php-general Digest 27 May 2011 17:28:12 -0000 Issue 7330

[php-general-digest-help]

php-general Digest 27 May 2011 17:28:12 -0000 Issue 7330

Topics (messages 313157 through 313162):

Re: PHP to Java integration using : shell_exec function
        313157 by: Robert Williams

Detecting HTTPS connections under Apache
        313158 by: Geoff Shang
        313159 by: admin.buskirkgraphics.com
        313160 by: Geoff Shang
        313161 by: admin.buskirkgraphics.com

Need pro advice: Is Pear installed and/or setup correctly?
        313162 by: Micky Hulse

Administrivia:

To subscribe to the digest, e-mail:
        php-general-digest-subscr...@lists.php.net

To unsubscribe from the digest, e-mail:
        php-general-digest-unsubscr...@lists.php.net

To post to the list, e-mail:
        php-gene...@lists.php.net


----------------------------------------------------------------------

--- Begin Message ---

On 2011-05-26 12:00, "Eli Orr (Office)" <eli....@logodial.com> wrote:

>       $EncXML = shell_exec(""/usr/bin/java/java -jar MyApp.jar -XML
><$XML_toEnc>); <<== ??? How can I pass parameters like a large string of
>let say XML?

You're missing the shell escaping. Try something like this:

$xml = '<greeting>hello</greeting>';
$xml_shell = escapeshellarg($xml);

$result = shell_exec("/usr/bin/java/java -jar MyApp.jar -XML $xml_shell");

See: <http://us.php.net/manual/en/function.escapeshellarg.php>

If you need to pass the value through standard input, you can pipe it out
of echo:

$result = shell_exec("/bin/echo -n $xml_shell | /usr/bin/java/java -jar
MyApp.jar -XML");

Regards,
Bob

--
Robert E. Williams, Jr.
Associate Vice President of Software Development
Newtek Businesss Services, Inc. -- The Small Business Authority
http://www.thesba.com/


Notice: This communication, including attachments, may contain information that 
is confidential. It constitutes non-public information intended to be conveyed 
only to the designated recipient(s). If the reader or recipient of this 
communication is not the intended recipient, an employee or agent of the 
intended recipient who is responsible for delivering it to the intended 
recipient, or if you believe that you have received this communication in 
error, please notify the sender immediately by return e-mail and promptly 
delete this e-mail, including attachments without reading or saving them in any 
manner. The unauthorized use, dissemination, distribution, or reproduction of 
this e-mail, including attachments, is prohibited and may be unlawful. If you 
have received this email in error, please notify us immediately by e-mail or 
telephone and delete the e-mail and the attachments (if any).

--- End Message ---

--- Begin Message ---

Hi,

Apologies if this is covered somewhere but I've searched fairly extensively and not found anything.

I'm working on an application which has a function for redirecting to a given URL. This is generally used for redirecting after a form has been submitted.

Right now it sends an HTTP URL in the redirection, which means it can't work under a secure connection.

I'd like to be able to use it over HTTPS but don't want to force people to do this. So ideally I'd like to be able to detect the protocol in use and send the appropriate protocol in the Location header.

The problem is that, at least on the system I'm working on, I can't see any way of detecting the protocol. _SERVER["SERVER_SIGNATURE"] and _SERVER["SERVER_ADDR"] both give the port as 80, even if I specify port 443 in the URL. I've seen references to _SERVER["HTTPS"] or something similar but it's not in the output I get from either "print_r ($_SERVER)" or "phpinfo ()".

I'm running PHP Version 5.3.3-7+squeeze1 on Apache/2.2.16 (Debian). The machine is an x86-64 VPS running Debian Squeeze.

I have full access to the VPS, so if something needs tweeking in Apache (or anything else) then I can do this.

Thanks in advance,
Geoff.

--- End Message ---

--- Begin Message ---

The %{HTTPS} variable is not an Apache core variable. A more-portable
solution is to check %{SERVER_PORT} for port 80 or port 443 -- or for "not
port 80" or "not port 443." 

Also, you're requiring an *exact* match on "not /user" or "not /admin,"
meaning that directory and file paths below these directories will not be
matched -- They will always be redirected by the second rule. 

In addition, the URL-path in the Request_URI variable always starts with a
slash, and a RewriteCond should not be used to test the URL-path unless the
RewriteRule cannot be used to do this. 

Finally, since the rules are already scoped to http and https by their
locations within the vHost containers, checking %{HTTPS} or %{SERVER_PORT}
is probably not even necessary. 

Most likely, correcting the second problem will fix your code, and the other
inefficiencies can be removed as well: 

<VirtualHost *:80> 
RewriteRule ^/((user|admin)(/.*)?)$ https://example.com/$1 [R=301,L]
</VirtualHost>

<VirtualHost _default_:443>
RewriteCond $1 !^(user|admin)(/.*)?$
RewriteRule ^/(.*)$ http://example.com/$1 [R=301,L]
</VirtualHost>

[added] Alternative format for second rule -- I'm not sure, but it might be
faster: 
<VirtualHost _default_:443>
RewriteRule !^/(user|admin)(/.*)?$ http://example.com%{REQUEST_URI}
[R=301,L]
</VirtualHost>

Richard L. Buskirk

-----Original Message-----
From: Geoff Shang [mailto:ge...@quitelikely.com] 
Sent: Thursday, May 26, 2011 3:38 PM
To: php-gene...@lists.php.net
Subject: [PHP] Detecting HTTPS connections under Apache

Hi,

Apologies if this is covered somewhere but I've searched fairly 
extensively and not found anything.

I'm working on an application which has a function for redirecting to a 
given URL.  This is generally used for redirecting after a form has been 
submitted.

Right now it sends an HTTP URL in the redirection, which means it can't 
work under a secure connection.

I'd like to be able to use it over HTTPS but don't want to force people to 
do this.   So ideally I'd like to be able to detect the protocol in use 
and send the appropriate protocol in the Location header.

The problem is that, at least on the system I'm working on, I can't see 
any way of detecting the protocol.  _SERVER["SERVER_SIGNATURE"] and 
_SERVER["SERVER_ADDR"] both give the port as 80, even if I specify port 
443 in the URL.  I've seen references to _SERVER["HTTPS"] or something 
similar but it's not in the output I get from either "print_r ($_SERVER)" 
or "phpinfo ()".

I'm running PHP Version 5.3.3-7+squeeze1 on Apache/2.2.16 (Debian).  The 
machine is an x86-64 VPS running Debian Squeeze.

I have full access to the VPS, so if something needs tweeking in Apache 
(or anything else) then I can do this.

Thanks in advance,
Geoff.


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

--- End Message ---

--- Begin Message ---

On Thu, 26 May 2011, ad...@buskirkgraphics.com wrote:

The %{HTTPS} variable is not an Apache core variable. A more-portable
solution is to check %{SERVER_PORT} for port 80 or port 443 -- or for "not
port 80" or "not port 443."

ah but this doesn't actually work for me, I get 80 regardless of whether I use HTTP or HTTPS, even if I use https://example.com:443

Also, you're requiring an *exact* match on "not /user" or "not /admin,"
meaning that directory and file paths below these directories will not be
matched -- They will always be redirected by the second rule.

{snip other rewrite stuff}

uh... I didn't say anything about matching URL patterns or the like. I just want my application to do whatever is already being done. And hard-coding URL paths is a bad idea because someone else might want to install the code under some other path.

I don't really want to use rewrite rules to achieve this. If I did, every time my code redirects the browser, it will cause a rewrite from an HTTP URL to an HTTPS URL, which surely is inefficient.

Surely it should be simple enough for me to detect whichever is being used and continue to use it. This makes my code separate from whatever the webmaster decides to do regarding being secure or not.

Geoff.

--- End Message ---

--- Begin Message ---

So when you echo $_SERVER['SERVER_PORT'];
You get port 80 even if the url currently is https://www.yoursite.com ?

If this is the case good luck. Because you have serious issues.


Richard L. Buskirk


-----Original Message-----
From: Geoff Shang [mailto:ge...@quitelikely.com] 
Sent: Thursday, May 26, 2011 5:29 PM
To: ad...@buskirkgraphics.com
Cc: php-gene...@lists.php.net
Subject: RE: [PHP] Detecting HTTPS connections under Apache

On Thu, 26 May 2011, ad...@buskirkgraphics.com wrote:

> The %{HTTPS} variable is not an Apache core variable. A more-portable
> solution is to check %{SERVER_PORT} for port 80 or port 443 -- or for "not
> port 80" or "not port 443."

ah but this doesn't actually work for me, I get 80 regardless of whether I 
use HTTP or HTTPS, even if I use https://example.com:443

> Also, you're requiring an *exact* match on "not /user" or "not /admin,"
> meaning that directory and file paths below these directories will not be
> matched -- They will always be redirected by the second rule.

{snip other rewrite stuff}

uh... I didn't say anything about matching URL patterns or the like.  I 
just want my application to do whatever is already being done.  And 
hard-coding URL paths is a bad idea because someone else might want to 
install the code under some other path.

I don't really want to use rewrite rules to achieve this.  If I did, every 
time my code redirects the browser, it will cause a rewrite from an HTTP 
URL to an HTTPS URL, which surely is inefficient.

Surely it should be simple enough for me to detect whichever is being used 
and continue to use it.  This makes my code separate from whatever the 
webmaster decides to do regarding being secure or not.

Geoff.

--- End Message ---

--- Begin Message ---

What do you think this means.

This code:

[code]

<?php
        
        ini_set('display_errors', 1);
        error_reporting(E_ALL | E_STRICT);
        include_once('Mail.php');
        include_once('Mail_Mime/mime.php');
        
?>

[/code]

Outputs these error messages:

http://pastebin.com/ZKtyELT1

But this code:

[code]

<?php
        require_once 'System.php';
        var_dump(class_exists('System', false));
?>

[/code]

Returns "bool(true)"

Looking at these docs:

http://pear.php.net/manual/en/installation.checking.php

... it says:

"In every case, PEAR's php_dir should be in the include path. If not,
add it in your system's php.ini."

When viewing PHP info, I do not see "php_dir" in the include path (or
anywhere else... Nor do I see any reference to "pear".)

My friend told me that the host said Pear "is installed."

I tried adding a php.ini to the root of the server (I don't know much
about this host's setup... I am just helping a friend out) but that
did not seem to load.

I don't have shell access either.

Would it be safe for me to conclude that Pair is not setup properly?
Would it be a simple fix for the host to add Pear to the include path?
What else could I do to get Pear to work if I can't use a php.ini file
and/or ssh into the server and check/tweak/install packages?

Thanks so much!

Cheers,
Micky

--- End Message ---