php-general Digest 24 Jul 2008 10:08:38 -0000 Issue 5586
Topics (messages 277214 through 277234):
Re: $_ENV or getenv to get bash environmental variables.. change php.ini?? env
vars
277214 by: mike
*****[SPAM(1.8)]*****
277215 by: payne.magi.magidesign.com
277216 by: payne.magi.magidesign.com
Weird issue with PHP5
277217 by: jeff.mills.winsto.net
277218 by: Nathan Nobbe
277219 by: jeff.mills.winsto.net
277220 by: Nathan Nobbe
277221 by: Nathan Nobbe
hash_hmac: Encoding with two different results problem
277222 by: Leon du Plessis
277226 by: Nathan Nobbe
277227 by: Nathan Nobbe
Re: Apache blocking certain requests instead of php
277223 by: Arno Kuhl
277224 by: Chris
277225 by: Børge Holen
277228 by: Arno Kuhl
277229 by: Arno Kuhl
277230 by: Chris
277231 by: Chris
277232 by: Børge Holen
277233 by: Arno Kuhl
277234 by: Per Jessen
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
--- Begin Message ---
On 7/23/08, mindspin311 <[EMAIL PROTECTED]> wrote:
>
> I want to be able to do a getenv('SYMFONY_HOME'); or any env var that I've
> setup in my /etc/bashrc for everyone. But apache obviously doesn't have a
> shell, so it doesn't know about these. only the stuff in $_ENV.
>
> What I want to know is how can I read env vars like ANT_HOME, JAVA_HOME,
> etc.. in php? I just need to be able to read symfony's root path so I can
> stop hard coding it into a config file in the project everytime I deploy to
> a new machine.
i believe you can add it to /etc/profile and restart apache (possibly
need to reboot, not sure) and those are global environment variables
everyone receives, including non-interactive shells and processes.
--- End Message ---
--- Begin Message ---
Spam detection software, running on the system "magi.magidesign.com", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
postmaster for details.
Content preview: Hi, Can someone please point me to a web site with examples
of php being use with the cli sending mail. I need to create a couple scripts
that do that. I have looked on the net and most scripts are for form feed
back. [...]
Content analysis details: (1.8 points, 1.5 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-1.7 ALL_TRUSTED Passed through trusted hosts only via SMTP
1.0 Magi_de Spam from Germany
0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
[score: 0.4208]
2.5 MISSING_SUBJECT Missing Subject: header
--- Begin Message ---
Hi,
Can someone please point me to a web site with examples of php being use
with the cli sending mail. I need to create a couple scripts that do that.
I have looked on the net and most scripts are for form feed back.
Thanks...
Payne
--- End Message ---
--- End Message ---
--- Begin Message ---
Spam detection software, running on the system "magi.magidesign.com", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
postmaster for details.
Content preview: Hi, Can someone please point me to a web site with examples
of php being use with the cli sending mail. I need to create a couple scripts
that do that. I have looked on the net and most scripts are for form feed
back. [...]
Content analysis details: (1.8 points, 1.5 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-1.7 ALL_TRUSTED Passed through trusted hosts only via SMTP
1.0 Magi_de Spam from Germany
0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
[score: 0.4208]
2.5 MISSING_SUBJECT Missing Subject: header
--- Begin Message ---
Hi,
Can someone please point me to a web site with examples of php being use
with the cli sending mail. I need to create a couple scripts that do that.
I have looked on the net and most scripts are for form feed back.
Thanks...
Payne
--- End Message ---
--- End Message ---
--- Begin Message ---
I have a module originally written for PHP-Nuke that I have ported to
CPG-Nuke/DragonFlyCMS.
In PHP4, the page I'm displaying works fine.
In PHP5, it doesn't.
The following link is a screenshot of the page using PHP4:
http://nukeleaguedf.winsto.net/working-php4.jpg
And a screenshot from PHP5:
http://nukeleaguedf.winsto.net/broken-php5.jpg
You can see that the stat lines for the first group (Batters) displays
properly. However, the stat lines for the following groups do not.
I have copied the three offending files into text files:
http://nukeleaguedf.winsto.net/modules/League/index.txt
http://nukeleaguedf.winsto.net/modules/League/util.txt
http://nukeleaguedf.winsto.net/modules/League/classes.txt
Line 1119 of index.txt is where is all begins.
I have tested that the while loop is actually looping 3 times as it should
(once for each group).
Doing a var_dump of $players shows all of the required information.
Line 1126 is the actual line that displays the fields.
I have scoured the code with my limited PHP knowledge, but I can't for the
life of me see why its not working in PHP5.
Perhaps part of the code is incompatible with PHP5, or perhaps its a bug
in PHP5.
Is anyone able to help?
--- End Message ---
--- Begin Message ---
On Wed, Jul 23, 2008 at 10:45 PM, <[EMAIL PROTECTED]> wrote:
>
> I have a module originally written for PHP-Nuke that I have ported to
> CPG-Nuke/DragonFlyCMS.
>
> In PHP4, the page I'm displaying works fine.
> In PHP5, it doesn't.
>
> The following link is a screenshot of the page using PHP4:
> http://nukeleaguedf.winsto.net/working-php4.jpg
>
> And a screenshot from PHP5:
> http://nukeleaguedf.winsto.net/broken-php5.jpg
>
> You can see that the stat lines for the first group (Batters) displays
> properly. However, the stat lines for the following groups do not.
>
> I have copied the three offending files into text files:
> http://nukeleaguedf.winsto.net/modules/League/index.txt
> http://nukeleaguedf.winsto.net/modules/League/util.txt
> http://nukeleaguedf.winsto.net/modules/League/classes.txt
>
> Line 1119 of index.txt is where is all begins.
> I have tested that the while loop is actually looping 3 times as it should
> (once for each group).
> Doing a var_dump of $players shows all of the required information.
>
> Line 1126 is the actual line that displays the fields.
>
> I have scoured the code with my limited PHP knowledge, but I can't for the
> life of me see why its not working in PHP5.
> Perhaps part of the code is incompatible with PHP5, or perhaps its a bug
> in PHP5.
> Is anyone able to help?
thats a decent bit of code to pick through, jeff. glancing at index.txt,
the code looks pretty straight forward, and by that i mean that it doesnt
look like theres anything that shouldnt work in php5.
if i were to guess, i would suspect an environmental issue. you should
ensure that all the extensions you had in php4 are there in php5. you can
do this by writing a simple script, phpinfo.php
<?php
die(phpinfo());
you should run this in both the php4, and php5 environments and make sure
things look essentially identical. as well, there are a few things that
changed in php5, here is a helpful reference from the manual that will give
you things to look out for,
http://www.php.net/manual/en/faq.migration5.php
another thing i would recommend to weed out any environmental issues is to
configure error_reporting to show everything. so (depending on your version
of php5) if youre using the latest version, your php.ini file should have
something like this
display_errors = On
error_reporting = E_ALL
on older versions of php5, you would have to tweak the error reporting to
also display E_STRICT errors, i doubt thats your problem, but i thought to
mention it.
something else that might be helpful would be setting up a debugger, such as
xdebug + protoeditor. i can help you through the configuration if you
want. this will allow you to set breakpoints and step through the code,
line-by-line if you wish, which could also help you isolate the problem more
quickly.
-nathan
--- End Message ---
--- Begin Message ---
>
> thats a decent bit of code to pick through, jeff. glancing at index.txt,
> the code looks pretty straight forward, and by that i mean that it doesnt
> look like theres anything that shouldnt work in php5.
>
> if i were to guess, i would suspect an environmental issue. you should
> ensure that all the extensions you had in php4 are there in php5. you can
> do this by writing a simple script, phpinfo.php
>
> <?php
> die(phpinfo());
>
> you should run this in both the php4, and php5 environments and make sure
> things look essentially identical. as well, there are a few things that
> changed in php5, here is a helpful reference from the manual that will
> give
> you things to look out for,
>
> http://www.php.net/manual/en/faq.migration5.php
>
> another thing i would recommend to weed out any environmental issues is to
> configure error_reporting to show everything. so (depending on your
> version
> of php5) if youre using the latest version, your php.ini file should have
> something like this
>
> display_errors = On
> error_reporting = E_ALL
>
> on older versions of php5, you would have to tweak the error reporting to
> also display E_STRICT errors, i doubt thats your problem, but i thought to
> mention it.
>
> something else that might be helpful would be setting up a debugger, such
> as
> xdebug + protoeditor. i can help you through the configuration if you
> want. this will allow you to set breakpoints and step through the code,
> line-by-line if you wish, which could also help you isolate the problem
> more
> quickly.
>
> -nathan
>
Hi Nathan,
it sure is a lot of code to work through. Its been driving me insane for
the last couple of days.
phpinfo on the same server when switching from php4 to php5 shows only a
few differences.
There is one different module in each version:
PHP Version 4.4.8_pre20070816-pl0-gentoo
- sapi_apache2
PHP Version 5.2.6RC4-pl0-gentoo
- mod_php5
I've saved the phpinfo pages.
http://nukeleaguedf.winsto.net/phpinfo/phpinfov4.htm
http://nukeleaguedf.winsto.net/phpinfo/phpinfov5.htm
I'm currently installing xdebug, but I don't see protoeditor in my Linux
distro. Is it available for download?
Configuration help would be great, thank you.
--- End Message ---
--- Begin Message ---
On Wed, Jul 23, 2008 at 11:43 PM, <[EMAIL PROTECTED]> wrote:
>
> >
> > thats a decent bit of code to pick through, jeff. glancing at index.txt,
> > the code looks pretty straight forward, and by that i mean that it doesnt
> > look like theres anything that shouldnt work in php5.
> >
> > if i were to guess, i would suspect an environmental issue. you should
> > ensure that all the extensions you had in php4 are there in php5. you
> can
> > do this by writing a simple script, phpinfo.php
> >
> > <?php
> > die(phpinfo());
> >
> > you should run this in both the php4, and php5 environments and make sure
> > things look essentially identical. as well, there are a few things that
> > changed in php5, here is a helpful reference from the manual that will
> > give
> > you things to look out for,
> >
> > http://www.php.net/manual/en/faq.migration5.php
> >
> > another thing i would recommend to weed out any environmental issues is
> to
> > configure error_reporting to show everything. so (depending on your
> > version
> > of php5) if youre using the latest version, your php.ini file should have
> > something like this
> >
> > display_errors = On
> > error_reporting = E_ALL
> >
> > on older versions of php5, you would have to tweak the error reporting to
> > also display E_STRICT errors, i doubt thats your problem, but i thought
> to
> > mention it.
> >
> > something else that might be helpful would be setting up a debugger, such
> > as
> > xdebug + protoeditor. i can help you through the configuration if you
> > want. this will allow you to set breakpoints and step through the code,
> > line-by-line if you wish, which could also help you isolate the problem
> > more
> > quickly.
> >
> > -nathan
> >
>
> Hi Nathan,
> it sure is a lot of code to work through. Its been driving me insane for
> the last couple of days.
> phpinfo on the same server when switching from php4 to php5 shows only a
> few differences.
> There is one different module in each version:
> PHP Version 4.4.8_pre20070816-pl0-gentoo
> - sapi_apache2
> PHP Version 5.2.6RC4-pl0-gentoo
> - mod_php5
>
gentoo, hell yea bro, youre in good company!
I've saved the phpinfo pages.
> http://nukeleaguedf.winsto.net/phpinfo/phpinfov4.htm
> http://nukeleaguedf.winsto.net/phpinfo/phpinfov5.htm
meh, as long as you stuck w/ the same use flags there likely arent any
extensions youre missing, but maybe..
I'm currently installing xdebug, but I don't see protoeditor in my Linux
> distro. Is it available for download?
its not even in portage atm, youll have to build from source, but i can
prolly help out there. heres the download page:
http://sourceforge.net/project/showfiles.php?group_id=129439
ill hit you back in a few w/ the configure options i used to build it. btw,
im using kde, if you dont have that, youll likely have to pull down kdebase
as protoeditor is built atop the kate libs (which use kde of course).
>
> Configuration help would be great, thank you.
it might be a little rough w/o getting a look at ur source, but we can
probly figure it out. are you running apache locally, or on a separate
box? if its on another box, youll have to install xdebug on that system.
as well, youll have to have php setup on your local box, and a copy of the
source of course. i recommend setting up apache locally for this if you
can, cause it makes things a lot easier, but either way we can noc it out ;)
-nathan
btw.
the protoeditor homepage is like mad borked, ill fire off a mail to thiago.
--- End Message ---
--- Begin Message ---
On Thu, Jul 24, 2008 at 12:07 AM, Nathan Nobbe <[EMAIL PROTECTED]>wrote:
> On Wed, Jul 23, 2008 at 11:43 PM, <[EMAIL PROTECTED]> wrote:
>
>>
>> >
>> > thats a decent bit of code to pick through, jeff. glancing at
>> index.txt,
>> > the code looks pretty straight forward, and by that i mean that it
>> doesnt
>> > look like theres anything that shouldnt work in php5.
>> >
>> > if i were to guess, i would suspect an environmental issue. you should
>> > ensure that all the extensions you had in php4 are there in php5. you
>> can
>> > do this by writing a simple script, phpinfo.php
>> >
>> > <?php
>> > die(phpinfo());
>> >
>> > you should run this in both the php4, and php5 environments and make
>> sure
>> > things look essentially identical. as well, there are a few things that
>> > changed in php5, here is a helpful reference from the manual that will
>> > give
>> > you things to look out for,
>> >
>> > http://www.php.net/manual/en/faq.migration5.php
>> >
>> > another thing i would recommend to weed out any environmental issues is
>> to
>> > configure error_reporting to show everything. so (depending on your
>> > version
>> > of php5) if youre using the latest version, your php.ini file should
>> have
>> > something like this
>> >
>> > display_errors = On
>> > error_reporting = E_ALL
>> >
>> > on older versions of php5, you would have to tweak the error reporting
>> to
>> > also display E_STRICT errors, i doubt thats your problem, but i thought
>> to
>> > mention it.
>> >
>> > something else that might be helpful would be setting up a debugger,
>> such
>> > as
>> > xdebug + protoeditor. i can help you through the configuration if you
>> > want. this will allow you to set breakpoints and step through the code,
>> > line-by-line if you wish, which could also help you isolate the problem
>> > more
>> > quickly.
>> >
>> > -nathan
>> >
>>
>> Hi Nathan,
>> it sure is a lot of code to work through. Its been driving me insane for
>> the last couple of days.
>> phpinfo on the same server when switching from php4 to php5 shows only a
>> few differences.
>> There is one different module in each version:
>> PHP Version 4.4.8_pre20070816-pl0-gentoo
>> - sapi_apache2
>> PHP Version 5.2.6RC4-pl0-gentoo
>> - mod_php5
>>
>
> gentoo, hell yea bro, youre in good company!
>
> I've saved the phpinfo pages.
>> http://nukeleaguedf.winsto.net/phpinfo/phpinfov4.htm
>> http://nukeleaguedf.winsto.net/phpinfo/phpinfov5.htm
>
>
> meh, as long as you stuck w/ the same use flags there likely arent any
> extensions youre missing, but maybe..
>
> I'm currently installing xdebug, but I don't see protoeditor in my Linux
>> distro. Is it available for download?
>
>
> its not even in portage atm, youll have to build from source, but i can
> prolly help out there. heres the download page:
>
> http://sourceforge.net/project/showfiles.php?group_id=129439
>
> ill hit you back in a few w/ the configure options i used to build it.
> btw, im using kde, if you dont have that, youll likely have to pull down
> kdebase as protoeditor is built atop the kate libs (which use kde of
> course).
>
>
>>
>> Configuration help would be great, thank you.
>
>
> it might be a little rough w/o getting a look at ur source, but we can
> probly figure it out. are you running apache locally, or on a separate
> box? if its on another box, youll have to install xdebug on that system.
> as well, youll have to have php setup on your local box, and a copy of the
> source of course. i recommend setting up apache locally for this if you
> can, cause it makes things a lot easier, but either way we can noc it out ;)
>
> -nathan
>
> btw.
> the protoeditor homepage is like mad borked, ill fire off a mail to thiago.
>
>
>
ok, so heres the process to install protoeditor.
1. unpack the source, cd into the unpacked directory.
2. ./configure --prefix=/usr/kde/3.5/ --without-arts --enable-debug=full
3. make && make install
you can also pass the --enable-kate-plugin option to configure, if you want
to build it as a plugin for kate, which is pretty nice. but i always found
it easier to build as a standalone app, just to get the hang of it at first,
then come back and build it into kate.
on the xdebug side (and this will be gentoo-centric, since thats what youre
running)
1. edit /etc/php/apache2-php5/ext/xdebug.ini
enable the following lines
xdebug.remote_enable="1"
xdebug.remote_handler="dbgp"
* xdebug.remote_host="10.0.1.6"
xdebug.remote_mode="req"
xdebug.remote_mode="hit"
xdebug.remote_port="9000"
xdebug.remote_autostart="1"
you see ive put a star by xdebug.remote_host, youll need to set that to the
host of your client box, and if its the same one running apache, it would be
127.0.0.1 (obviously :D). anyway, if apache is on a different box, that
system will need to be able to send requests to your development system on
port 9000, unless you change xdebug.remote_port, but either way, the server
needs to have access to the client system.
2. smylink the extension into ext-active,
sudo ln -snf /etc/php/apache2-php5/ext/xdebug.ini
/etc/php/apache2-php5/ext-active/xdebug.ini
3. restart apache
4. (optional) i recommend using firefox on your development system, there is
a nice little add-on you can get for xdebug,
https://addons.mozilla.org/en-US/firefox/addon/3960
that seems to help xdebug along when navigating from page to page.
anyway, after all that youll have to launch protoeditor, and then configure
a site in it. go to setttings -> configure protoeditor. youll see tabs for
different debuggers. under the xdebug tab, check the 'Enable JIT' option.
then click the sites in the left hand pane and add a new site. in here
youll have to set a url and map the location of the source on your client
box to the location of the source on the server. if these are the same
system, this is super-easy, cause the paths are exactly the same. anyway,
what you want to do here, is on this initial screen, put the path to the
base of your source code on both the client and server. if there are other
entry points, for example if you have a vhost pointing to a subdirectory of
this code, you need to hit the 'Mappings' tab, and add those paths
accordingly for both file and server filesystems.
once you have all that setup, you should be pretty much ready. you just
click that little icon at the bottom of ff w/ protoeditor running and *it
should* jump you into a debug session when you pull up a page from your
site.
-nathan
--- End Message ---
--- Begin Message ---
hi,
I hope this is the right group for this type of problem:
I am using hash_hmac to provide me with a sha1 encoded hash string. The
problem is as follows:
$hash = hash_hmac('sha1',
'030B6A05696E657400C54601C60001550187360603773500018707060373796E63000187340603687474703A2F2F7777772E73796E632E636F6D2F73796E630001C65901873A06032E2F636F6E7461637473000187070603436F6E74616374732044420001872E0603746578742F782D7663617264000101C6570187310603757365726E616D6500018732060370617373776F72640001010101',
'1234');
Note: it is important the key to use during encoding id 1234 for this
example.
Result:
eb38ffd597c6d1e01cd24a0e46dff426354510fe
Using a hash calculator from slavasoft also yields this result, which
indicate the encoding is fine.
eb38ffd597c6d1e01cd24a0e46dff426354510fe
However, Slavasoft's calculator has an option to provide the string as Text
or Hex.
Selecting "hex" yields this result:
9f9be99ea5bf5ba009af0a5c12021f420cb27652 ....and this is the string I
need!!!
So either hash_hmac function needs a way to let it know the string is of
type hex....or the string itself needs to be converted. I have tried some
conversions on the string but to no avail.
Anyone have any thoughts?
--- End Message ---
--- Begin Message ---
On Thu, Jul 24, 2008 at 12:50 AM, Leon du Plessis <[EMAIL PROTECTED]> wrote:
> hi,
> I hope this is the right group for this type of problem:
>
> I am using hash_hmac to provide me with a sha1 encoded hash string. The
> problem is as follows:
>
> $hash = hash_hmac('sha1',
>
> '030B6A05696E657400C54601C60001550187360603773500018707060373796E63000187340603687474703A2F2F7777772E73796E632E636F6D2F73796E630001C65901873A06032E2F636F6E7461637473000187070603436F6E74616374732044420001872E0603746578742F782D7663617264000101C6570187310603757365726E616D6500018732060370617373776F72640001010101',
> '1234');
>
> Note: it is important the key to use during encoding id 1234 for this
> example.
>
> Result:
> eb38ffd597c6d1e01cd24a0e46dff426354510fe
>
> Using a hash calculator from slavasoft also yields this result, which
> indicate the encoding is fine.
> eb38ffd597c6d1e01cd24a0e46dff426354510fe
>
> However, Slavasoft's calculator has an option to provide the string as Text
> or Hex.
>
> Selecting "hex" yields this result:
> 9f9be99ea5bf5ba009af0a5c12021f420cb27652 ....and this is the string I
> need!!!
>
> So either hash_hmac function needs a way to let it know the string is of
> type hex....or the string itself needs to be converted. I have tried some
> conversions on the string but to no avail.
> Anyone have any thoughts?
gotchu covered ;)
found this on the web:
http://www.pgregg.com/projects/php/code/hexstr.phps
so then,
<?php
function hexstr($hexstr) {
$hexstr = str_replace(' ', '', $hexstr);
$retstr = pack('H*', $hexstr);
return $retstr;
}
$hash = hash_hmac('sha1', hexstr(
'030B6A05696E657400C54601C60001550187360603773500018707060373796E63000187340603687474703A2F2F7777772E73796E632E636F6D2F73796E630001C65901873A06032E2F636F6E7461637473000187070603436F6E74616374732044420001872E0603746578742F782D7663617264000101C6570187310603757365726E616D6500018732060370617373776F72640001010101'),
'1234');
echo $hash;
?>
produc
--- End Message ---
--- Begin Message ---
On Thu, Jul 24, 2008 at 1:21 AM, Nathan Nobbe <[EMAIL PROTECTED]>wrote:
> On Thu, Jul 24, 2008 at 12:50 AM, Leon du Plessis <[EMAIL PROTECTED]> wrote:
>
>> hi,
>> I hope this is the right group for this type of problem:
>>
>> I am using hash_hmac to provide me with a sha1 encoded hash string. The
>> problem is as follows:
>>
>> $hash = hash_hmac('sha1',
>>
>> '030B6A05696E657400C54601C60001550187360603773500018707060373796E63000187340603687474703A2F2F7777772E73796E632E636F6D2F73796E630001C65901873A06032E2F636F6E7461637473000187070603436F6E74616374732044420001872E0603746578742F782D7663617264000101C6570187310603757365726E616D6500018732060370617373776F72640001010101',
>> '1234');
>>
>> Note: it is important the key to use during encoding id 1234 for this
>> example.
>>
>> Result:
>> eb38ffd597c6d1e01cd24a0e46dff426354510fe
>>
>> Using a hash calculator from slavasoft also yields this result, which
>> indicate the encoding is fine.
>> eb38ffd597c6d1e01cd24a0e46dff426354510fe
>>
>> However, Slavasoft's calculator has an option to provide the string as
>> Text
>> or Hex.
>>
>> Selecting "hex" yields this result:
>> 9f9be99ea5bf5ba009af0a5c12021f420cb27652 ....and this is the string I
>
>
>> need!!!
>>
>> So either hash_hmac function needs a way to let it know the string is of
>> type hex....or the string itself needs to be converted. I have tried some
>> conversions on the string but to no avail.
>> Anyone have any thoughts?
>
>
> gotchu covered ;)
>
> found this on the web:
>
> http://www.pgregg.com/projects/php/code/hexstr.phps
>
> so then,
>
> <?php
>
> function hexstr($hexstr) {
> $hexstr = str_replace(' ', '', $hexstr);
> $retstr = pack('H*', $hexstr);
> return $retstr;
> }
>
> $hash = hash_hmac('sha1', hexstr(
>
> '030B6A05696E657400C54601C60001550187360603773500018707060373796E63000187340603687474703A2F2F7777772E73796E632E636F6D2F73796E630001C65901873A06032E2F636F6E7461637473000187070603436F6E74616374732044420001872E0603746578742F782D7663617264000101C6570187310603757365726E616D6500018732060370617373776F72640001010101'),
> '1234');
>
> echo $hash;
> ?>
>
> produc
>
>
damnit, its late, so im going to take the liberty to post a follow-up
message to finish that last one off;
(the code from the previous post) produces
9f9be99ea5bf5ba009af0a5c12021f420cb27652
-nathan
--- End Message ---
--- Begin Message ---
> I'm getting a lot of bogus requsts in the form of
> "index.php?id=http://64.15.67.17/~babysona/logo.jpg?";, sometimes more
> than a hundred a day per domain. The php script catches it, logs the
> request, sends an email report and replies with "access denied", but
> it takes processing which I'd rather not have php busy with. (The php
> script rejects anything where id=something_not_numeric.) Is there a
> way for apache to catch these requests before passing it to php? Is it
> more efficient for apache to handle this than php?
>
> Arno
>
Yes, in Apache turn off userdir access
In your httpd.conf file do this.
UserDir disabled
That way it will not process url that starts with a tildy ~...
That should take care of it. Apache should then only report a 404 error to
the error log for the given virtual host.
--
Thanks for the reply. Is that correct htough? I always thought in the
example
http://mysite.com/index.php?id=http://64.15.67.17/~babysona/logo.jpg?
the url started with index.php...
Most the requests though look more like
http://mysite.com/index.php?id=http://calebsbirth.pisem.su/caleb.htm?
without the tilde.
I was hoping there's a way to tell apache to block requests where
id=non_numeric.
Cheers
Arno
--- End Message ---
--- Begin Message ---
> I was hoping there's a way to tell apache to block requests where
> id=non_numeric.
It's trying to do a remote inclusion.
It's easy for you to fix in php:
if (isset($_GET['id'])) {
if (!is_numeric($_GET['id'])) {
die("Die hacker die!");
}
}
I'm sure there would be a way to do it with ModRewrite or something but
it's 5 lines of code in php so I'd do it there *shrug*.
--
Postgresql & php tutorials
http://www.designmagick.com/
--- End Message ---
--- Begin Message ---
On Thursday 24 July 2008 09:14:55 Chris wrote:
> > I was hoping there's a way to tell apache to block requests where
> > id=non_numeric.
>
> It's trying to do a remote inclusion.
>
> It's easy for you to fix in php:
>
> if (isset($_GET['id'])) {
> if (!is_numeric($_GET['id'])) {
> die("Die hacker die!");
thats sudden! ;)
> }
> }
>
> I'm sure there would be a way to do it with ModRewrite or something but
> it's 5 lines of code in php so I'd do it there *shrug*.
>
> --
> Postgresql & php tutorials
> http://www.designmagick.com/
--
---
Børge Holen
http://www.arivene.net
--- End Message ---
--- Begin Message ---
> Is there a
> way for apache to catch these requests before passing it to php? Is it
> more efficient for apache to handle this than php?
2 x yes. I think you could probably use <LocationMatch> and ban all access
with "Deny from all".
/Per Jessen, Zürich
--
Thanks for replying Per. Isn't "Deny from all" more to do with apache
accessing local files on my server? These images aren't on my server, and
the requests aren't trying to access images on my server. What I see are
requests using the php script on my server to try access an image file (or
html or txt or php) on someone else's server. I was hoping there's a way to
tell apache to block requests where id=non_numeric.
Cheers
Arno
--- End Message ---
--- Begin Message ---
> I was hoping there's a way to tell apache to block requests where
> id=non_numeric.
It's trying to do a remote inclusion.
It's easy for you to fix in php:
if (isset($_GET['id'])) {
if (!is_numeric($_GET['id'])) {
die("Die hacker die!");
}
}
I'm sure there would be a way to do it with ModRewrite or something but it's
5 lines of code in php so I'd do it there *shrug*.
--
Thanks, I'm already doing something like that, but I want to stop it getting
to php.
Cheers
Arno
--- End Message ---
--- Begin Message ---
Børge Holen wrote:
> On Thursday 24 July 2008 09:14:55 Chris wrote:
>>> I was hoping there's a way to tell apache to block requests where
>>> id=non_numeric.
>> It's trying to do a remote inclusion.
>>
>> It's easy for you to fix in php:
>>
>> if (isset($_GET['id'])) {
>> if (!is_numeric($_GET['id'])) {
>> die("Die hacker die!");
>
> thats sudden! ;)
ok maybe a bit harsh :P
stop hacker stop ?
;)
--
Postgresql & php tutorials
http://www.designmagick.com/
--- End Message ---
--- Begin Message ---
> Thanks, I'm already doing something like that, but I want to stop it getting
> to php.
http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html
Ask on an apache list how to use it.
--
Postgresql & php tutorials
http://www.designmagick.com/
--- End Message ---
--- Begin Message ---
On Thursday 24 July 2008 09:38:57 Chris wrote:
> Børge Holen wrote:
> > On Thursday 24 July 2008 09:14:55 Chris wrote:
> >>> I was hoping there's a way to tell apache to block requests where
> >>> id=non_numeric.
> >>
> >> It's trying to do a remote inclusion.
> >>
> >> It's easy for you to fix in php:
> >>
> >> if (isset($_GET['id'])) {
> >> if (!is_numeric($_GET['id'])) {
> >> die("Die hacker die!");
> >
> > thats sudden! ;)
>
> ok maybe a bit harsh :P
>
> stop hacker stop ?
I prefer die("");
it leaves a bit unsatisfaction for whoever generates the blank page
>
> ;)
>
> --
> Postgresql & php tutorials
> http://www.designmagick.com/
--
---
Børge Holen
http://www.arivene.net
--- End Message ---
--- Begin Message ---
Hi Arno
No, when you use <Location> it's not filesystem specific any more. But I've
just found out that you can't match on the query-string.
> These images aren't on my server, and
> the requests aren't trying to access images on my server. What I see
> are requests using the php script on my server to try access an image
> file (or html or txt or php) on someone else's server. I was hoping
> there's a way to tell apache to block requests where id=non_numeric.
I think you'll have to use URL rewriting.
Try this:
http://jessen.ch/arnokuhl?id=nonnumeric
That should give you a 403.
http://jessen.ch/arnokuhl?id=9999
Should give you a print_r() output.
This is the rewrite config:
RewriteEngine on
RewriteCond %{QUERY_STRING} id=[^0-9]+
RewriteRule (/arnokuhl.*) $1 [f]
HTH
Per
------------------------
Many thanks for all your effort and help Per. That's exactly what I was
trying to achieve.
Cheers
Arno
--- End Message ---
--- Begin Message ---
Chris wrote:
> I'm sure there would be a way to do it with ModRewrite or something
> but it's 5 lines of code in php so I'd do it there *shrug*.
See my reply to Arno - in Apache it's only 2 lines of config. :-)
/Per Jessen, Zürich
--- End Message ---
![http://64.15.67.17/~babysona/logo.jpg?"](http://64.15.67.17/~babysona/logo.jpg?"){kind=link}
