php-general Digest 24 Dec 2004 23:45:36 -0000 Issue 3189
Topics (messages 205135 through 205154):
Exec() denied read on Apache (fedora core 3)
205135 by: Zia Syed
205142 by: Greg Donald
205145 by: Zia Syed
Re: hackers?
205136 by: Manuel Lemos
205137 by: Manuel Lemos
205146 by: Manuel Lemos
php + html (frame)
205138 by: edwardspl.ita.org.mo
205139 by: John Nichel
205141 by: Greg Donald
205149 by: edwardspl.ita.org.mo
205150 by: John Nichel
205152 by: Matthew Sims
Re: Parse Flash File for URLs
205140 by: Greg Donald
Re: MP3s
205143 by: GH
Re: filesize math
205144 by: Greg Donald
Question about dates
205147 by: Brent Clements
Re: Next page every second
205148 by: Greg Wardawy
Re: [PHP-DB] Table Info
205151 by: Greg Wardawy
Re: A serious bug? "or" operator gives out diffferent results depending on
order of operands
205153 by: Jose M.Herrera
Merry Christmas ;o]
205154 by: Alaor Barroso
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[email protected]
----------------------------------------------------------------------
--- Begin Message ---
Hi,
I've been trying to execute some system commands and print back the
output on the webpage. I found the following code to do so, however,
it is not working.
<?php
echo exec('whoami');
?>
I get following errors in my /var/log/messages
Dec 24 12:03:34 melville kernel: audit(1103889814.948:0): avc: denied
{ read } for pid=13794 exe=/usr/sbin/httpd name=sh dev=hda2
ino=670441 scontext=root:system_r:httpd_t
tcontext=system_u:object_r:bin_t tclass=lnk_file
Apache server is ran by user apache and the .php file is also owned by
user apache.
Apache is not running in Safe_Mode
safe_mode Off Off
safe_mode_exec_dir /var/www/html/sh /var/www/html/sh
safe_mode_gid Off Off
safe_mode_include_dir /var/www/html /var/www/html
However, i tried to switch on the Safe_Mode but that wasn't any good either.
Any idea how can i get it work?
Thanks,
Zia
--- End Message ---
--- Begin Message ---
On Fri, 24 Dec 2004 12:09:51 +0000, Zia Syed <[EMAIL PROTECTED]> wrote:
> I've been trying to execute some system commands and print back the
> output on the webpage. I found the following code to do so, however,
> it is not working.
> <?php
> echo exec('whoami');
> ?>
>
> However, i tried to switch on the Safe_Mode but that wasn't any good either.
> Any idea how can i get it work?
I assume you're hosting with someone and they have dsiabled that
function via the php.ini, I dunno.. Anyway, you might get lucky and
they are using a different php.ini for the php binary. Try this from
command line:
php -r 'system( "whoami" );'
--
Greg Donald
Zend Certified Engineer
http://gdconsultants.com/
http://destiney.com/
--- End Message ---
--- Begin Message ---
Thanks for ur reply. I'm running httpd with php on my linux box. I
dont know how to enable the exec in php.ini. Tried safe mode but no
use. I get the following output from the command
[EMAIL PROTECTED] html]# php -r 'system("whoami");'
Error in argument 1, char 2: option not found r
however, with who.php, it works
[EMAIL PROTECTED] html]# php who.php
Content-type: text/html
X-Powered-By: PHP/4.3.9
root
:( I'm still stuck with it.
Z.
On Fri, 24 Dec 2004 08:13:37 -0600, Greg Donald <[EMAIL PROTECTED]> wrote:
> On Fri, 24 Dec 2004 12:09:51 +0000, Zia Syed <[EMAIL PROTECTED]> wrote:
> > I've been trying to execute some system commands and print back the
> > output on the webpage. I found the following code to do so, however,
> > it is not working.
> > <?php
> > echo exec('whoami');
> > ?>
> >
> > However, i tried to switch on the Safe_Mode but that wasn't any good either.
> > Any idea how can i get it work?
>
> I assume you're hosting with someone and they have dsiabled that
> function via the php.ini, I dunno.. Anyway, you might get lucky and
> they are using a different php.ini for the php binary. Try this from
> command line:
>
> php -r 'system( "whoami" );'
>
> --
> Greg Donald
> Zend Certified Engineer
> http://gdconsultants.com/
> http://destiney.com/
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--- End Message ---
--- Begin Message ---
Hello,
on 12/24/2004 03:01 AM Chris Shiflett said the following:
--- Sebastian <[EMAIL PROTECTED]> wrote:
im looking for a person or a place that will check or try
to "break" a site.
This is the least effective means of auditing an application. Letting an
experienced person review your code is much, much better.
It depends on what kind of vulnerabilities you want to audit. often some
sites are vulnerable, not because of the code of site itself, but rather
wholes in the third party software that they rely.
Many of the security breaches are perform by script kiddies that use
exploit scripts that take advantage of holes in known applications such
as Web servers, database servers and even PHP itself.
Auditing the actual site code is not a bad idea but many companies are
not confortable with the idea of an outsider to look at their code and
learn details about the site that may be part of its business secret and
so they would be worth selling to competitors.
The services of trustworth auditors are often not cheap. A cheaper
alternative is probably training the site developers to write secure
code and audit the applications regularly.
--
Regards,
Manuel Lemos
PHP Classes - Free ready to use OOP components written in PHP
http://www.phpclasses.org/
PHP Reviews - Reviews of PHP books and other products
http://www.phpclasses.org/reviews/
Metastorage - Data object relational mapping layer generator
http://www.meta-language.net/metastorage.html
--- End Message ---
--- Begin Message ---
Hello,
on 12/24/2004 03:01 AM Chris Shiflett said the following:
--- Sebastian <[EMAIL PROTECTED]> wrote:
im looking for a person or a place that will check or try
to "break" a site.
This is the least effective means of auditing an application. Letting an
experienced person review your code is much, much better.
It depends on what kind of vulnerabilities you want to audit. often some
sites are vulnerable, not because of the code of site itself, but rather
wholes in the third party software that they rely.
Many of the security breaches are perform by script kiddies that use
exploit scripts that take advantage of holes in known applications such
as Web servers, database servers and even PHP itself.
Auditing the actual site code is not a bad idea but many companies are
not confortable with the idea of an outsider to look at their code and
learn details about the site that may be part of its business secret and
so they would be worth selling to competitors.
The services of trustworth auditors are often not cheap. A cheaper
alternative is probably training the site developers to write secure
code and audit the applications regularly.
--
Regards,
Manuel Lemos
PHP Classes - Free ready to use OOP components written in PHP
http://www.phpclasses.org/
PHP Reviews - Reviews of PHP books and other products
http://www.phpclasses.org/reviews/
Metastorage - Data object relational mapping layer generator
http://www.meta-language.net/metastorage.html
--- End Message ---
--- Begin Message ---
Hello,
on 12/24/2004 03:01 AM Chris Shiflett said the following:
--- Sebastian <[EMAIL PROTECTED]> wrote:
im looking for a person or a place that will check or try
to "break" a site.
This is the least effective means of auditing an application. Letting an
experienced person review your code is much, much better.
It depends on what kind of vulnerabilities you want to audit. often some
sites are vulnerable, not because of the code of site itself, but rather
wholes in the third party software that they rely.
Many of the security breaches are perform by script kiddies that use
exploit scripts that take advantage of holes in known applications such
as Web servers, database servers and even PHP itself.
Auditing the actual site code is not a bad idea but many companies are
not confortable with the idea of an outsider to look at their code and
learn details about the site that may be part of its business secret and
so they would be worth selling to competitors.
The services of trustworth auditors are often not cheap. A cheaper
alternative is probably training the site developers to write secure
code and audit the applications regularly.
--
Regards,
Manuel Lemos
PHP Classes - Free ready to use OOP components written in PHP
http://www.phpclasses.org/
PHP Reviews - Reviews of PHP books and other products
http://www.phpclasses.org/reviews/
Metastorage - Data object relational mapping layer generator
http://www.meta-language.net/metastorage.html
--- End Message ---
--- Begin Message ---
Dear All,
I just created a webpage with frame structure:
top.php ( name of frame is "t" ) + buttom.php ( name of frame is "b" ) +
right.php ( name of frame is "r" )
Now, I want to make a hypher link with "top.php", and when user mouse
click the link under "top.php", then there will load a php ( base target
is "b" ) and load another php ( base target is "r" )...
So, is there a sample for reference "mouse click a hypher link then auto
load two php pages into different target area" ?
Edward.
??
--- End Message ---
--- Begin Message ---
[EMAIL PROTECTED] wrote:
Dear All,
I just created a webpage with frame structure:
top.php ( name of frame is "t" ) + buttom.php ( name of frame is "b" ) +
right.php ( name of frame is "r" )
Now, I want to make a hypher link with "top.php", and when user mouse
click the link under "top.php", then there will load a php ( base target
is "b" ) and load another php ( base target is "r" )...
So, is there a sample for reference "mouse click a hypher link then auto
load two php pages into different target area" ?
Edward.
This has nothing to do with PHP. Use a HTML/JavaScript mailing list,
and/or read some howto's for HTML/JavaScript.
--
John C. Nichel
�berGeek
KegWorks.com
716.856.9675
[EMAIL PROTECTED]
--- End Message ---
--- Begin Message ---
On Fri, 24 Dec 2004 21:35:01 +0800, [EMAIL PROTECTED]
<[EMAIL PROTECTED]> wrote:
> I just created a webpage with frame structure:
> top.php ( name of frame is "t" ) + buttom.php ( name of frame is "b" ) +
> right.php ( name of frame is "r" )
>
> Now, I want to make a hypher link with "top.php", and when user mouse
> click the link under "top.php", then there will load a php ( base target
> is "b" ) and load another php ( base target is "r" )...
>
> So, is there a sample for reference "mouse click a hypher link then auto
> load two php pages into different target area" ?
> ./google.pl "javascript load multiple frames" 10
Result:
http://www.programmersheaven.com/2/FAQ-JavaScript-Load-Multiple-Frames-And-Replace-Same-Frame
http://www.programmersheaven.com/2/FAQ-JavaScript-Load-Multiple-Frames
http://www.programmersheaven.com/phwiki/printer.aspx?w=2&p=FAQ-JavaScript-Load-Multiple-Frames
http://html.megalink.com/programmer/tips/multilink.html
http://polymer.bu.edu/~ccruz/javascript/reference.html
http://www.javascriptkit.com/javatutors/twoframes3.shtml
http://www.javascriptkit.com/javatutors/twoframes2.shtml
http://www.chalcedony.com/javascript3e/scripts/
http://www.webreference.com/js/column36/navigating.html
http://tech.irt.org/articles/js126/
--
Greg Donald
Zend Certified Engineer
http://gdconsultants.com/
http://destiney.com/
--- End Message ---
--- Begin Message ---
John Nichel wrote:
> [EMAIL PROTECTED] wrote:
> > Dear All,
> >
> > I just created a webpage with frame structure:
> > top.php ( name of frame is "t" ) + buttom.php ( name of frame is "b" ) +
> > right.php ( name of frame is "r" )
> >
> > Now, I want to make a hypher link with "top.php", and when user mouse
> > click the link under "top.php", then there will load a php ( base target
> > is "b" ) and load another php ( base target is "r" )...
> >
> > So, is there a sample for reference "mouse click a hypher link then auto
> > load two php pages into different target area" ?
> >
> > Edward.
>
> This has nothing to do with PHP.?Use a HTML/JavaScript mailing list,
> and/or read some howto's for HTML/JavaScript.
But I want to use php instead of HTML/JavaScript...
So, is there any sample for reference ?
--- End Message ---
--- Begin Message ---
[EMAIL PROTECTED] wrote:
John Nichel wrote:
[EMAIL PROTECTED] wrote:
Dear All,
I just created a webpage with frame structure:
top.php ( name of frame is "t" ) + buttom.php ( name of frame is "b" ) +
right.php ( name of frame is "r" )
Now, I want to make a hypher link with "top.php", and when user mouse
click the link under "top.php", then there will load a php ( base target
is "b" ) and load another php ( base target is "r" )...
So, is there a sample for reference "mouse click a hypher link then auto
load two php pages into different target area" ?
Edward.
This has nothing to do with PHP. Use a HTML/JavaScript mailing list,
and/or read some howto's for HTML/JavaScript.
But I want to use php instead of HTML/JavaScript...
So, is there any sample for reference ?
PHP is server side. It cannot target frames. That is done on the
client side. You will *have too* use JavaScript to target multiple
frames with just one link.
--
John C. Nichel
�berGeek
KegWorks.com
716.856.9675
[EMAIL PROTECTED]
--- End Message ---
--- Begin Message ---
> John Nichel wrote:
>
>> [EMAIL PROTECTED] wrote:
>> > Dear All,
>> >
>> > I just created a webpage with frame structure:
>> > top.php ( name of frame is "t" ) + buttom.php ( name of frame is "b" )
>> +
>> > right.php ( name of frame is "r" )
>> >
>> > Now, I want to make a hypher link with "top.php", and when user mouse
>> > click the link under "top.php", then there will load a php ( base
>> target
>> > is "b" ) and load another php ( base target is "r" )...
>> >
>> > So, is there a sample for reference "mouse click a hypher link then
>> auto
>> > load two php pages into different target area" ?
>> >
>> > Edward.
>>
>> This has nothing to do with PHP. Use a HTML/JavaScript mailing list,
>> and/or read some howto's for HTML/JavaScript.
>
> But I want to use php instead of HTML/JavaScript...
> So, is there any sample for reference ?
>
PHP and Javascript are apples and oranges. They are nothing alike and are
completely different in everyway. If you want something done with the
browser, use Javascript.
--
--Matthew Sims
--<http://killermookie.org>
--- End Message ---
--- Begin Message ---
On Thu, 23 Dec 2004 23:17:09 -0500, Jason Paschal <[EMAIL PROTECTED]> wrote:
> how might i accomplish this? phpAds does this when a flash banner is
> uploaded, and asks if you want to change the URLs it finds. instead
> of being diligent and scouring the phpAds code for what I'm looking
> for, was hoping someone out there could offer some tips, suggestions,
> pseudo-code, etc for how this could be done.
php -r 'system( "strings *.swf | grep http" );'
--
Greg Donald
Zend Certified Engineer
http://gdconsultants.com/
http://destiney.com/
--- End Message ---
--- Begin Message ---
Thank you.... will look at these after the holidays when I get back to
the project
On Thu, 23 Dec 2004 08:44:20 -0800, Robby Russell <[EMAIL PROTECTED]> wrote:
> .m3u does this
>
> For example:
>
> > $ cat the_vacant_-_live_10192004_full_show.m3u
> > http://www.thevacant.com/media/live_10192004/160/the_vacant_-_live_10192004_-_01_-_ladders_to_the_moon.mp3
> > http://www.thevacant.com/media/live_10192004/160/the_vacant_-_live_10192004_-_02_-_rooftop_rocketship.mp3
> > http://www.thevacant.com/media/live_10192004/160/the_vacant_-_live_10192004_-_03_-_perception.mp3
> > http://www.thevacant.com/media/live_10192004/160/the_vacant_-_live_10192004_-_04_-_song_1.mp3
> > http://www.thevacant.com/media/live_10192004/160/the_vacant_-_live_10192004_-_05_-_the_cure_got_in_her_head.mp3
> > http://www.thevacant.com/media/live_10192004/160/the_vacant_-_live_10192004_-_06_-_red_light.mp3
> > http://www.thevacant.com/media/live_10192004/160/the_vacant_-_live_10192004_-_07_-_bliss.mp3
>
> Cheers,
>
> Robby
>
> On Thu, 2004-12-23 at 11:18 -0500, David Dickson wrote:
> > I think if you generate a .m3a file with just the full url of your mp3
> > and send that to download in the browser this will launch the users mp3
> > player which will then stream the mp3 that was contained in the file.
> >
> > GH wrote:
> > > I appologize in advanced if this is an off topic discussion...
> > >
> > > I am working on a PHP based website and would like to offer media to
> > > my visitors... I have the Audio in WMA and MP3 formats... I would like
> > > to know how I could get them to "Stream"? inline... using PHP.... any
> > > advice would be greatfully appreciated
> > >
> > >
> > > Thanks in advance
> > >
> > > Happy Holidays
> > > Gary
> > >
> >
> --
> /***************************************
> * Robby Russell | Owner.Developer.Geek
> * PLANET ARGON | www.planetargon.com
> * Portland, OR | [EMAIL PROTECTED]
> * 503.351.4730 | blog.planetargon.com
> * PHP/PostgreSQL Hosting & Development
> * --- Now supporting PHP5 ---
> ****************************************/
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--- End Message ---
--- Begin Message ---
On Fri, 24 Dec 2004 04:15:10 -0500, Sebastian
<[EMAIL PROTECTED]> wrote:
> i made this function and want to know if i am doing the math correctly..
> seems to be caculating ok.. $filesize is in bytes.. if the filesize is under
> 1MB i want to show KBs, if its under 1GB i want to show MB, if its over
> 1000MB i want to show GB, makes sense? ;)
>
> function byte_format($filesize)
> {
> if ($filesize < 1000000)
> {
> return number_format($filesize / 1024, 2, '.', '') . ' KB';
> }
> else if($filesize > 1000000000)
> {
> return number_format($filesize / 1024 / 1024 / 1024, 2, '.', '') .
> ' GB';
> }
> else
> {
> return number_format($filesize / 1024 / 1024, 2, '.', '') . ' MB';
> }
> }
Seems overly complex. Why not something like:
$file_name = "/path/to/file";
$file_type = array( 'K', 'M', 'G' );
$size = filesize ( $file_name );
for ( $t = 0; $size > 1024; $t++ )
{
$size /= 1024;
$file_size = round ( $size, 1 ) . ' ' . $file_type[ $t ] . 'B';
}
echo "\$file_size = $file_size";
--
Greg Donald
Zend Certified Engineer
http://gdconsultants.com/
http://destiney.com/
--- End Message ---
--- Begin Message ---
How does one over come the issue of unix time not going beyond a certain date?
ie, when I do echo strtotime("2099-10-08"); it outputs -1
This has to do with the limitations of unix time, so how does one get around it?
Thanks,
Brent
--- End Message ---
--- Begin Message ---
Thanks a lot Sagar,
The logic looks perfect. Having no web programming experience at all I
didn't even know what I was looking for.
And I didn't know I needed a java script for the PHP page.
Greg.
----- Original Message -----
From: "Sagar C Nannapaneni" <[EMAIL PROTECTED]>
To: "Greg Wardawy" <[EMAIL PROTECTED]>; <[email protected]>
Sent: Thursday, December 23, 2004 1:25 PM
Subject: Re: [PHP] Next page every second
If all you want to display each record one by one at a particular interval
of time
you could do this at one page itself...here is the procedure....
1. connect to mysql
2. grab the row you want
3. store the row number in a session variable
4. Add an autorefresh code to ur html..(lot of java scritps are there for
setting the time interval for the page refresh)
5. when the page again loads grab the row number from session and
increment
it by one
hope that the logic will work out...
/sagar
----- Original Message -----
From: "Greg Wardawy" <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Friday, December 24, 2004 10:39 AM
Subject: [PHP] Next page every second
Ladies and gentlemen of PHP,
I'm quite new to PHP (coming from Perl) so please don't laugh too hard if
I'm missing something obvious.
My scenario is as follows:
Connect to the MySQL server->grab the data from the table->display the
data
of the first row on the web page->sleep 1 second->display the data from
the
next row->sleep 1 second... and so forth up to the last row of the table.
I'm able to get the next page displayed by using a link to it (a snippet
below) but I'm out of ideas how to have the next page displayed every
second. So far I'm getting tons of tables displayed on the page or tons
of
the variables displayed in a single cell of the table. I could really use
your help here.
Happy Holidays to all of you and many thanks for any suggestions given.
Greg.
############################################################################
#############
__SNIP__
<table width="420" height="12" border="3" cellpadding="6" cellspacing="4"
bordercolor="#9900CC">
<tr>
<th width="60" scope="col">Variable</th>
<th width="360" scope="col">Value</th>
</tr>
<?php do { ?>
<tr>
<th width="60">1</th>
<td width="360" nowrap="nowrap" bordercolor="#660066"
bgcolor="#FFFFFF"><div align="right" class="style8"> <?php echo
$row_gail_data['var1']; ?> </div></td>
<tr>
<th width="60">2</th>
<td width="360" nowrap="nowrap" bordercolor="#660066"
bgcolor="#FFFFFF"><div align="right" class="style9"> <?php echo
$row_gail_data['var2']; ?> </div></td>
</tr>
<tr>
<th width="60">3</th>
<td width="360" nowrap="nowrap" bordercolor="#660066"
bgcolor="#FFFFFF"><div align="right" class="style10"> <?php echo
$row_gail_data['var3']; ?> </div></td>
</tr>
<tr>
<th width="60">4</th>
<td width="360" nowrap="nowrap" bordercolor="#660066"
bgcolor="#FFFFFF"><div align="right" class="style7"> <?php echo
$row_gail_data['var4']; ?> </div></td>
</tr>
<?php } while ($row_gail_data = mysql_fetch_assoc($gail_data)); ?>
</table>
</p>
<p><a href="<?php printf("%s?pageNum_gail_data=%d%s", $currentPage,
min($totalPages_gail_data, $pageNum_gail_data + 1),
$queryString_gail_data);
?>">Next</a>
</p>
__SNIP__
############################################################################
#############
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
Hi Brad,
That's what I'm trying to achieve (my post "Next page every second"). Maybe
Sagar's response will help you a bit.
Greg
"Brad Ciszewski" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
I am having problems coming up with a way to do this. I highly appreciate
any help what so ever.
Problem: I need to extract data from the database, and display it on a
table with 2 columns. It has to alternate columns automaticly, for each
row.
Like I said earlier, any help is highly appreciated!!
Thanks in advance,
Brad Ciszewski
www.BradTechnologies.com Web Services
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Bogdan Ribic wrote:
| Here's a little test script:
|
| --------------------
| $x = 2;
| $y = 10;
|
| $b1 = is_null($x) or ($y > 5);
| $b2 = ($y > 5) or is_null($x);
Yes, of course.
Your code or example, is just like:
( $b1 = is_null($x) ) or ( $y > 5 ) ;
( $b2 = ($y > 5) ) or is_null($x) ;
The ">" has more precedence than "=", "or" it has a very low precedence.
Then, $b1 = false and $b2 = True... that's ok! :P
You example, must have been:
$b1 = ( ( is_null($x) ) or ( $y > 5 ) );
$b2 = ( ( $y > 5 ) or ( is_null($x) ) );
I this example the value of $b1 is all between the parenthesis (explicitly).
Bye!
- --
Jose Miguel Herrera M. - User #246070 counter.li.org
Est.Ing.Civil Informatica - UTFSM
Valparaiso, Chile - http://www.inf.utfsm.cl/~jherrera
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFBzHJdl/j2VHFHn8wRArZdAKCJbv8W54vlpeinK1hMF3xEttjuiACeIIUs
63OX2bn+h9zLUDHhSvSTr/M=
=3vfi
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Merry Christmas and happy new year for all that is
part of php community, god bless us. Peace!
_______________________________________________________
Yahoo! Acesso Gr�tis - Instale o discador do Yahoo! agora.
http://br.acesso.yahoo.com/ - Internet r�pida e gr�tis
--- End Message ---
