Re: [PHP] Questions on PHP Variables

2002-11-10 Thread Ray Seals
 The fact that tutorials are outdated  using old code is not a good reason
 to stick with it :)

I agree totally.

So I'm trying to use the $_Server variables but I continue to get this
error:

Parse error: parse error, expecting 'T_STRNG' or 'T_VARIABLE' or
'T_NUM_STRING' in blah, blah, blah on line 33.

Here is the script that is doing this:

?php


// File Name: auth04.php
// Check to see if $PHP_AUTH_USER already contains info

if (!isset($_SERVER[PHP_AUTH_USER])) {

// If empty, send header causing dialog box to appear

header('WWW-Authenticate: Basic realm=My Private
Stuff');
header('HTTP/1.0 401 Unauthorized');
exit;

} else if (isset($_SERVER[PHP_AUTH_USER])) {

// If non-empty, check the database for matches
// connect to MySQL

mysql_connect(hostname, username, password)

or die (Unable to connect to database.);

// select database on MySQL server

mysql_select_db(dev_i2ii_com)
or die (Unable to select database.);

// Formulate the query

$sql = SELECT *
FROM users
WHERE username='$_SERVER[PHP_AUTH_USER]' and
password='$_SERVER[PHP_AUTH_PW]';



// Execute the query and put results in $result

$result = mysql_query($sql);

// Get number of rows in $result. 0 if invalid, 1 if
valid.

$num = mysql_numrows($result);

if ($num != 0) {
echo PYou're authorized!/p;
exit;

} else {

header('WWW-Authenticate: Basic realm=My
Private Stuff');
header('HTTP/1.0 401 Unauthorized');
echo 'Authorization Required.';
exit;

}

}



?

--
The data base stuff hasn't been put in yet, I'm just trying to get the
script to load cleanly before I trouble shoot the database connector
side.

Ray


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




Re: [PHP] Questions on PHP Variables

2002-11-10 Thread Rasmus Lerdorf
Don't use quotes around the array index inside a quoted string.

-Rasmus

On 10 Nov 2002, Ray Seals wrote:

  The fact that tutorials are outdated  using old code is not a good reason
  to stick with it :)

 I agree totally.

 So I'm trying to use the $_Server variables but I continue to get this
 error:

 Parse error: parse error, expecting 'T_STRNG' or 'T_VARIABLE' or
 'T_NUM_STRING' in blah, blah, blah on line 33.

 Here is the script that is doing this:

 ?php


 // File Name: auth04.php
 // Check to see if $PHP_AUTH_USER already contains info

 if (!isset($_SERVER[PHP_AUTH_USER])) {

 // If empty, send header causing dialog box to appear

 header('WWW-Authenticate: Basic realm=My Private
 Stuff');
 header('HTTP/1.0 401 Unauthorized');
 exit;

 } else if (isset($_SERVER[PHP_AUTH_USER])) {

 // If non-empty, check the database for matches
 // connect to MySQL

 mysql_connect(hostname, username, password)

 or die (Unable to connect to database.);

 // select database on MySQL server

 mysql_select_db(dev_i2ii_com)
 or die (Unable to select database.);

 // Formulate the query

 $sql = SELECT *
 FROM users
 WHERE username='$_SERVER[PHP_AUTH_USER]' and
 password='$_SERVER[PHP_AUTH_PW]';



 // Execute the query and put results in $result

 $result = mysql_query($sql);

 // Get number of rows in $result. 0 if invalid, 1 if
 valid.

 $num = mysql_numrows($result);

 if ($num != 0) {
 echo PYou're authorized!/p;
 exit;

 } else {

 header('WWW-Authenticate: Basic realm=My
 Private Stuff');
 header('HTTP/1.0 401 Unauthorized');
 echo 'Authorization Required.';
 exit;

 }

 }



 ?

 --
 The data base stuff hasn't been put in yet, I'm just trying to get the
 script to load cleanly before I trouble shoot the database connector
 side.

 Ray


 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




Re: [PHP] Questions on PHP Variables

2002-11-10 Thread Leif K-Brooks
Uh, no.  That makes it think it's a constant, which generates a notice.

Rasmus Lerdorf wrote:


Don't use quotes around the array index inside a quoted string.

-Rasmus

On 10 Nov 2002, Ray Seals wrote:

 

The fact that tutorials are outdated  using old code is not a good reason
to stick with it :)
 

I agree totally.

So I'm trying to use the $_Server variables but I continue to get this
error:

Parse error: parse error, expecting 'T_STRNG' or 'T_VARIABLE' or
'T_NUM_STRING' in blah, blah, blah on line 33.

Here is the script that is doing this:

?php


   // File Name: auth04.php
   // Check to see if $PHP_AUTH_USER already contains info

   if (!isset($_SERVER[PHP_AUTH_USER])) {

   // If empty, send header causing dialog box to appear

   header('WWW-Authenticate: Basic realm=My Private
Stuff');
   header('HTTP/1.0 401 Unauthorized');
   exit;

   } else if (isset($_SERVER[PHP_AUTH_USER])) {

   // If non-empty, check the database for matches
   // connect to MySQL

   mysql_connect(hostname, username, password)

   or die (Unable to connect to database.);

   // select database on MySQL server

   mysql_select_db(dev_i2ii_com)
   or die (Unable to select database.);

   // Formulate the query

   $sql = SELECT *
   FROM users
   WHERE username='$_SERVER[PHP_AUTH_USER]' and
password='$_SERVER[PHP_AUTH_PW]';



   // Execute the query and put results in $result

   $result = mysql_query($sql);

   // Get number of rows in $result. 0 if invalid, 1 if
valid.

   $num = mysql_numrows($result);

   if ($num != 0) {
   echo PYou're authorized!/p;
   exit;

   } else {

   header('WWW-Authenticate: Basic realm=My
Private Stuff');
   header('HTTP/1.0 401 Unauthorized');
   echo 'Authorization Required.';
   exit;

   }

   }



?

--
The data base stuff hasn't been put in yet, I'm just trying to get the
script to load cleanly before I trouble shoot the database connector
side.

Ray


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

   



 


--
The above message is encrypted with double rot13 encoding.  Any unauthorized attempt to decrypt it will be prosecuted to the full extent of the law.





Re: [PHP] Questions on PHP Variables

2002-11-10 Thread Ernest E Vogelsinger
At 15:28 10.11.2002, Ray Seals said:
[snip]
Parse error: parse error, expecting 'T_STRNG' or 'T_VARIABLE' or
'T_NUM_STRING' in blah, blah, blah on line 33.

Here is the script that is doing this:

 [...]

$sql = SELECT *
FROM users
WHERE username='$_SERVER[PHP_AUTH_USER]' and
password='$_SERVER[PHP_AUTH_PW]';
[snip] 

You need to put the array dereference in curly brackets:

$sql = SELECT *
 FROM users
WHERE username='{$_SERVER['PHP_AUTH_USER']}' and
password='{$_SERVER['PHP_AUTH_PW']}';

Note that I used single quotes within the array - it's for the paranoid
like me only, it's a few nanosecs faster :)


-- 
   O Ernest E. Vogelsinger
   (\)ICQ #13394035
^ http://www.vogelsinger.at/



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




Re: [PHP] Questions on PHP Variables

2002-11-10 Thread Rasmus Lerdorf
Uh, no.  Your problem is obvious:

   $sql = SELECT *
   FROM users
   WHERE username='$_SERVER[PHP_AUTH_USER]' and
   password='$_SERVER[PHP_AUTH_PW]';

You have double-quotes inside a double-quoted string.

Like I said, don't use quotes around the array index inside a quoted
string.  So change the above to:

   $sql = SELECT *
   FROM users
   WHERE username='$_SERVER[PHP_AUTH_USER]' and
   password='$_SERVER[PHP_AUTH_PW]';

Constants are not expanded inside a quoted string, so that is the correct
way to handle array indices if you want to keep them inside the quoted
string.

-Rasmus

On Sun, 10 Nov 2002, Leif K-Brooks wrote:

 Uh, no.  That makes it think it's a constant, which generates a notice.

 Rasmus Lerdorf wrote:

 Don't use quotes around the array index inside a quoted string.
 
 -Rasmus
 
 On 10 Nov 2002, Ray Seals wrote:
 
 
 
 The fact that tutorials are outdated  using old code is not a good reason
 to stick with it :)
 
 
 I agree totally.
 
 So I'm trying to use the $_Server variables but I continue to get this
 error:
 
 Parse error: parse error, expecting 'T_STRNG' or 'T_VARIABLE' or
 'T_NUM_STRING' in blah, blah, blah on line 33.
 
 Here is the script that is doing this:
 
 ?php
 
 
 // File Name: auth04.php
 // Check to see if $PHP_AUTH_USER already contains info
 
 if (!isset($_SERVER[PHP_AUTH_USER])) {
 
 // If empty, send header causing dialog box to appear
 
 header('WWW-Authenticate: Basic realm=My Private
 Stuff');
 header('HTTP/1.0 401 Unauthorized');
 exit;
 
 } else if (isset($_SERVER[PHP_AUTH_USER])) {
 
 // If non-empty, check the database for matches
 // connect to MySQL
 
 mysql_connect(hostname, username, password)
 
 or die (Unable to connect to database.);
 
 // select database on MySQL server
 
 mysql_select_db(dev_i2ii_com)
 or die (Unable to select database.);
 
 // Formulate the query
 
 $sql = SELECT *
 FROM users
 WHERE username='$_SERVER[PHP_AUTH_USER]' and
 password='$_SERVER[PHP_AUTH_PW]';
 
 
 
 // Execute the query and put results in $result
 
 $result = mysql_query($sql);
 
 // Get number of rows in $result. 0 if invalid, 1 if
 valid.
 
 $num = mysql_numrows($result);
 
 if ($num != 0) {
 echo PYou're authorized!/p;
 exit;
 
 } else {
 
 header('WWW-Authenticate: Basic realm=My
 Private Stuff');
 header('HTTP/1.0 401 Unauthorized');
 echo 'Authorization Required.';
 exit;
 
 }
 
 }
 
 
 
 ?
 
 --
 The data base stuff hasn't been put in yet, I'm just trying to get the
 script to load cleanly before I trouble shoot the database connector
 side.
 
 Ray
 
 
 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php
 
 
 
 
 
 
 

 --
 The above message is encrypted with double rot13 encoding.  Any unauthorized attempt 
to decrypt it will be prosecuted to the full extent of the law.





-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




Re: [PHP] Questions on PHP Variables

2002-11-08 Thread Marco Tabini
Try looking in the manual for register_globals. It's a setting in
php.ini that determines whether server variables are registered as
regular variables or not. The material you have probably expects it to
be turned on, whereas in more recent versions it has been turned off.
It's considered a potential security issue.


Marco
-- 

php|architect - The magazine for PHP Professionals
The first monthly worldwide  magazine dedicated to PHP programmer

Come visit us at http://www.phparch.com!


---BeginMessage---
I'm running PHP 4.2.3 as an Apache Module

When I try to use $PHP_AUTH_USER it returns nothing.  But if I print out
$_SERVER[PHP_AUTH_USER] it prints the user name I tried.

All of the sample code and books that I have use the $PHP_AUTH_USER. 
Can anyone give me some insight on what the difference is? 

Ray

-- 
---
Is the Internet down?


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



---End Message---
-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


Re: [PHP] Questions on PHP Variables

2002-11-08 Thread Justin French
They contain the same data.

Newer versions of PHP (= 4.1.1 I think) make use of the new superglobal
arrays (like $_POST, $_GET, $_SESSION, $_COOKIE, $_SERVER, etc)...  This way
of doing things is more secure, and will encourage smarter programming.

You can get the old behaviour back by changing register_globals to ON in
your php.ini, but I'd encourage you to move forward to the new way of doing
things...

The fact that tutorials are outdated  using old code is not a good reason
to stick with it :)

Quick fix to get this script working is to put this near the top of the
script:

? $PHP_AUTH_USER = $_SERVER[PHP_AUTH_USER]; ?

Untested, but you should then be able to use the script as it currently is.


Justin



on 09/11/02 7:12 AM, Ray Seals ([EMAIL PROTECTED]) wrote:

 I'm running PHP 4.2.3 as an Apache Module
 
 When I try to use $PHP_AUTH_USER it returns nothing.  But if I print out
 $_SERVER[PHP_AUTH_USER] it prints the user name I tried.
 
 All of the sample code and books that I have use the $PHP_AUTH_USER.
 Can anyone give me some insight on what the difference is?
 
 Ray


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php