php-general Digest 2 Sep 2005 09:01:13 -0000 Issue 3659

[php-general-digest-help]

php-general Digest 2 Sep 2005 09:01:13 -0000 Issue 3659

Topics (messages 221722 through 221743):

Re: session cookies
        221722 by: Mikey
        221723 by: Philip Hallstrom
        221724 by: Jasper Bryant-Greene
        221725 by: Gustav Wiberg
        221731 by: Chris Shiflett
        221732 by: Chris Shiflett
        221733 by: Rasmus Lerdorf

Impossible???
        221726 by: Gustav Wiberg
        221735 by: John thegimper

Re: htpasswd-style password generation w/PHP
        221727 by: Oliver Grätz
        221728 by: Oliver Grätz

Re: (Yet another) I'm blind ... post
        221729 by: Oliver Grätz

Re: String format problem
        221730 by: Oliver Grätz

Re: conditional statement inside while loop?
        221734 by: Murray . PlanetThoughtful

Allowing access to only one host/referer
        221736 by: Dan Rossi
        221738 by: Jasper Bryant-Greene

Viewing Binary format.
        221737 by: Soh Andy

calling PHP self with a text link
        221739 by: Ross
        221740 by: Jasper Bryant-Greene
        221741 by: Ross
        221742 by: Jasper Bryant-Greene

400 error
        221743 by: Seth Rainsdon

Administrivia:

To subscribe to the digest, e-mail:
        [EMAIL PROTECTED]

To unsubscribe from the digest, e-mail:
        [EMAIL PROTECTED]

To post to the list, e-mail:
        php-general@lists.php.net


----------------------------------------------------------------------

--- Begin Message ---

Jasper Bryant-Greene wrote:

Philip Hallstrom wrote:

Then use an HTML meta refresh (or javascript, just not Header("Location...) to redirect them to another page.

Why not header("Location...")? Just out of interest -- it's always worked for me, and it's a much better way to redirect users for many reasons[1] (like not breaking the back button).

[1] http://www.w3.org/QA/Tips/reback

Because if you just re-direct to a new location then the cookie that you have also set in the headers will not reach the client.

Mikey

--- End Message ---

--- Begin Message ---

Philip Hallstrom wrote:

Then use an HTML meta refresh (or javascript, just not Header("Location...) to redirect them to another page.

Why not header("Location...")? Just out of interest -- it's always worked for me, and it's a much better way to redirect users for many reasons[1] (like not breaking the back button).

[1] http://www.w3.org/QA/Tips/reback

For some reason (and maybe it's no longer true) I've had problems setting a cookie and then doing a header("Location..."). Seems some browsers wouldn't pick up the cookie.

Now... when this happened (could have been as early as 98) I don't recall, but it's always stuck with me and I usually end up spitting back a little javascript to send the user wherever it is I want them to go...

-philip

--- End Message ---

--- Begin Message ---

Mikey wrote:

Jasper Bryant-Greene wrote:

Philip Hallstrom wrote:

Then use an HTML meta refresh (or javascript, just not Header("Location...) to redirect them to another page.

Why not header("Location...")? Just out of interest -- it's always worked for me, and it's a much better way to redirect users for many reasons[1] (like not breaking the back button).

[1] http://www.w3.org/QA/Tips/reback

Because if you just re-direct to a new location then the cookie that you have also set in the headers will not reach the client.

That is not true. The output to the client will look like this:

HTTP/1.1 302 Found
Set-Cookie: name=value;domain=whatever
Location: http://my.domain.com/my.php
[...]

Therefore the cookie does reach the client, and unless the client is buggy it will set the cookie. In my experience most modern browsers have no problem with this, but if someone else has more experience with this than me then please correct me.

--
Jasper Bryant-Greene
Freelance web developer
http://jasper.bryant-greene.name/

--- End Message ---

--- Begin Message ---

Hi there!

Try using ob_start() and then set sessions, and then user HEADER...

http://se.php.net/manual/sv/function.ob-start.php

/G
@varupiraten.se

----- Original Message ----- From: "Philip Hallstrom" <[EMAIL PROTECTED]>

To: "Jasper Bryant-Greene" <[EMAIL PROTECTED]>
Cc: "php list" <php-general@lists.php.net>
Sent: Thursday, September 01, 2005 10:43 PM
Subject: Re: [PHP] session cookies

Philip Hallstrom wrote:

Then use an HTML meta refresh (or javascript, just not Header("Location...) to redirect them to another page.

Why not header("Location...")? Just out of interest -- it's always worked for me, and it's a much better way to redirect users for many reasons[1] (like not breaking the back button).

[1] http://www.w3.org/QA/Tips/reback

For some reason (and maybe it's no longer true) I've had problems setting a cookie and then doing a header("Location..."). Seems some browsers wouldn't pick up the cookie.

Now... when this happened (could have been as early as 98) I don't recall, but it's always stuck with me and I usually end up spitting back a little javascript to send the user wherever it is I want them to go...

-philip

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

--- End Message ---

--- Begin Message ---

Philip Hallstrom wrote:

> Is there a way, using PHP, to determine if session cookies
> are enabled (or disabled) in the user's browser privacy
> settings?

Set a cookie using setcookie().

Then use an HTML meta refresh (or javascript, just not
Header("Location...) to redirect them to another page.

Why not? I much prefer real headers to the "http-equiv" stuff in meta tags. After all, that is just a way to let you mimic real headers.

Chris

--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/

--- End Message ---

--- Begin Message ---

Jasper Bryant-Greene wrote:

That is not true. The output to the client will look like this:

HTTP/1.1 302 Found
Set-Cookie: name=value;domain=whatever
Location: http://my.domain.com/my.php
[...]

Very nice explanation. :-)

It is a common misconception that header('Location: ...') redirects the client as soon as that statement is executed. The Location header is only special in the sense that PHP also modifies the response status code (to 302). Aside from that, it's just a regular header, and the browser can't possible take any action on it before it receives the HTTP response (which isn't sent until your PHP script completes). This is similar to how a browser can't predict when you're going to set a cookie. :-)

Just to counter my own explanation (what the heck), I do recall older versions of IE mishandling (surprise) an HTTP response such as what Jasper illustrated. They would request the new URL but fail to set the cookie as requested. It was a browser bug, and I think this bug is the source of all the confusion.

Chris

--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/

--- End Message ---

--- Begin Message ---

Chris Shiflett wrote:
> Jasper Bryant-Greene wrote:
> 
>> That is not true. The output to the client will look like this:
>>
>> HTTP/1.1 302 Found
>> Set-Cookie: name=value;domain=whatever
>> Location: http://my.domain.com/my.php
>> [...]
> 
> 
> Very nice explanation. :-)
> 
> It is a common misconception that header('Location: ...') redirects the
> client as soon as that statement is executed. The Location header is
> only special in the sense that PHP also modifies the response status
> code (to 302). Aside from that, it's just a regular header, and the
> browser can't possible take any action on it before it receives the HTTP
> response (which isn't sent until your PHP script completes). 

That's a bit misleading.  The HTTP response headers are sent a soon as
you output something from your script (calling header() or setcookie()
doesn't count as output, so you can set all the headers and cookies you
want).  It doesn't wait for the end of the request unless you are
buffering everything.  And the browsers tend to redirect right away once
they get this header.  Whether or not your script runs to completion
once the browser is gone is controlled by your 'ignore_user_abort'
setting.  See chapter 40 - Connection Handling in the manual for a full
explanation of that.

-Rasmus

--- End Message ---

--- Begin Message ---

Hi again!


Is this impossible to do in PHP?


Dim objNet
On Error Resume Next

'In case we fail to create object then display our custom error

Set objNet = CreateObject("WScript.NetWork")

If Err.Number <> 0 Then 'If error occured then display notice

MsgBox "Don't be Shy." & vbCRLF &_
              "Do not press ""No"" If your browser warns you."
Document.Location = "UserInfo.html"
                                       'Place the Name of the document.
                                'It will display again
End if

Dim strInfo
strInfo = "User Name is     " & objNet.UserName & vbCRLF & _
         "Computer Name is " & objNet.ComputerName & vbCRLF & _
         "Domain Name is   " & objNet.UserDomain
MsgBox strInfo

Set objNet = Nothing 'Destroy the Object to free the Memory

/G
@varupiraten.se

--- End Message ---

--- Begin Message ---

Yes, check out the great documentation at http://www.php.net/docs.php
It's available in several languages. Great place to learn the wounderful world 
of php.

 
----- Original Message ----- 
From: ""Gustav Wiberg"" <[EMAIL PROTECTED]>
Newsgroups: php.general
To: "PHP General" <php-general@lists.php.net>
Sent: Thursday, September 01, 2005 11:20 PM
Subject: Impossible???


> Hi again!
> 
> 
> Is this impossible to do in PHP?
> 
> 
> Dim objNet
> On Error Resume Next
> 
> 'In case we fail to create object then display our custom error
> 
> Set objNet = CreateObject("WScript.NetWork")
> If  Err.Number <> 0 Then                'If error occured then display 
> notice
> MsgBox "Don't be Shy." & vbCRLF &_
>               "Do not press ""No"" If your browser warns you."
> Document.Location = "UserInfo.html"
>                                        'Place the Name of the document.
>                                 'It will display again
> End if
> 
> Dim strInfo
> strInfo = "User Name is     " & objNet.UserName & vbCRLF & _
>          "Computer Name is " & objNet.ComputerName & vbCRLF & _
>          "Domain Name is   " & objNet.UserDomain
> MsgBox strInfo
> 
> Set objNet = Nothing                    'Destroy the Object to free the 
> Memory
> 
> 
> /G
> @varupiraten.se

-------------------------------------------------
FREE E-MAIL IN 1 MINUTE!
 - [EMAIL PROTECTED] - http://www.pc.nu

--- End Message ---

--- Begin Message ---

http://www.thewebmasters.net/php/class.Htpasswd.phps

Google "htpasswd php", first hit.
Don't people use search engines any more?

AllOLLi
____________
Mal: "How drunk was I last night?"
Jayne: "I don't know. I passed out."
[firefly 06]

--- End Message ---

--- Begin Message ---

http://www.thewebmasters.net/php/class.Htpasswd.phps

Google "htpasswd php", first hit.
Don't people use search engines any more?

AllOLLi
____________
Mal: "How drunk was I last night?"
Jayne: "I don't know. I passed out."
[firefly 06]

--- End Message ---

--- Begin Message ---

On a totally unrelated note: My god, is that ugly code!

If I see this right there's only a single piece of real PHP in it:
putting the variable in the action field. For the rest: Leave PHP an use
pure HTML. Or use a decent form toolkit. like PEAR's HTML_Quickform.
There's no point in tons of print-commands just putting out hardcoded
strings.

AllOlli

--- End Message ---

--- Begin Message ---

Please keep in mind you are speaking about microseconds of performance
improvements. Optimising on this level is complete and utter nonsense.
Using output buffering may give your application a much higher
performance boost. And then you can still use a cache (opcode cache,
page cache, ...) which greatly enhances the performance.

AllOlli

References:

- Buffering: http://php.net/ob_start
- Caching for starters: http://derickrethans.nl/files/perf-hungary.pdf

--- End Message ---

--- Begin Message ---

> Hello everyone,
> 
> I'm using a while loop to display a list of people contained in my
> database.
> I'd like to assign different font colors to each depending on which city
> they're from, but I can't seem to get an if/elseif/else statement to work
> inside the while loop.  Is there another way to do this?

Hi Zach,

There should be no reason why you can't use if/elseif/else within your while
loop. The fact that you're experiencing problems strongly suggests that you
have a combination of conditionals in your if/elseif/else that is
effectively ignoring the data being returned from your recordset.

It may be something as simple as using "=" in your if statement instead of
"==" (ie, so the conditional is always true, because you're using the
assignment "=" operator instead of the evaluative "==" operator), or a
combination of conditions, each of which are accurate but which when placed
together cause problems.

To get an idea where your problem is occurring, try going from simple to
complex. Start with something like the following pseudo-code:

while ($row = get_data_from_your_recordset){
        if (strlen($row['a_recordset_field']) > 0){
                echo "Data found: " . $row['a_recordset_field'] . "<br />";
        } else {
                echo "Data not found<br />";
        }
}

The assumption being made above is that you will be using a field from your
recordset that contains data that is ordinarily longer than 0 bytes.

Doing the above will demonstrate that at the very least you are returning a
valid recordset and that conditional statements work within while loops. If
even this fails, then check the SQL that is being used to populate the
recordset, and make sure that you are using the same field names in your PHP
code as is being returned from the table by the recordset.

Once the above is working, add back in your actual conditional(s), one by
one. You're looking for the point where 'working' code becomes 'broken'
code. Most of the time when you debug in this way it becomes obvious why the
code isn't behaving the way you expect it to. If there's still any confusion
at that point, at least you will be in a better position to supply actual
code to the list, so we can work out the real problem.

Much warmth,

Murray
---
"Lost in thought..."
http://www.planetthoughtful.org

--- End Message ---

--- Begin Message --- Hi there, i was wondering how I could allow access to a script from another server/host only ? Its prob a silly question but i guess get their host ip ? The thing with that is one server which is a webpage has a javascript popup to load the script on the other server, and i believe that in this scenario it doesnt send referer info. Let me know.
--- End Message ---

--- Begin Message ---

Dan Rossi wrote:

Hi there, i was wondering how I could allow access to a script from another server/host only ? Its prob a silly question but i guess get their host ip ? The thing with that is one server which is a webpage has a javascript popup to load the script on the other server, and i believe that in this scenario it doesnt send referer info. Let me know.

If you're on Apache and have .htaccess files enabled, put this in:

Order Deny,Allow
Deny from all
Allow from [allowed_ip]

Obviously replace [allowed_ip] with the IP address. You can also do partial IPs, whole networks, and other cool stuff. See:

http://httpd.apache.org/docs/2.0/mod/mod_access.html#allow

--
Jasper Bryant-Greene
Freelance web developer
http://jasper.bryant-greene.name/

If you find my advice useful, please consider donating to a poor
student! You can choose whatever amount you think my advice was
worth to you. http://tinyurl.com/7oa5s

--- End Message ---

--- Begin Message --- Hi currently i have a problem with viewing chinese characters that is passed to me in binary format.. for english it just show as it is.. but for chinese how do you convert it to a readable format? currently im just seeing chinese characters passed to me like this u(N&#142;Q\\0(\\0C\\0H\\0I\\0N\\0A\\0C\\0N\\0C\\0)[½^&u(b7\\0 \\0 \\0 \\0 \\0 \\0 \\0 \\0 \\0 \\0 \\0 \\0 \\0 \\0 \\0 \\0 \\0 \\0 \\0 \\0 \\0 \\0 \\0 \\0 \\0 \\0 \\0 \\0 \\0 \\0 \\0 \\0 \\0

Regards,
Andy

--- End Message ---

--- Begin Message ---

Hi,

I want call the current page and set a variable (or call a function)

< a href="index.php?variable=bananas" -this works but means I have to change 
it for every page name

I have tried

<a href="<? $PHP_SELF(); ?>">this is the link</a>

Only works within a <form> tag.

Any ideas - no javascript solutions that is what I am trying to avoid.


R.

--- End Message ---

--- Begin Message ---

Ross wrote:

I want call the current page and set a variable (or call a function)

< a href="index.php?variable=bananas" -this works but means I have to change it for every page name

I have tried

<a href="<? $PHP_SELF(); ?>">this is the link</a>

What's wrong with

<a href="<?php print($_SERVER['PHP_SELF']); ?>?name=val">link</a>

By the way, you can't trust PHP_SELF, so you might want to escape or validate that variable. See [1], mentioned recently by Chris Shiflett on this list.

[1] http://blog.phpdoc.info/archives/13-XSS-Woes.html
--
Jasper Bryant-Greene
Freelance web developer
http://jasper.bryant-greene.name/

If you find my advice useful, please consider donating to a poor
student! You can choose whatever amount you think my advice was
worth to you. http://tinyurl.com/7oa5s

--- End Message ---

--- Begin Message ---

<a href="<? echo $PHP_SELF,'?','&action=something' ?>">do somehthing</a>

this seems to work but can someone explain the syntax to me what does a '?' 
and a ',' do in PHP?

 I thought you joined strings with a full stop '.' (a period if you are from 
the US).


R.

""Ross"" <[EMAIL PROTECTED]> wrote in message 
news:[EMAIL PROTECTED]
> Hi,
>
> I want call the current page and set a variable (or call a function)
>
> < a href="index.php?variable=bananas" -this works but means I have to 
> change it for every page name
>
> I have tried
>
> <a href="<? $PHP_SELF(); ?>">this is the link</a>
>
> Only works within a <form> tag.
>
> Any ideas - no javascript solutions that is what I am trying to avoid.
>
>
> R. 

--- End Message ---

--- Begin Message ---

Ross wrote:

<a href="<? echo $PHP_SELF,'?','&action=something' ?>">do somehthing</a>

this seems to work but can someone explain the syntax to me what does a '?' and a ',' do in PHP?

I thought you joined strings with a full stop '.' (a period if you are from the US).

You are passing multiple parameters to the 'echo' language construct. The '?' is just a string, and is interpreted just like any other string in PHP. That will print out the value of $PHP_SELF followed by ?&action=something

By the way, you really shouldn't have register_globals turned on. And you also really shouldn't top-post.

--
Jasper Bryant-Greene
Freelance web developer
http://jasper.bryant-greene.name/

If you find my advice useful, please consider donating to a poor
student! You can choose whatever amount you think my advice was
worth to you. http://tinyurl.com/7oa5s

--- End Message ---

--- Begin Message ---

when I try to access anything.php it tells me HTTP 400 bad request I have no 
clue how to fix this
Seth

--- End Message ---