php-general Digest 30 Nov 2009 08:39:14 -0000 Issue 6465
Topics (messages 300143 through 300150):
Re: PHP APACHE SAVE AS
300143 by: Jim Lucas
300144 by: kranthi
Re: PHP internal memory
300145 by: Robert Cummings
Re: how to prevent a mild DOSS attack?
300146 by: LAMP
300147 by: LAMP
300148 by: aurfalien.gmail.com
300149 by: LinuxManMikeC
SESSIONS & classes
300150 by: Allen McCabe
Administrivia:
To subscribe to the digest, e-mail:
[email protected]
To unsubscribe from the digest, e-mail:
[email protected]
To post to the list, e-mail:
[email protected]
----------------------------------------------------------------------
--- Begin Message ---
Bastien Koert wrote:
On Fri, Nov 27, 2009 at 11:20 AM, Ashley Sheridan
<[email protected]> wrote:
On Fri, 2009-11-27 at 17:10 +0100, Julian Muscat Doublesin wrote:
Hi,
Just to update every one. This solution below worked perfectly. Thank you
very much Jonathan. I have one other question though. Can anyone help me on
the folowing. Database Error: Unable to connect to the database:The MySQL
adapter "mysql" is not available.
Thank you
Julian
On Fri, Nov 27, 2009 at 1:34 PM, Jonathan Tapicer <[email protected]> wrote:
You are probably missing something like this in the apache httpd.conf:
LoadModule php5_module "c:/PHP/php5apache2_2.dll"
PHPIniDir "c:/PHP/php.ini"
AddType application/x-httpd-php .php
DirectoryIndex index.php index.html index.html.var
Regards,
Jonathan
On Fri, Nov 27, 2009 at 6:24 AM, Julian Muscat Doublesin
<[email protected]> wrote:
Hello Everyone,
I have installed PHP, Apache and MySQL on a Windows 7 machine :(.........
I
would prefer linux or unix :)
These have been setup and working correctly. However when I access a php
page. I get the save as dialog. Has anyone ever experinced such a
situation.
Can anyone please advise.
Thank you very much in advance.
Julian
It sounds like you've installed both PHP and MySQL, but not the
php-mysql module, which allows PHP to talk to the database. Depending on
how you installed PHP, there could be a variety of ways to fix this.
Thanks,
Ash
http://www.ashleysheridan.co.uk
Try opening the php.ini file and uncommenting the line
;extension = php_mysql.dll;
(by uncommenting i mean remove the first semi-colon). save the file
and restart the apache service
My guess is, that since he said that he is getting an error returned from the function call, that
the function is being loaded, so the php_mysql.so is being loaded fine. But the problem, more then
likely, lies with the arguments being passed to the mysql_connect function call itself.
Check the values that you are passing to your function. But first, make sure that mysql is actually
running. You should be able to use phpmyadmin, with the correct DB settings, and have it connect
to the DB. If that doesn't work, try using a command line utility that came with your mysql
installation.
Jim Lucas
--
Jim Lucas
"Some men are born to greatness, some achieve greatness,
and some have greatness thrust upon them."
Twelfth Night, Act II, Scene V
by William Shakespeare
--- End Message ---
--- Begin Message ---
as jim stated you'll get a "undefined function" error if php_mysql
extension is not loaded.
in this case probably the MySql server is not running, or not running
on the default port (most likely the former)
--- End Message ---
--- Begin Message ---
Daniel Kolbo wrote:
Hello PHP-hipsters,
I am not sure how to phrase these questions so please bare with me.
I am thinking about performance of a single web server running Apache
(non-cluster) with php as a module.
I have a web app that requires the same php objects(classes) for each
http request.
First, I would like to have the web server keep these object/class
definition files (code) permanently in the memory so the php engine does
not have to keep loading and destroying these objects. Is this
possible? Maybe the php engine is already smart enough to handle this.
I imagine the engine is smart enough to not load the same class
definition into memory for the same http request, but I'm not sure if
the engine is smart enough to recognize that a class definition is
already in the memory from a different http request.
PHP maintains a "shared nothing" philosophy:
http://en.wikipedia.org/wiki/Shared-nothing_architecture
This means there are no application variables in PHP. To accomodate
something of this nature you will need to use a memory cache like APC or
whatnot.
Second, furthermore, say two different http requests actually
instantiate identical objects. Will both of these identical objects
require their own space in the memory, or is the php engine smart enough
to point both objects to the same memory (until something happens to one
of the objects making it different than the other)? If not, i guess this
is where the idea of caching comes in, and i have to be that smart one
to define the unique keys...
You would have two copies.. because PHP doesn't share like this. In
fact, I do believe shared memory would still require a copy of the
shared memory since I imagine marshalling the data back and forth
between shared memory and PHP native datatype would occur.
Third, when one caches php code using something like memcache, what is
actually being cached: the human readable php, the parsed php, the
serialized php (not really sure what this is), the raw cpu/assembly
instructions, etc...?
Usually the compiled bytecode is stored either in memory or on the
filesystem if memory is lacking (less used caches would get punted to
the filesystem). This saves the ocmpilation stage at the least which can
be quite onerous for large libraries. And if everything fits in memory
then you can really save on time.
Fourth, where does this cached data live - on the server's hard drive or
in the server's memory (assuming we have enough memory)?
One or the other or both. Depends on your settings and the current
memory needs.
I assume one of the ideas behind the cache is to by-pass the php parser
and instead just regurgitate the pre-chewed food and spit it out to
apache. Thus, the memcache would only be storing the php output. Is
this line of reasoning correct? And ideally it would be best to have
this prechewed code sitting in the memory, but can I control this?
It's a different kind of chache that stores the output... unless you
meant the output of the parse stage.
Just to be clear, I am familiar with the idea behind setting a unique
key for the cache and all that. Also, i am not referring to client side
caching.
Well thanks for sticking with me, as I'm trying to learn these concepts.
Any comments, answers, explanations would be most welcomed.
Hope I've been of help.
Cheers,
Rob.
--
http://www.interjinn.com
Application and Templating Framework for PHP
--- End Message ---
--- Begin Message ---
LinuxManMikeC wrote:
Or DoS back at em. :-D
I would love too.
:-)
On Wed, Nov 25, 2009 at 3:57 PM, Ashley Sheridan
<[email protected]> wrote:
On Wed, 2009-11-25 at 16:38 -0600, LAMP wrote:
hi guys,
this morning I got complains from website owner and tons of visitors -
nobody was able to access the website. it will just timeout.
I contacted hosting company for more info but they said the virtual
privet server, where the website is, has a lot of traffic and 512MB of
RAM is not enough and I have to make an upgrade to at least 1GB etc.
it does a make a sense.
though, at 4pm I, nor 10 other people I asked for help, was able to
access to the website.
it was a little bit fishy about BIG traffic whole day long (the website
is far from it) and, since I don't have a problem accessing WHM/cPanel
of the server, I downloaded apache access file (stupid, I supposed to do
it in the morning) and found 20-30 IP addresses, repeatedly were trying
to access one (only one) page (something like article.php). and they
were requesting the same page so frequently - nobody else was able to
access to the website. it looked to me like a little DOSS attack - where
attacker wanted just to make the website busy, not to crush the server.
I contacted hosting company again. they said there is nothing they can
do about this- even I'm paying them to manage my virtual server (I can
manage this way by my self too). of course they can if I pay extra :-(
now, my question is: is there anything I can do to stop these attacks
using php? something? anything?
thanks
L
There's nothing you could do with PHP to fix this really, as trying to
block IP addresses from there would be expensive for the processor and
memory of the server.
You could use the cPanel to block access to the offending IP addresses
though.
Thanks,
Ash
http://www.ashleysheridan.co.uk
--- End Message ---
--- Begin Message ---
LinuxManMikeC wrote:
On Wed, Nov 25, 2009 at 3:57 PM, Ashley Sheridan
<[email protected]> wrote:
On Wed, 2009-11-25 at 16:38 -0600, LAMP wrote:
hi guys,
this morning I got complains from website owner and tons of visitors -
nobody was able to access the website. it will just timeout.
I contacted hosting company for more info but they said the virtual
privet server, where the website is, has a lot of traffic and 512MB of
RAM is not enough and I have to make an upgrade to at least 1GB etc.
it does a make a sense.
though, at 4pm I, nor 10 other people I asked for help, was able to
access to the website.
it was a little bit fishy about BIG traffic whole day long (the website
is far from it) and, since I don't have a problem accessing WHM/cPanel
of the server, I downloaded apache access file (stupid, I supposed to do
it in the morning) and found 20-30 IP addresses, repeatedly were trying
to access one (only one) page (something like article.php). and they
were requesting the same page so frequently - nobody else was able to
access to the website. it looked to me like a little DOSS attack - where
attacker wanted just to make the website busy, not to crush the server.
I contacted hosting company again. they said there is nothing they can
do about this- even I'm paying them to manage my virtual server (I can
manage this way by my self too). of course they can if I pay extra :-(
now, my question is: is there anything I can do to stop these attacks
using php? something? anything?
thanks
L
There's nothing you could do with PHP to fix this really, as trying to
block IP addresses from there would be expensive for the processor and
memory of the server.
You could use the cPanel to block access to the offending IP addresses
though.
Thanks,
Ash
http://www.ashleysheridan.co.uk
Ok... serious answer. The DoS is either coming from script kiddies
dumb enough to do it from their own IP, or its coming from a bot-net
comprised of computers who's owners are morons and don't keep their
computer secure. Either way, do a WHOIS, reverse DNS query, and
traceroute on the IPs. You should be able to find the ISPs of the
attacking systems. Email the ISP tech department with your info and
let them take care of the offending systems.
In my case, on the beginning was 20-30 different IPs. After they are
blocked there was much more IPs :-(
But, never was thinking that way.
What I have to send to ISP? my access log file?
--- End Message ---
--- Begin Message ---
On Nov 28, 2009, at 9:24 AM, LAMP wrote:
LinuxManMikeC wrote:
On Wed, Nov 25, 2009 at 3:57 PM, Ashley Sheridan
<[email protected]> wrote:
On Wed, 2009-11-25 at 16:38 -0600, LAMP wrote:
hi guys,
this morning I got complains from website owner and tons of
visitors -
nobody was able to access the website. it will just timeout.
I contacted hosting company for more info but they said the
virtual
privet server, where the website is, has a lot of traffic and
512MB of
RAM is not enough and I have to make an upgrade to at least 1GB
etc.
it does a make a sense.
though, at 4pm I, nor 10 other people I asked for help, was able to
access to the website.
it was a little bit fishy about BIG traffic whole day long (the
website
is far from it) and, since I don't have a problem accessing WHM/
cPanel
of the server, I downloaded apache access file (stupid, I
supposed to do
it in the morning) and found 20-30 IP addresses, repeatedly were
trying
to access one (only one) page (something like article.php). and
they
were requesting the same page so frequently - nobody else was
able to
access to the website. it looked to me like a little DOSS attack
- where
attacker wanted just to make the website busy, not to crush the
server.
I contacted hosting company again. they said there is nothing
they can
do about this- even I'm paying them to manage my virtual server
(I can
manage this way by my self too). of course they can if I pay
extra :-(
now, my question is: is there anything I can do to stop these
attacks
using php? something? anything?
thanks
L
There's nothing you could do with PHP to fix this really, as
trying to
block IP addresses from there would be expensive for the processor
and
memory of the server.
You could use the cPanel to block access to the offending IP
addresses
though.
Thanks,
Ash
http://www.ashleysheridan.co.uk
Ok... serious answer. The DoS is either coming from script kiddies
dumb enough to do it from their own IP, or its coming from a bot-net
comprised of computers who's owners are morons and don't keep their
computer secure. Either way, do a WHOIS, reverse DNS query, and
traceroute on the IPs. You should be able to find the ISPs of the
attacking systems. Email the ISP tech department with your info and
let them take care of the offending systems.
In my case, on the beginning was 20-30 different IPs. After they are
blocked there was much more IPs :-(
But, never was thinking that way.
What I have to send to ISP? my access log file?
You can try http://deflate.medialayer.com
- aurf
--- End Message ---
--- Begin Message ---
On Sat, Nov 28, 2009 at 10:24 AM, LAMP <[email protected]> wrote:
> LinuxManMikeC wrote:
>
> On Wed, Nov 25, 2009 at 3:57 PM, Ashley Sheridan
> <[email protected]> wrote:
>
>
> On Wed, 2009-11-25 at 16:38 -0600, LAMP wrote:
>
>
>
> hi guys,
> this morning I got complains from website owner and tons of visitors -
> nobody was able to access the website. it will just timeout.
> I contacted hosting company for more info but they said the virtual
> privet server, where the website is, has a lot of traffic and 512MB of
> RAM is not enough and I have to make an upgrade to at least 1GB etc.
> it does a make a sense.
> though, at 4pm I, nor 10 other people I asked for help, was able to
> access to the website.
> it was a little bit fishy about BIG traffic whole day long (the website
> is far from it) and, since I don't have a problem accessing WHM/cPanel
> of the server, I downloaded apache access file (stupid, I supposed to do
> it in the morning) and found 20-30 IP addresses, repeatedly were trying
> to access one (only one) page (something like article.php). and they
> were requesting the same page so frequently - nobody else was able to
> access to the website. it looked to me like a little DOSS attack - where
> attacker wanted just to make the website busy, not to crush the server.
> I contacted hosting company again. they said there is nothing they can
> do about this- even I'm paying them to manage my virtual server (I can
> manage this way by my self too). of course they can if I pay extra :-(
>
> now, my question is: is there anything I can do to stop these attacks
> using php? something? anything?
>
> thanks
> L
>
>
>
> There's nothing you could do with PHP to fix this really, as trying to
> block IP addresses from there would be expensive for the processor and
> memory of the server.
>
> You could use the cPanel to block access to the offending IP addresses
> though.
>
> Thanks,
> Ash
> http://www.ashleysheridan.co.uk
>
>
>
>
>
> Ok... serious answer. The DoS is either coming from script kiddies
> dumb enough to do it from their own IP, or its coming from a bot-net
> comprised of computers who's owners are morons and don't keep their
> computer secure. Either way, do a WHOIS, reverse DNS query, and
> traceroute on the IPs. You should be able to find the ISPs of the
> attacking systems. Email the ISP tech department with your info and
> let them take care of the offending systems.
>
>
> In my case, on the beginning was 20-30 different IPs. After they are blocked
> there was much more IPs :-(
> But, never was thinking that way.
> What I have to send to ISP? my access log file?
>
>
>
>
Just the IP and access times so they can match it to their logs from
the same timeframe. Basically filter the pertinent entries from the
log file, don't have to give them the whole thing. They can match it
to the DHCP or Static IP assignments, possibly even have some traffic
patterns logged. As to whether they'll do anything, thats another
matter. And since so many IPs were hitting you it's probably a botnet
and the users in question aren't the attackers.
--- End Message ---
--- Begin Message ---
I am trying to implement a relatively complete login system code for my
website, but the code is a bit dated ($HTTP_POST_VARS for example).
I am not too familiar with classes and I'm having trouble with this one.
I have an include which is the login form if the SESSION is not set, and a
mini control panel when it is.
I will post the code below because it is a bit extensive. My problem: When I
try to log in (POST username/password to same page and validate with the
class, the page simply reloads MINUS THE FORM SUBMIT BUTTON. It's very odd.
I have a working system on another website without using this class, I just
hoping to be more object-oriented with this one.
Like I said, the code is a bit lengthy, and if you are kind enough to take a
look at I can even send you the php files for the sake of readability (ie.
formatted better than here).
Anything you can help with would be greatly appreciated; I'll have my wife
bake you some cookies or something!
The basic page looks like this:
<?php
// Get the PHP file containing the DbConnector class
require_once('../includes/DbConnector.php');
// Create an instance of DbConnector
$connector = new DbConnector();
// sets $thispage and $directory
include('../includes/pagedefinition.php');
// Include functions
require_once('../includes/functions.php');
//content
include('../includes/signupform.php');
include('../includes/signup_val_inser_eml.php');
include('../includes/signinform.php');
include('../includes/header.php');
include('../includes/body.php');
?>
The page definition file looks like this:
<?php
require_once("Sentry.php");
if ($_GET['action'] == 'logout'){
if ($sentry->logout()){
echo '<p align=\"center\" class=\"confirm\">You have been logged
out</p><br>';
}
}
. . . // site content-grabbing code excluded ///
// Attempted login url - use for redirect after login.
$redirect =
"http://mwclans.com/{$_SERVER['REQUEST_URI'<http://mwclans.com/%7B$_SERVER['REQUEST_URI'>
]}";
// Defined in includes/Sentry.php
$sentry = new Sentry();
// If logging in, POST['login'] will be set - check credentials (9 is used
to specify the minimum group level that's allowed to access this resource)
if ($_POST['login'] != ''){
$sentry->checkLogin($_POST['username'],$_POST['password'],9,'$redirect',/user/index.php');
}
if ($minlevel < 9)
{
if (!$sentry->checkLogin($minlevel) ){ header("Location:
/user/<http://www.mwclans.com/user/>");
die(); }
}
?>
Here is the Sentry class:
<?php
////////////////////////////////////////////////////////////////////////////////////////
// Class: sentry
// Purpose: Control access to pages
///////////////////////////////////////////////////////////////////////////////////////
class sentry {
var $loggedin = false; // Boolean to store whether the user is logged in
var $userdata; // Array to contain user's data
function sentry(){
session_start();
header("Cache-control: private");
}
//======================================================================================
// Log out, destroy session
function logout(){
if (is_object($this->userdata))
{
unset($this->userdata);
$session_name = session_name();
return true;
}
else
{
$message = "<p align=\"center\" class=\"error\">Call to non-object by
function: logout()</p>";
}
}
//======================================================================================
// Log in, and either redirect to goodRedirect or badRedirect depending on
success
function checkLogin($username = '',$password = '',$role_id =
9,$goodRedirect = '',$badRedirect = ''){
// Include database and validation classes, and create objects
require_once('DbConnector.php');
require_once('Validator.php');
$validate = new Validator();
$loginConnector = new DbConnector();
// If user is already logged in then check credentials
if ($_SESSION['username'] && $_SESSION['password']){
// Validate session data
if (!$validate->validateTextOnly($_SESSION['username'])){return false;}
if (!$validate->validateTextOnly($_SESSION['password'])){return false;}
$getUser = $loginConnector->query("SELECT * FROM user WHERE username =
'".$_SESSION['username']."' AND password = '".$_SESSION['password']."' AND
role_id <= ".$role_id.' AND verified = 1');
if ($loginConnector->getNumRows($getUser) > 0){
// Existing user ok, continue
if ($goodRedirect != '') {
header("Location: ".$goodRedirect."?".strip_tags(session_id())) ;
}
return true;
}else{
// Existing user not ok, logout
$this->logout();
return false;
}
// User isn't logged in, check credentials
}else{
// Validate input
if (!$validate->validateTextOnly($username)){return false;}
if (!$validate->validateTextOnly($password)){return false;}
// Look up user in DB
$getUser = $loginConnector->query("SELECT * FROM user WHERE username =
'$username' AND password = PASSWORD('$password') AND role_id <= $role_id AND
verified = 1");
$this->userdata = $loginConnector->fetchArray($getUser);
if ($loginConnector->getNumRows($getUser) > 0){
// Login OK, store session details
// Log in
$_SESSION["username"] = $username;
$_SESSION["password"] = $this->userdata['password'];
$_SESSION["user_id"] = $this->userdata['user_id'];
$_SESSION["role_id"] = $this->userdata['role_id'];
if ($goodRedirect) {
header("Location: ".$goodRedirect."?".strip_tags(session_id())) ;
}
return true;
}else{
// Login BAD
unset($this->userdata);
if ($badRedirect) {
header("Location: ".$badRedirect) ;
}
return false;
}
}
}
}
?>
And here is the login page:
<?php
$loginsettingquery = "SELECT * FROM site_settings WHERE name='login'";
$loginsettingresult = $connector->query($loginsettingquery);
$loginsettinginfo = $connector->fetchArray($loginsettingresult);
$currentpage =
"http://mwclans.com/{$_SERVER['REQUEST_URI'<http://mwclans.com/%7B$_SERVER['REQUEST_URI'>
]}";
if (isset($_SESSION['username']) && isset($_SESSION['password'])) // display
other info, else display login form
{
// logged-in user tools
}
else
{
if ($loginsettinginfo['value'] == 1 || $directory == "cmsadmin")
{
$signinform = <<<END
<table width="250" align="center" border="0" cellspacing="0" cellpadding="3"
class="contentbox">
<tr>
<td colspan="2" bgcolor="#000000"><b>Login</b></td>
</tr>
<tr>
<td align="right"><span style="cursor:default;">Username:</td>
<td style="vertical-align:top">
<form name="login" method="post" action="$currentpage">
<input type="hidden" name="login" value="1">
<input name="username" type="text" size="15" id="username" /></td>
</tr>
<tr valign="center">
<td align="right"><span style="cursor:default;">Password:</td>
<td style="vertical-align:top;">
<input name="password" type="password" size="15" id="password" /></td>
</tr>
<tr>
<td colspan="2" align="right"></td>
</tr>
</table></form>
END;
}
else
{
// login disabled message
}
}
?>
--- End Message ---
