I just mentioned that as an example.
For this authentification the server sends a Authorization header.
The client's browser requests the credentials from the user and save them
in the RAM.
Now the client's browser sends the credentials to the server.
And what's important: The browser sends th
On 6/10/2013 4:33 PM, Julian Wanke wrote:
I think that the problem here is, that the unset of the
$_SERVER["PHP_AUTH_USER"] variable is not affecting the client's browser.
If you've got a directory protection, the browser needs a restart to
show the login dialog before.
I may be wrong because I'm
I think that the problem here is, that the unset of the
$_SERVER["PHP_AUTH_USER"] variable is not affecting the client's browser.
If you've got a directory protection, the browser needs a restart to show
the login dialog before.
I may be wrong because I'm using forms normally but the Authentifi
Trying to learn how this works for a simple security need I have.
Nothing serious, hence this experiment.
My code:
if (!isset($_SERVER['PHP_AUTH_USER']))
{
header('WWW-Authenticate: Basic realm="My Realm"');
header('HTTP/1.0 401 Unauthorized');
echo 'You have chosen not to signin';
e
Jay Blanchard wrote:
[snip]
In certain circumstances controlled by my users, I'd like to redirect
my users to another site, a third party whom we have contracted with.
The second site uses basic authentication with a simple username and
password. Can I write my PHP code so my users do not have
[snip]
In certain circumstances controlled by my users, I'd like to redirect
my users to another site, a third party whom we have contracted with.
The second site uses basic authentication with a simple username and
password. Can I write my PHP code so my users do not have to login
(or even kno
depends on how that site does its authentication...
if it's a form, it may need an extra setting to allow you to go to a
specific page on that site after authentication.
On Wed, Mar 3, 2010 at 8:25 PM, Bill Rausch wrote:
>
>
> Hi there,
>
> In certain circumstances controlled by my users, I'd li
Hi there,
In certain circumstances controlled by my users, I'd like to redirect
my users to another site, a third party whom we have contracted with.
The second site uses basic authentication with a simple username and
password. Can I write my PHP code so my users do not have to login
(or e
At 12:46 PM -0500 1/15/09, Jason Pruim wrote:
Hey tedd,
One thing I just thought of that I'm sure you checked but just in
case... With the current system do they have any way of adding new
users to it? If so... there would be info in a file that had
the algorithm info you need...
Other then
At 9:11 AM -0600 1/15/09, Boyd, Todd M. wrote:
tedd,
It would appear your Standard DES and MD5 labels are actually both MD5.
Also--there is more than just Standard DES. Once DES was determined to
be relatively IN-secure, more algorithms like Triple DES, G-DES, DES-X,
LOKI89, and ICE were create
At 7:56 PM -0500 1/14/09, Andrew Ballard wrote:
I didn't get that from your original post at all. You asked how to
"create an encoded password string that would work in a .htaccess file
using basic authentication."
Yes, but that was before I knew that generating a password from the
command lin
At 12:42 AM +0100 1/15/09, Edmund Hertle wrote:
I think I do not really understand your problem... searching for
standard crypt algorithms? google, wikipedia and such should help.
I solved the problem myself, which basically meant there was no way
to determine what the algorithm was except for
On Jan 15, 2009, at 12:32 PM, tedd wrote:
At 11:43 PM + 1/14/09, Ashley Sheridan wrote:
>
Surely that's a good thing then? Security through obscurity and all
that...
Ash
Ash:
Certainly it's a good thing -- until the client asks for another
password.
At this point, I have four log
At 11:43 PM + 1/14/09, Ashley Sheridan wrote:
>
Surely that's a good thing then? Security through obscurity and all
that...
Ash
Ash:
Certainly it's a good thing -- until the client asks for another password.
At this point, I have four logon and password combinations to use. I
can tell
> -Original Message-
> From: tedd [mailto:tedd.sperl...@gmail.com]
> Sent: Wednesday, January 14, 2009 5:18 PM
> To: Shawn McKenzie; php-general@lists.php.net
> Subject: Re: [PHP] Basic Authentication
>
> At 2:19 PM -0600 1/14/09, Shawn McKenzie wrote:
> >
>
On Wed, Jan 14, 2009 at 6:17 PM, tedd wrote:
> At 2:19 PM -0600 1/14/09, Shawn McKenzie wrote:
>>
>>
>> As others have said, use crypt().
>> http://php.net/manual/function.crypt.php has Example #2 Using crypt()
>> with htpasswd.
>
>
> Thanks, but that doesn't really solve my problem.
>
> You see,
[PHP] Basic Authentication
> At 2:19 PM -0600 1/14/09, Shawn McKenzie wrote:
> >
> >
> >As others have said, use crypt().
> >http://php.net/manual/function.crypt.php has Example #2 Using crypt()
> >with htpasswd.
>
>
> Thanks, but that doesn't really
2009/1/15 tedd
> At 2:19 PM -0600 1/14/09, Shawn McKenzie wrote:
>
>>
>>
>> As others have said, use crypt().
>> http://php.net/manual/function.crypt.php has Example #2 Using crypt()
>> with htpasswd.
>>
>
>
> Thanks, but that doesn't really solve my problem.
>
> You see, I know the password and
tedd wrote:
At 2:19 PM -0600 1/14/09, Shawn McKenzie wrote:
As others have said, use crypt().
http://php.net/manual/function.crypt.php has Example #2 Using crypt()
with htpasswd.
Thanks, but that doesn't really solve my problem.
You see, I know the password and I know the encoded result --
On Wed, 2009-01-14 at 18:17 -0500, tedd wrote:
> At 2:19 PM -0600 1/14/09, Shawn McKenzie wrote:
> >
> >
> >As others have said, use crypt().
> >http://php.net/manual/function.crypt.php has Example #2 Using crypt()
> >with htpasswd.
>
>
> Thanks, but that doesn't really solve my problem.
>
> You
At 2:19 PM -0600 1/14/09, Shawn McKenzie wrote:
As others have said, use crypt().
http://php.net/manual/function.crypt.php has Example #2 Using crypt()
with htpasswd.
Thanks, but that doesn't really solve my problem.
You see, I know the password and I know the encoded result -- what I
don'
tedd wrote:
>> What it is depends on what encryption routines you have installed.
>>
>> The algorithm to authenticate detects the algorithm based on the hash.
>>
>> 32-char : MD5
>> $1$ : SHA-1
>> $2$ : SHA-2
>> etc.
>> (Apologies if I got my tokens/algorithms wrong)
>>
>> If you just toss
2009/1/14 tedd
> What it is depends on what encryption routines you have installed.
>>
>> The algorithm to authenticate detects the algorithm based on the hash.
>>
>> 32-char : MD5
>> $1$ : SHA-1
>> $2$ : SHA-2
>> etc.
>> (Apologies if I got my tokens/algorithms wrong)
>>
>> If you just t
On Wed, Jan 14, 2009 at 2:34 PM, tedd wrote:
>> What it is depends on what encryption routines you have installed.
>>
>> The algorithm to authenticate detects the algorithm based on the hash.
>>
>> 32-char : MD5
>> $1$ : SHA-1
>> $2$ : SHA-2
>> etc.
>> (Apologies if I got my tokens/algorit
an 2009 12:31:15 -0500
Subject: [PHP] Basic Authentication
> Hi gang:
>
> Let's say that I don't want to use the htpasswd command from the UNIX
> shell to generate an encoded password -- how else can I create an
> encoded password string that would work in a .h
What it is depends on what encryption routines you have installed.
The algorithm to authenticate detects the algorithm based on the hash.
32-char : MD5
$1$ : SHA-1
$2$ : SHA-2
etc.
(Apologies if I got my tokens/algorithms wrong)
If you just toss MD5s in there, it should work, I think, i
What it is depends on what encryption routines you have installed.
The algorithm to authenticate detects the algorithm based on the hash.
32-char : MD5
$1$ : SHA-1
$2$ : SHA-2
etc.
(Apologies if I got my tokens/algorithms wrong)
If you just toss MD5s in there, it should work,
At 12:51 PM -0500 1/14/09, Andrew Ballard wrote:
On Wed, Jan 14, 2009 at 12:36 PM, Stuart wrote:
2009/1/14 tedd :
Let's say that I don't want to use the htpasswd command from the UNIX shell
to generate an encoded password -- how else can I create an
encoded password
string that would wor
On Wed, Jan 14, 2009 at 12:36 PM, Stuart wrote:
> 2009/1/14 tedd :
>> Let's say that I don't want to use the htpasswd command from the UNIX shell
>> to generate an encoded password -- how else can I create an encoded password
>> string that would work in a .htaccess file using basic authentication
2009/1/14 tedd :
> Let's say that I don't want to use the htpasswd command from the UNIX shell
> to generate an encoded password -- how else can I create an encoded password
> string that would work in a .htaccess file using basic authentication?
AFAIK it's an MD5 hash, nothing more complicated th
Hi gang:
Let's say that I don't want to use the htpasswd command from the UNIX
shell to generate an encoded password -- how else can I create an
encoded password string that would work in a .htaccess file using
basic authentication?
Cheers,
tedd
--
---
http://sperling.com http://anci
With apache, you can easily match up a L/P to an htpasswd file. With
IIS, the user has to be created as the windows level. I'm moving a site
from an apache server to an IIS server, and need to figure out an easy
way to do basic authentication. I guess putting a chunk of code at the
top of every sc
32 matches
Mail list logo
