phplib-users Mailing List for PHPLIB (Page 56)
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
phplib-users — A list for users of phplib to talk / discuss phplib
You can subscribe to this list here.
| 2001 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(106) |
Sep
(99) |
Oct
(44) |
Nov
(97) |
Dec
(60) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2002 |
Jan
(56) |
Feb
(81) |
Mar
(134) |
Apr
(69) |
May
(106) |
Jun
(122) |
Jul
(98) |
Aug
(52) |
Sep
(184) |
Oct
(219) |
Nov
(102) |
Dec
(106) |
| 2003 |
Jan
(88) |
Feb
(37) |
Mar
(46) |
Apr
(51) |
May
(30) |
Jun
(17) |
Jul
(45) |
Aug
(19) |
Sep
(5) |
Oct
(4) |
Nov
(12) |
Dec
(7) |
| 2004 |
Jan
(11) |
Feb
(7) |
Mar
|
Apr
(15) |
May
(17) |
Jun
(13) |
Jul
(5) |
Aug
|
Sep
(8) |
Oct
(6) |
Nov
(21) |
Dec
(13) |
| 2005 |
Jan
(4) |
Feb
(3) |
Mar
(7) |
Apr
(7) |
May
|
Jun
(11) |
Jul
(7) |
Aug
|
Sep
|
Oct
|
Nov
(7) |
Dec
|
| 2006 |
Jan
(3) |
Feb
|
Mar
(1) |
Apr
|
May
|
Jun
(2) |
Jul
(1) |
Aug
|
Sep
|
Oct
(9) |
Nov
|
Dec
(5) |
| 2007 |
Jan
(15) |
Feb
(2) |
Mar
|
Apr
|
May
|
Jun
|
Jul
(9) |
Aug
|
Sep
(2) |
Oct
|
Nov
|
Dec
|
| 2008 |
Jan
|
Feb
|
Mar
|
Apr
(12) |
May
|
Jun
(3) |
Jul
(1) |
Aug
(19) |
Sep
(2) |
Oct
|
Nov
|
Dec
(6) |
| 2009 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(6) |
|
From: Giancarlo <gia...@na...> - 2002-06-29 11:53:48
|
Hi I've finished writing and testing a new session and auth classes whose major changes are: -upon login, the session content will be cloned into a NEW session, which will then become THE session in use. It works for both cookie and get mode, included fallback_mode=get This will stop cookie poisoning and takeovers, because the second session will be unknown to an attacker or a snooper, and the initial session will not hold any authentication. The modified auth class is based on my 'simplified auth->start' patch (see patches at phplib on sf), as I refuse to put my hands into the old auth->start crappy method. -That new auth class provides for easy management of login/reg forms within fancy boxes, and has all the client interaction moved out to page.inc (mode=reg/log, auth[uid]='form/nobody' etc) for easy manipulation. No more cancel_login , auth[uid]=nobody, hardcoded mode/reg mode, auth[uid]=form intermediate state. This simple auth can be dropped into any phplib and work as before (splash the login form), except the cancel_login, which no more exists ;-))). It can also be used, with a particuler page.inc provided, to handle login forms in a 'deferred' way (defer the output of the login form), displayed within fancy boxes later in the page, without blocking any other browser instance of auth. If anyone is interested I'll produce a patch of it all. Giancarlo |
|
From: Giancarlo <gia...@na...> - 2002-06-28 11:12:45
|
> I am so happy with the session4 > stuff, it seems to work and it is so much faster than with the MySQL > database!!! the biggest limit of session4 is that it cannot have the equivalent of phplib's mode=cookie fallback_mode=cookie because php.ini's session.use_cooki=1 means 'use cookie if no SID in URL', same as phplib's mode=cookie fallback_mode=get that is, PHP has no 'cookie-or-nothing' choice, which is the only one you should consider if you have a serious auth, perm etc, a la homebanking. There is a patch for that, with a new php.ini's session.use_only_cookie that you can also set in .htaccess or th script (I think), or you have to wait for a future release that comprises it. Gian |
|
From: Peter K. <su...@si...> - 2002-06-28 09:43:37
|
> > God that's a friggin ugly workflow :) Will be fixed soon, I hope. > yes - really ;-) but ... thank you, Donncha, for rewinding the old thread - I am so happy with the session4 stuff, it seems to work and it is so much faster than with the MySQL database!!! Thank you all! Peter Kursawe. |
|
From: nathan r. h. <na...@ds...> - 2002-06-27 19:16:56
|
God that's a friggin ugly workflow :) Will be fixed soon, I hope. -n ------ nathan hruby na...@ds... ------ On Thu, 27 Jun 2002, Donncha O Caoimh wrote: > Documented all that at > http://xeer.blogspot.com/?/2002_06_01_xeer_archive.html#78265256 > > Feel free to comment or correct what I've written there. > > Donncha. > > > On Thursday 27 June 2002 12:02, Donncha O Caoimh wrote: > > Hi all, > > > > I'm dragging up an old thread but I'm only now getting around to > > investigating PHP4 properly. I'm trying to figure out which session class > > to use with PHP4. > > > > The stable directory has the following: > [snip] > > > ------------------------------------------------------- > Sponsored by: > ThinkGeek at http://www.ThinkGeek.com/ > _______________________________________________ > Phplib-users mailing list > Php...@li... > https://lists.sourceforge.net/lists/listinfo/phplib-users > |
|
From: Layne W. <la...@if...> - 2002-06-27 19:11:58
|
> I've been looking all over the place for instructions on how > to install phplib on Windows 2000 when using the PHP4 ISAPI > module and haven't come up with anything. Does this work? > > If so, can someone who has set it up before give me a run > down on what needs to be done to get things working? Once you have PHP4 running, using PHPLib on Win2K is the same as on a Posix server (well, I don't have symlinks and the MySQL port is less robust). I setup directories C:/usr/local/ and C:/var/www/ to mimic my production paths, but really all you need to do is drop PHPLib on your hard drive and modify the IncludePath setting in C:/WINNT/php.ini. Layne Weathers Ifworld Inc. |
|
From: Cindy H. <ci...@wh...> - 2002-06-27 18:57:20
|
Hi folks, I've been looking all over the place for instructions on how to install phplib on Windows 2000 when using the PHP4 ISAPI module and haven't come up with anything. Does this work? If so, can someone who has set it up before give me a run down on what needs to be done to get things working? -- Cindy |
|
From: Donncha O C. <don...@tr...> - 2002-06-27 14:44:38
|
Glad to hear it, it's much faster with PHP4! Thanks for all the hard work= ! Donncha. On Thursday 27 June 2002 15:40, Maxim Derkachev wrote: > oops ... forgot that 'custom' is in the pre-release now ... :) > Seems right then. > > DOC>> Documented all that at > DOC>> http://xeer.blogspot.com/?/2002_06_01_xeer_archive.html#78265256 > > MD> That's wrong. session4_custom.inc should be downloaded from > MD> > http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/phplib/php-lib/php/sessi= on/s >ession4_custom.inc , MD> not from the unsup directory. |
|
From: Maxim D. <max...@bo...> - 2002-06-27 14:40:41
|
oops ... forgot that 'custom' is in the pre-release now ... :) Seems right then. DOC>> Documented all that at DOC>> http://xeer.blogspot.com/?/2002_06_01_xeer_archive.html#78265256 MD> That's wrong. session4_custom.inc should be downloaded from MD> http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/phplib/php-lib/php/session/session4_custom.inc , MD> not from the unsup directory. -- Best regards, Maxim Derkachev mailto:max...@bo... IT manager, Symbol-Plus Publishing Ltd. phone: +7 (812) 324-53-53 www.books.ru, www.symbol.ru |
|
From: Maxim D. <max...@bo...> - 2002-06-27 14:37:45
|
Hello Donncha, Thursday, June 27, 2002, 6:19:41 PM, you wrote: DOC> Documented all that at DOC> http://xeer.blogspot.com/?/2002_06_01_xeer_archive.html#78265256 That's wrong. session4_custom.inc should be downloaded from http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/phplib/php-lib/php/session/session4_custom.inc , not from the unsup directory. -- Best regards, Maxim Derkachev mailto:max...@bo... IT manager, Symbol-Plus Publishing Ltd. phone: +7 (812) 324-53-53 www.books.ru, www.symbol.ru |
|
From: Donncha O C. <don...@tr...> - 2002-06-27 14:19:41
|
Documented all that at=20 http://xeer.blogspot.com/?/2002_06_01_xeer_archive.html#78265256 Feel free to comment or correct what I've written there. Donncha. On Thursday 27 June 2002 12:02, Donncha O Caoimh wrote: > Hi all, > > I'm dragging up an old thread but I'm only now getting around to > investigating PHP4 properly. I'm trying to figure out which session cla= ss > to use with PHP4. > > The stable directory has the following: [snip] |
|
From: Donncha O C. <don...@tr...> - 2002-06-27 11:02:46
|
Hi all, I'm dragging up an old thread but I'm only now getting around to investig= ating=20 PHP4 properly. I'm trying to figure out which session class to use with P= HP4. The stable directory has the following: http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/phplib/php-lib-stable/unsu= p/ which were added only 5 months ago And the unstable has=20 http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/phplib/php-lib/php/session= /=20 which are older files. The session4_custom.inc in each directory is exactly the same, but the st= able=20 directory doesn't have a session4.inc file which confused me as it's requ= ired=20 by the former file. Shouldn't session4.inc be in the tarball that's relea= sed=20 to the public? (this question was also raised elsewhere in this thread la= st=20 March..) To install the session code, I think I do the following.. 1. Download the session4.inc file from=20 http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/phplib/php-lib/php/session= /session4.inc 2. Copy that file to my include directory in a sub-directory called sessi= on. 3. Rename session.inc in my include directory so it's out of the way. 4. Copy ~/phplib-7.4-pre1/unsup/session4_custom.inc to session.inc in my=20 include directory. 5. Change local.inc so that the session class there inherits from=20 Custom_session and configure the storage variables and other settings. Is that correct? If it is, it's going on a webpage so Google can find it,= the=20 list archives don't seem to there.. Donncha. On Wednesday 13 March 2002 09:20, Maxim Derkachev wrote: > Hello Matt, > > Wednesday, March 13, 2002, 11:46:28 AM, you wrote: > > MW> So we have two session4's in the CVS or are they both the same? Bec= ause > the MW> session4.inc in phplib-4 works with your class Max. > > MW> I've never looked at the stuff in phplib-4 because I got Max's one > working MW> pretty good. > > Well, that could be - they export the same public API. But if You look > close to the session4 in the phplib4 folder, You will see that the > file consists of many lines from session3 class commented out, with > some plugs for php4 session support. It uses the old-fashion serialize > (instead of PHP4 serialize, which is much much better). It does not > make use of session setup functions from the php4 module for setting up > cache control, cookies behaviour, etc. > Just compare the session4 classes in session/ & phplib4/ to see the > changes. The session4.inc in the session folder was designed with maxim= um > php4 session module usage in mind and session3 public API compatibility= (we > could not save all the things that are present in the session3, like > $sess->in & $sess->pt, but it is only because it could not be achieved > without messing the things up). > > MW> If it is the stuff from the CVS session folder, session4.inc should= be > MW> included in the distro, yes? > > Yes. The only file that was intended to be used with the > session4_custom, is session4.inc from the session folder. |
|
From: Giancarlo <gia...@na...> - 2002-06-26 22:13:20
|
"rick herbel" <ric...@tc...> a écrit le 26/6/02 14:14: >session.inc nativily leaves a >cookie. Can you please confirm me that with >>mode=cookie >>fallback_mode=cookie you have the same? I was working on that for phplib just recently. Did you try the latest cvs of php-lib-stable session.inc? Giancarlo |
|
From: Layne W. <la...@if...> - 2002-06-26 18:42:27
|
> The top says -- This error only occurs when IE60,SP2 with > Update Q313675 is > installed. > With security patch Txxxxx(don't know exact number) it's the same. > > However no fix is indicated??? or am I reading it wrong? > Has anyone else > seen this problem or have > a work around? I just installed latest ie 6.0 and problem > is there or I > have some other problem. > Netscape works great though. According to your link, this bug affects IE on any server in the "Intranet Zone". If you are building an intranet site, then have your people use a browser that works (e.g. Mozilla, Lynx, IE 5.x, or an earlier IE 6). If you are only having problems developing a site using your workstation or another local machine as the development server, then specify the dev server by IP address or move it to another network. Layne Weathers Ifworld Inc. |
|
From: Joe S. <jo...@cm...> - 2002-06-26 18:22:44
|
Hello Rick, On Wed, Jun 26, 2002 at 09:10:32AM -0700, rick herbel wrote: > I upgraded my ie to 6.0 and the setcookie method no longer works > in php. Of course this means no one can have a cookie initiated session > any longer > in phplib. Any clues??? I researched and found the following > link below. I set ie 6.0 browser to accept all cookies no avail. > I am sure 6.0 still works with all the asp crap (thanks bill) > The only problems that I've seen with IE 6 and cookies have been P3P related. Could this be the problem? > Rick > > Any help on how to get set cookie to work in ie 6.0 would be appreciated. > > > > http://www.zend.com/lists/php-dev/200202/msg00357.html > > |
|
From: rick h. <ric...@tc...> - 2002-06-26 18:07:31
|
The top says -- This error only occurs when IE60,SP2 with Update Q313675 is installed. With security patch Txxxxx(don't know exact number) it's the same. However no fix is indicated??? or am I reading it wrong? Has anyone else seen this problem or have a work around? I just installed latest ie 6.0 and problem is there or I have some other problem. Netscape works great though. -----Original Message----- From: Layne Weathers [mailto:la...@if...] Sent: Wednesday, June 26, 2002 10:16 AM To: 'rick herbel'; 'phplib-users' Subject: RE: [Phplib-users] IE 6.0 and Cookies doesn't work > I upgraded my ie to 6.0 and the setcookie method no longer works > in php. Of course this means no one can have a cookie > initiated session > any longer > in phplib. Any clues??? I researched and found the following > link below. I set ie 6.0 browser to accept all cookies no avail. > I am sure 6.0 still works with all the asp crap (thanks bill) > > Rick > > Any help on how to get set cookie to work in ie 6.0 would be > appreciated. > > > > http://www.zend.com/lists/php-dev/200202/msg00357.html Read that document again - the top part of the page says that the culprit (IE60,SP2 with Update Q313675) has been found. Layne Weathers Ifworld Inc. |
|
From: Layne W. <la...@if...> - 2002-06-26 17:07:41
|
> I upgraded my ie to 6.0 and the setcookie method no longer works > in php. Of course this means no one can have a cookie > initiated session > any longer > in phplib. Any clues??? I researched and found the following > link below. I set ie 6.0 browser to accept all cookies no avail. > I am sure 6.0 still works with all the asp crap (thanks bill) > > Rick > > Any help on how to get set cookie to work in ie 6.0 would be > appreciated. > > > > http://www.zend.com/lists/php-dev/200202/msg00357.html Read that document again - the top part of the page says that the culprit (IE60,SP2 with Update Q313675) has been found. Layne Weathers Ifworld Inc. |
|
From: rick h. <ric...@tc...> - 2002-06-26 16:48:25
|
I upgraded my ie to 6.0 and the setcookie method no longer works in php. Of course this means no one can have a cookie initiated session any longer in phplib. Any clues??? I researched and found the following link below. I set ie 6.0 browser to accept all cookies no avail. I am sure 6.0 still works with all the asp crap (thanks bill) Rick Any help on how to get set cookie to work in ie 6.0 would be appreciated. http://www.zend.com/lists/php-dev/200202/msg00357.html |
|
From: Giancarlo <gia...@na...> - 2002-06-24 14:01:33
|
Great record by Miles Davis. Live Evil, the reverse words, the reverse meanings. Maybe I listen too much music, I read too many spy stories, or simply too much news, and I really shouldn't let my holiday time dedicated to phplib become too worrysome. As some of you know already, I pass and go, phplib it's kinda seasonal job for me ;-) and I'd like to do something more constructive than messing around holes. Gian |
|
From: Giancarlo <gia...@na...> - 2002-06-24 13:44:50
|
I have placed a cron job that once every 10 min will keep that alive. I don't mean to pur load on that. It's set on only for today ;-) please don't logout and disrupt the ware http://phplib.sourceforge.net/showroom/auth.php3?mode=log&Poe_Session=cronalive Gian please tell me: am I mad? do I have evil visions? |
|
From: Giancarlo <gia...@na...> - 2002-06-24 13:02:21
|
It doesn't seem 24 hours, but slightly more than 5 minutes. Can anyone make a test? And anyway, for those that do not enforce login_expire, IS worrying http://phplib.sourceforge.net/showroom/auth.php3?mode=log&Poe_Session=kristest You can do your own tests by creating new sessions, http://phplib.sourceforge.net/showroom/auth.php3?mode=reg&Poe_Session=ohoo and play with ithem, or even let phplib create his own, append it to url and pass it to some without a previous cookie Giancarlo |
|
From: Giancarlo <gia...@na...> - 2002-06-24 10:42:30
|
> Here is the link. I think it should work until someone hits logout, or the > timeout? http://phplib.sourceforge.net/showroom/auth.php3?Poe_Session=kristest It definitely halts at the session timeout, 5 minutes end, I saw a mirage. But a cron script with wget every five minutes can do So it is surely less gravious. > > Giancarlo |
|
From: Peter K. <su...@si...> - 2002-06-24 07:19:33
|
Hello Tim,
the problem ist that page.inc will call auth->loginform() in every case. _After_ that auth-
>validatelogin() will be called.
What can you do: Use auth_preauth() like that:
---- snip begin ----
function auth_preauth() {
global $username, $password, $sess;
return $this->auth_validatelogin();
}
---- snip end ----
That should work.
Hope this helps,
Peter Kursawe
On 24 Jun 2002 at 14:26, Tim Stebbing wrote:
From: Tim Stebbing <ti...@oc...>
To: php...@li...
Subject: [Phplib-users] alternate auth method
Date sent: Mon, 24 Jun 2002 14:26:39 +1000
> Hello,
>
> Im after some help, I am attempting to authenticate from a windows
> application that launches a browser, users enter their details into
> the application and it opens a browser with username=foo&password=md5hash
> in the URL.
>
> I have extended the auth class as explained in the documentation:
>
> class Example_Auth extends Auth
> {
> var $classname = "Example_auth"; # Object serialization support
>
> var $lifetime = 15;
>
> ## DB_Sql subclass and database table to use
> var $database_class = "DB_Example";
> var $database_table = "auth_user";
>
> ## Some magic value to make our uids harder to guess.
> var $magic = "Abracadabra";
>
> ## Use an own login form
> function auth_loginform() {
> global $sess;
> include("templates/login_error.php");
>
> }
>
> function auth_validatelogin() {
> global $username, $password; ## form variables from loginform.ihtml
>
> $this->auth["uname"]=$username;
> $uid = false;
>
> $query = sprintf(
> "select password,user_id from %s where username = '%s'",
> $this->database_table,$username);
> $this->db->query($query);
>
> while($this->db->next_record()) {
>
> if($password == md5($this->db->f("password")."secret_string"))
> {
> $uid = $this->db->f("user_id");
> $this->auth["perm"] = "admin";//$this->db->f("perms");
> }
> }
>
> return $uid;
> }
> }
>
> This method works, however, when authentication suceeds, the user
> is still redirected to the error page, and if they refresh the
> browser then they get to the actual content. What I want is for
> users to gain access immeadiatly of they authenticate correctly,
> but be redirected to an error page if they fail. the loginform is
> replaced by the application.
>
> Can anyone help/point me in the right direction?
>
> Thanks, Tim
>
> --
> +----------------------------------------------+
> Tim Stebbing,
> ti...@oc..., www.oceanablue.com.au
> Software Development Services.
> +----------------------------------------------+
>
>
> -------------------------------------------------------
> Sponsored by:
> ThinkGeek at http://www.ThinkGeek.com/
> _______________________________________________
> Phplib-users mailing list
> Php...@li...
> https://lists.sourceforge.net/lists/listinfo/phplib-users
|
|
From: Giancarlo <gia...@na...> - 2002-06-24 07:08:54
|
Peter Kursawe wrote: > > > On 24 Jun 2002 at 8:26, Giancarlo wrote: > > If you click on this (within 1440 min from now I guess) you find > > yourself logged in as kris with admin permissions > > > > http://phplib.sourceforge.net/showroom/index.php3?Poe_Session=kristest > > no I am not! > > Perhaps you forgot to clear your cookies? > > Peter Kursawe I did clean, you probably didn't. This supposes you don't have a cookie already, or you have them disabled. You can also start navigating from the home page with the sid in the URL and go to showoff http://phplib.sourceforge.net/?Poe_Session=kristest I'd said that you should clean cookies before. Gian Anyway this was related to a previous message from me, which I don't see trough. But my mailer may have problems sending. It was about wheter is worth devising a better mode/fallback_mode behaviour and now I add docu. |
|
From: Peter K. <su...@si...> - 2002-06-24 06:53:52
|
> On 24 Jun 2002 at 8:26, Giancarlo wrote: > If you click on this (within 1440 min from now I guess) you find > yourself logged in as kris with admin permissions > > http://phplib.sourceforge.net/showroom/index.php3?Poe_Session=kristest no I am not! Perhaps you forgot to clear your cookies? Peter Kursawe |
|
From: Giancarlo <gia...@na...> - 2002-06-24 06:29:43
|
If you click on this (within 1440 min from now I guess) you find yourself logged in as kris with admin permissions http://phplib.sourceforge.net/showroom/index.php3?Poe_Session=kristest Isn't it worrysome? What should I do as a phplib core developer? Maybe this list is broken. Giancarlo |
17 messages has been excluded from this view by a project administrator.
