[PHP] mcrypt 2.4.x - trouble with small data fields?

[Steve Yates]

On my current project I am saving personal info into a MySQL database
for later retrieval.  I have discovered that I have trouble with a few
specific data entries, though the other ~20 work fine.  The two I have
trouble with are a char(2) and a varchar(4) field, the smallest ones in the
table, and they return garbage when decrypted.  Is there a minimum field
size for using mcrypt?  Sample code:

// to encrypt, init once
$mykey = 'keytext';
$td = mcrypt_module_open(MCRYPT_TRIPLEDES,'', MCRYPT_MODE_ECB, '');
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), 1234567890);
$ks = mcrypt_enc_get_key_size ($td);
$key = substr(md5($mykey), 0, $ks);
mcrypt_generic_init($td, $key, $iv);
(...)
$CreditCardExpMonth = mcrypt_generic($td, $_POST['Credit_Card_Exp_Month']);
(...)
// then save to database as part of insert query

If I save/retrieve the fields to/from the database w/o encryption they
save & retrieve fine.  This field is two digits ('02', '11', etc.).  The
other is the year (4 digits).

// to decrypt
// I wrote a function to truncate the returned string at the
// first \0 since mcrypt's decrypt pads the result
echo mydecrypt($data['CCExpMonth']);

function mydecrypt($enc) {
  global $td;
  $str = mdecrypt_generic($td, $enc);
  $pos = strpos($str, "\0");
  if ($pos !== false) {
$str = substr($str, 0, $pos);
  }
  return $str;
}

Also as long as I'm posting, mcrypt_generic_deinit() seems to be
undefined on my system?  Is that an mcrypt issue or an interaction between
PHP 4.1.2 and mcrypt 2.4.x?

 - Steve Yates
 - Do trees moving back and forth make the wind blow?

~ Taglines by Taglinator - www.srtware.com ~




-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] how to use openssl_x509_read.

[Richard Rojas]

Hi,

   Does anybody know how to use this function?

openssl_x509_read(mixed x509certdata)

   Is x509certdata the certificate submitted by the browser to the server?

Richard


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] getaddrinfo failed: No address associated with hostname

[Godzilla]

I have a php script setup which downloads a file from a remote server via
FTP. It worked fine for a couple months until I went to use it one day and
it returned the error below. I hadn't made any changes to the script in that
time. It was no big deal so I wrote it off as it wasn't really an important
script. Today I went to use the "fopen" command in another php script with a
remote http file and it returned the same error. I'm not sure if this is a
php config thing or something else.

Warning: php_network_getaddresses: getaddrinfo failed: No address associated
with hostname

Any help would be greatly appreciated. Thanks!

-Tim

Here is a snippet of the ftp script:

-

$ftp_server="domain.com";
$ftp_user_name="user";
$ftp_user_pass="password
$localfile="/home/usernam/www/filename.txt";
$remotefile="/paht/to/remotfile/filename.txt";
$hostname_softcart = "mysqlhostname";
$database_softcart = "dbasename";
$username_softcart = "user";
$password_softcart = "password
$dbase_name = "dbase";
$file=$PHP_SELF;




// Connect to FTP server
$conn_id = ftp_connect($ftp_server);

// Login with username and password

$login_result = ftp_login($conn_id, $ftp_user_name, $ftp_user_pass);

// Check Connection
if ((!$conn_id) || (!$login_result)) {
echo "FTP connection has failed!";
echo "Attempted to connect to $ftp_server for user $ftp_user_name";
die;
} else {
echo "Step 1:  Connected to $ftp_server Succesfully.";
}

// Set Passive Transfer Mode.
ftp_pasv($conn_id, pasv);

// Display Download Button
  echo "";
  echo "";
  echo "Step 2: ";
  echo "";

// Download the file
if (isset($download)) {

$download = ftp_get($conn_id, $localfile, $remotefile, FTP_ASCII);

// Check download success...if its OK do some stuff
if (!$download) {
 echo "FTP Download has failed!";
} else {
 echo "STUFF ";
 }
  }

// close the FTP stream
ftp_close($conn_id);


-



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: sendmail problem!

[Manuel Lemos]

Hello,

On 11/27/2002 09:01 PM, Siamak wrote:

I use PEAR to send mails to my users through "sendmail", my mails sometimes
are delivered immediately, sometimes after some minutes and sometimes after
some hours and sometimes never! I tried to identify the cause but I wasn't
successful, is there someone out there who can help me? I want to send an
immediate message to my newly signed up users.


You need to use some switches to enable immediate deliver.

You may want to try this class with the sendmail_message subclass that 
calls sendmail directly using the necessary switches to enable the 
immediate delivery mode.

http://www.phpclasses.org/mimemessage

I use that class with this other class for the same purpose as you to 
use the direct delivery mode using SMTP directly, thus without relying 
on SMTP:

http://www.phpclasses.org/smtpclass


--

Regards,
Manuel Lemos


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Error in retrieving a BLOB from DB.

[Faisal Abdullah]

I've never used load() before, but I can't find it in the function list
in php.net


On Thu, 2002-11-28 at 11:05, Naif Al-Otaibi wrote:
> Hi all,
> 
> I use the following:
> 1) Win XP.
> 2) Oracle personal eddition 8.1.6.0.0.
> 3) IIS.
> 4) php-4.2.3-Win32 runs in cgi mode.
> 
> When I retrieve a blob from my DB, I got the following error:
> 
> Fatal error: Call to undefined function: load() in 
> c:\inetpub\wwwroot\php1\ora52.php on line 6
> 
> ---
> This is my code:
> 
>  $conn = OCILogon("system","manager","naif.localhost");
> $stmt = OCIParse($conn,"select binary_junk from images where img_id=7");
> OCIExecute($stmt);
> OCIFetchInto($stmt, $lob);
> $content=load($lob);
> OCIFreeStatement($stmt);
> OCILogoff($conn);
> header("Content-type: image/gif\n\n");
> echo $content;
> ?>
> 
> 
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
-- 
~~
Faisal Abdullah [EMAIL PROTECTED]
Systems Developer   Magnifix Sdn. Bhd.

Tel : 603-4142 1775 Fax : 603-4142 1550

~~
"Isn't it time you browse through a different window?"


__


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Error in retrieving a BLOB from DB.

[Naif Al-Otaibi]

Hi all,

I use the following:
1) Win XP.
2) Oracle personal eddition 8.1.6.0.0.
3) IIS.
4) php-4.2.3-Win32 runs in cgi mode.

When I retrieve a blob from my DB, I got the following error:

Fatal error: Call to undefined function: load() in 
c:\inetpub\wwwroot\php1\ora52.php on line 6

---
This is my code:




-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Show only user that variable "music"contain "pop"

[John W. Holmes]

> $req = MYSQL_QUERY("SELECT id FROM $TBL_NEWS ORDER BY nom LIMIT 0,
> $limit_news");
> $res = MYSQL_NUM_ROWS($req);
> 
> This is my lines... It's not working... :-(

Use mysql_error() to find out why. Odds are one of your variables aren't
set when you think they are.

$req = mysql_query(" ... ") or die(mysql_error());

---John Holmes...



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] ignoring client supplied session data

[John W. Holmes]

> What I do on my pages is perhaps a convoluted way of doing it but it
> works.  I set a username and password session variables. Every time
the
> page loads the script verifies the username and password are correct.
If
> not, they don't get to see the rest.  This, in my mind, pervents
someone
> from supplying a key variable like $_session['logged_in'].  This way
they
> have to know the username and password.

But users can't supply session variables. So if your script sets
$_SESSION['logged_in'], then only your script can change it's value. 

---John Holmes...



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] ignoring client supplied session data

[John W. Holmes]

> I'm not worried about them using the query string for malicious
purposes-
> I
> have register_globals off... I'm worried about someone messing with
their
> cookie and sedding authorized to true- that _will_ change my $_SESSION
> variable, unless I can find some way to ignore cookies, which brings
us
> back
> to my original question- how do i ignore all client input,
_especially_
> cookies???

Okay, you're confused. The only thing stored in a cookie with sessions
is the session id. That relates to a file or database record where the
actual data is stored. This session id is made so it's random and very
hard to guess. So they can modify it all they want, odds are very good
they'll never hit another active session id (otherwise sessions would be
useless). 

So, $_SESSION[] is data that's only stored on your server, $_GET,
$_POST, and $_COOKIE is data that's coming from the user and shouldn't
be trusted. If you have your own server, $_SESSION is safe. On a virtual
server that's shared with other people, other people's scripts on the
same server could modify your session files.

---John Holmes...



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Streaming audio

[olinux]

Not PHP, but here's a solution I use for streaming WMA
files on apache server. 

You'll need 3 files
audiofile.htm
audiofile.wax
audiofile.wma

 
[audiofile.htm]

Audio Player




  http://activex.microsoft.com/activex/controls/mplayer/en/nsmp2inf.cab#Version=5,1,52,701";
standby="Loading Microsoft Windows Media Player
components..." type="application/x-oleobject"> 
http://www.microsoft.com/Windows/Downloads/Contents/Products/MediaPlayer/";
filename="/audio/audiofile.wax"
src="/audio/audiofile.wax" Name=NSPlay ShowControls=1
ShowDisplay=1 ShowStatusBar=1 width=290 height=320>
 





[audiofile.wax]







And audiofile.wma is of course your windows media
audio file.

olinux


> At 12:55 PM 11/27/2002 -0800, Mako Shark wrote:
> >Does anyone know how to do streaming audio with
> PHP?
> >No clue if this is even possible. I've checked
> around
> >a bit, looked at some script sites, but nothing
> seems
> >to give a clue. I *think* it might be possible to
> set
> >something like this up, but I'm not sure.
> >
> >__
> >Do you Yahoo!?
> >Yahoo! Mail Plus - Powerful. Affordable. Sign up
> now.
> >http://mailplus.yahoo.com
> >
> >--
> >PHP General Mailing List (http://www.php.net/)
> >To unsubscribe, visit: http://www.php.net/unsub.php
> 
> 
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 


__
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] dynamic arraynames

[Floyd Baker]

Very sorry for the dupes...  Kept thinking I had pressed reply instead
of reply all.  


--


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] dynamic arraynames

[Floyd Baker]

Well I might be in the wrong place.  I've also asked in the HTML list
now too but I'm still stuck and need some help.  

This is pretty much as clear as I can make it.  I'm up against a
mental block and even if it's as clear as glass to others I'm dead in
the water and would appreciate some pointers.  I have a bunch of
pieces but can't seem to string them together enough to make it work.

Just trying to build an x-y array of data input fields and then send
them recursive to be used further down the program.  

I can do this fine with a fixed number of columns and rows of user
input but I cannot figure out how to make this happen using a variable
number of columns.  I'm a complete array amateur and would appreciate
a little assistance...

I want it to look something like this:

Name  Temp  Time  OffsetEtc.  As needed...   
process 1[input]   [input]   [input]   [input]   [inputs] 
process 2[input]   [input]   [input]   [input]   [inputs] 
process 3[input]   [input]   [input]   [input]   [inputs] 
process 4[input]   [input]   [input]   [input]   [inputs]

Right now, for the three *basic* columns, I have the lines below in a
'while' loop.

 
 
 

But when it comes to adding additional columns that a user
determines are needed, I am lost.  Users might want to add 0, or 4, or
10 additional items...  I would like only that number of usable
input columns be on the input-form, identified for what they contain,
and then be passed to the next page

Again, many thanks in advance.

Floyd






On Sun, 24 Nov 2002 23:55:56 -0500, you wrote:

>I'm sorry, but I'm still confused. Can you show us a sample of the data
>in the database and what you want the resulting form to look like for
>that data? Maybe that'll help.
>
>---John Holmes...





--


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] dynamic arraynames

[Floyd Baker]

Well I might be in the wrong place.  I've also asked in the HTML list
now too but I'm still stuck and need some help.  

This is pretty much as clear as I can make it.  I'm up against a
mental block and even if it's as clear as glass to others I'm dead in
the water and would appreciate some pointers.  I have a bunch of
pieces but can't seem to string them together enough to make it work.

Just trying to build an x-y array of data input fields and then send
them recursive to be used further down the program.  

I can do this fine with a fixed number of columns and rows of user
input but I cannot figure out how to make this happen using a variable
number of columns.  I'm a complete array amateur and would appreciate
a little assistance...

I want it to look something like this:

Name  Temp  Time  OffsetEtc.  As needed...   
process 1[input]   [input]   [input]   [input]   [inputs] 
process 2[input]   [input]   [input]   [input]   [inputs] 
process 3[input]   [input]   [input]   [input]   [inputs] 
process 4[input]   [input]   [input]   [input]   [inputs]

Right now, for the three *basic* columns, I have the lines below in a
'while' loop.

 
 
 

But when it comes to adding additional columns that a user
determines are needed, I am lost.  Users might want to add 0, or 4, or
10 additional items...  I would like only that number of usable
input columns be on the input-form, identified for what they contain,
and then be passed to the next page

Again, many thanks in advance.

Floyd






On Sun, 24 Nov 2002 23:55:56 -0500, you wrote:

>I'm sorry, but I'm still confused. Can you show us a sample of the data
>in the database and what you want the resulting form to look like for
>that data? Maybe that'll help.
>
>---John Holmes...



--


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Parsing XML files, logic involved...

[Khalid El-Kary]

hi,
If you are sure that all your files come with attributes double quoted (not 
single quoted) you may want to use this parser class:

http://creaturesx.ma.cx/kxparse/

hint: use the function has_attribute() to verify whether an attribute is 
available

Regards,
khalid

_
Help STOP SPAM with the new MSN 8 and get 2 months FREE*  
http://join.msn.com/?page=features/junkmail


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] printing screen without the print dialog

[Justin French]

Hi,

1. did you search the archives, because this gets asked often
2. did you do a google search?

>From memory, it's POSSIBLE to print directly to the printer IF IT IS
CONNECTED TO THE SERVER, but it's more difficult (if not impossible) to
print to a client side (user's) printer... and impossible without the print
dialogue.

PHP is server-side, not client-side.


Justin




on 28/11/02 9:29 AM, Duky Yuen ([EMAIL PROTECTED]) wrote:

> I am having this problem, I want to print something directly to my printer
> without having that print dialog. What to do know? Is this possible?
> 
> Duky
> 
> 

Justin French

http://Indent.com.au
Web Development & 
Graphic Design



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] PHP 4.3.0RC2 released

[Andrei Zmievski]

The second release candidate of the inimitably fabulous PHP version 4.3.0 is
out. It can be downloaded from http://qa.php.net. Give it a good testing!

-Andrei


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] session problems again

[Rich Gray]

Jason

session.cookie_lifetime set to 0 means the session cookie persists until the
client browser is closed...

I'm not clear if you are still having session problems now or the advice you
got earlier sorted it?

Rich
-Original Message-
From: Jason Romero [mailto:[EMAIL PROTECTED]]
Sent: 27 November 2002 15:09
To: [EMAIL PROTECTED]
Subject: [PHP] session problems again


--when using session registered variables
--i can only get them to save as session variables for one page
--then on the next page they are gone
--far as i can tell the variables are not getting written over or unset
--and the session is not gettting destroyed
--any other ideas what it might be?

i tried the seggestions you guys had
and i came up with one more question
does the session cookie.cookie_lifetime have anything to do with the amount
of time that session variables can be stored
the session.use_cookies is on and register.globals is turned on
however session.cookie_lifetime is set to 0
so would this affect the session variable lifetime?




--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Password Script

[Justin French]

Is this a password reminder script?

Or a 'guessing'/knowledge game to get access to a certain page?

Justin


on 28/11/02 4:52 AM, Vicky ([EMAIL PROTECTED]) wrote:

> I'm looking to code a script that does the following. Please bear with me as
> I'm a total novice at this ^^!
> 
> It's sort of like a multiple password thing. Users need to type in between 3
> and 6 (I will be changing the use of this script and sometimes there will
> only be 3 answers sometimes as many as 6) things. If they get it right
> they'll be redirected to a page, if they get it wrong either a javascript
> prompt will popup saying "Incorrect" or they'll be redirected to a different
> page.
> 
> I'm not sure if I'll put a limit on how many times they can guess, so if you
> could tell me how I would put a limit (say 10 guesses a day) I'd be
> greatful.
> 
> Thank you! Please try and make your replies detailed so I can understand
> them ^_~


Justin French

http://Indent.com.au
Web Development & 
Graphic Design



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] ignoring client supplied session data

[Justin French]

on 28/11/02 9:22 AM, Evan Nemerson ([EMAIL PROTECTED]) wrote:

> I'm not worried about them using the query string for malicious purposes- I
> have register_globals off... I'm worried about someone messing with their
> cookie and sedding authorized to true- that _will_ change my $_SESSION
> variable, unless I can find some way to ignore cookies, which brings us back
> to my original question- how do i ignore all client input, _especially_
> cookies???

Turn register globals off (as you have).  Then NEVER pull any data out of
the $_COOKIES array, and you're now "ignoring" cookies :)  Perhaps a further
step is to call something like unset($_COOKIES) at the top of every
script... but I'm not sure how unset() works with the super global arrays.


Justin French

http://Indent.com.au
Web Development & 
Graphic Design



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: [PHP-DEV] Parse search string a la Google (Regular expression?)

[Ernest E Vogelsinger]

At 23:11 27.11.2002, Ernest E Vogelsinger said:
[snip]
>If I understand you correctly you want to isolate either quoted strings
>(with or without whitespace), or tokens separated by whitespace, as array
>elements?
>
>For this you would first have to isolate the first quoted sentence, then
>tokenize the part before, and loop this as long you're not done.
>
>Should work something like that:
>
> [...]
>Disclaimer: untested as usual. _Should_ behave like this:
[snip] 

I _should_ have tested. This script actually works the way you expect it to be:






The output of this script is:

Array (
[0] => search for this sentence
[1] => -NotForThisWord
[2] => ButDefinitelyForThisWord
) 


-- 
   >O Ernest E. Vogelsinger
   (\)ICQ #13394035
^ http://www.vogelsinger.at/



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] session problems again

[Jason Romero]

--when using session registered variables
--i can only get them to save as session variables for one page
--then on the next page they are gone
--far as i can tell the variables are not getting written over or unset
--and the session is not gettting destroyed
--any other ideas what it might be?

i tried the seggestions you guys had
and i came up with one more question
does the session cookie.cookie_lifetime have anything to do with the amount
of time that session variables can be stored
the session.use_cookies is on and register.globals is turned on
however session.cookie_lifetime is set to 0
so would this affect the session variable lifetime?




-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Streaming audio

[Morgan Hughes]

On Wed, 27 Nov 2002, Tom Culpepper wrote:

  I had no idea this would be of interest to so many people...  I've
  now posted it on a server for download; it's at
http://kyhm.com/tmp/mp3-example.php.gz
  for anyone who's interested.

  There's a bunch of commented-out calls to a dprint() in the script; this
  is a function I use for syslog-based debugging.  Obviously you can't
  print debugging output to a MPEG stream!  A replacement could be cobbled
  together that looks something like this:

$dprint_file = '';
function dprint ($msg)
{
  global $dprint_file;
  if (!$dprint_file)
$dprint_file = fopen("/tmp/mp3.log", "a");
  fprintf ($dprint_file, "%s", $msg);
}

  Good luck, and if anyone makes something useful out of this, I'd like to
  hear about it!

-- 
   Morgan Hughes
   C programmer and highly caffeinated mammal.
   [EMAIL PROTECTED]
   ICQ: 79293356







-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] sendmail problem!

[Siamak]

hi
I use PEAR to send mails to my users through "sendmail", my mails sometimes
are delivered immediately, sometimes after some minutes and sometimes after
some hours and sometimes never! I tried to identify the cause but I wasn't
successful, is there someone out there who can help me? I want to send an
immediate message to my newly signed up users.
Tanks a lot before




-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] ignoring client supplied session data

[Rich Gray]

I know I'm late in on this thread but 

Ignoring cookies is easy - just don't set them and don't use any data in
$_COOKIE[]... or am I missing your point?

$_COOKIE[] data should be treated with far more caution than $_SESSION[]
i.e. it should be treated as hostile data. If you really have to recognise
users coming back to your site after their session has timed out then store
the bare minimum in the cookie e.g. an encrypted User ID. You can then use
that to look up their information in a database table and deal with their
profile accordingly. Users can switch off cookie support at any time or
delete/tamper with cookies so don't make your code reliant on the stuff
stored in them...

In effect it is up to you what you save and process from persistent
cookies...

HTH
Rich

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

I'm not worried about them using the query string for malicious purposes- I
have register_globals off... I'm worried about someone messing with their
cookie and sedding authorized to true- that _will_ change my $_SESSION
variable, unless I can find some way to ignore cookies, which brings us back
to my original question- how do i ignore all client input, _especially_
cookies??


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] printing screen without the print dialog

[Duky Yuen]

I am having this problem, I want to print something directly to my printer
without having that print dialog. What to do know? Is this possible?

Duky



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] ignoring client supplied session data

[Evan Nemerson]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

I'm not worried about them using the query string for malicious purposes- I 
have register_globals off... I'm worried about someone messing with their 
cookie and sedding authorized to true- that _will_ change my $_SESSION 
variable, unless I can find some way to ignore cookies, which brings us back 
to my original question- how do i ignore all client input, _especially_ 
cookies???


On Wednesday 27 November 2002 01:28 pm, you wrote:
> At 22:17 27.11.2002, Van Andel, Robert said:
> [snip]
>
> >On the other hand, I use only one query, searching for the username.  I
> > had experimented with other methods but did not find anything that I felt
> > gave me great security.  Using a session variable that says the person is
> > logged in can be placed into a query string therefore bypassing the
> > authentication process
>
> [snip]
>
> That's the main issue why register_globals is off by default since 4.2. If
> you don't use register_globals, your $_SESSION array is safe from
> intruders; only your script can set it from within your session. If any
> malicious guy passes a query variable ?$_SESSION['authorized']=true, this
> will only show up in the $_GET array, nowhere else. A print_r() of $_GET
> with this query string gives:
>
> $_GET = Array (
> [$_SESSION] = Array (
> ['authorized'] = 1
> )
> )
>
> You might want to check out
>
> http://www.php.net/manual/en/security.registerglobals.php
>
> to read about the security issues involved. Basically having
> register_globals set to on allows an arbitrary user to implant variables of
> their choice into PHP, making any script more than unsafe. Having it
> switched off allows YOU to control the data that you work with - an
> absolute MUST unless you're begging for trouble, IMHO.

- -- 
The public have an insatiable curiosity to know everything. Except what is 
worth knowing. Journalism, conscious of this, and having tradesman-like 
habits, supplies their demands.

- -Oscar Wilde
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE95UXI/rncFku1MdIRAgv/AJoDF1LfkUksKCUKvIniEqgXeBQPQgCaAvWI
1xOcGGd1wWdYu6P9mYtjOlc=
=Dv1o
-END PGP SIGNATURE-


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: [PHP-DEV] Parse search string a la Google (Regular expression?)

[Ernest E Vogelsinger]

>Benny Rasmussen wrote:
>> Hi,
>>
>> In my application I would like to offer a search interface like Google
>> and other popular search engines. The complication for me is to explode
>> the search string into proper array elements, like this:
>>
>> $search_str = "\"search for this sentence\" -NotForThisWord
>> ButDefinitelyForThisWord";
>>
>> $array[0]: "search for this sentence"
>> $array[1]: "-NotForThisWord"
>> $array[2]: "ButDefinitelyForThisWord"
>>
>> I have tried to use regular expressions but my case seems to be a bit
>> more complicated for this (?).
>>
>> Does anybody have a code snippet, a class or something, that can help
>> me with this?
[snip] 

If I understand you correctly you want to isolate either quoted strings
(with or without whitespace), or tokens separated by whitespace, as array
elements?

For this you would first have to isolate the first quoted sentence, then
tokenize the part before, and loop this as long you're not done.

Should work something like that:



function tokenize_search($input) {
$re = '/\s*(.*?)\s*"\s*([^"]*?)\s*"\s*(.*)/s';
/* look for 3 groups:
   a - prematch - anything up to the first quote
   b - match - anything until the next quote
   c - postmatch - rest of the string
*/
$tokens = array();
while (preg_match($re, $input, $aresult)) {
// aresult contains: [0]-total [1]-a [2]-b [3]-c
// tokenize the prematch
array_push($tokens, explode(' ', $aresult[1]));
array_push($tokens, $aresult[2]);
$input = $aresult[3];
}
// $input has the rest of the line
array_push($tokens, explode(' ', $input));
return $tokens;
}


Disclaimer: untested as usual. _Should_ behave like this:

$string = "\"search for this sentence\" -NotForThisWord
ButDefinitelyForThisWord";
$tokens = tokenize_search($string);
print_r($tokens);
Array(
[0] - search for this sentence
[1] - -NotForThisWord
[2} - ButDefinitelyForThisWord
)


-- 
   >O Ernest E. Vogelsinger
   (\)ICQ #13394035
^ http://www.vogelsinger.at/



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] search question

[Bryan Koschmann - GKT]

On Wed, 27 Nov 2002 [EMAIL PROTECTED] wrote:

|You could try any number of PHP functions, but the best ones would be
|strchr/strstr/stristr (for locating the first occurrence of the string),
|strpos (find the position of the first occurrence), or strrchr (to find the
|last).
|

I was just using something like below. Seems to work to find the string
anywhere in the name. Am I missing something or is it really that simple?

Bryan




-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: [PHP-DEV] Parse search string a la Google (Regular expression?)

[Sebastian Bergmann]

Benny Rasmussen wrote:
> Hi,
>
> In my application I would like to offer a search interface like Google
> and other popular search engines. The complication for me is to explode
> the search string into proper array elements, like this:
>
> $search_str = "\"search for this sentence\" -NotForThisWord
> ButDefinitelyForThisWord";
>
> $array[0]: "search for this sentence"
> $array[1]: "-NotForThisWord"
> $array[2]: "ButDefinitelyForThisWord"
>
> I have tried to use regular expressions but my case seems to be a bit
> more complicated for this (?).
>
> Does anybody have a code snippet, a class or something, that can help
> me with this?
>
> Thanks in advance,
> Joachim
>
> --
> PHP Development Mailing List 
> To unsubscribe, visit: http://www.php.net/unsub.php

  Forwarding to [EMAIL PROTECTED], since this would be the
  appropriate list for the topic.

  [EMAIL PROTECTED] is for the development *of* PHP itself, not for
  developing *with* PHP.

-- 
  Sebastian Bergmann
  http://sebastian-bergmann.de/ http://phpOpenTracker.de/

  Did I help you? Consider a gift: http://wishlist.sebastian-bergmann.de/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Streaming audio

[Morgan Hughes]

On Wed, 27 Nov 2002, Mako Shark wrote:

> Does anyone know how to do streaming audio with PHP?
> No clue if this is even possible. I've checked around
> a bit, looked at some script sites, but nothing seems
> to give a clue. I *think* it might be possible to set
> something like this up, but I'm not sure.

  Streaming how?  I've got a PHP script that plays MP3 files off the disk
  through an HTTP stream, that might be useful for you to start with.  I
  wrote so I could figure which MP3s were being played regularily, versus
  ones that could be deleted.  You could probably extend it by reading
  from some FIFO on your server, that another process was writing the MP3
  stream into, though you'd lose the ability to seek in it...  Mail me
  direct if you're interested.

  It includes the shoutcast metadata for updating the stream title as it
  goes, however it appears winamp ignores this data unless the response
  from the server is "ICY/1.0 200 OK" rather than the "HTTP 200 OK"...  As
  far as I can tell after checking the SAPI source and asking here, it's
  not possible to override that.

-- 
   Morgan Hughes
   C programmer and highly caffeinated mammal.
   [EMAIL PROTECTED]
   ICQ: 79293356




-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] ignoring client supplied session data

[Van Andel, Robert]

I will look into it.  I still consider my self a newbie in the process having picked 
up a book back in February and learning to do it.  I haven't gotten into using things 
like $_SESSION[] and similar with posting forms.  Thanks.

Robbert van Andel 
=== 
Network Operator 
NW Regional Operations Center 
Charter Communications 
ROC Phone: 866-311-6646 
Desk Phone: 360-828-6727 
email: DL NW ROC 
=== 


-Original Message-
From: Ernest E Vogelsinger [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, November 27, 2002 1:28 PM
To: Van Andel, Robert
Cc: Evan Nemerson; [EMAIL PROTECTED]
Subject: RE: [PHP] ignoring client supplied session data


At 22:17 27.11.2002, Van Andel, Robert said:
[snip]
>On the other hand, I use only one query, searching for the username.  I had 
>experimented with other methods but did not find anything that I felt gave 
>me great security.  Using a session variable that says the person is logged 
>in can be placed into a query string therefore bypassing the authentication 
>process
[snip] 

That's the main issue why register_globals is off by default since 4.2. If
you don't use register_globals, your $_SESSION array is safe from
intruders; only your script can set it from within your session. If any
malicious guy passes a query variable ?$_SESSION['authorized']=true, this
will only show up in the $_GET array, nowhere else. A print_r() of $_GET
with this query string gives:

$_GET = Array (
[$_SESSION] = Array (
['authorized'] = 1
)
) 

You might want to check out

http://www.php.net/manual/en/security.registerglobals.php

to read about the security issues involved. Basically having
register_globals set to on allows an arbitrary user to implant variables of
their choice into PHP, making any script more than unsafe. Having it
switched off allows YOU to control the data that you work with - an
absolute MUST unless you're begging for trouble, IMHO.


-- 
   >O Ernest E. Vogelsinger
   (\)ICQ #13394035
^ http://www.vogelsinger.at/



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] ignoring client supplied session data

[Ernest E Vogelsinger]

At 22:17 27.11.2002, Van Andel, Robert said:
[snip]
>On the other hand, I use only one query, searching for the username.  I had 
>experimented with other methods but did not find anything that I felt gave 
>me great security.  Using a session variable that says the person is logged 
>in can be placed into a query string therefore bypassing the authentication 
>process
[snip] 

That's the main issue why register_globals is off by default since 4.2. If
you don't use register_globals, your $_SESSION array is safe from
intruders; only your script can set it from within your session. If any
malicious guy passes a query variable ?$_SESSION['authorized']=true, this
will only show up in the $_GET array, nowhere else. A print_r() of $_GET
with this query string gives:

$_GET = Array (
[$_SESSION] = Array (
['authorized'] = 1
)
) 

You might want to check out

http://www.php.net/manual/en/security.registerglobals.php

to read about the security issues involved. Basically having
register_globals set to on allows an arbitrary user to implant variables of
their choice into PHP, making any script more than unsafe. Having it
switched off allows YOU to control the data that you work with - an
absolute MUST unless you're begging for trouble, IMHO.


-- 
   >O Ernest E. Vogelsinger
   (\)ICQ #13394035
^ http://www.vogelsinger.at/



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Streaming audio

[Ernest E Vogelsinger]

At 21:55 27.11.2002, Mako Shark said:
[snip]
>Does anyone know how to do streaming audio with PHP?
>No clue if this is even possible. I've checked around
>a bit, looked at some script sites, but nothing seems
>to give a clue. I *think* it might be possible to set
>something like this up, but I'm not sure.
[snip] 

Actually PHP doesn't stream; that's done by streaming server software, like
RealServer, WindowsMedia, or else.

What has PHP to do with it? Some possibilities:

(a) Stream embedded in website:
Since PHP constructs the page, it generates the tag to embed the media
player (WindowsMedia, RealMedia, QuickTime). The "source" entity of the tah
pointing to the actual stream might come from the database.

(b) Stream outside the website:
Similar to (a), PHP could create the link to the stream, link data coming
from the database.

(b) Dynamic/Redirected content:
Esp. with WindowsMedia, as with RealMedia, web servers may serve meta-files
containing data that directs the player to a certain stream. These meta
files come as a specific MIME type, and they can be created on the fly
(dynamically) by PHP.


-- 
   >O Ernest E. Vogelsinger
   (\)ICQ #13394035
^ http://www.vogelsinger.at/



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] ignoring client supplied session data

[Van Andel, Robert]

On the other hand, I use only one query, searching for the username.  I had 
experimented with other methods but did not find anything that I felt gave me great 
security.  Using a session variable that says the person is logged in can be placed 
into a query string therefore bypassing the authentication process

Robbert van Andel 

-Original Message-
From: Evan Nemerson [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, November 27, 2002 12:59 PM
To: Van Andel, Robert; [EMAIL PROTECTED]
Subject: Re: [PHP] ignoring client supplied session data


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

I was thinking about doing that, but I was hoping to avoid superfluous 
database queries. It is my fallback method, but i _really_ want to use 
sessions, but limit them to server-side modification.


On Wednesday 27 November 2002 12:51 pm, Van Andel, Robert wrote:
> What I do on my pages is perhaps a convoluted way of doing it but it works.
>  I set a username and password session variables. Every time the page loads
> the script verifies the username and password are correct.  If not, they
> don't get to see the rest.  This, in my mind, pervents someone from
> supplying a key variable like $_session['logged_in'].  This way they have
> to know the username and password.
>
> Robbert van Andel
>
>
> -Original Message-
> From: Evan Nemerson [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, November 27, 2002 12:39 PM
> To: [EMAIL PROTECTED]
> Subject: [PHP] ignoring client supplied session data
>
>
> I'm setting up a site using sessions right now, and I was just wondering if
> there is a way to ignore anything from the client side- I want them to POST
> a username and password, from there all data should be handled on the
> server.
>
> I'm already using the query string to avoid cookies, but I want to make
> sure that if the user _does_ have cookies on, any change in the data will
> be ignored by the server. Any suggestions?
>
> Basically, I think it would be a lot more efficient for me to set a
> _SESSION['logged_in'] variable once than query the database for every page,
> but I don't know if it would be secure or not- I don't want someone setting
> the logged_in variable in their cookie, then getting full access to the
> site...
>
>
> Thanks,
> Evan

- -- 
If anyone can show me, and prove to me, that I am wrong in thought or deed, I 
will gladly change. I seek the truth, hich never yet hurt anybody. It is only 
persistence in delusion and ignorance which does harm.

- -Marcus Aurelius
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE95TIp/rncFku1MdIRAgGdAKCQCNMUL+OuTomXQH07zr6tjn7cUwCcDMrU
Ucup8rpk4c3jS2w+5Ej6yNo=
=el8E
-END PGP SIGNATURE-


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Streaming audio

[Miles Thompson]

This may seem terribly naive, but what server streams the audio, Apache 
with an additional module? Or a special audio server?

If the former, it would seem quite straightforward I would assume (which is 
how I get myself into trouble and have such *interesting* assignments), 
Apache would issue the file, using appropriate headers.

For the second, why not do a redirect to the audio server, passing the 
necessary parameters?

Not knowing the first thing about how this works, why not?

Miles Thompson

At 12:55 PM 11/27/2002 -0800, Mako Shark wrote:
Does anyone know how to do streaming audio with PHP?
No clue if this is even possible. I've checked around
a bit, looked at some script sites, but nothing seems
to give a clue. I *think* it might be possible to set
something like this up, but I'm not sure.

__
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] ignoring client supplied session data

[Evan Nemerson]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

I was thinking about doing that, but I was hoping to avoid superfluous 
database queries. It is my fallback method, but i _really_ want to use 
sessions, but limit them to server-side modification.


On Wednesday 27 November 2002 12:51 pm, Van Andel, Robert wrote:
> What I do on my pages is perhaps a convoluted way of doing it but it works.
>  I set a username and password session variables. Every time the page loads
> the script verifies the username and password are correct.  If not, they
> don't get to see the rest.  This, in my mind, pervents someone from
> supplying a key variable like $_session['logged_in'].  This way they have
> to know the username and password.
>
> Robbert van Andel
>
>
> -Original Message-
> From: Evan Nemerson [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, November 27, 2002 12:39 PM
> To: [EMAIL PROTECTED]
> Subject: [PHP] ignoring client supplied session data
>
>
> I'm setting up a site using sessions right now, and I was just wondering if
> there is a way to ignore anything from the client side- I want them to POST
> a username and password, from there all data should be handled on the
> server.
>
> I'm already using the query string to avoid cookies, but I want to make
> sure that if the user _does_ have cookies on, any change in the data will
> be ignored by the server. Any suggestions?
>
> Basically, I think it would be a lot more efficient for me to set a
> _SESSION['logged_in'] variable once than query the database for every page,
> but I don't know if it would be secure or not- I don't want someone setting
> the logged_in variable in their cookie, then getting full access to the
> site...
>
>
> Thanks,
> Evan

- -- 
If anyone can show me, and prove to me, that I am wrong in thought or deed, I 
will gladly change. I seek the truth, hich never yet hurt anybody. It is only 
persistence in delusion and ignorance which does harm.

- -Marcus Aurelius
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE95TIp/rncFku1MdIRAgGdAKCQCNMUL+OuTomXQH07zr6tjn7cUwCcDMrU
Ucup8rpk4c3jS2w+5Ej6yNo=
=el8E
-END PGP SIGNATURE-


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] **** Converting dynamic webpages into static HTML pages

[Rick Widmer]

When running PHP as a static binary, how does it handle text (HTML code)
that falls outsize of the  tags.  Is the text ignored or
outputted?


Outputted.  This can be very handy.  One thing I use it for is customizing 
configuration files where only a small percentage of the overall text needs 
to be modified.  Using  in the text makes it very powerful.



Now, my client has requested that I give him the ability to generate a
static version of the catalog so that he can burn it onto a CD for
distribution at trade shows.  He wants the CD to be a snapshot of the
catalog.  Furthermore, he wants to be able to generate this "snapshot"
frequently so that pricing info on the CD will be current.  To
accommodate this, the process for generating the snapshot must be easy
and intuitive.


If you are lucky, and the web site has links that will get you to all the 
products without searching or other  based activity, just point wget 
-kr at the site, and you will end up with a directory containing flat HTML 
files for all the database generated pages in the site.  Be sure the 
destination directory is in the same path as you want it to appear from the 
root directory of the CD.  You won't be able to put it in the root directory.

If you don't have good links in the program, you can use  -i 
input_file   to name all the pages you need to grab.

Try  >man wget   for details.

I haven't tried making this something that can be accessed from a CD using 
file:// based URLs, but I have been able to grab entire web sites to be 
hosted with Apache.  You may need to use sed or something to clean up the 
 tags.

Rick


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Streaming audio

[Mako Shark]

Does anyone know how to do streaming audio with PHP?
No clue if this is even possible. I've checked around
a bit, looked at some script sites, but nothing seems
to give a clue. I *think* it might be possible to set
something like this up, but I'm not sure.

__
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] ignoring client supplied session data

[Van Andel, Robert]

What I do on my pages is perhaps a convoluted way of doing it but it works.  I set a 
username and password session variables. Every time the page loads the script verifies 
the username and password are correct.  If not, they don't get to see the rest.  This, 
in my mind, pervents someone from supplying a key variable like 
$_session['logged_in'].  This way they have to know the username and password.

Robbert van Andel 


-Original Message-
From: Evan Nemerson [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, November 27, 2002 12:39 PM
To: [EMAIL PROTECTED]
Subject: [PHP] ignoring client supplied session data


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

I'm setting up a site using sessions right now, and I was just wondering if 
there is a way to ignore anything from the client side- I want them to POST a 
username and password, from there all data should be handled on the server.

I'm already using the query string to avoid cookies, but I want to make sure 
that if the user _does_ have cookies on, any change in the data will be 
ignored by the server. Any suggestions?

Basically, I think it would be a lot more efficient for me to set a 
_SESSION['logged_in'] variable once than query the database for every page, 
but I don't know if it would be secure or not- I don't want someone setting 
the logged_in variable in their cookie, then getting full access to the 
site...


Thanks,
Evan


- -- 
If you would be a real seeker after truth, you must at least once in your life 
doubt, as far as possible, all things.

- -Rene Descartes
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE95S1W/rncFku1MdIRAqdUAJ478Q5xFn7vDDE7RFXUI1aQnaZWBACgmN55
VNdAnVIliDD6eNwRm3R2SMQ=
=61VE
-END PGP SIGNATURE-


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] max file size on uploading files

[Nick Wilson]

* and then Ernest E Vogelsinger declared
> At 20:18 27.11.2002, Ernest E Vogelsinger spoke out and said:
> [snip]
> >Error 413 certainly denotes that the web server refuses to handle the
> >request. No idea how to configure this value but I'm sure it can be done
> >with Apache. I see a better chance of getting this answere on the apache
> >mailing list.
> [snip] 
> 
> I should check first and holler later.
> 
>  From the Apache docs (1.3.2):


Many thanks Ernest. It works fine on my hosts machine running 1.3 so
I'll downgrade my version as well, as rasmus has pointed out

Thanks for all your help ;-)

-- 
Nick Wilson //  www.tioka.com




-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] **** Converting dynamic webpages into static HTML pages

[Miles Thompson]

I'll have to pseudo code this, but following on from Matt's suggestion of a 
standalone php script to generate the necessary files, let the database do 
the work.

allproducts.php

select whatever fields are necessary from the database as 
parameters for catalog.php

work down the result set from the above query
create file for output naming it for the product number, 
e.g $prd_num.'html
execute catalog.php, (which you already have) passing it 
necessary params,
directing output to file handle for $prd_num.'html'
close the file
loop

create file index.php (or whatever)
write necessary header and initial content
work down the result set from the query a second time
write the description, embed image, product number as URL 
pointing to $prd_num.html
loop

If allproducts.php was to create one huge file of products, then abandon 
the second loop, just keep writing to the first file. (Or if using Matt's 
code, use ">>" instead of ">".)

Caveat - watch out for a table which may accidentally surround the whole of 
the output - this would bring NS 4.x to its knees.

HTH - Miles Thompson

At 02:57 PM 11/27/2002 -0500, Matt Vos wrote:
I'm not sure...
I always echo... I don't really like embedded code... gets confusing when
one part of the page is one thing and another is another.
At the very least you coudl try it, I know its farily easy to build a script
which will rip through the script to fix it to make it all php friendly.

The other alternative is to have a script require() the php file, just set
your variables in the script, then require('catalog.php');
All code will be executed as if it were part of the script.

Matt
- Original Message -
From: Ron Stagg <[EMAIL PROTECTED]>
To: Matt Vos <[EMAIL PROTECTED]>
Sent: Wednesday, November 27, 2002 2:49 PM
Subject: RE: [PHP]  Converting dynamic webpages into static HTML pages


I like your direction.

When running PHP as a static binary, how does it handle text (HTML code)
that falls outsize of the  tags.  Is the text ignored or
outputted?

Ron

-Original Message-
From: Matt Vos [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, November 27, 2002 12:42 PM
To: Ron Stagg; [EMAIL PROTECTED]
Subject: Re: [PHP]  Converting dynamic webpages into static HTML
pages

Compile php as a static binary (CGI execution mode?) and add something
liek
the following to your code at the top:

#!/usr/local/bin/php
$arg_count = 1;
while ($arg_count < count($argv))
{
$argument = $argv[$arg_count];
$arg_split = split("=",$argument);
$variable = trim($arg_split[0]);
$value = trim($arg_split[1]);

if ($variable != "" && $value != "") $$variable = $value;

$arg_count = $arg_count + 1;
}

Make catalog.php executable, then run it as such:
(assuming product_type and product_seq are the vars you use)
./catalog.php product_type=1 product_seq=2 > products.html

Matt

- Original Message -
From: Ron Stagg <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, November 27, 2002 2:18 PM
Subject: [PHP]  Converting dynamic webpages into static HTML pages


I have an interesting challenge.  I have built an online product catalog
that is driven entirely by the contents of the product database (MySQL).
The entire catalog is implemented in a single PHP script (catalog.php).
The dynamic nature of this implementation allows the catalog script to
generate hundreds of product description pages.

Now, my client has requested that I give him the ability to generate a
static version of the catalog so that he can burn it onto a CD for
distribution at trade shows.  He wants the CD to be a snapshot of the
catalog.  Furthermore, he wants to be able to generate this "snapshot"
frequently so that pricing info on the CD will be current.  To
accommodate this, the process for generating the snapshot must be easy
and intuitive.

My plan of attack is to generate static HTML files by running the
catalog script once for each product in the database. Here is my
quandary; instead of echoing the output to a buffer for Apache to send
off to the client, I need the script to output to a file.  I do not want
to write a second version of catalog.php that writes everything to file.
There must be an easier way to do this.  Is there a way I can access the
output buffer that Apache sends to the client?

Any other ideas?

Thanks,

Ron




--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Show only user that variable "music"contain "pop"

[Benjamin Trépanier]

$req = MYSQL_QUERY("SELECT id FROM $TBL_NEWS ORDER BY nom LIMIT 0,
$limit_news");
$res = MYSQL_NUM_ROWS($req);

This is my lines... It's not working... :-(

Thanks for your help



Le 27/11/02 15:23, « Support @ Fourthrealm.com » <[EMAIL PROTECTED]> a
écrit :

>
> If you only have one condition, then get rid of the AND in the where
> statement;
>
> Select only the fields that you need, instead of *
>
> Like this:
>
> SELECT id FROM $TBL_NEWS WHERE music LIKE '%pop%'  ORDER BY name
>
>
> Peter
>
> At 03:16 PM 11/27/2002 -0500, Benjamin Trépanier wrote:
>> Hi, I need information about  a simple command...
>>
>> I have a DB (of course...) and I need to show only "ID" that variable
>> "music"contain  "pop"
>>
>> I found this example that is suppose to do a similar thing in a msql
>> query...
>>
>> SELECT * FROM $TBL_NEWS WHERE music LIKE '%pop%' AND  ORDER BY name
>>
>>
>> So it's not working properly...
>>
>> Thanks for your help
>>
>> Ben
>>
>>
>> --
>> PHP General Mailing List (http://www.php.net/)
>> To unsubscribe, visit: http://www.php.net/unsub.php
>
> - - - - - - - - - - - - - - - - - - - - -
> Fourth Realm Solutions
> [EMAIL PROTECTED]
> http://www.fourthrealm.com
> Tel: 519-739-1652
> - - - - - - - - - - - - - - - - - - - - -
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>


$req = MYSQL_QUERY("SELECT id FROM $TBL_NEWS ORDER BY nom LIMIT 0,
$limit_news");
$res = MYSQL_NUM_ROWS($req);

This is my lines... It's not working... :-(

Thanks for your help


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] ignoring client supplied session data

[Evan Nemerson]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

I'm setting up a site using sessions right now, and I was just wondering if 
there is a way to ignore anything from the client side- I want them to POST a 
username and password, from there all data should be handled on the server.

I'm already using the query string to avoid cookies, but I want to make sure 
that if the user _does_ have cookies on, any change in the data will be 
ignored by the server. Any suggestions?

Basically, I think it would be a lot more efficient for me to set a 
_SESSION['logged_in'] variable once than query the database for every page, 
but I don't know if it would be secure or not- I don't want someone setting 
the logged_in variable in their cookie, then getting full access to the 
site...


Thanks,
Evan


- -- 
If you would be a real seeker after truth, you must at least once in your life 
doubt, as far as possible, all things.

- -Rene Descartes
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE95S1W/rncFku1MdIRAqdUAJ478Q5xFn7vDDE7RFXUI1aQnaZWBACgmN55
VNdAnVIliDD6eNwRm3R2SMQ=
=61VE
-END PGP SIGNATURE-


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] **** Converting dynamic webpages into static HTML pages

[Ron Stagg]

Thank you! This is just what I was looking for.  I was not aware of the
output control functions.  Using the ob_ functions will make this
child's play.

Thanks again,

Ron

-Original Message-
From: Michael Hazelden [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, November 27, 2002 12:29 PM
To: Ron Stagg
Subject: RE: [PHP]  Converting dynamic webpages into static HTML
pages

While this does involve the creation of a second script - it's only a
small
change:

do an Ob_start at the beginning of the script ...

Then use ob_get_contents to output to a file at the end ... 

Two or three commands (including the fopen) which you'd have to add ...

How's that?

Michael.

-Original Message-
From: Ron Stagg [mailto:[EMAIL PROTECTED]]
Sent: 27 November 2002 19:19
To: [EMAIL PROTECTED]
Subject: [PHP]  Converting dynamic webpages into static HTML pages


I have an interesting challenge.  I have built an online product catalog
that is driven entirely by the contents of the product database (MySQL).
The entire catalog is implemented in a single PHP script (catalog.php).
The dynamic nature of this implementation allows the catalog script to
generate hundreds of product description pages.
 
Now, my client has requested that I give him the ability to generate a
static version of the catalog so that he can burn it onto a CD for
distribution at trade shows.  He wants the CD to be a snapshot of the
catalog.  Furthermore, he wants to be able to generate this "snapshot"
frequently so that pricing info on the CD will be current.  To
accommodate this, the process for generating the snapshot must be easy
and intuitive.
 
My plan of attack is to generate static HTML files by running the
catalog script once for each product in the database. Here is my
quandary; instead of echoing the output to a buffer for Apache to send
off to the client, I need the script to output to a file.  I do not want
to write a second version of catalog.php that writes everything to file.
There must be an easier way to do this.  Is there a way I can access the
output buffer that Apache sends to the client?
 
Any other ideas?
 
Thanks,
 
Ron


_
This message has been checked for all known viruses by the 
MessageLabs Virus Control Centre.

This message has been checked for all known viruses by the MessageLabs
Virus Control Centre.


*

Notice:  This email is confidential and may contain copyright material
of Ocado Limited (the "Company"). Opinions and views expressed in this
message may not necessarily reflect the opinions and views of the
Company.
If you are not the intended recipient, please notify us immediately and
delete all copies of this message. Please note that it is your
responsibility to scan this message for viruses.

Company reg. no. 3875000.  Swallowdale Lane, Hemel Hempstead HP2 7PY

*

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Multiple page form

[Steve Keller]

At 11/26/2002 10:42 AM, Shane  wrote:


It's been a while since I have done any PHP work. I am creating an online
employment application using multiple forms for a client. I was going to use
PHP. I don't remember if I need to pass variables along with the form for
each page, or can I just call them on the last page.


Shane, I recenty did a multi-page PHP form for a site that couldn't use a 
database. What I ended up doing in my own cludgy way was creating hidden 
form fields with each post, ie. extracting the http_post_vars and creating 
an  for each posted answer. This carried all the 
filled out questions across the pages, and, of course, I could echo answers 
to questions that were already given if the user went back to a previous page.

There was an additional hidden field for pageNo. The form POSTed to itself 
and INCLUDEd the section, ie. block of questions, specified by the pageNo.

The last page simply put all the answers together into a tab-delimited file 
and fired it off to the people who needed to see it so they could import it 
into spreadsheets.

The functional project is at:

http://alaskayouthmediaproject.org/survey/

And I'll gladly send you the code if you want, just Email me off the 
mailing list. It's far from perfect code, in fact I'd only been using PHP 
for two weeks or so when I wrote it, but I've gotten compliments on the 
ingenuity of it.
--
S. Keller
UI Engineer
The Health TV Channel, Inc.
(a non - profit organization)
3820 Lake Otis Pkwy.
Anchorage, AK 99508
907.770.6200 ext.220
907.336.6205 (fax)
Email: [EMAIL PROTECTED]
Web: www.healthtvchannel.org


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Show only user that variable "music"contain "pop"

[Support @ Fourthrealm.com]

If you only have one condition, then get rid of the AND in the where statement;

Select only the fields that you need, instead of *

Like this:

SELECT id FROM $TBL_NEWS WHERE music LIKE '%pop%'  ORDER BY name


Peter

At 03:16 PM 11/27/2002 -0500, Benjamin Trépanier wrote:

Hi, I need information about  a simple command...

I have a DB (of course...) and I need to show only "ID" that variable
"music"contain  "pop"

I found this example that is suppose to do a similar thing in a msql
query...

SELECT * FROM $TBL_NEWS WHERE music LIKE '%pop%' AND  ORDER BY name


So it's not working properly...

Thanks for your help

Ben


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


- - - - - - - - - - - - - - - - - - - - -
Fourth Realm Solutions
[EMAIL PROTECTED]
http://www.fourthrealm.com
Tel: 519-739-1652
- - - - - - - - - - - - - - - - - - - - -


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Show only user that variable "music"contain "pop"

[Benjamin Trépanier]

Hi, I need information about  a simple command...

I have a DB (of course...) and I need to show only "ID" that variable
"music"contain  "pop"

I found this example that is suppose to do a similar thing in a msql
query...

SELECT * FROM $TBL_NEWS WHERE music LIKE '%pop%' AND  ORDER BY name


So it's not working properly...

Thanks for your help

Ben


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] search question

[Liam . Gibbs]

<>

You could try any number of PHP functions, but the best ones would be
strchr/strstr/stristr (for locating the first occurrence of the string),
strpos (find the position of the first occurrence), or strrchr (to find the
last).

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP/MySQL Installation

[Federico Braghieri]

On Monday 25 November 2002 20:44, manh wrote:
>
> I am a beginner of PHP/MySQL. I have tried several times to install PHP3
> and MySQL (free products) to conduct some web pages for my company, but
> lots of trouble came up. I just followed the instruction on www.php.net
> but it did not help.
>
> Can you help me? Thanks.
>
> Manh.
> [EMAIL PROTECTED]

Hello,
I am also a beginner, and i have't found any trouble to install and use 
Apache-PHP-Mysql: but here i get you some hints:
1) the last version of PHP is 4.2.x: this major version( 4,x.x.) has a lot of 
features for connecting PHP-MySQL-Apache.
2) Installation of MYSQL is (with SUSE) more easy if you try to install the 
rpm(binary) version.

The best (obviusly) is to intall source package and then compiling it with all 
the options you want.
but isn't so easy doing..
Regards.
Federico


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Bad File Mode?

[Steve Keller]

I'm still trying to get a file posted to another server, but I seem to have 
run across an odd snag, and I was hoping someone can point out where I've 
gone wrong. Here's the code:


$data = "mtype=XMLDOC&outfile=true";
$dataFile = 
"http://www.healthtvchannel.org/courses/pay/data/test.xml";;
$fileSize = filesize($dataFile);
$fp = fopen($dataFile, "rb");
$strFile = fread($fp, $fileSize);
fclose($fp);

$osbURL="https://partners.netledger.com/SmbXml";;

$ch = curl_init();
$res = curl_setopt($ch, CURLOPT_POST, 1);
echo "Set Post: ".$res;
$res = curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
echo "Set Follow: ".$res;
$res = curl_setopt($ch, CURLOPT_VERBOSE, 1);
echo "Set Verbose: ".$res;
$res = curl_setopt($ch, CURLOPT_URL, $osbURL);
echo "Set URL: ".$res;
$res = curl_setopt($ch, CURLOPT_POSTFIELDS, 
$data."&mediafile=".$strFile);
echo "Set Postfields: ".$res;
$res = curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
echo "Set ReturnTransfer: ".$res;

$result = curl_exec($ch);
curl_close($ch);
echo $result;
?>

What I'm getting is

Warning: stat failed for 
http://www.healthtvchannel.org/courses/pay/data/test.xml (errno=2 - No such 
file or directory) in 
/usr/local/www/vhosts/healthtvchannel.org/htdocs/courses/pay/posttest.php 
on line 20

I'm positive the file exists, and if I cut and paste the URL from the error 
to a browser window, I can see the file. What am I doing wrong?
--
S. Keller
UI Engineer
The Health TV Channel, Inc.
(a non - profit organization)
3820 Lake Otis Pkwy.
Anchorage, AK 99508
907.770.6200 ext.220
907.336.6205 (fax)
Email: [EMAIL PROTECTED]
Web: www.healthtvchannel.org


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] search question

[Bryan Koschmann - GKT]

Hello,

I'm wondering what you all think the best way to "search" for a string is.
I guess its more of a matching (regex I'm thinking) but basically what I
want is this..

I'm outputting some rows of data. If one of the columns of that row
contain a string of text, either beginning, end, or middle, highlight it
with a different row color.

The part I need opinions on is matching the search. Would I just do an
ereg/preg?

Thanks,

Bryan


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] **** Converting dynamic webpages into static HTML pages

[Matt Vos]

I'm not sure...
I always echo... I don't really like embedded code... gets confusing when
one part of the page is one thing and another is another.
At the very least you coudl try it, I know its farily easy to build a script
which will rip through the script to fix it to make it all php friendly.

The other alternative is to have a script require() the php file, just set
your variables in the script, then require('catalog.php');
All code will be executed as if it were part of the script.

Matt
- Original Message -
From: Ron Stagg <[EMAIL PROTECTED]>
To: Matt Vos <[EMAIL PROTECTED]>
Sent: Wednesday, November 27, 2002 2:49 PM
Subject: RE: [PHP]  Converting dynamic webpages into static HTML pages


I like your direction.

When running PHP as a static binary, how does it handle text (HTML code)
that falls outsize of the  tags.  Is the text ignored or
outputted?

Ron

-Original Message-
From: Matt Vos [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, November 27, 2002 12:42 PM
To: Ron Stagg; [EMAIL PROTECTED]
Subject: Re: [PHP]  Converting dynamic webpages into static HTML
pages

Compile php as a static binary (CGI execution mode?) and add something
liek
the following to your code at the top:

#!/usr/local/bin/php
$arg_count = 1;
while ($arg_count < count($argv))
{
$argument = $argv[$arg_count];
$arg_split = split("=",$argument);
$variable = trim($arg_split[0]);
$value = trim($arg_split[1]);

if ($variable != "" && $value != "") $$variable = $value;

$arg_count = $arg_count + 1;
}

Make catalog.php executable, then run it as such:
(assuming product_type and product_seq are the vars you use)
./catalog.php product_type=1 product_seq=2 > products.html

Matt

- Original Message -
From: Ron Stagg <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, November 27, 2002 2:18 PM
Subject: [PHP]  Converting dynamic webpages into static HTML pages


I have an interesting challenge.  I have built an online product catalog
that is driven entirely by the contents of the product database (MySQL).
The entire catalog is implemented in a single PHP script (catalog.php).
The dynamic nature of this implementation allows the catalog script to
generate hundreds of product description pages.

Now, my client has requested that I give him the ability to generate a
static version of the catalog so that he can burn it onto a CD for
distribution at trade shows.  He wants the CD to be a snapshot of the
catalog.  Furthermore, he wants to be able to generate this "snapshot"
frequently so that pricing info on the CD will be current.  To
accommodate this, the process for generating the snapshot must be easy
and intuitive.

My plan of attack is to generate static HTML files by running the
catalog script once for each product in the database. Here is my
quandary; instead of echoing the output to a buffer for Apache to send
off to the client, I need the script to output to a file.  I do not want
to write a second version of catalog.php that writes everything to file.
There must be an easier way to do this.  Is there a way I can access the
output buffer that Apache sends to the client?

Any other ideas?

Thanks,

Ron




-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] max file size on uploading files

[Rasmus Lerdorf]

On Wed, 27 Nov 2002, Nick Wilson wrote:
> * and then Nick Wilson declared
> > Next step, try the script on another machine I guess Thnaks for the
> > help Ernest...
>
> Could it be an Apache 2.0 thing? -- just upgraded. THis is what I get:

That's actually a downgrade these days.  I'd strongly suggest sticking
with Apache 1.3.x for the time being.

-Rasmus


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] **** Converting dynamic webpages into static HTML pages

[Matt Vos]

Compile php as a static binary (CGI execution mode?) and add something liek
the following to your code at the top:

#!/usr/local/bin/php
$arg_count = 1;
while ($arg_count < count($argv))
{
$argument = $argv[$arg_count];
$arg_split = split("=",$argument);
$variable = trim($arg_split[0]);
$value = trim($arg_split[1]);

if ($variable != "" && $value != "") $$variable = $value;

$arg_count = $arg_count + 1;
}

Make catalog.php executable, then run it as such:
(assuming product_type and product_seq are the vars you use)
./catalog.php product_type=1 product_seq=2 > products.html

Matt

- Original Message -
From: Ron Stagg <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, November 27, 2002 2:18 PM
Subject: [PHP]  Converting dynamic webpages into static HTML pages


I have an interesting challenge.  I have built an online product catalog
that is driven entirely by the contents of the product database (MySQL).
The entire catalog is implemented in a single PHP script (catalog.php).
The dynamic nature of this implementation allows the catalog script to
generate hundreds of product description pages.

Now, my client has requested that I give him the ability to generate a
static version of the catalog so that he can burn it onto a CD for
distribution at trade shows.  He wants the CD to be a snapshot of the
catalog.  Furthermore, he wants to be able to generate this "snapshot"
frequently so that pricing info on the CD will be current.  To
accommodate this, the process for generating the snapshot must be easy
and intuitive.

My plan of attack is to generate static HTML files by running the
catalog script once for each product in the database. Here is my
quandary; instead of echoing the output to a buffer for Apache to send
off to the client, I need the script to output to a file.  I do not want
to write a second version of catalog.php that writes everything to file.
There must be an easier way to do this.  Is there a way I can access the
output buffer that Apache sends to the client?

Any other ideas?

Thanks,

Ron



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] controlling ownership on file uploads ...

[Ernest E Vogelsinger]

At 20:27 27.11.2002, Kenn Murrah spoke out and said:
[snip]
>but if i don't have the permissions to do that ... ???
[snip] 

Since the Apache user ("www" in your case) owns the file it will always be
able to delete it again. If "www" doesn't have permissions to run chmod
there's not a lot that can be done. You may not chown a file to any other
user except yourself (unless you're root), or to any group you're not
member of. You need to check what groups the "www" user is member of.

In short - if you can create the file, you can delete it as well. (At least
that's what I've learned).


-- 
   >O Ernest E. Vogelsinger 
   (\) ICQ #13394035 
^ http://www.vogelsinger.at/

Re: [PHP] controlling ownership on file uploads ...

[Kenn Murrah]

but if i don't have the permissions to do that ... ???


- Original Message -
From: "Jason Wong" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, November 27, 2002 11:35 AM
Subject: Re: [PHP] controlling ownership on file uploads ...


> On Thursday 28 November 2002 01:04, Adam Voigt wrote:
> > exec("/bin/chown newuser:newuser /path/to/file");
>
> The user running apache  (in this case 'www') will most likely not have
the
> requisite permissions to perform that operation.
>
> > On Wed, 2002-11-27 at 12:03, Kenn Murrah wrote:
> > > Greetings.
> > >
> > > I've written a simple form to allow my clients to upload files to me,
and
> > > it works fine EXCEPT that the uploaded file is owned by "www" and I
while
> > > I can read the file, I don't have the necessary permissions to delete
it
> > > when done ...
>
> Use chmod() to make the file(s) rw by 'others'.
>
> --
> Jason Wong -> Gremlins Associates -> www.gremlins.biz
> Open Source Software Systems Integrators
> * Web Design & Hosting * Internet & Intranet Applications Development *
>
> /*
> Beware of Programmers who carry screwdrivers.
> -- Leonard Brandwein
> */
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
>


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] max file size on uploading files

[Ernest E Vogelsinger]

At 20:18 27.11.2002, Ernest E Vogelsinger spoke out and said:
[snip]
>Error 413 certainly denotes that the web server refuses to handle the
>request. No idea how to configure this value but I'm sure it can be done
>with Apache. I see a better chance of getting this answere on the apache
>mailing list.
[snip] 

I should check first and holler later.

 From the Apache docs (1.3.2):

LimitRequestBody directive
Syntax: LimitRequestBody bytes
Default: LimitRequestBody 0
Context: server config, virtual host, directory, .htaccess
Status: core
Compatibility: LimitRequestBody is only available in Apache 1.3.2 and later. 
This directive specifies the number of bytes from 0 (meaning unlimited) to
2147483647 (2GB) that are allowed in a request body. The default value is
defined by the compile-time constant DEFAULT_LIMIT_REQUEST_BODY (0 as
distributed).

The LimitRequestBody directive allows the user to set a limit on the
allowed size of an HTTP request message body within the context in which
the directive is given (server, per-directory, per-file or per-location).
If the client request exceeds that limit, the server will return an error
response instead of servicing the request. The size of a normal request
message body will vary greatly depending on the nature of the resource and
the methods allowed on that resource. CGI scripts typically use the message
body for passing form information to the server. Implementations of the PUT
method will require a value at least as large as any representation that
the server wishes to accept for that resource.

This directive gives the server administrator greater control over abnormal
client request behavior, which may be useful for avoiding some forms of
denial-of-service attacks.

If, for example, you are permitting file upload to a particular location,
and wich to limit the size of the uploaded file to 100K, you might use the
following directive:

LimitRequestBody 102400
[snip] 

Try this directive if you have access to the server configuration. If you
have only a virtual directory you might also use your .htaccess file,
provided the directory has been configured using AllowOverride Limit, or
AllowOverride All.


-- 
   >O Ernest E. Vogelsinger 
   (\) ICQ #13394035 
^ http://www.vogelsinger.at/

Re: [PHP] max file size on uploading files

[Ernest E Vogelsinger]

At 20:11 27.11.2002, Ernest E Vogelsinger spoke out and said:
[snip]
>Ooops - you should normally only get this with GET requests where the max.
>query string size is exceeded - I'd check the Apache docs though... seems
>positively to be connected to the web server.
[snip] 

wrong. From RFC2616 (http://ftp.rfc-editor.org/in-notes/rfc2616.txt):

10.4.14 413 Request Entity Too Large

   The server is refusing to process a request because the request
   entity is larger than the server is willing or able to process. The
   server MAY close the connection to prevent the client from continuing
   the request.

   If the condition is temporary, the server SHOULD include a Retry-
   After header field to indicate that it is temporary and after what
   time the client MAY try again.

10.4.15 414 Request-URI Too Long

   The server is refusing to service the request because the Request-URI
   is longer than the server is willing to interpret. This rare
   condition is only likely to occur when a client has improperly
   converted a POST request to a GET request with long query
   information, when the client has descended into a URI "black hole" of
   redirection (e.g., a redirected URI prefix that points to a suffix of
   itself), or when the server is under attack by a client attempting to
   exploit security holes present in some servers using fixed-length
   buffers for reading or manipulating the Request-URI.

Error 413 certainly denotes that the web server refuses to handle the
request. No idea how to configure this value but I'm sure it can be done
with Apache. I see a better chance of getting this answere on the apache
mailing list.


-- 
   >O Ernest E. Vogelsinger 
   (\) ICQ #13394035 
^ http://www.vogelsinger.at/

[PHP] **** Converting dynamic webpages into static HTML pages

[Ron Stagg]

I have an interesting challenge.  I have built an online product catalog
that is driven entirely by the contents of the product database (MySQL).
The entire catalog is implemented in a single PHP script (catalog.php).
The dynamic nature of this implementation allows the catalog script to
generate hundreds of product description pages.
 
Now, my client has requested that I give him the ability to generate a
static version of the catalog so that he can burn it onto a CD for
distribution at trade shows.  He wants the CD to be a snapshot of the
catalog.  Furthermore, he wants to be able to generate this "snapshot"
frequently so that pricing info on the CD will be current.  To
accommodate this, the process for generating the snapshot must be easy
and intuitive.
 
My plan of attack is to generate static HTML files by running the
catalog script once for each product in the database. Here is my
quandary; instead of echoing the output to a buffer for Apache to send
off to the client, I need the script to output to a file.  I do not want
to write a second version of catalog.php that writes everything to file.
There must be an easier way to do this.  Is there a way I can access the
output buffer that Apache sends to the client?
 
Any other ideas?
 
Thanks,
 
Ron

Re: [PHP] max file size on uploading files

[Nick Wilson]

* and then Van Andel, Robert declared
> One problem may be your browser timing out before the end of the script.  Another 
>may be (although I'm not 100% sure) is that the file excedes the max memory set aside 
>by PHP.

Thanks Robert, that's not it though

-- 
Nick Wilson //  www.tioka.com




-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] max file size on uploading files

[Ernest E Vogelsinger]

At 20:12 27.11.2002, Nick Wilson spoke out and said:
[snip]
>Request entity too large!
>
>The POST method does not allow the data transmitted, or the data volume 
>exceeds the capacity limit.
>
>If you think this is a server error, please contact the webmaster
>Error 413
[snip] 

Ooops - you should normally only get this with GET requests where the max.
query string size is exceeded - I'd check the Apache docs though... seems
positively to be connected to the web server.

Simple check - write some log file at the very beginning of your script to
see if the web server runs your script, or not (what I assume).


-- 
   >O Ernest E. Vogelsinger 
   (\) ICQ #13394035 
^ http://www.vogelsinger.at/

Re: [PHP] max file size on uploading files

[Nick Wilson]

* and then Nick Wilson declared
> Next step, try the script on another machine I guess Thnaks for the
> help Ernest...

Could it be an Apache 2.0 thing? -- just upgraded. THis is what I get:

Request entity too large!

The POST method does not allow the data transmitted, or the data volume exceeds the 
capacity limit.

If you think this is a server error, please contact the webmaster
Error 413

Thanks...

-- 
Nick Wilson //  www.tioka.com




-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] max file size on uploading files

[Nick Wilson]

* and then Ernest E Vogelsinger declared
> I can just guess here... you've got 1 billion in max_file_size, maybe this
> is way too big for the browser's (integer?) math? Does it upload without
> max_file_size? Did you try setting max_file_size to 1572864 (which is
> exactly 1.5 MB)?

Nope, that doesn't do it

> Try the above hints and tell us about the outcome.

Well, I checked the php.ini and all the other things that could possibly
go wrong *before I originally posted* but have now done it again. No joy
there either ;-(

Next step, try the script on another machine I guess Thnaks for the
help Ernest...

-- 
Nick Wilson //  www.tioka.com




-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] max file size on uploading files

[Ernest E Vogelsinger]

At 19:45 27.11.2002, Jason Wong spoke out and said:
[snip]
>Did you read the manual then? The bit after the 1st paragraph "Related 
>Configurations Note" ??
[snip] 

Jason, you may be a genius programmer, but you certainly lack style and
social skills.


-- 
   >O Ernest E. Vogelsinger 
   (\) ICQ #13394035 
^ http://www.vogelsinger.at/

Re: [PHP] max file size on uploading files

[Ernest E Vogelsinger]

At 19:02 27.11.2002, Nick Wilson spoke out and said:
[snip]
>Hi all, 
>
>I must be missunderstanding something here, I have this in an php 'upload
>form':
>
>
>
>So why won't it upload a 1.5MB file?
[snip] 

I can just guess here... you've got 1 billion in max_file_size, maybe this
is way too big for the browser's (integer?) math? Does it upload without
max_file_size? Did you try setting max_file_size to 1572864 (which is
exactly 1.5 MB)?

I found no mention of problems _refusing_ upload (except size exceeds, of
course) in the online manual. I only found that browsers can be directrd to
easily circumvent the limit (save html locally, edit form action to point
to your server, edit max_file_size, and there you go...)

Try the above hints and tell us about the outcome.


-- 
   >O Ernest E. Vogelsinger 
   (\) ICQ #13394035 
^ http://www.vogelsinger.at/

Re: [PHP] max file size on uploading files

[Jason Wong]

On Thursday 28 November 2002 02:40, Nick Wilson wrote:
> * and then Jason Wong declared
>
> > On Thursday 28 November 2002 02:02, Nick Wilson wrote:
> > > Hi all,
> > >
> > > I must be missunderstanding something here, I have this in an php
> > > 'upload form':
> > >
> > > 
> > >
> > > So why won't it upload a 1.5MB file?
> >
> > manual -> Handling File Uploads
>
> Why don't you just not reply? -- It's the first place I went "I must be
> missunderstanding something" --- Every time I post here you come along
> with some rude unhelpfull comment.

Did you read the manual then? The bit after the 1st paragraph "Related 
Configurations Note" ??

How about the section on "Common Pitfalls"?

-- 
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *

/*
"Existence of programs that do the impossible is
 not a proof that that "impossible" is now possible."

- Tigran Aivazian
*/


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] max file size on uploading files

[Van Andel, Robert]

One problem may be your browser timing out before the end of the script.  Another may 
be (although I'm not 100% sure) is that the file excedes the max memory set aside by 
PHP.

Robbert van Andel 

-Original Message-
From: Nick Wilson [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, November 27, 2002 10:03 AM
To: php-general
Subject: [PHP] max file size on uploading files


Hi all, 

I must be missunderstanding something here, I have this in an php 'upload
form':



So why won't it upload a 1.5MB file?

Many thanks

-- 
Nick Wilson //  www.tioka.com




-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] max file size on uploading files

[Nick Wilson]

* and then Jason Wong declared
> On Thursday 28 November 2002 02:02, Nick Wilson wrote:
> > Hi all,
> >
> > I must be missunderstanding something here, I have this in an php 'upload
> > form':
> >
> > 
> >
> > So why won't it upload a 1.5MB file?
> 
> manual -> Handling File Uploads

Why don't you just not reply? -- It's the first place I went "I must be
missunderstanding something" --- Every time I post here you come along
with some rude unhelpfull comment.

Go and annoy someone else, I'm here to ask for help not rude unhelpful
comments (again, and again and again)

-- 
Nick Wilson //  www.tioka.com




-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] FTP and security

[Jason Wong]

On Wednesday 27 November 2002 03:25, Richard Fox wrote:
> > > To relate this to php, I am ready to give up
> > > trying to make my
> > >
> > > system("scp ..");
> > >
> > > code work, because I will have to give the apache user more permissions
> > > than I am comfortable with.
> >
> > What exactly are the problems you're encountering using scp?
>
> I created an apache user, which I called apache, and  made sure this user
> could connect to the remote servers and created rsa keys so no passwords
> would be necessary (so my system($cmd) call would work). This is what
> happens when I run scp:

[snip]

> There is more output, but as you can see the read of the src files failed
> and an empty ibuf is sent. This command line call works if I am a normal
> user for whom I have set up known_hosts and authorized_keys. But the above
> is the result when I run scp as user 'apache'.

Here's what I've used before and it works for me:

In the HOME directory of the apache user I have the usual .ssh/known_hosts 
file.

Then in php, simply:

shell_exec("/usr/bin/scp -i id_dsa_key file_to_send [EMAIL PROTECTED]:/tmp/");

-- 
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *

/*
Finding out what goes on in the C.I.A. is like performing acupuncture
on a rock.
-- New York Times, Jan. 20, 1981
*/


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] IPs comparing

[Alister]

On Thu, 28 Nov 2002 02:19:18 +0800
Jason Wong <[EMAIL PROTECTED]> wrote:

> > I have several subnets in my network and want to show different webs
> > depending on the subnet the user was.
> > I know how to get the IP but not how to compare two IPs numeracally,
> > I mean:
> > If ((USER-IP > 192.168.0.1) && (USER-IP < 192.168.0.255))
> > Else if ((USER-IP > 192.168.1.1) && (USER-IP < 192.168.1.255))
> > What do you suggest me?
> 
> If the cases are as simple as the examples above then you can just use
> string comparison functions

Or look at the ip2long/long2ip functions (and there's a couple of other
IP handling classes in PEAR)

Alister

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] IPs comparing

[DL Neil]

Hi Jesús,

> I have several subnets in my network and want to show different webs
> depending on the subnet the user was.
>
> I know how to get the IP but not how to compare two IPs numeracally, I
mean:
>
>
> If ((USER-IP > 192.168.0.1) && (USER-IP < 192.168.0.255))
> Else if ((USER-IP > 192.168.1.1) && (USER-IP < 192.168.1.255))
> ...
>
> What do you suggest me?


I suggest treating them as strings, and use  (IF) equality/switch statements
to deliver the appropriate web...

Regards,
=dn


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] IPs comparing

[Jason Wong]

On Thursday 28 November 2002 01:51, Jesús Pérez wrote:
> Hi,
>
> I have several subnets in my network and want to show different webs
> depending on the subnet the user was.
>
> I know how to get the IP but not how to compare two IPs numeracally, I
> mean:
>
>
> If ((USER-IP > 192.168.0.1) && (USER-IP < 192.168.0.255))
> Else if ((USER-IP > 192.168.1.1) && (USER-IP < 192.168.1.255))
> ...
>
> What do you suggest me?

If the cases are as simple as the examples above then you can just use string 
comparison functions. Something like:

  if (strstr($USER_IP, '192.168.0.')) {
do_something(); ...

-- 
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *

/*
A memorandum is written not to inform the reader, but to protect the writer.
-- Dean Acheson
*/


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] controlling ownership on file uploads ...

[Jason Wong]

On Thursday 28 November 2002 01:47, 1LT John W. Holmes wrote:
> > Use chmod() to make the file(s) rw by 'others'.
>
> In my experience, this won't work for the same reason. Trying to run the
> chmod() function in PHP will give you an error about permission denied.

Works for me :) Maybe you're using safe mode?

-- 
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *

/*
If you see an onion ring -- answer it!
*/


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] max file size on uploading files

[Jason Wong]

On Thursday 28 November 2002 02:02, Nick Wilson wrote:
> Hi all,
>
> I must be missunderstanding something here, I have this in an php 'upload
> form':
>
> 
>
> So why won't it upload a 1.5MB file?

manual -> Handling File Uploads

-- 
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *

/*
Leave no stone unturned.
-- Euripides
*/


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] problem with https

[Peter Janett]

The fact that https://whatever gives you a 404 file not found means that
Apache SSL IS working, but it's not pointing where you want it to.

So, you need to check the DocumentRoot setting in httpd.conf and see that
it's pointing where you want it.

You probably either have a virtual host set on port 443 to point to the
wrong DocumentRoot, or you need to set one up on port 443, pointing to the
right DocumentRoot.

HTH,

Peter Janett

New Media One Web Services

New Upgrades Are Now Live!!!
Windows 2000 accounts - Cold Fusion 5.0 and Imail 7.1
Sun Solaris (UNIX) accounts - PHP 4.1.2, mod_perl/1.25,
Stronghold/3.0 (Apache/1.3.22), MySQL 3.23.43

PostgreSQL coming soon!

http://www.newmediaone.net
[EMAIL PROTECTED]
(303)828-9882


- Original Message -
From: "Andre Dubuc" <[EMAIL PROTECTED]>
To: "Vivek Kedia" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Wednesday, November 27, 2002 9:23 AM
Subject: Re: [PHP] problem with https


> Hi Vivek,
>
> If you are accessing https on localhost, you would need to enter:
>
> https://localhost/whatever_file
>
> You might want to check whether you have https enabled: check phpinfo()
under
> 'Apache Environment'. [HTTPS ] should be "on" as well.
>
> hth,
> Andre
>
>
> On Wednesday 27 November 2002 10:14 am, Vivek Kedia wrote:
> > i have apache 1.3.26 on php 4.2.3 everything else is
> > running fine except "https//whatever"   when i am
> > trying to access the files thru apache , I have looked
> > for SSL properties in httpd.conf and everything is
> > properly enables( that what i think ) . The error
> > generated is "page not found" and when i am running
> > without "s" in the "https://"; the page is being
> > displayed properly ,
> > Do any1 have any idea
> >
> >
> > vivek kedia
> > [EMAIL PROTECTED]
> >
> > __
> > Do you Yahoo!?
> > Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
> > http://mailplus.yahoo.com
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] controlling ownership on file uploads ...

[Peter Janett]

Since the user Apache is running as created the file, it owns it too.

Make a quick PHP script to delete the files when ready.

HTH,

Peter Janett

New Media One Web Services

New Upgrades Are Now Live!!!
Windows 2000 accounts - Cold Fusion 5.0 and Imail 7.1
Sun Solaris (UNIX) accounts - PHP 4.1.2, mod_perl/1.25,
Stronghold/3.0 (Apache/1.3.22), MySQL 3.23.43

PostgreSQL coming soon!

http://www.newmediaone.net
[EMAIL PROTECTED]
(303)828-9882

- Original Message -
From: "Kenn Murrah" <[EMAIL PROTECTED]>
To: "php list" <[EMAIL PROTECTED]>
Sent: Wednesday, November 27, 2002 10:03 AM
Subject: [PHP] controlling ownership on file uploads ...


> Greetings.
>
> I've written a simple form to allow my clients to upload files to me, and
it
> works fine EXCEPT that the uploaded file is owned by "www" and I while I
can
> read the file, I don't have the necessary permissions to delete it when
done
> ...
>
> Since this site is being hosted elsewhere, is there a way I can control
> ownership so that I can delete the file?  I've written my ISP/web hoster
and
> received no response -- usually that's their subtle way of telling me I
> should ask the PHP quiestion here :-)
>
> Any and all help would be appreciated.
>
> Thanks,
>
> kenn
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] max file size on uploading files

[Nick Wilson]

Hi all, 

I must be missunderstanding something here, I have this in an php 'upload
form':



So why won't it upload a 1.5MB file?

Many thanks

-- 
Nick Wilson //  www.tioka.com




-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] IPs comparing

[Jesús Pérez]

Hi,

I have several subnets in my network and want to show different webs
depending on the subnet the user was.

I know how to get the IP but not how to compare two IPs numeracally, I mean:


If ((USER-IP > 192.168.0.1) && (USER-IP < 192.168.0.255))
Else if ((USER-IP > 192.168.1.1) && (USER-IP < 192.168.1.255))
...

What do you suggest me?

Thanks,
Tackel.


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Password Script

[Vicky]

Hi everyone!

I'm looking to code a script that does the following. Please bear with me as
I'm a total novice at this ^^!

It's sort of like a multiple password thing. Users need to type in between 3
and 6 (I will be changing the use of this script and sometimes there will
only be 3 answers sometimes as many as 6) things. If they get it right
they'll be redirected to a page, if they get it wrong either a javascript
prompt will popup saying "Incorrect" or they'll be redirected to a different
page.

I'm not sure if I'll put a limit on how many times they can guess, so if you
could tell me how I would put a limit (say 10 guesses a day) I'd be
greatful.

Thank you! Please try and make your replies detailed so I can understand
them ^_~

-Vicky


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] controlling ownership on file uploads ...

[1LT John W. Holmes]

> On Thursday 28 November 2002 01:04, Adam Voigt wrote:
> > exec("/bin/chown newuser:newuser /path/to/file");
>
> The user running apache  (in this case 'www') will most likely not have
the
> requisite permissions to perform that operation.
>
> > On Wed, 2002-11-27 at 12:03, Kenn Murrah wrote:
> > > Greetings.
> > >
> > > I've written a simple form to allow my clients to upload files to me,
and
> > > it works fine EXCEPT that the uploaded file is owned by "www" and I
while
> > > I can read the file, I don't have the necessary permissions to delete
it
> > > when done ...
>
> Use chmod() to make the file(s) rw by 'others'.

In my experience, this won't work for the same reason. Trying to run the
chmod() function in PHP will give you an error about permission denied.

---John Holmes...


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] controlling ownership on file uploads ...

[Jason Wong]

On Thursday 28 November 2002 01:04, Adam Voigt wrote:
> exec("/bin/chown newuser:newuser /path/to/file");

The user running apache  (in this case 'www') will most likely not have the 
requisite permissions to perform that operation.

> On Wed, 2002-11-27 at 12:03, Kenn Murrah wrote:
> > Greetings.
> >
> > I've written a simple form to allow my clients to upload files to me, and
> > it works fine EXCEPT that the uploaded file is owned by "www" and I while
> > I can read the file, I don't have the necessary permissions to delete it
> > when done ...

Use chmod() to make the file(s) rw by 'others'.

-- 
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *

/*
Beware of Programmers who carry screwdrivers.
-- Leonard Brandwein
*/


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Session End

[Ernest E Vogelsinger]

At 18:04 27.11.2002, 1LT John W. Holmes spoke out and said:
[snip]
>I'm surprised that is actually working, since you never register $auth into
>the session.
[snip] 

Nothing to do with session... Here PHP_AUTH is used, so once logged in the
browser always transmits the realm's auth info. The script is constantly
looking up the database. Some kind of overkill... and also a drawback in
using the HTTP/Auth method. You cannot keep the browser from transmitting
auth info for the same realm.

If PHP_AUTH is to be used I'd suggest using a dynamic realm to keep the
browser from auto-logging in, some kind of this:

if (!$_SESSION['authorized'] && 
isset( $PHP_AUTH_USER ) && 
isset($PHP_AUTH_PW)) {
// do the database lookup here, if successful:
$_SESSION['authorized'] = true;
}
}
// no "else" here!
if (!$_SESSION['authorized']) {
$realm = date('Y/M/d H:i:s');
header('WWW-Authenticate: ' .
   'Basic realm="Pushpinder Singh\'s World ' .
   "($realm)"); 
header( 'HTTP/1.0 401 Unauthorized' );
echo 'Authorization Required.'; 
exit;
}

Do not destroy the session upon logout, just unset the auth variable:
unset($_SESSION['authorized']);

This will create a "unique" realm due to the use of date/time, so when the
user logs off he will be presented with a 401 response, even if the browser
has cached the login info from the previous login attempt. Another realm,
another game.

Disclaimer: untested, as usual.


-- 
   >O Ernest E. Vogelsinger 
   (\) ICQ #13394035 
^ http://www.vogelsinger.at/

Re: [PHP] Session End

[1LT John W. Holmes]

I'm surprised that is actually working, since you never register $auth into
the session.

Anyhow, you probably want the session_destroy() function.

www.php.net/session_destroy

---John Holmes...

- Original Message -
From: "Pushpinder Singh Garcha" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, November 27, 2002 11:53 AM
Subject: [PHP] Session End


Hi

I am have created an authentication system, wherein the user is
authenticated on the basis of a MySQL database.
Here is the code

You are authorized!';
}

?>


However this keeps the user logged on. I want to be able to close the
session once the user has finished his work.

How do I do that??
Many Thanks
--pS


Pushpinder Singh Garcha
_
Web Architect
T. Falcon Napier and Associates, Inc.

Off   :  704 987 6500
Cell  :  704 236 2939
Fax   :  704 987 5002
_


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] MySql->PHP->Excel=french weird chars

[Marios Adamantopoulos]

Hi all

I'm using a MySql database to save French data. In addition, I have a PHP
page which is using

header("Content-Type: application/vnd.ms-excel; name='excel'"); 
header("Content-Disposition: attachment; filename=filename.xls");

to save all the data from the database to the excel file.

The problem is that when I open the excel file I get this: é instead of
this: é and the same thing for all the French accented chars.

I've tried to save the data as acsv file too but I get the same problem.

Does anyone have a solution?

Many Thanks

Mario

_
Marios Adamantopoulos
Senior Developer

Tonic
+44 (0)20 7691 2227
+44 (0)7904 221663
www.tonic.co.uk

Recent projects
www.polydor.co.uk
www.adcecreative.org
www.sony-europe.com/pocketlife


Opinions, conclusions and other information in this message that do not
relate to the official business of Tonic Design Limited shall be
understood as neither given nor endorsed by them.

Re: [PHP] controlling ownership on file uploads ...

[Adam Voigt]

exec("/bin/chown newuser:newuser /path/to/file");

On Wed, 2002-11-27 at 12:03, Kenn Murrah wrote:
> Greetings.
> 
> I've written a simple form to allow my clients to upload files to me, and it
> works fine EXCEPT that the uploaded file is owned by "www" and I while I can
> read the file, I don't have the necessary permissions to delete it when done
> ...
> 
> Since this site is being hosted elsewhere, is there a way I can control
> ownership so that I can delete the file?  I've written my ISP/web hoster and
> received no response -- usually that's their subtle way of telling me I
> should ask the PHP quiestion here :-)
> 
> Any and all help would be appreciated.
> 
> Thanks,
> 
> kenn
> 
> 
> 
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 
-- 
Adam Voigt ([EMAIL PROTECTED])
The Cryptocomm Group
My GPG Key: http://64.238.252.49:8080/adam_at_cryptocomm.asc



signature.asc
Description: This is a digitally signed message part

[PHP] controlling ownership on file uploads ...

[Kenn Murrah]

Greetings.

I've written a simple form to allow my clients to upload files to me, and it
works fine EXCEPT that the uploaded file is owned by "www" and I while I can
read the file, I don't have the necessary permissions to delete it when done
...

Since this site is being hosted elsewhere, is there a way I can control
ownership so that I can delete the file?  I've written my ISP/web hoster and
received no response -- usually that's their subtle way of telling me I
should ask the PHP quiestion here :-)

Any and all help would be appreciated.

Thanks,

kenn



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Session End

[Pushpinder Singh Garcha]

Hi

I am have created an authentication system, wherein the user is 
authenticated on the basis of a MySQL database.
Here is the code



$auth = false; // Assume user is not authenticated

if (isset( $PHP_AUTH_USER ) && isset($PHP_AUTH_PW)) {

// Connect to MySQL

mysql_pconnect( 'localhost', 'mysql', 'sunny' )
or die ( 'Unable to connect to server.' );

// Select database on MySQL server

mysql_select_db( 'testbed' )
or die ( 'Unable to select database.' );

// Formulate the query

$sql = "SELECT * FROM guest WHERE
login= '$PHP_AUTH_USER' AND
password = '$PHP_AUTH_PW'";

// Execute the query and put results in $result

$result = mysql_query( $sql )
or die ( 'Unable to execute query.' );

// Get number of rows in $result.

$num = mysql_numrows( $result );

if ( $num != 0 ) {

// A matching row was found - the user is authenticated.

$auth = true;
		session_start();

}

}

if ( ! $auth ) {

header( 'WWW-Authenticate: Basic realm="Pushpinder Singh\'s World"' 
);
header( 'HTTP/1.0 401 Unauthorized' );
echo 'Authorization Required.';
exit;

} else {

echo 'You are authorized!';
}

?> 


However this keeps the user logged on. I want to be able to close the 
session once the user has finished his work.

How do I do that??
Many Thanks
--pS


Pushpinder Singh Garcha
_
Web Architect
T. Falcon Napier and Associates, Inc.

Off   :  704 987 6500
Cell  :  704 236 2939
Fax   :  704 987 5002
_

Re: [PHP] How Do I install php on Apache 2.0

[Adam Voigt]

A. What does having Adobe installed matter?
B. Why are you trying to run 2.0? Apache 2.0 isn't even recommended for
use with PHP on linux systems yet, let alone windows. You'd have much
better luck with the 1.3.27 version.

On Wed, 2002-11-27 at 11:22, Tweak2x wrote:
> Hello, I am on windows XP Pro, and I have adobe istalled. How can I get php
> to work on Apache? I download php-4.2.3 (the installer) and chose apache,
> and It didnt work. I still cant get my php to work for apache. Can somebody
> guide me step by steb through installing php on apache? thanks
> 
> 
> 
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 
-- 
Adam Voigt ([EMAIL PROTECTED])
The Cryptocomm Group
My GPG Key: http://64.238.252.49:8080/adam_at_cryptocomm.asc



signature.asc
Description: This is a digitally signed message part

[PHP] IIS and PHP with $HTTP_SERVER_VARS

[Shaun Garriock]

Hi
The problem I am having is as follows:
I setup PHP with IIS and it seems to work fine. I am creating a Intranet
site and would like to obtain the user logged on to the networks
username. I have setup basic auth but when I visit the site it asks me
for my username and password before I can get in. Integrated Windows
Auth is turned off. When I turn it on and try to login it says login
failed. I know that ASP can have a script added to the page to turn pass
through auth but I need one for PHP.
I am using $HTTP_SERVER_VARS["LOGON_USER"] to get the username and it
works when I login. I just need to get rid of the login box.
Please any help or ideas would be much appricated
Thanks for your help in advance.

Shaun Garriock


*** The contents of this message are confidential and are intended for the addressee 
only. The views expressed in this message do not necessarily represent those of Robert 
Gordon's College. Electronic mail transmission is not guaranteed to be secure, 
therefore, Robert Gordon's College does not accept liability for the contents of this 
transmission. This message does not form a legal binding contract. ***

Re: [PHP] problem with https

[Andre Dubuc]

Hi Vivek,

If you are accessing https on localhost, you would need to enter:

https://localhost/whatever_file

You might want to check whether you have https enabled: check phpinfo() under 
'Apache Environment'. [HTTPS ] should be "on" as well. 

hth,
Andre


On Wednesday 27 November 2002 10:14 am, Vivek Kedia wrote:
> i have apache 1.3.26 on php 4.2.3 everything else is
> running fine except "https//whatever"   when i am
> trying to access the files thru apache , I have looked
> for SSL properties in httpd.conf and everything is
> properly enables( that what i think ) . The error
> generated is "page not found" and when i am running
> without "s" in the "https://"; the page is being
> displayed properly ,
> Do any1 have any idea
>
>
> vivek kedia
> [EMAIL PROTECTED]
>
> __
> Do you Yahoo!?
> Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
> http://mailplus.yahoo.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] How Do I install php on Apache 2.0

[Tweak2x]

Hello, I am on windows XP Pro, and I have adobe istalled. How can I get php
to work on Apache? I download php-4.2.3 (the installer) and chose apache,
and It didnt work. I still cant get my php to work for apache. Can somebody
guide me step by steb through installing php on apache? thanks



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] RE: object passing by reference

[Hoffman, Geoffrey]

Tom, you rule. It works.

I figured out my problem with my other script too.

I had written get and set accessor methods in my class. I discovered that
attempting to pass the reference to the set method in the class constructor
DOES NOT work, while setting it directly in the class constructor DOES work!

// DOES NOT WORK
class parentClass {
var $a;
function parentClass(&$_a){
$this->setA(&$_a);
}

function setA(&$_a){
$this->a =& $_a;
}
}

// DOES WORK
class parentClass {
var $a;
function parentClass(&$xa){
$this->a =& $xa;
}
// doesn't work from constructor
function setA(&$_a){
$this->a =& $_a;
}
}

Hope this helps someone else out there.

-Geoff


-Original Message-
From: Tom Rogers [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, November 27, 2002 7:56 AM
Cc: [EMAIL PROTECTED]

//[snip]
   function parentClass($_x, &$_child) {//<
//[snip]
   $this->child =& $_child;  //<<
//[snip]


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Parsing XML files, logic involved...

[Jeff Lewis]

I have to write a script to parse XML files we receive daily. The XML files are all 
individual stories but there is an index page that comes with each batch that contains 
blocks of information for each story as follows (below). I need to run through this 
index file and for each story I need to grab the NewsItemID, the Time, and then the 
SourceFilePath.

>From there I need to then open up the individual stories and do some formatting but 
>for now I need to get by this :) I was planning on line by line through the file but 
>am not sure how I would go about grabbing the information I require. Sometimes there 
>is a SourceFilepath but sometimes its missing.

Any help would be greatly appreciated.








&CPJavaScriptOpenWindow;
Chretien pushes Bush on softwood, agriculture, but gets no 
promises


(CP) - Prime Minister Jean Chretien said he pressed U.S. President George W. Bush on 
Tuesday to address festering trade disputes between the two countries, but got no 
assurances that disagreements over softwood lumber or agricultural subsidies would be 
resolved. Chretien, who raised the matters after a NATO meeting in the Italian 
capital, said he was "very forceful" with Bush. But he said the president blamed 
Congress for the logjam.



"It's always like that when you deal with the president of the United States: 'Yes, 
but the Congress and the Senate . . . ' In Canada you blame the prime minister or you 
congratulate the prime minister because he cannot pass the buck to anyone else."

Re: [PHP] sorting files in directory

[Nick Wilson]

* and then Justin French declared
> > How does php order these files if read from the directory and printed to
> > the screen?  -- I need them in date order, do I need to sort them
> > somehow?
> 
> There's an optional second parameter for asort() and rsort(), so check it
> out in the manual... it *may* be needed to get what you want.

Great, thanks everyone. Just wondered if it would have problems with
asort() and the dates in the filenames like:

*   02-11-23-whatever.php
*   02-12-03-whatever.php

Cheers...

-- 
Nick Wilson //  www.tioka.com




-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: My first XML!

[Manuel Lemos]

Hello,

On 11/27/2002 05:29 AM, Boris Kolev wrote:

  I want to know how i can export tree structure from Mysql table to
  XML
  mysql table structure is:
  ID - Group Unique Id
  P_ID - Parent Id
  Name - Name of group

  I want to make XML whit tree structure. Can some body help me!


You may want to try this class to compose nicely formatted XML documents:

http://www.phpclasses.org/xmlwriter

Or even this that already converts the XML data from and to MySQL:

http://www.phpclasses.org/mysql_xml

--

Regards,
Manuel Lemos


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: How to create zip files in PHP ?

[Hatem Ben]

check this, it could help :
http://www.phpclasses.org/browse.html/class/42.html

Hatem
- Original Message -
From: "Derick Rethans" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, November 27, 2002 4:26 PM
Subject: [PHP] Re: How to create zip files in PHP ?


> Php User wrote:
> >
> > How to create  zip files  in  PHP ?
> > I found that php's zip function  are read only...
> > Can any one help me with that ?
>
> See this tutorial on zend.com:
>
> http://www.zend.com/zend/spotlight/creating-zip-files1.php
> http://www.zend.com/zend/spotlight/creating-zip-files2.php
> http://www.zend.com/zend/spotlight/creating-zip-files3.php
>
> --
>
> -
>   Derick Rethans http://derickrethans.nl/
>   PHP Magazine - PHP Magazine for Professionals   http://php-mag.net/
> -
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: How to create zip files in PHP ?

[Manuel Lemos]

Hello,

On 11/27/2002 01:08 PM, Php User wrote:

How to create  zip files  in  PHP ?
I found that php's zip function  are read only...
Can any one help me with that ? 


You can find here a class ready to do exactly that:

http://www.phpclasses.org/phpzip


--

Regards,
Manuel Lemos


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] How to create zip files in PHP ?

[Marco Tabini]

You will have to invoke an external utility, like PKZIP on Windows or
zip on Linux to create the archives you need.


Marco
-- 

php|architect - The magazine for PHP Professionals
The monthly worldwide magazine dedicated to PHP programmers

Come visit us at http://www.phparch.com!

--- Begin Message ---
Hi,sir:

How to create  zip files  in  PHP ?
I found that php's zip function  are read only...
Can any one help me with that ? 

Thanks

Fongming 2002-11-28






-
This mail sent through IMP: http://web.horde.org/imp/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



--- End Message ---
-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: How to create zip files in PHP ?

[Derick Rethans]

Php User wrote:


How to create  zip files  in  PHP ?
I found that php's zip function  are read only...
Can any one help me with that ? 

See this tutorial on zend.com:

http://www.zend.com/zend/spotlight/creating-zip-files1.php
http://www.zend.com/zend/spotlight/creating-zip-files2.php
http://www.zend.com/zend/spotlight/creating-zip-files3.php

--

-
 Derick Rethans http://derickrethans.nl/
 PHP Magazine - PHP Magazine for Professionals   http://php-mag.net/
-


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] problem with https

[Adam Voigt]

At the bottom of your httpd.conf, in the default SSL section, there is a
path that normally points to /path/to/apache/htdocs if you store your
webfiles some where other then the default, even if you change it near
the top of your file, it won't work for SSL till you modify it at the
bottom, if you can't find it by just looking, do a search for "htdocs"
in your file, all the way down till you find it.

On Wed, 2002-11-27 at 10:14, Vivek Kedia wrote:
> i have apache 1.3.26 on php 4.2.3 everything else is
> running fine except "https//whatever"   when i am
> trying to access the files thru apache , I have looked
> for SSL properties in httpd.conf and everything is
> properly enables( that what i think ) . The error
> generated is "page not found" and when i am running
> without "s" in the "https://"; the page is being
> displayed properly ,
> Do any1 have any idea 
> 
> 
> vivek kedia
> [EMAIL PROTECTED]
> 
> __
> Do you Yahoo!?
> Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
> http://mailplus.yahoo.com
> 
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 
-- 
Adam Voigt ([EMAIL PROTECTED])
The Cryptocomm Group
My GPG Key: http://64.238.252.49:8080/adam_at_cryptocomm.asc



signature.asc
Description: This is a digitally signed message part