php-general Digest 14 Feb 2002 11:52:24 -0000 Issue 1171
Topics (messages 84676 through 84722):
Re: ODBC_EXECUTE has a DANGEROUS 'feature'!!!
84676 by: Lars Torben Wilson
84706 by: * R&zE:
Re: PHP & GD - Nevermind! Thanks!
84677 by: David Robley
Re: Troubles With Mail Function
84678 by: David Robley
84682 by: Dr. Shim
84683 by: Martin Towell
84692 by: Gary
84695 by: David Robley
84697 by: Dr. Shim
Re: php dies every 2 days
84679 by: David Robley
Off the topic
84680 by: Dani
compiling modues
84681 by: Andreas Gietl
Browse and Upload file
84684 by: Reuben D Budiardja
84685 by: Lars Torben Wilson
84687 by: Reuben D Budiardja
84689 by: Lars Torben Wilson
84691 by: Reuben D Budiardja
84693 by: Lars Torben Wilson
84694 by: Reuben D Budiardja
84701 by: Lars Torben Wilson
Authentication with sessions - Recommendation and suggestions?
84686 by: Harry Yu
84722 by: Christian Blichmann
Webhosts
84688 by: Ben Clumeck
84699 by: R'twick Niceorgaw
84700 by: Michael Romagnoli
Is this possible?
84690 by: Leif K-Brooks
84696 by: Rick Emery
HAPPY VALENTINES DAY
84698 by: Balaji Ankem
84704 by: TV Karthick Kumar
84710 by: Petr Koval
Setting up group mailer
84702 by: phantom
84703 by: Niklas Lampén
84705 by: Philip J. Newman
84711 by: David Robley
searching key words from a database field
84707 by: Philip J. Newman
84708 by: Jason Wong
mmap problem
84709 by: Mark Rosa
Decode Encoded text in phpMyAdmin
84712 by: David
84719 by: Toni Kustiana
Templates
84713 by: Truniger, Stefan Martin
84715 by: Liam MacKenzie
MySQL Admin Tool
84714 by: Liam MacKenzie
84717 by: bvr
84718 by: Chris Hewitt
84720 by: bvr
84721 by: Liam MacKenzie
links manager
84716 by: Administration.myclassguide
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
--- Begin Message ---
On Mon, 2002-02-11 at 00:21, * R&zE: wrote:
> I understand you try to 'protect' your own product, but you have to
> stay a bit realistic about some things. Ofcourse I check the input.
> But you know... there's absolutely nothing wrong with allowing
> quotes to be stored in the database. It's just that awful 'feature'
> that makes it rather dangerous to do. If that feature/bug was
> documented _anywhere_ it would still not be good, but at least
> someone would know that PHP does this. But no... it's not
> documented, not anywhere! You can't check user input on stuff you
> don't know it can harm anything. Like I said... quotes are very
> normal to be allowed in the database.
>
> It would be a good thing if you guys do something of:
>
> 1. Good rid of the bug(/feature) right a way or
> 2. Document it clearly. Eg. in the documentation of odbc_execute().
OK, I checked into this further, and I must apologize: you are correct.
I suspect that most of us didn't remember that this feature even
existed...
Anyway, I have now documented this, along with several of its existing
restrictions. It should show up in the online manual within the next few
days.
FWIW, this feature currently (in all versions up to 4.1.1) suffers from
the following problems:
o File reading is not subject to open_basedir.
o File reading is not subject to safe_mode.
o The last character of the filename parameter is replaced with \0
after the call to odbc_execute().
o This kinda makes it impossible to use a string which begins and
ends with single quotes as a parameter replacement.
These are also in the documentation which I added to odbc_execute().
I've submitted patches for the first three problems to the dev team; I
guess we'll see whether someone gets around to committing them in time
for 4.2.0. I personally would like to see a cleaner way to do this
though.
Torben
> --
>
> * R&zE:
--
Torben Wilson <[EMAIL PROTECTED]>
http://www.thebuttlesschaps.com
http://www.hybrid17.com
http://www.inflatableeye.com
+1.604.709.0506
--- End Message ---
--- Begin Message ---
> OK, I checked into this further, and I must apologize: you are correct.
> I suspect that most of us didn't remember that this feature even
> existed...
You don't have to apologize. And indeed... I don't get the idea that
many people know about this. Besides you and maybe one or two others
I haven't heard from anyone else who knows this. And, well... before
last week I didn't know it either ;)
> Anyway, I have now documented this, along with several of its existing
> restrictions. It should show up in the online manual within the next few
> days.
Thx! And I've fixed my scripts. So everyone happy I guess.
> FWIW, this feature currently (in all versions up to 4.1.1) suffers from
> the following problems:
>
> o File reading is not subject to open_basedir.
> o File reading is not subject to safe_mode.
> o The last character of the filename parameter is replaced with \0
> after the call to odbc_execute().
> o This kinda makes it impossible to use a string which begins and
> ends with single quotes as a parameter replacement.
>
> These are also in the documentation which I added to odbc_execute().
>
> I've submitted patches for the first three problems to the dev team; I
> guess we'll see whether someone gets around to committing them in time
> for 4.2.0. I personally would like to see a cleaner way to do this
> though.
Seems like a good idea... your patches, I mean. I hadn't looked into
it that much, so I didn't know 'bout those prob's. Except ofcourse
that I could indeed simply access any directory on the server (as
long as it's readable for the webserver ofcourse).
--
* R&zE:
-- »»»»»»»»»»»»»»»»»»»»»»»»
-- Renze Munnik
-- DataLink BV
--
-- E: [EMAIL PROTECTED]
-- W: +31 23 5326162
-- F: +31 23 5322144
-- M: +31 6 21811143
--
-- Stationsplein 82
-- 2011 LM HAARLEM
-- Netherlands
--
-- http://www.datalink.nl
-- ««««««««««««««««««««««««
--- End Message ---
--- Begin Message ---
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] says...
>
> Thank you to anyone looking into my question, but it is moot; seems the two
> scripts I was given initially are just buggy. I found one that isn't, and
> it works fine.
>
> Anyone have any idea what would be a practical application of GD nowadays?
> Doesn't seem to be practical to me.....
>
> -Mike
Well, you might want a consistent title image across your site, but with
differing text according to where one is in the site structure. So you
make a different image for each situation, or you use GD etc to put your
defined text on a common image?
Or you might want to build a graph of data?
--
David Robley
Temporary Kiwi!
--- End Message ---
--- Begin Message ---
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] says...
> Actually, I don't really know what to put in it. I thought that's what it
> wanted. What does it want?
>
> "David Robley" <[EMAIL PROTECTED]> wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> In article <[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] says...
> > Well, I did this:
> >
> > [mail function]
> > SMTP = mindspring.com
> > sendmail_form = [EMAIL PROTECTED]
> > <...rest I left unchanged...>
> >
> > Still doesn't work. :(
> >
> > BTW I'm using Windows at the moment to develop.
> >
>
> That SMTP value looks a bit suspicious?? Are you sure that is correct?
>
> --
> David Robley
> Temporary Kiwi!
Well, hard to say exactly as I don't know how you are set up. Let's take
a guess or two. It seems you have a domain called alienmelon.com and that
this is from whence you propose to use this script. What is the machine
that handles mail for alienmelon.com? That is probably what you need to
use as the SMTP server. You might have to ask whoever hosts
alienmelon.com, or if you have access to a *nix box try using host or dig
to see if you can find out.
--
David Robley
Temporary Kiwi!
--- End Message ---
--- Begin Message ---
Alright, I will show you my entire mail code here. BTW: I cannot mail using
mail() function
[mail function]
; For Win32 only.
SMTP = mindspring.com
; For Win32 only.
sendmail_from = [EMAIL PROTECTED]
; For Unix only. You may supply arguments as well (default:
'sendmail -t -i').
;sendmail_path =
I'm using Windows XP at the moment to develop.
I'm not quite sure what I'd put under "SMTP"...is there any tutorials online
that would show me how to configure this right?
--- End Message ---
--- Begin Message ---
I think the SMTP would be same as you use for your email client (outlook,
eudora, other?)
-----Original Message-----
From: Dr. Shim [mailto:[EMAIL PROTECTED]]
Sent: Thursday, February 14, 2002 11:33 AM
To: [EMAIL PROTECTED]
Subject: Re: [PHP] Troubles With Mail Function
Alright, I will show you my entire mail code here. BTW: I cannot mail using
mail() function
[mail function]
; For Win32 only.
SMTP = mindspring.com
; For Win32 only.
sendmail_from = [EMAIL PROTECTED]
; For Unix only. You may supply arguments as well (default:
'sendmail -t -i').
;sendmail_path =
I'm using Windows XP at the moment to develop.
I'm not quite sure what I'd put under "SMTP"...is there any tutorials online
that would show me how to configure this right?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
smtp.minspring.com is the address for out going mail.
Gary
Dr. Shim wrote:
> Alright, I will show you my entire mail code here. BTW: I cannot mail using
> mail() function
>
> [mail function]
> ; For Win32 only.
> SMTP = mindspring.com
>
> ; For Win32 only.
> sendmail_from = [EMAIL PROTECTED]
>
> ; For Unix only. You may supply arguments as well (default:
> 'sendmail -t -i').
> ;sendmail_path =
>
>
> I'm using Windows XP at the moment to develop.
>
> I'm not quite sure what I'd put under "SMTP"...is there any tutorials online
> that would show me how to configure this right?
>
>
>
--- End Message ---
--- Begin Message ---
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] says...
> Alright, I will show you my entire mail code here. BTW: I cannot mail using
> mail() function
>
> [mail function]
> ; For Win32 only.
> SMTP = mindspring.com
>
> ; For Win32 only.
> sendmail_from = [EMAIL PROTECTED]
>
> ; For Unix only. You may supply arguments as well (default:
> 'sendmail -t -i').
> ;sendmail_path =
>
>
> I'm using Windows XP at the moment to develop.
>
> I'm not quite sure what I'd put under "SMTP"...is there any tutorials online
> that would show me how to configure this right?
In addition to my previous message - OK, I've gone and put the necessary
software on the linux side of this thing and asked the appropriate
questions - if I do a 'dig' on alienmelon i find:
; <<>> DiG 9.1.2 <<>> -t mx alienmelon.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43766
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; QUESTION SECTION:
;alienmelon.com. IN MX
;; ANSWER SECTION:
alienmelon.com. 28739 IN MX 10 mail.alienmelon.com.
;; AUTHORITY SECTION:
alienmelon.com. 163967 IN NS NS.HOST4U.NET.
alienmelon.com. 163967 IN NS NS2.HOST4U.NET.
;; ADDITIONAL SECTION:
mail.alienmelon.com. 28739 IN A 64.33.108.112
NS.HOST4U.NET. 170095 IN A 209.150.128.30
NS2.HOST4U.NET. 3201 IN A 209.150.129.3
;; Query time: 154 msec
;; SERVER: 203.96.152.4#53(203.96.152.4)
;; WHEN: Thu Feb 14 16:07:51 2002
;; MSG SIZE rcvd: 146
which implies that alienemelon uses mail.alienmelon.com to handle its
mail. So a ping to that to see if it exists gives us
C:\WINDOWS>ping mail.alienmelon.com
Pinging mail.alienmelon.com [64.33.108.112] with 32 bytes of data:
Reply from 64.33.108.112: bytes=32 time=329ms TTL=239
Reply from 64.33.108.112: bytes=32 time=325ms TTL=239
Reply from 64.33.108.112: bytes=32 time=315ms TTL=239
Reply from 64.33.108.112: bytes=32 time=315ms TTL=239
Ping statistics for 64.33.108.112:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 315ms, Maximum = 329ms, Average = 321ms
C:\WINDOWS>
so it seems to exist. I suggest you try mail.alienmelon.com as the SMTP
entry in your config and see what happens.
--
David Robley
Temporary Kiwi!
--- End Message ---
--- Begin Message ---
Well I tried what Gary suggested. I did "smtp.mindspring.com" and it worked
beutifully. I feel stupid that the problem was so simple. But, alas, I'm
learing. Thanks all you. Robley, that is some very informative information,
this "digging".
dig -t mx alienmelon.com
in console right?
"David Robley" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] says...
> Alright, I will show you my entire mail code here. BTW: I cannot mail
using
> mail() function
>
> [mail function]
> ; For Win32 only.
> SMTP = mindspring.com
>
> ; For Win32 only.
> sendmail_from = [EMAIL PROTECTED]
>
> ; For Unix only. You may supply arguments as well (default:
> 'sendmail -t -i').
> ;sendmail_path =
>
>
> I'm using Windows XP at the moment to develop.
>
> I'm not quite sure what I'd put under "SMTP"...is there any tutorials
online
> that would show me how to configure this right?
In addition to my previous message - OK, I've gone and put the necessary
software on the linux side of this thing and asked the appropriate
questions - if I do a 'dig' on alienmelon i find:
; <<>> DiG 9.1.2 <<>> -t mx alienmelon.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43766
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; QUESTION SECTION:
;alienmelon.com. IN MX
;; ANSWER SECTION:
alienmelon.com. 28739 IN MX 10 mail.alienmelon.com.
;; AUTHORITY SECTION:
alienmelon.com. 163967 IN NS NS.HOST4U.NET.
alienmelon.com. 163967 IN NS NS2.HOST4U.NET.
;; ADDITIONAL SECTION:
mail.alienmelon.com. 28739 IN A 64.33.108.112
NS.HOST4U.NET. 170095 IN A 209.150.128.30
NS2.HOST4U.NET. 3201 IN A 209.150.129.3
;; Query time: 154 msec
;; SERVER: 203.96.152.4#53(203.96.152.4)
;; WHEN: Thu Feb 14 16:07:51 2002
;; MSG SIZE rcvd: 146
which implies that alienemelon uses mail.alienmelon.com to handle its
mail. So a ping to that to see if it exists gives us
C:\WINDOWS>ping mail.alienmelon.com
Pinging mail.alienmelon.com [64.33.108.112] with 32 bytes of data:
Reply from 64.33.108.112: bytes=32 time=329ms TTL=239
Reply from 64.33.108.112: bytes=32 time=325ms TTL=239
Reply from 64.33.108.112: bytes=32 time=315ms TTL=239
Reply from 64.33.108.112: bytes=32 time=315ms TTL=239
Ping statistics for 64.33.108.112:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 315ms, Maximum = 329ms, Average = 321ms
C:\WINDOWS>
so it seems to exist. I suggest you try mail.alienmelon.com as the SMTP
entry in your config and see what happens.
--
David Robley
Temporary Kiwi!
--- End Message ---
--- Begin Message ---
In article <005c01c1b4c8$0ad42a20$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] says...
> Hi, everybody, I have a problem which is really annoying. MY php dies every 2 days.
>I'm not a programmer, I'm more as a system administator
>
> I have the following configuration on my machine
> Linux RedHat 7.2
> php-4.0.6-7.i386.
>
> As soon as I reinstall php package (RPM) it works for the next few days. Then I have
>to do it again.
>
> Would be relevant to say that my Website is php based.
>
> Have somebody had the same problem before? And what would be the solution?
Do your server logs have any entries that might give a clue?
--
David Robley
Temporary Kiwi!
--- End Message ---
--- Begin Message ---
Hi everyone!
Firstly I appologise that my topic may not be relevant to our list.
Has anybody ever setup a credit card form?
I don't know how it works until we receive all of the payment and the
money is trnsfered into an account etc..
Could somebody give any advise on where I can learn all of these..
Thanks alot!
regards
Dani
--- End Message ---
--- Begin Message ---
hi,
i am looking for a good documentation how i can build the "standard"
php-modules like mysql or like postgres as loadable extensions on
linux-systems. Just doing make in the appropriate directories just gives .la
files which are not loadable like the normal .so files.
Can you point me at a documenation? I was not able to find a good one that
worked for me.
thanx
andreas
--- End Message ---
--- Begin Message ---
Hi,
Does anyone know how to upload file using Web Browser as the interface?
I want to do a web page, where you can click on a button, and then you can
browse the local directories of the person who are browsing the page, and
upload a selected file to the web server. Any pointer on how to do that will
be greatly appreciated.
Thanks.
Reuben D. Budiardja
--- End Message ---
--- Begin Message ---
On Wed, 2002-02-13 at 17:38, Reuben D Budiardja wrote:
>
> Hi,
> Does anyone know how to upload file using Web Browser as the interface?
>
> I want to do a web page, where you can click on a button, and then you can
> browse the local directories of the person who are browsing the page, and
> upload a selected file to the web server. Any pointer on how to do that will
> be greatly appreciated.
>
> Thanks.
> Reuben D. Budiardja
An excellent starting point is the manual section on this topic:
http://www.php.net/manual/en/features.file-upload.php
It is fully explained there, with examples.
Hope this helps,
Torben
--
Torben Wilson <[EMAIL PROTECTED]>
http://www.thebuttlesschaps.com
http://www.hybrid17.com
http://www.inflatableeye.com
+1.604.709.0506
--- End Message ---
--- Begin Message ---
Thanks. I follow the manual. I changed my php.ini:
upload_tmp_dir = '/home/web/'
which is writable by web (the user running apache/php) and restart apache.
However, after I upload the file, I can't find it. When I do
print_r($HTTP_POST_FILE), here is what I got:
Array ( [userfile] => Array ( [name] => timecard.png [type] => image/png
[tmp_name] => none [size] => 0 ) )
You see that [tmp_name] is none (whatever that means), and size is zero.
why is that?
The webserver and the browser is on local LAN, and there is no firewall.
Thanks for any help.
Reuben D. Budiardja
On Wednesday 13 February 2002 08:38 pm, Lars Torben Wilson wrote:
> On Wed, 2002-02-13 at 17:38, Reuben D Budiardja wrote:
> > Hi,
> > Does anyone know how to upload file using Web Browser as the interface?
> >
> An excellent starting point is the manual section on this topic:
>
> http://www.php.net/manual/en/features.file-upload.php
>
> It is fully explained there, with examples.
>
>
> Hope this helps,
>
> Torben
--- End Message ---
--- Begin Message ---
On Wed, 2002-02-13 at 18:26, Reuben D Budiardja wrote:
> Thanks. I follow the manual. I changed my php.ini:
> upload_tmp_dir = '/home/web/'
> which is writable by web (the user running apache/php) and restart apache.
>
> However, after I upload the file, I can't find it. When I do
> print_r($HTTP_POST_FILE), here is what I got:
>
> Array ( [userfile] => Array ( [name] => timecard.png [type] => image/png
> [tmp_name] => none [size] => 0 ) )
>
> You see that [tmp_name] is none (whatever that means), and size is zero.
> why is that?
> The webserver and the browser is on local LAN, and there is no firewall.
>
> Thanks for any help.
> Reuben D. Budiardja
First, check that the file size is less than the max upload size set in
php.ini and/or the upload form.
Second, what version of PHP are you running?
--
Torben Wilson <[EMAIL PROTECTED]>
http://www.thebuttlesschaps.com
http://www.hybrid17.com
http://www.inflatableeye.com
+1.604.709.0506
--- End Message ---
--- Begin Message ---
Sorry, I meant to include those information.
Here is from php.ini
;;;;;;;;;;;;;;;;
; File Uploads ;
;;;;;;;;;;;;;;;;
file_uploads = On ; Whether to allow HTTP file uploads
upload_tmp_dir = /home/web
upload_max_filesize = 2M ; Maximum allowed size for uploaded files
PHP Version 4.0.6
One stupid mistake I made was that I put the wrong size for MAX_FILE_SIZE,
but I fixed it now. print_r $HTTP_POST_FILE gives me:
Array ( [userfile] => Array ( [name] => timecard.png [type] => image/png
[tmp_name] => /home/web/phpZKBTak [size] => 38656 ) )
But I still can't find the file at /home/web/.
Thanks for your help.
Reuben D. Budiardja
On Wednesday 13 February 2002 09:31 pm, Lars Torben Wilson wrote:
> On Wed, 2002-02-13 at 18:26, Reuben D Budiardja wrote:
> > Thanks. I follow the manual. I changed my php.ini:
> > upload_tmp_dir = '/home/web/'
> > which is writable by web (the user running apache/php) and restart
> > apache.
> >
> > However, after I upload the file, I can't find it. When I do
> > print_r($HTTP_POST_FILE), here is what I got:
> >
> > Array ( [userfile] => Array ( [name] => timecard.png [type] => image/png
> > [tmp_name] => none [size] => 0 ) )
> >
> > You see that [tmp_name] is none (whatever that means), and size is zero.
> > why is that?
> > The webserver and the browser is on local LAN, and there is no firewall.
> >
> > Thanks for any help.
> > Reuben D. Budiardja
>
> First, check that the file size is less than the max upload size set in
> php.ini and/or the upload form.
>
> Second, what version of PHP are you running?
--
-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~
"God is the unrestricted act of understanding, the eternal rapture
glimpsed in every Archimedean cry of Eureka."
- Bernard Lonergan -
~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^
Reuben Donald Budiardja
[EMAIL PROTECTED]
Homepage: http://www.goshen.edu/~reubendb
--- End Message ---
--- Begin Message ---
On Wed, 2002-02-13 at 18:53, Reuben D Budiardja wrote:
> Sorry, I meant to include those information.
>
> Here is from php.ini
> ;;;;;;;;;;;;;;;;
> ; File Uploads ;
> ;;;;;;;;;;;;;;;;
> file_uploads = On ; Whether to allow HTTP file uploads
> upload_tmp_dir = /home/web
> upload_max_filesize = 2M ; Maximum allowed size for uploaded files
>
> PHP Version 4.0.6
>
> One stupid mistake I made was that I put the wrong size for MAX_FILE_SIZE,
> but I fixed it now. print_r $HTTP_POST_FILE gives me:
>
> Array ( [userfile] => Array ( [name] => timecard.png [type] => image/png
> [tmp_name] => /home/web/phpZKBTak [size] => 38656 ) )
>
> But I still can't find the file at /home/web/.
>
> Thanks for your help.
> Reuben D. Budiardja
You need to move the temp file to whereever its final resting place
is. i.e. have you done a move_upload_file() on it yet?
--
Torben Wilson <[EMAIL PROTECTED]>
http://www.thebuttlesschaps.com
http://www.hybrid17.com
http://www.inflatableeye.com
+1.604.709.0506
--- End Message ---
--- Begin Message ---
On Wednesday 13 February 2002 09:57 pm, you wrote:
> On Wed, 2002-02-13 at 18:53, Reuben D Budiardja wrote:
> > print_r $HTTP_POST_FILE gives me:
> >
> > Array ( [userfile] => Array ( [name] => timecard.png [type] => image/png
> > [tmp_name] => /home/web/phpZKBTak [size] => 38656 ) )
> >
> > But I still can't find the file at /home/web/.
> >
> > Thanks for your help.
> > Reuben D. Budiardja
>
> You need to move the temp file to whereever its final resting place
> is. i.e. have you done a move_upload_file() on it yet?
Yes, I have. I follow the example exactly from
http://www.php.net/manual/en/features.file-upload.php.
Here is my scripts:
uploadPic.php:
<HTML>
<form enctype="multipart/form-data" action="uploadPic2.php" method="post">
<input type="hidden" name="MAX_FILE_SIZE" value="100000">
Send this file: <input name="userfile" type="file">
<input type="submit" value="Send File">
</form>
</HTML>
uploadPic2.php:
<?
print_r($HTTP_POST_FILES);
move_uploaded_file($HTTP_POST_FILES['userfile'], "/home/web/final");
?>
Thanks a lot for helping me.
Reuben D. Budiardja
--- End Message ---
--- Begin Message ---
On Wed, 2002-02-13 at 19:18, Reuben D Budiardja wrote:
> Yes, I have. I follow the example exactly from
> http://www.php.net/manual/en/features.file-upload.php.
Well, that's the problem then. The example in the manual is buggy. :)
This was fixed in cvs earlier today, actually, but the online manual
hasn't been regenerated yet, so it hasn't shown up online. It'll be
visible (meaning the correct example) within a few days.
See below...
> Here is my scripts:
>
> uploadPic.php:
> <HTML>
>
> <form enctype="multipart/form-data" action="uploadPic2.php" method="post">
> <input type="hidden" name="MAX_FILE_SIZE" value="100000">
> Send this file: <input name="userfile" type="file">
> <input type="submit" value="Send File">
> </form>
>
> </HTML>
>
> uploadPic2.php:
> <?
> print_r($HTTP_POST_FILES);
> move_uploaded_file($HTTP_POST_FILES['userfile'], "/home/web/final");
The above line should read:
move_uploaded_file($HTTP_POST_FILES['userfile']['tmp_name'],
"/home/web/final/some_file_name.jpg");
Hope this clears it up for you.
Torben
> ?>
>
> Thanks a lot for helping me.
> Reuben D. Budiardja
>
>
>
--
Torben Wilson <[EMAIL PROTECTED]>
http://www.thebuttlesschaps.com
http://www.hybrid17.com
http://www.inflatableeye.com
+1.604.709.0506
--- End Message ---
--- Begin Message ---
Hi All,
I'm trying to setup an authentication process and
sessions to protect some of my pages for valid users
only. The following are what I had in mind:
login.php--
<?php
if ( isset ( $username ) && isset ( $password ) {
mysql_connect ( "localhost", "user", "pass" );
mysql_select_db ( $db );
$result = mysql_num_rows( mysql_query ( "select
username from $table where username = '$username' and
password = '$password'" ) );
if ( $result == 1 ) {
$authenticated = "yes";
session_register ( "authenticated" );
echo "You have login";
echo "<a href=\"protected_page.php\">Protected
Page</a>"
} else {
header ( "location: http://server/login_page.php\n\n";
);
}
?>
protected_page.php
<?php
session_start();
if ( $authenticated == "yes" ) {
echo "You can view this page";
} else {
header ( "location: http://server/login_page.php\n\n";
);
}
Can anyone give me any suggestions or recommendations?
Is there any security concerns? Also, the session
files are in a directory that is not world readable.
Thanks in advance,
Harry
__________________________________________________
Do You Yahoo!?
Send FREE Valentine eCards with Yahoo! Greetings!
http://greetings.yahoo.com
--- End Message ---
--- Begin Message ---
"Harry Yu" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi All,
>
> I'm trying to setup an authentication process and
> sessions to protect some of my pages for valid users
> only. The following are what I had in mind:
>
> [...]
Well, looks fine to me, except that I would use some more
sophisticated session-id (like:
http://www.domain.com/pathto/file.html?ID=12345678)
to show off a bit ;-)
Regards,
--
Christian Blichmann
_____________________________________________
don't hesitate - email me with your thoughts:
e-mail: [EMAIL PROTECTED]
- please remove the ".nospam" from address.
_____________________________________________
do you want to know more?
web: http://www.blichmann.de
--- End Message ---
--- Begin Message ---
I have found 2 webhosts that provide PHP and MySQL:
www.aletiahosting.com
www.rackspace.net
Does anybody have experience with either one (good or bad)? Or does anyone
use a good low price host?
Thanks,
Ben
--- End Message ---
--- Begin Message ---
I have been with aletiahosting for few months and been quite happy with
them.
if you compare the price/features aletiahosting is a good one. their support
is good though been detoriated some how... some members do complain about
tickets not been resolved quickly but I never had such an experience .. all
my problems were handled within 48 hrs which i consider is good enough
thinking of their low price. also i haven't found any other host who is so
much feature rich with respect to PHP.
-----Original Message-----
From: Ben Clumeck [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, February 13, 2002 9:29 PM
To: [EMAIL PROTECTED]
Subject: [PHP] Webhosts
I have found 2 webhosts that provide PHP and MySQL:
www.aletiahosting.com
www.rackspace.net
Does anybody have experience with either one (good or bad)? Or does anyone
use a good low price host?
Thanks,
Ben
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
I would also, once again, toot the horn in favor of:
www.spyproductions.com
-Mike
The unbiased, broken record.
At 11:41 PM 2/13/02 -0500, R'twick Niceorgaw wrote:
>I have been with aletiahosting for few months and been quite happy with
>them.
>if you compare the price/features aletiahosting is a good one. their support
>is good though been detoriated some how... some members do complain about
>tickets not been resolved quickly but I never had such an experience .. all
>my problems were handled within 48 hrs which i consider is good enough
>thinking of their low price. also i haven't found any other host who is so
>much feature rich with respect to PHP.
>
>-----Original Message-----
>From: Ben Clumeck [mailto:[EMAIL PROTECTED]]
>Sent: Wednesday, February 13, 2002 9:29 PM
>To: [EMAIL PROTECTED]
>Subject: [PHP] Webhosts
>
>
>I have found 2 webhosts that provide PHP and MySQL:
>
>www.aletiahosting.com
>www.rackspace.net
>
>Does anybody have experience with either one (good or bad)? Or does anyone
>use a good low price host?
>
>Thanks,
>
>Ben
>
>
>--
>PHP General Mailing List (http://www.php.net/)
>To unsubscribe, visit: http://www.php.net/unsub.php
>
>
>
>
>
>--
>PHP General Mailing List (http://www.php.net/)
>To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--- End Message ---
--- Begin Message ---
I would like to have multiple domains and have them forwarded to different
folders, so I'd only need one hosting account. Example:
www.domain1.com goes to www.domain.com/domain1
www.domain2.com goes to www.domain.com/domain2
I would like to do this in php. Of course, to do this, I'd need to get the
url the user is requesting into the script. If this possible?
Thanks in advance, Leif K-Brooks.
--- End Message ---
--- Begin Message ---
Yes, you can do this. In the script below, I read the sub-directory from a
MYSQL database. This is overkill for just a few domains, but great for a
hundred.
This is index.html file:
<?php
$conn = mysql_connect("localhost","username","password");
mysql_select_db("mydatabase",$conn) or die("Error: ".mysql_error());
list($subd,$domain,$tld) = explode(".",$HTTP_SERVER_VARS['HTTP_HOST']);
if( $tld == "" )
{
$tld = $domain;
$domain = $subd;
$subd = "www";
}
$query = "SELECT directory FROM subdomains WHERE subdomain =\"$subd\" &&
domain=\"$domain\"";
$results = mysql_query($query) or die("Error:
".mysql_error()."<BR>$query<BR>");
if( mysql_num_rows($results)<>1 )
{
print "Error: Cannot find sub-domain
".$HTTP_SERVER_VARS['HTTP_HOST']."<BR>";
exit;
}
else
{
$row = mysql_fetch_array($results);
$loc = "http://www.mydomain.com/".$row['directory'];
header( "location: $loc");
}
exit;
?>
-----Original Message-----
From: Leif K-Brooks
To: [EMAIL PROTECTED]
Sent: 2/13/02 8:37 PM
Subject: [PHP] Is this possible?
I would like to have multiple domains and have them forwarded to
different
folders, so I'd only need one hosting account. Example:
www.domain1.com goes to www.domain.com/domain1
www.domain2.com goes to www.domain.com/domain2
I would like to do this in php. Of course, to do this, I'd need to get
the
url the user is requesting into the script. If this possible?
Thanks in advance, Leif K-Brooks.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
Hi friends,
Wish you all A very Happy Valentines Day!!!!!!!
May this Day bring in lots of Joy, Happiness, Success, Love !!!!!!!!
May all your dreams come true !!!!!!!!
Warm Regards ,
Balaji
**************************Disclaimer************************************
Information contained in this E-MAIL being proprietary to Wipro Limited
is 'privileged' and 'confidential' and intended for use only by the
individual or entity to which it is addressed. You are notified that any
use, copying or dissemination of the information contained in the E-MAIL
in any manner whatsoever is strictly prohibited.
********************************************************************
--- End Message ---
--- Begin Message ---
Oh, ok.... when did PHP started celeberating valentine's day ?!?!?!?!?!?!!
Karthick
> Hi friends,
> Wish you all A very Happy Valentines Day!!!!!!!
> May this Day bring in lots of Joy, Happiness, Success, Love !!!!!!!!
> May all your dreams come true !!!!!!!!
>
> Warm Regards ,
> Balaji
>
>
>
----------------------------------------------------------------------------
----
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
--- End Message ---
--- Begin Message ---
"Tv Karthick Kumar" <[EMAIL PROTECTED]> schrieb im Newsbeitrag
004d01c1b52e$b3939040$[EMAIL PROTECTED]">news:004d01c1b52e$b3939040$[EMAIL PROTECTED]...
> Oh, ok.... when did PHP started celeberating valentine's day ?!?!?!?!?!?!!
>
> Karthick
>
not boys only
working on php future
;-)
regards Pet(e)r
--- End Message ---
--- Begin Message ---
I am planning a script that will send mail to all my clients
(potentially up to 10000, even more clients)... I figured I can loop a
mailer script for every client (I don't want to have more than one email
address per message in the recipient field).
Any special advise or pages I could view for help or is looping a mailer
script acceptable? I know I had one in ASP once upon a time and the
script was so slow that it would mail about 100 messages in a minute and
the script would time out quickly before I was done.
Thanks.
--- End Message ---
--- Begin Message ---
Firstly:
Keep track very carefully to whom you've allready sent the message, it
might allways crash.
Second:
Add some Sleep()'s so it won't kill your mailserver.
Third:
Don't spam. :)
Niklas
-----Original Message-----
From: phantom [mailto:[EMAIL PROTECTED]]
Sent: 14. helmikuuta 2002 9:11
To: [EMAIL PROTECTED]
Subject: [PHP] Setting up group mailer
I am planning a script that will send mail to all my clients
(potentially up to 10000, even more clients)... I figured I can loop a
mailer script for every client (I don't want to have more than one email
address per message in the recipient field).
Any special advise or pages I could view for help or is looping a mailer
script acceptable? I know I had one in ASP once upon a time and the
script was so slow that it would mail about 100 messages in a minute and
the script would time out quickly before I was done.
Thanks.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
My mail out script
<font size="5">Email out</font>
<?php
include"../../config.php";
$sql = "SELECT * FROM hyperlinks ORDER BY `id` ASC";
$sql_result = mysql_query($sql, $connection) or die ("Could not get
Query");
while ($row = mysql_fetch_array($sql_result)) {
$id = $row["id"];
$small_text = $row["small_text"];
$url_to = $row["url_to"];
$image_url = $row["image_url"];
$email = $row["webmaster"];
if ($email == "[EMAIL PROTECTED]") {
$email = "[EMAIL PROTECTED]";
}
echo "Send Email to $small_text, $email ... sent=ok";
$msg = "Hello, $email \n\n";
$msg .= "This is a simple reminder that you have $url_to listed\n";
$msg .= "with Philip's Domain. http://www.philipsdomain.com/\n";;
$msg .= "Thanks.\n";
$mailheaders = "From: Philip's Domain :: Hyperlinks.\n";
$mailheaders .= "Reply-To: [EMAIL PROTECTED]\n\n";
mail("$email", "Philip J. Newman", $msg, $mailheaders);
}
?>
----- Original Message -----
From: "Niklas Lampén" <[EMAIL PROTECTED]>
To: "Php-General" <[EMAIL PROTECTED]>
Sent: Thursday, February 14, 2002 8:47 PM
Subject: RE: [PHP] Setting up group mailer
> Firstly:
> Keep track very carefully to whom you've allready sent the message, it
> might allways crash.
>
> Second:
> Add some Sleep()'s so it won't kill your mailserver.
>
> Third:
> Don't spam. :)
>
>
> Niklas
>
>
> -----Original Message-----
> From: phantom [mailto:[EMAIL PROTECTED]]
> Sent: 14. helmikuuta 2002 9:11
> To: [EMAIL PROTECTED]
> Subject: [PHP] Setting up group mailer
>
>
> I am planning a script that will send mail to all my clients
> (potentially up to 10000, even more clients)... I figured I can loop a
> mailer script for every client (I don't want to have more than one email
> address per message in the recipient field).
>
> Any special advise or pages I could view for help or is looping a mailer
> script acceptable? I know I had one in ASP once upon a time and the
> script was so slow that it would mail about 100 messages in a minute and
> the script would time out quickly before I was done.
>
> Thanks.
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
>
--- End Message ---
--- Begin Message ---
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] says...
> I am planning a script that will send mail to all my clients
> (potentially up to 10000, even more clients)... I figured I can loop a
> mailer script for every client (I don't want to have more than one email
> address per message in the recipient field).
>
> Any special advise or pages I could view for help or is looping a mailer
> script acceptable? I know I had one in ASP once upon a time and the
> script was so slow that it would mail about 100 messages in a minute and
> the script would time out quickly before I was done.
>
> Thanks.
This topic seems to come up quite regularly; if you have a look back over
the archives I think you will find that the general opinion is that you
should use a dedicated package for mass mailing. qmail/ezmlm is one such
package which can use a mysql database if required.
--
David Robley
Temporary Kiwi!
--- End Message ---
--- Begin Message ---
I'm trying to make a search engine for my database of links. I have been using the
following.
SELECT * FROM `hyperlinks` WHERE 1 AND `keywords` LIKE '%$getme%' ORDER BY `id` ASC
LIMIT 0, 30
if $getme = big trees
then it would only search for key words that are there same "big trees" not for " big
and trees"
can anyone help?
Philip J. Newman
Philip's Domain - Internet Project.
http://www.philipsdomain.com/
[EMAIL PROTECTED]
Phone: +64 25 6144012
--- End Message ---
--- Begin Message ---
On Thursday 14 February 2002 16:38, Philip J. Newman wrote:
> I'm trying to make a search engine for my database of links. I have been
> using the following.
>
> SELECT * FROM `hyperlinks` WHERE 1 AND `keywords` LIKE '%$getme%' ORDER BY
> `id` ASC LIMIT 0, 30
>
> if $getme = big trees
>
> then it would only search for key words that are there same "big trees" not
> for " big and trees"
Split up your keywords. Loop through each one to construct something like:
SELECT * FROM `hyperlinks` WHERE 1
AND `keywords` LIKE '%big%'
AND `keywords` LIKE '%trees%'
ORDER BY `id` ASC LIMIT 0, 30
This will only match when ALL the specified keywords are present. To match on
any one of the keywords construct something like:
SELECT * FROM `hyperlinks`
WHERE `keywords` LIKE '%big%'
OR `keywords` LIKE '%trees%'
ORDER BY `id` ASC LIMIT 0, 30
--
Jason Wong -> Gremlins Associates -> www.gremlins.com.hk
/*
Keep a diary and one day it'll keep you.
-- Mae West
*/
--- End Message ---
--- Begin Message ---
hi everybody,
i have several strange messages in my error_log.
[Thu Feb 14 08:37:45 2002] [info] [client 62.109.66.85] (104)Die
Verbindung wurde vom Kommunikationspartner zurückgesetzt: client stopped
connection before send mmap completed
[Thu Feb 14 08:38:47 2002] [info] [client 62.109.66.85] (104)Die
Verbindung wurde vom Kommunikationspartner zurückgesetzt: client stopped
connection before send mmap completed
[Thu Feb 14 08:38:47 2002] [info] [client 62.109.66.85] (104)Die
Verbindung wurde vom Kommunikationspartner zurückgesetzt: client stopped
connection before send mmap completed
[Thu Feb 14 08:38:47 2002] [info] [client 62.109.66.85] (104)Die
Verbindung wurde vom Kommunikationspartner zurückgesetzt: client stopped
connection before send mmap completed
[Thu Feb 14 08:50:02 2002] [info] [client 200.52.162.1] send mmap timed out
[Thu Feb 14 09:10:51 2002] [info] [client 212.34.74.75]
(32)Datenübergabe unterbrochen (broken pipe): client stopped connection
before send body completed
[Thu Feb 14 09:14:30 2002] [info] [client 144.254.64.164] (104)Die
Verbindung wurde vom Kommunikationspartner zurückgesetzt: client stopped
connection before send body completed
sorry for the german, it is a german RedHat7.1 distribution using PHP
Version 4.1.1 in Apache/1.3.20 compiled like this:
'./configure' '--with-pgsql=/prog/pgsql' '--enable-discard-path'
'--enable-force-cgi-redirect' '--enable-trans-sid' '--prefix=/prog/php'
'--with-config-file-path=/prog/php/lib' '--with-mysql=/prog/mysql'
'--with-imap=/usr/lib' '--with-kerberos' '--with-imap-ssl'
'--with-apxs=/prog/apache/bin/apxs'
since (probably) after i installed PHP 4.1.1 (before was PHP 4.0.6) i
get the above listed messages and the server slows down after about 3/4
of an hour. so as a fast relieve i am restarting the server now (through
a cronjob) every half hour. this is no good at all, but i did not no
what to do else.
do you have any idea about what is happening?
thanks for any help,
mark
please reply to [EMAIL PROTECTED]
--
_________________________________________________________________
Mark Rosa YourCell.Net
dipl. arch. eth, nds caad occupy your cell on the net
[email] [EMAIL PROTECTED] [www] www.yourcell.net
[mobile] +49.179.5481800 [fax] +49.89.2443.56408
[www] www.yourcell.net/rosa [pgp id] 0x1F3A4A6C
_________________________________________________________________
--- End Message ---
--- Begin Message ---
Hello,
How can I decode encoded text/numbers in my phpMyAdmin? I looked at
BASE64, but thats not it. Any help is great. Thanks
Example: 8e73b27568cb3be29e2da74d42eab6dd
--
- Dave
Visit http://www.geocities.com/earthtohorny for info on Computers and
Upgrading.
--- End Message ---
--- Begin Message ---
porting base64 encode/decode module on Perl to php.
http://www.cpan.org
David <[EMAIL PROTECTED]> wrote: Hello,
How can I decode encoded text/numbers in my phpMyAdmin? I looked at
BASE64, but thats not it. Any help is great. Thanks
Example: 8e73b27568cb3be29e2da74d42eab6dd
--
- Dave
Visit http://www.geocities.com/earthtohorny for info on Computers and
Upgrading.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
---------------------------------
Do You Yahoo!?
Send FREE Valentine eCards with Yahoo! Greetings!
--- End Message ---
--- Begin Message ---
Hi every1,
I've been playing around with template.inc out of PHPLib.
Now there's just one question dwelling in my head.. is it possible
somehow to get the server to parse any html-file that is requested.
example: user requests file index.html, index.html is parsed thru a
standard template to generate the nicely formatted page...
index.html only holds the content of the site and is pure html (maybe
with a tag or two to mark the content and the title or so, but no or
very very little PHP code in it.)
I hope this is more or less understandable... ;oP
I'd appreciate any help on that even if you say that it will never
work..
thanks
Stefan
--- End Message ---
--- Begin Message ---
Hey mate,
There's several template engines out there, Take a look around here:
http://www.hotscripts.com/PHP/Scripts_and_Programs/Content_Management/
Hope that helps ya!
- Lum
----- Original Message -----
From: "Truniger, Stefan Martin" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, February 14, 2002 7:46 PM
Subject: [PHP] Templates
Hi every1,
I've been playing around with template.inc out of PHPLib.
Now there's just one question dwelling in my head.. is it possible
somehow to get the server to parse any html-file that is requested.
example: user requests file index.html, index.html is parsed thru a
standard template to generate the nicely formatted page...
index.html only holds the content of the site and is pure html (maybe
with a tag or two to mark the content and the title or so, but no or
very very little PHP code in it.)
I hope this is more or less understandable... ;oP
I'd appreciate any help on that even if you say that it will never
work..
thanks
Stefan
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
Ello all!
Whazzup?
Ok, I'm over it. Now...
Does anyone know how to set up MySQL, or phpMyAdmin to restrict users to a
single database? For instance, the user JoeBlow...
Joe has a database called JB, I want him to have full access to it and
nothing else. How would I go about doing this? I'd also like him to have
access to it via PHP, so he can write his own PHP script that'll let him
manipulate his database. I just need to lock him out of averything else.
And also...
How do I go about securing PHP functions. For example, at the moment Joe
can upload a PHP script that deletes /etc/named.conf. NOT GOOD!
Is there some options you can parse to PHP at compile tim that will
deactivate these features, or maybe some other way I can give users full
access to all of the PHP functions, but they're restricted to their home
dir.
Thanks for your help!
- Liam
--- End Message ---
--- Begin Message ---
>Ok, I'm over it. Now...
>Does anyone know how to set up MySQL, or phpMyAdmin to restrict users to a
>single database? For instance, the user JoeBlow...
>Joe has a database called JB, I want him to have full access to it and
>nothing else. How would I go about doing this? I'd also like him to have
>access to it via PHP, so he can write his own PHP script that'll let him
>manipulate his database. I just need to lock him out of averything else.
This is a MySQL question, and it looks like you haven't even read the install notes.
>And also...
>How do I go about securing PHP functions. For example, at the moment Joe
>can upload a PHP script that deletes /etc/named.conf. NOT GOOD!
>Is there some options you can parse to PHP at compile tim that will
>deactivate these features, or maybe some other way I can give users full
>access to all of the PHP functions, but they're restricted to their home
>dir.
You can set the open_basedir option in php.ini (look that up),
you may be able to set this in a smart way through apache config somehow
to get it to reflect the requested website's directory.
Also you could try and 'chroot' Apache to make sure it never touches system files.
Do some research!
bvr.
--- End Message ---
--- Begin Message ---
Liam MacKenzie wrote:
> And also...
> How do I go about securing PHP functions. For example, at the moment Joe
> can upload a PHP script that deletes /etc/named.conf. NOT GOOD!
>
Surely this is a general security issue? If an ordinary user is allowed
to delete /etc/named.conf (whether by PHP, Perl or a command line "rm
/etc/named.conf") then the permissions are not right (only root normally
having write permission). Joe may be able to run a script that _tries_
to delete /etc/named.conf but the permissions should not allow it.
Or am I missing something?
Regards
Chris
--- End Message ---
--- Begin Message ---
No, you're right..
Permissions for that file could probably be tighter,
but it's better not to rely on file system permissions only.
bvr.
>> And also...
>> How do I go about securing PHP functions. For example, at the moment Joe
>> can upload a PHP script that deletes /etc/named.conf. NOT GOOD!
>>
>Surely this is a general security issue? If an ordinary user is allowed
>to delete /etc/named.conf (whether by PHP, Perl or a command line "rm
>/etc/named.conf") then the permissions are not right (only root normally
>having write permission). Joe may be able to run a script that _tries_
>to delete /etc/named.conf but the permissions should not allow it.
>
>Or am I missing something?
--- End Message ---
--- Begin Message ---
Perhaps a better way of wording my question would have been to say this:
At the moment, I can make seperate users, the do not have
permission to create tables in other databases, but the can
still browse them and view the information.
Any the example I used for the named.conf was a bad one.
They cannot delete this, but they can view it's contents. How
can I restrict all PHP functions to
the one directory? So if a user makes a file like this:
<?
include ("../../../../../../../../../etc/eXtremail/eXtremail.conf");
?>
Instead of printing the conf file the SMTP password in it,
it'll return an error.
I've read the docs, but to no avail.
Thanks,
Liam
--- End Message ---
--- Begin Message ---
Hi
Anybody know of any good scripts for creating a directory for links which includes a
search function similar to Yahoo and other search engines.
Thanks in advance
Mohamed
--- End Message ---
