php-general Digest 4 Dec 2006 07:54:00 -0000 Issue 4495
Topics (messages 245466 through 245474):
Random pictures - not twice
245466 by: Gustav Wiberg
245467 by: tg-php.gryffyndevelopment.com
245468 by: Gustav Wiberg
Re: problem with register globals on new server
245469 by: Richard Lynch
Re: Error in php doc?
245470 by: Richard Lynch
Re: security and .htaccess
245471 by: Richard Lynch
245472 by: Anas Mughal
245473 by: Frank Reichenbacher
Help me about audio stream...
245474 by: Le Phuoc Canh
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
php-general@lists.php.net
----------------------------------------------------------------------
--- Begin Message ---
Hi there!
I have created a script the generates random pictures...
<?php
//Random pictures
//
$pictures[0] = "bil1.gif";
$pictures[1] = "bil2.gif";
$pictures[2] = "bil3.gif";
$pictures[3] = "bil4.gif";
for ($i=0;$i<3;$i++) {
$r = rand(0,3);
?>
<p> <img src="<?php echo $pictures[$r];?>"></p>
<?php
}
?>
With this above script the same picture can be shown twice. Is there any
smart way of avoiding this without having to rely on cookies/sessionids?
Best regards
/Gustav Wiberg
Stammis Internet - http://www.stammis.com/ - pedigrees on the net
--- End Message ---
--- Begin Message ---
Without using cookies or session information, you're going to go through your
picture list faster depending on how many users are accessing the random pic
page. If you don't make it user-specific, then it doesn't really matter if you
go through the images sequentially.. it may appear random on the user end
because other users are going to be grabbing sequential pics as well.
If you want to stir the waters a bit, you could run them sequentially but
randomize the sequence. This is what some music playlist programs do when you
randomize a playlist. Instead of pulling a random song from the list and
risking playing the same song back to back, it just shuffles the playlist and
plays it sequentially. When you get to the end of your randomized list, you
can re-shuffle it and start over. This gives some semblance of randomness.
If you want to make sure each image gets its fair amount of time in the
spotlight, you could keep track of how many times each image has been
displayed. Having a database table with a list of all the image names and
their 'served' count would let you weight your list a bit to give preference to
the images that havn't been displayed that often.
And if you want to give each user the total package, you can keep track of how
many times each image was served to a specific user and weight your shuffling
that way.
I'm sure there are other ways, but there are just a few that may be viable for
you, depending on the level of randomness per user you need.
Let us know what solution you come up with. I'm sure others have had similar
questions and just havn't asked.
-TG
= = = Original message = = =
Hi there!
I have created a script the generates random pictures...
<?php
//Random pictures
//
$pictures[0] = "bil1.gif";
$pictures[1] = "bil2.gif";
$pictures[2] = "bil3.gif";
$pictures[3] = "bil4.gif";
for ($i=0;$i<3;$i++)
$r = rand(0,3);
?>
<p> <img src="<?php echo $pictures[$r];?>"></p>
<?php
?>
With this above script the same picture can be shown twice. Is there any
smart way of avoiding this without having to rely on cookies/sessionids?
Best regards
/Gustav Wiberg
Stammis Internet - http://www.stammis.com/ - pedigrees on the net
___________________________________________________________
Sent by ePrompter, the premier email notification software.
Free download at http://www.ePrompter.com.
--- End Message ---
--- Begin Message ---
----- Original Message -----
From: <[EMAIL PROTECTED]>
To: <php-general@lists.php.net>
Cc: <[EMAIL PROTECTED]>
Sent: Sunday, December 03, 2006 11:52 PM
Subject: Re: [PHP] Random pictures - not twice
Without using cookies or session information, you're going to go through
your picture list faster depending on how many users are accessing the
random pic page. If you don't make it user-specific, then it doesn't
really matter if you go through the images sequentially.. it may appear
random on the user end because other users are going to be grabbing
sequential pics as well.
If you want to stir the waters a bit, you could run them sequentially but
randomize the sequence. This is what some music playlist programs do when
you randomize a playlist. Instead of pulling a random song from the list
and risking playing the same song back to back, it just shuffles the
playlist and plays it sequentially. When you get to the end of your
randomized list, you can re-shuffle it and start over. This gives some
semblance of randomness.
If you want to make sure each image gets its fair amount of time in the
spotlight, you could keep track of how many times each image has been
displayed. Having a database table with a list of all the image names and
their 'served' count would let you weight your list a bit to give
preference to the images that havn't been displayed that often.
And if you want to give each user the total package, you can keep track of
how many times each image was served to a specific user and weight your
shuffling that way.
I'm sure there are other ways, but there are just a few that may be viable
for you, depending on the level of randomness per user you need.
Let us know what solution you come up with. I'm sure others have had
similar questions and just havn't asked.
-TG
= = = Original message = = =
Hi there!
I have created a script the generates random pictures...
<?php
//Random pictures
//
$pictures[0] = "bil1.gif";
$pictures[1] = "bil2.gif";
$pictures[2] = "bil3.gif";
$pictures[3] = "bil4.gif";
for ($i=0;$i<3;$i++)
$r = rand(0,3);
?>
<p> <img src="<?php echo $pictures[$r];?>"></p>
<?php
?>
With this above script the same picture can be shown twice. Is there any
smart way of avoiding this without having to rely on cookies/sessionids?
Best regards
/Gustav Wiberg
Stammis Internet - http://www.stammis.com/ - pedigrees on the net
___________________________________________________________
Sent by ePrompter, the premier email notification software.
Free download at http://www.ePrompter.com.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Hi again!
I've solved it with array_rand. It wasn't that hard at all, just had to know
which function to use! :-)
code:
<?php
//Random pictures
//
$pictures[0] = "bil1.gif";
$pictures[1] = "bil2.gif";
$pictures[2] = "bil3.gif";
$pictures[3] = "bil4.gif";
$randomNr = array_rand($pictures, count($pictures));
$occurences = 3;
for ($i=0;$i<$occurences;$i++) {
?>
<img src="<?php echo $pictures[$randomNr[$i]];?>">
<?php
}
?>
Best regards
/Gustav Wiberg
Stammis Internet - http://www.stammis.com/ - pedigrees on the net
--- End Message ---
--- Begin Message ---
On Sun, December 3, 2006 5:22 am, Tony Marston wrote:
>
> ""Richard Lynch"" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]
>> On Sat, December 2, 2006 5:31 am, Tony Marston wrote:
>> I think it is quite possible for a sysAdmin to configure
>> AllowOverride
>> and .htaccess in such a way that "too much" latitude is granted to
>> their clients to access each others' data...
>
> I disagree. What directives can give you access to other people's
> data?
I believe I once managed to track down a bit of data using
FollowSymlink for a client that wasn't available otherwise.
In our case, it was data they actually had a legal/moral right to see,
but technical snafus were in the way.
Presumably all the other combinations of AllowOverride are not there
just for the sheer fun of complexity by the Apache team.
I'm betting that at least some of them have security trade-offs in
mind, and are not just about random features nor performance.
>> And there is alleged to be a significant performance loss to
>> .htaccess, so a hurried sysAdmin may have over-simplified their
>> decision process...
>
> "Alleged" is the word. Where are the figures to support this? While
> there is
> "some" performance loss, with the speed of today;'s PCs can this
> really be
> considered as "significant"?
I don't have benchmarks.
Do you?
--
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some starving artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?
--- End Message ---
--- Begin Message ---
On Sun, December 3, 2006 4:39 am, MS P wrote:
> Hi. There seems to be a minor error in the page
> http://www.php.net/manual/en/features.file-upload.php. In Example 38-2
> "Validating file uploads", there is a line:
>
> $uploadfile = $uploaddir . basename($_FILES['userfile']['name']);
>
> It looks like basename() is not required there. Because i found that
> when i
> upload a file using IE6 (IE6 includes the whole path to the uploaded
> file,
> see
> http://jakarta.apache.org/commons/fileupload/faq.html#whole-path-from-IE),
> the value of $_FILES['userfile']['name'] is a file name but not a
> path. It
> looks like php has taken the file name from the path automatically. (I
> am
> using php 5.2.0 and win2k.) Can someone check if i am correct? Thanks.
There are probably other reasons to keep that there...
For starters, IE is not the only browser, much less the only User Agent.
In particular, I would presume somebody out there has crafted an evil
uploader that sends paths like, oh, "../../../../../../etc/passwd" as
the 'name' of the upload.
If you are silly enough to blindly use that and overwrite your passwd
file, well, there ya go.
The 'name' field should not be trusted. It comes from tbe user, and
anybody who can count past 10 with their shoes on could spoof it to
any value they like, including malicious values.
Plus, unless you check every single minor release version of PHP, you
can't be sure it ALWAYS stripped the path out.
--
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some starving artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?
--- End Message ---
--- Begin Message ---
On Sun, December 3, 2006 9:57 am, tedd wrote:
> At 10:35 PM +0100 12/2/06, Alain Roger wrote:
>>I'm working on .htaccess file for improving security.
>>Based on documentation from PHPSEC.org, we should be able to store
>> DB_USER
>>login and DB_PASS password in some secret-stuff (for example) file,
>> which
>>should be located outside root of web document root. (for example in
>> some
>>/path_to_secret folder)
>
> The "path_to_secret folder" thing -- I have a question about.
>
> I'm working with what a host provides me and I've seen paths that I
> can traverse/access and paths in a .htpacess file that I can't. For
> example, in one site I see a .htaccess file that contains:
>
> AuthUserFile /home/admin/public_html/_vit_pvt/service.pwd
>
> But, the "_vit_pvt" folder is not apparent. I can't get to it -- is
> this a host file that only they can access, or is there a secret
> handshake I need to get to it, or what?
That's a bull-crap made-up directory reference that FrontPage or
something of that ilk added because everybody uses FrontPage, and
everybody uses their lame-brained "security" layout of weird directory
names.
Replace it with a real AuthUserFile reference.
:-)
--
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some starving artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?
--- End Message ---
--- Begin Message ---
Sample ".htaccess" file that uses an authentication file:
Options -Indexes
AuthName "Photo Access"
AuthType Basic
AuthUserFile /home/me/BasicAuth/photo_users.txt
require valid-user
Hope this helps.
--
Anas Mughal
On 12/3/06, Richard Lynch <[EMAIL PROTECTED]> wrote:
On Sun, December 3, 2006 9:57 am, tedd wrote:
> At 10:35 PM +0100 12/2/06, Alain Roger wrote:
>>I'm working on .htaccess file for improving security.
>>Based on documentation from PHPSEC.org, we should be able to store
>> DB_USER
>>login and DB_PASS password in some secret-stuff (for example) file,
>> which
>>should be located outside root of web document root. (for example in
>> some
>>/path_to_secret folder)
>
> The "path_to_secret folder" thing -- I have a question about.
>
> I'm working with what a host provides me and I've seen paths that I
> can traverse/access and paths in a .htpacess file that I can't. For
> example, in one site I see a .htaccess file that contains:
>
> AuthUserFile /home/admin/public_html/_vit_pvt/service.pwd
>
> But, the "_vit_pvt" folder is not apparent. I can't get to it -- is
> this a host file that only they can access, or is there a secret
> handshake I need to get to it, or what?
That's a bull-crap made-up directory reference that FrontPage or
something of that ilk added because everybody uses FrontPage, and
everybody uses their lame-brained "security" layout of weird directory
names.
Replace it with a real AuthUserFile reference.
:-)
--
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some starving artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
Anas Mughal
--- End Message ---
--- Begin Message ---
That is the MS FrontPage auth system. Directories beginning with _ underscores
cannot be viewed in your browser. Unless you want to
dump FrontPage, you do not want to be messing with this setup.
If you can't view these directories in FrontPage, it's because you do not have
the website set to show hidden files. Tools>Site
Settings.
Frank
> -----Original Message-----
> From: tedd [mailto:[EMAIL PROTECTED]
> Sent: Sunday, December 03, 2006 08:57
> To: PHP General List
> Subject: Re: [PHP] security and .htaccess
>
> At 10:35 PM +0100 12/2/06, Alain Roger wrote:
> >I'm working on .htaccess file for improving security.
> >Based on documentation from PHPSEC.org, we should be able to store DB_USER
> >login and DB_PASS password in some secret-stuff (for example) file, which
> >should be located outside root of web document root. (for example in some
> >/path_to_secret folder)
>
> The "path_to_secret folder" thing -- I have a question about.
>
> I'm working with what a host provides me and I've seen paths that I
> can traverse/access and paths in a .htpacess file that I can't. For
> example, in one site I see a .htaccess file that contains:
>
> AuthUserFile /home/admin/public_html/_vit_pvt/service.pwd
>
> But, the "_vit_pvt" folder is not apparent. I can't get to it -- is
> this a host file that only they can access, or is there a secret
> handshake I need to get to it, or what?
>
> Thanks.
>
> tedd
>
> --
> -------
> http://sperling.com http://ancientstones.com http://earthstones.com
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
Dears,
I want to make a web app about music online. But i don't know how to use
streaming in PHP to load a music file for playing. Please help me for the
best direction.
Thanks alot and best regard.
--- End Message ---