php-general Digest 28 Mar 2005 05:09:20 -0000 Issue 3363

Topics (messages 211668 through 211686):

world write access
        211668 by: Evert - Rooftop Solutions
        211670 by: Johannes Findeisen
        211674 by: Evert - Rooftop Solutions

trustudio - eclipse IDE + CVS
        211669 by: D_C

Still fighting setcookie
        211671 by: John Hinton
        211678 by: Jasper Bryant-Greene
        211679 by: Jasper Bryant-Greene

Re: setcookie issue
        211672 by: Chris Shiflett

Maximum Execution Time Exceeded
        211673 by: mikeytf.aol.com

Re: Getting values from the Javascript namespace
        211675 by: Jasper Bryant-Greene

Re: Illegal string offset error in array
        211676 by: Jasper Bryant-Greene
        211680 by: Rasmus Lerdorf
        211681 by: Jasper Bryant-Greene
        211682 by: Rasmus Lerdorf
        211683 by: Jasper Bryant-Greene
        211684 by: Rasmus Lerdorf
        211685 by: James Kaufman

mysql_fetch_row not working?
        211677 by: mikeytf.aol.com

Converting hexadecimal string
        211686 by: Ashley M. Kirchner

Administrivia:

To subscribe to the digest, e-mail:
        [EMAIL PROTECTED]

To unsubscribe from the digest, e-mail:
        [EMAIL PROTECTED]

To post to the list, e-mail:
        [email protected]


----------------------------------------------------------------------
--- Begin Message ---
Hi people,

I'm trying to think of a way to make an auto-updater for my distributed scripts. If I wanted to do this, I'd have to give write access to the php scripts to the apache user or world.
Everywhere I read that you shouldn't to that, but I'm thinking that if you script your stuff right, there shouldn't be any problem. The numerous places I read that I shouldn't do that gives me certain doubts though.


any comments on this?

regards,
Evert

--
Rooftop Solutions - Web Applications on Demand
tel. (+31)628962319 fax. (+31)842242474
http://www.rooftopsolutions.nl

--- End Message ---
--- Begin Message ---
Hello,

It is generally not a good idea to make scripts to everybody writeable. I 
think that if you're implementing auto-update features in PHP scripts they 
only could be insecure. Okay, you have one more feature but what if this 
feature goes out of control? Be really carefull when writing such 
applications. Maybe there are nice and secure solutions which maybe work but 
you really should set a focus on security.

More info:
http://www.php.net/manual/en/function.chmod.php

Regards

hanez

On Sunday 27 March 2005 19:08, Evert - Rooftop Solutions wrote:
> Hi people,
>
> I'm trying to think of a way to make an auto-updater for my distributed
> scripts. If I wanted to do this, I'd have to give write access to the
> php scripts to the apache user or world.
> Everywhere I read that you shouldn't to that, but I'm thinking that if
> you script your stuff right, there shouldn't be any problem. The
> numerous places I read that I shouldn't do that gives me certain doubts
> though.
>
> any comments on this?
>
> regards,
> Evert
>
> --
> Rooftop Solutions - Web Applications on Demand
> tel. (+31)628962319 fax. (+31)842242474
> http://www.rooftopsolutions.nl

-- 
# Johannes Findeisen

--- End Message ---
--- Begin Message ---
Thanx Johannes,

how about making the webserver the owner of the files? Would that be a good idea?
The problem is that I have a framework deployed at several clients. Because this are some big clients and demand high security they won't give me a login to their ftp or consoles.
Understandable, but everytime there's an update I need to mail the files and they have to install it. Imagine how much time that costs when there's a problem after the update and they need files again. Very annoying.


I consider myself a good php scripter and I will be able to make my scripts secure, so I need a good reason not to build in the auto-updater. I can tell the server is a dedicated server for my project, only has a webserver running (apache).

Argue with me :)

grt,
Evert

Johannes Findeisen wrote:

Hello,

It is generally not a good idea to make scripts to everybody writeable. I think that if you're implementing auto-update features in PHP scripts they only could be insecure. Okay, you have one more feature but what if this feature goes out of control? Be really carefull when writing such applications. Maybe there are nice and secure solutions which maybe work but you really should set a focus on security.

More info:
http://www.php.net/manual/en/function.chmod.php

Regards

hanez



--- End Message ---
--- Begin Message ---
I am using the trustudio IDE (an eclipse plugin basically) 

it has a really nice feature where it will give popups for argument
list for your functions.
however, when i am using a project from CVS rather than the local file
system, this breaks, and i get an error
"The resource is not on build path of a java project"

or "the compilation unit is not on the build path of a script project".

is anyone using this IDE, that can tell me how to create this setting? 

Also, has anyone got experience running the other "PHP eclipse" (
http://www.phpeclipse.de/ ) IDE, or having both running as eclipse PHP
plugins on the same machine?

Thanks!

/dc

-- 
_______________________________________________
           David "DC" Collier
mobile business creator |モバイル・ビジネス・クリエーター
           [EMAIL PROTECTED]
           skype: callto://d3ntaku
           http://www.pikkle.com
new number! >>>>
           +81 (0)80 6521 9559

--- End Message ---
--- Begin Message ---
OK, I created this most simplistic script..

---- Begin Script-------------------------------------------

<?php
if(isset($value))
{
 setcookie("mycookie",$value);
}

define (Login, 0);
define (DataReturn, 1);

function login() {
echo "<form ACTION=\"$_SERVER[PHP_SELF]?action=1\" METHOD=\"post\" ENCTYPE=\"multipart/form-data\">";
echo "Type value: <input name=\"value\" type=\"text\">";
echo "<input name=\"submit\" type=\"submit\">";
echo "</form>";
}


function datareturn(){
print_r($_COOKIE);
echo " is the \$_COOKIE data";
}

if (empty ($action))
      $action = 0;
switch ($action) {
case Login:
  login();
  break;
case DataReturn:
      datareturn();
      break;
default:
      die ("Unknown action code ($action)");
}
?>

----End Script------------------------

I would expect the return on action=1 to report the set cookie, but instead, it has no data. If I then reload the browser, the cookie appears. How can I get the cookie to set without this reload? What am I missing?

Thanks a bunch...
John Hinton

--- End Message ---
--- Begin Message --- John Hinton wrote:
OK, I created this most simplistic script..
 [snip]

I would expect the return on action=1 to report the set cookie, but instead, it has no data. If I then reload the browser, the cookie appears. How can I get the cookie to set without this reload? What am I missing?

Thanks a bunch...
John Hinton

When you use setcookie(), it sets a Set-Cookie header in the response to the browser. The browser will then send the Cookie header with subsequent requests.


The server has no way of knowing about the cookie until a subsequent request, but you could either code around it or write your own setcookie wrapper, something like:

function setcookie2($name, $value="", $expire="", $path="", $domain="", $secure=false) {
$_COOKIES[$name] = $value;
return setcookie($name, $value, $expire, $path, $domain, $secure);
}


It's probably better just to think up an alternative way to do it though.

Best regards

--
Jasper Bryant-Greene
Cabbage Promotions
www:   www.cabbage.co.nz
email: [EMAIL PROTECTED]
phone: 021 232 3303

public key:  Jasper Bryant-Greene <[EMAIL PROTECTED]> keyID 0E6CDFC5
fingerprint: 2313 5641 F8F6 5606 8844 49C0 1D6B 2924 0E6C DFC5

--- End Message ---
--- Begin Message --- Jasper Bryant-Greene wrote:
[snip]
function setcookie2($name, $value="", $expire="", $path="", $domain="", $secure=false) {
$_COOKIES[$name] = $value;
return setcookie($name, $value, $expire, $path, $domain, $secure);
}
[snip]

Sorry, that should be:

$_COOKIE[$name] = $value;

--
Jasper Bryant-Greene
Cabbage Promotions
www:   www.cabbage.co.nz
email: [EMAIL PROTECTED]
phone: 021 232 3303

public key:  Jasper Bryant-Greene <[EMAIL PROTECTED]> keyID 0E6CDFC5
fingerprint: 2313 5641 F8F6 5606 8844 49C0 1D6B 2924 0E6C DFC5

--- End Message ---
--- Begin Message --- John Hinton wrote:
The thing is, on the next action switch

print_r($_COOKIE);

returns empty until I refresh the browser. So, thusly, the second page
load brings in the cookies.

$_COOKIES is a convenient array that contains the contents of the Cookie header, nicely parsed.


Whenever you set a cookie, you're really adding a Set-Cookie header to the response. Thus, the browser has no way of knowing your intent until it receives the response. This data won't be in $_COOKIES until a subsequent request is made in which that cookie is included in the Cookie request header.

This chapter of HTTP Developer's Handbook explains cookies:

http://shiflett.org/books/http-developers-handbook/chapters/11

See Figure 11.3 for an illustration of the exchange I just described.

Hope that helps.

Chris

--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/

--- End Message ---
--- Begin Message ---
I would like to know if you could help me..  I don't understand what is wrong!  
I made a file that is supposed to list 2 categories with the boards that go to 
them under them.  I get a Fatal Error: Maxmimum execution time of 30 seconds 
exceeded.  Here is the file that gives me the error: 
http://subzer0.net/php/index.php
 
Here is the source code for the file:
 
http://subzer0.net/php/index.phps
 
Thanks.
 
 
~Mike

--- End Message ---
--- Begin Message --- Daniel Lahey wrote:
Is there any way to get values from the Javascript namespace into PHP? I want to use a value passed into a Javascript function in a query within some PHP code in the function which is used to dynamically populate a select's options.

TIA

JavaScript is parsed on the client side, and PHP on the server side. Because HTTP is stateless, you'd have to call the server again from the JavaScript, as the JavaScript isn't parsed until after the request is complete.


You might like to investigate the XMLHTTP object for calling the server from JavaScript, but it might be better to figure out an alternative way to do it without requiring the second call back to the server. I can't really help any more without more specifics (maybe some code).

HTH
--
Jasper Bryant-Greene
Cabbage Promotions
www:   www.cabbage.co.nz
email: [EMAIL PROTECTED]
phone: 021 232 3303

public key:  Jasper Bryant-Greene <[EMAIL PROTECTED]> keyID 0E6CDFC5
fingerprint: 2313 5641 F8F6 5606 8844 49C0 1D6B 2924 0E6C DFC5

--- End Message ---
--- Begin Message --- Johannes Findeisen wrote:
Hello all,

sorry if this has been asked allready but i didn't find any usefull information in the web.

Why is this function not working in PHP5?
[snip]
/*
* This line does not work in PHP5 cause off an illegal string offset in an array ERROR
*/
$arrAvailableContent[$i]['submenu'][$n]['file'] = $subfile;
[snip]
Can someone help?

You can't access string offsets with square brackets [] in PHP5. You need to use curly braces {} instead.


Square brackets [] for arrays, curly braces {} for string offsets.

--
Jasper Bryant-Greene
Cabbage Promotions
www:   www.cabbage.co.nz
email: [EMAIL PROTECTED]
phone: 021 232 3303

public key:  Jasper Bryant-Greene <[EMAIL PROTECTED]> keyID 0E6CDFC5
fingerprint: 2313 5641 F8F6 5606 8844 49C0 1D6B 2924 0E6C DFC5

--- End Message ---
--- Begin Message --- Jasper Bryant-Greene wrote:
Johannes Findeisen wrote:

Hello all,

sorry if this has been asked allready but i didn't find any usefull information in the web.

Why is this function not working in PHP5?
[snip]
/*
* This line does not work in PHP5 cause off an illegal string offset in an array ERROR
*/
$arrAvailableContent[$i]['submenu'][$n]['file'] = $subfile;
[snip]
Can someone help?


You can't access string offsets with square brackets [] in PHP5. You need to use curly braces {} instead.

Not sure where you got that idea. This is not true.

-Rasmus
--- End Message ---
--- Begin Message --- Rasmus Lerdorf wrote:
Jasper Bryant-Greene wrote:
You can't access string offsets with square brackets [] in PHP5. You need to use curly braces {} instead.

Not sure where you got that idea. This is not true.

-Rasmus

Actually, it is. See the following URL:

http://www.php.net/manual/en/language.types.string.php#language.types.string.substr

Best regards
--
Jasper Bryant-Greene
Cabbage Promotions
www:   www.cabbage.co.nz
email: [EMAIL PROTECTED]
phone: 021 232 3303

public key:  Jasper Bryant-Greene <[EMAIL PROTECTED]> keyID 0E6CDFC5
fingerprint: 2313 5641 F8F6 5606 8844 49C0 1D6B 2924 0E6C DFC5

--- End Message ---
--- Begin Message --- Jasper Bryant-Greene wrote:
Rasmus Lerdorf wrote:

Jasper Bryant-Greene wrote:

You can't access string offsets with square brackets [] in PHP5. You need to use curly braces {} instead.


Not sure where you got that idea.  This is not true.

-Rasmus


Actually, it is. See the following URL:

http://www.php.net/manual/en/language.types.string.php#language.types.string.substr

Yes, please read that link again. The syntax is deprecated. That doesn't mean it doesn't work as you indicated. If we broke this most of the scripts written for PHP4 would break.


-Rasmus
--- End Message ---
--- Begin Message --- Rasmus Lerdorf wrote:
Jasper Bryant-Greene wrote:
You can't access string offsets with square brackets [] in PHP5. You need to use curly braces {} instead.

Not sure where you got that idea. This is not true.

-Rasmus

Actually, it is. See the following URL:

http://www.php.net/manual/en/language.types.string.php#language.types.string.substr

Yes, please read that link again. The syntax is deprecated. That doesn't mean it doesn't work as you indicated. If we broke this most of the scripts written for PHP4 would break.


-Rasmus

Yes, but he's talking about PHP5. He probably has E_STRICT on, which is why he's getting that error.

I was telling him to use the correct syntax, which will cause him to not
get that error.

Best regards

--
Jasper Bryant-Greene
Cabbage Promotions
www:   www.cabbage.co.nz
email: [EMAIL PROTECTED]
phone: 021 232 3303

public key:  Jasper Bryant-Greene <[EMAIL PROTECTED]> keyID 0E6CDFC5
fingerprint: 2313 5641 F8F6 5606 8844 49C0 1D6B 2924 0E6C DFC5

--- End Message ---
--- Begin Message --- Jasper Bryant-Greene wrote:
Rasmus Lerdorf wrote:

Jasper Bryant-Greene wrote:

You can't access string offsets with square brackets [] in PHP5. You need to use curly braces {} instead.


Not sure where you got that idea.  This is not true.

-Rasmus


Actually, it is. See the following URL:

http://www.php.net/manual/en/language.types.string.php#language.types.string.substr



Yes, please read that link again. The syntax is deprecated. That doesn't mean it doesn't work as you indicated. If we broke this most of the scripts written for PHP4 would break.


-Rasmus


Yes, but he's talking about PHP5. He probably has E_STRICT on, which is
why he's getting that error.

I was telling him to use the correct syntax, which will cause him to not
get that error.

I know we are talking about PHP5, and that syntax does not throw an E_STRICT error.


-Rasmus
--- End Message ---
--- Begin Message ---
On Mon, Mar 28, 2005 at 11:29:28AM +1200, Jasper Bryant-Greene wrote:
> Rasmus Lerdorf wrote:
> >>>Jasper Bryant-Greene wrote:
> >>>>You can't access string offsets with square brackets [] in PHP5. You 
> >>>>need to use curly braces {} instead.
> >>>
> >>>Not sure where you got that idea.  This is not true.
> >>>
> >>>-Rasmus
> >>
> >>Actually, it is. See the following URL:
> >>
> >>http://www.php.net/manual/en/language.types.string.php#language.types.string.substr
> >> 
> >
> >Yes, please read that link again.  The syntax is deprecated.  That 
> >doesn't mean it doesn't work as you indicated.  If we broke this most of 
> >the scripts written for PHP4 would break.
> >
> >-Rasmus
> 
> Yes, but he's talking about PHP5. He probably has E_STRICT on, which is
> why he's getting that error.
> 
> I was telling him to use the correct syntax, which will cause him to not
> get that error.
> 
> Best regards
> 
> -- 
> Jasper Bryant-Greene
> Cabbage Promotions
> www:   www.cabbage.co.nz
> email: [EMAIL PROTECTED]
> phone: 021 232 3303
> 
> public key:  Jasper Bryant-Greene <[EMAIL PROTECTED]> keyID 0E6CDFC5
> fingerprint: 2313 5641 F8F6 5606 8844 49C0 1D6B 2924 0E6C DFC5
> 

You do realize you're arguing with Rasmus, right?

-- 
Jim Kaufman
Linux Evangelist
public key 0x6D802619, CISSP# 65668

--- End Message ---
--- Begin Message ---
<?php
$category=mysql_query("SELECT * FROM categories ORDER BY catid ASC") or 
die(mysql_error());
while($get_cat=mysql_fetch_row($category))
$board=mysql_query("SELECT * FROM boards WHERE hidden='No' AND 
catid='.$get_cat[0].' ORDER BY boardid ASC") or die(mysql_error());
while($board=mysql_fetch_row($board))
echo '</table><table border="0" width="100%" align="center"><tr 
class="cell2"><td><b><i>'.$get_cat[1].'</i></b></td></tr></table><table 
border="0" align="center" width="100%"><tr ',shading(),'><td><a 
href="/php/topics.php?board='.$get_board[0].'">'.$get_board[1].'</a><br 
/><small>'.$get_board[2].'</small></td><td>'.$get_board[3].'</td><td>'.$get_board[4].'</td><td>'.$get_board[5].'</td></tr></table>';
?>
 
That is in my index file.  This is my index: http://subzer0.net/php
 
There are 2 categories in the db and 4 boards.  I don't know why they aren't 
showing!  >_<
 
Please help!
 
~Mike

--- End Message ---
--- Begin Message ---
Short (possibly simple) question:
How do I convert a hexadecimal string back into it's ascii representation?

--- End Message ---

Reply via email to