php-general Digest 22 May 2007 16:46:45 -0000 Issue 4805
Topics (messages 255304 through 255329):
Re: PHP & MySQL Problem
255304 by: Christian Haensel
Re: Uploading Files Should I use MySQL or Server for storage?
255305 by: clive
255315 by: Tijnema
255316 by: Robert Cummings
Re: [Linux] PHP and SQL Server
255306 by: David BERCOT
255313 by: Tijnema
255321 by: David BERCOT
Pokeing functionality
255307 by: Don Don
255309 by: Rob Desbois
255311 by: Don Don
255314 by: Philip Thompson
Regular Expressions
255308 by: Don Don
255310 by: Zoltán Németh
255319 by: Tijnema
255322 by: Jim Lucas
Re: xsd:choice maxOccurs=unbounded, and element order
255312 by: Simon Detheridge
Re: How can i help
255317 by: Tijnema
Re: [PHP-INSTALL] Mailparse extension
255318 by: Miles Thompson
Re: Security Question, re directory permissions [long answer]
255320 by: Daniel Brown
ftp root dir?
255323 by: Al
255324 by: Jim Moseby
255325 by: Al
255326 by: Richard Davey
255327 by: Robert Cummings
Re: PHP Data Mining/Data Scraping
255328 by: Myron Turner
convert numerical day of week
255329 by: Bosky, Dave
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
--- Begin Message ---
Hi there, good morning,
as posted yesterday (I guess it kind of got overlooked by the nmber of posts
here), I was such a dirk that I put a hidden action in my form that
redirected the test page to another (currently running) form which didn't
have the changes in it. So my test page showed me data of a live page...
dumb me, I know. But after hours and hours of coding, I bet this even
happens to the best out there :oP Little piece of code sticking somewhere
and you don't even remember that it is there... that reminds me to continue
writing the handbook to this website *g*
Have a great coding-day :o))
Chris
----- Original Message -----
From: "Richard Lynch" <[EMAIL PROTECTED]>
To: "Christian Haensel" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Tuesday, May 22, 2007 2:42 AM
Subject: Re: [PHP] PHP & MySQL Problem
On Mon, May 21, 2007 2:26 am, Christian Haensel wrote:
Good morning friends,
I have a script that collects data from a form and puts together a
mysql
query to search a database.
Now, everything worked fine until I added a few new form fields... now
the
$_POST['var'] don't reach the script...
I have about 20 to 25 form fields which are all taken into the
query...
Now my question: is there a limit in the fields that I can use in the
query
string to query the database? Somehow the script doesn't even output
the
value of the POST data anymore... been using this stuff for years now,
and
i'm feeling really silly at the moment.
I'd appreciate any help.
POST data *does* have a limit, possibly, based on your selection of
browser/server software...
It's a ridiculously high limit however, so it seems more likely that
you just added a typo to your code.
Show us code to get an answer.
And estimate for us the size of the POST data as well.
Without those bits of info, our answers will be:
Maybe.
--
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
itoctopus wrote:
I have tried both, and I tell you that I really felt that the filesystem is
a more convenient way of doing it.
I have to agree, filesystems were after all designed to store files. I
reckon reading a file from disk is much quicker than reading from a
database, maybe only fractionaly though.
--
Regards,
Clive.
Real Time Travel Connections
{No electrons were harmed in the creation, transmission or reading of
this email. However, many were excited and some may well have enjoyed
the experience.}
--- End Message ---
--- Begin Message ---
On 5/22/07, clive <[EMAIL PROTECTED]> wrote:
itoctopus wrote:
> I have tried both, and I tell you that I really felt that the filesystem is
> a more convenient way of doing it.
>
I have to agree, filesystems were after all designed to store files. I
reckon reading a file from disk is much quicker than reading from a
database, maybe only fractionaly though.
--
Regards,
Clive.
Real Time Travel Connections
Ok, and what about Security etc? We only talk about speed here.
Databases are username & password protected. Files stored at the
filesystem are unprotected.
If you server files directly from the filesystem through Apache,
without interaction of PHP you might end up with people uploading all
kind of hacks. For example if they upload PHP files, and they get
served directly, then the PHP code will probably be executed.
Also, if you end up with a lot of files on one big disk (also for RAID
0), it would result in slow speeds for finding the actual data on the
disk. Read operations are faster, but for small files, a database
would be faster. This is probably not for your project, as you're
files are little bit larger. [Please, don't ask for benchmarks of
above statement.]
Tijnema
--- End Message ---
--- Begin Message ---
On Tue, 2007-05-22 at 11:00 +0200, clive wrote:
> itoctopus wrote:
> > I have tried both, and I tell you that I really felt that the filesystem is
> > a more convenient way of doing it.
> >
> I have to agree, filesystems were after all designed to store files. I
> reckon reading a file from disk is much quicker than reading from a
> database, maybe only fractionaly though.
And databases were created to relate data. So if you're image is
"related" to something, then it follows using your naive logic, that the
image belongs in the database. It just so happens that database data
usually resides on the filesystem, and thus your logical argument is
still met. Thus, continuing to follow along this pendantic semantic
path, it makes more sense that the image be in the database since more
requirements are fulfilled.
As I'm sure you can see, this logic has holes in it :)
Cheers,
Rob.
--
.------------------------------------------------------------.
| InterJinn Application Framework - http://www.interjinn.com |
:------------------------------------------------------------:
| An application and templating framework for PHP. Boasting |
| a powerful, scalable system for accessing system services |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for |
| creating re-usable components quickly and easily. |
`------------------------------------------------------------'
--- End Message ---
--- Begin Message ---
Hi Mike,
And thank you for your help...
Le Mon, 21 May 2007 13:21:35 -0400,
"Mike Smith" <[EMAIL PROTECTED]> a écrit :
> On 5/21/07, David BERCOT <[EMAIL PROTECTED]> wrote:
> > Hi Mike,
> >
> > Le Mon, 21 May 2007 10:24:52 -0400,
> > "Mike Smith" <[EMAIL PROTECTED]> a écrit :
> > > David,
> > >
> > > Is MSDE running in mixed mode authentication? I believe by
> > > default it only uses Windows authentication. If you're not sure
> > > you can readup on how to check (and change if necessary):
> > >
> > > http://support.microsoft.com/kb/325022
> >
> > I've just had a look and MSDE is in mixed mode (2 !) :-(
> >
> > Thank you.
> >
> > David.
> I vaguely remember having to add :1433 to the freetds.conf on one
> Debian server. A quick google turns up this, but I think I put the
> server:port on one line (i.e. 192.168.1.11:1433):
>
> http://lists.evolt.org/archive/Week-of-Mon-20030915/148291.html
I've tried some modifications and I've searched for others ideas with
Google, but nothing's right !!!
I don't know at all what to do...
May be a miracle if someone can help me ?
Thank you very much.
David.
--- End Message ---
--- Begin Message ---
On 5/22/07, David BERCOT <[EMAIL PROTECTED]> wrote:
Hi Mike,
And thank you for your help...
Le Mon, 21 May 2007 13:21:35 -0400,
"Mike Smith" <[EMAIL PROTECTED]> a écrit :
> On 5/21/07, David BERCOT <[EMAIL PROTECTED]> wrote:
> > Hi Mike,
> >
> > Le Mon, 21 May 2007 10:24:52 -0400,
> > "Mike Smith" <[EMAIL PROTECTED]> a écrit :
> > > David,
> > >
> > > Is MSDE running in mixed mode authentication? I believe by
> > > default it only uses Windows authentication. If you're not sure
> > > you can readup on how to check (and change if necessary):
> > >
> > > http://support.microsoft.com/kb/325022
> >
> > I've just had a look and MSDE is in mixed mode (2 !) :-(
> >
> > Thank you.
> >
> > David.
> I vaguely remember having to add :1433 to the freetds.conf on one
> Debian server. A quick google turns up this, but I think I put the
> server:port on one line (i.e. 192.168.1.11:1433):
>
> http://lists.evolt.org/archive/Week-of-Mon-20030915/148291.html
I've tried some modifications and I've searched for others ideas with
Google, but nothing's right !!!
I don't know at all what to do...
May be a miracle if someone can help me ?
Thank you very much.
David.
Is the SQL server and the PHP script running on the same machine? If
so, you should specify 127.0.0.1 or localhost for the server, and not
the IP.
Tijnema
--- End Message ---
--- Begin Message ---
Le Tue, 22 May 2007 14:18:31 +0200,
Tijnema <[EMAIL PROTECTED]> a écrit :
> On 5/22/07, David BERCOT <[EMAIL PROTECTED]> wrote:
> > Hi Mike,
> >
> > And thank you for your help...
> >
> > Le Mon, 21 May 2007 13:21:35 -0400,
> > "Mike Smith" <[EMAIL PROTECTED]> a écrit :
> > > On 5/21/07, David BERCOT <[EMAIL PROTECTED]> wrote:
> > > > Hi Mike,
> > > >
> > > > Le Mon, 21 May 2007 10:24:52 -0400,
> > > > "Mike Smith" <[EMAIL PROTECTED]> a écrit :
> > > > > David,
> > > > >
> > > > > Is MSDE running in mixed mode authentication? I believe by
> > > > > default it only uses Windows authentication. If you're not
> > > > > sure you can readup on how to check (and change if necessary):
> > > > >
> > > > > http://support.microsoft.com/kb/325022
> > > >
> > > > I've just had a look and MSDE is in mixed mode (2 !) :-(
> > > >
> > > > Thank you.
> > > >
> > > > David.
> > > I vaguely remember having to add :1433 to the freetds.conf on one
> > > Debian server. A quick google turns up this, but I think I put the
> > > server:port on one line (i.e. 192.168.1.11:1433):
> > >
> > > http://lists.evolt.org/archive/Week-of-Mon-20030915/148291.html
> >
> > I've tried some modifications and I've searched for others ideas
> > with Google, but nothing's right !!!
> > I don't know at all what to do...
> >
> > May be a miracle if someone can help me ?
> >
> > Thank you very much.
> >
> > David.
>
> Is the SQL server and the PHP script running on the same machine? If
> so, you should specify 127.0.0.1 or localhost for the server, and not
> the IP.
No. SQL Server is under Windows XP and the PHP script is under
Debian !!!
David.
--- End Message ---
--- Begin Message ---
Hi All, am trying to integrate a poke me poke you functionality to a web 2.0
application am developing. I've got some ideas of how to do this but am not
sure if its the best aproach. i am using the idea of a PM system since i've
done that earlier.
Does anyone have any way of implementing a pokeing functionality in php ?
Cheers
---------------------------------
Ready for the edge of your seat? Check out tonight's top picks on Yahoo! TV.
--- End Message ---
--- Begin Message ---
Many ideas, all of them completely dependent on exactly what your
requirements are - should a poke be delivered to the target in real-time or
when they next load a page?
This is an extremely general question, like "I want users to be able to view
each other's profiles, how?"...
--rob
On 5/22/07, Don Don <[EMAIL PROTECTED]> wrote:
Hi All, am trying to integrate a poke me poke you functionality to a web
2.0 application am developing. I've got some ideas of how to do this but
am not sure if its the best aproach. i am using the idea of a PM system
since i've done that earlier.
Does anyone have any way of implementing a pokeing functionality in php ?
Cheers
---------------------------------
Ready for the edge of your seat? Check out tonight's top picks on Yahoo!
TV.
--
Rob Desbois
Eml: [EMAIL PROTECTED]
Tel: 01452 760631
Mob: 07946 705987
"There's a whale there's a whale there's a whale fish" he cried, and the
whale was in full view.
...Then ooh welcome. Ahhh. Ooh mug welcome.
--- End Message ---
--- Begin Message ---
Just the general method of implementing a poke, and then any application
specific requirements can then be tailored to the application.
If a user is not logged in, whenever they do, they'll get a notification that
they have been poked by a particular user, and when they are logged in they'll
get a poke when the page is refreshed, provided a poke was sent at that time.
Rob Desbois <[EMAIL PROTECTED]> wrote:
Many ideas, all of them completely dependent on exactly what your
requirements are - should a poke be delivered to the target in real-time or
when they next load a page?
This is an extremely general question, like "I want users to be able to view
each other's profiles, how?"...
--rob
On 5/22/07, Don Don
wrote:
>
> Hi All, am trying to integrate a poke me poke you functionality to a web
> 2.0 application am developing. I've got some ideas of how to do this but
> am not sure if its the best aproach. i am using the idea of a PM system
> since i've done that earlier.
>
> Does anyone have any way of implementing a pokeing functionality in php ?
>
> Cheers
>
>
> ---------------------------------
> Ready for the edge of your seat? Check out tonight's top picks on Yahoo!
> TV.
--
Rob Desbois
Eml: [EMAIL PROTECTED]
Tel: 01452 760631
Mob: 07946 705987
"There's a whale there's a whale there's a whale fish" he cried, and the
whale was in full view.
...Then ooh welcome. Ahhh. Ooh mug welcome.
Fussy? Opinionated? Impossible to please? Perfect. Join Yahoo!'s user
panel and lay it on
us.http://us.rd.yahoo.com/evt=48516/*http://surveylink.yahoo.com/gmrs/yahoo_panel_invite.asp?a=7
hot CTA = Join Yahoo!'s user panel
--- End Message ---
--- Begin Message ---
On May 22, 2007, at 6:26 AM, Don Don wrote:
Just the general method of implementing a poke, and then any
application specific requirements can then be tailored to the
application.
If a user is not logged in, whenever they do, they'll get a
notification that they have been poked by a particular user, and
when they are logged in they'll get a poke when the page is
refreshed, provided a poke was sent at that time.
This is really easy functionality. Just add in a database that person
A has poked person B. When B logs in or refreshes the page, (s)he'll
see it - because obviously you'll check for it in your application.
~Philip
Rob Desbois <[EMAIL PROTECTED]> wrote:
Many ideas, all of them completely dependent on exactly what your
requirements are - should a poke be delivered to the target in real-
time or
when they next load a page?
This is an extremely general question, like "I want users to be
able to view
each other's profiles, how?"...
--rob
On 5/22/07, Don Don
wrote:
Hi All, am trying to integrate a poke me poke you functionality to
a web
2.0 application am developing. I've got some ideas of how to do
this but
am not sure if its the best aproach. i am using the idea of a PM
system
since i've done that earlier.
Does anyone have any way of implementing a pokeing functionality
in php ?
Cheers
--- End Message ---
--- Begin Message ---
Hi all, am trying to run a regular expression to a list of user entered data on
some forms.
I've creating what i think is a matching pattern for each category as shown
below:
function validateEntry($regularExpression, $fieldValue)
{
if(preg_match($regularExpression, $fieldValue))
{
return "true";
}
else
{
return "false";
}
}
i made a list of rules that are passed into the function above
1) [a-zA-Z][0-9] //allow any characters and numbers together anywhere within
the text
2) [a-zA-Z] //allow only any charaters in the text
3) [0-9]{2} //allow only digits and they must be 2 in length
4) [a-zA-Z]{1} //allow only 1 character either uppercase or lowercase
but each of these fail the validation when data is entered appropriately ,
seems iam getting something wrong.
Fussy? Opinionated? Impossible to please? Perfect. Join Yahoo!'s user
panel and lay it on
us.http://us.rd.yahoo.com/evt=48516/*http://surveylink.yahoo.com/gmrs/yahoo_panel_invite.asp?a=7
hot CTA = Join Yahoo!'s user panel
--- End Message ---
--- Begin Message ---
2007. 05. 22, kedd keltezéssel 03.35-kor Don Don ezt írta:
> Hi all, am trying to run a regular expression to a list of user entered data
> on some forms.
>
> I've creating what i think is a matching pattern for each category as shown
> below:
>
> function validateEntry($regularExpression, $fieldValue)
> {
> if(preg_match($regularExpression, $fieldValue))
> {
> return "true";
> }
> else
> {
> return "false";
> }
> }
>
> i made a list of rules that are passed into the function above
>
> 1) [a-zA-Z][0-9] //allow any characters and numbers together anywhere within
> the text
> 2) [a-zA-Z] //allow only any charaters in the text
> 3) [0-9]{2} //allow only digits and they must be 2 in length
> 4) [a-zA-Z]{1} //allow only 1 character either uppercase or lowercase
>
the patterns seem ok, but you should enclose them within some delimiter
characters, e.g. "/[a-zA-Z][0-9]/" or something like that
greets
Zoltán Németh
>
> but each of these fail the validation when data is entered appropriately ,
> seems iam getting something wrong.
>
>
> Fussy? Opinionated? Impossible to please? Perfect. Join Yahoo!'s user
> panel and lay it on
> us.http://us.rd.yahoo.com/evt=48516/*http://surveylink.yahoo.com/gmrs/yahoo_panel_invite.asp?a=7
> hot CTA = Join Yahoo!'s user panel
--- End Message ---
--- Begin Message ---
On 5/22/07, Zoltán Németh <[EMAIL PROTECTED]> wrote:
2007. 05. 22, kedd keltezéssel 03.35-kor Don Don ezt írta:
> Hi all, am trying to run a regular expression to a list of user entered data
on some forms.
>
> I've creating what i think is a matching pattern for each category as shown
below:
>
> function validateEntry($regularExpression, $fieldValue)
> {
> if(preg_match($regularExpression, $fieldValue))
> {
> return "true";
> }
> else
> {
> return "false";
> }
> }
>
> i made a list of rules that are passed into the function above
>
> 1) [a-zA-Z][0-9] //allow any characters and numbers together anywhere within
the text
> 2) [a-zA-Z] //allow only any charaters in the text
> 3) [0-9]{2} //allow only digits and they must be 2 in length
> 4) [a-zA-Z]{1} //allow only 1 character either uppercase or lowercase
>
the patterns seem ok, but you should enclose them within some delimiter
characters, e.g. "/[a-zA-Z][0-9]/" or something like that
greets
Zoltán Németh
Yes, but make sure you don't end up with a / inside your expression,
as that would mean the end of the expression.
You could also use another delimiter in your preg functions, i prefer
using the % symbol, but you could of course use anything you want :)
Tijnema
--- End Message ---
--- Begin Message ---
Don Don wrote:
Hi all, am trying to run a regular expression to a list of user entered data on
some forms.
I've creating what i think is a matching pattern for each category as shown
below:
function validateEntry($regularExpression, $fieldValue)
{
if(preg_match($regularExpression, $fieldValue))
{
return "true";
}
else
{
return "false";
}
}
is this all your function will ever do, or do you plan on extending it
later?
i made a list of rules that are passed into the function above
1) [a-zA-Z][0-9] //allow any characters and numbers together anywhere within
the text
2) [a-zA-Z] //allow only any charaters in the text
3) [0-9]{2} //allow only digits and they must be 2 in length
4) [a-zA-Z]{1} //allow only 1 character either uppercase or lowercase
not sure how you are setting these up, but try something like this
$slpnum = '!^[a-zA-Z0-9]+$!';
$slpha = '!^[a-zA-Z]+$!';
$number = '!^[0-9]{2}$!';
$aplshort = '!^[a-zA-Z]{1}$!';
but each of these fail the validation when data is entered appropriately ,
seems iam getting something wrong.
Fussy? Opinionated? Impossible to please? Perfect. Join Yahoo!'s user
panel and lay it on
us.http://us.rd.yahoo.com/evt=48516/*http://surveylink.yahoo.com/gmrs/yahoo_panel_invite.asp?a=7
hot CTA = Join Yahoo!'s user panel
--
Jim Lucas
"Some men are born to greatness, some achieve greatness,
and some have greatness thrust upon them."
Unknown
--- End Message ---
--- Begin Message ---
Hi,
I'm trying to make PHP5's soap implementation play nice with my web
service, and I'm having a problem.
Part of my schema contains a complexType, containing an xsd:choice of
several different element types, which can be repeated many times
(maxOccurs=unbounded)
e.g.:
<xsd:complexType name='containertype'>
<xsd:sequence>
<xsd:choice maxOccurs='unbounded'>
<xsd:element name='e1' type='e1type'>
<xsd:element name='e2' type='e2type'>
</xsd:choice>
</xsd:sequence>
</xsd:complexType>
The problem is that the order of element here is important. I want the
results returned in the same order that they appear in the XML.
Unfortunately, what I end up with, is an object containing an array of
all the e1 elements, followed by an array of all the e2 elements.
Take the following example... If there following were in my soap result:
<container>
<e1>some_stuff</e1>
<e2>different_stuff</e2>
<e1>some_other_stuff</e1>
<e2>different_other_stuff</e2>
</container>
What I actually end up seeing is something like:
[container] => stdClass Object
(
[e1] Array
(
[0] => some_stuff
[1] => some_other_stuff
)
[e2] Array
(
[0] => different_stuff
[1] => different_other_stuff
)
}
Note that this is somewhat simplified from my real-world example. In
reality, "e1" and "e2" are complexTypes themselves.
But I really do need to see the resulting elements in the same order
that they were supplied. I'm able to do this in dotnet and gsoap
clients, so far. (I haven't tried any others.)
Incidentally, I'm using a basic unmodified skeleton generated by
wsdl2php as my classmap. The object describing the 'container' type
looks simply like:
class container {
}
Perhaps it's possible to add something to this to help sort the order out??
Any suggestions are appreciated. Could this be a bug?
Incidentally, the full-blown (and rather complicated I'm afraid)
schema/wsdl for what I'm *actually* trying to do is at
http://www.widgit.com/cml/symgate.wsdl if that helps.
Thanks,
Simon
--
Simon Detheridge
SEN Developer, Widgit Software
CONFIDENTIALITY NOTICE:
This email and any attachments are for the exclusive and confidential use of
the intended recipient. If you are not the intended recipient, please do not
read, distribute or take action in reliance upon this message. If you have
received this in error, please notify us immediately by return email and
promptly delete this message and its attachments from your computer system.
Logotron is a limited company registered in England, number 04113866. The
registered office is Logotron Ltd, 124 Cambridge Science Park, Milton Road,
Cambridge, CB4 0ZS.
--- End Message ---
--- Begin Message ---
On 5/22/07, Ligaya A. Turmelle <[EMAIL PROTECTED]> wrote:
There are a number of ways to help depending upon what you want to do.
Any help is always appreciated. An incomplete listing -
http://www.khankennels.com/blog/index.php/archives/2006/08/10/25-ways-to
-help-out-php/
Lig
I have no problems with point 8:
8) volunteer access to your server to a QA Team member.
Who should I contact for this? should I subscribe to the QA list and
just ask who needs? :P
Tijnema
-----Original Message-----
From: James Savage [mailto:[EMAIL PROTECTED]
Sent: Tuesday, May 22, 2007 7:27 AM
To: [EMAIL PROTECTED]
Subject: [PHP] How can i help
I am a PHP web programmer with a little bit more than basic knowledge.
What could i do to help with developing PHP?
--
PHP General Mailing List (http://www.php.net/) To unsubscribe, visit:
http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
On 5/21/07, Tim Donnelly <[EMAIL PROTECTED]> wrote:
I should preface this by saying, I am not a PHP person. I have been able to
install php in the past and get things to work, but this time I am having fits.
I am running php 5.2.1, apache 1.3.34, OpenSuSE 10.0 on a 64bit AMD platform.
I have compiled php with the following statement:
'./configure' '--with-apxs=/usr/local/apache/bin/apxs' '--with-pspell'
'--enable-mbstring' '--with-mysql' '--with-libdir=/lib64' '--enable-mailparse'
and installed mailparse 2.1.1 via PECL. Running pecl list confirms that
mailparse 2.1.1 stable is installed. I have added the line:
extension=mailparse.so
to my php.ini file.
However, my email server software (@Mail v5.04) says mailparse is not
installed. I attempted to run the code posted by wberrier at yahoo dot com
found here http://us2.php.net/mailparse and all I got was a blank screen. As
I said, I'm not a php person do I don't know if this is conclusive proof of a
problem or not.
Can anybody help me? I can provide additional information if needed.
Thanks
Tim Donnelly
Systems/Network Administrator
Colorado Alliance of Research Libraries
(303)759-3399 x106
To start, run a phpinfo.php script which contains phpinfo(). That will
reliably tell you if mailparse is installed.
Did you restart your web server after adding the module and editing php.ini?
Does mailparse, by any chance, need a [mailparse] section in php.ini
to set its parameters?
Are you certain there is not an old instance of Apache running?
Hope this helps - Miles
--- End Message ---
--- Begin Message ---
My pleasure, Arno!
On 5/22/07, Arno Kuhl <[EMAIL PROTECTED]> wrote:
-----Original Message-----
From: Daniel Brown [mailto:[EMAIL PROTECTED]
Sent: 18 May 2007 10:27
To: Al
Cc: [EMAIL PROTECTED]
Subject: Re: [PHP] Security Question, re directory permissions [long
answer]
On 5/18/07, Al <[EMAIL PROTECTED]> wrote:
>
> I'm on a shared Linux host and have been wondering about security and
> directory "other" ["world"] permissions.
>
> The defaults are 755. The 'others' [world] can read them only.
>
> Is there a security hole if a dir on the doc root if a directory has
> permissions 757?
>
> If there is a security problem, what is it?
>
> Thanks...
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
DISCLAIMER: Bare with me.... this is a bit of a long answer.... enjoy!
I can't think of any good reason why you'd have 757 for your
permissions, first of all.
Secondly, yes, there are security holes in having world-writable
directories on a shared system. Some scripts require that you have these
permissions set, and this is primarily for uploading files. However,
better
care should be taken by the authors to work around the 777-required
permissions. For example, if uploading an image on the web to a
web-accessible directory, it could instead be done as follows:
Set permissions on [directory] to 777.
Run script createdir.php via the web:
<?
mkdir($dir_name);
chmod($dir_name,0700);
?>
Set permissions on [directory] back to the original permissions
(probably 750 or 755).
The above example does the following:
1.) Sets the directory to allow everyone to read, write, and
execute.
2.) Apache creates a directory and sets permissions so that only
it
can read, write, and execute what's in there.
3.) Sets the directory back to the original (hopefully secure)
permissions.
That means that you won't be able to add, remove, or modify anything
in
that directory, of course, including the directory itself, unless you do
so
via the web. For example, you won't be able to use FTP to upload to that
directory, nor can you delete anything from there via FTP or SSH (unless
your host has REALLY screwed something up).
Of course, if php_suexec is running, or if you set the SUID on the
script, then the scripts will execute as the user they belong to, not as
apache/nobody/daemon or whatever Apache is set to run as. This means that
the above paragraph does not apply, and even via Apache, it would be as
though you had manually placed the files there. This is the most-secure
operation as far as that goes, but can lead to problems of privilege
escalation if someone is able to create files under the UID of a different
user on the system and have suexec run the files.
And a basic refresher on Unix permissions as a whole (these NEVER
apply
to root, who can do anything, anytime, anywhere):
Specialty User Group Everyone
# # # #
Everyone knows the basics of chmod:
- 7 5 5
`chmod 755 script.php`
-rwxr-xr-x script.php
- Owner can read, write, and execute
- Members of primary group can read and execute
(can't
write to file)
- Everyone else can read and execute (can't write to
file)
Another example:
`chmod 640 script.php`
-rw-r----- script.php
- Owner can read and write (can't execute file)
- Members of primary group can read (can't write or
execute file)
- No one else (again, beside root) can read, write,
or execute file
Each bit is comprised of a math formula with values as follows:
4 - Read
2 - Write
1 - Execute
0 - No permissions (cannot be added to above numbers in permission
bit, of course)
So to get the number for the permission bit, simply add the above
numbers together to get the sum. For example, if you want the owner of
the
file to be able read, write, and execute, the group to be able to read and
execute, and the rest of the world to only be able to read, you'd do
calculate the following:
Owner (read, write, execute): 4 + 2 + 1 = 7
Group (read and execute): 4 + 1 = 5
Everyone (read only): 2
Your permissions as above would be 752 (`chmod 752 script.php`).
Now, on to the 4-digit permission values you've probably seen
elsewhere
begin with what's called a 'specialty bit' which allows the owner (or
root)
to enforce one of the following:
4 - SUID (if executed, runs as owner, with owner permissions)
2 - GUID (if executed, runs as group, with group permissions)
1 - Sticky (if directory, only user can modify/rename/delete files
within; if file, on only *nix systems, keep file in RAM upon delete)
Using the same concept and convention as above with the math, you can
create single or combination permissions on the specialty bit of the
permissions. Some examples:
4755 - Owner can read/write/execute; group and everyone else can
read/execute; when run, runs with owner permissions
2751 - Owner can read/write/execute; group can read/execute;
everyone else can execute; runs with group permissions
6750 - Owner can read/write/execute; group can read/execute;
nobody
else has permission; runs user/group permissions.
And the file permissions will look like so:
`chmod 4755 script.php` --- -rwsr-xr-x script.php
`chmod 2751 script.php` --- -rwxr-s--x script.php
`chmod 6750 script.php` --- -rwsrws--- script.php
So it's a bit longer than what you asked for, but sometimes it's good
to
go over the fundamentals again. Plus, I'm not positive, but PHP may
require
that you use 4-digit permissions as opposed to the common 3-digit
permissions when using the chmod() function in your scripts. Just
something
to think about.
Hope it helps someone.
--
Daniel P. Brown
[office] (570-) 587-7080 Ext. 272
[mobile] (570-) 766-8107
-----------------------------------------------
Thanks Daniel, I've been dealing with this recently and found your post
very
helpful.
Cheers
Arno
--
Daniel P. Brown
[office] (570-) 587-7080 Ext. 272
[mobile] (570-) 766-8107
--- End Message ---
--- Begin Message ---
Can I assume that all ftp_connect()s will make the current dir the DOC_ROOT?
If not, how can I insure the ftp root dir is the same as DOC_ROOT?
You can't use the absolute path with ftp.
chdir() doesn't change the ftp current dir.
if you ftp_chdir() and it's already on the root, it posts an error.
ftp_pwd() simply returns "/", which simply says it's on its root, where ever
that is.
Thanks....
--- End Message ---
--- Begin Message ---
r?
>
>
> Can I assume that all ftp_connect()s will make the current
> dir the DOC_ROOT?
>
> If not, how can I insure the ftp root dir is the same as DOC_ROOT?
>
> You can't use the absolute path with ftp.
>
> chdir() doesn't change the ftp current dir.
>
> if you ftp_chdir() and it's already on the root, it posts an error.
>
> ftp_pwd() simply returns "/", which simply says it's on its
> root, where ever that is.
The ftp_* functions behave just as any ftp client behaves, AFAIK. If you
log into the FTP server via your favorite command-line FTP client, you are
seeing the exact same behaviour as the ftp_* functions will see.
JM
--- End Message ---
--- Begin Message ---
I know that; but, I writing a script, that can be used on different servers, which creates a directory and I want to
make certain it is created on the DOC ROOT. I don't want the user to have to test the ftp connection with a ftp utility
program first.
Jim Moseby wrote:
r?
Can I assume that all ftp_connect()s will make the current
dir the DOC_ROOT?
If not, how can I insure the ftp root dir is the same as DOC_ROOT?
You can't use the absolute path with ftp.
chdir() doesn't change the ftp current dir.
if you ftp_chdir() and it's already on the root, it posts an error.
ftp_pwd() simply returns "/", which simply says it's on its
root, where ever that is.
The ftp_* functions behave just as any ftp client behaves, AFAIK. If you
log into the FTP server via your favorite command-line FTP client, you are
seeing the exact same behaviour as the ftp_* functions will see.
JM
--- End Message ---
--- Begin Message ---
Hi Al,
Tuesday, May 22, 2007, 4:19:22 PM, you wrote:
> I know that; but, I writing a script, that can be used on different
> servers, which creates a directory and I want to
> make certain it is created on the DOC ROOT. I don't want the user
> to have to test the ftp connection with a ftp utility
> program first.
I'd have to say 'impossible'. This value isn't stored in any one
variable or even in a system value you can rely on.
For example you could probably extract the FTP home directory of a
given user on a Unix system with a bit less pain than on a Windows
server, but within IIS which managers FTP on Windows, you'd have to
query the IIS service itself (via its COM object) to find out the home
dir of a user, which will (and can) vary per user, assuming they even
have one set.
That doesn't even begin to cover all the various other FTP Servers out
there, such as ServU, GlobalScape, TitanFTP, FileZilla Server,
SurgeFTP, etc, etc. Each one holds its users root directories in
different ways, and you'd need to know them *all*. Some hold them in
ini files, some in xml, some in the registry, some in custom binary
formats. You get the idea.
Like I said, I think you're heading into 'impossible' territory here.
Find another way to achieve the same end result.
Cheers,
Rich
--
Zend Certified Engineer
http://www.corephp.co.uk
"Never trust a computer you can't throw out of a window"
--- End Message ---
--- Begin Message ---
On Tue, 2007-05-22 at 11:19 -0400, Al wrote:
> I know that; but, I writing a script, that can be used on different servers,
> which creates a directory and I want to
> make certain it is created on the DOC ROOT. I don't want the user to have to
> test the ftp connection with a ftp utility
> program first.
You can only do that if you have control over the ftp server settings
such that the FTP directory overlaps your DOC_ROOT at some point. And
even then you need to know exactly how it overlaps since FTP doesn't
expose it's real location to FTP clients (at least not that I know of).
Cheers,
Rob.
--
.------------------------------------------------------------.
| InterJinn Application Framework - http://www.interjinn.com |
:------------------------------------------------------------:
| An application and templating framework for PHP. Boasting |
| a powerful, scalable system for accessing system services |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for |
| creating re-usable components quickly and easily. |
`------------------------------------------------------------'
--- End Message ---
--- Begin Message ---
On Sat, May 19, 2007 10:22 pm, Shannon Whitty wrote:
I'm looking for a piece of software or coding that will let me post a
form
to another URL, accept the response, search it for a specific
"success"
string and then let me continue processing the rest of my program.
http://php.net/curl
I want to accept queries on behalf of my supplier, forward it to them
behind
the scenes, accept their response and display it within my website.
Has anyone had any experience with this? Is there a simple, basic
utility
to let me do this?
I was kind of hoping I could avoid developing it myself.
As I understand this, you want to create a web page of your own which
accepts requests for customers who are going to order products from your
supplier. You want to have a form on your page which accepts their
requests, then forward the form data on to your supplier's web site,
where presumably it will be processed. Then you want to retrieve the
response from your supplier's page, and display the result on your own
web page. You suggest that the response string for "success" is
relatively stable and that this string is this what you want to search
for in the response.
This doesn't sound like a very complicated problem. You can do this
either using Ajax or not. The basic solution is the same. You have a
script on the server which accepts the form data from your page and
re-sends it to the supplier's site. If your supplier's site accepts
form data using GET, then you can simply create a url with the form data
attached in a query string:
http://my.supplier.com?fdata_1=data1&fdata_2=data2
Send this url to your suppler using file_get_contents:
$return_string =
file_get_contents("http://my.supplier.com?fdata_1=data1&fdata_2=data2";);
This will return the html file as a string which you can then parse with
preg_match() for the 'success' string.
The problem is more involved if your supplier doesn't accept GET but
only accepts POST. Then you have to use either curl or fsockopen to
post your data. I've tested the following fockopen script and it
worked for me:
<?php
$fp = fsockopen("my.supplier.com", 80, $errno, $errstr, 30);
if (!$fp) {
echo "$errstr ($errno)<br />\n";
} else {
$out = "POST http://my.supplier.com/form_page.html / HTTP/1.1\r\n";
$out .= "Host: my.supplier.com\r\n";
$post = "form_data_1=data_1&formdata_2=data_2";
$len = strlen($post);
$post .= "\r\n";
$out .="Content-Length: $len\r\n";
$out .= "Connection: Close\r\n\r\n";
$out .= $post;
fwrite($fp, $out);
$result= "";
while (!feof($fp)) {
$result .= fgets($fp, 128);
}
fclose($fp);
echo $result;
}
?>
You have to adhere to the above sequence. The posted data comes last
and it is preceded by a content-length header which tells the receiving
server how long the posted data is. The returned result is the html
page returned from your posted request.
--
_____________________
Myron Turner
http://www.room535.org
http://www.bstatzero.org
http://www.mturner.org/XML_PullParser/
--- End Message ---
--- Begin Message ---
How can I convert the numerical day of week to the string version?
Example, if the day of the week is 1 I would like to print out 'Sunday'.
Thanks,
Dave
**********************************************************************
HTC Disclaimer: The information contained in this message may be privileged
and confidential and protected from disclosure. If the reader of this message
is not the intended recipient, or an employee or agent responsible for
delivering this message to the intended recipient, you are hereby notified that
any dissemination, distribution or copying of this communication is strictly
prohibited. If you have received this communication in error, please notify us
immediately by replying to the message and deleting it from your computer.
Thank you.
**********************************************************************
--- End Message ---
