php-general Digest 21 Dec 2004 09:57:09 -0000 Issue 3182
Topics (messages 204766 through 204797):
Re: Very Odd Session Array Problem
204766 by: Aaron Axelsen
204769 by: Jason Barnett
Re: Setting or Getting Relative Path for PHP Includes
204767 by: Jason Wong
204768 by: phpninja
204771 by: Jason Barnett
204780 by: Jordi Canals
Re: Install PHP4 on a Apache2 + PHP5 system
204770 by: Joshua D. Drake
204775 by: Rick Fletcher
can I compile php source
204772 by: QT
204773 by: Jason Barnett
204776 by: John Nichel
204777 by: Michael Leung
204784 by: Bruce Douglas
204786 by: John Nichel
Re: Accessing a Char in an Array
204774 by: Jason Barnett
Re: checking file type on upload
204778 by: Marek Kilimajer
Re: An object oriented database in PHP?
204779 by: Manuel Lemos
imap_mail problems
204781 by: Paul Aviles
204782 by: Jonathan
Re: script PHP to detect IP address
204783 by: welly limston
How can I write number into a execel file with COM.
204785 by: shimuqiheb.abchina.com
Encryption
204787 by: Darren Wheatley
204792 by: Darren Wheatley
php terminal.
204788 by: adwin wijaya
204791 by: Mike
Help wth coding
204789 by: karl james
204796 by: M. Sokolewicz
Help with code#2
204790 by: karl james
Error with system() when running convert
204793 by: Jonathan Schwarz
204794 by: Jonathan Schwarz
Re: sanitizing/security
204795 by: Chris Shiflett
Nameserver checking ?
204797 by: Dave Carrera
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
--- Begin Message ---
I understand the recursion part, but i dont understand why this fixes it:
$quoteString = implode(",",$_SESSION['quotes'][$key]);
$_SESSION['quotes'][$key] = explode(",",$quoteString);
That is essentially just reading the values out, and sticking them back in.
Jason Barnett wrote:
> If i dont do that, when i do a print_r($_SESSION['quotes'][$key]) i
get
errors that say RECURSION and its almost like the arrays are making new
If you have a SESSION['quotes'] array... and one of the elements in
the array references the same SESSION['quotes'] array... then you are
going to have recursion. It's not exactly an error, but it *is* a
recursive array that never ends because it keeps pointing to itself.
Hopefully this makes sense?
--
Aaron Axelsen
[EMAIL PROTECTED]
Great hosting, low prices. Modevia Web Services LLC -- http://www.modevia.com
--- End Message ---
--- Begin Message ---
Aaron Axelsen wrote:
I understand the recursion part, but i dont understand why this fixes it:
$quoteString = implode(",",$_SESSION['quotes'][$key]);
$_SESSION['quotes'][$key] = explode(",",$quoteString);
That is essentially just reading the values out, and sticking them back in.
As already stated, your items seem to be self-referencing. It would
appear that this process is inserting the *values* of those referenced
cells into the quotes array instead of inserting references to the array
itself. Sort of like a paste special -> values with Excel if that helps
you.
--- End Message ---
--- Begin Message ---
On Tuesday 21 December 2004 04:41, Anthony Baker wrote:
> Either that, or is there a way to call this variable from the server
> itself so that it's automatically -- and correctly -- set?
Use a combination of one or more items from $_SERVER.
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
------------------------------------------
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-general
------------------------------------------
/*
"I think if you say you're going to do something and don't do it, that's
trustworthiness."
George W. Bush
August 30, 2000
From an CNN online chat.
*/
--- End Message ---
--- Begin Message ---
I usually use a global variables file included in every page and map
my directories that way.. example, have the file you include on each
page have these line of code in it:
<?php
$GLOBALS['images'] = "/images/";
$GLOBALS['inc''] = "/incl/";
?>
then those directories are mapped, all you have to do is use it this
way, I chose images and and include directory for an example
to use it for an image
<img src="<?= $GLOBALS['images'] ?>whatever.jpg">
To do includes for a stylesheet or somethin:
<link href="<?= $GLOBALS['inc'] ?>style.css" type="text/css" rel="stylesheet">:
-phpninja
-----Original Message-----
From: Anthony Baker [mailto:[EMAIL PROTECTED]
Sent: Monday, December 20, 2004 12:41 PM
To: [EMAIL PROTECTED]
Subject: [PHP] Setting or Getting Relative Path for PHP Includes
Hey Folks,
Hoping someone can aid me with a newbie-ish question.
I often use PHP includes in my files to pull in assets, but I hard code
the relative path to the root html directory for the sites that I'm
working on in each file. Example below:
<?php
$path = '/home/virtual/sitename.com/var/www/html/';
//relative path to the root directory
$inc_path = $path . 'code/inc/';
//path and folder the code includes folder is located
$copy_path = $path . 'copy/';
//path and folder the copy is located
?>
I'd like to be able to set the relative path as a global variable from
an external file so that I can modify one line of code to change the
relative path across the site. This will allow me for easier coding in
staging and development environments.
What's the best way to do so? Can anyone provide a code example?
Either that, or is there a way to call this variable from the server
itself so that it's automatically -- and correctly -- set?
Thanks,
Anthony
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
As already suggested there are $_SERVER variables that can assist you
here. Although if you plan on having an include file that will be
included by every script in your site you could also use the __FILE__
constant. In your case the following would work:
// main.inc.php, located in /home/virtual/sitename.com/var/www/html/
$path = dirname(__FILE__) . '/';
// now all relative includes with $path prefix should correctly resolve
// to absolute pathnames
--- End Message ---
--- Begin Message ---
Can use a directive on your .htaccess:
php_value include_path /your/include/path/here
This can also be set on your httd.conf in a virtual server basis. If
you have access to php.ini is better to set the include there.
Regards,
Jordi.
On Mon, 20 Dec 2004 12:41:06 -0800, Anthony Baker
<[EMAIL PROTECTED]> wrote:
> Hey Folks,
>
> Hoping someone can aid me with a newbie-ish question.
>
> I often use PHP includes in my files to pull in assets, but I hard code
> the relative path to the root html directory for the sites that I'm
> working on in each file. Example below:
>
> <?php
> $path = '/home/virtual/sitename.com/var/www/html/';
> //relative path to the root directory
> $inc_path = $path . 'code/inc/';
> //path and folder the code includes folder is located
> $copy_path = $path . 'copy/';
> //path and folder the copy is located
> ?>
>
> I'd like to be able to set the relative path as a global variable from
> an external file so that I can modify one line of code to change the
> relative path across the site. This will allow me for easier coding in
> staging and development environments.
>
> What's the best way to do so? Can anyone provide a code example?
>
> Either that, or is there a way to call this variable from the server
> itself so that it's automatically -- and correctly -- set?
>
> Thanks,
>
> Anthony
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--- End Message ---
--- Begin Message ---
Rens Admiraal wrote:
Hi guys,
I have a server on which Apache2 and PHP5 are functioning well, but I
also want to build in support for PHP4 because the webmail package I
use isn't compatible with PHP5... So, I need to install PHP4 next to
PHP5, and make my <Directory> in httpd.include use PHP4 for my webmail
directory...
Any idears how to install this 2 PHP versions together, and let it
work? It is a server I didn't install myself, and for who knows, Plesk
7.0.4 is installed on it, so I'm not completely free to try things...
I allready did some things, but till now without results...
Use mod_proxy with apache2 to call a separate apache2-php4 installation.
OS: Redhat ES3
my PHP5 configure options are:
'./configure' '--host=i686-redhat-linux-gnu'
'--build=i686-redhat-linux-gnu' '--target=i386-redhat-linux-gnu'
'--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr'
'--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc'
'--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib'
'--libexecdir=/usr/libexec' '--localstatedir=/var'
'--sharedstatedir=/usr/com' '--mandir=/usr/share/man'
'--infodir=/usr/share/info' '--cache-file=../config.cache'
'--with-config-file-path=/etc'
'--with-config-file-scan-dir=/etc/php.d' '--disable-debug'
'--enable-pic' '--disable-rpath' '--enable-inline-optimization'
'--with-bz2' '--with-db4=/usr' '--with-curl' '--with-dom=/usr'
'--with-exec-dir=/usr/bin' '--with-freetype-dir=/usr'
'--with-png-dir=/usr' '--with-gd' '--enable-gd-native-ttf'
'--with-ttf' '--with-gdbm' '--with-gettext' '--with-ncurses'
'--with-gmp' '--with-iconv' '--with-jpeg-dir=/usr' '--with-openssl'
'--with-png' '--with-pspell' '--with-regex=system' '--with-xml'
'--with-expat-dir=/usr' '--with-dom' '--with-domxml' '--with-xmlrpc'
'--with-pcre=/usr' '--with-zlib' '--with-layout=GNU' '--enable-bcmath'
'--enable-exif' '--enable-ftp' '--enable-magic-quotes'
'--enable-sockets' '--enable-track-vars' '--enable-trans-sid'
'--with-pear=/usr/share/pear' '--with-imap=shared' '--with-imap-ssl'
'--with-kerberos=/usr/kerberos' '--with-ldap=shared'
'--with-mysql=shared,/usr' '--with-pgsql=shared' '--enable-bcmath'
'--enable-versioning' '--enable-calendar' '--enable-dbx'
'--enable-dio' '--enable-mbregex' '--enable-mcal' '--with-mhash='
'--with-mcrypt=/usr/local' '--with-apxs2filter=/usr/sbin/apxs'
--
Command Prompt, Inc., home of Mammoth PostgreSQL - S/ODBC and S/JDBC
Postgresql support, programming shared hosting and dedicated hosting.
+1-503-667-4564 - [EMAIL PROTECTED] - http://www.commandprompt.com
PostgreSQL Replicator -- production quality replication for PostgreSQL
--- End Message ---
--- Begin Message ---
I have a server on which Apache2 and PHP5 are functioning well, but I
also want to build in support for PHP4 because the webmail package I use
isn't compatible with PHP5... So, I need to install PHP4 next to PHP5,
and make my <Directory> in httpd.include use PHP4 for my webmail
directory...
I've never run this setup myself, but I just test this out and it worked
for me. (I put it inside a VirtualHost, but you should be ok to put it
in the Default server context too)
# set up an alias to the php4 cgi binary
ScriptAlias /cgi-bin/php4 /path/to/php4cgi
# i want files in http://example.com/mail/ to be parsed with php4
<Location /mail/>
Action php4-script /cgi-bin/php4
AddHandler php4-script .php
</Location>
You could use <Directory> too, but give it a file path, not a url.
--Rick
--- End Message ---
--- Begin Message ---
hi,
is there any way to compile php source to make binary file for protecting
source code?
best regards
--- End Message ---
--- Begin Message ---
Qt wrote:
hi,
is there any way to compile php source to make binary file for protecting
source code?
best regards
Yes.
--- End Message ---
--- Begin Message ---
QT wrote:
hi,
is there any way to compile php source to make binary file for protecting
source code?
best regards
Yes.
http://www.catb.org/~esr/faqs/smart-questions.html
--
By-Tor.com
...it's all about the Rush
http://www.by-tor.com
--- End Message ---
--- Begin Message ---
Yes.
There are a number of free php complier on web too.
Please look at sf.net
--- End Message ---
--- Begin Message ---
and this response was helpful to the guy who asked the original question,
how????
i mean, aside from showing that you know how to do a link, what did you show....
peace...
-----Original Message-----
From: John Nichel <[EMAIL PROTECTED]>
Sent: Dec 20, 2004 4:32 PM
To: [EMAIL PROTECTED]
Subject: Re: [PHP] can I compile php source
QT wrote:
> hi,
>
> is there any way to compile php source to make binary file for protecting
> source code?
>
> best regards
>
Yes.
http://www.catb.org/~esr/faqs/smart-questions.html
--
By-Tor.com
...it's all about the Rush
http://www.by-tor.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
Bruce Douglas wrote:
and this response was helpful to the guy who asked the original question, how????
i mean, aside from showing that you know how to do a link, what did you show....
peace...
Maybe you should read the link, then _maybe_ you'll understand.
Would you feel better if I posted links to the archives and/or to Google
to where numerous answers could be found to this question? Or maybe the
OP could have just gone to the link I posted and seen those two
suggestions in the 'Before You Ask' section.
Then again, what was I thinking...people think for themselves? How
silly of me.
-----Original Message-----
From: John Nichel <[EMAIL PROTECTED]>
Sent: Dec 20, 2004 4:32 PM
To: [EMAIL PROTECTED]
Subject: Re: [PHP] can I compile php source
QT wrote:
hi,
is there any way to compile php source to make binary file for protecting
source code?
best regards
Yes.
http://www.catb.org/~esr/faqs/smart-questions.html
--
By-Tor.com
...it's all about the Rush
http://www.by-tor.com
--- End Message ---
--- Begin Message ---
So my question is:
What is faster using substr or accessing the string like an array?
I don't know and in this case I don't care. Both syntaxes work fine,
but for me the clarity of substr for users not familiar with the
array-like construct makes it a better choice. And I have been known to
ocassionally debug a script wrong because I thought a string was holding
an array :(
--- End Message ---
--- Begin Message ---
Sebastian wrote:
i have an upload form which i would only like to allow compressed zip files
and rar files to be uploaded. currently i use
if ($_FILES['userfile']['type'] != 'application/x-zip-compressed')
which only seems to work in IE, doesn't work in mozila (haven't tried
others) what the best way to detect if its a rar or zip file which works in
a better range of browsers? someone gave me a suggestion to check if the
file ends in .rar or .zip but that isn't very secure since anyone would be
able to append it to the filename regardless of the actual file type.
thanks.
Your current method is not secure either. Content-Type header is
supplied by the browser and can be easily spoofed. Mozilla just sends
another type, mine is set to send application/zip for .zip files.
The best bet is to use mime_content_type() function that checks the
first few bytes. Still this does not help with malformed files, that can
possibly exploit known vulnerabilities in archiving applications.
If you put the files in publicly accessible location, be sure to check
the file extension too.
--- End Message ---
--- Begin Message ---
Hello,
on 12/20/2004 04:18 PM Symbulos Partners said the following:
Has anybody implemented an object oriented database in PHP yet?
What you seem to be looking for is something like Metastorage which
implements Object-relational mappings API.
Metastorage lets you describe a model of classes of objects with
variables, relationships, validation rules and the types of functions
that you need to manipulate your application objects.
Then it generates a very compact and fast API made of classes that let
you store and retrieve objects in any SQL based database, among other
operations that your application may need. It also generates the
database schema and a special class that you can use to install your
model database schema just with a single function call.
You may learn more about Metastorage here:
http://www.meta-language.net/metastorage.html
Here you can also see some screenshots that illustrate some features.
http://www.meta-language.net/screenshots.html
--
Regards,
Manuel Lemos
PHP Classes - Free ready to use OOP components written in PHP
http://www.phpclasses.org/
PHP Reviews - Reviews of PHP books and other products
http://www.phpclasses.org/reviews/
Metastorage - Data object relational mapping layer generator
http://www.meta-language.net/metastorage.html
--- End Message ---
--- Begin Message ---
Hello, I am having problems with this code below. The system is a FC1 server
and it is supposed to send an email collecting some information of a
computer. The problem I am having is with the "<" and ">" characters. When
the $header variable is created, it does not work if you add the < and >
characters. For some reason makes the whole string like null. Has anyone
seen this behaviour? If I try manually to send an email it does work and php
does have imap support on it.
Thanks
-pa
<snip>
$header = "From: $fullNameField <admin@" . trim(`/bin/hostname --fqdn`) .
">";
$registrationAddress = "[EMAIL PROTECTED]";
$subject = "Registration ($productName)";
$message = "
Full name: $fullNameField
Title: $titleField
Company: $companyField
";
// send email
imap_mail($registrationAddress, $subject, $message, $header);
<snip>
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
--- End Message ---
--- Begin Message ---
Hi Paul,
Didn't use imap_mail but you can check out this
http://phpmailer.sourceforge.net/
I am currently using it and it works like a charm. Very easy to use and I do
not have problem like yours.
"Paul Aviles" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Hello, I am having problems with this code below. The system is a FC1
server
> and it is supposed to send an email collecting some information of a
> computer. The problem I am having is with the "<" and ">" characters. When
> the $header variable is created, it does not work if you add the < and >
> characters. For some reason makes the whole string like null. Has anyone
> seen this behaviour? If I try manually to send an email it does work and
php
> does have imap support on it.
>
> Thanks
>
> -pa
>
> <snip>
>
> $header = "From: $fullNameField <admin@" . trim(`/bin/hostname --fqdn`) .
> ">";
> $registrationAddress = "[EMAIL PROTECTED]";
> $subject = "Registration ($productName)";
> $message = "
> Full name: $fullNameField
> Title: $titleField
> Company: $companyField
> ";
> // send email
> imap_mail($registrationAddress, $subject, $message, $header);
>
> <snip>
>
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
--- End Message ---
--- Begin Message ---
[EMAIL PROTECTED] wrote:
the REMOTE_ADDR environment variable (aka php superglobal) will give
you the IPnumber of the inbound client.
---------- Original Message ----------
> From: welly limston
> To: [EMAIL PROTECTED]
> Date: Friday, December 17, 2004 06:17:56 PM -0800
> Subject: [PHP] script PHP to detect IP address
>
>
> Anybody out there who know the PHP script that can use to detect an
> IP address of a PC?
>
> If u don�t know, maybe some sites address which have related with
> this topic, might be point me little.
>
>
>
> Many your help very appreciate.
>
> Thank�s so much for ur respone
>
>
>
>
>
> ---------------------------------
> Do you Yahoo!?
> Yahoo! Mail - You care about security. So do we.
---------- End Original Message ----------
thank you for u information
it's very usefull for me
regards;
welly
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
--- End Message ---
--- Begin Message ---
for eg.
thanks please.
Shi MuQi
LangFang ABC (China) °v°
Tel:(86)-311-78764NN /(_)\
E-mail:[EMAIL PROTECTED] ^ ^
--- End Message ---
--- Begin Message ---
Hey all.
I am trying to get encryption working for my site.
I have found some code and set up a test bed for it, but it fails to return
the same value after the 26th item. I was hoping someone could take a look
and maybe tell me why? There is very little help out there for encryption.
If you know of a working example/tutorial, can you please reply with a link?
Many thanks,
Darren
<?
global $arrAlphaVals;
global $intTot;
$intTot = 5000;
$arrAlphaVals = array();
function init()
{
global $arrAlphaVals;
global $intTot;
for ($i=0;$i<$intTot;$i++)
{
$arrAlphaVals[$i] = sprintf("%016s", strtoupper(dechex($i)));
}
return $arrAlphaVals;
}
function main()
{
global $arrAlphaVals;
global $intTot;
init();
$arrError = array();
echo "Encryption test<br>\n";
for ($i=0;$i<$intTot;$i++)
{
if ($i%1000 == 0)
{
echo $i."<br>";
flush();
}
$strInit = $arrAlphaVals[$i];
$strEncVal = encryptIt($strInit);
$strOut = decryptIt($strEncVal);
//echo "In: ".$strInit.", Enc: ".$strEncVal.", Out: ".$strOut."<br>";
if ($strOut != $strInit)
{
$strError .= "Failed on: ".$i."<br>\n";
$arrError[$strInit] = $strOut;
}
}
if (sizeof($arrError) > 0)
{
// There were errors
foreach ($arrError as $strKey => $strVal)
{
echo "Input: '".$strKey."' failed with result
'".$strVal."'<br>\n";
}
echo "<hr>".$strError;
}
echo "<hr>Tested ".$i." cases. Done.<br>\n";
}
function encryptIt($strIn)
{
$key = "biteme";
$strRet = _mencrypt($strIn, $key);
return $strRet;
}
function decryptIt($strIn)
{
$key = "biteme";
$strRet = _mdecrypt($strIn, $key);
return $strRet;
}
function _mencrypt($input,$key)
{
$input = str_replace("\n","",$input);
$input = str_replace("\t","",$input);
$input = str_replace("\r","",$input);
$key = substr(md5($key),0,24);
$td = mcrypt_module_open ('tripledes', '', 'ecb', '');
$iv = mcrypt_create_iv (mcrypt_enc_get_iv_size ($td), MCRYPT_RAND);
mcrypt_generic_init ($td, $key, $iv);
$encrypted_data = mcrypt_generic ($td, $input);
mcrypt_generic_deinit ($td);
mcrypt_module_close ($td);
return trim(chop(base64_encode($encrypted_data)));
}
//$input - stuff to decrypt
//$key - the secret key to use
function _mdecrypt($input,$key)
{
$input = str_replace("\n","",$input);
$input = str_replace("\t","",$input);
$input = str_replace("\r","",$input);
$input = trim(chop(base64_decode($input)));
$td = mcrypt_module_open ('tripledes', '', 'ecb', '');
$key = substr(md5($key),0,24);
$iv = mcrypt_create_iv (mcrypt_enc_get_iv_size ($td), MCRYPT_RAND);
mcrypt_generic_init ($td, $key, $iv);
$decrypted_data = mdecrypt_generic ($td, $input);
mcrypt_generic_deinit ($td);
mcrypt_module_close ($td);
return trim(chop($decrypted_data));
}
main();
?>
The original encryption and decryption code came from Jeremy Stansfield
(http://www.weberdev.com/get_example-3752.html)
Thanks again!
--- End Message ---
--- Begin Message ---
If nobody has a better suggestion I am simply going to do a reverse check
and for those that fail implement a massive hack. I really don't want to do
that...
Please, if you have any ideas give me a yell?
D
"Darren Wheatley" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Hey all.
>
> I am trying to get encryption working for my site.
>
> I have found some code and set up a test bed for it, but it fails to
return
> the same value after the 26th item. I was hoping someone could take a look
> and maybe tell me why? There is very little help out there for encryption.
> If you know of a working example/tutorial, can you please reply with a
link?
>
> Many thanks,
>
> Darren
>
> <?
> global $arrAlphaVals;
> global $intTot;
>
> $intTot = 5000;
> $arrAlphaVals = array();
>
> function init()
> {
> global $arrAlphaVals;
> global $intTot;
> for ($i=0;$i<$intTot;$i++)
> {
> $arrAlphaVals[$i] = sprintf("%016s", strtoupper(dechex($i)));
> }
> return $arrAlphaVals;
> }
> function main()
> {
> global $arrAlphaVals;
> global $intTot;
> init();
>
> $arrError = array();
> echo "Encryption test<br>\n";
> for ($i=0;$i<$intTot;$i++)
> {
> if ($i%1000 == 0)
> {
> echo $i."<br>";
> flush();
> }
> $strInit = $arrAlphaVals[$i];
> $strEncVal = encryptIt($strInit);
> $strOut = decryptIt($strEncVal);
> //echo "In: ".$strInit.", Enc: ".$strEncVal.", Out: ".$strOut."<br>";
> if ($strOut != $strInit)
> {
> $strError .= "Failed on: ".$i."<br>\n";
> $arrError[$strInit] = $strOut;
> }
> }
> if (sizeof($arrError) > 0)
> {
> // There were errors
> foreach ($arrError as $strKey => $strVal)
> {
> echo "Input: '".$strKey."' failed with result
> '".$strVal."'<br>\n";
> }
> echo "<hr>".$strError;
> }
> echo "<hr>Tested ".$i." cases. Done.<br>\n";
> }
> function encryptIt($strIn)
> {
> $key = "biteme";
> $strRet = _mencrypt($strIn, $key);
> return $strRet;
> }
> function decryptIt($strIn)
> {
> $key = "biteme";
> $strRet = _mdecrypt($strIn, $key);
> return $strRet;
> }
> function _mencrypt($input,$key)
> {
> $input = str_replace("\n","",$input);
> $input = str_replace("\t","",$input);
> $input = str_replace("\r","",$input);
> $key = substr(md5($key),0,24);
> $td = mcrypt_module_open ('tripledes', '', 'ecb', '');
> $iv = mcrypt_create_iv (mcrypt_enc_get_iv_size ($td),
MCRYPT_RAND);
> mcrypt_generic_init ($td, $key, $iv);
> $encrypted_data = mcrypt_generic ($td, $input);
> mcrypt_generic_deinit ($td);
> mcrypt_module_close ($td);
> return trim(chop(base64_encode($encrypted_data)));
> }
>
> //$input - stuff to decrypt
> //$key - the secret key to use
>
> function _mdecrypt($input,$key)
> {
> $input = str_replace("\n","",$input);
> $input = str_replace("\t","",$input);
> $input = str_replace("\r","",$input);
> $input = trim(chop(base64_decode($input)));
> $td = mcrypt_module_open ('tripledes', '', 'ecb', '');
> $key = substr(md5($key),0,24);
> $iv = mcrypt_create_iv (mcrypt_enc_get_iv_size ($td),
MCRYPT_RAND);
> mcrypt_generic_init ($td, $key, $iv);
> $decrypted_data = mdecrypt_generic ($td, $input);
> mcrypt_generic_deinit ($td);
> mcrypt_module_close ($td);
> return trim(chop($decrypted_data));
> }
> main();
> ?>
>
> The original encryption and decryption code came from Jeremy Stansfield
> (http://www.weberdev.com/get_example-3752.html)
>
> Thanks again!
--- End Message ---
--- Begin Message ---
Hello all..
Since my webhosting didnt provide me with telnet access, I would like to
have a small software that created by php to do some bash function such
as lynx, ls etc ?
thx a lot :)
--
=======================
Best Regards
Adwin Wijaya
www.kuya-kuya.net
www.e-rhema.net
=======================
--- End Message ---
--- Begin Message ---
> Since my webhosting didnt provide me with telnet access, I
> would like to have a small software that created by php to do
> some bash function such as lynx, ls etc ?
>
> thx a lot :)
>
Honestly, just get a new ISP that provides SSH access - many, many of them
do and it's not something that should be a "value add" feature (e.g., it
shouldn't cost more to have shell access).
To write an app to do this really falls under the "reinventing the wheel"
category. Besides, if an ISP doesn't want you to be able to do whatever in a
shell, the PHP user likely wouldn't have permissions to run the commands
that you'd want to run anyhow.
-M
--- End Message ---
--- Begin Message ---
Team
I am trying to teach myself php through a book I got at the store.
Its kinda rough with limited programming experience.
I was wondering if you could take a look at my code and tell me or write the
code so it Will work and make comments in it so I know what I did wrong.
Here is the links.
http://pastebin.com/131817
http://www.theufl.com/php/wrox_php/movie_details10.php
I'm trying to use the EOD; or EOT; html container with a few functions.
Also here is what the concept is.
Basically what we are trying to do is create a detail page for movies.
For example bruce almighty is movie id#1
When you get the table you see the name linked.
Then when you click link, you will get that movies page.
On that page you will have details about movie in a separate html table, and
also Another table with movie critics.
They will be able to post the date of review, review title, reviewer name,
movie review coments, And on the far right will be a 5-star rating with
check mark image.
The top part table is going to show.
Movie title, year of release, movie director, movie lead actor, how long the
movie is, and movie health..
Any help would greatly appreciated, could we meet online and talk about it?
Either through AIM or MSN Messger services?
With this address.
Let me know if you guys cant view any info or need any more info.
Karl James
(TheSaint)
[EMAIL PROTECTED]
http://theufl.com/
--- End Message ---
--- Begin Message ---
Karl James wrote:
Team
I am trying to teach myself php through a book I got at the store.
Its kinda rough with limited programming experience.
I was wondering if you could take a look at my code and tell me or write the
code so it Will work and make comments in it so I know what I did wrong.
Here is the links.
http://pastebin.com/131817
"no such item found"
http://www.theufl.com/php/wrox_php/movie_details10.php
returns a parse error, yes...
I'm trying to use the EOD; or EOT; html container with a few functions.
Also here is what the concept is.
Basically what we are trying to do is create a detail page for movies.
For example bruce almighty is movie id#1
When you get the table you see the name linked.
Then when you click link, you will get that movies page.
On that page you will have details about movie in a separate html table, and
also Another table with movie critics.
They will be able to post the date of review, review title, reviewer name,
movie review coments, And on the far right will be a 5-star rating with
check mark image.
The top part table is going to show.
Movie title, year of release, movie director, movie lead actor, how long the
movie is, and movie health..
Any help would greatly appreciated, could we meet online and talk about it?
Either through AIM or MSN Messger services?
With this address.
Let me know if you guys cant view any info or need any more info.
Karl James
(TheSaint)
[EMAIL PROTECTED]
http://theufl.com/
--- End Message ---
--- Begin Message ---
Hey guys,
Just to let you know I turned off my read receipt, sorry about that.
I had forgot I had it on.
Karl James
(TheSaint)
[EMAIL PROTECTED]
http://theufl.com/
--- End Message ---
--- Begin Message ---
I'm using some system calls to do some image processing, mostly just
resize, compress, and a few other simple tasks on some jpgs. I'm using
convert, djpeg, cjpeg, mogrify, etc to accomplish this.
The issue I'm running into now is that I have a command that runs fine
from the command line, but not through system. It returns an error
code of 127, which wasn't helpful to me.
The actual command is to convert, "convert $img1 -negate $img2". If I
print the command, then copy and paste into a terminal, it works. It
doesn't work through php, though, and there is no output from convert,
it just fails silently.
I have two thoughts on the matter: the first was that it was
permissions based, but no matter how loose I make the permissions, it
still won't work. Besides, other commands have no such issues. The
second thought is that php is running out of memory, as perhaps the
convert command is very intensive? It doesn't seem right to me, but it
was mentioned in the comments on the php website, and I can't come up
with anything else. Has anyone run across error 127 from system, or
have any idea what's going on?
Thanks,
Jonathan
--- End Message ---
--- Begin Message ---
Well, answering my own question, it turns out that convert is in
/usr/X11R6/bin, which is not in php's path. Creating an alias in
/usr/bin solved the issue.
On Tue, 21 Dec 2004 00:59:40 -0500, Jonathan Schwarz
<[EMAIL PROTECTED]> wrote:
> I'm using some system calls to do some image processing, mostly just
> resize, compress, and a few other simple tasks on some jpgs. I'm using
> convert, djpeg, cjpeg, mogrify, etc to accomplish this.
>
> The issue I'm running into now is that I have a command that runs fine
> from the command line, but not through system. It returns an error
> code of 127, which wasn't helpful to me.
>
> The actual command is to convert, "convert $img1 -negate $img2". If I
> print the command, then copy and paste into a terminal, it works. It
> doesn't work through php, though, and there is no output from convert,
> it just fails silently.
>
> I have two thoughts on the matter: the first was that it was
> permissions based, but no matter how loose I make the permissions, it
> still won't work. Besides, other commands have no such issues. The
> second thought is that php is running out of memory, as perhaps the
> convert command is very intensive? It doesn't seem right to me, but it
> was mentioned in the comments on the php website, and I can't come up
> with anything else. Has anyone run across error 127 from system, or
> have any idea what's going on?
>
> Thanks,
> Jonathan
>
--- End Message ---
--- Begin Message ---
--- Richard Lynch <[EMAIL PROTECTED]> wrote:
> What regular expression does one use when there really isn't a
> whole lot you can say about the text?...
>
> I mean, say for a guestbook or bulletin board or for a person's
> Bio or...
>
> You can limit it to a certain number of characters in length.
>
> You can mess with strip_tags and also do an ereg to rip out any
> kind of JavaScript on tags you want to *allow*.
>
> But then what?
>
> I mean, it seems like there's still an awful lot of wiggle room
> for mischief there, in an arbitrary string typed by the user.
This type of data is certainly the most difficult to filter, especially if
you try to adhere to very strict security principles.
You start with the same question as with any other data - what exactly do
I want to allow? This is much easier and less prone to error than asking
what you want to reject. If someone is entering a bio, a whitelist is
difficult to create, but not impossible. The best approach to take when
valid data is an unknown is to create a system that learns. This can be as
simple as enabling a whitelist approach, and logging all failures, but
using some other method for interim protection (e.g., a whitelist failure
is not considered a security breach). Manual inspection of failures can be
used to enhance the whitelist, and once you feel it is capable, you can
switch to this as the primary method of protection.
I must admit that I often take the lazy way out (with the caveat that some
situations demand a higher level of security and a more strict adherence
to best practices). The lazy way to filter output is htmlentities(), a
function that converts every character that has an equivalent HTML entity
to that entity. Thus, any character that may have special meaning to a
browser is converted to something that is only useful in displaying that
character. If you want to allow some markup, convert those back (use a
literal match when possible - pattern matching as a good last resort).
When using something in an SQL query, there are some good escaping
functions that can be used. I feel pretty comfortable using
mysql_escape_string() on any data to eliminate the practicality of SQL
injection. Of course, this shouldn't be a complete substitute for proper
data filtering, so I'm still talking about the lazy (or "least you can
do") approach.
So, while I agree that free-form text is very difficult to filter, there
are some pretty simple steps you can take to mitigate the risks, or you
can adhere to strict practices if you work at it.
Hope that helps.
Chris
=====
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly HTTP Developer's Handbook - Sams
Coming Soon http://httphandbook.org/
--- End Message ---
--- Begin Message ---
Hi List,
Is there a way of checking a list of say 10, 100, 1000 domain names to see
if they actually point to our nameservers and report back which ones are not
?
I would really appreciate any help you may give with this enquiry and I
thank you fully in advance
Dave C
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.296 / Virus Database: 265.6.2 - Release Date: 20/12/2004
--- End Message ---
