php-general Digest 29 Jan 2008 18:01:52 -0000 Issue 5263
Topics (messages 268238 through 268261):
Re: Posting Summary for Week Ending 25 January, 2008: [EMAIL PROTECTED]
268238 by: Zoltán Németh
how to display photos of the day?
268239 by: jeffry s
268240 by: Zoltán Németh
268241 by: Steve Edberg
268242 by: Paul Scott
268252 by: tedd
268254 by: Per Jessen
Framed & Linked Content
268243 by: Mike Potter
268244 by: Per Jessen
268246 by: Robert Cummings
268248 by: Jason Pruim
268250 by: Robert Cummings
268251 by: Per Jessen
268253 by: Robert Cummings
268256 by: Per Jessen
268259 by: Per Jessen
Handle time-outs and errors with file()
268245 by: John Papas
268260 by: Nathan Nobbe
Another question about functions...
268247 by: Jason Pruim
268255 by: Nathan Nobbe
268258 by: Jason Pruim
PHP 5.2.5 Install Question/Problem
268249 by: Strader, William A.
Re: disable referer ? (was: Framed & Linked Content)
268257 by: Per Jessen
268261 by: Robert Cummings
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
--- Begin Message ---
2008. 01. 28, hétfő keltezéssel 13.35-kor Daniel Brown ezt írta:
> Whoops.... :-x
>
> The odd thing is, the characters came out fine during the tests,
> and because some changes were made to the script during the week, some
> people will show up two or more times (read: people with non-English
> characters in their names). I've been pretty sick all week, so I
> haven't really worked on it at all. Once I get the bugs worked out
> and the scripts cleaned up, I'll post the source and database.
>
> For now, I'm going back to bed....
get better soon!
one small notice. the non-English characters are getting converted to
utf-8 well, but this e-mail is sent with
Content-Type: text/plain; charset=ISO-8859-1
so the utf-8 characters are screwed up... it might be the forwarding by
gmail, or something (I don't think the list server would interfere with
that)
and of course Richard Lynch wins the week :D
greets
Zoltán Németh
>
>
> Posting Summary for PHP-General List
> Week Ending: Friday, 25 January, 2008
>
> Messages | Bytes | Sender
> --------------------+--------------------+------------------
> 567 (100%) 1420607 (100%) EVERYONE
> 77 (13.6%) 113559 (8%) Richard Lynch <ceo at
> l-i-e dot com>
> 56 (9.9%) 73653 (5.2%) Nathan Nobbe
> <quickshiftin at gmail dot com>
> 51 (9%) 82210 (5.8%) Jochem Maas <jochem at
> iamjochem dot com>
> 34 (6%) 74332 (5.2%) Eric Butera <eric dot
> butera at gmail dot com>
> 29 (5.1%) 42938 (3%) Daniel Brown <parasane
> at gmail dot com>
> 23 (4.1%) 35023 (2.5%) Dotan Cohen <dotancohen
> at gmail dot com>
> 22 (3.9%) 36344 (2.6%) Robert Cummings <robert
> at interjinn dot com>
> 19 (3.4%) 12639 (0.9%) Per Jessen <per at
> computer dot org>
> 18 (3.2%) 27591 (1.9%) Jason Pruim <japruim at
> raoset dot com>
> 17 (3%) 19199 (1.4%) Chris <dmagick at gmail dot
> com>
> 12 (2.1%) 29497 (2.1%) Zoltán NÃ(c)meth
> <znemeth at alterationx dot hu>
> 10 (1.8%) 11840 (0.8%) David Powers <Email Removed>
> 8 (1.4%) 12421 (0.9%) nihilism machine
> <nihilismmachine at gmail dot com>
> 8 (1.4%) 7667 (0.5%) Apple7777 <applepro7777
> at gmail dot com>
> 6 (1.1%) 8460 (0.6%) Stut <stuttle at gmail dot com>
> 6 (1.1%) 25309 (1.8%) Wolf <LoneWolf at nc
> dot rr dot com>
> 6 (1.1%) 19482 (1.4%) Jay Blanchard
> <jblanchard at pocket dot com>
> 6 (1.1%) 9857 (0.7%) Nathan Rixham <nrixham
> at gmail dot com>
> 5 (0.9%) 9818 (0.7%) Bastien Koert
> <bastien_k at hotmail dot com>
> 5 (0.9%) 9964 (0.7%) Tom Ray [Lists] <lists
> at blazestudios dot com>
> 5 (0.9%) 3100 (0.2%) Floor Terra <floort at
> gmail dot com>
> 5 (0.9%) 6743 (0.5%) Jim Lucas <lists at
> cmsws dot com>
> 5 (0.9%) 4849 (0.3%) mike <mike503 at gmail dot com>
> 5 (0.9%) 21985 (1.5%) AndrÃ(c)s Robinet
> <agrobinet at bestplace dot biz>
> 5 (0.9%) 3583 (0.3%) Colin Guthrie <gmane at
> colin dot guthr dot ie>
> 4 (0.7%) 5240 (0.4%) Paul Scott <pscott at
> uwc dot ac dot za>
> 4 (0.7%) 3486 (0.2%) Richard Heyes <richardh
> at phpguru dot org>
> 4 (0.7%) 3920 (0.3%) Alain Roger <raf dot
> news at gmail dot com>
> 4 (0.7%) 54333 (3.8%) mattias <mj at mjw dot se>
> 4 (0.7%) 5407 (0.4%) Thijs Lensselink <dev
> at lenss dot nl>
> 3 (0.5%) 4161 (0.3%) Tor Vidvei <tor dot
> vidvei at event dot no>
> 3 (0.5%) 4169 (0.3%) Dave Goodchild
> <buddhamagnet at gmail dot com>
> 3 (0.5%) 7109 (0.5%) James Ausmus <james dot
> ausmus at gmail dot com>
> 3 (0.5%) 1883 (0.1%) Pastor Steve <smarquez
> at ccfortsmith dot com>
> 3 (0.5%) 7054 (0.5%) Andrew Ballard
> <aballard at gmail dot com>
> 3 (0.5%) 2781 (0.2%) Luc Maltier <lmaltier
> at lcandco dot com>
> 3 (0.5%) 3512 (0.2%) Casey <heavyccasey at
> gmail dot com>
> 3 (0.5%) 3445 (0.2%) Marcus <marcus dot k79
> at arcor dot de>
> 3 (0.5%) 3875 (0.3%) Al <news at ridersite dot org>
> 3 (0.5%) 3690 (0.3%) Børge Holen <borge at
> arivene dot net>
> 3 (0.5%) 1751 (0.1%) Emil Edeholt <emil at
> knmedical dot se>
> 3 (0.5%) 10211 (0.7%) Keith Roberts <keith at
> karsites dot net>
> 2 (0.4%) 4396 (0.3%) shiplu <shiplu dot net
> at gmail dot com>
> 2 (0.4%) 3808 (0.3%) Rob <rrichards at php dot net>
> 2 (0.4%) 1729 (0.1%) Roberto Mansfield
> <robertom at sas dot upenn dot edu>
> 2 (0.4%) 2829 (0.2%) Peter Jackson
> <tasmaniac at iprimus dot com dot au>
> 2 (0.4%) 2897 (0.2%) Dan <frozendice at gmail dot
> com>
> 2 (0.4%) 272188 (19.2%) Earn More Money<rsjtql
> at yahoo dot com dot my>
> 2 (0.4%) 201342 (14.2%) Improve Your Life
> Style<ukxtmz at blue dot url dot com dot tw>
> 2 (0.4%) 6682 (0.5%) blackwater dev
> <blackwaterdev at gmail dot com>
> 2 (0.4%) 4850 (0.3%) Shelley Shyan <Shelley
> dot Shyan at morodo dot com dot cn>
> 2 (0.4%) 4333 (0.3%) PHP-General <stpra123
> at gmail dot com>
> 2 (0.4%) 7021 (0.5%) Leticia Larrosa
> <leticia at tesla dot cujae dot edu dot cu>
> 2 (0.4%) 3939 (0.3%) Peter <tasmaniac at
> iprimus dot com dot au>
> 2 (0.4%) 3262 (0.2%) Don Don <progwihz at
> yahoo dot com>
> 1 (0.2%) 2182 (0.2%) Peter Ford <pete at
> justcroft dot com>
> 1 (0.2%) 1464 (0.1%) Manuel Lemos <mlemos at
> acm dot org>
> 1 (0.2%) 744 (0.1%) Richard S dot Crawford
> <rscrawford at mossroot dot com>
> 1 (0.2%) 1645 (0.1%) Chuck <chuck dot carson
> at gmail dot com>
> 1 (0.2%) 194 (0%) Marek Zdybel <marek dot
> zdybel at mzdybel dot pl>
> 1 (0.2%) 1883 (0.1%) Galustian Kastens
> <tight at core77 dot com>
> 1 (0.2%) 573 (0%) Edward Kay <edward at
> labhut dot com>
> 1 (0.2%) 814 (0.1%) Sancar Saran <sancar
> dot saran at evodot dot com>
> 1 (0.2%) 1187 (0.1%) venkatk at aol dot in
> 1 (0.2%) 795 (0.1%) Mark Pashia <ryder at
> fidnet dot com>
> 1 (0.2%) 193 (0%) clive <clive_lists at
> immigrationunit dot com>
> 1 (0.2%) 477 (0%) Sutton, John <jsutton
> at littlerock dot org>
> 1 (0.2%) 1695 (0.1%) bruce <bedouglas at
> earthlink dot net>
> 1 (0.2%) 1667 (0.1%) Tom Chubb <tomchubb at
> gmail dot com>
> 1 (0.2%) 2203 (0.2%) Rene Brehmer <rene at
> metalbunny dot net>
> 1 (0.2%) 1238 (0.1%) Greg Donald <gdonald at
> gmail dot com>
> 1 (0.2%) 466 (0%) Johny Burns <contactus
> at delivery2you dot com>
> 1 (0.2%) 1444 (0.1%) mbneto <mbneto at gmail dot
> com>
> 1 (0.2%) 1560 (0.1%) Ron Rademaker <r dot
> rademaker at virtualbuilding dot nl>
> 1 (0.2%) 1621 (0.1%) Jason Paschal <jpaschal
> at gmail dot com>
> 1 (0.2%) 804 (0.1%) dg <daneane at bluerodeo dot
> com>
> 1 (0.2%) 781 (0.1%) Anup Shukla <anup dot
> shkl at gmail dot com>
> 1 (0.2%) 6640 (0.5%) php-general-help at
> lists dot php dot net
> 1 (0.2%) 810 (0.1%) Brady Mitchell <mydarb
> at gmail dot com>
> 1 (0.2%) 605 (0%) Ashley M dot Kirchner
> <ashley at pcraft dot com>
> 1 (0.2%) 4139 (0.3%) AndrÃ(c)s Robinet
> <agrobinet at bestplace dot biz>
> 1 (0.2%) 2676 (0.2%) AndrÃ(c)s Robinet
> <agrobinet at bestplace dot biz>
> 1 (0.2%) 822 (0.1%) Børge Holen <borge at
> arivene dot net>
> 1 (0.2%) 1096 (0.1%) David Giragosian
> <dgiragosian at gmail dot com>
> 1 (0.2%) 2393 (0.2%) jekillen <jekillen at
> prodigy dot net>
> 1 (0.2%) 3877 (0.3%) Mike Potter <ssskibeh
> at gmail dot com>
> 1 (0.2%) 2417 (0.2%) Andre Hübner <Andre
> dot Huebner at gmx dot de>
> 1 (0.2%) 1660 (0.1%) Samisa Abeysinghe
> <samisa dot abeysinghe at gmail dot com>
> 1 (0.2%) 1141 (0.1%) TG <tg-php at
> gryffyndevelopment dot com>
> 1 (0.2%) 4989 (0.4%) Shiplu <shiplu dot net
> at gmail dot com>
> 1 (0.2%) 819 (0.1%) dev at lenss dot nl
> 1 (0.2%) 571 (0%) Manuel Vacelet <manuel
> dot vacelet at gmail dot com>
> 1 (0.2%) 1908 (0.1%) Sándor Tamás
> (HostWare Kft dot ) <sandortamas at hostware dot hu>
> 1 (0.2%) 659 (0%) Ronald Wiplinger <tm
> dot ronald at gmail dot com>
> 1 (0.2%) 1409 (0.1%) Miguel Guirao <miguel
> dot guirao at mail dot telcel dot com>
> 1 (0.2%) 1137 (0.1%) Wolf <lonewolf at nc
> dot rr dot com>
> 1 (0.2%) 7843 (0.6%) PostTrack [Dan Brown]
> <listwatch-php-general at pilotpig dot net>
>
>
> NOTE: Numbers may not add up to 100% due to protection of names and
> addresses upon request.
>
> DISCLAIMER: If you want your email address omitted from future weekly reports,
> please email me privately at [EMAIL PROTECTED] and it will be removed.
>
>
>
>
> --
> </Dan>
>
> Daniel P. Brown
> Senior Unix Geek and #1 Rated "Year's Coolest Guy" By Self Since
> Nineteen-Seventy-[mumble].
>
--- End Message ---
--- Begin Message ---
sorry if this question sound stupid.
i need a good, simple and efficient function to display lets say photo of
the day.
i have a mysql table contain data about 1000 rows. i want to display any of
the photos randomly
and it is fixed for one day.
anyone know how to write the function that return a fixed table id for the
day?
--- End Message ---
--- Begin Message ---
2008. 01. 29, kedd keltezéssel 18.33-kor jeffry s ezt írta:
> sorry if this question sound stupid.
> i need a good, simple and efficient function to display lets say photo of
> the day.
>
> i have a mysql table contain data about 1000 rows. i want to display any of
> the photos randomly
> and it is fixed for one day.
>
> anyone know how to write the function that return a fixed table id for the
> day?
a good article on the subject:
http://www.titov.net/2005/09/21/do-not-use-order-by-rand-or-how-to-get-random-rows-from-table/
greets
Zoltán Németh
--- End Message ---
--- Begin Message ---
At 6:33 PM +0800 1/29/08, jeffry s wrote:
sorry if this question sound stupid.
i need a good, simple and efficient function to display lets say photo of
the day.
i have a mysql table contain data about 1000 rows. i want to display any of
the photos randomly
and it is fixed for one day.
anyone know how to write the function that return a fixed table id for the
day?
What I would do is something like this (assuming your table has a
column 'filename' in it):
Create a cron job (on windows, I think the command is called 'at'?)
that runs this query
select filename from photo_table order by rand() limit 1
once per day, then copies that file to a predefined location (eg
images/pic_of_the_day.jpg).
Then, your web page simply refers to images/pic_of_the_day.jpg. The
contents of pic_of_the_day.jpg change every time the cronjob runs
(unless you randomly pick the same picture twice; not likely with
1000 rows, but you could include some sort of flag [eg; last used
date] to avoid picking the same image twice, or to cycle through all
images before reusing them).
This requires one database hit per day, returning one row, so the
load is next to nothing.
The cronjob could be written in any language, but since this is a PHP
list you'll have to promise to write it in PHP ;)
steve
--
+--------------- my people are the people of the dessert, ---------------+
| Steve Edberg http://pgfsun.ucdavis.edu/ |
| UC Davis Genome Center [EMAIL PROTECTED] |
| Bioinformatics programming/database/sysadmin (530)754-9127 |
+---------------- said t e lawrence, picking up his fork ----------------+
--- End Message ---
--- Begin Message ---
On Tue, 2008-01-29 at 18:33 +0800, jeffry s wrote:
> i have a mysql table contain data about 1000 rows. i want to display any of
> the photos randomly
> and it is fixed for one day.
>
MySQL has a rand() function, so you could bomb that off as a select once
a day on cron or something, or you could do a regular select and
array_rand() it in PHP.
--Paul
All Email originating from UWC is covered by disclaimer
http://www.uwc.ac.za/portal/public/portal_services/disclaimer.htm
--- End Message ---
--- Begin Message ---
At 6:33 PM +0800 1/29/08, jeffry s wrote:
sorry if this question sound stupid.
i need a good, simple and efficient function to display lets say photo of
the day.
i have a mysql table contain data about 1000 rows. i want to display any of
the photos randomly
and it is fixed for one day.
anyone know how to write the function that return a fixed table id for the
day?
jeffry:
Simple enough:.
1. Figure out what day it is.
2. Pull a random image from the database if that date has changed.
If it were me, I would create a simple field in the database that
would have todays date (day of the year) in it.
Then my script would check date(z) with that field. If the value is
different, then I would replace that value with the new value and
then change the picture accordingly by using the rand() function.
Cheers,
tedd
PS: date(z) produces the day of the year (1-365)
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--- End Message ---
--- Begin Message ---
jeffry s wrote:
> sorry if this question sound stupid.
> i need a good, simple and efficient function to display lets say photo
> of the day.
>
> i have a mysql table contain data about 1000 rows. i want to display
> any of the photos randomly and it is fixed for one day.
I use apache for that sort of thing:
.htaccess:
RewriteEngine on
RewriteCond todaysphoto.jpeg !-s
RewriteRule picktodaysphoto.php
"picktodaysphoto.php" selects the photo of the day, writes it
as 'todaysphoto.jpeg', and then redirects to it.
'todaysphoto.jpeg' is then deleted once a day by cron.
/Per Jessen, Zürich
--- End Message ---
--- Begin Message ---
There is JavaScript out there, to make a page break out of frames if
someone else has your page in a frame of theirs.
Is it possible to do this with PHP or is that the wrong side of
Server/Client-side operations?
Related, when target files are PDF's, images, or other than
.php/.htm(l), does PHP provide any remedies against that
sort of remote site linking?
Mike
--- End Message ---
--- Begin Message ---
Mike Potter wrote:
> There is JavaScript out there, to make a page break out of frames if
> someone else has your page in a frame of theirs.
> Is it possible to do this with PHP or is that the wrong side of
> Server/Client-side operations?
I haven't checked, but I'm wondering if the REFERER field might help you
if want to do a server-side redirect.
> Related, when target files are PDF's, images, or other than
> .php/.htm(l), does PHP provide any remedies against that
> sort of remote site linking?
Check the REFERER field.
/Per Jessen, Zürich
--- End Message ---
--- Begin Message ---
On Tue, 2008-01-29 at 10:21 -0500, Mike Potter wrote:
> There is JavaScript out there, to make a page break out of frames if
> someone else has your page in a frame of theirs.
> Is it possible to do this with PHP or is that the wrong side of
> Server/Client-side operations?
PHP can echo the JavaScript that facilitates the break out.
>
> Related, when target files are PDF's, images, or other than
> .php/.htm(l), does PHP provide any remedies against that
> sort of remote site linking?
The only remedy agaonst remote linking is to embed some kind of
expiration in the link that accesses the document. I usually do this by
using a combination of the document ID, a timestamp, and salt, and md5
or sha1. For instance the following:
<?php
$id = 'THE DOCUMENT ID :)';
$now = time();
$salt = 'Some site specific salt.';
$accessId = $id.':'.$now.':'.sha1( $id.':'.$now.':'.$salt );
echo '<a href="/docs/myDocument.php?id='.urlencode( $accessId ).'">'
.'The Document'
.'</a>';
?>
Then when someone actually requests the page we do the following:
<?php
$salt = 'Some site specific salt.';
$lifespan = 2 * 24 * 60 * 60; // 2 days
if( !($accessId = isset( $_GET['id'] ) ? $_GET['id'] : false) )
{
die( 'No document requested.' );
}
list( $id, $timestamp, $code ) = explode( ':', $accessId );
if( $code !== sha1( $id.':'.$timestamp.':'.$salt ) )
{
die( 'Invalid document request.' );
}
if( (time() - $lifespan) > $timestamp )
{
die( 'Document has expired.' );
}
// Otherwise flush document to browser.
?>
Now this doesn't stop anyone from saving the document locally but it
does prevent linking to your site and wasting your resources. The key to
the method is that only you know the $salt and so only you can create
the encoding that validates the passed ID and timestamp. You can also
add more attributes to the encoding such as a user ID. Then you could
ensure the user is logged in, and that the access ID must match their
logged in ID.
Cheers,
Rob.
--
.------------------------------------------------------------.
| InterJinn Application Framework - http://www.interjinn.com |
:------------------------------------------------------------:
| An application and templating framework for PHP. Boasting |
| a powerful, scalable system for accessing system services |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for |
| creating re-usable components quickly and easily. |
`------------------------------------------------------------'
--- End Message ---
--- Begin Message ---
On Jan 29, 2008, at 10:58 AM, Robert Cummings wrote:
On Tue, 2008-01-29 at 10:21 -0500, Mike Potter wrote:
There is JavaScript out there, to make a page break out of frames if
someone else has your page in a frame of theirs.
Is it possible to do this with PHP or is that the wrong side of
Server/Client-side operations?
PHP can echo the JavaScript that facilitates the break out.
Related, when target files are PDF's, images, or other than
.php/.htm(l), does PHP provide any remedies against that
sort of remote site linking?
The only remedy agaonst remote linking is to embed some kind of
expiration in the link that accesses the document. I usually do this
by
using a combination of the document ID, a timestamp, and salt, and md5
or sha1. For instance the following:
<?php
$id = 'THE DOCUMENT ID :)';
$now = time();
$salt = 'Some site specific salt.';
$accessId = $id.':'.$now.':'.sha1( $id.':'.$now.':'.$salt );
echo '<a href="/docs/myDocument.php?id='.urlencode( $accessId ).'">'
.'The Document'
.'</a>';
?>
Then when someone actually requests the page we do the following:
<?php
$salt = 'Some site specific salt.';
$lifespan = 2 * 24 * 60 * 60; // 2 days
if( !($accessId = isset( $_GET['id'] ) ? $_GET['id'] : false) )
{
die( 'No document requested.' );
}
list( $id, $timestamp, $code ) = explode( ':', $accessId );
if( $code !== sha1( $id.':'.$timestamp.':'.$salt ) )
{
die( 'Invalid document request.' );
}
if( (time() - $lifespan) > $timestamp )
{
die( 'Document has expired.' );
}
// Otherwise flush document to browser.
?>
Now this doesn't stop anyone from saving the document locally but it
does prevent linking to your site and wasting your resources. The
key to
the method is that only you know the $salt and so only you can create
the encoding that validates the passed ID and timestamp. You can also
add more attributes to the encoding such as a user ID. Then you could
ensure the user is logged in, and that the access ID must match their
logged in ID.
Cheers,
Rob.
I'm probably about to show my ignorance here... But by showing it
hopefully, I can learn from it! Wouldn't it be just as effective to
have a salt that gets passed to the script and do something like:
if($salt ="Correct salt"){
//display correct picture
}else{
//display some random picture of a guy flipping you the bird and echo
out Don't steal my pictures
}
Now that I type that out, I see that it will still use bandwidth which
if you are on a measured plan I could see being a problem.
So I think I just convinced my self that yours is better... Any thing
really wrong with my idea though?
--
Jason Pruim
Raoset Inc.
Technology Manager
MQC Specialist
3251 132nd ave
Holland, MI, 49424
www.raoset.com
[EMAIL PROTECTED]
--- End Message ---
--- Begin Message ---
On Tue, 2008-01-29 at 11:12 -0500, Jason Pruim wrote:
> On Jan 29, 2008, at 10:58 AM, Robert Cummings wrote:
>
> >
> > On Tue, 2008-01-29 at 10:21 -0500, Mike Potter wrote:
> >> There is JavaScript out there, to make a page break out of frames if
> >> someone else has your page in a frame of theirs.
> >> Is it possible to do this with PHP or is that the wrong side of
> >> Server/Client-side operations?
> >
> > PHP can echo the JavaScript that facilitates the break out.
> >
> >>
> >> Related, when target files are PDF's, images, or other than
> >> .php/.htm(l), does PHP provide any remedies against that
> >> sort of remote site linking?
> >
> > The only remedy agaonst remote linking is to embed some kind of
> > expiration in the link that accesses the document. I usually do this
> > by
> > using a combination of the document ID, a timestamp, and salt, and md5
> > or sha1. For instance the following:
> >
> > <?php
> >
> > $id = 'THE DOCUMENT ID :)';
> > $now = time();
> > $salt = 'Some site specific salt.';
> >
> > $accessId = $id.':'.$now.':'.sha1( $id.':'.$now.':'.$salt );
> >
> > echo '<a href="/docs/myDocument.php?id='.urlencode( $accessId ).'">'
> > .'The Document'
> > .'</a>';
> >
> > ?>
> >
> > Then when someone actually requests the page we do the following:
> >
> > <?php
> >
> > $salt = 'Some site specific salt.';
> > $lifespan = 2 * 24 * 60 * 60; // 2 days
> >
> > if( !($accessId = isset( $_GET['id'] ) ? $_GET['id'] : false) )
> > {
> > die( 'No document requested.' );
> > }
> >
> > list( $id, $timestamp, $code ) = explode( ':', $accessId );
> >
> > if( $code !== sha1( $id.':'.$timestamp.':'.$salt ) )
> > {
> > die( 'Invalid document request.' );
> > }
> >
> > if( (time() - $lifespan) > $timestamp )
> > {
> > die( 'Document has expired.' );
> > }
> >
> > // Otherwise flush document to browser.
> >
> > ?>
> >
> > Now this doesn't stop anyone from saving the document locally but it
> > does prevent linking to your site and wasting your resources. The
> > key to
> > the method is that only you know the $salt and so only you can create
> > the encoding that validates the passed ID and timestamp. You can also
> > add more attributes to the encoding such as a user ID. Then you could
> > ensure the user is logged in, and that the access ID must match their
> > logged in ID.
> >
> > Cheers,
> > Rob.
>
>
> I'm probably about to show my ignorance here... But by showing it
> hopefully, I can learn from it! Wouldn't it be just as effective to
> have a salt that gets passed to the script and do something like:
>
> if($salt ="Correct salt"){
> //display correct picture
> }else{
> //display some random picture of a guy flipping you the bird and echo
> out Don't steal my pictures
> }
>
> Now that I type that out, I see that it will still use bandwidth which
> if you are on a measured plan I could see being a problem.
>
> So I think I just convinced my self that yours is better... Any thing
> really wrong with my idea though?
You can't pass the salt, the salt is like a password. If the end user
knows it they could arbitrarily change the document ID or timestamp in
which case access is no longer under your control. This is why we create
a sha1 encoding based on the document ID, the timestamp, and the salt.
If any of the parameters changes we don't get the access code and so we
know that tampering has occurred with the request parameters.
Cheers,
Rob.
--
.------------------------------------------------------------.
| InterJinn Application Framework - http://www.interjinn.com |
:------------------------------------------------------------:
| An application and templating framework for PHP. Boasting |
| a powerful, scalable system for accessing system services |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for |
| creating re-usable components quickly and easily. |
`------------------------------------------------------------'
--- End Message ---
--- Begin Message ---
Robert Cummings wrote:
> The only remedy agaonst remote linking is to embed some kind of
> expiration in the link that accesses the document.
Wouldn't a check of the REFERER field be enough to disable most remote
links? (I know it is easily forged.)
/Per Jessen, Zürich
--- End Message ---
--- Begin Message ---
On Tue, 2008-01-29 at 17:32 +0100, Per Jessen wrote:
> Robert Cummings wrote:
>
> > The only remedy agaonst remote linking is to embed some kind of
> > expiration in the link that accesses the document.
>
> Wouldn't a check of the REFERER field be enough to disable most remote
> links? (I know it is easily forged.)
Referer value is completely worthless. Many people completely disable
it-- such as myself :)
Cheers,
Rob.
--
.------------------------------------------------------------.
| InterJinn Application Framework - http://www.interjinn.com |
:------------------------------------------------------------:
| An application and templating framework for PHP. Boasting |
| a powerful, scalable system for accessing system services |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for |
| creating re-usable components quickly and easily. |
`------------------------------------------------------------'
--- End Message ---
--- Begin Message ---
Robert Cummings wrote:
>
> On Tue, 2008-01-29 at 17:32 +0100, Per Jessen wrote:
>> Robert Cummings wrote:
>>
>> > The only remedy agaonst remote linking is to embed some kind of
>> > expiration in the link that accesses the document.
>>
>> Wouldn't a check of the REFERER field be enough to disable most
>> remote
>> links? (I know it is easily forged.)
>
> Referer value is completely worthless. Many people completely disable
> it-- such as myself :)
Well then - for people who've disabled it, there's no remote linking to
your content. All done.
/Per Jessen, Zürich
--- End Message ---
--- Begin Message ---
Per Jessen wrote:
> Well then - for people who've disabled it, there's no remote linking
> to your content. All done.
Btw, apache does a good job of dealing with remote links:
RewriteCond %{HTTP_REFERER} !^https?://jessen.ch/
RewriteRule /images/(.*) http://jessen.ch/no-remote-linking-please?item=$1
It's a rough example, but the idea should be obvious.
/Per Jessen, Zürich
--- End Message ---
--- Begin Message ---
I'm using file() to get the contents of a remote page in my script but
I cannot find any information regarding how I could *gracefully*
handle a broken network connection or even a time-out (slow
connection).
Is there a way?
---
Example:
$menu = file('http://www.remotesite.org/mypage.html');
foreach ($menu as $line_num => $line) {
echo $line."\n";
}
--- End Message ---
--- Begin Message ---
On Jan 29, 2008 10:58 AM, John Papas <[EMAIL PROTECTED]> wrote:
> I'm using file() to get the contents of a remote page in my script but
> I cannot find any information regarding how I could *gracefully*
> handle a broken network connection or even a time-out (slow
> connection).
>
> Is there a way?
>
> ---
> Example:
> $menu =
> file('http://www.remotesite.org/mypage.html'<http://www.remotesite.org/mypage.html%27>
> );
> foreach ($menu as $line_num => $line) {
> echo $line."\n";
> }
theoretically, you could use a stream context and set a notification
handler, however, i was unable to get notifications when using this code:
function httpStreamNotificationHandler($notification_code, $severity,
$message, $message_code, $bytes_transferred, $bytes_max) {
echo __FUNCTION__ . PHP_EOL;
var_dump(func_get_args());
}
$options = array('http' =>
array('method' => 'GET',
'timeout' => 3
)
);
$streamContext = stream_context_create($options);
if(stream_context_set_params($streamContext, array('notification',
'httpStreamNotificationHandler'))) {
echo 'stream context parameters set, loading remote resource..' .
PHP_EOL;
// load remote resource
$theFile = file('http://www.remotesite.org/mypage.html', null,
$streamContext);
var_dump($theFile);
} else {
echo 'couldnt set context parameters' . PHP_EOL;
}
you might also get something out of the timeout option, which i set in the
code above,
but ive not verified its working correctly either.
also, you might try curl.
-nathan
--- End Message ---
--- Begin Message ---
HI everyone,
I think I'm getting closer to understanding functions, but I'm
blanking on how to fix a problem that I have... I am attempting to
export a database to excel, which was working before converting the
code into a function.
What's happening is, I have the code set and it downloads the file
into excel, but it doesn't have the database fields in it, rather a
copy of the entire webpage which it trys to put into excel. Below is
the code that I am using in my function to export the records:
<?PHP
function excelexportfunc($select, $sortOrder, $exportdate) {
$export = mysql_query($select);
$fields = mysql_num_fields($export);
for ($i = 0; $i < $fields; $i++) {
$header .= mysql_field_name($export, $i) . "\t";
}
while($row = mysql_fetch_row($export)) {
$line = '';
foreach($row as $value) {
if ((!isset($value)) or ($value == "")) {
$value = "\t";
}
else
{
$value = str_replace('"', '""', $value);
$value = '"' . $value . '"' . "\t";
}
$line .= $value;
}
$data .= trim($line). "\n";
}
$data = str_replace("\r", "", $data);
if ($data =="") {
$data ="\n(0) Records Found!\n";
}
header("Content-type: application/vnd.ms-excel");
header("Content-Disposition: attachment; filename=Export.".
$exportdate.".xls");
header("Pragma: no-cache");
header("Expires: 0");
print "$header\n$data";
}
?>
I am calling the function like so: "excelexportfunc($select,
$sortOrder, $exportdate);"
the $select is specified in an IF statement on the calling page like so:
if($exportoption =="all"){
$sortOrder= $_SESSION['order'];
$search = "";
$select = "SELECT * FROM ".$table." order by ".$sortOrder."";
}else{
$sortOrder = $_SESSION['order'];
$search = $_SESSION['search'];
$select = "SELECT * FROM ".$table." WHERE FName like '%".$search."%'
or LName like '%".$search."%' or Add1 like '%".$search."%' or Add2
like '%".$search."%' or City like '%".$search."%' or State like '%".
$search."%' or Zip like '%".$search."%' or XCode like '%".$search."%'
order by ".$sortOrder."";
}
If anyone has any ideas I would love to hear about them. Hopefully
it's just a simple "." in the wrong place! :)
--
Jason Pruim
Raoset Inc.
Technology Manager
MQC Specialist
3251 132nd ave
Holland, MI, 49424
www.raoset.com
[EMAIL PROTECTED]
--- End Message ---
--- Begin Message ---
On Jan 29, 2008 11:07 AM, Jason Pruim <[EMAIL PROTECTED]> wrote:
> What's happening is, I have the code set and it downloads the file
> into excel, but it doesn't have the database fields in it, rather a
> copy of the entire webpage which it trys to put into excel.
this sounds to me like you may not be linking to the code that generates
the excel spreadsheet properly. this is just a hunch, but to test it, you
might try pointing your browser directly at the script that generates the
excel spreadsheet, rather than navigating to it via a link you have on your
current page.
as far as the data not showing up in the output, try experimenting by
omitting the header() calls and just dump out the result set of the query
to ensure the data is actually getting populated in your function.
-nathan
--- End Message ---
--- Begin Message ---
On Jan 29, 2008, at 11:48 AM, Nathan Nobbe wrote:
On Jan 29, 2008 11:07 AM, Jason Pruim <[EMAIL PROTECTED]> wrote:
What's happening is, I have the code set and it downloads the file
into excel, but it doesn't have the database fields in it, rather a
copy of the entire webpage which it trys to put into excel.
this sounds to me like you may not be linking to the code that
generates
the excel spreadsheet properly. this is just a hunch, but to test
it, you
might try pointing your browser directly at the script that
generates the
excel spreadsheet, rather than navigating to it via a link you have
on your
current page.
as far as the data not showing up in the output, try experimenting by
omitting the header() calls and just dump out the result set of the
query
to ensure the data is actually getting populated in your function.
-nathan
Well, I commented out the header lines and just printed the data to
the browser, and it fills it all in perfectly. So I think you are
right about not calling it right... I'll do some more checking on
that, back to the $salt farms I go! :)
--
Jason Pruim
Raoset Inc.
Technology Manager
MQC Specialist
3251 132nd ave
Holland, MI, 49424
www.raoset.com
[EMAIL PROTECTED]
--- End Message ---
--- Begin Message ---
OK I have tried e-mailing the PHP-Install mailing list and all I got in
response from that list was spam... So I thought I would try here.
OK I am attempting to install PHP 5.2.5 on a new system here is what I
have:
SunOS server1 5.10 Generic_118833-24 sun4u sparc SUNW,Sun-Fire-V210
Here is the GCC version:
gcc version 3.4.3 (csl-sol210-3_4-branch+sol_rpath)
now when I run the ./configure I am doing a :
./configure --prefix=/opt/local/stow/php-5.2.5
--with-apxs2=/usr/local/httpd-2.2.8/bin/apxs
--with-config-file-path=/usr/local/apache/conf
Nothing special on that.. I was originally trying to do a:
./configure --prefix=/opt/local/stow/php-5.2.5
--with-apxs2=/usr/local/httpd-2.2.8/bin/apxs --enable-calendar
--with-config-file-path=/usr/local/apache/conf --with-zlib
--with-openssl=/opt/local/stow/openssl-0.9.8d
--with-jpeg-dir=/opt/local/stow/jpeg-6b
--with-png-dir=/opt/local/stow/libpng-1.2.5 --with-gd
--enable-gd-native-ttf --with-ttf
--with-xpm-dir=/opt/local/stow/xpm-3.4k-solaris
--with-mysql=/opt/local/stow/mysql-5.0.51
But still nothing... Here is the error message:
/bin/sh /export/home/UID/php-5.2.5/libtool --silent --preserve-dup-deps
--mode=compile gcc -Imain/ -I/export/home/ UID /php-5.2.5/main/
-DPHP_ATOM_INC -I/export/home/UID/php-5.2.5/include -I/export/home/ UID
/php-5.2.5/main -I/export/home/ UID /php-5.2.5
-I/usr/local/include/libxml2 -I/export/home/ UID /php-5.2.5/ext/date/lib
-I/export/home/UID/php-5.2.5/TSRM -I/export/home/UID/php-5.2.5/Zend
-D_POSIX_PTHREAD_SEMANTICS -I/usr/local/include -D_REENTRANT -c
/export/home/UID/php-5.2.5/main/mergesort.c -o main/mergesort.lo
/bin/sh /export/home/UID/php-5.2.5/libtool --silent --preserve-dup-deps
--mode=compile gcc -Imain/ -I/export/home/UID/php-5.2.5/main/
-DPHP_ATOM_INC -I/export/home/UID/php-5.2.5/include
-I/export/home/UID/php-5.2.5/main -I/export/home/UID/php-5.2.5
-I/usr/local/include/libxml2 -I/export/home/UID/php-5.2.5/ext/date/lib
-I/export/home/UID/php-5.2.5/TSRM -I/export/home/UID/php-5.2.5/Zend
-D_POSIX_PTHREAD_SEMANTICS -I/usr/local/include -D_REENTRANT -c
/export/home/UID/php-5.2.5/main/reentrancy.c -o main/reentrancy.lo
/export/home/UID/php-5.2.5/main/reentrancy.c: In function `php_ctime_r':
/export/home/UID/php-5.2.5/main/reentrancy.c:63: error: too many
arguments to function `ctime_r'
/export/home/UID/php-5.2.5/main/reentrancy.c: In function
`php_asctime_r':
/export/home/UID/php-5.2.5/main/reentrancy.c:70: error: too many
arguments to function `asctime_r'
/export/home/UID/php-5.2.5/main/reentrancy.c: In function
`php_readdir_r':
/export/home/UID/php-5.2.5/main/reentrancy.c:139: error: too few
arguments to function `readdir_r'
make: *** [main/reentrancy.lo] Error 1
Can anyone suggest anything for me to try??? Thank you all for any help
you can give.
Regards,
William "Billy" A. Strader
NAISMC Web Services
Work: 865-425-5178
Pager: 865-417-5012
Emergency Pager: 865-417-5622
--- End Message ---
--- Begin Message ---
Robert Cummings wrote:
> Referer value is completely worthless. Many people completely disable
> it-- such as myself :)
But most people probably don't - 'coz most don't know how to edit e.g.
the firefox config.
What is the purpose of disabling it?
/Per Jessen, Zürich
--- End Message ---
--- Begin Message ---
On Tue, 2008-01-29 at 17:55 +0100, Per Jessen wrote:
> Robert Cummings wrote:
>
> > Referer value is completely worthless. Many people completely disable
> > it-- such as myself :)
>
> But most people probably don't - 'coz most don't know how to edit e.g.
> the firefox config.
I use Opera :)
> What is the purpose of disabling it?
Sites use it to cross reference your habits. It let's them know from
whence you've come. Whether that be google, msn, freepr0n, etc. No one's
business but my own how I arrived at point X in my surfing travels.
Cheers,
Rob.
--
.------------------------------------------------------------.
| InterJinn Application Framework - http://www.interjinn.com |
:------------------------------------------------------------:
| An application and templating framework for PHP. Boasting |
| a powerful, scalable system for accessing system services |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for |
| creating re-usable components quickly and easily. |
`------------------------------------------------------------'
--- End Message ---
