[PHP] fighting with functions
I could use a little help. click on the link to see my php code for a project that creates an array with a list or items and their cost and calculates tax by using a function called getTax() and also creates a balance by adding the cost plus the tax in a second function called getBalance(). I must also create a table where the cells automatically load so the end result looks like this. http://www.areawebdirectory.net/taxtable2.txt Item Cost Tax Running Total Car 1.00600 10600.00 Pencil 1.00 .0610601.06 Book14.95 .097 10616.98 I cant seem to first be able to declare my array and succeed at naming the key as item and the value as price. I have attempted to use variations of the following with no success. $items = array ( 0 = array (item=car,price=15000, tax=.065 ), 1 = array (item=pencil,price=1, tax=.065 ), 2 = array (item=book,price=14.95, tax=.065) ); Without being able to declare the key as item and the value as price I am not sure how to pass these items into my function and I am riddled with error messages. I think my base problem is to either fix how I am declaring the array so I may reference item and price as I am now doing in my functions or learn how to change the functions accordingly. I am also pretty sure that my functions are not quite right. I am also not sure how to link the right answers to get my table to print as above. Please note that I have included a while loop after my array just to prove that my array is working. It is needed part of my program. I also have given each cell in my table some text just so I can find them when I have figured out how to create the right reference links. I am sorry that I need as much help with this. Sadly I have been at this for almost two weeks trying to solve it. Thanks, Sara -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] On-the-fly encryption
On Wednesday 19 November 2003 09:43 am, Ray wrote: I want to do two-way encryption on a file coming through the web server. In this context, I would want to generate a public and private key, encrypt Do you have any idea how much time and (and entropy) is required to create a reasonably strong keypair? the file stream (i.e., don't want to write the unencrypted file to disk That's virtually impossible with modern operating systems. They are mysterious beasts that will often write data to hard drive when you don't want it to. Swap files are a particularly good example of how it happens. first and then encrypt it; I want to encrypt the stream as it comes in) with the public, send the private to the recipient, and then destroy both keys on my end. You can play with popen and pipes (even named pipes could be useful), but seriously there's going to be data written to disk. IMHO you'd be much better off just writing the data in a predictable manner, then using something like THC's SecureDelete. When the file was accessed and the private key was provided, I would want to stream the unencrypted file out without ever writing the unencrypted file to disk. man gpg (hint: -o or --output) Any ideas on how to accomplish this within the PHP construct? man gpg Now, where exactly do you gain security over using a symetric-key system? You're really just forcing the user to save the passphrase and private key... Just encrypt the file with AES/Twofish/IDEA/3DES/ad/nauseum, and tell the user the passphrase. Furthermore, all the encrypted storage in the world isn't going to do you much good when you're transmitting stuff in cleartext. Someone is going to fire up dsniff/snort/whatever and get all the goods without ever bothering to break into your box. I don't know what problem you're trying to solve, so I won't suggest an alternative course of action, but if you'd like to send your problem to the list, I (and probably others) would be happy to suggest alternatives. Thanks! -- Evan Nemerson [EMAIL PROTECTED] http://coeusgroup.com/en -- The public have an insatiable curiosity to know everything. Except what is worth knowing. Journalism, conscious of this, and having tradesman-like habits, supplies their demands. -Oscar Wilde -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] fighting with functions
I'm not sure, if I understood, but try this: ?php $items = array ( 0 = array (item=car,price=1, tax=0.06 ), 1 = array (item=pencil,price=1, tax=0.06 ), 2 = array (item=book,price=14.95, tax=0.065) ); function GetTax($item){ return $item[price]*$item[tax]; } function GetBalance($item){ return $item[price]+GetTax($item); } function ShowPrice($price){ return sprintf (%.2f, $price); } $balance=0; if(sizeof($items)) foreach($items as $item){ $balance+=GetBalance($item); echo $item[item].nbsp;nbsp;nbsp;.ShowPrice($item[price]).nbsp;nbsp;n bsp;.ShowPrice(GetTax($item)).nbsp;nbsp;nbsp;.ShowPrice($balance).br \n; } ? -Original Message- From: Sara Daugherty [mailto:[EMAIL PROTECTED] Sent: Friday, November 21, 2003 10:57 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; PHP LIST ; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; Michael Roush; Chris Hubbard Subject: [PHP] fighting with functions I could use a little help. click on the link to see my php code for a project that creates an array with a list or items and their cost and calculates tax by using a function called getTax() and also creates a balance by adding the cost plus the tax in a second function called getBalance(). I must also create a table where the cells automatically load so the end result looks like this. http://www.areawebdirectory.net/taxtable2.txt Item Cost Tax Running Total Car 1.00600 10600.00 Pencil 1.00 .0610601.06 Book14.95 .097 10616.98 I cant seem to first be able to declare my array and succeed at naming the key as item and the value as price. I have attempted to use variations of the following with no success. $items = array ( 0 = array (item=car,price=15000, tax=.065 ), 1 = array (item=pencil,price=1, tax=.065 ), 2 = array (item=book,price=14.95, tax=.065) ); Without being able to declare the key as item and the value as price I am not sure how to pass these items into my function and I am riddled with error messages. I think my base problem is to either fix how I am declaring the array so I may reference item and price as I am now doing in my functions or learn how to change the functions accordingly. I am also pretty sure that my functions are not quite right. I am also not sure how to link the right answers to get my table to print as above. Please note that I have included a while loop after my array just to prove that my array is working. It is needed part of my program. I also have given each cell in my table some text just so I can find them when I have figured out how to create the right reference links. I am sorry that I need as much help with this. Sadly I have been at this for almost two weeks trying to solve it. Thanks, Sara -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] On-the-fly encryption
Hi, Little semantic correction, the function GetBalance($item) should be called GetFullPrice($item) because it returns full price of the item, but the $balance variable seems to be partial sum of the current item and previous items; Bronislv Klucka. -Original Message- From: Bronislav Klucka [mailto:[EMAIL PROTECTED] Sent: Friday, November 21, 2003 8:31 AM To: PHP Konference; Sara Daugherty Subject: RE: [PHP] fighting with functions I'm not sure, if I understood, but try this: ?php $items = array ( 0 = array (item=car,price=1, tax=0.06 ), 1 = array (item=pencil,price=1, tax=0.06 ), 2 = array (item=book,price=14.95, tax=0.065) ); function GetTax($item){ return $item[price]*$item[tax]; } function GetBalance($item){ return $item[price]+GetTax($item); } function ShowPrice($price){ return sprintf (%.2f, $price); } $balance=0; if(sizeof($items)) foreach($items as $item){ $balance+=GetBalance($item); echo $item[item].nbsp;nbsp;nbsp;.ShowPrice($item[price]).nbs p;nbsp;n bsp;.ShowPrice(GetTax($item)).nbsp;nbsp;nbsp;.ShowPrice($bal ance).br \n; } ? -Original Message- From: Sara Daugherty [mailto:[EMAIL PROTECTED] Sent: Friday, November 21, 2003 10:57 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; PHP LIST ; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; Michael Roush; Chris Hubbard Subject: [PHP] fighting with functions I could use a little help. click on the link to see my php code for a project that creates an array with a list or items and their cost and calculates tax by using a function called getTax() and also creates a balance by adding the cost plus the tax in a second function called getBalance(). I must also create a table where the cells automatically load so the end result looks like this. http://www.areawebdirectory.net/taxtable2.txt Item Cost Tax Running Total Car 1.00600 10600.00 Pencil 1.00 .0610601.06 Book14.95 .097 10616.98 I cant seem to first be able to declare my array and succeed at naming the key as item and the value as price. I have attempted to use variations of the following with no success. $items = array ( 0 = array (item=car,price=15000, tax=.065 ), 1 = array (item=pencil,price=1, tax=.065 ), 2 = array (item=book,price=14.95, tax=.065) ); Without being able to declare the key as item and the value as price I am not sure how to pass these items into my function and I am riddled with error messages. I think my base problem is to either fix how I am declaring the array so I may reference item and price as I am now doing in my functions or learn how to change the functions accordingly. I am also pretty sure that my functions are not quite right. I am also not sure how to link the right answers to get my table to print as above. Please note that I have included a while loop after my array just to prove that my array is working. It is needed part of my program. I also have given each cell in my table some text just so I can find them when I have figured out how to create the right reference links. I am sorry that I need as much help with this. Sadly I have been at this for almost two weeks trying to solve it. Thanks, Sara -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] fighting with functions
Hi, Little semantic correction, the function GetBalance($item) should be called GetFullPrice($item) because it returns full price of the item, but the $balance variable seems to be partial sum of the current item and previous items; Bronislv Klucka. -Original Message- From: Bronislav Klucka [mailto:[EMAIL PROTECTED] Sent: Friday, November 21, 2003 8:31 AM To: PHP Konference; Sara Daugherty Subject: RE: [PHP] fighting with functions I'm not sure, if I understood, but try this: ?php $items = array ( 0 = array (item=car,price=1, tax=0.06 ), 1 = array (item=pencil,price=1, tax=0.06 ), 2 = array (item=book,price=14.95, tax=0.065) ); function GetTax($item){ return $item[price]*$item[tax]; } function GetBalance($item){ return $item[price]+GetTax($item); } function ShowPrice($price){ return sprintf (%.2f, $price); } $balance=0; if(sizeof($items)) foreach($items as $item){ $balance+=GetBalance($item); echo $item[item].nbsp;nbsp;nbsp;.ShowPrice($item[price]).nbs p;nbsp;n bsp;.ShowPrice(GetTax($item)).nbsp;nbsp;nbsp;.ShowPrice($bal ance).br \n; } ? -Original Message- From: Sara Daugherty [mailto:[EMAIL PROTECTED] Sent: Friday, November 21, 2003 10:57 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; PHP LIST ; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; Michael Roush; Chris Hubbard Subject: [PHP] fighting with functions I could use a little help. click on the link to see my php code for a project that creates an array with a list or items and their cost and calculates tax by using a function called getTax() and also creates a balance by adding the cost plus the tax in a second function called getBalance(). I must also create a table where the cells automatically load so the end result looks like this. http://www.areawebdirectory.net/taxtable2.txt Item Cost Tax Running Total Car 1.00600 10600.00 Pencil 1.00 .0610601.06 Book14.95 .097 10616.98 I cant seem to first be able to declare my array and succeed at naming the key as item and the value as price. I have attempted to use variations of the following with no success. $items = array ( 0 = array (item=car,price=15000, tax=.065 ), 1 = array (item=pencil,price=1, tax=.065 ), 2 = array (item=book,price=14.95, tax=.065) ); Without being able to declare the key as item and the value as price I am not sure how to pass these items into my function and I am riddled with error messages. I think my base problem is to either fix how I am declaring the array so I may reference item and price as I am now doing in my functions or learn how to change the functions accordingly. I am also pretty sure that my functions are not quite right. I am also not sure how to link the right answers to get my table to print as above. Please note that I have included a while loop after my array just to prove that my array is working. It is needed part of my program. I also have given each cell in my table some text just so I can find them when I have figured out how to create the right reference links. I am sorry that I need as much help with this. Sadly I have been at this for almost two weeks trying to solve it. Thanks, Sara -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] XML Parsing....
On Thursday 20 November 2003 08:18 am, Scott Fletcher wrote: Hi Everyone! I'm having a little trouble understanding how exactly to use the XML parser. I haven't found the right settings to set up the XML Parser's option because of no definition of the encoding setting in the XML tags I received. So, I'll post the script here and hope to get some feedback on this... --snip-- $data = REPORT_RESPONSE; //Lots of XML tags goes here but is taken out for shorter scripting $data = ![CDATA[?xml version=1.0 encoding=UTF-8?; //Lots of other XML tags goes here but is taken out for shorter scripting $data = ![CDATA[***HTML CODES GOES HERE]]; //Lots of other XML tags goes here but is taken out for shorter scripting $data = ]]; //Lots of other XML tags goes here but is taken out for shorter scripting $data .= /REPORT_RESPONSE; $parser = xml_parser_create('ISO-8859-1'); xml_parser_set_option($parser, XML_OPTION_SKIP_WHITE, 1); xml_parser_set_option($parser, XML_OPTION_CASE_FOLDING, 0); xml_parse_into_struct($parser, $data, $vals, $index); xml_parser_free($parser); --snip-- The problem here is that I have like two different XML encoding format Do you actually have data in two diferent formats in the same XML file, or can you just change xml_parser_create to UTF-8 and be done with it? Does the XML standard even allow multiple encodings??? Thanks, Scott -- Evan Nemerson [EMAIL PROTECTED] http://coeusgroup.com/en -- The greatest mistake is to imagine that the human being is an autonomous individual. The secret freedom which you can supposedly enjoy under a despotic government is nonsense, because your thoughts are never entirely your own. Philosophers, writers, artists, even scientists, not only need encouragement and an audience, they need constant stimulation from other people. It is almost impossible to think without talking. If Defoe had really lived on a desert island, he could not have written Robinson Crusoe, nor would he have wanted to. Take away freedom of speech, and the creative faculties dry up. -George Orwell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] fighting with functions
First off, please try to refrain from cross-posting, especially to that degree. I'm not sure I interpreted the your intentions correctly. If not, could you try to be a little more precise in saying what you _want_ the code to do? The first thing that jumps out at me is in the function getTax. Shouldn't it be getTax($value)? As you have it, value will be unset (search for variable scope in the manual). I think this may be what you're going for: function getTax($value) { return ($value * 0.065); } Next, the list construct will only work with numeric arrays, not associative ones. In other words, it has to look like array('one', 'two'), not array('one' = 'two', 'three' = 'four') Next the way you have it set up, $mypurchases can only contain one set of three items. I don't get the logic of how car, pencil, and book map to $key, $value, and $tax Maybe you were going for $mypurchases = array( 'car' = 15000, 'pencil' = 1, 'book' = 14.95); $total = 0; echo 'tabletrtdItem/tdtdCost/td'; echo 'tdTax/tdtdRunning Total/td/tr'; foreach ( $mypurchases as $key = $value) { $total += $value + ($tax = getTax($value)); // assuming you want the table in HTML, since you have a br/... echo trtd{$key}/tdtd{$value}/td; echo td{$tax}/tdtd{$total}/td/tr\n; } echo '/table'; ??? I'm going to ignore the getBalance function because I don't think it's required. But you realize your declaring a static variable, then trying to assign a different value to it on the very next line? On Friday 21 November 2003 01:56 am, Sara Daugherty wrote: I could use a little help. click on the link to see my php code for a project that creates an array with a list or items and their cost and calculates tax by using a function called getTax() and also creates a balance by adding the cost plus the tax in a second function called getBalance(). I must also create a table where the cells automatically load so the end result looks like this. http://www.areawebdirectory.net/taxtable2.txt Item Cost Tax Running Total Car 1.00600 10600.00 Pencil 1.00 .0610601.06 Book14.95 .097 10616.98 I cant seem to first be able to declare my array and succeed at naming the key as item and the value as price. I have attempted to use variations of the following with no success. $items = array ( 0 = array (item=car,price=15000, tax=.065 ), 1 = array (item=pencil,price=1, tax=.065 ), 2 = array (item=book,price=14.95, tax=.065) ); Without being able to declare the key as item and the value as price I am not sure how to pass these items into my function and I am riddled with error messages. I think my base problem is to either fix how I am declaring the array so I may reference item and price as I am now doing in my functions or learn how to change the functions accordingly. I am also pretty sure that my functions are not quite right. I am also not sure how to link the right answers to get my table to print as above. Please note that I have included a while loop after my array just to prove that my array is working. It is needed part of my program. I also have given each cell in my table some text just so I can find them when I have figured out how to create the right reference links. I am sorry that I need as much help with this. Sadly I have been at this for almost two weeks trying to solve it. Thanks, Sara -- Evan Nemerson [EMAIL PROTECTED] http://coeusgroup.com/en -- Truth, like gold, is to be obtained not by its growth, but by washing away from it all that is not gold. -Leo Nikolaevich Tolstoy -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] help me
I have php 4.3.4 installed on a winxp system . also i use apache 2.0.48 / mysql 4.0.15 When i try some php program like phpnuke7.0 the page opened very slowly. can you please send me the php.ini file that correct this problem ? Thank You Mansour
[PHP] Re: Using JavaScript variables in PHP
You might be able to share values between PHP and JavaScript by using cookies. -- Lars V. Nielsen -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Using JavaScript variables in PHP
form method=post action=your_php_file.php input name=id /form in your_php_file.php, try select * from somedatabase where field=$id Mike Knittel [EMAIL PROTECTED] 11/20/2003 11:45 PM To: [EMAIL PROTECTED] cc: Subject:[PHP] Using JavaScript variables in PHP How does one go about using a JavaScript variable with PHP code. I have a function in JavaScript that takes a single input parameter (ID). I want to use this ID variable as the value on the where clause of a database query. Example: select * from somedatabase where field=ID Can this be done, and if so how? I have been unable to figure this out. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Removing security-problematic chars from strings
Greetings, What is the best way to remove the characters from strings that may cause security problems? Namely, `, ', , , , \ and all non-printing strings. Did I miss any? Thanks. Troy
Re: [PHP] fighting with functions
Hi, Friday, November 21, 2003, 7:56:34 PM, you wrote: SD I could use a little help. click on the link to see my php code for a SD project that creates an array with a list or items and their cost and SD calculates tax by using a function called getTax() and also creates a SD balance by adding the cost plus the tax in a second function called SD getBalance(). I must also create a table where the cells automatically SD load so the end result looks like this. SD http://www.areawebdirectory.net/taxtable2.txt SD Item Cost Tax Running Total SD Car 1.00600 10600.00 SD Pencil 1.00 .0610601.06 SD Book14.95 .097 10616.98 SD I cant seem to first be able to declare my array and succeed at naming SD the key as item and the value as price. I have attempted to use SD variations of the following with no success. SD $items = array ( SD 0 = array (item=car,price=15000, tax=.065 ), SD 1 = array (item=pencil,price=1, tax=.065 ), SD 2 = array (item=book,price=14.95, tax=.065) SD ); SD Without being able to declare the key as item and the value as price I SD am not sure how to pass these items into my function and I am riddled SD with error messages. I think my base problem is to either fix how I am SD declaring the array so I may reference item and price as I am now SD doing in my functions or learn how to change the functions accordingly. SD I am also pretty sure that my functions are not quite right. I am also SD not sure how to link the right answers to get my table to print as above. SD Please note that I have included a while loop after my array just to SD prove that my array is working. It is needed part of my program. I also SD have given each cell in my table some text just so I can find them when SD I have figured out how to create the right reference links. SD I am sorry that I need as much help with this. Sadly I have been at this SD for almost two weeks trying to solve it. SD Thanks, SD Sara Using this array you need something like this ?php $items = array ( 0 = array (item=car,price=15000, tax=.065 ), 1 = array (item=pencil,price=1, tax=.065 ), 2 = array (item=book,price=14.95, tax=.065) ); function getTax($cost,$taxrate){ return $cost * $taxrate; } echo 'table border=1'; echo 'trtdItem number/tdtdItem/tdtdCost/tdtdTax/tdtdTotal/td/tr'; $total = 0; foreach($items as $key=$item){ echo 'tr'; echo 'td'.($key+1).'/td'; echo 'td'.$item['item'].'/td'; echo 'td'.$item['price'].'/td'; $tax = getTax($item['price'],$item['tax']); echo 'td'.$tax.'/td'; $total += ($item['price'] + $tax); echo 'td'.$total.'/td'; echo '/tr'; } echo '/table'; ? You will need to add number formatting but you get the idea. I always store money as cents in the database and leave them as integers. Just /100 to display -- regards, Tom -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] encyption using sha1?
Hi all, I need some help with storing passwords does anyone have any thoughts on sha1()? Any other ideas are welcome. Am i right in thinking that to use sha1 ya do this: $hashed_string = sha1{$string); R -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Removing security-problematic chars from strings
use preg_match or eregi : Troy S [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Greetings, What is the best way to remove the characters from strings that may cause security problems? Namely, `, ', , , , \ and all non-printing strings. Did I miss any? Thanks. Troy -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Is there a way to use the strpos() for next string...
On 20 November 2003 20:39, Scott Fletcher wrote: Yea, the manual is clear but honestly, don't know what the offset really meant since there is no definition or explaination of how the offset work. Well, I really don't know how much clearer the sentence that says The optional offset parameter allows you to specify which character in haystack to start searching can be -- if you can suggest some better wording, that would have worked for you, then maybe one of us can add a user note to the manual and/or a documentation bug requesting an enhancement. And, notwithstanding the clarity of the description, I agree it would be useful to have another example showing the use of the 3rd argument, so that could be done in the same way. Cheers! Mike - Mike Ford, Electronic Information Services Adviser, Learning Support Services, Learning Information Services, JG125, James Graham Building, Leeds Metropolitan University, Beckett Park, LEEDS, LS6 3QS, United Kingdom Email: [EMAIL PROTECTED] Tel: +44 113 283 2600 extn 4730 Fax: +44 113 283 3211 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: mail -f option for removing nobody@localhost Return-Path
Manuel Lemos wrote: [ snip ] Anyway, you may want to try this class that has work arounds to mail function bugs and emulates what you want by passing the Return-Path header: http://www.phpclasses.org/mimemessage Another good one is http://phpmailer.sourceforge.net PEAR also has a good Mail package. -- Burhan Khalid phplist[at]meidomus[dot]com http://www.meidomus.com --- Documentation is like sex: when it is good, it is very, very good; and when it is bad, it is better than nothing. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] encyption using sha1?
Last Message Messed Up So here goes again... $hashed_string = sha1{$string); is correct except use $hashed_string = sha1($string); - watch out for Curly Brackets they give you those annoying Phase Errors Resource: http://nz2.php.net/manual/en/function.sha1.php -Original Message- From: Erin [mailto:[EMAIL PROTECTED] Sent: Friday, November 21, 2003 10:34 PM To: [EMAIL PROTECTED] Subject: [PHP] encyption using sha1? Hi all, I need some help with storing passwords does anyone have any thoughts on sha1()? Any other ideas are welcome. Am i right in thinking that to use sha1 ya do this: $hashed_string = sha1{$string); R -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] encyption using sha1?
Many thanks, youre right about those curl ones...lol R - Original Message - From: Nigel Jones [EMAIL PROTECTED] To: Erin [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Friday, November 21, 2003 10:20 AM Subject: RE: [PHP] encyption using sha1? Last Message Messed Up So here goes again... $hashed_string = sha1{$string); is correct except use $hashed_string = sha1($string); - watch out for Curly Brackets they give you those annoying Phase Errors Resource: http://nz2.php.net/manual/en/function.sha1.php -Original Message- From: Erin [mailto:[EMAIL PROTECTED] Sent: Friday, November 21, 2003 10:34 PM To: [EMAIL PROTECTED] Subject: [PHP] encyption using sha1? Hi all, I need some help with storing passwords does anyone have any thoughts on sha1()? Any other ideas are welcome. Am i right in thinking that to use sha1 ya do this: $hashed_string = sha1{$string); R -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Removing security-problematic chars from strings
Troy S wrote: What is the best way to remove the characters from strings that may cause security problems? Namely, `, ', , , , \ and all non-printing strings. Did I miss any? Thanks. Do it the other way, allow only characters you know are safe and strip the rest. Use, for example, a preg_replace pattern with negated character range. Put all the allowed characters into this range and '' as replace text. $query = preg_replace('{[^' . preg_quote(ALLOWED_CHARS) . ']}', '', $query); , where ALLOWED_CHARS is a constant containing... allowed characters :8]. -- Seks, seksi, seksolatki... news:pl.soc.seks.moderowana http://hyperreal.info { iWanToDie } WiNoNa) ( http://szatanowskie-ladacznice.0-700.pl foReVeR( * ) Poznaj jej zwiewne ksztaty... http://www.opera.com 007 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] detaching and running php processes in the background
What is the best way to detach and run a command line based php script in the background from a web-based php script, without the need for reporting? I have a web-based php script that gathers information and then passes it off to several functions, which execute several other php scripts. The problem is that the main php script does not return until all the processes have signaled and is taking about 30 sec to complete. There is no need for the child processes spawned by the main php script to signal. I would like to spawn and detach them to finish in the background; thus, dramatically reducing the load time of the main php script. It has been suggested to me to use the with the shell_exec function, but this still requires the child processes to signal. Another suggestion was to use the pcntl_fork function, but my reading suggest that this is not to be used with web-based applications and does not compile in with mod_php (only the binary version). If I were to use the binary version would I even be able to detach the forked child processes? Doesn't pcntl_fork still require the child processes to signal to the parent before exiting otherwise becoming zombie processes? Any suggestions on the best way to handle this? Respectfully, Gary -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] echo or print
Eugene, et al -- ...and then Eugene Lee said... % % p class=tonue-in-cheek % % Also, the letter 'e' is smaller than 'p', so ASCII-based function % lookups will be faster as well. Most of these speed increases can't be noticed in a small script, where the end is within a few lines, but echo() really works well in larger scripts where the end is far away. In addition, print() only sort of works well in the near case and doesn't work at all in the far case (as demonstrated when trying to throw something printed, such as a book). Finally, echo()ed statements always remain in the proper order, but throwing a bunch of print()s will just get you a big mess on the floor requiring an intelligent sort() to clean up -- and you know how tough it can be to write a quick sort() algorithm! % % /p HTH HAND ;-D -- David T-G * There is too much animal courage in (play) [EMAIL PROTECTED] * society and not sufficient moral courage. (work) [EMAIL PROTECTED] -- Mary Baker Eddy, Science and Health http://justpickone.org/davidtg/ Shpx gur Pbzzhavpngvbaf Qrprapl Npg! pgp0.pgp Description: PGP signature
[PHP] Crossed paths?
A customer of mine has recently started to see a weird error. He will get the typical 'open_basedir' error, but it will say his allowed path is another clients allowed path??? See an example below. Warning : Unknown(): open_basedir restriction in effect. File(/Sites/thissite.com/www/forums/admin/template.php) is not within the allowed path(s): (/sites/othersite.com) in Unknown on line 0 I set all my clients up with 'php_admin_value' parameters in their config files. Each vhost is assigned their own directory. Any ideas? Where should I look to troubleshoot this one? ++ Mike Yrabedra (President) 323 Incorporated Home of MacDock.com, MacAgent.com and MacShirt.com ++ W: http://www.323inc.com/ P: 770.382.1195 F: 734.448.5164 E: [EMAIL PROTECTED] I: ichatmacdock ++ Whatever you do, work at it with all your heart, as working for the Lord, not for men. ~Colossians 3:23 {{{ ++ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Two-way on-the-fly encryption
Ray -- ...and then Ray said... % % I want to do two-way encryption on a file coming through the web server. In That's an interesting name for it. % this context, I would want to generate a public and private key, encrypt the % file stream (i.e., don't want to write the unencrypted file to disk first % and then encrypt it; I want to encrypt the stream as it comes in) with the OK. Be aware that it will possibly get written to disk, though. % public, send the private to the recipient, and then destroy both keys on my % end. Hmmm... *thinks* I can't remember if a private key alone is sufficient to decrypt, although the public key alone is certainly enough to encrypt. You might check on that. % % When the file was accessed and the private key was provided, I would want to % stream the unencrypted file out without ever writing the unencrypted file to % disk. Note that your clear text could very well get written to disk: you are very likely to have a swap space. I don't know of any way to tell php that you don't want it (or really the OS) to lock some chunk in memory. % % Any ideas on how to accomplish this within the PHP construct? Well, gnupg can encrypt and decrypt a stream, and there is a GNUPG class at phpclasses.org, so I would probably leave all of the encryption and key work to it and go that way. If you really wanted to be secure, you might implement some javascript or a java applet to encrypt it before it ever left the browser (and, similarly, decrypt it when it's requested later); then you only ever deal with the encrypted version (ick -- I can't believe I just suggested J-anything). % % Thanks! So what in the world is this data which must be so secure that even you can't see it? HTH HAND :-D -- David T-G * There is too much animal courage in (play) [EMAIL PROTECTED] * society and not sufficient moral courage. (work) [EMAIL PROTECTED] -- Mary Baker Eddy, Science and Health http://justpickone.org/davidtg/ Shpx gur Pbzzhavpngvbaf Qrprapl Npg! pgp0.pgp Description: PGP signature
Re: [PHP] detaching and running php processes in the background
Gary C. New wrote: What is the best way to detach and run a command line based php script in the background from a web-based php script, without the need for reporting? Try something like : if (!($handle = popen(script.sh 21 /dev/null , r))) { echo Couldn't run process; } http://www.php.net/popen -- Burhan Khalid phplist[at]meidomus[dot]com http://www.meidomus.com --- Documentation is like sex: when it is good, it is very, very good; and when it is bad, it is better than nothing. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] free PHP OOP book - Web applications desgin
Hi, can anyone suggest a free PHP Object Oriented Programming book ... Or an Object Oriented Book for web applications. Plus i want to design customizable web pages: - I can change the hole layout by changing one file - If i change a database table i don't have to change alot in the code ... Is there any books that helps ?? thx. __ Do you Yahoo!? Free Pop-Up Blocker - Get it now http://companion.yahoo.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] detaching and running php processes in the background
On Fri, Nov 21, 2003 at 03:40:05AM -0700, Gary C. New wrote: : : What is the best way to detach and run a command line based php script : in the background from a web-based php script, without the need for : reporting? How about exec('command ') ? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Crossed paths?
On Fri, Nov 21, 2003 at 06:09:44AM -0500, MIKE YRABEDRA wrote: : : A customer of mine has recently started to see a weird error. He will get : the typical 'open_basedir' error, but it will say his allowed path is : another clients allowed path??? See an example below. : : Warning : Unknown(): open_basedir restriction in effect. : File(/Sites/thissite.com/www/forums/admin/template.php) is not within the : allowed path(s): (/sites/othersite.com) in Unknown on line 0 : : I set all my clients up with 'php_admin_value' parameters in their config : files. Each vhost is assigned their own directory. : : Any ideas? Where should I look to troubleshoot this one? The most obvious difference is /Sites vs. /sites. If your PHP server is using a case-sensitive filesystem, I'd check the whole uppercase-lowercase thing first. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: free PHP OOP book - Web applications desgin
If you want customizable layout without changing the logic, try the MVC approach (model-view-control). The best way to do it is to create the data from php in a XML (generate the logic), then create the layout with XSL. Thus, if you want to change the layout, all you have to do is to change the XSL. Aso, if you change the logic, you'll vave to change just the php generating the XML. Right now I'm doing just that, and I think this is the best approach (for me at least). There are several platforms that already have this MVC approach implemented Take a look at: http://www.interakt.ro/products/Krysalis/ It's a free PHP/XML/XSL platform that will help you to just that. Regards, Lucian Nagib Abi Fadel [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi, can anyone suggest a free PHP Object Oriented Programming book ... Or an Object Oriented Book for web applications. Plus i want to design customizable web pages: - I can change the hole layout by changing one file - If i change a database table i don't have to change alot in the code ... Is there any books that helps ?? thx. __ Do you Yahoo!? Free Pop-Up Blocker - Get it now http://companion.yahoo.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Removing security-problematic chars from strings
Troy S wrote: What is the best way to remove the characters from strings that may cause security problems? Namely, `, ', , , , \ and all non-printing strings. Did I miss any? Thanks. Why do you need to remove them? So I can't type grin? Is that a security violation? All you need to do is use htmlentities() and/or addslashes() to protect data being displayed or entered into a database. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] free PHP OOP book - Web applications desgin
Nagib Abi Fadel wrote: Hi, can anyone suggest a free PHP Object Oriented Programming book ... I don't know of a free one. But http://www.php.net/manual/en/ref.classobj.php is good starting point. Also try http://www.zend.com/zend/tut/ Or an Object Oriented Book for web applications. Plus i want to design customizable web pages: - I can change the hole layout by changing one file http://www.w3.org/Style/CSS http://www.glish/CSS http://www.bluerobot.com - If i change a database table i don't have to change alot in the code Use an external database abstraction library. Like PEAR::DB -- however good database design will help a lot in this regard. -- Burhan Khalid phplist[at]meidomus[dot]com http://www.meidomus.com --- Documentation is like sex: when it is good, it is very, very good; and when it is bad, it is better than nothing. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] PHP to create Printable format
[snip] Right now, I am trying to do generation of report using PHP in which the report should be in a printable format later on. How do you define a printable format? Ideally, you want to do this in CSS. The print version would just load a differnet style sheet than the main format. You can also do it with PHP, like conditionally including / excluding blocks, changing colors, fonts, sizes, etc [/snip] I second John's How do you define a printable format? I like his plan and just wish to add that you could create printable PDFs using PHP. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Crossed paths?
on 11/21/03 6:47 AM, Eugene Lee at [EMAIL PROTECTED] wrote: : A customer of mine has recently started to see a weird error. He will get : the typical 'open_basedir' error, but it will say his allowed path is : another clients allowed path??? See an example below. : : Warning : Unknown(): open_basedir restriction in effect. : File(/Sites/thissite.com/www/forums/admin/template.php) is not within the : allowed path(s): (/sites/othersite.com) in Unknown on line 0 : : I set all my clients up with 'php_admin_value' parameters in their config : files. Each vhost is assigned their own directory. : : Any ideas? Where should I look to troubleshoot this one? The most obvious difference is /Sites vs. /sites. If your PHP server is using a case-sensitive filesystem, I'd check the whole uppercase-lowercase thing first. Not likely, I am running Mac OS X and have never had a 'case' problem. ++ Mike Yrabedra (President) 323 Incorporated Home of MacDock.com, MacAgent.com and MacShirt.com ++ W: http://www.323inc.com/ P: 770.382.1195 F: 734.448.5164 E: [EMAIL PROTECTED] I: ichatmacdock ++ Whatever you do, work at it with all your heart, as working for the Lord, not for men. ~Colossians 3:23 {{{ ++ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] creating a module for php 4.2.2 with Apache 2.0. php 4.3.3
Hello, my probelm is, if i create a module with apache 2.0 php 4.3.3 it doesn`t work on the server were apache 1.3.7 with php 4.2.2. is installed. how can i create a modul with apache 2.0. with php 4.3.3 that works fine with apache 1.3.7 and php 4.2.2 ? -- thanks Bernd -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Removing security-problematic chars from strings
-Oorspronkelijk bericht- Van: John W. Holmes [mailto:[EMAIL PROTECTED] Troy S wrote: What is the best way to remove the characters from strings that may cause security problems? Namely, `, ', , , , \ and all non-printing strings. Did I miss any? Thanks. Why do you need to remove them? So I can't type grin? Is that a security violation? All you need to do is use htmlentities() and/or addslashes() to protect data being displayed or entered into a database. If you're worried about HTML code being entered (guess from desire to strip , and /) and messing up your site's layout, you might wanna call strip_tags($String, $AllowedTags); where $AllowedTags is a string like 'bui' if you want to allow bold, underline and italics. What is your intention? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Search File
I'm trying to find a way to search text files in a directory using php. I've done some researching under the filesystem section on php.net but seem to have come up empty handed. Is there a way to do keyword searches on a txt file in a directory hopefully with some type of relevance ranking? Thanks -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Search File
[snip] I'm trying to find a way to search text files in a directory using php. I've done some researching under the filesystem section on php.net but seem to have come up empty handed. Is there a way to do keyword searches on a txt file in a directory hopefully with some type of relevance ranking? [/snip] This approach is rather simplistic, but may point you in the right direction. Open each file in the directory and count the number of times each key word appears. Return a list of links ranked by the number of times each key word appears in each text file. Just a starting point...HTH -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] xslt_create error
Hi! I get the error: Fatal error: Call to undefined function: xslt_create() on line 5 when I try a call to the function... I'm using a webhotel with PHP: PHP Version 4.3.3 System FreeBSD web06.talkactive.net 4.7-RELEASE FreeBSD 4.7-RELEASE #0: Wed Oct i386 Build Date Aug 29 2003 16:48:03 Configure Command './configure' '--enable-versioning' '--enable-memory-limit' '--with-layout=GNU' '--with-zlib-dir=/usr' '--disable-all' '--with-regex=php' '--disable-cli' '--with-apxs=/usr/local/sbin/apxs' '--enable-ctype' '--with-curl=/usr/local' '--with-gd' '--enable-gd-native-ttf' '--enable-gd-jis-conv' '--with-freetype-dir=/usr/local' '--with-jpeg-dir=/usr/local' '--with-png-dir=/usr/local' '--with-xpm-dir=/usr/local' '--with-mysql=/usr/local' '--enable-overload' '--with-pcre-regex=yes' '--enable-posix' '--enable-session' '--enable-sockets' '--enable-tokenizer' '--enable-xml' '--with-expat-dir=/usr/local' '--with-zlib=yes' '--prefix=/usr/local' 'i386-portbld-freebsd4.7' Server API Apache Virtual Directory Support disabled Configuration File (php.ini) Path /usr/local/etc/php.ini PHP API 20020918 PHP Extension 20020429 Zend Extension 20021010 Debug Build no Thread Safety disabled Registered PHP Streams php, http, ftp, compress.zlib what is it I do wrong?? thanks! _ FÃ¥ alle de nye og sjove ikoner med MSN Messenger http://messenger.msn.dk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Removing security-problematic chars from strings
Wouter van Vliet wrote: John W. Holmes Troy S wrote: What is the best way to remove the characters from strings that may cause security problems? Namely, `, ', , , , \ and all non-printing strings. Did I miss any? Thanks. Why do you need to remove them? So I can't type grin? Is that a security violation? All you need to do is use htmlentities() and/or addslashes() to protect data being displayed or entered into a database. If you're worried about HTML code being entered (guess from desire to strip , and /) and messing up your site's layout, you might wanna call strip_tags($String, $AllowedTags); where $AllowedTags is a string like 'bui' if you want to allow bold, underline and italics. You could do this if you want to allow cross site scripting vulerabilities on your site: Hello b onmouseover=alert('hi');you/b. And prevent such evil text as grin or foo... -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Is there a way to use the strpos() for next string...
Yea, plan to file a bug to include an example. As soon as the strpos() script work then I'll go ahead. Right now, mine doesn't work correctly with the 3rd and 4th line of code, so I'm trying to figure out why. :-) Scott Mike Ford [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] On 20 November 2003 20:39, Scott Fletcher wrote: Yea, the manual is clear but honestly, don't know what the offset really meant since there is no definition or explaination of how the offset work. Well, I really don't know how much clearer the sentence that says The optional offset parameter allows you to specify which character in haystack to start searching can be -- if you can suggest some better wording, that would have worked for you, then maybe one of us can add a user note to the manual and/or a documentation bug requesting an enhancement. And, notwithstanding the clarity of the description, I agree it would be useful to have another example showing the use of the 3rd argument, so that could be done in the same way. Cheers! Mike - Mike Ford, Electronic Information Services Adviser, Learning Support Services, Learning Information Services, JG125, James Graham Building, Leeds Metropolitan University, Beckett Park, LEEDS, LS6 3QS, United Kingdom Email: [EMAIL PROTECTED] Tel: +44 113 283 2600 extn 4730 Fax: +44 113 283 3211 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP to create Printable format
Jay, et al -- ...and then Jay Blanchard said... % % [snip] % report should be in a printable format later on. % % How do you define a printable format? ... % [/snip] % % I second John's How do you define a printable format? Right. % % I like his plan and just wish to add that you could create printable % PDFs using PHP. Well, be careful of that... Usually one expects a printable version or a printer-friendly format to be stripped of eye candy that would be useless on paper -- but to still work within the web browser. There are many reasons PDFs won't work for people in search of a printable format; not having (or being allowed to install) AcroRead is one, and my personal favorite is that printer-friendly pages are also me-friendly pages when I surf with lynx (I rarely drag out a GUI browser, and rarely to the point of almost never allow Javascript). % % -- % PHP General Mailing List (http://www.php.net/) % To unsubscribe, visit: http://www.php.net/unsub.php HTH HAND :-D -- David T-G * There is too much animal courage in (play) [EMAIL PROTECTED] * society and not sufficient moral courage. (work) [EMAIL PROTECTED] -- Mary Baker Eddy, Science and Health http://justpickone.org/davidtg/ Shpx gur Pbzzhavpngvbaf Qrprapl Npg! pgp0.pgp Description: PGP signature
RE: [PHP] xslt_create error
In your configure command, you have enabled xml support, but not xslt support. Read http://nl3.php.net/manual/en/ref.xslt.php Installation On UNIX, run configure with the --enable-xslt --with-xslt-sablot options. The Sablotron library should be installed somewhere your compiler can find it. Make sure you have the same libraries linked to the Sablotron library as those, which are linked with PHP. The configuration options: --with-expat-dir=DIR --with-iconv-dir=DIR are there to help you specify them. When asking for support, always mention these directives, and whether there are other versions of those libraries installed on your system somewhere. Naturally, provide all the version numbers. so, the function is, as the error says, undefined ;) -Oorspronkelijk bericht- Van: Mr. Me [mailto:[EMAIL PROTECTED] Verzonden: vrijdag 21 november 2003 14:39 Aan: [EMAIL PROTECTED] Onderwerp: [PHP] xslt_create error Hi! I get the error: Fatal error: Call to undefined function: xslt_create() on line 5 when I try a call to the function... I'm using a webhotel with PHP: PHP Version 4.3.3 System FreeBSD web06.talkactive.net 4.7-RELEASE FreeBSD 4.7-RELEASE #0: Wed Oct i386 Build Date Aug 29 2003 16:48:03 Configure Command './configure' '--enable-versioning' '--enable-memory-limit' '--with-layout=GNU' '--with-zlib-dir=/usr' '--disable-all' '--with-regex=php' '--disable-cli' '--with-apxs=/usr/local/sbin/apxs' '--enable-ctype' '--with-curl=/usr/local' '--with-gd' '--enable-gd-native-ttf' '--enable-gd-jis-conv' '--with-freetype-dir=/usr/local' '--with-jpeg-dir=/usr/local' '--with-png-dir=/usr/local' '--with-xpm-dir=/usr/local' '--with-mysql=/usr/local' '--enable-overload' '--with-pcre-regex=yes' '--enable-posix' '--enable-session' '--enable-sockets' '--enable-tokenizer' '--enable-xml' '--with-expat-dir=/usr/local' '--with-zlib=yes' '--prefix=/usr/local' 'i386-portbld-freebsd4.7' Server API Apache Virtual Directory Support disabled Configuration File (php.ini) Path /usr/local/etc/php.ini PHP API 20020918 PHP Extension 20020429 Zend Extension 20021010 Debug Build no Thread Safety disabled Registered PHP Streams php, http, ftp, compress.zlib what is it I do wrong?? thanks! _ FÃ¥ alle de nye og sjove ikoner med MSN Messenger http://messenger.msn.dk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] time out for mysql_connect
Is there anyway to set a time out on this command: mysql_connect($host, $UN, $PW); so that if it can´t connect after a certain amount of time, it returns an error and the program continues? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] tar and ownership
Greetings! I'm writing a script that downloads a tarball from an FTP server and unpacks it into a directory. Here's the line of code that does this. exec(tar -C /scripts/ -zxv --preserve-permissions -f . /scripts/mailfiles.tar.gz) or die('Tar failed!'); My problem is that the files' ownership is changed when the tarball is unpacked. I'm executing the script from a web browser and Apache is running as the user apache so the files are unpacked and ownership given to the user apache. How can I make it so the files will keep the original ownerships? This is important because the files are mail files and the script is used to restore the mail files from backup so the users can access them. Thanks! Rod -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Removing security-problematic chars from strings
-Oorspronkelijk bericht- Van: John W. Holmes [mailto:[EMAIL PROTECTED] Verzonden: vrijdag 21 november 2003 14:38 Wouter van Vliet wrote: John W. Holmes Troy S wrote: What is the best way to remove the characters from strings that may cause security problems? Namely, `, ', , , , \ and all non-printing strings. Did I miss any? Thanks. Why do you need to remove them? So I can't type grin? Is that a security violation? All you need to do is use htmlentities() and/or addslashes() to protect data being displayed or entered into a database. If you're worried about HTML code being entered (guess from desire to strip , and /) and messing up your site's layout, you might wanna call strip_tags($String, $AllowedTags); where $AllowedTags is a string like 'bui' if you want to allow bold, underline and italics. You could do this if you want to allow cross site scripting vulerabilities on your site: Hello b onmouseover=alert('hi');you/b. And prevent such evil text as grin or foo... -- Let's make this personal: what would be your answer if I would advice the friendly person to do this: ?php (..) $Content holds the string that you would want to be safe # Create an array with allowed tags $Allowed = Array('b', 'u', 'i', 'grin', 'foo'); # Compose var to send to strip_tags $AllowedTags = ''; foreach($Allowed as $Tag) $AllowedTags .= ''.$Tag.''; # Strip tags $Content = strip_tags($Content, $AllowedTags); # Make tags SAFE $Content = preg_replace('/('.join($Allowed, '|').')([^]+)/', '$1', $Content); ? Your turn ! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Curious about something....
Hi, The question sounded more like a technical one - is it an advantage in terms of memory? CPU? startup overhead? etc. Yeah, it was mostly a technical one, and it was also one that left me scratching my head. I guess in other languages, I just import or include the library I want to use for each project. Unfortunately, I can't just always recompile PHP everytime I want to use a different one, and was trying to find some justification for this. I've decided that I'm gonna go thru and get a list of all the libraries I want to enable, and do it all at once when I can. -Dan Joseph -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] tar and ownership
Rodney Green wrote: Greetings! I'm writing a script that downloads a tarball from an FTP server and unpacks it into a directory. Here's the line of code that does this. exec(tar -C /scripts/ -zxv --preserve-permissions -f . /scripts/mailfiles.tar.gz) or die('Tar failed!'); My problem is that the files' ownership is changed when the tarball is unpacked. I'm executing the script from a web browser and Apache is running as the user apache so the files are unpacked and ownership given to the user apache. How can I make it so the files will keep the original ownerships? This is important because the files are mail files and the script is used to restore the mail files from backup so the users can access them. Only root can change file ownership. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] time out for mysql_connect
Diana Castillo wrote: Is there anyway to set a time out on this command: mysql_connect($host, $UN, $PW); so that if it can´t connect after a certain amount of time, it returns an error and the program continues? ini_set('mysql.connect_timeout', ... ); -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Avoiding duplicate orders?
* Thus wrote J J ([EMAIL PROTECTED]): What is the simplest way to avoid duplicate order entry on a form? Some people aren't patient enough to wait for the SSL/credit card processing and will click the submit button two, three, or more times causing duplicate orders. Is there a quick way to disable the submit button at least in javascript? Better yet, something quick and easy that could be done server-side without a lot of programming like cookies, database flags, etc? Here is a method to prevent user from hitting reload. yourform.php: ?php $valid_form = uniqid(mtrand()); $_SESSION['valid_form'] = $valid_form; ? input type=hidden name=valid_form value=?php echo $valid_form? Then the processing.php: ?php ingore_user_abort(1); $valid_form = $_SESSION['valid_form']; // get the validation $_SESSION['valid_form'] = ''; // clear validation if(empty($_GET['valid_form']) || $valid_form != $_GET['valid_form']) { echo I told you not to reload the damn thing; exit; } // confirm order isn't already being processed... // ... // process order // ... ? I've thought of a few things (like hidden variables with an order ID or cookies/flags) but this really should be a quick fix since it's not a big problem on the site. Thanks in advance for any tips or techniques! __ Do you Yahoo!? Free Pop-Up Blocker - Get it now http://companion.yahoo.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Curt -- My PHP key is worn out PHP List stats since 1997: http://zirzow.dyndns.org/html/mlists/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] passthru gives error in httpd/error_log
Tom Rogers [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] You probably have to put the full path to ls ? passthru('/bin/ls -l'); ? -- regards, Tom No, I've tried that along with all other obvious path stuff. /Jesper -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Curious about something....
* Thus wrote Dan Joseph ([EMAIL PROTECTED]): Hi, The question sounded more like a technical one - is it an advantage in terms of memory? CPU? startup overhead? etc. Yeah, it was mostly a technical one, and it was also one that left me scratching my head. I guess in other languages, I just import or include the library I want to use for each project. Unfortunately, I can't just always recompile PHP everytime I want to use a different one, and was trying to find some justification for this. I've decided that I'm gonna go thru and get a list of all the libraries I want to enable, and do it all at once when I can. You can build php with what you consider you'll be using the most and enable (as shared modules) the other modules you might consider using in certain scripts. Then in a script that uses the shared module, you can just add dl('mcrypt.so') in the sript. Curt -- My PHP key is worn out PHP List stats since 1997: http://zirzow.dyndns.org/html/mlists/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Removing security-problematic chars from strings
--- Troy S [EMAIL PROTECTED] wrote: What is the best way to remove the characters from strings that may cause security problems? Namely, `, ', , , , \ and all non-printing strings. Did I miss any? As others have mentioned, this is the wrong approach if security is your concern. If someone is supposed to be entering a name, should characters such as $, %, and # be allowed? How about numbers? It's best to only allow valid data rather than bother to try and think of all of the ways invalid data can cause problems. You're sure to miss something. After all, it's basically you versus the world in a game of creativity, and the odds are against you. Also, each type of data will have its own requirements; they're all potentially different. As John mentioned, if people are submitting a post to a forum or something, they might want to be talking about code. In this case, something like htmlentities() will allow them to write code without posing such a risk. Hope that helps. Chris = Chris Shiflett - http://shiflett.org/ PHP Security Handbook Coming mid-2004 HTTP Developer's Handbook http://httphandbook.org/ RAMP Training Courses http://www.nyphp.org/ramp -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Removing security-problematic chars from strings
* Thus wrote Troy S ([EMAIL PROTECTED]): Greetings, What is the best way to remove the characters from strings that may cause security problems? Namely, `, ', , , , \ and all non-printing strings. Did I miss any? Thanks. Cause security problems in what sense? Curt -- My PHP key is worn out PHP List stats since 1997: http://zirzow.dyndns.org/html/mlists/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] system(traceroute host); not working with new apache upgrade
Hi there, I'm sorry if this is the wrong place to ask this question but I am new to these newsgroups. We have found that servers using php 4.3.3 that were happily running this command: system(traceroute wherever); have now ceased to work since the last apache upgrade. Ping still works fine. Does anyone have any ideas what could have caused us to lose this command? Thanks for your time. Robert Morrison -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] system(traceroute host); not working with new apache upgrade
[snip] I'm sorry if this is the wrong place to ask this question but I am new to these newsgroups. We have found that servers using php 4.3.3 that were happily running this command: system(traceroute wherever); have now ceased to work since the last apache upgrade. Ping still works fine. Does anyone have any ideas what could have caused us to lose this command? [/snip] Have you tried this from the command prompt? Does it work? If not you will need to consult an Apache list. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] strpos() act funny when searching for ]]....
strpos() is acting a little bit funny. When I do this... --snip-- $a = strpos($data,]]); --snip-- Problem is there are ]] characters in the $data string and it just doesn't see it. Anyone know why and what is the workaround to it? Scott F. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] strpos() act funny when searching for ]]....
[snip] strpos() is acting a little bit funny. When I do this... --snip-- $a = strpos($data,]]); --snip-- Problem is there are ]] characters in the $data string and it just doesn't see it. Anyone know why and what is the workaround to it? [/snip] Does it need to be escaped? *shootin' from da' hip* $a = strpos($data,\]]); -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Timer and submit button
I am trying to create a timer tha would prevent someone from clicking submit until the timer reaches zero. THe reason is to keep an individual on a page for a certain amount of time. Does anyone know the best way to do this? PHP? Javascript? Any examples? Frank __ Do you Yahoo!? Free Pop-Up Blocker - Get it now http://companion.yahoo.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] strpos() act funny when searching for ]]....
* Thus wrote Scott Fletcher ([EMAIL PROTECTED]): strpos() is acting a little bit funny. When I do this... --snip-- $a = strpos($data,]]); --snip-- Problem is there are ]] characters in the $data string and it just doesn't see it. Anyone know why and what is the workaround to it? It works perfectly fine: $data = 'asdf ]] asdf'; $a = strpos($data,]]); print $a; //output: 5 Curt -- My PHP key is worn out PHP List stats since 1997: http://zirzow.dyndns.org/html/mlists/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] system(traceroute host); not working with new apache upgrade
Robert Morrison wrote: Hi there, I'm sorry if this is the wrong place to ask this question but I am new to these newsgroups. We have found that servers using php 4.3.3 that were happily running this command: system(traceroute wherever); have now ceased to work since the last apache upgrade. Ping still works fine. Does anyone have any ideas what could have caused us to lose this command? Thanks for your time. Robert Morrison Try: - full path to traceroute - become the apache user and execute to command And report the results. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] strpos() act funny when searching for ]]....
I thought about that also, so I took your suggestion and tried it. Still doens't work... I tried those... \]]; \]\]; Scott F. Jay Blanchard [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] [snip] strpos() is acting a little bit funny. When I do this... --snip-- $a = strpos($data,]]); --snip-- Problem is there are ]] characters in the $data string and it just doesn't see it. Anyone know why and what is the workaround to it? [/snip] Does it need to be escaped? *shootin' from da' hip* $a = strpos($data,\]]); -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] strpos() act funny when searching for ]]....
Um, it seem to work. That's weird. Should have check for the string length first, so I wasn't looking at the same problem. So, I did further debugging and I'm going to post the script here. Still don't know what is the problem here... --snip-- $XML_Start = (strpos($res_str,![CDATA[)+9); $HTML_Start = (strpos($res_str,![CDATA[,$XML_Start)+9); $HTML_End = strpos($res_str,]],$HTML_Start); $XML_End = strpos($res_str,]],$HTML_End); echo $XML_Start. ***XML Startbr; echo $XML_End. ***XML Endbrbr; echo $HTML_Start. ***HTML Startbr; echo $HTML_End. ***HTML Endbr; echo strlen($res_str); --snip-- The response I got here is... --snip-- 319 ***XML Start 119843 ***XML End 25650 ***HTML Start 119843 ***HTML End 120015 --snip-- As we see, the number for $XML_End and $HTML_End are the same which is not correct because there are two seperate ]] near the end of hte string. So, I still don't know what hte problem is... Scott F. Curt Zirzow [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] * Thus wrote Scott Fletcher ([EMAIL PROTECTED]): strpos() is acting a little bit funny. When I do this... --snip-- $a = strpos($data,]]); --snip-- Problem is there are ]] characters in the $data string and it just doesn't see it. Anyone know why and what is the workaround to it? It works perfectly fine: $data = 'asdf ]] asdf'; $a = strpos($data,]]); print $a; //output: 5 Curt -- My PHP key is worn out PHP List stats since 1997: http://zirzow.dyndns.org/html/mlists/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] strpos() act funny when searching for ]]....
[snip] I thought about that also, so I took your suggestion and tried it. Still doens't work... I tried those... \]]; \]\]; [/snip] I tried Curt's solution...no problem. What are you expecting from strpos()? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Adding X days to a time string...
Storing a date in seconds (Unix timestamp) in a database and want to add X number of days to this. So I want to extend a time by say 5 days, what is the best method to handle this? It's always stored as a timestamp for a day not an exact time. So dates are stored as day (March 5th, 2003). Jeff
RE: [PHP] Adding X days to a time string...
[snip] Storing a date in seconds (Unix timestamp) in a database and want to add X number of days to this. So I want to extend a time by say 5 days, what is the best method to handle this? It's always stored as a timestamp for a day not an exact time. So dates are stored as day (March 5th, 2003). [/snip] http://www.php.net/strtotime -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Adding X days to a time string...
Sorry, I may have muddled that...the issue isn't converting a string to a time, it's taking a time (102636 for example) and adding 30 days to that. Jeff -Original Message- From: Jay Blanchard [mailto:[EMAIL PROTECTED] Sent: Friday, November 21, 2003 11:13 AM To: [EMAIL PROTECTED]; php-gen Subject: RE: [PHP] Adding X days to a time string... [snip] Storing a date in seconds (Unix timestamp) in a database and want to add X number of days to this. So I want to extend a time by say 5 days, what is the best method to handle this? It's always stored as a timestamp for a day not an exact time. So dates are stored as day (March 5th, 2003). [/snip] http://www.php.net/strtotime -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Timer and submit button
From: Frank Tudor [EMAIL PROTECTED] I am trying to create a timer tha would prevent someone from clicking submit until the timer reaches zero. JavaScript. ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] strpos() act funny when searching for ]]....
Just a stupid idea : are you sure you have '' in your text and not 'gt;' ? Scott Fletcher wrote: I thought about that also, so I took your suggestion and tried it. Still doens't work... I tried those... \]]; \]\]; Scott F. Jay Blanchard [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] [snip] strpos() is acting a little bit funny. When I do this... --snip-- $a = strpos($data,]]); --snip-- Problem is there are ]] characters in the $data string and it just doesn't see it. Anyone know why and what is the workaround to it? [/snip] Does it need to be escaped? *shootin' from da' hip* $a = strpos($data,\]]); -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Adding X days to a time string...
On Fri, 21 Nov 2003, Jeff Lewis wrote: Sorry, I may have muddled that...the issue isn't converting a string to a time, it's taking a time (102636 for example) and adding 30 days Having it in seconds since the epoch makes this pretty easy (60 * 60) * 24 = 86400 // seconds in a day (86400 * days) + timestamp -- Kelly Hallman //Ultrafancy/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] strpos() act funny when searching for ]]....
Yea, it's a and not a gt;.. It is pure XML tags Found the problem now, so no problem now. See other branch of this posting of a workaround to the problem I did... Thanks, Scott Sophie Mattoug [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Just a stupid idea : are you sure you have '' in your text and not 'gt;' ? Scott Fletcher wrote: I thought about that also, so I took your suggestion and tried it. Still doens't work... I tried those... \]]; \]\]; Scott F. Jay Blanchard [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] ... [snip] strpos() is acting a little bit funny. When I do this... --snip-- $a = strpos($data,]]); --snip-- Problem is there are ]] characters in the $data string and it just doesn't see it. Anyone know why and what is the workaround to it? [/snip] Does it need to be escaped? *shootin' from da' hip* $a = strpos($data,\]]); -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] strpos() act funny when searching for ]]....
Ah! Found the problem... It is probably a bug with strpos() because it seem to get stuck in there and couldn't get out of it somehow. The workaround the problem I did was just easily increment the $HTML_End by 1 and that fixed the problem. It look like this... --snip-- $XML_Start = (strpos($res_str,![CDATA[)+9); $HTML_Start = (strpos($res_str,![CDATA[,$XML_Start)+9); $HTML_End = strpos($res_str,]],$HTML_Start); $HTML_End += 1; $XML_End = strpos($res_str,]],$HTML_End); --snip-- Thanks all for the quick feedback! I appreciate it! Scott F. Scott Fletcher [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Um, it seem to work. That's weird. Should have check for the string length first, so I wasn't looking at the same problem. So, I did further debugging and I'm going to post the script here. Still don't know what is the problem here... --snip-- $XML_Start = (strpos($res_str,![CDATA[)+9); $HTML_Start = (strpos($res_str,![CDATA[,$XML_Start)+9); $HTML_End = strpos($res_str,]],$HTML_Start); $XML_End = strpos($res_str,]],$HTML_End); echo $XML_Start. ***XML Startbr; echo $XML_End. ***XML Endbrbr; echo $HTML_Start. ***HTML Startbr; echo $HTML_End. ***HTML Endbr; echo strlen($res_str); --snip-- The response I got here is... --snip-- 319 ***XML Start 119843 ***XML End 25650 ***HTML Start 119843 ***HTML End 120015 --snip-- As we see, the number for $XML_End and $HTML_End are the same which is not correct because there are two seperate ]] near the end of hte string. So, I still don't know what hte problem is... Scott F. Curt Zirzow [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] * Thus wrote Scott Fletcher ([EMAIL PROTECTED]): strpos() is acting a little bit funny. When I do this... --snip-- $a = strpos($data,]]); --snip-- Problem is there are ]] characters in the $data string and it just doesn't see it. Anyone know why and what is the workaround to it? It works perfectly fine: $data = 'asdf ]] asdf'; $a = strpos($data,]]); print $a; //output: 5 Curt -- My PHP key is worn out PHP List stats since 1997: http://zirzow.dyndns.org/html/mlists/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] strpos() act funny when searching for ]]....
You can find more info about this on other branches, I found hte workaround to this problem. So, what am I expecting from strpos() is to find a starting point and ending point to the XML data and HTML data that are within the ![CDATA[]] tag...Like this [XML[CDATA[XML..[CDATA...[HTML]]].] Thanks, Scott F. Jay Blanchard [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] [snip] I thought about that also, so I took your suggestion and tried it. Still doens't work... I tried those... \]]; \]\]; [/snip] I tried Curt's solution...no problem. What are you expecting from strpos()? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Adding X days to a time string...
On Fri, Nov 21, 2003 at 11:15:20AM -0500, Jeff Lewis wrote: Sorry, I may have muddled that...the issue isn't converting a string to a time, it's taking a time (102636 for example) and adding 30 days to that. Ah, but it is an issue of converting a string to a time. strtotime() can Parse about any English textual datetime description into a UNIX timestamp. It also has a handy optional parameter telling you when to consider now. So to add thirty days to now (102636 in your example): ?php $now = however_you_get_your_timestamp(); $future = strtotime('+30 days', $now); ? Such a handy function -- no need to worry about leap years, number of days in a month, etc... -- [ joel boonstra | gospelcom.net ] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Removing security-problematic chars from strings
From: Wouter van Vliet [EMAIL PROTECTED] Let's make this personal: what would be your answer if I would advice the friendly person to do this: Heh.. I hope you're just kidding about making it personal... I was just presenting security problems with various solutions. ?php (..) $Content holds the string that you would want to be safe # Create an array with allowed tags $Allowed = Array('b', 'u', 'i', 'grin', 'foo'); # Compose var to send to strip_tags $AllowedTags = ''; foreach($Allowed as $Tag) $AllowedTags .= ''.$Tag.''; # Strip tags $Content = strip_tags($Content, $AllowedTags); # Make tags SAFE $Content = preg_replace('/('.join($Allowed, '|').')([^]+)/', '$1', $Content); ? I didn't actually try that, but I'm sure it's fine. I seems to remove any extra data in the tags you want to allow. It's good that you're still stopping me from entering such devious and sinister code such as (.) (.) and bar... My point here is that I absolutely loath the strip_tags() function and think it should be banished to the 12th circle of hell, meaning mainly ASP or JSP. I can think of no valid reason where anyone would require that function. In any program, if I enter the string foo, then I expect to either 1) Receive an error or 2) See _exactly_ that string on any web page, email, etc, showing my string. I do not want your program (speaking in general terms here) to remove something from my string because it assumes it could possibly be something bad. I'm against letting users enter HTML in their data, also. I'd rather emply a bbcode type solution, turning [b] into b, etc. This way, YOU set the rules and say the user can do these _5_ things in this exact syntax. Otherwise you're held at the mercy of the HTML and browser specs and hoping that even just allowing b in the future won't have any security issues. When _you_ set the rules, you win. So, my suggestions: 1. Just run everything through htmlentities(). If the users require advanced formatting, provide a bbcode solution. 2. If you just _have to_ let users use HTML like b and i, then I'd use a solution similar to what you have above, but drop the strip_tags. $allowed_tags = array('b','i'); $safe_data = htmlentities($unsafe_data,ENT_QUOTES); foreach($allowed_tags as $tag) { $formatted_data = preg_replace('/lt;' . $tag . 'gt;(.*)lt;\/' . $tag . 'gt;/Ui',$tag$1/$tag,$safe_data); } Untested of course, but the only point that someone should take away is that you should set the rules... ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Removing security-problematic chars from strings
--- CPT John W. Holmes [EMAIL PROTECTED] wrote: Let's make this personal: what would be your answer if I would advice the friendly person to do this: Heh.. I hope you're just kidding about making it personal. I think it might be a language subtlety that wasn't intended to mean what we think it means. :-) I think he just meant that he wanted to get specific or something like that. I'm against letting users enter HTML in their data, also. I'd rather emply a bbcode type solution, turning [b] into b, etc. This way, YOU set the rules and say the user can do these _5_ things in this exact syntax. Otherwise you're held at the mercy of the HTML and browser specs and hoping that even just allowing b in the future won't have any security issues. When _you_ set the rules, you win. I disagree with John here, but that's OK. :-) We seem to have different perspectives about this bbcode stuff. Personally, I see no need to define a new markup language that you intend to convert to HTML anyway. It is an unnecessary complication that yields no benefits from what I can see. If you run everything through htmlentities() but want some things interpreted, you can always use str_replace() to allow the very specific tags that you want. There's no need for regular expressions or risking the b onclick= type of stuff. But, that's the ncie thing about this list. You get a lot of different perspectives, answers, etc. Chris = Chris Shiflett - http://shiflett.org/ PHP Security Handbook Coming mid-2004 HTTP Developer's Handbook http://httphandbook.org/ RAMP Training Courses http://www.nyphp.org/ramp -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] strpos() act funny when searching for ]]....
On Fri, 21 Nov 2003, Scott Fletcher wrote: Ah! Found the problem... It is probably a bug with strpos() because it seem to get stuck in there and couldn't get out of it somehow. The workaround the problem I did was just easily increment the $HTML_End by 1 and that fixed the problem. It look like this... You should avoid statements like _ doesn't work (try I can't get it to work or it doesn't work for me) and It's probably a bug with... Anyway, strpos() is working exactly like it's supposed to... Consider this code: $t = ** string string string; $l = strpos($t,string); // $l == 3 Now, if you tell strpos() to start searching at offset 3 for the same exact string, it's going to find the same occurence because you're telling it to start looking exactly where it found it last time. So, naturally, you need to advance the character position by at least one to find subsequent occurences. This isn't a workaround. You had the bug. -- Kelly Hallman // Ultrafancy -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Removing security-problematic chars from strings
From: Chris Shiflett [EMAIL PROTECTED] --- CPT John W. Holmes [EMAIL PROTECTED] wrote: I'm against letting users enter HTML in their data, also. I'd rather emply a bbcode type solution, turning [b] into b, etc. I disagree with John here, but that's OK. :-) We seem to have different perspectives about this bbcode stuff. Personally, I see no need to define a new markup language that you intend to convert to HTML anyway. It is an unnecessary complication that yields no benefits from what I can see. If you run everything through htmlentities() but want some things interpreted, you can always use str_replace() to allow the very specific tags that you want. There's no need for regular expressions or risking the b onclick= type of stuff. Heh... my turn to disagree again. You can do a simple str_replace() to convert lt;bgt; back into b, but you're going to have to do it for each case. Also by doing that blindly, you can end up with orphaned tags affecting the rest of your page (making it all bold, for example). So, while I agree that adding another markup isn't always the best route, if you're not doing so, you need to include some regular expressions to account for all of the various implementations of the tags you want to allow. Your turn. :) ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] strpos() act funny when searching for ]]....
With a moment of studying to your comment, I am beginning to see why I am having the problem. I add the 9 in the first two lines of code, so I didn't realize that I would have encounter the problem if I didn't add the 9. Well, I seem to have problem understanding the word, 'offset' to the strpos() function because it is a bad choice of word but that is understandable when I use this function the first time and not understand it. Thanks for the clarification... Scott Kelly Hallman [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] On Fri, 21 Nov 2003, Scott Fletcher wrote: Ah! Found the problem... It is probably a bug with strpos() because it seem to get stuck in there and couldn't get out of it somehow. The workaround the problem I did was just easily increment the $HTML_End by 1 and that fixed the problem. It look like this... You should avoid statements like _ doesn't work (try I can't get it to work or it doesn't work for me) and It's probably a bug with... Anyway, strpos() is working exactly like it's supposed to... Consider this code: $t = ** string string string; $l = strpos($t,string); // $l == 3 Now, if you tell strpos() to start searching at offset 3 for the same exact string, it's going to find the same occurence because you're telling it to start looking exactly where it found it last time. So, naturally, you need to advance the character position by at least one to find subsequent occurences. This isn't a workaround. You had the bug. -- Kelly Hallman // Ultrafancy -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Removing security-problematic chars from strings
CPT John W. Holmes wrote: From: Wouter van Vliet [EMAIL PROTECTED] Let's make this personal: what would be your answer if I would advice the friendly person to do this: Heh.. I hope you're just kidding about making it personal... I was just presenting security problems with various solutions. Yes, I was just kidding. ?php (..) $Content holds the string that you would want to be safe # Create an array with allowed tags $Allowed = Array('b', 'u', 'i', 'grin', 'foo'); # Compose var to send to strip_tags $AllowedTags = ''; foreach($Allowed as $Tag) $AllowedTags .= ''.$Tag.''; # Strip tags $Content = strip_tags($Content, $AllowedTags); # Make tags SAFE $Content = preg_replace('/('.join($Allowed, '|').')([^]+)/', '$1', $Content); ? I didn't actually try that, but I'm sure it's fine. I seems to remove any extra data in the tags you want to allow. It's good that you're still stopping me from entering such devious and sinister code such as (.) (.) and bar... Neither did I try my own code. And yes, sinister code like bar and probably (.) (.) wouldn't come through the strip_tags function. Though I'm not sure about the second one. (nor the first one, but a little more) My point here is that I absolutely loath the strip_tags() function and think it should be banished to the 12th circle of hell, meaning mainly ASP or JSP. I can think of no valid reason where anyone would require that function. I sometimes use it to allow certain HTML code to be entered in a form. For example on a news site, where news editors are pretty familiar to HTML without any desire to use a new markup language. PHP is a programming language (as you no doubt know) designed and most used for web applications. I think PHP would lose it's identity as such without direct HTML code manipulating functions. In any program, if I enter the string foo, then I expect to either 1) Receive an error or 2) See _exactly_ that string on any web page, email, etc, showing my string. I do not want your program (speaking in general terms here) to remove something from my string because it assumes it could possibly be something bad. Agree. I'm against letting users enter HTML in their data, also. I'd rather emply a bbcode type solution, turning [b] into b, etc. This way, YOU set the rules and say the user can do these _5_ things in this exact syntax. Otherwise you're held at the mercy of the HTML and browser specs and hoping that even just allowing b in the future won't have any security issues. When _you_ set the rules, you win. Usually agree for forum like applications. Not for HTML email sending applications. So, my suggestions: 1. Just run everything through htmlentities(). If the users require advanced formatting, provide a bbcode solution. 2. If you just _have to_ let users use HTML like b and i, then I'd use a solution similar to what you have above, but drop the strip_tags. $allowed_tags = array('b','i'); $safe_data = htmlentities($unsafe_data,ENT_QUOTES); foreach($allowed_tags as $tag) { $formatted_data = preg_replace('/lt;' . $tag . 'gt;(.*)lt;\/' . $tag . 'gt;/Ui',$tag$1/$tag,$safe_data); } Untested of course, but the only point that someone should take away is that you should set the rules... H ... Still considering a reply to that one ;) ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Removing security-problematic chars from strings
--- CPT John W. Holmes [EMAIL PROTECTED] wrote: Heh... my turn to disagree again. You can do a simple str_replace() to convert lt;bgt; back into b, but you're going to have to do it for each case. Also by doing that blindly, you can end up with orphaned tags affecting the rest of your page (making it all bold, for example). How does bbcode make this easier or even different? It seems to me that lt;bgt; and [b] are a lot alike; they're both specific strings that you want to be converted to b. The difference is relying on the user to learn a markup language specific to your application. With no real benefit in doing so, this is an unnecessary complication. Slash uses regular HTML, and unlike any of our PHP equivalents (unfortunately), it is actually a nice CMS that isn't plagued with security vulnerabilities. So, my opinion isn't unique. Maybe I'm just the only non-Perl guy who thinks this way. :-) Your turn. :) Heh. :-) I don't think taking turns will help. We're probably both too stubborn to yield our respective positions. This isn't a new topic to me, and unless someone can bring up a point I haven't considered before, my opinion was made long ago. Chris = Chris Shiflett - http://shiflett.org/ PHP Security Handbook Coming mid-2004 HTTP Developer's Handbook http://httphandbook.org/ RAMP Training Courses http://www.nyphp.org/ramp -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] strpos() act funny when searching for ]]....
On Fri, 21 Nov 2003, Scott Fletcher wrote: Well, I seem to have problem understanding the word, 'offset' to the strpos() function because it is a bad choice of word strpos() and the word offset used with it is probably older than you ... :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Java and PHP
Hi I want to start a java system from a php script, anybody who know how i can do that. Something like this: if(isset($trigger)){ java javasystem -scenario; } Is this possible and how can i do it. -Fred -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] creating a module for php 4.2.2 with Apache 2.0. php 4.3.3
On Fri, 2003-11-21 at 07:33, Bernd wrote: Hello, my probelm is, if i create a module with apache 2.0 php 4.3.3 it doesn`t work on the server were apache 1.3.7 with php 4.2.2. is installed. how can i create a modul with apache 2.0. with php 4.3.3 that works fine with apache 1.3.7 and php 4.2.2 ? If you are talking about C extension modules, then you can't AFAIK. Loadable extension are not compatible between most major versions, and occasionally between minor versions. You need to compile different versions for your users to download. An option might be to package both, and given them some naming scheme based on the version of PHP with which they are compatible. Then at run time your PHP script could check the PHP version and load the correct one accordingly. HTH, Rob. -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] session.cookie_domain problem
I have a small application that uses adodb and session for user management. The sessions are managed through the use of adodb-session-clob.inc.php. The code snippet below shows what I do related to sessions (minuse some variable assignment). $cookie_domain is set to '.whatever.com' However, when I try to assign a cookie domain neither mozilla or ie will accept the cookie as I would expect they should. Konqueror on the other hand does accept it just fine. If I comment out that line, the cookie is properly established by all browsers, but only for that one particular host instead of for the domain. I have searched around for this for a few days in the mailing lists and bug db, but haven't really found a solution. I did see a message from one other person about this quite some time ago, but there was never a response to that person's inquiry. Does anyone have any idea what I am doing wrong, or is this a known issue Thanks, Dustin // Set session parameters and start session ini_set(session.gc_maxlifetime, 172800); ini_set( session.entropy_file,/dev/random); ini_set( session.entropy_length,512); ini_set( session.name,$session_name); ini_set( session.cookie_domain, $cookie_domain); session_start(); -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] strpos() act funny when searching for ]]....
Yea! :-) Don't we all hate it? :-) Mark Charette [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] On Fri, 21 Nov 2003, Scott Fletcher wrote: Well, I seem to have problem understanding the word, 'offset' to the strpos() function because it is a bad choice of word strpos() and the word offset used with it is probably older than you ... :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Search File
Vernon Webb wrote: I'm trying to find a way to search text files in a directory using php. I've done some researching under the filesystem section on php.net but seem to have come up empty handed. Is there a way to do keyword searches on a txt file in a directory hopefully with some type of relevance ranking? If you are on a unix system, you can just grep for the matches and then count the results. Send grep the list of files as input with your keyword -- and (I forget which option of grep it is man grep) grep will return the number of matches. Will probably be faster than reading each file using PHP. -- Burhan Khalid phplist[at]meidomus[dot]com http://www.meidomus.com --- Documentation is like sex: when it is good, it is very, very good; and when it is bad, it is better than nothing. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Mulitple selects from form drop down box
On Thu, 2003-11-20 at 17:12, CPT John W. Holmes wrote: select size=1 name=D1[] multiple Now $_POST['D1'] will be an array of all the items that were chosen. ---John Holmes... ps: wouldn't it be easier to select multiple items if you had a size larger than 1?? The 'size=1' in a select doesn't mean there is only one object in the select, it means only show one object, or one row. 'size=3' would show three rows at a time. Matt -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] tar and ownership
Marek Kilimajer wrote: Rodney Green wrote: Greetings! I'm writing a script that downloads a tarball from an FTP server and unpacks it into a directory. Here's the line of code that does this. exec(tar -C /scripts/ -zxv --preserve-permissions -f . /scripts/mailfiles.tar.gz) or die('Tar failed!'); My problem is that the files' ownership is changed when the tarball is unpacked. I'm executing the script from a web browser and Apache is running as the user apache so the files are unpacked and ownership given to the user apache. How can I make it so the files will keep the original ownerships? This is important because the files are mail files and the script is used to restore the mail files from backup so the users can access them. Only root can change file ownership. Thanks for replying. Any suggestions on how to do this then? Rod -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Removing security-problematic chars from strings
Chris Shiflett wrote: --- CPT John W. Holmes [EMAIL PROTECTED] wrote: Heh... my turn to disagree again. You can do a simple str_replace() to convert lt;bgt; back into b, but you're going to have to do it for each case. Also by doing that blindly, you can end up with orphaned tags affecting the rest of your page (making it all bold, for example). How does bbcode make this easier or even different? It seems to me that lt;bgt; and [b] are a lot alike; they're both specific strings that you want to be converted to b. The difference is relying on the user to learn a markup language specific to your application. With no real benefit in doing so, this is an unnecessary complication. Slash uses regular HTML, and unlike any of our PHP equivalents (unfortunately), it is actually a nice CMS that isn't plagued with security vulnerabilities. So, my opinion isn't unique. Maybe I'm just the only non-Perl guy who thinks this way. :-) Your turn. :) Heh. :-) I don't think taking turns will help. We're probably both too stubborn to yield our respective positions. This isn't a new topic to me, and unless someone can bring up a point I haven't considered before, my opinion was made long ago. Chris I don't think there is ONE pbest solution in this. It all comes down to what kind of user you're expecting to use the application and what kind of input you would want to allow. To what extent those users are 'to be trusted'. And also what to do with invalid input. The way I see it, in HTML there are four major groups of tags 1) tags to separate sections (HTMLBODYFRAMESET) 2) tags that go into the header 3) tags to lay the structure of your PAGE (divtable) 4) tags harmless for the structure, used for text formatting only (biufont) In my experience, web applications that let users input some code only provide tags from group 4. Just let users markup their own text, but make sure the general site layout is not influenced. Too wide TABLE's or layers would push out parts of the webpage's structure, so not wanted. B tags are generally harmless. When you can trust your users to be of good nature, not WANTING to mess up the page, safe to allow those and strip_tags the rest ones out. If you cannot trust the users, and expect them to be wanting to mess up OR are expecting users without a lot of HTML experience, give them ubb'like things to mess with. Give them [bold], [green], [quote] and they are as happy as you are. Now let's look at allowing grin and what to do with entered table tags. A user would want it's grin text to be displayed as is, where a user entering disallowed TABLE tags is probably best of with either an ignored post or just not showing the TABLE text. First example: gt; and lt; are GREAT, I love them and do use them a lot. Second example: strip_tags() is my bitch. Then you'd have to think about what properties to (dis)allow. When preg_replace()'ing things like /(style|class|on[\w]+)=[']?[^' ]*[']? / To an empty string, you're getting safer and safer. So .. Turn passes left ;) Wouter -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Removing security-problematic chars from strings
Chris Shiflett wrote: --- CPT John W. Holmes [EMAIL PROTECTED] wrote: Heh... my turn to disagree again. You can do a simple str_replace() to convert lt;bgt; back into b, but you're going to have to do it for each case. Also by doing that blindly, you can end up with orphaned tags affecting the rest of your page (making it all bold, for example). How does bbcode make this easier or even different? My only point was that I felt you _did_ need to use regular expression to ensure you're only converting paired tags. Just using str_replace() could leave orphaned tags unless you're keeping a count of what's been replaced. :) -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] tar and ownership
On Fri, Nov 21, 2003 at 01:10:28PM -0500, Rodney Green wrote: : Marek Kilimajer wrote: : Rodney Green wrote: : : I'm writing a script that downloads a tarball from an FTP server and : unpacks it into a directory. Here's the line of code that does this. : : exec(tar -C /scripts/ -zxv --preserve-permissions -f . : /scripts/mailfiles.tar.gz) or die('Tar failed!'); : : My problem is that the files' ownership is changed when the tarball : is unpacked. I'm executing the script from a web browser and Apache : is running as the user apache so the files are unpacked and : ownership given to the user apache. How can I make it so the files : will keep the original ownerships? This is important because the : files are mail files and the script is used to restore the mail files : from backup so the users can access them. : : Only root can change file ownership. : :Thanks for replying. Any suggestions on how to do this then? sudo? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] tar and ownership
Rodney Green wrote: Marek Kilimajer wrote: Rodney Green wrote: Greetings! I'm writing a script that downloads a tarball from an FTP server and unpacks it into a directory. Here's the line of code that does this. exec(tar -C /scripts/ -zxv --preserve-permissions -f . /scripts/mailfiles.tar.gz) or die('Tar failed!'); My problem is that the files' ownership is changed when the tarball is unpacked. I'm executing the script from a web browser and Apache is running as the user apache so the files are unpacked and ownership given to the user apache. How can I make it so the files will keep the original ownerships? This is important because the files are mail files and the script is used to restore the mail files from backup so the users can access them. Only root can change file ownership. Thanks for replying. Any suggestions on how to do this then? Rod Multiple solutions, some better, easier, faster or securer than others - Make a 'cron' script, executing as root, which handles ownerships. - Make a 'cron' script, executing as your own user, that extracts the tarball - Use the suexec wrapper, to change the using user of your virtual host - Run Apache as another user - Make the users member of group 'apache', and give g+r file permissions (group gets read) With some inspiration you can probably come up with a few more, just as I could if I wanted too ;P Good luck! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] echo or print
David T-G wrote: Eugene, et al -- ...and then Eugene Lee said... % % p class=tonue-in-cheek % % Also, the letter 'e' is smaller than 'p', so ASCII-based function % lookups will be faster as well. Most of these speed increases can't be noticed in a small script, where the end is within a few lines, but echo() really works well in larger scripts where the end is far away. In addition, print() only sort of works well in the near case and doesn't work at all in the far case (as demonstrated when trying to throw something printed, such as a book). Finally, echo()ed statements always remain in the proper order, but throwing a bunch of print()s will just get you a big mess on the floor requiring an intelligent sort() to clean up -- and you know how tough it can be to write a quick sort() algorithm! % % /p HTH HAND ;-D Guys, Jay asked a serious question (I think). Anyways, let's take this one step further to something that I've really been wondering about. (.. long bunch of HTML ..) Jay asked ?=$Question?, then Tom said ? echo $Answer; ?. ?php print 'Meanwhile a lot of others read it including '.$Strangers[0].', '.$Strangers[2].', '.$Strangers[3].' and '.$Strangers[4].'.\n; echo After a short while, among others, $Kirk[firstname] {$Kirk[lastname]} also said his things.; ? Point is, which of the inline printing style is preferred by you guyes. I tend to use ?=$Var? a lot, since it reads easier but get into struggles with myself when I do that multiple times in a row. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] FW: [ERR] RE: [PHP] tar and ownership
[EMAIL PROTECTED] wrote: Transmit Report: To: [EMAIL PROTECTED], 402 Local User Inbox Full ([EMAIL PROTECTED]) Is someone able to unsubscribe [EMAIL PROTECTED] .. I'm getting annoyed by all those User inbox full replies. ---BeginMessage--- Rodney Green wrote: Marek Kilimajer wrote: Rodney Green wrote: Greetings! I'm writing a script that downloads a tarball from an FTP server and unpacks it into a directory. Here's the line of code that does this. exec(tar -C /scripts/ -zxv --preserve-permissions -f . /scripts/mailfiles.tar.gz) or die('Tar failed!'); My problem is that the files' ownership is changed when the tarball is unpacked. I'm executing the script from a web browser and Apache is running as the user apache so the files are unpacked and ownership given to the user apache. How can I make it so the files will keep the original ownerships? This is important because the files are mail files and the script is used to restore the mail files from backup so the users can access them. Only root can change file ownership. Thanks for replying. Any suggestions on how to do this then? Rod Multiple solutions, some better, easier, faster or securer than others - Make a 'cron' script, executing as root, which handles ownerships. - Make a 'cron' script, executing as your own user, that extracts the tarball - Use the suexec wrapper, to change the using user of your virtual host - Run Apache as another user - Make the users member of group 'apache', and give g+r file permissions (group gets read) With some inspiration you can probably come up with a few more, just as I could if I wanted too ;P Good luck! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php ---End Message--- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] echo or print
Wouter van Vliet mailto:[EMAIL PROTECTED] on Friday, November 21, 2003 10:55 AM said: Point is, which of the inline printing style is preferred by you guyes. I tend to use ?=$Var? a lot, since it reads easier but get into struggles with myself when I do that multiple times in a row. Because of this I usually do the following: echo phere is some text with a $variable in it.br/\n .And this is another like of text with a $variable1 in it.br/\n .And so on...br/\n .And so forth./p\n; I also prefer ?= $variable ? to ?php echo $variable; ? except that for the sake of cross-system compatibility* I now choose to do ?php echo $variable; ?. Chris. * What I mean by that is if I give my code to someone else I want it to work with as few changes as possible. Some php installs don't have ? ? turned on (short tags?). -- Don't like reformatting your Outlook replies? Now there's relief! http://home.in.tum.de/~jain/software/outlook-quotefix/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] tar and ownership
I think if you are using the Unix Tar Version you can do tar -C /scripts/ -zxv -f ./scripts/mailfiles.tar.gz --owner=REPLACEME --group=REPLACEME -Original Message- From: Wouter van Vliet [mailto:[EMAIL PROTECTED] Sent: Saturday, November 22, 2003 7:42 AM To: 'Rodney Green'; [EMAIL PROTECTED] Subject: RE: [PHP] tar and ownership Rodney Green wrote: Marek Kilimajer wrote: Rodney Green wrote: Greetings! I'm writing a script that downloads a tarball from an FTP server and unpacks it into a directory. Here's the line of code that does this. exec(tar -C /scripts/ -zxv --preserve-permissions -f . /scripts/mailfiles.tar.gz) or die('Tar failed!'); My problem is that the files' ownership is changed when the tarball is unpacked. I'm executing the script from a web browser and Apache is running as the user apache so the files are unpacked and ownership given to the user apache. How can I make it so the files will keep the original ownerships? This is important because the files are mail files and the script is used to restore the mail files from backup so the users can access them. Only root can change file ownership. Thanks for replying. Any suggestions on how to do this then? Rod Multiple solutions, some better, easier, faster or securer than others - Make a 'cron' script, executing as root, which handles ownerships. - Make a 'cron' script, executing as your own user, that extracts the tarball - Use the suexec wrapper, to change the using user of your virtual host - Run Apache as another user - Make the users member of group 'apache', and give g+r file permissions (group gets read) With some inspiration you can probably come up with a few more, just as I could if I wanted too ;P Good luck! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] FW: [ERR] RE: [PHP] tar and ownership
I second that it's annoying CC'ed to List Owner :P -Original Message- From: Wouter van Vliet [mailto:[EMAIL PROTECTED] Sent: Saturday, November 22, 2003 7:57 AM To: 'PHP General list' Subject: [PHP] FW: [ERR] RE: [PHP] tar and ownership [EMAIL PROTECTED] wrote: Transmit Report: To: [EMAIL PROTECTED], 402 Local User Inbox Full ([EMAIL PROTECTED]) Is someone able to unsubscribe [EMAIL PROTECTED] .. I'm getting annoyed by all those User inbox full replies. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] echo or print
Chris W. Parker wrote: Wouter van Vliet mailto:[EMAIL PROTECTED] on Friday, November 21, 2003 10:55 AM said: Point is, which of the inline printing style is preferred by you guyes. I tend to use ?=$Var? a lot, since it reads easier but get into struggles with myself when I do that multiple times in a row. Because of this I usually do the following: echo phere is some text with a $variable in it.br/\n .And this is another like of text with a $variable1 in it.br/\n .And so on...br/\n .And so forth./p\n; I also prefer ?= $variable ? to ?php echo $variable; ? except that for the sake of cross-system compatibility* I now choose to do ?php echo $variable; ?. Chris. * What I mean by that is if I give my code to someone else I want it to work with as few changes as possible. Some php installs don't have ? ? turned on (short tags?). Well, there is an eye opener. I always thought that the ?=$Var? printing style was not influenced by short_open_tag, but now I did a test to be sure about it and it turned out it does.. quick test 1 ?php 2 echo 'ini setting short_open_tag: '.ini_get('short_open_tag'); 3 ? 4 5 Long open tags: ?php print 'OK'; ? 6 Short open tags ? print 'OK'; ? 7 Short print style ?='OK'? output short_open_tags=On ini setting short_open_tag: 1 Long open tags: OK Short open tags OK Short print style OK /output output short_open_tags=Off ini setting short_open_tag: Long open tags: OK Short open tags ? print 'OK'; ? Short print style ?='OK'? /output /quick_test Thanks! Wouter -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] echo or print
On Fri, 21 Nov 2003, Wouter van Vliet wrote: Point is, which of the inline printing style is preferred by you guyes. I tend to use ?=$Var? a lot, since it reads easier but get into struggles with myself when I do that multiple times in a row. Ultimately I think you'd want to be doing very little of any, if you're working with more than a basic, one-page script. Even if you are (gulp) generating your HTML output within functions, it seems better to be returning that back to some level where there are only a couple of echo/prints necessary.. Think output layer... -- Kelly Hallman // Ultrafancy -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] tar and ownership
Nigel Jones wrote: I think if you are using the Unix Tar Version you can do tar -C /scripts/ -zxv -f ./scripts/mailfiles.tar.gz --owner=REPLACEME --group=REPLACEME I sure hope this is NOT possible, since it would be a major security problem. Think for example in terms of the php safe_mode. When you'd do this, you would be able to create files as any user thinkable, and thus well .. Need I go any further. Knowing that 'chown' only lets you change the 'group' part of the ownership to a group you actually belong to FROM files that are owned by yourself and I think even the group part has to mach too. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] FW: [ERR] RE: [PHP] tar and ownership
Nigel Jones mailto:[EMAIL PROTECTED] on Friday, November 21, 2003 11:44 AM said: I second that it's annoying CC'ed to List Owner :P Your best bet is to refuse @hanmir.com altogether. This has been happening for a long time (with different addresses all @hanmir.com) and I imagine it will continue to happen. Chris. -- Don't like reformatting your Outlook replies? Now there's relief! http://home.in.tum.de/~jain/software/outlook-quotefix/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php