Re: [PHP] htaccess

[Tedd Sperling]

Simon:

Confirmed. Those two lines cause the problem.

However, commenting out those lines causes other problems.

Are there similar statements to these:

   AddType application/x-httpd-php .php .htm .html
   AddHandler x-httpd-php5-cgi .php .htm .html

That will allow for their function (whatever that may be), but not reduce PHP 
to version 5.2.17?

If these statement are for only the php interpreter to consider html prefixes, 
then I use the following on my main site:

# handler for phpsuexec. -- this makes these prefixes considered for php

 SetHandler application/x-httpd-php


And it works for me without the PHP version reduction.

What do you say?

And thanks...

Cheers,

tedd



On Jul 7, 2013, at 4:10 PM, Simon J Welsh  wrote:

> On 8/07/2013, at 8:06, Tedd Sperling  wrote:
> 
>> Hi gang:
>> 
>> I have a client who has an account with GoDaddy (I know).
>> 
>> GoDaddy says they have PHP v 5.3 installed on the client's account, but 
>> phpinfo() says different, namely it reports 5.2.17.
>> 
>> After calling GoDaddy, they said the client has an htaccess file that makes 
>> everything 5.2 instead of 5.3.
>> 
>> Now, I'm not an expert on these things and the reason why I am asking here, 
>> but here are the two htaccess files I find at root level:
>> 
>> 1. Named: .htaccess.bak_hosting_company_Apache24_compatibility_fix
>> 
>> Options +ExecCGI
>> AddType application/x-httpd-php .php .htm .html
>> AddHandler x-httpd-php5-cgi .php .htm .html
>> # AddHandler php5-script .php .html
>> # AddHandler x-httpd-php5 .php .html
>> ErrorDocument 404 /404.html
>> ErrorDocument 403 /403.html
>> 
>> AND
>> 
>> 2. Named: .htacess
>> 
>> # The below FilesMatch stanza was added by your
>> #  hosting provider on 2013-06-27 11:05:33
>> #  to resolve a potential Apache 2.4
>> #  compatibility issue with your custom AddHandler(s)
>> #  for PHP.  If you feel this was in error, please
>> #  contact support and we will work to resolve the
>> #  issue.  Thanks!
>> 
>> Options +ExecCGI
>> 
>> 
>> Options +ExecCGI
>> AddType application/x-httpd-php .php .htm .html
>> AddHandler x-httpd-php5-cgi .php .htm .html
>> 
>> 
>> Does anyone see a problem here?
>> 
>> OR -- a way to get PHP to version 5.3?
>> 
>> Cheers,
>> 
>> tedd
> 
> I don’t use GoDaddy, so this may not be entirely accurate.
> 
> I’m guessing that it’s these two lines in .htaccess:
> AddType application/x-httpd-php .php .htm .html
> AddHandler x-httpd-php5-cgi .php .htm .html
> They’re changing the handler from PHP files from the default ones to 
> x-httpd-php5-cgi, which would cause PHP 5.2 to be used instead. Try 
> commenting out these two lines.
> 
> ---
> Simon Welsh
> Admin of http://simon.geek.nz/
> 
> 
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] htaccess

[Simon J Welsh]

On 8/07/2013, at 8:06, Tedd Sperling  wrote:

> Hi gang:
> 
> I have a client who has an account with GoDaddy (I know).
> 
> GoDaddy says they have PHP v 5.3 installed on the client's account, but 
> phpinfo() says different, namely it reports 5.2.17.
> 
> After calling GoDaddy, they said the client has an htaccess file that makes 
> everything 5.2 instead of 5.3.
> 
> Now, I'm not an expert on these things and the reason why I am asking here, 
> but here are the two htaccess files I find at root level:
> 
> 1. Named: .htaccess.bak_hosting_company_Apache24_compatibility_fix
> 
> Options +ExecCGI
> AddType application/x-httpd-php .php .htm .html
> AddHandler x-httpd-php5-cgi .php .htm .html
> # AddHandler php5-script .php .html
> # AddHandler x-httpd-php5 .php .html
> ErrorDocument 404 /404.html
> ErrorDocument 403 /403.html
> 
> AND
> 
> 2. Named: .htacess
> 
> # The below FilesMatch stanza was added by your
> #  hosting provider on 2013-06-27 11:05:33
> #  to resolve a potential Apache 2.4
> #  compatibility issue with your custom AddHandler(s)
> #  for PHP.  If you feel this was in error, please
> #  contact support and we will work to resolve the
> #  issue.  Thanks!
> 
>  Options +ExecCGI
> 
> 
> Options +ExecCGI
> AddType application/x-httpd-php .php .htm .html
> AddHandler x-httpd-php5-cgi .php .htm .html
> 
> 
> Does anyone see a problem here?
> 
> OR -- a way to get PHP to version 5.3?
> 
> Cheers,
> 
> tedd

I don’t use GoDaddy, so this may not be entirely accurate.

I’m guessing that it’s these two lines in .htaccess:
AddType application/x-httpd-php .php .htm .html
AddHandler x-httpd-php5-cgi .php .htm .html
They’re changing the handler from PHP files from the default ones to 
x-httpd-php5-cgi, which would cause PHP 5.2 to be used instead. Try commenting 
out these two lines.

---
Simon Welsh
Admin of http://simon.geek.nz/


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] htaccess to make html act as php suffixed files

[Rodrigo Silva dos Santos]

Em Ter 11 Jun 2013 15:08:59 BRT, Matijn Woudt escreveu:

On Tue, Jun 11, 2013 at 7:17 PM, Stuart Dallas  wrote:


On 11 Jun 2013, at 18:16, Tedd Sperling  wrote:


Hi gang:

To get html pages to use php scripts, I've used:

RewriteEngine on
# handler for phpsuexec. -- this makes these prefixes considered for php

SetHandler application/x-httpd-php


In a .htaccess file.

However, it works on one site, but not on another -- any ideas as to why?


At a rough guess there's an AllowOverride line in the main Apache config
that's restricting what you can do in the .htaccess file.



Or the .htaccess usage is not enabled at all in that site.



ALSO, you have to be sure this site is using apache. Otherwise, 
.htaccess are not available.


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] htaccess to make html act as php suffixed files

[Matijn Woudt]

On Tue, Jun 11, 2013 at 7:17 PM, Stuart Dallas  wrote:

> On 11 Jun 2013, at 18:16, Tedd Sperling  wrote:
>
> > Hi gang:
> >
> > To get html pages to use php scripts, I've used:
> >
> > RewriteEngine on
> > # handler for phpsuexec. -- this makes these prefixes considered for php
> > 
> > SetHandler application/x-httpd-php
> > 
> >
> > In a .htaccess file.
> >
> > However, it works on one site, but not on another -- any ideas as to why?
>
> At a rough guess there's an AllowOverride line in the main Apache config
> that's restricting what you can do in the .htaccess file.


Or the .htaccess usage is not enabled at all in that site.

Re: [PHP] htaccess to make html act as php suffixed files

[Stuart Dallas]

On 11 Jun 2013, at 18:16, Tedd Sperling  wrote:

> Hi gang:
> 
> To get html pages to use php scripts, I've used:
> 
> RewriteEngine on
> # handler for phpsuexec. -- this makes these prefixes considered for php
> 
> SetHandler application/x-httpd-php
> 
> 
> In a .htaccess file.
> 
> However, it works on one site, but not on another -- any ideas as to why?

At a rough guess there's an AllowOverride line in the main Apache config that's 
restricting what you can do in the .htaccess file.

-Stuart

-- 
Stuart Dallas
3ft9 Ltd
http://3ft9.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] .htaccess and user file/folder access outside public_html

[Camilo Sperberg]

On May 25, 2013, at 13:38, Rafnews  wrote:

> Hi,
> 
> i'm facing a problem and i don't know where to start and in fact, how to do 
> it.
> 
> Situation:
> Users of my website should be able to save their resume files + cover letters 
> on my webserver.
> 
> problem:
> how to make their file SECURED from any hack ? I mean only file owner and web 
> administrator (so in this case... myself) should have access to those files.
> never user B should be able to access, read or download files of user A.
> 
> my guess:
> i was thinking to store files outside public_html folder, in the following 
> way:
> 
> /resumes/user A/resume A
> /resumes/user A/cover letter A
> 
> /resumes/user B/resume B - US
> /resumes/user B/resume B - ES
> /resumes/user B/cover letter B
> 
> Questions:
> 1. how can i allow user to have access to folder/files outside public_html ?
> 2. how can i secure that user A has access to his own files ONLY ?
> 
> i searched on internet for some help but i did not find anything really 
> revelent...only theory and no really in details.
> 
> I need your help.
> thx.
> 
> 
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 


You will have to make a few scripts that check whether User A is logged in or 
not, read the files with PHP, change the default headers and print the output, 
which should be the exact same document. A quick example would be:

http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] htaccess question

[Daniel Brown]

On Tue, Apr 9, 2013 at 2:07 PM, Al  wrote:
> I know it's not a php question, but I can't readily find the answer
> elsewhere.
>
> I want to make this directive universal. Put htaccess file on any host in
> any folder.
>
> This works
> RewriteEngine On
>
> RewriteCond %{SERVER_PORT} !=443
>
> RewriteRule ^(.*)$ https://www.foo.org/bar/$1 [R=301,L]  #Here the foo.org
> and /bar must be specified
>
> I want what is in effect
>
> RewriteRule ^(.*)$ https://{host_name}/{directory}/$1 [R=301,L]
>
> I can easily do this with php regex capturing the (host and dir) and then
> rewriting the text string; but the Apache directives are not obvious.

You were on the right track:

RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]


--

Network Infrastructure Manager
http://www.php.net/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] htaccess question

[Alex Nikitin]

On Mon, May 23, 2011 at 11:52 AM, Al  wrote:

> How can I prevent access to all files in a directory except one with an
> htaccess file.
>
> I've tried several approaches found with Googling; but, none seem to work.
>
> e.g.,
> 
> Order Allow,Deny
> Deny from all
> 
>
> This seems to me as it should deny to all except makeScodeImg.php
>
> Thanks
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Also don't forget to enable override on the directory, otherwise .htaccess
wont be read at all...

http://httpd.apache.org/docs/2.0/mod/core.html

--
The trouble with programmers is that you can never tell what a programmer is
doing until it’s too late.  ~Seymour Cray

RE: [PHP] htaccess question

[admin]

First turn your ReWriteEngine On. 
This can be done in the particular folder to allow them access to only the
one file.
You need to understand the conditions of mod_rewrite read below.

http://httpd.apache.org/docs/1.3/mod/mod_rewrite.html

OR 

you can just use the http://cooletips.de/htaccess/ from Germany.

It will take you through step by step in creating an htaccess.
I might suggest you do not use the password options because that to me is
not safe to use someone else's website when creating htaccess screen names
and passwords.







Richard L. Buskirk


-Original Message-
From: Al [mailto:n...@ridersite.org] 
Sent: Monday, May 23, 2011 11:53 AM
To: php-general@lists.php.net
Subject: [PHP] htaccess question

How can I prevent access to all files in a directory except one with an
htaccess 
file.

I've tried several approaches found with Googling; but, none seem to work.

e.g.,

Order Allow,Deny
Deny from all


This seems to me as it should deny to all except makeScodeImg.php

Thanks


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] htaccess question

[J DeBord]

On Fri, Sep 11, 2009 at 4:46 PM, tedd  wrote:

> Hi gang:
>
> Is there a way I can use a htaccess directive to require a php script to be
> "included" within each file contained within that directory?
>
> For example, let's say I have a directory with 100 scripts in it, but I
> want each script within that directory to pass through an authorization
> script before executing.
>
> The hard way is for me to go through each of the 100 scripts and add the
> statement "require(auth.php)", but I don't want to do that (I'm too lazy and
> beside there is too great of a chance of an error). So, is there a way for
> me to circumvent this problem by using a htaccess directive?
>
> Now, I know that I can use htaccess to require basic authorization, like
> so:
>
> AuthType Basic
> AuthName "admin"
> AuthUserFile /home/httpd/vhosts/mydomain.com/.htpass
> require valid-user
>
> But I don't want a file containing user ids and encrypted passwords in the
> file system. Instead, I want to move the user ids and passwords into the
> database and out of the file system. I can do this with an authorization
> script, but I don't want to alter 100 scripts to do it.
>
> Here is a link to the manual.

http://www.php.net/manual/en/ini.core.php#ini.auto-prepend-file

*PHP_INI_PERDIR* Entry can be set in php.ini, .htaccess or httpd.conf

Opinions and suggestions welcomed.
>
> Thanks,
>
> tedd
> --
> ---
> http://sperling.com  http://ancientstones.com  http://earthstones.com
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Re: [PHP] htaccess question

[Sudheer Satyanarayana]

Is there a way I can use a htaccess directive to require a php script 
to be "included" within each file contained within that directory?


For example, let's say I have a directory with 100 scripts in it, but 
I want each script within that directory to pass through an 
authorization script before executing.


The hard way is for me to go through each of the 100 scripts and add 
the statement "require(auth.php)", but I don't want to do that (I'm 
too lazy and beside there is too great of a chance of an error). So, 
is there a way for me to circumvent this problem by using a htaccess 
directive?
I don't think it is possible to include a particular script for every 
request without using include or require statements.


You can solve this problem by routing all the request to one file, say 
index.php and then manipulate the flow from there.



--

With warm regards,
Sudheer. S
Business: http://binaryvibes.co.in, Tech stuff: http://techchorus.net, 
Personal: http://sudheer.net


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] .htaccess - change index.php to index.abc

[Richard Lynch]

On Tue, June 6, 2006 3:38 pm, Jochem Maas wrote:
> no warranty is available - I happily lose days trying to get
> RewriteRules
> running and tuned :-P chances are it requires tweaking to get working.

Which is one of the reasons I abandoned mod_rewrite as a solution for
URL-munging.

MUCH easier to use .htaccess and Files/ForceType to get what I want to
be PHP, and then to access $_SERVER['PATH_INFO'] to get the
URL-parameters.

-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] .htaccess - change index.php to index.abc

[Jochem Maas]

Joe Wollard wrote:
> If you don't want to change the names of the files themselve from .php to
> .abc then you'd need to use something like mod_rewrite for apache's HTTPD.
> I'm not entirely certain as to how you'd do this, but I've included what I
> normally use to hide index.php in the url. If possible I'd put this in
> httpd.conf instead of .htaccess - there are performance concerns that
> may be
> involved there. Anyway, I hope this gets you started or sparks an idea from
> another list member.
> 
> 
>  RewriteEngine on
>  RewriteBase /
> 
>  RewriteCond %{REQUEST_FILENAME} !-f
>  RewriteCond %{REQUEST_FILENAME} !-d

off the top of my head, the following rule would
translate 'afilenamestub.foo' (where 'foo' can be any extension,
and 'afilenamestub' can contain dots) to 'afilenamestub.php':

RewriteRule ^(.*)\.[^.]*$ $1.php [L,QSA]

combined with the RewriteConds given above (to only rewrite
when a file doesn't exist and/or isn't a dir)

no warranty is available - I happily lose days trying to get RewriteRules
running and tuned :-P chances are it requires tweaking to get working.

>  RewriteRule ^(.*)$ index.php/$1 [L,QSA]
> 

..

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] .htaccess - change index.php to index.abc

[Richard Lynch]

On Sat, June 3, 2006 6:47 pm, Labunski wrote:
> What should I change in .htaccess, so that visitors will see index.abc
> instead of index.php.
> I just wanna hide file's extension.

Assuming you use PHP as Module and not CGI:


  ForceType application/x-httpd-php


-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] .htaccess - change index.php to index.abc

[Joe Wollard]

If you don't want to change the names of the files themselve from .php to
.abc then you'd need to use something like mod_rewrite for apache's HTTPD.
I'm not entirely certain as to how you'd do this, but I've included what I
normally use to hide index.php in the url. If possible I'd put this in
httpd.conf instead of .htaccess - there are performance concerns that may be
involved there. Anyway, I hope this gets you started or sparks an idea from
another list member.


 RewriteEngine on
 RewriteBase /

 RewriteCond %{REQUEST_FILENAME} !-f
 RewriteCond %{REQUEST_FILENAME} !-d
 RewriteRule ^(.*)$ index.php/$1 [L,QSA]




On 6/3/06, Labunski <[EMAIL PROTECTED]> wrote:


Hello,

What should I change in .htaccess, so that visitors will see index.abc
instead of index.php.
I just wanna hide file's extension.

Thanks

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] htaccess file

[Jochem Maas]

Greg Donald wrote:
On 4/21/05, Pieter du Toit <[EMAIL PROTECTED]> wrote:
Is there any way that i can see if using htaccess file is enabled on server
without contacting my isp.
I created a htaccess file and ftp'd it to the server with the
register_globals flag set to 0:
php_admin_flag register_globals 0

php_flag register_globals Off
is what I've always used.
On/Off and 0/1 are interchangeable in this context.

but what really got me was the line:
php_flag engine off
that pretty much take away any doubt that this might have been a php related 
question :-)
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] htaccess file

[Greg Donald]

On 4/21/05, Pieter du Toit <[EMAIL PROTECTED]> wrote:
> Is there any way that i can see if using htaccess file is enabled on server
> without contacting my isp.
> 
> I created a htaccess file and ftp'd it to the server with the
> register_globals flag set to 0:
> 
> php_admin_flag register_globals 0

php_flag register_globals Off

is what I've always used.


-- 
Greg Donald
Zend Certified Engineer
http://destiney.com/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] htaccess file

[Chris]

Well, if the htaccess file caused an internal server error (500) then 
yes, it's reading it.

This isn't an apache list, you probably want to ask this question 
somewhere else...

That being said...
Are you missing an 'e' in the AllowOverride line near the bottom?

Pieter du Toit wrote:
Is there any way that i can see if using htaccess file is enabled on server 
without contacting my isp.

I created a htaccess file and ftp'd it to the server with the 
register_globals flag set to 0:

this is the htaccess code
# -FrontPage-
IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*

order deny,allow
deny from all
allow from all


order deny,allow
deny from all

AuthUserFile /home/predicta/public_html/_vti_pvt/service.pwd
AuthGroupFile /home/predicta/public_html/_vti_pvt/service.grp
php_flag engine off
AllowOverrid ALL
php_admin_flag register_globals 0
and this is what happens
Internal Server Error
The server encountered an internal error or misconfiguration and was unable 
to complete your request.
Please contact the server administrator, [EMAIL PROTECTED] and 
inform them of the time the error occurred, and anything you might have done 
that may have caused the error.

More information about this error may be available in the server error log.
Additionally, a 500 Internal Server Error error was encountered while trying 
to use an ErrorDocument to handle the request.


Apache/1.3.33 Server at www.predictabid.com Port 80
I suppose this means that htaccess use is not enabled?
If this is the case, what else can i use to set register_globals to on?
 

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] .htaccess

[Martin Mandl]

and try php_value instead of php flag:
php_value session.cookie_lifetime 14400
Martin Mandl wrote:
4 hours = 60 * 60 * 4 = 14400
Mario de Frutos Dieguez wrote:
pete M escribió:
I'm trying to figure out out to put a directive in .htaccess to make 
the session timeout in 4 hours ..

tried
php_flag session.cookie_lifetime 240
and a few others
can someone help !
tia
Try ini_set("session.gc_maxlifetime","2400");
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] .htaccess

[Martin Mandl]

4 hours = 60 * 60 * 4 = 14400
Mario de Frutos Dieguez wrote:
pete M escribió:
I'm trying to figure out out to put a directive in .htaccess to make 
the session timeout in 4 hours ..

tried
php_flag session.cookie_lifetime 240
and a few others
can someone help !
tia
Try ini_set("session.gc_maxlifetime","2400");
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] .htaccess

[Mario de Frutos Dieguez]

pete M escribió:
I'm trying to figure out out to put a directive in .htaccess to make 
the session timeout in 4 hours ..

tried
php_flag session.cookie_lifetime 240
and a few others
can someone help !
tia
Try ini_set("session.gc_maxlifetime","2400");
--
Mario de Frutos Dieguez
División de Ingeniería del Software
y Comunicaciones  

CARTIF -Parque Tecnológico Boecillo
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] .htaccess config

[Jochem Maas]

Philip Hallstrom wrote:
allow_url_fopen can only be set in php.ini.  See here for more info:
scope of ini settings (from the manual)...
ConstantValue   Meaning
PHP_INI_USER1   Entry can be set in user scripts or in Windows registry
PHP_INI_PERDIR  2   Entry can be set in php.ini, .htaccess or httpd.conf
PHP_INI_SYSTEM  4   Entry can be set in php.ini or httpd.conf
PHP_INI_ALL 7   Entry can be set anywhere
allow_url_fopen is PHP_INI_SYSTEM.
note that it can also be passed as an arg to the CLI e.g (-d flag):
/usr/bin/php -dallow_url_fopen=1 ./getmyremotefile.php
http://us2.php.net/manual/en/ref.filesystem.php#ini.allow-url-fopen

On Thu, 31 Mar 2005, Neo Theone wrote:
Hi
I got a simple problem:
I need to have allow_url_fopen on for a certain directory and so I 
wanted to control it by .htaccess file.
now I can control other php_flags like register_globals in this 
directory (so apache allows the Override) but I just simple can't get 
the following line to work:
php_flag allow_url_fopen on

any help is appreciated
neo
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] .htaccess config

[Philip Hallstrom]

allow_url_fopen can only be set in php.ini.  See here for more info:
http://us2.php.net/manual/en/ref.filesystem.php#ini.allow-url-fopen

On Thu, 31 Mar 2005, Neo Theone wrote:
Hi
I got a simple problem:
I need to have allow_url_fopen on for a certain directory and so I wanted to 
control it by .htaccess file.
now I can control other php_flags like register_globals in this directory (so 
apache allows the Override) but I just simple can't get the following line to 
work:
php_flag allow_url_fopen on

any help is appreciated
neo
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] .htaccess and .htpasswd

[Afan Pasalic]

Thanks but problem is already solved
:)
-afan
Mulley, Nikhil wrote:
Can I know the platform on which you are running apache.
-Original Message-
From: Matthew Sims [mailto:[EMAIL PROTECTED]
Sent: Thursday, October 14, 2004 1:57 AM
To: [EMAIL PROTECTED]
Subject: Re: [PHP] .htaccess and .htpasswd

# .htaccess
AuthType Basic
AuthName "Restricted Area"
AuthUserFile "/www/html/path/to/file/admin/.htpasswd"
require valid-user
# .htpasswd
Admin:ChqaxtiTH1e0E
Both files are in same directory.
Why it doesn't work?
Can I use as AuthUserFile ".htpasswd" since they are in the same
directory?
I know its not smart but let's get this working and I'll move .htpasswd
later to "upper level" :)

-afan

Dude...do you know what mailing list you're on?
http://httpd.apache.org/lists.html
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] .htaccess and .htpasswd

[Mulley, Nikhil]

Can I know the platform on which you are running apache.

-Original Message-
From: Matthew Sims [mailto:[EMAIL PROTECTED]
Sent: Thursday, October 14, 2004 1:57 AM
To: [EMAIL PROTECTED]
Subject: Re: [PHP] .htaccess and .htpasswd


> # .htaccess
> AuthType Basic
> AuthName "Restricted Area"
> AuthUserFile "/www/html/path/to/file/admin/.htpasswd"
> require valid-user
>
> # .htpasswd
> Admin:ChqaxtiTH1e0E
>
> Both files are in same directory.
>
> Why it doesn't work?
>
> Can I use as AuthUserFile ".htpasswd" since they are in the same
> directory?
>
> I know its not smart but let's get this working and I'll move .htpasswd
> later to "upper level" :)
>
>
>
> -afan


Dude...do you know what mailing list you're on?

http://httpd.apache.org/lists.html

-- 
--Matthew Sims
--<http://killermookie.org>

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] .htaccess and .htpasswd

[Afan Pasalic]

Yes, I sent it on wrong place.
:)
Sorry.
-afan

Matthew Sims wrote:
# .htaccess
AuthType Basic
AuthName "Restricted Area"
AuthUserFile "/www/html/path/to/file/admin/.htpasswd"
require valid-user
# .htpasswd
Admin:ChqaxtiTH1e0E
Both files are in same directory.
Why it doesn't work?
Can I use as AuthUserFile ".htpasswd" since they are in the same
directory?
I know its not smart but let's get this working and I'll move .htpasswd
later to "upper level" :)

-afan

Dude...do you know what mailing list you're on?
http://httpd.apache.org/lists.html
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] .htaccess and .htpasswd

[John Nichel]

Afan Pasalic wrote:
# .htaccess
AuthType Basic
AuthName "Restricted Area"
AuthUserFile "/www/html/path/to/file/admin/.htpasswd"
require valid-user
# .htpasswd
Admin:ChqaxtiTH1e0E
Both files are in same directory.
Why it doesn't work?
Can I use as AuthUserFile ".htpasswd" since they are in the same directory?
I know its not smart but let's get this working and I'll move .htpasswd 
later to "upper level" :)
Did my filter throw an Apache mailing list email into my php folder?
--
John C. Nichel
ÜberGeek
KegWorks.com
716.856.9675
[EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] .htaccess and .htpasswd

[Afan Pasalic]

Oops!
Sorry guy, sent to wrong place!
I apology.
:)
-afan
Matt M. wrote:
try an apache mailing list.
.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] .htaccess and .htpasswd

[Matt M.]

try an apache mailing list.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] .htaccess and .htpasswd

[Matthew Sims]

> # .htaccess
> AuthType Basic
> AuthName "Restricted Area"
> AuthUserFile "/www/html/path/to/file/admin/.htpasswd"
> require valid-user
>
> # .htpasswd
> Admin:ChqaxtiTH1e0E
>
> Both files are in same directory.
>
> Why it doesn't work?
>
> Can I use as AuthUserFile ".htpasswd" since they are in the same
> directory?
>
> I know its not smart but let's get this working and I'll move .htpasswd
> later to "upper level" :)
>
>
>
> -afan


Dude...do you know what mailing list you're on?

http://httpd.apache.org/lists.html

-- 
--Matthew Sims
--

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] .htaccess

[John Nichel]

Václav Slováček wrote:
hi,
i would like to ask what happens when a user is downloading a large 
file  from apache server and i modify the .htaccess file affecting the 
folder  where is the file beeing downloaded by the user. For example i 
rewrite the  list of ips allowed to access the file/folder and i remove 
the user's ip.  Will the tranfer be interrupted or not? Is there any 
other way how to  interupt the transfer? Thank you for help.

http://httpd.apache.org/lists.html
--
John C. Nichel
ÜberGeek
KegWorks.com
716.856.9675
[EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] .htaccess

[Jay Blanchard]

[snip]
i would like to ask what happens when a user is downloading a large file  
 from apache server and i modify the .htaccess file affecting the folder  
where is the file beeing downloaded by the user. For example i rewrite the  
list of ips allowed to access the file/folder and i remove the user's ip.  
Will the tranfer be interrupted or not? Is there any other way how to  
interupt the transfer? Thank you for help.
[/snip]

a. It shouldn't interrupt the connection as the connection does not need to be 
re-established during the download process.
2. This is an excellent question for an Apache mailing list.
III. Please do not send things twice.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] .htaccess file

[raditha dissanayake]

Václav Slováček wrote:
When my web is hosted, there is no other way how to solve it? I 
realized  that I can't see the file in my ftp client, so I cant't 
change the  permissions. Of course, I can't use chmod() to change the 
permissions when  I'm not allowed to write into the file. So the only 
solution is to contact  admin?
ftp clients usually have a special configuration setting that will allow 
you to view such 'hidden' files.

Dne Mon, 5 Jul 2004 17:40:55 +0800 napsal/-a Jason Wong  
<[EMAIL PROTECTED]> příspěvek následujícího znění::

On Monday 05 July 2004 16:58, Václav Slováček wrote:
I have a problem, but maybe it's more about Apache than about PHP. 
I  need
to access a Apache .htaccess file from PHP and modify it, but I 
always  get
"access denied" error. Could you help me, with solving this problem?

"access denied" most likely means you don't have permission to  
read/write it.
If you're running your own server, change the permissions accordingly,
otherwise explain to your server admin why you want to change the  
.htaccess
file(s).



--
Raditha Dissanayake.
-
http://www.raditha.com/megaupload/upload.php
Sneak past the PHP file upload limits.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] .htaccess file

[Jason Wong]

On Monday 05 July 2004 18:13, Václav Slováček wrote:

> So the only solution is to contact admin?

Yes.

-- 
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
--
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-general
--
/*
86. What do you mean that wasn't a copy?

--Top 100 things you don't want the sysadmin to say
*/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] .htaccess file

[Václav Slováček]

When my web is hosted, there is no other way how to solve it? I realized  
that I can't see the file in my ftp client, so I cant't change the  
permissions. Of course, I can't use chmod() to change the permissions when  
I'm not allowed to write into the file. So the only solution is to contact  
admin?

Dne Mon, 5 Jul 2004 17:40:55 +0800 napsal/-a Jason Wong  
<[EMAIL PROTECTED]> příspěvek následujícího znění::

On Monday 05 July 2004 16:58, Václav Slováček wrote:
I have a problem, but maybe it's more about Apache than about PHP. I  
need
to access a Apache .htaccess file from PHP and modify it, but I always  
get
"access denied" error. Could you help me, with solving this problem?
"access denied" most likely means you don't have permission to  
read/write it.
If you're running your own server, change the permissions accordingly,
otherwise explain to your server admin why you want to change the  
.htaccess
file(s).

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] .htaccess file

[Gerben]

You will have to chmod these .htaccess files


"John" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
what are the files permissons?
of these are set wrong it could cause your problem

On Mon, 05 Jul 2004 10:58:54 +0200, Václav Slovácek <[EMAIL PROTECTED]> wrote:
> Hi all,
>
> I have a problem, but maybe it's more about Apache than about PHP. I need
> to access a Apache .htaccess file from PHP and modify it, but I always get
> "access denied" error. Could you help me, with solving this problem?
> Thank you.
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>


--
John
[EMAIL PROTECTED]
http://www.whp.co.uk

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] .htaccess file

[John]

what are the files permissons?
of these are set wrong it could cause your problem

On Mon, 05 Jul 2004 10:58:54 +0200, VÃclav SlovÃÄek <[EMAIL PROTECTED]> wrote:
> Hi all,
> 
> I have a problem, but maybe it's more about Apache than about PHP. I need
> to access a Apache .htaccess file from PHP and modify it, but I always get
> "access denied" error. Could you help me, with solving this problem?
> Thank you.
> 
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 
> 


-- 
John 
[EMAIL PROTECTED]
http://www.whp.co.uk

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] .htaccess file

[zareef ahmed]

--- Václav Slováèek <[EMAIL PROTECTED]> wrote:
> Hi all,
> 
> I have a problem, but maybe it's more about Apache
> than about PHP. I need  
> to access a Apache .htaccess file from PHP and
> modify it, but I always get  
> "access denied" error. Could you help me, with
> solving this problem?

Please check if you ( the user which runs apache,
usually named 'nobody') has permissions to write.

You may(should)  change the permissions of the file to
modify it.

zareef ahmed
 

> Thank you.
> 
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 
> 


=
Zareef Ahmed :: A PHP Developer in Delhi(India).
Homepage :: http://www.zasaifi.com



__
Do you Yahoo!?
Yahoo! Mail Address AutoComplete - You start. We finish.
http://promotions.yahoo.com/new_mail 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] .htaccess file

[Jason Wong]

On Monday 05 July 2004 16:58, Václav Slováček wrote:

> I have a problem, but maybe it's more about Apache than about PHP. I need
> to access a Apache .htaccess file from PHP and modify it, but I always get
> "access denied" error. Could you help me, with solving this problem?

"access denied" most likely means you don't have permission to read/write it. 
If you're running your own server, change the permissions accordingly, 
otherwise explain to your server admin why you want to change the .htaccess 
file(s).

-- 
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
--
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-general
--
/*
Ummm, well, OK.  The network's the network, the computer's the computer.
Sorry for the confusion.
-- Sun Microsystems
*/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] .htaccess... why it is deleted by the server?!!!?

[Radwan Aladdin]

Okay.. and is the code right in the .htaccess file?

This is the code again :

AuthUserFile /pass2
AuthGroupFile /pass2
AuthName AllowLocalAccess
AuthType Basic

order deny,allow
deny from 217.164.249.134
allow from all


The directory that I want to prevent that IP from download from it is :
http://www.alaedin.com/pass2

So where must I put the .htaccess file.. and does the code working well??

Cheers..

- Original Message -
From: "Richard Davey" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, March 04, 2004 8:18 PM
Subject: Re: [PHP] .htaccess... why it is deleted by the server?!!!?


> Hello Radwan,
>
> Thursday, March 4, 2004, 4:09:07 PM, you wrote:
>
> RA> And also must I put it without name? or can I name it for example :
> RA> "test.htaccess"? or must I name it : ".htaccess" (Without name)??
>
> Usually you must name it .htaccess
>
> There is probably a way to change what it can be called, but I'm no
> Apache admin so I couldn't tell you how. I dare say it might be a
> httpd.conf setting somewhere.
>
> --
> Best regards,
>  Richard Davey
>  http://www.phpcommunity.org/wiki/296.html
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] .htaccess... why it is deleted by the server?!!!?

[Richard Davey]

Hello Radwan,

Thursday, March 4, 2004, 3:58:52 PM, you wrote:

RA> Okay now this problem is solved.. but the other problem is that in my
RA> .htaccess file :

This isn't really PHP related I'm afraid, the following might be of
more help to you:

http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=htaccess+tutorial

-- 
Best regards,
 Richard Davey
 http://www.phpcommunity.org/wiki/296.html

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] .htaccess... why it is deleted by the server?!!!?

[Richard Davey]

Hello Radwan,

Thursday, March 4, 2004, 4:09:07 PM, you wrote:

RA> And also must I put it without name? or can I name it for example :
RA> "test.htaccess"? or must I name it : ".htaccess" (Without name)??

Usually you must name it .htaccess

There is probably a way to change what it can be called, but I'm no
Apache admin so I couldn't tell you how. I dare say it might be a
httpd.conf setting somewhere.

-- 
Best regards,
 Richard Davey
 http://www.phpcommunity.org/wiki/296.html

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] .htaccess... why it is deleted by the server?!!!?

[Jay Blanchard]

[snip]
And also must I put it without name? or can I name it for example :
"test.htaccess"? or must I name it : ".htaccess" (Without name)??
[/snip]


While wonderfully fascinating in many aspects, shouldn't this be on an
Apache list somewhere? And it is .htaccess [no name]

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] .htaccess... why it is deleted by the server?!!!?

[jon roig]

It's probably is still there, just hiding. You could write a quick
little php script to check it out if you ftp client is blocking it from
being seen.

-- jon

---
jon roig
web developer
email: [EMAIL PROTECTED]
phone: 888.230.7557


-Original Message-
From: Radwan Aladdin [mailto:[EMAIL PROTECTED] 
Sent: Thursday, March 04, 2004 8:38 AM
To: [EMAIL PROTECTED]
Subject: [PHP] .htaccess... why it is deleted by the server?!!!?


Hi.. 

I made a .htaccess file. and then uploaded it to my server.. but
everytime I do it deletes it automatically.. it is hidden directly.. or
sure deleted from there.. so what is the problem! 

My hosting account is Linux, WebServer : Apache.. so what is the
problem? and how to solve it? 

Cheers..

---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.611 / Virus Database: 391 - Release Date: 3/3/2004
 

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.611 / Virus Database: 391 - Release Date: 3/3/2004
 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] .htaccess... why it is deleted by the server?!!!?

[Richard Davey]

Hello Radwan,

Thursday, March 4, 2004, 3:38:28 PM, you wrote:

RA> I made a .htaccess file. and then uploaded it to my server..
RA> but everytime I do it deletes it automatically.. it is hidden
RA> directly.. or sure deleted from there.. so what is the
RA> problem! 

Are you *sure* it is deleted? By default the fullstop (period) at the
start of the filename in Unix will HIDE it from you. If you can
SSH/Telnet into your account do: ls -al to show any hidden files in
the directory listing. If you're viewing via an FTP client, check for
Options to show "hidden" files. If you know this all already, sorry!
:)

-- 
Best regards,
 Richard Davey
 http://www.phpcommunity.org/wiki/296.html

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] htaccess

[Will's Scripts]

I just wanted to thank everyone for all your help on the list and off!! :)

~WILL~



Chris W. Parker wrote:
Will's Scripts 
on Tuesday, February 24, 2004 3:54 PM said:

I guess I need the documentation on the htpasswd function.  Sorry I am
learning.


http://www.google.com/search?q=htpasswd

there are lots of pages there. specifically this one:
http://www.webdevelopersjournal.com/articles/htpasswd.html
chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] htaccess

[Ryan C. Creasey]

Ryan C. Creasey wrote:
> In all liklihood, he's referring to apache's mod_access module.  You
> should try reading the documentation over at the apache group's website,
> as it's quite extensive.
> 
> http://httpd.apache.org/docs-2.0/mod/mod_access.html

Also, mod_auth:
http://httpd.apache.org/docs-2.0/mod/mod_auth.html

-- 
Ryan C. Creasey
Network Engineer
p11creative, inc.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] htaccess

[Ryan C. Creasey]

Chris W. Parker wrote:
> what is "the password thing"??

In all liklihood, he's referring to apache's mod_access module.  You should
try reading the documentation over at the apache group's website, as it's
quite extensive.

http://httpd.apache.org/docs-2.0/mod/mod_access.html

This question isn't really php related.

-- 
Ryan C. Creasey
Network Engineer
p11creative, inc.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] htaccess

[Luke]

Take a look at

http://wsabstract.com/howto/htaccess.shtml

its covers a bit and is easy to understand!

Luke



__
"Will'S Scripts" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
The password thing is how do you make the htpasswd file??  I did a
search on "htpasswd" and did not com up with anything.

I guess I need the documentation on the htpasswd function.  Sorry I am
learning.

~WILL~


Chris W. Parker wrote:

> Will 
> on Tuesday, February 24, 2004 2:05 PM said:
>
>
>>What is the proper way to do this and the easiest way.  I know how to
>>write a file to the server, but how do you do the password thing??
>
>
> what is "the password thing"??
>
>
>
> chris.
>

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] htaccess

[Chris W. Parker]

Will's Scripts 
on Tuesday, February 24, 2004 3:54 PM said:

> I guess I need the documentation on the htpasswd function.  Sorry I am
> learning.

http://www.google.com/search?q=htpasswd

there are lots of pages there. specifically this one:
http://www.webdevelopersjournal.com/articles/htpasswd.html


chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] htaccess

[Will's Scripts]

The password thing is how do you make the htpasswd file??  I did a 
search on "htpasswd" and did not com up with anything.

I guess I need the documentation on the htpasswd function.  Sorry I am 
learning.

~WILL~

Chris W. Parker wrote:

Will 
on Tuesday, February 24, 2004 2:05 PM said:

What is the proper way to do this and the easiest way.  I know how to
write a file to the server, but how do you do the password thing??


what is "the password thing"??



chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] htaccess

[Chris W. Parker]

Will 
on Tuesday, February 24, 2004 2:05 PM said:

> What is the proper way to do this and the easiest way.  I know how to
> write a file to the server, but how do you do the password thing??

what is "the password thing"??



chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] .htaccess problem

[Andrew Séguin]

That would be based on 'realms'.

see : http://httpd.apache.org/docs-2.0/mod/core.html#authname for more
info on how to set that.

Basicaly, most browsers cache the userid and password as long as the page
you are viewing is within the same realm (don't ask for userid and
password again).

Your solution would therefore be to define your realm as (or anything
else) "mysite's protected content" in protected_files/ and then "mysite's
protected content part one" in protected_files/one/ , "mysite's protected
content part two" in protected_files/two/ .. within your htaccess files.
As long as it's different, the browser will ask for the user name and
password again.

Hope that helps,
Andrew

> Hi,
> I dont know if this is really a PHP problem but am wondering if I can
> perhaps use php to solve this problem...
>
> I dont know if this is just a problem on my server or if you have noticed
> this too but...
>
> heres my present setup:
>
> /root/protected_files/
> /root/protected_files/one/
> /root/protected_files/two/
> /root/protected_files/three/
> /root/protected_files/four/
>
> Each of the protected folders have their own .htaccess and their own
> password file, but if some successfully comes into folder "one" they are
> not
> being asked for their login details again if they go to two,three or
> four...Why is that and anyway I can force them?
>
> Thanks,
> -Ryan
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
>

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] htaccess / php

[Ashley M. Kirchner]

Ed Lazor wrote:

What do I put in .htaccess for Apache to process a named "archive" as a PHP file?

I did it before and can't seem to find what I did.  Requests to http://myhost.com/archive/page1.php would get processed by the file named archive and page1.php would just be a parameter that I could access from within the script by checking the url and subtracting "http://myhost.com/archive/";.


  ForceType application/x-httpd-php

--
H| I haven't lost my mind; it's backed up on tape somewhere.
 +
 Ashley M. Kirchner    .   303.442.6410 x130
 IT Director / SysAdmin / WebSmith . 800.441.3873 x130
 Photo Craft Laboratories, Inc.. 3550 Arapahoe Ave. #6
 http://www.pcraft.com . .  ..   Boulder, CO 80303, U.S.A. 

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] htaccess / php

[Jason Wong]

On Tuesday 02 December 2003 14:34, Ed Lazor wrote:
> What do I put in .htaccess for Apache to process a named "archive" as a PHP
> file?
>
> I did it before and can't seem to find what I did.  Requests to
> http://myhost.com/archive/page1.php would get processed by the file named
> archive and page1.php would just be a parameter that I could access from
> within the script by checking the url and subtracting
> "http://myhost.com/archive/";.

 
ForceType application/x-httpd-php
 

-- 
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
--
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-general
--
/*
Win98 is called Win98 because it is 98% slower than Linux.
*/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] .htaccess authentification problem

[Wouter van Vliet]

Michael Hübner wrote:
> Hallo,
> 
> Hope somebody can help me.
> 
> I'm working on Linux, Apache.
> 
> On my start-site the user can log in via inserting Username
> and Password into normal formfields, which are compared with a DB.
> 
> After this login, he can change to his own user-directory
> which is .htpasswd and .htaccess protected. Thats the reson
> he has to insert his Username and Password again ;(
> 
> My Question:
> 
> Is there a way, so the user has to insert his data only once?
> 
> I've also tried it by doing a authentification like this first:
> 
>if (!isset($_SERVER['PHP_AUTH_USER'])) {
>Header("WWW-Authenticate: Basic realm=\"My Realm\"");
>Header("HTTP/1.0 401 Unauthorized");
>echo "Text to send if user hits Cancel button\n";exit;
> } else {
> echo "Hello {$_SERVER['PHP_AUTH_USER']}";
> echo "You entered {$_SERVER['PHP_AUTH_PW']} as your
>   password."; }
>> 
> 
> but it doesn't work for me, because when switching to the
> userdirs, the .htaccess authentification window pops up again
> (it is the same pwd and uid in the DB and the .htpasswd) ;(
> 
> Thank you in advance,
> 
> Michael

Please, please .. somebody come up with a solution to this and this kind of
problems that as been bugging (I think) every php
developer/scripter/programmer (however you call yourself) that has to deal
with security. Eventually I found myself doing the entire security procedure
in auto_prepend'ed files. But this only blocks access to php files. Isn't
there like some apache module mod_auth_php, just like there is
mod_auth_mysql and others?

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] .htaccess question protect my php test environment

[John Nichel]

Frank Tudor wrote:
John,

Sorry I did use htpasswd...

Override?

Do you have a snip from a config file that I can look at?

I don't mind editing the httpd.conf manually.

Frank
This controls which options the .htaccess files in directories can 
override. Can also be "All", or any combination of "Options", 
"FileInfo", "AuthConfig", and "Limit"


AllowOverride All

--
By-Tor.com
It's all about the Rush
http://www.by-tor.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] .htaccess question protect my php test environment

[John Nichel]

Frank Tudor wrote:
I have to apologies about this posting in advance so please
don't flame me too bad for being off topic.
Question:

I want to create an .htaccess file to protect my files

I did the passwrd -c /directory/file frank
The above is wrong, the below is right

htpasswd -c /path/to/file username

the set a password and then confirmed the password

I created a .htaccess file with vi and put this in it.

  AuthName "restricted stuff"
  AuthType Basic
  AuthUserFile /var/password/frank
  require valid-user

then in the redhat http server utitily under server settings

I went tot he virtual directory section and created a new
virtual dir called virtual 0 and check marked the box at the
bottom for .htaccess protection. 

I restart the server and then go to another computer and put in
the URL and no password box comes up.
:(
Make sure you are allowing enough override for .htaccess to work.  Can't 
help with the GUI...never used one.

--
By-Tor.com
It's all about the Rush
http://www.by-tor.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] .htaccess question protect my php test environment

[Raditha Dissanayake]

Hi,
It's htpasswd and not passwd. As many others on this group i don't use 
the redhat config system it's lame. You will be better off editing 
httpd.conf and adding an AllowOverrides directive.

best regards

Frank Tudor wrote:

I have to apologies about this posting in advance so please
don't flame me too bad for being off topic.
Question:

I want to create an .htaccess file to protect my files

I did the passwrd -c /directory/file frank

the set a password and then confirmed the password

I created a .htaccess file with vi and put this in it.

 AuthName "restricted stuff"
 AuthType Basic
 AuthUserFile /var/password/frank
 require valid-user

then in the redhat http server utitily under server settings

I went tot he virtual directory section and created a new
virtual dir called virtual 0 and check marked the box at the
bottom for .htaccess protection. 

I restart the server and then go to another computer and put in
the URL and no password box comes up.
:(





__
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search
http://shopping.yahoo.com
 



--
Raditha Dissanayake.

http://www.radinks.com/sftp/  |  http://www.raditha/megaupload/
Lean and mean Secure FTP applet with  |  Mega Upload - PHP file uploader
Graphical User Inteface. Just 150 KB  |  with progress bar.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] .htaccess - Still asking for login information although already sent through address bar

[Jason Wong]

On Tuesday 07 October 2003 03:44, PHP Webmaster wrote:

[snip]

>  $redirect_url = "https://"; . $username . ":" . $password . "@" . $domain .
> ":2083/frontend/x/index.html";
>  header("Location: $redirect_url");

The code looks OK. FWIW I've tried something like:

http://someone:[EMAIL PROTECTED]/");
?>

and it works for me.

-- 
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
--
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-general
--
/*
I'm having a tax-deductible experience!  I need an energy crunch!!
*/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] .htaccess - Still asking for login information although already sent through address bar

[PHP Webmaster]

"Jason Wong" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> On Tuesday 07 October 2003 00:32, PHP Webmaster wrote:
>
> > If I use my login form, the login box pops up only once. If I copy the
text
> > from the address bar (generated by the form) and paste it into the
address
> > bar (after restarting the browser) the logon box does not appear.
>
> Perhaps you could show some code?
>
> --
> Jason Wong -> Gremlins Associates -> www.gremlins.biz
> Open Source Software Systems Integrators
> * Web Design & Hosting * Internet & Intranet Applications Development *
> --
> Search the list archives before you post
> http://marc.theaimsgroup.com/?l=php-general
> --
> /*
> A reverend wanted to telephone another reverend.  He told the operator,
> "This is a parson to parson call."
> */

Sure,

This is the code for the login form: (login_form.html)



Control Panel Login



Domain Name: 
Username: 
Password: 





This is the code for the login processor file: (login_process.php)

Error:One or more form fields have been left
blank.";
 echo "Please use your browsers' back button and fill in all form
fields.";
 exit;
 }
 else {
 $redirect_url = "https://"; . $username . ":" . $password . "@" . $domain .
":2083/frontend/x/index.html";
 header("Location: $redirect_url");
 exit;
 }
}
else {
header("Location: login_form.html");
exit;
}

?>

I know that there is no username/password validation code inside the
login_process.php file, but this is not my priority at the moment.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] .htaccess - Still asking for login information although already sent through address bar

[Jason Wong]

On Tuesday 07 October 2003 00:32, PHP Webmaster wrote:

> If I use my login form, the login box pops up only once. If I copy the text
> from the address bar (generated by the form) and paste it into the address
> bar (after restarting the browser) the logon box does not appear.

Perhaps you could show some code?

-- 
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
--
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-general
--
/*
A reverend wanted to telephone another reverend.  He told the operator,
"This is a parson to parson call."
*/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] .htaccess - Still asking for login information although already sent through address bar

[PHP Webmaster]

"Nathan Taylor" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
Does it continuously ask or just twice?  I've found a weird issue with
.htaccess where if the domain name is a mask for a subdomain host and you
try to access an .htaccess protected page it will prompt you for the
password, redirect you to the subdomain and then prompt you again.

Nathan
  - Original Message -
  From: Mika Tuupola
  To: PHP Webmaster
  Cc: [EMAIL PROTECTED]
  Sent: Monday, October 06, 2003 7:12 AM
  Subject: Re: [PHP] .htaccess - Still asking for login information although
already sent through address bar


  On Mon, 6 Oct 2003, PHP Webmaster wrote:

  > Iv'e got a .htaccess file protecting a site using HTTPS. I have tried
using
  > a form to send the login details to the site through the address bar
  > (http://user:[EMAIL PROTECTED]) but the .htaccess password protection
box

  That does not look like https. Try changing to

  https://user:[EMAIL PROTECTED]/

  --
  Mika Tuupola  http://www.appelsiini.net/~tuupola/

  --
  PHP General Mailing List (http://www.php.net/)
  To unsubscribe, visit: http://www.php.net/unsub.php

If I use my login form, the login box pops up only once. If I copy the text
from the address bar (generated by the form) and paste it into the address
bar (after restarting the browser) the logon box does not appear.

Weird eh?

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] .htaccess - Still asking for login information although already sent through address bar

[PHP Webmaster]

"Mika Tuupola" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> On Mon, 6 Oct 2003, PHP Webmaster wrote:
>
> > Iv'e got a .htaccess file protecting a site using HTTPS. I have tried
using
> > a form to send the login details to the site through the address bar
> > (http://user:[EMAIL PROTECTED]) but the .htaccess password protection
box
>
> That does not look like https. Try changing to
>
> https://user:[EMAIL PROTECTED]/
>
> --
> Mika Tuupola  http://www.appelsiini.net/~tuupola/

Oops, sorry. I meant HTTPS. I did also check again!

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] .htaccess - Still asking for login information although already sent through address bar

[Nathan Taylor]

Does it continuously ask or just twice?  I've found a weird issue with .htaccess where 
if the domain name is a mask for a subdomain host and you try to access an .htaccess 
protected page it will prompt you for the password, redirect you to the subdomain and 
then prompt you again.

Nathan 
  - Original Message - 
  From: Mika Tuupola 
  To: PHP Webmaster 
  Cc: [EMAIL PROTECTED] 
  Sent: Monday, October 06, 2003 7:12 AM
  Subject: Re: [PHP] .htaccess - Still asking for login information although already 
sent through address bar


  On Mon, 6 Oct 2003, PHP Webmaster wrote:

  > Iv'e got a .htaccess file protecting a site using HTTPS. I have tried using
  > a form to send the login details to the site through the address bar
  > (http://user:[EMAIL PROTECTED]) but the .htaccess password protection box

  That does not look like https. Try changing to

  https://user:[EMAIL PROTECTED]/

  -- 
  Mika Tuupola  http://www.appelsiini.net/~tuupola/

  -- 
  PHP General Mailing List (http://www.php.net/)
  To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] .htaccess - Still asking for login information although already sent through address bar

[Mika Tuupola]

On Mon, 6 Oct 2003, PHP Webmaster wrote:

> Iv'e got a .htaccess file protecting a site using HTTPS. I have tried using
> a form to send the login details to the site through the address bar
> (http://user:[EMAIL PROTECTED]) but the .htaccess password protection box

That does not look like https. Try changing to

https://user:[EMAIL PROTECTED]/

-- 
Mika Tuupola  http://www.appelsiini.net/~tuupola/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] .htaccess

[Simone Levy]

> Just one question, is there any way that when a person logs in via the
> htaccess popup that i can know via my php script...and can i also get
> his
> username?
 
Protect the directory you want with .htaccess
If authentication was successful, your code in index.php is executed:
if($REMOTE_USER=="bill") {echo "welcome Bill!";}
if($REMOTE_USER=="hillary") {echo "welcome Hillary!";}
 
 
> John Holmes, you really think you are being of any help writin':
> <<
> Have you read the chapter on HTTP Authentication? No. Read the very
> first paragraph:
> 
> "The HTTP Authentication hooks in PHP are only available when it is
> running as an Apache module and is hence not available in the CGI
> version. In an Apache module PHP script, it is possible to use the
> header() function to send an "Authentication Required" message to the
> client browser causing it to pop up a Username/Password input window.
> Once the user has filled in a username and a password, the URL
> containing the PHP script will be called again with the predefined
> variables PHP_AUTH_USER, PHP_AUTH_PW, and AUTH_TYPE set to the user
> name, password and authentication type respectively. These predefined
> variables are found in the $_SERVER and $HTTP_SERVER_VARS arrays. Only
> "Basic" authentication is supported. See the header() function for more
> information."
> 
> You're welcome.
> 
> ---John Holmes...
> >>


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] htaccess?

[Dean E. Weimer]

> Is it possible to determine who the htaccess user logged in is? If so,
> how?
> Can you point me at some articles?
>
> Johnny
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

$_SERVER['PHP_AUTH_USER']

-- 
Thanks,
  Dean E. Weimer
  http://www.dwiemer.org/
  [EMAIL PROTECTED]

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] .htaccess files

[Lars Torben Wilson]

On Wed, 2003-06-18 at 15:34, Steve Marquez wrote:
> Hello everyone,
> 
> Could someone point me in the direction of some info on .htaccess files?
> Could someone send me one, tell me where to put it in my
> server? I hope this is not a stupid question. I am running Apache on a Mac
> with Jaguar OSX.
> 
> Thanks for your help,
> 
> -Steve Marquez
[EMAIL PROTECTED]

Your Apache manual contains all which you wish to know. If you're not
sure where it got installed, hit http://www.apache.org and check it
out there; the documentation is at:

   http://httpd.apache.org/docs-project/


Good luck,

Torben


-- 
 Torben Wilson <[EMAIL PROTECTED]>+1.604.709.0506
 http://www.thebuttlesschaps.com  http://www.inflatableeye.com
 http://www.hybrid17.com  http://www.themainonmain.com
 - Boycott Starbucks!  http://www.haidabuckscafe.com -




-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] .htaccess files

[Mike Morton]

Nothing to do with php but:

http://search.apache.org/index.cgi?query=.htaccess&submit=Search%21&metaname
=swishdefault&sort=swishrank&sbm=httpd


On 6/18/03 6:34 PM, "Steve Marquez" <[EMAIL PROTECTED]> wrote:

> Hello everyone,
> 
> Could someone point me in the direction of some info on .htaccess files?
> Could someone send me one, tell me where to put it in my
> server? I hope this is not a stupid question. I am running Apache on a Mac
> with Jaguar OSX.
> 
> Thanks for your help,
> 
> -Steve Marquez
> [EMAIL PROTECTED]
> 

--
Cheers

Mike Morton


*
* Tel: 905-465-1263
* Email: [EMAIL PROTECTED]
*


"Indeed, it would not be an exaggeration to describe the history of the
computer industry for the past decade as a massive effort to keep up with
Apple."
- Byte Magazine

Given infinite time, 100 monkeys could type out the complete works of
Shakespeare. Win 98 source code? Eight monkeys, five minutes.
-- NullGrey 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] .htaccess files

[Brian V Bonini]

On Wed, 2003-06-18 at 18:34, Steve Marquez wrote:
> Hello everyone,
> 
> Could someone point me in the direction of some info on .htaccess files?
> Could someone send me one, tell me where to put it in my
> server? I hope this is not a stupid question. I am running Apache on a Mac
> with Jaguar OSX.
> 


In the directory you want to effect with its directives.


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] .htaccess files

[Leif K-Brooks]

Steve Marquez wrote:

Hello everyone,

Could someone point me in the direction of some info on .htaccess files?
Could someone send me one, tell me where to put it in my
server? I hope this is not a stupid question. I am running Apache on a Mac
with Jaguar OSX.
This has nothing to do with PHP.

--
The above message is encrypted with double rot13 encoding.  Any unauthorized attempt 
to decrypt it will be prosecuted to the full extent of the law.


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] .htaccess

[Jeff Harris]

On Jun 9, 2003, "John W. Holmes" claimed that:

|> Just one question, is there any way that when a person logs in via the
|> htaccess popup that i can know via my php script...and can i also get his
|> username?
|
|Have you read the chapter on HTTP Authentication? No. Read the very
|first paragraph:
|[snip]
|You're welcome.
|
|---John Holmes...

I love the brutal honesty on this list. Anywhere else in the world you
would be looked on as "evil" or "mean-spirited," but on a maling list,
you're [sometimes] older and wiser, and know how to do a search for "php
http authentication."

Jeff
-- 
Registered Linux user #304026.
"lynx -source http://jharris.rallycentral.us/jharris.asc | gpg --import"
Key fingerprint = 52FC 20BD 025A 8C13 5FC6  68C6 9CF9 46C2 B089 0FED
Responses to this message should conform to RFC 1855.



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] .htaccess

[John W. Holmes]

> Just one question, is there any way that when a person logs in via the
> htaccess popup that i can know via my php script...and can i also get
his
> username?

Have you read the chapter on HTTP Authentication? No. Read the very
first paragraph:

"The HTTP Authentication hooks in PHP are only available when it is
running as an Apache module and is hence not available in the CGI
version. In an Apache module PHP script, it is possible to use the
header() function to send an "Authentication Required" message to the
client browser causing it to pop up a Username/Password input window.
Once the user has filled in a username and a password, the URL
containing the PHP script will be called again with the predefined
variables PHP_AUTH_USER, PHP_AUTH_PW, and AUTH_TYPE set to the user
name, password and authentication type respectively. These predefined
variables are found in the $_SERVER and $HTTP_SERVER_VARS arrays. Only
"Basic" authentication is supported. See the header() function for more
information."

You're welcome.

---John Holmes...



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] htaccess writable by httpd

[John W. Holmes]

> is this a dangerous feature ?

Depends what kind of server you're on to start with. If you have a
dedicated server, then it's not as big of a deal. If you're on a shared
server, then anyone else on that server can write your .htaccess files
for you (generally).

---John W. Holmes...

PHP Architect - A monthly magazine for PHP Professionals. Get your copy
today. http://www.phparch.com/



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] .htaccess Help

[Justin French]

Get on the Apache list, not the PHP one :)

Justin

on 11/03/03 10:39 AM, Pushpinder Singh Garcha ([EMAIL PROTECTED]) wrote:

> Hello All
> 
> I need to allow users to be able to access ONLY non-html files in a
> Secret Dir.
> Can anyone suggest a .htaccess method to do just that.
> 
> I have a .htaccess script which will prevent anybody from viewing the
> contents of a Dir via http, but this time , I need to allow users to
> view the PHP Files
> 
> 
> TIA
> 
> Pushpinder Singh Garcha
> _
> Web Architect
> 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] .htaccess and mod rewrite.

[John Nichel]

.htaccess only works for the document root directory and below.  You 
could try making a symbolic link to the directory in the document root 
(I don't know if this will work).

Brendon G wrote:
I was looking over a tutorial on Php builder on making search engine
friendly sites.   While i got the concept of the tutorial and have it
working here.  I was wondering is it possible to get a php script to run out
of the home directory of apache.

tutorial: http://www.phpbuilder.com/columns/tim19990117.php3?page=1


in the tut they redirect any calls to files in /local/ to a php file in the
root of the site.

I'd like to if possible redirect it to script that's stored outside of the
home folder for apache.

Why you ask?
1.   One file to update for any number of websites.
2.   So clients don't go touching it. (i know permissions could solve this.
but the reason one is more important.)


In my .htaccess in the root of the site i have

Options +FollowSymLinks
RewriteEngine On
RewriteRule local.*$ local.php

Works fine..

but when i change it to a directory outside of the root it never gets to
process or give an error.


Any ideas?  is it possible?

Cheers

Brendon








--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] .htaccess and PHP

[Analysis & Solutions]

On Tue, Aug 13, 2002 at 12:01:24AM +0300, Smad wrote:
> 
> I am authenticating users on my website using .htaccess.
> After they log in, I want to pass the user info (for ex: a unique nr.
> identifiying the person) thruought all the pages which are affected by the
> .htaccess file

$_SERVER['PHP_AUTH_USER'] contains the user name from the Apache HTTP
authentication when PHP is running as module.

http://www.php.net/manual/en/reserved.variables.php#reserved.variables.server

--Dan

-- 
   PHP classes that make web design easier
SQL Solution  |   Layout Solution   |  Form Solution
sqlsolution.info  | layoutsolution.info |  formsolution.info
 T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
 4015 7 Av #4AJ, Brooklyn NY v: 718-854-0335 f: 718-854-0409

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] .htaccess

[Andrew Brampton]

place a phpInfo() page behind the .htaccess and you will see what varibles
php has :)
I'm pretty sure there is ones contianing the username/password that was
entered

Andrew
- Original Message -
From: "Oliver Witt" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, August 02, 2002 3:21 PM
Subject: [PHP] .htaccess


> Hi!
> Using an .htaccess file to limit access to some web files, is there a
> way to get the name and password into a variable used by a user to log
> on?
> Kind regards,
> Oliver
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] .htaccess

[Andrey Hristov]

The password that user used is available in some var
var_dump($HTTP_SERVER_VARS); or var_dump($GLOBALS);

Andrey
 
- Original Message - 
From: "Oliver Witt" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, August 02, 2002 5:21 PM
Subject: [PHP] .htaccess


> Hi!
> Using an .htaccess file to limit access to some web files, is there a
> way to get the name and password into a variable used by a user to log
> on?
> Kind regards,
> Oliver
> 
> 
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 
> 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] htaccess

[Alexander Kuznetsov]

Hello Theo,

Friday, August 02, 2002, 1:11:32 PM, you wrote:
TR> I am told that I should edit my .htaccess file because I want to include
TR> a file during the execution of a script, but apparently I do something
TR> wrong because I keep getting error messages like these:

TR> Warning: Failed opening 'header.html' for inclusion
TR> (include_path='.:/var/www/html/brokenlink/login') in
TR> /home/virtual/site161/fst/var/www/html/brokenlink/login/index.php3 on
TR> line 32

TR> There was no improvement when I added this line to the .htaccess file:
TR> php_value include_path ".:/var/www/html/brokenlink/login"

TR> Can anyone tell me what I should put in?

try to set include_path from / directory, like this

php_value include_path ".:/home/virtual/site161/fst/var/www/html/brokenlink/login"


-- 
Best regards,
Alexander Kuznetsov



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] .htaccess file

[Neil Freeman]

php_value register_globals "0"

B i g D o g wrote:
> **
> This Message Was Virus Checked With : SAVI 3.59 May 2002 
> Last Updated 8th July 2002
> **
> 
> Is it possible to set register_globals to off in the .htaccess file.  If so
> how do I do that?
> 
> 
> .: B i g D o g :.
> 
> 
> 
> 


-- 
--
  www.curvedvision.com
--


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] .htaccess file

[Nicole Lallande]

it's php_flag register_globals off -- you can either place this within 
your  tags in your httpd .conf file or in an htaccess file -- 
for more info see http://www.php.net/manual/en/configuration.php#AEN2390

best,

Nicole

Nicole Lallande wrote:

> I think it is something like - can't remember if it's an underscore or 
> dash between the 'php' and 'flag'
>
> php-flag register_globals off
>
> HTH,
>
> Nicole
>
> B i g D o g wrote:
>
>> Is it possible to set register_globals to off in the .htaccess file.  
>> If so
>> how do I do that?
>>
>>
>> .: B i g D o g :.
>>
>>
>>
>>
>

-- 

Nicole Lallande
[EMAIL PROTECTED]
760.753.6766





-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] .htaccess file

[Nicole Lallande]

I think it is something like - can't remember if it's an underscore or 
dash between the 'php' and 'flag'

php-flag register_globals off

HTH,

Nicole

B i g D o g wrote:

>Is it possible to set register_globals to off in the .htaccess file.  If so
>how do I do that?
>
>
>.: B i g D o g :.
>
>
>
>

-- 

Nicole Lallande
[EMAIL PROTECTED]
760.753.6766





-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] htaccess

[Ray Hunter]

Try checking the apache environment...however that password will not be
there...


Thank you,

RAY HUNTER



-Original Message-
From: Steve Buehler [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, June 05, 2002 3:39 PM
To: PHP
Subject: [PHP] htaccess


I have a php script in an .htaccess protected directory.  Is there a way 
that PHP could find out what login was used?

Steve


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] htaccess

[Scott Hurring]

Try creating an .htaccess protected script, and do a 
var_dump($GLOBALS) to see what vars are set, and if
any of them contain the name you logged in with.

---
Scott Hurring
Systems Programmer
EAC Corporation
[EMAIL PROTECTED]
Voice: 201-462-2149
Fax: 201-288-1515

> -Original Message-
> From: Steve Buehler [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, June 05, 2002 5:39 PM
> To: PHP
> Subject: [PHP] htaccess
> 
> 
> I have a php script in an .htaccess protected directory.  Is 
> there a way 
> that PHP could find out what login was used?
> 
> Steve
> 
> 
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: php/.htaccess/.htpasswd

[Mike Eheler]

Ahh. I didn't really consider that. Excellent idea.

Mike

On Fri, 2002-05-03 at 21:58, serj wrote:
> The way I designed the script was so that each time they want to save
> changes to their htaccess file through the script they have to enter their
> password.  So I never have to actually save the password anywhere in the
> script.
> 
> On Fri, 3 May 2002, Mike Eheler wrote:
> 
> > The problem is not in them being able to overwrite the .htaccess *and* 
> > getting your FTP password.. those are the cons for both solutions we 
> > have presented, respectfully.
> > 
> > Right now the ideal solution seems to be this:
> > 
> > save new .htaccess to a temp file
> > save new .htpasswd to a temp file
> > use PHP's FTP routines to connect to the FTP server with your 
> > username/password
> > delete existing .htaccess
> > delete existing .htpasswd
> > upload new .htaccess
> > upload new .htpasswd
> > close connection
> > 
> > The biggest problem with this is that you have your FTP password in 
> > plain text in the script that performs this. If anyone for any reason is 
> > able to take advantage of some kind of exploit that allows them to view 
> > the source of that file, you're toast. They get ahold of your FTP 
> > password and have free reign on your website.
> > 
> > I'm open to suggestions.
> > 
> > serj wrote:
> > > Being that the files are owned by their respective users, I would imagine 
> > > that would make it pretty difficult for the .htaccess file to be
> > > overwritten, if someone found a way to overwrite the file couldn't that 
> > > person overwrite any file owned by the ftp user anyway? also I don't see  
> > > how someone being able to overwrite the .htaccess file would allow them to
> > > grab the ftp password, especially if this is all transmitted over ssl.  I
> > > apologize, I'm not trying to start a flame war that I'm sure I'll
> > > lose.  But, I am working on a script that does exactly this and if I'm
> > > doing it wrong perhaps I should begin recoding it.
> > > 
> > > josh 
> > > 
> > > On Fri, 3 May 2002, Mike Eheler wrote:
> > > 
> > > 
> > >>If someone can overwrite your .htaccess there's a chance they can also 
> > >>view files through the same exploit (possibly). They could then get your 
> > >>FTP login info, and do a lot more damage than just removing password 
> > >>access to an area.
> > >>
> > >>Mike
> > >>
> > >>Serj wrote:
> > >>
> > >>>Im not exactly sure why that is worse, could you elaborate a little?
> > >>>Josh
> > >>>
> > >>>On Fri, 3 May 2002, Miguel Cruz wrote:
> > >>>
> > >>>
> > >>>
> > Thus leaving the FTP account's password in view of the httpd, which is 
> > even worse...
> > 
> > miguel
> > 
> > On Fri, 3 May 2002, serj wrote:
> > 
> > 
> > >You could use fopen() to connect to the file via ftp therefore keeping
> > >the .htaccess file owned by the user for increased security. 
> > >
> > >Josh Boughner
> > >
> > >On Fri, 3 May 2002, Mike Eheler wrote:
> > >
> > >
> > >
> > >>It's possible, but is it really recommended? Wouldn't the 
> > >>.htaccess/.htpasswd file have to be owned by the apache user, which 
> > >>might leave it open to being overwritten by any kind of a 
> > >>weak/exploitable script?
> > >>
> > >>Mike
> > >>
> > >>Josh & Valerie McCormack wrote:
> > >>
> > >>
> > >>>I've used the script phtaccess, which I think used the mentioned class. 
> > >>>Super easy to use.
> > >>>
> > >>>Josh
> > >>>
> > >>>
> > >>>
> > On Wed, 1 May 2002, Kelly Meeks wrote:
> > 
> > 
> > 
> > >>Is is possible to use php to admin a password file used by a 
> > >>.htaccess file?
> > >>
> > >>
> >    You should check the File_Passwd class from PEAR.
> > 
> >    http://chora.php.net/cvs.php/php4/pear/File
> > 
> > -- 
> > Mika Tuupola http://www.appelsiini.net/~tuupola/
> > 
> > 
> > 
> > >>
> > >>-- 
> > >>PHP General Mailing List (http://www.php.net/)
> > >>To unsubscribe, visit: http://www.php.net/unsub.php
> > >>
> > >>
> > >>
> > >>
> > >
> > -- 
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> > 
> > 
> > 
> > 
> > >>
> > >>
> > >>-- 
> > >>PHP General Mailing List (http://www.php.net/)
> > >>To unsubscribe, visit: http://www.php.net/unsub.php
> > >>
> > >>
> > >>
> > > 
> > > 
> > 
> > 
> > 
> > 
> 
> 




signature.asc
Description: This is a digitally signed message part

[PHP] Re: php/.htaccess/.htpasswd

[Mike Eheler]

The problem is not in them being able to overwrite the .htaccess *and* 
getting your FTP password.. those are the cons for both solutions we 
have presented, respectfully.

Right now the ideal solution seems to be this:

save new .htaccess to a temp file
save new .htpasswd to a temp file
use PHP's FTP routines to connect to the FTP server with your 
username/password
delete existing .htaccess
delete existing .htpasswd
upload new .htaccess
upload new .htpasswd
close connection

The biggest problem with this is that you have your FTP password in 
plain text in the script that performs this. If anyone for any reason is 
able to take advantage of some kind of exploit that allows them to view 
the source of that file, you're toast. They get ahold of your FTP 
password and have free reign on your website.

I'm open to suggestions.

serj wrote:
> Being that the files are owned by their respective users, I would imagine 
> that would make it pretty difficult for the .htaccess file to be
> overwritten, if someone found a way to overwrite the file couldn't that 
> person overwrite any file owned by the ftp user anyway? also I don't see  
> how someone being able to overwrite the .htaccess file would allow them to
> grab the ftp password, especially if this is all transmitted over ssl.  I
> apologize, I'm not trying to start a flame war that I'm sure I'll
> lose.  But, I am working on a script that does exactly this and if I'm
> doing it wrong perhaps I should begin recoding it.
> 
> josh 
> 
> On Fri, 3 May 2002, Mike Eheler wrote:
> 
> 
>>If someone can overwrite your .htaccess there's a chance they can also 
>>view files through the same exploit (possibly). They could then get your 
>>FTP login info, and do a lot more damage than just removing password 
>>access to an area.
>>
>>Mike
>>
>>Serj wrote:
>>
>>>Im not exactly sure why that is worse, could you elaborate a little?
>>>Josh
>>>
>>>On Fri, 3 May 2002, Miguel Cruz wrote:
>>>
>>>
>>>
Thus leaving the FTP account's password in view of the httpd, which is 
even worse...

miguel

On Fri, 3 May 2002, serj wrote:


>You could use fopen() to connect to the file via ftp therefore keeping
>the .htaccess file owned by the user for increased security. 
>
>Josh Boughner
>
>On Fri, 3 May 2002, Mike Eheler wrote:
>
>
>
>>It's possible, but is it really recommended? Wouldn't the 
>>.htaccess/.htpasswd file have to be owned by the apache user, which 
>>might leave it open to being overwritten by any kind of a 
>>weak/exploitable script?
>>
>>Mike
>>
>>Josh & Valerie McCormack wrote:
>>
>>
>>>I've used the script phtaccess, which I think used the mentioned class. 
>>>Super easy to use.
>>>
>>>Josh
>>>
>>>
>>>
On Wed, 1 May 2002, Kelly Meeks wrote:



>>Is is possible to use php to admin a password file used by a 
>>.htaccess file?
>>
>>
   You should check the File_Passwd class from PEAR.

   http://chora.php.net/cvs.php/php4/pear/File

-- 
Mika Tuupola http://www.appelsiini.net/~tuupola/



>>
>>-- 
>>PHP General Mailing List (http://www.php.net/)
>>To unsubscribe, visit: http://www.php.net/unsub.php
>>
>>
>>
>>
>
-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




>>
>>
>>-- 
>>PHP General Mailing List (http://www.php.net/)
>>To unsubscribe, visit: http://www.php.net/unsub.php
>>
>>
>>
> 
> 




-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: php/.htaccess/.htpasswd

[serj]

The way I designed the script was so that each time they want to save
changes to their htaccess file through the script they have to enter their
password.  So I never have to actually save the password anywhere in the
script.

On Fri, 3 May 2002, Mike Eheler wrote:

> The problem is not in them being able to overwrite the .htaccess *and* 
> getting your FTP password.. those are the cons for both solutions we 
> have presented, respectfully.
> 
> Right now the ideal solution seems to be this:
> 
> save new .htaccess to a temp file
> save new .htpasswd to a temp file
> use PHP's FTP routines to connect to the FTP server with your 
> username/password
> delete existing .htaccess
> delete existing .htpasswd
> upload new .htaccess
> upload new .htpasswd
> close connection
> 
> The biggest problem with this is that you have your FTP password in 
> plain text in the script that performs this. If anyone for any reason is 
> able to take advantage of some kind of exploit that allows them to view 
> the source of that file, you're toast. They get ahold of your FTP 
> password and have free reign on your website.
> 
> I'm open to suggestions.
> 
> serj wrote:
> > Being that the files are owned by their respective users, I would imagine 
> > that would make it pretty difficult for the .htaccess file to be
> > overwritten, if someone found a way to overwrite the file couldn't that 
> > person overwrite any file owned by the ftp user anyway? also I don't see  
> > how someone being able to overwrite the .htaccess file would allow them to
> > grab the ftp password, especially if this is all transmitted over ssl.  I
> > apologize, I'm not trying to start a flame war that I'm sure I'll
> > lose.  But, I am working on a script that does exactly this and if I'm
> > doing it wrong perhaps I should begin recoding it.
> > 
> > josh 
> > 
> > On Fri, 3 May 2002, Mike Eheler wrote:
> > 
> > 
> >>If someone can overwrite your .htaccess there's a chance they can also 
> >>view files through the same exploit (possibly). They could then get your 
> >>FTP login info, and do a lot more damage than just removing password 
> >>access to an area.
> >>
> >>Mike
> >>
> >>Serj wrote:
> >>
> >>>Im not exactly sure why that is worse, could you elaborate a little?
> >>>Josh
> >>>
> >>>On Fri, 3 May 2002, Miguel Cruz wrote:
> >>>
> >>>
> >>>
> Thus leaving the FTP account's password in view of the httpd, which is 
> even worse...
> 
> miguel
> 
> On Fri, 3 May 2002, serj wrote:
> 
> 
> >You could use fopen() to connect to the file via ftp therefore keeping
> >the .htaccess file owned by the user for increased security. 
> >
> >Josh Boughner
> >
> >On Fri, 3 May 2002, Mike Eheler wrote:
> >
> >
> >
> >>It's possible, but is it really recommended? Wouldn't the 
> >>.htaccess/.htpasswd file have to be owned by the apache user, which 
> >>might leave it open to being overwritten by any kind of a 
> >>weak/exploitable script?
> >>
> >>Mike
> >>
> >>Josh & Valerie McCormack wrote:
> >>
> >>
> >>>I've used the script phtaccess, which I think used the mentioned class. 
> >>>Super easy to use.
> >>>
> >>>Josh
> >>>
> >>>
> >>>
> On Wed, 1 May 2002, Kelly Meeks wrote:
> 
> 
> 
> >>Is is possible to use php to admin a password file used by a 
> >>.htaccess file?
> >>
> >>
>    You should check the File_Passwd class from PEAR.
> 
>    http://chora.php.net/cvs.php/php4/pear/File
> 
> -- 
> Mika Tuupola http://www.appelsiini.net/~tuupola/
> 
> 
> 
> >>
> >>-- 
> >>PHP General Mailing List (http://www.php.net/)
> >>To unsubscribe, visit: http://www.php.net/unsub.php
> >>
> >>
> >>
> >>
> >
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 
> 
> 
> 
> >>
> >>
> >>-- 
> >>PHP General Mailing List (http://www.php.net/)
> >>To unsubscribe, visit: http://www.php.net/unsub.php
> >>
> >>
> >>
> > 
> > 
> 
> 
> 
> 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] (htaccess) not letting php to parse

[Matt]

- Original Message - 
From: "Lauri Vain" <[EMAIL PROTECTED]>


> Hi there, 
> 
> I would prefer to take away the possibility for PHP to parse my
> documents in the /uploaded/ directory. 

Why don't you append someother suffix to the file when it's uploaded?



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] htaccess problems

[Jack Dempsey]

i don't think you want that space inbetween private/ and .htpasswd

-Original Message-
From: Jeremiah Jester [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, December 18, 2001 12:38 AM
To: Php-General
Subject: [PHP] htaccess problems


I cant seem to get my htaccess file to work. Can anyone help? Heres what i
have now:

AuthUserFile /var/www/html/private/ .htpasswd
AuthGroupFile /dev/null
AuthName PrivateDomain
AuthType Basic


require valid-user


I then type 'htpasswd -c .htpasswd myusername' and then set password.
Everything seems to be in order but i'm not prompted for user name and
passwd when i try to access protected area via the web? Both htaccess and
htpasswd files are in 'private' directory. Permission on secure folder is
755. Is that right? What about permissions for htaccess and htpasswd files?
Do I have to enable htaccess ability through apache first through
httpd.conf? Can anyone help?

Thansk,
JJ


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP] Htaccess / regex / php I dont know why it won't work

[affixcom]

Thanks,
I spent 2 days trying everything, and since I am not an expert on regex (do
that that just for fun), I though my script was bad. I'll check with my
hosting company if I can overrule the httpd.conf. I checked on phpinfo() and
mod_rewrite is loaded
Gab


- Original Message -
From: "Maxim Maletsky (PHPBeginner.com)" <[EMAIL PROTECTED]>
To: "'affixcom'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Tuesday, October 02, 2001 3:10 PM
Subject: RE: [PHP] Htaccess / regex / php I dont know why it won't work



I think this was supposed to work:

.htaccess

RewriteEngine On
RewriteRule ^(.*)\.zajfe\.org$  redirect.php?url=$1   [L]


Are you sure it doesn't? If it doesn't then meas they

 1. don't have mod_rewrite (phphinfo shows you the modules loaded)
 2. don't allow .htaccess to override httpd.conf rules.

Also read about mod_rewrite, right in the manual there are a few
examples to do what you need. Always if you have it loaded.


Maxim Maletsky
www.PHPBeginner.com




-Original Message-
From: affixcom [mailto:[EMAIL PROTECTED]]
Sent: martedì 2 ottobre 2001 20.54
To: [EMAIL PROTECTED]
Subject: [PHP] Htaccess / regex / php I dont know why it won't work


Hi,
I have a website hosted on a cobalt server with my own domain, but not
my own IP. I have a full access to my root web, but not higher (means
can't change any *.conf files). My domain is "wildcarded" I want to be
able to redirect based on the entry, IE if a user types
http://hello.mydomain.com he will go to http://mydomain.com/hello=20 if
a user types http://another.mydomain.com he will go to
http://mydomain.com/another=20

The redirect method of apache doesn't work because I leanred that that
is based on an absolute path from the server I tried php scripts that
read the subdomain and use it in the header function but it won't work.
I came to the conclusion after a lot of tests that rewriterule from the
htaccess is the the best.

htaccess script: (doesn't work)
RewriteEngine On
RewriteRule ^(.*)\.zajfe\.org$  redirect.php?url=$1   [L]
connected to the page redirect.php where
http://www.zajfe.org/$url";);?>
PHP script: (doesn't work)
http://$domain/$underdomaene";);
 }
else {
 if (!$REQUEST_URI || $REQUEST_URI == "/") {
  include("$DOCUMENT_ROOT/$default_page");
 }
 else {
  header("Location: http://$domain$REQUEST_URI";);
 }
}
?>

I am open to ANY suggestion, CGI / ASP / PHP / SSI (it is all on the
server), I want it to work

Thanks

Gab



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

RE: [PHP] Htaccess / regex / php I dont know why it won't work

[Maxim Maletsky \(PHPBeginner.com\)]

I think this was supposed to work:

.htaccess

RewriteEngine On
RewriteRule ^(.*)\.zajfe\.org$  redirect.php?url=$1   [L]


Are you sure it doesn't? If it doesn't then meas they

 1. don't have mod_rewrite (phphinfo shows you the modules loaded)
 2. don't allow .htaccess to override httpd.conf rules.

Also read about mod_rewrite, right in the manual there are a few
examples to do what you need. Always if you have it loaded.


Maxim Maletsky
www.PHPBeginner.com




-Original Message-
From: affixcom [mailto:[EMAIL PROTECTED]] 
Sent: martedì 2 ottobre 2001 20.54
To: [EMAIL PROTECTED]
Subject: [PHP] Htaccess / regex / php I dont know why it won't work


Hi,
I have a website hosted on a cobalt server with my own domain, but not
my own IP. I have a full access to my root web, but not higher (means
can't change any *.conf files). My domain is "wildcarded" I want to be
able to redirect based on the entry, IE if a user types
http://hello.mydomain.com he will go to http://mydomain.com/hello=20 if
a user types http://another.mydomain.com he will go to
http://mydomain.com/another=20

The redirect method of apache doesn't work because I leanred that that
is based on an absolute path from the server I tried php scripts that
read the subdomain and use it in the header function but it won't work.
I came to the conclusion after a lot of tests that rewriterule from the
htaccess is the the best.

htaccess script: (doesn't work)
RewriteEngine On
RewriteRule ^(.*)\.zajfe\.org$  redirect.php?url=$1   [L]
connected to the page redirect.php where
http://www.zajfe.org/$url";);?>
PHP script: (doesn't work)
http://$domain/$underdomaene";);
 }
else {
 if (!$REQUEST_URI || $REQUEST_URI == "/") {
  include("$DOCUMENT_ROOT/$default_page");
 }
 else {
  header("Location: http://$domain$REQUEST_URI";);
 }
}
?>

I am open to ANY suggestion, CGI / ASP / PHP / SSI (it is all on the
server), I want it to work

Thanks

Gab



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP] htaccess and $PHP_AUTH_USER

[Papp Gyozo]

Hi,

There is a few scripts on Zend pages.

I'm sure, this one of them will be very helpful:
http://www.zend.com/zend/tut/authentication.php

- Original Message -
From: Rene Fournier <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, August 28, 2001 9:24 PM
Subject: [PHP] htaccess and $PHP_AUTH_USER


> Please, someone, help me...
>
> What I want to do:  Have a user prompted for an ID/password, both of which
> (if valid), get passed to a PHP script, which then uses the ID/password to
> selectively display certain fields of a table.  (For example, if the user
> logs in as "Sales", he would only see the sales-related fields of the
> tables.  Whereas, if the user logs in as "Production", she would see the
> production-related fields.  Pretty simple.)
>
> I've read the PHP docs on $PHP_AUTH_USER.  One stupid question:  Must I
use
> the htaccess directory-protection feature of Apache in order for this to
> work (or is$PHP_AUTH_USER not dependent on Apache (or any web server) at
> all)?  I mean, from reading the docs, it seems as if the value stored in
> $PHP_AUTH_USER comes what the user types into the Apache-spawned dialog
box
> (when the user types the URL containing that password-protected
> directory.)??  The thing is, when I turn password protection on for the
> directory in question, and add the users and passwords to the htaccess
file,
> then go to the URL in the browser, I get prompted several times for a user
> and password--first, it seems, by Apache, then by the PHP code I copied
from
> the docs.
>
> If anyone can help, I'd greatly appreciate it.  Best would be some real
code
> running in a similar server environment.  (The site in question is running
> on www.fatcow.com servers--they're running PHP3 (shouldn't matter, right)
> and Apache.)
>
> MUCH thanks in advance...
>
> ...Rene
>
> ---
> Rene Fournier,
> [EMAIL PROTECTED]
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP] .htaccess username

[Stig-Ørjan Smelror]

Pavel Jartsev wrote:
> Tribun wrote:
> 
>>...hmmm, I would guess there is a way, but I dont know why...
>>
>>Can I read out the active username, which has just logged in through a
>>.htaccess authentication???
>>
>>Like the access data..
>>user: patrick
>>pass: linux
>>
>>can PHP reads out the usersname "patrick" ??
>>
>>(and if ,... how? ;)
>>
>>
> 
> $PHP_AUTH_USER and $PHP_AUTH_PW.
> 
> 

It's also possible to use $REMOTE_USER. I don't know of any 
$REMOTE_PASS, so the suggestion above it good ;)



-- 
Stig-Ørjan Smelror
Systemutvikler

Linux Communications AS
Sandakerveien 48b
Box 1801 - Vika
N-0123 Oslo, Norway

tel. +47 22 09 28 80
fax. +47 22 09 28 81
http://www.lincom.no/


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP] .htaccess username

[Pavel Jartsev]

Tribun wrote:
> 
> ...hmmm, I would guess there is a way, but I dont know why...
> 
> Can I read out the active username, which has just logged in through a
> .htaccess authentication???
> 
> Like the access data..
> user: patrick
> pass: linux
> 
> can PHP reads out the usersname "patrick" ??
> 
> (and if ,... how? ;)
> 

$PHP_AUTH_USER and $PHP_AUTH_PW.

-- 
Pavel a.k.a. Papi

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP] htaccess & php

[Chris Kay]

ok Thanks dude i'll start there

At 10:01 AM 8/9/01 +1000, Daniel James wrote:
>You are looking for HTTP Authentication...
>http://www.php.net/manual/en/features.http-auth.php
>
>Twigman...
>
>On 2001.08.09 09:49 Chris Kay wrote:
> >
> > Hi
> >
> > My question is that i am about to start a database and i have been asked
> > to
> > make the login/password like htaccess, now they also want to be able to
> > modify passwords ect so i was going to do it with mysql.
> >
> > I have seen or been told that there is something where you can use
> > sql/php
> > and  make it use something that look like htaccess but is not.
> >
> > is this true?
> >
> > if so where would i start looking for something along these lines..
> >
> > Answers/Comments welcome
> >
> >
> >
> > 
> >  Chris Kay - Tech Support - IDEAL Internet
> > email: [EMAIL PROTECTED] phone: +61 2 4628  fax: +61 2 4628 8890
> > 
> >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> > To contact the list administrators, e-mail: [EMAIL PROTECTED]
> >
>
>--
>PHP General Mailing List (http://www.php.net/)
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]
>To contact the list administrators, e-mail: [EMAIL PROTECTED]



 Chris Kay - Tech Support - IDEAL Internet
email: [EMAIL PROTECTED] phone: +61 2 4628  fax: +61 2 4628 8890



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP] htaccess & php

[Daniel James]

You are looking for HTTP Authentication...
http://www.php.net/manual/en/features.http-auth.php

Twigman...

On 2001.08.09 09:49 Chris Kay wrote:
> 
> Hi
> 
> My question is that i am about to start a database and i have been asked
> to 
> make the login/password like htaccess, now they also want to be able to 
> modify passwords ect so i was going to do it with mysql.
> 
> I have seen or been told that there is something where you can use
> sql/php 
> and  make it use something that look like htaccess but is not.
> 
> is this true?
> 
> if so where would i start looking for something along these lines..
> 
> Answers/Comments welcome
> 
> 
> 
> 
>  Chris Kay - Tech Support - IDEAL Internet
> email: [EMAIL PROTECTED] phone: +61 2 4628  fax: +61 2 4628 8890
> 
> 
> 
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP] .htaccess

[Alexander Wagner]

MindHunter wrote:
> I've seen this all over.  I had a QUICK look at the manual and can't
> find much.  In short, what is it, what is it used for and is it
> WIN/UNIX-LINUX specific.  Also any good readings on it will be
> appreciated.

It is Apache-related, so it will work on any OS Apache can run on.
This is also the reason why you won't find much about it in the 
PHP-manual.

regards
Wagner

-- 
Madness takes its toll. Please have exact change.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP] .htaccess and determining if a user is logged in

[Jason Brooke]

> I've done further investigation and it seems that if I go with the
approach
> of looking for a REMOTE_USER value, I'll have to do the following:
>
> Since Apache only fills out the REMOTE_USER if the file is in a protected
> directory, I have to make a symbolic link within a protected directory to
> the non-protected script. Then Apache will require authentication for the
> file. Thus, both non-authenticated and authenticated users are running the
> same script.
>
> Any problems with this approach? My worry is that if the user passes
> $REMOTE_USER="FooledYou" in the url, it'll fool my script into thinking
> Apache sent it. I'll have to check into that one.
>
> Any better ideas?

Yep - have a look at the manual here:
http://www.php.net/manual/en/language.variables.external.php

and here:
http://www.php.net/manual/en/configuration.php  (search for 'gpc_order')

jason





-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]