[PHP-DOC] cvs: phpdoc /en/features http-auth.xml
nlopess Wed Nov 1 15:37:09 2006 UTC Modified files: /phpdoc/en/features http-auth.xml Log: fix #39154: improve http digest auth regex http://cvs.php.net/viewvc.cgi/phpdoc/en/features/http-auth.xml?r1=1.47&r2=1.48&diff_format=u Index: phpdoc/en/features/http-auth.xml diff -u phpdoc/en/features/http-auth.xml:1.47 phpdoc/en/features/http-auth.xml:1.48 --- phpdoc/en/features/http-auth.xml:1.47 Wed Aug 16 04:07:22 2006 +++ phpdoc/en/features/http-auth.xmlWed Nov 1 15:37:09 2006 @@ -1,5 +1,5 @@ - + HTTP authentication with PHP @@ -107,10 +107,10 @@ $needed_parts = array('nonce'=>1, 'nc'=>1, 'cnonce'=>1, 'qop'=>1, 'username'=>1, 'uri'=>1, 'response'=>1); $data = array(); -preg_match_all('@(\w+)=([\'"]?)([a-zA-Z0-9=./\_-]+)\2@', $txt, $matches, PREG_SET_ORDER); +preg_match_all('@(\w+)=(?:([\'"])([^\2]+)\2|([^\s,]+))@', $txt, $matches, PREG_SET_ORDER); foreach ($matches as $m) { -$data[$m[1]] = $m[3]; +$data[$m[1]] = $m[3] ? $m[3] : $m[4]; unset($needed_parts[$m[1]]); }
[PHP-DOC] cvs: phpdoc /en/features http-auth.xml
takagi Wed Aug 16 04:07:22 2006 UTC Modified files: /phpdoc/en/features http-auth.xml Log: Examples indentation. http://cvs.php.net/viewvc.cgi/phpdoc/en/features/http-auth.xml?r1=1.46&r2=1.47&diff_format=u Index: phpdoc/en/features/http-auth.xml diff -u phpdoc/en/features/http-auth.xml:1.46 phpdoc/en/features/http-auth.xml:1.47 --- phpdoc/en/features/http-auth.xml:1.46 Tue Aug 15 16:17:01 2006 +++ phpdoc/en/features/http-auth.xmlWed Aug 16 04:07:22 2006 @@ -1,5 +1,5 @@ - + HTTP authentication with PHP @@ -197,15 +197,14 @@ if (!isset($_SERVER['PHP_AUTH_USER']) || ($_POST['SeenBefore'] == 1 && $_POST['OldAuth'] == $_SERVER['PHP_AUTH_USER'])) { authenticate(); -} -else { - echo "Welcome: {$_SERVER['PHP_AUTH_USER']}"; - echo "Old: {$_REQUEST['OldAuth']}"; - echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; +} else { +echo "Welcome: {$_SERVER['PHP_AUTH_USER']}"; +echo "Old: {$_REQUEST['OldAuth']}"; +echo "\n"; +echo "\n"; +echo "\n"; +echo "\n"; +echo "\n"; } ?> ]]>
[PHP-DOC] cvs: phpdoc /en/features http-auth.xml
vrana Tue Aug 15 16:17:01 2006 UTC Modified files: /phpdoc/en/features http-auth.xml Log: Examples indentation http://cvs.php.net/viewvc.cgi/phpdoc/en/features/http-auth.xml?r1=1.45&r2=1.46&diff_format=u Index: phpdoc/en/features/http-auth.xml diff -u phpdoc/en/features/http-auth.xml:1.45 phpdoc/en/features/http-auth.xml:1.46 --- phpdoc/en/features/http-auth.xml:1.45 Mon May 8 23:07:26 2006 +++ phpdoc/en/features/http-auth.xmlTue Aug 15 16:17:01 2006 @@ -1,5 +1,5 @@ - + HTTP authentication with PHP @@ -41,15 +41,15 @@ @@ -187,18 +187,18 @@
[PHP-DOC] cvs: phpdoc /en/features http-auth.xml
simpMon May 8 23:07:26 2006 UTC Modified files: /phpdoc/en/features http-auth.xml Log: bug #37371 http://cvs.php.net/viewcvs.cgi/phpdoc/en/features/http-auth.xml?r1=1.44&r2=1.45&diff_format=u Index: phpdoc/en/features/http-auth.xml diff -u phpdoc/en/features/http-auth.xml:1.44 phpdoc/en/features/http-auth.xml:1.45 --- phpdoc/en/features/http-auth.xml:1.44 Sun Nov 6 11:57:46 2005 +++ phpdoc/en/features/http-auth.xmlMon May 8 23:07:26 2006 @@ -1,5 +1,5 @@ - + HTTP authentication with PHP @@ -76,7 +76,7 @@ if (empty($_SERVER['PHP_AUTH_DIGEST'])) { header('HTTP/1.1 401 Unauthorized'); header('WWW-Authenticate: Digest realm="'.$realm. - '" qop="auth" nonce="'.uniqid().'" opaque="'.md5($realm).'"'); + '",qop="auth",nonce="'.uniqid().'",opaque="'.md5($realm).'"'); die('Text to send if user hits Cancel button'); } @@ -129,7 +129,8 @@ compatibility with all clients, the keyword "Basic" should be written with an uppercase "B", the realm string must be enclosed in double (not single) quotes, and exactly one space should precede the 401 code in the -HTTP/1.0 401 header line. +HTTP/1.0 401 header line. Authentication parameters have +to be comma-separated as seen in the digest example above.
[PHP-DOC] cvs: phpdoc /en/features http-auth.xml
nlopess Sun Nov 6 06:57:48 2005 EDT Modified files: /phpdoc/en/features http-auth.xml Log: improve the http auth script by making a smarter parsing function. I hope this makes the page smaller http://cvs.php.net/diff.php/phpdoc/en/features/http-auth.xml?r1=1.43&r2=1.44&ty=u Index: phpdoc/en/features/http-auth.xml diff -u phpdoc/en/features/http-auth.xml:1.43 phpdoc/en/features/http-auth.xml:1.44 --- phpdoc/en/features/http-auth.xml:1.43 Sat Aug 27 19:48:12 2005 +++ phpdoc/en/features/http-auth.xmlSun Nov 6 06:57:46 2005 @@ -1,5 +1,5 @@ - + HTTP authentication with PHP @@ -73,7 +73,7 @@ $users = array('admin' => 'mypass', 'guest' => 'guest'); -if (!isset($_SERVER['PHP_AUTH_DIGEST'])) { +if (empty($_SERVER['PHP_AUTH_DIGEST'])) { header('HTTP/1.1 401 Unauthorized'); header('WWW-Authenticate: Digest realm="'.$realm. '" qop="auth" nonce="'.uniqid().'" opaque="'.md5($realm).'"'); @@ -81,24 +81,41 @@ die('Text to send if user hits Cancel button'); } -// analyze the PHP_AUTH_DIGEST variable -preg_match('/username="(?P.*)",\s*realm="(?P.*)",\s*nonce="(?P.*)",\s*uri="(?P.*)",\s*response="(?P.*)",\s*opaque="(?P.*)",\s*qop=(?P.*),\s*nc=(?P.*),\s*cnonce="(?P.*)"/', $_SERVER['PHP_AUTH_DIGEST'], $digest); -if (!isset($users[$digest['username']])) -die('Username not valid!'); +// analyze the PHP_AUTH_DIGEST variable +if (!($data = http_digest_parse($_SERVER['PHP_AUTH_DIGEST'])) || +!isset($users[$data['username']])) +die('Wrong Credentials!'); // generate the valid response -$A1 = md5($digest['username'] . ':' . $realm . ':' . $users[$digest['username']]); -$A2 = md5($_SERVER['REQUEST_METHOD'].':'.$digest['uri']); -$valid_response = md5($A1.':'.$digest['nonce'].':'.$digest['nc'].':'.$digest['cnonce'].':'.$digest['qop'].':'.$A2); +$A1 = md5($data['username'] . ':' . $realm . ':' . $users[$data['username']]); +$A2 = md5($_SERVER['REQUEST_METHOD'].':'.$data['uri']); +$valid_response = md5($A1.':'.$data['nonce'].':'.$data['nc'].':'.$data['cnonce'].':'.$data['qop'].':'.$A2); -if ($digest['response'] != $valid_response) +if ($data['response'] != $valid_response) die('Wrong Credentials!'); // ok, valid username & password -echo 'Your are logged in as: ' . $digest['username']; +echo 'Your are logged in as: ' . $data['username']; + +// function to parse the http auth header +function http_digest_parse($txt) +{ +// protect against missing data +$needed_parts = array('nonce'=>1, 'nc'=>1, 'cnonce'=>1, 'qop'=>1, 'username'=>1, 'uri'=>1, 'response'=>1); +$data = array(); + +preg_match_all('@(\w+)=([\'"]?)([a-zA-Z0-9=./\_-]+)\2@', $txt, $matches, PREG_SET_ORDER); + +foreach ($matches as $m) { +$data[$m[1]] = $m[3]; +unset($needed_parts[$m[1]]); +} + +return $needed_parts ? false : $data; +} ?> ]]>
[PHP-DOC] cvs: phpdoc /en/features http-auth.xml
derek Sat Aug 27 19:48:16 2005 EDT Modified files: /phpdoc/en/features http-auth.xml Log: Corrected mispelling of 'analyze' http://cvs.php.net/diff.php/phpdoc/en/features/http-auth.xml?r1=1.42&r2=1.43&ty=u Index: phpdoc/en/features/http-auth.xml diff -u phpdoc/en/features/http-auth.xml:1.42 phpdoc/en/features/http-auth.xml:1.43 --- phpdoc/en/features/http-auth.xml:1.42 Sun Apr 10 05:56:39 2005 +++ phpdoc/en/features/http-auth.xmlSat Aug 27 19:48:12 2005 @@ -1,5 +1,5 @@ - + HTTP authentication with PHP @@ -81,7 +81,7 @@ die('Text to send if user hits Cancel button'); } -// analise the PHP_AUTH_DIGEST variable +// analyze the PHP_AUTH_DIGEST variable preg_match('/username="(?P.*)",\s*realm="(?P.*)",\s*nonce="(?P.*)",\s*uri="(?P.*)",\s*response="(?P.*)",\s*opaque="(?P.*)",\s*qop=(?P.*),\s*nc=(?P.*),\s*cnonce="(?P.*)"/', $_SERVER['PHP_AUTH_DIGEST'], $digest); if (!isset($users[$digest['username']]))
[PHP-DOC] cvs: phpdoc /en/features http-auth.xml
nlopess Wed Dec 8 10:36:10 2004 EDT Modified files: /phpdoc/en/features http-auth.xml Log: php5 automatically fills [PHP_AUTH_XX] on IIS http://cvs.php.net/diff.php/phpdoc/en/features/http-auth.xml?r1=1.40&r2=1.41&ty=u Index: phpdoc/en/features/http-auth.xml diff -u phpdoc/en/features/http-auth.xml:1.40 phpdoc/en/features/http-auth.xml:1.41 --- phpdoc/en/features/http-auth.xml:1.40 Mon May 24 17:20:47 2004 +++ phpdoc/en/features/http-auth.xmlWed Dec 8 10:36:10 2004 @@ -1,5 +1,5 @@ - + HTTP authentication with PHP @@ -163,11 +163,11 @@ should be left unchecked. - Another limitation is if you're using the IIS module (ISAPI), you may not - use the PHP_AUTH_* variables but instead, the variable - HTTP_AUTHORIZATION is available. For example, consider - the following code: list($user, $pw) = explode(':', - base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6))); + Another limitation is if you're using the IIS module (ISAPI) and PHP 4, you + may not use the PHP_AUTH_* variables but instead, the + variable HTTP_AUTHORIZATION is available. For example, + consider the following code: list($user, $pw) = explode(':', +base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6))); IIS Note:
[PHP-DOC] cvs: phpdoc /en/features http-auth.xml /en/reference/apache/functions apache-response-headers.xml /en/reference/array/functions array-key-exists.xml range.xml /en/reference/curl reference.xml /en/reference/imap/functions imap-get-quota.xml /en/reference/math/functions log.xml /en/reference/misc/functions exit.xml /en/reference/nsapi/functions nsapi-response-headers.xml /en/reference/strings/functions sprintf.xml
daveFri Mar 5 21:40:23 2004 EDT Modified files: /phpdoc/en/features http-auth.xml /phpdoc/en/reference/apache/functions apache-response-headers.xml /phpdoc/en/reference/array/functionsarray-key-exists.xml range.xml /phpdoc/en/reference/curl reference.xml /phpdoc/en/reference/imap/functions imap-get-quota.xml /phpdoc/en/reference/math/functions log.xml /phpdoc/en/reference/misc/functions exit.xml /phpdoc/en/reference/nsapi/functionsnsapi-response-headers.xml /phpdoc/en/reference/strings/functions sprintf.xml Log: - "PHP version x.y" => "PHP x.y" consistency. http://cvs.php.net/diff.php/phpdoc/en/features/http-auth.xml?r1=1.37&r2=1.38&ty=u Index: phpdoc/en/features/http-auth.xml diff -u phpdoc/en/features/http-auth.xml:1.37 phpdoc/en/features/http-auth.xml:1.38 --- phpdoc/en/features/http-auth.xml:1.37 Tue Jan 6 04:23:31 2004 +++ phpdoc/en/features/http-auth.xmlFri Mar 5 21:40:17 2004 @@ -1,5 +1,5 @@ - + HTTP authentication with PHP @@ -26,7 +26,7 @@ Autoglobals, such as $_SERVER, became -available in PHP version 4.1.0. +available in PHP 4.1.0. $HTTP_SERVER_VARS has been available since PHP 3. http://cvs.php.net/diff.php/phpdoc/en/reference/apache/functions/apache-response-headers.xml?r1=1.5&r2=1.6&ty=u Index: phpdoc/en/reference/apache/functions/apache-response-headers.xml diff -u phpdoc/en/reference/apache/functions/apache-response-headers.xml:1.5 phpdoc/en/reference/apache/functions/apache-response-headers.xml:1.6 --- phpdoc/en/reference/apache/functions/apache-response-headers.xml:1.5Sun Dec 7 16:01:09 2003 +++ phpdoc/en/reference/apache/functions/apache-response-headers.xmlFri Mar 5 21:40:18 2004 @@ -1,5 +1,5 @@ - + @@ -16,7 +16,7 @@ Returns an array of all Apache response headers. This functionality - is only available in PHP version 4.3.0 and greater. + is only available in PHP 4.3.0 and greater. &reference.apache.note-nsapi-module; http://cvs.php.net/diff.php/phpdoc/en/reference/array/functions/array-key-exists.xml?r1=1.7&r2=1.8&ty=u Index: phpdoc/en/reference/array/functions/array-key-exists.xml diff -u phpdoc/en/reference/array/functions/array-key-exists.xml:1.7 phpdoc/en/reference/array/functions/array-key-exists.xml:1.8 --- phpdoc/en/reference/array/functions/array-key-exists.xml:1.7Fri Jul 25 12:38:56 2003 +++ phpdoc/en/reference/array/functions/array-key-exists.xmlFri Mar 5 21:40:19 2004 @@ -1,5 +1,5 @@ - + @@ -37,7 +37,7 @@ The name of this function is key_exists - in PHP version 4.0.6. + in PHP 4.0.6. http://cvs.php.net/diff.php/phpdoc/en/reference/array/functions/range.xml?r1=1.13&r2=1.14&ty=u Index: phpdoc/en/reference/array/functions/range.xml diff -u phpdoc/en/reference/array/functions/range.xml:1.13 phpdoc/en/reference/array/functions/range.xml:1.14 --- phpdoc/en/reference/array/functions/range.xml:1.13 Thu Dec 18 12:43:30 2003 +++ phpdoc/en/reference/array/functions/range.xml Fri Mar 5 21:40:19 2004 @@ -1,5 +1,5 @@ - + @@ -66,7 +66,7 @@ - Prior to PHP version 4.1.0, range only generated + Prior to PHP 4.1.0, range only generated incrementing integer arrays. Support for character sequences and decrementing arrays was added in 4.1.0. Character sequence values are limited to a length of one. If a length greater than one is http://cvs.php.net/diff.php/phpdoc/en/reference/curl/reference.xml?r1=1.10&r2=1.11&ty=u Index: phpdoc/en/reference/curl/reference.xml diff -u phpdoc/en/reference/curl/reference.xml:1.10 phpdoc/en/reference/curl/reference.xml:1.11 --- phpdoc/en/reference/curl/reference.xml:1.10 Mon Dec 15 11:47:50 2003 +++ phpdoc/en/reference/curl/reference.xml Fri Mar 5 21:40:20 2004 @@ -1,5 +1,5 @@ - + CURL, Client URL Library Functions CURL @@ -28,7 +28,7 @@ In order to use the CURL functions you need to install the CURL package. PHP requires that you use CURL 7.0.2-beta or higher. PHP will not work with any version of - CURL below version 7.0.2-beta. In PHP version 4.2.3, you will need + CURL below version 7.0.2-beta. In PHP 4.2.3, you will need CURL version 7.9.0 or higher. From PHP 4.3.0, you will need a CURL version that's 7.9.8 or higher. PHP 5.0.0 will most likely require a CURL version greater than 7.10.5 http://cvs.php.net/diff.php/phpdoc/en/reference/imap/functions/imap-get-quota.xml?r1=1.11&r2=1.12&ty=u Index: phpdoc/en/reference/imap/functions/imap-get-quota.xml diff -u phpdoc/en/reference/imap/functions/imap-get-quota.xml:1.11 phpdoc/en/reference/imap/functions/imap-get-quota.xml:1.12 --- phpdoc/en/reference/imap/functions/imap-get-quota.xml:1.11 Thu Dec 18 12:44:50 2003 +++ phpdoc/en/reference/imap/functions/imap-
[PHP-DOC] cvs: phpdoc /en/features http-auth.xml
philip Thu Jun 5 13:36:29 2003 EDT Modified files: /phpdoc/en/features http-auth.xml Log: A note about IIS + CGI http auth working in 4.3.3+, this documents bug #23902 Index: phpdoc/en/features/http-auth.xml diff -u phpdoc/en/features/http-auth.xml:1.34 phpdoc/en/features/http-auth.xml:1.35 --- phpdoc/en/features/http-auth.xml:1.34 Mon Mar 24 06:24:29 2003 +++ phpdoc/en/features/http-auth.xmlThu Jun 5 13:36:29 2003 @@ -1,5 +1,5 @@ - + HTTP authentication with PHP @@ -155,14 +155,28 @@ '_' key to clear their authentication information, however. - Also note that this does not work using Microsoft's IIS server and - the CGI version of PHP due to a limitation of IIS. If you're using - the IIS module (ISAPI), you may use the HTTP_AUTHORIZATION -variable for example: list($user, $pw) = - explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6))); - + Also note that until PHP 4.3.3, HTTP Authentication did not work + using Microsoft's IIS server with the CGI version of PHP due to a + limitation of IIS. In order to get it to work in PHP 4.3.3+, + you must edit your IIS configuration "Directory Security". Click + on "Edit" and only check "Anonymous Access", all other fields + should be left unchecked. - + + Another limitation is if you're using the IIS module (ISAPI), you may not + use the PHP_AUTH_* variables but instead, the variable + HTTP_AUTHORIZATION is available. For example, consider + the following code: list($user, $pw) = explode(':', + base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6))); + + + IIS Note: + +For HTTP Authentication to work with IIS, the PHP directive +cgi.rfc2616_headers must +be set to 0 (the default value). + + If safe mode is enabled, the -- PHP Documentation Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DOC] cvs: phpdoc /en/features http-auth.xml
philip Tue Mar 18 11:13:18 2003 EDT Modified files: /phpdoc/en/features http-auth.xml Log: A small mention of IIS/ISAPI and HTTP_AUTHORIZATION. This topic needs additional research. Index: phpdoc/en/features/http-auth.xml diff -u phpdoc/en/features/http-auth.xml:1.32 phpdoc/en/features/http-auth.xml:1.33 --- phpdoc/en/features/http-auth.xml:1.32 Tue Feb 4 08:05:06 2003 +++ phpdoc/en/features/http-auth.xmlTue Mar 18 11:13:17 2003 @@ -1,5 +1,5 @@ - + HTTP authentication with PHP @@ -156,7 +156,11 @@ Also note that this does not work using Microsoft's IIS server and - the CGI version of PHP due to a limitation of IIS. + the CGI version of PHP due to a limitation of IIS. If you're using + the IIS module (ISAPI), you may use the HTTP_AUTHORIZATION +variable for example: list($user, $pw) = + explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6))); + -- PHP Documentation Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DOC] cvs: phpdoc /en/features http-auth.xml
tom Sun Jan 19 04:46:52 2003 EDT Modified files: /phpdoc/en/features http-auth.xml Log: changed example that html-result fits on the screen (bug #21727) Index: phpdoc/en/features/http-auth.xml diff -u phpdoc/en/features/http-auth.xml:1.30 phpdoc/en/features/http-auth.xml:1.31 --- phpdoc/en/features/http-auth.xml:1.30 Wed Dec 25 05:19:32 2002 +++ phpdoc/en/features/http-auth.xmlSun Jan 19 04:46:52 2003 @@ -1,5 +1,5 @@ - + HTTP authentication with PHP @@ -127,7 +127,8 @@ exit; } - if (!isset($_SERVER['PHP_AUTH_USER']) || ($_POST['SeenBefore'] == 1 && $_POST['OldAuth'] == $_SERVER['PHP_AUTH_USER'])) { + if (!isset($_SERVER['PHP_AUTH_USER']) || + ($_POST['SeenBefore'] == 1 && $_POST['OldAuth'] == $_SERVER['PHP_AUTH_USER'])) { authenticate(); } else { -- PHP Documentation Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DOC] cvs: phpdoc /en/features http-auth.xml
philip Wed Dec 25 05:19:32 2002 EDT Modified files: /phpdoc/en/features http-auth.xml Log: Reflect current behavior regarding external-auth and PHP_AUTH variables. They are only disabled if safe mode is on as of 4.3.0 Before this time they were not disabled. Index: phpdoc/en/features/http-auth.xml diff -u phpdoc/en/features/http-auth.xml:1.29 phpdoc/en/features/http-auth.xml:1.30 --- phpdoc/en/features/http-auth.xml:1.29 Sun Dec 15 10:48:39 2002 +++ phpdoc/en/features/http-auth.xmlWed Dec 25 05:19:32 2002 @@ -1,5 +1,5 @@ - + HTTP authentication with PHP @@ -84,12 +84,13 @@ - In order to prevent someone from writing a script which reveals - the password for a page that was authenticated through a - traditional external mechanism, the PHP_AUTH variables will not be + As of PHP 4.3.0, in order to prevent someone from writing a script which + reveals the password for a page that was authenticated through a + traditional external mechanism, the PHP_AUTH variables will not be set if external authentication is enabled for that particular - page. In this case, REMOTE_USER can be used - to identify the externally-authenticated user. So, + page and safe mode is + enabled. Regardless, REMOTE_USER can be used + to identify the externally-authenticated user. So, you can use $_SERVER['REMOTE_USER']. @@ -98,9 +99,6 @@ PHP uses the presence of an AuthType directive to determine whether external authentication is in effect. -Remember to avoid this directive for the context where you want to -use PHP authentication (otherwise each authentication attempt -will fail). -- PHP Documentation Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DOC] cvs: phpdoc /en/features http-auth.xml
slawek Sun Dec 15 10:48:39 2002 EDT Modified files: /phpdoc/en/features http-auth.xml Log: ws fix Index: phpdoc/en/features/http-auth.xml diff -u phpdoc/en/features/http-auth.xml:1.28 phpdoc/en/features/http-auth.xml:1.29 --- phpdoc/en/features/http-auth.xml:1.28 Tue Sep 24 15:57:27 2002 +++ phpdoc/en/features/http-auth.xmlSun Dec 15 10:48:39 2002 @@ -1,5 +1,5 @@ - + HTTP authentication with PHP @@ -118,8 +118,8 @@ - HTTP Authentication example forcing a new name/password - +HTTP Authentication example forcing a new name/password +
[PHP-DOC] cvs: phpdoc /en/features http-auth.xml
cortesi Tue Sep 24 15:57:27 2002 EDT Modified files: /phpdoc/en/features http-auth.xml Log: fixing example (it printed \n on screen) Index: phpdoc/en/features/http-auth.xml diff -u phpdoc/en/features/http-auth.xml:1.27 phpdoc/en/features/http-auth.xml:1.28 --- phpdoc/en/features/http-auth.xml:1.27 Sat Jul 13 17:37:03 2002 +++ phpdoc/en/features/http-auth.xmlTue Sep 24 15:57:27 2002 @@ -1,5 +1,5 @@ - + HTTP authentication with PHP @@ -44,7 +44,7 @@ if (!isset($_SERVER['PHP_AUTH_USER'])) { header('WWW-Authenticate: Basic realm="My Realm"'); header('HTTP/1.0 401 Unauthorized'); -echo 'Text to send if user hits Cancel button\n'; +echo 'Text to send if user hits Cancel button'; exit; } else { echo "Hello {$_SERVER['PHP_AUTH_USER']}."; -- PHP Documentation Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DOC] cvs: phpdoc /en/features http-auth.xml
philip Sat Jul 13 17:37:04 2002 EDT Modified files: /phpdoc/en/features http-auth.xml Log: * Made all examples and text work with register_globals = off (closes bug #18328) * Minor textual changes, and added links to other manual sections * A little whitespace fixing Index: phpdoc/en/features/http-auth.xml diff -u phpdoc/en/features/http-auth.xml:1.26 phpdoc/en/features/http-auth.xml:1.27 --- phpdoc/en/features/http-auth.xml:1.26 Tue Jul 2 13:27:25 2002 +++ phpdoc/en/features/http-auth.xmlSat Jul 13 17:37:03 2002 @@ -1,5 +1,5 @@ - + HTTP authentication with PHP @@ -10,25 +10,41 @@ header function to send an "Authentication Required" message to the client browser causing it to pop up a Username/Password input window. Once the user has filled in a username and a password, - the URL containing the PHP script will be called again with the variables, - $PHP_AUTH_USER, $PHP_AUTH_PW and $PHP_AUTH_TYPE set to the user - name, password and authentication type respectively. Only "Basic" - authentication is supported at this point. See the header - function for more information. - + the URL containing the PHP script will be called again with the + predefined variables + PHP_AUTH_USER, PHP_AUTH_PW, + and PHP_AUTH_TYPE set to the user name, password and + authentication type respectively. These predefined variables are found + in the $_SERVER and + $HTTP_SERVER_VARS arrays. Only "Basic" authentication + is supported. See the header function for more + information. + + + + PHP Version Note + +Autoglobals, +such as $_SERVER, became +available in PHP version 4.1.0. +$HTTP_SERVER_VARS has been available since PHP 3. + + + An example script fragment which would force client authentication - on a page would be the following: - + on a page is as follows: + + HTTP Authentication example - + + - Note + Compatibility Note Please be careful when coding the HTTP header lines. In order to guarantee maximum compatibility with all clients, the keyword "Basic" should be written with an uppercase "B", the realm string must be enclosed in double (not single) quotes, -and exactly one space should precede the "401" code in the "HTTP/1.0 401" header line. +and exactly one space should precede the 401 code in the +HTTP/1.0 401 header line. - Instead of simply printing out the $PHP_AUTH_USER and - $PHP_AUTH_PW, you would probably want to check the username and - password for validity. Perhaps by sending a query to a database, - or by looking up the user in a dbm file. + Instead of simply printing out PHP_AUTH_USER + and PHP_AUTH_PW, as done in the above example, + you may want to check the username and password for validity. + Perhaps by sending a query to a database, or by looking up the + user in a dbm file. + Watch out for buggy Internet Explorer browsers out there. They seem very picky about the order of the headers. Sending the WWW-Authenticate header before the HTTP/1.0 401 header seems to do the trick - for now. + for now. + In order to prevent someone from writing a script which reveals the password for a page that was authenticated through a traditional external mechanism, the PHP_AUTH variables will not be set if external authentication is enabled for that particular - page. In this case, the $REMOTE_USER variable can be used to - identify the externally-authenticated user. + page. In this case, REMOTE_USER can be used + to identify the externally-authenticated user. So, + $_SERVER['REMOTE_USER']. + Configuration Note @@ -84,27 +107,29 @@ Note, however, that the above does not prevent someone who controls a non-authenticated URL from stealing passwords from - authenticated URLs on the same server. + authenticated URLs on the same server. + Both Netscape Navigator and Internet Explorer will clear the local browser window's authentication cache for the realm upon receiving a server response of 401. This can effectively "log out" a user, forcing them to re-enter their username and password. Some people - use this to "time out" logins, or provide a "log-out" button. - + use this to "time out" logins, or provide a "log-out" button. + + HTTP Authentication example forcing a new name/password - - + + + This behavior is not required by the HTTP Basic authentication standard, so you should never depend on this. Testing with Lynx @@ -136,7 +162,7 @@ -If safe mode is enabled the +If safe mode is enabled, the uid of the script is added to the realm part of the WWW-Authenticate header. -- PHP Documentation Mailing List (http://www.php.net/) To unsubscrib
[PHP-DOC] cvs: phpdoc /en/features http-auth.xml
philip Tue Jul 2 13:27:26 2002 EDT Modified files: /phpdoc/en/features http-auth.xml Log: More fixes related to bug #18102 Index: phpdoc/en/features/http-auth.xml diff -u phpdoc/en/features/http-auth.xml:1.25 phpdoc/en/features/http-auth.xml:1.26 --- phpdoc/en/features/http-auth.xml:1.25 Tue Jul 2 02:19:44 2002 +++ phpdoc/en/features/http-auth.xmlTue Jul 2 13:27:25 2002 @@ -1,5 +1,5 @@ - + HTTP authentication with PHP @@ -104,15 +104,15 @@ exit; } - if (!isset($_SERVER['PHP_AUTH_USER']) || ($SeenBefore == 1 && $OldAuth == $_SERVER['$PHP_AUTH_USER']))) { + if (!isset($_SERVER['PHP_AUTH_USER']) || ($SeenBefore == 1 && $OldAuth == +$_SERVER['PHP_AUTH_USER']))) { authenticate(); } else { - echo "Welcome: {$_SERVER['$PHP_AUTH_USER']}"; - echo "Old: {$_REQUEST['$OldAuth']}"; - echo "\n"; + echo "Welcome: {$_SERVER['PHP_AUTH_USER']}"; + echo "Old: {$_REQUEST['OldAuth']}"; + echo "\n"; echo "\n"; - echo "\n"; + echo "\n"; echo "\n"; echo "\n"; } -- PHP Documentation Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DOC] cvs: phpdoc /en/features http-auth.xml
derick Tue Jul 2 02:19:44 2002 EDT Modified files: /phpdoc/en/features http-auth.xml Log: - Fix for bug #18102 Index: phpdoc/en/features/http-auth.xml diff -u phpdoc/en/features/http-auth.xml:1.24 phpdoc/en/features/http-auth.xml:1.25 --- phpdoc/en/features/http-auth.xml:1.24 Fri Jun 21 18:37:54 2002 +++ phpdoc/en/features/http-auth.xmlTue Jul 2 02:19:44 2002 @@ -1,5 +1,5 @@ - + HTTP authentication with PHP @@ -32,7 +32,7 @@ exit; } else { echo "Hello {$_SERVER['PHP_AUTH_USER']}."; -echo "You entered {$_SERVER['$PHP_AUTH_PW']} as your password."; +echo "You entered {$_SERVER['PHP_AUTH_PW']} as your password."; } ?> ]]> -- PHP Documentation Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DOC] cvs: phpdoc /en/features http-auth.xml
slawek Fri Jun 21 18:37:54 2002 EDT Modified files: /phpdoc/en/features http-auth.xml Log: Removed from Index: phpdoc/en/features/http-auth.xml diff -u phpdoc/en/features/http-auth.xml:1.23 phpdoc/en/features/http-auth.xml:1.24 --- phpdoc/en/features/http-auth.xml:1.23 Mon Jun 10 19:02:32 2002 +++ phpdoc/en/features/http-auth.xmlFri Jun 21 18:37:54 2002 @@ -1,5 +1,5 @@ - + HTTP authentication with PHP @@ -135,7 +135,6 @@ - Note If safe mode is enabled the uid of the script is added to the realm part of
[PHP-DOC] cvs: phpdoc /en/features http-auth.xml safe-mode.xml /en/reference/http/functions header.xml
sr Sat May 11 16:29:52 2002 EDT Modified files: /phpdoc/en/features http-auth.xml safe-mode.xml /phpdoc/en/reference/http/functions header.xml Log: Documented addition of uid to WWW-Authenticate-realm in safe mode. Index: phpdoc/en/features/http-auth.xml diff -u phpdoc/en/features/http-auth.xml:1.21 phpdoc/en/features/http-auth.xml:1.22 --- phpdoc/en/features/http-auth.xml:1.21 Fri Feb 8 08:40:43 2002 +++ phpdoc/en/features/http-auth.xmlSat May 11 16:29:49 2002 @@ -1,5 +1,5 @@ - + HTTP authentication with PHP @@ -133,6 +133,15 @@ Also note that this does not work using Microsoft's IIS server and the CGI version of PHP due to a limitation of IIS. + + + Note + +If safe mode is enabled the +uid of the script is added to the realm part of +the WWW-Authenticate header. + + Index: phpdoc/en/features/safe-mode.xml diff -u phpdoc/en/features/safe-mode.xml:1.23 phpdoc/en/features/safe-mode.xml:1.24 --- phpdoc/en/features/safe-mode.xml:1.23 Sat May 11 16:25:38 2002 +++ phpdoc/en/features/safe-mode.xmlSat May 11 16:29:49 2002 @@ -1,5 +1,5 @@ - + Safe Mode @@ -271,6 +271,13 @@ (case-insensitive) will not be returned. Warning: this is broken with the aol-server implementation of getallheaders! + + +header +In safe mode, the uid of the script is added to the +realm part of the +WWW-Authenticate header if you set this +header (used for HTTP Authentication). Index: phpdoc/en/reference/http/functions/header.xml diff -u phpdoc/en/reference/http/functions/header.xml:1.2 phpdoc/en/reference/http/functions/header.xml:1.3 --- phpdoc/en/reference/http/functions/header.xml:1.2 Wed Apr 17 02:38:27 2002 +++ phpdoc/en/reference/http/functions/header.xml Sat May 11 16:29:49 2002 @@ -1,5 +1,5 @@ - + @@ -200,6 +200,14 @@ + + + If safe mode is enabled the + uid of the script is added to the realm part + of the WWW-Authenticate header if you set + this header (used for HTTP Authentication). + + See also headers_sent, setcookie, and the section on
[PHP-DOC] cvs: phpdoc /en/features http-auth.xml
gobaSat Dec 22 11:28:34 2001 EDT Modified files: /phpdoc/en/features http-auth.xml Log: Correct paragraph and if conditions spacing Index: phpdoc/en/features/http-auth.xml diff -u phpdoc/en/features/http-auth.xml:1.19 phpdoc/en/features/http-auth.xml:1.20 --- phpdoc/en/features/http-auth.xml:1.19 Wed Dec 12 15:46:34 2001 +++ phpdoc/en/features/http-auth.xmlSat Dec 22 11:28:34 2001 @@ -1,5 +1,5 @@ - + HTTP authentication with PHP @@ -25,7 +25,7 @@
[PHP-DOC] cvs: phpdoc /en/features http-auth.xml /hu Translators /hu/features http-auth.xml
gobaSun Jul 8 11:11:15 2001 EDT Modified files: /phpdoc/en/features http-auth.xml /phpdoc/hu Translators /phpdoc/hu/features http-auth.xml Log: HTML cosmetics, updating translation Index: phpdoc/en/features/http-auth.xml diff -u phpdoc/en/features/http-auth.xml:1.11 phpdoc/en/features/http-auth.xml:1.12 --- phpdoc/en/features/http-auth.xml:1.11 Sat Jun 23 16:10:51 2001 +++ phpdoc/en/features/http-auth.xmlSun Jul 8 11:11:13 2001 @@ -23,13 +23,13 @@ "; -echo "You entered $PHP_AUTH_PW as your password.\n"; + echo "\n"; } ?> Index: phpdoc/hu/Translators diff -u phpdoc/hu/Translators:1.26 phpdoc/hu/Translators:1.27 --- phpdoc/hu/Translators:1.26 Sun Jul 8 10:40:17 2001 +++ phpdoc/hu/Translators Sun Jul 8 11:11:13 2001 @@ -55,16 +55,16 @@ reserved.xmlHojtsy Gábor1.2 resources.xml Hojtsy Gábor1.13 --- chapters -config.xml Hojtsy Gábor1.11 -install.xml Hojtsy Gábor1.31 +config.xml Hojtsy Gábor1.11 + +install.xml Hojtsy Gábor1.31 ++ intro.xml Hojtsy Gábor1.15 -security.xmlHojtsy Gábor1.18 +security.xmlHojtsy Gábor1.19 --- features -connection-handling.xml Hojtsy Gábor1.2 +connection-handling.xml Hojtsy Gábor1.3 cookies.xml Hojtsy Gábor1.5 -error-handling.xml Hojtsy Gábor1.14 +error-handling.xml Hojtsy Gábor1.16 file-upload.xml Hojtsy Gábor1.18 -http-auth.xml Hojtsy Gábor1.8 +http-auth.xml Hojtsy Gábor1.12 images.xml Hojtsy Gábor1.8 persistent-connections.xml Hojtsy Gábor1.7 remote-files.xmlHojtsy Gábor1.6 Index: phpdoc/hu/features/http-auth.xml diff -u phpdoc/hu/features/http-auth.xml:1.5 phpdoc/hu/features/http-auth.xml:1.6 --- phpdoc/hu/features/http-auth.xml:1.5Sat Jun 23 16:35:11 2001 +++ phpdoc/hu/features/http-auth.xmlSun Jul 8 11:11:14 2001 @@ -25,19 +25,30 @@ - + + + + Megjegyzés + +Vigyázz a HTTP fejlécek írásakor! A maximális kompatibilitás eléréséhez +a "Basic" kulcsszót nagy B betûvel kezdd, a "realm" részt mindenképpen tedd +idézõjelbe (és nem aposztrófok közé)! Végül pontosan egy szóközt hagyj +ki a "401" elõtt a "HTTP/1.0 401" fejléc sorban. + + + Egy valós esetben persze nem a $PHP_AUTH_USER és $PHP_AUTH_PW kiírása az elérni kívánt cél, így @@ -62,6 +73,17 @@ nevét. + + Beállítási megjegyzés + +A PHP az AuthType direktíva megléte alapján +dönti el, hogy rajta kívülálló azonosítás történik-e. +Figyelj ennek a direktívának az elkerülésére abban a környezetben, +ahol a PHP-t szeretnéd használni azonosítások kezelésére (különben +minden azonosítási próbálkozás sikertelen lesz). + + + Vedd észre, hogy ez nem küszöböli ki azt a problémát, hogy más nem azonosítás-köteles URL címeken lévõ @@ -83,8 +105,8 @@ @@ -115,6 +137,7 @@ feltételek nem változtak. Ellenben a felhasználó megnyomhatja a '_' billentyût, hogy törölje az azo"; +echo "
Hello $PHP_AUTH_USER.
"; +echo "You entered $PHP_AUTH_PW as your password.
"; } ?> @@ -93,8 +93,8 @@ "; + echo "Welcome: $PHP_AUTH_USER
"; echo "Old: $OldAuth"; - echo "
Re: [PHP-DOC] cvs: phpdoc /en/features http-auth.xml /en/functions apache.xml array.xml aspell.xml calendar.xml com.xml datetime.xml dba.xml dir.xml errorfunc.xml filesystem.xml ftp.xml funchand.xml gettext.xml http.xml ibase.xml icap.xml imap.xml info.xm
The same thing has been done to all other languages, but the commit mail seems to not show up here (maybe it is too large?). This is a list of all unchanged identifiers, of which most of them probably need a rename. There are also some strange entries here, some of which could be xml-errors in the documentation. Greetz, Jeroen AddCSlashes AddSlashes COM COM::COM FrenchToJD GetImageSize GregorianToJD hw_Array2Objrec hw_Children hw_ChildrenObj hw_Close hw_Connect hw_Cp hw_Deleteobject hw_DocByAnchor hw_DocByAnchorObj hw_Document_Attributes hw_Document_BodyTag hw_Document_Content hw_Document_SetContent hw_Document_Size hw_EditText hw_Error hw_ErrorMsg hw_Free_Document hw_GetAnchors hw_GetAnchorsObj hw_GetAndLock hw_GetChildColl hw_GetChildCollObj hw_GetChildDocColl hw_GetChildDocCollObj hw_GetObject hw_GetObjectByQuery hw_GetObjectByQueryColl hw_GetObjectByQueryCollObj hw_GetObjectByQueryObj hw_GetParents hw_GetParentsObj hw_GetRemote hw_GetRemoteChildren hw_GetSrcByDestObj hw_GetText hw_Identify hw_InCollections hw_Info hw_InsColl hw_InsDoc hw_InsertDocument hw_InsertObject hw_Modifyobject hw_Mv hw_New_Document hw_Objrec2Array hw_Output_Document hw_pConnect hw_PipeDocument hw_Root hw_Unlock hw_Who ImageAlphaBlending ImageArc ImageChar ImageCharUp ImageColorAllocate ImageColorAt ImageColorClosest ImageColorClosestAlpha ImageColorDeAllocate ImageColorExact ImageColorExactAlpha ImageColorResolve ImageColorResolveAlpha ImageColorSet ImageColorsForIndex ImageColorsTotal ImageColorTransparent ImageCopy ImageCopyMerge ImageCopyMergeGray ImageCopyResampled ImageCopyResized ImageCreate ImageCreateFromGIF ImageCreateFromGif ImageCreateFromJPEG ImagecreateFromJPEG ImageCreateFromPNG ImageCreateFromString ImageCreateFromWBMP ImageCreateTrueColor ImageDashedLine ImageDestroy ImageEllipse ImageFill ImageFilledArc ImageFilledEllipse ImageFilledPolygon ImageFilledRectangle ImageFillToBorder ImageFontHeight ImageFontWidth ImageGammaCorrect ImageGIF ImageInterlace ImageJPEG ImageLine ImageLoadFont ImagePNG ImagePolygon ImagePSBBox ImagePSCopyFont ImagePSEncodeFont ImagePsExtendFont ImagePSFreeFont ImagePSLoadFont ImagePsSlantFont ImagePSText ImageRectangle ImageSetBrush ImageSetPixel ImageSetStyle ImageSetThickness ImageSetTile ImageString ImageStringUp ImageSX ImageSY ImageTrueColorToPalette ImageTTFBBox ImageTTFText ImageTypes ImageWBMP imageWBMP JDDayOfWeek JDMonthName JDToFrench JDToGregorian JDToJewish JDToJulian JewishToJD JulianToJD OCIBindByName OciBindByName OCICancel OCICollAssign OCICollAssignElem OCICollGetElem OCICollMax OCICollSize OCICollTrim OCIColumnIsNULL OCIColumnName OCIColumnPrecision OCIColumnScale OCIColumnSize OCIColumnType OCIColumnTypeRaw OCICommit OCIDefineByName OCIError OCIExecute OCIFetch OCIFetchInto OCIFetchStatement OCIFreeCollection OCIFreeCursor OCIFreeDesc OCIFreeStatement OCIInternalDebug OCILoadLob OCILogOff OCILogon OCINewCollection OCINewCursor OCINewDescriptor OCINLogon OCINumCols OCIParse OCIPLogon OCIResult OCIRollback OCIRowCount OCISaveLob OCISaveLobFile OCIServerVersion OCIStatementType OCIWriteLobToFile Ora_Bind Ora_Close Ora_ColumnName Ora_ColumnSize Ora_ColumnType Ora_Commit Ora_CommitOff Ora_CommitOn Ora_Do Ora_Error Ora_ErrorCode Ora_Exec Ora_Fetch Ora_Fetch_Into Ora_GetColumn Ora_Logoff Ora_Logon Ora_Numcols Ora_Numrows Ora_Open Ora_Parse Ora_pLogon Ora_Rollback OrbitEnum OrbitObject OrbitStruct Parallel searching using YAZ PassThru Pattern Modifiers Pattern Syntax pdf_open_CCITT PEAR PEAR::isError PEAR_Error PEAR_Error::PEAR_Error pg_Connect pg_ErrorMessage pg_Exec SetCookie swf_actionGetUrl swf_actionGotoFrame swf_actionGotoLabel swf_actionSetTarget swf_actionWaitForFrame swf_endButton swf_onCondition swf_shapeArc swf_shapeFillOff swf_shapeFillSolid swf_shapeLineSolid swf_shapeLineTo swf_shapeMoveTo SWFAction SWFBitmap SWFBitmap->getHeight SWFBitmap->getWidth SWFbutton SWFbutton->addAction SWFbutton->addShape SWFbutton->setAction SWFbutton->setdown SWFbutton->setHit SWFbutton->setOver SWFbutton->setUp SWFDisplayItem SWFDisplayItem->addColor SWFDisplayItem->move SWFDisplayItem->moveTo SWFDisplayItem->multColor SWFDisplayItem->remove SWFDisplayItem->Rotate SWFDisplayItem->rotateTo SWFDisplayItem->scale SWFDisplayItem->scaleTo SWFDisplayItem->setDepth SWFDisplayItem->setName SWFDisplayItem->setRatio SWFDisplayItem->skewX SWFDisplayItem->skewXTo SWFDisplayItem->skewY SWFDisplayItem->skewYTo SWFFill SWFFill->moveTo SWFFill->rotateTo SWFFill->scaleTo SWFFill->skewXTo SWFFill->skewYTo SWFFont SWFGradient SWFGradient->addEntry SWFMorph SWFMorph->getshape1 SWFMorph->getshape2 SWFMovie SWFMovie->add SWFMovie->nextframe SWFMovie->output SWFMovie->remove SWFMovie->save SWFMovie->setbackground SWFMovie->setdimension SWFMovie->setframes SWFMovie->setrate SWFMovie->streammp3 SWFShape SWFShape->addFill SWFShape->addJpegFill SWFShape->drawCurve SWFShape->drawCurveTo SWFShape->drawLine SWFShape->drawLineTo SWFShape->movePen SWFShape->movePenTo SWFShape->setLeftFill SWFShape->setLine SWF
[PHP-DOC] cvs: phpdoc /en/features http-auth.xml
jimwFri Jan 12 15:25:53 2001 EDT Modified files: /phpdoc/en/features http-auth.xml Log: incorporate user note Index: phpdoc/en/features/http-auth.xml diff -u phpdoc/en/features/http-auth.xml:1.7 phpdoc/en/features/http-auth.xml:1.8 --- phpdoc/en/features/http-auth.xml:1.7Tue Jan 9 04:37:56 2001 +++ phpdoc/en/features/http-auth.xmlFri Jan 12 15:25:52 2001 @@ -61,7 +61,7 @@ controls a non-authenticated URL from stealing passwords from authenticated URLs on the same server. - Both Netscape and Internet Explorer will clear the local browser + Both Netscape Navigator and Internet Explorer will clear the local browser window's authentication cache for the realm upon receiving a server response of 401. This can effectively "log out" a user, forcing them to re-enter their username and password. Some people @@ -99,12 +99,14 @@ standard, so you should never depend on this. Testing with Lynx has shown that Lynx does not clear the authentication credentials with a 401 server response, so pressing back and then forward - again will open the resource (as long as the credential - requirements haven't changed). + again will open the resource as long as the credential + requirements haven't changed. The user can press the + '_' key to clear their authentication information, however. + Also note that this does not work using Microsoft's IIS server and - the CGI version of PHP due to a limitation of IIS. - + the CGI version of PHP due to a limitation of IIS. +