php-general Digest 22 Mar 2008 08:18:14 -0000 Issue 5361
Topics (messages 271956 through 271963):
Re: spider
271956 by: TG
271957 by: tedd
Re: MCrypt not decrypting simple text
271958 by: Dan
Re: Double click problem [SOLVED]
271959 by: Jim Lucas
271962 by: Lester Caine
relative linking in php
271960 by: Sudhakar
271963 by: Nitsan Bin-Nun
problem with sessions config.
271961 by: N.Boatswain
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
--- Begin Message ---
Good call, Ray. And depending on how much you need to pull, you might also
include <img> and <iframe> src values. Also test to make sure there's an
href value for the <a> tags, they could also be <a name="somename"> without
an href.
It gets really tricky when you start looking at javascript window.open or
window.location type link sources.
-TG
----- Original Message -----
From: Ray Hauge <[EMAIL PROTECTED]>
To: tedd <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED]
Date: Fri, 21 Mar 2008 13:45:35 -0500
Subject: Re: [PHP] spider
> Have a look at something like this:
>
> http://simplehtmldom.sourceforge.net/
>
> I haven't used it, but if it works you should be able to pull up a list
> of all the <a> tags quite easily through the DOM ala:
>
> foreach($dom->find('a') as $node)
> echo $node->href . '<br>';
--- End Message ---
--- Begin Message ---
To get directory permissions, you'd really have to go through either FTP or a
terminal connection (telnet, etc).
Yes, but that's doing it programmatically, what about this?
What if you knew that a directory on a site was set to 0777 -- what
damage could you cause?
I have seen scripts that clients purchase that require permissions
for certain directories to be set to 0777 and left that way. The
scripts don't change the permissions; write the file; and then change
them back but rather just leave them set at 0777.
If a site is using such a script and you know what directories have
to be set to 0777, then that's a security issue, isn't it?
Cheers,
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--- End Message ---
--- Begin Message ---
Ok, looks like I'm not getting much intrest here, can anyone recomend which
newsgroup I should post this under? Is there a crypto group or anything of
the like?:
- Dan
""Dan"" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
I'm using MCrypt and I have two very simple functions. All I'm doing is
giving the function some text and a password, it encrypts the text and
saves it as a text file on the server. Then I at some later time run
another php file which decrypts using the decrypt function given the text
and the SAME password as the first time and all I get is garbage. What am
I doing wrong? What do I need to change so that I can get this to work the
way I described?
function aes_128_encrypt($text,$password) {
$size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
$iv = mcrypt_create_iv($size, MCRYPT_DEV_RANDOM);
$text .= chr(3).chr(3).chr(3);
return bin2hex(mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $password,
$text, MCRYPT_MODE_ECB, $iv));
} // End of function
and
function aes_128_decrypt($encrypted_text,$password) {
$size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
$iv = mcrypt_create_iv($size, MCRYPT_DEV_RANDOM);
return mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $password, pack("H*",
$encrypted_text), MCRYPT_MODE_ECB, $iv);
} // End of function
- Dan
--- End Message ---
--- Begin Message ---
tedd wrote:
Hi gang:
This is probably trivial for most of you, but here's my solution to the
problem I presented earlier.
The problem was, I just wanted to be certain that if a use clicked a
button that they could only do it once. Sounds simple enough, huh?
Certainly, one can use javascript, but I wanted something that was basic
php and html -- here's my solution with code (please provide critical
review):
http://www.webbytedd.com/cc/submit-once/index.php
If the user clicks "Submit once", then that's the way it is until they
quit their browser. If they don't quit their browser, then no amount of
refresh will allow them to click the button again.
The "Reset Submit", of course, resets this condition but it's for demo
purposes.
What I have not solved, and I don't think there is a solution (I could
be wrong) is to prohibit the user from clicking the back button on their
browser to reset this condition.
I've done a considerable amount of javascript reading, testing, and code
search and have not found anything that works -- and -- I have even
found places where the js community says that nothing will work to solve
the back-button problem.
So, does anyone here know better? If so, please start a different thread.
Cheers,
tedd
It would require a little JS, but you could use the onUnload feature and pop up
a warning that would tell them the problem(s) of leaving this page. Then use
the confirm() method from JS to either allow or deny them to leave the current page.
I don't know if you can limit this action to only take affect when they press
the back button, but it might help in any event.
--
Jim Lucas
"Some men are born to greatness, some achieve greatness,
and some have greatness thrust upon them."
Twelfth Night, Act II, Scene V
by William Shakespeare
--- End Message ---
--- Begin Message ---
tedd wrote:
Hi gang:
This is probably trivial for most of you, but here's my solution to the
problem I presented earlier.
The problem was, I just wanted to be certain that if a use clicked a
button that they could only do it once. Sounds simple enough, huh?
Certainly, one can use javascript, but I wanted something that was basic
php and html -- here's my solution with code (please provide critical
review):
I had been tracking an intermittent bug for some considerable time and having
finally identified the underlying problem - double click sends the page
request twice, but the second request is processed before first has updated
things! We have tightened up the server end as much as possible, but not
eliminated the problem.
The javascript solution is the only reliable one that I've found but some
sites do not allow it to be enabled. Since having finally identified the
source of the problem, we have improved education and can now 'spot' a double
clicker who in many cases does not even know they are doing it! People get so
used TO double clicking things on the desktop :( But in some case we suspect
that the BROWSER send two requests perhaps because of a noisy keyboard! On one
site that we pinned down to a particular counter position, changing the
keyboard fixed the problem ( enter was pressing the button ).
Just a word of warning that may explain the occasional double order ;)
--
Lester Caine - G8HFL
-----------------------------
Contact - http://home.lsces.co.uk/lsces/wiki/?page=contact
L.S.Caine Electronic Services - http://home.lsces.co.uk
EnquirySolve - http://enquirysolve.com/
Model Engineers Digital Workshop - http://medw.co.uk//
Firebird - http://www.firebirdsql.org/index.php
--- End Message ---
--- Begin Message ---
i am using a self submitting for using php
<form action="<?php echo $_SERVER["PHP_SELF"]; ?>" method="POST" id="test2"
name="registrationform"> the registration page starts with a lot of terms
and other details about the registration and then the form fields for the
user to fill the registration page. i have used php to validate the form,
presently when a user clicks the submit button and if there are any
validateions that need to be displayed to the user, then the user has to
scroll from the top of the page all the way till they see the form elements
with the validation message ex= Please enter your phone number.
my question is, as in html with relative linking ex <a href="#link1"> click
here</a>
<a name="link1"> </a>
Text here
the page can be moved to an exact location, can this be done more or less
close to this relative linking using php so that the user need not scroll
from the top of the page to see the validation message.
NOTE = since i am using a self submitting form just before the first form
element i have created a blank table row and in this table row the php
validation message would appear if the user missed out some information. due
to this the user has to scroll from the top of the page to see the php
generated validation message. if i use the same php validation at the very
top of the page the error message will be at the top and the form fields at
the bottom and the user will have to scroll up and down to read the
validation message.
please advice.
thanks.
--- End Message ---
--- Begin Message ---
Oops, I didnt post it to the list, copy is attached.
On 22/03/2008, Nitsan Bin-Nun <[EMAIL PROTECTED]> wrote:
>
> Hi Sudhakar,
> There are 2 solutions,
> You can change the <form> tag to something like:
>
>
> > <form action="<?php echo $_SERVER["PHP_SELF"]; ?>*#errorsArea*"
> > method="POST" id="test2"
> > name="registrationform">
>
>
> Then add the following line before the errors:
>
>
> > <a name="errorsArea"></a>
>
>
> The main problem here is that in case there are no errors it still go
> down.
> If you dont want to get down when there are no errors, you can send it
> without the #errorsArea call, and in your php, check the errors, if there
> are errors you can forward to #errosArea otherwise dont forward.
>
> HTH
> Nitsan
>
> BTW
> Personally, I would avoid those things and use AJAX instead.
>
> On 22/03/2008, Sudhakar <[EMAIL PROTECTED]> wrote:
> >
> > i am using a self submitting for using php
> > <form action="<?php echo $_SERVER["PHP_SELF"]; ?>" method="POST"
> > id="test2"
> > name="registrationform"> the registration page starts with a lot of
> > terms
> > and other details about the registration and then the form fields for
> > the
> > user to fill the registration page. i have used php to validate the
> > form,
> > presently when a user clicks the submit button and if there are any
> > validateions that need to be displayed to the user, then the user has to
> > scroll from the top of the page all the way till they see the form
> > elements
> > with the validation message ex= Please enter your phone number.
> >
> > my question is, as in html with relative linking ex <a href="#link1">
> > click
> > here</a>
> > <a name="link1"> </a>
> > Text here
> >
> > the page can be moved to an exact location, can this be done more or
> > less
> > close to this relative linking using php so that the user need not
> > scroll
> > from the top of the page to see the validation message.
> >
> > NOTE = since i am using a self submitting form just before the first
> > form
> > element i have created a blank table row and in this table row the php
> > validation message would appear if the user missed out some information.
> > due
> > to this the user has to scroll from the top of the page to see the php
> > generated validation message. if i use the same php validation at the
> > very
> > top of the page the error message will be at the top and the form fields
> > at
> > the bottom and the user will have to scroll up and down to read the
> > validation message.
> >
> > please advice.
> >
> > thanks.
> >
>
>
--- End Message ---
--- Begin Message ---
Hello guys; i'm having a problem with session behavior; i'm going straight to
it, but first some considerations:
PHP Version 5.2.5IIF 5.1Running on localhost (XP machine)I start sessions at
the top of every page.
A the start of a test page, just as example, i do the assignment:
$_SESSION["username"] = "aaa";
At the end of the same page i print it's value: echo $_SESSION["username"];
And i get the layout: "aaa", as expecteed.
Then I redirect to another page. On that one, after initializating the session
("session_start();") print again the $_SESSION["username"] content and the
result is empty. If i try the same code on a server (all this is on my local
machine), the code works as expected; so i think it is a configuration problem,
here is my php.ini part that correspond to session configuration, so you can
tell my if i'm doing anything wrong, long comments where removed:
[Session]; Handler used to store/retrieve data.session.save_handler =
files;session.save_path = "/tmp" BC 13/12/07session.save_path="/tmp"; Whether
to use cookies.session.use_cookies = 1;session.cookie_secure = ; This option
enables administrators to make their users invulnerable to; attacks which
involve passing session ids in URLs; defaults to 0.session.use_only_cookies =
1; Name of the session (used as cookie name).session.name = PHPSESSID;
Initialize session on request startup.session.auto_start = 1; Lifetime in
seconds of cookie or, if 0, until browser is restarted.session.cookie_lifetime
= 0; The path for which the cookie is valid.session.cookie_path = /; The domain
for which the cookie is valid.session.cookie_domain =; Whether or not to add
the httpOnly flag to the cookie, which makes it inaccessible to browser
scripting languages such as JavaScript.session.cookie_httponly = ; Handler used
to serialize data. php is the standard serializer of
PHP.session.serialize_handler = php; Define the probability that the 'garbage
collection' process is started; on every session initialization.; The
probability is calculated by using gc_probability/gc_divisor,; e.g. 1/100 means
there is a 1% chance that the GC process starts; on each
request.session.gc_probability = 1session.gc_divisor = 1000; After this
number of seconds, stored data will be seen as 'garbage' and; cleaned up by the
garbage collection process.session.gc_maxlifetime = 1440session.bug_compat_42 =
0session.bug_compat_warn = 1; Check HTTP Referer to invalidate externally
stored URLs containing ids.; HTTP_REFERER has to contain this substring for the
session to be; considered as valid.session.referer_check =; How many bytes to
read from the file.session.entropy_length = 0; Specified here to create the
session id.session.entropy_file =;session.entropy_length =
16;session.entropy_file = /dev/urandom; Set to {nocache,private,public,} to
determine HTTP caching aspects; or leave this empty to avoid sending
anti-caching headers.session.cache_limiter = nocache; Document expires after n
minutes.session.cache_expire = 180session.use_trans_sid = 0; Select a hash
function; 0: MD5 (128 bits); 1: SHA-1 (160 bits)session.hash_function = 0;
Define how many bits are stored in each character when converting; the binary
hash data to something readable.;; 4 bits: 0-9, a-f; 5 bits: 0-9, a-v; 6 bits:
0-9, a-z, A-Z, "-", ","session.hash_bits_per_character = 5; The URL rewriter
will look for URLs in a defined set of HTML tags.; form/fieldset are special;
if you include them here, the rewriter will; add a hidden <input> field with
the info which is otherwise appended; to URLs. If you want XHTML conformity,
remove the form entry.; Note that all valid entries require a "=", even if no
value follows.url_rewriter.tags =
"a=href,area=href,frame=src,input=src,form=,fieldset="
Well, thanks and sorry for my english;
Nicolás.
_________________________________________________________________
Watch “Cause Effect,” a show about real people making a real difference. Learn
more.
http://im.live.com/Messenger/IM/MTV/?source=text_watchcause
--- End Message ---
