php-general Digest 26 Sep 2006 06:17:10 -0000 Issue 4368
Topics (messages 242199 through 242215):
Re: array_sum($result)=100
242199 by: Ahmad Al-Twaijiry
242202 by: Ahmad Al-Twaijiry
242209 by: tedd
Re: reading urlencoded data from POST
242200 by: Marek 'MMx' Ludha
Re: File Upload Security and chmod
242201 by: Andy Hultgren
242203 by: Eric Butera
242204 by: tedd
242206 by: Andy Hultgren
242210 by: Andy Hultgren
manage/modify linux file/folder structure...
242205 by: bruce
242207 by: Stut
242208 by: bruce
Re: Download files outside DocumentRoot Dir
242211 by: Christopher Weldon
Re: Print or Echo takes lots of time
242212 by: Google Kreme
242213 by: Robert Cummings
web app to manage svnserve.conf file
242214 by: bruce
Re: How would you do this ?
242215 by: Chris
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
php-general@lists.php.net
----------------------------------------------------------------------
--- Begin Message ---
Robin,
you made it harder for me specially with wikipedia artical :) (I told
you I'm bad with writing code from English paragraph)
and no it's not a homework (btw: do they allow php in school ?, I
remember we use basic :) )
anyway I will try to write the code and I will let you guys know (in
the mean time if someone can help me in anyway I really appreciate it)
On 9/25/06, Robert Cummings <[EMAIL PROTECTED]> wrote:
On Mon, 2006-09-25 at 16:42 +0100, Robin Vickery wrote:
> On 24/09/06, Ahmad Al-Twaijiry <[EMAIL PROTECTED]> wrote:
> > Hi everyone
> >
> > I have array of numbers and I want to get out of it a list of numbers
> > that if I sum them it will be 100, here is my list (for example ) :
> >
> > $list = array(10,20,10,10,30,50,33,110,381,338,20,11,200,100);
> >
> >
> > I want the result to be :
> >
> > $result = array( 10,20,10,10,50);
> >
> > as you can see in the array $result , if we array_sum($result) the
> > result will be 100.
> >
> > is they any algorithm to do this ?
>
> Ah, the Subset Sum Problem - this isn't school homework by any chance?
>
> http://en.wikipedia.org/wiki/Subset_sum_problem
Cool, I didn't know it had a specific name, all I could think of was
that it sounded a lot like the knapsack problem. The Wikipedia article
indicates it's a special case of the knapsack problem.
Cheers,
Rob.
--
.------------------------------------------------------------.
| InterJinn Application Framework - http://www.interjinn.com |
:------------------------------------------------------------:
| An application and templating framework for PHP. Boasting |
| a powerful, scalable system for accessing system services |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for |
| creating re-usable components quickly and easily. |
`------------------------------------------------------------'
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
Ahmad Fahad AlTwaijiry
--- End Message ---
--- Begin Message ---
Finally I found a solution :) Thanks to Mr. Phil Rogaway
I found a very small C++ code from Mr. Phil Rogaway in
http://www.cs.ucdavis.edu/~rogaway/classes/122A/spring00/prog1.C
I convert it to php and here is the result (I already test it, try it
and let me know if you find any bug):
//code #1 it will print the result to stdout:
<?php
// prog2.php
//
// Subset sum demonstration code.
// Written for ECS 122a by Phil Rogaway (Spring 2000)
//
// http://www.cs.ucdavis.edu/~rogaway/classes/122A/spring00/prog1.C
// converted to php by Ahmad AlTwaijiry (ahmadt "at" gmail.com) 25/Sep/2006
$price = 40;
$list = array(0,3,2,3,6,2,120,11,220,11,22,10,2,5,7,1,4,20,40);
SubsetSUM($price,$list);
function PrintSolution($A, $i,$list)
{
if ($i==0) return;
else if ($i<0) print "ERROR\n";
else if ($A[$i]==-1) print "No Solution Possible\n";
else {PrintSolution($A, $i-$list[$A[$i]],$list);
print "Take item " . $A[$i] . " (which is " . $list[$A[$i]] . ")\n";}
}
function SubsetSUM($price,$list)
{
$A=array();
$N=sizeof($list)-1;
print "Subset Sum Demonstration Code\n\n";
print "The array is [ ";
for ($i=1; $i<=$N; $i++) print "(".$list[$i] . ") ";
print "] and the target value is " . $price . "\n\n";
//
// OK, here it is!
//
for ($b=1; $b<=$price; $b++) $A[$b] = -1;
for ($n=1; $n<=$N; $n++) {
for ($b=$price; $b>=1;$b--) {
if ($A[$b]==-1 &&
($b==$list[$n] || ($list[$n]<$b && $A[$b-$list[$n]]!=-1))) $A[$b]=$n;
}
}
PrintSolution($A, $price,$list);
print "\n";
}
?>
//code #2 it will return the result as array (so you can use it in your code) :
<?php
// prog3.php
//
// Subset sum demonstration code.
// Written for ECS 122a by Phil Rogaway (Spring 2000)
//
// http://www.cs.ucdavis.edu/~rogaway/classes/122A/spring00/prog1.C
// converted to php by Ahmad AlTwaijiry (ahmadt "at" gmail.com) 25/Sep/2006
$price = 50;
$list = array(0,3,2,3,6,2,120,11,220,11,22,10,2,5,7,1,4,20,40);
$result = SubsetSUM($price,$list);
if(is_array($result)) {
print_r($result);
}else {
print "->$result\n";
}
function PrintSubsetSUM($A, $i,$list,$result, $limit=30)
{
static $max_recursive = 0;
//if we call function PrintSubsetSUM more than $limit then return null
if ( $max_recursive > $limit ) { $result ="Reached $limit"; return; }
$max_recursive++;
if ($i==0) return;
else if ($i<0) { $result = "ERROR"; return; }
else if ($A[$i]==-1) { $result= "No Solution"; return;}
else { PrintSubsetSUM($A, $i-$list[$A[$i]],$list,&$result);
$result[$A[$i]] = $list[$A[$i]];}
}
function SubsetSUM($price,$list)
{
$A=array();
$N=sizeof($list)-1;
$result = array();
for ($b=1; $b<=$price; $b++) $A[$b] = -1;
for ($n=1; $n<=$N; $n++) {
for ($b=$price; $b>=1;$b--) {
if ($A[$b]==-1 &&
($b==$list[$n] || ($list[$n]<$b && $A[$b-$list[$n]]!=-1))) $A[$b]=$n;
}
}
PrintSubsetSUM($A, $price,$list,&$result);
return $result;
}
?>
On 9/25/06, Ahmad Al-Twaijiry <[EMAIL PROTECTED]> wrote:
Robin,
you made it harder for me specially with wikipedia artical :) (I told
you I'm bad with writing code from English paragraph)
and no it's not a homework (btw: do they allow php in school ?, I
remember we use basic :) )
anyway I will try to write the code and I will let you guys know (in
the mean time if someone can help me in anyway I really appreciate it)
On 9/25/06, Robert Cummings <[EMAIL PROTECTED]> wrote:
> On Mon, 2006-09-25 at 16:42 +0100, Robin Vickery wrote:
> > On 24/09/06, Ahmad Al-Twaijiry <[EMAIL PROTECTED]> wrote:
> > > Hi everyone
> > >
> > > I have array of numbers and I want to get out of it a list of numbers
> > > that if I sum them it will be 100, here is my list (for example ) :
> > >
> > > $list = array(10,20,10,10,30,50,33,110,381,338,20,11,200,100);
> > >
> > >
> > > I want the result to be :
> > >
> > > $result = array( 10,20,10,10,50);
> > >
> > > as you can see in the array $result , if we array_sum($result) the
> > > result will be 100.
> > >
> > > is they any algorithm to do this ?
> >
> > Ah, the Subset Sum Problem - this isn't school homework by any chance?
> >
> > http://en.wikipedia.org/wiki/Subset_sum_problem
>
> Cool, I didn't know it had a specific name, all I could think of was
> that it sounded a lot like the knapsack problem. The Wikipedia article
> indicates it's a special case of the knapsack problem.
>
> Cheers,
> Rob.
> --
> .------------------------------------------------------------.
> | InterJinn Application Framework - http://www.interjinn.com |
> :------------------------------------------------------------:
> | An application and templating framework for PHP. Boasting |
> | a powerful, scalable system for accessing system services |
> | such as forms, properties, sessions, and caches. InterJinn |
> | also provides an extremely flexible architecture for |
> | creating re-usable components quickly and easily. |
> `------------------------------------------------------------'
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--
Ahmad Fahad AlTwaijiry
--
Ahmad Fahad AlTwaijiry
--- End Message ---
--- Begin Message ---
At 1:50 PM -0300 9/25/06, Martin Alterisio wrote:
2006/9/25, Robin Vickery <[EMAIL PROTECTED]>:
On 24/09/06, Ahmad Al-Twaijiry <[EMAIL PROTECTED]> wrote:
Hi everyone
I have array of numbers and I want to get out of it a list of numbers
that if I sum them it will be 100, here is my list (for example ) :
$list = array(10,20,10,10,30,50,33,110,381,338,20,11,200,100);
I want the result to be :
$result = array( 10,20,10,10,50);
as you can see in the array $result , if we array_sum($result) the
result will be 100.
is they any algorithm to do this ?
Ah, the Subset Sum Problem - this isn't school homework by any chance?
You're surely mistaken, there are many practical uses of the subset sum
problem in website development, like.... errr... shipping optimization!
Don't forget real world problems like when my wife gives me $100, a
shopping list, and says bring back as many items as you can.
Or when I take all 10 grand-kids to McDonald's and try to buy each
kid as much as I can with $20 -- my vector calculus classes in grad
school didn't prepare me for that high level math.
:-)
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--- End Message ---
--- Begin Message ---
If anyone else have the same problem, it is enough to turn off the magic quotes.
--
Marek 'MMx' Ludha
On 9/22/06, Marek 'MMx' Ludha <[EMAIL PROTECTED]> wrote:
Hi.
I need to read urlencoded data from POST request. So far I have tried
$_POST['name'], but this converts each input %5C to two backslashes
(instead of one) and %00 to \0 (slash zero, not zero byte) for some
reason. Is there any other way to read the data apart from parsing
php://input myself?
Thanks in advance for any response.
--
Marek 'MMx' Ludha
--- End Message ---
--- Begin Message ---
Tedd,
Thanks so much your thorough response - it's good to know that I'm not the
only one trying to figure this out! I'm curious, in your code you use the
PHP ftp functions, but I have used the PHP functions chmod() and mkdir()
without establishing an ftp connection. Is it faster to establish an ftp
connection within PHP and then use the ftp series of functions to accomplish
all of the directory creation and permissions changes? If so, then I will
probably change my code to follow yours.
Andy
On 9/25/06, tedd <[EMAIL PROTECTED]> wrote:
At 9:32 PM -0600 9/24/06, Andy Hultgren wrote:
>Hi Tedd,
>
>Yes, when I browse to www.myDomain.com I get the index.html file, and so
I
>have been leaving the .public_html/ directory alone since it is not my
>root. I'm curious, what you described is exactly what I'm trying to do -
>what permissions do you set the parent folder at when you are finished
>uploading/saving/downloading/etc.? I have my "uploaded_images/"
>directory set at chmod 0100 and I can still browse to an uploaded image
from
>my file upload page... Thanks for your response,
Andy:
I ran into the same problem trying to work with, and understand,
permissions on a virtual host. When I asked this gang about
permissions some time back, I received answers that ranged from RTFM
to calling me stupid for using 0777, but none answered my question.
No fault of the gang, I probably didn't ask the question correctly.
In any event, I felt too stupid to ask the question again, so I went
elsewhere looking for answers and eventually found something that
works for me.
Some consider me a novice, so I'll ask the gang to overview my
comments to make sure that I'm not guiding you down the wrong path.
As you know, the key to setting the permissions of a file depends
upon the permissions the parent folder. If the parent folder
permission is set to 0777, then we can change any files inside the
folder as we want. However, that also presents a major security hole
because then anyone can use that folder to upload and run evil code.
So, the key problem is how to alter parent folder permissions.
With virtual hosting, we can upload, manage, and set permissions as
we want via our FTP connection software. So, I thought perhaps php
had something like that and as such I discovered how to ftp connect
via php.
Now, not all php ftp_<commands> are available to php 4, but you can
connect to your site and change permissions of folders, which is what
we actually need. So, if you want to do something with a file: then
change the folder permissions of the folder that holds it; do
whatever you want with the file; and then change the folder
permissions back to something safe.
You can also create new folders if you want using the command ftp_mkdir().
Note, the beginning of the ftp_paths are different than url paths we
would normally use to locate a file. For example:
An example web path:
http://www.yourdomain.com/rw/tmp/text.txt
An example symbolic link:
public_html/rw/tmp/text.txt
The following code will show you an example of how this works. Just
put in your own domain, user id, password, and correct paths and try
it out. Change the permissions in the code and watch how the file
permissions change.
Please let me know if this works for you -- watch for line breaks.
hth's
tedd
PS: I don't know what to say about your ".public_html/" directory,
but I would just leave it alone.
---
// how to call the function
<?php
$ftp_path = "public_html/rw/"; // note the ftp path
$theDir = "tmp";
$theFile ="text.txt";
FtpPerms($ftp_path, $theDir, $theFile);
?>
// the function
<?php
// create directory and change permissions via FTP connection
function FtpPerms($path, $theDir, $theFile)
{
$server='ftp.yourdomain.com'; // ftp server
$connection = ftp_connect($server); // connection
$user = "you";
$pass = "yourpassword";
$result = ftp_login($connection, $user, $pass); // login to ftp server
if ((!$connection) || (!$result))
{
echo("No connection<br/>");
return false;
exit();
}
else
{
echo("Made connection<br/>");
ftp_chdir($connection, $path); // go to destination dir
echo("Change permission<br/>");
$str="CHMOD 0755 " . $theDir; // change permissions for dir (note the
space after 0775 )
ftp_site($connection, $str);
echo("$str<br/>");
$filename = "$theDir/$theFile";
$contents = "This is the contents of the file.";
echo("<hr><br/>Writing file <br/><br/>");
$file = fopen( $filename, "w" );
fwrite( $file, $contents);
fclose( $file );
chmod($filename,0755);
echo("Change permission<br/>");
$str="CHMOD 0600 " . $theDir; // change permissions back for dir
ftp_site($connection, $str);
echo("$str<br/>");
echo("Close connection<br/>");
ftp_close($connection); // close connection
}
}
?>
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
On 9/25/06, Andy Hultgren <[EMAIL PROTECTED]> wrote:
Tedd,
Thanks so much your thorough response - it's good to know that I'm not the
only one trying to figure this out! I'm curious, in your code you use the
PHP ftp functions, but I have used the PHP functions chmod() and mkdir()
without establishing an ftp connection. Is it faster to establish an ftp
connection within PHP and then use the ftp series of functions to
accomplish
all of the directory creation and permissions changes? If so, then I will
probably change my code to follow yours.
Andy
By using FTP you can specify which user account you want the connection to
be established at. When running a PHP script the script will be running by
the Apache server, which means it will have specific permission levels which
cannot create directories or chmod unless Apache owns the parent directory.
That is why Tedd went through all that trouble.
--- End Message ---
--- Begin Message ---
Andy:
It was never a question of speed for me -- it was a question of being
able to change file permissions from within a php script so that I
could create and write files safely.
You see, I am *not* able to use chmod() within a php script at all
regardless of what permissions the file and parent folder have --
even when both are set to 0777. To do any permissions changing from
within a php script I am forced to resort to a ftp connection as I
previously described.
I can't even create a file, nor open a file for writing, without the
parent folder having 0777 permissions. The only option I had was to
set parent folders to 0777 and leave them that way, and I wasn't
going to do that for security reasons.
Now, perhaps something is wrong with my server (or me) -- but -- I
have more than one server and the same tests held true for all of
them.
So, if you can chmod() and mkdir() from within your php script
without establishing an ftp connection, then more power to you,
because I can't. And that's the reason I use ftp_login. I thought
that you had the same problem.
Now, perhaps I should RTFM again -- but -- I have read it and I have
not found another method that works to change permissions other than
to use ftp_logon.
I suspect that this problem may be pretty obvious to the gang, but I
don't know if anyone cares to comment. Comments?
tedd
---
At 1:11 PM -0600 9/25/06, Andy Hultgren wrote:
Tedd,
Thanks so much your thorough response - it's good to know that I'm
not the only one trying to figure this out! I'm curious, in your
code you use the PHP ftp functions, but I have used the
PHP functions chmod() and mkdir() without establishing an ftp
connection. Is it faster to establish an ftp connection within PHP
and then use the ftp series of functions to accomplish all of the
directory creation and permissions changes? If so, then I will
probably change my code to follow yours.
Andy
On 9/25/06, tedd <<mailto:[EMAIL PROTECTED]>[EMAIL PROTECTED]> wrote:
At 9:32 PM -0600 9/24/06, Andy Hultgren wrote:
Hi Tedd,
Yes, when I browse to <http://www.myDomain.com> www.myDomain.com I
get the index.html file, and so I
have been leaving the .public_html/ directory alone since it is not my
root. I'm curious, what you described is exactly what I'm trying to do -
what permissions do you set the parent folder at when you are finished
uploading/saving/downloading/etc.? I have my "uploaded_images/"
directory set at chmod 0100 and I can still browse to an uploaded image from
my file upload page... Thanks for your response,
Andy:
I ran into the same problem trying to work with, and understand,
permissions on a virtual host. When I asked this gang about
permissions some time back, I received answers that ranged from RTFM
to calling me stupid for using 0777, but none answered my question.
No fault of the gang, I probably didn't ask the question correctly.
In any event, I felt too stupid to ask the question again, so I went
elsewhere looking for answers and eventually found something that
works for me.
Some consider me a novice, so I'll ask the gang to overview my
comments to make sure that I'm not guiding you down the wrong path.
As you know, the key to setting the permissions of a file depends
upon the permissions the parent folder. If the parent folder
permission is set to 0777, then we can change any files inside the
folder as we want. However, that also presents a major security hole
because then anyone can use that folder to upload and run evil code.
So, the key problem is how to alter parent folder permissions.
With virtual hosting, we can upload, manage, and set permissions as
we want via our FTP connection software. So, I thought perhaps php
had something like that and as such I discovered how to ftp connect
via php.
Now, not all php ftp_<commands> are available to php 4, but you can
connect to your site and change permissions of folders, which is what
we actually need. So, if you want to do something with a file: then
change the folder permissions of the folder that holds it; do
whatever you want with the file; and then change the folder
permissions back to something safe.
You can also create new folders if you want using the command ftp_mkdir().
Note, the beginning of the ftp_paths are different than url paths we
would normally use to locate a file. For example:
An example web path:
<http://www.yourdomain.com/rw/tmp/text.txt>http://www.yourdomain.com/rw/tmp/text.txt
An example symbolic link:
public_html/rw/tmp/text.txt
The following code will show you an example of how this works. Just
put in your own domain, user id, password, and correct paths and try
it out. Change the permissions in the code and watch how the file
permissions change.
Please let me know if this works for you -- watch for line breaks.
hth's
tedd
PS: I don't know what to say about your ".public_html/" directory,
but I would just leave it alone.
---
// how to call the function
<?php
$ftp_path = "public_html/rw/"; // note the ftp path
$theDir = "tmp";
$theFile ="text.txt ";
FtpPerms($ftp_path, $theDir, $theFile);
?>
// the function
<?php
// create directory and change permissions via FTP connection
function FtpPerms($path, $theDir, $theFile)
{
$server='<http://ftp.yourdomain.com>ftp.yourdomain.com'; // ftp server
$connection = ftp_connect($server); // connection
$user = "you";
$pass = "yourpassword";
$result = ftp_login($connection, $user, $pass); // login to ftp server
if ((!$connection) || (!$result))
{
echo("No connection<br/>");
return false;
exit();
}
else
{
echo("Made connection<br/>");
ftp_chdir($connection, $path); // go to destination dir
echo("Change permission<br/>");
$str="CHMOD 0755 " . $theDir; // change permissions for dir (note the
space after 0775 )
ftp_site($connection, $str);
echo("$str<br/>");
$filename = "$theDir/$theFile";
$contents = "This is the contents of the file.";
echo("<hr><br/>Writing file <br/><br/>");
$file = fopen( $filename, "w" );
fwrite( $file, $contents);
fclose( $file );
chmod($filename,0755);
echo("Change permission<br/>");
$str="CHMOD 0600 " . $theDir; // change permissions back for dir
ftp_site($connection, $str);
echo("$str<br/>");
echo("Close connection<br/>");
ftp_close($connection); // close connection
}
}
?>
--
-------
<http://sperling.com>http://sperling.com
<http://ancientstones.com>http://ancientstones.com <http://earthstones.com>http://earthstones.com
--
PHP General Mailing List (<http://www.php.net/>http://www.php.net/ )
To unsubscribe, visit:
<http://www.php.net/unsub.php>http://www.php.net/unsub.php
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--- End Message ---
--- Begin Message ---
Well, that didn't sound too good...
So I tried to implement the example code given in the php tmpfile()
documentation and it wouldn't do anything, which suggests that I don't have
access to the /tmp directory. Also, the FAQ's section on my server's
website say that /tmp is not shared between the servers. So, looks like
/tmp option is out...
So, let me see if I understand the situation I'm looking at here:
The bad side:
-- I don't have any place to put uploaded files outside of my webtree, which
makes it tough to ensure these files cannot be surfed to once they are
uploaded, and also means I have to do my security checks while the files are
within my webtree and potentially accessible. (BAD).
-- Any php script on my server (created by me or somehow maliciously
uploaded) can do whatever it wants within my account because all php
scripts run as me. (also BAD).
The good side:
-- Uploaded files can be chmod so that nobody can read them, then I chmod
them when I need to use them. This adds a layer of protection for
completely uploaded files. I assume this will not help with files while
they are getting their security checks, since PHP has to be able to read and
execute them in order to run the checks (get_image_size, etc.)?
-- Since I'm only allowing image uploads, I can strictly filter which files
are allowed to be uploaded (with extension checks and get_image_size). (Plus
all the stuff talked about in the PHP Security Guide provided by the PHP
Security Consortium for html POSTs, MySQL stuff, cookies, etc. Well, all of
it that I can implement without having access to a directory outside of my
webtree anyway).
So, given this situation (if I've got it right), I have two questions:
1) With the above "as is", am I just asking for anyone to come in and tear
my site apart? I am not an experienced web developer (obviously), but I
love to read. Is that enough to build a secure site, or am I just way in
over my head?
2) Imaging that I can convince my host to rebuild my site so that I have
access to directories outside of my webtree and can check and save uploaded
files there, does that make the situation substantially better? Or is the
"PHP running as me" thing enough alone to raise some serious serious
problems (perhaps less around the image uploading but more around a login
page or something)?
As always, thank you so much for your help.
Andy
On 9/25/06, Richard Lynch <[EMAIL PROTECTED]> wrote:
On Sun, September 24, 2006 11:04 pm, Andy Hultgren wrote:
> I really appreciate your help with this.
>
> To answer your first question: when people surf to my site they see
> the
> stuff "next to" (outside) .public_html/, not anything within
> .public_html/.
> (Thanks by the way for explaining the .dirName invisibility thing,
> that's
> one confusing thing not to worry about anymore!)
Hmmm.
Okay, so you definitely do not have any space outside the webtree.
That's bad.
Anything you upload is stuck being available to the public, to some
degree. :-(
You *may* be able to utilize /tmp
See if you can write a short little script with http://php.net/tmpfile
This will give you and idea if you can stash things in /tmp, at least
until you can confirm that they are not Evil.
> To answer your second question: the "uploadedFiles/" directory is
> 0100, but
> not the file. The uploaded file itself is 0640.
So your login is allowed to read files within the directory, but not
to list what's in the directory.
Your login and your group can read the file itself.
Your login can write the file as well.
See next question/answer.
> Third question: it runs as the same username I use to login to my
> server's
> ftp site. This information wasn't in the output of the phpinfo()
> function
> (that I could find). I did some searching on php.net and found this
> entry
> under the get_current_user() function (
> http://us3.php.net/manual/en/function.get-current-user.php, top user
> contributed note):
> **
> *to get the username of the process owner (rather than the file
> owner), you
> can use:
> **<?php
> $processUser = posix_getpwuid(posix_geteuid**());
> print $processUser['name'**];
> ?> *
> **
> I used this code to find out the user PHP runs as. Is that what you
> were
> looking for?
Yes.
And since PHP runs as "you" with your login, it can do everything
listed above.
So you probably cannot surf to the DIRECTORY and get a listing (even
if DirectoryIndex is on) but if you know the name of the file in
advance, you can surf to it.
So if you want to make a file not readable, you have to chmod it so
that *YOU* cannot read it.
This will be a PITA because then you'll need to chmod it back any time
you want to mess with it.
As the owner of a file, you are allowed to chmod it so that you
yourself cannot read it -- kind of like locking it away in a safe --
and then you have to chmod it back to readable (open the safe) to read
it.
You still "own" the file, so you can always chmod it anywhich way you
want, at any time.
Running your webserver as "you" gives it a lot of power -- And makes
some things much easier/better in terms of letting it do what you need
it to do.
It also gives it TOO MUCH power, since it can do ANYTHING you can do.
So there can be no distinction between what you allow your web pages
to do, and what you can do yourself.
This is why most hosts run the webserver as "nobody" or a similar user
with extremely limited powers.
Most of the security advice you will find "out there" is written with
the assumption that your webserver runs as "nobody" (or similar) and
that you have space to store files outside your webtree.
You are either going to have to really spend a lot of time thinking
hard about security to even hope to do the Right Thing if you stay
with this host -- and most of the advice you'll find out on the 'net
won't apply to your situation, and may even seem to "work" but be very
Bad Advice.
--
Like Music?
http://l-i-e.com/artists.htm
--- End Message ---
--- Begin Message ---
Hey Tedd and Eric,
Between the two of you and Richard Lynch's last post, I understand why I can
use chmod() and mkdir() within php without having to use the ftp commands: I
run on a server that is configured to run my php scripts as "username" (ie.
me!) instead of as "nobody" (which is much more common). So my php scripts
have powers which they probably shouldn't have. So, Tedd, you don't have to
go back to the manual it looks like you are exactly right, I'm just on a
goofy server which is the exception to the rule (for better or for worse).
I really appreciate you guys jumping in a giving me a hand. Hopefully I get
good enough at this that I can return the favor sometime!!!
Andy
On 9/25/06, Eric Butera <[EMAIL PROTECTED]> wrote:
On 9/25/06, Andy Hultgren <[EMAIL PROTECTED]> wrote:
>
> Tedd,
>
> Thanks so much your thorough response - it's good to know that I'm not
> the
> only one trying to figure this out! I'm curious, in your code you use
> the
> PHP ftp functions, but I have used the PHP functions chmod() and mkdir()
>
> without establishing an ftp connection. Is it faster to establish an
> ftp
> connection within PHP and then use the ftp series of functions to
> accomplish
> all of the directory creation and permissions changes? If so, then I
> will
> probably change my code to follow yours.
>
> Andy
By using FTP you can specify which user account you want the connection to
be established at. When running a PHP script the script will be running by
the Apache server, which means it will have specific permission levels which
cannot create directories or chmod unless Apache owns the parent directory.
That is why Tedd went through all that trouble.
--- End Message ---
--- Begin Message ---
hi...
i'm trying to find out if there's a php webapp that allows a user to modify
the underlying file structure (files/folders) for a linux system
i'd like to be able to:
-view file/folder/dir structure
-list the dir structure
-add/create/delete/copy/move files
-add/create/delete/copy/move folders
-change/modify file/folder perms/privs
-etc..
--- End Message ---
--- Begin Message ---
bruce wrote:
i'm trying to find out if there's a php webapp that allows a user to modify
the underlying file structure (files/folders) for a linux system
i'd like to be able to:
-view file/folder/dir structure
-list the dir structure
-add/create/delete/copy/move files
-add/create/delete/copy/move folders
-change/modify file/folder perms/privs
-etc..
Google for php file manager - there are lots of them around, but
remember that they are 1) a huge security risk, and 2) limited by the
filesystem permissions of the web server user.
-Stut
--- End Message ---
--- Begin Message ---
i should state... while i've seen different apps... i'm more interested in
any that have actually been used by you, or someone you know!!
an app that comes with references!
-----Original Message-----
From: Stut [mailto:[EMAIL PROTECTED]
Sent: Monday, September 25, 2006 1:59 PM
To: [EMAIL PROTECTED]
Cc: php-general@lists.php.net
Subject: Re: [PHP] manage/modify linux file/folder structure...
bruce wrote:
> i'm trying to find out if there's a php webapp that allows a user to
modify
> the underlying file structure (files/folders) for a linux system
>
> i'd like to be able to:
> -view file/folder/dir structure
> -list the dir structure
> -add/create/delete/copy/move files
> -add/create/delete/copy/move folders
> -change/modify file/folder perms/privs
> -etc..
Google for php file manager - there are lots of them around, but
remember that they are 1) a huge security risk, and 2) limited by the
filesystem permissions of the web server user.
-Stut
--- End Message ---
--- Begin Message ---
On 2:36 pm 09/25/06 "Ramiro Cavalcanti" <[EMAIL PROTECTED]> wrote:
> Hi Christopher,
> at first, thank you for your answer.
>
> I'd like to know if it's possible use this when php is running like
> cgi (php-suexec). I've put this code at httpd.conf at <module php>,
> then tryed to use it at .htaccess, but without successs.
>
> Thank you again.
>
Oh, in that case, you most definitely can't use the .htaccess conditions.
PHP will have issues if you are running php-suexec.
I'll see if I can think of any other ways around this, but php-suexec
definitely limits your usage for this simple fix right now.
--
Chris Weldon
--- End Message ---
--- Begin Message ---
On 25 Sep 2006, at 06:11 , Sancar Saran wrote:
$strPage = "<html> yada dayda";
...
$strPage.= " another html tags";
...
$strPage.= getSqlDataAndCreateSomeHtmlCOde();
If this is generating hundred of K of HTML, use ' instead of "
(yes, it's faster).
--
I'm sitting here with 4 Megs of RAM trying to figure out how to use
it all... :-) (Me, in 1990)
I'm sitting here with 4 Gigs of RAM trying to figure out how to use
it all... :-) (Me, in 2005)
--- End Message ---
--- Begin Message ---
On Mon, 2006-09-25 at 17:39 -0600, Google Kreme wrote:
> I'm sitting here with 4 Gigs of RAM trying to figure out how to use
> it all... :-) (Me, in 2005)
Not really related to the post... but I find a good way to eat up 4 gigs
of RAM is to run several VMWare nodes :) Depending on what these nodes
do, it can also be a great way to eat up those dual core processors :)
Cheers,
Rob.
--
.------------------------------------------------------------.
| InterJinn Application Framework - http://www.interjinn.com |
:------------------------------------------------------------:
| An application and templating framework for PHP. Boasting |
| a powerful, scalable system for accessing system services |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for |
| creating re-usable components quickly and easily. |
`------------------------------------------------------------'
--- End Message ---
--- Begin Message ---
hi...
does anybody know of an app/client or webbased app that is used to modify
the svn svnserve.conf file. (i'm not referring to an editor...!!)
i'm trying to find an app, that would allow me to create a dir/folder in a
repository, and would allow me to create the groups/users for the given
dir/folder. the app would also allow me to specify the required user access
roles/privs... finally, the app would write all this into the svnserve.conf
file...
any thoughts/comments/ideas...
thanks
--- End Message ---
--- Begin Message ---
Jad madi wrote:
I'm building an RSS aggregator so I'm trying to find out the best way to
parse users account feeds equally so Lets say we have 20.000 user with
average of 10 feeds in account so we have about
200.000 feed
How would you schedule the parsing process to keep all accounts always
updated without killing the server? NOTE: that some of the 200.000 feeds
might be shared between more than one user
Cache the feeds for a period of time.
So a (very) basic process would look like:
- does cache exist? How long has it been around?
- Shorter than "X" minutes?
-- Serve up the cached version. Dies off quickly.
- Longer than "X" minutes?
-- See if there is a new version, if there is update the cache, if there
isn't update the cache timestamp (so it won't check again for another
"X" minutes).
Of course you'd have to build in stuff like the feed can't be reached
(site down, dns problems, whatever)..
--
Postgresql & php tutorials
http://www.designmagick.com/
--- End Message ---
