php-general Digest 30 May 2009 22:40:41 -0000 Issue 6150
Topics (messages 293374 through 293395):
Re: pdf_new()
293374 by: Michael A. Peters
293376 by: Sumit Sharma
Re: recipes anyone?
293375 by: Ashley Sheridan
293388 by: PJ
Sending mail from localhost
293377 by: Sumit Sharma
293378 by: Ashley Sheridan
293379 by: Ashley Sheridan
How To Limit FIle Uploader Against Hijackers?
293380 by: Nitsan Bin-Nun
293383 by: Michael A. Peters
293384 by: Nitsan Bin-Nun
293385 by: Michael A. Peters
293386 by: Nitsan Bin-Nun
293387 by: Ashley Sheridan
293391 by: Nitsan Bin-Nun
293392 by: Michael A. Peters
293393 by: Nitsan Bin-Nun
293395 by: Michael A. Peters
Pointer for csv files
293381 by: shahrzad khorrami
293382 by: Nitsan Bin-Nun
backslashes, string replacement, mysql_real_escape_strings and languages
293389 by: PJ
Autoloading with namespaces in 5.3.0
293390 by: Eddie Drapkin
Re: Numerical Recipe - Scheduling Question - update...
293394 by: bruce
Administrivia:
To subscribe to the digest, e-mail:
[email protected]
To unsubscribe from the digest, e-mail:
[email protected]
To post to the list, e-mail:
[email protected]
----------------------------------------------------------------------
--- Begin Message ---
Sumit Sharma wrote:
> Hi,
>
> Unable the create new pdf file object. Getting an error when coding as
> following:
>
> <?php
>
> $pdf = pdf_new();
>
> ?>
>
> *Fatal error*: Call to undefined function pdf_new() in
*C:\wamp\www\abc1.php
> * on line *3*
>
> Please Help.
>
> Thanks,
> Sumit.
>
You need to install PDFLib.
If installed, you need to load the module (in your php.ini)
--- End Message ---
--- Begin Message ---
Hi Michael,
Now its working.
Thanks,
Sumit.
On Sat, May 30, 2009 at 1:51 PM, Michael A. Peters <[email protected]> wrote:
> Sumit Sharma wrote:
> > Hi,
> >
> > Unable the create new pdf file object. Getting an error when coding as
> > following:
> >
> > <?php
> >
> > $pdf = pdf_new();
> >
> > ?>
> >
> > *Fatal error*: Call to undefined function pdf_new() in
> *C:\wamp\www\abc1.php
> > * on line *3*
> >
> > Please Help.
> >
> > Thanks,
> > Sumit.
> >
>
> You need to install PDFLib.
> If installed, you need to load the module (in your php.ini)
>
>
--- End Message ---
--- Begin Message ---
On Fri, 2009-05-29 at 19:24 -0400, PJ wrote:
> Michael A. Peters wrote:
> > Bob McConnell wrote:
> > > like a web based front end,
> > > exclusion of specific ingredients due to allergies and being able to
> > > attach dated notes about alterations or substitutions I try each time
> >
> > That sounds wicked.
> > One of my brothers is allergic to corn.
> > Being able to flag ingredients that contain corn (usually ingredients
> > that contain corn syrup) would also be great.
> >
> > Fortunately nothing too drastic happens when he gets corn, he gets a
> > rash and a bad attitude - but it still manages to slip its way into a
> > lot of things you wouldn't think contain corn.
> >
> > I think it may be corn syrup itself and not corn that he is allergic
> > to, I don't remember.
> >
> Oh my god, you have just treaded into one horrible hornet's nest... corn
> is probably the worst thing imaginable when it come to the food chain,
> nutrition, ecology, global warmiing, allergies, "green" fuel, etc. etc.
> not to mention that we as "human beings" are practically being turned
> into corn ourselves.
> Maybe your brother already knows about some of this, but it would be
> worth it for you to pursue the subject and you would be horrifies what
> corn is doing to our bodies and our planet. That is truly Montezuma's
> Revenge. If you want to know where to look, I'll check it out from my
> reading... I don't have that on me at the moment. ;-)
>
> --
> Hervé Kempf: "Pour sauver la planète, sortez du capitalisme."
> -------------------------------------------------------------
> Phil Jourdan --- [email protected]
> http://www.ptahhotep.com
> http://www.chiccantine.com/andypantry.php
>
>
So, if corn is bad, eating it will get rid of it faster right? :p
Ash
www.ashleysheridan.co.uk
--- End Message ---
--- Begin Message ---
Ashley Sheridan wrote:
> On Fri, 2009-05-29 at 19:24 -0400, PJ wrote:
>
>> Michael A. Peters wrote:
>>
>>> Bob McConnell wrote:
>>>
>>>> like a web based front end,
>>>> exclusion of specific ingredients due to allergies and being able to
>>>> attach dated notes about alterations or substitutions I try each time
>>>>
>>> That sounds wicked.
>>> One of my brothers is allergic to corn.
>>> Being able to flag ingredients that contain corn (usually ingredients
>>> that contain corn syrup) would also be great.
>>>
>>> Fortunately nothing too drastic happens when he gets corn, he gets a
>>> rash and a bad attitude - but it still manages to slip its way into a
>>> lot of things you wouldn't think contain corn.
>>>
>>> I think it may be corn syrup itself and not corn that he is allergic
>>> to, I don't remember.
>>>
>>>
>> Oh my god, you have just treaded into one horrible hornet's nest... corn
>> is probably the worst thing imaginable when it come to the food chain,
>> nutrition, ecology, global warmiing, allergies, "green" fuel, etc. etc.
>> not to mention that we as "human beings" are practically being turned
>> into corn ourselves.
>> Maybe your brother already knows about some of this, but it would be
>> worth it for you to pursue the subject and you would be horrifies what
>> corn is doing to our bodies and our planet. That is truly Montezuma's
>> Revenge. If you want to know where to look, I'll check it out from my
>> reading... I don't have that on me at the moment. ;-)
>>
>> --
>> Hervé Kempf: "Pour sauver la planète, sortez du capitalisme."
>> -------------------------------------------------------------
>> Phil Jourdan --- [email protected]
>> http://www.ptahhotep.com
>> http://www.chiccantine.com/andypantry.php
>>
>>
>>
> So, if corn is bad, eating it will get rid of it faster right? :p
>
>
> Ash
> www.ashleysheridan.co.uk
>
>
>
No it will turn you into a corn cob! ;-)
The authority on that is Michael Pollan... check out his books; you'll
never eat the same again.
--
Hervé Kempf: "Pour sauver la planète, sortez du capitalisme."
-------------------------------------------------------------
Phil Jourdan --- [email protected]
http://www.ptahhotep.com
http://www.chiccantine.com/andypantry.php
--- End Message ---
--- Begin Message ---
Hi,
I am new to php and not able to send mail from localhost. when trying to do
so getting following response:
*Warning*: mail() [function.mail <http://localhost/function.mail>]: Failed
to connect to mailserver at "localhost" port 25, verify your "SMTP" and
"smtp_port" setting in php.ini or use ini_set() in *C:\wamp\www\abc1.php* on
line *9
*Please Help,
Thanks,
Sumit
--- End Message ---
--- Begin Message ---
On Sat, 2009-05-30 at 14:41 +0530, Sumit Sharma wrote:
> Hi,
>
> I am new to php and not able to send mail from localhost. when trying to do
> so getting following response:
>
>
> *Warning*: mail() [function.mail <http://localhost/function.mail>]: Failed
> to connect to mailserver at "localhost" port 25, verify your "SMTP" and
> "smtp_port" setting in php.ini or use ini_set() in *C:\wamp\www\abc1.php* on
> line *9
>
> *Please Help,
>
> Thanks,
> Sumit
You need to edit your smtp settings in the php.ini file to point to the
mail server you are using. I believe on a Windows php.ini these are
commented out by default (at least they always have been for me)
Ash
www.ashleysheridan.co.uk
--- End Message ---
--- Begin Message ---
On Sat, 2009-05-30 at 15:01 +0530, Sumit Sharma wrote:
> I have already un-commented the smtp settings as
>
> SMTP = localhost
> smtp_port = 25
>
> do I need to change any other settings.
>
> Sumit
>
>
>
> On Sat, May 30, 2009 at 3:06 PM, Ashley Sheridan
> <[email protected]> wrote:
> On Sat, 2009-05-30 at 14:41 +0530, Sumit Sharma wrote:
> > Hi,
> >
> > I am new to php and not able to send mail from localhost.
> when trying to do
> > so getting following response:
> >
> >
>
> > *Warning*: mail() [function.mail
> <http://localhost/function.mail>]: Failed
> > to connect to mailserver at "localhost" port 25, verify your
> "SMTP" and
> > "smtp_port" setting in php.ini or use ini_set() in *C:\wamp
> \www\abc1.php* on
> > line *9
> >
> > *Please Help,
> >
> > Thanks,
> > Sumit
>
>
> You need to edit your smtp settings in the php.ini file to
> point to the
> mail server you are using. I believe on a Windows php.ini
> these are
> commented out by default (at least they always have been for
> me)
>
>
> Ash
> www.ashleysheridan.co.uk
>
>
Have you restarted the server? Also, I'm not sure, but does Windows come
with an SMTP server by default? It might be something only available to
Windows Server versions, and would need setting up. 'Course, I'm not too
sure on Windows servers, I tend to work more with a LAMP stack than
WAMP.
Ash
www.ashleysheridan.co.uk
--- End Message ---
--- Begin Message ---
Hi
I have wrote a file uploader in PHP, and I don't want people to hijack it
(get direct links, download whenever they want, etc).
Currently I have placed the uploaded files one directory up from the www
root, and I'm hosting the files mime type in order to serve them on the fly.
I'm trying to think how should I secure this website, I don't want people to
get direct links,etc.
Currently the links are being check with the $_SERVER['refer'] variables and
it being compared to the one in my config file.
Any ideas will be very appreciated! Thanks!
By the way, does this file serving feature takes a lot of load from the
server? if so then what are the other options? can I serve these files w/o
PHP involved? lets say only by some sort of apache module or anything like
that?
--- End Message ---
--- Begin Message ---
Nitsan Bin-Nun wrote:
Hi
I have wrote a file uploader in PHP, and I don't want people to hijack it
(get direct links, download whenever they want, etc).
Currently I have placed the uploaded files one directory up from the www
root, and I'm hosting the files mime type in order to serve them on the fly.
I'm trying to think how should I secure this website, I don't want people to
get direct links,etc.
Currently the links are being check with the $_SERVER['refer'] variables and
it being compared to the one in my config file.
Any ideas will be very appreciated! Thanks!
By the way, does this file serving feature takes a lot of load from the
server? if so then what are the other options? can I serve these files w/o
PHP involved? lets say only by some sort of apache module or anything like
that?
What I do -
Files for restricted access are outside the web root.
php wrapper script verifies the credentials of user to download the file
(IE via a post token, session ID, etc.) and if allowed, it then sends
the real file.
I use mod_rewrite (apache) to send requests for the real file to the php
wrapper script so that the linked file has the same name as the real
file (lets me use the same wrapper for lots of different files).
As far as load on the server, no - I don't think it costs a lot as far
as system resources.
--- End Message ---
--- Begin Message ---
On Sat, May 30, 2009 at 3:26 PM, Michael A. Peters <[email protected]> wrote:
> Nitsan Bin-Nun wrote:
>
>> Hi
>>
>> I have wrote a file uploader in PHP, and I don't want people to hijack it
>> (get direct links, download whenever they want, etc).
>>
>> Currently I have placed the uploaded files one directory up from the www
>> root, and I'm hosting the files mime type in order to serve them on the
>> fly.
>>
>> I'm trying to think how should I secure this website, I don't want people
>> to
>> get direct links,etc.
>>
>> Currently the links are being check with the $_SERVER['refer'] variables
>> and
>> it being compared to the one in my config file.
>>
>> Any ideas will be very appreciated! Thanks!
>>
>>
>> By the way, does this file serving feature takes a lot of load from the
>> server? if so then what are the other options? can I serve these files w/o
>> PHP involved? lets say only by some sort of apache module or anything like
>> that?
>>
>>
> What I do -
>
> Files for restricted access are outside the web root.
> php wrapper script verifies the credentials of user to download the file
> (IE via a post token, session ID, etc.) and if allowed, it then sends the
> real file.
>
> I use mod_rewrite (apache) to send requests for the real file to the php
> wrapper script so that the linked file has the same name as the real file
> (lets me use the same wrapper for lots of different files).
>
> As far as load on the server, no - I don't think it costs a lot as far as
> system resources.
>
Thank you for the fast answer.
I'm doing the same regarding the php wrapper layer, but the thing is that I
just don't know what verification exams should I do in the php wrapping
layer.
I'm not sure what is the way that it should be done.
--- End Message ---
--- Begin Message ---
Nitsan Bin-Nun wrote:
On Sat, May 30, 2009 at 3:26 PM, Michael A. Peters <[email protected]
<mailto:[email protected]>> wrote:
Nitsan Bin-Nun wrote:
Hi
I have wrote a file uploader in PHP, and I don't want people to
hijack it
(get direct links, download whenever they want, etc).
Currently I have placed the uploaded files one directory up from
the www
root, and I'm hosting the files mime type in order to serve them
on the fly.
I'm trying to think how should I secure this website, I don't
want people to
get direct links,etc.
Currently the links are being check with the $_SERVER['refer']
variables and
it being compared to the one in my config file.
Any ideas will be very appreciated! Thanks!
By the way, does this file serving feature takes a lot of load
from the
server? if so then what are the other options? can I serve these
files w/o
PHP involved? lets say only by some sort of apache module or
anything like
that?
What I do -
Files for restricted access are outside the web root.
php wrapper script verifies the credentials of user to download the
file (IE via a post token, session ID, etc.) and if allowed, it then
sends the real file.
I use mod_rewrite (apache) to send requests for the real file to the
php wrapper script so that the linked file has the same name as the
real file (lets me use the same wrapper for lots of different files).
As far as load on the server, no - I don't think it costs a lot as
far as system resources.
Thank you for the fast answer.
I'm doing the same regarding the php wrapper layer, but the thing is
that I just don't know what verification exams should I do in the php
wrapping layer.
I'm not sure what is the way that it should be done.
I check the referrer, assuming no other credential is required, if it is
from an approved site or not sent (some people disable sending the
http_referrer in their browser), I allow it. Otherwise I don't.
--- End Message ---
--- Begin Message ---
That's the verification that my layer does. I'm not sure whether that's
enough or not.
On Sat, May 30, 2009 at 4:43 PM, Michael A. Peters <[email protected]> wrote:
> Nitsan Bin-Nun wrote:
>
> On Sat, May 30, 2009 at 3:26 PM, Michael A. Peters <[email protected]<mailto:
>> [email protected]>> wrote:
>>
>> Nitsan Bin-Nun wrote:
>>
>> Hi
>>
>> I have wrote a file uploader in PHP, and I don't want people to
>> hijack it
>> (get direct links, download whenever they want, etc).
>>
>> Currently I have placed the uploaded files one directory up from
>> the www
>> root, and I'm hosting the files mime type in order to serve them
>> on the fly.
>>
>> I'm trying to think how should I secure this website, I don't
>> want people to
>> get direct links,etc.
>>
>> Currently the links are being check with the $_SERVER['refer']
>> variables and
>> it being compared to the one in my config file.
>>
>> Any ideas will be very appreciated! Thanks!
>>
>>
>> By the way, does this file serving feature takes a lot of load
>> from the
>> server? if so then what are the other options? can I serve these
>> files w/o
>> PHP involved? lets say only by some sort of apache module or
>> anything like
>> that?
>>
>>
>> What I do -
>>
>> Files for restricted access are outside the web root.
>> php wrapper script verifies the credentials of user to download the
>> file (IE via a post token, session ID, etc.) and if allowed, it then
>> sends the real file.
>>
>> I use mod_rewrite (apache) to send requests for the real file to the
>> php wrapper script so that the linked file has the same name as the
>> real file (lets me use the same wrapper for lots of different files).
>>
>> As far as load on the server, no - I don't think it costs a lot as
>> far as system resources.
>>
>>
>>
>> Thank you for the fast answer.
>>
>> I'm doing the same regarding the php wrapper layer, but the thing is that
>> I just don't know what verification exams should I do in the php wrapping
>> layer.
>> I'm not sure what is the way that it should be done.
>>
>
> I check the referrer, assuming no other credential is required, if it is
> from an approved site or not sent (some people disable sending the
> http_referrer in their browser), I allow it. Otherwise I don't.
>
--- End Message ---
--- Begin Message ---
On Sat, 2009-05-30 at 17:54 +0200, Nitsan Bin-Nun wrote:
> That's the verification that my layer does. I'm not sure whether that's
> enough or not.
>
> On Sat, May 30, 2009 at 4:43 PM, Michael A. Peters <[email protected]> wrote:
>
> > Nitsan Bin-Nun wrote:
> >
> > On Sat, May 30, 2009 at 3:26 PM, Michael A. Peters <[email protected]<mailto:
> >> [email protected]>> wrote:
> >>
> >> Nitsan Bin-Nun wrote:
> >>
> >> Hi
> >>
> >> I have wrote a file uploader in PHP, and I don't want people to
> >> hijack it
> >> (get direct links, download whenever they want, etc).
> >>
> >> Currently I have placed the uploaded files one directory up from
> >> the www
> >> root, and I'm hosting the files mime type in order to serve them
> >> on the fly.
> >>
> >> I'm trying to think how should I secure this website, I don't
> >> want people to
> >> get direct links,etc.
> >>
> >> Currently the links are being check with the $_SERVER['refer']
> >> variables and
> >> it being compared to the one in my config file.
> >>
> >> Any ideas will be very appreciated! Thanks!
> >>
> >>
> >> By the way, does this file serving feature takes a lot of load
> >> from the
> >> server? if so then what are the other options? can I serve these
> >> files w/o
> >> PHP involved? lets say only by some sort of apache module or
> >> anything like
> >> that?
> >>
> >>
> >> What I do -
> >>
> >> Files for restricted access are outside the web root.
> >> php wrapper script verifies the credentials of user to download the
> >> file (IE via a post token, session ID, etc.) and if allowed, it then
> >> sends the real file.
> >>
> >> I use mod_rewrite (apache) to send requests for the real file to the
> >> php wrapper script so that the linked file has the same name as the
> >> real file (lets me use the same wrapper for lots of different files).
> >>
> >> As far as load on the server, no - I don't think it costs a lot as
> >> far as system resources.
> >>
> >>
> >>
> >> Thank you for the fast answer.
> >>
> >> I'm doing the same regarding the php wrapper layer, but the thing is that
> >> I just don't know what verification exams should I do in the php wrapping
> >> layer.
> >> I'm not sure what is the way that it should be done.
> >>
> >
> > I check the referrer, assuming no other credential is required, if it is
> > from an approved site or not sent (some people disable sending the
> > http_referrer in their browser), I allow it. Otherwise I don't.
> >
That should be fine for downloading files. There will be an issue if
they are media files and you want to play them from a browser plugin, as
no plugin I've ever seen actually passes the referrer header.
Ash
www.ashleysheridan.co.uk
--- End Message ---
--- Begin Message ---
On Sat, May 30, 2009 at 7:02 PM, Ashley Sheridan
<[email protected]>wrote:
> On Sat, 2009-05-30 at 17:54 +0200, Nitsan Bin-Nun wrote:
> > That's the verification that my layer does. I'm not sure whether that's
> > enough or not.
> >
> > On Sat, May 30, 2009 at 4:43 PM, Michael A. Peters <[email protected]>
> wrote:
> >
> > > Nitsan Bin-Nun wrote:
> > >
> > > On Sat, May 30, 2009 at 3:26 PM, Michael A. Peters <[email protected]
> <mailto:
> > >> [email protected]>> wrote:
> > >>
> > >> Nitsan Bin-Nun wrote:
> > >>
> > >> Hi
> > >>
> > >> I have wrote a file uploader in PHP, and I don't want people to
> > >> hijack it
> > >> (get direct links, download whenever they want, etc).
> > >>
> > >> Currently I have placed the uploaded files one directory up
> from
> > >> the www
> > >> root, and I'm hosting the files mime type in order to serve
> them
> > >> on the fly.
> > >>
> > >> I'm trying to think how should I secure this website, I don't
> > >> want people to
> > >> get direct links,etc.
> > >>
> > >> Currently the links are being check with the $_SERVER['refer']
> > >> variables and
> > >> it being compared to the one in my config file.
> > >>
> > >> Any ideas will be very appreciated! Thanks!
> > >>
> > >>
> > >> By the way, does this file serving feature takes a lot of load
> > >> from the
> > >> server? if so then what are the other options? can I serve
> these
> > >> files w/o
> > >> PHP involved? lets say only by some sort of apache module or
> > >> anything like
> > >> that?
> > >>
> > >>
> > >> What I do -
> > >>
> > >> Files for restricted access are outside the web root.
> > >> php wrapper script verifies the credentials of user to download the
> > >> file (IE via a post token, session ID, etc.) and if allowed, it
> then
> > >> sends the real file.
> > >>
> > >> I use mod_rewrite (apache) to send requests for the real file to
> the
> > >> php wrapper script so that the linked file has the same name as the
> > >> real file (lets me use the same wrapper for lots of different
> files).
> > >>
> > >> As far as load on the server, no - I don't think it costs a lot as
> > >> far as system resources.
> > >>
> > >>
> > >>
> > >> Thank you for the fast answer.
> > >>
> > >> I'm doing the same regarding the php wrapper layer, but the thing is
> that
> > >> I just don't know what verification exams should I do in the php
> wrapping
> > >> layer.
> > >> I'm not sure what is the way that it should be done.
> > >>
> > >
> > > I check the referrer, assuming no other credential is required, if it
> is
> > > from an approved site or not sent (some people disable sending the
> > > http_referrer in their browser), I allow it. Otherwise I don't.
> > >
> That should be fine for downloading files. There will be an issue if
> they are media files and you want to play them from a browser plugin, as
> no plugin I've ever seen actually passes the referrer header.
>
>
> Ash
> www.ashleysheridan.co.uk
>
>
I'm sending downloading headers, there will be no options of playing it from
the browser's plugin.
Thank you both for your comments. I have decided that referrer check is
enough for now :)
Nitsan
--- End Message ---
--- Begin Message ---
Nitsan Bin-Nun wrote:
On Sat, May 30, 2009 at 7:02 PM, Ashley Sheridan
<[email protected] <mailto:[email protected]>> wrote:
On Sat, 2009-05-30 at 17:54 +0200, Nitsan Bin-Nun wrote:
> That's the verification that my layer does. I'm not sure whether
that's
> enough or not.
>
> On Sat, May 30, 2009 at 4:43 PM, Michael A. Peters
<[email protected] <mailto:[email protected]>> wrote:
>
> > Nitsan Bin-Nun wrote:
> >
> > On Sat, May 30, 2009 at 3:26 PM, Michael A. Peters
<[email protected] <mailto:[email protected]><mailto:
> >> [email protected] <mailto:[email protected]>>> wrote:
> >>
> >> Nitsan Bin-Nun wrote:
> >>
> >> Hi
> >>
> >> I have wrote a file uploader in PHP, and I don't want
people to
> >> hijack it
> >> (get direct links, download whenever they want, etc).
> >>
> >> Currently I have placed the uploaded files one
directory up from
> >> the www
> >> root, and I'm hosting the files mime type in order to
serve them
> >> on the fly.
> >>
> >> I'm trying to think how should I secure this website, I
don't
> >> want people to
> >> get direct links,etc.
> >>
> >> Currently the links are being check with the
$_SERVER['refer']
> >> variables and
> >> it being compared to the one in my config file.
> >>
> >> Any ideas will be very appreciated! Thanks!
> >>
> >>
> >> By the way, does this file serving feature takes a lot
of load
> >> from the
> >> server? if so then what are the other options? can I
serve these
> >> files w/o
> >> PHP involved? lets say only by some sort of apache
module or
> >> anything like
> >> that?
> >>
> >>
> >> What I do -
> >>
> >> Files for restricted access are outside the web root.
> >> php wrapper script verifies the credentials of user to
download the
> >> file (IE via a post token, session ID, etc.) and if
allowed, it then
> >> sends the real file.
> >>
> >> I use mod_rewrite (apache) to send requests for the real
file to the
> >> php wrapper script so that the linked file has the same
name as the
> >> real file (lets me use the same wrapper for lots of
different files).
> >>
> >> As far as load on the server, no - I don't think it costs a
lot as
> >> far as system resources.
> >>
> >>
> >>
> >> Thank you for the fast answer.
> >>
> >> I'm doing the same regarding the php wrapper layer, but the
thing is that
> >> I just don't know what verification exams should I do in the
php wrapping
> >> layer.
> >> I'm not sure what is the way that it should be done.
> >>
> >
> > I check the referrer, assuming no other credential is required,
if it is
> > from an approved site or not sent (some people disable sending the
> > http_referrer in their browser), I allow it. Otherwise I don't.
> >
That should be fine for downloading files. There will be an issue if
they are media files and you want to play them from a browser plugin, as
no plugin I've ever seen actually passes the referrer header.
Ash
www.ashleysheridan.co.uk <http://www.ashleysheridan.co.uk>
I'm sending downloading headers, there will be no options of playing it
from the browser's plugin.
Thank you both for your comments. I have decided that referrer check is
enough for now :)
Nitsan
If you really want to be sure, you can use session variables with a
download wrapper.
--- End Message ---
--- Begin Message ---
What do you mean by session variables?
I should register a new session and pass it along with the file to the PHP
wrapper?
On Sat, May 30, 2009 at 10:02 PM, Michael A. Peters <[email protected]> wrote:
> Nitsan Bin-Nun wrote:
>
>>
>>
>> On Sat, May 30, 2009 at 7:02 PM, Ashley Sheridan <
>> [email protected] <mailto:[email protected]>> wrote:
>>
>> On Sat, 2009-05-30 at 17:54 +0200, Nitsan Bin-Nun wrote:
>> > That's the verification that my layer does. I'm not sure whether
>> that's
>> > enough or not.
>> >
>> > On Sat, May 30, 2009 at 4:43 PM, Michael A. Peters
>> <[email protected] <mailto:[email protected]>> wrote:
>> >
>> > > Nitsan Bin-Nun wrote:
>> > >
>> > > On Sat, May 30, 2009 at 3:26 PM, Michael A. Peters
>> <[email protected] <mailto:[email protected]><mailto:
>>
>> > >> [email protected] <mailto:[email protected]>>> wrote:
>> > >>
>> > >> Nitsan Bin-Nun wrote:
>> > >>
>> > >> Hi
>> > >>
>> > >> I have wrote a file uploader in PHP, and I don't want
>> people to
>> > >> hijack it
>> > >> (get direct links, download whenever they want, etc).
>> > >>
>> > >> Currently I have placed the uploaded files one
>> directory up from
>> > >> the www
>> > >> root, and I'm hosting the files mime type in order to
>> serve them
>> > >> on the fly.
>> > >>
>> > >> I'm trying to think how should I secure this website, I
>> don't
>> > >> want people to
>> > >> get direct links,etc.
>> > >>
>> > >> Currently the links are being check with the
>> $_SERVER['refer']
>> > >> variables and
>> > >> it being compared to the one in my config file.
>> > >>
>> > >> Any ideas will be very appreciated! Thanks!
>> > >>
>> > >>
>> > >> By the way, does this file serving feature takes a lot
>> of load
>> > >> from the
>> > >> server? if so then what are the other options? can I
>> serve these
>> > >> files w/o
>> > >> PHP involved? lets say only by some sort of apache
>> module or
>> > >> anything like
>> > >> that?
>> > >>
>> > >>
>> > >> What I do -
>> > >>
>> > >> Files for restricted access are outside the web root.
>> > >> php wrapper script verifies the credentials of user to
>> download the
>> > >> file (IE via a post token, session ID, etc.) and if
>> allowed, it then
>> > >> sends the real file.
>> > >>
>> > >> I use mod_rewrite (apache) to send requests for the real
>> file to the
>> > >> php wrapper script so that the linked file has the same
>> name as the
>> > >> real file (lets me use the same wrapper for lots of
>> different files).
>> > >>
>> > >> As far as load on the server, no - I don't think it costs a
>> lot as
>> > >> far as system resources.
>> > >>
>> > >>
>> > >>
>> > >> Thank you for the fast answer.
>> > >>
>> > >> I'm doing the same regarding the php wrapper layer, but the
>> thing is that
>> > >> I just don't know what verification exams should I do in the
>> php wrapping
>> > >> layer.
>> > >> I'm not sure what is the way that it should be done.
>> > >>
>> > >
>> > > I check the referrer, assuming no other credential is required,
>> if it is
>> > > from an approved site or not sent (some people disable sending the
>> > > http_referrer in their browser), I allow it. Otherwise I don't.
>> > >
>> That should be fine for downloading files. There will be an issue if
>> they are media files and you want to play them from a browser plugin,
>> as
>> no plugin I've ever seen actually passes the referrer header.
>>
>>
>> Ash
>> www.ashleysheridan.co.uk <http://www.ashleysheridan.co.uk>
>>
>>
>>
>> I'm sending downloading headers, there will be no options of playing it
>> from the browser's plugin.
>> Thank you both for your comments. I have decided that referrer check is
>> enough for now :)
>>
>> Nitsan
>>
>>
> If you really want to be sure, you can use session variables with a
> download wrapper.
>
--- End Message ---
--- Begin Message ---
Nitsan Bin-Nun wrote:
What do you mean by session variables?
I should register a new session and pass it along with the file to the
PHP wrapper?
Yes - in the page that links to your downloads you can do something like
$_SESSION['download']=TRUE;
then in the wrapper -
if (isset($_SESSION['download'])) {
$allowed=$_SESSION['download']
} else {
$allowed=FALSE;
}
the check the $allowed variable.
Only way the file will be sent is if they have been to your site that
creates a session for them and sets the $_SESSION['download'] variable
to TRUE.
You can check whatever you want from the session variables.
For some of my files, I check the userid in the session variable and
make sure the user is allowed to download it. If they aren't, they get a
401 forbidden header and page.
--- End Message ---
--- Begin Message ---
hi,
Is there any function in php to get data of a csv file from a line to
another line that we say?
for example get me data from line 400 to line 1400 of a csv file. if
no function, what you recommend to get data?
Thanks in advance,
Shahrzad
--- End Message ---
--- Begin Message ---
http://il.php.net/manual/en/function.file.php
http://il.php.net/manual/en/function.str-getcsv.php
http://il.php.net/fgetcsv
You can go through the lines and start buffering them when you get to 400,
and stop the buffer and continue; the loop when you reach line 1400.
On Sat, May 30, 2009 at 12:56 PM, shahrzad khorrami <
[email protected]> wrote:
> hi,
>
> Is there any function in php to get data of a csv file from a line to
> another line that we say?
> for example get me data from line 400 to line 1400 of a csv file.
> if
> no function, what you recommend to get data?
>
> Thanks in advance,
> Shahrzad
>
--- End Message ---
--- Begin Message ---
Ok, let's get this straightened out, please.
I'm coming up with little annoyances like text with é & the like
being displayed and not displayed, having to enter it to get it
displayed, and sometimes seeing the code rather than the accented character.
And then there is preg_replace! When I have to use foreign characters
and I often do in several languages, preg removes the & and the spaces
that I don't want in a string but it also replaces the foreign language
accent formatting(e.g. î with icirc). Now that is annoying. I then
have to replace the space&space with space/space and omit the
preg_replace. That's a workaround... but that prevents filtering out
lost spaces. And how does all that relate to latin1 and utf8_general?
I'm setting up my databases with utf8_general... so, now what? Should I
be reverting to latin1(or is it 15) I don't recall... Is there a way to
fix this cross language problem?
Ooooooooh, boy. :'(
--
Hervé Kempf: "Pour sauver la planète, sortez du capitalisme."
-------------------------------------------------------------
Phil Jourdan --- [email protected]
http://www.ptahhotep.com
http://www.chiccantine.com/andypantry.php
--- End Message ---
--- Begin Message ---
Hey, I'm looking to start playing with 5.3.0, and thus by extension,
namespaces. One of the things that I definitely need support for is
autoloading, and the docs aren't exactly explicit in some (obvious to me)
cases.
I have an autoloading class that internally handles file-not-found errors
and the like and a set of methods that get registered via
spl_autoload_register. I'm wondering if there's any way that the autoloader
- which won't exist inside a namespace - can handle classes with the same
name in several different namespaces. Say, for example, I have three
directories foo/, bar/, and baz/ and each of those corresponds to a
same-named namespace, and each also has a class named ExampleClass. If I
try to instantate a foo\ExampleClass, does the classname get set in the
autoloader method as "ExampleClass" or "foo\ExampleClass"? If the former,
is there any way to determine the namespace name so I don't accidentally
autoload bar\ExampleClass or baz\ExampleClass?
--- End Message ---
--- Begin Message ---
Hi again...
for those who care, feel free to reply with comments... for those who
don't.. please ignore!!
this is a list of psuedo code/steps/overview of what i'm considering for a
kind of scheduling process. the goal is for the user to enter a starttime,
as well as specify a periodic function. the resulting output would be the
next 'event' time...
i've tried to walk through the different scenarios to accommodate the
different occurances that i can think of...
like i said.. feel free to leave comments..
thanks
------------------------------------------------------------------------
job scheduler - functions
user enters:
starttime (now, future)
future - day:month:year: hour:min
day -dayList, monthList, yearList
time -hourList, minList
validate date/time
interval:
type:
minutes, hour, day, week, month, last-of-the-month
number
1, 2, ....
===========================================================
when using time, round to 0 secs
if user enters only minute:
use current hour
use current year
use current month
use current date
if user enters only hour:
use current min
use current year
use current month
use current date
if user enters only min:
use current hour
use current year
use current month
use current date
if user enters only year:
use current min
use current hour
use current month
use current date
if user enters only month:
use current min
use current hour
use current year
use current date
if user enters only date:
use current min
use current hour
use current year
use current month
if user enters now() (or leaves it blank):
app sets min to current min
app sets hour to current hour
app sets year to current year
app sets month to current month
app sets date to current date
-------------------++
interval:
user selects minutes,
user selects 'X' as the numeric interval
(if 'X' is blank, app defaults 'X' to 5)
app gets the year:month:date hour:min
app converts the date/time to secs
app creates 'interval' ="+".str(X)." minute"
(app computes the next time/secs adding X * 60 for the next 'X' minute)
this computes every 'X' minutes using
strtotime(interval, secs)
-gives every minute at the current 'min', or every 20th minute at the
20min mark, etc..
--note:: should the app roll over minuites.. or should it restart at the
hour
-- or should it perform both, and let the user decide...
user selects hourly,
user selects 'X' as the numeric interval
(if 'X' is blank, app defaults 'X' to 1)
app gets the year:month:date hour:min
app converts the date/time to secs
app creates 'interval' ="+".str(X)." hour"
(app computes the next time/secs adding X * 3600 for the next 'X' hour)
this computes every 'X' hour, on the 'min' using
strtotime(interval, secs)
-gives every hour at the current 'min', or every 2nd Hour at the
10min mark, etc..
user selects daily,
user selects 'X' as the numeric interval
(if 'X' is blank, app defaults 'X' to 1)
app gets the year:month:date hour:min
app converts the date/time to secs
app creates 'interval' ="+".str(X)." day"
(app computes the next time/secs adding X * 60*60*24 for the next 'X' day)
this computes every 'X' day, on the 'hour:min' using
strtotime(interval, secs)
-gives every day at the current 'hour:min', or every 2nd Day at the
2:10pm mark, etc..
user selects weekly,
user selects 'X' as the numeric interval
(if 'X' is blank, app defaults 'X' to 1)
app gets the year:month:date hour:min
app converts the date/time to secs
app creates 'interval' ="+".str(X)." week"
(app computes the next time/secs adding X * 60*60*24 for the next 'X' day)
this computes every 'X' week, on the 'day:hour:min' using
strtotime(interval, secs)
-gives every Mon at the current 'hour:min', or every 2nd Tues at
10:00pm,
etc..
user selects monthly,
user selects 'X' as the numeric interval
(if 'X' is blank, app defaults 'X' to 1)
app gets the year:month:date hour:min
app converts the date/time to secs
app creates 'interval' ="+".str(X)." month"
(>> redo app computes the next time/secs adding X * 60*60*24 for the
next 'X' month)
this computes every 'X' month, on the 'date:hour:min' using
strtotime(interval, secs)
need to include logic to cut limit future month to the 'end date' of the
month. don't want to roll over into the next month.. ie, if the date
is jan 29,
and the next feb only has 28 days.. stop at jan 28...
need to incorporate leap year checks, etc...
-gives every Month at the current 'date:hour:min', based on the above
logic/restrictions/implementation...
user selects every 'day' (mtwthf)
covered by the weekly section.. (no need for a separate selection)
user selects 1st of month
covered by the monthly section (no need for a separate selection)
user selects 'last-of-month'
user selects 'X' as the numeric interval
(if 'X' is blank, app defaults 'X' to 1)
app gets the startime in linuxsecs, based on user input, or 'default
now()'
app determines the month based on the computed secs data
app app then detemines the last date of the computed month
app uses date(-t,secs) to get date...
app gets year:month hour:min from the startime/linuxsecs
use the date, and the year:month and hour:min to get the
final eventsecs for the last-of-month
============================================================================
-----Original Message-----
From: Shawn McKenzie [mailto:[email protected]]
Sent: Friday, May 29, 2009 2:48 PM
To: [email protected]
Subject: [PHP] Re: Numerical Recipe - Scheduling Question
bruce wrote:
> Hi..
>
> Got a need to be able to allow a user to specify the frequency to run
> certain apps/processes.. I need to be able to have the user specify a
start
> Time, as well as a periodic frequency (once, hourly, daily, weekly...) as
> well as allow the user to specify every XX minutes...
>
> So i basically need to be able to determine when the future
> events/occurances are, based on the user input.
>
> I've searched the net for alogorithms dealing with scheduling and haven't
> come up with any php based solutions.. I've also looked at numerical
recipes
> and some other sources (freshmeat/sourceforge/etc..) with no luck..
>
> I have found an approach in another language that I could port to php..
But
> before I code/recreate this, I figured I'd see if anyone here has pointers
> or suggestions...
>
> Cron doesn't work for me, as it can run a process at a given time.. but it
> doesn't tell me when the next 'X' occurance would be...
>
> Thoughts/Comments..
>
> Thanks
>
This is confusing. When and where do you need to "be able to determine
when the future events/occurances are"? You need to display this after
the user schedules the app/process or an admin needs to login and see
this at any given time?
Regardless it is easy with the PHP time/date functions. Once you've
collected and stored the start/stop times and interval, something
similar to:
$interval = "1 week";
$next = $start_time;
while ($next <= $end_time) {
$next = strtotime("+$interval", $next);
echo date(DATE_RFC822, $next) ."\n";
}
--
Thanks!
-Shawn
http://www.spidean.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
