Re: [PHP] display array problem

[Chris]

Mark wrote:

Can anyone help me with this problem please!
the code below shows a football fixture for the entire season , round 1-22 
but this takes up to much space on the webpage (very long page).

Is it possible to display one round at a time so its automatic.
At the moment- each week the admin  closes a round ie: (round 2 closed) so i 
want the page to display round 3 fixtures only for the entire week.
Can a script show the next round after the closed round (if round 1 is 
closed go to next round -2- if thats closed go to next round which is 3, 
until it gets a round thats not closed and shows the results.


The table

FIXTURES

  Field Type Null Default
  id   int(11) No
  round   char(2) No  0
  game   int(11) No  0
  date   text No
  home   text No
  away   text No
  winner   text No
  draw   text No
  closed   char(1) No  0
  comp_id   int(11) No  0
  margin   int(11) No  0




I assume 'closed' becomes '1' when it's over.


change

SELECT * FROM fixtures WHERE comp_id = $comp_id

to

SELECT * FROM fixtures WHERE comp_id = $comp_id WHERE closed='0' ORDER 
BY round ASC LIMIT 1;


The limit 1 will stop it fetching all rounds - if you don't want that, 
remove the "limit 1".


--
Postgresql & php tutorials
http://www.designmagick.com/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Creating forms dynamically

[Chris]

Paul Goepfert wrote:

Hi all,

I have been working on a page where I have a form.  I currently have
the form in an else block with no access to it if I need to redisplay
the form incase of errors. To be more specific I want to redisplay the
page with the errors displayed. I would like to have the form coded
once.  It would save on file size.  In my form I have a table that
holds the text inputs.  I do have MySQL code for dropdown menus.  If
anyone has any ideas on how to create the form when the error messages
are displayed without having to code it a second time please let me
know.


function display_form($errormessage=false) {
  if ($errormessage) {
echo "There was a problem!";
  }
  // form goes here.
}

Works well and it's nice and easy to use.

You can either pass in true/false for the $errormessage or pass in a 
message (which isn't displayed by default).


--
Postgresql & php tutorials
http://www.designmagick.com/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] moving data from mssql to mysql on linux

[Philip Hallstrom]

I have a project where I need to connect to a remote SQL Server and move
data from their to my localy MySQL server.  On the remote SQL Server, I only
have access to a few views but need to get their data and move it to my
local MySQL db.  What is the best way to do this?  I have freetds compiled
and configured for php on my server and currently connect to the SQL Server,
do my query and then loop through the result inserting into MySQL a row at a
time but this just takes to longis there a better way?


Look at disabling indexes until the inserts are done.  Also "insert 
delayed" or "insert ignored"... (don't remember the exact specifics).  If 
it's innodb, wrap the inserts in a transaction and commit every 100 rows 
or so.


Also, before spending too much time on it, you'll never get faster than 
you can query out of sqlserver... so if that's the bottleneck not much you 
can do about it.


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] moving data from mssql to mysql on linux

[blackwater dev]

I have a project where I need to connect to a remote SQL Server and move
data from their to my localy MySQL server.  On the remote SQL Server, I only
have access to a few views but need to get their data and move it to my
local MySQL db.  What is the best way to do this?  I have freetds compiled
and configured for php on my server and currently connect to the SQL Server,
do my query and then loop through the result inserting into MySQL a row at a
time but this just takes to longis there a better way?

Thanks!

Re: [PHP] Printing library in PHP ?

[Steve Brown]

> I am currently migrating an application originally written with Delphi to
> PHP.  Everything is going fine except the printing of the reports that does
> not produce the same visual result (i.e does not look the same or has some
> aligmment issues).

We generate all of our printed reports using FPDF
(http://www.fpdf.org) to generate PDF files.  Its very flexible, can
do must of what you are aksing for, and unlike some alternatives, its
free.PDFs are going to be the easiest way to get total control of
the output.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: Printing library in PHP ?

[Bogdan Ribic]

This is more of an HTML question than it has to do with PHP, and you 
sound like a noobie :)


Only useful info I can give you is to use THEAD in tables to hold 
headers, browsers put that row first on every page when breaking large 
table on several pages.


Boban.

robert mena wrote:


For example:
I have a specific report I have to add a header to each page
I have another one with tabular data that when the result is larger than a
page I should break the table and start at the next page so the table
headers can be seen again...

In both I'd need a way to decide/find out how many pages will be necessary
(given the size of the paper sheet) so I could generate the HTML correctly.




--

   Open source PHP code generator for DB operations
   http://sourceforge.net/projects/bfrcg/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] array_search and multi-dimensional arrays

[List Manager]

M. Sokolewicz wrote:

List Manager wrote:

jonathan wrote:



I'd like to return the first key value in the following array such 
that England would return 1 rather than 3 which is the second key 
value. Any help would be greatly appreciated.


$c[1][]="Vietnam";
$c[1][]="China";
$c[1][]="Thailand";
$c[1][]="England";
$c[2][]="USA";
$c[2][]="Japan";


print_r($c);
// Array ( [1] => Array ( [0] => Vietnam [1] => China [2] => 
Thailand [3] => England ) [2] => Array ( [0] => USA [1] => Japan ) )


foreach($c as $row)
{
echo array_search("England",$row);
}
// prints 3

-jonathan

--PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


give this a shot

 $v) {
   if ( is_array($v) ) {
 $val = findIndexof($v, $str);
 if( $val !== false ) {
   return $val;
 }
   } elseif ( strtolower($v) == strtolower($str) ) {
 return $k;
   }
 }
 return FALSE;
}

$c[1][] = "Vietnam";
$c[1][] = "China";
$c[1][] = "Thailand";
$c[1][] = "England";
$c[2][] = "USA";
$c[2][] = "Japan";

echo findIndexof($c, 'Vietnam');
?>

You should be able to search arrays of any depth

Hope this woks for you.

Jim


Or, a lot easier:
foreach($c as $key=>$row) {
 if(false !== array_search("England",$row)) {
echo $key;
  }
}

Well, this is fine, if you know that the array will always be two 
levels, not one, not three, but two.


If this is the case, then fine.

But, don't you think it would be nice to have a function that will work 
no matter what it is passed?


Jim

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] setcookie security concerns

[tedd]

tedd wrote:




It's not entirely clear from this example, but am I correct in 
assuming that $thestyle is the same as $_COOKIE['thestyle'] in this 
case? In other words, are you relying on register_globals or 
assigning the value yourself?


If this is the value directly from the cookie, it's an example of a 
cross-site scripting (XSS) vulnerability.



header("Location: $HTTP_REFERER");


This is an HTTP response splitting vulnerability, because the 
Referer header (like the Cookie header) is provided by the client. 
Future versions of PHP will not allow more than one header per 
header() call, but this has been possible until now.



1. Is he right?


Yes, it seems so.


2. How does that work?


The Cookie header is part of an HTTP request. This is sent by the 
client, and although the standard mechanism involves the client 
returning exactly what you requested (e.g., the value matches that 
of a previous Set-Cookie header), there's no guarantee that a 
malicious user would be as polite.



3. If so, what do I do to correct this?


Don't trust any input without inspecting it first. In your case, 
this is particularly easy, because you can just make sure that the 
value is one of the few valid values.


Hope that helps.

Chris


Chris:

Yes, it helps and I thank you for your comments.

Your question: "It's not entirely clear from this example, but am I 
correct in assuming that $thestyle is the same as 
$_COOKIE['thestyle'] in this case? In other words, are you relying on 
register_globals or assigning the value yourself?"


The example is here:

http://www.sperling.com/examples/styleswitch/

The complete php code (i.e., switch.php) is:

   

And the value is assigned by the user via a click:

   Green or href="switch.php?set=style1">Red


And, the style sheet is determined by:

   


As such, I am expecting the user to provide the value of 'thestyle' 
via his choice.


However, let's say a malicious user would try to do something -- what 
could he actually do?


Please explain

Thanks again.

tedd

--

http://sperling.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Execute a shell command using thttpd-php

[Chris]

Nelson Carreira wrote:

Hello,

I'm quite new to PHP language and although I got into it pretty fast I'm 
having some trouble executing system commands using php. I'm using 
thttpd-php_2.21b-2_mipsel in a Linksys router and I can only execute 
system commands like "ls" and "cd" from the PHP. I tried using the 
different available functions (exec(), shell_exec(), system(), 
passthru() and backsticks) but none of them works. I can't even run 
scripts!


What happens? Do you get an error?

The commands you're trying to execute can't be interactive (ie can't 
prompt for information).


They must be run by themselves and possibly display results.

--
Postgresql & php tutorials
http://www.designmagick.com/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: Printing library in PHP ?

[robert mena]

Hi Manuel,

I am trying to print from the client side.  The client will be windows.

Thanks.


On 3/13/06, Manuel Lemos <[EMAIL PROTECTED]> wrote:
>
> Hello,
>
> on 03/13/2006 09:44 AM robert mena said the following:
> > I am currently migrating an application originally written with Delphi
> to
> > PHP.  Everything is going fine except the printing of the reports that
> does
> > not produce the same visual result (i.e does not look the same or has
> some
> > aligmment issues).
> >
> > From what I've read I should use CSS to achieve such result but I was
> > wondering if there is any toolkit, library in PHP that would ease my
> work.
> >
> > For example:
> > I have a specific report I have to add a header to each page
> > I have another one with tabular data that when the result is larger than
> a
> > page I should break the table and start at the next page so the table
> > headers can be seen again...
> >
> > In both I'd need a way to decide/find out how many pages will be
> necessary
> > (given the size of the paper sheet) so I could generate the HTML
> correctly.
>
> You did not mention the platform you want to print, nor if you want to
> print on the client side or server side.
>
> If you want to print on the server side, you may want to take a look at
> this IPP (Internet Printing Protocol) client class that can be used to
> print HTML documents on Windows and Linux (with CUPS).
>
> http://www.phpclasses.org/printipp
>
>
> --
>
> Regards,
> Manuel Lemos
>
> Metastorage - Data object relational mapping layer generator
> http://www.metastorage.net/
>
> PHP Classes - Free ready to use OOP components written in PHP
> http://www.phpclasses.org/
>

[PHP] Re: Creating forms dynamically

[Paul Goepfert]

Class validation
{
//functions
}
if(isset($submit))
{
  //calls to validation code
}
else
{
//display webpage
}
On 3/14/06, Paul Goepfert <[EMAIL PROTECTED]> wrote:
> Hi all,
>
> I have been working on a page where I have a form.  I currently have
> the form in an else block with no access to it if I need to redisplay
> the form incase of errors. To be more specific I want to redisplay the
> page with the errors displayed. I would like to have the form coded
> once.  It would save on file size.  In my form I have a table that
> holds the text inputs.  I do have MySQL code for dropdown menus.  If
> anyone has any ideas on how to create the form when the error messages
> are displayed without having to code it a second time please let me
> know.
>
> Oh by the way this is how my page is setup now
>
> Class validation
> {
>

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Creating forms dynamically

[Paul Goepfert]

Hi all,

I have been working on a page where I have a form.  I currently have
the form in an else block with no access to it if I need to redisplay
the form incase of errors. To be more specific I want to redisplay the
page with the errors displayed. I would like to have the form coded
once.  It would save on file size.  In my form I have a table that
holds the text inputs.  I do have MySQL code for dropdown menus.  If
anyone has any ideas on how to create the form when the error messages
are displayed without having to code it a second time please let me
know.

Oh by the way this is how my page is setup now

Class validation
{

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Is this password protection script secure?

[Oscar Gosdinski]

Instead of using a hash if the password string, i prefer to save the
following in the password field of my user's table:

md5($user . $password)

There are some md5 databases around that can be used to get the
cleartext password from the hash if your database is compromised, if
you use this method it's difficult to get the cleartext password
because it depends on the user and you are also validating if the user
exists.

However, i have a question. Which is better?, the md5 function
provided by PHP or MySQL? i used the MySQL function because i didn't
compile PHP with support for hash.

--
Saludos
Oscar

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] PHP/Oracle : bug with accent...

[David BERCOT]

Hi,

I have a big problem with my Debian server (Apache 2, PHP 5, Oracle
Instant Client). I've modified the environment variable NLS_LANG and,
with SQL*Plus, everything is ok ! But, in a PHP page, I can't insert a
value with accent (ex: Irène). I can read data with accent, but not
inserting !!!
I searched all the afternoon, testing many solutions, without success. I
think I'm not alone with this problem but...

Do you have any clue ? Something to look at ?

Thank you very much.

David.


signature.asc
Description: Ceci est une partie de message	numériquement signée

RE: [PHP] Hidding HTML Input Elements values approach

[David Dorward]

pedro mpa wrote:

>> So the value attribute contains an encrypted representation of the
>> country name ... which is transmitted in clear text right next to it?

>> If you want encryption, why not just use SSL?

> The value attribute contains an encrypted value of a row id in the
> database table for countries. How would I know which country the user has
> selected if I don't know its row id to insert on a members table (either
> plain, masked or encrypted)?

Obviously you need to relate the data to your database - but why encrypt it?
And if you do encrypt it, why not use SSL to do so?

>> name ... which is transmitted in clear text right next to it?
> 
> What is posted is the value attribute of the option elements not the
> country text (do a print_r($_POST)).

When the client sends the entered data to the server, yes. However, that
isn't the case when the server sends the form to the client in the first
place.

> Suppose you are on a Private Area on a website after login and you might
> have links such as:
> Preferences
> Change Password
> Change E-mail
> 
> In my approach these links would be like:
> Preferences
> Change Password
> Change E-mail

Why?

> for this you need htaccess on apache -I think-

No. .htaccess files just allow you to reconfigure Apache on a per directory
basis without restarting the server.

-- 
David Dorward      
 Home is where the ~/.bashrc is

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Is this password protection script secure?

[Satyam]

- Original Message - 
From: "Anthony Ettinger" <[EMAIL PROTECTED]>



You should encrypt the password in the database, with a one-way hash,
then you simply compare what's in your db to what the login form
submits.

That way if you get hacked, or your admin goes postal, you won't have
people's unencrypted passwords in the database.

--

It should say:

"You should encrypt the password in the database, with a one-way hash,
then you simply compare what's in your db to [the hash of] what the login 
form

submits."

That is, when you first store the password, you first hash it (usually, you 
would use the function md5() ).  Then when you do the select, you put in the 
where:


  " WHERE `username` = '$username' and `pw`='" . md5($password) . "'";


And you don't store the password in a session variable or anywhere else, you 
encript it (one way) you check it, and you forget about it, you never put it 
in the clear anywhere.  After all, session data goes somewhere in the disk, 
and with an obvious name as password, it wouldn't be hard to find, even if 
you don't have access to the database, for example, an example of the 
contents of a session file:


IdUsr|i:999;level|s:1:"2";usr|s:6:"satyam";

Easy to understand:
IdUsr, an integer, containing 999
level, a string of one character containing a 2
user, a string of 6 characters containing 'satyam'

would you like to see something like

password|s:10:mypassword;

If you are using MySql isam files, locate the file with extension MYD and do 
an hex dump of it.   If you are database is called MyDb and your Users table 
is called Users, locate  MySql/data/MyDb/Users.MYD and dump it.


Now, you might be wondering what is the database password protection, don't 
you?


Satyam

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] setcookie security concerns

[Chris Shiflett]

tedd wrote:




It's not entirely clear from this example, but am I correct in assuming 
that $thestyle is the same as $_COOKIE['thestyle'] in this case? In 
other words, are you relying on register_globals or assigning the value 
yourself?


If this is the value directly from the cookie, it's an example of a 
cross-site scripting (XSS) vulnerability.



header("Location: $HTTP_REFERER");


This is an HTTP response splitting vulnerability, because the Referer 
header (like the Cookie header) is provided by the client. Future 
versions of PHP will not allow more than one header per header() call, 
but this has been possible until now.



1. Is he right?


Yes, it seems so.


2. How does that work?


The Cookie header is part of an HTTP request. This is sent by the 
client, and although the standard mechanism involves the client 
returning exactly what you requested (e.g., the value matches that of a 
previous Set-Cookie header), there's no guarantee that a malicious user 
would be as polite.



3. If so, what do I do to correct this?


Don't trust any input without inspecting it first. In your case, this is 
particularly easy, because you can just make sure that the value is one 
of the few valid values.


Hope that helps.

Chris

--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Is this password protection script secure?

[Robin Vickery]

On 14/03/06, IG <[EMAIL PROTECTED]> wrote:
> Hello.
>
> I got a password protected login script of t'internet a while back and
> have implemented it. I just want to make sure it is secure.

It's not.

1. It only works with register_globals turned on. Not a good idea -
register_globals has been off by default for some time now, for good
reason.

2. There's a Cross Site Scripting vulnerability where you're echoing
out the contents of $QUERY_STRING.

3. There's an SQL Injection vulnerability where you're inserting
$username directly into the query without any validation or escaping.

4. You're keeping the passwords in the database unencrypted rather
than using a one way hash which is bad in itself, but then you're
storing also writing them to the session - if you're on a shared
server, it's likely that any other site also on that server is able to
read your session files.

5. You're checking the username and password on every page request -
even after a successful login... which isn't really a security
problem, just wasteful.

  -robin

Re: [PHP] Hostname Filtering

[Philip Hallstrom]

I have a few PHP scripts where I log hit to a page i.e. IP and hostname via a 
look up.


What I want to do is create essentially a blacklist to prevent bots and other 
hosts and IP from being logged and skewing my stats.  My local IP/host and 
the MSN and Googlebot hits should not be in my stats or at least I can flag 
them to hide them.


For example:

$blacklist = array(
'*.wavefront.ca',
'*.googlebot.com',
'msnbot.msn.com',
'*.inktomisearch.com',
'68.146.96.245'
);

So lets say I have my host:

$host = 'lj602144.inktomisearch.com';

I want to quickly parse this array and return a simple boolean if I am in the 
blacklist.  I could create a loop and cycle through the array valves and to a 
regex on each but I was hoping someone would have a more elegant solution.


http://us3.php.net/in_array

You might want to rethink things though... if you list hostnames you're 
going to have to do a DNS lookup for *every* request to that script. 
That's going to take some time.


So you might want to log everything, then after the fact prune the 
results.  Just be sure to use some sort of dns caching strategy...


-philip

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Is this password protection script secure?

[Gerry Danen]

On 3/14/06, IG <[EMAIL PROTECTED]> wrote:
>
> Hello.
>
> I got a password protected login script of t'internet a while back and
> have implemented it. I just want to make sure it is secure. I am aware
> that the password is stored directly in the database and I don't think
> this is a good thing. If the following could be looked at to see if
> there are any improvements I would be most grateful. The script is then
> called on each page that requires password protection thus-


Here's a fragment from my login routine:

if ( isset($_POST['s1']) )
{
$md5_pass= md5($_POST['p1']);
$u_user_id= db_format($_POST['u1']);

$q1 = "select * from users where u_user_id = '$u_user_id' and u_pass =
'$md5_pass' and u_appr = '1' ";
$r1 = mysql_query($q1) or db_error( $q1, mysql_error(), mysql_errno(),
__FILE__ );
$a1 = mysql_fetch_array($r1);

if ( mysql_num_rows($r1) == '1' )
{
$hostip = $_SERVER['REMOTE_ADDR'];

$_SESSION['sess_login_id']= $a1['u_user_id'];
$_SESSION['sess_uid']= $a1['u_id'];
$_SESSION['sess_email']= $a1['u_email'];

Re: [PHP] setcookie security concerns

[Gerry Danen]

Which "someone" could do this, is another question I have. The user? He's do
something to his own computer, no?

Gerry

On 3/14/06, tedd <[EMAIL PROTECTED]> wrote:
>
> Hi:
>
> I've been using a php style switcher allowing users to change css.
> The code follows:
>
> Within the head tags.
>
> 
>
> Within the body tags, allowing the user to select which style they want:
>
> Green or  href="switch.php?set=style1">Red
>
> And, the corresponding (switch.php) php code is:
>
>  setcookie ('thestyle', $set, time()+31536000, '/', '', 0);
> header("Location: $HTTP_REFERER");
> ?>
>
> It's pretty simple. But recently, I had one person hammer me stating
> it was a security problem because I didn't validate the user input.
> As such, he says that someone could inject an arbitrary code and
> cause problems.
>
> 1. Is he right?
>
> 2. How does that work?
>
> 3. If so, what do I do to correct this?
>
> Many thanks for any replies.
>
> tedd
> --
>
> 
> http://sperling.com
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>


--
Gerry
http://portal.danen.org/

RE: [PHP] Hidding HTML Input Elements values approach

[pedro mpa]

> -Mensagem original-
> De: David Dorward
> So the value attribute contains an encrypted representation of the country
> name ... which is transmitted in clear text right next to it?
> 
> If you want encryption, why not just use SSL?

The value attribute contains an encrypted value of a row id in the database
table for countries. How would I know which country the user has selected if
I don't know its row id to insert on a members table (either plain, masked
or encrypted)?

> name ... which is transmitted in clear text right next to it?

What is posted is the value attribute of the option elements not the country
text (do a print_r($_POST)).

Suppose you are on a Private Area on a website after login and you might
have links such as:
Preferences
Change Password
Change E-mail

In my approach these links would be like:
Preferences
Change Password
Change E-mail - for this you need ht access
on apache -I think-

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Is this password protection script secure?

[Anthony Ettinger]

On 3/14/06, IG <[EMAIL PROTECTED]> wrote:
> Hello.
>
> I got a password protected login script of t'internet a while back and
> have implemented it. I just want to make sure it is secure. I am aware
> that the password is stored directly in the database and I don't think
> this is a good thing. If the following could be looked at to see if
> there are any improvements I would be most grateful. The script is then
> called on each page that requires password protection thus-
>  include('login.php');
> ?>
>
>
> Here is the code for login.php-
>
>
>
>  if(!isset($username) | !isset($password)) {
> // escape from php mode.
> ?>
> 
>
>  $QUERY_STRING;}?>" method="POST" name="customerlogin" id="customerlogin">
>
> 
>   
> Username:
> 
>   
>   
> Password:
> 
>   
>   
>  
>  value="Login>>>">
>   
>
> 
> 
>  exit();
> }
>
> // If all is well so far.
> session_register("table_id");
> session_register("name");
> session_register("Forenames");
> session_register("Surname");
> session_register("username");
> session_register("password");
> session_register("pw"); // register username and password as session
> variables.
>
>
> $link = mysql_connect("MYSQL_DATABASE_SERVER", "MYSQL_USERNAME",
> "MYSQL_PW") or die("<--Could not connect-->");
> mysql_select_db("MYSQL_DATABASE_NAME") or die("<-- Could not select
> database-->");
> $sql = "SELECT `id`, `Surname`, `Forenames`, `username`, `pw` FROM
> MYSQL_TABLE_NAME WHERE `username` = '$username'";
> $result = mysql_query($sql) or die("Query failed 888");
> list($table_id, $Surname, $Forenames, $un, $pw) = mysql_fetch_row($result);
>
> $numrows = mysql_num_rows($result);
>
> if($numrows != "0" AND $password == $pw) {
> $valid_user = 1;
> $name = $Forenames." ".$Surname;
> }
> else {
> $valid_user = 0;
> }
>
> // If the username exists and pass is correct, don't pop up the login
> code again.
> // If info can't be found or verified
>
> if (!($valid_user))
> {
> session_unset();   // Unset session variables.
> session_destroy(); // End Session we created earlier.
> // escape from php mode.
> ?>
>
> 
>
>
>  $QUERY_STRING;}?>" method="POST">
>
>
> Incorrect username and/or password.  Please enter correct ones to log in:
>
> 
>
>   
> Username:
> 
>   
>   
> Password:
> 
>   
>   
>  
>  value="Login>>>">
> 
> 
>  exit();
> }
> ?>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
>


You should encrypt the password in the database, with a one-way hash,
then you simply compare what's in your db to what the login form
submits.

That way if you get hacked, or your admin goes postal, you won't have
people's unencrypted passwords in the database.

--
Anthony Ettinger
Signature: http://chovy.dyndns.org/hcard.html

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Is this password protection script secure?

[IG]

Hello.

I got a password protected login script of t'internet a while back and 
have implemented it. I just want to make sure it is secure. I am aware 
that the password is stored directly in the database and I don't think 
this is a good thing. If the following could be looked at to see if 
there are any improvements I would be most grateful. The script is then 
called on each page that requires password protection thus-




Here is the code for login.php-






$QUERY_STRING;}?>" method="POST" name="customerlogin" id="customerlogin">



 
   Username:
   
 
 
   Password:
   
 
 
    
   value="Login>>>">

 



session_register("pw"); // register username and password as session 
variables.



$link = mysql_connect("MYSQL_DATABASE_SERVER", "MYSQL_USERNAME", 
"MYSQL_PW") or die("<--Could not connect-->");
mysql_select_db("MYSQL_DATABASE_NAME") or die("<-- Could not select 
database-->");
$sql = "SELECT `id`, `Surname`, `Forenames`, `username`, `pw` FROM 
MYSQL_TABLE_NAME WHERE `username` = '$username'";

$result = mysql_query($sql) or die("Query failed 888");
list($table_id, $Surname, $Forenames, $un, $pw) = mysql_fetch_row($result);
   
$numrows = mysql_num_rows($result);


if($numrows != "0" AND $password == $pw) {
$valid_user = 1;
$name = $Forenames." ".$Surname;
}
else {
$valid_user = 0;
}

// If the username exists and pass is correct, don't pop up the login 
code again.

// If info can't be found or verified

if (!($valid_user))
{
session_unset();   // Unset session variables.
session_destroy(); // End Session we created earlier.
// escape from php mode.
?>




$QUERY_STRING;}?>" method="POST">



Incorrect username and/or password.  Please enter correct ones to log in:



 

   Username:
   
 
 
   Password:
   
 
 
    
   value="Login>>>">





--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Execute a shell command using thttpd-php

[Nelson Carreira]

Hello,

I'm quite new to PHP language and although I got into it pretty fast I'm 
having some trouble executing system commands using php. I'm using 
thttpd-php_2.21b-2_mipsel in a Linksys router and I can only execute 
system commands like "ls" and "cd" from the PHP. I tried using the 
different available functions (exec(), shell_exec(), system(), 
passthru() and backsticks) but none of them works. I can't even run scripts!
I'm working on a web application that will be used to configure the 
router and I need to use a lot of other commands from the PHP, so right 
now I'm quite stucked. I tried to find help online and offline but 
wasn't able to find any. I just hope you guys can help me!


Thanks,

Nelson Carreira

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Hostname Filtering

[Dan]

I have a few PHP scripts where I log hit to a page i.e. IP and  
hostname via a look up.


What I want to do is create essentially a blacklist to prevent bots  
and other hosts and IP from being logged and skewing my stats.  My  
local IP/host and the MSN and Googlebot hits should not be in my  
stats or at least I can flag them to hide them.


For example:

$blacklist = array(
'*.wavefront.ca',
'*.googlebot.com',
'msnbot.msn.com',
'*.inktomisearch.com',
'68.146.96.245'
);

So lets say I have my host:

$host = 'lj602144.inktomisearch.com';

I want to quickly parse this array and return a simple boolean if I  
am in the blacklist.  I could create a loop and cycle through the  
array valves and to a regex on each but I was hoping someone would  
have a more elegant solution.


Thanks,

Dan T

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] array_search and multi-dimensional arrays

[M. Sokolewicz]

List Manager wrote:

jonathan wrote:



I'd like to return the first key value in the following array such 
that England would return 1 rather than 3 which is the second key 
value. Any help would be greatly appreciated.


$c[1][]="Vietnam";
$c[1][]="China";
$c[1][]="Thailand";
$c[1][]="England";
$c[2][]="USA";
$c[2][]="Japan";


print_r($c);
// Array ( [1] => Array ( [0] => Vietnam [1] => China [2] => Thailand 
[3] => England ) [2] => Array ( [0] => USA [1] => Japan ) )


foreach($c as $row)
{
echo array_search("England",$row);
}
// prints 3

-jonathan

--PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


give this a shot

 $v) {
   if ( is_array($v) ) {
 $val = findIndexof($v, $str);
 if( $val !== false ) {
   return $val;
 }
   } elseif ( strtolower($v) == strtolower($str) ) {
 return $k;
   }
 }
 return FALSE;
}

$c[1][] = "Vietnam";
$c[1][] = "China";
$c[1][] = "Thailand";
$c[1][] = "England";
$c[2][] = "USA";
$c[2][] = "Japan";

echo findIndexof($c, 'Vietnam');
?>

You should be able to search arrays of any depth

Hope this woks for you.

Jim


Or, a lot easier:
foreach($c as $key=>$row) {
 if(false !== array_search("England",$row)) {
echo $key;
  }
}

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Editing an existing pdf?

[Meron]

It worked fine and does fill well except when it comes to the downloading of
the file. I tried to provide a hyperlink so that the fdf will be downloaded
as a filled pdf when the link is clicked in internet exploreer.  I also make
sure that this particular file type is downloaded with acrobat reader using
the options in the browsers.

For a reason I cannot understand there is a pop up error message saying that
the fillabe pdf file is not found ... . I also have attached this dialog box
as jpg.In netscape it is far worse - it opens the fdf file on the browser.

Please help on how I can solve this.
Regards
--
View this message in context: 
http://www.nabble.com/Editing-an-existing-pdf--t1202479.html#a3394172
Sent from the PHP - General forum at Nabble.com.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] array_search and multi-dimensional arrays

[List Manager]

jonathan wrote:


I'd like to return the first key value in the following array such 
that England would return 1 rather than 3 which is the second key 
value. Any help would be greatly appreciated.


$c[1][]="Vietnam";
$c[1][]="China";
$c[1][]="Thailand";
$c[1][]="England";
$c[2][]="USA";
$c[2][]="Japan";


print_r($c);
// Array ( [1] => Array ( [0] => Vietnam [1] => China [2] => Thailand 
[3] => England ) [2] => Array ( [0] => USA [1] => Japan ) )


foreach($c as $row)
{
echo array_search("England",$row);
}
// prints 3

-jonathan

--PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


give this a shot

 $v) {
   if ( is_array($v) ) {
 $val = findIndexof($v, $str);
 if( $val !== false ) {
   return $val;
 }
   } elseif ( strtolower($v) == strtolower($str) ) {
 return $k;
   }
 }
 return FALSE;
}

$c[1][] = "Vietnam";
$c[1][] = "China";
$c[1][] = "Thailand";
$c[1][] = "England";
$c[2][] = "USA";
$c[2][] = "Japan";

echo findIndexof($c, 'Vietnam');
?>

You should be able to search arrays of any depth

Hope this woks for you.

Jim

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Automatic authentication using browser's certificate

[DeMZed]

Hi all,

I would like to setup a login authentication based on users'
certificates bundled into the customer's browser.

I've added a valid SSL Certificate in my browser, signed with a
third-party CA, and I would like that the user connected to my website
would be automatically authenticated if his cert is OK for me (without
typing any password).

Have you got any idea ou do you know any framework to develop this in PHP ?

Thanks

DeMZed
PS / Please visit CA-Cert.org for free community (& certificates)
around SSL Authentication

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: Convert all named entities into numeric character references

[Jacob Friis Saxberg]

Thanks, I could also use Tidy and make it do the convert.
Jacob

On 3/9/06, Robin Vickery <[EMAIL PROTECTED]> wrote:
> On 06/03/06, Jacob Friis Saxberg <[EMAIL PROTECTED]> wrote:
> > > > Does anyone know of a Php funtion that can do this:
> > > > http://golem.ph.utexas.edu/~distler/blog/NumericEntities.html
> > > Hi there!
> > >
> > > http://se.php.net/manual/en/function.htmlentities.php
> > >
> > > ?
> >
> > htmlentities converts to named entitites. I want it to numeric entities.
>
> This is probably the simplest way of doing it; write a simple function
> that translates entity names to numbers, then start an output buffer
> at the beginning of your script using the function as an output
> callback function. Then everything after that automatically gets
> converted.
>
> In fact it's so simple, I'll do it for you...
>
> Code posted to pastebin:
>
>http://robinv.pastebin.com/592400
>
>   -robin
>

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php