RE: [PHP] How to get the IP of a visitor
use ? phpinfo() ?. you'll see all the variable in the http request header. -Original Message- From: Ulrik Witschass [mailto:[EMAIL PROTECTED]] Sent: Monday, March 18, 2002 11:57 AM To: [EMAIL PROTECTED] Subject: [PHP] How to get the IP of a visitor Hi, I am new to this list and to PHP, so please excuse any newbie questions :) Want I need to know is how to get either the ISP or the IP of the visitor of a page. I guess this is a environment variable, but I don't know which. Any help is greatly appreciated :) Thanx! Ulrik -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Anybody have a function to encode a string?
Lots of people will tell you to use PGP. However since PGP is not *free*, in that you cannot use it for commercial purposes without a license, I avoid it. Also it has to be downloaded and installed as most systems do not include it because of it's non-free open source status. The best alternative I found is OpenSSL. Yes it does key management, creation, encryption, decryption and even SMIME EMAIL! That's right you can even send encrypted emails with it. Try 'man smime' on a linux system for the email portion. Also, 'man rsautl' for just encryption and decryption of an arbitrary string. Hope I've been helpful, Drew Lopucki Mrdrew.com [EMAIL PROTECTED] -Original Message- From: Leif K-Brooks [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 19, 2002 2:19 AM To: [EMAIL PROTECTED] Subject: [PHP] Anybody have a function to encode a string? I need a function that encodes stuff, with a key. It, of course, needs to be decodable too. Does anbody know/have a function like this? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] sessions not so secure..solution?
I can't answer your overall question but I can tell you that a 'resourceful' hacker can also easily spoof an IP address, or so I'm told ;) Why not just have the entire session encrypted. The user could browse around the catalog sessionless and as soon as a cart was necessary (wants to put something in it) the https starts. (?) Drew Lopucki [EMAIL PROTECTED] -Original Message- From: Steve Clay [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 19, 2002 7:13 AM To: PHP-GENERAL Subject: [PHP] sessions not so secure..solution? Hello, I'm building an e-commerce site which uses sessions to hold my $cart object. This works great but I've two worries: 1) When the user connects through our secure hostname, can I ensure the browser will send the server the cookie (w/ SESSID)? The user will shop through domain.com and checkout via https:secure.domain.com. (haven't got cert yet) 2) While the user shops the SESSID is thrown around insecurely (no big deal, just a cart). But when I move the user to a secure server to get sensitive info a resourceful hacker could also go to the checkout script using this SESSID and 'confirm' the real user's personal details (kept in another registered session object). If I can't keep the user's details in the old session, can I delete the old session and copy the cart to a new session? Should I do this anytime the user goes back to the insecure site and returns to finish checking out? As an alternative, would there be any problems with keeping the IP of the user in a session variable for further authentication? I assume I'd record the IP immediately upon checking in at the secure server then enforcing this per request. That way, worst case scenario the hackers gets a SESSID and heads to checkout first, server restricts real user from accessing (because of different IP). This is my first time coding for a secure server and my first post here as well.. Steve -- [EMAIL PROTECTED] ** http://mrclay.org -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Anybody have a function to encode a string?
Alexander, This is a fairly condescending reply given that the license statement for PGP is present on every download screen from which it is available. Careful not to hurt my feelings please :( After all, I went to a lot of trouble looking all these things up very carefully when I implemented my own PHP script for encrypting an email message. Anyway, I'm sure GnuPG is great too, but as with PGP it also is not part of most standard distributions of Linux/Unix and as a result, may not be present on a production server (where downloading and installing new packages may not be an option.) OpenSSL, on the other hand, is available on virtuall all systems since it is required for https servers. -Original Message- From: Alexander Skwar [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 19, 2002 2:52 PM To: Drew Lopucki Cc: Leif K-Brooks; [EMAIL PROTECTED] Subject: Re: [PHP] Anybody have a function to encode a string? »Drew Lopucki« sagte am 2002-03-19 um 10:25:02 -0500 : Lots of people will tell you to use PGP. However since PGP is not *free*, in that you cannot use it for commercial purposes without a license, I avoid it. Also it has to be downloaded and installed as most systems do not Well, use GnuPG. Then you can use PGP. And what you stated above is also plain wrong. You might need some sort of license for the more obscure uses (like VPN and thus), but for encryption, PGP is freely available. And lastly, even if you were willing to pay money, I would not recommend PGP to anyone, as NA has stopped developing PGP and is trying to sell it. PGP is dead - long live GnuPG! Alexander Skwar -- How to quote: http://learn.to/quote (german) http://quote.6x.to (english) Homepage: http://www.iso-top.de | Jabber: [EMAIL PROTECTED] iso-top.de - Die günstige Art an Linux Distributionen zu kommen Uptime: 2 days 8 hours 43 minutes -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
