[PHP] Sessions can be dangerous

2003-05-31 Thread George Whiffen
Dear All,

There doesn't seem to be much discussion of the disadvantages and long 
term dangers of using php sessions.  So let's redress the balance:

1. Heterogeneous Code Environments
php session data is not easily accessible from non-php code e.g. 
Perl/C/ASP etc.  In contrast, either client-stored data e.g. cookies, 
hidden posts, get variables, or data stored in a structured database 
table, (i.e. one column per variable), is easily accessible from other 
code.

The implication is that sessions may suit you fine as long as only php 
is used on your site.  However, if your site matures and you ever want 
or need to use another language for some pages, it will be hard for 
those pages to access data stored in sessions.  On the other hand, if 
the data had been stored in an well-established industry standard 
format, you should have no problems.

2. Provably Secure Authentication Data

Hopefully we all know by now that the best way to safely authenticate 
for access control is to make sure the username/password is checked 
every time either by your script, your webserver or a trusted third-party.

However, I have the feeling some session users are tempted to simply 
authenticate in one script and store a logged in or username flag in 
the session without the username/password having been re-validated.

It's not a complete disaster if you do this, which probably means lots 
of people do it!  But this is only as secure as the session_id key.  I 
don't doubt that session_ids are generated with a high-quality random 
number generator and should be suitably uncrackable.

However, the crackability/vulnerability of a username/password schema is 
very well understood.  Can we really say that the 
vulnerability/crackability of a session_id is as well understood?

What happens if, and I'm sure it's a remote chance, there is ever a bug 
in the session-key generation that stops them being so random so a 
session_id crack becomes not just possible but real easy!

Usernames/passwords just don't have that kind of vulnerability, and the 
vulnerabilities they do have are well known.

3. Independent Audit of Server Stored Data

Procedures for independently verifying the data stored on a server in a 
SQL RDBMs are well established.  It is easy to query the database schema 
to see what columns are defined.  It is easy to verify that the data 
actually held in a column is as expected.  In general it is easy to 
prove and verify what data is held e.g. to prove Data Protection 
compliance or Bank/Credit Card requirements, (no storage of cvv2 for 
example).

It is intrinsically much harder to prove that the contents of php 
session data are compliant.  You need to write a php script to unpack 
the session data.  That means proving that that script itself is safe.
Even after you've unpacked the session data, you still have to make 
sense of it. Different sessions may hold different numbers of 
differently named variables.  But that's not all,  the same variable may 
hold data in different formats in different sessions!

Practically you have some pretty complex processes to prove what data 
you have stored and to verify that you have stored what you thought 
you'd stored!

All in all, php sessions are NOT going to be popular with data auditors. 
 Once again, that may not matter to you now, but down the line it could 
become a BIG issue.

4. State-ful Designs

My personal concern about sessions, is more about the design issues. 
What worries me is that sessions may be used to try and re-create 
client/server style state when the most distinctive advantage of the 
internet, (and the key to its astounding success), is that it is 
fundamentally state-less.

What this means, is that the internet is based on the principle that 
every request is entirely self-contained and independent of any other 
request.  There is for example, absolutely and explicitly, no guarantee 
that http requests will be received in chronological order.  It is all 
strictly about best effort, and no guarantees. This is why the 
internet works: each component does its own job as well as it can 
without worrying about what else is happening.

The implication from a design point of view is that you should not be 
making any assumptions about what has gone before or what will come 
after your php script runs.  The functionality offered, should, as far 
as possible, be completely self-contained, with each php script acting 
as a component in its own right. That means no direct interaction 
between the scripts.  Interaction should be  gated through third-party 
standard interfaces such as http or SQL.

The problem with sessions is that they encourage you to break this model 
by creating a new set of super-global data holding state 
information.  This data is not exchanged through established standards, 
but rather, floats around in the background, changing the behaviour of 
the script but without being clearly externally defined.

If the session data is only 

Re: [PHP] Sessions can be dangerous

2003-05-31 Thread Mike Morton
Some great points in here George - but it leaves me hanging

What are the options?  If we are not to use a 'state-ful' system, how do you
track users preferences, login/logout states, shopping baskets, and other
items that need sessions or some other type of reliable tracking method?

Not that I am saying sessions are 100% reliaable - they are as good only as
the cookie that is returned, and that is not 100% reliable - but it is the
most reliable method that I am aware of - unless I am missing something :)

So all that you say may be true, but what are the options?


On 5/30/03 10:26 AM, George Whiffen [EMAIL PROTECTED] wrote:

 Dear All,
 
 There doesn't seem to be much discussion of the disadvantages and long
 term dangers of using php sessions.  So let's redress the balance:
 
 1. Heterogeneous Code Environments
 php session data is not easily accessible from non-php code e.g.
 Perl/C/ASP etc.  In contrast, either client-stored data e.g. cookies,
 hidden posts, get variables, or data stored in a structured database
 table, (i.e. one column per variable), is easily accessible from other
 code.
 
 The implication is that sessions may suit you fine as long as only php
 is used on your site.  However, if your site matures and you ever want
 or need to use another language for some pages, it will be hard for
 those pages to access data stored in sessions.  On the other hand, if
 the data had been stored in an well-established industry standard
 format, you should have no problems.
 
 2. Provably Secure Authentication Data
 
 Hopefully we all know by now that the best way to safely authenticate
 for access control is to make sure the username/password is checked
 every time either by your script, your webserver or a trusted third-party.
 
 However, I have the feeling some session users are tempted to simply
 authenticate in one script and store a logged in or username flag in
 the session without the username/password having been re-validated.
 
 It's not a complete disaster if you do this, which probably means lots
 of people do it!  But this is only as secure as the session_id key.  I
 don't doubt that session_ids are generated with a high-quality random
 number generator and should be suitably uncrackable.
 
 However, the crackability/vulnerability of a username/password schema is
 very well understood.  Can we really say that the
 vulnerability/crackability of a session_id is as well understood?
 
 What happens if, and I'm sure it's a remote chance, there is ever a bug
 in the session-key generation that stops them being so random so a
 session_id crack becomes not just possible but real easy!
 
 Usernames/passwords just don't have that kind of vulnerability, and the
 vulnerabilities they do have are well known.
 
 3. Independent Audit of Server Stored Data
 
 Procedures for independently verifying the data stored on a server in a
 SQL RDBMs are well established.  It is easy to query the database schema
 to see what columns are defined.  It is easy to verify that the data
 actually held in a column is as expected.  In general it is easy to
 prove and verify what data is held e.g. to prove Data Protection
 compliance or Bank/Credit Card requirements, (no storage of cvv2 for
 example).
 
 It is intrinsically much harder to prove that the contents of php
 session data are compliant.  You need to write a php script to unpack
 the session data.  That means proving that that script itself is safe.
 Even after you've unpacked the session data, you still have to make
 sense of it. Different sessions may hold different numbers of
 differently named variables.  But that's not all,  the same variable may
 hold data in different formats in different sessions!
 
 Practically you have some pretty complex processes to prove what data
 you have stored and to verify that you have stored what you thought
 you'd stored!
 
 All in all, php sessions are NOT going to be popular with data auditors.
 Once again, that may not matter to you now, but down the line it could
 become a BIG issue.
 
 4. State-ful Designs
 
 My personal concern about sessions, is more about the design issues.
 What worries me is that sessions may be used to try and re-create
 client/server style state when the most distinctive advantage of the
 internet, (and the key to its astounding success), is that it is
 fundamentally state-less.
 
 What this means, is that the internet is based on the principle that
 every request is entirely self-contained and independent of any other
 request.  There is for example, absolutely and explicitly, no guarantee
 that http requests will be received in chronological order.  It is all
 strictly about best effort, and no guarantees. This is why the
 internet works: each component does its own job as well as it can
 without worrying about what else is happening.
 
 The implication from a design point of view is that you should not be
 making any assumptions about what has gone before or what will come
 after your php 

Re: [PHP] Suggestion of webpage about search engines

2003-05-31 Thread ruusvuu
C'mon!  You built this site - don't lie and say you 'found' it!

Quoting l [EMAIL PROTECTED]:

 I found one small site (designed in php of course:)) what care about
 registration on search engines and search engine optimalization here:
 
 http://submit.prolidi.net/en/
 
 I found some of the information very helpful, so I send it to you.
 
 L.
 
 
 -- 
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php
 
 




-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] Email This Story and Print Functions

2003-05-31 Thread Michael Geier
the Print this Story really doesn't have anything to do with PHP, if you
are referring to actually sending the page to a printer (see Javascript)

if you are storing your articles in a DB, simply pull the info out and
create a mailbody for the Email this Story function.

On Fri, 2003-05-30 at 02:36, Jeffrey L. Fitzgerald wrote:
   Thanks to Kevin, Monty and the others who helped with my earlier post...
 
   Anyone have experience with PHP based Email This Story and Print This 
 Story functions?? I am looking to add these along with a digital postcard 
 mailer. 
-- 
Michael Geier [EMAIL PROTECTED]


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] Email This Story and Print Functions

2003-05-31 Thread Justin French
on 30/05/03 6:36 PM, Jeffrey L. Fitzgerald ([EMAIL PROTECTED]) wrote:

 Thanks to Kevin, Monty and the others who helped with my earlier post...
 
 Anyone have experience with PHP based Email This Story and Print This
 Story functions?? I am looking to add these along with a digital postcard
 mailer. 

Email this story is a way of someone emailing the contents of a page, OR
the URL of the page (more common) to a friend  so all you need to do is
know what page they're trying to email, collect the sender and recipient
email address', and send a URL  short message with mail().  Look in the
$_SERVER array for some values which will tell you the current URL  query
string.

Print this page can be as simple as an alternate style sheet, or a
simplified way of presenting data on a page, which is printer-friendly.

If you're pulling your main content out of databases or flat files, then it
should be relatively easy to set a value in the URL ($_GET array) which
toggles between a complex (regular) page layout, and a simple (print)
layout.

Think it through.


Justin


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] mail function problem

2003-05-31 Thread Michael Geier
changing the value in the php.ini file is not the ideal option, as it
screws things up for all of users/scripts on the server.

you could use ini_set() for the script to change the sendmail_path var
for that script.

you could use a mail class that does alot of the grunt work for you
(Manuel Lemos normally posts some classes from his site, however I use
PHPMailer (http://phpmailer.sourceforge.net) and have never looked back.

On Fri, 2003-05-30 at 03:26, David Grant wrote:
 Bersani Francesco wrote:
 
  Hi, I have a problem with the mail function; it always sends mails
  assuming in the from field the user [EMAIL PROTECTED].
  I tried to override it with this code:
  
  
  ?
  $email = [EMAIL PROTECTED];
  $subject = prova invio mail ;
  $message = parappaaa ;
  $headers = From:[EMAIL PROTECTED]:[EMAIL PROTECTED];
  
  mail($email, $subject, $message, $headers);
  
  ?
  --
  
  It doesn't work...
  
  Can anybody help me ?
 
 
 Take a peek into php.ini to change the default value.
 
 Note that you should seperate mail headers with \r\n.
 
 Regards,
 
 David
 
 
 -- 
 David Grant
 Web Developer
 
 [EMAIL PROTECTED]
 http://www.wiredmedia.co.uk
 
 Tel: 0117 930 4365, Fax: 0870 169 7625
 
 Wired Media Ltd
 Registered Office: 43 Royal Park, Bristol, BS8 3AN
 Studio: Whittakers House, 32 - 34 Hotwell Road, Bristol, BS8 4UD
 
 Company registration number: 4016744
 
 **
 This email and any files transmitted with it are confidential and
 intended solely for the use of the individual or entity to whom they
 are addressed. If you have received this email in error please notify
 the system manager.
 
 **
-- 
Michael Geier [EMAIL PROTECTED]


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



RE: [PHP] Sessions can be dangerous

2003-05-31 Thread Wim Paulussen
George,

Having created an invoicing system using php , I very clearly understand the
advantage the session construction holds : the information is maintained on
the server, rather than floating around in cyberspace between the client and
server each and every time you exchange information.
If you want to use hidden input you need to set up a secure link each and
every time you transfer the o so important username/password combination.
Furthermore , the session data is not that difficult to access with another
program as long as you can capture the session-id, which you can.
All in all , I did not yet come across a better system to get something
working in a manageable and secure way.
You could go a step further and mimick the session_data management via a
database interface if your data quality is such an important issue, but then
again, make sure you have a foolproof system to make logging in into the
database secure !
Nobody forces you to use the session system and if you want to shy away from
it , it is your choice, but I am a little bit afraid that your lenghty email
about session insecurity will be meaningfull only for the core PHP
developers/auditors.

Wim


-Oorspronkelijk bericht-
Van: George Whiffen [mailto:[EMAIL PROTECTED]
Verzonden: Friday, May 30, 2003 4:27 PM
Aan: [EMAIL PROTECTED]
Onderwerp: [PHP] Sessions can be dangerous


Dear All,

There doesn't seem to be much discussion of the disadvantages and long
term dangers of using php sessions.  So let's redress the balance:

1. Heterogeneous Code Environments
php session data is not easily accessible from non-php code e.g.
Perl/C/ASP etc.  In contrast, either client-stored data e.g. cookies,
hidden posts, get variables, or data stored in a structured database
table, (i.e. one column per variable), is easily accessible from other
code.

The implication is that sessions may suit you fine as long as only php
is used on your site.  However, if your site matures and you ever want
or need to use another language for some pages, it will be hard for
those pages to access data stored in sessions.  On the other hand, if
the data had been stored in an well-established industry standard
format, you should have no problems.

2. Provably Secure Authentication Data

Hopefully we all know by now that the best way to safely authenticate
for access control is to make sure the username/password is checked
every time either by your script, your webserver or a trusted third-party.

However, I have the feeling some session users are tempted to simply
authenticate in one script and store a logged in or username flag in
the session without the username/password having been re-validated.

It's not a complete disaster if you do this, which probably means lots
of people do it!  But this is only as secure as the session_id key.  I
don't doubt that session_ids are generated with a high-quality random
number generator and should be suitably uncrackable.

However, the crackability/vulnerability of a username/password schema is
very well understood.  Can we really say that the
vulnerability/crackability of a session_id is as well understood?

What happens if, and I'm sure it's a remote chance, there is ever a bug
in the session-key generation that stops them being so random so a
session_id crack becomes not just possible but real easy!

Usernames/passwords just don't have that kind of vulnerability, and the
vulnerabilities they do have are well known.

3. Independent Audit of Server Stored Data

Procedures for independently verifying the data stored on a server in a
SQL RDBMs are well established.  It is easy to query the database schema
to see what columns are defined.  It is easy to verify that the data
actually held in a column is as expected.  In general it is easy to
prove and verify what data is held e.g. to prove Data Protection
compliance or Bank/Credit Card requirements, (no storage of cvv2 for
example).

It is intrinsically much harder to prove that the contents of php
session data are compliant.  You need to write a php script to unpack
the session data.  That means proving that that script itself is safe.
Even after you've unpacked the session data, you still have to make
sense of it. Different sessions may hold different numbers of
differently named variables.  But that's not all,  the same variable may
hold data in different formats in different sessions!

Practically you have some pretty complex processes to prove what data
you have stored and to verify that you have stored what you thought
you'd stored!

All in all, php sessions are NOT going to be popular with data auditors.
  Once again, that may not matter to you now, but down the line it could
become a BIG issue.

4. State-ful Designs

My personal concern about sessions, is more about the design issues.
What worries me is that sessions may be used to try and re-create
client/server style state when the most distinctive advantage of the
internet, (and the key to its astounding success), is that it 

[PHP] php + java in winxp platform, reload dont work~

2003-05-31 Thread Jason Chan
Dear all,

i installed java jdk 1.4 and php 4.3.2
i tried to use java in php

i edited the php.ini as follows

[Java]
extension=php_java.dll
java.class.path = c:\php\extensions\php_java.jar
java.home = C:\j2sdk1.4.1_01
java.library = C:\j2sdk1.4.1_01\jre\bin\server\jvm.dll
java.library.path = c:\php\extensions

and test it with following codes and it works (the code copy from php.net)
?php
  // get instance of Java class java.lang.System in PHP
  $system = new Java('java.lang.System');

  // demonstrate property access
  print 'Java version='.$system-getProperty('java.version').' br';
  print 'Java vendor=' .$system-getProperty('java.vendor').' br';
  print 'OS='.$system-getProperty('os.name').' '.
  $system-getProperty('os.version').' on '.
  $system-getProperty('os.arch').' br';

  // java.util.Date example
  $formatter = new Java('java.text.SimpleDateFormat',
,  dd,  'at' h:mm:ss a );

  print $formatter-format(new Java('java.util.Date'));

?

however the problem is when i first run this page in IE, it works
i click the reflesh button, it works
but if i closed the IE, and load the page in a new broswer,
it show Fatal error: Unable to create Java Virtual Machine
i have to restart the apache server to get it work again, so what is going on?

Jason




-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



RE: [PHP] strip_tags() Quandry....

2003-05-31 Thread Carl Furst
As you can guess, I'm more a fan of the regular expressions myself being
primarily a PERL head. However, PHP string functions are useful and
convenient (like trim() for example), and they don't require you to know the
in's and out's of regexps which can look like gobbledygook, be very
confusing, and sometimes very difficult to use if you don't really know how
they work. If you can get them to work, they are very powerful. However
getting them to work can require some serious tweaking.

I think the main thing when deciding which to use is how much control you
want over what is done to your string. Using a PHP function can lead to
precarious results sometimes if you don't know exactly what they do
(nl2br(), for example, you have to be sure that ALL of your br's are to
occur right before a \n, this isn't always the case). They also don't
afford as much flexibility in some cases as regular expressions do
(str_replace for replacing multiple spaces, for example).

If it's something simple that you know a PHP function can take of, use it.
If not, use regexps. They may take a bit more tweaking, but in the long run
are much more flexible and a lot more powerful.

Carl.


-Original Message-
From: Noah [mailto:[EMAIL PROTECTED]
Sent: Thursday, May 29, 2003 11:03 PM
To: CPT John W. Holmes; Carl Furst
Cc: [EMAIL PROTECTED]
Subject: Re: [PHP] strip_tags() Quandry

Hey John; Hey Carl.

I've heard this debate before; i.e. regular expressions vs. PHP string
formatting functions.

The problem I'm dealing with will require, I believe, a combination of
preg_replace(), str_replace(), strstr(), and str_pos().

To my limited knowledge, there is no way to remove white space with PHP
string functions; when I use strip_tags on a block of html text, whitespace
results; thus the need for preg_replace().

The rest can most likely be taken care of with PHP string functions,
although I'm running into a few headaches with user errors; i.e. when a
coach types up his/her team roster and mistakenly adds extra spaces between
fields (e.g. player height = 6'   2 instead of 6' 2), or roster fields do
not match up with our roster table fields (e.g. one team roster has a field
for player's favorite professional athlete) -- in these cases it may be that
I'll need to use regular expressions to crawl through roster string data
looking for word boundaries and the like.

I'm new to regular expressions to say the least -- just took the dive in
yesterday; much to learn...

If either of you feel like elaborating on the pros and cons of regular
expressions vs. PHP string functions, let me know.

--Noah



- Original Message -
From: CPT John W. Holmes [EMAIL PROTECTED]
To: Carl Furst [EMAIL PROTECTED]; Noah
[EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Thursday, May 29, 2003 10:18 AM
Subject: Re: [PHP] strip_tags() Quandry


 Yes, no problem! Glad it worked out. you may wish to actually study the
 perlre man page on perl.com. This goes into the most details and talks
about
 how PERL actually EXTENDS shell regular expressions significantly and
 excellent resource that I have used many many times.

 I figure since PHP regexps are perl compatible, might as well go to the
 source, no?

 My other suggestion is that if you are taking this HTML and putting into a
 database, especially MySQL you should scrub for pipes, nulls and slashes,
 hackers can exploit user input to open a tty or shell or even access user
 files like /etc/passwd and mess wid ya here are a few regexps that do
 that

While I agree that regexp are powerful and useful, the examples you gave are
better suited to using str_replace(), trim(), or nl2br() calls rather than a
regular expression.

Also, about the warning for inserting data into a database... try not to
scare people to much. If you have

column = '$value'
or
column = $value

in your query, as long as you've run addslashes on $value to escape single
quotes in the first case and double quotes in the second, there's no
vulnerabilities.

If you have

column = $column

then you BETTER make sure that $column is a number and only a number. When
you put unquoted (unquoted within the actual SQL, not PHP) values into your
SQL, that's when you open yourself up to vulnerabilities if you're not
validating that the value is only a number.


 For pipes:
 preg_replace('/\|/g','',$html_string);
  For nulls:
 Preg_replace('/\0/g','',$html_string);
 For slashes
 preg_replace('/\//g','',$html_string);  # to be clearer, you can use s!\/!
 g; just so you can see where the regexp begins and ends.

str_replace('|','',$html_string);
etc...

 Some other useful ones for data like the stuff you're doing:
 Spaces at the beginning:
 /^\s/
 spaces at the end:
 /\s$/

trim()

 br tags into \n
 preg_replace('!\br\!', \n, $string);

nl2br();

---John Holmes...




-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] PHP 4.3.2 released

2003-05-31 Thread Andrew Scott
Hi,

This _still_ doesn't seem to work with Linux/Apache2. I have no problems 
with Apache 1.3.27. Have been running Apache/php for years, but I have been 
unable to get php to work with apache2 except as a cgi.

I have now tried both --with-apxs2 and --with-apxs2filter. Neither appear to 
work. Useing --with-apxs2 I get segfaults (seen in error_log), and the 
server won't even serve up plain html, though server-info and server-status 
do work! Useing --with-apxs2filter, I just get a save-file dialog box, 
offering to save the source. 

I do note one apparent error in all the documentation I can find; the module 
is listed as sapi_apache2.c rather than mod_php4.c (as it is under apache 
1.3.x). So rather than using IfModule mod_php4.c you need to use IfModule 
sapi_apache2.c to activate module specific actions. This _does_ work, and 
the module _is_ loading, as server info reflects the setting of PHPINIdir 
and php_admin_flag settings made in httpd.conf. 

Below is the end of my Apache config file, everything before the AddType was 
added just to see if I could get environment changes to show up in server-
info, which they do. BTW, Apache compiled as pre-fork, just to make things 
as easy as possible.

IfModule sapi_apache2.c
  php_value include_path .:/usr/local/lib/php
  php_admin_flag safe_mode on
  PHPINIDir /usr/local/lib
/IfModule
AddType application/x-httpd-php .php

The most recent effort was compiled with _no_ extra functionality addded to 
php. I usually add gd and mysql at a minimum. Apache was compiled with --
enable-so, have been doing it this way since the first install of 1.3.x.

I have tried searching for any info on what the problem might be, but 
everything I've found on the web seems to say I've been doing things 
correctly. Would really like to get this working! :)

I have suspected that with apache2filter, php is never getting to see the 
pages. Possibly this has something to do with the fact that the module is 
known as sapi_php4 rather than mod_php4? I'm reaching I guess.


On 29 May 2003 at 15:05, Jani Taskinen wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1
 
 
   After a lengthy QA process, PHP 4.3.2 is finally out!  This maintenance
   release solves a lot of bugs found in earlier PHP versions and is a
   *strongly* recommended upgrade for all PHP users.
 
   PHP 4.3.2 contains, among others, following important fixes, additions and
   improvements:
 
* Fixes several potentially hazardous integer and buffer overflows.
* Fixes for several 64-bit problems.
* New Apache 2.0 SAPI module (sapi/apache2handler, enabled with --with-apxs2).
* New session_regenerate_id() function. 
  (Important feature against malicious session planting).
* Improvements to dba extension.
* Improvements to thttpd SAPI module.
* Dropped support for GDLIB version 1.x.x (php_gd.dll) on Windows.
* An unix man page for CLI version of PHP.
* New disable_classes php.ini option to allow administrators to disable
  certain classes for security reasons.
* ..and huge amount other bug fixes
  _
 / \   / [EMAIL PROTECTED]
/ \ \ /
   /   \_/


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[PHP] Passing page referrer on as variable

2003-05-31 Thread Mallen Baker
I have a login process for an intranet that aims to allow all people to view the 
intranet front page, but as soon as they click on a link, they are taken to a login 
page. Once they have logged in (authentication via sessions, drawing from info held in 
a mysql database) they can then go wherever they want.

What I am trying to get is that when they click on a link and login, the process then 
forwards them on to the page whose link they clicked on, rather than presenting them 
back with the home page.

Basically, every page calls a function that checks whether the person is logged in, 
and if not redirects them to the login page. The login page register the $http_referer 
as a variable on the form - and when the form is submitted (ie. login takes place) 
that variable is passed on, and used for a location: instruction on success.

The real kicker is that this worked fine when I developed it - using IE5 on my Mac 
(and still does). Only after a short while did I discover and realise that it wasn't 
working at all on IE5.5 / 6 on Windows. But surely these are server side operations, 
and if it works for one it should work for others?

The only thing I can think of is that IE5.5 on Windows doesn't pass on the referer 
info in the same way?? In which case, is there an alternative way of capturing this 
that would withstand the differences?

Thanks - Mallen



This e-mail has been scanned for all viruses by Star Internet. The
service is powered by MessageLabs. For more information on a proactive
anti-virus service working around the clock, around the globe, visit:
http://www.star.net.uk


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] strip_tags() Quandry....

2003-05-31 Thread Noah
Exactly, Carl.

The HTML team data I'm dealing with comes in myriad formats -- nothing is
uniform as each school presents their team data differently, not to mention
potential inconsistencies (e.g. users mistakenly entering multiple spaces
between fields and the like) within each format.

For the most part I intend to rely on regular expressions for this job,
although I'm a little wary -- regexp syntax is tres bizarre ;--)

Thanks for the clues; ultraedit.com has a great regexp tutorial

Enjoy the spring/summer,

--Noah


- Original Message -
From: Carl Furst [EMAIL PROTECTED]
To: Noah [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Friday, May 30, 2003 7:44 AM
Subject: RE: [PHP] strip_tags() Quandry


As you can guess, I'm more a fan of the regular expressions myself being
primarily a PERL head. However, PHP string functions are useful and
convenient (like trim() for example), and they don't require you to know the
in's and out's of regexps which can look like gobbledygook, be very
confusing, and sometimes very difficult to use if you don't really know how
they work. If you can get them to work, they are very powerful. However
getting them to work can require some serious tweaking.

I think the main thing when deciding which to use is how much control you
want over what is done to your string. Using a PHP function can lead to
precarious results sometimes if you don't know exactly what they do
(nl2br(), for example, you have to be sure that ALL of your br's are to
occur right before a \n, this isn't always the case). They also don't
afford as much flexibility in some cases as regular expressions do
(str_replace for replacing multiple spaces, for example).

If it's something simple that you know a PHP function can take of, use it.
If not, use regexps. They may take a bit more tweaking, but in the long run
are much more flexible and a lot more powerful.

Carl.


-Original Message-
From: Noah [mailto:[EMAIL PROTECTED]
Sent: Thursday, May 29, 2003 11:03 PM
To: CPT John W. Holmes; Carl Furst
Cc: [EMAIL PROTECTED]
Subject: Re: [PHP] strip_tags() Quandry

Hey John; Hey Carl.

I've heard this debate before; i.e. regular expressions vs. PHP string
formatting functions.

The problem I'm dealing with will require, I believe, a combination of
preg_replace(), str_replace(), strstr(), and str_pos().

To my limited knowledge, there is no way to remove white space with PHP
string functions; when I use strip_tags on a block of html text, whitespace
results; thus the need for preg_replace().

The rest can most likely be taken care of with PHP string functions,
although I'm running into a few headaches with user errors; i.e. when a
coach types up his/her team roster and mistakenly adds extra spaces between
fields (e.g. player height = 6'   2 instead of 6' 2), or roster fields do
not match up with our roster table fields (e.g. one team roster has a field
for player's favorite professional athlete) -- in these cases it may be that
I'll need to use regular expressions to crawl through roster string data
looking for word boundaries and the like.

I'm new to regular expressions to say the least -- just took the dive in
yesterday; much to learn...

If either of you feel like elaborating on the pros and cons of regular
expressions vs. PHP string functions, let me know.

--Noah



- Original Message -
From: CPT John W. Holmes [EMAIL PROTECTED]
To: Carl Furst [EMAIL PROTECTED]; Noah
[EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Thursday, May 29, 2003 10:18 AM
Subject: Re: [PHP] strip_tags() Quandry


 Yes, no problem! Glad it worked out. you may wish to actually study the
 perlre man page on perl.com. This goes into the most details and talks
about
 how PERL actually EXTENDS shell regular expressions significantly and
 excellent resource that I have used many many times.

 I figure since PHP regexps are perl compatible, might as well go to the
 source, no?

 My other suggestion is that if you are taking this HTML and putting into a
 database, especially MySQL you should scrub for pipes, nulls and slashes,
 hackers can exploit user input to open a tty or shell or even access user
 files like /etc/passwd and mess wid ya here are a few regexps that do
 that

While I agree that regexp are powerful and useful, the examples you gave are
better suited to using str_replace(), trim(), or nl2br() calls rather than a
regular expression.

Also, about the warning for inserting data into a database... try not to
scare people to much. If you have

column = '$value'
or
column = $value

in your query, as long as you've run addslashes on $value to escape single
quotes in the first case and double quotes in the second, there's no
vulnerabilities.

If you have

column = $column

then you BETTER make sure that $column is a number and only a number. When
you put unquoted (unquoted within the actual SQL, not PHP) values into your
SQL, that's when you open yourself up to vulnerabilities if you're not

Re: [PHP] Sessions can be dangerous

2003-05-31 Thread Erik S. LaBianca - Quonic
Wim

While I do see the usefullness of sessions, I have to disagree with you
on the security aspect. A session ID is just as vulnerable to sniffing
as is a username / password combination. The only security you gain from
using it instead is that it's value is time limited. If your application
reallys needs all that security, you'd better be using a secure
transport, period.
The session might even be worse, because, for instance, if you're using
the files session handler, another user of your system may be able to
easily read the current sessions id's from the temp folder, and hijack
an authenticated session, even if it were encrypted.
As george stated, there is also always the chance that the session_id
generator is NOT secure, in which case you're really up the proverbial
creek.
You're right, however, in that storing all the state information on
the server is a good thing. Why pollute your html with hidden fields, or
mangle the heck out of your urls. I DO believe that maintaining state is
a necessity when attempting to write Applications on the web, instead
of just web pages.
--erik

Wim Paulussen wrote:

George,

Having created an invoicing system using php , I very clearly understand the
advantage the session construction holds : the information is maintained on
the server, rather than floating around in cyberspace between the client and
server each and every time you exchange information.
If you want to use hidden input you need to set up a secure link each and
every time you transfer the o so important username/password combination.
Furthermore , the session data is not that difficult to access with another
program as long as you can capture the session-id, which you can.
All in all , I did not yet come across a better system to get something
working in a manageable and secure way.
You could go a step further and mimick the session_data management via a
database interface if your data quality is such an important issue, but then
again, make sure you have a foolproof system to make logging in into the
database secure !
Nobody forces you to use the session system and if you want to shy away from
it , it is your choice, but I am a little bit afraid that your lenghty email
about session insecurity will be meaningfull only for the core PHP
developers/auditors.
Wim

-Oorspronkelijk bericht-
Van: George Whiffen [mailto:[EMAIL PROTECTED]
Verzonden: Friday, May 30, 2003 4:27 PM
Aan: [EMAIL PROTECTED]
Onderwerp: [PHP] Sessions can be dangerous
Dear All,

There doesn't seem to be much discussion of the disadvantages and long
term dangers of using php sessions.  So let's redress the balance:
1. Heterogeneous Code Environments
php session data is not easily accessible from non-php code e.g.
Perl/C/ASP etc.  In contrast, either client-stored data e.g. cookies,
hidden posts, get variables, or data stored in a structured database
table, (i.e. one column per variable), is easily accessible from other
code.
The implication is that sessions may suit you fine as long as only php
is used on your site.  However, if your site matures and you ever want
or need to use another language for some pages, it will be hard for
those pages to access data stored in sessions.  On the other hand, if
the data had been stored in an well-established industry standard
format, you should have no problems.
2. Provably Secure Authentication Data

Hopefully we all know by now that the best way to safely authenticate
for access control is to make sure the username/password is checked
every time either by your script, your webserver or a trusted third-party.
However, I have the feeling some session users are tempted to simply
authenticate in one script and store a logged in or username flag in
the session without the username/password having been re-validated.
It's not a complete disaster if you do this, which probably means lots
of people do it!  But this is only as secure as the session_id key.  I
don't doubt that session_ids are generated with a high-quality random
number generator and should be suitably uncrackable.
However, the crackability/vulnerability of a username/password schema is
very well understood.  Can we really say that the
vulnerability/crackability of a session_id is as well understood?
What happens if, and I'm sure it's a remote chance, there is ever a bug
in the session-key generation that stops them being so random so a
session_id crack becomes not just possible but real easy!
Usernames/passwords just don't have that kind of vulnerability, and the
vulnerabilities they do have are well known.
3. Independent Audit of Server Stored Data

Procedures for independently verifying the data stored on a server in a
SQL RDBMs are well established.  It is easy to query the database schema
to see what columns are defined.  It is easy to verify that the data
actually held in a column is as expected.  In general it is easy to
prove and verify what data is held e.g. to prove Data Protection
compliance or Bank/Credit Card 

Re: [PHP] Sessions can be dangerous

2003-05-31 Thread Justin French
on 31/05/03 1:26 AM, George Whiffen ([EMAIL PROTECTED]) wrote:


 1. Heterogeneous Code Environments
 php session data is not easily accessible from non-php code e.g.
 Perl/C/ASP etc.  In contrast, either client-stored data e.g. cookies,
 hidden posts, get variables, or data stored in a structured database
 table, (i.e. one column per variable), is easily accessible from other
 code.
 
 The implication is that sessions may suit you fine as long as only php
 is used on your site.  However, if your site matures and you ever want
 or need to use another language for some pages, it will be hard for
 those pages to access data stored in sessions.  On the other hand, if
 the data had been stored in an well-established industry standard
 format, you should have no problems.
 
 2. Provably Secure Authentication Data
 
 Hopefully we all know by now that the best way to safely authenticate
 for access control is to make sure the username/password is checked
 every time either by your script, your webserver or a trusted third-party.
 
 However, I have the feeling some session users are tempted to simply
 authenticate in one script and store a logged in or username flag in
 the session without the username/password having been re-validated.
 
 It's not a complete disaster if you do this, which probably means lots
 of people do it!  But this is only as secure as the session_id key.  I
 don't doubt that session_ids are generated with a high-quality random
 number generator and should be suitably uncrackable.
 
 However, the crackability/vulnerability of a username/password schema is
 very well understood.  Can we really say that the
 vulnerability/crackability of a session_id is as well understood?
 
 What happens if, and I'm sure it's a remote chance, there is ever a bug
 in the session-key generation that stops them being so random so a
 session_id crack becomes not just possible but real easy!
 
 Usernames/passwords just don't have that kind of vulnerability, and the
 vulnerabilities they do have are well known.

Maybe I'm missing something, but generally speaking, session id's are
transmitted in plain text via either the URL, or via a cookie (neither of
which is usually under SSL) so I don't see why you're paying so much
attention to cracking or hijacking session ids... it is, to my
knowledge, really easy to find out someone's session id, and similarly easy
to hijack it.

What's the option other than storing a value like logged in???  Storing
the uid and pwd on the client side is a no-no, and storing them in the
session in no more secure that storing logged in since the session can be
hijacked.

My preference is to re-ask the user for a password before:

a) changing a password
b) doing anything secure (like changing passwords, transferring funds,
altering private information, etc etc)

which is the ONLY reinforcement that is secure (ask them, then ask them
again later).


I don't really get your point.  Yes, sessions can be unsecure, but so can
$_GET variables in the wrong hands.



 3. Independent Audit of Server Stored Data
 
 Procedures for independently verifying the data stored on a server in a
 SQL RDBMs are well established.  It is easy to query the database schema
 to see what columns are defined.  It is easy to verify that the data
 actually held in a column is as expected.  In general it is easy to
 prove and verify what data is held e.g. to prove Data Protection
 compliance or Bank/Credit Card requirements, (no storage of cvv2 for
 example).
 
 It is intrinsically much harder to prove that the contents of php
 session data are compliant.  You need to write a php script to unpack
 the session data.  That means proving that that script itself is safe.
 Even after you've unpacked the session data, you still have to make
 sense of it. Different sessions may hold different numbers of
 differently named variables.  But that's not all,  the same variable may
 hold data in different formats in different sessions!
 
 Practically you have some pretty complex processes to prove what data
 you have stored and to verify that you have stored what you thought
 you'd stored!
 
 All in all, php sessions are NOT going to be popular with data auditors.
 Once again, that may not matter to you now, but down the line it could
 become a BIG issue.

As long as an user-supplied data is appropriately validated before storing
in sessions, I cannot see a way for the user to harm the session data, or to
store bad data.  Isn't the the whole point of storing JUST a session ID on
the client machine (either in URL or cookie) and the data server-side,
rather than storing all data client-side

If a user indicates a preference for a blue background, and I validate the
data that states this (sent to the script via POST or GET) before storing it
as a session var, then I can't see where the danger lies... only PHP scripts
have access to session data, and only a validated, expected data should be
added to the session.



 4. State-ful 

RE: [PHP] strip_tags() Quandry....

2003-05-31 Thread Carl Furst
OH yeah, it takes a little while to get the gist of how to use them, you
should also Google Perl Regular Expressions see what turns up. The perlre
man page is very detailed which is good but you might find some other useful
tricks that PHP functions or the Perlre manpage may not cover, like checking
for valid email addresses, or even phone numbers (which is a tricky little
@#$%^#). Is there a PHP function that checks emails? That would be neat.

Carl Furst
System Developer
Vote.com
50 Water St.
South Norwalk, CT. 06854
203-854-9912 x.231

-Original Message-
From: Noah [mailto:[EMAIL PROTECTED]
Sent: Friday, May 30, 2003 2:04 PM
To: Carl Furst
Cc: [EMAIL PROTECTED]
Subject: Re: [PHP] strip_tags() Quandry

Exactly, Carl.

The HTML team data I'm dealing with comes in myriad formats -- nothing is
uniform as each school presents their team data differently, not to mention
potential inconsistencies (e.g. users mistakenly entering multiple spaces
between fields and the like) within each format.

For the most part I intend to rely on regular expressions for this job,
although I'm a little wary -- regexp syntax is tres bizarre ;--)

Thanks for the clues; ultraedit.com has a great regexp tutorial

Enjoy the spring/summer,

--Noah


- Original Message -
From: Carl Furst [EMAIL PROTECTED]
To: Noah [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Friday, May 30, 2003 7:44 AM
Subject: RE: [PHP] strip_tags() Quandry


As you can guess, I'm more a fan of the regular expressions myself being
primarily a PERL head. However, PHP string functions are useful and
convenient (like trim() for example), and they don't require you to know the
in's and out's of regexps which can look like gobbledygook, be very
confusing, and sometimes very difficult to use if you don't really know how
they work. If you can get them to work, they are very powerful. However
getting them to work can require some serious tweaking.

I think the main thing when deciding which to use is how much control you
want over what is done to your string. Using a PHP function can lead to
precarious results sometimes if you don't know exactly what they do
(nl2br(), for example, you have to be sure that ALL of your br's are to
occur right before a \n, this isn't always the case). They also don't
afford as much flexibility in some cases as regular expressions do
(str_replace for replacing multiple spaces, for example).

If it's something simple that you know a PHP function can take of, use it.
If not, use regexps. They may take a bit more tweaking, but in the long run
are much more flexible and a lot more powerful.

Carl.


-Original Message-
From: Noah [mailto:[EMAIL PROTECTED]
Sent: Thursday, May 29, 2003 11:03 PM
To: CPT John W. Holmes; Carl Furst
Cc: [EMAIL PROTECTED]
Subject: Re: [PHP] strip_tags() Quandry

Hey John; Hey Carl.

I've heard this debate before; i.e. regular expressions vs. PHP string
formatting functions.

The problem I'm dealing with will require, I believe, a combination of
preg_replace(), str_replace(), strstr(), and str_pos().

To my limited knowledge, there is no way to remove white space with PHP
string functions; when I use strip_tags on a block of html text, whitespace
results; thus the need for preg_replace().

The rest can most likely be taken care of with PHP string functions,
although I'm running into a few headaches with user errors; i.e. when a
coach types up his/her team roster and mistakenly adds extra spaces between
fields (e.g. player height = 6'   2 instead of 6' 2), or roster fields do
not match up with our roster table fields (e.g. one team roster has a field
for player's favorite professional athlete) -- in these cases it may be that
I'll need to use regular expressions to crawl through roster string data
looking for word boundaries and the like.

I'm new to regular expressions to say the least -- just took the dive in
yesterday; much to learn...

If either of you feel like elaborating on the pros and cons of regular
expressions vs. PHP string functions, let me know.

--Noah



- Original Message -
From: CPT John W. Holmes [EMAIL PROTECTED]
To: Carl Furst [EMAIL PROTECTED]; Noah
[EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Thursday, May 29, 2003 10:18 AM
Subject: Re: [PHP] strip_tags() Quandry


 Yes, no problem! Glad it worked out. you may wish to actually study the
 perlre man page on perl.com. This goes into the most details and talks
about
 how PERL actually EXTENDS shell regular expressions significantly and
 excellent resource that I have used many many times.

 I figure since PHP regexps are perl compatible, might as well go to the
 source, no?

 My other suggestion is that if you are taking this HTML and putting into a
 database, especially MySQL you should scrub for pipes, nulls and slashes,
 hackers can exploit user input to open a tty or shell or even access user
 files like /etc/passwd and mess wid ya here are a few regexps that do
 that

While I agree 

Re: [PHP] PHP 4.3.2 released

2003-05-31 Thread Justin French
on 31/05/03 1:46 AM, Andrew Scott ([EMAIL PROTECTED]) wrote:

 This _still_ doesn't seem to work with Linux/Apache2. I have no problems
 with Apache 1.3.27. Have been running Apache/php for years, but I have been
 unable to get php to work with apache2 except as a cgi.

I don't mean to be rude, but this has been discussed HUNDREDS of times on
the list.  PHP is NOT stable with Apache 2, and is unlikely to be stable any
time soon -- that's straight from people who know, like Rasmus.

If you wish to use PHP in a production environment, use Apache 1.3.x.  I
doubt even PHP 5 will be a stable Apache 2 release, so don't hold your
breath.

Search the archives for detailed answers, especially from Rasmus.


Justin French


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] Sessions can be dangerous

2003-05-31 Thread Rasmus Lerdorf
On Fri, 30 May 2003, George Whiffen wrote:
 1. Heterogeneous Code Environments
 php session data is not easily accessible from non-php code e.g.
 Perl/C/ASP etc.  In contrast, either client-stored data e.g. cookies,
 hidden posts, get variables, or data stored in a structured database
 table, (i.e. one column per variable), is easily accessible from other
 code.

For anything beyond a trivial application, you are going to be writing
your own backend save_handler anyway, so I don't really see how this is an
issue.  If you don't want to write your own save_handler (which is really
really easy) you can always just set session.serialize_handler = wddx in
your php.ini file and you will have the data stored in a standard XML
format instead.  This format is very accessible from non-PHP code.

 2. Provably Secure Authentication Data

 Hopefully we all know by now that the best way to safely authenticate
 for access control is to make sure the username/password is checked
 every time either by your script, your webserver or a trusted third-party.

 However, I have the feeling some session users are tempted to simply
 authenticate in one script and store a logged in or username flag in
 the session without the username/password having been re-validated.

Sure, but this isn't really specific to sessions.  I would say this is
related to any cookie a developer might create.  There is always the
temptation to not include the auth headers on each page and just toss the
logged in user id into the cookie.  This is obviously a bad idea, but I
wouldn't necessarily attribute this to an inherent danger in sessions.

 3. Independent Audit of Server Stored Data

 Procedures for independently verifying the data stored on a server in a
 SQL RDBMs are well established.  It is easy to query the database schema
 to see what columns are defined.  It is easy to verify that the data
 actually held in a column is as expected.  In general it is easy to
 prove and verify what data is held e.g. to prove Data Protection
 compliance or Bank/Credit Card requirements, (no storage of cvv2 for
 example).

 It is intrinsically much harder to prove that the contents of php
 session data are compliant.  You need to write a php script to unpack
 the session data.  That means proving that that script itself is safe.
 Even after you've unpacked the session data, you still have to make
 sense of it. Different sessions may hold different numbers of
 differently named variables.  But that's not all,  the same variable may
 hold data in different formats in different sessions!

Again, see point 1.  Any real usage of sessions is going to need a custom
save_handler most likely written against a real database.  You simply
cannot go beyond a trivial single-server web-app without doing so and the
facilities in the php session support for doing this is good.

 4. State-ful Designs

 My personal concern about sessions, is more about the design issues.
 What worries me is that sessions may be used to try and re-create
 client/server style state when the most distinctive advantage of the
 internet, (and the key to its astounding success), is that it is
 fundamentally state-less.

 What this means, is that the internet is based on the principle that
 every request is entirely self-contained and independent of any other
 request.  There is for example, absolutely and explicitly, no guarantee
 that http requests will be received in chronological order.  It is all
 strictly about best effort, and no guarantees. This is why the
 internet works: each component does its own job as well as it can
 without worrying about what else is happening.

The boat has long since sailed on this one.  People need and want to
maintain state.  You can't build any sort of shopping-cart style site
without them.

 5. Reduced Component Reusability

 ...

 On the other hand if the update is coded as a proper component i.e. it
 reads the key of the data to be updated from the http request, (GET,
 POST or COOKIE), then you can automatically allow it to be accessed from
 anywhere without having to always go through some particular
 search/list/select sequence.

I tend to distinguish between the human interface to an app and the
machine interface.  Trying to put them both into the same interface tends
to make them cumbersome for both sides.  Often the human interface is just
a thin layer on top of an underlying machine interface and it is at the
machine interface that you have your reusability and transparency.  In a
properly designed architecture, the session layer is simply part of the
human interface and really doesn't affect the reusability of your base
machine interface.

-Rasmus

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] Passing page referrer on as variable

2003-05-31 Thread Kevin Stone

- Original Message -
From: Mallen Baker [EMAIL PROTECTED]
To:  [EMAIL PROTECTED]
Sent: Friday, May 30, 2003 8:48 AM
Subject: [PHP] Passing page referrer on as variable


 I have a login process for an intranet that aims to allow all people to
view the intranet front page, but as soon as they click on a link, they are
taken to a login page. Once they have logged in (authentication via
sessions, drawing from info held in a mysql database) they can then go
wherever they want.

 What I am trying to get is that when they click on a link and login, the
process then forwards them on to the page whose link they clicked on, rather
than presenting them back with the home page.

 Basically, every page calls a function that checks whether the person is
logged in, and if not redirects them to the login page. The login page
register the $http_referer as a variable on the form - and when the form is
submitted (ie. login takes place) that variable is passed on, and used for a
location: instruction on success.

 The real kicker is that this worked fine when I developed it - using IE5
on my Mac (and still does). Only after a short while did I discover and
realise that it wasn't working at all on IE5.5 / 6 on Windows. But surely
these are server side operations, and if it works for one it should work for
others?

 The only thing I can think of is that IE5.5 on Windows doesn't pass on the
referer info in the same way?? In which case, is there an alternative way of
capturing this that would withstand the differences?

 Thanks - Mallen

print_r($_SERVER) to see what values are available to you.

If HTTP_REFERER is blank, which is entirely possible, try HTTP_HOST and
SCRIPT_NAME and pass those to your from the intranet page to your login
script instead of getting the referrer after you've redirected to the login
script.

- Kevin



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[PHP] CR in MySQL?

2003-05-31 Thread Brian Dunning
How do you put a carriage return in a MySQL database and have it 
display as a line break on the web page?

- Brian

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


RE: [PHP] CR in MySQL?

2003-05-31 Thread Dan Joseph
 How do you put a carriage return in a MySQL database and have it 
 display as a line break on the web page?

str_replace (\n, br, $var);

-Dan Joseph

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] CR in MySQL?

2003-05-31 Thread David Grant
Dan Joseph wrote:

How do you put a carriage return in a MySQL database and have it 
display as a line break on the web page?


str_replace (\n, br, $var);

-Dan Joseph

Is CR == NL?  What's wrong with nl2br()?

--
David Grant
Web Developer
[EMAIL PROTECTED]
http://www.wiredmedia.co.uk
Tel: 0117 930 4365, Fax: 0870 169 7625

Wired Media Ltd
Registered Office: 43 Royal Park, Bristol, BS8 3AN
Studio: Whittakers House, 32 - 34 Hotwell Road, Bristol, BS8 4UD
Company registration number: 4016744

**
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
**

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[PHP] reserver variable names

2003-05-31 Thread Lee Doolan

I could swear that I once saw a statement to the effect that
certain variable names were reserved in PHP.  Something along
the lines of

''variable names starting with two underscores (__) are
reserved... ''

Is anyone else aware of this or do I have a circuit crossed
somewhere?

thanx
--lee

-- 
Flowers of morning glory.  +-+
The sky above this street  |donate to causes I care about:   |
Begins to overcast.| http://svcs.affero.net/rm.php?r=leed_25 |
   --Sugita+-+

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



RE: [PHP] CR in MySQL?

2003-05-31 Thread Dan Joseph
Hi,

  str_replace (\n, br, $var);
 
  -Dan Joseph
 

 Is CR == NL?  What's wrong with nl2br()?

Beats me, is it?  nothing wrong with it I guess, I just didn't know about
that function.

-Dan Joseph


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] reserver variable names

2003-05-31 Thread Kevin Stone

- Original Message -
From: Lee Doolan [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, May 30, 2003 10:49 AM
Subject: [PHP] reserver variable names



 I could swear that I once saw a statement to the effect that
 certain variable names were reserved in PHP.  Something along
 the lines of

 ''variable names starting with two underscores (__) are
 reserved... ''

 Is anyone else aware of this or do I have a circuit crossed
 somewhere?

 thanx
 --lee

Predefined constants:
http://us3.php.net/manual/en/language.constants.predefined.php?PHPSESSID=3ff
34aabf314aabe3ba7b35de816ac94

- Kevin



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] CR in MySQL?

2003-05-31 Thread David Grant
Dan Joseph wrote:

Hi,


str_replace (\n, br, $var);

-Dan Joseph

Is CR == NL?  What's wrong with nl2br()?


Beats me, is it?  nothing wrong with it I guess, I just didn't know about
that function.
-Dan Joseph


Just did a bit of checking..

NL == ASCII 010, CR == ASCII 015..

--
David Grant
Web Developer
[EMAIL PROTECTED]
http://www.wiredmedia.co.uk
Tel: 0117 930 4365, Fax: 0870 169 7625

Wired Media Ltd
Registered Office: 43 Royal Park, Bristol, BS8 3AN
Studio: Whittakers House, 32 - 34 Hotwell Road, Bristol, BS8 4UD
Company registration number: 4016744

**
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
**

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[PHP] preg_match array question

2003-05-31 Thread Daniel J. Rychlik
Hey,

Im trying to use preg_match to validate numbers in multiple fields.  I can check one 
field but Im having trouble checking multiple fields.  

preg_match ( '(foo)' , $_POST[num1] ); - That works fine.  but I need to check 
multiple fields.  

I thought I would build an array with the POST data like this...

$num = array ($_POST[num1],
($_POST[num2]);  There are more than that...  

and then use 
preg_match ('(foo)', $num) ;   $num should point to my array, but that doesnt work.  I 
get a warning message.. and it doesnt check the first num1 in the array.  

Im certain that Its my code, and I wanted to get some input on what Im doing wrong.

-Dan

RE: [PHP] CR in MySQL?

2003-05-31 Thread Dan Joseph
Hi,

 Just did a bit of checking..

 NL == ASCII 010, CR == ASCII 015..

Ahh ok, so nl2br() would work.  Cool, I guess you learn something new
everyday.  Is there a one for CR's?  I noticed cr2br() wasn't listed in the
manual.

-Dan Joseph


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] preg_match array question

2003-05-31 Thread David Grant
Daniel J. Rychlik wrote:

Hey,

Im trying to use preg_match to validate numbers in multiple fields.  I can check one field but Im having trouble checking multiple fields.  

preg_match ( '(foo)' , $_POST[num1] ); - That works fine.  but I need to check multiple fields.  

I thought I would build an array with the POST data like this...

$num = array ($_POST[num1],
($_POST[num2]);  There are more than that...  

and then use 
preg_match ('(foo)', $num) ;   $num should point to my array, but that doesnt work.  I get a warning message.. and it doesnt check the first num1 in the array.  

Im certain that Its my code, and I wanted to get some input on what Im doing wrong.

-Dan
A quick search turned this up:
http://www.php.net/manual/en/function.preg-grep.php
--
David Grant
Web Developer
[EMAIL PROTECTED]
http://www.wiredmedia.co.uk
Tel: 0117 930 4365, Fax: 0870 169 7625

Wired Media Ltd
Registered Office: 43 Royal Park, Bristol, BS8 3AN
Studio: Whittakers House, 32 - 34 Hotwell Road, Bristol, BS8 4UD
Company registration number: 4016744

**
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
**

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


Re: [PHP] preg_match array question

2003-05-31 Thread Chris Cook
You could also have the form post as an array and this saves you the coding 
in PHP. Like this:
form
input type=text name=num[]
input type=text name=num[]
input type=text name=num[]
/form

Chris


From: David Grant [EMAIL PROTECTED]
Reply-To: David Grant [EMAIL PROTECTED]
To: Daniel J. Rychlik [EMAIL PROTECTED]
CC: [EMAIL PROTECTED]
Subject: Re: [PHP] preg_match array question
Date: Fri, 30 May 2003 17:59:58 +0100
Daniel J. Rychlik wrote:

Hey,

Im trying to use preg_match to validate numbers in multiple fields.  I can 
check one field but Im having trouble checking multiple fields.

preg_match ( '(foo)' , $_POST[num1] ); - That works fine.  but I need 
to check multiple fields.

I thought I would build an array with the POST data like this...

$num = array ($_POST[num1],
($_POST[num2]);  There are more than that...
and then use preg_match ('(foo)', $num) ;   $num should point to my array, 
but that doesnt work.  I get a warning message.. and it doesnt check the 
first num1 in the array.

Im certain that Its my code, and I wanted to get some input on what Im 
doing wrong.

-Dan
A quick search turned this up:
http://www.php.net/manual/en/function.preg-grep.php
--
David Grant
Web Developer
[EMAIL PROTECTED]
http://www.wiredmedia.co.uk
Tel: 0117 930 4365, Fax: 0870 169 7625

Wired Media Ltd
Registered Office: 43 Royal Park, Bristol, BS8 3AN
Studio: Whittakers House, 32 - 34 Hotwell Road, Bristol, BS8 4UD
Company registration number: 4016744

**
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
**

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
_
STOP MORE SPAM with the new MSN 8 and get 2 months FREE*  
http://join.msn.com/?page=features/junkmail

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[PHP] Cookies Probelm,

2003-05-31 Thread Haseeb Iqbal
hi guys i am having this strange problem.i want to store quite a lot of data 
in cookie as an array but the problem is when ever my arrays size get equal 
to 4 it starts over. what could be the problem?
here is the array that i get

Array
(
   [Cart] = Array
   (
   [14] = Array
   (
   [nItmId] = Array
   (
   [1] = 5
   [4] = 0
   )
   )

   [15] = Array
   (
   [nQuan] = 1
   [nSerId] = 1
   [nItmId] = Array
   (
   [3] = 86
   [34] = 1
   [1] = 5
   [4] = 0
   )
   )

   [16] = Array
   (
   [nQuan] = 1
   [nSerId] = 1
   [nItmId] = Array
   (
   [3] = 86
   [34] = 1
   [1] = 5
   [4] = 0
   )
   )

   [17] = Array
   (
   [nQuan] = 1
   [nSerId] = 1
   [nItmId] = Array
   (
   [3] = 86
   [34] = 1
   [1] = 5
   [4] = 0
   )
   )

   )

)
thanx in advance
Haseeb
_
The new MSN 8: advanced junk mail protection and 2 months FREE* 
http://join.msn.com/?page=features/junkmail

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


RE: [PHP] preg_match array question

2003-05-31 Thread Ralph

Try this:

Let say you have these three fields in your form:

INPUT TYPE=text VALUE=num[1]
INPUT TYPE=text VALUE=num[2] 
INPUT TYPE=text VALUE=num[3]

then use the following to iterate through each field: 

foreach($_POST['num'] as $key = $value){
preg_match ( '(foo)' , $_POST[num][$key] );
}

or you can also try this:

$c = count($num);
for($i; $i  $c; $i++){
preg_match ( '(foo)' , $_POST[num][$i] );
}

this should get you started.

-Original Message-
From: Daniel J. Rychlik [mailto:[EMAIL PROTECTED] 
Sent: Friday, May 30, 2003 9:48 AM
To: [EMAIL PROTECTED]
Subject: [PHP] preg_match array question

Hey,

Im trying to use preg_match to validate numbers in multiple fields.  I
can check one field but Im having trouble checking multiple fields.  

preg_match ( '(foo)' , $_POST[num1] ); - That works fine.  but I need
to check multiple fields.  

I thought I would build an array with the POST data like this...

$num = array ($_POST[num1],
($_POST[num2]);  There are more than that...  

and then use 
preg_match ('(foo)', $num) ;   $num should point to my array, but that
doesnt work.  I get a warning message.. and it doesnt check the first
num1 in the array.  

Im certain that Its my code, and I wanted to get some input on what Im
doing wrong.

-Dan



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



RE: [PHP] Cookies Probelm,

2003-05-31 Thread Jay Blanchard
[snip]
hi guys i am having this strange problem.i want to store quite a lot of
data in cookie as an array but the problem is when ever my arrays size
get equal to 4 it starts over. what could be the problem?

[/snip]

There are size limits for cookies dependent upon the browser. I am going
to guess that you are testing with Netscape or Mozilla where the limit
is 4kb.

HTH!

Jay

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] Cookies Probelm,

2003-05-31 Thread Haseeb Iqbal
thanx for the information.
how can i overcome this ?
any idea?
Haseeb
- Original Message - 
From: Jay Blanchard [EMAIL PROTECTED]
To: Haseeb Iqbal [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Friday, May 30, 2003 11:01 PM
Subject: RE: [PHP] Cookies Probelm,


[snip]
hi guys i am having this strange problem.i want to store quite a lot of
data in cookie as an array but the problem is when ever my arrays size
get equal to 4 it starts over. what could be the problem?

[/snip]

There are size limits for cookies dependent upon the browser. I am going
to guess that you are testing with Netscape or Mozilla where the limit
is 4kb.

HTH!

Jay

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



RE: [PHP] Cookies Probelm,

2003-05-31 Thread Jay Blanchard
Google for cookie information

-Original Message-
From: Haseeb Iqbal [mailto:[EMAIL PROTECTED] 
Sent: Friday, May 30, 2003 1:05 PM
To: [EMAIL PROTECTED]
Subject: Re: [PHP] Cookies Probelm,


thanx for the information.
how can i overcome this ?
any idea?
Haseeb
- Original Message - 
From: Jay Blanchard [EMAIL PROTECTED]
To: Haseeb Iqbal [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Friday, May 30, 2003 11:01 PM
Subject: RE: [PHP] Cookies Probelm,


[snip]
hi guys i am having this strange problem.i want to store quite a lot of
data in cookie as an array but the problem is when ever my arrays size
get equal to 4 it starts over. what could be the problem?

[/snip]

There are size limits for cookies dependent upon the browser. I am going
to guess that you are testing with Netscape or Mozilla where the limit
is 4kb.

HTH!

Jay

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] Cookies Probelm,

2003-05-31 Thread Catalin Trifu
Hi,

Try using sessions instead of cookies. This way the array
gets saved locally and not sent packed into a cookie.
The only thing which passes as a cookie is the session id.

Cheers,
Catalin

Haseeb Iqbal [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
 thanx for the information.
 how can i overcome this ?
 any idea?
 Haseeb
 - Original Message -
 From: Jay Blanchard [EMAIL PROTECTED]
 To: Haseeb Iqbal [EMAIL PROTECTED]; [EMAIL PROTECTED]
 Sent: Friday, May 30, 2003 11:01 PM
 Subject: RE: [PHP] Cookies Probelm,


 [snip]
 hi guys i am having this strange problem.i want to store quite a lot of
 data in cookie as an array but the problem is when ever my arrays size
 get equal to 4 it starts over. what could be the problem?

 [/snip]

 There are size limits for cookies dependent upon the browser. I am going
 to guess that you are testing with Netscape or Mozilla where the limit
 is 4kb.

 HTH!

 Jay

 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php





-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



RE: [PHP] CR in MySQL?

2003-05-31 Thread Narayana Reddy Gari, Ramki (MED)
Hi guys,


I see the following the messages


Notice: Object to string conversion in
D:\Inetpub\wwwroot\cad_service\presentation\PresentationObject.php on
line 18
Notice: Object to string conversion in
D:\Inetpub\wwwroot\cad_service\presentation\PresentationObject.php on
line 19

class PresentationObject extends Object {

var $templateRoot;
var $cfgMgr;
var $serviceManager;

// Constructor
function PresentationObject($cfgMgr, $serviceManager) {
Line 18 $this-$cfgMgr = $cfgMgr;

Line 19 $this-$serviceManager = $serviceManager;
$this-templateRoot = TEMPLATE_ROOT_DIR;
}


  ...
}

Can someone please help me figure out this problem. I am in desperate
need to get rid of this problem.

Thanks
Ramki

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[PHP] Assignment operator questions

2003-05-31 Thread Andrew D. Luebke
Is it possible to do the following in PHP a = b = c;  Which in C, for 
instance would set b and a equal to c.  Thanks.

Andrew.



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


RE: [PHP] Assignment operator questions

2003-05-31 Thread Joe Stump
Exactly what you just did will work ...

?php

  $c = 1;
  $a = $b = $c;

?

$a, $b and $c all are 1 now.

--Joe


--
Joe Stump [EMAIL PROTECTED]
http://www.joestump.net
Label makers are proof God wants Sys Admins to be happy.

-Original Message-
From: Andrew D. Luebke [mailto:[EMAIL PROTECTED]
Sent: Friday, May 30, 2003 11:47 AM
To: [EMAIL PROTECTED]
Subject: [PHP] Assignment operator questions


Is it possible to do the following in PHP a = b = c;  Which in C, for 
instance would set b and a equal to c.  Thanks.

Andrew.



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[PHP] Best Practices in Directory Layout?

2003-05-31 Thread motorpsychkill
I've wanted to get some input on this for a while...  I've recently been
designing PHP applications using the following directory architecture:

main/
master php files (e.g. addphoto.php)

includes/
forms/
validation/
process/

So, using the addphoto.php example, there would be a file in the forms
directory that read:  addphoto_form.inc
In the validation directory, there would be:  addphoto_validation.inc
And in the process directory, addphoto_process.inc

The master php file (addphoto.php) would simply pull the form, validate it
and process it.  Now the problem is, as I add more master files (currently
around 50), the forms, validation and process directories get equally large.
Would it make more sense to simply allocate each master file its own
directory like this:

addphoto/
addphoto_form.inc
addphoto_validate.inc
addphoto_process.inc

And so, with each new master file (for a task or module), there would be a
new directory.

I'm not sure which is better form, but I find that using the first method is
easier when adding new tasks for the application to execute.  I've looked at
the layout of a couple big php applications and they all seem to do things
differently.  Any thoughts are welcome!!

-m


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[PHP] Re: \n outputs \r\n ??

2003-05-31 Thread Michael Isaacs
Thanks for the promp replies to my message.  After a bit of testing, running
command line, and doing some debugging, I found that it was an ftp statement
that was causing the problem.  It was sending the file I was creating (which
was correct) in ASCII format and this was changing the LF to CRLF.  It took
a bit to track this down.

Thanks for the assistance.

Michael


Michael Isaacs [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
 Still new to PHP - any assistance would be very much appreciated...

 I am using a php script to send info to a local file for mail filtering.
 Whe the php script sends the following:

 fputs($nf, MAILDIR=$MAILDIR # Default mail directory\n);

 the output actually has a chr 13, 10

 ProcMail interprest the CR as a part of the phrase it is using for
parsing,
 so when it goes to send a filter out to a folder (testing in my case) it
 appends a CR to the end of it, which goofs up the user mail agent.  It
also
 goofs up the filter itself, as it is looking for a CR in the criteria.

 Is there a way to force it to only output a LF, not CRLF?  Configuration
 issue?

 Michael Isaacs





-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] preg_match array question

2003-05-31 Thread Daniel J. Rychlik
The problem is, that I have multiple fields and what I am trying to do is
check each field to make sure I get the data that I need and not some crap,
like letters in a number field or a script tag in a field.  Things of this
sort.  The foreach loop wont work for me in this instance because Im
checking for proper input.

I can write multiple elseif statements to check each field but alas, this is
not optimal.  I may go ahead and write this to get it done and then go back
and put it to the write board

-dan
- Original Message - 
From: Ralph [EMAIL PROTECTED]
To: 'Daniel J. Rychlik' [EMAIL PROTECTED];
[EMAIL PROTECTED]
Sent: Friday, May 30, 2003 12:59 PM
Subject: RE: [PHP] preg_match array question



 Try this:

 Let say you have these three fields in your form:

 INPUT TYPE=text VALUE=num[1]
 INPUT TYPE=text VALUE=num[2]
 INPUT TYPE=text VALUE=num[3]

 then use the following to iterate through each field:

 foreach($_POST['num'] as $key = $value){
 preg_match ( '(foo)' , $_POST[num][$key] );
 }

 or you can also try this:

 $c = count($num);
 for($i; $i  $c; $i++){
 preg_match ( '(foo)' , $_POST[num][$i] );
 }

 this should get you started.

 -Original Message-
 From: Daniel J. Rychlik [mailto:[EMAIL PROTECTED]
 Sent: Friday, May 30, 2003 9:48 AM
 To: [EMAIL PROTECTED]
 Subject: [PHP] preg_match array question

 Hey,

 Im trying to use preg_match to validate numbers in multiple fields.  I
 can check one field but Im having trouble checking multiple fields.

 preg_match ( '(foo)' , $_POST[num1] ); - That works fine.  but I need
 to check multiple fields.

 I thought I would build an array with the POST data like this...

 $num = array ($_POST[num1],
 ($_POST[num2]);  There are more than that...

 and then use
 preg_match ('(foo)', $num) ;   $num should point to my array, but that
 doesnt work.  I get a warning message.. and it doesnt check the first
 num1 in the array.

 Im certain that Its my code, and I wanted to get some input on what Im
 doing wrong.

 -Dan




-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] Suggestion of webpage about search engines

2003-05-31 Thread Ryan A
Liar Liar,
 This is your site..I recognize the english/spelling mistakes.

-Ryan

- Original Message - 
From: l [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, May 30, 2003 2:24 PM
Subject: [PHP] Suggestion of webpage about search engines


 I found one small site (designed in php of course:)) what care about
 registration on search engines and search engine optimalization here:
 
 http://submit.prolidi.net/en/
 
 I found some of the information very helpful, so I send it to you.
 
 L.
 
 
 -- 
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php
 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[PHP] Problem with DB2 on Linux?

2003-05-31 Thread Scott Fletcher
Hi!

I do not have problem with DB2 on AIX and I had never use DB2 on Linux
before.  So, I installed it and it was successful but I get an error message
saying that it can not create DB2 instance due to permission denied.  I
tried many workaround to it with no luck, so did anyone who have this
problem before please tell me what the problem is and what the workaround to
it.  Can't use the IBM support and did many searching on the Internet with
no luck.

Thanks,
 Scott



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



RE: [PHP] preg_match array question

2003-05-31 Thread Ralph
Not sure if I'm misunderstanding, but I know that foreach() will do
this. 

-Original Message-
From: Daniel J. Rychlik [mailto:[EMAIL PROTECTED] 
Sent: Friday, May 30, 2003 11:58 AM
To: Ralph; [EMAIL PROTECTED]
Subject: Re: [PHP] preg_match array question

The problem is, that I have multiple fields and what I am trying to do
is
check each field to make sure I get the data that I need and not some
crap,
like letters in a number field or a script tag in a field.  Things of
this
sort.  The foreach loop wont work for me in this instance because Im
checking for proper input.

I can write multiple elseif statements to check each field but alas,
this is
not optimal.  I may go ahead and write this to get it done and then go
back
and put it to the write board





-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[PHP] Adding graphics library

2003-05-31 Thread Todd Cary
I am new to Linux so I need some help for installing the graphics 
library.  This is what I did to get PHP to inlcude Interbase.

  !! Configure PHP with Interbase with apxs
  34  ./configure --with-apxs=/usr/sbin --with-interbase=/opt/interbase
  35  ./configure --with-interbase=/opt/interbase --with-apxs=/usr/sbin
  36  ./configure --with-interbase=/opt/interbase 
--with-apxs=/usr/sbin/apxs

What do I need to add to this to include the graphics library?

Many thanks...

Todd



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


Re: [PHP] preg_match array question

2003-05-31 Thread Daniel J. Rychlik
perhaps I am misunderstanding...  I have snipit of my foreach.  I have a
preg_match that checks for a valid email address.  basically it just checks
for an @ and a .  When I place this in my loop all of the keys are
evaluated, so hence the name key is evaluated and thrown error because of
the check.

To remedy this problem I took it out of the loop and it worked fine.
Ultimately I would love to keep it in the loop and throw checks for certain
fields, but syntaxtually it doesnt work for me.  Any Suggestions ?


  foreach ($_POST as $key=$value) { # Begin Foreach loop


   if (empty($value)) { # Begin If
echo $key :: Missing Databr/;

   if (!preg_match('/([a-z0-9\-\.\#\:[EMAIL PROTECTED])/i',
$_POST[eaddy]))
{echo $_POST[eaddy], is not a valid address.br/;  }
   } # End if

   else { echo $key, -Okbr/;}

  } # End Foreach


- Original Message - 
From: Ralph [EMAIL PROTECTED]
To: 'Daniel J. Rychlik' [EMAIL PROTECTED];
[EMAIL PROTECTED]
Sent: Friday, May 30, 2003 2:42 PM
Subject: RE: [PHP] preg_match array question


 Not sure if I'm misunderstanding, but I know that foreach() will do
 this.

 -Original Message-
 From: Daniel J. Rychlik [mailto:[EMAIL PROTECTED]
 Sent: Friday, May 30, 2003 11:58 AM
 To: Ralph; [EMAIL PROTECTED]
 Subject: Re: [PHP] preg_match array question

 The problem is, that I have multiple fields and what I am trying to do
 is
 check each field to make sure I get the data that I need and not some
 crap,
 like letters in a number field or a script tag in a field.  Things of
 this
 sort.  The foreach loop wont work for me in this instance because Im
 checking for proper input.

 I can write multiple elseif statements to check each field but alas,
 this is
 not optimal.  I may go ahead and write this to get it done and then go
 back
 and put it to the write board





 -- 
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] Best Practices in Directory Layout?

2003-05-31 Thread Jim Lucas
I prefer the second method.  It allows you to look at one folder and see
everything that that one process can and will do.

Jim Lucas
- Original Message -
From: motorpsychkill [EMAIL PROTECTED]
To: Php General List [EMAIL PROTECTED]
Sent: Friday, May 30, 2003 12:04 PM
Subject: [PHP] Best Practices in Directory Layout?


 I've wanted to get some input on this for a while...  I've recently been
 designing PHP applications using the following directory architecture:

 main/
 master php files (e.g. addphoto.php)

 includes/
 forms/
 validation/
 process/

 So, using the addphoto.php example, there would be a file in the forms
 directory that read:  addphoto_form.inc
 In the validation directory, there would be:  addphoto_validation.inc
 And in the process directory, addphoto_process.inc

 The master php file (addphoto.php) would simply pull the form, validate it
 and process it.  Now the problem is, as I add more master files (currently
 around 50), the forms, validation and process directories get equally
large.
 Would it make more sense to simply allocate each master file its own
 directory like this:

 addphoto/
 addphoto_form.inc
 addphoto_validate.inc
 addphoto_process.inc

 And so, with each new master file (for a task or module), there would be a
 new directory.

 I'm not sure which is better form, but I find that using the first method
is
 easier when adding new tasks for the application to execute.  I've looked
at
 the layout of a couple big php applications and they all seem to do things
 differently.  Any thoughts are welcome!!

 -m


 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php




-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[PHP] static vars question

2003-05-31 Thread Martin Helie
Sorry if this is completely stupid, but can anyone explain this, assuming
the following code:

function test() {
static $i = 0;

if( $i  10 ) {
$i++;
test();
}
echo I'm here;
}

test();

I am a little surprised to find that even when $i  10 and test() is invoked
again, the current function call executes all the way through to echoing
I'm here.

I would've thought current execution would be terminated as soon as the
function is called again, and that I'd get I'm here only once we're out of
the loop (ie, $i == 10).

Thanks for any pointers.

Martin Helie



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] static vars question

2003-05-31 Thread Steve Keller
At 5/30/2003 04:49 PM, Martin Helie wrote:

 function test() {
 static $i = 0;
 if( $i  10 ) {
 $i++;
 test();
 }
 echo I'm here;
 }

 I am a little surprised to find that even when $i  10 and test() is invoked
 again, the current function call executes all the way through to echoing
 I'm here.
Why? The I'm here line is outside the conditional. The function will 
still complete independent of the conditional. If $i is greater than ten, 
the pointer just skips the contents of the if/then and continues on the 
next line after it. Here's a better illustration:

function gooble($alGore) {
echo This is a ;
if ($alGore!=President) {
echo longer ;
}
echo sentence.br /;
}
gooble(Vice President);
gooble(Crazy Mountain Man);
gooble(President);
If you want the function to terminate when the conditional is false, then 
you need an Else statement to do so, otherwise it's going to keep going.

--
S. Keller
UI Engineer
The Health TV Channel, Inc.
(a non - profit organization)
3820 Lake Otis Pkwy.
Anchorage, AK 99508
907.770.6200 ext.220
907.336.6205 (fax)
Email: [EMAIL PROTECTED]
Web: www.healthtvchannel.org
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[PHP] array count() oddity

2003-05-31 Thread Guru Geek
Hello,

I have a mysql statement listed below.  The table contains about 100
rows of information.  Only one row matches the $criteria.  Can anyone
tell me why the count($myrow) is 8?  Shouldn't it be 4 (id, vanNumber,
origin, destination)?

$criteria = 02-25-2003;
$result = mysql_query(SELECT id, vanNumber, origin, destination FROM
thisHereTable WHERE date='$criteria');
$myrow = mysql_fetch_array($result);

And when I run the rest of the script, it prints out the results 8 times
instead of once
for ($count=0; $countcount($myrow); $count++)
{
print p.$myrow[vanNumber];
print br.$myrow[origin]. to .$myrow[destination];
}

THANKS,
Roger





-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[PHP] XPath and Namespaces

2003-05-31 Thread andre.varney
Hi,
 
I have been successfully using XPath to parse some data from my XML docs for
quite a while. Now I have a document that uses namespaces. And I can't get a
grip on how to address my data any more. Does anyone know how to solve the
following problem? Any help appreciated.
 
Cheers,
André
([EMAIL PROTECTED])
 
?php
 
// no namespaces - no trouble
$xml1 = '?xml version=1.0 encoding=UTF-8?'.
'ITCL type=TestDefinition /';
$dom1 = domxml_open_mem($xml1);
$xpc1 = xpath_new_context($dom1);
$attrib1 = xpath_eval($xpc1, /ITCL/@type);
$type1 = $attrib1-nodeset[0]-value;
print Type1: $type1\n;
 
// using namespaces I am lost
// without the xmlns attribute, this also works fine
$xml2 = '?xml version=1.0 encoding=UTF-8?'.
'ITCL xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance;'
http://www.w3.org/2001/XMLSchema-instance%22' .
' xsi:schemaLocation=http://api.imbp.de/schema/xsd/itcl'
http://api.imbp.de/schema/xsd/itcl' .
' http://api.imbp.de/schema/xsd/itcl;'
http://api.imbp.de/schema/xsd/itcl%22' .
' xmlns=http://api.imbp.de/schema/xsd/itcl;'
http://api.imbp.de/schema/xsd/itcl%22' .
' type=TestDefinition /';
$dom2 = domxml_open_mem($xml2);
$xpc2 = xpath_new_context($dom2);
$attrib2 = xpath_eval($xpc2, /ITCL/@type);
$type2 = $attrib2-nodeset[0]-value;
print Type2: $type2\n;
 
?
 


Re: [PHP] array count() oddity

2003-05-31 Thread Kevin Stone
- Original Message -
From: Guru Geek [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, May 30, 2003 3:15 PM
Subject: [PHP] array count() oddity


 Hello,

 I have a mysql statement listed below.  The table contains about 100
 rows of information.  Only one row matches the $criteria.  Can anyone
 tell me why the count($myrow) is 8?  Shouldn't it be 4 (id, vanNumber,
 origin, destination)?

 $criteria = 02-25-2003;
 $result = mysql_query(SELECT id, vanNumber, origin, destination FROM
 thisHereTable WHERE date='$criteria');
 $myrow = mysql_fetch_array($result);

 And when I run the rest of the script, it prints out the results 8 times
 instead of once
 for ($count=0; $countcount($myrow); $count++)
 {
 print p.$myrow[vanNumber];
 print br.$myrow[origin]. to .$myrow[destination];
 }

 THANKS,
 Roger

Hi,

mysql_fetch_array(); produces two arrays, one indexed and one associative,
thus count() will return twice the expected number.  Use mysql_fetch_row()
to retrieve a single indexed array or mysql_fetch_assoc() to retrieve a
single associative array.

Refer to the documentation:
http://us2.php.net/manual/en/function.mysql-fetch-array.php

- Kevin



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



RE: [PHP] preg_match array question

2003-05-31 Thread Ralph
foreach ($_POST as $key=$value) { 

if (empty($value)) { 
   error_message[] = $key :: Missing Databr/;
}

// if email field, perform email validation
if($_POST[$key] == 'email')
   if (!preg_match('/([a-z0-9\-\.\#\:[EMAIL PROTECTED])/i',
$_POST[$key])) {
   error_message[] = $value .  is not a valid address.br/;  }
} 

// etc..

}

// check for error message
if(!empty($error_message)){
  $c = count($error_message);
  for($i = 0; $i  $c; $i++){
echo $error_message[$i];
  }  
} else {
  // no error found 
}

-Original Message-
From: Daniel J. Rychlik [mailto:[EMAIL PROTECTED] 
Sent: Friday, May 30, 2003 1:04 PM
To: Ralph; [EMAIL PROTECTED]
Subject: Re: [PHP] preg_match array question

perhaps I am misunderstanding...  I have snipit of my foreach.  I have a
preg_match that checks for a valid email address.  basically it just
checks
for an @ and a .  When I place this in my loop all of the keys are
evaluated, so hence the name key is evaluated and thrown error because
of
the check.

To remedy this problem I took it out of the loop and it worked fine.
Ultimately I would love to keep it in the loop and throw checks for
certain
fields, but syntaxtually it doesnt work for me.  Any Suggestions ?


  foreach ($_POST as $key=$value) { # Begin Foreach loop


   if (empty($value)) { # Begin If
echo $key :: Missing Databr/;

   if (!preg_match('/([a-z0-9\-\.\#\:[EMAIL PROTECTED])/i',
$_POST[eaddy]))
{echo $_POST[eaddy], is not a valid address.br/;  }
   } # End if

   else { echo $key, -Okbr/;}

  } # End Foreach


- Original Message - 
From: Ralph [EMAIL PROTECTED]
To: 'Daniel J. Rychlik' [EMAIL PROTECTED];
[EMAIL PROTECTED]
Sent: Friday, May 30, 2003 2:42 PM
Subject: RE: [PHP] preg_match array question


 Not sure if I'm misunderstanding, but I know that foreach() will do
 this.

 -Original Message-
 From: Daniel J. Rychlik [mailto:[EMAIL PROTECTED]
 Sent: Friday, May 30, 2003 11:58 AM
 To: Ralph; [EMAIL PROTECTED]
 Subject: Re: [PHP] preg_match array question

 The problem is, that I have multiple fields and what I am trying to do
 is
 check each field to make sure I get the data that I need and not some
 crap,
 like letters in a number field or a script tag in a field.  Things
of
 this
 sort.  The foreach loop wont work for me in this instance because Im
 checking for proper input.

 I can write multiple elseif statements to check each field but alas,
 this is
 not optimal.  I may go ahead and write this to get it done and then go
 back
 and put it to the write board





 -- 
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php





-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[PHP] Help about these algorithm methods

2003-05-31 Thread [EMAIL PROTECTED]
Hello all,

I need help about to implement these methods in PHP:

1) Tree (Arbol)
2) Queue - FIFO (Cola)
3) Grafo
4)  Linked lis - (Listas enlazadas o ligadas))
5) Stack - LIFO - (Pila)
If someone know about a web site that explain these in PHP,  I will 
appreciate it, thanks for all your help :), bye.



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


Re: [PHP] static vars question

2003-05-31 Thread Martin Helie
 Why? The I'm here line is outside the conditional. The function will
 still complete independent of the conditional. If $i is greater than ten,
 the pointer just skips the contents of the if/then and continues on the
 next line after it. Here's a better illustration:

In my test() function, I called test() again inside the if statement (which
checks true for 10 iterations), and I thought that the current function
would immediately be terminated by calling itself (or any other function
that doesn't return) again and never actually echo I'm here until the
condition wasn't met, therefore the function not called again.

No?


 function gooble($alGore) {
 echo This is a ;
 if ($alGore!=President) {
 echo longer ;
 }
 echo sentence.br /;
 }
 gooble(Vice President);
 gooble(Crazy Mountain Man);
 gooble(President);

 If you want the function to terminate when the conditional is false, then
 you need an Else statement to do so, otherwise it's going to keep going.

 --
 S. Keller
 UI Engineer
 The Health TV Channel, Inc.
 (a non - profit organization)
 3820 Lake Otis Pkwy.
 Anchorage, AK 99508
 907.770.6200 ext.220
 907.336.6205 (fax)
 Email: [EMAIL PROTECTED]
 Web: www.healthtvchannel.org



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] preg_match array question

2003-05-31 Thread Daniel J. Rychlik
OH man, thats the ticket.  I didnt even think about checking the
$_POST[email] == email  and then running the preg_match.  I assumed that
it evaluate the end of the preg_match statement and see $_POST[email]

I appreciate your time...

Sincerely,
Dan


- Original Message - 
From: Ralph [EMAIL PROTECTED]
To: 'Daniel J. Rychlik' [EMAIL PROTECTED];
[EMAIL PROTECTED]
Sent: Friday, May 30, 2003 4:41 PM
Subject: RE: [PHP] preg_match array question


 foreach ($_POST as $key=$value) {

 if (empty($value)) {
error_message[] = $key :: Missing Databr/;
 }

 // if email field, perform email validation
 if($_POST[$key] == 'email')
if (!preg_match('/([a-z0-9\-\.\#\:[EMAIL PROTECTED])/i',
 $_POST[$key])) {
error_message[] = $value .  is not a valid address.br/;  }
 }

 // etc..

 }

 // check for error message
 if(!empty($error_message)){
   $c = count($error_message);
   for($i = 0; $i  $c; $i++){
 echo $error_message[$i];
   }
 } else {
   // no error found
 }

 -Original Message-
 From: Daniel J. Rychlik [mailto:[EMAIL PROTECTED]
 Sent: Friday, May 30, 2003 1:04 PM
 To: Ralph; [EMAIL PROTECTED]
 Subject: Re: [PHP] preg_match array question

 perhaps I am misunderstanding...  I have snipit of my foreach.  I have a
 preg_match that checks for a valid email address.  basically it just
 checks
 for an @ and a .  When I place this in my loop all of the keys are
 evaluated, so hence the name key is evaluated and thrown error because
 of
 the check.

 To remedy this problem I took it out of the loop and it worked fine.
 Ultimately I would love to keep it in the loop and throw checks for
 certain
 fields, but syntaxtually it doesnt work for me.  Any Suggestions ?


   foreach ($_POST as $key=$value) { # Begin Foreach loop


if (empty($value)) { # Begin If
 echo $key :: Missing Databr/;

if (!preg_match('/([a-z0-9\-\.\#\:[EMAIL PROTECTED])/i',
 $_POST[eaddy]))
 {echo $_POST[eaddy], is not a valid address.br/;  }
} # End if

else { echo $key, -Okbr/;}

   } # End Foreach


 - Original Message - 
 From: Ralph [EMAIL PROTECTED]
 To: 'Daniel J. Rychlik' [EMAIL PROTECTED];
 [EMAIL PROTECTED]
 Sent: Friday, May 30, 2003 2:42 PM
 Subject: RE: [PHP] preg_match array question


  Not sure if I'm misunderstanding, but I know that foreach() will do
  this.
 
  -Original Message-
  From: Daniel J. Rychlik [mailto:[EMAIL PROTECTED]
  Sent: Friday, May 30, 2003 11:58 AM
  To: Ralph; [EMAIL PROTECTED]
  Subject: Re: [PHP] preg_match array question
 
  The problem is, that I have multiple fields and what I am trying to do
  is
  check each field to make sure I get the data that I need and not some
  crap,
  like letters in a number field or a script tag in a field.  Things
 of
  this
  sort.  The foreach loop wont work for me in this instance because Im
  checking for proper input.
 
  I can write multiple elseif statements to check each field but alas,
  this is
  not optimal.  I may go ahead and write this to get it done and then go
  back
  and put it to the write board
 
 
 
 
 
  -- 
  PHP General Mailing List (http://www.php.net/)
  To unsubscribe, visit: http://www.php.net/unsub.php
 




 -- 
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] static vars question

2003-05-31 Thread Steve Keller
At 5/30/2003 05:53 PM, Martin Helie wrote:

 In my test() function, I called test() again inside the if statement (which
 checks true for 10 iterations)
Yes. So you've called the statement 10 times.

 and I thought that the current function would immediately be terminated
 by calling itself (or any other function that doesn't return) again
Why would you think this? Once whatever function is called terminates, the 
parent function will resume, which means that once the spawned version of 
the function is done, the original will resume. The difference here is that 
the child instances inherit the value of $i because you've made it static.

 and never actually echo I'm here until the condition wasn't met, therefore
 the function not called again.

 No?
No. I told you, that I'm here is going to execute any time you call that 
function because it's OUTSIDE the if statement. Only statements inside the 
if are affected by its conditional. Once the pointer gets to the if, it's 
going to check the conditional and, if it's true, as it is the first 10 
times you go through the function, then it will run whatever's inside. If 
it's not true, the pointer will look for an else statement to execute, and 
then resume running all of the other lines in the function. If you want a 
block of code to not run until the conditional is false, then you want to 
use an ELSE statement, you don't want to just drop your code after your if, 
it doesn't work that way.

I suggest reading up more on user-defined functions and what terminates them

http://www.php.net/manual/en/functions.php#functions.user-defined

And if/then statements

http://www.php.net/manual/en/control-structures.php#control-structures.if
--
S. Keller
UI Engineer
The Health TV Channel, Inc.
(a non - profit organization)
3820 Lake Otis Pkwy.
Anchorage, AK 99508
907.770.6200 ext.220
907.336.6205 (fax)
Email: [EMAIL PROTECTED]
Web: www.healthtvchannel.org
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


Re: [PHP] static vars question

2003-05-31 Thread Martin Helie
Hi Steve,

yes, I am familiar with these concepts; I am just starting to experiment
with recursive functions and static variables. Thanks for explaining that
once the function is called and completed, the rest of the first call
continues executing normally. That is what surprised me.

Martin

 No. I told you, that I'm here is going to execute any time you call that
 function because it's OUTSIDE the if statement. Only statements inside the
 if are affected by its conditional. Once the pointer gets to the if, it's
 going to check the conditional and, if it's true, as it is the first 10
 times you go through the function, then it will run whatever's inside. If
 it's not true, the pointer will look for an else statement to execute, and
 then resume running all of the other lines in the function. If you want a
 block of code to not run until the conditional is false, then you want to
 use an ELSE statement, you don't want to just drop your code after your
if,
 it doesn't work that way.

 I suggest reading up more on user-defined functions and what terminates
them

 http://www.php.net/manual/en/functions.php#functions.user-defined

 And if/then statements

 http://www.php.net/manual/en/control-structures.php#control-structures.if
 --
 S. Keller
 UI Engineer
 The Health TV Channel, Inc.
 (a non - profit organization)
 3820 Lake Otis Pkwy.
 Anchorage, AK 99508
 907.770.6200 ext.220
 907.336.6205 (fax)
 Email: [EMAIL PROTECTED]
 Web: www.healthtvchannel.org




-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[PHP] Re: Variables not being past

2003-05-31 Thread John Zimmerman
 The Doctor [EMAIL PROTECTED] wrote in message
 news:[EMAIL PROTECTED]
  Questions,  I have a
  cusotmer using a basic username and password
  verifier on a php Web Page.

  This was working and suddenly with I redefined the php environment,
  the php variables are not getting passed on.
 
  why?

Questions you should answer
1) What kind of authentication? htaccess/apache, mysqldb, etc..
2) Who wrote the authentication script? Is it part of the pear::Auth
class?
3) What did you do to redefine the php environment? Change the php.ini
file?

Just to throw a guess out based on what you have given already you
should check to see if the 'register_globals' option is set in php.ini. 
Many configurations will have it turned off for security reasons but if
your authentication script was relying on them being turned on then it
will fail.

You can check the setting by either looking at the php.ini file in an
editor or by running the following on your webserver:
  
?php  phpinfo(); ?

Good luck

- John Zimmerman
  [EMAIL PROTECTED]


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[PHP] Re: Adding graphics library

2003-05-31 Thread ef
--with-gd and of oucrce you need the GD library.

Todd Cary [EMAIL PROTECTED] escribió en el mensaje
news:[EMAIL PROTECTED]
 I am new to Linux so I need some help for installing the graphics
 library.  This is what I did to get PHP to inlcude Interbase.

!! Configure PHP with Interbase with apxs
34  ./configure --with-apxs=/usr/sbin --with-interbase=/opt/interbase
35  ./configure --with-interbase=/opt/interbase --with-apxs=/usr/sbin
36  ./configure --with-interbase=/opt/interbase
 --with-apxs=/usr/sbin/apxs

 What do I need to add to this to include the graphics library?

 Many thanks...

 Todd





-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] static vars question

2003-05-31 Thread Steve Keller
At 5/30/2003 06:27 PM, Martin Helie wrote:

 Thanks for explaining that once the function is called and
 completed, the rest of the first call continues executing
 normally. That is what surprised me.
Yup. It's what makes building function libraries a thing of art in PHP, you 
can create smaller functions that are called from larger functions. That 
way, your libraries are more specialized and easier to port from project to 
project.

--
S. Keller
UI Engineer
The Health TV Channel, Inc.
(a non - profit organization)
3820 Lake Otis Pkwy.
Anchorage, AK 99508
907.770.6200 ext.220
907.336.6205 (fax)
Email: [EMAIL PROTECTED]
Web: www.healthtvchannel.org
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[PHP] How to secure a download ?

2003-05-31 Thread Vincent M.
Hello,

Is there any way to launch a download of a Zip file to the user without 
a link. The user must not know where the file is on the server.

The transfert of the file must be made by a php file with special 
headers, no ?

  header(Content-type: zip); or something...

Thanks.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[PHP] What's wrong with this code??

2003-05-31 Thread Beauford
Hi,

I have the following which gets the month and day:

$mo = date(m);
$dy = date(d);

Then I have the following IF statements which do something based on the
date..

if ($mo == 04 and $dy = 01 and $dy = 20) { $wd = 1; }
if ($mo == 04 and $dy = 21 and $dy = 27) { $wd = 2; }
if ($mo == 04 and $dy = 28 or $mo == 5 and $dy = 04) { $wd = 3; }
if ($mo == 05 and $dy = 05 and $dy = 11) { $wd = 4; }
if ($mo == 05 and $dy = 12 and $dy = 18) { $wd = 5; }
if ($mo == 05 and $dy = 19 and $dy = 25) { $wd = 6; }
if ($mo == 05 and $dy = 26 or $mo == 06 and $dy = 01) { $wd = 7; }

 Problem lines

if ($mo == 06 and $dy  01 and $dy  09) { $wd = 8; }
if ($mo == 06 and $dy  08) { $wd = 9; }

The first 7 IF statements work fine ($wd gets the right value if the
condition is met), but if I change my date to 06/02 then no matter what I
try, $wd always gets the value of 9 (it should be 8 on this date). It should
not get the value 9 until the 9th of June.

I have checked and $mo and $dy have the proper values.

Am I missing something?

TIA



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



RE: [PHP] What's wrong with this code??

2003-05-31 Thread Jennifer Goodie


  Problem lines

 if ($mo == 06 and $dy  01 and $dy  09) { $wd = 8; }
 if ($mo == 06 and $dy  08) { $wd = 9; }

but if I change my date to 06/02 then no matter what I
 try, $wd always gets the value of 9 (it should be 8 on this
 date). It should
 not get the value 9 until the 9th of June.

If the first if is true, so is the second, unless $dy == 8. In this case,
the number is 2, which is greater than 1 and less than both 8 and 9, making
both statements true.

Check your logic.


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] Help about these algorithm methods

2003-05-31 Thread olinux
Here's an article that covers tree and stack

http://www.evolt.org/article/Four_ways_to_work_with_hierarchical_data/17/4047/index.html

olinux


--- [EMAIL PROTECTED] [EMAIL PROTECTED]
wrote:
 Hello all,
 
 I need help about to implement these methods in PHP:
 
 1) Tree (Arbol)
 2) Queue - FIFO (Cola)
 3) Grafo
 4)  Linked lis - (Listas enlazadas o ligadas))
 5) Stack - LIFO - (Pila)
 
 If someone know about a web site that explain these
 in PHP,  I will 
 appreciate it, thanks for all your help :), bye.
 
 
 
 -- 
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php
 


__
Do you Yahoo!?
Yahoo! Calendar - Free online calendar with sync to Outlook(TM).
http://calendar.yahoo.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] How to secure a download ?

2003-05-31 Thread Evan Nemerson
header(Content-type: application/zip);
header(Content-Disposition: attachment; filename=yourfilename.zip);
readfile(/path/to/yourfilename.zip);




On Friday 30 May 2003 03:34 pm, Vincent M. wrote:
 Hello,

 Is there any way to launch a download of a Zip file to the user without
 a link. The user must not know where the file is on the server.

 The transfert of the file must be made by a php file with special
 headers, no ?

header(Content-type: zip); or something...


 Thanks.

-- 

Ocean: A body of water occupying 2/3 of a world made for man -- who has no 
gills.

-Ambrose Bierce


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] static vars question

2003-05-31 Thread Ernest E Vogelsinger
At 00:27 31.05.2003, Martin Helie said:
[snip]
yes, I am familiar with these concepts; I am just starting to experiment
with recursive functions and static variables. Thanks for explaining that
once the function is called and completed, the rest of the first call
continues executing normally. That is what surprised me.
[snip] 

Martin,

then you should be surprised that message based systems work at all - stuff
like XWin, and (yes ;-) even Windoze work exactly like this. Thanks heaven
that language inventors allow functions to continue after they call
others... Maybe you mixed this up with gotos, these never return. Thanks to
Andi Gutman and Zeev Suraski that there's no goto in PHP *smile*


-- 
   O Ernest E. Vogelsinger
   (\)ICQ #13394035
^ http://www.vogelsinger.at/



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] What's wrong with this code??

2003-05-31 Thread Ernest E Vogelsinger
At 01:08 30.04.2003, Beauford said:
[snip]
if ($mo == 06 and $dy  01 and $dy  09) { $wd = 8; }
if ($mo == 06 and $dy  08) { $wd = 9; }
[snip] 

The problem is your notation. If you had written

if ($mo == 6 and $dy  1 and $dy  9) { $wd = 8; }
if ($mo == 6 and $dy  8) { $wd = 9; }

your logic would still look a bit clumsy but work as you intend.

Why? Prefixing a number with a zero makes the intepreter believe you're
using octal numbers. Oczal numbers range from 00 to 07, the decimal number
8 would be 010 in octal notation. Your code, translated in decimal for
better understanding, is seen by the compiler as

if ($mo == 6 and $dy  1 and $dy  2) { $wd = 8; }
if ($mo == 6 and $dy  0) { $wd = 9; }

(08 = decimal 0, 09 = decimal 1). In this case your last statement will
trigger for _any_ day in June.


-- 
   O Ernest E. Vogelsinger
   (\)ICQ #13394035
^ http://www.vogelsinger.at/



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] What's wrong with this code??

2003-05-31 Thread Beauford
I figured that out after I sent the email. The reason I used the 0 in the
first place was that I was having all sorts of problems with it - and it
seemed to work fine for 01 to 05 so I just continued on with it - not even
thinking about it.

Your right though, the code is awkward - but I couldn't think of any other
way of doing it.

Any suggestions?

Thanks

- Original Message - 
From: Ernest E Vogelsinger [EMAIL PROTECTED]
To: Beauford [EMAIL PROTECTED]
Cc: PHP General [EMAIL PROTECTED]
Sent: Friday, May 30, 2003 7:39 PM
Subject: Re: [PHP] What's wrong with this code??


 At 01:08 30.04.2003, Beauford said:
 [snip]
 if ($mo == 06 and $dy  01 and $dy  09) { $wd = 8; }
 if ($mo == 06 and $dy  08) { $wd = 9; }
 [snip] 

 The problem is your notation. If you had written

 if ($mo == 6 and $dy  1 and $dy  9) { $wd = 8; }
 if ($mo == 6 and $dy  8) { $wd = 9; }

 your logic would still look a bit clumsy but work as you intend.

 Why? Prefixing a number with a zero makes the intepreter believe you're
 using octal numbers. Oczal numbers range from 00 to 07, the decimal number
 8 would be 010 in octal notation. Your code, translated in decimal for
 better understanding, is seen by the compiler as

 if ($mo == 6 and $dy  1 and $dy  2) { $wd = 8; }
 if ($mo == 6 and $dy  0) { $wd = 9; }

 (08 = decimal 0, 09 = decimal 1). In this case your last statement will
 trigger for _any_ day in June.


 -- 
O Ernest E. Vogelsinger
(\)ICQ #13394035
 ^ http://www.vogelsinger.at/



 -- 
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php





-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] static vars question

2003-05-31 Thread Martin Helie
Ernest,

I'm not _that_ clueless :-)

As I said, since I was recursing through the function by calling it numerous
times in the middle of its execution, and since the function didn't
explicitly return, I didn't expect it to continue past each call. That's
all!

Martin

Ernest E Vogelsinger [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
 At 00:27 31.05.2003, Martin Helie said:
 [snip]
 yes, I am familiar with these concepts; I am just starting to experiment
 with recursive functions and static variables. Thanks for explaining that
 once the function is called and completed, the rest of the first call
 continues executing normally. That is what surprised me.
 [snip]

 Martin,

 then you should be surprised that message based systems work at all -
stuff
 like XWin, and (yes ;-) even Windoze work exactly like this. Thanks
heaven
 that language inventors allow functions to continue after they call
 others... Maybe you mixed this up with gotos, these never return. Thanks
to
 Andi Gutman and Zeev Suraski that there's no goto in PHP *smile*


 --
O Ernest E. Vogelsinger
(\)ICQ #13394035
 ^ http://www.vogelsinger.at/





-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[PHP] Code Help Please

2003-05-31 Thread [-^-!-%-

Hello all !

Need a little help here. Is there a way to translate
variables/field names in an SQL statement?

I need to compare the content of two database fields that are in
different tables. The trick, though, is that I need to join two fields
together (as a string) before I compare it.

For example:

Table 1 has a field named username, with the following values:

  id | username | first_name | last_name
  1  | prgn/jason   | jason  | x
  2  | falcon/paul  | pual   | wood

  *The username in table is composed of the user's domain name and login
   name. Those fields are separated in table 2. Like

Table 2
  id | username | domain | first_name | last_name
  1  | paul | falcon | paul   | wood
  2  | jason| prgn   | jason  | x


  * the data is rearranged, but it's the same.


  Now, I need to compare the values from table 2 to table 1. That is,
  I need to find if table1.username = table2.domain/table2.username  is
true.

  There lies my problem.
  How do I get mysql to translate:
   ... where table.username = 'table2.domain/table2.username'
into
   ...where  'prgn/jason' = 'prgn/jason'
   and not into
   ...where 'prgn/jason' = 'prgn' / 'jason'// division.

  That is, I need it to compare 'prgn/jason' (from table1.username) to the
string representation, of the values of table2.domain/table2.username
(i.e. prgn/jason) and not read it as 'table2.prgn' divided by
'table2.username' ?




 I have the following code:

 select * from table1 t1, table 2 t2 where t1.username =
't2.domain/t2.username' 


** how do I concatenate the two values, to compare it to that of table 1.
 i.e.  prgn/jason = prgn/jason   and not 'prgn/jason' = 'prgn' divided by
'jason'?


Please help.

-john




-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[PHP] performance issue under IIS

2003-05-31 Thread matt rowe
Dear list,

Hi there.  I have a bit of a performance problem under IIS, and I can't 
seem to figure it out.

I have two similar servers.  Both are running php v4.3.1 (as a cgi) with 
IIS on Win2k.  Both have nearly identical php.ini files, and IIS 
configurations (as far as I can tell).

However, the slow server only serves one php document at a time.  For 
example, I wrote a test script that counts from 0 to 10, sleeping for a 
second in between each count.  If I hit that page with a browser, IIS waits 
until the counting is finished before serving up any subsequent pages 
(triggered from another browser window).

The fast server doesn't behave like this.  When I trigger the counter 
script, I can go to many other php pages while the counter is running.

The strange thing is that the task manager shows many instances of php.exe 
(one for each php page that is hit).  So, it looks like multiple instances 
of the php executable are being called.  But, for some reason, IIS is 
waiting (linearly) to serve the php pages.

I'm fairly sure I'm missing some obscure check box in the IIS 
configuration.  Can anyone please point me in the right direction?

Thanks,
Matt
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[PHP] Re: Adding graphics library

2003-05-31 Thread Martin Helie
Well, not necessarily, since gd is included with php 4.3.x. You'll probably
still want to get libjpeg and libpng, and link against them with the proper
configure options.



Ef [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
 --with-gd and of oucrce you need the GD library.

 Todd Cary [EMAIL PROTECTED] escribió en el mensaje
 news:[EMAIL PROTECTED]
  I am new to Linux so I need some help for installing the graphics
  library.  This is what I did to get PHP to inlcude Interbase.
 
 !! Configure PHP with Interbase with apxs
 34  ./configure --with-apxs=/usr/sbin --with-interbase=/opt/interbase
 35  ./configure --with-interbase=/opt/interbase --with-apxs=/usr/sbin
 36  ./configure --with-interbase=/opt/interbase
  --with-apxs=/usr/sbin/apxs
 
  What do I need to add to this to include the graphics library?
 
  Many thanks...
 
  Todd
 
 





-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



RE: [PHP] Code Help Please

2003-05-31 Thread Jennifer Goodie
 I need to find if table1.username = table2.domain/table2.username  is

If you are using mySQL you can use CONCAT

table1.username = CONCAT(table2.domain,'/',table2.username)

http://www.mysql.com/doc/en/String_functions.html#IDX1174 
 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[PHP] Long screen display cut short.

2003-05-31 Thread Floyd Baker

Hello...

I have a routine that works fine on local win98 but when it runs on
linux online, the screen output is cut short.  I have lengthened the
30 second script time max to 45 but that made no difference at all.  

Depending on the particulars, the routine stops at a certain spot.  If
it is rerun, it stops at the very same spot again.  Putting in other
particulars cause it to stop at a different point, further down.  It
seems that changes which affect the number of mysql calculations, make
some difference in the length of the screen display, but it's only a
minor amount.  It cuts off somewhere around 4 pages.

Any ideas please. 

Floyd

--

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[PHP] Re: Long screen display cut short.

2003-05-31 Thread Martin Helie
Well, I don't know if this might be it, but a while back, I had problems
with apache + php (forget which version) and a bug in php that cause memory
problems.

I was using an array to store fairly large amounts of data. What would
happen is something similar to what you describe. Modifying the code to
avoid using an array solved the problem. Have not had the problem since
upgrading php.

Martin

Floyd Baker [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]

 Hello...

 I have a routine that works fine on local win98 but when it runs on
 linux online, the screen output is cut short.  I have lengthened the
 30 second script time max to 45 but that made no difference at all.

 Depending on the particulars, the routine stops at a certain spot.  If
 it is rerun, it stops at the very same spot again.  Putting in other
 particulars cause it to stop at a different point, further down.  It
 seems that changes which affect the number of mysql calculations, make
 some difference in the length of the screen display, but it's only a
 minor amount.  It cuts off somewhere around 4 pages.

 Any ideas please.

 Floyd

 --



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] What's wrong with this code??

2003-05-31 Thread Brian V Bonini
On Fri, 2003-05-30 at 20:02, Beauford wrote:
 Your right though, the code is awkward - but I couldn't think of any other
 way of doing it.
 
 Any suggestions?
 
 
switch

http://us4.php.net/manual/en/control-structures.switch.php


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] Best Practices in Directory Layout?

2003-05-31 Thread Jaap van Ganswijk
Hi,

At 2003-05-30 12:04 -0700, motorpsychkill wrote:
I've wanted to get some input on this for a while...  I've recently been
designing PHP applications using the following directory architecture:

main/
master php files (e.g. addphoto.php)

includes/
forms/
validation/
process/

I think you shouldn't use plurals, just call them include, form etc.
When you use 'include', you should also consider renaming 'validation'
to 'validate'.

So, using the addphoto.php example, there would be a file in the forms
directory that read:  addphoto_form.inc
In the validation directory, there would be:  addphoto_validation.inc
And in the process directory, addphoto_process.inc

The master php file (addphoto.php) would simply pull the form, validate it
and process it.  Now the problem is, as I add more master files (currently
around 50), the forms, validation and process directories get equally large.
Would it make more sense to simply allocate each master file its own
directory like this:

addphoto/
addphoto_form.inc
addphoto_validate.inc
addphoto_process.inc

Like Jim I prefer this second method, because it gives every
application it's own directory. This also makes copying a
project or part of a project and converting it into a new
project easier.

I wouldn't reuse the name of the project in the name
of the file, because it makes copying and renaming
the files and converting it into a new project harder.
This also goes for the main file I think, so you also
shouldn't call that addphoto.php but call it index.php
instead.


Greetings,
Jaap

-- Chip Directory
-- http://www.chipdir.biz/
-- http://www.chipdir.info/
-- http://www.chipdir.net/
-- http://www.chipdir.nl/
-- http://www.chipdir.org/
-- And about 30 other mirror sites world-wide.
--
-- To subscribe to a free 'chip issues, questions and answers'
-- mailing list, send a message to [EMAIL PROTECTED] with
-- in the body 'subscribe chipdir-L'. About 500 experts are
-- willing to think with you about electronics problems etc.


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[PHP] I guess I'll give the list a shot

2003-05-31 Thread David McGlone
Hi all, I've got a really tough question, I am building an application that 
allows PayPal's shopping cart to have multiple items, but also multiple 
prices for the same item, but a different style or size or color, and Im 
quite stuck on how I would get the prices of the item according to it's color 
or description from a dropdown and insert it into a hidden field to be 
inserted into the shopping cart, as far as I know I can't modify the dropdown 
or it will not show up in the options of the shopping cart, so I need to work 
around the dropdowns.

Basically what Im trying to do is when lets say black is selected from the 
dropdown, then the price for a black shirt is grabbed from the database and 
inserted into a hidden field.

Did I explain the right?
-- 
David M.


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[PHP] Function result is an array

2003-05-31 Thread Dustin Mitchell
I briefly tried searching the archives for this, but there aren't any handy
keywords, so I didn't find anything.  Why can't I do this:

$year = getdate($timestamp)['year'];

(syntax error) while I can do this:

$temp = getdate($timestamp);
$year = $temp['year'];

and is there a way to combine the above into one statement, however
ungainly?

This doesn't just happen with getdate -- it happens with any function
returning an array.  I'm using PHP 4.1.2.

Dustin

-- 

  Dustin Mitchell
  [EMAIL PROTECTED]/[EMAIL PROTECTED]
  http://people.cs.uchicago.edu/~dustin/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] Re: Adding graphics library

2003-05-31 Thread Todd Cary





You'll probably
still want to get libjpeg and libpng, and link against them with the proper
configure options.


What is the correct syntax to do all of the suggestions?

Todd



Martin Helie wrote:

  Well, not necessarily, since gd is included with php 4.3.x. You'll probably
still want to get libjpeg and libpng, and link against them with the proper
configure options.



Ef [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]...
  
  
--with-gd and of oucrce you need the GD library.

"Todd Cary" [EMAIL PROTECTED] escribi en el mensaje
news:[EMAIL PROTECTED]...


  I am new to Linux so I need some help for installing the graphics
library.  This is what I did to get PHP to inlcude Interbase.

   !! Configure PHP with Interbase with apxs
   34  ./configure --with-apxs=/usr/sbin --with-interbase=/opt/interbase
   35  ./configure --with-interbase=/opt/interbase --with-apxs=/usr/sbin
   36  ./configure --with-interbase=/opt/interbase
--with-apxs=/usr/sbin/apxs

What do I need to add to this to include the graphics library?

Many thanks...

Todd


  



  
  


  


-- 

 





Re: [PHP] Function result is an array

2003-05-31 Thread Evan Nemerson
IMHO the function()[] syntax should be allowed, but it isn't.

You could use list() or extract(), but then you'd wind up with a lot more date 
than you want. What I've been doing is creating a function, then calling when 
needed. For example:

function array_get_value($array, $index) {
return $array[$index];
}

array_get_value(getdate($timestamp), 'year');

If you'd like to fill out a bug report (use 'feature request' for the type of 
bug), http://bugs.php.net/




On Friday 30 May 2003 06:52 pm, Dustin Mitchell wrote:
 I briefly tried searching the archives for this, but there aren't any handy
 keywords, so I didn't find anything.  Why can't I do this:

 $year = getdate($timestamp)['year'];

 (syntax error) while I can do this:

 $temp = getdate($timestamp);
 $year = $temp['year'];

 and is there a way to combine the above into one statement, however
 ungainly?

 This doesn't just happen with getdate -- it happens with any function
 returning an array.  I'm using PHP 4.1.2.

 Dustin

-- 

All religions are founded on the fear of the many and the cleverness of the 
few.

-Stendhal


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[PHP] Using Cookies Securely

2003-05-31 Thread Monty
I see some posts here that say storing a username or encrypted password in a
cookie is not secure. If so, then what's a more secure way to allow users to
be remembered using a cookie so that they don't have to log in every time
they come to the site? What do you store in the cookie to authenticate
against?

Monty


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] Using Cookies Securely

2003-05-31 Thread Justin French
The short answer is that if you're worried about security, don't store a uid
and pwd in a cookie on the client... banks don't do it, for example.

It's also common for the uid to be remembered, but not the pwd.

From what I can see happening on the big sites, you give the user the
option to be remembered or not, and you advise them against it if they're on
a shared/public computer, or even remotely care about security and privacy.

Handling log-ins and cookie sending under SSL would also help.


Justin


on 31/05/03 4:29 PM, Monty ([EMAIL PROTECTED]) wrote:

 I see some posts here that say storing a username or encrypted password in a
 cookie is not secure. If so, then what's a more secure way to allow users to
 be remembered using a cookie so that they don't have to log in every time
 they come to the site? What do you store in the cookie to authenticate
 against?
 
 Monty
 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] Using Cookies Securely

2003-05-31 Thread Evan Nemerson
Send a session ID to the user in a cookie, then lookup that ID in a database 
on the server. It's extremely difficult to guess random session ID's (don't 
just increment them!), and if you have a session timeout, you're pretty much 
set.

It's not perfect, but I don't think anyone has come up with a better way

The way it's been explained to me, this is how PHP's sessions work, but I have 
not personally verified this. So I think it's okay to put semi-sensitive data 
in the session array (you shouldn't ever store really sensitive data). Check 
first though.




On Friday 30 May 2003 10:29 pm, Monty wrote:
 I see some posts here that say storing a username or encrypted password in
 a cookie is not secure. If so, then what's a more secure way to allow users
 to be remembered using a cookie so that they don't have to log in every
 time they come to the site? What do you store in the cookie to authenticate
 against?

 Monty

-- 

Perl - the only language that looks the same before and after RSA encryption.

-Keith Bostic


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[PHP] Re: ldap_add() troubles

2003-05-31 Thread David Robley
In article [EMAIL PROTECTED], [EMAIL PROTECTED] says...
 Hi list,
 
 i'm very newbie in PHP so sorry for this simple question but i havn't found any
 differences between my code and example code on a lot of website that i visited.
 
 I use PHP-4.3.1, OpenLDAP 2.1.19, BerkeleyDB-4.1.25 and Apache-2.0.45.
 
 My problem is that my variables are not taken into account.
 
 This is the code :
 --
 
 ?php
 
 print centerform method='post'  Username : br
input type='text' name='user' size='20'/form\n;
 print centerform method='post'  Firstname : br
input type='text' name='firstname' size='20'/form\n;
 print centerform method='post'  Lastname : br
input type='text' name='lastname' size='20'/form\n;
 print centerform method='post'  Telephon Number : br
input type='text' name='tel' size='20'/form\n;
 print centerform method='post'  Mobile Number : br
input type='text' name='mobile' size='20'/form\n;
 print centerform method='post'  Address : br
textarea name='street' rows='3' cols='20'/textarea/form\n;
 print centerform method='post'br
input type='submit' value='Valider' name='goldap'/form\n;

You only need one FORM here, not one for each value. When you click 
Valider, it only sends the values in that FORM element and of course the 
only variable there is goldap :-(

So remove all FORM except the first, and remove all /FORM except the 
last and see how you go.

-- 
Quod subigo farinam


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] Re: ldap_add() troubles

2003-05-31 Thread Cecile
Quoting David Robley [EMAIL PROTECTED]:

 In article [EMAIL PROTECTED], [EMAIL PROTECTED] says...
 [...]
  My problem is that my variables are not taken into account.
  
  This is the code :
  --
  
  ?php
  
  print centerform method='post'  Username : br
 input type='text' name='user' size='20'/form\n;
  print centerform method='post'  Firstname : br
 input type='text' name='firstname' size='20'/form\n;
  print centerform method='post'  Lastname : br
 input type='text' name='lastname' size='20'/form\n;
  print centerform method='post'  Telephon Number : br
 input type='text' name='tel' size='20'/form\n;
  print centerform method='post'  Mobile Number : br
 input type='text' name='mobile' size='20'/form\n;
  print centerform method='post'  Address : br
 textarea name='street' rows='3' cols='20'/textarea/form\n;
  print centerform method='post'br
 input type='submit' value='Valider' name='goldap'/form\n;
 
 You only need one FORM here, not one for each value. When you click 
 Valider, it only sends the values in that FORM element and of course the 
 only variable there is goldap :-(
 
 So remove all FORM except the first, and remove all /FORM except the 
 last and see how you go.
 
[...]

Hi David,

the problem is resolved.
I did not know that the variables was lost when the form was closed.  
It is logical... :-) 

Thanks a lot for your help in this basic case... 
Thanks also to Mark.

Cheers,

Cecile.




-
Mail sent through GFI Mailserver1.0
info: [EMAIL PROTECTED]

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] Function result is an array

2003-05-31 Thread Ernest E Vogelsinger
At 06:23 31.05.2003, Evan Nemerson said:
[snip]
IMHO the function()[] syntax should be allowed, but it isn't.

You could use list() or extract(), but then you'd wind up with a lot more
date 
than you want. What I've been doing is creating a function, then calling when 
needed. For example:

function array_get_value($array, $index) {
   return $array[$index];
}

array_get_value(getdate($timestamp), 'year');
[snip] 

A little profiling notice on this here.

Constructing 3 testbeds, accessing an array through a function passing an
array reference (so the array won't get copied to the function), one using
your array_get_value() from above (without references, so the array will
get copied), and one using a local variable and direct access. 

The testbed source is copied below, as always. 
The numbers:

1.355221 secs (0.013552 msecs each): Copy local, direct access (10 passes)
0.550718 secs (0.005507 msecs each): Ref local, direct access (10 passes)
2.497536 secs (0.024975 msecs each): array_get_value (10 passes)
0.906490 secs (0.009065 msecs each): array_get_value_ref (10 passes) 

The interesting stuff is that storing the array to a local variable and
accessing it directly is slower than calling a function passing a reference
to the array. As you may notice, using array references is _always_ faster
by some factor, as copying the array is avoided.

Conclusion: use array references wherever you can. If you build a function
returning an array, let it return a reference (function myfunc()), and use
this reference when calling ($var = myfunc()). If you have this in a loop
it might save your script some valuable time.

Notes to the test scenario:
Since I've been interested in timing array access, not array creation, I've
used a static copy of the getdate() array, avoiding to profile the
getdate(time()) function.

// the static array to run the test with
$atime = getdate(time());

// return a reference to the array
function arviaref() {
global $atime;
return $atime;
}

// return a copy of the array
function arviacopy() {
global $atime;
return $atime;
}

//
// PROFILE CANDIDATES
function array_get_value_ref($array, $index) {
return $array[$index];
}

function array_get_value($array, $index) {
return $array[$index];
}
//

$LOOPS = 10;

$x = measure();
for ($i = 0; $i  $LOOPS; ++$i) {
$temp = arviacopy();
$rslt = $temp['year'];
}
echo measure($x, 'Copy local, direct access (%1$d passes)', $i, array($i));

$x = measure();
for ($i = 0; $i  $LOOPS; ++$i) {
$temp = arviaref();
$rslt = $temp['year'];
}
echo measure($x, 'Ref local, direct access (%1$d passes)', $i, array($i));

$x = measure();
for ($i = 0; $i  $LOOPS; ++$i)
$rslt = array_get_value(arviaref(), 'year');
echo measure($x, 'array_get_value (%1$d passes)', $i, array($i));

$x = measure();
for ($i = 0; $i  $LOOPS; ++$i)
$rslt = array_get_value_ref(arviaref(), 'year');
echo measure($x, 'array_get_value_ref (%1$d passes)', $i, array($i));

function measure($start = null, $string = null, $passes = null, $params = null)
{
// the bias is the effort made for calling measure() twice
// and constructing the optional array parameter for the second call
// note we do not run measure($start, $string, $passes, $params) since
// this would add a lot of action that gets not timed by measure()
// to the bias value.
static $bias = -1;
if ($bias == -1) {
$bias = 0;
$x = microtime();
for ($i = 0; $i  1000; ++$i) {
measure(); measure();
$a = array('string entry','string entry','string
entry');
}
$y = microtime();
list($s0, $s1) = explode(' ', $x);
list($e0, $e1) = explode(' ', $y);
$bias = (($e0 + $e1) - ($s0 + $s1)) / 1000;
}

// get the current time
$x = microtime();

// if the start time is set, this is a final profiling call
if ($start) {
list($s0, $s1) = explode(' ', $start);
list($e0, $e1) = explode(' ', $x);
$time = ($e0 + $e1) - ($s0 + $s1) - $bias;
if (is_array($params)) {
$cmd = return sprintf(\$string, ' . join(',',
$params) . ');;
$string = eval($cmd);
}
if ($passes)
$x = sprintf(%f secs (%f msecs each): %s\n,
$time, ($time * 1000) / $passes, $string);
else
$x = sprintf(%f secs: %s\n, $time, $string);
}

// return either the time, or the profiling string
return $x;
}



-- 
   O 

Re: [PHP] What's wrong with this code??

2003-05-31 Thread Beauford
I find  the switch statement does not always give the desired results and
it's really not any different than using the if statement - the calculations
would still have to be the same - it's just laid out differently.

- Original Message - 
From: Brian V Bonini [EMAIL PROTECTED]
To: Beauford [EMAIL PROTECTED]
Cc: PHP General [EMAIL PROTECTED]
Sent: Friday, May 30, 2003 9:18 PM
Subject: Re: [PHP] What's wrong with this code??


 On Fri, 2003-05-30 at 20:02, Beauford wrote:
  Your right though, the code is awkward - but I couldn't think of any
other
  way of doing it.
 
  Any suggestions?
 

 switch

 http://us4.php.net/manual/en/control-structures.switch.php


 -- 
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php





-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[PHP] Getting the parsing time of a script

2003-05-31 Thread Bix
Is there any way getting the time taken to parse a script?

IE:

This page took 0.13 seconds to generate.

Is it a predefined variable anywhere?

Thanks ;o)

Bix.



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] I guess I'll give the list a shot

2003-05-31 Thread David Otton
On Fri, 30 May 2003 21:47:03 -0400, you wrote:

Hi all, I've got a really tough question, I am building an application that 
allows PayPal's shopping cart to have multiple items, but also multiple 
prices for the same item, but a different style or size or color, and Im 
quite stuck on how I would get the prices of the item according to it's color 
or description from a dropdown and insert it into a hidden field to be 
inserted into the shopping cart, as far as I know I can't modify the dropdown 
or it will not show up in the options of the shopping cart, so I need to work 
around the dropdowns.

Basically what Im trying to do is when lets say black is selected from the 
dropdown, then the price for a black shirt is grabbed from the database and 
inserted into a hidden field.

Exactly what data are you trying to store? Something like this?

for each item_chosen
(id, qty, colour, price)

One approach is to put all your data in an array, serialize the array and
store that as the hidden field.

Another is to use sessions, and store the array in the session (probably
faster).

A third is to write the data out to a series of hidden fields beginning with
xyz (xyz1, xyz2, xyz3, etc), and iterate over the contents of the returned
form to find the xyz* fields.

Of the three, sessions are the one you /should/ use - because if pricing
data goes out to the client, it can be altered.


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] Getting the parsing time of a script

2003-05-31 Thread David Otton
On Sat, 31 May 2003 11:39:41 +0100, you wrote:

Is there any way getting the time taken to parse a script?

IE:

This page took 0.13 seconds to generate.

Call microtime() at the beginning and end of the script.

$timeTaken = $timeEnd - $timeStart;

see

http://uk2.php.net/manual/en/function.microtime.php

and read the comments.


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[PHP] Re: Long screen display cut short.

2003-05-31 Thread Thomas Seifert
what is the online-version?
I mean which webserver-software in which version?


Thomas

On Fri, 30 May 2003 20:45:08 -0400 [EMAIL PROTECTED] (Floyd Baker) wrote:

 
 Hello...
 
 I have a routine that works fine on local win98 but when it runs on
 linux online, the screen output is cut short.  I have lengthened the
 30 second script time max to 45 but that made no difference at all.  
 
 Depending on the particulars, the routine stops at a certain spot.  If
 it is rerun, it stops at the very same spot again.  Putting in other
 particulars cause it to stop at a different point, further down.  It
 seems that changes which affect the number of mysql calculations, make
 some difference in the length of the screen display, but it's only a
 minor amount.  It cuts off somewhere around 4 pages.
 
 Any ideas please. 
 
 Floyd
 
 --



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[PHP] Any POSTNUKER, reading from two DB

2003-05-31 Thread nabil
Greeting,

I have a postnuke site and I want to connect it to two databases in order to
verify users from these databases.



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] Getting the parsing time of a script

2003-05-31 Thread Ernest E Vogelsinger
At 12:39 31.05.2003, Bix said:
[snip]
Is there any way getting the time taken to parse a script?

IE:

This page took 0.13 seconds to generate.

Is it a predefined variable anywhere?
[snip] 

$start = microtime();
for ($i = 0; $i  1; ++$i)
$n = getdate(time());
$end = microtime();
list($s0, $s1) = explode(' ', $start);
list($e0, $e1) = explode(' ', $end);
echo sprintf('hrThis page took %.2f seconds to generate',
($e0+$e1)-($s0+$s1));


-- 
   O Ernest E. Vogelsinger
   (\)ICQ #13394035
^ http://www.vogelsinger.at/



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] Re: Long screen display cut short.

2003-05-31 Thread Ernest E Vogelsinger
On Fri, 30 May 2003 20:45:08 -0400 [EMAIL PROTECTED] (Floyd Baker) wrote:
[snip] 
 I have a routine that works fine on local win98 but when it runs on
 linux online, the screen output is cut short.  I have lengthened the
 30 second script time max to 45 but that made no difference at all.  
 
 Depending on the particulars, the routine stops at a certain spot.  If
 it is rerun, it stops at the very same spot again.  Putting in other
 particulars cause it to stop at a different point, further down.  It
 seems that changes which affect the number of mysql calculations, make
 some difference in the length of the screen display, but it's only a
 minor amount.  It cuts off somewhere around 4 pages.
[snip] 

I once had this effect on pages exceeding a total size of 8k when running a
test server on an asynchronoous line (ADSL, in 712kB, out 64kB). As long as
the page fits into a single IP packet (which usually equals 8kB) no
problems occur, however if more than one packet is needed to transmit the
page the webserver will only be able to send the first packet. All pages
went fine when using a synchronous connection (in == out).


-- 
   O Ernest E. Vogelsinger
   (\)ICQ #13394035
^ http://www.vogelsinger.at/



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



php-general Digest 31 May 2003 12:37:10 -0000 Issue 2089

2003-05-31 Thread php-general-digest-help

php-general Digest 31 May 2003 12:37:10 - Issue 2089

Topics (messages 149622 through 149646):

performance issue under IIS
149622 by: matt rowe

Re: Adding graphics library
149623 by: Martin Helie
149631 by: Todd Cary

Re: Code Help Please
149624 by: Jennifer Goodie

Long screen display cut short.
149625 by: Floyd Baker
149626 by: Martin Helie
149643 by: Thomas Seifert
149646 by: Ernest E Vogelsinger

Re: What's wrong with this code??
149627 by: Brian V Bonini
149639 by: Beauford

Re: Best Practices in Directory Layout?
149628 by: Jaap van Ganswijk

I guess I'll give the list a shot
149629 by: David McGlone
149641 by: David Otton

Function result is an array
149630 by: Dustin Mitchell
149632 by: Evan Nemerson
149638 by: Ernest E Vogelsinger

Using Cookies Securely
149633 by: Monty
149634 by: Justin French
149635 by: Evan Nemerson

Re: ldap_add() troubles
149636 by: David Robley
149637 by: Cecile

Getting the parsing time of a script
149640 by: Bix
149642 by: David Otton
149645 by: Ernest E Vogelsinger

Any POSTNUKER, reading from two DB
149644 by: nabil

Administrivia:

To subscribe to the digest, e-mail:
[EMAIL PROTECTED]

To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]

To post to the list, e-mail:
[EMAIL PROTECTED]


--
---BeginMessage---
Dear list,

Hi there.  I have a bit of a performance problem under IIS, and I can't 
seem to figure it out.

I have two similar servers.  Both are running php v4.3.1 (as a cgi) with 
IIS on Win2k.  Both have nearly identical php.ini files, and IIS 
configurations (as far as I can tell).

However, the slow server only serves one php document at a time.  For 
example, I wrote a test script that counts from 0 to 10, sleeping for a 
second in between each count.  If I hit that page with a browser, IIS waits 
until the counting is finished before serving up any subsequent pages 
(triggered from another browser window).

The fast server doesn't behave like this.  When I trigger the counter 
script, I can go to many other php pages while the counter is running.

The strange thing is that the task manager shows many instances of php.exe 
(one for each php page that is hit).  So, it looks like multiple instances 
of the php executable are being called.  But, for some reason, IIS is 
waiting (linearly) to serve the php pages.

I'm fairly sure I'm missing some obscure check box in the IIS 
configuration.  Can anyone please point me in the right direction?

Thanks,
Matt
---End Message---
---BeginMessage---
Well, not necessarily, since gd is included with php 4.3.x. You'll probably
still want to get libjpeg and libpng, and link against them with the proper
configure options.



Ef [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
 --with-gd and of oucrce you need the GD library.

 Todd Cary [EMAIL PROTECTED] escribió en el mensaje
 news:[EMAIL PROTECTED]
  I am new to Linux so I need some help for installing the graphics
  library.  This is what I did to get PHP to inlcude Interbase.
 
 !! Configure PHP with Interbase with apxs
 34  ./configure --with-apxs=/usr/sbin --with-interbase=/opt/interbase
 35  ./configure --with-interbase=/opt/interbase --with-apxs=/usr/sbin
 36  ./configure --with-interbase=/opt/interbase
  --with-apxs=/usr/sbin/apxs
 
  What do I need to add to this to include the graphics library?
 
  Many thanks...
 
  Todd
 
 




---End Message---
---BeginMessage---





You'll probably
still want to get libjpeg and libpng, and link against them with the proper
configure options.


What is the correct syntax to do all of the suggestions?

Todd



Martin Helie wrote:

  Well, not necessarily, since gd is included with php 4.3.x. You'll probably
still want to get libjpeg and libpng, and link against them with the proper
configure options.



Ef [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]...
  
  
--with-gd and of oucrce you need the GD library.

"Todd Cary" [EMAIL PROTECTED] escribi en el mensaje
news:[EMAIL PROTECTED]...


  I am new to Linux so I need some help for installing the graphics
library.  This is what I did to get PHP to inlcude Interbase.

   !! Configure PHP with Interbase with apxs
   34  ./configure --with-apxs=/usr/sbin --with-interbase=/opt/interbase
   35  ./configure --with-interbase=/opt/interbase --with-apxs=/usr/sbin
   36  ./configure --with-interbase=/opt/interbase
--with-apxs=/usr/sbin/apxs

What do I need to add to this to include the graphics library?

Many thanks...

Todd


  



  
  


  


-- 

 



---End Message---
---BeginMessage---
 I need to find if table1.username = table2.domain/table2.username  is

If you are using mySQL you can use CONCAT

table1.username =