[PHP] apache_request_headers() does not return HTTP Authorization headers
Hello, my PHP is running as Apache module. if safe_mode=on function apache_request_headers() does not return Authorization headers so there is no possibilty to validate "HTTP Digest Authorization ..." if safe_mode=off all wotks OK. I send to browser : Header( "HTTP/1.0 401 Unauthorized"); Header( "WWW-Authenticate: Digest realm=\"www.myrealm.sk\", opaque=\"{$opaque}\", nonce=\"{$nonce}\", stale=\"{$stale}\", qop=\"auth\""); browser respond with HTTP header : Authorization: Digest . which is OK, but this header is not included in apache_request_headers() I thing, that is a bug ... or can anyone help ? Thank you LacaK. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] pache_request_headers() does not return HTTP Authorization headers
if safe_mode=on so there is no possibilty to validate HTTP Digest Authorization ... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: [suspicious - maybe spam] detecting a leading hyphen from post data
try use : if (strpos($string,"-")==0) //first char is index 0 not 1 ! or if (strpos($string,"-")!==false) //find anywhere in string -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: detecting a leading hyphen from post data
sorry correct is : if (strpos($string,"-")===0) //3*= exact match, first char is index 0 not 1 ! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] apache_request_headers() does not return HTTP Authorization headers
if safe_mode=on so there is no possibilty to validate HTTP Digest Authorization ... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: http authentication with safe mode enabled?!
Hello Roman, yes if safe_mode=on then Authorization header is hidden from phpinfo() and apache_request_headers(), but variables $_SERVER["PHP_AUTH_USER"] and "PHP_AUTH_PW" are set , when Basic authorization is used ! (it works in my configuration of Apache and PHP) Problem may be in Apache . When directory (where requested file is) is protected by Apache authentication, then $_SERVER variables are not set. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Memory exhausted message wrong
Only try -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Authorization header is missing from apache_request_headers() array
Hello, When I try to use "HTTP Digest Authorization" using code like : Header( "HTTP/1.0 401 Unauthorized"); Header( "WWW-Authenticate: Digest realm=\"www.myrealm.com\", opaque=\"opaque\", nonce=\"nonce\", stale=\"false\", qop=\"auth\""); browser returns in HTTP request Authorization header like this one : Digest username="lacak", realm="www.myrealm.com", qop="auth", algorithm="MD5", uri="/devel/phpinfo.php", nonce="5e8ac9b033001458fc5380d8a88325a2", nc=0004, cnonce="c9495e4af19fa6b08eb045f32e6ced79", response="fbd8f86b45334202b2cac380f29d9706" When PHP runs as apache module with safe_mode=off I can read this header using apache_request_headers() function But when safe_mode=On, then apache_request_headers() returns no Authorization (this is documented behavior) Is this bug or exists other way how access Authorization header ? Can anyone help ? How to report this to php developers, to fix this problem ? Thank you LacaK. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: http authentication with safe mode enabled?!
Yes, documentation says : "If safe mode is enabled, the uid of the script is added to the realm part of the WWW-Authenticate header. " and second : "The HTTP Authentication hooks in PHP are only available when it is running as an Apache module and is hence not available in the CGI version" and also : "Also note that until PHP 4.3.3, HTTP Authentication did not work using Microsoft's IIS server with the CGI version of PHP due to a limitation of IIS ..." This seems to be a minor bug in PHP concept... PHP Authentication (Basic) works when : 1. PHP is running as apache module 2. safe_mode=off or safe_mode=on, but external authentication in Apache is disabled ("PHP uses the presence of an AuthType directive to determine whether external authentication is in effect") At this time I do not now, how to help you ? Try report it to bugs ? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Authorization header is missing from apache_request_headers() array
Richard Lynch wrote: I could be *WAY* wrong, but I thought nobody ever bothered with Digest Auth because, e. It's not better/safer than HTTP Auth? "HTTP Basic Authorization" send login:password in clear text (only base64 encoded) so it can be 'eavesdropped' in "HTTP Digest Authorization" password is hashed md5(...) co can not be direct readed. Digest is more secure than Basic and was developed as replacement of Basic You might as well go with SSL if you go to that much trouble? Yes SSL is solution, but when ISP does not support it ... ? Not enough browsers support it? I have tested it with IE5.x, FireFox 1, Opera 7 and all works OK Okay, so clearly I don't remember why I thought this. Google for "PHP HTTP Digest Authentication" and see what turns up... But don't be surprised if the answer is "Not supported" -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] zlib.output_compression
Can anyone help me with this question : when I write script like this : page displays, that zlib.output_compression is On, but realy is not compresed (is send only like text/html) Is possible to turn on compression (enable) in user script (using ini_set), or only disable ini_set('zlib.output_compression', false); ? Thanks -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] zlib.output_compression
I see contents using Network Monitor, so I se response header and contents andthey are uncompressed, so somresion does not uccured. It's likely the browser is uncomressing it before you ever see it. I would telnet to port 80 and make an HTTP request to see for sure. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] zlib.output_compression
Thank you, I know this technique : ob_start('ob_gzhandler'); but I am interesting on : ini_set('zlib.output_compression', true); /this is preffered method as stated in manual : Also note that using ini.zlib.output_compression is preferred over ob_gzhandler(). / And I do not understand, why it does not works ? I have reported it as a bug ... LacaK. Jasper Bryant-Greene wrote: To turn it on: ob_start('ob_gzhandler'); To turn it off: while(@ob_end_clean()); header('Content-Encoding: identity'); -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] zlib.output_compression
Yes, my browser send "Accept-Encoding: gzip,deflate" When I alter : "zlib.output_compression=on" in php.ini it works fine ! Only runtime alter : ini_set('zlib.output_compression', true); does not work !? LacaK. M. Sokolewicz wrote: Is your browser sending an accept-encoding header containing gzip? (eg. Accept-Encoding: gzip,deflate). If not, then PHP will reason it should not send gzip-encoded content because the browser won't understand. - tul LacaK wrote: Thank you, I know this technique : ob_start('ob_gzhandler'); but I am interesting on : ini_set('zlib.output_compression', true); /this is preffered method as stated in manual : Also note that using ini.zlib.output_compression is preferred over ob_gzhandler(). / And I do not understand, why it does not works ? I have reported it as a bug ... LacaK. Jasper Bryant-Greene wrote: To turn it on: ob_start('ob_gzhandler'); To turn it off: while(@ob_end_clean()); header('Content-Encoding: identity'); -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] zlib.output_compression
of course I have removed ob_start(...) david forums wrote: do not forget to remove ob_start, also you'll make double compression regards Le Tue, 12 Jul 2005 12:29:02 +0200, LacaK <[EMAIL PROTECTED]> a écrit: Thank you, I know this technique : ob_start('ob_gzhandler'); but I am interesting on : ini_set('zlib.output_compression', true); /this is preffered method as stated in manual : Also note that using ini.zlib.output_compression is preferred over ob_gzhandler(). / And I do not understand, why it does not works ? I have reported it as a bug ... LacaK. Jasper Bryant-Greene wrote: To turn it on: ob_start('ob_gzhandler'); To turn it off: while(@ob_end_clean()); header('Content-Encoding: identity'); -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] zlib.output_compression
Thanks for reply, In documentation is stated, than "zlib.output_compression" is changeable at PHP_INI_ALL. If there is no possibility to change it in script, why it is not PHP_INI_SYSTEM|PHP_INI_PERDIR ? And at second : When I set "zlib.output_compression=on" in php.ini, then I CAN turn it off in script using ini_set('zlib.output_compression', false); /*this works !*/ Why does not work ini_set('zlib.output_compression', true); ? /*this is a first line in script, so no output is already send*/ BUG No. is 33653 http://bugs.php.net/bug.php?id=33653 , but [EMAIL PROTECTED] market is as Bogus I still think, that it does not work as expected. LacaK. Jasper Bryant-Greene wrote: LacaK wrote: Yes, my browser send "Accept-Encoding: gzip,deflate" When I alter : "zlib.output_compression=on" in php.ini it works fine ! Only runtime alter : ini_set('zlib.output_compression', true); does not work !? LacaK. I'm pretty sure this behaviour is by design -- it doesn't make sense to allow setting it at runtime as some output could already have been made. Be interesting to see what the bug report digs up, though -- can we have a link? Jasper -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] zlib.output_compression
Yes, I tried setting it to 1 and also "on" and 4096 /*buffer size*/, but the same result. phpinfo() says, that zlib.output_compression=on, but page is not compressed. I have checked source code of php, but I am not able to find, why it does not work ? Can any one explain, why is possible set zlib.output_compression from On /*in php.ini*/ to Off /*using ini_set()*/, but not from Off to On ? Thanks LacaK. Mikey wrote: LacaK wrote: Thanks for reply, In documentation is stated, than "zlib.output_compression" is changeable at PHP_INI_ALL. If there is no possibility to change it in script, why it is not PHP_INI_SYSTEM|PHP_INI_PERDIR ? And at second : When I set "zlib.output_compression=on" in php.ini, then I CAN turn it off in script using ini_set('zlib.output_compression', false); /*this works !*/ Why does not work ini_set('zlib.output_compression', true); ? /*this is a first line in script, so no output is already send*/ BUG No. is 33653 http://bugs.php.net/bug.php?id=33653 , but [EMAIL PROTECTED] market is as Bogus I still think, that it does not work as expected. LacaK. Jasper Bryant-Greene wrote: LacaK wrote: Yes, my browser send "Accept-Encoding: gzip,deflate" When I alter : "zlib.output_compression=on" in php.ini it works fine ! Only runtime alter : ini_set('zlib.output_compression', true); does not work !? LacaK. I'm pretty sure this behaviour is by design -- it doesn't make sense to allow setting it at runtime as some output could already have been made. Be interesting to see what the bug report digs up, though -- can we have a link? Jasper Just my 2 cents worth but have you tried setting it to 1 rather than true? I know that that is the format you need to use in .htaccess files, maybe it is the same for ini_set? HTH, Mikey -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php