Re: [PHP] [posibleOT] Forcing entering te site thru index.php
> > There are several ways to do this. The most obvious is with cookies. > > Set up your index.php to initially create a cookie that authorizes a > > user to look in the site. On the rest of your PHP pages, check that > > this authorization cookie exists. If not, redirect to index.php. > Thanks for the response. > No, this way don't do it: once the cookie is set up in the client's browser, there is no way for me to prevent the client to type the url pointing to another page, and the cookie will be valid on that page. > What i'm trying to do is to force the client to travel pages in the > order expected, forbidding him/her to access a page out of sequence, > wich take him to an error message (because, for example, for abscense of > POST data or something). > So i'm stuck. > Thenak you. You can use the Referer header found in $_SERVER['HTTP_REFERER'] to check from which page the user comes from. /Andreas -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] HTTP headers, IE and downloading
I'm writing a script to view/download an email-attachment. If the file happens to be an MS Word document and the browser IE (only tried with 6.0), then the download fails. If I choose to download (Content-Disposition: attachment; filename="whatever.doc") then only a part of the file (2/3) is saved to disk. Of course viewing the file doesn't work either. It doesn't seem to matter what I set the Content-Type to since IE seems to ignore that anyway, however I've tried application/msword, application/octet-stream and some others. I've tried all the things said in the comments to the header-function in the online-docs at php.net. I know my Content-Length header is correct and the whole procedure works great with Netscape 7.0 and if the attachment is a zip-file or a jpeg-image it also works in both IE and Netscape. Let's just say I'm stumped and I have googled for a solution for a long time and would be very happy if someone had one... Thanks in advance /Andreas -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Magic Quotes
> Now I'm guessing that magic_quotes_runtime is the > one I need to have on, but is that so? I'm also > guessing that aside from using addslashes() and > stripslashes(), I could prob'ly turn on magic_quotes > in php_ini. > > But perhaps because of how I've heard turning > register_globals on via php.ini is a security > hazard, I'm leery of messing with php.ini at all. Magic Quotes is not a security hazard (quite the opposite) so turning it on shouldn't be dangerous. I don't suppose the book tells you why you should always use magic-quotes or addslashes when dealing with databases? If you do not use form-data in a database-query you generally won't need magic-quotes or addslashes(). I guess that's the reason some of those magic_quotes_xyz are not enabled in the php.ini. It's easy enough to check whether you have the magic quotes you need. Write a simple form-page that simply displays what was posted, then post something like: "I'll be back" If the page displays: \"I\'ll be back\" then you're safe and don't need to use addslashes(). /Andreas -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: HTTP headers, IE and downloading
Thanks for your reply! > Have a look at: http://pear.php.net/package/HTTP_Download I looked at it and it's hard to see what it does differently from what I do... > And the first comment of: > http://www.php.net/manual/en/function.session-cache-limiter.php Thanks, I've read that and I'm not using output compression. > Perhaps you should not use ouput-compression, and look at the headers > generated by PHP > > What headers are sent? Do you use sessions? I use sessions, and I've tried to send the same headers as the webserver sends if I download a file directly (rather than through PHP). It doesn't work... Maybe I should just create a temporary file and relocate the browser to it in case the browser is IE... > you can see this using Mozilla + Live Headers, Ethereal, > http://schroepl.net/cgi-bin/http_trace.pl ... Thanks, I've written my own HTTP header tracer in C++, but it hasn't been able to help me since the headers looks good to me... /Andreas -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: HTTP headers, IE and downloading
Thank you for your reply!
> AFAIK the headers sent here are:
>
> 'Content-Type' => 'application/x-octetstream', (perhaps other)
> 'Cache-Control' => 'public',
> 'Accept-Ranges' => 'bytes',
> 'Connection'=> 'close'
[snip]
> Did you try something like this:
>
>header("Content-Type: application/pdf");
>header("Content-Disposition: inline; filename=foo.pdf");
>header("Accept-Ranges: bytes");
>header("Content-Length: $len");
>header("Expires: 0");
>header("Cache-Control: private");
>// header("Pragma: no-cache");//don't send this header!!
>
> ?>
>
> What headers are sent at this moment? Could you post them?
For a normal file (not through PHP) the headers are:
Accept-Ranges: bytes
Connection: Close
Content-Length: 25600
Content-Type: application/msword
Date: Tue, 23 Dec 2003 09:51:19 GMT
ETag: "08f72d578c3c31:8d0"
Last-Modified: Tue, 16 Dec 2003 02:03:44 GMT
Server: Microsoft-IIS/5.0
And through PHP (my script) it is:
Accept-Ranges: bytes
Cache-Control: private
Connection: Close
Content-Disposition: inline; filename="testdoc.doc"
Content-Length: 25600
Content-Type: application/msword; name="testdoc.doc"
Date: Tue, 23 Dec 2003 10:03:35 GMT
Expires: 0
Pragma: public
Server: Microsoft-IIS/5.0
X-Powered-By: PHP/4.2.2
It seems whatever I try to set the headers I have control over, it doesn't
work...
Is there anyway one can stop PHP from sending the Pragma at all?
> If you send the same headers and the same data - there _can_not_ be any
> difference. How should your client recognize any difference? There _must_
be
> a difference! Use a very small file to test it, so you can compare the
whole
> HTTP-Header + Body easily.
Yes, there is a difference, I didn't say there wasn't, just that I couldn't
see how that (to me) small difference would actually make such a big
difference...
Thank you very much!
/Andreas
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: HTTP headers, IE and downloading
"John W. Holmes" <[EMAIL PROTECTED]> skrev i meddelandet news:[EMAIL PROTECTED] > Andreas Magnusson wrote: > > > And through PHP (my script) it is: > > > > Accept-Ranges: bytes > > Cache-Control: private > > I've had the cache-control header cause problems with IE in the past. > It's sent by starting a session, not something you manually send. You > can change it using the session functions, though. Try setting it to > "none". Thanks, I tried that and it actually worked!...once...so since the number of bytes that IE downloads from my file seems to vary each time, I guess it was just a flux of luck that it downloaded the whole file this once sigh... It drives me nuts to think about it, it's just so weird... /Andreas -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] session expires
Hi, I wonder if anyone knows of a way to detect if a session has expired (when your session.cookie_lifetime != 0). I've tried to see if the session-vars are unset, but that doesn't seem to be the case, still everythings seems to be lost. My problem is that I have a page which the user must log in to in order to access it (I use sessions for this). This page contains a form which may take some time to fill in. Now the session may expire during this time and all data will be lost. My plan is to allow the user to login again without losing the data but this requires me to know if the session has expired. Thanks in advance! Andreas -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session expires
"John W. Holmes" <[EMAIL PROTECTED]> skrev i meddelandet news:[EMAIL PROTECTED] > Andreas Magnusson wrote: > > > Hi, I wonder if anyone knows of a way to detect if a session has expired > > (when your session.cookie_lifetime != 0). > > I've tried to see if the session-vars are unset, but that doesn't seem to be > > the case, still everythings seems to be lost. > > My problem is that I have a page which the user must log in to in order to > > access it (I use sessions for this). > > This page contains a form which may take some time to fill in. > > Now the session may expire during this time and all data will be lost. > > My plan is to allow the user to login again without losing the data but this > > requires me to know if the session has expired. > > If you set $_SESSION['user'] and at some point it's not set anymore, > then the session expired. Start a new one, throw the form data into the > session ($_SESSION['post'] = $_POST), allow the user to log in and > redirect back to form processing page, extract post data ($_POST = > $_SESSION['post']), and process the form. Yup, that's basically what I do. Anyway the problem was that I did something stupid (as always). I do a redirect at the end of the page if the headers are not sent, because I have a lot of tests (if:s) and for each fail and some of the successful ones I want to redirect the user back to the main-page. So I trusted that if I wrote some HTML, the headers would've been sent and no redirect performed. No need to say that that was a bad thing to trust. Now I do an exit after emitting HTML instead. Thanks for your help! Andreas -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
