php-general Digest 29 Jan 2001 21:29:50 -0000 Issue 481
Topics (messages 37091 through 37102):
confused about getenv arguements
37091 by: Noel Akins
37094 by: Rasmus Lerdorf
Thankz...
37092 by: [ rswfire ]
IIS and PHP authorization
37093 by: Shane McBride
37095 by: Rasmus Lerdorf
37096 by: Shane McBride
37097 by: Rasmus Lerdorf
Re: Using PHP to do centralized site authentication
37098 by: Kristofer Widholm
PHP and Oracle resources
37099 by: Kristofer Widholm
Re: VAR and variables
37100 by: Steve Edberg
mail( ) question
37101 by: Fang Li
Re: PHP Triad
37102 by: Paul Grant
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
Hello,
I found this script at zend. Please note the getenv("HTTP_REFFERER").
<?
/* Anti-leech bandwidth protecter by Corey Milner, http://www.odey.com.
Turn the refererring URL into a variable */
$from = getenv("HTTP_REFERER");
/* Check to see if the URL in the variable is a valid referrer. Add the
page URL which you would like people to arrive from here. */
if ($from != "http://www.yoursite.com/validpage.htm")
/* If the URL is valid, page loads now */
/* If URL is invalid the following error message and proper link appears,
enter your custom error message and a hyperlink to the valid URL you
entered above here*/
{print(" Sorry you have tried to link to a page which does not accept
visitors directly. <br>
<a href=http://www.yoursite.com/validpage.htm>CLICK HERE</a> to enter");
/* Prevent the rest of the page from loading */
exit;}
?>
I went to check getenv in the php manual, and it said "You can see a list
of all the environmental variables by using phpinfo(). You can find out
what many of them mean by taking a look at the CGI specification,
specifically the page on environmental variables.
I made a php script phpinfo(INFO_ALL) to return everything for my host and
did not see HTTP_REFFERER, not did I see any of the other args that were in
the comments on the getenv page.
I looked at the linked cgi pages and didn't find anything there either.
If by not seeing these HTTP_like variables in my phpinfo, does that mean
they are unavailable to me to use? Do they have to be setup during the
install of php/apache?
Where can I get more info on these getenv args/vars?
Thanks
Just put <?phpinfo()?> in a file and read through it. Note that
HTTP_REFERER (1 R) is only set if you click on a link to get to the page.
Also note that relying on HTTP_REFERER for anything important is not safe.
Anybody can spoof this variable.
-Rasmus
On Sat, 27 Jan 2001, Noel Akins wrote:
> Hello,
> I found this script at zend. Please note the getenv("HTTP_REFFERER").
>
> <?
>
> /* Anti-leech bandwidth protecter by Corey Milner, http://www.odey.com.
> Turn the refererring URL into a variable */
> $from = getenv("HTTP_REFERER");
>
> /* Check to see if the URL in the variable is a valid referrer. Add the
> page URL which you would like people to arrive from here. */
> if ($from != "http://www.yoursite.com/validpage.htm")
>
> /* If the URL is valid, page loads now */
>
> /* If URL is invalid the following error message and proper link appears,
> enter your custom error message and a hyperlink to the valid URL you
> entered above here*/
> {print(" Sorry you have tried to link to a page which does not accept
> visitors directly. <br>
> <a href=http://www.yoursite.com/validpage.htm>CLICK HERE</a> to enter");
>
> /* Prevent the rest of the page from loading */
> exit;}
>
> ?>
>
> I went to check getenv in the php manual, and it said "You can see a list
> of all the environmental variables by using phpinfo(). You can find out
> what many of them mean by taking a look at the CGI specification,
> specifically the page on environmental variables.
>
> I made a php script phpinfo(INFO_ALL) to return everything for my host and
> did not see HTTP_REFFERER, not did I see any of the other args that were in
> the comments on the getenv page.
> I looked at the linked cgi pages and didn't find anything there either.
>
> If by not seeing these HTTP_like variables in my phpinfo, does that mean
> they are unavailable to me to use? Do they have to be setup during the
> install of php/apache?
> Where can I get more info on these getenv args/vars?
>
> Thanks
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
It took some work, but everything is working exactly as it should be across
the entire network ... both with IIS and Apache. Thank you, everyone, for
your help tonight! It was very much appreciated...
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com
I finally got PHP, MySQL and Win2k installed after a long hard battle with a Promise
Ultra/66 controller card. Now, PHP seems to work fine exceot when I have a script that
requires authorization, I never get the popup box to input the login and password.
Here's the script:
<?
// Include the setup password file
require 'setup.inc';
// Check to see if $PHP_AUTH_USER already contains info
if (!isset($PHP_AUTH_USER)) {
// If empty, send header causing dialog box to appear
header('WWW-Authenticate: Basic realm="The Merchant Power Setup Area"');
header('HTTP/1.0 401 Unauthorized');
echo 'Authorization Required!';
exit;
} else if (isset($PHP_AUTH_USER)) {
if (($PHP_AUTH_USER !=$SETUP_USER) || ($PHP_AUTH_PW !=$SETUP_PASS)) {
header('WWW-Authenticate: Basic realm="The Merchant Power Setup Area"');
header('HTTP/1.0 401 Unauthorized');
echo 'Authorization Required!';
exit;
}
}
?>
Any ideas?
TIA- Shane
If you are using the CGI version of PHP then this won't work. You can't
do HTTP auth from the CGI version.
-Rasmus
On Sun, 28 Jan 2001, Shane McBride wrote:
> I finally got PHP, MySQL and Win2k installed after a long hard battle with a Promise
>Ultra/66 controller card. Now, PHP seems to work fine exceot when I have a script
>that requires authorization, I never get the popup box to input the login and
>password. Here's the script:
>
> <?
> // Include the setup password file
> require 'setup.inc';
>
> // Check to see if $PHP_AUTH_USER already contains info
> if (!isset($PHP_AUTH_USER)) {
> // If empty, send header causing dialog box to appear
> header('WWW-Authenticate: Basic realm="The Merchant Power Setup Area"');
> header('HTTP/1.0 401 Unauthorized');
> echo 'Authorization Required!';
> exit;
> } else if (isset($PHP_AUTH_USER)) {
> if (($PHP_AUTH_USER !=$SETUP_USER) || ($PHP_AUTH_PW !=$SETUP_PASS)) {
> header('WWW-Authenticate: Basic realm="The Merchant Power Setup Area"');
> header('HTTP/1.0 401 Unauthorized');
> echo 'Authorization Required!';
> exit;
> }
> }
> ?>
>
> Any ideas?
>
> TIA- Shane
>
I thought PHP would only run as CGI on IIS? Right now I'm trying to config
Apache.
----- Original Message -----
From: "Rasmus Lerdorf" <[EMAIL PROTECTED]>
To: "Shane McBride" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Saturday, January 27, 2001 9:44 PM
Subject: Re: [PHP] IIS and PHP authorization
> If you are using the CGI version of PHP then this won't work. You can't
> do HTTP auth from the CGI version.
>
> -Rasmus
>
> On Sun, 28 Jan 2001, Shane McBride wrote:
>
> > I finally got PHP, MySQL and Win2k installed after a long hard battle
with a Promise Ultra/66 controller card. Now, PHP seems to work fine exceot
when I have a script that requires authorization, I never get the popup box
to input the login and password. Here's the script:
> >
> > <?
> > // Include the setup password file
> > require 'setup.inc';
> >
> > // Check to see if $PHP_AUTH_USER already contains info
> > if (!isset($PHP_AUTH_USER)) {
> > // If empty, send header causing dialog box to appear
> > header('WWW-Authenticate: Basic realm="The Merchant Power Setup
Area"');
> > header('HTTP/1.0 401 Unauthorized');
> > echo 'Authorization Required!';
> > exit;
> > } else if (isset($PHP_AUTH_USER)) {
> > if (($PHP_AUTH_USER !=$SETUP_USER) || ($PHP_AUTH_PW !=$SETUP_PASS)) {
> > header('WWW-Authenticate: Basic realm="The Merchant Power Setup
Area"');
> > header('HTTP/1.0 401 Unauthorized');
> > echo 'Authorization Required!';
> > exit;
> > }
> > }
> > ?>
> >
> > Any ideas?
> >
> > TIA- Shane
> >
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
There is an ISAPI module.
On Sun, 28 Jan 2001, Shane McBride wrote:
> I thought PHP would only run as CGI on IIS? Right now I'm trying to config
> Apache.
>
> ----- Original Message -----
> From: "Rasmus Lerdorf" <[EMAIL PROTECTED]>
> To: "Shane McBride" <[EMAIL PROTECTED]>
> Cc: <[EMAIL PROTECTED]>
> Sent: Saturday, January 27, 2001 9:44 PM
> Subject: Re: [PHP] IIS and PHP authorization
>
>
> > If you are using the CGI version of PHP then this won't work. You can't
> > do HTTP auth from the CGI version.
> >
> > -Rasmus
> >
> > On Sun, 28 Jan 2001, Shane McBride wrote:
> >
> > > I finally got PHP, MySQL and Win2k installed after a long hard battle
> with a Promise Ultra/66 controller card. Now, PHP seems to work fine exceot
> when I have a script that requires authorization, I never get the popup box
> to input the login and password. Here's the script:
> > >
> > > <?
> > > // Include the setup password file
> > > require 'setup.inc';
> > >
> > > // Check to see if $PHP_AUTH_USER already contains info
> > > if (!isset($PHP_AUTH_USER)) {
> > > // If empty, send header causing dialog box to appear
> > > header('WWW-Authenticate: Basic realm="The Merchant Power Setup
> Area"');
> > > header('HTTP/1.0 401 Unauthorized');
> > > echo 'Authorization Required!';
> > > exit;
> > > } else if (isset($PHP_AUTH_USER)) {
> > > if (($PHP_AUTH_USER !=$SETUP_USER) || ($PHP_AUTH_PW !=$SETUP_PASS)) {
> > > header('WWW-Authenticate: Basic realm="The Merchant Power Setup
> Area"');
> > > header('HTTP/1.0 401 Unauthorized');
> > > echo 'Authorization Required!';
> > > exit;
> > > }
> > > }
> > > ?>
> > >
> > > Any ideas?
> > >
> > > TIA- Shane
> > >
> >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> > To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
>I'm trying to do something in PHP4.0.4p1 that in the past I've done in
>mod_perl, but appears to be more difficult. Basically I have some PHP
>code that does access checks against a DB to see if that user has access
>to the requested URL. I'm using mod_layout to call the PHP script so I
>can wrap static html pages, CGI's, and not just PHP pages.
I may be misunderstanding your question, but it seems to me if you
use the HTTP_AUTH mechanism built into PHP you can authenticate
against a database or whatever you need in PHP before any page output
is generated whatsoever. If the user is not authenticated, PHP just
generates a standard 302, just as if you were using basic auth under
Apache. If you structure your script logic correctly, there should
be no output being processed until authentication has been made.
My apologies if I've totally misunderstood your situation.
Kristofer
--
______________________________________
Kristofer Widholm
Web Pharmacy
[EMAIL PROTECTED]
191 Grand Street, Brooklyn NY 11211
718.599.4893
______________________________________
Well, I've been given the joyous task of implementing the DaveTV
project at CBS via PHP, using Oracle as a database.
I've never used Oracle before.
Looking at the PHP functions for Oracle, and having heard about it in
the past, it seems like quite a different approach than any SQL
database I've ever used. I still don't get the whole point of cursor
objects, etc. :-)
It would all be pretty hilarious if it weren't so real, and with a
big fat deadline looming smack for the end of February.
To get to the point: Anyone have any good PHP & Oracle tutorials,
resources, books, etc, to point me to? EVERYTHING I see is MySQL,
MySQL, MySQL, and all I get for Oracle are lists of unexplained PHP
function calls.
Just point me in the right direction. I can walk there myself.
Thanks for the help.
Kristofer
--
______________________________________
Kristofer Widholm
Web Pharmacy
[EMAIL PROTECTED]
191 Grand Street, Brooklyn NY 11211
718.599.4893
______________________________________
At 10:50 AM +0000 1/29/01, Tim Ward wrote:
> > -----Original Message-----
>> From: Steve Edberg [mailto:[EMAIL PROTECTED]]
>> Sent: 25 January 2001 22:02
>> To: Matt; [EMAIL PROTECTED]
>> Subject: Re: [PHP] VAR and variables
>>
>>
>> At 3:00 PM -0600 1/25/01, Matt wrote:
>> >I have a question that may seem kind of silly, but I'm curious...
>> >
>> >When using PHP why would one use "var" to define a variable as
>> >opposed to just regularly creating it?
>>
>>
>> Because that's the way it is ;).
>>
>> The var is part of the syntax of a class definition; it isn't used
>> anywhere else. I don't know the actual deep reason for having it, as
>> far as the parser is concerned, but it does make it clear - at least
>> to me - what the class variables are.
>
>class definitions are the fundamental building blocks of object orientated
>programming. They define an object type which your object is an example of.
>The defined variables should be regarded as properties of the class rather
>than variables in the usual sense. If you're going to be strict about it you
>should not even refer to them directly outside the class definition but use
>methods to access and change them.
Yes --- I was referring to the use of the keyword 'var' here (as
opposed to nothing, or some _other_ construct), which I think was the
original question.
> >
>> You can also initialize the variable here, too:
>>
>> var $a = 5;
>>
>
>not any more you can't ... use the constructor
According to the docs, you can still use a _constant_ initializer in
PHP4 (I use them in 4.0.4), just not a variable one. From
http://www.php.net/manual/en/language.oop.php:
Note: In PHP 4, only constant initializers for var variables
are allowed. Use constructors for non-constant initializers.
Of course, this might not be the official OOP usage, but this is
PHP's way (I'd call it Pseudo-OOP, but the acronym for that isn't all
that pleasant ;)
- steve
--
+--- "They've got a cherry pie there, that'll kill ya" ------------------+
| Steve Edberg University of California, Davis |
| [EMAIL PROTECTED] Computer Consultant |
| http://aesric.ucdavis.edu/ http://pgfsun.ucdavis.edu/ |
+-------------------------------------- FBI Special Agent Dale Cooper ---+
Hi All:
Would anyone tell me how to correct the code in mail( ) function? Thanks a
lot.
<html>
<head>
<scrip language="JavaScrip">
function askEmailAddress( ){
var inputedData = prompt("The email address you want send to:"," ");
if(confirm("The email address you want send to is" + inputedData +
"?")){
alert("OK, the article will send to " + inputedData + "!");
}
}
</script>
</head>
<body>
.......
<?php
mail(?> <script language="JavaScript"> document.write(inputed_data)</script>
<?php , "My Subject", "Line 1\nLine 2\nLine 3"); ?>
</body>
</html>
Fang Li
"PHPTriad for Windows installs a PHP server environment on Windows
platforms. The basic installer installs PHP, MySQL, Apache and PHPMyAdmin.
The most recent version of PHPTriad is 1.4 and was released at the end of
December, 2000."
http://www.phpgeek.com/phptriad.php
> -----Original Message-----
> From: [ rswfire ] [SMTP:[EMAIL PROTECTED]]
> Sent: 27 January 2001 19:57
> To: [EMAIL PROTECTED]
> Subject: [PHP] PHP Triad
>
> What is PHP Triad? How can I learn more about it??
>
>
*******************************************************************
This email and any files transmitted with it are confidential and
are solely for the use of the individual or organisation to whom
they are addressed. If you have received this mail in error please
notify the system administrator at +353 1 6399700 or by email to
[EMAIL PROTECTED]
This email message has been swept for computer viruses.
Managed Solutions Corporation,
Enterprise Customer Relationship Management, Workflow and Contract
Administration.
Tel: 353 1 639 9700
Fax: 353 1 639 9701
Don't forget to visit our website at http://www.managed-solutions.com
**********************************************************************
