John Swartzentruber wrote:
I stripped down my original script until it started receiving POST data,
then I kept modifying it until I figured out where the problem was. I
found it, but I'm still as clueless as every.
To summarize: I have a form that posts to the same script that contains
the
.
-phpninja
-Original Message-
From: Richard Lynch [mailto:[EMAIL PROTECTED]
Sent: Friday, March 04, 2005 11:03 AM
To: John Swartzentruber
Cc: php-general@lists.php.net
Subject: Re: [PHP] Re: Authentication fails - problem line found
John Swartzentruber wrote:
I stripped down my original
that. Just a thought.
-phpninja
-Original Message-
From: Richard Lynch [mailto:[EMAIL PROTECTED]
Sent: Friday, March 04, 2005 11:03 AM
To: John Swartzentruber
Cc: php-general@lists.php.net
Subject: Re: [PHP] Re: Authentication fails - problem line found
John Swartzentruber wrote:
I stripped down
On 3/4/2005 2:23 PM Dan wrote:
phpninja wrote:
I think all php functions are case sensitive and must be all
lowercase. try changing IsSet to isset and give it a run. I im not
100% sure because i always type every function in php lowercase and
keep it the same throughout the application so i dont
On 3/4/2005 2:02 PM Richard Lynch wrote:
John Swartzentruber wrote:
I stripped down my original script until it started receiving POST data,
then I kept modifying it until I figured out where the problem was. I
found it, but I'm still as clueless as every.
To summarize: I have a form that posts to
John Swartzentruber wrote:
On 3/4/2005 2:23 PM Dan wrote:
phpninja wrote:
I think all php functions are case sensitive and must be all
lowercase. try changing IsSet to isset and give it a run. I im not
100% sure because i always type every function in php lowercase and
keep it the same throughout
phpninja wrote:
I think all php functions are case sensitive and must be all
lowercase. try changing IsSet to isset and give it a run. I im not
100% sure because i always type every function in php lowercase and
keep it the same throughout the application so i dont ever have to
worry about
On 3/4/2005 2:02 PM Richard Lynch wrote:
John Swartzentruber wrote:
I stripped down my original script until it started receiving POST data,
then I kept modifying it until I figured out where the problem was. I
found it, but I'm still as clueless as every.
To summarize: I have a form that posts to
Richard Lynch wrote:
phpninja wrote:
I think all php functions are case sensitive and must be all
lowercase. try changing IsSet to isset and give it a run. I im not
100% sure because i always type every function in php lowercase and
keep it the same throughout the application so i dont ever have
On 3/2/2005 5:21 PM Richard Lynch wrote:
John Swartzentruber wrote:
VirtualHost 66.92..XX:80 10.X.0.3:80
ServerName john.swartzentruber.us
ServerAdmin webmasXXXtzentruber.us
DocumentRoot /var/www/vhosts/swartzentruber.us/john/html
Directory
I stripped down my original script until it started receiving POST data,
then I kept modifying it until I figured out where the problem was. I
found it, but I'm still as clueless as every.
To summarize: I have a form that posts to the same script that contains
the form. In its original state,
On 3/1/2005 3:52 PM John Swartzentruber wrote:
On 3/1/2005 2:12 PM Jason Barnett wrote:
John Swartzentruber wrote:
Somehow my PHP 5.0.3 or something is configured incorrectly. When I try
to get past an authentication input, nothing happens. For example, I
have phpMyAdmin configured now to use
I've got some more information and I hope someone can help me figure out
the problem. I changed my original PHP program so that the form action
script is a different script. In that file, I just do a var_dump on
$_POST and $_SERVER.
When I do that, it looks like all of the data comes
On 3/2/2005 9:22 AM Jason Barnett wrote:
On the other hand, when the form action script is the *same* script that
contains the form, when I do the same var_dumps, the data does *not*
have any $_POST data. Also, the _SERVER[REQUEST_METHOD] is GET, not
POST in this instance.
My suspicion was that
On the other hand, when the form action script is the *same* script that
contains the form, when I do the same var_dumps, the data does *not*
have any $_POST data. Also, the _SERVER[REQUEST_METHOD] is GET, not
POST in this instance.
My suspicion was that this was what had happened as well,
I've got some more information and I hope someone can help me figure out
the problem. I changed my original PHP program so that the form action
script is a different script. In that file, I just do a var_dump on
$_POST and $_SERVER.
When I do that, it looks like all of the data comes through
On 3/2/2005 2:29 PM Richard Lynch wrote:
I've got some more information and I hope someone can help me figure out
the problem. I changed my original PHP program so that the form action
script is a different script. In that file, I just do a var_dump on
$_POST and $_SERVER.
When I do that, it looks
John Swartzentruber wrote:
VirtualHost 66.92..XX:80 10.X.0.3:80
ServerName john.swartzentruber.us
ServerAdmin webmasXXXtzentruber.us
DocumentRoot /var/www/vhosts/swartzentruber.us/john/html
Directory /var/www/vhosts/swartzentruber.us/john/html
John Swartzentruber wrote:
Somehow my PHP 5.0.3 or something is configured incorrectly. When I try
to get past an authentication input, nothing happens. For example, I
have phpMyAdmin configured now to use mysqli, but when I enter the
username and password, the screen doesn't change. In
On 3/1/2005 2:12 PM Jason Barnett wrote:
John Swartzentruber wrote:
Somehow my PHP 5.0.3 or something is configured incorrectly. When I try
to get past an authentication input, nothing happens. For example, I
have phpMyAdmin configured now to use mysqli, but when I enter the
username and password,
Ali wrote:
Hi everyone...
can anyone lead me to a good tutorial on authentication...it wud be good if
i can get a one in connection with a database..
thnks
If you understand portuguese: http://www.educar.pro.br/
---
zerof
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe,
Adam Williams wrote:
Hi, is there a way to authenticate a username/password someone enters in a
form with what is in /etc/passwd?
Thanks!
Yep, do a search on .htaccess from http://google.com
Cheers,
jas
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit:
On Friday 06 February 2004 01:13, Jas wrote:
Adam Williams wrote:
Hi, is there a way to authenticate a username/password someone enters in
a form with what is in /etc/passwd?
Yep, do a search on .htaccess from http://google.com
I'm afraid you may be sending the OP on a wild goose chase.
John Taylor-Johnston wrote:
if($PHP_AUTH_USER != user1) || ($PHP_AUTH_PW != password)
... or somehting like that. I can't find it in the manual, but it is
there someplace.
Adam Williams wrote:
Hi, is there a PHP function or some sort of way to have a user enter
their username and
Transmit Report:
To: [EMAIL PROTECTED], 402 Local User Inbox Full ([EMAIL PROTECTED])
---BeginMessage---
John Taylor-Johnston wrote:
if($PHP_AUTH_USER != user1) || ($PHP_AUTH_PW != password)
... or somehting like that. I can't find it in the manual, but it is
there someplace.
Adam
if($PHP_AUTH_USER != user1) || ($PHP_AUTH_PW != password)
... or somehting like that. I can't find it in the manual, but it is there someplace.
Adam Williams wrote:
Hi, is there a PHP function or some sort of way to have a user enter their
username and password in a form, and compare the
Found this too:
?
if(!isset($PHP_AUTH_USER)) {
Header(WWW-authenticate: basic realm=\$SID\);
Header(HTTP/1.0 401 Unauthorized);
$title=Login Instructions;
echo blockquote
You are not authorised to enter the site
using this method for a production environment is incredibly vulnerable.
Just think of having a link on that page to some other site (or even having
a third-party banner displayed) on which there is a hit counter (and on
90% there are) those can simply read the link in their logs.
Never ever use
Just never do it period...that is the best habit to have...
That is poor coding on the programmers part...
On Fri, 2002-11-15 at 00:59, Maxim Maletsky wrote:
using this method for a production environment is incredibly vulnerable.
Just think of having a link on that page to some other site (or
very true :)
thx - I will keep that in mind...
Chris Shiflett [EMAIL PROTECTED] schrieb im Newsbeitrag
news:3DC71CBE.2050703;php.net...
You can hide URLs by fetching them with one of your own PHP scripts:
base href=www.site.com
?
readfile(http://user:password;www.site.com/);
?
I think it
I've tried both methods without success.
header(Location: http://(user):(pass)www.mysite.com); does the transfer
but I still get prompted for a username and password by Apache
readfile(http://(user):(pass)www.mysite.com); brings a warning message.
Warning: readfile(http://...;www.mysite.com/)
hi - I'm not quite sure if this will help you, but lets give it a try:
you could use this URL syntax:
http://user:password;www.site.com to automatically log your user in to the
htaccess protected area. the bad thing about it is that user / password show
up in the URL, but you could hide this
You can hide URLs by fetching them with one of your own PHP scripts:
base href=www.site.com
?
readfile(http://user:password;www.site.com/);
?
I think it might be at least better than frames. :-)
Chris
silver wrote:
you could use this URL syntax:
http://user:password;www.site.com to
I have a user authentication system using sessions
it checks username and password against a database.
if correct it sets a variable in the session cookie (via $_SESSION) and
redirects to the protected page which checks for that variable.
if the user/pass is wrong it redirects to an error page.
On my site, when a user logs in, their password is encrypted using md5() and
the username and encrypted password is then passed from page to page using
hidden form inputs (clicking on a link submits the form using POST).
Does anyone have any comments on this method e.g. security wise? I know I
Harry Yu [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Hi All,
I'm trying to setup an authentication process and
sessions to protect some of my pages for valid users
only. The following are what I had in mind:
[...]
Well, looks fine to me, except that I
Create another table with info of accounts.
Auth_table
username(varchar)
password(varchar)
acno(int)
accounts_info_table
acno(int)
info1
info2()
Pass a query
==
select * from accounts_info_table where acno==$abc
==
here $abc is the info you
Create another table with info of accounts.
Auth_table
username(varchar)
password(varchar)
acno(int)
accounts_info_table
acno(int)
info1
info2()
Pass a query
==
select * from accounts_info_table where acno==$abc
==
here $abc is the info you
Well, your the expert, so I'll look into this further, but do you have
any statistics, or a guess, as to the load auto_prepending an entire
site would add to a server?
I've always been under the impression that adding PHP to every page will
add significant load. I'm not familiar enough with
I cannot quote any statistics for you, but I think I can answer your
question anyway.
When you use htaccess along with htpassword or authmysql, everytime a person
requests a page in a protected dirtectory apache has to access the htaccess
file, determine the type of authentication to use and
Here would be one of many ways. This assumes that login.php and index.php
are in the same directory.
login.php
?
if (isset($userid)||isset($password)) {
if ($userid == somename $password == somepassword) {
echo YAY! You did it!;
exit;
}
header(Location: index.php);
exit;
}
?
html
body
== somename3 $password == somepassword3)) {
Martin
-Original Message-
From: Gaylen Fraley [mailto:[EMAIL PROTECTED]]
Sent: Friday, October 26, 2001 2:01 PM
To: [EMAIL PROTECTED]
Subject: [PHP] Re: authentication help
Here would be one of many ways. This assumes that login.php
hi!
I ever solve this problem with sessions... when a user does the login, I
have
session_start();
session_register(allowed);
$allowed = true;
and on the top of all the other sites, where just special users are
allowed to go in, there is a
include (checkAllowed.php);
checkAllowed.php just
]
To: Gert Mellak [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Monday, August 27, 2001 9:27 PM
Subject: Re: [PHP] Re: authentication
It seems like there would be several problems with doing it this way.
The most obvious is what happens when someone types in
http://www.yoursite.com/protected.php?allowed
44 matches
Mail list logo
