php-general Digest 16 Jun 2008 17:51:13 -0000 Issue 5517
Topics (messages 275422 through 275448):
Re: Does PHP support utf16 encode / decode
275422 by: Chris
275424 by: hce
275425 by: Lester Caine
Re: Apache RewriteRule Help!!!!
275423 by: Miguel J. Jiménez
Re: Canvas examples
275426 by: Per Jessen
275429 by: Richard Heyes
275430 by: Per Jessen
275436 by: Richard Heyes
question about the week's data read and show
275427 by: EVEL_LIU.WISTRON.COM
Re: extension=mssql.so vs. ;extension=php_mssql.dll
275428 by: T Lensselink
275439 by: Wei, Alice J.
Re: UK PHP Host/Developer Required
275431 by: Robin Vickery
275434 by: Richard Heyes
275440 by: Daniel Brown
How to prevent DoS on PHP script?
275432 by: Michelle Konzack
275435 by: Per Jessen
275444 by: Jim Lucas
275445 by: Per Jessen
275446 by: Nitsan Bin-Nun
275447 by: Andrew Ballard
275448 by: Jim Lucas
Boa Webserver and PHP5
275433 by: Michelle Konzack
275438 by: Daniel Brown
Re: Capture homepage screenshot
275437 by: paragasu
Binary data in $_POST, not in $_FILES, why?
275441 by: Jim Feniello
275442 by: Daniel Brown
275443 by: Jim Feniello
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
--- Begin Message ---
hce wrote:
> Hi,
>
> I know PHP supports utf8 encode/decode, but does it support utf16
> encode/decode? If yes, would you please point me a php manual URL?
It's listed as supported under the mbstring functions here:
http://www.php.net/manual/en/mbstring.supported-encodings.php
--
Postgresql & php tutorials
http://www.designmagick.com/
--- End Message ---
--- Begin Message ---
On Mon, Jun 16, 2008 at 3:59 PM, Chris <[EMAIL PROTECTED]> wrote:
> hce wrote:
>> Hi,
>>
>> I know PHP supports utf8 encode/decode, but does it support utf16
>> encode/decode? If yes, would you please point me a php manual URL?
>
> It's listed as supported under the mbstring functions here:
>
> http://www.php.net/manual/en/mbstring.supported-encodings.php
Thanks Chris for the link, PHP has utf8_encode and utf8_decode. Does
PHP provide utf16_encode and utf16_decode, or the mbstring has
different functions to encode and decode utf16?
Thank you.
Jim
--- End Message ---
--- Begin Message ---
hce wrote:
On Mon, Jun 16, 2008 at 3:59 PM, Chris <[EMAIL PROTECTED]> wrote:
hce wrote:
Hi,
I know PHP supports utf8 encode/decode, but does it support utf16
encode/decode? If yes, would you please point me a php manual URL?
It's listed as supported under the mbstring functions here:
http://www.php.net/manual/en/mbstring.supported-encodings.php
Thanks Chris for the link, PHP has utf8_encode and utf8_decode. Does
PHP provide utf16_encode and utf16_decode, or the mbstring has
different functions to encode and decode utf16?
the utf8_ functions are just a bodge to use with the xml parser and only works
to ISO-8859-1.
mbstring will 'translate' any multibyte string between any of the formats on
the list provided by the link.
So you just tell it what you want to do in
http://www.php.net/manual/en/function.mb-convert-encoding.php
There is no 'decode' since that is just a different 'encode'
--
Lester Caine - G8HFL
-----------------------------
Contact - http://lsces.co.uk/lsces/wiki/?page=contact
L.S.Caine Electronic Services - http://lsces.co.uk
EnquirySolve - http://enquirysolve.com/
Model Engineers Digital Workshop - http://medw.co.uk//
Firebird - http://www.firebirdsql.org/index.php
--- End Message ---
--- Begin Message ---
El Fri, 13 Jun 2008 10:23:29 -0400
"Daniel Brown" <[EMAIL PROTECTED]> escribió:
> You can start by asking your question on an Apache list. This has
> nothing to do with PHP. ;-P
>
> To answer your question, use this in your .htaccess file:
>
> RewriteCond %{SCRIPT_FILENAME} index
> RewriteCond %{QUERY_STRING} ^[a-zA-Z0-9]
> RewriteRule .* http://www.yourdomain.com/404.php [L]
>
> Next time, though, please try to ask questions on the appropriate
> lists.
>
I did write to the apache users list at the same time more or less and
still waiting a reply :'(
---
.---------------------------------------------------------.
| Miguel J. Jiménez |
| Sector Público, ISOTROL S.A. |
| [EMAIL PROTECTED] |
:---------------------------------------------------------:
| KeyID 0xFFE63EC6 hkp://pgp.rediris.es:11371 |
:---------------------------------------------------------:
| Edificio BLUENET, Avda. Isaac Newton nº3, 4ª planta. |
| Parque Tecnológico Cartuja '93, 41092 Sevilla (ESP). |
| Tlfn: +34 955 036 800 (ext.1805) - Fax: +34 955 036 849 |
| http://www.isotrol.com |
:---------------------------------------------------------:
| UTM ED-50 X:765205.09 Y:4144614.91 Huso: 29 |
:---------------------------------------------------------:
| "Me dijeron: 'instala Windows, se listo'; así que |
| instalé primero Windows y luego fui listo y lo borré |
| para instalar Linux" |
'---------------------------------------------------------'
signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
Richard Heyes wrote:
>> That's very cool, Richard.
>
> Well, thanks, but I wouldn't call it "very cool".
I thought it was pretty cool too - I didn't know about <canvas>, but
your example says a lot, I think.
/Per Jessen, Zürich
--- End Message ---
--- Begin Message ---
I thought it was pretty cool too - I didn't know about <canvas>, but
your example says a lot, I think.
But when you compare it to something like this:
http://ejohn.org/apps/processing.js/examples/custom/molten.html
it looks pretty basic (which it is). Mine is perhaps an intro, whereas
this illustrates what can be done with some (a lot?) of work.
--
Richard Heyes
Employ me:
http://www.phpguru.org/cv
+----------------------------------------+
| Access SSH with a Windows mapped drive |
| http://www.phpguru.org/sftpdrive |
+----------------------------------------+
--- End Message ---
--- Begin Message ---
Richard Heyes wrote:
>> I thought it was pretty cool too - I didn't know about <canvas>, but
>> your example says a lot, I think.
>
> But when you compare it to something like this:
>
> http://ejohn.org/apps/processing.js/examples/custom/molten.html
>
> it looks pretty basic (which it is). Mine is perhaps an intro, whereas
> this illustrates what can be done with some (a lot?) of work.
True - far too much work, in my opinion. But I wouldn't mind seeing
some real life use/examples.
I guess the other browser doesn't do much with <canvas> ?
/Per Jessen, Zürich
--- End Message ---
--- Begin Message ---
I guess the other browser doesn't do much with <canvas> ?
Nope. Eg:
<canvas id="foo">
This gets shown on none supporting browsers, but not on supportive
browsers.
</canvas>
MSIE just shows the text and doesn't do anything with the canvas.
One thing about using a canvas is bandwidth. If it's a big concern I
would hazard a guess that a bar chart (for example) would cost less in
terms of code required to build the image compared to JPGraph, and also
less in terms of output (particularly if you were to use output
compression).
--
Richard Heyes
Employ me:
http://www.phpguru.org/cv
+----------------------------------------+
| Access SSH with a Windows mapped drive |
| http://www.phpguru.org/sftpdrive |
+----------------------------------------+
--- End Message ---
--- Begin Message ---
Dears,
Here is my question:
I am write a project manage system.
Now I need to echo one week’s data and send to html show.
Any one got a good idea or codes?
My code has some issues about the loop function. Could you help me check or
give me some suggestion?
The show item like this:
********************************
This week is 25.th week of 2008
[Last Week]06/09--06/15// can be link and show the different week’s data
[This Week]06/16--06/22
[Next Week]06/23--06/29
Found 2 records in 23’Th week.
=======================================================================================
NAME\DAY 06/09 Monday 06/10 Tuesday 06/11 Wednesday 06/12
Thursday 06/13 Friday 06/14 Saturday 06/15 Sunday
Cathy 00 08361-sb 02
03 04 05
06
James 10 08362-sb 12
13 08362-sb 15 16
Connie 20 21 08740-sa
23 24 25
26
Ken 30 31 08741-sb
33 34 08741-sb
36
========================================================================================
My code here (But it seems that some issues on show)
<?php
//==========================Link to the
database==========================================
$link = mysql_connect('localhost', 'evel', '000000')//link the database
or die('Could not connect: ' . mysql_error());
mysql_select_db('evel') or die('Could not select database');
//==========================show the week
information===================================
$weeknumber=date(W);
$yearnumber=date(Y);
$tt=week_limits($weeknumber,$yearnumber);
$begin=date("m/d l",1212973261);
$end=date("m/d l", 1213491661);
echo "This week is $weeknumber th week of $yearnumber<br>";
echo "Date from $begin($tt[0]) to $end($tt[1])<br>";
//=======================================================================================
//==========================show the weekdate
table======================================
$lowEnd=date("w");
$lowEnd=-$lowEnd;
$highEnd=$lowEnd +7;
$weekday=0;
$weektr.= "<link href=\"require/style.css\" rel=\"stylesheet\"
type=\"text/css\">\n";
$weektr.= "<table width=\"118\" bgcolor=\"#FFFFFF\" align=center>\n";
$weektr.= "<tr>\n";
$weektr.= "<TD class=\"Content\"><FONT
COLOR=BLUE><B>NAME\DAY</B></FONT></TD>";
for ($i=$lowEnd+1;$i<=$highEnd;$i++)
{
$WeekDate[$weekday]=date("m/d l",mktime(0, 0, 0, date("m") ,
date("d")+$i, date("Y")));
$datename[$weekday]=date("N",mktime(0, 0, 0, date("m") , date("d")+$i,
date("Y")));
$weektr.= "<TD nowrap align=center bgcolor=\"F1F1F1\">";
$weektr.= "$WeekDate[$weekday]";
$weektr.= "</TD>\n";
}
//===============================end of
weekdate====================================================
//=================================show the data
====================================================
$result = mysql_query("select PNB,Name,Time from report where
Time>='1212138371' AND Time<='1212886861'");//weelresult one week time area test
$num=mysql_num_rows($result);
// echo $num;//show the record number,control the table
if($num)
{
echo "Found $num records<br>";
$weektr.= "<tr>\n";
// while($myrow=mysql_fetch_array($result,MYSQL_NUM))
// {
// $weekdaynumber=date("N",$myrow[2]);
for($x = 0;$x < $num;$x++)//create the data array,for the search resule
number
{
$weekdaynumber=date("N",$myrow[2]);
for($y = 0;$y < 7;$y++)//loop for tr
{
for($i=0;$i<8;$i++)
{
if($weekdaynumber==$y)//get the relate week date data
{
$data[$x][$y] =$myrow[0];
}
else
$data[$x][$y] ="$x$y";
}
$mat[$x][$y] = "$x,$y";
}
}
//echo $weekdaynumber;
while ($x= mysql_fetch_row($result))//one by one show the data record
{ $x=0;
// for($x = 0;$x <= mysql_fetch_row($result);$x++){
// for($x = 0;$x < count($data[$x]);$x++)//output the data,as the
dataarray number is
// {
for($y = 0;$y <7;$y++)
{
if($y==0)//devide the cell to name and the week date and
project cell
{
$weektr.="<td align=\"center\">$myrow[1]</td>";
$weektr.="<td align=\"center\">".$data[$x][$y]."</td>";
}
else
$weektr.="<td align=\"center\">".$data[$x][$y]."</td>";
}
$x++;
$weektr.= "</tr>\n";
// }
// }
}
}
else
echo "Found 0 records";
$weektr.="</table>\n";
print $weektr;
//===============================end of
weekdate====================================================
//=================================get the week time area(seconds)
=================================
function week_limits($weekNumber, $year)
{
// begin datetime
$time = mktime(1, 1, 1, 1, 1, $year);
// Aassuring that $weekNumber is number
$weekNumber--;
// If first week of year starts not from monday,
//date() will return "not correct" result (in this case first week
is 0)
if (date('w', $time) == 1)
$weekNumber++;
$start_time = false;
$end_time = false;
for ($day = 1; $day <= 380; $day++)
{
if (date('W', $time) == $weekNumber && !$start_time)
$start_time = $time;
if (date('W', $time - 24*60*60) == $weekNumber && !$end_time &&
date('W', $time) != $weekNumber)
$end_time = $time - 24*60*60;
if ($start_time && $end_time)
break;
$time += 24*60*60;
}
return array($start_time, $end_time);
}
//=================================End of
week_limits()=================================
?>
Regards!
Evel#0616
--- End Message ---
--- Begin Message ---
Wei, Alice J. wrote:
> Hi,
>
> I am not sure what is exactly the problem with my configurations while I am
> trying to configure Apache, PHP and FreeTDS throughout my attempts to install
> these packages into my Linux.
>
> It appears that I am doing everything correctly as I am going through
> listservs, forums and online articles for the configurations, but there is
> something that goes wrong. So far I have noticed that in my phpinfo() page, I
> still don't see the mssql packages listed as I should have.
>
> Some things I need to be clarified:
>
>
> 1. I noticed that in http://us.php.net/mssql, it mentioned how we are
> supposed to add extension=mssql.so in the php.ini file, while in other places
> I was told to uncomment extension=php_mssql.dll. It appears that this did not
> give me the right configurations, still, even though the installation did
> suggest that mssql support is yes.
>
>
>
> 2. I used the following to configure my PHP AFTER I had installed and
> compiled FreeTDS like most of you said, ./configure
> --with-mssql=/usr/local/freetds --prefix=/usr/local/php, but every single
> time, it gives me this: Directory /usr/local/freetds is not a FreeTDS
> installation directory
>
>
>
> Could this signify the reason why I cannot see PHP configured with MSSQL
> connection? If yes, why is it possible that the support for MSSQL in the
> php.ini file has been commented out?
>
>
> Thanks in advance.
>
> ---------------------------------------
> Alice Wei
> MIS 2009
> School of Library and Information Science
> Indiana University Bloomington
> [EMAIL PROTECTED]
>
>
I had the same problem trying to compile php 5.2.6 with freetds on
Ubutu. No matter what i tried it kept giving me the "Directory
/usr/local/freetds is not a FreeTDS installation directory". I ended up
coping some files. wich resulted in a working mssql extension. It's a
hack. But for me it worked.
I configured freeTDS with the following config options:
./configure --with-tdsver=7.0 --enable-msdblib --enable-dbmfix
--with-gnu-ld --enable-shared --enable-static --prefix=/usr/local/freetds
And after make && make install; i copied the following files.
cp [tds source]/include/tds.h /usr/local/freetds/include
cp [tds source]src/tds/.libs/libtds.a /usr/local/freetds/lib
Then i configured php with --with-mssql=shared,/usr/local/freetds
Hope it helps.
--- End Message ---
--- Begin Message ---
Hi,
I just realized after someone else replying to me saying that I need mssql.so
instead of php_mssql.dll.
What I don't understand is why every time when I tried to install this with
yum by precessing yum install php, yum install apache, I can never see the
phpinfo page, but when I installed it with the Windows binary, I can get the
PHP to show up with my Apahce on my Linux machine. The problem is, I can see
that I wouldn't have mssql.so in my package no matter what.
Does anyone have any solution to this?
Thanks in advance.
Alice
======================================================
Alice Wei
MIS 2009
School of Library and Information Science
Indiana University Bloomington
[EMAIL PROTECTED]
________________________________________
From: T Lensselink [EMAIL PROTECTED]
Sent: Monday, June 16, 2008 4:22 AM
To: [EMAIL PROTECTED]
Subject: Re: [PHP] extension=mssql.so vs. ;extension=php_mssql.dll
Wei, Alice J. wrote:
> Hi,
>
> I am not sure what is exactly the problem with my configurations while I am
> trying to configure Apache, PHP and FreeTDS throughout my attempts to install
> these packages into my Linux.
>
> It appears that I am doing everything correctly as I am going through
> listservs, forums and online articles for the configurations, but there is
> something that goes wrong. So far I have noticed that in my phpinfo() page, I
> still don't see the mssql packages listed as I should have.
>
> Some things I need to be clarified:
>
>
> 1. I noticed that in http://us.php.net/mssql, it mentioned how we are
> supposed to add extension=mssql.so in the php.ini file, while in other places
> I was told to uncomment extension=php_mssql.dll. It appears that this did not
> give me the right configurations, still, even though the installation did
> suggest that mssql support is yes.
>
>
>
> 2. I used the following to configure my PHP AFTER I had installed and
> compiled FreeTDS like most of you said, ./configure
> --with-mssql=/usr/local/freetds --prefix=/usr/local/php, but every single
> time, it gives me this: Directory /usr/local/freetds is not a FreeTDS
> installation directory
>
>
>
> Could this signify the reason why I cannot see PHP configured with MSSQL
> connection? If yes, why is it possible that the support for MSSQL in the
> php.ini file has been commented out?
>
>
> Thanks in advance.
>
> ---------------------------------------
> Alice Wei
> MIS 2009
> School of Library and Information Science
> Indiana University Bloomington
> [EMAIL PROTECTED]
>
>
I had the same problem trying to compile php 5.2.6 with freetds on
Ubutu. No matter what i tried it kept giving me the "Directory
/usr/local/freetds is not a FreeTDS installation directory". I ended up
coping some files. wich resulted in a working mssql extension. It's a
hack. But for me it worked.
I configured freeTDS with the following config options:
./configure --with-tdsver=7.0 --enable-msdblib --enable-dbmfix
--with-gnu-ld --enable-shared --enable-static --prefix=/usr/local/freetds
And after make && make install; i copied the following files.
cp [tds source]/include/tds.h /usr/local/freetds/include
cp [tds source]src/tds/.libs/libtds.a /usr/local/freetds/lib
Then i configured php with --with-mssql=shared,/usr/local/freetds
Hope it helps.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
2008/6/14 Iv Ray <[EMAIL PROTECTED]>:
> Robin Vickery wrote:
>>
>> Out of hours technical support often gets billed at a punitive rate.
>> Which is a bugger if their "out of hours" is your working day.
>
> It seems you haven't tried Rackspace (UK) yet.
>
>> And while you might get tech support out of hours, accounts and
>> billing usually keep normal office hours.
>
> True.
>
> But if you pay your bills on time, you will never talk to these.
When a minute's downtime can cost you tens of thousands of
pounds worth of transactions, you can often find quite pointed
questions to ask your account handler. Like "how the hell did
both independent power rails AND fail at once? Why didn't the
backup generators start? and what are you doing to 1. ensure
that it never happens again and 2. dissuade us from moving to
a hosting facility that exhibits some competence?"
Having to do an emergency failover to a secondary hosting
facility on one of you busiest days of the year can put you in
a really bad mood.
-robin
--- End Message ---
--- Begin Message ---
Out of hours technical support often gets billed at a punitive rate.
Which is a bugger if their "out of hours" is your working day.
>>
>>
It seems you haven't tried Rackspace (UK) yet.
What do you mean? Personally I've had good experiences with Rackspace.
--
Richard Heyes
Employ me:
http://www.phpguru.org/cv
+----------------------------------------+
| Access SSH with a Windows mapped drive |
| http://www.phpguru.org/sftpdrive |
+----------------------------------------+
--- End Message ---
--- Begin Message ---
On Mon, Jun 16, 2008 at 5:33 AM, Robin Vickery <[EMAIL PROTECTED]> wrote:
>
> Having to do an emergency failover to a secondary hosting
> facility on one of you busiest days of the year can put you in
> a really bad mood.
This no longer sounds like a hypothetical. ;-P
--
</Daniel P. Brown>
Dedicated Servers - Intel 2.4GHz w/2TB bandwidth/mo. starting at just
$59.99/mo. with no contract!
Dedicated servers, VPS, and hosting from $2.50/mo.
--- End Message ---
--- Begin Message ---
************************************************************************
* Do not Cc: me, because I READ THIS LIST, if I write here *
* Keine Cc: am mich, ich LESE DIESE LISTE wenn ich hier schreibe *
************************************************************************
Hello,
on my "devel" server I have a script, which allow me to upload Debian
packages which then are included in my private Debian mirror.
Now I have gotten several 1000 hits in the last days. I call it DoS.
There are idiots who have tried to upload shit on my Webspace but since
I check it to be ONLY Debian files they where not successful.
My biggest problem is, that the "/fileupload.php" was always references
from outside my webspace. OK, I was thinking this can be solved by
using HTTP_REFERER which has then worked for some days but NOW those
pigs are back and sending spoofed HTTP_REFERER.
Since I have only a VHost @ISP I can not go deeper into the Apache2
config what I have done when I was running my own server.
Can anyone suggest me something, how to block requests from outside?
Size limitation is not possibel, since some of my upload files are very
huge and I must be able to upload files without Laptop and FTP/SCP
access.
Thanks, Greetings and nice Day/Evening
Michelle Konzack
Systemadministrator
24V Electronic Engineer
Tamay Dogan Network
Debian GNU/Linux Consultant
--
Linux-User #280138 with the Linux Counter, http://counter.li.org/
##################### Debian GNU/Linux Consultant #####################
Michelle Konzack Apt. 917 ICQ #328449886
+49/177/9351947 50, rue de Soultz MSN LinuxMichi
+33/6/61925193 67100 Strasbourg/France IRC #Debian (irc.icq.com)
signature.pgp
Description: Digital signature
--- End Message ---
--- Begin Message ---
Michelle Konzack wrote:
> My biggest problem is, that the "/fileupload.php" was always
> references
> from outside my webspace. OK, I was thinking this can be solved
> by
> using HTTP_REFERER which has then worked for some days but NOW
> those pigs are back and sending spoofed HTTP_REFERER.
>
> Since I have only a VHost @ISP I can not go deeper into the
> Apache2 config what I have done when I was running my own server.
>
> Can anyone suggest me something, how to block requests from outside?
Check client IP-addresses?
/Per Jessen, Zürich
--- End Message ---
--- Begin Message ---
Per Jessen wrote:
Michelle Konzack wrote:
My biggest problem is, that the "/fileupload.php" was always
references
from outside my webspace. OK, I was thinking this can be solved
by
using HTTP_REFERER which has then worked for some days but NOW
those pigs are back and sending spoofed HTTP_REFERER.
Since I have only a VHost @ISP I can not go deeper into the
Apache2 config what I have done when I was running my own server.
Can anyone suggest me something, how to block requests from outside?
Check client IP-addresses?
/Per Jessen, Zürich
The problem that the OP is going to run into is the "Chicken before the Egg"
problem. PHP will not start processing until the file upload has already been
completely uploaded.
Personally, I do not see a PHP solution to your problem. Unless allowing them
to upload then just throwing it away is ok with the op.
--
Jim Lucas
"Some men are born to greatness, some achieve greatness,
and some have greatness thrust upon them."
Twelfth Night, Act II, Scene V
by William Shakespeare
--- End Message ---
--- Begin Message ---
Jim Lucas wrote:
> Per Jessen wrote:
>> Michelle Konzack wrote:
>>
>>> My biggest problem is, that the "/fileupload.php" was always
>>> references
>>> from outside my webspace. OK, I was thinking this can be solved
>>> by
>>> using HTTP_REFERER which has then worked for some days but NOW
>>> those pigs are back and sending spoofed HTTP_REFERER.
>>>
>>> Since I have only a VHost @ISP I can not go deeper into the
>>> Apache2 config what I have done when I was running my own server.
>>>
>>> Can anyone suggest me something, how to block requests from outside?
>>
>> Check client IP-addresses?
>>
>>
>> /Per Jessen, Zürich
>>
>>
>
> The problem that the OP is going to run into is the "Chicken before
> the Egg" problem. PHP will not start processing until the file upload
> has already been completely uploaded.
I was about to say "Then let apache check it", but I hadn't read the
last paragraph of the OPs question.
/Per Jessen, Zürich
--- End Message ---
--- Begin Message ---
I think you can handle this with 2 pages, the first is checking whether the
user is permitted to upload or not and if so passing him to the upload form
with a simple (bool) $_SESSION variable which indicates his permissions.
If you will try to access the second page and the $_SESS variable won't
exist it will throw you back to page 1 to validate your permissions.
Am I missing something? (its pretty simple..)
HTH
On 16/06/2008, Per Jessen <[EMAIL PROTECTED]> wrote:
>
> Jim Lucas wrote:
>
> > Per Jessen wrote:
> >> Michelle Konzack wrote:
> >>
> >>> My biggest problem is, that the "/fileupload.php" was always
> >>> references
> >>> from outside my webspace. OK, I was thinking this can be solved
> >>> by
> >>> using HTTP_REFERER which has then worked for some days but NOW
> >>> those pigs are back and sending spoofed HTTP_REFERER.
> >>>
> >>> Since I have only a VHost @ISP I can not go deeper into the
> >>> Apache2 config what I have done when I was running my own server.
> >>>
> >>> Can anyone suggest me something, how to block requests from outside?
> >>
> >> Check client IP-addresses?
> >>
> >>
> >> /Per Jessen, Zürich
> >>
> >>
> >
> > The problem that the OP is going to run into is the "Chicken before
> > the Egg" problem. PHP will not start processing until the file upload
> > has already been completely uploaded.
>
> I was about to say "Then let apache check it", but I hadn't read the
> last paragraph of the OPs question.
>
>
> /Per Jessen, Zürich
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--- End Message ---
--- Begin Message ---
On Mon, Jun 16, 2008 at 1:01 PM, Nitsan Bin-Nun <[EMAIL PROTECTED]> wrote:
> I think you can handle this with 2 pages, the first is checking whether the
> user is permitted to upload or not and if so passing him to the upload form
> with a simple (bool) $_SESSION variable which indicates his permissions.
> If you will try to access the second page and the $_SESS variable won't
> exist it will throw you back to page 1 to validate your permissions.
>
> Am I missing something? (its pretty simple..)
>
> HTH
Yes, it's missing something. There is nothing in this approach to
prevent the remote client from attempting to access the second page
directly. Even if they do not have the valid $_SESSION variable set,
the server will still receive the entire uploaded content before
passing control to the PHP script to validate permissions. In a DoS
attack, the attacker doesn't care whether the request is actually
allowed; only that resources were consumed in handling the request.
It's still the "chicken and egg" problem already described in this
thread.
Andrew
--- End Message ---
--- Begin Message ---
Nitsan Bin-Nun wrote:
I think you can handle this with 2 pages, the first is checking whether the
user is permitted to upload or not and if so passing him to the upload form
with a simple (bool) $_SESSION variable which indicates his permissions.
If you will try to access the second page and the $_SESS variable won't
exist it will throw you back to page 1 to validate your permissions.
Am I missing something? (its pretty simple..)
Yes, PHP hasn't started yet.
When someone tries to upload a file to a server, Apache is accepting the file
first. Once the file is completely uploaded, Apache hands off the processing to
Apache. Problem is, by this time the DoS has already happened. Apache has
waisted its time receiving the file.
HTH
On 16/06/2008, Per Jessen <[EMAIL PROTECTED]> wrote:
Jim Lucas wrote:
Per Jessen wrote:
Michelle Konzack wrote:
My biggest problem is, that the "/fileupload.php" was always
references
from outside my webspace. OK, I was thinking this can be solved
by
using HTTP_REFERER which has then worked for some days but NOW
those pigs are back and sending spoofed HTTP_REFERER.
Since I have only a VHost @ISP I can not go deeper into the
Apache2 config what I have done when I was running my own server.
Can anyone suggest me something, how to block requests from outside?
Check client IP-addresses?
/Per Jessen, Zürich
The problem that the OP is going to run into is the "Chicken before
the Egg" problem. PHP will not start processing until the file upload
has already been completely uploaded.
I was about to say "Then let apache check it", but I hadn't read the
last paragraph of the OPs question.
/Per Jessen, Zürich
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
Jim Lucas
"Some men are born to greatness, some achieve greatness,
and some have greatness thrust upon them."
Twelfth Night, Act II, Scene V
by William Shakespeare
--- End Message ---
--- Begin Message ---
************************************************************************
* Do not Cc: me, because I READ THIS LIST, if I write here *
* Keine Cc: am mich, ich LESE DIESE LISTE wenn ich hier schreibe *
************************************************************************
Hello,
since my small Laptop (TP570) can not handel the Dino of apache2,
I am running the light webserver "boa" und Debian/Sarge.
Question: Can anyone tell me HOW to get PHP5 running with it?
Thanks, Greetings and nice Day/Evening
Michelle Konzack
Tamay Dogan Network
--
Linux-User #280138 with the Linux Counter, http://counter.li.org/
##################### Debian GNU/Linux Consultant #####################
Michelle Konzack Apt. 917 ICQ #328449886
+49/177/9351947 50, rue de Soultz MSN LinuxMichi
+33/6/61925193 67100 Strasbourg/France IRC #Debian (irc.icq.com)
signature.pgp
Description: Digital signature
--- End Message ---
--- Begin Message ---
On Sat, Jun 14, 2008 at 11:12 AM, Michelle Konzack
<[EMAIL PROTECTED]> wrote:
> ************************************************************************
> * Do not Cc: me, because I READ THIS LIST, if I write here *
> * Keine Cc: am mich, ich LESE DIESE LISTE wenn ich hier schreibe *
> ************************************************************************
Keep in mind two things:
1.) Reply-all automatically includes you, where a simple Reply
does not include the list.
2.) Not every person to write to the list is a subscriber, so
Reply-all is the best option.
If you're getting overloaded, check your email client settings and filters.
>
> since my small Laptop (TP570) can not handel the Dino of apache2,
> I am running the light webserver "boa" und Debian/Sarge.
>
> Question: Can anyone tell me HOW to get PHP5 running with it?
RTFM: http://www.boa.org/documentation/boa-2.html#ss2.3
Just like Apache's httpd.conf, you add an AddType directive.
Compile PHP into a static, standalone (non-modular, non-ASPX) binary
and add the binary as an extension.
That's only a guess based on 2 seconds of Googling though.
--
</Daniel P. Brown>
Dedicated Servers - Intel 2.4GHz w/2TB bandwidth/mo. starting at just
$59.99/mo. with no contract!
Dedicated servers, VPS, and hosting from $2.50/mo.
--- End Message ---
--- Begin Message ---
well, i never try it for my self but somebody out there already develop a simple
library to convert any HTML to image.. google for html2png give me
http://marginalhacks.com/Hacks/html2jpg/
i believe there is more interesting solutions out there. tell me if
you found one.
good luck..
On 6/14/08, Manuel Lemos <[EMAIL PROTECTED]> wrote:
> Hello,
>
> on 06/13/2008 02:46 PM Shiplu said the following:
>> Hello,
>> How can i capture homepage screenshot of a webpage by php?
>>
>> I know a way.
>> I'll run a executable written in C/C++. when It will be called to process
>> a
>> screen shot It will just load the webpage in firefox and capture the
>> image.
>> It'll send the image path to php. The executable will be running.
>> The problem with this solution is, I have to run X, Firefox in my web
>> server, which doesn't look efficient for a server.
>>
>> I wanna know, is there any other way to achieve this? without creating a
>> screen shot server.
>
> If you run PHP on Windows, you can use this PHP class that was just
> released and does exactly what you need. I think it could be adapted to
> work with Firefox too.
>
> http://www.phpclasses.org/win-screenshot
>
> --
>
> Regards,
> Manuel Lemos
>
> PHP professionals looking for PHP jobs
> http://www.phpclasses.org/professionals/
>
> PHP Classes - Free ready to use OOP components written in PHP
> http://www.phpclasses.org/
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--- End Message ---
--- Begin Message ---
Hi,
I'm working on an app with a external provider (voicexml), which at the end
of the day is posting an html form with normal and file data.
I've got 3 test cases, one is an html form with fields and a file, the other
test case is another voicexml provider, and the third is my provider, which
is where my problem resides.
All three have [Content-Type] => multipart/form-data; in the header. The
html form and provider X shows the request data correctly, some in _request
and one in _files, but my provider ends up with an empty _files array, and i
finally dumped the _request array, and it was in there as an item with a
bunch of binary data.
What would cause php to not put it in _files? The obvious is the
multipart/form-data but i've confirmed that. Anything else i can look into?
thanks,
-jim
--- End Message ---
--- Begin Message ---
On Mon, Jun 16, 2008 at 11:14 AM, Jim Feniello <[EMAIL PROTECTED]> wrote:
> Hi,
>
> What would cause php to not put it in _files? The obvious is the
> multipart/form-data but i've confirmed that. Anything else i can look into?
What does the line for the file input in the HTML source say? Can
you provide the whole snippet of code from the form section, starting
with <form ....> and ending with </form> ?
--
</Daniel P. Brown>
Dedicated Servers - Intel 2.4GHz w/2TB bandwidth/mo. starting at just
$59.99/mo. with no contract!
Dedicated servers, VPS, and hosting from $2.50/mo.
--- End Message ---
--- Begin Message ---
I can't because it's a third party provider with a voicexml browser. The
best I have is this log from apache mod_security:
POST /temp/save2.php HTTP/1.1
Accept: */*
Host: recording.repsstudio.com
User-Agent: HVP/4.2
Content-Length: 37486
Content-Type: multipart/form-data; boundary=osb_inet_multipart_boundary
37486
--osb_inet_multipart_boundary
Content-Disposition: form-data; name="dnis"
1a
--osb_inet_multipart_boundary
Content-Disposition: form-data; name="resp"
Content-Type: audio/x-wav
Content-Length: 37050
RIFF±gÿÿWAVEfmt
[EMAIL PROTECTED]@[EMAIL PROTECTED]@^A^@@[EMAIL PROTECTED]@@[EMAIL
PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL
PROTECTED]
ýýþ|{yxyz{ùúþþöýy{xz{xzzzutvx{{x|z|ÿÿüúúûúûûûûüûûøü
ýûúûüýþ~}||||ÿ}}ÿ~ú÷ûüÃ*^Ã^æ'#Õ»(^V+^Ã^Ã^Ã^Ztnosx{}üúûýú
úùû}þýþüü}ú÷ôóùøû$
^S«^Ã^ÃB9¯¨,^O^T®^Ã^ÃÃ^N^O7^çCH ^ÃÃ^P
#^Ã^Ã^Ã2.K3(-BÃÃÃÃèWáp]çôëwèïqïÃ\Ã~þ|Ã¥vôvéyüæôjÃ]ÃÃkòýuqë
nîõwWÃWîTà h÷ráìeäaæh[Ã\QÃZbú{küþ~Ã[lâIð^]fmvlázÃUÃÃ^ÃÃ[Ã÷luÃ
§Ã»Ã¾ÃµÃ¤Ã¥ÃþîÃ_mäj$
--osb_inet_multipart_boundary
Content-Disposition: form-data; name="usercode"
3a
--osb_inet_multipart_boundary
Content-Disposition: form-data; name="userexerciseid"
2a vxml version
--osb_inet_multipart_boundary--
--- End Message ---
