php-general Digest 17 Dec 2007 08:13:48 -0000 Issue 5185
Topics (messages 265952 through 265964):
Re: PRG pattern - how to implement a "load page using GET"
265952 by: Jochem Maas
265954 by: Robert Erbaron
Fatal error: Class 'DOMDocument' not found
265953 by: Jeff Schwartz
265956 by: Jochem Maas
Re: how to handle inserting special characters into a mysql field
265955 by: Robert Erbaron
Writing text into images, and setting text size
265957 by: Dave M G
265960 by: Casey
BBcode
265958 by: Ronald Wiplinger
Re: BBcode - Solved
265959 by: Ronald Wiplinger
how can i use timeout in php's socket?
265961 by: ½Ðǹâ
Securing your Sites
265962 by: Wolf
How to new a Object via class name String?
265963 by: ked
265964 by: Robert Cummings
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
--- Begin Message ---
Robert Erbaron wrote:
> I've been reading up on login mechanisms using redirects, and have a
> basic mechanism down.
>
> a1.php:
> <?php
> $site_title='My Site';
> if (isset($_SESSION['errmsg_s']))
> {$errmsg = 'Warning! '.$_SESSION['errmsg_s'].'!';}
> else
> {$errmsg = ''; }
> if (isset($_SESSION['email_s']))
> { unset($_SESSION['email_s']);}
> echo '<h1>Welcome to '.$site_title.'</h1><br>';
> echo $errmsg;
> ?>
> <!-- form goes here and calls a2.php -->
>
> a2.php:
> <?php
> $email = $_POST['email'];
> if // (test email for goodness against database) {
> $_SESSION['email_s'] = $email;
> unset($_SESSION['errmsg_s']);
> // stuff successful login into database
> session_write_close();
> header('Location: a3.php');
> exit;}
> else {
> $_SESSION['errmsg_s']="Re-enter your email";
> unset($_SESSION['email_s']);
> session_write_close();
> header('Location: a1.php');
> exit;}
> ?>
>
> a3.php:
> <?php
> if (empty($_SESSION['email_s'])) {
> session_write_close();
> header('Location: a1.php');
> exit;}
> $email = $_SESSION['email_s'];
> echo 'Hello there,'.$email.'. We are glad to have you here.<br>';
> ?>
>
> OK, looks like this handles refresh (resubmit) and back button issues.
> Hitting back when on page 3 empties 'email', so resubmitting does a
> brand new login. (If I'm missing something, holler.)
>
> However, the seminal article at
> http://www.theserverside.com/tt/articles/article.tss?l=RedirectAfterPost
> says:
> - Never show pages in response to POST
> - Navigate from POST to GET using REDIRECT
> - Always load pages using GET
>
> I get the first and the second, and understand how to implement them.
> The third, though. Sorry, I'm missing something. I simply don't
> understand what they mean or how to do it. Can someone translate my
> little a3.php page into 'using GET' instead of just grabbing the
> session var again? And why is that necessary?
a standard HTTP request is a GET request.
using firefox and one of a number of extensions (firebug springs to mind)
you can actually view the request headers that are sent.
>
> (P.S. I'll get to the issue of rearchitecting this via require instead
> of using header() redirects,cough, cough, Richard Lynch, cough, cough
> :) in a future message. One step at a time...)
yes - abusing redirects as described is wasteful. and certainly it's the
first time I've ever heard the statement 'Never show pages in response to POST'
sounds like hubris too me.
--- End Message ---
--- Begin Message ---
> a standard HTTP request is a GET request.
I guess I'm just missing some basic definition of terminology. Been
writing desktop systems for too long, 'spose.
> using firefox and one of a number of extensions (firebug springs to mind)
> you can actually view the request headers that are sent.
Firebug shows headers for the c3.php page are:
Response Headers:
Date Sun, 16 Dec 2007 20:48:43 GMT
Server Apache/2.2.6 (Fedora)
X-Powered-By PHP/5.1.6
Expires Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma no-cache
Content-Length 51
Connection close
Content-Type text/html; charset=UTF-8
Request Headers:
Host localhost
User-Agent Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.6)
Gecko/20070812 Remi/2.0.0.6-1.fc6.remi Firefox/2.0.0.6
Accept
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language en-us,en;q=0.5
Accept-Encoding gzip,deflate
Accept-Charset ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive 300
Connection keep-alive
Referer http://localhost/hf/c1.php
Cookie PHPSESSID=spave8i7jc7m0cmmvcdaj3msh7
> >
> > (P.S. I'll get to the issue of rearchitecting this via require instead
> > of using header() redirects,cough, cough, Richard Lynch, cough, cough
> > :) in a future message. One step at a time...)
>
> yes - abusing redirects as described is wasteful. and certainly it's the
> first time I've ever heard the statement 'Never show pages in response to
> POST'
> sounds like hubris too me.
I've seen the statement in a number of messages in the archives here
and in google searches. Probably a case of Read Once, Repeat Often. I
took it with a grain of salt. They are java guys over there, after
all. :)
OK, now onto ridding the world of these redirects()....
--
RE, Chicago
--- End Message ---
--- Begin Message ---
I'm attempting to run the sample script on the PHP site:
<?php
$dom = new DOMDocument('1.0', 'iso-8859-1');
echo $dom->saveXML(); /* <?xml version="1.0" encoding="iso-8859-1"?> */
?>
but get the error:
Fatal error: Class 'DOMDocument' not found in /var/www/html/ajax/dom.php on
line 2
I'm running ver. 5.1.6 and my config appears to be set up for xml:
'./configure' '--build=i686-redhat-linux-gnu' '--host=i686-redhat-linux-gnu'
'--target=i386-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr'
'--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin'
'--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include'
'--libdir=/usr/lib' '--libexecdir=/usr/libexec' '--localstatedir=/var'
'--sharedstatedir=/usr/com' '--mandir=/usr/share/man'
'--infodir=/usr/share/info' '--cache-file=../config.cache' '--with-libdir=lib'
'--with-config-file-path=/etc' '--with-config-file-scan-dir=/etc/php.d'
'--disable-debug' '--with-pic' '--disable-rpath' '--without-pear' '--with-bz2'
'--with-curl' '--with-exec-dir=/usr/bin' '--with-freetype-dir=/usr'
'--with-png-dir=/usr' '--enable-gd-native-ttf' '--without-gdbm'
'--with-gettext' '--with-gmp' '--with-iconv' '--with-jpeg-dir=/usr'
'--with-openssl' '--with-png' '--with-pspell' '--with-expat-dir=/usr'
'--with-pcre-regex=/usr' '--with-zlib' '--with-layout=GNU' '--enable-exif'
'--enable-ftp' '--enable-magic-quotes' '--enable-sockets' '--enable-sysvsem'
'--enable-sysvshm' '--enable-sysvmsg' '--enable-track-vars'
'--enable-trans-sid' '--enable-yp' '--enable-wddx' '--with-kerberos'
'--enable-ucd-snmp-hack' '--with-unixODBC=shared,/usr' '--enable-memory-limit'
'--enable-shmop' '--enable-calendar' '--enable-dbx' '--enable-dio'
'--with-mime-magic=/etc/httpd/conf/magic' '--without-sqlite'
'--with-libxml-dir=/usr' '--with-xml' '--with-apxs2=/usr/sbin/apxs'
'--without-mysql' '--without-gd' '--without-odbc' '--disable-dom'
'--disable-dba' '--without-unixODBC' '--disable-pdo' '--disable-xmlreader'
'--disable-xmlwriter'
Has anyone else run into this?
Thanks,
Jeff
--- End Message ---
--- Begin Message ---
Jeff Schwartz wrote:
> I'm attempting to run the sample script on the PHP site:
>
> <?php
> $dom = new DOMDocument('1.0', 'iso-8859-1');
> echo $dom->saveXML(); /* <?xml version="1.0" encoding="iso-8859-1"?> */
> ?>
>
> but get the error:
>
> Fatal error: Class 'DOMDocument' not found in /var/www/html/ajax/dom.php on
> line 2
>
> I'm running ver. 5.1.6 and my config appears to be set up for xml:
>
> './configure' '--build=i686-redhat-linux-gnu'
> '--host=i686-redhat-linux-gnu' '--target=i386-redhat-linux-gnu'
> '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin'
> '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share'
> '--includedir=/usr/include' '--libdir=/usr/lib' '--libexecdir=/usr/libexec'
> '--localstatedir=/var' '--sharedstatedir=/usr/com' '--mandir=/usr/share/man'
> '--infodir=/usr/share/info' '--cache-file=../config.cache'
> '--with-libdir=lib' '--with-config-file-path=/etc'
> '--with-config-file-scan-dir=/etc/php.d' '--disable-debug' '--with-pic'
> '--disable-rpath' '--without-pear' '--with-bz2' '--with-curl'
> '--with-exec-dir=/usr/bin' '--with-freetype-dir=/usr' '--with-png-dir=/usr'
> '--enable-gd-native-ttf' '--without-gdbm' '--with-gettext' '--with-gmp'
> '--with-iconv' '--with-jpeg-dir=/usr' '--with-openssl' '--with-png'
> '--with-pspell' '--with-expat-dir=/usr' '--with-pcre-regex=/usr'
> '--with-zlib' '--with-layout=GNU' '--enable-exif'
> '--enable-ftp' '--enable-magic-quotes' '--enable-sockets' '--enable-sysvsem'
> '--enable-sysvshm' '--enable-sysvmsg' '--enable-track-vars'
> '--enable-trans-sid' '--enable-yp' '--enable-wddx' '--with-kerberos'
> '--enable-ucd-snmp-hack' '--with-unixODBC=shared,/usr'
> '--enable-memory-limit' '--enable-shmop' '--enable-calendar' '--enable-dbx'
> '--enable-dio' '--with-mime-magic=/etc/httpd/conf/magic' '--without-sqlite'
> '--with-libxml-dir=/usr' '--with-xml' '--with-apxs2=/usr/sbin/apxs'
> '--without-mysql' '--without-gd' '--without-odbc' '--disable-dom'
> '--disable-dba' '--without-unixODBC' '--disable-pdo' '--disable-xmlreader'
> '--disable-xmlwriter'
>
> Has anyone else run into this?
run into what? your configure line clearly states that the relevant extension
is not compiled in (--disable-dom)
you want http://php.net/dom not http://php.net/xml
>
> Thanks,
>
> Jeff
>
--- End Message ---
--- Begin Message ---
> On Saturday 15 December 2007 18:59:12 Richard Lynch wrote:
> > On Fri, December 14, 2007 11:03 am, Adam Williams wrote:
> > > $query = sprintf("SELECT * FROM users WHERE user='%s' AND
> > > password='%s'",
> > > mysql_real_escape_string($user),
> > > mysql_real_escape_string($password));
> > >
> > > and I understand it uses the %s because of sprintf(), to indicate the
> > > data is a string. However, thats not syntax I'm used to seeing. If I
> > > rewrite the code to the following below, will it return the same
> > > results
> > > or error when queried?
> > >
> > > $user = mysql_real_escape_string($user);
> > > $password = mysql_real_escape_string($password)
> > > $query = "SELECT * FROM users WHERE user='$user' AND
> > > password='$password'";
> >
> > Yes, you will get the same result.
> >
> > You could have run both sets of code to try it faster than I typed
> > this answer.
If the OP was _thinking_ the same thing I was, the question was
actually, "What's the difference and why use one vs the other?" Yeah,
I could run both and see the same result (actually, I did), but don't
understand the _wisdom_ of one choice over the other.
--
RE, Chicago
--- End Message ---
--- Begin Message ---
PHP List,
I've been able to write text into an image using the default fonts
available, with this command:
ImageString($image, 5, $x - 20,$y-10, $text, $textColour);
The problem is that the font that is identified by the index "5" is too
small. But it seems that it can't be scaled in any way.
So I thought I would try to specify a font and try something like this:
$font = '/usr/share/fonts/truetype/freefonts/FreeSans.ttf';
$imagettftext($image, 20, 0, $x, $y-10, $textColour, $font, $text);
But I'm clearly not doing things quite right, and I have some questions:
1. 'FreeSans.ttf' is in my /usr/share/fonts/truetype/freefonts
directory. But specifying it doesn't seem to work. How do I get the
system to find the font?
2. I need the scripts I'm writing to be portable, so can I be sure of
what fonts will be available, and will I be able to locate them?
3. I'm not really concerned about what font it is, just that it's large
and readable. If there are other options than what I've explored here,
then I would be open to those too.
Thank you for any advice.
--
Dave M G
--- End Message ---
--- Begin Message ---
Try imagettftext().
On Dec 16, 2007 5:59 PM, Dave M G <[EMAIL PROTECTED]> wrote:
> PHP List,
>
> I've been able to write text into an image using the default fonts
> available, with this command:
>
> ImageString($image, 5, $x - 20,$y-10, $text, $textColour);
>
> The problem is that the font that is identified by the index "5" is too
> small. But it seems that it can't be scaled in any way.
>
> So I thought I would try to specify a font and try something like this:
>
> $font = '/usr/share/fonts/truetype/freefonts/FreeSans.ttf';
> $imagettftext($image, 20, 0, $x, $y-10, $textColour, $font, $text);
>
> But I'm clearly not doing things quite right, and I have some questions:
>
> 1. 'FreeSans.ttf' is in my /usr/share/fonts/truetype/freefonts
> directory. But specifying it doesn't seem to work. How do I get the
> system to find the font?
>
> 2. I need the scripts I'm writing to be portable, so can I be sure of
> what fonts will be available, and will I be able to locate them?
>
> 3. I'm not really concerned about what font it is, just that it's large
> and readable. If there are other options than what I've explored here,
> then I would be open to those too.
>
> Thank you for any advice.
>
> --
> Dave M G
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--
-Casey
--- End Message ---
--- Begin Message ---
I tested BBcode (Pear extension) with that code:
if (!empty($_POST['bbcode'])) {
require_once 'HTML/BBCodeParser.php';
$parser = new HTML_BBCodeParser(parse_ini_file('BBCodeParser.ini'));
echo $parser->qParse($_POST['bbcode']);
}
?>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST">
<textarea name="bbcode">
<?php echo @$_POST['bbcode']; ?>
</textarea>
<input type="submit" />
</form>
it works!
I added it to a production page, by moving BBCodeParser.ini ouside of
htdocs directory. Added at the beginning of the php file:
require_once 'HTML/BBCodeParser.php';
and at the wished output:
echo "<TD bgcolor='yellow'>";
$parser = new HTML_BBCodeParser(parse_ini_file('../BBCodeParser.ini'));
echo "<FONT face=$FFACE color=$FCOLOR>";
echo $parser->qParse($DB_DETAIL);
echo "</TD>";
I tested the input of my form with:
[list] [*]normal [*][b]bold[/b] [*][u]underline[/u] [*][i]italic[/i]
[/list]
The database field in got these data, but the output on the screen is
also just:
[list] [*]normal [*][b]bold[/b] [*][u]underline[/u] [*][i]italic[/i]
[/list]
What am I doing wrong?
bye
Ronald
--- End Message ---
--- Begin Message ---
I copied BBCodeParse.ini to the wrong place, ....
Ronald Wiplinger wrote:
> I tested BBcode (Pear extension) with that code:
>
> if (!empty($_POST['bbcode'])) {
> require_once 'HTML/BBCodeParser.php';
> $parser = new HTML_BBCodeParser(parse_ini_file('BBCodeParser.ini'));
> echo $parser->qParse($_POST['bbcode']);
> }
> ?>
>
> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST">
> <textarea name="bbcode">
> <?php echo @$_POST['bbcode']; ?>
> </textarea>
> <input type="submit" />
> </form>
>
>
>
> it works!
>
> I added it to a production page, by moving BBCodeParser.ini ouside of
> htdocs directory. Added at the beginning of the php file:
> require_once 'HTML/BBCodeParser.php';
>
> and at the wished output:
> echo "<TD bgcolor='yellow'>";
> $parser = new HTML_BBCodeParser(parse_ini_file('../BBCodeParser.ini'));
> echo "<FONT face=$FFACE color=$FCOLOR>";
> echo $parser->qParse($DB_DETAIL);
> echo "</TD>";
>
> I tested the input of my form with:
> [list] [*]normal [*][b]bold[/b] [*][u]underline[/u] [*][i]italic[/i]
> [/list]
> The database field in got these data, but the output on the screen is
> also just:
> [list] [*]normal [*][b]bold[/b] [*][u]underline[/u] [*][i]italic[/i]
> [/list]
>
>
> What am I doing wrong?
>
> bye
>
> Ronald
>
>
--- End Message ---
--- Begin Message ---
how can i use timeout in php's socket? And if php support multicast? thanks
--- End Message ---
--- Begin Message ---
For all of you with an upload/access page to your site that is
world-viewable I have made available copies of scripts that kiddies have
tried to use to take over my own server. As my upload page has yet to
be broken nor my site taken over, I wanted to share them with everyone
as a way to learn how kiddies are trying/doing things as well as
educating everyone on what they need to do to secure their own site.
The specially hardened site for the scripts:
http://ambiguous.dnsalias.net/
A long time ago I saw a post about how to lock down your server, if I
can find it, I'll post it. But until then, go through the scripts and
poke around on your own development sites and see if you can lock your
own system down.
Wolf
--- End Message ---
--- Begin Message ---
Hi , I'm a freshman in PHP, can anyone give me any advices?
I defied some simple classes, like "User", "Item"...
in a general way ,
$obj = new User();
specially, I need to assign a Object via a class name .
Now , my code :
switch ($className)
{
case "User":
return new User();
break ;
case "Item":
return new Item();
break ;
default:
break ;
}
I think that It's not a clever job. How to do it skillfully?
Thank you for any advice.
--- End Message ---
--- Begin Message ---
On Mon, 2007-12-17 at 15:50 +0800, ked wrote:
> Hi , I'm a freshman in PHP, can anyone give me any advices?
>
> I defied some simple classes, like "User", "Item"...
>
> in a general way ,
> $obj = new User();
>
> specially, I need to assign a Object via a class name .
>
> Now , my code :
> switch ($className)
> {
> case "User":
> return new User();
> break ;
> case "Item":
> return new Item();
> break ;
> default:
> break ;
> }
>
> I think that It's not a clever job. How to do it skillfully?
>
> Thank you for any advice.
<?php
class User
{
}
class Item
{
}
function getObject( $name )
{
$obj = false;
if( class_exists( $name ) )
{
$obj = new $name();
}
return $obj;
}
var_dump( getObject( 'User' ) ); echo"\n\n";
var_dump( getObject( 'Item' ) ); echo"\n\n";
var_dump( getObject( 'Foo' ) ); echo"\n\n";
?>
Cheers,
Rob.
--
...........................................................
SwarmBuy.com - http://www.swarmbuy.com
Leveraging the buying power of the masses!
...........................................................
--- End Message ---
