php-general Digest 9 Dec 2009 02:36:27 -0000 Issue 6477
Topics (messages 300305 through 300325):
Re: request for support
300305 by: Ashley Sheridan
300306 by: Ashley Sheridan
300307 by: Tarek Kaddoura
300308 by: Ashley Sheridan
300313 by: Philip Thompson
Re: Passing HTML array index to JS?
300309 by: Ford, Mike
300310 by: Ashley Sheridan
300317 by: tedd
300318 by: Philip Thompson
How to properly serve a file via a wrapper.
300311 by: Michael A. Peters
300312 by: Ashley Sheridan
Re: cookies and carts
300314 by: Jochem Maas
300319 by: Michael A. Peters
Re: mysterious include problem
300315 by: Jochem Maas
300316 by: Ashley Sheridan
PHP Upgrade Problem
300320 by: David Stoltz
Filtering results via user input
300321 by: Allen McCabe
300322 by: Bastien Koert
300323 by: Ashley Sheridan
ÐÑеÑÑ Ð¿Ð°pÑнеpа Ð´Ð»Ñ ÑекÑа? Ð¢Ñ Ð½Ðµ один. Ðа
ÑайÑе http://sexfuns.110mb.com многие девÑÑки и паpни
знакомÑÑÑÑ Ð´Ð»Ñ ÑекÑа и вÑего оÑÑалÑного.
ÐpиÑоединÑйÑÑ! =)
300324 by: promoaction.hush.ai
Force-Saving an Audio File
300325 by: cool.hosting4days.com
Administrivia:
To subscribe to the digest, e-mail:
[email protected]
To unsubscribe from the digest, e-mail:
[email protected]
To post to the list, e-mail:
[email protected]
----------------------------------------------------------------------
--- Begin Message ---
On Tue, 2009-12-08 at 11:29 +0000, Tarek Kaddoura wrote:
>
>
> I'm using PHP 5.2.11 with Apache 2 (and i also tried Apache 2.2)
>
> However, when I add this entry to my httpd.conf:
> <code>
> LoadModule php4_module "C:/Program Files/php/sapi/php4apache.dll"
> </code>
> Apache will crash when trying to start the service.
> If I comment the line out, Apache starts just fine.
>
> Thanks for your help.
> Regards,
>
>
> _________________________________________________________________
> Windows Live Hotmail: Your friends can get your Facebook updates, right from
> Hotmail®.
> http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_4:092009
Well, you say you've got PHP 5 installed, yet you're trying to load a
PHP 4 module in. Which do you want? I don't think Apache can run 4 and 5
at the same time without complications.
Thanks,
Ash
http://www.ashleysheridan.co.uk
--- End Message ---
--- Begin Message ---
On Tue, 2009-12-08 at 11:53 +0000, Tarek Kaddoura wrote:
>
> sorry sorry thats a typo error
> the code im using is:
> PHPIniDir "C:/PHP/"
> LoadModule php5_module "C:/PHP/php5apache2.dll"
>
>
> ______________________________________________________________________
> Subject: Re: [PHP] request for support
> From: [email protected]
> To: [email protected]
> CC: [email protected]
> Date: Tue, 8 Dec 2009 11:45:38 +0000
>
> On Tue, 2009-12-08 at 11:29 +0000, Tarek Kaddoura wrote:
>
>
>
> I'm using PHP 5.2.11 with Apache 2 (and i also tried Apache 2.2)
>
> However, when I add this entry to my httpd.conf:
> <code>
> LoadModule php4_module "C:/Program Files/php/sapi/php4apache.dll"
> </code>
> Apache will crash when trying to start the service.
> If I comment the line out, Apache starts just fine.
>
> Thanks for your help.
> Regards,
>
>
> _________________________________________________________________
> Windows Live Hotmail: Your friends can get your Facebook updates,
> right from Hotmail®.
>
> http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_4:092009
>
>
> Well, you say you've got PHP 5 installed, yet you're trying to load a
> PHP 4 module in. Which do you want? I don't think Apache can run 4 and
> 5 at the same time without complications.
>
> Thanks,
> Ash
> http://www.ashleysheridan.co.uk
>
>
>
>
>
> ______________________________________________________________________
> Windows Live: Keep your friends up to date with what you do online.
Don't forget to hit reply to all on the list, and try not to top
post! :p
What does it say on the command line when you try to start the service
up?
In a root privaleged console type:
/etc/init.d/httpd start
Thanks,
Ash
http://www.ashleysheridan.co.uk
--- End Message ---
--- Begin Message ---
Subject: RE: [PHP] request for support
From: [email protected]
To: [email protected]
CC: [email protected]
Date: Tue, 8 Dec 2009 11:53:53 +0000
On Tue, 2009-12-08 at 11:53 +0000, Tarek Kaddoura wrote:
sorry sorry thats a typo error
the code im using is:
PHPIniDir "C:/PHP/"
LoadModule php5_module "C:/PHP/php5apache2.dll"
Subject: Re: [PHP] request for support
From: [email protected]
To: [email protected]
CC: [email protected]
Date: Tue, 8 Dec 2009 11:45:38 +0000
On Tue, 2009-12-08 at 11:29 +0000, Tarek Kaddoura wrote:
I'm using PHP 5.2.11 with Apache 2 (and i also tried Apache 2.2)
However, when I add this entry to my httpd.conf:
<code>
LoadModule php4_module "C:/Program Files/php/sapi/php4apache.dll"
</code>
Apache will crash when trying to start the service.
If I comment the line out, Apache starts just fine.
Thanks for your help.
Regards,
_________________________________________________________________
Windows Live Hotmail: Your friends can get your Facebook updates, right from
Hotmail®.
http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_4:092009
Well, you say you've got PHP 5 installed, yet you're trying to load a PHP 4
module in. Which do you want? I don't think Apache can run 4 and 5 at the same
time without complications.
Thanks,
Ash
http://www.ashleysheridan.co.uk
Windows Live: Keep your friends up to date with what you do online.
Don't forget to hit reply to all on the list, and try not to top post! :p
What does it say on the command line when you try to start the service up?
In a root privaleged console type:
/etc/init.d/httpd start
Thanks,
Ash
http://www.ashleysheridan.co.uk
No Ashley im using Windows,
whenever i start the apache service, it either crashes or promptes me that the
operation has failed
if i comment these 2 lines out, the apache service starts normally
_________________________________________________________________
Keep your friends updated—even when you’re not signed in.
http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_5:092010
--- End Message ---
--- Begin Message ---
On Tue, 2009-12-08 at 12:08 +0000, Tarek Kaddoura wrote:
>
>
>
> ______________________________________________________________________
> Subject: RE: [PHP] request for support
> From: [email protected]
> To: [email protected]
> CC: [email protected]
> Date: Tue, 8 Dec 2009 11:53:53 +0000
>
> On Tue, 2009-12-08 at 11:53 +0000, Tarek Kaddoura wrote:
>
>
> sorry sorry thats a typo error
> the code im using is:
> PHPIniDir "C:/PHP/"
> LoadModule php5_module "C:/PHP/php5apache2.dll"
>
>
> ______________________________________________________________
>
> Subject: Re: [PHP] request for support
> From: [email protected]
> To: [email protected]
> CC: [email protected]
> Date: Tue, 8 Dec 2009 11:45:38 +0000
>
> On Tue, 2009-12-08 at 11:29 +0000, Tarek Kaddoura wrote:
>
>
> I'm using PHP 5.2.11 with Apache 2 (and i also tried Apache
> 2.2)
>
> However, when I add this entry to my httpd.conf:
> <code>
> LoadModule php4_module "C:/Program
> Files/php/sapi/php4apache.dll"
> </code>
> Apache will crash when trying to start the service.
> If I comment the line out, Apache starts just fine.
>
> Thanks for your help.
> Regards,
>
>
>
> _________________________________________________________________
> Windows Live Hotmail: Your friends can get your Facebook
> updates, right from Hotmail®.
>
> http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_4:092009
>
>
> Well, you say you've got PHP 5 installed, yet you're trying to
> load a PHP 4 module in. Which do you want? I don't think
> Apache can run 4 and 5 at the same time without complications.
>
> Thanks,
> Ash
> http://www.ashleysheridan.co.uk
>
>
>
>
>
>
> ______________________________________________________________
>
> Windows Live: Keep your friends up to date with what you do
> online.
>
>
> Don't forget to hit reply to all on the list, and try not to top
> post! :p
>
> What does it say on the command line when you try to start the service
> up?
>
> In a root privaleged console type:
>
> /etc/init.d/httpd start
>
>
> Thanks,
> Ash
> http://www.ashleysheridan.co.uk
>
>
>
>
> No Ashley im using Windows,
> whenever i start the apache service, it either crashes or promptes me
> that the operation has failed
> if i comment these 2 lines out, the apache service starts normally
>
>
>
>
>
> ______________________________________________________________________
> Keep your friends updated— even when you’re not signed in.
Why don't you try a Wamp install, rather than installing the individual
components?
Thanks,
Ash
http://www.ashleysheridan.co.uk
--- End Message ---
--- Begin Message ---
On Dec 8, 2009, at 6:12 AM, Ashley Sheridan wrote:
> On Tue, 2009-12-08 at 12:08 +0000, Tarek Kaddoura wrote:
>> ______________________________________________________________________
>> Subject: RE: [PHP] request for support
>> From: [email protected]
>> To: [email protected]
>> CC: [email protected]
>> Date: Tue, 8 Dec 2009 11:53:53 +0000
>>
>> On Tue, 2009-12-08 at 11:53 +0000, Tarek Kaddoura wrote:
>>
>>
>> sorry sorry thats a typo error
>> the code im using is:
>> PHPIniDir "C:/PHP/"
>> LoadModule php5_module "C:/PHP/php5apache2.dll"
>>
>> ______________________________________________________________
>>
>> Subject: Re: [PHP] request for support
>> From: [email protected]
>> To: [email protected]
>> CC: [email protected]
>> Date: Tue, 8 Dec 2009 11:45:38 +0000
>>
>> On Tue, 2009-12-08 at 11:29 +0000, Tarek Kaddoura wrote:
>>
>>
>> I'm using PHP 5.2.11 with Apache 2 (and i also tried Apache
>> 2.2)
>>
>> However, when I add this entry to my httpd.conf:
>> <code>
>> LoadModule php4_module "C:/Program
>> Files/php/sapi/php4apache.dll"
>> </code>
>> Apache will crash when trying to start the service.
>> If I comment the line out, Apache starts just fine.
>>
>> Thanks for your help.
>> Regards,
>>
>>
>> Well, you say you've got PHP 5 installed, yet you're trying to
>> load a PHP 4 module in. Which do you want? I don't think
>> Apache can run 4 and 5 at the same time without complications.
>>
>> Thanks,
>> Ash
>> http://www.ashleysheridan.co.uk
>>
>> Don't forget to hit reply to all on the list, and try not to top
>> post! :p
>>
>> What does it say on the command line when you try to start the service
>> up?
>>
>> In a root privaleged console type:
>>
>> /etc/init.d/httpd start
>>
>>
>> Thanks,
>> Ash
>> http://www.ashleysheridan.co.uk
>>
>> No Ashley im using Windows,
>> whenever i start the apache service, it either crashes or promptes me
>> that the operation has failed
>> if i comment these 2 lines out, the apache service starts normally
>
> Why don't you try a Wamp install, rather than installing the individual
> components?
>
> Thanks,
> Ash
> http://www.ashleysheridan.co.uk
Why don't you check the apache logs to see what's (not) happening?
~Philip
--- End Message ---
--- Begin Message ---
> -----Original Message-----
> From: Skip Evans [mailto:[email protected]]
> Sent: 07 December 2009 23:03
> To: [email protected]
> Subject: [PHP] Passing HTML array index to JS?
>
> Hey all,
>
> I have an HTML field like this
>
> <input type="text" name="qty[]" value="!!quantity!!" size="4"
> style="text-align: right;" onblur="calculateBidUnit();">
>
> ... and what I need to do is pass to the calculateBidUnit
> function the value of quantity, do a calculation on it and
> plug into this field.
>
> <input type="text" name="bid_unit_value[]" value="" size="4">
>
> Which of course I know how to do for non-array values, but not
> sure how to get the values to do the calculation on the JS
> side if the fields are in an array.
H'mm, in my experience the only surefire foolproof way to make sure you pick
the correct "bid_unit_value[]" input to match the corresponding "qty[]" is to
actually supply specific array indexes (so "qty[1]", "bid_unit_value[1]";
"qty[2]", "bid_unit_value[2]"; etc.). There are other Javascript approaches
that work in theory, but I've never been convinced of their robustness.
As to addressing these elements, I merely observe that in Javascript, by
definition a.z is *identical* to a["z"]. Application of this to the current
situation is left as an exercise for the reader.
Cheers!
Mike
--
Mike Ford,
Electronic Information Developer, Libraries and Learning Innovation,
Leeds Metropolitan University, C507, Civic Quarter Campus,
Woodhouse Lane, LEEDS, LS1 3HE, United Kingdom
Email: [email protected]
Tel: +44 113 812 4730
To view the terms under which this email is distributed, please go to
http://disclaimer.leedsmet.ac.uk/email.htm
--- End Message ---
--- Begin Message ---
On Tue, 2009-12-08 at 12:34 +0000, Ford, Mike wrote:
>
> > -----Original Message-----
> > From: Skip Evans [mailto:[email protected]]
> > Sent: 07 December 2009 23:03
> > To: [email protected]
> > Subject: [PHP] Passing HTML array index to JS?
> >
> > Hey all,
> >
> > I have an HTML field like this
> >
> > <input type="text" name="qty[]" value="!!quantity!!" size="4"
> > style="text-align: right;" onblur="calculateBidUnit();">
> >
> > ... and what I need to do is pass to the calculateBidUnit
> > function the value of quantity, do a calculation on it and
> > plug into this field.
> >
> > <input type="text" name="bid_unit_value[]" value="" size="4">
> >
> > Which of course I know how to do for non-array values, but not
> > sure how to get the values to do the calculation on the JS
> > side if the fields are in an array.
>
> H'mm, in my experience the only surefire foolproof way to make sure you pick
> the correct "bid_unit_value[]" input to match the corresponding "qty[]" is to
> actually supply specific array indexes (so "qty[1]", "bid_unit_value[1]";
> "qty[2]", "bid_unit_value[2]"; etc.). There are other Javascript approaches
> that work in theory, but I've never been convinced of their robustness.
>
> As to addressing these elements, I merely observe that in Javascript, by
> definition a.z is *identical* to a["z"]. Application of this to the current
> situation is left as an exercise for the reader.
>
> Cheers!
>
> Mike
> --
> Mike Ford,
> Electronic Information Developer, Libraries and Learning Innovation,
> Leeds Metropolitan University, C507, Civic Quarter Campus,
> Woodhouse Lane, LEEDS, LS1 3HE, United Kingdom
> Email: [email protected]
> Tel: +44 113 812 4730
>
>
>
>
>
> To view the terms under which this email is distributed, please go to
> http://disclaimer.leedsmet.ac.uk/email.htm
>
What about using the DOM for getting to these elements and their
properties?
Thanks,
Ash
http://www.ashleysheridan.co.uk
--- End Message ---
--- Begin Message ---
At 9:07 PM -0600 12/7/09, Philip Thompson wrote:
-snip-
Good stuff.
Thanks,
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--- End Message ---
--- Begin Message ---
On Dec 8, 2009, at 11:10 AM, tedd wrote:
> At 9:07 PM -0600 12/7/09, Philip Thompson wrote:
>>
>> -snip-
>
> Good stuff.
>
> Thanks,
>
> tedd
You say so much with so little...
~Philip
--- End Message ---
--- Begin Message ---
Please help.
I thought I had this squared away, but apparently not.
I need to be able to use a php wrapper to serve a file stored outside
the web root.
Works great for downloads / images - but my wrapper seems broken for
media files to be played.
My wrapper:
http://www.shastaherps.org/bugs/rdb_audio.phps
Demonstration of issue:
http://www.shastaherps.org/bugs/wrapperBug.html
What am I missing??
--- End Message ---
--- Begin Message ---
On Tue, 2009-12-08 at 07:11 -0800, Michael A. Peters wrote:
> Please help.
>
> I thought I had this squared away, but apparently not.
> I need to be able to use a php wrapper to serve a file stored outside
> the web root.
>
> Works great for downloads / images - but my wrapper seems broken for
> media files to be played.
>
> My wrapper:
>
> http://www.shastaherps.org/bugs/rdb_audio.phps
>
> Demonstration of issue:
>
> http://www.shastaherps.org/bugs/wrapperBug.html
>
> What am I missing??
>
What's the code to your wrapper? If you're using sessions as some form
of validation, you should be aware that media player plugins don't send
full headers to the server when requesting the file, including sessions
headers.
Thanks,
Ash
http://www.ashleysheridan.co.uk
--- End Message ---
--- Begin Message ---
Allen McCabe schreef:
> I have a shopping cart type system set up which keeps track of the cart
> contents using a SESSION variable, where $_SESSION['cart'][$item_id'] is
> equal to the quantity, so the name/value pair is all the information I need.
>
> But sessions are unreliable on the free server I am currently using for this
> website (not my choice), so I had start using cookies because users were
> being sporadically logged out, sometimes just on a page refresh.
>
> I want to find a way to set a cookie to remember the cart items as well, and
> I thought setting a cookie for each item/quantity pair was the way to go
> until I started trying to figure out how to unset all those cookies if the
> user empties their cart.
>
> Is there any way to set cookies with an array for the name? Intead of
> $_COOKIE['item_number'] have $_COOKIE['cart']['item_number'] like I have the
> SESSION?
1. use one cookie for this (and other data)
2. DO NOT USE serialize()/unserialize() to pack/extract the data
using unserialize() opens you up to alsorts of potential hacks (IMHO), keep the
data
structure simple and revalidate it's entire contents everytime you read it in
(assuming your article ids are INTs, all the data should be [valid] INTs -
anything
else and the cookie should be deleted).
here is some code to play with: (written directly in my email client, no
garantees is
parses or works as is)
<?php
function buildCookieCartStr(array $data)
{
$out = array();
foreach ($data as $artId => $quant)
$out[] = $artId.':'.$quant;
return join('|', $out);
}
function parseCookieCartStr($s)
{
$data = array();
$items = explode('|', $s);
if (!is_array($items))
return killCookieCart();
if (count($items)) foreach ($items as $item) {
$item = explode(':', $item);
if (is_array($item) || count($item) !== 2)
return killCookieCart();
foreach ($item as $v)
if (!$v || ($v != (int)$v))
return killCookieCart();
if (!isValidArtId($item[0]) || ($item[1] < 1)
return killCookieCart();
if (isset($data[ $item[0] ]))
return killCookieCart();
$data[ $item[0] ] = $item[1];
}
return $data;
}
function killCookieCart()
{
// TODO: delete cookie
}
function isValidArtId($id)
{
return true; // TODO: valid article id
}
?>
you can secure your code further by using the filter extension in combination
with a regexp filter in order to retrieve the cookie data from the request,
here's a regexp that matches only non empty strings with digit, colon and pipe
chars:
#^[\d:\|]+$#
PS - hello again list.
--- End Message ---
--- Begin Message ---
Allen McCabe wrote:
I have a shopping cart type system set up which keeps track of the cart
contents using a SESSION variable, where $_SESSION['cart'][$item_id'] is
equal to the quantity, so the name/value pair is all the information I need.
But sessions are unreliable on the free server I am currently using for this
website (not my choice), so I had start using cookies because users were
being sporadically logged out, sometimes just on a page refresh.
Have access to a database?
If yes, then run your own session management in the database.
This is what I use.
You don't want to use APC on a multiuser system, but this works without
APC as well.
<?php
//require_once("sessions_apc.php");
//$sess = new SessionManager($mdb2);
//session_start();
// from :
// http://www.devshed.com/c/a/PHP/Storing-PHP-Sessions-in-a-Database/
// Rich Smith - 2007-05-02
//
// Modified by [email protected] to use mdb2 w/ prepared statements
// and attempt to use caching
class SessionManager {
public $sesstable = 'new_sessions';
private $life_time;
private $mdb2;
// CHANGE THE SALT BEFORE USING
private $apcSalt = '2d8lyds45a@&0KLybafz';
private $apcMaxLife = 1500; // delete from cache after that many seconds
// even if session still active
function SessionManager($mdb2) {
// constructor function
// Read the maxlifetime setting from PHP
$this->life_time = get_cfg_var("session.gc_maxlifetime");
$this->mdb2 = $mdb2;
// Register this object as the session handler
session_set_save_handler(
array( &$this, "open" ),
array( &$this, "close" ),
array( &$this, "read" ),
array( &$this, "write"),
array( &$this, "destroy"),
array( &$this, "gc" )
);
}
function open($save_path,$session_name) {
global $sess_save_path;
$sess_save_path = $save_path;
// Don't need to do anything. Just return TRUE.
return true;
}
function close() {
return true;
}
function read($id) {
// Set empty result
$data = '';
$myreturn = $this->wrap_fetch($id);
if (! $myreturn) {
// Fetch session data from the selected database
$time = time();
$types = Array('text','integer');
$q = 'SELECT session_data FROM ' . $this->sesstable . ' WHERE
session_id=? AND expires > ?';
$sql = $this->mdb2->prepare($q,$types,MDB2_PREPARE_RESULT);
// if(PEAR::isError($sql)) {
// die('Failed to make prepared 58: ' . $sql->getMessage() .
', ' . $sql->getDebugInfo());
// }
$args = Array($id,$time);
$rs = $sql->execute($args);
// if(PEAR::isError($rs)) {
// die('Failed to issue query 63: ' . $rs->getMessage() . ',
' . $rs->getDebugInfo());
// }
if ($rs->numRows() > 0) {
$row = $rs->fetchRow(MDB2_FETCHMODE_OBJECT);
$myreturn = $row->session_data;
} else {
$myreturn = '';
}
}
return $myreturn;
}
function write($id,$data) {
// Build query
$time = time() + $this->life_time;
// see if a session exists
$sessTest = wrap_fetch($id);
if (! $sessTest) {
$types = Array('text');
$q = 'SELECT COUNT(session_id) from ' . $this->sesstable . '
WHERE session_id=?';
$sql = $this->mdb2->prepare($q,$types,MDB2_PREPARE_RESULT);
//if (PEAR::isError($sql)) {
// die('Failed to make prepared 86: ' . $sql->getMessage() .
', ' . $sql->getDebugInfo());
// }
$args = Array($id);
$rs = $sql->execute($args);
//if(PEAR::isError($rs)) {
// die('Failed to issue query 91: ' . $rs->getMessage() . ', '
. $rs->getDebugInfo());
// }
$row = $rs->fetchRow(MDB2_FETCHMODE_ORDERED);
$count = $row[0];
} else {
$count = 1;
}
if ($count > 0) {
// update the session
$types = Array('text','integer','text');
$q = 'UPDATE ' . $this->sesstable . ' SET session_data=?,
expires=? WHERE session_id=?';
$args = Array($data,$time,$id);
} else {
$types = Array('text','text','integer');
$q = 'INSERT INTO ' . $this->sesstable . '
(session_id,session_data,expires) VALUES (?,?,?)';
$args = Array($id,$data,$time);
}
$sql = $this->mdb2->prepare($q,$types,MDB2_PREPARE_MANIP);
//if(PEAR::isError($sql)) {
// die('Failed to make prepared 111: ' . $sql->getMessage() .
', ' . $sql->getDebugInfo());
// }
$rs = $sql->execute($args);
//if(PEAR::isError($rs)) {
// die('Failed to issue query 115: ' . $rs->getMessage() . ', '
. $rs->getDebugInfo());
// }
$this->wrap_store($id,$data);
return TRUE;
}
function destroy($id) {
// Build query
$this->wrap_delete($id);
$types = Array('text');
$args = Array($id);
$q = 'DELETE FROM ' . $this->sesstable . ' WHERE session_id=?';
$sql = $this->mdb2->prepare($q,$types,MDB2_PREPARE_MANIP);
//if(PEAR::isError($sql)) {
// die('Failed to make prepared 129: ' . $sql->getMessage() .
', ' . $sql->getDebugInfo());
// }
$rs = $sql->execute($args);
//if(PEAR::isError($rs)) {
// die('Failed to issue query 133: ' . $rs->getMessage() . ', '
. $rs->getDebugInfo());
// }
return TRUE;
}
function gc() {
// Garbage Collection
// Build DELETE query. Delete all records who have passed the
expiration time
$sql = 'DELETE FROM ' . $this->sesstable . ' WHERE expires <
UNIX_TIMESTAMP();';
$rs = $this->mdb2->execute($sql);
// Always return TRUE
return true;
}
// APC functions
function obfus($id) {
// this reduces odds of session hijacking if
// a cracker manages to get a dump of apc keys
$key = 'sess_' . sha1($this->apcSalt . $id);
return $key;
}
function wrap_delete($id) {
$key = $this->obfus($id);
if (function_exists('apc_delete')) {
apc_delete($key);
}
return true;
}
function wrap_fetch($id) {
$key = $this->obfus($id);
if (function_exists('apc_fetch')) {
$data = apc_fetch($key);
return $data;
} else {
return false;
}
}
function wrap_store($id,$data) {
$key = $this->obfus($id);
$expires = $this->life_time;
if ($expires < 1) {
// keep it in cache for 1 minute
$expires = 60;
} elseif ($expires > $this->apcMaxLife) {
// keep it in cache for
$expires = $this->apcMaxLife;
}
if (function_exists('apc_store')) {
apc_store($key,$data,$expires);
}
return true;
}
}
// CREATE TABLE new_sessions (
// session_id varchar(32) NOT NULL default '',
// session_data text,
// expires int(11) NOT NULL default '0',
// PRIMARY KEY (session_id)
// ) ENGINE = MYISAM;
?>
--- End Message ---
--- Begin Message ---
Hi Allen,
gonna be a bit ruthless with you :).
1. your not filtering your input (your open to include being hacked)
2. your not validating or error checking (e.g. does the include file exist??)
3. keeping large numbers of content pages with numerical filenames is a
maintenance
nightmare and incidentally not very SEO friendly
4. your not doing much debugging (I guess) - try using var_dump(), echo,
print_r(),
etc all over your code to figure out what it's doing (e.g. var_dump($_GET,
$_POST) and
print("HELLO - I THINK \$_GET['page'] is set."))
personally I never rely on relative paths - I always have the app determine a
full path to the application root (either at install/update or at the beginning
of a request)
also I would suggest you use 1 include file for all your scripts (rather than
per dir) ... copy/past code sucks (read up on the DRY principe).
additionally look into FrontController patterns and the possibility to
stuff all that content into a database which gives all sorts of opportunities
for management/editing.
<?php
$page = isset($_GET['page']) && strlen($_GET['page'])
? basename($_GET['page'])
: null
;
if (!$page || !preg_match('#^[a-z0-9]+$#i', $page))
$page = 'default';
$file = dirname(__FILE__) . '/content/' . $page . '.inc';
if (!file_exists($file) || !is_readable($file)) {
error_log('Hack attempt? page = '.$page.', file = '.$file);
header('Status: 404');
exit;
}
// echo header
include $file;
// echo header
?>
maybe I've bombarded you with unfamiliar concepts, functions and/or syntax.
if so please take time to look it all up ... and then come back with questions
:)
have fun.
Allen McCabe schreef:
> I have been using includes for my content for a while now with no problems.
> Suddenly it has stopped working, and it may or may not be from some changes
> I made in my code structure.
>
> I use default.php for most or all of my pages within a given directory,
> changing the content via page numbers in the query string.
>
>
> So on default.php, I have the following code:
>
>
> <?php
> if(isset($_GET['page']))
> {
> $thispage = $_GET['page'];
> $content = 'content/'.$_GET['page'].'.inc';
> }
> else
> {
> $thispage = "default";
> $content = 'content/default.inc';
> }
> ?>
> <html>, <body>, <div> etc.
> <?php include($content); ?>
>
>
> I have a content subdirectory where I store all the pages with files such as
> "default.inc, 101.inc, 102.inc, etc.
>
> As I said, this has been working fine up until now, if I use the url
> "user/default.php" or just "user/" I get this error:
>
>
> *Warning*: include(content/.inc)
> [function.include<http://lpacmarketing.hostzi.com/user/function.include>]:
> failed to open stream: No such file or directory in *
> /home/a9066165/public_html/user/default.php* on line *89*
>
> AND
>
> *Warning*: include()
> [function.include<http://lpacmarketing.hostzi.com/user/function.include>]:
> Failed opening 'content/.inc' for inclusion
> (include_path='.:/usr/lib/php:/usr/local/lib/php') in *
> /home/a9066165/public_html/user/default.php* on line *89*
>
> But if I use "user/default.php?page=default" I get the correct content.
>
> It's acting as if page is set, but set to NULL, and then trying to find an
> include at path "content/.inc" what's going on??
>
--- End Message ---
--- Begin Message ---
On Tue, 2009-12-08 at 17:32 +0100, Jochem Maas wrote:
> Hi Allen,
>
> gonna be a bit ruthless with you :).
>
> 1. your not filtering your input (your open to include being hacked)
> 2. your not validating or error checking (e.g. does the include file exist??)
> 3. keeping large numbers of content pages with numerical filenames is a
> maintenance
> nightmare and incidentally not very SEO friendly
> 4. your not doing much debugging (I guess) - try using var_dump(), echo,
> print_r(),
> etc all over your code to figure out what it's doing (e.g. var_dump($_GET,
> $_POST) and
> print("HELLO - I THINK \$_GET['page'] is set."))
>
> personally I never rely on relative paths - I always have the app determine a
> full path to the application root (either at install/update or at the
> beginning
> of a request)
>
> also I would suggest you use 1 include file for all your scripts (rather than
> per dir) ... copy/past code sucks (read up on the DRY principe).
>
> additionally look into FrontController patterns and the possibility to
> stuff all that content into a database which gives all sorts of opportunities
> for management/editing.
>
> <?php
>
> $page = isset($_GET['page']) && strlen($_GET['page'])
> ? basename($_GET['page'])
> : null
> ;
>
> if (!$page || !preg_match('#^[a-z0-9]+$#i', $page))
> $page = 'default';
>
> $file = dirname(__FILE__) . '/content/' . $page . '.inc';
>
> if (!file_exists($file) || !is_readable($file)) {
> error_log('Hack attempt? page = '.$page.', file = '.$file);
> header('Status: 404');
> exit;
> }
>
> // echo header
> include $file;
> // echo header
>
> ?>
>
> maybe I've bombarded you with unfamiliar concepts, functions and/or syntax.
> if so please take time to look it all up ... and then come back with
> questions :)
>
> have fun.
>
> Allen McCabe schreef:
> > I have been using includes for my content for a while now with no problems.
> > Suddenly it has stopped working, and it may or may not be from some changes
> > I made in my code structure.
> >
> > I use default.php for most or all of my pages within a given directory,
> > changing the content via page numbers in the query string.
> >
> >
> > So on default.php, I have the following code:
> >
> >
> > <?php
> > if(isset($_GET['page']))
> > {
> > $thispage = $_GET['page'];
> > $content = 'content/'.$_GET['page'].'.inc';
> > }
> > else
> > {
> > $thispage = "default";
> > $content = 'content/default.inc';
> > }
> > ?>
> > <html>, <body>, <div> etc.
> > <?php include($content); ?>
> >
> >
> > I have a content subdirectory where I store all the pages with files such as
> > "default.inc, 101.inc, 102.inc, etc.
> >
> > As I said, this has been working fine up until now, if I use the url
> > "user/default.php" or just "user/" I get this error:
> >
> >
> > *Warning*: include(content/.inc)
> > [function.include<http://lpacmarketing.hostzi.com/user/function.include>]:
> > failed to open stream: No such file or directory in *
> > /home/a9066165/public_html/user/default.php* on line *89*
> >
> > AND
> >
> > *Warning*: include()
> > [function.include<http://lpacmarketing.hostzi.com/user/function.include>]:
> > Failed opening 'content/.inc' for inclusion
> > (include_path='.:/usr/lib/php:/usr/local/lib/php') in *
> > /home/a9066165/public_html/user/default.php* on line *89*
> >
> > But if I use "user/default.php?page=default" I get the correct content.
> >
> > It's acting as if page is set, but set to NULL, and then trying to find an
> > include at path "content/.inc" what's going on??
> >
>
>
The SEO factor here is only minor. Very little weight is given to the
filename of a page, much more is given to the content and the way it is
marked up.
Thanks,
Ash
http://www.ashleysheridan.co.uk
--- End Message ---
--- Begin Message ---
Folks,
I upgraded from PHP 5.2.6 to 5.3.1 on my test machine. Pretty easy, just
installed FastCGI for IIS6, installed PHP 5.3.1 and entered the .php ext
stuff into IIS6.
Now I tried it on my production box. No go. Although the web extension
"FastCGI Handler" can be enabled with no problems, PHP doesn't work. I
get an error in the application log:
EventID: 1000
Source: Application Error
Faulting application php-cgi.exe, version 5.3.1.0, faulting module
php5ts.dll, version 5.3.1.0, fault address 0x000f4d40.
Does anyone have any ideas?
Thanks!
--- End Message ---
--- Begin Message ---
I wrote a function (inferior no doubt) that takes the values of a form with
a get method to filter results from the database.
It is a list of orders, and I need to be able to filter by the user, the
user's school, or specific items (find all orders that have *this* item).
I thought I figured out how to do it all, but it's just not returning a
'valid resource'.
How do most people go about this? POST or GET? POST is obviously the most
secure, but since this is on an employee only page, security (to my niave
way of thinking) is not much of an issue.
All the filter parameters are from drop downs; I have three forms set up (to
filter by user, school, or item) and I did this because I don't know the
first thing about AJAX (dynamically updating form drop-downs).
If anyone is interested, I would like to send you the PHP file with the
filter function (as it is too long to paste here).
PLEASE HELP! Thanks :)
--- End Message ---
--- Begin Message ---
On Tue, Dec 8, 2009 at 1:49 PM, Allen McCabe <[email protected]> wrote:
> I wrote a function (inferior no doubt) that takes the values of a form with
> a get method to filter results from the database.
>
> It is a list of orders, and I need to be able to filter by the user, the
> user's school, or specific items (find all orders that have *this* item).
>
> I thought I figured out how to do it all, but it's just not returning a
> 'valid resource'.
>
>
> How do most people go about this? POST or GET? POST is obviously the most
> secure, but since this is on an employee only page, security (to my niave
> way of thinking) is not much of an issue.
>
> All the filter parameters are from drop downs; I have three forms set up (to
> filter by user, school, or item) and I did this because I don't know the
> first thing about AJAX (dynamically updating form drop-downs).
>
> If anyone is interested, I would like to send you the PHP file with the
> filter function (as it is too long to paste here).
>
> PLEASE HELP! Thanks :)
>
POST is no more or less secure than GET. Its all the same to the
server, excepting that the length of the data on GET is limited to
about 4K.
The valid resource error means that your query is failiing somewhere.
Log the query or echo it out and test it thru PhpMyAdmin or some other
DB tool to see where your statement is failing, then correct it.
Perhaps you are messing up on the AND portion of the statement when
adding additional filters into the query, but that is just a guess.
--
Bastien
Cat, the other other white meat
--- End Message ---
--- Begin Message ---
On Tue, 2009-12-08 at 10:49 -0800, Allen McCabe wrote:
> I wrote a function (inferior no doubt) that takes the values of a form with
> a get method to filter results from the database.
>
> It is a list of orders, and I need to be able to filter by the user, the
> user's school, or specific items (find all orders that have *this* item).
>
> I thought I figured out how to do it all, but it's just not returning a
> 'valid resource'.
>
>
> How do most people go about this? POST or GET? POST is obviously the most
> secure, but since this is on an employee only page, security (to my niave
> way of thinking) is not much of an issue.
>
> All the filter parameters are from drop downs; I have three forms set up (to
> filter by user, school, or item) and I did this because I don't know the
> first thing about AJAX (dynamically updating form drop-downs).
>
> If anyone is interested, I would like to send you the PHP file with the
> filter function (as it is too long to paste here).
>
> PLEASE HELP! Thanks :)
Just to let you know, POST is no more secure than GET, all are easy to
spoof.
I'd use the form to build the query. Use an if to see if certain
parameters have been requested in the form, and add a clause to the
query string as you build it. If the query doesn't run, then print it
out, that will show obvious problems and let you put it in a query
executor that can give you more info.
Thanks,
Ash
http://www.ashleysheridan.co.uk
--- End Message ---
--- Begin Message ---
Если Вы стоpонник свободных и непpинужденных отношений, если Вы
женаты или замужем, доpожите семьей, и пpи этом в Вас пылает
стpасть к стоpонним чувствам, если Вы имеете слабость к однополому,
бисексуальному, гpупповому сексу, свингу или BDSM, если Вы
тpанссексуал и/или мечтаете о знакомстве с ним, то
[url="http://sexfuns.110mb.com"]cайт секс знакомств
http://sexfuns.110mb.com[/url] - именно то, что Вам нужно для
удовлетвоpения своих тайных желаний!
--- End Message ---
--- Begin Message ---
Hi folks,
I'm trying to force save .mp3 files so this is a test page (found on
the net). It works fine when:
$directory = ""; // so the audio is in the same local directory
but fails when I use a REAL web directory - (the audio file is here
- http://mysite.com/test1/audio.mp3 )
$directory = "http://mysite.com/test1/";;
says - The file $file was not found.
Q: Any ideas how to get it to download from the website?
=====
<?php
$file = 'audio1.mp3';
$directory = "http://mysite.com/test1/";;
//$directory = "";
$path = "$directory$file";
if(ini_get('zlib.output_compression'))
ini_set('zlib.output_compression', 'Off');
$file_extension = strtolower(substr(strrchr($path,"."),1));
if( $file == "" )
{
echo "<html>
<head>
<title>File not found.</title>
</head>
<body>
File not found.
</body>
</html>";
exit;
} elseif (! file_exists( $path ) )
{
echo "<html>
<head>
<title>The file $file was not found.</title>
</head>
<body>
The file $file was not found.<br />
- path - $path
</body>
</html>";exit;
};
switch( $file_extension )
{
case "pdf": $ctype="application/pdf"; break;
case "zip": $ctype="application/zip"; break;
case "doc": $ctype="application/msword"; break;
case "xls": $ctype="application/vnd.ms-excel"; break;
case "ppt": $ctype="application/vnd.ms-powerpoint"; break;
case "gif": $ctype="image/gif"; break;
case "png": $ctype="image/png"; break;
case "jpeg":
case "jpg": $ctype="image/jpg"; break;
case "wav":
case "mp3": $ctype="application/iTunes"; break;
default: $ctype="application/force-download";
}
header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: private",false);
header("Content-Type: $ctype");
header("Content-Disposition: attachment; filename=\"".basename
($path)."\";" );
header("Content-Transfer-Encoding: binary");
header("Content-Length: ".filesize($path));
readfile("$path");
exit();
?>
Thanks,
[email protected]
--- End Message ---
