pickled

mod_proxy? Dunno what that is, but it's only technically a proxy. The main web server is boxa. some of the pages on boxa need data from boxb. This actually works better, as if we were to open the window to the other server with the userid and pw on the browser, they could open up other pages. This way, we're getting the data and presenting it to them and they have no way to hack it.

<?php // create a new cURL resource $credentials = "userid:password"; $url = "http://boxa.mydomain.com/file"; $headers = array( //"POST ".$page." HTTP/1.0", "Content-type: text/xml;charset=\"utf-8\"", //"Accept: text/xml", "Cache-Control: no-cache", "Pragma: no-cache", //"SOAPAction: \"run\"", //"Content-length: ".strlen($xml_data), "Authorization: Basic " . base64_encode($credentials), "WWW-Authenticate: Basic " . base64_encode($credentials) ); /////////////////// $ch = curl_init(); curl_setopt($ch, CURLOPT_URL,$url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_TIMEOUT, 60); curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); curl_setopt($ch, CURLOPT_USERAGENT, $defined_vars['HTTP_USER_AGENT']); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); // Apply the XML to our curl call //curl_setopt($ch, CURLOPT_POST, 1); //curl_setopt($ch, CURLOPT_POSTFIELDS, $xml_data); $data = curl_exec($ch); if (curl_errno($ch)) { echo "Error: " . curl_error($ch); } else { //echo "success?"; // Show me the result var_dump($data); //print_r($data); // $echo "data result//////////<br>$data<br>//////////////////"; curl_close($ch); // $echo $data; }////////////////// ?> WORKS! WOOHOO! Thanks all.

Thanks. reading the faq now. I've been looking for something like that for a while but had no luck. client-wise is obviously out of the question. If we were gonna go that route, we might as well just let the users click on <a href="http://systemuser:systempasswd@mydomain.com>the link</a> and not worry about it. Adding it as client-side also adds another level of complexity where it could break. The other ideas sound promising though. Thank you for your help. You gave me leads of exploration when I was stuck.

Exploring curl right now. I'm not sure what you mean by linking the two mysql databases. As it happens, the linux box (boxa) can access the mysql database on boxb already. But the user/pw is part of the iis server security and not part of any application security.

Yes. I'm trying to access a secured page on our second server. The user has entered his credentials on our first server already so we know he's authorized. We are trying to do 2 things here: First, eliminate the need for the user to type in his credentials on the second server each time he happens to need to do something that accesses it. Second, eliminate the need to add each user to each server. The thing is, the php documention even showed this in an example for accessing a file on another server. Plus, I KNOW I can't be the first person to need to do something like this.

It could be...but I doubt it. I think if you miss the first (few) times you try a different format from what you were doing. Generally it is either case insensitive or case sensitive, if one fails try the other. As for me, anytime I do a captcha I try to match case, as that will work either way. I don't think you quite understood my post. The captcha I was using was right each time, but the error was that my password hadn't had a mix of upper and lower characters. It was all lowercase and numbers. The registration page was bouncing it back to me but telling me I wasn't entering the right catpcha.

Ick. What confuses me is that the php docs suggest it should work. Even some of the php docs mentioned including the user:pw in the url when accessing some data. The fact that it works if you use the user:pw in the url just confounds me if it isn't possible except as a clicky link. I've tried searching google on this, but sadly the relevent words are just too common. But I can't be the only one who has needed to do this. Thanks for your response though.

I'm confused. There's a way to get the url of the page to change on refresh? I thought a refresh doesn't touch the url.

I think I posted this in the wrong section last night. sorry about that. We have 2 servers for our site. boxa.mydomain.com and boxb.mydomain.com. Boxb is the IIS server. Boxa is linux. On a page on boxa, if I have an href link pointing to a secured page on boxb.mydomain.com, the page will work if it's referenced by http://user:pw@boxb.mydomain.com. However, if I try to access it directly in php, such as header( "Location:http://user:pw@boxb.mydomain.com" ), it prompts the user for a user name and password. Same thing happens if I try to use a file open across servers. I've tested it by having it echo the href instead of doing the header location, and if I copy and paste the string into a url, it works fine. My only guess is I'm missing some kind of header field, but I can't figure out which one it could be. We have to keep the referenced pages on boxb secure. Putting the user:pw on links to those pages would be risky too. There HAS to be a way to access the secure pages without prompting the user for a userid and password. Any ideas?

http://www.phpfreaks.com/forums/index.php/topic,95433.0.html

There's a bug in the registration process that almost kept me from being able to register. When you register, if you don't have the password set for upper AND lower case letters and numbers, it tells you that you didn't type in the captcha correctly. I kept trying the captcha, and even listened to it. Had the right one the entire time. I just didn't notice for a while that the password required some upper case letters too. Mine was all lower case with numbers. Or is this just phpfreak's iq test for participation?

I'm a bit vague on this as it's been a while since I've needed to do this. I think you have to set the configuration for the folder and .exe's for what kind of header to send. The browser is getting the data and doesn't know what to do with it, which is why it's just displaying it. It needs the proper headers. (MIME type, etc) I can't remember the right ones you need for it atm though.

We have 2 servers for our site. boxa.mydomain.com and boxb.mydomain.com. Boxb is the IIS server. Boxa is linux. On a page, if I have an href pointing to a secured page on boxb.mydomain.com, the page will work if it's referenced by http:user:pw@boxb.mydomain.com. However, if I try to access it directly in php, such as header( "Location:http:user:pw@domain.com" ), it prompts the user for a user name and password. Same thing happens if I try to use a file open across servers. I've tested it by having it echo the href instead of doing the header location, and if I copy and paste the string into a url, it works fine. My only guess is I'm missing some kind of header field, but I can't figure out which one it could be. Any ideas?

Your question isn't very clear. Are you trying to generate a validation link you can include in an email that you can send to users, so that they can just click it and have it validate them? If so, the body of the text should include the whole link such as: http://my.domain.org/validate.php?code=myvalidationcode Or are you merely trying to write some code that will execute and send an email?