php-general Digest 20 Jan 2008 23:28:23 -0000 Issue 5247
Topics (messages 267701 through 267722):
Re: avoid server folder reading
267701 by: Richard Heyes
267702 by: Anup Shukla
267703 by: Richard Heyes
New website dedicated to debugging PHP.
267704 by: Keith Roberts
Re: Posting Summary for Week Ending 18 January, 2008: [EMAIL PROTECTED]
267705 by: Daniel Brown
267706 by: Jason Pruim
267707 by: David Powers
267708 by: Paul Scott
267709 by: Stut
267710 by: David Powers
267711 by: Stut
267712 by: Robert Cummings
267713 by: David Powers
267715 by: Børge Holen
267716 by: Nathan Nobbe
267717 by: Børge Holen
267718 by: Nathan Nobbe
267719 by: Robert Cummings
267720 by: Nathan Nobbe
267721 by: Børge Holen
Digital Downloads and Scale
267714 by: dg
general time question
267722 by: jekillen
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
--- Begin Message ---
I would like to know how to avoid (using PHP code) any user to read the
content of my website folder ?
as my website is hosted by and external company, i do not have access to
apache conf file.
If your server's default file is index.php, you could use the following
in an index.php file:
<?php
header('Location: /');
?>
If it's index.html, you could use the following:
<script type="text/javascript">
<!--
location.href = '/';
-->
</script>
Try the PHP version first.
--
Richard Heyes
http://www.websupportsolutions.co.uk
Knowledge Base and Helpdesk software that eases your support
burden and helps increase your sales.
** NOW OFFERING FREE ACCOUNTS TO CHARITIES AND NON-PROFITS **
--- End Message ---
--- Begin Message ---
Richard Heyes wrote:
I would like to know how to avoid (using PHP code) any user to read the
content of my website folder ?
as my website is hosted by and external company, i do not have access to
apache conf file.
If your server's default file is index.php, you could use the following
in an index.php file:
<?php
header('Location: /');
?>
If it's index.html, you could use the following:
<script type="text/javascript">
<!--
location.href = '/';
-->
</script>
Try the PHP version first.
Will that not result in an infinite redirection loop?
Or am i missing something very obvious !
--
Regards,
Anup Shukla
--- End Message ---
--- Begin Message ---
Will that not result in an infinite redirection loop?
Or am i missing something very obvious !
If it's placed in the root folder of the website, yes. But why do that?
If, however, that's what is required just put an empty index.html file
there.
--
Richard Heyes
http://www.websupportsolutions.co.uk
Knowledge Base and Helpdesk software that eases your support
burden and helps increase your sales.
** NOW OFFERING FREE ACCOUNTS TO CHARITIES AND NON-PROFITS **
--- End Message ---
--- Begin Message ---
Hi everyone. Please excuse me for cross posting to four
lists, but I'm aware that not everyone subscribes to all of
the lists, so I don't want anyone to miss this announcement.
I have written a new website that is dedicated to debugging
PHP applications.
From the about page:
http://www.php-debuggers.net/home/anyuser/about.php
About php-debuggers
A one-stop resource for Free Open Source PHP debuggers,
covering all operating systems. This site has been developed
in, and is maintained in, my spare time. I hope it helps you
with debugging your PHP applications.
Here at php-debuggers you can:
* Find details of Open Source PHP debuggers available for
your particular OS, including screenshots, and external
download links.
* Find download links and installation and configuration
instructions for PHP debugger modules, such as DBG and
Xdebug.
* Post forum help requests for problems you have
installing and configuring DBG or Xdebug PHP modules.
* Find installation and configuration instructions for
your OS's PHP debugger GUI programs.
* Post forum help requests for problems you have
installing and configuring the PHP debugger GUI programs
on your OS.
* Make forum requests for PHP debugger GUI programs to
be ported to your OS.
* Converse with other Open Source developers to discuss
porting a particular PHP GUI debugger from one OS to any
other.
* Add tutorials on the forum for how install and
configure a particular PHP debugger module, or debugger
GUI for your OS.
* Post details of Open Source PHP Debugger Projects that
need more help, or a new maintainer for the project.
To suggest other OS categories, more PHP debugger GUI's, or
improvements to the website, please see the contact page.
Kind Regards and Best Wishes,
Keith Roberts.
-----------------------------------------------------------------
Websites:
http://www.karsites.net
http://www.php-debuggers.net
http://www.raised-from-the-dead.org.uk
All email addresses are challenge-response protected with
TMDA [http://tmda.net]
-----------------------------------------------------------------
--- End Message ---
--- Begin Message ---
On Jan 19, 2008 9:39 PM, Nathan Nobbe <[EMAIL PROTECTED]> wrote:
> On Jan 19, 2008 9:25 PM, Ashley M. Kirchner <[EMAIL PROTECTED]> wrote:
>
> >
> > Well, at least we know which subject will make it to the top next
> > week....
>
> nice; say, dan, here comes another feature request; can we see the top
> thread
> (or 3 :)) as well ?
That would actually be pretty interesting. Since we've all been
known to beat a thread to death, it certainly wouldn't be difficult to
collect the data.
--
</Dan>
Daniel P. Brown
Senior Unix Geek and #1 Rated "Year's Coolest Guy" By Self Since
Nineteen-Seventy-[mumble].
--- End Message ---
--- Begin Message ---
On Jan 20, 2008, at 10:04 AM, Daniel Brown wrote:
On Jan 19, 2008 9:39 PM, Nathan Nobbe <[EMAIL PROTECTED]> wrote:
On Jan 19, 2008 9:25 PM, Ashley M. Kirchner <[EMAIL PROTECTED]>
wrote:
Well, at least we know which subject will make it to the top next
week....
nice; say, dan, here comes another feature request; can we see the
top
thread
(or 3 :)) as well ?
That would actually be pretty interesting. Since we've all been
known to beat a thread to death, it certainly wouldn't be difficult to
collect the data.
Dan,
Are you implying that people on this list have ego's and they can't
let them selves be proven wrong? And will keep sending messages about
stuff until everyone else just gives up and starts forwarding their e-
mail to /dev/null?
Because... That so wouldn't fit with the image of the people I have
seen on here :P
--- End Message ---
--- Begin Message ---
Andrés Robinet wrote:
3 - I don't like the attitude of both Dan and David. IMHO, David thinks the issue is more severe
than it is, and Dan just won't recognize that mangling email addresses is kind of a (arguably also)
"standard practice". No public apologize is needed, but maybe "Yeah, I just didn't
consider that" would be enough.
Well said, Andrés. This has been blown out of all proportion by the
sarcastic response I got from Dan, followed up by a group of his friends
trying to make out the the problem was all of my own making. If the
response had been, "Shucks, sorry, I'll mangle the addresses (or leave
them out) in future," that would have been an end of it. Instead, Dan
and his friends decided that attack was the best form of defence,
calling me names and questioning my integrity.
But what if everyone's addresses had been gathered by someone with a
less innocent intent than Dan's statistics?
I consider this conversation closed.
--
David Powers
--- End Message ---
--- Begin Message ---
On Sun, 2008-01-20 at 10:04 -0500, Daniel Brown wrote:
> That would actually be pretty interesting. Since we've all been
> known to beat a thread to death, it certainly wouldn't be difficult to
> collect the data.
FWIW, I would like to continue to see these postings, as mailing list
metrics are quite interesting. I have been watching this thread with
quite a bit of interest, as I would like to do something similar with
the mailing lists for my project(s). Those projects answer to funders,
and one of the metrics that our funders would like to see, is mailing
list stats. If you do a quick google for mailman stat packages, you will
see that they are sorely lacking, so, even though this particular list
is not run on mailman, Dan's script could be the start of a *really*
useful project for me and others.
Only thing is that Dan has not posted a link to the source, nor has he
signified that he will. I have also seen a bunch of requests for graphs
and such, which I would be willing to add on in some time.
Bottom line is, I find this really interesting and useful, and would
like to use it elsewhere too.
THANKS DAN! You are at least in the top ten coolest guys in the
world....
--Paul
All Email originating from UWC is covered by disclaimer
http://www.uwc.ac.za/portal/public/portal_services/disclaimer.htm
--- End Message ---
--- Begin Message ---
On 20 Jan 2008, at 17:49, David Powers wrote:
Andrés Robinet wrote:
3 - I don't like the attitude of both Dan and David. IMHO, David
thinks the issue is more severe than it is, and Dan just won't
recognize that mangling email addresses is kind of a (arguably
also) "standard practice". No public apologize is needed, but maybe
"Yeah, I just didn't consider that" would be enough.
Well said, Andrés. This has been blown out of all proportion by the
sarcastic response I got from Dan, followed up by a group of his
friends trying to make out the the problem was all of my own making.
If the response had been, "Shucks, sorry, I'll mangle the addresses
(or leave them out) in future," that would have been an end of it.
Instead, Dan and his friends decided that attack was the best form
of defence, calling me names and questioning my integrity.
But what if everyone's addresses had been gathered by someone with a
less innocent intent than Dan's statistics?
Therein lies the crux of the matter. Dan was able to gather the
addresses without someone else publishing them in the way he did. The
list is public, anyone can join it, so there is nothing stopping a
spammer from collecting addresses in the same way. What Dan did has
certainly not made it any easier for spammers to get your address.
You seem unable to accept that you are the one that put your email
address out there for anyone to collect. If you can't understand that
then there is indeed no point in continuing the conversation.
-Stut
--
http://stut.net/
--- End Message ---
--- Begin Message ---
Stut wrote:
You seem unable to accept that you are the one that put your email
address out there for anyone to collect. If you can't understand that
then there is indeed no point in continuing the conversation.
I do understand it. What I object to is a supposedly responsible member
of this list publishing everyone's address, and then attacking me for
criticising him for such a dumb move.
__
David Powers
--- End Message ---
--- Begin Message ---
On 20 Jan 2008, at 18:02, David Powers wrote:
Stut wrote:
You seem unable to accept that you are the one that put your email
address out there for anyone to collect. If you can't understand
that then there is indeed no point in continuing the conversation.
I do understand it. What I object to is a supposedly responsible
member of this list publishing everyone's address, and then
attacking me for criticising him for such a dumb move.
You're still missing the point. Every time you send a message to this
list *you* are publishing your email address. What Dan's done a) was
only possible because you had already published your address, and b)
almost certainly won't result in more spambots picking up your address
than would have anyway.
-Stut
--
http://stut.net/
--- End Message ---
--- Begin Message ---
On Sun, 2008-01-20 at 18:02 +0000, David Powers wrote:
> Stut wrote:
> > You seem unable to accept that you are the one that put your email
> > address out there for anyone to collect. If you can't understand that
> > then there is indeed no point in continuing the conversation.
>
> I do understand it. What I object to is a supposedly responsible member
> of this list publishing everyone's address, and then attacking me for
> criticising him for such a dumb move.
I've been away for a while... but been reading through this thread a
bit. Seems the push and shove of the thread revolves around
re-publishing what has already been publicly published. As Stut pointed
out, when you post to this list, your address becomes public. Dan has
neither added nor subtracted from the publicly available pool of email
addresses. As such, and within this context, nothing has been gained and
nothing has been lost. I understand what you are thinking, but the fact
remains your address is already public for having posted to the list. It
seems you are getting bent out of shape because you aren't grasping this
fact. Dan hasn't done anything wrong nor does he owe any apologies or
concessions.
Cheers,
Rob.
--
...........................................................
SwarmBuy.com - http://www.swarmbuy.com
Leveraging the buying power of the masses!
...........................................................
--- End Message ---
--- Begin Message ---
Robert Cummings wrote:
I understand what you are thinking, but the fact
remains your address is already public for having posted to the list. It
seems you are getting bent out of shape because you aren't grasping this
fact. Dan hasn't done anything wrong nor does he owe any apologies or
concessions.
I am not naive enough to think that my email address would have remained
secret if Dan hadn't published the list. Unfortunately, this is the only
newsgroup out of more than 20 that I regularly monitor or contribute to
that exposes individual addresses. I have tried posting in the past with
a munged address, but the post was rejected. I took the risk of using an
address that had been spam-free for years in the full knowledge of what
might happen. I did so, because this seemed a professional list, and the
address remained spam-free for about a year after my first post. It's
only within the last couple of months that spam has started coming in.
Whether it's this list that's been harvested, it's impossible to say.
Of course, anyone with the appropriate coding skill can harvest
addresses from this list, as Dan has shown. I just don't think it's
sensible for a responsible member to hand the addresses of 100 members
on a plate to all and sundry. As I've said before, if Dan's response had
been, "Sorry, that wasn't meant to happen," that would have been the end
of it.
And now this really must be the end of it.
__
David Powers
--- End Message ---
--- Begin Message ---
On Sunday 20 January 2008 19:58:03 David Powers wrote:
> Robert Cummings wrote:
> > I understand what you are thinking, but the fact
> > remains your address is already public for having posted to the list. It
> > seems you are getting bent out of shape because you aren't grasping this
> > fact. Dan hasn't done anything wrong nor does he owe any apologies or
> > concessions.
>
> I am not naive enough to think that my email address would have remained
> secret if Dan hadn't published the list. Unfortunately, this is the only
> newsgroup out of more than 20 that I regularly monitor or contribute to
> that exposes individual addresses. I have tried posting in the past with
> a munged address, but the post was rejected. I took the risk of using an
> address that had been spam-free for years in the full knowledge of what
> might happen. I did so, because this seemed a professional list, and the
> address remained spam-free for about a year after my first post. It's
> only within the last couple of months that spam has started coming in.
> Whether it's this list that's been harvested, it's impossible to say.
>
> Of course, anyone with the appropriate coding skill can harvest
> addresses from this list, as Dan has shown. I just don't think it's
> sensible for a responsible member to hand the addresses of 100 members
> on a plate to all and sundry. As I've said before, if Dan's response had
> been, "Sorry, that wasn't meant to happen," that would have been the end
> of it.
>
> And now this really must be the end of it.
You really don't get it yet? You distributed it, I knew your email long before
Dan did squat, didn't take any programming to acomplish that.
And for skills? I'm poor at regexp (as in I SUCK) but hell, even I could do an
harvest directly from postfix and you would come up time after time by your
own hand, a few mails more with the mention of your email wouldn't do any
difference, see; I got you one the first mail.
>
> __
> David Powers
--
---
Børge Holen
http://www.arivene.net
--- End Message ---
--- Begin Message ---
have you ever googled for [EMAIL PROTECTED] ?
looks like it brings up some thread from around
september of 07... oh wait; isnt that before dan
started up the stat program ..
-nathan
--- End Message ---
--- Begin Message ---
On Sunday 20 January 2008 22:06:54 Nathan Nobbe wrote:
> have you ever googled for [EMAIL PROTECTED] ?
> looks like it brings up some thread from around
> september of 07... oh wait; isnt that before dan
> started up the stat program ..
>
> -nathan
MAN don't expose it like that. Now he'll get tons upon tons of spam :D
--
---
Børge Holen
http://www.arivene.net
--- End Message ---
--- Begin Message ---
On Jan 20, 2008 4:09 PM, Børge Holen <[EMAIL PROTECTED]> wrote:
>
> MAN don't expose it like that. Now he'll get tons upon tons of spam :D
>
damn, did i, like, just publish it again :-O
-nathan
--- End Message ---
--- Begin Message ---
On Sun, 2008-01-20 at 16:13 -0500, Nathan Nobbe wrote:
> On Jan 20, 2008 4:09 PM, Børge Holen <[EMAIL PROTECTED]> wrote:
> >
> > MAN don't expose it like that. Now he'll get tons upon tons of spam :D
> >
>
> damn, did i, like, just publish it again :-O
Is this going to turn into one of those things like with the Blu-Ray
decryption code?
Slashdot in 10... ;)
Cheers,
Rob.
--
...........................................................
SwarmBuy.com - http://www.swarmbuy.com
Leveraging the buying power of the masses!
...........................................................
--- End Message ---
--- Begin Message ---
On Jan 20, 2008 4:38 PM, Robert Cummings <[EMAIL PROTECTED]> wrote:
>
> On Sun, 2008-01-20 at 16:13 -0500, Nathan Nobbe wrote:
> > On Jan 20, 2008 4:09 PM, Børge Holen <[EMAIL PROTECTED]> wrote:
> > >
> > > MAN don't expose it like that. Now he'll get tons upon tons of spam :D
> > >
> >
> > damn, did i, like, just publish it again :-O
>
> Is this going to turn into one of those things like with the Blu-Ray
> decryption code?
>
> Slashdot in 10... ;)
good to have you back around rob!
btw.. not to like steal a thread or anything, did you see my thread on the
crypt()
thing? mind tossing 2 cents at it ?
-nathan
--- End Message ---
--- Begin Message ---
On Sunday 20 January 2008 22:38:24 Robert Cummings wrote:
> On Sun, 2008-01-20 at 16:13 -0500, Nathan Nobbe wrote:
> > On Jan 20, 2008 4:09 PM, Børge Holen <[EMAIL PROTECTED]> wrote:
> > > MAN don't expose it like that. Now he'll get tons upon tons of spam :D
> >
> > damn, did i, like, just publish it again :-O
>
> Is this going to turn into one of those things like with the Blu-Ray
> decryption code?
nono.
Depending on the reply from david it either:
Turns into a twin peak thriller with a sudden stop
or
a soap like bold and the beautiful episode 345k we'll just go on and on and
on and on.
>
> Slashdot in 10... ;)
>
> Cheers,
> Rob.
> --
> ...........................................................
> SwarmBuy.com - http://www.swarmbuy.com
>
> Leveraging the buying power of the masses!
> ...........................................................
--
---
Børge Holen
http://www.arivene.net
--- End Message ---
--- Begin Message ---
Hello everyone,
I'd appreciate any insights, or source suggestions regarding site
traffic and necessary adjustments.
For example, I'm using a simple digital download page for an indie
artist. Not a ton of traffic, not a ton of concurrent requests.
Was thinking about introducing something similar for a bigger
artist(though still not huge) and I'm concerned for any trouble more
demand might create. On the web server side, I'm not worried, as it's
on a Pair high volume account.
I am concerned where I might need back-ups or adjustments to code and
database queries. Not quite sure where to start in researching this -
any ideas or keywords would be appreciated.
Thanks,
-dg
--- End Message ---
--- Begin Message ---
Hello again;
I am developing an application that uses php with Apache.
A user requests a script file from a web site and the server
takes such things as $_SERVER['REMOTE_ADDRESS']
and uses php's time() function to record the time in utc
code (which would be the server's system time)
and other bits of info and saves it in a php script file on
the server.
The script is a login script. When the user successfully
logs in. Javascript is used to send the client time and
time zone offset. These are written to this file also. To
track the user for statistical and authorization reasons
this file is used to authenticate each user request and
track usage.
What I do not understand perfectly at the moment,
and I have to learn somewhere sometime, is the
figures that are recorded.
I know, I could use php's built in session handling but
I have special reasons for doing it this way.
These are the values I am recording: (a sample php script file)
$sid = '96f120f9dcf293e64e6dcbd16024491e'; // this is a session id
$da = '1200867964'; // this is
the value generated by the time() function
$hid = '2c9a46c1a5d89469481951065cc6a621';// another session id
$ctzo = '480'; //
This is time zone offset according to what javascript sends
$ctzn = '1200868142247'; // This is
the client time according to javascript, which is supposed
// to be in milliseconds
The specific questions are
what does the offset '480' mean? (add or subtract from utc/GMT to get
local time?)
I am in Pacific Standard Time testing this script. The server is also
at the same location.
The javascript time value should be the original request time plus the
time it takes
for a successful login to be processed:
The user types in the info and clicks the form button
the client pre submission script is run
then the server receives and processes
$_POST values and decides if the user has sent a valid id.
Javascript time value is specified as milliseconds.
millisecond is 1/1000 of a second, right?
and dividing the value by 1000 would give seconds elapsed
from Jan 1 1970(?)
thank you in advance;
Jeff k
--- End Message ---
