[PHP] apache_request_headers() does not return HTTP Authorization headers

2005-03-18 Thread LacaK
Hello,
my PHP is running as Apache module.

if safe_mode=on
function apache_request_headers() does not return Authorization headers
so there is no possibilty to validate "HTTP Digest Authorization ..."

if safe_mode=off
all wotks OK.

I send to browser :
 Header( "HTTP/1.0 401 Unauthorized");
 Header( "WWW-Authenticate: Digest realm=\"www.myrealm.sk\",
opaque=\"{$opaque}\", nonce=\"{$nonce}\", stale=\"{$stale}\",
qop=\"auth\"");

browser respond with HTTP header :
Authorization: Digest .

which is OK, but this header is not included in apache_request_headers()

I thing, that is a bug ...
or can anyone help ?

Thank you
LacaK.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[PHP] pache_request_headers() does not return HTTP Authorization headers

2005-03-20 Thread LacaK
if safe_mode=on
so there is no possibilty to validate HTTP Digest Authorization ...

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[PHP] Re: [suspicious - maybe spam] detecting a leading hyphen from post data

2005-03-20 Thread LacaK
try use :
if (strpos($string,"-")==0) //first char is index 0 not 1 !
or
if (strpos($string,"-")!==false) //find anywhere in string

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[PHP] Re: detecting a leading hyphen from post data

2005-03-20 Thread LacaK
sorry correct is :
if (strpos($string,"-")===0) //3*= exact match, first char is index 0 not 1
!

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[PHP] apache_request_headers() does not return HTTP Authorization headers

2005-03-20 Thread LacaK
if safe_mode=on
so there is no possibilty to validate HTTP Digest Authorization ...

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[PHP] Re: http authentication with safe mode enabled?!

2005-03-20 Thread LacaK
Hello Roman,
yes if safe_mode=on then
 Authorization header is hidden from phpinfo() and apache_request_headers(),

but variables $_SERVER["PHP_AUTH_USER"] and "PHP_AUTH_PW"
are set , when Basic authorization is used ! (it works in my configuration
of Apache and PHP)

Problem may be in Apache . When directory (where requested file is) is
protected by Apache authentication, then $_SERVER variables are not set.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] Memory exhausted message wrong

2005-03-20 Thread LacaK
Only try

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[PHP] Authorization header is missing from apache_request_headers() array

2005-03-20 Thread LacaK
Hello,

When I try to use "HTTP Digest Authorization" using code like :

  Header( "HTTP/1.0 401 Unauthorized");
  Header( "WWW-Authenticate: Digest realm=\"www.myrealm.com\",
opaque=\"opaque\", nonce=\"nonce\", stale=\"false\", qop=\"auth\"");

browser returns in HTTP request Authorization header like this one :
Digest username="lacak", realm="www.myrealm.com", qop="auth",
algorithm="MD5", uri="/devel/phpinfo.php",
nonce="5e8ac9b033001458fc5380d8a88325a2", nc=0004,
cnonce="c9495e4af19fa6b08eb045f32e6ced79",
response="fbd8f86b45334202b2cac380f29d9706"

When PHP runs as apache module with safe_mode=off

I can read this header using apache_request_headers() function

But when safe_mode=On,
then apache_request_headers() returns no Authorization (this is documented
behavior)

Is this bug or exists other way how access Authorization header ?
Can anyone help ?
How to report this to php developers, to fix this problem ?

Thank you
LacaK.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[PHP] Re: http authentication with safe mode enabled?!

2005-03-20 Thread LacaK
Yes,
documentation says :
"If safe mode is enabled, the uid of the script is added to the realm part
of the WWW-Authenticate header. "

and second :
"The HTTP Authentication hooks in PHP are only available when it is running
as an Apache module and is hence not available in the CGI version"
and also :
"Also note that until PHP 4.3.3, HTTP Authentication did not work using
Microsoft's IIS server with the CGI version of PHP due to a limitation of
IIS ..."

This seems to be a minor bug in PHP concept...
PHP Authentication (Basic) works when :
1. PHP is running as apache module
2. safe_mode=off or safe_mode=on, but external authentication in Apache is
disabled ("PHP uses the presence of an AuthType directive to determine
whether external authentication is in effect")

At this time I do not now, how to help you ? Try report it to bugs ?

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] Authorization header is missing from apache_request_headers() array

2005-03-21 Thread LacaK
Richard Lynch wrote:
I could be *WAY* wrong, but I thought nobody ever bothered with Digest
Auth because, e.
It's not better/safer than HTTP Auth?
"HTTP Basic Authorization" send login:password in clear text (only 
base64 encoded) so it can be 'eavesdropped'
in
"HTTP Digest Authorization" password is hashed md5(...) co can not be 
direct readed.
Digest is more secure than Basic and was developed as replacement of Basic
You might as well go with SSL if you go to that much trouble?
Yes SSL is solution, but when ISP does not support it ... ?
Not enough browsers support it?
I have tested it with IE5.x, FireFox 1, Opera 7 and all works OK
Okay, so clearly I don't remember why I thought this.
Google for "PHP HTTP Digest Authentication" and see what turns up...
But don't be surprised if the answer is "Not supported"
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[PHP] zlib.output_compression

2005-07-11 Thread LacaK

Can anyone help me with this question :

when I write script like this :


page displays, that zlib.output_compression is On, but realy is not 
compresed (is send only like text/html)


Is possible to turn on compression (enable) in user script (using 
ini_set), or only disable ini_set('zlib.output_compression', false); ?


Thanks

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] zlib.output_compression

2005-07-11 Thread LacaK
I see contents using Network Monitor, so I se response header and 
contents andthey are uncompressed, so somresion does not uccured.


It's likely the browser is uncomressing it before you ever see it.  I
would telnet to port 80 and make an HTTP request to see for sure.




--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] zlib.output_compression

2005-07-12 Thread LacaK

Thank you,
I know this technique : ob_start('ob_gzhandler');
but I am interesting on : ini_set('zlib.output_compression', true);
/this is preffered method as stated in manual :
Also note that using ini.zlib.output_compression is preferred over 
ob_gzhandler(). /

And I do not understand, why it does not works ?
I have reported it as a bug ...
LacaK.

Jasper Bryant-Greene wrote:


To turn it on:
ob_start('ob_gzhandler');

To turn it off:
while(@ob_end_clean());
header('Content-Encoding: identity');


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] zlib.output_compression

2005-07-12 Thread LacaK

Yes, my browser send "Accept-Encoding: gzip,deflate"
When I alter : "zlib.output_compression=on" in php.ini it works fine !
Only runtime alter : ini_set('zlib.output_compression', true); does not 
work !?

LacaK.

M. Sokolewicz wrote:

Is your browser sending an accept-encoding header containing gzip?
(eg. Accept-Encoding: gzip,deflate). If not, then PHP will reason it 
should not send gzip-encoded content because the browser won't understand.


- tul

LacaK wrote:


Thank you,
I know this technique : ob_start('ob_gzhandler');
but I am interesting on : ini_set('zlib.output_compression', true);
/this is preffered method as stated in manual :
Also note that using ini.zlib.output_compression is preferred over 
ob_gzhandler(). /

And I do not understand, why it does not works ?
I have reported it as a bug ...
LacaK.

Jasper Bryant-Greene wrote:



To turn it on:
ob_start('ob_gzhandler');

To turn it off:
while(@ob_end_clean());
header('Content-Encoding: identity');


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] zlib.output_compression

2005-07-12 Thread LacaK

of course I have removed ob_start(...)

david forums wrote:

do not forget to remove ob_start, also you'll make double compression

regards

Le Tue, 12 Jul 2005 12:29:02 +0200, LacaK <[EMAIL PROTECTED]> 
a  écrit:



Thank you,
I know this technique : ob_start('ob_gzhandler');
but I am interesting on : ini_set('zlib.output_compression', true);
/this is preffered method as stated in manual :
Also note that using ini.zlib.output_compression is preferred over  
ob_gzhandler(). /

And I do not understand, why it does not works ?
I have reported it as a bug ...
LacaK.

Jasper Bryant-Greene wrote:


 To turn it on:
ob_start('ob_gzhandler');
 To turn it off:
while(@ob_end_clean());
header('Content-Encoding: identity');





--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] zlib.output_compression

2005-07-12 Thread LacaK

Thanks for reply,

In documentation is stated, than "zlib.output_compression" is changeable 
at PHP_INI_ALL. If there is no possibility to change it in script, why 
it is not PHP_INI_SYSTEM|PHP_INI_PERDIR ?


And at second :
When I set "zlib.output_compression=on" in php.ini, then I CAN turn it 
off in script using ini_set('zlib.output_compression', false); /*this 
works !*/
Why does not work ini_set('zlib.output_compression', true); ? /*this is 
a first line in script, so no output is already send*/


BUG No. is 33653 http://bugs.php.net/bug.php?id=33653 ,
 but [EMAIL PROTECTED] market is as Bogus

I still think, that it does not work as expected.
LacaK.

Jasper Bryant-Greene wrote:

LacaK wrote:


Yes, my browser send "Accept-Encoding: gzip,deflate"
When I alter : "zlib.output_compression=on" in php.ini it works fine !
Only runtime alter : ini_set('zlib.output_compression', true); does 
not work !?

LacaK.



I'm pretty sure this behaviour is by design -- it doesn't make sense to 
allow setting it at runtime as some output could already have been made. 
Be interesting to see what the bug report digs up, though -- can we have 
a link?


Jasper


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] zlib.output_compression

2005-07-13 Thread LacaK
Yes, I tried setting it to 1 and also "on" and 4096 /*buffer size*/, but 
the same result.

phpinfo() says, that zlib.output_compression=on, but page is not compressed.

I have checked source code of php, but I am not able to find, why it 
does not work ?
Can any one explain, why is possible set zlib.output_compression from On 
/*in php.ini*/ to Off /*using ini_set()*/, but not from Off to On ?


Thanks
LacaK.

Mikey wrote:

LacaK wrote:


Thanks for reply,

In documentation is stated, than "zlib.output_compression" is 
changeable at PHP_INI_ALL. If there is no possibility to change it in 
script, why it is not PHP_INI_SYSTEM|PHP_INI_PERDIR ?


And at second :
When I set "zlib.output_compression=on" in php.ini, then I CAN turn it 
off in script using ini_set('zlib.output_compression', false); /*this 
works !*/
Why does not work ini_set('zlib.output_compression', true); ? /*this 
is a first line in script, so no output is already send*/


BUG No. is 33653 http://bugs.php.net/bug.php?id=33653 ,
 but [EMAIL PROTECTED] market is as Bogus

I still think, that it does not work as expected.
LacaK.

Jasper Bryant-Greene wrote:


LacaK wrote:


Yes, my browser send "Accept-Encoding: gzip,deflate"
When I alter : "zlib.output_compression=on" in php.ini it works fine !
Only runtime alter : ini_set('zlib.output_compression', true); does 
not work !?

LacaK.





I'm pretty sure this behaviour is by design -- it doesn't make sense 
to allow setting it at runtime as some output could already have been 
made. Be interesting to see what the bug report digs up, though -- 
can we have a link?


Jasper




Just my 2 cents worth but have you tried setting it to 1 rather than 
true?  I know that that is the format you need to use in .htaccess 
files, maybe it is the same for ini_set?


HTH,

Mikey


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php