Hi,
>
> IIRC if you unset $_SERVER['PHP_AUTH_USER'] and
> $_SERVER['PHP_AUTH_PW'] it will log you out.
I've done some research on this in the past - and not all browsers/web servers
honour that as it's the browser that keeps the username/password cached and
sends it after a 401 response, so th
On Fri, Nov 27, 2009 at 12:12 AM, Ashley Sheridan
wrote:
> Hi all,
>
> I've got a site set up that is using an htaccess file to provide secure
> access to a directory. That is working fine. What I wondered was, is
> there a way to log out via PHP. As I understand it, the login mechanism
> is part
Hi all,
I've got a site set up that is using an htaccess file to provide secure
access to a directory. That is working fine. What I wondered was, is
there a way to log out via PHP. As I understand it, the login mechanism
is part of Apache, so I guess what I'm really asking is, is there a way
that
our browser http://toolbar.weberdev.com
-Original Message-
From: enediel gonzalez [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 11, 2006 4:50 PM
To: php-general@lists.php.net
Subject: [PHP] php .htaccess
Hello
I've a site with a .htaccess defined, the users have to enter the
On 1/11/06, enediel gonzalez <[EMAIL PROTECTED]> wrote:
> Hello
>
> I've a site with a .htaccess defined, the users have to enter the login and
> password to get in,
> Is it possible on php to ask the apache server wich user is using the
> current session?
$_SERVER['REMOTE_USER']
-robin
Hello
I've a site with a .htaccess defined, the users have to enter the login and
password to get in,
Is it possible on php to ask the apache server wich user is using the
current session?
I'd like to give the users the oportunity to change their password but
without ask again who are you.
"Justin Patrin" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Jas wrote:
>
> > Combination of session vars and cookie vars...
> > example...
> > [login page]
> > sets cookie with auth=0 (variable)
> > sets session with auth=0 (variable)
> >
> > [logged in page(s)]
> > sets cookie w
Jas wrote:
Combination of session vars and cookie vars...
example...
[login page]
sets cookie with auth=0 (variable)
sets session with auth=0 (variable)
[logged in page(s)]
sets cookie with auth=1 (variable -client side)
sets session with auth=1 (variable -server side)
hash of users password as cl
Combination of session vars and cookie vars...
example...
[login page]
sets cookie with auth=0 (variable)
sets session with auth=0 (variable)
[logged in page(s)]
sets cookie with auth=1 (variable -client side)
sets session with auth=1 (variable -server side)
hash of users password as client side va
On Thursday 11 December 2003 04:17 pm, ROBERT MCPEAK wrote:
> I've dug around quite a bit and can't figure out how I might use PHP to
> handle an .htaccess login. For example, if I wanted a script to log in the
> user, rather than the user logging in with the standard .htaccess dialog.
>
> Any ide
I've dug around quite a bit and can't figure out how I might use PHP to handle an
.htaccess login. For example, if I wanted a script to log in the user, rather than
the user logging in with the standard .htaccess dialog.
Any ideas?
Since the .htaccess vars are stored in the browser, should I b
Being that the files are owned by their respective users, I would imagine
that would make it pretty difficult for the .htaccess file to be
overwritten, if someone found a way to overwrite the file couldn't that
person overwrite any file owned by the ftp user anyway? also I don't see
how someon
Cc: [EMAIL PROTECTED]
> Subject: Re: [PHP] php/.htaccess/.htpasswd
>
> You could use fopen() to connect to the file via ftp therefore keeping
> the .htaccess file owned by the user for increased security.
>
> Josh Boughner
>
> On Fri, 3 May 2002, Mike Eheler wrote:
>
If someone can overwrite your .htaccess there's a chance they can also
view files through the same exploit (possibly). They could then get your
FTP login info, and do a lot more damage than just removing password
access to an area.
Mike
Serj wrote:
> Im not exactly sure why that is worse, cou
You also can't overwrite files using the fopen() method. You'd need to
FTP in, then delete the file, then fopen() it.. or just do the whole
thing in one FTP session (write to a temp file, upload it, erase the
temp file).
Mike
Miguel Cruz wrote:
> Thus leaving the FTP account's password in vie
Im not exactly sure why that is worse, could you elaborate a little?
Josh
On Fri, 3 May 2002, Miguel Cruz wrote:
> Thus leaving the FTP account's password in view of the httpd, which is
> even worse...
>
> miguel
>
> On Fri, 3 May 2002, serj wrote:
> > You could use fopen() to connect to the
Thus leaving the FTP account's password in view of the httpd, which is
even worse...
miguel
On Fri, 3 May 2002, serj wrote:
> You could use fopen() to connect to the file via ftp therefore keeping
> the .htaccess file owned by the user for increased security.
>
> Josh Boughner
>
> On Fri, 3
You could use fopen() to connect to the file via ftp therefore keeping
the .htaccess file owned by the user for increased security.
Josh Boughner
On Fri, 3 May 2002, Mike Eheler wrote:
> It's possible, but is it really recommended? Wouldn't the
> .htaccess/.htpasswd file have to be owned by t
It's possible, but is it really recommended? Wouldn't the
.htaccess/.htpasswd file have to be owned by the apache user, which
might leave it open to being overwritten by any kind of a
weak/exploitable script?
Mike
Josh & Valerie McCormack wrote:
> I've used the script phtaccess, which I think
I've used the script phtaccess, which I think used the mentioned class.
Super easy to use.
Josh
>On Wed, 1 May 2002, Kelly Meeks wrote:
>
>>> Is is possible to use php to admin a password file used by a .htaccess file?
>>
>
> You should check the File_Passwd class from PEAR.
>
> htt
On Wed, 1 May 2002, Kelly Meeks wrote:
> Is is possible to use php to admin a password file used by a .htaccess file?
You should check the File_Passwd class from PEAR.
http://chora.php.net/cvs.php/php4/pear/File
--
Mika Tuupola http://www.appelsiini.net/~t
AIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, May 01, 2002 2:12 PM
Subject: [PHP] php/.htaccess/.htpasswd
Is is possible to use php to admin a password file used by a .htaccess file?
I know that sometimes it is easier/more robust to manage password protection
via sessions/data
Is is possible to use php to admin a password file used by a .htaccess file?
I know that sometimes it is easier/more robust to manage password protection via
sessions/database, but I've got a client that wants to use a .htaccess file.
How do you deal with the encryption of the passwords, etc?
> Does anybody know or have some PHP code to read the htaccess file.
Off the top of my head:
You may need to use mcrypt(), and the encryption used by your OS may or may
not be available, and your OS may or may not have been configured at some
point to use a different encryption, so the passwor
hello,
you can see with the following syntax :
http://login:[EMAIL PROTECTED]/protecteddir/
So, the user enter the code and passwd from a PHP form,
then you redirect him with this syntax.
But prefer redirection with a javascript, because M$ Explorer seems do not
love this:
Header("Location:
Hey
Take a look at www.phpbuilder.com, www.devshed.com or one of they many good
sites on the net. Here you will find tutorials, forums, tips etc, that you
can use for increase your experiance. I also suggest books to increase your
exp to...
http://www.php.net/links.php for more links
At 05
Hello Everybody,
Does anybody know or have some PHP code to read the htaccess file.
I have a couple of directorys protected by the htaccess & htpasswd files on
the Unix Apache server I use. But I want to create a webpage with input
boxes to simulate the popup dialog that appears when entering the
27 matches
Mail list logo
