php-general Digest 21 Jan 2007 08:54:01 -0000 Issue 4581
Topics (messages 247462 through 247483):
Re: non-blocking request to a url (via curl or file_get_contents or whatever)...
247462 by: Jochem Maas
247463 by: Jochem Maas
247483 by: Roman Neuhauser
Re: Request for...
247464 by: Jochem Maas
247466 by: Jochem Maas
247467 by: Børge Holen
PHP Warning: session_destroy
247465 by: Andre Dubuc
247468 by: Paul Novitski
247469 by: Andre Dubuc
247471 by: Jochem Maas
Re: Security Question
247470 by: Jochem Maas
Re: I lied, another question / problem
247472 by: Jochem Maas
most powerful php editor
247473 by: Vinicius C Silva
247474 by: Stut
247475 by: Gregory Beaver
247477 by: Jay Blanchard
247479 by: Tom Cruickshank
Help With Inventory
247476 by: Brandon Bearden
Re: Php coding help - Newbie question
247478 by: Ramdas
wierd slash
247480 by: Don
Forced File Downloads
247481 by: Don
Php / MySQL DESC tablename
247482 by: Beauford
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
php-general@lists.php.net
----------------------------------------------------------------------
--- Begin Message ---
Roman Neuhauser wrote:
> # [EMAIL PROTECTED] / 2007-01-20 01:30:55 +0100:
>>> I definitely give a hoot about the content returned ... all I want
>>> is for the request to go out on the wire and then have my script
>>> immediately continue with what it should be doing.
>>>
>>> I believe this would require creating a non-blocking connection in
>>> some way, but I'm stuck as to the correct way to tackle this. I've
>>> been reading about non-blocking sockets/streams etc but I'm just
>>> becoming more and more confused really, anyone care to put me out of
>>> my misery?
>> did more reading, still unsure of the whole thing, this is what I have
>> right now:
>>
>> $url = array('', 'tbs.tradedoubler.com', '/report?blablablabla');
>> $isSSL = true;
>> $proto = $isSSL ? 'ssl://' : 'http://';
>> $port = $isSSL ? 443 : 80;
>> $errno = $errstr = null;
>> if ($sock = fsockopen($proto.$url[1], $port, $errno, $errstr,
>> 10)) {
>> stream_set_blocking($sock, 0);
>> fwrite($sock, "GET {$url[2]} HTTP/1.0\r\n");
>> fwrite($sock, "Host: {$url[1]}\r\n");
>> //fwrite($sock, "Content-length: 0\r\n");
>> //fwrite($sock, "Accept: */*\r\n");
>> fwrite($sock, "\r\n");
>> fclose($sock);
>> }
>>
>> does this make any sense, will this work at all?
>> would the 10 second timeout [potentially] negate all the hard work?
>
> Yes, you need to wait for the socket to connect, and that's synchronous
> in all cases. I don't know enough about sockets in PHP to help further
> here, but if the semantics follows write(2) behavior in C, then what you
> have is broken. Non-blocking IO means the fwrite() could return before
> it could write all you gave it (it returns how many bytes it's written).
ah yes, I did read that, you pointing it out has made it become clearer.
that would mean the 'fastest' I could push out the http request is
probably by doing:
if ($sock = fsockopen($proto.$url[1], $port, $errno, $errstr, 4)) {
fwrite($sock, "GET {$url[2]} HTTP/1.0\r\n");
fwrite($sock, "Host: {$url[1]}\r\n");
fwrite($sock, "\r\n");
fclose($sock);
}
but I'd have to check with tradedoubler if they could indicate what their
'report' server's maximum response time could be (hopefully very low) for the
timeout AND find out whether their 'report' server does something similar
to ignore_user_abort().
anyway thanks for your input!
>
>
--- End Message ---
--- Begin Message ---
Roman Neuhauser wrote:
> # [EMAIL PROTECTED] / 2007-01-20 16:50:48 +0100:
>> Roman Neuhauser wrote:
>> 1. user stuffs things into shopping basket on [my] site (data stored in
>> session)
>> 2. user goes to check out.
>> 3. user chooses online payment.
>> 4. user is redirected to online payment provider site
>> 5. user completes payment successfully
>> 6. online payment provider site contacts [my] site/server directly with
>> transaction status/details
>> 7. user is shown 'thank you' page on online payment provider site
>> 8. user is redirected back to [my] site and shown 'real' 'thank you' page.
>
> That was perfect, thanks a lot!
>
>> normally in step 8 the webbug would be placed on the 'thank you' page,
>> but in this case the data needed to craft the webbug's url is no
>> longer available - the solution is to perform the request the the
>> webbug's url represents directly from my server during the
>> code that runs as a result of the request made by the online payment
>> provider in step 6.
>
> Is it important that the callback gets called synchronously?
dunno - definitely going to ask though!
in fact I feel stupid for not contemplating it myself,
I have a nasty suspicion that the script behind the url that the
tradedoubler webbug points to does stuff with the info the user's
browser would normally provide ...
in which case I would need to do something else - like generate the
webbug url at the point that I can (during order finalization) and store the
generated url in the relevant user's session and then use/place the webbug with
that url at the first opportunity to
> Is the
> order reconstructible from the callback url?
to some extent but I don't think that is relevant to my current little puzzle.
> If not I'd write
> a small script to fetch urls from a database table and feed them to
> wget or similar.
you've got me thinking about it from a totally different angle, and I've
got to understanding sockets/streams a little too! I now have enough ammo
to 'kill' the problem.
thank you very much for lending me your brain :-)
>
--- End Message ---
--- Begin Message ---
# [EMAIL PROTECTED] / 2007-01-20 22:43:58 +0100:
> that would mean the 'fastest' I could push out the http request is
> probably by doing:
>
> if ($sock = fsockopen($proto.$url[1], $port, $errno, $errstr, 4)) {
> fwrite($sock, "GET {$url[2]} HTTP/1.0\r\n");
> fwrite($sock, "Host: {$url[1]}\r\n");
> fwrite($sock, "\r\n");
> fclose($sock);
> }
That's quite possibly the fastest way to a "client aborted connection"
messages in their error log without achieving the desired action on the
server. Either way, you either take care to receive the response or you
don't care much about making the request at all. IMO.
--
How many Vietnam vets does it take to screw in a light bulb?
You don't know, man. You don't KNOW.
Cause you weren't THERE. http://bash.org/?255991
--- End Message ---
--- Begin Message ---
Børge Holen wrote:
> On Saturday 20 January 2007 17:09, Stut wrote:
>> Wikus Moller wrote:
...
>> -Stut
>>
>> Easily annoyed today.
dunno - I reckon the OP was trying pretty hard ;-)
>> Must be a Saturday, I never could get the hang of
>> Saturdays.
>
> ah,,... you say, I'm just ackin' to get rid of Tuesdays.
> Saturdays is quite alright, in fact... this is the
> dontwannadonothingandgetsawaywithitday!
I'm with Garfield - f*** mondays :-)
--- End Message ---
--- Begin Message ---
Jay Blanchard wrote:
> [snip]
> Since this is a mailing list for web developers, I thought I might as
> well post an o f f t o p i c request.
> Does anyone know of any website where I can get a exe or jar sitemap
> generating software? Particularly not GsiteCrawler as it uses too much
> system resources. A java applet would be nice. And, if possible, free
> of charge ^.^
>
> And does anyone know how and if a j a v a applet can be extracted from
> a webpage?(also a class)
> [/snip]
>
> Wikus my dear fellow, are their Java mailing lists? Would you like me to
> find one for you? Are you familiar with Google?
>
> Better yet, how about one in PHP for free? I went to Google and typed in
> 'site map generator PHP' and the first result was
> http://www.softswot.com/sitemapinfo.php. Not only is the web site done
> in PHP, but the application is as well. How cool is that?
>
> Listen up butt-bite. Next time, before you respond off list to those who
> tried to give you even the teeniest bit of help please demonstrate that
> you tried to help yourself get the answer or showed a modicum of
> initiative. Hundreds will attempt to help you when you have shown that
> you tried to help yourself.
>
and otherwise you risk getting "Blanch'ed" (like what they do with vegetables)
so for the rest of the list here's 2 new 'verbs' in honour of 2 fine members
(I can't help if their names 'fit'):
to be Lynched - to receive a 2000 word essayon the topic of your
choice followed by a *shrug*
to be Blanched - to be told (in one of many, many ways) to
RTFM/STFW/get-your-head-out-of-your-arse
>
>
--- End Message ---
--- Begin Message ---
On Saturday 20 January 2007 22:54, Jochem Maas wrote:
> Børge Holen wrote:
> > On Saturday 20 January 2007 17:09, Stut wrote:
> >> Wikus Moller wrote:
>
> ...
>
> >> -Stut
> >>
> >> Easily annoyed today.
>
> dunno - I reckon the OP was trying pretty hard ;-)
>
> >> Must be a Saturday, I never could get the hang of
> >> Saturdays.
> >
> > ah,,... you say, I'm just ackin' to get rid of Tuesdays.
> > Saturdays is quite alright, in fact... this is the
> > dontwannadonothingandgetsawaywithitday!
>
> I'm with Garfield - f*** mondays :-)
BAH, now I'm with Stut on this;(
I rewrote one of the first large database handling asswipe*"#$%&% file I made,
and right at the *"#$"#%"# end, everything went astray... before uploading...
gone with a wind, fart or whatever!
thats 20K of lost bytes
I'll neverever rewrite php4 to php5. F**K THIS
--
---
Børge
Kennel Arivene
http://www.arivene.net
---
--- End Message ---
--- Begin Message ---
Hi,
To stop bots from accessing secured pages, I've added the following code to a
banner page that is called by every page. Furthermore, each page starts with
<?php session_start(); ?> and includes the banner page:
'top1.php' [banner page]
<?php
if((eregi("((Yahoo! Slurp|Yahoo! Slurp China|.NET CLR|Googlebot/2.1|
Gigabot/2.0|Accoona-AI-Agent))",$_SERVER['HTTP_USER_AGENT'])))
{
if ($_SERVER['HTTPS'] == "on")
{
session_destroy();
header("Location: http://localhost/logout.php";);
}
}
?>
I'm testing on localhost with the browser set to 'Googlebot/2.1' - and the
code works great. Any page that is set for https is not served, and if https
has been set by a previous visit, it goes to http://somepage.
However, checking the live version, I get an secure-error_log entry:
"PHP Warning: session_destroy() [<a
href='function.session-destroy'>function.session-destroy</a>]: Trying to
destroy uninitialized session"
Question is: didn't the session_start(); on the calling page take effect, or
is this some other problem?
Is there something like 'isset' to check whether 'session_destroy(); is
needed? [I've tried isset, it barfs the code.]
Tia,
Andre
--- End Message ---
--- Begin Message ---
At 1/20/2007 02:14 PM, Andre Dubuc wrote:
However, checking the live version, I get an secure-error_log entry:
"PHP Warning: session_destroy() [<a
href='function.session-destroy'>function.session-destroy</a>]: Trying to
destroy uninitialized session"
Question is: didn't the session_start(); on the calling page take effect, or
is this some other problem?
I've gotten the distinct impression from the documentation and from
my own experiences that session_start() is required at the beginning
of every page/script that references the session. See
http://ca3.php.net/session_start including Examples 1 and 2.
Paul
--- End Message ---
--- Begin Message ---
On Saturday 20 January 2007 05:33 pm, Paul Novitski wrote:
> At 1/20/2007 02:14 PM, Andre Dubuc wrote:
> >However, checking the live version, I get an secure-error_log entry:
> >
> >"PHP Warning: session_destroy() [<a
> >href='function.session-destroy'>function.session-destroy</a>]: Trying to
> >destroy uninitialized session"
> >
> >Question is: didn't the session_start(); on the calling page take effect,
> > or is this some other problem?
>
> I've gotten the distinct impression from the documentation and from
> my own experiences that session_start() is required at the beginning
> of every page/script that references the session. See
> http://ca3.php.net/session_start including Examples 1 and 2.
>
> Paul
That would tend to make sense despite that the calling page has arleady
initiated one. Worth a try . .
Thanks,
Andre
--- End Message ---
--- Begin Message ---
Andre Dubuc wrote:
> Hi,
>
> To stop bots from accessing secured pages, I've added the following code to a
> banner page that is called by every page. Furthermore, each page starts with
> <?php session_start(); ?> and includes the banner page:
>
> 'top1.php' [banner page]
>
> <?php
> if((eregi("((Yahoo! Slurp|Yahoo! Slurp China|.NET CLR|Googlebot/2.1|
> Gigabot/2.0|Accoona-AI-Agent))",$_SERVER['HTTP_USER_AGENT'])))
> {
> if ($_SERVER['HTTPS'] == "on")
> {
> session_destroy();
> header("Location: http://localhost/logout.php";);
> }
> }
> ?>
>
> I'm testing on localhost with the browser set to 'Googlebot/2.1' - and the
> code works great. Any page that is set for https is not served, and if https
> has been set by a previous visit, it goes to http://somepage.
>
> However, checking the live version, I get an secure-error_log entry:
>
> "PHP Warning: session_destroy() [<a
> href='function.session-destroy'>function.session-destroy</a>]: Trying to
> destroy uninitialized session"
which page is causing the error? is it logout.php perhaps? does that page
call session_destroy too?
your browser making a request with the user-agent set to 'GoogleBot Blabla'
is not the same as an actual googlebot that's making a request - in the
difference
could lie the problem
is session_start() actually returning true we you call it in script run as a
result of
a request initialized by a bot?
btw: do you need to send the bot to logout.php if you've just destroyed the
session?
also, why not just redirect to an http url if it's a bot connecting via https
and forget trying to destroy the session?
>
> Question is: didn't the session_start(); on the calling page take effect, or
> is this some other problem?
>
> Is there something like 'isset' to check whether 'session_destroy(); is
> needed? [I've tried isset, it barfs the code.]
>
> Tia,
> Andre
>
--- End Message ---
--- Begin Message ---
Al wrote:
> Here is part of my proxie tags to html tags translation array. Looks
> pretty safe to me. There is other code to recognize paragraphs and
> lists, etc.
any 'real' html in the content your 'translating' is still going to
be there after translation - and therefore sent to the client,
quite impossible to say, with out know the code or the realiability of the
content source (e.g. the people that generate the content files)
how safe it actually is.
I would suggest you go to http://phpsec.org - chances are you learn something
that you have yet to consider at this point in time :-)
>
> $translate_array= array(
> '<link>' => '<a href="http://',
> '</link>' => '</a>',
> '<slink>' => '<a href="https://',
> '</slink>' => '</a>',
> '<label>' => '" target="_blank">',
> "<email>" => '<a href="mailto:',
> "<name> => "\">",
> '</email>' => '</a>',
> '<photo>' => "<img class=\"floatleft\" alt=\"mug\" src=\"$scr",
> '</photo>' => '">',
> '<blue-line>' => "<div class=\"horzline\"></div>\n",
> '<blue_line>' => "<div class=\"horzline\"></div>\n",
> '<images>' => "<div class=\"images\">",
> '</images>' => "</div>\n",
> '<no_banner>' => '',
> '<no_menu>' => '',
> '<return>' => "<div class=\"return\"><a
> style=\"text-decoration:underline\" href=\"$request_url\">Return to
> previous page</a></div>\n",
> );
>
> Jochem Maas wrote:
>> Al wrote:
>>> Good point about the '<script> evil haxor code here; </script>'. That's
>>> bad for our users, not the site, per se.
>>
>> what is bad for your users is bad for your site, on top of that
>> the script is running in the context of your domain - all sorts of
>> nasty possibilities that could affect your site.
>>
>>> Raw text to html is primarily done with a series of preg_replace()
>>> operations.
>>
>> what/how [exactly] the transformation is done determines
>> whether your safe.
>>
>>> No include() or exec() allowed near the text.
>>>
>>> Sounds like I'm in pretty good shape.
>>
>> maybe, maybe not - see above.
>>
>> (do you practice any sports? ;-P)
>>
>> ...
>
--- End Message ---
--- Begin Message ---
Roman Neuhauser wrote:
> # [EMAIL PROTECTED] / 2007-01-17 16:59:26 +0100:
>> Roman Neuhauser wrote:
>>> re_format(7) on FreeBSD:
>>>
>>> A bracket expression is a list of characters enclosed in `[]'.
>>> (...)
>>> If two characters in the list are separated by `-', this is
>>> shorthand for the full range of characters between those two
>>> (inclusive) in the collating sequence, e.g. `[0-9]' in ASCII
>>> matches any decimal digit.
>>> (...)
>>> Ranges are very collating-sequence-dependent, and portable programs
>>> should avoid relying on them.
>> one other thing ...
>>
>> wouldn't it be fair to assume (safety through paranoia) that
>> ctype_alnum() would suffer the same problem? (given the manual's
>> indication that ctype_alnum() and the offending regexp are equivalent?)
>
> isalnum(3) uses isalpha(3) and isdigit(3), so yes, their results are
> locale-dependent (LC_CTYPE, see setlocale(3)), but don't depend on
> collating sequence.
so really the doc's are slightly misleading or even incorrect,
I will try to formulate a succinct question for internals@ to ask whether
this should be reported as documentation bug.
as a side note: do you have any real world example of where this
collation issue might actually bite someone making use of the aforementioned
regexp range?
> isdigit(3):
>
> The isdigit() function tests for a decimal digit character. Regardless
> of locale, this includes the following characters only:
>
> ``0'' ``1'' ``2'' ``3'' ``4''
> ``5'' ``6'' ``7'' ``8'' ``9''
>
--- End Message ---
--- Begin Message ---
hi everyone!
i'd like to ask something maybe commonly asked here. what is the most
powerful php editor?
--- End Message ---
--- Begin Message ---
Vinicius C Silva wrote:
hi everyone!
<doctor name="nick">Hi everybody!</doctor>
i'd like to ask something maybe commonly asked here. what is the most
powerful php editor?
Definitely the chainsaw. Lets you slice your PHP scripts up into iddy
biddy pieces so you can try different combinations. It's also a hell of
a lot of fun!!
Or did you mean a different kind of powerful?
-Stut
PS: If you think it's a common question, search the list archives before
posting. Actually, before you post any question you should search the
list archives. And Google. And your brain. And down the back of the sofa
(you wouldn't believe the things I've found back there!!)
--- End Message ---
--- Begin Message ---
Vinicius C Silva wrote:
> hi everyone!
>
> i'd like to ask something maybe commonly asked here. what is the most
> powerful php editor?
I am
Yours,
Greg
--- End Message ---
--- Begin Message ---
[snip]
i'd like to ask something maybe commonly asked here. what is the most
powerful php editor?
[/snip]
What is power when regarding a PHP editor? My team uses Eclipse but we
are all comfortable with VI or PICO.
--- End Message ---
--- Begin Message ---
I use Quanta when doing PHP development. Used to use vi, but Quanta won me.
Sorry vi.
Is Quanta powerful in my opinion? Yes. Why? Because it fits all requirements
And then some.
Just my 2 cents.
Tom
-----Original Message-----
From: Jay Blanchard [mailto:[EMAIL PROTECTED]
Sent: January 20, 2007 10:31 PM
To: Vinicius C Silva; php-general@lists.php.net
Subject: RE: [PHP] most powerful php editor
[snip]
i'd like to ask something maybe commonly asked here. what is the most
powerful php editor?
[/snip]
What is power when regarding a PHP editor? My team uses Eclipse but we
are all comfortable with VI or PICO.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.432 / Virus Database: 268.17.2/641 - Release Date: 20/01/2007
10:24 AM
--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.432 / Virus Database: 268.17.2/641 - Release Date: 20/01/2007
10:24 AM
--- End Message ---
--- Begin Message ---
Can anyone help me figure out how to solve my inventory listing problem?
I am using php_5 and mysql_5.0 w/apache on fbsd.
I need to figure out a way to make a subtitle for every category (genre)
in the inventory so when I list the entire inventory on a sheet (at
client's request), it is organized by category (genre) and each category
(genre) has a title line above it. So the there is not just one big list
rather a neat list with titles for each category THEN all the rows in that
category etc. I can't figure out the loop to make the titles.
I have them sorted as you can by genre, the list is formatted fine There
are alternating colors on the rows to make it read easier. I just want to
keep from having to make a statement for EACH genre. I will eventually
make the genre list dynamic too, so I need to figure out how to
dynamically generate this inventory list.
This is the output I have now:
DVD ID TITLE GENRE 1 GENRE 2 GENRE 3 ACT QTY
BCK HLD INC OG USR OUT DATE OUT USR IN DATE IN USR
CY
20860003 Movie name action 1 1 0
10000000 0000-00-00 00:00:00 0000-00-00 00:00:00 0
20860020 Move Name COMEDY 1 1 0
10000000 0000-00-00 00:00:00 0000-00-00 00:00:00
0
20860006 Movie name COMEDY 1 1 0
10000000 0000-00-00 00:00:00 0000-00-00 00:00:00 0
What I WANT to see is:
I will fix the background colors, I just want to see the "GENRE: ACTION -
1 TITLES and GENRE: COMEDY - 2 TITLES"
DVD ID TITLE GENRE 1 GENRE 2 GENRE 3 ACT QTY
BCK HLD INC OG USR OUT DATE OUT USR IN DATE IN USR
CY
GENRE: ACTION - 1 TITLES
20860003 Movie name ACTION 1 1 0
10000000 0000-00-00 00:00:00 0000-00-00 00:00:00 0
GENRE: COMEDY - 2 TITLES
20860023 Movie name COMEDY 1 1
0 10000000 0000-00-00 00:00:00 0000-00-00 00:00:00
0
20860006 Movie name COMEDY 1 1 0
10000000 0000-00-00 00:00:00 0000-00-00 00:00:00 0
This is the code:
1. function invlistONE(){
2. dbconnect('connect');
3. $invlist = mysql_query("SELECT * FROM sp_dvd ORDER BY dvdGenre");
4.
5.
6. ?>
7. <table cellspacing="0" style="font-size:8pt;>
8. <tr>
9. <div style="font-size:8pt">
10. <td align="left" class="body"><b>DVD ID</b></td>
11. <td align="left" width="225"><b>TITLE</b></td>
12. <td align="left" class="body" width="75"><b>GENRE 1</b></td>
13. <td align="left" width="75"><b>GENRE 2</b></td>
14. <td align="left" class="body" width="75"><b>GENRE 3</b></td>
15. <td align="left" width="10"><b>ACT</b></td>
16. <td align="left" class="body" width="10"><b>QTY</b></td>
17. <td align="left" width="10"><b>BCK</b></td>
18. <td align="left" class="body" width="10"><b>HLD</b></td>
19. <td align="left" width="10"><b>INC</b></td>
20. <td align="left" class="body" width="50"><b>OG USR</b></td>
21. <td align="left"><b>OUT DATE</b></td>
22. <td align="left" class="body" width="55"><b>OUT USR</b></td>
23. <td align="left"><b>IN DATE</b></td>
24. <td align="left" class="body" width="50"><b>IN USR</b></td>
25. <td align="left" width=\"10\"><b>CY</b></td>
26. </div>
27. </tr>
28. <?
29.
30. $count = 0;
31. while($row = mysql_fetch_array($invlist)){
32.
33. $dvdId = $row['dvdId'];
34. $dvdGenre = $row['dvdGenre'];
35. $dvdGenre2 = $row['dvdGenre2'];
36. $dvdGenre3 = $row['dvdGenre3'];
37. $dvdTitle = $row['dvdTitle'];
38. $dvdOnHand = $row['dvdOnHand'];
39. $dvdOnHand = $row['dvdOnHand'];
40.
41. $active = $row['dvdActive'];
42. $back = $row['backordered'];
43. $hold = $row['dvdHoldRequests'];
44. $incoming = $row['incomingInventory'];
45.
46. $ogUserId = $row['ogUserId'];
47. $outDate = $row['outDate'];
48. $outUserId = $row['outUserId'];
49. $inDate = $row['inDate'];
50. $inUserId = $row['inUserId'];
51. $cycles = $row['cycles'];
52. $dvdLastUpdate = $row['dvdLastUpdate'];
53. $dvdLastAdminUpdate = $row['dvdLastAdminUpdate'];
54.
55. if ( $count == 1 ) { echo ("<tr bgcolor=\"#c1c1c1\">"); }
56. else { echo ("<tr>");}
57.
58. echo ("<div >");
59. echo ("<td class=\"body\" align=\"left\"> $dvdId </td>");
60. echo ("<td align=\"left\" width=\"225\">$dvdTitle</td>");
61. echo ("<td class=\"body\" align=\"left\"
width=\"75\">$dvdGenre</td>");
62. echo ("<td align=\"left\" width=\"75\">$dvdGenre2</td>");
63. echo ("<td class=\"body\" align=\"left\"
width=\"75\">$dvdGenre3</td>");
64. echo ("<td align=\"left\" width=\"10\">$active</td>");
65. echo ("<td class=\"body\" align=\"left\"
width=\"10\">$dvdOnHand</td>");
66. echo ("<td align=\"left\" width=\"10\">$back</td>");
67. echo ("<td class=\"body\" align=\"left\" width=\"10\">$hold</td>");
68. echo ("<td align=\"left\" width=\"10\">$incoming</td>");
69. echo ("<td class=\"body\" align=\"left\"
width=\"50\">$ogUserId</td>");
70. echo ("<td align=\"left\" width=\"75\">$outDate</td>");
71. echo ("<td class=\"body\" align=\"left\"
width=\"55\">$outUserId</td>");
72. echo ("<td align=\"left\" width=\"75\">$inDate</td>");
73. echo ("<td class=\"body\" align=\"left\"
width=\"50\">$inUserId</td>");
74. echo ("<td align=\"left\" width=\"10\">$cycles</td>");
75. echo ("</div>");
76. echo ("</tr>");
77.
78. $count++;
79. if ( $count == 2 ) { $count = 0; }
80. }
81. ?></table><?
82. }
HERE IS THE MYSQL TABLE:
CREATE TABLE sp_dvd(
dvdId int(8) UNSIGNED AUTO_INCREMENT NOT NULL UNIQUE PRIMARY KEY,
dvdActive smallint(1) NOT NULL,
backordered smallint(1) NOT NULL,
dvdHoldRequests int(4),
incomingInventory int(3),
dvdTitle varchar(50) NOT NULL UNIQUE,
dvdDescription text(500),
dvdActors varchar(200),
dvdGenre varchar(35),
dvdGenre2 varchar(35),
dvdGenre3 varchar(35),
dvdYear int(4),
dvdLength int(4),
dvdCover varchar(100),
dvdCover2 varchar(100),
dvdOnHand int(3),
firstInventoryDate TIMESTAMP,
ogUserId int(8),
outDate TIMESTAMP,
outUserId int(8),
inDate TIMESTAMP,
inUserId int(8),
cycles int(4),
dvdLastUpdate TIMESTAMP,
dvdLastAdminUpdate int(8),
rand varchar(150),
exchangeId int(8),
FULLTEXT (dvdTitle,dvdActors)
)TYPE=MyISAM AUTO_INCREMENT=20860000;
--- End Message ---
--- Begin Message ---
On 1/18/07, Ramdas <[EMAIL PROTECTED]> wrote:
On 1/17/07, Jochem Maas <[EMAIL PROTECTED]> wrote:
> Ramdas wrote:
> > Hi Group,
> >
> > A very newbie question. Might be discussed earlier, please forgive.
>
> Are so much of a noob that STFW is not within your capabilities?
> (just thought I'd ask, given that you admit to realising the info *might*
> be out there already)
>
> >
> > I am having a site in PHP ( not very great design ) which I need to
> > convert/modify to use functions. Such the code for connecting /
> > binding to Ldap is not repeated & scripts are more readable.
> >
> > The site deals with modifying / adding / deleting entries in a LDAP dir.
> >
> > In each of the pages following is done:
> >
> > <?php
> >
> > require 'validate.php' ;// validate.php checks if the user is loged in
> >
> > $connect = ldap_connect(ldapserver);
> > if ($connect) {
> >
> > bind ...
> > do the things....
> >
> > }else { echo erro..}
> >
> > ?>
> >
> >
> > Also please advice what is a correct method of checking the user's
> > session. Currenlty I use a "HTTP_SESSION_VARS" variable to store the
>
> recommended to use the $_SESSION superglobal instead and stuff values
> directly into (after having called session_start()) instead of using
session_register()
> et al.
>
> > user's login & passwd . Each time the user hits the page these vars
>
> you only need to store *whether* they are logged in - and set that value when
you
> actually handle a login attempt (obviously storing their username could be
handy)
>
> I don't see any reason to store the passwd and validate against ldap on
> every request ... in fact I believe that storing the pwd in such a way is
essentially less
> secure.
>
> > are checked with the existing values in the LDAP (this is done by
> > validate.php).
> >
> > Please suggest me some good starting point where I can start a fresh
> > with more compact/cleaner Code.
>
> that question is about as vague as 'how long is a chinaman?'
> (the answer to that question being 'yes he is')
>
> here are some very vague ideas/functions:
>
> an include file ...
> =========== 8< =====================
> <?php
> function sessionCheck()
> {
> if (!isset($_SESSION['loggedin']) || !$_SESSION['loggedin']) {
> /* show login page then .. */
> exit;
> }
> }
>
> function doLogin($username, $passwd)
> {
> $_SESSION['loggedin'] = false;
> if (/* given $username+$passwd check outs in ldap*/)
> $_SESSION['loggedin'] = true;
>
> return $_SESSION['loggedin'];
> }
> ?>
>
> an 'init' include file
> =========== 8< =====================
> <?php
>
> require 'your-include-file.php'; // see above
>
>
> session_start();
>
> if (isset($_POST['uname'], $_POST['pwd'])) {
> doLogin($_POST['uname'], $_POST['pwd']);
> }
>
> sessionCheck();
>
> ?>
>
> any other file (other than the login 'page')
> =========== 8< =====================
> <?php
>
> require 'your-init-file.php';
>
> // we are logged in - it's magic
>
> // do some shit
>
> // the end, congrats go get laid :-)
>
> ?>
>
Thanx for the all responses.
Regards
Ram
Hi all,
Sorry for troubling all again.
I am trying to use the Pear DB_ldap for the above scripts.
Does any one have any sample code for ldap_connect () ldap_search etc.
Thanx once again.
Regards
Ram
--- End Message ---
--- Begin Message ---
I have a line of code that validates form info for some POST vars, but not
others.
if (!ereg("^[A-Za-z' -]{1,50}$",$_POST[$field]) )
when I put O'Toole in the form to test, my script kicks the page back (I
thought this entry would be OK)
but moreover, when it redisplays the form and populates the new form with
the entries previously entered, O'Toole becomes O\
when I put similar entries into fields that are not run through this line,
they go to the DB as typed.
Any advice?
Thanks again
Don
--- End Message ---
--- Begin Message ---
I've been having my forced downloads sometimes finish prematurely using
readfile(). I'm downloading a Windows .exe file.
I've read several posts that have suggested the substitution of a fread/feof
loop to write out the download in smaller chunks. I tried using a function
(readfile_chunked) I found in the user comments on php.net.
But for some odd reason, every time the downloaded file is one byte larger
than the original file, and it's not being recognized as a valid Windows
file.
I'm using PHP 4.4.4 on a shared Linux server running Apache.
IE and FireFox both exhibit the problem on the Windows end. I'm
using WinXP SP2.
I've listed relevant snippets below. $file_name is the fully qualified
path to the (.exe) file.
Any ideas?
#=============================
# Download the File
#=============================
header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: private", false);
header("Content-Description: File Transfer");
header("Content-Type: application/octet-stream");
header("Accept-Ranges: bytes");
header("Content-Disposition: attachment; filename=" . $file_name . ";");
header("Content-Transfer-Encoding: binary");
header("Content-Length: " . @filesize($file_path));
header ("Connection: close");
@ignore_user_abort();
@set_time_limit(0);
// @readfile($file_path);
readfile_chunked($file_path, FALSE);
exit();
......
function readfile_chunked($filename, $retbytes = true) {
$chunksize = 8 * 1024; // how many bytes per chunk
$buffer = '';
$cnt = 0;
$handle = fopen($filename, 'rb');
if ($handle === false) {
return false;
}
while (!feof($handle)) {
$buffer = fread($handle, $chunksize);
echo $buffer;
ob_flush();
flush();
if ($retbytes) {
$cnt += strlen($buffer);
}
}
$status = fclose($handle);
if ($retbytes && $status) {
return $cnt; // return num. bytes delivered like readfile() does.
}
return $status;
}
--- End Message ---
--- Begin Message ---
Hi,
First off thanks to everyone for the previous help. I managed to get it
sorted out and used several of the suggestions made.
I am trying to do a DESC table_name using PHP so it looks like it would it
you did it from the command line.
i.e.
| Field | Type | Null | Key | Default | Extra |
+-----------+--------------+------+-----+---------+----------------+
| id | int(11) | NO | PRI | NULL | auto_increment |
| name | varchar(30) | NO | | NULL | |
What I have found is that the following does not work the way I would have
thought.
$query = "DESC table ".$currenttb;
$result = mysql_query($query);
while ($row = mysql_fetch_row($result)) {
etc.....
I have found something that works, but it is still not like the above and is
really bulky. I can not get the type (varchar, etc) to show like above, it
will show string, blob, etc, and the last problem is it puts the last 4
fields in one variable (flags).
Does anyone know of a way to get this to output as shown above. I am putting
this into a form for editing, so I need everything in the proper places.
Thanks
Here is the entire code:
mysql_select_db($_SESSION['currentdb']);
$result = mysql_query("SELECT * FROM ".$_SESSION['currenttb']);
$fields = mysql_num_fields($result);
$rows = mysql_num_rows($result);
$table = mysql_field_table($result, 0);
for ($i=0; $i < $fields; $i++) {
$type = mysql_field_type($result, $i);
$name = mysql_field_name($result, $i);
$len = mysql_field_len($result, $i);
$flags = mysql_field_flags($result, $i);
echo all the filds....
}
This outputs (depending on the order you echo them):
username string 50 [not_null primary_key auto_increment] value in [] is one
value.
--- End Message ---
