php-general Digest 17 Dec 2007 20:17:57 -0000 Issue 5186
Topics (messages 265965 through 265992):
Re: how can i use timeout in php's socket?
265965 by: ½Ðǹâ
265966 by: Brice
265969 by: ½Ðǹâ
Re: PRG pattern - how to implement a "load page using GET"
265967 by: Per Jessen
265968 by: Jochem Maas
Re: Writing text into images, and setting text size
265970 by: Dave M G
265975 by: Andrés Robinet
re-compiling PHP on Mac OS X
265971 by: Jochem Maas
265973 by: Frank Arensmeier
265974 by: Jochem Maas
265976 by: Frank Arensmeier
265980 by: Jason Pruim
265991 by: David Powers
php sockets
265972 by: vixle
'Define vs const' or 'file vs class'
265977 by: Johannes Skov Frandsen
265979 by: Nathan Nobbe
Re: Securing your Sites
265978 by: admin.buskirkgraphics.com
265982 by: Wolf
265984 by: Dan Parry
265986 by: Dan Parry
265987 by: Jeremy Mcentire
265988 by: Wolf
265989 by: Daniel Brown
265990 by: Wolf
nested array...
265981 by: opo jal
265983 by: Richard Heyes
265985 by: Cesar D. Rodas
Re: [PHP-DB] force to download file
265992 by: Daniel Brown
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
--- Begin Message ---
Who can help me? Thank you!
-----邮件原件-----
发件人: 陆星光 [mailto:[EMAIL PROTECTED]
发送时间: 2007年12月17日 15:11
收件人: [EMAIL PROTECTED]
主题: [PHP] how can i use timeout in php's socket?
how can i use timeout in php's socket? And if php support multicast? thanks
--- End Message ---
--- Begin Message ---
On Dec 17, 2007 8:10 AM, 陆星光 <[EMAIL PROTECTED]> wrote:
> how can i use timeout in php's socket?
You can put an option with socket_set_option :
http://php.net/manual/en/function.socket-set-option.php
Availables options are listed here :
http://php.net/manual/en/function.socket-get-option.php
Brice Favre
http://www.copix.org/
>
--- End Message ---
--- Begin Message ---
Thank you! But these have not multicast!
-----邮件原件-----
发件人: Brice [mailto:[EMAIL PROTECTED]
发送时间: 2007年12月17日 17:28
收件人: 陆星光
抄送: [EMAIL PROTECTED]
主题: Re: [PHP] how can i use timeout in php's socket?
On Dec 17, 2007 8:10 AM, 陆星光 <[EMAIL PROTECTED]> wrote:
> how can i use timeout in php's socket?
You can put an option with socket_set_option :
http://php.net/manual/en/function.socket-set-option.php
Availables options are listed here :
http://php.net/manual/en/function.socket-get-option.php
Brice Favre
http://www.copix.org/
>
--- End Message ---
--- Begin Message ---
Robert Erbaron wrote:
>> yes - abusing redirects as described is wasteful. and certainly it's
>> the first time I've ever heard the statement 'Never show pages in
>> response to POST' sounds like hubris too me.
>
> I've seen the statement in a number of messages in the archives here
> and in google searches.
Personally, I try to avoid the situation where you might get a
double-POST if the user decides to do a reload/refresh. Which means
processing the POST-request, but finish it off with a 303 redirect.
/Per Jessen, Zürich
--- End Message ---
--- Begin Message ---
Per Jessen schreef:
> Robert Erbaron wrote:
>
>>> yes - abusing redirects as described is wasteful. and certainly it's
>>> the first time I've ever heard the statement 'Never show pages in
>>> response to POST' sounds like hubris too me.
>> I've seen the statement in a number of messages in the archives here
>> and in google searches.
>
> Personally, I try to avoid the situation where you might get a
> double-POST if the user decides to do a reload/refresh. Which means
> processing the POST-request, but finish it off with a 303 redirect.
>
this can still be 'broken' by using the back button ... I find a safer way
(if the application design allows it) is to include a one-time token with
each POST request - if a token has already been used (or is invalid) the POST
processing is not done.
>
> /Per Jessen, Zürich
>
--- End Message ---
--- Begin Message ---
Casey,
Thank you for replying.
Try imagettftext().
I did, as explained:
$font = '/usr/share/fonts/truetype/freefonts/FreeSans.ttf';
$imagettftext($image, 20, 0, $x, $y-10, $textColour, $font, $text);
So my questions remain:
1. 'FreeSans.ttf' is in my /usr/share/fonts/truetype/freefonts
directory. But specifying it doesn't seem to work. How do I get the
system to find the font?
2. I need the scripts I'm writing to be portable, so can I be sure of
what fonts will be available, and will I be able to locate them?
3. I'm not really concerned about what font it is, just that it's large
and readable. If there are other options than what I've explored here,
then I would be open to those too.
Thank you for any advice.
--
Dave M G
--- End Message ---
--- Begin Message ---
> -----Original Message-----
> From: Dave M G [mailto:[EMAIL PROTECTED]
> Sent: Monday, December 17, 2007 6:47 AM
> To: Casey
> Cc: PHP List
> Subject: Re: [PHP] Writing text into images, and setting text size
>
> Casey,
>
> Thank you for replying.
>
> > Try imagettftext().
>
> I did, as explained:
>
> >> $font = '/usr/share/fonts/truetype/freefonts/FreeSans.ttf';
> >> $imagettftext($image, 20, 0, $x, $y-10, $textColour, $font, $text);
>
> So my questions remain:
>
> >> 1. 'FreeSans.ttf' is in my /usr/share/fonts/truetype/freefonts
> >> directory. But specifying it doesn't seem to work. How do I get the
> >> system to find the font?
I wouldn't. First, I don't know of any standard fonts for linux, though there
might be (As you have Arial or Times New Roman for windows). Second, It might
be a safe_mode / open_base_dir issue, or a problem in GD or the freetype
libraries if the path is right and the font exist.
I would try something like dirname(__FILE__).'/fonts/Arial.ttf'... of course
that would mean you need to create a "fonts" directory and copy Arial.ttf from
your system to that location (violating the copywrite? ;) )... anyway, you can
check that with any other font.
> >>
> >> 2. I need the scripts I'm writing to be portable, so can I be sure
> of
> >> what fonts will be available, and will I be able to locate them?
> >>
Deploy the fonts along with your scripts... that's the only way I know.
> >> 3. I'm not really concerned about what font it is, just that it's
> large
> >> and readable. If there are other options than what I've explored
> here,
> >> then I would be open to those too.
You can get some free fonts, and deploy them along with every project. I do so
for a custom CAPTCHA script I've made.
>
> Thank you for any advice.
>
> --
> Dave M G
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
Rob
Andrés Robinet | Lead Developer | BESTPLACE CORPORATION
5100 Bayview Drive 206, Royal Lauderdale Landings, Fort Lauderdale, FL 33308 |
TEL 954-607-4207 | FAX 954-337-2695
Email: [EMAIL PROTECTED] | MSN Chat: [EMAIL PROTECTED] | SKYPE: bestplace |
Web: http://www.bestplace.biz | Web: http://www.seo-diy.com
--- End Message ---
--- Begin Message ---
hi guys (& girls),
any Mac heads about? I have a MacBook Pro in front of me ... super cool,
it even comes with apache & php installed as standard. nice.
only thing is php is not compiled with with all the extensions I need, the
question is what is the *correct* way to update/recompile the standard installed
copy of php on a Mac? I quite comfortable with compiling/installing [mulitple]
custom apache+php installs on a linux server but I'd like to keep this Mac as
clean as possible if I can.
If any one has recommendations I love to here from you :-)
in the mean time I'll keep hunting
rgds,
Jochem
--- End Message ---
--- Begin Message ---
hi guys (& girls),
any Mac heads about? I have a MacBook Pro in front of me ... super
cool,
it even comes with apache & php installed as standard. nice.
only thing is php is not compiled with with all the extensions I
need, the
question is what is the *correct* way to update/recompile the
standard installed
copy of php on a Mac? I quite comfortable with compiling/installing
[mulitple]
custom apache+php installs on a linux server but I'd like to keep
this Mac as
clean as possible if I can.
If any one has recommendations I love to here from you :-)
in the mean time I'll keep hunting
rgds,
Jochem
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Why not do it the "Mac-way"?
http://www.entropy.ch/software/macosx/php/
Download the latest package and make a custom install. I think there
are 40/50 PHP extensions included. Just pick what you want.
//frank
ps. merry christmas ds.
--- End Message ---
--- Begin Message ---
Frank Arensmeier schreef:
>> hi guys (& girls),
>>
>> any Mac heads about? I have a MacBook Pro in front of me ... super cool,
>> it even comes with apache & php installed as standard. nice.
>>
>> only thing is php is not compiled with with all the extensions I need,
>> the
>> question is what is the *correct* way to update/recompile the standard
>> installed
>> copy of php on a Mac? I quite comfortable with compiling/installing
>> [mulitple]
>> custom apache+php installs on a linux server but I'd like to keep this
>> Mac as
>> clean as possible if I can.
>>
>> If any one has recommendations I love to here from you :-)
>> in the mean time I'll keep hunting
>>
>> rgds,
>> Jochem
>>
>> --
>> PHP General Mailing List (http://www.php.net/)
>> To unsubscribe, visit: http://www.php.net/unsub.php
>>
> Why not do it the "Mac-way"?
I've had this Mac for about 5 minutes - it's my first one ... I'm not yet
upto speed on the "Mac-way" :-) ... heck I've even figured out what the key
above the TAB key is (I was used to having a backtick/tilde there and it took
me longer than I care to admit to figure out that key lies next to the SHIFT
key.
> http://www.entropy.ch/software/macosx/php/
>
> Download the latest package and make a custom install.
ok let's assume I know exactly what a 'custom install' is in MacWorld (I don't
;-))
and let's assume I install this 'custom install' what happens to the standard
php
install - I'd rahter not have 2 php builds installed to start with (especially
if
it's because my lack of knowledge means I don't know how to 'correctly' remove
the
original, standard installation.
anyway thanks for the hint so far ... Im off to investigate.
> I think there are
> 40/50 PHP extensions included. Just pick what you want.
I'll have the blond ;-)
>
> //frank
>
> ps. merry christmas ds.
>
--- End Message ---
--- Begin Message ---
17 dec 2007 kl. 12.03 skrev Jochem Maas:
Frank Arensmeier schreef:
hi guys (& girls),
any Mac heads about? I have a MacBook Pro in front of me ...
super cool,
it even comes with apache & php installed as standard. nice.
only thing is php is not compiled with with all the extensions I
need,
the
question is what is the *correct* way to update/recompile the
standard
installed
copy of php on a Mac? I quite comfortable with compiling/installing
[mulitple]
custom apache+php installs on a linux server but I'd like to keep
this
Mac as
clean as possible if I can.
If any one has recommendations I love to here from you :-)
in the mean time I'll keep hunting
rgds,
Jochem
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Why not do it the "Mac-way"?
I've had this Mac for about 5 minutes - it's my first one ... I'm
not yet
upto speed on the "Mac-way" :-) ... heck I've even figured out what
the key
above the TAB key is (I was used to having a backtick/tilde there
and it took
me longer than I care to admit to figure out that key lies next to
the SHIFT key.
http://www.entropy.ch/software/macosx/php/
Download the latest package and make a custom install.
ok let's assume I know exactly what a 'custom install' is in
MacWorld (I don't ;-))
and let's assume I install this 'custom install' what happens to
the standard php
install - I'd rahter not have 2 php builds installed to start with
(especially if
it's because my lack of knowledge means I don't know how to
'correctly' remove the
original, standard installation.
anyway thanks for the hint so far ... Im off to investigate.
Uninstalling the pre-installed PHP module shouldn't be that hard. The
PHP CLI is located under /usr/bin (at least under Tiger, not sure if
this location was changed under Leopard). The Apache module is
located under /usr/libexec/httpd
When you install PHP5 with the package from entropy.ch, the new PHP5
will install under /usr/local/php5. Just download the package to the
desktop and double click. This opens the "Installer" application
within the Utilities folder - the install process should be self-
explaining. Somewhere in the install process, you will see a button
labeled "Custom install". All necessary configuration of Apache will
be done automatically.
You might check if /usr/local and /usr/local/php5/bin is stored in
your PATH environment.
I mean, it is possible to compile PHP from scratch, but it's not that
easy. See for example here: http://blog.phpdoc.info/archives/83-
php-5.2.5-on-Leopard.html
You might check out MAMP as well http://sourceforge.net/projects/mamp
I think there are
40/50 PHP extensions included. Just pick what you want.
I'll have the blond ;-)
Sorry, already taken...
//frank
ps. merry christmas ds.
--- End Message ---
--- Begin Message ---
On Dec 17, 2007, at 6:47 AM, Frank Arensmeier wrote:
17 dec 2007 kl. 12.03 skrev Jochem Maas:
Frank Arensmeier schreef:
hi guys (& girls),
any Mac heads about? I have a MacBook Pro in front of me ...
super cool,
it even comes with apache & php installed as standard. nice.
only thing is php is not compiled with with all the extensions I
need,
the
question is what is the *correct* way to update/recompile the
standard
installed
copy of php on a Mac? I quite comfortable with compiling/installing
[mulitple]
custom apache+php installs on a linux server but I'd like to keep
this
Mac as
clean as possible if I can.
If any one has recommendations I love to here from you :-)
in the mean time I'll keep hunting
rgds,
Jochem
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Why not do it the "Mac-way"?
I've had this Mac for about 5 minutes - it's my first one ... I'm
not yet
upto speed on the "Mac-way" :-) ... heck I've even figured out what
the key
above the TAB key is (I was used to having a backtick/tilde there
and it took
me longer than I care to admit to figure out that key lies next to
the SHIFT key.
http://www.entropy.ch/software/macosx/php/
Download the latest package and make a custom install.
ok let's assume I know exactly what a 'custom install' is in
MacWorld (I don't ;-))
and let's assume I install this 'custom install' what happens to
the standard php
install - I'd rahter not have 2 php builds installed to start with
(especially if
it's because my lack of knowledge means I don't know how to
'correctly' remove the
original, standard installation.
anyway thanks for the hint so far ... Im off to investigate.
Uninstalling the pre-installed PHP module shouldn't be that hard.
The PHP CLI is located under /usr/bin (at least under Tiger, not
sure if this location was changed under Leopard). The Apache module
is located under /usr/libexec/httpd
When you install PHP5 with the package from entropy.ch, the new PHP5
will install under /usr/local/php5. Just download the package to the
desktop and double click. This opens the "Installer" application
within the Utilities folder - the install process should be self-
explaining. Somewhere in the install process, you will see a button
labeled "Custom install". All necessary configuration of Apache will
be done automatically.
Just opened up terminal on my Leopard iMac G5 and found out that PHP
is located in: /usr/bin/php and apache is located in: /usr/sbin/httpd
I haven't done it on leopard because my server is still on tiger
(Stupid fiscal money issues!) but the installer from entropy
downloaded and installed like a charm and I don't know much about the
CLI YET :) Born and raised on Macs so I never needed to know alot of
CLI stuff...
You might check if /usr/local and /usr/local/php5/bin is stored in
your PATH environment.
I mean, it is possible to compile PHP from scratch, but it's not
that easy. See for example here: http://blog.phpdoc.info/archives/83-php-5.2.5-on-Leopard.html
You might check out MAMP as well http://sourceforge.net/projects/mamp
I think there are
40/50 PHP extensions included. Just pick what you want.
I'll have the blond ;-)
Sorry, already taken...
//frank
ps. merry christmas ds.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
Jason Pruim
Raoset Inc.
Technology Manager
MQC Specialist
3251 132nd ave
Holland, MI, 49424
www.raoset.com
[EMAIL PROTECTED]
--- End Message ---
--- Begin Message ---
Frank Arensmeier wrote:
When you install PHP5 with the package from entropy.ch, the new PHP5
will install under /usr/local/php5.
The Mac package from entropy.ch is not compatible with Leopard (Mac OS X
10.5). Marc Liyanage is working on a Leopard-compatible version. Check
the forum on his site for the latest details. There's an extremely long
thread about PHP on Leopard. A command line installation is somewhere
around page 15 of the thread.
--
David Powers
--- End Message ---
--- Begin Message ---
<?php
/* Get the port for the WWW service. */
//$service_port = getservbyname('www', 'tcp');
/* Get the IP address for the target host. */
//$address = gethostbyname('www.example.com');
/* Create a TCP/IP socket. */
$socket = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);
//echo "Attempting to connect to '$address' on port '$service_port'...";
$result = socket_connect($socket, "127.0.0.1", "27015");
socket_RECV($socket, $read, 300, null);
echo $read;
socket_close($socket);
?>
i have a daemon running on that port that sends a message when it's got a
client connected
but the script above doesn't output anything it just loads my cpu up to 100
percent and thats it then it basically stops working. While i need it to
display the messages sent by server(daemon) to the user running the script
has anyone got any idea why it rejects to work? (yeah the daemon is written
in c++ if that matters)
--- End Message ---
--- Begin Message ---
Hi everybody
This post is not so much a question to solve a problem but more in the
direction: what would you do and why.
I'm starting a new project and is preparing the basic layout for the
application. In all my previous projects I have had a config file that
all other files would require where I used 'define' to specify database
connection parameters, site root, picture root and stuff like that.
This works without problems, but as I have started to code more in a OO
way, I was wondering if it would not me bore clean to create a site
class with constants for all these values so instead of doing:
echo '<a href=”' . ROOT . '”>Go home</a>';
I would do this:
echo '<a href=”' . Site::ROOT . '”>Go home</a>';
The second might be more verbose in this case, but for a lot of values,
being able to associate them with the site could prove quite valuable if
you or someone else has to look at the code half a year from when it was
original written.
The verbose issue aside, having a config file separate from the actual
code seems intuitively more clean (in my mind at least) and using
a class for storing config values might no be the best of ideas. But the
site class could be build from the config file either each time
a script was requested or as part of the build process when your
application is deployed to the server.
Either way... both solutions would work.... what I'm looking for here is
maybe some comments to the ideas before I go ahead with one of them.
Joe
--- End Message ---
--- Begin Message ---
On Dec 17, 2007 8:15 AM, Johannes Skov Frandsen <[EMAIL PROTECTED]> wrote:
> Hi everybody
>
> This post is not so much a question to solve a problem but more in the
> direction: what would you do and why.
>
> I'm starting a new project and is preparing the basic layout for the
> application. In all my previous projects I have had a config file that
> all other files would require where I used 'define' to specify database
> connection parameters, site root, picture root and stuff like that.
>
> This works without problems, but as I have started to code more in a OO
> way, I was wondering if it would not me bore clean to create a site
> class with constants for all these values so instead of doing:
>
> echo '<a href="' . ROOT . '">Go home</a>';
>
> I would do this:
>
> echo '<a href="' . Site::ROOT . '">Go home</a>';
>
> The second might be more verbose in this case, but for a lot of values,
> being able to associate them with the site could prove quite valuable if
> you or someone else has to look at the code half a year from when it was
> original written.
in this case there is really no difference, especially if Site contains all
the values
that were originally in the file with define directives, the structure is
essentially
the same.
> The verbose issue aside, having a config file separate from the actual
> code seems intuitively more clean (in my mind at least) and using
> a class for storing config values might no be the best of ideas. But the
> site class could be build from the config file either each time
> a script was requested or as part of the build process when your
> application is deployed to the server.
>
> Either way... both solutions would work.... what I'm looking for here is
> maybe some comments to the ideas before I go ahead with one of them.
if you are going to have just one class contain all of the configuration
values
there wont be much difference from using define directives. one thing
about
define is its notoriously slow, so you would have that advantage.
generally, a benefit of using classes w/ constants is the namespace aspect.
so you could have Car::DEFAULT_COLOR and Plane::DEFAULT_COLOR
for example, but again, how much different is that from
define('DEFAULT_CAR_COLOR', 'red');
define('DEFAULT_PLANE_COLOR', 'blue');
i dunno. to be honest i typically use a mixture of both approaches. class
constants
for classes when they are appropriate and define directives for global
configuration
values.
strictly speaking i dont think having a class of all constants qualifies an
app
as 'more oo'; id say in java for example you simply dont have any other
choice.
-nathan
--- End Message ---
--- Begin Message ---
I want to personally thank you for 6 hours of work to remove the
PHP-Back-door Trojan, that download from your site to my PC while viewing that
POS you call a help line.
--- End Message ---
--- Begin Message ---
Funny, they should all be PHPS, source only and my last check only did
them on the source viewing. None of them are executable in that folder.
You got it from elsewhere.
[EMAIL PROTECTED] wrote:
> I want to personally thank you for 6 hours of work to remove the
> PHP-Back-door Trojan, that download from your site to my PC while viewing
> that POS you call a help line.
>
>
--- End Message ---
--- Begin Message ---
> -----Original Message-----
> From: Wolf [mailto:[EMAIL PROTECTED]
> Sent: 17 December 2007 16:00
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: Re: [PHP] Securing your Sites
>
> Funny, they should all be PHPS, source only and my last check only did
> them on the source viewing. None of them are executable in that
> folder.
>
> You got it from elsewhere.
I thought that too as I checked the site this morning and they all were .phps
However, wandering back over there sees that they are all now .tar.gz files
and, upon scanning, do carry a malicious payload
Dan
> [EMAIL PROTECTED] wrote:
> > I want to personally thank you for 6 hours of work to remove the
> > PHP-Back-door Trojan, that download from your site to my PC while
> viewing that POS you call a help line.
> >
> >
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.5.503 / Virus Database: 269.17.4/1187 - Release Date:
> 16/12/2007 11:36
>
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.503 / Virus Database: 269.17.4/1187 - Release Date: 16/12/2007
11:36
--- End Message ---
--- Begin Message ---
> -----Original Message-----
> From: Wolf [mailto:[EMAIL PROTECTED]
> Sent: 17 December 2007 16:00
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: Re: [PHP] Securing your Sites
>
> Funny, they should all be PHPS, source only and my last check only did
> them on the source viewing. None of them are executable in that
> folder.
>
> You got it from elsewhere.
Sorry, update
Scanning with AVG reveals that c99-2, 3 and 4 report backdoor Trojan infections
but it occurs to me that maybe AVG is just finding the malicious payload you
are demonstrating?
I'd like to thank you for supplying the source for these exploits... If I've
made a mistake and compounded an incorrect situation I do apologise
Dan
> [EMAIL PROTECTED] wrote:
> > I want to personally thank you for 6 hours of work to remove the
> > PHP-Back-door Trojan, that download from your site to my PC while
> viewing that POS you call a help line.
> >
> >
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.5.503 / Virus Database: 269.17.4/1187 - Release Date:
> 16/12/2007 11:36
>
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.503 / Virus Database: 269.17.4/1187 - Release Date: 16/12/2007
11:36
--- End Message ---
--- Begin Message ---
Wait, I'm confused. Did PHP send a virus to your computer without
action on your part? That'd be scary. If you downloaded something,
was the checksum not published for you to verify your download prior
to unpacking it? That's always a warning worthy of apprehension.
What was the "PHP-Back-door Trojan" exactly?
Jeremy Mcentire
Ant Farmer
ZooToo LLC
--- End Message ---
--- Begin Message ---
2 things I've done to them to try to catch all...
1. GZiped them all (you'll have to download them to a machine and look
at the source yourself, taking your own precautions and YES, they will
scan malicious in this setup as they are all trojans/backdoors)
2. changed their extension to .txt on the server
I'll also modify the server folder they are running on to disable php
entirely later tonight so they can never execute it on it.
When I reloaded them in my windoze box, my AV picked up on them in the
cache as the trojans they are and disabled access to them in my
browser's cache. Since I don't run php on the windoze box, there really
was nothing to worry about and I could view the source in the browser.
But if you didn't run AV on the system you looked at them at, installed
them to your own local area and started playing with them, then you
pretty much borked yourself. They are live code (hence why they were
phps and should have just been source to view) and the only way to
really pick them apart to view them.
Considering that the code was phps and the server treated them as such
never did my server execute them.
Wolf
Dan Parry wrote:
>> -----Original Message-----
>> From: Wolf [mailto:[EMAIL PROTECTED]
>> Sent: 17 December 2007 16:00
>> To: [EMAIL PROTECTED]
>> Cc: [EMAIL PROTECTED]
>> Subject: Re: [PHP] Securing your Sites
>>
>> Funny, they should all be PHPS, source only and my last check only did
>> them on the source viewing. None of them are executable in that
>> folder.
>>
>> You got it from elsewhere.
>
> I thought that too as I checked the site this morning and they all were .phps
>
> However, wandering back over there sees that they are all now .tar.gz files
> and, upon scanning, do carry a malicious payload
>
> Dan
>
>> [EMAIL PROTECTED] wrote:
>>> I want to personally thank you for 6 hours of work to remove the
>>> PHP-Back-door Trojan, that download from your site to my PC while
>> viewing that POS you call a help line.
>>>
>> --
>> PHP General Mailing List (http://www.php.net/)
>> To unsubscribe, visit: http://www.php.net/unsub.php
>>
>> No virus found in this incoming message.
>> Checked by AVG Free Edition.
>> Version: 7.5.503 / Virus Database: 269.17.4/1187 - Release Date:
>> 16/12/2007 11:36
>>
>
> No virus found in this outgoing message.
> Checked by AVG Free Edition.
> Version: 7.5.503 / Virus Database: 269.17.4/1187 - Release Date: 16/12/2007
> 11:36
>
>
>
--- End Message ---
--- Begin Message ---
On Dec 17, 2007 11:27 AM, Jeremy Mcentire <[EMAIL PROTECTED]> wrote:
> Wait, I'm confused. Did PHP send a virus to your computer without
> action on your part? That'd be scary. If you downloaded something,
> was the checksum not published for you to verify your download prior
> to unpacking it? That's always a warning worthy of apprehension.
> What was the "PHP-Back-door Trojan" exactly?
Here's what is going on, from start to finish, for anyone who may
be concerned:
1.) Wolf's server was breeched (or attempted) by a couple of
wannabes and script kiddies.
2.) He tar'ed and gZip'ed the malicious PHP scripts, after
renaming them to .phps (source) scripts for you to view.
3.) When you download the gZip'ed tarballs, they contain the PHP
source code in a .phps, as expected.
4.) Any scans of those files COULD and SHOULD indicate that they
are exploits --- BECAUSE THEY ARE.
5.) Some of you may not have chosen to fully read the page telling
you what they are prior to downloading.
6.) If Step 5 applies to you, that is YOUR FAULT, not Wolf's.
I didn't find it all that difficult to read the two paragraphs or
so prior to downloading. In fact, I find that I rather enjoy doing
that so I know what the hell I'm downloading in the first place,
before blindly downloading some code. ;-P
--
Daniel P. Brown
[Phone Numbers Go Here!]
[They're Hidden From View!]
If at first you don't succeed, stick to what you know best so that you
can make enough money to pay someone else to do it for you.
--- End Message ---
--- Begin Message ---
ALL of them should report trojan if you download them to your cache but
only should be an issue if you have PHP installed on that machine and
then execute that code in your own php server.
They are all trojans/back door.
But if you view the source then you aren't going to bork yourself.
As they are now all tar.gz the AV scanners should all catch them as
trojans, so you will need to tell your scanner to all you to access that
folder, save it to your local drive and view the source in your favorite
text editor to look at them.
Wolf
Dan Parry wrote:
>> -----Original Message-----
>> From: Wolf [mailto:[EMAIL PROTECTED]
>> Sent: 17 December 2007 16:00
>> To: [EMAIL PROTECTED]
>> Cc: [EMAIL PROTECTED]
>> Subject: Re: [PHP] Securing your Sites
>>
>> Funny, they should all be PHPS, source only and my last check only did
>> them on the source viewing. None of them are executable in that
>> folder.
>>
>> You got it from elsewhere.
>
> Sorry, update
>
> Scanning with AVG reveals that c99-2, 3 and 4 report backdoor Trojan
> infections but it occurs to me that maybe AVG is just finding the malicious
> payload you are demonstrating?
>
> I'd like to thank you for supplying the source for these exploits... If I've
> made a mistake and compounded an incorrect situation I do apologise
>
> Dan
>
>> [EMAIL PROTECTED] wrote:
>>> I want to personally thank you for 6 hours of work to remove the
>>> PHP-Back-door Trojan, that download from your site to my PC while
>> viewing that POS you call a help line.
>>>
>> --
>> PHP General Mailing List (http://www.php.net/)
>> To unsubscribe, visit: http://www.php.net/unsub.php
>>
>> No virus found in this incoming message.
>> Checked by AVG Free Edition.
>> Version: 7.5.503 / Virus Database: 269.17.4/1187 - Release Date:
>> 16/12/2007 11:36
>>
>
> No virus found in this outgoing message.
> Checked by AVG Free Edition.
> Version: 7.5.503 / Virus Database: 269.17.4/1187 - Release Date: 16/12/2007
> 11:36
>
>
--- End Message ---
--- Begin Message ---
hi, i have a nested array
ex:
print_r($nestedarray):
Array(
[0]=>Array([id]=>1 [name]=>name1 [etc]=>etc1)
[1]=>Array([id]=>2 [name]=>name2 [etc]=>etc2)
[3]=>Array([id]=>3 [name]=>name3 [etc]=>etc3)
)
if I want to check whether id=5 is in that $nestedarray, how to do that?!?!
i'd really appreciate the help..
thanks in advance..
--- End Message ---
--- Begin Message ---
print_r($nestedarray):
Array(
[0]=>Array([id]=>1 [name]=>name1 [etc]=>etc1)
[1]=>Array([id]=>2 [name]=>name2 [etc]=>etc2)
[3]=>Array([id]=>3 [name]=>name3 [etc]=>etc3)
)
if I want to check whether id=5 is in that $nestedarray, how to do that?!?!
i'd really appreciate the help..
<?php
foreach ($nestedarray as $v) {
if ($v['id'] == 5) {
$in_array = true;
break;
}
}
?>
--
Richard Heyes
http://www.websupportsolutions.co.uk
Knowledge Base and HelpDesk software
that can cut the cost of online support
** NOW OFFERING FREE ACCOUNTS TO CHARITIES AND NON-PROFITS **
--- End Message ---
--- Begin Message ---
$nestedarray[$i['id'] == 5
and $i is your array index
On 17/12/2007, opo jal <[EMAIL PROTECTED]> wrote:
>
> hi, i have a nested array
> ex:
> print_r($nestedarray):
> Array(
> [0]=>Array([id]=>1 [name]=>name1 [etc]=>etc1)
> [1]=>Array([id]=>2 [name]=>name2 [etc]=>etc2)
> [3]=>Array([id]=>3 [name]=>name3 [etc]=>etc3)
> )
>
> if I want to check whether id=5 is in that $nestedarray, how to do
> that?!?!
>
> i'd really appreciate the help..
>
> thanks in advance..
>
--
Best Regards
Cesar D. Rodas
http://www.cesarodas.com
http://www.thyphp.com
http://www.phpajax.org
Phone: +595-961-974165
--- End Message ---
--- Begin Message ---
On Dec 17, 2007 3:13 PM, Hiep Nguyen <[EMAIL PROTECTED]> wrote:
> hi all,
>
> i have this on top of my php page:
>
> header("Content-Type: application/vnd.ms-excel");
> header("Content-Disposition: inline; filename=excelfile.xls");
>
> but it is not prompt to save the file instead it opens right in IE.
>
> my question is how do i force the browser prompts to save the file?
>
> thanks
Hiep,
This is a question that should've been asked on the PHP General
list, so I'm reply-all'ing and sending it to the General list for the
archives as well.
Here's a function I use that should help you out.
<?
function force_download($filename,$dir='./') {
if ((isset($file))&&(file_exists($dir.$file))) {
header("Content-type: application/force-download");
header('Content-Disposition: inline; filename="'.$dir.$filename.'"');
header("Content-Transfer-Encoding: Binary");
header("Content-length: ".filesize($dir.$filename));
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename="'.$filename.'"');
readfile($dir.$filename);
} else {
echo "No file selected";
}
}
?>
--
Daniel P. Brown
[Phone Numbers Go Here!]
[They're Hidden From View!]
If at first you don't succeed, stick to what you know best so that you
can make enough money to pay someone else to do it for you.
--- End Message ---
