date:20040701

Alan McDonald wrote:
Does anyone know a way of getting the raw data passed back from a server?
I want to compare the total raw data sent back from Apache with that sent
back from IIS for a particular file. I don;t want any filtering at all and I
need to catch it so I can see it all.
Thanks
Alan
 

telnet hostname.com 80
GET /pathname HTTP/1.1
Host: hostname.com
(hit enter here again)

--
Raditha Dissanayake.
-
http://www.raditha.com/megaupload/upload.php
Sneak past the PHP file upload limits.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] HTTP_AUTHORIZATION question

Alan McDonald wrote:
I have files contained in a download directory (.doc, .xls etc files)
so I can't request authentication on each download from insie the files.
I use authentication against a DB for the rest of the site and all pages are
protected this way.
My only way to protect these download files is to place server
authentication on the folders they are contained in.
To avoid having to manage my users again as server users, does anyone know
how to set the HTTP_AUTHORIZATION variable at time of request?
I don't need high security, so the page setting the HTTP_AUTHORIZATION is
protected but does contain the username and pw couplet for the
HTTP_AUTHORIZATION setting.
 

There authorizations settings are supposed to be sent back to the server 
by the client so you cannot generate them with php. Your option include 
using .htpasswd that checks against a mysql database (please ask in the 
apache list.)  and keeping your downloads 'offline' and delivering them 
through a php script. The second suggested has been discussed to 
exaustion in this list in the past.

--
Raditha Dissanayake.
-
http://www.raditha.com/megaupload/upload.php
Sneak past the PHP file upload limits.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Online Users

2004-07-01 Thread Matt Palermo

Is it possible to make a table of all logged in users session ids and then
check to see if the session still exists every couple minutes?  So every
minute or two, it would go through the table and for each record it would
get the session id, then check that session id to see if it's still in
existance.  Is this possible to do?

Thanks,

Matt
http://sweetphp.com


"Zareef Ahmed" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Hi,
>   If you are using a database on your server you can
> do this as follows:
> 1. Make a table named
> active_users(userid,last_access);
> 2. Record every visit of a user to any page.
> 3. you can delete the entries from this table on a
> condition like ::
> delete from active_users where last_access is less
> than (currenttime-MAX_EXPIRE_TIME)
> 4. Display row count of active_users to visitors.
>
> This is just a hint. Some knowldge of php/any database
> assumed ,
>
> Revert back with any comment or problem.
>
> zareef ahmed
>
>
> --- Curt Zirzow <[EMAIL PROTECTED]> wrote:
> > * Thus wrote Matt Palermo:
> > > they click the logout button).  Basically I want
> > to be able to keep a list
> > > of all currently active users.  So if they close
> > out their browser, it will
> > > remove their name from the list (within a
> > reasonable time frame).  I'm
>
>
> =
> Zareef Ahmed :: A PHP Developer in Delhi(India).
> Homepage :: http://www.zasaifi.com
>
>
>
>
> __
> Do you Yahoo!?
> New and Improved Yahoo! Mail - 100MB free storage!
> http://promotions.yahoo.com/new_mail

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] HTTP_AUTHORIZATION question

2004-07-01 Thread Alan McDonald

I have files contained in a download directory (.doc, .xls etc files)
so I can't request authentication on each download from insie the files.
I use authentication against a DB for the rest of the site and all pages are
protected this way.
My only way to protect these download files is to place server
authentication on the folders they are contained in.

To avoid having to manage my users again as server users, does anyone know
how to set the HTTP_AUTHORIZATION variable at time of request?
I don't need high security, so the page setting the HTTP_AUTHORIZATION is
protected but does contain the username and pw couplet for the
HTTP_AUTHORIZATION setting.
Anyone know how? I know we stamped out URL methods of passing username and
pasword couplets but maybe there's another way?

This doesn't work
$_SERVER['HTTP_AUTHORIZATION'] = "Basic
".base64_encode("username:password");
because you can't appear to set this variable, only the server can set it
after it receives a
header('WWW-Authenticate: Basic realm="Test Authentication System"');
header.

thanks
Alan

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] HTTP RAW DATA

2004-07-01 Thread Alan McDonald

Does anyone know a way of getting the raw data passed back from a server?
I want to compare the total raw data sent back from Apache with that sent
back from IIS for a particular file. I don;t want any filtering at all and I
need to catch it so I can see it all.
Thanks
Alan

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Bug ?

2004-07-01 Thread zareef ahmed

Hi,

which version on php u r using?
it should work.
(Actually working on own system with php 4.3.2)
try 
$country_list[($country_symbol['AU'])];

Zareef Ahmed

--- adwinwijaya <[EMAIL PROTECTED]> wrote:
> Hi...
> 
> I found a bug (may be)
> I tried to do like this:
> 
> $temp = $country_list[$country_symbol['AU']] ;
> this didnt work, so I have to change to :
> 
> $symbol = $country_symbol['AU'];
> $temp = $country_list[$symbol] ;
> 
> is this PHP bug ?
> 
> -- 
> Best regards,
>  adwinwijaya 
> mailto:[EMAIL PROTECTED]

=
Zareef Ahmed :: A PHP Developer in Delhi(India).
Homepage :: http://www.zasaifi.com

__
Do you Yahoo!?
New and Improved Yahoo! Mail - Send 10MB messages!
http://promotions.yahoo.com/new_mail 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] PHP Bug ?

2004-07-01 Thread adwinwijaya

Hi...

I found a bug (may be)
I tried to do like this:

$temp = $country_list[$country_symbol['AU']] ;
this didnt work, so I have to change to :

$symbol = $country_symbol['AU'];
$temp = $country_list[$symbol] ;

is this PHP bug ?

-- 
Best regards,
 adwinwijaya  mailto:[EMAIL PROTECTED]

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Online Users

2004-07-01 Thread zareef ahmed

Hi,
  If you are using a database on your server you can
do this as follows:
1. Make a table named
active_users(userid,last_access);
2. Record every visit of a user to any page.
3. you can delete the entries from this table on a
condition like ::
delete from active_users where last_access is less
than (currenttime-MAX_EXPIRE_TIME)
4. Display row count of active_users to visitors.

This is just a hint. Some knowldge of php/any database
assumed , 

Revert back with any comment or problem.

zareef ahmed

--- Curt Zirzow <[EMAIL PROTECTED]> wrote:
> * Thus wrote Matt Palermo:
> > they click the logout button).  Basically I want
> to be able to keep a list
> > of all currently active users.  So if they close
> out their browser, it will
> > remove their name from the list (within a
> reasonable time frame).  I'm

=
Zareef Ahmed :: A PHP Developer in Delhi(India).
Homepage :: http://www.zasaifi.com

__
Do you Yahoo!?
New and Improved Yahoo! Mail - 100MB free storage!
http://promotions.yahoo.com/new_mail 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Online Users

* Thus wrote Matt Palermo:
> they click the logout button).  Basically I want to be able to keep a list
> of all currently active users.  So if they close out their browser, it will
> remove their name from the list (within a reasonable time frame).  I'm

No can do.

You'll just have to expire people from inactivity.


Curt
-- 
First, let me assure you that this is not one of those shady pyramid schemes
you've been hearing about.  No, sir.  Our model is the trapezoid!

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Online Users

2004-07-01 Thread Matt Palermo

I am trying to keep a MySQL table of all currently online users for a system
I'm making.  It's pretty simple to add the username to the list when they
login, but I don't know how to remove their username when they leave (unless
they click the logout button).  Basically I want to be able to keep a list
of all currently active users.  So if they close out their browser, it will
remove their name from the list (within a reasonable time frame).  I'm
basically trying to keep this list of online users for a chat application
I'm building.  Anyone have any suggestions on how to do this?

Thanks,

Matt
http://sweetphp.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: Create a function

2004-07-01 Thread Jason Barnett

Jason Barnett wrote:
$pages = array('index.html' => 'Home', 'search.html' => 'Search');
function menu($pages) {
  foreach ($pages as $page => $desc) {
if (stristr($_SERVER['SCRIPT_FILENAME']), $page) {
sheesh, $desc should be in between anchors
   echo '' . $desc . 
'';
} else {
   echo '' . $desc . '';
  }
}
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: Create a function

2004-07-01 Thread Jason Barnett

$pages = array('index.html' => 'Home', 'search.html' => 'Search');
function menu($pages) {
  foreach ($pages as $page => $desc) {
if (stristr($_SERVER['SCRIPT_FILENAME']), $page) {
  echo '' .
   $desc . '';
} else {
  echo '' . $desc . '';
  }
}
Home";
}else{
echo "Home";
}
?>
Search";
}else{
echo "Search";
}
?>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Create a function

2004-07-01 Thread John Taylor-Johnston

I have a menu with a bunch of items. How can I clean up this code and push it through 
a function?
Your basic newbie Question :)
Thanks,
John

Home";
}else{
echo "Home";
}
?>
Search";
}else{
echo "Search";
}
?>

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] regex problem

* Thus wrote Justin Patrin:
> On Thu, 1 Jul 2004 16:41:50 -0500, Josh Close <[EMAIL PROTECTED]> wrote:
> > 
> > I'm trying to get a simple regex to work. Here is the test script I have.
> > 
> > #!/usr/bin/php -q
> >  > 
> > $string = "hello\nworld\n";
> > $string = preg_replace("/[^\r]\n/i","\r\n",$string);
> 
> $string = preg_replace("/([^\r])\n/i","\\1\r\n",$string);
> 
> You could also use forward look-aheads, but I don't remember how to do
> that right now.

actually look-behind:
  preg_replace("/(?http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: regex problem

2004-07-01 Thread Josh Close

Thanks, that's exactly what I was looking for.

-Josh

On Thu, 01 Jul 2004 15:17:41 -0700, Lars Torben Wilson <[EMAIL PROTECTED]> wrote:
> 
> Josh Close wrote:
> 
> > I'm trying to get a simple regex to work. Here is the test script I have.
> >
> > #!/usr/bin/php -q
> >  >
> > $string = "hello\nworld\n";
> > $string = preg_replace("/[^\r]\n/i","\r\n",$string);
> 
> First, the short version. You can fix this by using backreferences:
> 
>   $string = preg_replace("/([^\r])\n/i", "\\1\r\n", $string);
> 
> Now, the reason:
> 
> preg_replace() replaces everything which matched, so both the \n and
> the character before it will be replaced (as they both had to match
> to make the pattern match).
> 
> Luckily, preg_replace() stores a list of matches, which you can use
> either later in the same pattern or in the replace string. This is
> called a 'backreference'. You can tell preg_replace() which part(s) of
> the pattern you want to store in this fashion by enclosing those parts
> in parentheses.
> 
> In your case, you want to store the character before the \n which matched,
> so you would enclose it in parentheses like so: "/([^\r])\n/i". Thereafter
> you can refer to that portion of the pattern match with the sequence \1.
> If you add another set of parens, you would refer to it with \2...and so
> on. You can even nest pattern matches like this, in which case they are
> counted by the opening paren. So the replacement string would then become
> "\\1\r\n". (You need the extra \ in front of \1 to prevent PHP's string
> interpolation parsing the \1 before it gets passed to preg_replace()).
> 
> A lot more information is available from the manual page on preg_replace():
> 
>http://www.php.net/preg_replace
> 
> There is also an extensive pages on pattern syntax:
> 
>http://www.php.net/manual/en/pcre.pattern.syntax.php
> 
> Hope this helps,
> 
> Torben
> 
> 
> 
> > $string = addcslashes($string, "\r\n");
> >
> > print $string;
> >
> > ?>
> >
> > This outputs
> >
> > hell\r\nworl\r\n
> >
> > so it's removing the char before the \n also.
> >
> > I just want it to replace a lone \n with \r\n
> >
> > -Josh
> 
>

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] regex problem

2004-07-01 Thread Josh Close

Why is it taking the char before the [^\r] also?

-Josh

On Thu, 1 Jul 2004 15:17:04 -0700, Justin Patrin <[EMAIL PROTECTED]> wrote:
> 
> On Thu, 1 Jul 2004 16:41:50 -0500, Josh Close <[EMAIL PROTECTED]> wrote:
> >
> > I'm trying to get a simple regex to work. Here is the test script I have.
> >
> > #!/usr/bin/php -q
> >  >
> > $string = "hello\nworld\n";
> > $string = preg_replace("/[^\r]\n/i","\r\n",$string);
> 
> $string = preg_replace("/([^\r])\n/i","\\1\r\n",$string);
> 
> You could also use forward look-aheads, but I don't remember how to do
> that right now.
> 
> > $string = addcslashes($string, "\r\n");
> >
> > print $string;
> >
> > ?>
> >
> > This outputs
> >
> > hell\r\nworl\r\n
> >
> > so it's removing the char before the \n also.
> >
> > I just want it to replace a lone \n with \r\n
> >
> > -Josh
> > 
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> > !DSPAM:40e48327189276451316304!
> >
> >
> 
> 
> --
> DB_DataObject_FormBuilder - The database at your fingertips
> http://pear.php.net/package/DB_DataObject_FormBuilder
> 
> paperCrane --Justin Patrin--
>

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: regex problem

2004-07-01 Thread Lars Torben Wilson

Josh Close wrote:
I'm trying to get a simple regex to work. Here is the test script I have.
#!/usr/bin/php -q

$string = "hello\nworld\n";
$string = preg_replace("/[^\r]\n/i","\r\n",$string);
First, the short version. You can fix this by using backreferences:
 $string = preg_replace("/([^\r])\n/i", "\\1\r\n", $string);
Now, the reason:
preg_replace() replaces everything which matched, so both the \n and
the character before it will be replaced (as they both had to match
to make the pattern match).
Luckily, preg_replace() stores a list of matches, which you can use
either later in the same pattern or in the replace string. This is
called a 'backreference'. You can tell preg_replace() which part(s) of
the pattern you want to store in this fashion by enclosing those parts
in parentheses.
In your case, you want to store the character before the \n which matched,
so you would enclose it in parentheses like so: "/([^\r])\n/i". Thereafter
you can refer to that portion of the pattern match with the sequence \1.
If you add another set of parens, you would refer to it with \2...and so
on. You can even nest pattern matches like this, in which case they are
counted by the opening paren. So the replacement string would then become
"\\1\r\n". (You need the extra \ in front of \1 to prevent PHP's string
interpolation parsing the \1 before it gets passed to preg_replace()).
A lot more information is available from the manual page on preg_replace():
  http://www.php.net/preg_replace
There is also an extensive pages on pattern syntax:
  http://www.php.net/manual/en/pcre.pattern.syntax.php
Hope this helps,
Torben
$string = addcslashes($string, "\r\n");
print $string;
?>
This outputs
hell\r\nworl\r\n
so it's removing the char before the \n also.
I just want it to replace a lone \n with \r\n
-Josh
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] regex problem

On Thu, 1 Jul 2004 16:41:50 -0500, Josh Close <[EMAIL PROTECTED]> wrote:
> 
> I'm trying to get a simple regex to work. Here is the test script I have.
> 
> #!/usr/bin/php -q
>  
> $string = "hello\nworld\n";
> $string = preg_replace("/[^\r]\n/i","\r\n",$string);

$string = preg_replace("/([^\r])\n/i","\\1\r\n",$string);

You could also use forward look-aheads, but I don't remember how to do
that right now.

> $string = addcslashes($string, "\r\n");
> 
> print $string;
> 
> ?>
> 
> This outputs
> 
> hell\r\nworl\r\n
> 
> so it's removing the char before the \n also.
> 
> I just want it to replace a lone \n with \r\n
> 
> -Josh
> 
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 
> !DSPAM:40e48327189276451316304!
> 
> 


-- 
DB_DataObject_FormBuilder - The database at your fingertips
http://pear.php.net/package/DB_DataObject_FormBuilder

paperCrane --Justin Patrin--

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] regex problem

2004-07-01 Thread Josh Close

I'm trying to get a simple regex to work. Here is the test script I have.

#!/usr/bin/php -q


This outputs

hell\r\nworl\r\n

so it's removing the char before the \n also.

I just want it to replace a lone \n with \r\n

-Josh

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Protecting database passwords

2004-07-01 Thread Peter Brodersen

On Thu, 01 Jul 2004 06:55:38 -0700, [EMAIL PROTECTED] (Bob Hockney)
wrote:

>What I am concerned about is a local user on the server machine, not access through 
>the web server.  It sounds like it can be done if there is a separate user or group 
>for the 
>web server process, but this site specific.  It would be difficult to distribute a 
>program 
>and use a generalized install routine to install the file containing the passwords to 
>be 
>edited by the site admin.

You could move the virtual host to its own file, only readable by root
(and include this virtual host-file in httpd.conf).

Use SetEnv in this virtual host to set values like DBUSER, DBPASS and
so on:
http://httpd.apache.org/docs/mod/mod_env.html#setenv
You can choose whatever names you like.

The PHP script would then just have to read these environment values
to retrieve username and password.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP5 contest

2004-07-01 Thread John W. Holmes

Siddharth Hegde wrote:
Does anyone know who to contact if they have any Qs regarding the PHP5
contest. One of the Qs I had - Are we allowed to use Pear library and
classes.
That's a good question. I bet that's asked frequently. They should make 
a list of questions like that and call it a QTAFA; Questions That Are 
Frequently Asked, or something...

http://www.zend.com/php5/contest/faq.php
;)
--
---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
php|architect: The Magazine for PHP Professionals – www.phparch.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP5 contest

2004-07-01 Thread Siddharth Hegde

>Do you mean the Zend PHP5 contest?
Yes,

Thank you

On Thu, 1 Jul 2004 19:28:02 +0100, Richard Davey <[EMAIL PROTECTED]> wrote:
> 
> Hello Siddharth,
> 
> Thursday, July 1, 2004, 7:17:52 PM, you wrote:
> 
> SH> Does anyone know who to contact if they have any Qs regarding the PHP5
> SH> contest. One of the Qs I had - Are we allowed to use Pear library and
> SH> classes.
> 
> Do you mean the Zend PHP5 contest? If so, yes you can use PEAR
> libraries.
> 
> Best regards,
> 
> Richard Davey
> --
> http://www.launchcode.co.uk - PHP Development Services
> "I am not young enough to know everything." - Oscar Wilde
> 
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 
>

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP5 contest

2004-07-01 Thread Richard Davey

Hello Siddharth,

Thursday, July 1, 2004, 7:17:52 PM, you wrote:

SH> Does anyone know who to contact if they have any Qs regarding the PHP5
SH> contest. One of the Qs I had - Are we allowed to use Pear library and
SH> classes.

Do you mean the Zend PHP5 contest? If so, yes you can use PEAR
libraries.

Best regards,

Richard Davey
-- 
 http://www.launchcode.co.uk - PHP Development Services
 "I am not young enough to know everything." - Oscar Wilde

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: I'm very curious about the object-orientated thingies in PHP 5.....

2004-07-01 Thread Lars Torben Wilson

Scott Fletcher wrote:
Hey everyone,
I'm very curious about the object-orientated thingies in PHP 5.  Anyone
know of a sample scripts I can read it on?  And how does it work since the
browser-webserver is one sided in communication or one way, not both way?
Scott F.

Zend.com is absolutely drowning in information about PHP 5, and is probably
your best bet to start.
The client-server nature of running PHP on the web and object orientation
are totally unrelated, so you don't have to worry about that.
Torben
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] [Stats] PHP Net List: June 2004

2004-07-01 Thread Bill Doerrfeld

--
Searchable archives for this list are available at

--
==
PHP Net List Stats
June, 2004
==
Note: Up/Down % as compared with May, 2004
Posts:   2109 (Down 6%)
Authors:  468 (Down 0%)
Threads:  567 (Down 6%)
Top 20 Contributors by Number of Posts
--
Curt Zirzow104
Marek Kilimajer 89
Justin Patrin   81
John Nichel 50
Torsten Roehr   46
Jay Blanchard   40
Daniel Clark39
Chris W. Parker 39
John W. Holmes  37
Jason Wong  36
Red Wingate 34
Matt Matijevich 31
Nguyen, Long P (Mission Systems 30
Ben Ramsey  27
Robert Sossomon 23
Steve Douville  23
raditha dissanayake 20
chris   18
Manuel Lemos17
Ryan Schefke17
Top 20 Threads by Number of Posts
--
[PHP] How to escape apostrophe in HTML textbox exactly???   26
[PHP] php installation verification 22
[PHP] Spammers  18
[PHP] Streaming 18
[PHP] ini_get   16
[PHP] index.php not loading up  15
[PHP] Read Last Lines of a Text File15
[PHP] PHP   14
[PHP] Call to undefined function:  bindtextdomain() 14
[PHP] a stupid question 14
[PHP] Protecting database passwords 14
[PHP] Problem with pspell module13
[PHP] Simple cms type system12
[PHP] Passing args to a PHP script from the command line12
[PHP] Cookie Security?  12
[PHP] TIFF display problem...   12
[PHP]  how to insert form data  11
[PHP] if/elseif/else v. switch  11
[PHP] Value in URL issue11
[PHP] " in data 11
Top 20 Search Terms by Number of Requests
--
mail 6
973  2
setup2
fwrite   2
smtp 2
mailhost 2
flash2
"error   1
class1
973" 1
The  1
host 1
error1
database 1
upload   1
is   1
regexp   1
newbie   1
invalid

[PHP] PHP5 contest

2004-07-01 Thread Siddharth Hegde

Hi,

Does anyone know who to contact if they have any Qs regarding the PHP5
contest. One of the Qs I had - Are we allowed to use Pear library and
classes.

Thanks,

- Sid

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] mysql_escape_string vs. mysqli_escape_string....

I'm using Firefox. If I use "mysql_escape_string()" I get a listing of
functions which does include mysql_escape_string and
mysqli_escape_string. It doesn't go straight to mysqli_escape_string,
though.

If you search without parenthesis, it works as expected. You don't
need (aren't supposed to use) parenthesis when searching for
functions.

On Thu, 1 Jul 2004 14:00:57 -0400, Scott Fletcher <[EMAIL PROTECTED]> wrote:
> 
> try "mysql_escape_string()". and I'm using Mozilla...
> 
> "Justin Patrin" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]
> 
> 
> > On Thu, 1 Jul 2004 09:37:46 -0400, Scott Fletcher <[EMAIL PROTECTED]> wrote:
> > >
> > > What the hell???  When I enter the "mysql_escape_string" in the "search
> for"
> > > textbox at www.php.net, I get a mysqli_escape_string result.  So, the
> > > question here is, is the website mistaken or is someone made a typo when
> > > posting to this php newsgroup???
> >
> > mysql_escape_string is definately there. Also, if I search for it, I
> > get it fine. Perhaps you didn't type it quite like that? Or maybe it's
> > been fixed since you posted. ;-)
> >
> > --
> > DB_DataObject_FormBuilder - The database at your fingertips
> > http://pear.php.net/package/DB_DataObject_FormBuilder
> >
> > paperCrane --Justin Patrin--
> 
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 



-- 
DB_DataObject_FormBuilder - The database at your fingertips
http://pear.php.net/package/DB_DataObject_FormBuilder

paperCrane --Justin Patrin--

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Protecting database passwords

2004-07-01 Thread Siddharth Hegde

Not really a direct solution, but anyways...You could use Turck
MMCache to convert the code into bytecode. That way nobody can see the
password, atleast not too easily.

- Sid

On Thu, 01 Jul 2004 16:28:57 +0100, Peter Risdon
<[EMAIL PROTECTED]> wrote:
> 
> Bob Hockney wrote:
> > Gerben wrote:
> >
> >
> >>I think he is talking about the password that is written inside the script
> >>in the mysql_connect statement. I think he is worried that someone could
> >>access it's code and find out the DB password.
> >
> >
> > What I am concerned about is a local user on the server machine, not access through
> > the web server.  It sounds like it can be done if there is a separate user or 
> > group for the
> > web server process, but this site specific.  It would be difficult to distribute a 
> > program
> > and use a generalized install routine to install the file containing the passwords 
> > to be
> > edited by the site admin.
> >
> > -Bob
> >
> 
> The only way I know to achieve this is to install apache with the suexec
> option. This has no effect on mod_php but does on the cgi version. So
> then install the cgi version of php. A virtual host can run with the
> effective uid and gid of the account holder (user). Scripts can then be
> installed in the cgi-bin, owned by that user with permissions 0700. No
> other user can see them yet apache will be able to execute them. The
> database password can be in your script or in an include file with these
> permissions.
> 
> If you want to distribute a program, there are obvious problems - apache
> is not always installed suexec and the cgi version of php is rarely
> installed (it doesn't conflict in any way with mod_php, though. You can
> have both).
> 
> Bear in mind that this issue affects every distributed php application,
> including horde, php groupware and so on. Most shared servers run a form
> of ftp that chroots users into their home directories, and this helps.
> The main thing is to keep the file with the password out of the webspace
> (an include path can be anywhere), or make an apache configuration file
> part of your distribution, to be included in httpd.conf (viz horde),
> that restricts access to a directory that is intended for configuration
> files.
> 
> Peter.
> 
> 
> 
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 
>

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] mysql_escape_string vs. mysqli_escape_string....

try "mysql_escape_string()". and I'm using Mozilla...

"Justin Patrin" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> On Thu, 1 Jul 2004 09:37:46 -0400, Scott Fletcher <[EMAIL PROTECTED]> wrote:
> >
> > What the hell???  When I enter the "mysql_escape_string" in the "search
for"
> > textbox at www.php.net, I get a mysqli_escape_string result.  So, the
> > question here is, is the website mistaken or is someone made a typo when
> > posting to this php newsgroup???
>
> mysql_escape_string is definately there. Also, if I search for it, I
> get it fine. Perhaps you didn't type it quite like that? Or maybe it's
> been fixed since you posted. ;-)
>
> -- 
> DB_DataObject_FormBuilder - The database at your fingertips
> http://pear.php.net/package/DB_DataObject_FormBuilder
>
> paperCrane --Justin Patrin--

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] XSL was:Re: [PHP] Is that a PECL in your pants?

- Edwin - wrote:
 

As far as XSLT and XSL, the one is prefered over the
other.
   

What do you mean by this? XSLT is preferred over XSL?
Any reasons why you can point me to? Thanks again.
 

I probably should have edited that part out, I only know
that through rumors. I'm unfamiliar with all the XSL(T)
stuff.
   

If my understanding is correct, it should NOT be XSLT vs XSL 
--it shouldn't be :)

I guess it's more on the underlying library. (i.e. Sablotron 
vs libxslt)

- E -
 

When it comes to XSLT with PHP confusion reigns. I have been a long time 
fan of PHP and XSLT but whenever I want to do some transformation I use 
the Sablot module in *perl*

Many people cant even get passed the compilation stage for the sablotron 
extension (hint: you need to link against libstdc++ )

--
Raditha Dissanayake.
-
http://www.raditha.com/megaupload/upload.php
Sneak past the PHP file upload limits.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Web live radio

ascll wrote:
SHOUTcast vs Icecast, which one is better and easier to setup?
 

that's not a question for the php list!
Thanks.
 


--
Raditha Dissanayake.
-
http://www.raditha.com/megaupload/upload.php
Sneak past the PHP file upload limits.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] mysql_escape_string vs. mysqli_escape_string....

On Thu, 1 Jul 2004 09:37:46 -0400, Scott Fletcher <[EMAIL PROTECTED]> wrote:
> 
> What the hell???  When I enter the "mysql_escape_string" in the "search for"
> textbox at www.php.net, I get a mysqli_escape_string result.  So, the
> question here is, is the website mistaken or is someone made a typo when
> posting to this php newsgroup???

mysql_escape_string is definately there. Also, if I search for it, I
get it fine. Perhaps you didn't type it quite like that? Or maybe it's
been fixed since you posted. ;-)

-- 
DB_DataObject_FormBuilder - The database at your fingertips
http://pear.php.net/package/DB_DataObject_FormBuilder

paperCrane --Justin Patrin--

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP]

2004-07-01 Thread Matt M.

On Thu, 01 Jul 2004 11:52:47 -0400, John Taylor-Johnston
<[EMAIL PROTECTED]> wrote:
> 
> Hi,
> I need another variable. I need the filename itself. I want to substitute
> 
> /var/www/html/new1/foo.html
> 
> for
> 
> /var/www/html/new1/phpinfo.htm


I am not exactly sure what you want to do but I think you should take
a look at the function basename

http://www.php.net/basename

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] sending html via SOAP

2004-07-01 Thread Vidyut Luther

Hi,
 I'm using the NuSOAP class to get some information from a different
physical server, so far i've gotten the basic methods done, but  I was
wondering if it's a good idea to have the server return a complete
html form back via the SOAP envelope, or should I do something else ?.

Just tryin to get ideas.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: I'm very curious about the object-orientated thingies in PHP 5.....

"Scott Fletcher" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Hey everyone,
>
> I'm very curious about the object-orientated thingies in PHP 5.
Anyone
> know of a sample scripts I can read it on?  And how does it work since the
> browser-webserver is one sided in communication or one way, not both way?

Hi Scott,

a bit of self-research shouldn't be too hard:
http://zend.com/php5/index.php

Regards, Torsten Roehr

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] I'm very curious about the object-orientated thingies in PHP 5.....

Hey everyone,

I'm very curious about the object-orientated thingies in PHP 5.  Anyone
know of a sample scripts I can read it on?  And how does it work since the
browser-webserver is one sided in communication or one way, not both way?

Scott F.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] mysql_escape_string() vs addslashes()...

In that case, I'll have to stick to addslashes() instead of
mysql_real_escape_string() because I'm escaping some of the PHP's post
string in the MySQL's syntax and not yet using the mysql's connection until
some decision making script play a role in it.  Blah!!

Thanks,
 Scott F.

"Curt Zirzow" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> * Thus wrote Scott Fletcher:
> > > > I would argue that something like mysql_escape_string() is better
than
> > > > addslashes(), so I agree with you for the most part anyway. :-) It
all
> > > > depends on what database is being used and how.
> >
> > Starting a new topic since the related-topic lists got too long.  So,
run
> > that again about what you meant by that and why???  Also, noticed that
> > mysql_esacpe_string() is an alias of mysql_real_escape_string, is that
> > right???
>
> Using the mysql_*_string functions lets the database client decide
> on what to escape.
>
> mysql_escape_string() has been deprecated for use, in place using
> mysql_real_escape_string(). the latter takes in to consideration
> the charset of the connection. So no, its not an alias.
>
>
> Curt
> -- 
> First, let me assure you that this is not one of those shady pyramid
schemes
> you've been hearing about.  No, sir.  Our model is the trapezoid!

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: Redirecting a user

2004-07-01 Thread John Taylor-Johnston

Apache can do this too, right?
I'm sure I saw a bit of code floating about?

Torsten Roehr wrote:

> "Shaun" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]
> > Hi,
> >
> > Please could someone tell me how I can redirect a user to the page they
> came
> > from including any query strings attached to the URL?
>
> header('location: ' . $_SERVER['REQUEST_URI']); exit;
>
> Regards,
> Torsten Roehr

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP]

2004-07-01 Thread John Taylor-Johnston

Hi,
I need another variable. I need the filename itself. I want to substitute

/var/www/html/new1/foo.html

for

/var/www/html/new1/phpinfo.htm

and then include

/var/www/html/new1/html/phpinfo.htm

This doesn't do it anymore. I can't see a way to go up to directory "html":



John

P.S. Happy Canada Day!

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] mysql_escape_string() vs addslashes()...

* Thus wrote Scott Fletcher:
> > > I would argue that something like mysql_escape_string() is better than
> > > addslashes(), so I agree with you for the most part anyway. :-) It all
> > > depends on what database is being used and how.
> 
> Starting a new topic since the related-topic lists got too long.  So, run
> that again about what you meant by that and why???  Also, noticed that
> mysql_esacpe_string() is an alias of mysql_real_escape_string, is that
> right???

Using the mysql_*_string functions lets the database client decide
on what to escape.

mysql_escape_string() has been deprecated for use, in place using
mysql_real_escape_string(). the latter takes in to consideration
the charset of the connection. So no, its not an alias.


Curt
-- 
First, let me assure you that this is not one of those shady pyramid schemes
you've been hearing about.  No, sir.  Our model is the trapezoid!

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Protecting database passwords

2004-07-01 Thread Peter Risdon

Bob Hockney wrote:
Gerben wrote:

I think he is talking about the password that is written inside the script
in the mysql_connect statement. I think he is worried that someone could
access it's code and find out the DB password.

What I am concerned about is a local user on the server machine, not access through
the web server. It sounds like it can be done if there is a separate user or group for the
web server process, but this site specific. It would be difficult to distribute a program
and use a generalized install routine to install the file containing the passwords to be
edited by the site admin.

-Bob
The only way I know to achieve this is to install apache with the suexec
option. This has no effect on mod_php but does on the cgi version. So
then install the cgi version of php. A virtual host can run with the
effective uid and gid of the account holder (user). Scripts can then be
installed in the cgi-bin, owned by that user with permissions 0700. No
other user can see them yet apache will be able to execute them. The
database password can be in your script or in an include file with these
permissions.

If you want to distribute a program, there are obvious problems - apache
is not always installed suexec and the cgi version of php is rarely
installed (it doesn't conflict in any way with mod_php, though. You can
have both).

Bear in mind that this issue affects every distributed php application,
including horde, php groupware and so on. Most shared servers run a form
of ftp that chroots users into their home directories, and this helps.
The main thing is to keep the file with the password out of the webspace
(an include path can be anywhere), or make an apache configuration file
part of your distribution, to be included in httpd.conf (viz horde),
that restricts access to a directory that is intended for configuration
files.

Peter.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Comparison Operator

* Thus wrote Michael Sims:
> Gabe wrote:
> > I was looking at the comparison operators page and noticed that these
> > two operators were listed as "PHP4 only".  Is that an error, or are
> > they really not used in PHP5?  I don't want to use them if they're
> > going to break when I upgrade.  And if they aren't included, then
> > does something else replace their functionality?
> >
> > Operators in question:
> > ===
> > !==
> 
> The "PHP 4 only" means those operators did not exist in PHP version 3.  The
> documentation should probably say "PHP 4 or later only"...

Thats been already fixed in the cvs version of the documentation
and will be up on the site when the documentation is rebuilt.

It now says 'introduced in PHP4'
 

Curt
-- 
First, let me assure you that this is not one of those shady pyramid schemes
you've been hearing about.  No, sir.  Our model is the trapezoid!

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: mysql_escape_string vs. mysqli_escape_string....

2004-07-01 Thread Thomas Seifert

Scott Fletcher wrote:
What the hell???  When I enter the "mysql_escape_string" in the "search for"
textbox at www.php.net, I get a mysqli_escape_string result.  So, the
question here is, is the website mistaken or is someone made a typo when
posting to this php newsgroup???
Scott F.
I get mysql_escape_string if I search for it.
These are two different mysql-modules so use the one for the module you 
use (probably just mysql_escape_string).

thomas
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Comparison Operator

2004-07-01 Thread Gabe

Michael Sims wrote:
Gabe wrote:
I was looking at the comparison operators page and noticed that these
two operators were listed as "PHP4 only".  Is that an error, or are
they really not used in PHP5?  I don't want to use them if they're
going to break when I upgrade.  And if they aren't included, then
does something else replace their functionality?
Operators in question:
===
!==

The "PHP 4 only" means those operators did not exist in PHP version 3.  The
documentation should probably say "PHP 4 or later only"...
That's what I suspected, but just wanted to make sure.  Thanks for the help.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Comparison Operator

2004-07-01 Thread Michael Sims

Gabe wrote:
> I was looking at the comparison operators page and noticed that these
> two operators were listed as "PHP4 only".  Is that an error, or are
> they really not used in PHP5?  I don't want to use them if they're
> going to break when I upgrade.  And if they aren't included, then
> does something else replace their functionality?
>
> Operators in question:
> ===
> !==

The "PHP 4 only" means those operators did not exist in PHP version 3.  The
documentation should probably say "PHP 4 or later only"...

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Comparison Operator

2004-07-01 Thread Gabe

I was looking at the comparison operators page and noticed that these 
two operators were listed as "PHP4 only".  Is that an error, or are they 
really not used in PHP5?  I don't want to use them if they're going to 
break when I upgrade.  And if they aren't included, then does something 
else replace their functionality?

Operators in question:
===
!==
Referenced URL:
http://www.php.net/manual/en/language.operators.comparison.php
Thanks!
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: Redirecting a user

"Shaun" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Hi,
>
> Please could someone tell me how I can redirect a user to the page they
came
> from including any query strings attached to the URL?

header('location: ' . $_SERVER['REQUEST_URI']); exit;

Regards,
Torsten Roehr

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Protecting database passwords

2004-07-01 Thread John W. Holmes

From: "Bob Hockney" <[EMAIL PROTECTED]>

> > I think he is talking about the password that is written inside the
script
> > in the mysql_connect statement. I think he is worried that someone could
> > access it's code and find out the DB password.
>
> What I am concerned about is a local user on the server machine, not
access through
> the web server.  It sounds like it can be done if there is a separate user
or group for the
> web server process, but this site specific.  It would be difficult to
distribute a program
> and use a generalized install routine to install the file containing the
passwords to be
> edited by the site admin.

If you're on a shared server, then you should ensure safe_mode is enabled
and open_basedir restrictions are in effect so the different users are
limited to their own directories. Otherwise, yeah, your script is wide open
to any other user on the machine that can run a PHP script. This goes for
almost _every_ hosting solution out there because not many of them run
safe_mode.

---John Holmes...

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Redirecting a user

2004-07-01 Thread Shaun

Hi,

Please could someone tell me how I can redirect a user to the page they came
from including any query strings attached to the URL?

Many thanks

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: Help ASAP

>"Syed Ghouse" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
>Hi All
>
>Will anybody tell me how to execute a shell script thru php
>
>and how to create a unix user thru php
>
>Thanks in advance
>
>Regards
>Syed

Take a look here:
http://de.php.net/function.shell-exec

Regards,
Torsten Roehr

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Help ASAP

2004-07-01 Thread Syed Ghouse

Hi All
(B
(BWill anybody tell me how to execute a shell script thru php
(B
(Band how to create a unix user thru php
(B
(BThanks in advance
(B
(BRegards
(BSyed

Re: [PHP] Protecting database passwords

2004-07-01 Thread Bob Hockney

Gerben wrote:

> I think he is talking about the password that is written inside the script
> in the mysql_connect statement. I think he is worried that someone could
> access it's code and find out the DB password.

What I am concerned about is a local user on the server machine, not access through 
the web server.  It sounds like it can be done if there is a separate user or group 
for the 
web server process, but this site specific.  It would be difficult to distribute a 
program 
and use a generalized install routine to install the file containing the passwords to 
be 
edited by the site admin.

-Bob

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: How to escape apostrophe in HTML textbox exactly???

Ah, when I enter the "mysql_escape_string" in the "search for" textbox, I
get a mysqli_escape_string webpage  So, it wasn't me that make a mistake
after all  I didn't know there is mysqli as well.

Scott F.

"Scott Fletcher" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Clicked on the search query on php.net and got to one website after
another
> which then lead to this website
>
> http://us4.php.net/manual/en/function.mysqli-real-escape-string.php
>
> Now, I see the problem, the "i" was added to the word, "mysql".  So,
> probably clicked on the wrong link somewhere because it is hard to read
the
> i after the l.
>
> Scott F.
>
> "Justin Patrin" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]
> > On Wed, 30 Jun 2004 15:41:42 -0400, Scott Fletcher <[EMAIL PROTECTED]>
> wrote:
> > >
> > > Bummer, mysql_escape_string() is available only in PHP 5 and up.  I'm
> using
> > > PHP 4.3.1
> >
> > I know that it's not. Where are you seeing that? According to the
manual:
> > http://us3.php.net/manual/en/function.mysql-escape-string.php
> >
> > mysql_escape_string
> > (PHP 4 >= 4.0.3, PHP 5)
> >
> > >
> > > "Chris Shiflett" <[EMAIL PROTECTED]> wrote in message
> > > news:[EMAIL PROTECTED]
> > >
> > >
> > > > --- Justin Patrin <[EMAIL PROTECTED]> wrote:
> > > > > You also shouldn't need addslashes when putting it in.
quoteSmart()
> in
> > > > > PEAR::DB is a *much* better option.
> > > >
> > > > That's great for those who use PEAR::DB, but it's not very safe to
> argue
> > > > against addslashes() based on what's in a specific PEAR module.
> > > >
> > > > I would argue that something like mysql_escape_string() is better
than
> > > > addslashes(), so I agree with you for the most part anyway. :-) It
all
> > > > depends on what database is being used and how.
> > > >
> > > > Chris
> > > >
> > > > =
> > > > Chris Shiflett - http://shiflett.org/
> > > >
> > > > PHP Security - O'Reilly
> > > >  Coming Fall 2004
> > > > HTTP Developer's Handbook - Sams
> > > >  http://httphandbook.org/
> > > > PHP Community Site
> > > >  http://phpcommunity.org/
> > >
> > > --
> > > PHP General Mailing List (http://www.php.net/)
> > > To unsubscribe, visit: http://www.php.net/unsub.php
> > >
> > > !DSPAM:40e31590154591440146407!
> > >
> > >
> >
> >
> > -- 
> > paperCrane --Justin Patrin--

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] mod_rewrite

2004-07-01 Thread David Bevan

Hi Pete,

Check out the documentation on the Apache site:
http://httpd.apache.org/docs-2.1/mod/mod_rewrite.html

They also have a URL Rewriting Guide:
http://httpd.apache.org/docs-2.1/misc/rewriteguide.html

Hope this helps.

Regards,

David

 


-Original Message-
From: pete M [mailto:[EMAIL PROTECTED] 
Sent: July 1, 2004 9:14 AM
To: [EMAIL PROTECTED]
Subject: [PHP] mod_rewrite


Know this is off topic bu can anyone help with a tuotial of something - 
been looking everywhere

All I want is a rule to  rewrite
www.example.com?page=mypage&id=20&this=that  to 
www.example.com/mypage/20/this

tia
Pete

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Is that a PECL in your pants?

2004-07-01 Thread Ford, Mike [LSS]

On 01 July 2004 04:10, John W. Holmes wrote:

> Can anyone explain the purpose of PECL to me besides what it
> says on the
> web page (http://pecl.php.net)?

Besides what's already been said, it also decouples the release cycles of
the extensions from that of PHP itself.  An upgrade to a PECL extension can
now be released at any time, and the latest version can (theoretically, at
least) be installed against any recent release of PHP.  For extensions which
are chosen to be bundled with PHP, the latest *stable* version of each
extension will be packaged in the PHP release.  (This will also eliminate
the time-honoured cry on php-internals of "Will all extension maintainers
please commit outstanding updates so we can roll version so-and-so"! ;)

Cheers!

Mike

-
Mike Ford,  Electronic Information Services Adviser,
Learning Support Services, Learning & Information Services,
JG125, James Graham Building, Leeds Metropolitan University,
Headingley Campus, LEEDS,  LS6 3QS,  United Kingdom
Email: [EMAIL PROTECTED]
Tel: +44 113 283 2600 extn 4730  Fax:  +44 113 283 3211 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] mysql_escape_string vs. mysqli_escape_string....

What the hell???  When I enter the "mysql_escape_string" in the "search for"
textbox at www.php.net, I get a mysqli_escape_string result.  So, the
question here is, is the website mistaken or is someone made a typo when
posting to this php newsgroup???

Scott F.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] mod_rewrite[Scanned]

2004-07-01 Thread Michael Egan

Pete,

There was a thread some time ago on the issue of cloaking URLs in which a couple of 
contributors pointed to tutorials on the following site:

http://www.alistapart.com/articles/urls/

HTH,

Michael Egan

-Original Message-
From: pete M [mailto:[EMAIL PROTECTED]
Sent: 01 July 2004 14:14
To: [EMAIL PROTECTED]
Subject: [PHP] mod_rewrite[Scanned]


Know this is off topic bu can anyone help with a tuotial of something - 
been looking everywhere

All I want is a rule to  rewrite
www.example.com?page=mypage&id=20&this=that  to 
www.example.com/mypage/20/this

tia
Pete

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php 
The information contained in this email (and in any attachments sent with it) is 
confidential. It is intended for the addressee only. Access to this email by anyone 
else is unintended and unauthorized.  
If you are not the original addressee, 3tc asks you to please maintain 
confidentiality. If you have received this email in error please notify 3tc 
immediately by replying to it, then destroy any copies and delete it from your 
computer system. 
Any use, dissemination, forwarding, printing or copying of this email by anyone except 
the addressee in the normal course of his/her business, is strictly prohibited. 3tc 
owns the copyright in this email and any document created by us and assert the right 
to be identified as the author of it. Copyright has not been transferred to the 
addressee. 
We protect our systems with Sophos Anti-virus -  
www.sophos.com 
 

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] mysql_escape_string() vs addslashes()...

> > I would argue that something like mysql_escape_string() is better than
> > addslashes(), so I agree with you for the most part anyway. :-) It all
> > depends on what database is being used and how.

Starting a new topic since the related-topic lists got too long.  So, run
that again about what you meant by that and why???  Also, noticed that
mysql_esacpe_string() is an alias of mysql_real_escape_string, is that
right???

Scott F.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: How to escape apostrophe in HTML textbox exactly???

Clicked on the search query on php.net and got to one website after another
which then lead to this website

http://us4.php.net/manual/en/function.mysqli-real-escape-string.php

Now, I see the problem, the "i" was added to the word, "mysql".  So,
probably clicked on the wrong link somewhere because it is hard to read the
i after the l.

Scott F.

"Justin Patrin" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> On Wed, 30 Jun 2004 15:41:42 -0400, Scott Fletcher <[EMAIL PROTECTED]>
wrote:
> >
> > Bummer, mysql_escape_string() is available only in PHP 5 and up.  I'm
using
> > PHP 4.3.1
>
> I know that it's not. Where are you seeing that? According to the manual:
> http://us3.php.net/manual/en/function.mysql-escape-string.php
>
> mysql_escape_string
> (PHP 4 >= 4.0.3, PHP 5)
>
> >
> > "Chris Shiflett" <[EMAIL PROTECTED]> wrote in message
> > news:[EMAIL PROTECTED]
> >
> >
> > > --- Justin Patrin <[EMAIL PROTECTED]> wrote:
> > > > You also shouldn't need addslashes when putting it in. quoteSmart()
in
> > > > PEAR::DB is a *much* better option.
> > >
> > > That's great for those who use PEAR::DB, but it's not very safe to
argue
> > > against addslashes() based on what's in a specific PEAR module.
> > >
> > > I would argue that something like mysql_escape_string() is better than
> > > addslashes(), so I agree with you for the most part anyway. :-) It all
> > > depends on what database is being used and how.
> > >
> > > Chris
> > >
> > > =
> > > Chris Shiflett - http://shiflett.org/
> > >
> > > PHP Security - O'Reilly
> > >  Coming Fall 2004
> > > HTTP Developer's Handbook - Sams
> > >  http://httphandbook.org/
> > > PHP Community Site
> > >  http://phpcommunity.org/
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> > !DSPAM:40e31590154591440146407!
> >
> >
>
>
> -- 
> paperCrane --Justin Patrin--

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] flock(), fclose() and O/S buffering

2004-07-01 Thread Michael Sims

Andrew Hill wrote:
> $fp = fopen("/tmp/lock.txt", "w+");
> if (flock($fp, LOCK_EX)) { // do an exclusive lock
>fwrite($fp, "$processName\n");
>flock($fp, LOCK_UN); // release the lock
> } else {
>echo "Couldn't lock the file !";
> }
> fclose($fp);
[...]
> In this case, although process B is the second process to obtain a
> lock and write its process name to the file, it is the first process
> to close the file handle.

I've used flock() quite a bit in Perl, but not so much in PHP.  I'm almost
positive that they both use the same system calls so I think the behavior
(at least under unix) is the same.  In Perl, you do not have to release a
lock before closing the file...the lock is automatically released on close.
Newer versions of Perl automatically flush the disk buffers when releasing a
lock, but it's still widely recommended that you do NOT release a lock
before closing a file if you have written to it, precisely because of the
race condition you pointed out.

From:
http://www.tcp.com/~mink/CLAM/week8.html

"...Locks will dissolve when the file is closed anyway (when your process
exits, if not before). If you unlock without closing, the buffer may not
have been flushed before another process tries to read the file. In that
case, the other process will get "old" data. There are ways around this, but
the easiest is to simply not use LOCK_UN on files you are really writing
to - simply close the files and release the locks that way..."

Also:
http://groups.google.com/groups?selm=388373bd.890334%40news.skynet.be
http://groups.google.com/groups?selm=Pine.GSO.3.96.97030353.695N-10%
40kelly.teleport.com

Of course these all apply to Perl, but I believe they could be applied to
PHP as well.  I wonder if this should be considered a documentation problem
with the given examples.

> My suspicion is that the answer to the above question is no, and as a
> result, in order to be certain of correctly serialising the file
> locking and output process, it would be necessary to use a separate
> lockfile, which is opened and locked *before* the file to be written
> to is opened, written, and then closed, after which the lock on the
> lockfile can be released.

I think that you will still have to do this, however, not because of the
fclose() issue but because you are opening the file in write mode, which
truncates it.  If you were opening in append mode you would be good by just
not releasing the lock before the fclose(), but since the fopen() in write
mode truncates the file BEFORE the lock is requested, you're in trouble
without using a separate lock file.  There is a note in PHP's flock()
documentation about that:

"Note:  Because flock() requires a file pointer, you may have to use a
special lock file to protect access to a file that you intend to truncate by
opening it in write mode (with a "w" or "w+" argument to fopen())."

So, I'd still go with getting an exclusive lock on a separate lock file,
writing to my actual file, then releasing the lock on the separate lock
file...

HTH

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] mod_rewrite

2004-07-01 Thread pete M

Know this is off topic bu can anyone help with a tuotial of something - 
been looking everywhere

All I want is a rule to  rewrite
www.example.com?page=mypage&id=20&this=that  to 
www.example.com/mypage/20/this

tia
Pete
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: Session file problem?

2004-07-01 Thread Daniel Kullik

[EMAIL PROTECTED] wrote:
Code I¹m using:
 session_cache_expire(0);
session_cache_limiter('private');
setcookie("cookie","",0,"/","iffinet.com",1);
session_start();
I use session_destroy(); in the logout function but the /tmp/sess_* file
does not get deleted.  Also the cookie doesn¹t go away even though it is set
to expire at the end of the session.  How can I get the /tmp/sess_* file to
go away along with the cookie?
This is a description of the problems I am having:
 

2 Problems: 

1. User A's information will come up when user B logs in instead of user B's
information coming up when user B logs in...  User A's information seems to
be cached in /tmp/sess_8ce0348cbf6704f96c2d8094e876ac3b.  Any ideas how to
keep this from happening?
2. When a user exits Internet Explorer without logging off and invoking
session_destroy(); the user cannot log back in immediately.  If I SSH into
the server and delete /tmp/sess_8ce0348cbf6704f96c2d8094e876ac3b then the
user can log back in.
Do I need to write a shell_exec routine to delete this file when the session
is destroyed?  How can I tell from the server that the user has closed the
window?   

Thanks again!
/T



You ought to check whether session_destroy() succeeds in removing the 
respective sess_* file. session_destroy() returns a boolean value.

Be aware that session_destroy() won't remove any existing cookies.
Also you should take a look at this notice 
(http://www.php.net/manual/en/function.session-cache-limiter.php):

[snip]
In private mode, the Expire header sent to the client may cause 
confusion for some browsers, including Mozilla. You can avoid this 
problem by using private_no_expire mode. The expire header is never sent 
to the client in this mode.
[/snip]

Daniel
--
WWE e-commerce IT GmbH
Eiffestrasse 462, D-20537 Hamburg
Tel.: +49-40-2530659-0, Fax: +49-40-2530659-50
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] flock(), fclose() and O/S buffering

2004-07-01 Thread Andrew Hill

Hi all,

I have a question about the way flock() and fclose() work in PHP.
Consider the following code, slightly modified from the flock() PHP
manual page:


$fp = fopen("/tmp/lock.txt", "w+");
if (flock($fp, LOCK_EX)) { // do an exclusive lock
   fwrite($fp, "$processName\n");
   flock($fp, LOCK_UN); // release the lock
} else {
   echo "Couldn't lock the file !";
}
fclose($fp);


If the above code was executed by two processes, process A and process
B, one possible sequence of events is:

Process A opens the file.
Process B opens the file.
Process A obtains an exclusive lock.
Process A writes it's process name to the file.
Process A releases the exclusive lock.
Process A closes the file.
Process B obtains an exclusive lock.
Process B writes it's process name to the file.
Process B releases the exclusive lock.
Process B closes the file.

The results would be as desired - that is, as process B obtained the
lock on the file after process A, it is process B's process name that is
in the contents of the file, not process A.

However, another possible sequence of events is:

Process A opens the file.
Process B opens the file.
Process A obtains an exclusive lock.
Process A writes it's process name to the file.
Process A releases the exclusive lock.
Process B obtains an exclusive lock.
Process B writes it's process name to the file.
Process B releases the exclusive lock.
Process B closes the file.
Process A closes the file.

In this case, although process B is the second process to obtain a lock
and write its process name to the file, it is the first process to close
the file handle.

This raises the question of when the operating system actually writes
file contents to disk. Is it when PHP performs an fwrite()? Or does the
O/S buffer the file contents?

Essentially, when performing the style of concurrent programming above,
can one be certain at what point in time the file contents will be
written (on any operating system)?

My suspicion is that the answer to the above question is no, and as a
result, in order to be certain of correctly serialising the file locking
and output process, it would be necessary to use a separate lockfile,
which is opened and locked *before* the file to be written to is opened,
written, and then closed, after which the lock on the lockfile can be
released.

Can anyone please confirm that this is the case?

Thanks,

-- 
Andrew Hill
[EMAIL PROTECTED]

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Protecting database passwords

2004-07-01 Thread Gerben

I think he is talking about the password that is written inside the script
in the mysql_connect statement. I think he is worried that someone could
access it's code and find out the DB password.

One solution is to make the database only accessible from localhost (you
could create a new user/pass for outside localhost). That way nobody has any
use for that password.
Furthermore I believe it's impossible to access the php code since apache
always runs it through PHP, but I'm not an expert on that.

"- Edwin -" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Hi,
>
> On Wednesday 30 June 2004 09:58, Bob Hockney wrote:
> > Hi there,
> >
> > I wrote a php script that accesses a database, and I am
> > wondering about securing the password to the database.  I
> > could prompt the user for the password every session, but
> > I don't necessarily want the user to have the password.
>
> You mean the password for the database? Why would the user
> need that? If the users need a password to access the site,
> then create one for the *site*. Only you and your scripts
> need to know what the password for the database is...
>
> > Unless I'm missing something, any on-disk place I store
> > the password needs to be readable by PHP, and therefore
> > isn't very secure.  I have restricted the rights of the
> > database user, but I'm wondering how others have dealt
> > with this, or maybe I'm completely missing the point.
>
> Or, am I missing the point? :)
>
> - E -

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Session file problem?

2004-07-01 Thread [EMAIL PROTECTED]

Code I¹m using:

 session_cache_expire(0);
session_cache_limiter('private');
setcookie("cookie","",0,"/","iffinet.com",1);
session_start();

I use session_destroy(); in the logout function but the /tmp/sess_* file
does not get deleted.  Also the cookie doesn¹t go away even though it is set
to expire at the end of the session.  How can I get the /tmp/sess_* file to
go away along with the cookie?

This is a description of the problems I am having:
 

2 Problems: 

1. User A's information will come up when user B logs in instead of user B's
information coming up when user B logs in...  User A's information seems to
be cached in /tmp/sess_8ce0348cbf6704f96c2d8094e876ac3b.  Any ideas how to
keep this from happening?

2. When a user exits Internet Explorer without logging off and invoking
session_destroy(); the user cannot log back in immediately.  If I SSH into
the server and delete /tmp/sess_8ce0348cbf6704f96c2d8094e876ac3b then the
user can log back in.

Do I need to write a shell_exec routine to delete this file when the session
is destroyed?  How can I tell from the server that the user has closed the
window?   

Thanks again!

/T

[PHP] Re: install/config error - please help

2004-07-01 Thread David Robley

On Wed, 30 Jun 2004 23:01, Long P Nguyen wrote:

> any ideas with this install/config error?
> 
> [EMAIL PROTECTED] php-4.3.7]# ./configure --with-mysql=/usr/local/mysql
> creating cache ./config.cache
> checking host system type... i686-pc-linux-gnu
> checking for gcc... gcc
> checking whether the C compiler (gcc  ) works... no
> configure: error: installation or configuration problem: C compiler cannot
> create executables.

Do you have gcc installed? If so, does the user running configure have
permissions to write to the current directory?

-- 
David Robley

"I'm as busy as a bee," Tom droned.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: problem with embeded objects and reference

2004-07-01 Thread Daniel Kullik

Vincent Dupont wrote:
Hi,
could anyone help on this 'by reference' problem.
I have 2 classes. The main class as a child class.
The child class has properties (array)
I would like to be able to manipulate the child's properties even after the child has 
been inserted into the main class.
Does this make sense?
I can do it with by getting a reference of the child class, then setting the 
property,like :
$tmp = & $main->getChild(); //get a reference to the child object
$tmp->setProperty("forth");//ok
OR
$main->setChildProperty("third"); //ok
but Whyt can't I do it directly by calling a reference to the child, like in :
$child1->setproperty("second"); //The property is not set or not displayed
I know I need a reference to the child class that is within the maoin class, but HOW??
Here is a complete example 


class class1{
var $child; //array
	function class1(){
		$this->properties = array();
	}
	
	//set the child object (class2)
	function & setChild($child){
		$this->child=$child;
	}
	
	//get the child object (class2), and call its setProperty method
	function setChildProperty($prop){ 
		$theChild = & $this->child;
		$theChild->setProperty($prop);
	}
	
	//return a reference to the child object
	function & getChild(){
		return $this->child;
	}
	
	//print the child object properties
	function display(){
		$this->child->toString();
	}

}
class class2{
var $properties; //array

function class2(){
$this->properties = array();
}

function & setProperty($new_property){
$this->properties[] = $new_property;
}

function & getProperty($index){
return $this->properties[$index];
}

function toString(){
print_r($this->properties);
}
}
$main = & new class1();
$child1 = & new class2();
$child1->setproperty("first");//displayed
$main->setChild($child1);
$child1->setproperty("second"); //NOT DISPLAYED
$main->setChildProperty("third"); //displayed
$tmp = & $main->getChild(); //get a reference to the child object
$tmp->setProperty("forth");//displayed
$main->display();
//output : Array ( [0] => first [1] => third [2] => forth ) 
?>
Hallo.
Thogh I am not really sure if this solves your problem,
but you should take a closer look at your method setChild().
Your parent-class has a property which you want to be an array.
[snip]
var $child; //array
[/snip]
But setChild() turns it into an object since the passed parameter
($child) is an object.
[snip]
$this->child=$child;
[/snip]
You should rather use something like array_push() or just
$this->child[] = $child;
Daniel
--
WWE e-commerce IT GmbH
Eiffestrasse 462, D-20537 Hamburg
Tel.: +49-40-2530659-0, Fax: +49-40-2530659-50
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: Converting strings to match multiple charsets

"Red Wingate" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> yep, as i said it was displayed correctly everywhere expect in the forms
> oh i might mention - Mozilla worked well but IE destroyed the data (only
> in textareas)

Do you run the utf8 decoded data through htmlentities()? What does the
source code say of the characters outside of the forms and inside the forms?
Could you maybe post some chars?

Regards, Torsten

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] What do I need in order to do the following with php.