Re: [PHP] Send username & password in HTTP headers

2004-05-12 Thread Nagendra Prasad 
Hi,
That worked,
Thanks a lot..

Regards
TNP
Professional Services
ZUSTEK INDIA
__


-- Original Message ---
From: Chris Shiflett <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
Sent: Wed, 12 May 2004 08:55:55 -0700 (PDT)
Subject: Re: [PHP] Send username & password in HTTP headers

> --- Nagendra Prasad <[EMAIL PROTECTED]> wrote:
> > I'm posting some XML data to my client's website using HTTP Post.
> > Assume I'm posting to getxml.php (hosted on my clients server).
> > Now my client has put authentication on his website using 
> > header('WWW-Authenticate: Basic realm="Private Area"');
> > 
> > Now the page getxml.php asks me to prove my identity before it
> > acceps my xml posts. So how do I send the username & pwd when I'm
> > posting the xml details?
> 
> Include an Authorization header, which should look something like this:
> 
> Authorization: Basic bXluYW1lOm15cGFzcw==
> 
> The encoded string is just the result of this:
> 
> base64_encode('myname:mypass')
> 
> Substitute with the correct username and password.
> 
> Hope that helps.
> 
> Chris
> 
> =
> Chris Shiflett - http://shiflett.org/
> 
> PHP Security - O'Reilly
>  Coming Fall 2004
> HTTP Developer's Handbook - Sams
>  http://httphandbook.org/
> PHP Community Site
>  http://phpcommunity.org/
--- End of Original Message ---

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Send username & password in HTTP headers

2004-05-12 Thread Chris Shiflett 
--- Nagendra Prasad <[EMAIL PROTECTED]> wrote:
> I'm posting some XML data to my client's website using HTTP Post.
> Assume I'm posting to getxml.php (hosted on my clients server).
> Now my client has put authentication on his website using 
> header('WWW-Authenticate: Basic realm="Private Area"');
> 
> Now the page getxml.php asks me to prove my identity before it
> acceps my xml posts. So how do I send the username & pwd when I'm
> posting the xml details?

Include an Authorization header, which should look something like this:

Authorization: Basic bXluYW1lOm15cGFzcw==

The encoded string is just the result of this:

base64_encode('myname:mypass')

Substitute with the correct username and password.

Hope that helps.

Chris

=
Chris Shiflett - http://shiflett.org/

PHP Security - O'Reilly
 Coming Fall 2004
HTTP Developer's Handbook - Sams
 http://httphandbook.org/
PHP Community Site
 http://phpcommunity.org/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Send username & password in HTTP headers

2004-05-12 Thread Nagendra Prasad 
Hi, 
I have a problem. I'm posting some XML data to my client's website using HTTP 
Post. Assume I'm posting to getxml.php (hosted on my clients server). Now my 
client has put authentication on his website using 
header('WWW-Authenticate: Basic realm="Private Area"'); 

Now the page getxml.php asks me to prove my identity before it acceps my xml 
posts. 
So how do I send the username & pwd when I'm posting the xml details? 
My client doesn't want to forego this authentication concept. 

To post, this is what I'm doing 

-- 
function dopost( $host, $usepath, $postdata = "", $logfilename ) { 
//Global $logfilename; 
// 
// open socket to files that accept posts on other servers 
// 
$fp = fsockopen( $host, 80, &$errno, &$errstr, 60 ); 
// 
// check that the socket has been opened successfully 
// 
if( !$fp ) { 
//print "-$errstr ($errno)-\n"; 
$this->postURL = "http://".$host.$usepath."?".$postdata; 
$this->writeToErrorLog($logfilename); 
} 
else { 

#write the data to the encryption cgi 
fputs( $fp, "POST $usepath HTTP/1.0\n"); 
$strlength = strlen( $postdata ); 
fputs( $fp, "Content-type: application/x-www-form-urlencoded\n" ); 
fputs( $fp, "Content-length: ".$strlength."\n\n" ); 
fputs( $fp, $postdata."\n\n" ); 
// 
// clear the response data 
// 
$output = ""; 


// 
// read the response from the remote cgi 
// 
// while content exists, keep retrieving document in 1K chunks 
// 
while( !feof( $fp ) ) { 
$output .= fgets( $fp, 1024); 
} 
// 
// close the socket connection 
// 
fclose( $fp); 
} 
// 
// return the response 
// 
return $output; 
} 

-- 
Also I have tried the following, still it doesn't work 

fputs( $fp, "POST $usepath HTTP/1.0\n"); 
$strlength = strlen( $postdata ); 
//fputs( $fp, "Authorization: " . base64_encode ( $username . ":" . 
$password) . "\n"); 
//fputs( $fp, "Authorization: " . base64_encode ("guest:guest")."\n"); 
fputs( $fp, "Authorization: " . "guest:guest"."\n"); 
fputs( $fp, "Content-type: application/x-www-form-urlencoded\n" ); 

fputs( $fp, "Content-length: ".$strlength."\n\n" ); 
fputs( $fp, $postdata."\n\n" ); 

Still nothing works out.. 
Plz help me. I need this badly now.

Regards
TNP
Professional Services
ZUSTEK INDIA
__


-- Original Message ---
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: 12 May 2004 09:51:48 -
Subject: WELCOME to [EMAIL PROTECTED]

> Hi! This is the ezmlm program. I'm managing the
> [EMAIL PROTECTED] mailing list.
> 
> I'm working for my owner, who can be reached
> at [EMAIL PROTECTED]
> 
> Acknowledgment: I have added the address
> 
>[EMAIL PROTECTED]
> 
> to the php-general mailing list.
> 
> Welcome to [EMAIL PROTECTED]
> 
> Please save this message so that you know the address you are
> subscribed under, in case you later want to unsubscribe or change 
> your subscription address.
> 
> --- Administrative commands for the php-general list ---
> 
> I can handle administrative requests automatically. Please
> do not send them to the list address! Instead, send
> your message to the correct command address:
> 
> For help and a description of available commands, send a message to:
><[EMAIL PROTECTED]>
> 
> To subscribe to the list, send a message to:
><[EMAIL PROTECTED]>
> 
> To remove your address from the list, just send a message to
> the address in the ``List-Unsubscribe'' header of any list
> message. If you haven't changed addresses since subscribing,
> you can also send a message to:
><[EMAIL PROTECTED]>
> 
> or for the digest to:
><[EMAIL PROTECTED]>
> 
> For addition or removal of addresses, I'll send a confirmation
> message to that address. When you receive it, simply reply to it
> to complete the transaction.
> 
> If you need to get in touch with the human owner of this list,
> please send a message to:
> 
> <[EMAIL PROTECTED]>
> 
> Please include a FORWARDED list message with ALL HEADERS intact
> to make it easier to help you.
> 
> --- Enclosed is a copy of the request I received.
> 
> Return-Path: <[EMAIL PROTECTED]>
> 
> Received: (qmail 64646 invoked by uid 1010); 12 May 2004 09:51:48 -
> Delivered-To: ezmlm-scan-php-general-
> [EMAIL PROTECTED]
> Delivered-To: ezmlm-php-general-sc.1084355448.dihjfmikeehgilooihaa-
> [EMAIL PROTECTED]
> Received: (qmail 64579 invoked from network); 12 May 2004 09:51:46 -
> Received: from unknown (HELO osi-tech.com) (203.199.179.83)
>   by pb1.pair.com with SMTP; 12 May 2004 09:51:46 -
> Received: from osi-tech.com (osi-tech.com [127.0.0.1])
>   by osi-tech.com (8.11.6/8.11.6) with ESMTP id i4C9wB914286
> 
>   for  [EMAIL PROTECTED]>; Wed, 12 May 2004 15:28:11 +0530 From: 
> "Nagendra Prasad" <[EMAIL PROTECTED]> To: php-general-
> [EMAIL PROTECTED]
> Reply-To: [EMAIL PROTECTED]
> Subject: Re: confirm subscribe to [EMAIL PROTECTED]
> Date: