get header info on POST & encryption issue

[jjk2]

as you know the fantastic tool liveHTTPheader for Firefox.

 

i was wondering if I could implement same sort of monitoring in php ?

 

perhaps using apache_request_headers() ?

 

what i'd like to do is acquire the HTTP Header info sent out and received when say a user clicks on a login button or something like that.

 

 

also, how safe is hashed mysql tables? do the select hashed fields become undecodable to a potential hacker?

[jjk2]

is it possible to do this without client-side scripting? solely rely on server-side ?

[gizmola]

Like all serverside programming languages, PHP takes the information received in the headers and in most cases makes it available in the superglobals like $_POST, $_SERVER etc.

[jjk2]

for example using lighthttpheader extension in firefox

 

i am able to aquire the POST url

 

remember=1&from=%2F&username=NAME&password=SECRET&submit=Login

 

my question is,

 

how can i make php script produce the same encoded POST url ?

 

the problem is, reading the name="" fields of a login page does not suffice....there are always some secret hidden names....in this case from= cannot be found in source code.

 

the php script must be able to capture the encoded POST url when the user clicks on the button.....but im guessing this would require some client program.....

 

 

 

[gizmola]

I'm afraid I'm not following you.  PHP provides the $_POST superglob, that has the contents of every form variable, hidden or not. It's an associative array, so accessing the contents is trivial.  This data all comes in via HTTP but Apache and PHP parse it into pieces that make it convenient and easy to work with from within PHP.  Look at all the data that comes from phpinfo().