If you are using the CGI version of PHP then this won't work. You can't do HTTP auth from the CGI version. -Rasmus On Sun, 28 Jan 2001, Shane McBride wrote: > I finally got PHP, MySQL and Win2k installed after a long hard battle with a Promise >Ultra/66 controller card. Now, PHP seems to work fine exceot when I have a script >that requires authorization, I never get the popup box to input the login and >password. Here's the script: > > <? > // Include the setup password file > require 'setup.inc'; > > // Check to see if $PHP_AUTH_USER already contains info > if (!isset($PHP_AUTH_USER)) { > // If empty, send header causing dialog box to appear > header('WWW-Authenticate: Basic realm="The Merchant Power Setup Area"'); > header('HTTP/1.0 401 Unauthorized'); > echo 'Authorization Required!'; > exit; > } else if (isset($PHP_AUTH_USER)) { > if (($PHP_AUTH_USER !=$SETUP_USER) || ($PHP_AUTH_PW !=$SETUP_PASS)) { > header('WWW-Authenticate: Basic realm="The Merchant Power Setup Area"'); > header('HTTP/1.0 401 Unauthorized'); > echo 'Authorization Required!'; > exit; > } > } > ?> > > Any ideas? > > TIA- Shane >
I thought PHP would only run as CGI on IIS? Right now I'm trying to config Apache. ----- Original Message ----- From: "Rasmus Lerdorf" <[EMAIL PROTECTED]> To: "Shane McBride" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Saturday, January 27, 2001 9:44 PM Subject: Re: [PHP] IIS and PHP authorization > If you are using the CGI version of PHP then this won't work. You can't > do HTTP auth from the CGI version. > > -Rasmus > > On Sun, 28 Jan 2001, Shane McBride wrote: > > > I finally got PHP, MySQL and Win2k installed after a long hard battle with a Promise Ultra/66 controller card. Now, PHP seems to work fine exceot when I have a script that requires authorization, I never get the popup box to input the login and password. Here's the script: > > > > <? > > // Include the setup password file > > require 'setup.inc'; > > > > // Check to see if $PHP_AUTH_USER already contains info > > if (!isset($PHP_AUTH_USER)) { > > // If empty, send header causing dialog box to appear > > header('WWW-Authenticate: Basic realm="The Merchant Power Setup Area"'); > > header('HTTP/1.0 401 Unauthorized'); > > echo 'Authorization Required!'; > > exit; > > } else if (isset($PHP_AUTH_USER)) { > > if (($PHP_AUTH_USER !=$SETUP_USER) || ($PHP_AUTH_PW !=$SETUP_PASS)) { > > header('WWW-Authenticate: Basic realm="The Merchant Power Setup Area"'); > > header('HTTP/1.0 401 Unauthorized'); > > echo 'Authorization Required!'; > > exit; > > } > > } > > ?> > > > > Any ideas? > > > > TIA- Shane > > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED]
There is an ISAPI module. On Sun, 28 Jan 2001, Shane McBride wrote: > I thought PHP would only run as CGI on IIS? Right now I'm trying to config > Apache. > > ----- Original Message ----- > From: "Rasmus Lerdorf" <[EMAIL PROTECTED]> > To: "Shane McBride" <[EMAIL PROTECTED]> > Cc: <[EMAIL PROTECTED]> > Sent: Saturday, January 27, 2001 9:44 PM > Subject: Re: [PHP] IIS and PHP authorization > > > > If you are using the CGI version of PHP then this won't work. You can't > > do HTTP auth from the CGI version. > > > > -Rasmus > > > > On Sun, 28 Jan 2001, Shane McBride wrote: > > > > > I finally got PHP, MySQL and Win2k installed after a long hard battle > with a Promise Ultra/66 controller card. Now, PHP seems to work fine exceot > when I have a script that requires authorization, I never get the popup box > to input the login and password. Here's the script: > > > > > > <? > > > // Include the setup password file > > > require 'setup.inc'; > > > > > > // Check to see if $PHP_AUTH_USER already contains info > > > if (!isset($PHP_AUTH_USER)) { > > > // If empty, send header causing dialog box to appear > > > header('WWW-Authenticate: Basic realm="The Merchant Power Setup > Area"'); > > > header('HTTP/1.0 401 Unauthorized'); > > > echo 'Authorization Required!'; > > > exit; > > > } else if (isset($PHP_AUTH_USER)) { > > > if (($PHP_AUTH_USER !=$SETUP_USER) || ($PHP_AUTH_PW !=$SETUP_PASS)) { > > > header('WWW-Authenticate: Basic realm="The Merchant Power Setup > Area"'); > > > header('HTTP/1.0 401 Unauthorized'); > > > echo 'Authorization Required!'; > > > exit; > > > } > > > } > > > ?> > > > > > > Any ideas? > > > > > > TIA- Shane > > > > > > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > To contact the list administrators, e-mail: [EMAIL PROTECTED] >
>I'm trying to do something in PHP4.0.4p1 that in the past I've done in >mod_perl, but appears to be more difficult. Basically I have some PHP >code that does access checks against a DB to see if that user has access >to the requested URL. I'm using mod_layout to call the PHP script so I >can wrap static html pages, CGI's, and not just PHP pages. I may be misunderstanding your question, but it seems to me if you use the HTTP_AUTH mechanism built into PHP you can authenticate against a database or whatever you need in PHP before any page output is generated whatsoever. If the user is not authenticated, PHP just generates a standard 302, just as if you were using basic auth under Apache. If you structure your script logic correctly, there should be no output being processed until authentication has been made. My apologies if I've totally misunderstood your situation. Kristofer -- ______________________________________ Kristofer Widholm Web Pharmacy [EMAIL PROTECTED] 191 Grand Street, Brooklyn NY 11211 718.599.4893 ______________________________________
Well, I've been given the joyous task of implementing the DaveTV project at CBS via PHP, using Oracle as a database. I've never used Oracle before. Looking at the PHP functions for Oracle, and having heard about it in the past, it seems like quite a different approach than any SQL database I've ever used. I still don't get the whole point of cursor objects, etc. :-) It would all be pretty hilarious if it weren't so real, and with a big fat deadline looming smack for the end of February. To get to the point: Anyone have any good PHP & Oracle tutorials, resources, books, etc, to point me to? EVERYTHING I see is MySQL, MySQL, MySQL, and all I get for Oracle are lists of unexplained PHP function calls. Just point me in the right direction. I can walk there myself. Thanks for the help. Kristofer -- ______________________________________ Kristofer Widholm Web Pharmacy [EMAIL PROTECTED] 191 Grand Street, Brooklyn NY 11211 718.599.4893 ______________________________________
At 10:50 AM +0000 1/29/01, Tim Ward wrote: > > -----Original Message----- >> From: Steve Edberg [mailto:[EMAIL PROTECTED]] >> Sent: 25 January 2001 22:02 >> To: Matt; [EMAIL PROTECTED] >> Subject: Re: [PHP] VAR and variables >> >> >> At 3:00 PM -0600 1/25/01, Matt wrote: >> >I have a question that may seem kind of silly, but I'm curious... >> > >> >When using PHP why would one use "var" to define a variable as >> >opposed to just regularly creating it? >> >> >> Because that's the way it is ;). >> >> The var is part of the syntax of a class definition; it isn't used >> anywhere else. I don't know the actual deep reason for having it, as >> far as the parser is concerned, but it does make it clear - at least >> to me - what the class variables are. > >class definitions are the fundamental building blocks of object orientated >programming. They define an object type which your object is an example of. >The defined variables should be regarded as properties of the class rather >than variables in the usual sense. If you're going to be strict about it you >should not even refer to them directly outside the class definition but use >methods to access and change them. Yes --- I was referring to the use of the keyword 'var' here (as opposed to nothing, or some _other_ construct), which I think was the original question. > > >> You can also initialize the variable here, too: >> >> var $a = 5; >> > >not any more you can't ... use the constructor According to the docs, you can still use a _constant_ initializer in PHP4 (I use them in 4.0.4), just not a variable one. From http://www.php.net/manual/en/language.oop.php: Note: In PHP 4, only constant initializers for var variables are allowed. Use constructors for non-constant initializers. Of course, this might not be the official OOP usage, but this is PHP's way (I'd call it Pseudo-OOP, but the acronym for that isn't all that pleasant ;) - steve -- +--- "They've got a cherry pie there, that'll kill ya" ------------------+ | Steve Edberg University of California, Davis | | [EMAIL PROTECTED] Computer Consultant | | http://aesric.ucdavis.edu/ http://pgfsun.ucdavis.edu/ | +-------------------------------------- FBI Special Agent Dale Cooper ---+
Hi All: Would anyone tell me how to correct the code in mail( ) function? Thanks a lot. <html> <head> <scrip language="JavaScrip"> function askEmailAddress( ){ var inputedData = prompt("The email address you want send to:"," "); if(confirm("The email address you want send to is" + inputedData + "?")){ alert("OK, the article will send to " + inputedData + "!"); } } </script> </head> <body> ....... <?php mail(?> <script language="JavaScript"> document.write(inputed_data)</script> <?php , "My Subject", "Line 1\nLine 2\nLine 3"); ?> </body> </html> Fang Li
"PHPTriad for Windows installs a PHP server environment on Windows platforms. The basic installer installs PHP, MySQL, Apache and PHPMyAdmin. The most recent version of PHPTriad is 1.4 and was released at the end of December, 2000." http://www.phpgeek.com/phptriad.php > -----Original Message----- > From: [ rswfire ] [SMTP:[EMAIL PROTECTED]] > Sent: 27 January 2001 19:57 > To: [EMAIL PROTECTED] > Subject: [PHP] PHP Triad > > What is PHP Triad? How can I learn more about it?? > > ******************************************************************* This email and any files transmitted with it are confidential and are solely for the use of the individual or organisation to whom they are addressed. If you have received this mail in error please notify the system administrator at +353 1 6399700 or by email to [EMAIL PROTECTED] This email message has been swept for computer viruses. Managed Solutions Corporation, Enterprise Customer Relationship Management, Workflow and Contract Administration. Tel: 353 1 639 9700 Fax: 353 1 639 9701 Don't forget to visit our website at http://www.managed-solutions.com **********************************************************************