Re: [PHP] Second (Bizarre) Question regarding PHP and ASP
I'm not sure I totally understand... But why not just call it like a web page using curl? *** REPLY SEPARATOR *** On 04/01/2003 at 6:43 PM Phil Powell wrote: I don't know how to post this one so I'm sorry for such bizarre cross-posting, but honestly I don't know where to go for help on this one! I have process.php that has to call a remote file called process.asp on another site. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Second (Bizarre) Question regarding PHP and ASP
It would look like any other user. In ASP you will have to check the request's IP (if its static), or you can use some kind of username/password combinition... Or if you are real lazy use just a hidden url ie mysite.com/akjdhsanlfas/process.asp There is no way to tell the page process.php is making the request. Andrew - Original Message - From: Phil Powell [EMAIL PROTECTED] To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Saturday, January 04, 2003 11:43 PM Subject: [PHP] Second (Bizarre) Question regarding PHP and ASP I don't know how to post this one so I'm sorry for such bizarre cross-posting, but honestly I don't know where to go for help on this one! I have process.php that has to call a remote file called process.asp on another site. Site 1 has the cookie domain I want (that's where process.php is housed) Site 2 has the database I need (because I can't obtain a database for Site 1 - Site 2 is where process.asp is housed) process.php has to do an fopen to process.asp to process username and password material. process.asp needs security, obviously, to ensure that the user is coming from process.asp (but he's not because he's doing an fopen). in other words, process.php opens up process.asp and returns the evaluation of process.asp onto process.php I tried using REQUEST_URI but I didn't get the results I wanted. How will process.asp know that process.php called it in order to do what it should do? Thanx Phil -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Second (Bizarre) Question regarding PHP and ASP
On Sunday 05 January 2003 07:43 am, Phil Powell wrote: I tried using REQUEST_URI but I didn't get the results I wanted. How will process.asp know that process.php called it in order to do what it should do? if you can get $_SERVER[REMOTE_ADDR] or $HTTP_REMOTE_ADDR and if you can trust it (not only that it's right, but also that there are no man in the middle attacks or other scripts on the client that can pretend to be your script) then you could just check that the request is coming from the right IP. alternatively, you could use hashes that change from one invocation to the next (to avoid replay attacks). the server and the client should both have a secret passphrase (perhaps even a whole set of them, one for each day, and generated every month or so). on the client (process.php) randomly generate a string, e.g., $randstr. create a hash based on the secret passphrase and the randstr, e.g, $hash=makeMyHash($passphrase.$randstr); /* use whatever hash function you want: openssl, mhash, mcrypt or whatever you use */ send the randstr and the hash along with the rest of the data. on the server side, process.asp takes the randstr, takes the hash as above, and compares the hash generated with the hash passed in. if they don't match, don't reply. if they match, then the request comes from process.php (unless you're really paranoid, in which case, add some more hoops for process.php to jump through :). tiger -- Gerald Timothy Quimpo tiger*quimpo*org gquimpo*sni-inc.com tiger*sni*ph Public Key: gpg --keyserver pgp.mit.edu --recv-keys 672F4C78 Veritas liberabit vos. Doveryai no proveryai. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Second (Bizarre) Question regarding PHP and ASP
CURL? I only understand CURL as a Vignette command, sorry, you lost me. Phil Michael J. Pawlowsky [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I'm not sure I totally understand... But why not just call it like a web page using curl? *** REPLY SEPARATOR *** On 04/01/2003 at 6:43 PM Phil Powell wrote: I don't know how to post this one so I'm sorry for such bizarre cross-posting, but honestly I don't know where to go for help on this one! I have process.php that has to call a remote file called process.asp on another site. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Second (Bizarre) Question regarding PHP and ASP
http://www.php.net/manual/en/ref.curl.php have the page send back whatever info you need. *** REPLY SEPARATOR *** On 04/01/2003 at 8:33 PM Phil Powell wrote: CURL? I only understand CURL as a Vignette command, sorry, you lost me. Phil Michael J. Pawlowsky [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I'm not sure I totally understand... But why not just call it like a web page using curl? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php