php-general Digest 10 Apr 2005 01:29:17 -0000 Issue 3388
Topics (messages 212718 through 212748):
Re: Storing password in cookie
212718 by: trlists.clayst.com
212720 by: Jason Wong
212721 by: Josip Dzolonga
212723 by: Ryan A
212737 by: trlists.clayst.com
212738 by: trlists.clayst.com
212743 by: John Nichel
212745 by: Skippy
Re: [PHP-INSTALL] Install Problems on Fedora 3
212719 by: Jason Wong
212742 by: John Nichel
Re: sessions not being stored : DAY 2
212722 by: Yuri Huitr�n Alvarado
Including class of Exception in exception message
212724 by: C Drozdowski
212725 by: Jared Williams
212728 by: Josip Dzolonga
Session gets corrupted (or lost)
212726 by: Binomic | Marcelo
212727 by: Marcelo Volmaro
212729 by: Chris
Re: Installation Warning?
212730 by: Jochem Maas
Date time simplicity gotten out of hand
212731 by: Ryan A
212732 by: Greg Donald
212733 by: Ryan A
Alternate to timediff() (might be slightly 0T)
212734 by: Ryan A
212735 by: Greg Donald
212736 by: Ryan A
Re: Variable Passing
212739 by: Matthew Weier O'Phinney
212744 by: Jordi Canals
212746 by: Matthew Weier O'Phinney
Re: Why is it possible to assign data to _not_declared_ vars in a class (PHP
5.0.3)?
212740 by: Matthew Weier O'Phinney
Re: How can i do refresh my web since java script?
212741 by: Marek Kilimajer
Viewing a specific item within a php web-page?
212747 by: Carlos Palomino
Re: Simple Licensing System
212748 by: Bruno B B Magalh�es
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[email protected]
----------------------------------------------------------------------
--- Begin Message ---
On 9 Apr 2005 John Nichel wrote:
> While it is not absolute that you can't store passwords in a cookie, it
> is an absolute that you _shouldn't_
Sorry, I don't agree. There are very few absolute rules in software
development.
For sites accessing sensitive information or that allow spending money,
I would not store anything in a cookie that permitted a login.
However, for something like a web-based discussion board where I don't
really care if a person who sits at my computer or a thief who robs my
house gets access, I think it is not a big deal. I might, depending on
the needs, store a hash code as others have suggested, or an encrypted
version of the password, with user permission of course.
There is almost always a tradeoff between convenience and risk.
Sometimes convenience is far more important. Often risk is.
--
Tom
--- End Message ---
--- Begin Message ---
On Saturday 09 April 2005 21:33, [EMAIL PROTECTED] wrote:
> On 9 Apr 2005 John Nichel wrote:
> > While it is not absolute that you can't store passwords in a cookie,
> > it is an absolute that you _shouldn't_
>
> Sorry, I don't agree. There are very few absolute rules in software
> development.
But in this case there really is no reason *why* you need to store a
password (encrypted or otherwise).
> I might, depending on
> the needs, store a hash code as others have suggested
Why not in *all* cases?
> Sometimes convenience is far more important. Often risk is.
I can't see where the convenience lies. For you as a developer, you've
already got the necessary code to do the token thing so there is
practically no difference whether you use a token or a password. For the
user, what are they going to do with an encrypted password -- are you
going to tell them how to decrypt in the case that they have forgotten
the password?
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
------------------------------------------
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-general
------------------------------------------
New Year Resolution: Ignore top posted posts
--- End Message ---
--- Begin Message ---
On ÑÐÐ, 2005-04-09 at 22:56 +0800, Jason Wong wrote:
> > Sorry, I don't agree. There are very few absolute rules in software
> > development.
>
> But in this case there really is no reason *why* you need to store a
> password (encrypted or otherwise).
IMO storing the password hash (md5,sha1, whatever:)) in a Cookie is not
smart. Some of the browsers (read IE) have some security holes so
getting the value of the cookie won't be a really hard job (this can be
dine with cross site scripting and DNS hacking too). When the attackers
have the hash of the password, in most of the cases they're brute
forcing , so if the user has an easy-to-guess password, it _can_ be
revelead (brute-forcing numbers, dictionary words). I don't get the
point, _why_ to store a password hash on the client-side as a cookie,
when you can do it on the server-side.
Josip Dzolonga,
http://josip.dotgeek.org
--- End Message ---
--- Begin Message ---
On 4/9/2005 3:33:50 PM, [EMAIL PROTECTED] wrote:
> On 9 Apr 2005 John Nichel wrote:
>
>
>
> > While it is not absolute that you
> can't store passwords in a cookie, it
> > is an absolute that you _shouldn't_
>
>
>
> Sorry, I
> don't agree. There are very few absolute rules in software
> development.
>
> For sites accessing sensitive information or that allow spending money,
> I would not store anything in a cookie that permitted a login.
>
> However, for something like a web-based discussion board where I don't
>
>
> really care if a person who sits at my computer or a thief who robs my
>
> house gets access, I think it is not a big deal. I might, depending on
>
> the needs, store a hash code as others have suggested, or an encrypted
>
> version of the password, with user permission of course.
>
>
>
> There is almost always a tradeoff between convenience and risk.
>
> Sometimes convenience is far more important. Often risk is.
>
>
>
>
>
This certainly has turned out to be an interesting discussion.....I usually
send the info via sessions...how bad is that?
Thanks,
Ryan
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.308 / Virus Database: 266.9.5 - Release Date: 4/7/2005
--- End Message ---
--- Begin Message ---
On 9 Apr 2005 Jason Wong wrote:
> > I might, depending on
> > the needs, store a hash code as others have suggested
>
> Why not in *all* cases?
Well, just because I'm not sure it is worth the effort. What is the
point of storing a hash code as a proxy (in the colloquial sense of the
word) for an encrypted password if knowing the hash code gets you the
same access as knowing the password? True, the hash code can have a
timeout -- but so can the cookie. For places where the point of the PW
is authentication only, and not control of access to significant
resources, I'm not sure there is any benefit to complicating things.
> I can't see where the convenience lies. For you as a developer, you've
> already got the necessary code to do the token thing so there is
> practically no difference whether you use a token or a password. For the
> user, what are they going to do with an encrypted password -- are you
> going to tell them how to decrypt in the case that they have forgotten
> the password?
A fair comment. I guess it is more just about keeping things simple
where appropriate.
Just as an FYI, I'm partly playing devil's advocate here. I've never
written anything that stored the encrypted PW in a cookie (though I
have stored encrypted user IDs that way for a "remember me" feature).
I'm just reacting to the sense that there is One True Way to handle
this issue. In software development there are most often many good
options.
A digression to a related issue (where I did take the conservative
approach): A system I'm working on now was originally set up with
password hashes in the database -- the PW itself was never stored. But
the client wanted an "email me my password" feature so we had to
encrypt and store the PW. Of course if someone had access to the
database they'd get a lot of other stuff probably more useful than PWs
so I don't worry about this too much. But I would rather have used the
hash.
--
Tom
--- End Message ---
--- Begin Message ---
On 9 Apr 2005 Ryan A wrote:
> This certainly has turned out to be an interesting discussion.....I
> usually send the info via sessions...how bad is that?
Well if you are using sessions it is worth thinking about session
security, for example:
http://shiflett.org/articles/the-truth-about-sessions
http://www.acros.si/papers/session_fixation.pdf
Beyond that -- what info are you sending?? Session data is stored on
the server, not at the client, so the security is as good as for
anything else on the server (assuming of course that session data is
outside the web document tree).
Personally there is little if any data that I would encrypt when saving
it as session data (maybe CC numbers, if I had to save them across
pages at all, or maybe passwords, but nothing else), because I think
that's a weak defense. If access to your session data means they have
gained access to the server then they can also find the code you use to
decrypt that session data, so it is just one more small obstacle, not a
true defense.
Another point is that this might require a different analysis on a
shared vs. dedicated server as a shared server may well be less secure
than a dedicated server, and a dedicated server you don't physically
control (e.g. colocated) may be less secure than one you do.
--
Tom
--- End Message ---
--- Begin Message ---
[EMAIL PROTECTED] wrote:
On 9 Apr 2005 John Nichel wrote:
While it is not absolute that you can't store passwords in a cookie, it
is an absolute that you _shouldn't_
Sorry, I don't agree. There are very few absolute rules in software
development.
This isn't a rule. It's common sense. The less a password is sent thru
cyberspace, the smaller the risk is to it being compromised. The fewer
places it's stored, the smaller the risk.
For sites accessing sensitive information or that allow spending money,
I would not store anything in a cookie that permitted a login.
However, for something like a web-based discussion board where I don't
really care if a person who sits at my computer or a thief who robs my
house gets access, I think it is not a big deal. I might, depending on
the needs, store a hash code as others have suggested, or an encrypted
version of the password, with user permission of course.
What's the difference? How many users out there do you think use the
same password for the chat room as they do for their bank? Remember AOL
has millions of users.
There is almost always a tradeoff between convenience and risk.
Sometimes convenience is far more important. Often risk is.
True, but here, there's almost no trade off in convenience. The
difference in amount of code to store a token in the cookie as compared
to the password is almost non-existent.
--
By-Tor.com
...it's all about the Rush
http://www.by-tor.com
--- End Message ---
--- Begin Message ---
On Sat, 09 Apr 2005 14:51:49 -0400 [EMAIL PROTECTED] wrote:
> A digression to a related issue (where I did take the conservative
> approach): A system I'm working on now was originally set up with
> password hashes in the database -- the PW itself was never stored. But
> the client wanted an "email me my password" feature so we had to
> encrypt and store the PW. Of course if someone had access to the
> database they'd get a lot of other stuff probably more useful than PWs
> so I don't worry about this too much. But I would rather have used the
> hash.
You could've changed the password for them to something random, mail it
to them and keep the hash in the database.
--
Skippy - Romanian Web Developers - http://ROWD.ORG
--- End Message ---
--- Begin Message ---
On Saturday 09 April 2005 21:27, Mark Sargent wrote:
> >> I did a source install, of which I'm a newb at, and then created a
> >> index.php file containing the following,
> >>
> >> <?php
> >> phpinfo(); ?>
> >>
> >> but, that shows in the browser, Firefox, when typing
> >
> > <snip>
> >
> > You need to tell Apache how to handle php files.
> sorry guys, quite new to all this. On this page,
>
> http://www.php.net/manual/en/install.unix.php
>
> it has 2 examples,
>
> 4-1 and 4-2. Little confused with what shared and static modules are
> and which 1 pertains to me. I was wanting to get php running to allow
> base to show results of snort logging in mysql. Snort/Mysql/Base etc
> are installed fine, just php is the last hurdle. Again, sorry. Cheers.
OK you said you had already installed it, so which did you follow 4-1 or
4-2?
4-1 (shared modules) compiles PHP as an Apache module, this means that
when Apache needs to process a page that contains PHP it will have to
load in the PHP module (this is all done automatically), however you need
to tell it what PHP files look like and what the PHP module is. This is
done in steps 14 & 15.
4-2 (static) means that PHP will be compiled into the Apache executable
however you still need to tell it what PHP files look like (step 15).
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
------------------------------------------
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-general
------------------------------------------
New Year Resolution: Ignore top posted posts
--- End Message ---
--- Begin Message ---
Mark Sargent wrote:
<snip>
http://www.php.net/manual/en/install.unix.php
it has 2 examples,
4-1 and 4-2. Little confused with what shared and static modules are and
which 1 pertains to me. I was wanting to get php running to allow base
to show results of snort logging in mysql. Snort/Mysql/Base etc are
installed fine, just php is the last hurdle. Again, sorry. Cheers.
When you installed php, did you install it the same time as Apache
(--with-apache=../apache-1.3.x) or was Apache already installed
(--with-apxs=/path/to/apxs)?
--
By-Tor.com
...it's all about the Rush
http://www.by-tor.com
--- End Message ---
--- Begin Message ---
but then what could be causing that the sessions are not being stored in
/tmp/sess ?
--- On Sat 04/09, Burhan Khalid < [EMAIL PROTECTED] > wrote:
From: Burhan Khalid [mailto: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Cc: [email protected]
Date: Sat, 09 Apr 2005 14:13:53 +0300
Subject: Re: [PHP] sessions not being stored : DAY 2
Yuri Huitr�n Alvarado wrote:<br>> <br>> <br>> running whoami in php returns : "
root "<br><br>Are you saying that you typed 'whoami' from a shell, and it gave
you root.<br><br>Or are you saying that when you did <?php `whoami` ?> you got
'root'. If <br>this is the case, then you are running a big security risk if
your PHP <br>scripts are executing with root permissions.<br>
_______________________________________________
Join Excite! - http://www.excite.com
The most personalized portal on the Web!
--- End Message ---
--- Begin Message ---
I'm using Exceptions and variously handling them in try..catch blocks
or defaulting to my set_exception_handler handler.
When I create an Exception I'd like to prepend the class of the
Exception to the message. Can this be done with code or do I have to
hard code the name of the Exception class into the message every time I
throw the exception?
For Example:
I'd like to turn this...
throw new myException("myException: So this is it, we're going to die");
into...
throw new myException( CODE . ": So this is it, we're going to die");
where CODE is some php code that refers to the class of the exception
being thrown.
--- End Message ---
--- Begin Message ---
> I'm using Exceptions and variously handling them in
> try..catch blocks or defaulting to my set_exception_handler handler.
> When I create an Exception I'd like to prepend the class of
> the Exception to the message. Can this be done with code or
> do I have to hard code the name of the Exception class into
> the message every time I throw the exception?
>
> For Example:
>
> I'd like to turn this...
>
> throw new myException("myException: So this is it, we're
> going to die");
>
> into...
>
> throw new myException( CODE . ": So this is it, we're going to die");
>
> where CODE is some php code that refers to the class of the
> exception being thrown.
>
Subclass exception, and do it in there?
class myException extends Exception
{
function __construct($message) {
parent::__construct(get_class($this).$message); }
}
class AnotherException extends myException
{
}
Jared
--- End Message ---
--- Begin Message ---
On ÑÐÐ, 2005-04-09 at 11:27 -0400, C Drozdowski wrote:
> where CODE is some php code that refers to the class of the exception
> being thrown.
Take a look at magic constants
[ http://www.php.net/manual/en/language.constants.predefined.php ].
Hope this helps,
Josip Dzolonga
http://josip.dotgeek.org
--- End Message ---
--- Begin Message ---
Hi,
I�ve made a simple site with a loguin, that in my machine works perfectly, but
not on the server.
The problem seems to be on the session handling. I don�t loose the SID, but the
session gets corrupted.
If I do a print_r($_SESSION), after the loguin i get the correct vars, but
after i click on a link, while the session ID is still the same (i pass it both
in the URL and using cookies) the print_r returns something like the following:
__PHP_Incomplete_Class Object ( [__PHP_Incomplete_Class_Name] => user [ID] => 30
[nick] => ....
This are the steps after the loguin:
1) First page that shows:
http://www.site.com/index.php?b44590661eba2475ea2ff8a96d53c0b6§ion=userarea
print_r($_COOKIE) Array ( [PHPSESSID] => b44590661eba2475ea2ff8a96d53c0b6 )
print_r($_SESSION) Array ( [LANG] => en [user] => Username [pass] =>
37bfafe651a55eef [group] => 5 )
I click on the following link:
http://www.site.com/index.php?b44590661eba2475ea2ff8a96d53c0b6§ion=userarea&subsection=deletefile&id=33
2) And this page displays:
http://www.site.com/index.php?b44590661eba2475ea2ff8a96d53c0b6§ion=userarea&subsection=deletefile&id=33
print_r($_COOKIE) Array ( [PHPSESSID] => b44590661eba2475ea2ff8a96d53c0b6 )
print_r($_SESSION) Array ( [LANG] => en [user] => __PHP_Incomplete_Class Object (
[__PHP_Incomplete_Class_Name] => user [ID] => 30 [nick] => Username [password] =>
37bfafe651a55eef [group] => 5 )
Any idea?
Regards,
--
Marcelo Volmaro - CTO
__________________________________
Binomic - Desarrollos Inteligentes
C�rdoba 1253, p 10, of. 4 y 5
cp: S2000AWQ, rosario, ar
tel: ++ 54 [341] 440 7863
http://www.binomic.net
--- End Message ---
--- Begin Message ---
Hi,
IÂve made a simple site with a loguin, that in my machine works perfectly,
but not on the server.
The problem seems to be on the session handling. I donÂt loose the SID,
but the session gets corrupted.
If I do a print_r($_SESSION), after the loguin i get the correct vars, but
after i click on a link, while the session ID is
still the same (i pass it both in the URL and using cookies) the print_r
returns something like the following:
__PHP_Incomplete_Class Object ( [__PHP_Incomplete_Class_Name] => user [ID]
=> 30 [nick] => ....
This are the steps after the loguin:
1) First page that shows:
http://www.site.com/index.php?b44590661eba2475ea2ff8a96d53c0b6§ion=userarea
print_r($_COOKIE) Array ( [PHPSESSID] =>
b44590661eba2475ea2ff8a96d53c0b6 )
print_r($_SESSION) Array ( [LANG] => en [user] => Username [pass] =>
37bfafe651a55eef [group] => 5 )
I click on the following link: http://www.site.com/
index.php?b44590661eba2475ea2ff8a96d53c0b6§ion=userarea&subsection=deletefile&id=33
2) And this page displays:
http://www.site.com/index.php?b44590661eba2475ea2ff8a96d53c0b6§ion=userarea&subsection=deletefile&id=33
print_r($_COOKIE) Array ( [PHPSESSID] =>
b44590661eba2475ea2ff8a96d53c0b6 )
print_r($_SESSION) Array ( [LANG] => en [user] =>
__PHP_Incomplete_Class Object ( [__PHP_Incomplete_Class_Name] => user
[ID] => 30 [nick] => Username [password] => 37bfafe651a55eef [group] => 5 )
Any idea?
Regards,
--
Marcelo Volmaro
--- End Message ---
--- Begin Message ---
What does your class definition look like, and when you you declare it?
Maybe your class isn't defined when you do the session_start() ?
Chris
Binomic | Marcelo wrote:
Hi,
I�ve made a simple site with a loguin, that in my machine works
perfectly, but not on the server.
The problem seems to be on the session handling. I don�t loose the
SID, but the session gets corrupted.
If I do a print_r($_SESSION), after the loguin i get the correct vars,
but after i click on a link, while the session ID is still the same (i
pass it both in the URL and using cookies) the print_r returns
something like the following:
__PHP_Incomplete_Class Object ( [__PHP_Incomplete_Class_Name] => user
[ID] => 30 [nick] => ....
This are the steps after the loguin:
1) First page that shows:
http://www.site.com/index.php?b44590661eba2475ea2ff8a96d53c0b6§ion=userarea
print_r($_COOKIE) Array ( [PHPSESSID] =>
b44590661eba2475ea2ff8a96d53c0b6 )
print_r($_SESSION) Array ( [LANG] => en [user] => Username [pass]
=> 37bfafe651a55eef [group] => 5 )
I click on the following link:
http://www.site.com/index.php?b44590661eba2475ea2ff8a96d53c0b6§ion=userarea&subsection=deletefile&id=33
2) And this page displays:
http://www.site.com/index.php?b44590661eba2475ea2ff8a96d53c0b6§ion=userarea&subsection=deletefile&id=33
print_r($_COOKIE) Array ( [PHPSESSID] =>
b44590661eba2475ea2ff8a96d53c0b6 )
print_r($_SESSION) Array ( [LANG] => en [user] =>
__PHP_Incomplete_Class Object ( [__PHP_Incomplete_Class_Name] => user
[ID] => 30 [nick] => Username [password] => 37bfafe651a55eef [group]
=> 5 )
Any idea?
Regards,
--- End Message ---
--- Begin Message ---
[EMAIL PROTECTED] wrote:
So it seems that Apache's multi-threading is the issue. So IIS is the way to go
then or Apache 1.x eh? The trouble with going the Apache 1.x route is that I've
been having trouble downgrading from 2.x to 1.x...
Well someday I'll find a use for Linux...The check is in the mail, Mr. Gates.
humbug!
php5 works fine with apache2, just make sure you use a nonthreaded module.
the 'prefork' module to be more precise...needs an OS though... which is
where you might find a use for Linux :-)
--- End Message ---
--- Begin Message ---
Hey,
I thought this would be simple and just a few mins of programming but along
the way...i have managed to confuse myself ;-D
I have 2 field in my table users_online:
present_date_time datetime
expires_in datetime
for present_date_time I am using now() to insert
but for expires_in I need to have it now()+5 mins
I was screwing around with now()+ X
but thats getting me some weird results if its the end of the hour or day...
Please help.
Thanks,
Ryan
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.308 / Virus Database: 266.9.5 - Release Date: 4/7/2005
--- End Message ---
--- Begin Message ---
On Apr 9, 2005 12:35 PM, Ryan A <[EMAIL PROTECTED]> wrote:
> Hey,
> I thought this would be simple and just a few mins of programming but along
> the way...i have managed to confuse myself ;-D
>
> I have 2 field in my table users_online:
> present_date_time datetime
> expires_in datetime
>
> for present_date_time I am using now() to insert
> but for expires_in I need to have it now()+5 mins
>
> I was screwing around with now()+ X
> but thats getting me some weird results if its the end of the hour or day...
mysql> select NOW(), DATE_ADD( NOW(), INTERVAL 5 MINUTE );
+---------------------+--------------------------------------+
| NOW() | DATE_ADD( NOW(), INTERVAL 5 MINUTE ) |
+---------------------+--------------------------------------+
| 2005-04-09 12:27:36 | 2005-04-09 12:32:36 |
+---------------------+--------------------------------------+
1 row in set (0.00 sec)
--
Greg Donald
Zend Certified Engineer
http://destiney.com/
--- End Message ---
--- Begin Message ---
On 4/9/2005 7:28:34 PM, Greg Donald ([EMAIL PROTECTED]) wrote:
> On Apr 9, 2005 12:35 PM, Ryan A <[EMAIL PROTECTED]> wrote:
>
> > Hey,
>
> > I thought this would be simple and just a few mins of programming but
> along
>
> > the way...i have managed to confuse myself ;-D
>
> >
>
> > I have 2 field in my table users_online:
>
> > present_date_time datetime
>
> > expires_in datetime
>
> >
>
> > for present_date_time I am using now() to insert
>
> > but for expires_in I need to have it now()+5 mins
>
> >
>
> > I was screwing around with now()+ X
>
> > but thats getting me some weird results if its the end of the hour or
> day...
>
>
>
> mysql> select NOW(), DATE_ADD( NOW(), INTERVAL 5 MINUTE );
>
> +---------------------+--------------------------------------+
>
> | NOW() | DATE_ADD( NOW(), INTERVAL 5 MINUTE ) |
>
> +---------------------+--------------------------------------+
>
> | 2005-04-09 12:27:36 | 2005-04-09 12:32:36 |
>
> +---------------------+--------------------------------------+
>
> 1 row in set (0.00 sec)
F**K!
If every you see me on the road....just give a kick.
WTF was I thinking....I went all around the monkeys butt trying to do this
in another way instead of simple SQL.
Thanks dude,
Ryan
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.308 / Virus Database: 266.9.5 - Release Date: 4/7/2005
--- End Message ---
--- Begin Message ---
Hey,
Reading the time and date functions of MySql I see that to compare my two
timedates I would need to go with TIMEDIFF, but theres a "note" there that
states:
TIMEDIFF() was added in MySQL 4.1.1.
and our host is running 4.0 and another 3.23.x
So how can I compare 2 timedates which are:
now() and now() + 5 mins
to see if I get a positive or negitive value?
Thanks,
Ryan
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.308 / Virus Database: 266.9.5 - Release Date: 4/7/2005
--- End Message ---
--- Begin Message ---
On Apr 9, 2005 1:09 PM, Ryan A <[EMAIL PROTECTED]> wrote:
> So how can I compare 2 timedates which are:
>
> now() and now() + 5 mins
>
> to see if I get a positive or negitive value?
mysql> select NOW() > DATE_ADD( NOW(), INTERVAL 5 MINUTE );
+----------------------------------------------+
| NOW() > DATE_ADD( NOW(), INTERVAL 5 MINUTE ) |
+----------------------------------------------+
| 0 |
+----------------------------------------------+
1 row in set (0.01 sec)
mysql> select NOW() < DATE_ADD( NOW(), INTERVAL 5 MINUTE );
+----------------------------------------------+
| NOW() < DATE_ADD( NOW(), INTERVAL 5 MINUTE ) |
+----------------------------------------------+
| 1 |
+----------------------------------------------+
1 row in set (0.00 sec)
--
Greg Donald
Zend Certified Engineer
http://destiney.com/
--- End Message ---
--- Begin Message ---
Hmmm.....
we have a new sql guru on the list eh?
welcome master...
:-)
Thanks mate.
-Ryan
On 4/9/2005 8:18:10 PM, Greg Donald ([EMAIL PROTECTED]) wrote:
> On Apr 9, 2005 1:09 PM, Ryan A <[EMAIL PROTECTED]> wrote:
>
> > So how can I compare 2 timedates which are:
>
> >
>
> > now() and now() + 5 mins
>
> >
>
> > to see if I get a positive or negitive value?
>
>
>
> mysql> select NOW() > DATE_ADD( NOW(), INTERVAL 5 MINUTE );
>
> +----------------------------------------------+
>
> | NOW() > DATE_ADD( NOW(), INTERVAL 5 MINUTE ) |
>
> +----------------------------------------------+
>
> | 0 |
>
> +----------------------------------------------+
>
> 1 row in set (0.01 sec)
>
>
>
> mysql> select NOW() < DATE_ADD( NOW(), INTERVAL 5 MINUTE );
>
> +----------------------------------------------+
>
> | NOW() < DATE_ADD( NOW(), INTERVAL 5 MINUTE ) |
>
> +----------------------------------------------+
>
> | 1 |
>
> +----------------------------------------------+
>
> 1 row in set (0.00 sec)
>
>
>
>
>
> --
>
> Greg Donald
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.308 / Virus Database: 266.9.5 - Release Date: 4/7/2005
--- End Message ---
--- Begin Message ---
* Brad Brevet <[EMAIL PROTECTED]>:
> This seems to be what I was looking for, but I am curious, will the "/" be
> included in the variable? Will I have to do a stripslashes() command on it?
If you echo out $_SERVER['PATH_INFO'] for the URL shown below, it will
give you:
/321
Usually what you do is something like:
$pi = substr($_SERVER['PATH_INFO', 1);
$args = explode('/', $pi);
and then you'll have an array of arguments without the forward slashes.
If you're only expecting a single argument, you can possibly skip that
second step; if you want to limit the number of arguments you'll accept,
you can add a third parameter to the explode() function call.
You should still treat data passed in this way as tainted, just like
data from the query string or a form. Scrub it and validate it before
doing anything with it.
Note: to get a script called 'something' to be parsed as PHP on your
server, you'll need to do the following (assuming you're using Apache):
create a .htaccess file in that directory with the contents:
<Files ~ "(something)$">
ForceType application/x-httpd-php
</Files>
This will tell Apache that the file is a PHP script.
> "Hans Juergen von Lengerke" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]
> > > Brad Brevet:
> > >
> > > Hi, I am curious how to pass a variable without using something like
> > > id=321.
> > >
> > > I have seen sites that have something like
> > > http://www.website.com/something/321 and the variable is passed
> > > how exactly is that done? And is it called something specific so I
> > > know how to refer to it in the future?
> >
> > You can do that with $_SERVER["PATH_INFO"]. If your script
> > is /something, this variable will be set to /321
--
Matthew Weier O'Phinney | WEBSITES:
Webmaster and IT Specialist | http://www.garden.org
National Gardening Association | http://www.kidsgardening.com
802-863-5251 x156 | http://nationalgardenmonth.org
mailto:[EMAIL PROTECTED] | http://vermontbotanical.org
--- End Message ---
--- Begin Message ---
What I do to control it only by PHP without using the mod_rewrite for
apache is to use URL with this format:
http://sample.com/script.php/param1/param2/param3
Then, work in the script looking at the variable
$_SERVER['REQUEST_URI'] wich will contain, in this sample:
/script.php/param1/param2/param3
You can explode the uri in an array:
$params = explode('/', substr($_SERVER['REQUEST_URI'], 1);
I used the substr dunction to remove the first slash.
On the resulting array you will have, by index
[0] = script.php
[1] = param1
[2] = param2
[3] = param3
This works with Apache. I've not tested it on IIS, but suspect that it
will not work on ISS.
Hope this helps you.
Jordi.
On Apr 8, 2005 4:11 PM, Brad Brevet <[EMAIL PROTECTED]> wrote:
> Hi, I am curious how to pass a variable without using something like id=321.
>
> I have seen sites that have something like
> http://www.website.com/something/321 and the variable is passed how exactly
> is that done? And is it called something specific so I know how to refer to
> it in the future?
>
> Thanks,
>
> Brad
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--- End Message ---
--- Begin Message ---
* Jordi Canals <[EMAIL PROTECTED]>:
> What I do to control it only by PHP without using the mod_rewrite for
> apache is to use URL with this format:
>
> http://sample.com/script.php/param1/param2/param3
>
> Then, work in the script looking at the variable
> $_SERVER['REQUEST_URI'] wich will contain, in this sample:
> /script.php/param1/param2/param3
>
> You can explode the uri in an array:
>
> $params = explode('/', substr($_SERVER['REQUEST_URI'], 1);
> I used the substr dunction to remove the first slash.
>
> On the resulting array you will have, by index
>
> [0] = script.php
> [1] = param1
> [2] = param2
> [3] = param3
>
> This works with Apache. I've not tested it on IIS, but suspect that it
> will not work on ISS.
I noted in a previous post, you can also do this using
$_SERVER['PATH_INFO'] (though the first element from exploding will be
the first parameter, and not the script name) -- and, to my
understanding, this *does* work with IIS. (Somebody, correct me if I'm
wrong.)
Another note -- you can still pass a query string with either method --
which can make for some nice behaviour as well.
> On Apr 8, 2005 4:11 PM, Brad Brevet <[EMAIL PROTECTED]> wrote:
> > Hi, I am curious how to pass a variable without using something like id=321.
> >
> > I have seen sites that have something like
> > http://www.website.com/something/321 and the variable is passed how exactly
> > is that done? And is it called something specific so I know how to refer to
> > it in the future?
--
Matthew Weier O'Phinney | WEBSITES:
Webmaster and IT Specialist | http://www.garden.org
National Gardening Association | http://www.kidsgardening.com
802-863-5251 x156 | http://nationalgardenmonth.org
mailto:[EMAIL PROTECTED] | http://vermontbotanical.org
--- End Message ---
--- Begin Message ---
* Hanez <[EMAIL PROTECTED]>:
> On Friday 08 April 2005 20:22, Matthew Weier O'Phinney wrote:
> > * Johannes Findeisen <[EMAIL PROTECTED]>:
> > > If i understand right, all variables should be declared in PHP5. So
> > > why is it possible to add a membervariable called "c" to the object
> > > without making a declaration? I got no error with this. I thought
> > > E_STRICT should show me things like that. Could someone explain me
> > > that?
> >
> > You don't understand correctly. Class properties/attributes do not need
> > to be explicitly declared in PHP. This did *not* change in PHP5. What
> > changed in PHP5 is visibility. By default, unless declared otherwise, a
> > class attribute is publicly visible -- the same behaviour seen in PHP4.
>
> Okay, allright. I missunderstood that. But wouldn't it be nice to see things
> like this in the error log when E_STRICT is activated. I know some
> programming languages and i ever have dreamed about some features like this
> in PHP5 and the main thing i was dreaming about was strict declaration. Now
> since PHP5 i have thought about programming PHP again because of features
> which would help me debugging my code. And this is not implemented perfectly.
E_STRICT doesn't catch it because it's not considered bad behaviour;
this is perfectly legal behaviour according to the PHP parser.
PHP doesn't have the same scoping issues as, say, Perl. Variables in PHP
do *not* need to be pre-declared (though testing for a value on an
undeclared variable, be it in a class or otherwise, *will* generate an
E_NOTICE). This is a *difference* in PHP from other languages, and
likely exists for a reason. If you want to know why it exists that way,
or feel it should be changed, you should probably go over to the php-dev
list.
--
Matthew Weier O'Phinney | WEBSITES:
Webmaster and IT Specialist | http://www.garden.org
National Gardening Association | http://www.kidsgardening.com
802-863-5251 x156 | http://nationalgardenmonth.org
mailto:[EMAIL PROTECTED] | http://vermontbotanical.org
--- End Message ---
--- Begin Message ---
Tom�s Rodriguez Orta wrote:
<input name="refrescar" type="submit" class="btn" id="refresh"
onClick="sendrefresch()" value="Refrescar">
<script language="JavaScript" type="text/JavaScript">
<!--
function sendrefresch()
{
How can I do for refresch my web, by the button Refresh?
}
Why do you want to use javascript? You can create Reload link using:
echo '<a href="' . $_SERVER['REQUEST_URI'] . '">Reload</a>';
--- End Message ---
--- Begin Message ---
I have a document entitled: articles.php
Within this document, I want to store various written articles which are headed
by a
string value - example:
$post_040905 = "text for April 9th 2005";
print($post_040905);
$post_041005 = "article for April 10th 2005";
print($post_041005);
How can I view a specific string's text via the browser? I thought I could use
domain.com/articles.php?post_040905 and only the content written for that post
would
be shown. However, all of the posts are shown.
I just began reading about PHP from limited tutorials so I am at a loss as to
how I
can accomplish this. I would appreciate all assistance in this matter.
Best Regards,
Carlos
--- End Message ---
--- Begin Message ---
Hi Richard,
And how do I generate this, and how would I check it?!?!
Thanks,
Bruno B B Magalhaes
On Apr 8, 2005, at 11:48 PM, Richard Lynch wrote:
On Fri, April 8, 2005 1:06 pm, Bruno B B Magalh�es said:
I need a help with a licensing system, I want something very simple,
for example a simple var store into the configuration file, and witch
is sent to a server called licenses.hostname.com.br, and this one
returns true or false... I don't wanna use SOAP or XML. Does any body
have a simple idea for it?
Best Regards,
Bruno B B Magalhaes
Generate an SSH key-pair.
Give them the public key, or use that to "sign" their license.
Then you can just test that it's signed.
--
Like Music?
http://l-i-e.com/artists.htm
--- End Message ---
