Solved

PHP rewrite _SERVER headers

Posted on 2013-01-10
12
461 Views
Last Modified: 2013-01-25
Hello,

When using PHP, it is possible to display headers using stuff like "echo $_SERVER['USERID'];".

This 'USERID' is set by our Apache server.

I would like to know if their is any possibility to rewrite/change this header to a new value.

Is there any mod or function that could do this?

Please let me know if you have any questions so I can help you guys help me.
0
Comment
Question by:Etdashou
  • 4
  • 3
  • 3
  • +1
12 Comments
 
LVL 108

Assisted Solution

by:Ray Paseur
Ray Paseur earned 125 total points
ID: 38763855
It depends on why you want to change it.  What is the application-specific requirement?

This script works (ie, $_SERVER is not immutable).

<?php // mung_server.php
error_reporting(E_ALL);
echo '<pre>';

// SHOW ORIGINAL
print_r($_SERVER);

// INJECT NEW VALUES
$_SERVER['USERID']   = "Foo";
$_SERVER["PHP_SELF"] = "Bar";
$_SERVER["HTTP_HOST"] = 'www.laprbass.com';

// SHOW MUNGED ARRAY
print_r($_SERVER);

Open in new window

0
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 38764027
$_SERVER['USERID'] is a PHP variable so you can change it.  That does not change what Apache thinks the value is.
0
 
LVL 33

Expert Comment

by:Slick812
ID: 38764237
hi  Etdashou, , All of the values in the PHP $_SERVER  array, are not re-used as in sent to the browser that gets the PHP HTML sent out, , SO IF - This 'USERID' is set by our Apache server., I would not think that Apache would create this 'USERID' just as a reference to use in the PHP response HTML,  I would think that you want to Change the  'USERID'  sent to the Browser, you could do that with -
header('USERID: User101');

I do not think that the browser will read or use this header, but I have not ever tried to find out about that?
Could you tell us What you need to do in the Output Page to the browser using or changing the -
$_SERVER['USERID'];

If you only need to change this $_SERVER['USERID'] from  Apache , you may need to change the way  Apache sets this value in the SERVER settings, as far as I know you can not change $_SERVER  values set BEFORE the PHP engine starts running your PHP code.
0
 
LVL 1

Author Comment

by:Etdashou
ID: 38767336
@Slick812: I have tried header('USERID: User101'); like that
<?php
echo $_SERVER['USERID']; // gives me: 'InitialValue'

header('USERID: User101');

echo $_SERVER['USERID']; // gives me: 'InitialValue' again
?>

Open in new window

So it doesn't seem to work. Perhaps I have done something wrong, please let me know.


@Ray_Paseur: I have tried this:
<?php
echo $_SERVER['USERID']; // gives me: 'InitialValue'

$_SERVER['USERID'] = "TheUsername";

echo $_SERVER['USERID']; // gives me: 'TheUsername'
?>

Open in new window


Problem is, if I reload the page it doesn't keep 'TheUsername' as I set it before, it always refresh back to 'InitialValue'.

@DaveBaldwin: I think that is what I need to find, the function that would change what Apache sent to PHP.

Initially, our WebSEAL sent the information of our user to Apache and then this is kept all along for the remaining of his session. When I output phpinfo(), I see all of the $_SERVER variable correctly set. However, I would like to be able to change some of those values, so it is kept for the remaining of the session, not only temporary.

Is it possible that this could be what I need?: http://php.net/manual/en/httprequest.setheaders.php
Or perhaps this: http://pear.php.net/package/HTTP_Request2
0
 
LVL 33

Assisted Solution

by:Slick812
Slick812 earned 250 total points
ID: 38767827
Not sure I really understand what purpose you need to have done in dealing with this -
$_SERVER['USERID'];

I read your - "Problem is, if I reload the page it doesn't keep 'TheUsername' as I set it before, it always refresh back to 'InitialValue'"

We have tried to tell you that this - $_SERVER['USERID']; - is not really a PHP changeable value,it is set by the SERVER before php runs your code, and there are no PHP functions  that I have seen, to change this SERVER-Apache set value, so it is different the next time your php page loads. You do not say what difference it makes for your Page operations having one USERID or a different one?

You ask about - http://php.net/manual/en/httprequest.setheaders.php
this is about changing the Headers that PHP uses for communication with other HTTP pages usually with the cURL extention as a  communication between pages. It does NOT re-set the way the server sets the $_SERVER values.

You say you want to have Values saved to use on other pages (as in session) you should look at -
http://us1.php.net/manual/en/session.examples.basic.php

the PHP session_start(); and   $_SESSION  array are very effective and widely used methods to store info for several pages to share and use the same info. I would think that is what you may need here?
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 38767969
... some of those values, so it is kept for the remaining of the session, not only temporary.
PHP "session" is a term of art, referring to the ability to keep stateful information between page requests, such as the "logged in" status of a client.  Is that the sort of thing you need?  If so, your PHP client authentication can store this information in the $_SESSION array.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 82

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 125 total points
ID: 38768045
I'm curious what version of PHP and Apache you are using that gives you $_SERVER['USERID'].  $_SERVER[] variables are passed to PHP from the web server and some of them come from the operating system.  I can't find any system that shows $_SERVER['USERID'] at the moment.  If that is the user id of the Apache process or the current logged in user, you will not be able to change it.  Because this data comes from outside PHP, I agree with @Slick812, you are not going to be able to change it.
0
 
LVL 33

Accepted Solution

by:
Slick812 earned 250 total points
ID: 38768196
@ Etdashou, , ,  I missed understanding you in your - -  "our WebSEAL sent the information of our user to Apache" I am not familiar with WebSeal, I searched to get info,  Apparently this IBM WebSeal does =
"When users log into a WebSEAL-protected website, the custom token CDAS will automatically deliver them a secure, one-time generated pass-code with SMS. This allows an organization to build a strong authentication security at a budget price"

It looks like there is a way to change in WebSeal many things about when, how, and what the sign-in to a network Web Apache should do, there seems "maybe" a way to sign-in (access name and password) to a web page version of management, to see and alter the WedSeal settings. I have NO experience with WebSeal, but this seems the way to change the Server value for USERID ? ?
0
 
LVL 1

Author Comment

by:Etdashou
ID: 38774158
I will be reading all of your experts comments today and let you know what I get from it.

Thank you for your replies!
0
 
LVL 1

Author Comment

by:Etdashou
ID: 38787412
Ok,

I have read all your comments. It may be strange but we have been able to find a solution without the need to change the Headers... so I don't really need to find how to do it anymore...

I will assign points to multiple comments and thank you all for your help and time.

I think having this question still here can be useful for some people doing search.
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 38789715
Wow, an incomplete question and a bad grade for all that tried to help!

Going forward, please learn about the SSCCE, which is documented at http://sscce.org and is available free of charge.  If you bring one of those to EE you're likely to get very good help.  And if you don't, or leave out details like "Webseal," you'll not likely get very good answers.
0
 
LVL 1

Author Comment

by:Etdashou
ID: 38818507
Sorry about Webseal, it happens.

Bad grade: Wasn't aware that it rate how people helped or not, quality of feedback. I thought it was the quality of the good answer. Now that their is no official answer here, I thought at least I could keep this question up if anyone is doing search in the database but at least mark this as a "low grade" as their is no official answer. I suppose if I could change the grade I would. Sorry.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Wordpress Query 1 35
php variable basic question 12 29
php namespace question with Twilio 4 16
Strip leading 0 from a var 3 14
Developers of all skill levels should learn to use current best practices when developing websites. However many developers, new and old, fall into the trap of using deprecated features because this is what so many tutorials and books tell them to u…
If your site has a few sections that need to be secure when data is transmitted between the server and local computer, such as a /order/ section for ordering or /customer/ which contains customer data, etc it would of course be recommended to secure…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now