php-general Digest 18 Jun 2008 07:35:20 -0000 Issue 5520
Topics (messages 275493 through 275509):
Re: mkdir() Cannot Create Directories
275493 by: Daniel Brown
275494 by: David Giragosian
275495 by: Wei, Alice J.
275496 by: Nitsan Bin-Nun
CAD file decoding
275497 by: Lester Caine
Re: How to prevent DoS on PHP script?
275498 by: Stut
Re: substr?
275499 by: Jim Lucas
Re: Search like php.net's URL thingy
275500 by: Jon Drukman
275501 by: Jon Drukman
275502 by: Richard Heyes
275504 by: Ryan S
275509 by: Iv Ray
Re: Kindla 0T, but here goes...
275503 by: Ryan S
Password Protecting a page and email notification
275505 by: R.C.
275506 by: Jon Drukman
275507 by: Philip Thompson
275508 by: Philip Thompson
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
--- Begin Message ---
On Tue, Jun 17, 2008 at 2:43 PM, Wei, Alice J. <[EMAIL PROTECTED]> wrote:
> Hi,
>
[snip!]
>
> This is my PHP code:
>
> mkdir("C:/Inetpub/wwwroot/TPU/test/$id, 0755) or die ("<p>Cannot create
> directory C:/Inetpub/wwwroot/TPU/test/$id</p>");
>
> What is strange is that I don't get permission denied errors, but I still
> cannot create the directories. Can anyone provide me some tips on why I am
> getting these errors?
Does 'C:\Inetpub\wwwroot\TPU\test\' exist on the server, and is it
writable? Maybe you're just missing a directory up to that point
(such as 'test'), or maybe it's not on your C:\ drive.
--
</Daniel P. Brown>
Dedicated Servers - Intel 2.4GHz w/2TB bandwidth/mo. starting at just
$59.99/mo. with no contract!
Dedicated servers, VPS, and hosting from $2.50/mo.
--- End Message ---
--- Begin Message ---
On 6/17/08, Daniel Brown <[EMAIL PROTECTED]> wrote:
>
> On Tue, Jun 17, 2008 at 2:43 PM, Wei, Alice J. <[EMAIL PROTECTED]> wrote:
> > Hi,
> >
> [snip!]
> >
> > This is my PHP code:
> >
> > mkdir("C:/Inetpub/wwwroot/TPU/test/$id, 0755) or die ("<p>Cannot create
> directory C:/Inetpub/wwwroot/TPU/test/$id</p>");
> >
> > What is strange is that I don't get permission denied errors, but I
> still cannot create the directories. Can anyone provide me some tips on why
> I am getting these errors?
>
> Does 'C:\Inetpub\wwwroot\TPU\test\' exist on the server, and is it
> writable? Maybe you're just missing a directory up to that point
> (such as 'test'), or maybe it's not on your C:\ drive.
Alice, that's a default IIS path to the web root, so I assume you _might_ be
using IIS. Maybe the IIS manager is locking you out somehow.
--David.
--- End Message ---
--- Begin Message ---
Hi, Daniel:
Thanks, I didn't realize that is the only problem. It sure is working pretty
good now.
One question, why didn't I get "Permission Denied" when I tried to do it
before the execution permissions were set properly?
Alice
======================================================
Alice Wei
MIS 2009
School of Library and Information Science
Indiana University Bloomington
[EMAIL PROTECTED]
________________________________________
From: Daniel Brown [EMAIL PROTECTED]
Sent: Tuesday, June 17, 2008 2:54 PM
To: Wei, Alice J.
Cc: [EMAIL PROTECTED]
Subject: Re: [PHP] mkdir() Cannot Create Directories
On Tue, Jun 17, 2008 at 2:43 PM, Wei, Alice J. <[EMAIL PROTECTED]> wrote:
> Hi,
>
[snip!]
>
> This is my PHP code:
>
> mkdir("C:/Inetpub/wwwroot/TPU/test/$id, 0755) or die ("<p>Cannot create
> directory C:/Inetpub/wwwroot/TPU/test/$id</p>");
>
> What is strange is that I don't get permission denied errors, but I still
> cannot create the directories. Can anyone provide me some tips on why I am
> getting these errors?
Does 'C:\Inetpub\wwwroot\TPU\test\' exist on the server, and is it
writable? Maybe you're just missing a directory up to that point
(such as 'test'), or maybe it's not on your C:\ drive.
--
</Daniel P. Brown>
Dedicated Servers - Intel 2.4GHz w/2TB bandwidth/mo. starting at just
$59.99/mo. with no contract!
Dedicated servers, VPS, and hosting from $2.50/mo.
--- End Message ---
--- Begin Message ---
As far as I remember, when I was on shared windows I had something similar
(no access to upload/create folders), the tech guy at the company i was
hosting at changed something in my privileges and it solved it.
You may have no creating privileges.
On 17/06/2008, Wei, Alice J. <[EMAIL PROTECTED]> wrote:
>
> Hi,
>
> I have a code here that I am intending to create new directories by
> creating a parent and then proceed on to create the children one by one.
>
> I am trying to create directories in the server I am running my script from
> as shown in the snippet below. My problem is that although the code seems to
> be accurate, it keeps telling me that I cannot create the directories with
> the following error message:
>
>
>
> Cannot create directory C:/Inetpub/wwwroot/TPU/test/2
>
>
>
> This is my PHP code:
>
>
>
> mkdir("C:/Inetpub/wwwroot/TPU/test/$id, 0755) or die ("<p>Cannot create
> directory C:/Inetpub/wwwroot/TPU/test/$id</p>");
>
>
>
> What is strange is that I don't get permission denied errors, but I still
> cannot create the directories. Can anyone provide me some tips on why I am
> getting these errors?
>
>
>
> Thanks in advance.
>
>
>
> Alice
>
> ======================================================
> Alice Wei
> MIS 2009
> School of Library and Information Science
> Indiana University Bloomington
> [EMAIL PROTECTED]
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--- End Message ---
--- Begin Message ---
Has anybody seen any software that could be used with PHP to extract the
preview pictures from CAD files such as DXF and the like. I'm looking to keep
thumbnails of the drawings in much the same was as we generate thumbnails of
images. So I can display a list of previews before downloading the whole file.
--
Lester Caine - G8HFL
-----------------------------
Contact - http://lsces.co.uk/lsces/wiki/?page=contact
L.S.Caine Electronic Services - http://lsces.co.uk
EnquirySolve - http://enquirysolve.com/
Model Engineers Digital Workshop - http://medw.co.uk//
Firebird - http://www.firebirdsql.org/index.php
--- End Message ---
--- Begin Message ---
On 17 Jun 2008, at 15:22, Michelle Konzack wrote:
Am 2008-06-16 12:02:27, schrieb Per Jessen:
Check client IP-addresses?
And then? I am DoS'ed from several 1000 IPs and since legitim
uploaders
are mostly on dynamic IPs I can not block by IP.
OK, last Saturday I have installed a COOKIE which worked for the
weekend
but today morning the DoS'er have solved this problem too.
This mean, there are one or more crackers targeting my system
directly.
OK, even if I use heavyly PHP, my system was never hacked since
it is
up (Juni 2000) but now I am ongoing to be militant if I catch
one of
those pigs...
Maybe it's just me but if you don't want it to be used by unauthorised
users, erm, authorise your users. What's wrong with a simple HTTP
basic authentication solution?
-Stut
--
http://stut.net/
--- End Message ---
--- Begin Message ---
Jason Pruim wrote:
Hi everyone,
I am attempting to adopt some code to work more reliably then how it is
now...
What I am doing is coding a upload form where people could be uploading
.zip files in excess of 200 MB... Yes I know that is large, but it's for
a print shop and they get HUGE files to print from.
The code I'm having issues with is this:
$filename = $_FILES['userfile']['name']; // Get the name of the file
(including file extension).
$ext = substr($filename, strpos($filename,'.'),
strlen($filename)-1); // Get the extension from the filename.
All I want to do is grab the file extension and verify that it is a .zip
or a .pdf etc. file. This is working for small files (under a few megs)
but for some reason it fails when I get bigger. I have increased the
allowed memory size to 50 MB's I'm testing with a 44 MB file right now.
When it fails, it says the file type is not allowed even though it is
listed in the file type array.
Hopefully I have given you enough to go on to at least ask me some
questions :)
--
Jason Pruim
Raoset Inc.
Technology Manager
MQC Specialist
3251 132nd ave
Holland, MI, 49424-9337
www.raoset.com
[EMAIL PROTECTED]
Looking at what I think you are trying to do, how about this?
<?php
if ( isset( $_FILES ) ) {
foreach ( $_FILES AS $file )
$filename = $file['name'];
list($ext) = array_reverse(explode('.', $filename));
$allowed_ext = array('zip', 'pdf');
if ( in_array($ext, $allowed_ext) ) {
// Correct extension; do what ever
} else {
// Incorrect extension; do nothing
}
}
}
?>
--
Jim Lucas
"Some men are born to greatness, some achieve greatness,
and some have greatness thrust upon them."
Twelfth Night, Act II, Scene V
by William Shakespeare
--- End Message ---
--- Begin Message ---
Ryan S wrote:
Hey!
Thanks for replying.
Digging a bit more i found
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule ^([a-z][0-9][A-Z][aA0-zZ0])$ jj.php?show=$1
</IfModule>
But it does not work :( do you see any fault with the above?
this is an apache issue, not a php issue, so you'll probably have better
luck on an apache mailing list.
however i will tell you that apache handles URLs in .htaccess
differently from in the normal httpd.conf files. in the .htaccess file,
the URL presented to RewriteRule does NOT have a leading /. in the conf
file, it will. so your rule might work if you do this:
RewriteRule ^/([a-z][0-9][A-Z][aA0-zZ0])$ jj.php?show=$1
i'm guessing that you are using .htaccess though, in which case the
problem becomes the rule itself. your regex is not going to do what you
think. it's saying "lower case letter followed by number followed by
uppercase letter followed by i don't know what the heck that is." try:
RewriteRule ^(\w+)$ jj.php?show=$1 [L]
\w is equivalent to [A-Za-z0-9_] note that this is NOT the same as
[A-Z][a-z][0-9]
you almost always want [L] in a situation like this to prevent later
rules from messing with your rewritten string.
also i will tell you that if you ever plan to launch this feature on a
site that gets significant traffic, turning off .htaccess file checking
is a HUGE performance win. unfortunately you will have to restart
apache every time you want to modify your rewrite rules, but them's the
breaks.
-jsd-
--- End Message ---
--- Begin Message ---
Nate Tallman wrote:
Why is an ErrorDocument "insufficient" or "not the elegant way"?
It accomplishes the goal in a clean way, no?
It's *WRONG*. ErrorDocument still preserves the 404 error code, it just
gives it a prettier face. If the page really is there, returning a 404
for it is not correct. Search engines will not index it. You probably
don't want that.
--- End Message ---
--- Begin Message ---
It's *WRONG*.
So are vegetables. Long live the waffle!
BTW, anyone seen this:
http://code.google.com/apis/chart/ ...?
More to the point, is anyone using it commercially?
--
Richard Heyes
Employ me:
http://www.phpguru.org/cv
+----------------------------------------+
| Access SSH with a Windows mapped drive |
| http://www.phpguru.org/sftpdrive |
+----------------------------------------+
--- End Message ---
--- Begin Message ---
Thanks for replying m8, but if you check the rest of the thread you will see
this has alraedy been solved and the result is
http://ezee.se/ezeeurl.php?do=1
Cheers!
Ryan
--- End Message ---
--- Begin Message ---
Ryan S wrote:
Thanks for replying m8, but if you check the rest of the thread you will see
this has alraedy been solved and the result is
http://ezee.se/ezeeurl.php?do=1
Cheers!
Ryan
How do you protect this thing from being spammed?
I do not know why somebody would spam it, but I have had all kind of
forms being spammed - it seem there are people out there who find
immense pleasure in spamming forms, regardless of the result.
Iv
--- End Message ---
--- Begin Message ---
Hey,
<clip>
> I agree with Daniel. Your most likely solution is to use a Flash player
> (or similar implementation) and populate a portion of your page with the
> object via AJAX (which you are already apparently comfortable with).
Or make your own Flash player with Ming and PHP. Working on that myself
at the moment.
</clip>
Would love to see what you come up with, gimme a shout when you finish it.
Cheers!
R
--- End Message ---
--- Begin Message ---
I'm going to ask you PHP gurus if someone can give me a hand in trying to
get this resolved. I'm fairly new to PHP and learning as I go.
I've got two page "login.php" and video.php. Video.php is supposed to be
protected i.e. if someone clicks on the direct link or brings up the page in
a browser, it comes back with an error message and a request to link to
"login.php"... they type in their username/pasword and it opens up the
video.php so they can download videos.
I actually managed to accomplish that with the following code which sits at
the top of video.php. I also created a form on "login.php" for user input.
So far so good. However, we also need an email to be sent to the site owner
when someone logs in plus their name. For the hell of me, I can't figure
out how to combine the two elements. I tried a lot of things sofar, but
nothing works. It's either the page gets protected OR the email gets sent,
depending on what I leave in the script. I tried using part of Jenny's
script which is great for email forms but I can't combine this whole thing.
Heeeelp!!
/*this is the code that sits at the top of the protected page* which works
actually fine for the protection*/
<?php
session_start();
$_SESSION ['username'] = $_POST ['user'];
$_SESSION ['userpass'] = $_POST ['pass'];
$_Session ['authuser'] = 0;
if (($_SESSION['username'] == 'logon') and
($_SESSION['userpass'] == 'password')) {
$_SESSION['authuser'] = 1;
} else {
echo "I'm sorry, access is denied <br />";
echo "Please log in at <a href='login.php'> HERE</a> to enter your
Username and Password";
exit();
}
Can this be done on one form i.e. login.php? I have 4 textfields set up:
username, password, email, name (for the person sending the email...)..
some if clause somewhere?
Best
R.C.
--- End Message ---
--- Begin Message ---
R.C. wrote:
I'm going to ask you PHP gurus if someone can give me a hand in trying to
get this resolved. I'm fairly new to PHP and learning as I go.
I've got two page "login.php" and video.php. Video.php is supposed to be
protected i.e. if someone clicks on the direct link or brings up the page in
a browser, it comes back with an error message and a request to link to
"login.php"... they type in their username/pasword and it opens up the
video.php so they can download videos.
I actually managed to accomplish that with the following code which sits at
the top of video.php. I also created a form on "login.php" for user input.
So far so good. However, we also need an email to be sent to the site owner
when someone logs in plus their name. For the hell of me, I can't figure
out how to combine the two elements. I tried a lot of things sofar, but
nothing works. It's either the page gets protected OR the email gets sent,
depending on what I leave in the script. I tried using part of Jenny's
script which is great for email forms but I can't combine this whole thing.
Heeeelp!!
/*this is the code that sits at the top of the protected page* which works
actually fine for the protection*/
<?php
session_start();
$_SESSION ['username'] = $_POST ['user'];
$_SESSION ['userpass'] = $_POST ['pass'];
$_Session ['authuser'] = 0;
if (($_SESSION['username'] == 'logon') and
($_SESSION['userpass'] == 'password')) {
$_SESSION['authuser'] = 1;
} else {
echo "I'm sorry, access is denied <br />";
echo "Please log in at <a href='login.php'> HERE</a> to enter your
Username and Password";
exit();
}
Can this be done on one form i.e. login.php? I have 4 textfields set up:
username, password, email, name (for the person sending the email...)..
some if clause somewhere?
Best
R.C.
what you have here looks fine. just put the mail() command in the first
part of the if...
if (($_SESSION['username'] == 'logon')
and ($_SESSION['userpass'] == 'password')) {
... SEND MAIL HERE ...
$_SESSION['authuser'] = 1;
}
else {
echo "I'm sorry, access is denied <br />";
echo "Please log in at <a href='login.php'> HERE</a> to enter your
Username and Password";
exit();
}
--- End Message ---
--- Begin Message ---
On Jun 17, 2008, at 5:33 PM, R.C. wrote:
I'm going to ask you PHP gurus if someone can give me a hand in
trying to
get this resolved. I'm fairly new to PHP and learning as I go.
I've got two page "login.php" and video.php. Video.php is supposed
to be
protected i.e. if someone clicks on the direct link or brings up the
page in
a browser, it comes back with an error message and a request to link
to
"login.php"... they type in their username/pasword and it opens up the
video.php so they can download videos.
I actually managed to accomplish that with the following code which
sits at
the top of video.php. I also created a form on "login.php" for user
input.
So far so good. However, we also need an email to be sent to the
site owner
when someone logs in plus their name. For the hell of me, I can't
figure
out how to combine the two elements. I tried a lot of things sofar,
but
nothing works. It's either the page gets protected OR the email
gets sent,
depending on what I leave in the script. I tried using part of Jenny's
script which is great for email forms but I can't combine this whole
thing.
Heeeelp!!
/*this is the code that sits at the top of the protected page* which
works
actually fine for the protection*/
<?php
session_start();
$_SESSION ['username'] = $_POST ['user'];
$_SESSION ['userpass'] = $_POST ['pass'];
$_Session ['authuser'] = 0;
if (($_SESSION['username'] == 'logon') and
($_SESSION['userpass'] == 'password')) {
$_SESSION['authuser'] = 1;
} else {
echo "I'm sorry, access is denied <br />";
echo "Please log in at <a href='login.php'> HERE</a> to enter your
Username and Password";
exit();
}
Can this be done on one form i.e. login.php? I have 4 textfields
set up:
username, password, email, name (for the person sending the
email...)..
some if clause somewhere?
Best
R.C.
I think you're heading the right direction. I'd do something like
this...
<?php
// login.php
session_start();
if (isset ($_POST['confirm'])) {
if ($_POST['user'] != 'logon' || $_POST['pass'] != 'password') {
header ("location: login.php?code=i");
exit;
}
$_SESSION['username'] = $_POST['user'];
$_SESSION['userpass'] = $_POST['pass'];
$_SESSION['authuser'] = true;
header ("location: video.php");
exit;
} else {
unset ($_SESSION['authuser']);
}
?>
<html>
<?php if ($_GET['code'] == 'i') { ?>
<p>Invalid login. Please try again.</p>
<?php } ?>
<form action="login.php" method="post">
<!-- Other fields here -->
<input type="hidden" name="confirm" value="1" />
</form>
</html>
That's how you can start it. At the top of the login.php page, check
to see if the form has been submitted/post'ed. If it has, check for
the correct username and password. If fail, send back to the login
page with an error code - don't make the user click to go back to the
login. If success, THEN assign the session variables and redirect to
the video page.
Just a side note. Maybe this is just an example that you sent us, but
I would strongly recommend NOT using 'password' as the password. =D If
each user is going to have his/her own username/password, then I'd use
a database to store that info - that can be another thread or a search
of the archives. ;)
Hope that helps.
~Philip
--- End Message ---
--- Begin Message ---
I forgot about the mail thing...
Begin forwarded message:
From: Philip Thompson <[EMAIL PROTECTED]>
Date: June 17, 2008 6:52:15 PM CDT
To: PHP-General List <[EMAIL PROTECTED]>
Subject: Re: [PHP] Password Protecting a page and email notification
On Jun 17, 2008, at 5:33 PM, R.C. wrote:
I'm going to ask you PHP gurus if someone can give me a hand in
trying to
get this resolved. I'm fairly new to PHP and learning as I go.
I've got two page "login.php" and video.php. Video.php is supposed
to be
protected i.e. if someone clicks on the direct link or brings up
the page in
a browser, it comes back with an error message and a request to
link to
"login.php"... they type in their username/pasword and it opens up
the
video.php so they can download videos.
I actually managed to accomplish that with the following code which
sits at
the top of video.php. I also created a form on "login.php" for
user input.
So far so good. However, we also need an email to be sent to the
site owner
when someone logs in plus their name. For the hell of me, I can't
figure
out how to combine the two elements. I tried a lot of things
sofar, but
nothing works. It's either the page gets protected OR the email
gets sent,
depending on what I leave in the script. I tried using part of
Jenny's
script which is great for email forms but I can't combine this
whole thing.
Heeeelp!!
/*this is the code that sits at the top of the protected page*
which works
actually fine for the protection*/
<?php
session_start();
$_SESSION ['username'] = $_POST ['user'];
$_SESSION ['userpass'] = $_POST ['pass'];
$_Session ['authuser'] = 0;
if (($_SESSION['username'] == 'logon') and
($_SESSION['userpass'] == 'password')) {
$_SESSION['authuser'] = 1;
} else {
echo "I'm sorry, access is denied <br />";
echo "Please log in at <a href='login.php'> HERE</a> to enter your
Username and Password";
exit();
}
Can this be done on one form i.e. login.php? I have 4 textfields
set up:
username, password, email, name (for the person sending the
email...)..
some if clause somewhere?
Best
R.C.
I think you're heading the right direction. I'd do something like
this...
<?php
// login.php
session_start();
if (isset ($_POST['confirm'])) {
if ($_POST['user'] != 'logon' || $_POST['pass'] != 'password') {
header ("location: login.php?code=i");
exit;
}
$_SESSION['username'] = $_POST['user'];
$_SESSION['userpass'] = $_POST['pass'];
$_SESSION['authuser'] = true;
$to = $_POST['user'] . " <".$_POST['email'].">";
$subject = $_POST['user'] . " logged in";
$message = "Whatever you want in here...";
$headers = "From: MyCoolSite <[EMAIL PROTECTED]>\r\n";
$headers .= "Cc: Bob the Boss <[EMAIL PROTECTED]>\r\n";
mail ($to, $subject, $message, $headers);
header ("location: video.php");
exit;
} else {
unset ($_SESSION['authuser']);
}
?>
<html>
<?php if ($_GET['code'] == 'i') { ?>
<p>Invalid login. Please try again.</p>
<?php } ?>
<form action="login.php" method="post">
<!-- Other fields here -->
<input type="hidden" name="confirm" value="1" />
</form>
</html>
That's how you can start it. At the top of the login.php page, check
to see if the form has been submitted/post'ed. If it has, check for
the correct username and password. If fail, send back to the login
page with an error code - don't make the user click to go back to
the login. If success, THEN assign the session variables and
redirect to the video page.
Just a side note. Maybe this is just an example that you sent us,
but I would strongly recommend NOT using 'password' as the password.
=D If each user is going to have his/her own username/password, then
I'd use a database to store that info - that can be another thread
or a search of the archives. ;)
Hope that helps.
~Philip
"Personally, most of my web applications do not have to factor 13.7
billion years of space drift in to the calculations, so PHP's rand
function has been great for me..." ~S. Johnson
--- End Message ---
