date:20050301

On Wed, 2005-03-02 at 04:45, Ryan A wrote:
> Hey all,
> I have a client who has a computer store, now he wants to put all his stuff
> in one site.
> He does not want to do any selling from his site, but just list all his
> items.

I don't have a solution but I just wanted to say that the very first
thing that came to mind was.  

Warning Will Robinson.  Scope creep approaching! 

He does not want to do any selling from his site, NOW.  If you are going
to go to the trouble to set us something especially an existing solution
I would strongly recommend that you give the ability to grow into a cart
based ecommerce site serious weight over those catalog only solutions
that do not have that capability.  Best to look the hero when he says
"Ya know, I have had several customers that wish they could purchase via
a web site."

my $0.02 US.

Bret

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: PHP 5.1 CVS Interface Question

Jason Barnett wrote:
Gavin Roy wrote:
...
Is this a bug, or a new intended behavior?
Gavin

To get the long answer you can search through the php.internals list for
this topic.  The short answer is: this is the new intended behavior.
the short reason(ing) is it doesn't make sense to implement an interface
on something that isn't an object (i.e. a class). assume object == car, and
class == idea, an idea can't have a steering wheel interface because its not
a 'thing' (as such).
if you have a collection of singleton objects that all implement a public
interface then should those objects be singletons at all?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP5 Static Object Function Issue

Gavin Roy wrote:
I believe there is  small problem in PHP5 with regard to static
functions in uninstanced classes.  From discussions in various php irc
channels and what I've read about it in the docs, I can not call a
static function in an uninstanced class via a variable.  For example:
 $class = "MyClass";
 $instance = new $class();
works, but
 $class = "MyClass";
 $instance = $class::getInstance();
$func = array($class,'getInstance');
if (is_callable($func)) {
$instance = call_user_func($func);
}

if the class is only used in the singleton context then
why not only expose static public methods - let the class deal
with the instance internally:
class Test
{
protected function __construct() {}
protected static function getInstance() { /* do stuff then... */ return 
$instance; }
protected function _foo() { echo "say rrrhhh.\n"; }
static public function foo()
{
$x = self::getInstance();
$x->_foo();
}
}
Test::foo();
$func = array('Test','foo');
if (is_callable($func)) {
$rtnVal = call_user_func($func);
}
see also http://php.net/call_user_func_array
doesnt, where
 $instance = MyClass::getInstance();
does.
I know that some people might consider it poor design, but basically
I'm trying to dynamically reference singleton patterned classes using
getInstance to internally create an object instance and use that
instance for all processing.  As of right now it doesn't seem that it
is possible.  Is there a reason why it's not supported?  Will it be
supported in the future?
Gavin
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: Catalog or cart

2005-03-01 Thread Anguz

Hi Ryan,
I've used osCommerce as a catalog before, but it's a bit of a pain to 
customize. ZenCart is supposed to be easier, but I haven't tried it yet. 
For the last project I did of this kind, I wrote my own catalog script 
and I feel a lot more comfortable with that.

I do realize that it'll require a bit more work to add a cart to a 
catalog like that in the future, though, unless you use something simple 
like the cart provided by PayPal, but it's PayPal only.

Cristian
Ryan A wrote:
Hey all,
I have a client who has a computer store, now he wants to put all his stuff
in one site.
He does not want to do any selling from his site, but just list all his
items.
After looking via google and the the usual script sites, agora cart looks
pretty good and easy to maintain, other choices X-Cart,oscommerce,phpcatalog
I dont really want to build this from scratch as I am sure a lot of very
very good solutions are already out there and i would rather use the time
instead to either tweak the software to his particular needs/requests

for example:
he wants a few lines and a picture(optional) of his product (eg: a HP
printer) and when clicked on it should pop up a window with that products
details.

or cleaning up his design, digital snaps etc
I've never really worked on a site like this before so I would appreciate
any recommendations you have towards a cart or catalog system thats has
worked really well for you, or you heard is good or you helped develop etc
I would like a cart/catalog that is open source (does not have to be
free..but not expensive) so i can play with the code if need be.
The reason i was leaning towards a cart is, if he ever decides to sell
online, i dont want to build a whole extra piece of software to go with the
catalog.
Thanks in advance,
Ryan
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Supporting "Cancel"

2005-03-01 Thread anirudh dutt

On Tue, 1 Mar 2005 14:56:57 -0800 (PST), Richard Lynch <[EMAIL PROTECTED]> 
wrote:
> Anybody got a better idea for handling this sort of design in any
> reasonable fashion?

how about storing all the form info using sessions/session-style
steps. for stability/security, u can store all variables associated
with users' sessions. when a form is semi-submitted (i.e. not
finalized or whatever by the user but info has been sent). to keep
track of each variable and not mix them up between pages, use the page
name or the name of the procedure/task as the main array keys to the
arrays of variables.

$_SESSSION['adding_user']['user_name'] = 'foo' ;
$_SESSSION['adding_user']['home_page'] = 'example.com' ;
$_SESSSION['adding_user']['continue_at'] = 3;

the 'continue_at' is what is used to keep track of what the user has
half-done. so when he returns to a page that may have it's info set up
across several pages, u can directly show the (1.) next page to be
filled. even if it's on the same page in (2.) different sections, u
can use it to indicate what's needed next. u can even use it to store
the (3.) tab index of the form entry to be filled next, or depending
on the situation, the last form entry filled.

u can store the order of half-done stuff ('steps') as an array whose
values are the task names above.

this methodology has no behavioural dependencies on where u choose to
store the info. u need not even use sessions, but store the variables
for each task separately. once a log in situation is acknowledged, the
data can be picked up from anywhere. i'd use serializing it and
storing ALL of it in one row: (id , vars). easier to access lots of
info at one go. even if it's a large chunk. better than several slow
accesses for various checks.

i only mention this coz though my examples are with $_SESSION,
_anything_ can be used.

so when any task is performed, u can check which ones are left. in
fact, u can even add the page that has to handle it as part of the
stored info. so if half of user_add is complete and half of group_add,
if group_add needed info that user_add was to supply, then as soon as
all the user_add info is provided, u can re-direct to the page
(handler) for group_add.

$_SESSSION['steps'][0]['step'] = 'user_add' ;
$_SESSSION['steps'][0]['handler'] = 'adduser.php' ;
$_SESSSION['steps'][1] = array (
'step' => 'group_add' ,
'handler' => 'addgroup.php');

use some common format for GET vars to indicate to that page that it
should process the info, like '?do_it=1' and auto append when
re-directing or add it to handler for specific cases.
though, it would normally check for sufficient info before proceeding anyway.

once a task is processed completed, remove it's variables. ditto for
when a user cancels a task. u can even use the structure to record and
track dependencies between tasks and inform the user and/or have
cascading effects.

a not so elegant solution for the transaction handling of incomplete tasks...
for each independent data set could have an incomplete flag which u
check for while processing, so u can decide on what data u want based
on completion status. if u're using stored procedures or functions,
store the logic in them transparent to ur queries. so u can use the
data u have in the db, whether or not it's part of a completed
process.

(whether u keep fetching data from the db or store it in two places:
one for the forms, the other in the db as data...i leave to u to
decide).

modularity:
create functions or use classes handle all the tasks. since each page
only has to understand/use a subset of those vars (which would usually
be under one key); it'll be easy to work with each page's chunk of
data.

storage, propagation, ordering, etc. covered.
-- 
]#
Anirudh Dutt

...pilot of the storm who leaves no trace
like thoughts inside a dream

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Catalog or cart

2005-03-01 Thread Ryan A

Hey all,
I have a client who has a computer store, now he wants to put all his stuff
in one site.
He does not want to do any selling from his site, but just list all his
items.

After looking via google and the the usual script sites, agora cart looks
pretty good and easy to maintain, other choices X-Cart,oscommerce,phpcatalog

I dont really want to build this from scratch as I am sure a lot of very
very good solutions are already out there and i would rather use the time
instead to either tweak the software to his particular needs/requests


for example:
he wants a few lines and a picture(optional) of his product (eg: a HP
printer) and when clicked on it should pop up a window with that products
details.


or cleaning up his design, digital snaps etc

I've never really worked on a site like this before so I would appreciate
any recommendations you have towards a cart or catalog system thats has
worked really well for you, or you heard is good or you helped develop etc
I would like a cart/catalog that is open source (does not have to be
free..but not expensive) so i can play with the code if need be.
The reason i was leaning towards a cart is, if he ever decides to sell
online, i dont want to build a whole extra piece of software to go with the
catalog.

Thanks in advance,
Ryan



-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.300 / Virus Database: 266.5.6 - Release Date: 3/1/2005

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] web testing

2005-03-01 Thread Justin

Check out
http://www.badboy.com.au/
http://httpunit.sourceforge.net/
and
http://jakarta.apache.org/jmeter/index.html
...
Justin
blackwater dev wrote:
Hello,
I have a very large php web app and I am curious as to what others are
using for testing.   I know I can use simpletest to test at the code
level and also do some front end testing but I am looking for a nice
robust product to use to test the entire site.  I mean to touch every
page, fill out forms, etc.  What are others using...doesn't have to be
open source.
Thanks!
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] getting mac id

2005-03-01 Thread Tyler Replogle

lol, its been hard not to, its happened a few times but now that hotmail is 
250 mb i'm fine.

From: anirudh dutt <[EMAIL PROTECTED]>
Reply-To: anirudh dutt <[EMAIL PROTECTED]>
To: Tyler Replogle <[EMAIL PROTECTED]>
CC: php-general@lists.php.net
Subject: Re: [PHP] getting mac id
Date: Mon, 28 Feb 2005 07:27:22 +0530
MIME-Version: 1.0
Received: from wproxy.gmail.com ([64.233.184.196]) by mc11-f3.hotmail.com 
with Microsoft SMTPSVC(6.0.3790.211); Sun, 27 Feb 2005 17:57:23 -0800
Received: by wproxy.gmail.com with SMTP id 67so1905911wrifor 
<[EMAIL PROTECTED]>; Sun, 27 Feb 2005 17:57:22 -0800 (PST)
Received: by 10.54.46.8 with SMTP id t8mr90237wrt;Sun, 27 Feb 2005 
17:57:22 -0800 (PST)
Received: by 10.54.39.25 with HTTP; Sun, 27 Feb 2005 17:57:22 -0800 (PST)
X-Message-Info: JGTYoYF78jEHjJx36Oi8+Z3TmmkSEdPtfpLB7P/ybN8=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;s=beta; 
d=gmail.com;
h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:references; 
   
b=FLz2QcENnR004ksGTQ5TYqJitN2OHEqT3Pld2OQVPZAS1n9xXTbLNgifiu04IN55tl0Riehw8fmLj1LRAmKondLO/kzJJGw96vlb7Amb8x1ApUmE4zCVh/UZwwLVVv2hk6ciBp9LFFRkEI3llXd8CNDwxMZuYTBlHyEsrlK9OoQ=
References: <[EMAIL PROTECTED]> 
<[EMAIL PROTECTED]>
Return-Path: [EMAIL PROTECTED]
X-OriginalArrivalTime: 28 Feb 2005 01:57:23.0399 (UTC) 
FILETIME=[D8496570:01C51D38]

On Fri, 25 Feb 2005 15:52:02 -0800, Tyler Replogle <[EMAIL PROTECTED]> 
wrote:
> Hey,
>
> I've been on this mailing list for quite a while, but i think this is my
> first question. I'm not sure though.
>

congrats on managing not to exceed ur account limit ;-)
especially since u've "been on this mailing list for quite a while"
--
]#
Anirudh Dutt
...pilot of the storm who leaves no trace
like thoughts inside a dream
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] How can I secure database passwords used by PHP webpages

2005-03-01 Thread John Holmes

Rob Tanner wrote:
WE have a number of PHP webpages that access one of several MySql databases
and while the PHP files that contain the passwords cannot be accessed via the
web, we are becoming increasingly concerned over the possibility of other
webpage maintainers viewing those files.  How have other folks protected
database passwords needed by PHP apps?
Who are these "other webpage maintainers" and why do they have access to 
your PHP source code? This isn't a PHP issue. The MySQL password has to 
be in a file as plain text; there's no getting around that (as recently 
discussed on here). Your issue is controlling access to the machine and 
the files, so is an OS/policy/trust issue, imo.

--
---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
php|architect: The Magazine for PHP Professionals – www.phparch.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] web testing

2005-03-01 Thread blackwater dev

Hello,

I have a very large php web app and I am curious as to what others are
using for testing.   I know I can use simpletest to test at the code
level and also do some front end testing but I am looking for a nice
robust product to use to test the entire site.  I mean to touch every
page, fill out forms, etc.  What are others using...doesn't have to be
open source.

Thanks!

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] How can I secure database passwords used by PHP webpages

2005-03-01 Thread Rob Tanner

WE have a number of PHP webpages that access one of several MySql databases
and while the PHP files that contain the passwords cannot be accessed via the
web, we are becoming increasingly concerned over the possibility of other
webpage maintainers viewing those files.  How have other folks protected
database passwords needed by PHP apps?

Thanks.

-- 
Rob Tanner
UNIX Services Manager
Linfield College, McMinnville OR

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: PHP5 Static Object Function Issue

2005-03-01 Thread Gavin Roy

Well yes and no, conceivably, the system has no idea what singletons
are out there other than what is specified in a configuration file. 
You are in essence hard coding the class name in the switch.

Gavin


On Tue, 01 Mar 2005 17:47:24 -0500, Jason Barnett
<[EMAIL PROTECTED]> wrote:
> A switch statement can accomplish what you seek.
> 
>  
> class MyClass {
> 
>   static $instance;
> 
>   protected function __construct() {}
> 
>   static function getInstance() {
> if (!self::$instance) {
>   self::$instance = new MyClass();
> }
> return self::$instance;
>   }
> 
> }
> 
> function getSingleton($class_singleton) {
>   switch(strtoupper($class_singleton)) {
> case 'MYCLASS':
>   $singleton = MyClass::getInstance();
>   break;
> default:
>   $singleton = "Unable to load singleton for $class_singleton";
>   break;
>   }
>   return $singleton;
> }
> 
> for ($i = 0; $i <10; $i++) {
>   $class = ((3 > $i) ? 'MyClass' : null);
>   $singleton[] = getSingleton($class);
> }
> 
> var_dump($singleton);
> 
> ?>
> 
> --
> Teach a man to fish...
> 
> NEW? | http://www.catb.org/~esr/faqs/smart-questions.html
> STFA | http://marc.theaimsgroup.com/?l=php-general&w=2
> STFM | http://php.net/manual/en/index.php
> STFW | http://www.google.com/search?q=php
> LAZY |
> http://mycroft.mozdev.org/download.html?name=PHP&submitform=Find+search+plugins
> 
> 
>

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: Supporting "Cancel"

Richard Lynch wrote:
> My current employer has designed a sort of CMS (except it has so many
> site-specific hard-coded features that it's not a CMS at all) where things
> happen such as:

Your current employer?  I didn't think CEOs had bosses... anywho

...
> One idea I'm pondering goes like this:
> 
> Create a session_action table, which has:

Using this session_action table you are talking about is ok, but why not
emulate COMMIT / ROLLBACK statements with this package:

http://pear.php.net/package/DB
http://pear.php.net/manual/en/package.database.db.db-common.commit.php

Should be do-able even if there's multiple MySQL DBs involved.  The main
restriction is that you need to use InnoDB format...

-- 
Teach a man to fish...

NEW? | http://www.catb.org/~esr/faqs/smart-questions.html
STFA | http://marc.theaimsgroup.com/?l=php-general&w=2
STFM | http://php.net/manual/en/index.php
STFW | http://www.google.com/search?q=php
LAZY |
http://mycroft.mozdev.org/download.html?name=PHP&submitform=Find+search+plugins


signature.asc
Description: OpenPGP digital signature

Re: [PHP] Supporting "Cancel"

2005-03-01 Thread Dan Tappin

That sounds ugly.
To be honest the real answer will be unpopular but since the old system 
is unusable, not maintainable it should be replaced.   I think if you 
estimated the time / cost to rebuild the system from scratch it would 
still be the better than trying to continue with this PITA system.

Why don't you at least start on a new UI from this point and show the 
company the benefits and then work on replacing the old UI?

I think holding on to the old way of doing things just because so much 
time was put into it is perhaps a short term solution.

Dan T
On Mar 1, 2005, at 3:56 PM, Richard Lynch wrote:
My current employer has designed a sort of CMS (except it has so many
site-specific hard-coded features that it's not a CMS at all) where 
things
happen such as:

If you are in the middle of adding a new user, their name appears with 
a
yellow background, and only after you fill out the other pages and hit
"Submit" on the last page, does the user really become active.

If you change a user's status, that checkbox appears in a yellow
background until they hit "submit" on the next page.
They've also got "Cancel" buttons that cancel out of your "current" 
action
which is stacked on top of some other action...  EG: Adding a new 
"group"
and then adding a new "user" to that group, you can cancel out of 
adding
the new "user" and end up back at the new group's management page, with
the new "group" still not really created.

This behaviour is all over the place in a zillion different 
fields/tables
in a database I didn't design, and would just as soon not try to mess 
with
as much as possible.

So I'm trying to think of a Modular and consistent way to handle 
this...

One idea I'm pondering goes like this:
Create a session_action table, which has:
id
session_id
rank (order of operation)
query (text)
Then, at the top of each page, start a transaction which consists of 
ALL
the queries so far that they WOULD execute if they were on the page 
where
they could hit the Submit button, and they did hit the submit button.

Then, at the end of each script, ROLLBACK the transaction.
Of course, when they do hit the Submit button, do a COMMIT.
Then I'd need to either:
A) Be able to ask the database for a query to be run OUTSIDE the 
context
of the transaction, even though I am inside that context, OR
B) Run the queries for a page both before and after the partial
transaction, and compare result sets.

A) Sounds real nice, but I've never seen that in the MySQL manual, or 
any
other SQL manual...  What am I supposed to Google for here?

B) is do-able, but gonna get ugly real fast in comparing result sets...
Has anybody done this in PHP (w/ MySQL) and have any hard-won 
experience?

Anybody got a better idea for handling this sort of design in any
reasonable fashion?
My predecessor has a zillion "temp_xyz" tables where stuff that's not 
yet
"submitted" is stored, and then he did funky things to work out what to
show to any given user, and I can't even figure it out, much less work
with it...

And adding a temp_xyz table for every single table in the database 
would
drive me nuts anyway.

I'm also considering adding a table:
create pending_actions(
user_id (who sees this pending action)
table_name (what other table will change)
action (enum{insert, delete, update})
field (name of field to change [or ID to delete/insert])
value (value to change to)
and somehow trying to do a UNION or something with that for each query.
Ugh!
Can you tell I'm not real happy with this "design" ? :-v
Open to any ideas.  (or good job offers, at this point in my day :-^)
--
Like Music?
http://l-i-e.com/artists.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Supporting "Cancel"

My current employer has designed a sort of CMS (except it has so many
site-specific hard-coded features that it's not a CMS at all) where things
happen such as:

If you are in the middle of adding a new user, their name appears with a
yellow background, and only after you fill out the other pages and hit
"Submit" on the last page, does the user really become active.

If you change a user's status, that checkbox appears in a yellow
background until they hit "submit" on the next page.

They've also got "Cancel" buttons that cancel out of your "current" action
which is stacked on top of some other action...  EG: Adding a new "group"
and then adding a new "user" to that group, you can cancel out of adding
the new "user" and end up back at the new group's management page, with
the new "group" still not really created.

This behaviour is all over the place in a zillion different fields/tables
in a database I didn't design, and would just as soon not try to mess with
as much as possible.

So I'm trying to think of a Modular and consistent way to handle this...

One idea I'm pondering goes like this:

Create a session_action table, which has:
id
session_id
rank (order of operation)
query (text)

Then, at the top of each page, start a transaction which consists of ALL
the queries so far that they WOULD execute if they were on the page where
they could hit the Submit button, and they did hit the submit button.

Then, at the end of each script, ROLLBACK the transaction.

Of course, when they do hit the Submit button, do a COMMIT.

Then I'd need to either:
A) Be able to ask the database for a query to be run OUTSIDE the context
of the transaction, even though I am inside that context, OR
B) Run the queries for a page both before and after the partial
transaction, and compare result sets.

A) Sounds real nice, but I've never seen that in the MySQL manual, or any
other SQL manual...  What am I supposed to Google for here?

B) is do-able, but gonna get ugly real fast in comparing result sets...

Has anybody done this in PHP (w/ MySQL) and have any hard-won experience?

Anybody got a better idea for handling this sort of design in any
reasonable fashion?

My predecessor has a zillion "temp_xyz" tables where stuff that's not yet
"submitted" is stored, and then he did funky things to work out what to
show to any given user, and I can't even figure it out, much less work
with it...

And adding a temp_xyz table for every single table in the database would
drive me nuts anyway.

I'm also considering adding a table:
create pending_actions(
user_id (who sees this pending action)
table_name (what other table will change)
action (enum{insert, delete, update})
field (name of field to change [or ID to delete/insert])
value (value to change to)

and somehow trying to do a UNION or something with that for each query.

Ugh!

Can you tell I'm not real happy with this "design" ? :-v

Open to any ideas.  (or good job offers, at this point in my day :-^)

-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: PHP 5.1 CVS Interface Question

Gavin Roy wrote:
...
> 
> Is this a bug, or a new intended behavior?
> 
> Gavin

To get the long answer you can search through the php.internals list for
this topic.  The short answer is: this is the new intended behavior.

-- 
Teach a man to fish...

NEW? | http://www.catb.org/~esr/faqs/smart-questions.html
STFA | http://marc.theaimsgroup.com/?l=php-general&w=2
STFM | http://php.net/manual/en/index.php
STFW | http://www.google.com/search?q=php
LAZY |
http://mycroft.mozdev.org/download.html?name=PHP&submitform=Find+search+plugins


signature.asc
Description: OpenPGP digital signature

[PHP] Re: PHP5 Static Object Function Issue

A switch statement can accomplish what you seek.

 $i) ? 'MyClass' : null);
  $singleton[] = getSingleton($class);
}

var_dump($singleton);

?>

-- 
Teach a man to fish...

NEW? | http://www.catb.org/~esr/faqs/smart-questions.html
STFA | http://marc.theaimsgroup.com/?l=php-general&w=2
STFM | http://php.net/manual/en/index.php
STFW | http://www.google.com/search?q=php
LAZY |
http://mycroft.mozdev.org/download.html?name=PHP&submitform=Find+search+plugins


signature.asc
Description: OpenPGP digital signature

[PHP] PHP 5.1 CVS Interface Question

2005-03-01 Thread Gavin Roy

I have an interface:

  interface ISingleton
  {

static function getInstance();

  }

that works in 5.0.3 but in 5.1 CVS I get the following error:

Fatal error: Access type for interface method
ISingleton::getInstance() must be omitted ...

If I take out the static keyword then it doesnt match the classes that
implement it.

Is this a bug, or a new intended behavior?

Gavin

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Current dilema for Novice

> In php.ini you could set an "append" file that every site would get that
> has all the PHP in it you want them to have on every page.

Damn!

"append" > "auto_prepend"

Post-lunch sugar low?

No, I had to double-post earlier today as well.

Sleep deprivation, yeah, that's my excuse.

-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] header('www-Authenticate ...') Problem

> doesn't the browser only send the AUTH_USER & AUTH_PW if it gets
> the WWW-Authenticate header?

I do believe it will re-send them on each and every request from then on...

Could be wrong, but that's the way I've always structured my code, and it
seemed to work...

The Authenticate header is what causes the popup window to appear.

The browser sending the right user/pass combo is what tells me not to send
out the Authenticate header to make that popup appear.

Maybe I've been doing it wrong all these years, or at least thinking of
the process incorrectly.

Test and see.

-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Current dilema for Novice

James Marcinek wrote:
> - New directories may be created by various individuals

Who?
How?
How do you know they are who they say they are, and that they *SHOULD* be
allowed?

> - provide security for each directory (and sub-directory) under
> $_SERVER['DOCUMENT_ROOT'].

What does this even mean?

You've got no real definition here for what you actually want.

Security against what action from whom under what circumstances?

And who is supposed to be allowed when?

> - Use parent directory of each .htm file (since there will be only one) as
> the
> name of the link to the file

But what's to stop two users from making a sub-sub-directory named 'admin'
and then you recursively visit them, and find a file 'foo.htm' and they
are both in 'admin'?

> - Prevent displaying of other directories under $_SERVER['DOCUMENT_ROOT']

Which "other" directories?
Which ones are kosher, which are not?

> - Each site is currently configured to use Apache Digest Authentication.

Check browser implementations and compatibility...

Not sure they all ever got around to implementing that.

> My
> experience with PHP site design comes from the book 'PHP and MySQL Web
> Development' which mainly dealt with web sites as Applications
> (e-commerce,
> blog, etc) and not from a file system stand point. Most was object
> oriented with
> includes and what not which would require pages in every subdirectory
> under the
> DOCUMENT_ROOT in order to comply with the application design. Having a
> solution
> to require this would not be practical; however I'm not sure if there's
> another
> way to approach.

In php.ini you could set an "append" file that every site would get that
has all the PHP in it you want them to have on every page.

> If anyone has any suggestions (and estimations of time it would take) I
> would
> appreciate it.

The rest of this stuff is your basic PHP directory functions:
http://php.net/opendir
http://php.net/readdir
and then using arrays and recursion to keep track of where you are and
what you want to show the user.
You should be able to find sample code for all that in the PHP Manual and
its User Contributed notes, or Google if all else fails.

-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] _POST not working (using mini_httpd) - 2 attachments

overbored wrote:
> Hi all, I'm learning PHP and I'd need to create a simple Web-based
> ifconfig
> tool for a Soekris box (running Pebble). However, I've been unsuccessful
> at
> getting PHP working with mini_httpd. In particular, the POST data is not
> being received. Here's what I did...
>
> First, I applied (only) the SCRIPT_FILENAME and index.php modifications to
> mini_httpd.c, as suggested in:
>
> http://m0n0.ch/wall/list/?action=show_msg&actionargs[]=15&actionargs[]=11
>
> Then I built & installed this on a (regular) Debian box, which had php4
> installed from apt. (This doesn't seem related, but for some reason, when
> I
> start up, I get a warning: "socket: Address family not supported by
> protocol".)

This is probably about IP6 -- at least if it's durring boot-up.
What are the lines immediately before/after that?
If they say anything about IP6, you're almost for sure okay.
That just means some software isn't ready for IP6 and some is -- Which is
pretty much the current state of the industry.

> Next, I created some simple PHP files, and I found that POST data isn't
> getting through at all. Googling didn't really turn up much, and I know
> this is possible because the m0n0wall project does just this (download
> their rootfs and look at the PHP files under /usr/local/www).
> Basically, _POST/_GET/_REQUEST never exist, and it seems the only way I
> can
> get the data is with GET and parsing the HTTP_ENV_VARS.

If it's older PHP, try $HTTP_POST_VARS and $HTTP_GET_VARS and so on.

Other than that, I'd have to say double-check the settings of mini_httpd
-- and try a mini_httpd mailing list.

PHP doesn't really *do* a whole lot with the GET/POST data from the server.

It's kinda just "there" or "not there" for PHP to work with...

Not saying PHP isn't maybe looking in the "wrong" place for where
mini_httpd wants to send it, but I think that's all spelled out in the CGI
standard.

Yes, the PHP Module and all other Modules conform to the CGI standard --
that's how they work.

It's just that CGI got appropriated over time to mean something other whan
what it actually meant originally, and, well, there it is.

PS Don't send attachments.  Put 'em on-line and send URLs.

-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] problem with mail()

Stefan Sturm wrote:
> I'm using the script below to send ascii files attached to mails via
> mail().
> I'm running the script on different servers and it works fine. Now I got a
> problem on windows server 2003. The attachment of the mail is disturbed,
> the
> first 76 characters are missing, the rest of the attachment is correct.
> When
> I looked at the mail headers of the mail I recieved I recognized that
> there
> were some lines missing. Also the first line of the attachment part in the
> header is mssing. As I use chunk_split without the chunklen paramter the
> lines are all 76 characters long. So it just looks like that the server
> ommits lines in the header. I marked the missing lines in the script with
> comments. Has anybody got an idea where the problem could be?
>
> Thank in advance
>
> Stefan
>
>   $unique_sep =md5(uniqid(time()))";
>   $headers = "From: egrade questionaire\n";
>   $headers .= "MIME-Version: 1.0\nContent-Type:
> multipart/mixed;boundary=\"$unique_sep\";\n";
>
> #The second \n at the end of the next command is ommited, the resulting
> empty line is not in the header of the received mail
>   $headers .=
> "charset=\"iso-8859-1\"\nContent-Transfer-Encoding:7bit\n\n";

Email headers, by definition, end when a blank line is sent.

So you're really cramming the BODY of your message into the headers
through the PHP mail function.

It happens by sheer good luck to "work" on some systems, since the
resulting composition ends up *LOOKING* like a valid email, even though
you routed your body through the headers.

That doesn't make it valid.

Everything after the \n\n should be moved to the body you pass to PHP's
mail  function.


-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Logging with PHP to SMTP server

kioto wrote:
> Hi all, there is a way to create log-system to authenticate to smtp
> server ?

I don't understand the "log-system" part of this...

You can authenticate to SMTP, depending on what the SMTP server considers
suitable credentials.

And you could write your script to log the results of that...

I'm assuming SMTP servers usually have log files, and you could use PHP to
read them and do something with them.

Maybe repost your question with more detail of what you want to happen.

-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] PHP5 Static Object Function Issue

2005-03-01 Thread Gavin Roy

I believe there is  small problem in PHP5 with regard to static
functions in uninstanced classes.  From discussions in various php irc
channels and what I've read about it in the docs, I can not call a
static function in an uninstanced class via a variable.  For example:

 $class = "MyClass";
 $instance = new $class();

works, but

 $class = "MyClass";
 $instance = $class::getInstance();

doesnt, where

 $instance = MyClass::getInstance();

does.

I know that some people might consider it poor design, but basically
I'm trying to dynamically reference singleton patterned classes using
getInstance to internally create an object instance and use that
instance for all processing.  As of right now it doesn't seem that it
is possible.  Is there a reason why it's not supported?  Will it be
supported in the future?

Gavin

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] problems with several JPEGs in GD2

AdamT wrote:
> I usually either open the image with notepad, or some Hex Editor, and
> see what the bits are in the file header (eg BM for Bitmap, Gif89a for
> GIFs, JFIF for JPEGs...)

It actually is called a "header" in most formal graphic specifications
I've read...

Checking the actual bytes of an image, especially the first few, is always
a Good Idea.

But having the first few bytes "correct" doesn't guarantee validity, of
course.

Even the fact that one or more other software packages can work with an
image doesn't guarantee validity, really.  Though if a LOT of them work
with it, it's probably valid.

-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] textarea posting duplicate text

2005-03-01 Thread Frank Arensmeier

Elizabeth!
Have you considered reinstalling PHP on your server?
Maybe, it is worth the effort?
Regards,
Frank
2005-03-01 kl. 17.19 skrev Bret Hughes:
On Tue, 2005-03-01 at 08:43, Elizabeth Lawrence wrote:
Thanks, Dan. I copied your code exactly and posted it here:
http://www.tidefans.com/test.php I pasted a large part of O'Henry's 
"Gift of
the Magi" into the textarea, and it gets repeated, as before.

Thanks for any help,
Elizabeth

There are some settings in php.ini that affect the max size of post
variables.  It is sort of interesting to me that it is not a complete
copy but the first 1303 bytes or so are printed and then the test as a
whole is there preceded by testarea=.
It does not do this on my server. 4.3.6 apache 2
I notice that the Server API  says  Apache 2.0 Filter on your box and 
on
mine it says Apache 2.0 Handler.  I have no idea what that means.

Bret
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


Frank Arensmeier
Marketing Support
NIKE HYDRAULICS AB
Box 1107
631 80 Eskilstuna
Sweden
tel +46 16 82 34
fax +46 16 13 93 16
email: [EMAIL PROTECTED]
www.nikehydraulics.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Semi-OT: Anti-password trading/sharing solutions

2005-03-01 Thread Dan Tappin

What about using a simple session database to ensure multiple logins 
are not allowed.  You can create a session, store the session ID in 
mysql.  If the same user tries to login again from a different location 
i.e. new session ID you can lock them out / log this activity.

You really can't prevent the shared password issue unless you billed on 
a per login basis.  The bottom line is that you end up accepting that 
you grant access to a user you give up controlling the sharing.  You 
can only prevent multiple login's which is pretty good.  It really does 
not matter if two people use the site 12 hours per day or one 24 hours 
per day.

You can track IP's to look for suspected sharing i.e. use ARIN / RIPE 
look-ups and see if the same user log's in from multiple subnets.  I 
would think that this would be quite easy with PHP and a MySQL type 
log.

Do your best to limit abuse and move on.
Dan T
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP 4.3.10 and Apache2.0 with MPM

[EMAIL PROTECTED] wrote:
> When I install PHP 4.3.10 with Apache 2.0 with a tool called YUM that
> installs rpms for Fedora Core 3 I get the following:
>
> Apache is running a threaded MPM, but your PHP Module is not compiled to
> be
> threadsafe.  You need to recompile PHP.  Pre-configuration failed
>
> I¹m not sure why Fedora would distribute a package that wouldn¹t work with
> other packages, however what is this threadsafe¹ feature and how can I
> specifically enable it so I can get php installed?

"Threads" are, crudely put, allowing a program to "clone" itself and run
multiple copies of itself at one time, sharing some data among the various
threads in the strand of program execution, but mostly having each thread
running independently.

Some perfectly good programs were written with no intent to ever run in a
threaded environment.  Such programs might, or might not, handle data in a
way that, if they *ARE* run in a threaded environment, will crash the
computer very very very nastily.

Consider this PHP script, for example:
\n";
return $foo;
  }
?>

It just keeps a counter going throughout program execution.

But what happens when, suddenly, *TWO* threads are running that same
function AT ONE TIME.

Whammo!

They *both* try to alter $foo, and they are both expecting $foo to
increase by 1 in each function call, but the *other* thread is messing
with $foo, and $foo is *NOT* gonna behave the way they expect.

So, either *ALL* your programs that get compiled together have to be
thread-safe, or *none* of them should use threads.

You chose an Apache that was specifically compiled to use threads.

That has certain advantages.

It also has the disadvantage that all the Apache Modules you use, and any
sub-Module of those Modules, must all be specifically compiled to use
threads.

More importantly, all that software has to have been specially programmed,
tested, and re-tested, to be *SURE* it's not doing something that will
crash under threads.

Your PHP was not compiled with threads.

You can either re-compile/download an Apache2 that doesn't use threads, or
re-compile/download a PHP and all its Modules to use threads.

WARNING:
Just because you can COMPILE with threads "on" doesn't mean that anybody
has thoroughly tested and debugged the Module you compiled with threads
"on"

You may be creating a disaster waiting to happen.

It will frequently not even manifest for a lonnnggg time until two
threads just *HAPPEN* to "do something" that wasn't thread safe.

It could be a few minutes, a few days, a few months, or even a few years
before that happens.

It's all a matter of probabiliy and which functions are getting called
when by the program whether or not something like my example function
above will happen.

Your safest bet is to back off from the threads version of Apache 2, and
stick with non-threaded software.

Your second option is to try the thread stuff, but test the hell out of it
before you put it on a "real" site where you care if it crashes or not.

Some people want threads.  Some would rather be safer.  RedHat has to
cater to both groups.

-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP 4.3.10 and Apache2.0 with MPM

[EMAIL PROTECTED] wrote:
> When I install PHP 4.3.10 with Apache 2.0 with a tool called YUM that
> installs rpms for Fedora Core 3 I get the following:
>
> Apache is running a threaded MPM, but your PHP Module is not compiled to
> be
> threadsafe.  You need to recompile PHP.  Pre-configuration failed
>
> I¹m not sure why Fedora would distribute a package that wouldn¹t work with
> other packages, however what is this threadsafe¹ feature and how can I
> specifically enable it so I can get php installed?

"Threads" are, crudely put, allowing a program to "clone" itself and run
multiple copies of itself at one time, sharing some data among the various
threads in the strand of program execution, but mostly having each thread
running independently.

Some perfectly good programs were written with no intent to ever run in a
threaded environment.  Such programs might, or might not, handle data in a
way that, if they *ARE* run in a threaded environment, will crash the
computer very very very nastily.

Consider this PHP script, for example:
\n";
return $foo;
  }
?>

It just keeps a counter going throughout program execution.

But what happens when, suddenly, *TWO* threads are running that same
function AT ONE TIME.

Whammo!

They *both* try to alter $foo, and they are both expecting $foo to
increase by 1 in each function call, but the *other* thread is messing
with $foo, and $foo is *NOT* gonna behave the way they expect.

So, either *ALL* your programs that get compiled together have to be
thread-safe, or *none* of them should use threads.

You chose an Apache that was specifically compiled to use threads.

That has certain advantages.

It also has the disadvantage that all the Apache Modules you use, and any
sub-Module of those Modules, must all be specifically compiled to use
threads.

More importantly, all that software has to have been specially programmed,
tested, and re-tested, to be *SURE* it's not doing something that will
crash under threads.

Your PHP was not compiled with threads.

You can either re-compile/download an Apache2 that doesn't use threads, or
re-compile/download a PHP and all its Modules to use threads.

WARNING:
Just because you can COMPILE with threads "on" doesn't mean that anybody
has thoroughly tested and debugged the Module you compiled with threads
"on"

You may be creating a disaster waiting to happen.

It will frequently not even manifest for a lonnnggg time until two
threads just *HAPPEN* to "do something" that wasn't thread safe.

It could be a few minutes, a few days, a few months, or even a few years
before that happens.

It's all a matter of probabiliy and which functions are getting called
when by the program whether or not something like my example function
above will happen.

Your safest bet is to back off from the threads version of Apache 2, and
stick with non-threaded software.

Your second option is to try the thread stuff, but test the hell out of it
before you put it on a "real" site where you care if it crashes or not.

Some people want threads.  Some would rather be safer.  RedHat has to
cater to both groups.

-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: Authentication fails

2005-03-01 Thread John Swartzentruber

On 3/1/2005 2:12 PM Jason Barnett wrote:
John Swartzentruber wrote:
Somehow my PHP 5.0.3 or something is configured incorrectly. When I try
to get past an authentication input, nothing happens. For example, I
have phpMyAdmin configured now to use mysqli, but when I enter the
username and password, the screen doesn't change. In previous testing, I
saw that an incorrect authentication was detected and reported, but a
correct authentication had no affect.

Not sure if this is a phpMyAdmin bug or not, but you might try to clear
out all cookies that your browser has from john.swartzentruber.us.  For
that matter you should see if you *have* any cookie set from
john.swartzenruber.us.  I'm not pointing fingers at phpMyAdmin, but just
tossing out a possible solution.

My phpinfo() output is at http://john.swartzentruber.us/test.php
For example, I'm trying to use a simple file upload script called "file
thingie" that is at http://www.solitude.dk/filethingie/download.php
I have edited the original file only to decrease the maximum file size
to 500 bytes and limit uploads to text files. I hope no one here tries
to be nasty. The user name is "USERNAME2" and the password is "PASSWORD".

Yeah... I wouldn't suggest putting user / pw combos onto the web even if
you intend on changing it later.  You just never know.
Well, if someone can get past the login page, at least someone is making 
progress :-)


Can anyone check this out and give me some clues or things to look into?
Is there some setting that would cause _POST data to disappear? How
would I go about debugging this?

Start by going to the form page's action page (since your test.php page
only displays phpinfo() I'm not sure what this is going to be).  We'll
call this page action.php.
I forgot to mention that the page in question was 
http://john.swartzentruber.us/test.php I'm working on creating an even 
simpler script, but since I'm not that familiar with either HTML forms 
or PHP, it is taking some time. In these examples, the action page is 
the same page as original page (i.e., "filethingie.php"). When I look at 
the page source (i.e., the PHP output) in my browser, this is what the 
form looks like (sorry about the word wrapping):


Please Login
  User: 
 
 
  Pass: 

  
  
 


The simplest way to debug this (but it's effective) is to
var_dump($_POST) at the top of action.php.  Insert this at the very top
of the page (likely to cause a lot of errors :) and then gradually cut /
paste that code throughout the action page.  Do this until you narrow
down the problem code.
Well, I've been trying print_r($_POST), and it is always empty. That's 
the problem.


Since this is a file upload script you are doing you will probably want
to var_dump($_FILES) as well.  Heck, if you're having *session* problems
then you should be looking into the $_SESSION array and (possibly) the
$_COOKIE array.
I'll try removing the session stuff to see if that is significant. It 
looks like $_SESSION is also empty, although I do see what appear to be 
session files created in /tmp, which is where they go.

To summarize, it appears that the problem is not with authentication per 
se, but is that $_POST is empty when the script is called from a form in 
the same file.

I'll try to test this using a different action script and see what 
happens. In the meantime, if you see anything or have any other ideas, 
please let me know. I appreciate you taking the time to help.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP 4.3.10 and Apache2.0 with MPM

[EMAIL PROTECTED] wrote:
> When I install PHP 4.3.10 with Apache 2.0 with a tool called YUM that
> installs rpms for Fedora Core 3 I get the following:
>
> Apache is running a threaded MPM, but your PHP Module is not compiled to
> be
> threadsafe.  You need to recompile PHP.  Pre-configuration failed
>
> I¹m not sure why Fedora would distribute a package that wouldn¹t work with
> other packages, however what is this threadsafe¹ feature and how can I
> specifically enable it so I can get php installed?

"Threads" are, crudely put, allowing a program to "clone" itself and run
multiple copies of itself at one time, sharing some data among the various
threads in the strand of program execution, but mostly having each thread
running independently.

Some perfectly good programs were written with no intent to ever run in a
threaded environment.  Such programs might, or might not, handle data in a
way that, if they *ARE* run in a threaded environment, will crash the
computer very very very nastily.

Consider this PHP script, for example:
\n";
return $foo;
  }
?>

It just keeps a counter going throughout program execution.

But what happens when, suddenly, *TWO* threads are running that same
function AT ONE TIME.

Whammo!

They *both* try to alter $foo, and they are both expecting $foo to
increase by 1 in each function call, but the *other* thread is messing
with $foo, and $foo is *NOT* gonna behave the way they expect.

So, either *ALL* your programs that get compiled together have to be
thread-safe, or *none* of them should use threads.

You chose an Apache that was specifically compiled to use threads.

That has certain advantages.

It also has the disadvantage that all the Apache Modules you use, and any
sub-Module of those Modules, must all be specifically compiled to use
threads.

More importantly, all that software has to have been specially programmed,
tested, and re-tested, to be *SURE* it's not doing something that will
crash under threads.

Your PHP was not compiled with threads.

You can either re-compile/download an Apache2 that doesn't use threads, or
re-compile/download a PHP and all its Modules to use threads.

WARNING:
Just because you can COMPILE with threads "on" doesn't mean that anybody
has thoroughly tested and debugged the Module you compiled with threads
"on"

You may be creating a disaster waiting to happen.

It will frequently not even manifest for a lonnnggg time until two
threads just *HAPPEN* to "do something" that wasn't thread safe.

It could be a few minutes, a few days, a few months, or even a few years
before that happens.

It's all a matter of probabiliy and which functions are getting called
when by the program whether or not something like my example function
above will happen.

Your safest bet is to back off from the threads version of Apache 2, and
stick with non-threaded software.

Your second option is to try the thread stuff, but test the hell out of it
before you put it on a "real" site where you care if it crashes or not.

Some people want threads.  Some would rather be safer.  RedHat has to
cater to both groups.

-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP 4.3.10 and Apache2.0 with MPM

[EMAIL PROTECTED] wrote:
> When I install PHP 4.3.10 with Apache 2.0 with a tool called YUM that
> installs rpms for Fedora Core 3 I get the following:
>
> Apache is running a threaded MPM, but your PHP Module is not compiled to
> be
> threadsafe.  You need to recompile PHP.  Pre-configuration failed
>
> I¹m not sure why Fedora would distribute a package that wouldn¹t work with
> other packages, however what is this threadsafe¹ feature and how can I
> specifically enable it so I can get php installed?

"Threads" are, crudely put, allowing a program to "clone" itself and run
multiple copies of itself at one time, sharing some data among the various
threads in the strand of program execution, but mostly having each thread
running independently.

Some perfectly good programs were written with no intent to ever run in a
threaded environment.  Such programs might, or might not, handle data in a
way that, if they *ARE* run in a threaded environment, will crash the
computer very very very nastily.

Consider this PHP script, for example:
\n";
return $foo;
  }
?>

It just keeps a counter going throughout program execution.

But what happens when, suddenly, *TWO* threads are running that same
function AT ONE TIME.

Whammo!

They *both* try to alter $foo, and they are both expecting $foo to
increase by 1 in each function call, but the *other* thread is messing
with $foo, and $foo is *NOT* gonna behave the way they expect.

So, either *ALL* your programs that get compiled together have to be
thread-safe, or *none* of them should use threads.

You chose an Apache that was specifically compiled to use threads.

That has certain advantages.

It also has the disadvantage that all the Apache Modules you use, and any
sub-Module of those Modules, must all be specifically compiled to use
threads.

More importantly, all that software has to have been specially programmed,
tested, and re-tested, to be *SURE* it's not doing something that will
crash under threads.

Your PHP was not compiled with threads.

You can either re-compile/download an Apache2 that doesn't use threads, or
re-compile/download a PHP and all its Modules to use threads.

WARNING:
Just because you can COMPILE with threads "on" doesn't mean that anybody
has thoroughly tested and debugged the Module you compiled with threads
"on"

You may be creating a disaster waiting to happen.

It will frequently not even manifest for a lonnnggg time until two
threads just *HAPPEN* to "do something" that wasn't thread safe.

It could be a few minutes, a few days, a few months, or even a few years
before that happens.

It's all a matter of probabiliy and which functions are getting called
when by the program whether or not something like my example function
above will happen.

Your safest bet is to back off from the threads version of Apache 2, and
stick with non-threaded software.

Your second option is to try the thread stuff, but test the hell out of it
before you put it on a "real" site where you care if it crashes or not.

Some people want threads.  Some would rather be safer.  RedHat has to
cater to both groups.

-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP 4.3.10 and Apache2.0 with MPM

[EMAIL PROTECTED] wrote:
> When I install PHP 4.3.10 with Apache 2.0 with a tool called YUM that
> installs rpms for Fedora Core 3 I get the following:
>
> Apache is running a threaded MPM, but your PHP Module is not compiled to
> be
> threadsafe.  You need to recompile PHP.  Pre-configuration failed
>
> I¹m not sure why Fedora would distribute a package that wouldn¹t work with
> other packages, however what is this threadsafe¹ feature and how can I
> specifically enable it so I can get php installed?

"Threads" are, crudely put, allowing a program to "clone" itself and run
multiple copies of itself at one time, sharing some data among the various
threads in the strand of program execution, but mostly having each thread
running independently.

Some perfectly good programs were written with no intent to ever run in a
threaded environment.  Such programs might, or might not, handle data in a
way that, if they *ARE* run in a threaded environment, will crash the
computer very very very nastily.

Consider this PHP script, for example:
\n";
return $foo;
  }
?>

It just keeps a counter going throughout program execution.

But what happens when, suddenly, *TWO* threads are running that same
function AT ONE TIME.

Whammo!

They *both* try to alter $foo, and they are both expecting $foo to
increase by 1 in each function call, but the *other* thread is messing
with $foo, and $foo is *NOT* gonna behave the way they expect.

So, either *ALL* your programs that get compiled together have to be
thread-safe, or *none* of them should use threads.

You chose an Apache that was specifically compiled to use threads.

That has certain advantages.

It also has the disadvantage that all the Apache Modules you use, and any
sub-Module of those Modules, must all be specifically compiled to use
threads.

More importantly, all that software has to have been specially programmed,
tested, and re-tested, to be *SURE* it's not doing something that will
crash under threads.

Your PHP was not compiled with threads.

You can either re-compile/download an Apache2 that doesn't use threads, or
re-compile/download a PHP and all its Modules to use threads.

WARNING:
Just because you can COMPILE with threads "on" doesn't mean that anybody
has thoroughly tested and debugged the Module you compiled with threads
"on"

You may be creating a disaster waiting to happen.

It will frequently not even manifest for a lonnnggg time until two
threads just *HAPPEN* to "do something" that wasn't thread safe.

It could be a few minutes, a few days, a few months, or even a few years
before that happens.

It's all a matter of probabiliy and which functions are getting called
when by the program whether or not something like my example function
above will happen.

Your safest bet is to back off from the threads version of Apache 2, and
stick with non-threaded software.

Your second option is to try the thread stuff, but test the hell out of it
before you put it on a "real" site where you care if it crashes or not.

Some people want threads.  Some would rather be safer.  RedHat has to
cater to both groups.

-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: Self calling PHP

Phillip Armitage wrote:
> I'm working on an ftp login form using PHP. I'm trying to set it up so that
> the PHP file is self calling. eg. file FTP.PHP displays an html form in
> which the form action setting calls FTP.PHP. Essentially the program does
> the following:
> 
...

The $_REQUEST array is rebuilt on every request.  It sounds to me like
you need to look into storing user info in sessions:

http://php.net/manual/en/ref.session.php

So basically your user submits user / pw info on the first request and
if the authentication succeeds you can start a session for the user.

> 
> Does PHP support the writing of scripts which with forms whose actions are
> self calling? eg. the form created by ftp.php calls ftp.php.

Absolutely!  The lazy man's way of doing this:

/** HTML File */

/** PHP File */
echo "";

> 
> If so, is there anything I need to do to flush the $_REQUEST buffer between
> presses of the SUBMIT button?

It is flushed on *every* request.  $_REQUEST is "stateless" meaning that
it doesn't remember what the user passed through the browser on the last
SUBMIT.

-- 
Teach a man to fish...

NEW? | http://www.catb.org/~esr/faqs/smart-questions.html
STFA | http://marc.theaimsgroup.com/?l=php-general&w=2
STFM | http://php.net/manual/en/index.php
STFW | http://www.google.com/search?q=php
LAZY |
http://mycroft.mozdev.org/download.html?name=PHP&submitform=Find+search+plugins

signature.asc
Description: OpenPGP digital signature

[PHP] Re: Current dilema for Novice

I know that you were posting a lot of detail because you wanted to make
it clear what you were doing, but next time you might try to be a little
more succinct in your description.  Give us the most relevant facts...
not a flame, just some friendly advice to get you (more) answers to your
question.

James Marcinek wrote:
> Hello Everyone,
...
> 
> - The server has been set up with SSL and is working properly
> - The SSL site goes to $DOCUMENT_ROOT (which is currently a blank index.htm)
> file, preventing users from drilling down
> - Each site is currently configured to use Apache Digest Authentication. 
...
> - My original index.php script (that I need to debug as it's not working yet)
> was designed to be placed in each respective directory directly under
> DOCUMENT_ROOT. 
...

So I assume this is the script we are helping you to debug?  Great.

> 
> What's needed:
> - Simple but effective. It's not going to be feasible to add a lot of .php 
> files
> to subdirectories. These directories are really working directories so this 
> is a
> headache. There are more that just .htm files. That is not the problem. Just
> don't want the people to have to dig down.

Well it sounds like you want to use something like a filemap.  Go
through each subdirectory and cache this result somehow (XML, array,
object, DB?).  If you go this route you will also want the following
features:

- a way to update the filemap (deletions / file moves / etc.)
- a way to force regeneration of the filemap (in case files become
orphaned and/or you have ghost files that don't really exist on disk)
- a way to read from the filemap (i.e. the recursive listing)
- possibly with a filtering feature for .htm or whatever (be careful
with those PCRE's ;)

Why go to this trouble?  Because if there are really an unlimited number
of files / directories / users... and you are trying to manually
reconstruct this array (read through all subdirectories) for each user
each time... well, you get the picture.  I wasted a lot of time trying
to go that route before.  :(

> -A single sign-on would be great. Each user only needs to access one directory
> under DOCUMENT_ROOT. I know that SSL uses the IP address and I can't break up
> the SSL into multiple virtual hosts so I can't do that. The security must
> provide protection from somebody trying to get in from a subdirectory

See this list's previous discussions about verifying users.

> 
> From my limited knowledge of PHP, I would think that creating a solution to
> support this would take some time. But like I said I sure don't know 
> everything.

A good place to start if you're serious about this project is this page:
http://www.php.net/~helly/php/ext/spl/classRecursiveDirectoryIterator.html

*Note* This is a PHP5 only feature, but it is quite handy for this task.
   If PHP5 is an option for your site then I would recommend it.  If
it's not then you could certainly hack up something that would do
exactly the same thing... but that would take a lot longer than
piggybacking on PHP's SPL.  :)  How long I don't know for sure, but you
could probably contact the author of RecursiveDirectoryIterator for an
idea...

> 
> If anyone has any suggestions (and estimations of time it would take) I would
> appreciate it.
> 
> Thanks,
> 
> James

Time required is going to depend on a few factors:
- is PHP5 / SPL an option for your site?
- Are you familiar with other SPL classes (esp. iterator)

Answering yes to both of these questions is going to cut down your
development time... and (probably) your maintenance time as well.

-- 
Teach a man to fish...

NEW? | http://www.catb.org/~esr/faqs/smart-questions.html
STFA | http://marc.theaimsgroup.com/?l=php-general&w=2
STFM | http://php.net/manual/en/index.php
STFW | http://www.google.com/search?q=php
LAZY |
http://mycroft.mozdev.org/download.html?name=PHP&submitform=Find+search+plugins

signature.asc
Description: OpenPGP digital signature

[PHP] Self calling PHP

2005-03-01 Thread Phillip Armitage

I'm working on an ftp login form using PHP. I'm trying to set it up so that
the PHP file is self calling. eg. file FTP.PHP displays an html form in
which the form action setting calls FTP.PHP. Essentially the program does
the following:

1) Display a form prompting user to enter username and password. Ftp server
location is hard coded into PHP page.

2) User clicks on Login/Submit button which calls ftp.php. Code at beginning
of php file (prior to aforementioned form data) checks if a username and
password was passed. If so an attempt to connect ot the hardcoded ftp server
is made with said username and password. If connection fails, login form is
displayed with a message "Login failed, please try again."

3) If connection was successful, open url
ftp://username:[EMAIL PROTECTED]

What I'm finding during testing is that the first time I run the page, user
name and password information is passed back to the program (I've turned on
globals in my php.ini file and included a foreach line that echos the
contents of the $_REQUEST array to show what was passed.) But as of this
point entering new login information and clicking on Submit/Login always
returns the same data. Personally, I'm not even sure if the action is
re-running.

Does PHP support the writing of scripts which with forms whose actions are
self calling? eg. the form created by ftp.php calls ftp.php.

If so, is there anything I need to do to flush the $_REQUEST buffer between
presses of the SUBMIT button?

FYI, Windows 2000 server with IIS 5 (I think it's 5?) and PHP.EXE version
4.3.1.1 (I tried installing a newer version of PHP several months ago but it
promptly broke all of my existing PHP based applications. In short, I'm
staying with this version for the time being.)

I look forward to your comments and suggestions

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Semi-OT: Anti-password trading/sharing solutions

Dan Trainor wrote:
> I'm pretty aware of how it all works.  However, the problem lies in the
> fact that because most of the pre-installed billing software relies
> solely on .htaccess/.htpasswd-based authentication, it's not possible to
> just change the whole login system.  For the most part, they're still
> using privative means of authentication which are broken to begin with.

I believe that you could, perhaps, consider using PHP after the existing
.htaccess/.htpasswd authentication to provide a secondary test, without
disturbing the billing software setup.

The steps involved are:

HTTP Request
.htaccess/.htpasswd Challenge/Response, drives billing software
PHP $_SERVER['HTTP_AUTH_USER']/$_SERVER['HTTP_AUTH_PW'], drives abuse check

No need for anything as fancy as an extension.

If somebody is abusing/sharing a password, they still should get billed up
to the point of account termination, right?

Whatever you would do in this extension would have to still interface to
the .htaccess/.htpasswd system to alter billable status -- Which you can
probably do far easier in PHP anyway.

PHP could generate a list of accounts that are suffering suspicious
activity, which could be provided to the billing software in whatever
manner they desire, really.

You also have the advantage that it's a LOT easier to [find somebody to]
write, test, and debug a PHP script than an extension.

You'll also be able to more easily run tests in parallel with a "live"
site but without any real action really being taken until it's all proven
and reviewed and tested thoroughly.  That's gonna be a lot tougher with an
extension whose C code is burned into the Apache binary, or even as a
loadable Module of compiled C code.

You can track a variety of factors such as IP, some unchanging browser
headers, login time, page surfing, http_referrer, etc and watch for
patterns from abusive accounts.

You can't rely on IP address directly, but if the same account is given
three different IP addresses in IP-space *known* to be owned by three
different ISPs, then you've got a pretty sure bet it's an abuse.

You'll need a ton of reverse DNS or dns-by-country lookups and caching,
but it's do-able.

Analyze the hell out of a few months' worth of old data, and/or start
logging live data and look for the patterns.

Come up with a formula for an "abuse factor scorecard" and then implement
a log with PHP of what you *WOULD* do with this account, and see if you
like the results.

Change the formula, log some more, watch for awhile.

The bottom line, though, is that you *HAVE* to "interfere with the
pre-existing authentication system" at *SOME* point in order to kick users
off -- Or else always have a human review of the evidence before action.

Either way, PHP is probably a cheaper/better solution than a dedicated
module, at least unless you find out that the formula for calculating a
user's score takes *sooo* long and is so complicated that PHP can't do it
fast enough -- Even then, I'd bet the time-sink is in things like DNS data
(cache it) and in logging, not the actual calculation.

-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Program flow?

Richard Davey wrote:
> Hello Rory,
> 
> Tuesday, March 1, 2005, 4:58:20 PM, you wrote:
> 
> rw> Hi I have a one simple question that I need to sort out before I
> rw> continue writing any PHP scripts. Every time I call a script are the
> rw> variables reset to the default values?
> 
> Yes this is nearly always the case unless you code around it.
> 
> Best regards,
> 
> Richard Davey

Yep.  The only thing that might change would be $_SESSION variables, but
that's kind of the point of using a session.  :)  Or you could do
something crazy like create a specialized extension for storing state,
but almost no one does that and it certainly won't be in PHP by default.

-- 
Teach a man to fish...

NEW? | http://www.catb.org/~esr/faqs/smart-questions.html
STFA | http://marc.theaimsgroup.com/?l=php-general&w=2
STFM | http://php.net/manual/en/index.php
STFW | http://www.google.com/search?q=php
LAZY |
http://mycroft.mozdev.org/download.html?name=PHP&submitform=Find+search+plugins


signature.asc
Description: OpenPGP digital signature

Re: [PHP] How can I send a gif picture to the mobile client via php?





Richard Lynch wrote:
>
>
>
>
> Å£À¤ wrote:
>>
>> Dear phpers,
>> I'm using php 4.2.2 and gd version 1.8 which seems don't support gif
>> pictures.
>> However, I want to send a single gif picture to the client side.
>> How can I do it?
>
> Upgrade to 2.0?
>
> Or find that third-party vendor who provided GIF support for GD 1.8 back
> when GD was philosophically opposed to including it?
>
> Since you'd have to re-install GD and then the PHP GD Module, you'd be
> better off going with 2.0, almost for sure.

PS Just saw "mobile client" in the Subject.

I believe mobile phones use WBMP format. (Wireless Bitmap)

Which PHP/GD supports, of course. :-)

So another viable answer is: "Don't send GIF, send WBMP"

-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Inline Frame and php

2005-03-01 Thread Joe Harman

Hey Todd... I really think what you are going to have to do is pass a
javascript variable to the parent page.. cause you are trying to send
a variable from the php search page to the parent that has the iframe
in it... I am correct in assuming that?

On Tue, 1 Mar 2005 16:33:58 -, Mikey <[EMAIL PROTECTED]> wrote:
> > > Is there a way to "leave" the inline frame?
> 
> You could get your script to write some JavaScript instead of the header
> along the lines of:
> 
> window.parent.document.location = "mypage.php";
> 
> (This is not tested, and YMMV...)
> 
> HTH,
> 
> Mikey
> 
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 
>

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: Authentication fails

John Swartzentruber wrote:
> Somehow my PHP 5.0.3 or something is configured incorrectly. When I try
> to get past an authentication input, nothing happens. For example, I
> have phpMyAdmin configured now to use mysqli, but when I enter the
> username and password, the screen doesn't change. In previous testing, I
> saw that an incorrect authentication was detected and reported, but a
> correct authentication had no affect.

Not sure if this is a phpMyAdmin bug or not, but you might try to clear
out all cookies that your browser has from john.swartzentruber.us.  For
that matter you should see if you *have* any cookie set from
john.swartzenruber.us.  I'm not pointing fingers at phpMyAdmin, but just
tossing out a possible solution.

> 
> My phpinfo() output is at http://john.swartzentruber.us/test.php
> 
> For example, I'm trying to use a simple file upload script called "file
> thingie" that is at http://www.solitude.dk/filethingie/download.php
> 
> I have edited the original file only to decrease the maximum file size
> to 500 bytes and limit uploads to text files. I hope no one here tries
> to be nasty. The user name is "USERNAME2" and the password is "PASSWORD".

Yeah... I wouldn't suggest putting user / pw combos onto the web even if
you intend on changing it later.  You just never know.

> 
> Can anyone check this out and give me some clues or things to look into?
> Is there some setting that would cause _POST data to disappear? How
> would I go about debugging this?

Start by going to the form page's action page (since your test.php page
only displays phpinfo() I'm not sure what this is going to be).  We'll
call this page action.php.

The simplest way to debug this (but it's effective) is to
var_dump($_POST) at the top of action.php.  Insert this at the very top
of the page (likely to cause a lot of errors :) and then gradually cut /
paste that code throughout the action page.  Do this until you narrow
down the problem code.

Since this is a file upload script you are doing you will probably want
to var_dump($_FILES) as well.  Heck, if you're having *session* problems
then you should be looking into the $_SESSION array and (possibly) the
$_COOKIE array.

> 
> Thanks for any help or pointers.

-- 
Teach a man to fish...

NEW? | http://www.catb.org/~esr/faqs/smart-questions.html
STFA | http://marc.theaimsgroup.com/?l=php-general&w=2
STFM | http://php.net/manual/en/index.php
STFW | http://www.google.com/search?q=php
LAZY |
http://mycroft.mozdev.org/download.html?name=PHP&submitform=Find+search+plugins

signature.asc
Description: OpenPGP digital signature

Re: [PHP] combining values

2005-03-01 Thread Leif Gregory

Hello Bret,

Tuesday, March 1, 2005, 11:43:18 AM, you wrote:
B> why wouldn't
B> $birthday = "$day.$month.$year";
B> work as well.

Whoops... Disregard my previous post. I missed your quotes.




-- 
Leif (TB lists moderator and fellow end user).

Using The Bat! 3.0.2.3 Rush under Windows XP 5.1
Build 2600 Service Pack 2 on a Pentium 4 2GHz with 512MB

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] combining values

2005-03-01 Thread Leif Gregory

Hello Bret,

Tuesday, March 1, 2005, 11:43:18 AM, you wrote:
B> why wouldn't
B> $birthday = "$day.$month.$year";
B> work as well.


Because in PHP the unencapsulated period means to concatenate.

i.e.

$var1 = "Hello";
$var2 = "there";
$var3 = "Bret";

echo $var1 . $var2 . $var3;

Would net you:

HellothereBret

if you put:

echo $var1 . " " . $var2 . " " . $var3;

You'd get:

Hello there Bret


So, to put periods in something you have to encapsulate it with
quotes. So:

echo $var1 . "." . $var2 . "." . $var3;

would get you:

Hello.there.Bret


See?


-- 
Leif (TB lists moderator and fellow end user).

Using The Bat! 3.0.2.3 Rush under Windows XP 5.1
Build 2600 Service Pack 2 on a Pentium 4 2GHz with 512MB

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] mcrypt_create_iv always returns same value?

Murray @ PlanetThoughtful wrote:
> I'm just beginning to experiment with encryption using the mcrypt
> functions
> and I'm wondering if anyone can tell me if it's normal that the following
> code always returns the same value whenever executed on my system (PHP
> 5.0.3, WinXP, mcrypt 2.5.7):
>
> $td = mcrypt_module_open('rijndael-256','','cbc','');
>
> srand((double) microtime() * 100);
>
> $iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td),MCRYPT_RAND);
>
> I was under the impression that the value in $iv should be random, whereas
> on my machine it always seems to be the same value.
>
> For the time being I have replaced the $iv = mcrypt_create_iv(.) etc line
> with:
>
> $iv = md5(uniqid(rand(), true));
>
> This, at least, returns a random (random-esque?) 32 char string, but
> because
> I don't know a great deal about encryption, I don't know if the value
> returned by mcrypt_create_iv() results in stronger encryption than this or
> not.
>
> Can anyone help me understand why the code at top would return the same
> value over and over, and also whether or not using a 32 char string
> generated by "md5(uniqid(rand(), true))" is suitable to use in place of a
> value returned by mcrypt_create_iv() or if there is something inherently
> wrong in doing so?

Can't help you with the actual question, but since you've posted it twice,
I'm assuming you've got no answers yet.

See if you can get just plain old http://php.net/rand to seem random or if
it always pops out the same numbers.

I suggest you check with the Windows list, and possibly try some
Encryption forums.

If all else fails, file it as a bug report at http://bugs.php.net/

-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] How can I send a gif picture to the mobile client via php?

Å£À¤ wrote:
>
> Dear phpers,
> I'm using php 4.2.2 and gd version 1.8 which seems don't support gif
> pictures.
> However, I want to send a single gif picture to the client side.
> How can I do it?

Upgrade to 2.0?

Or find that third-party vendor who provided GIF support for GD 1.8 back
when GD was philosophically opposed to including it?

Since you'd have to re-install GD and then the PHP GD Module, you'd be
better off going with 2.0, almost for sure.

-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Program flow?

rory walsh wrote:
> Hi I have a one simple question that I need to sort out before I
> continue writing any PHP scripts. Every time I call a script are the
> variables reset to the default values? If for example I call action.php
> from a form with a hidden value "test", I set $NUMBER to 5. If I then
> call action.php again from another form with another hidden value which
> means that I do not assign any number to $NUMBER, will $NUMBER now go
> back to being its default value or will it stay at 5? So basically I
> think my question is, each time one runs a script is it the same as
> starting the application all over again? Cheers,
> Rory.

Every single HTTP request for a URL (every page the user clicks on, or
submits a form, or re-loads) is COMPLETELY independent of the other
requests.

The only data/values that will "survive" from script to script are the
ones you explicitly "save" and "transmit" through GET/POST/COOKIE/SESSION
mechanisms.

-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] mysql problems

2005-03-01 Thread Rory McKinley

Jed R. Brubaker wrote:
Hi all -
I could use a lead on a problem. I just don't know where to start.
I have a PHP script that populates a database table. No big deal. It creates 
mailing labels. However, a weird things keeps happening - every once in a 
while, a query is run twice. It is the same query, same information, even 
the same time (there is a now() in the query - and it is identical).

So the question is a simple one - is this a PHP problem or a MySQL problem? 
Or somewhere in the MySQL extension? And how would I know?

There is one clue to this otherwise vague problem. I believe that this 
predominantly happens when the database is under an above average load.

I would appreciate any help that I might be able to get.
Thank you.
Hi Jed
Can you post some sample code - showing how the query is called through 
PHP? IMHO, at first pass it sounds like PHP rather than MySQL - but I 
have been wrong before (many, many times);).

Rory
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] mysql problems

Jed R. Brubaker wrote:
> I could use a lead on a problem. I just don't know where to start.
>
> I have a PHP script that populates a database table. No big deal. It
> creates
> mailing labels. However, a weird things keeps happening - every once in a
> while, a query is run twice. It is the same query, same information, even
> the same time (there is a now() in the query - and it is identical).
>
> So the question is a simple one - is this a PHP problem or a MySQL
> problem?
> Or somewhere in the MySQL extension? And how would I know?
>
> There is one clue to this otherwise vague problem. I believe that this
> predominantly happens when the database is under an above average load.
>
> I would appreciate any help that I might be able to get.

Possibly the users are clicking twice on "Submit" when the site is slow.

Try embedding an MD5 hash or some other random token in the FORM, and mark
them off as "used" when you INSERT a new row.  If a token is "used" just
ignore the insert.

Or, better yet, check that the values are the same and ignore it, and if
they are different, because the user used their "Back" button and
submitted new data, go ahead and INSERT.

It might *NOT* be users clicking too much, but that's USUALLY the cause,
and it's easy to detect and "do the right thing" once you embed something
in each FORM to uniquely identify it before they submit it back to you.

-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] combining values

On Tue, 2005-03-01 at 11:44, Sascha Kaufmann wrote:
> $birthday = $day.'.'.$month.'.'.$year;
> 

why wouldn't 

$birthday = "$day.$month.$year";

work as well.

Bret

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] textarea posting duplicate text

2005-03-01 Thread John Holmes

Elizabeth Lawrence wrote:
Thanks, Dan. I copied your code exactly and posted it here:
http://www.tidefans.com/test.php I pasted a large part of O'Henry's "Gift of
the Magi" into the textarea, and it gets repeated, as before.
There was an Apache2/PHP bug going around that had this issue. It was an 
older version of PHP and/or Apache2 that I thought was fixed, though. 
Maybe your running into this same issue? Try searching the PHP bug 
database for "apache2 duplicate" and see if you can find the old bug/issue.

--
---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
php|architect: The Magazine for PHP Professionals – www.phparch.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] textarea posting duplicate text

2005-03-01 Thread Dan Tappin

It's definitely on your end:
http://www.orourke.ca/test.php
I verified your issue on your server and could not reproduce it on mine.
Our phpinfo data looks the same.
Here's a hunch.  Try calling output buffering at the top of your page:
 ob_start();
I have this on my site to allow for mid-page redirects.  I have no idea 
if this is the cause.  Just an idea.  Perhaps an Apache 2 issue?  Can 
any one else confirm this on Apache 2 / PHP 4.3.10?

Dan T
On Mar 1, 2005, at 7:43 AM, Elizabeth Lawrence wrote:
Thanks, Dan. I copied your code exactly and posted it here:
http://www.tidefans.com/test.php I pasted a large part of O'Henry's 
"Gift of
the Magi" into the textarea, and it gets repeated, as before.

Thanks for any help,
Elizabeth
-Original Message-
From: Dan Tappin [mailto:[EMAIL PROTECTED]
Sent: Monday, February 28, 2005 6:59 PM
To: Elizabeth Lawrence
Subject: Re: [PHP] textarea posting duplicate text
Create a new file:
test.php
with this exactly in the contents:


TEST









Load the page, enter some text and hit submit.  Rule out some strange
issue with your page.  Confirm it's a PHP issue not a coding one.
Dan T
On Feb 28, 2005, at 8:03 AM, Elizabeth Lawrence wrote:
Hello. I have been asked to look at a PHP issue for someone, and I
can't
figure out what the problem is. I'm hoping one of you experts can 
help!


They are using Red Hat Linux / Ensim Pro 4.0.2, PHP 4.3.10, and Apache
2.0.

The problem: When a lot of text is entered into a textarea on a form,
the
text that shows up in the $_POST['textarea'] variable has the text
that was
entered, but it is duplicated. This is causing problems for their
forums.
Here is a very simple script I placed on the server:
www.tidefans.com/textarea_test.php (code below)
When I place the same script on another server I have access to, the
textarea text is "posted" fine.
Is this a PHP setting somewhere that I'm missing?

Here is the code for the PHP script mentioned above:


Test PHP Script




//[a bunch of text goes here]




if ($_POST[Submit] != "")
{
  echo "_POST values";
  echo "Textarea submitted:";
  echo "" . $_POST[textarea] . "";
  echo "Textbox submitted:";
  echo "" . $_POST[text] . "";
  echo "Submit submitted:";
  echo "" . $_POST[Submit] . "";
}
?>


phpinfo();
?>



If anyone can point me in the right direction, I would appreciate it 
so
much!

Elizabeth

Elizabeth Lawrence
[EMAIL PROTECTED]

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] combining values

2005-03-01 Thread Sascha Kaufmann

$birthday = $day.'.'.$month.'.'.$year;
William Stokes wrote:
Hello,
I need to collect persons birth date from web form. The form is this kind:
Birthday
date

month

year


 Then I need to combine these in to a one $variable. Something like this...
$birthday = $day . $month . $year;
How can I add the . (dots) to the date so it would look like for example 
this:

28.05.1974

Thanks
-Will 

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] combining values

2005-03-01 Thread William Stokes

Hello,

I need to collect persons birth date from web form. The form is this kind:
Birthday
date

month

year



 Then I need to combine these in to a one $variable. Something like this...

$birthday = $day . $month . $year;

How can I add the . (dots) to the date so it would look like for example 
this:

28.05.1974



Thanks

-Will 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Re: [PHP] Pop-up message

2005-03-01 Thread hitek

Is there some reason you can't simply use a javascript alert on the page 
refresh?

if(isset($queue)){
   echo "
   
   
   ";
}

> 
> From: Lester Caine <[EMAIL PROTECTED]>
> Date: 2005/03/01 Tue AM 03:18:58 EST
> To: php-general@lists.php.net
> Subject: Re: [PHP] Pop-up message
> 
> Richard Lynch wrote:
> 
> > Lester Caine wrote:
> > 
> >>At the risk of being shouted at because *I* know it's not a PHP problem!
> > Actually, it's a client problem :-)
> Yep - but with so many different ways of doing it, which client method 
> would be best ;)
> 
> >>I have a page that is being refreshed every 30 seconds or so, and
> >>displays a list of 'tickets' waiting to be dealt with on a list from a
> >>database query. No problems there, but a couple of sites now want me to
> >>add a pop-up warning when a ticket is added that has a staff ID matching
> >>the logged in user.
> > 
> > Your first task is to convince the client what an incredibly stupid idea
> > this is.
> Actually it's not - which is part of the problem - these are all private 
> networks and this is to replace 'reception' trying to phone the member 
> of staff - who may already be on the phone - to tell them an appointment 
> has arrived. So I just ant to 'queue' something on the their machine.
> 
> > And that it won't work with all the popup blockers.
> Have a handle on that, and the customer knows the problem, they are even 
> willing to consider a switch to Firefox if that will help. Tabbed 
> browsing with queue's on different tabs makes a lot of sense :)
> 
> > And if it did work, it would just annoy the [bleep] out of their users.
> > 
> > I know I'm preaching to the choir, here, but I have to go on record with
> > this statement.
> I know all the arguments, but hopefully you can see the problem - how do 
> we tell the 'target' that there is someone waiting - and the clock is 
> running on performance figures :(
> 
> >>I can drive a sounder in the target browser, but need kicking in the
> > 
> > A sounder?  You mean like make my browser make noise?  ICK!!!
> Yep - and if they are on the phone they may not here it either.
> 
> >>right direction for a method of adding a pop-up window. Ideally it needs
> >>to be browser agnostic, which is where the problem comes given the
> >>pop-up blockers and other 'toys' that are being added to the browser end
> >>of things.
> > 
> > You're not going to defeat the popup blockers in the long run.
> As I said - we have control over machine configurations - to a certain 
> extent, and if a user decides they want to be clever it's their 
> performance figures that will be affected ;)
> 
> > You are better off using clean simple code in an onLoad in your body tag
> > to open the new window.  Something like:
> > 
> > where the URL loads in that user's recently added items.
> > 
> > Either the users will accept the popup and whitelist it in their popup
> > blocker, or they won't.
> That is probably where I am at, but I was looking to see if anybody had 
> any other ideas for passing messages. Probably should have explained 
> better what I was trying to do, but I often see 'Did you try so and so' 
> which provides another avenue to look at.
> 
> > And if a lot of them don't accept it, as they shouldn't, that tells you
> > right there what a dumb idea this was. :-)
> > 
> > But running around to find code to "defeat" the popup blockers will be a
> > total waste of time -- and you'll end up with something so hacked and so
> > un-maintainable that you'll have to fix it every six months, even if the
> > popup blockers don't find workarounds to block your workarounds that popup
> > the windows that they don't want popped up.
> Already covered that, but there *IS* a need for a controlled way of 
> passing messages from the server to the client ...
> 
> >>So can anybody point me in the right direction for a CURRENT method of
> >>achieving this, many of the bits I've found so far are somewhat
> >>antiquated, and fail in one way or another :(
> > 
> > Perhaps it would be better to segregate the tickets into those associated
> > with the User logged in, and those that are not.
> > 
> > Or to at least sort them that way, regardless of their other sorting 
> > options.
> > 
> > For that matter, don't even *BOTHER* to show me items that aren't mine,
> > unless I specifically ask for them.
> Other people in a department need to be able to see who is waiting on a 
> queue, only some callers are appointments, so a browser is left logged 
> in with that queue selected so people can monitor things. As soon as an 
> appointment is logged, the page changes to a staff ID specific page, and 
> as long as it is visible in the background, it can be seen, but 'other 
> systems' insist on being displayed full screen, which is what is being 
> the pain. If (actually probably WHEN) we can get the applications that 
> don't want to share to play nicely ...
> 
> > Build a system that detects tickets that sit un-assign

Re: [PHP] Program flow?

2005-03-01 Thread Richard Davey

Hello Rory,

Tuesday, March 1, 2005, 4:58:20 PM, you wrote:

rw> Hi I have a one simple question that I need to sort out before I
rw> continue writing any PHP scripts. Every time I call a script are the
rw> variables reset to the default values?

Yes this is nearly always the case unless you code around it.

Best regards,

Richard Davey
-- 
 http://www.launchcode.co.uk - PHP Development Services
 "I am not young enough to know everything." - Oscar Wilde

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] mysql problems

2005-03-01 Thread Jed R. Brubaker

Hi all -

I could use a lead on a problem. I just don't know where to start.

I have a PHP script that populates a database table. No big deal. It creates 
mailing labels. However, a weird things keeps happening - every once in a 
while, a query is run twice. It is the same query, same information, even 
the same time (there is a now() in the query - and it is identical).

So the question is a simple one - is this a PHP problem or a MySQL problem? 
Or somewhere in the MySQL extension? And how would I know?

There is one clue to this otherwise vague problem. I believe that this 
predominantly happens when the database is under an above average load.

I would appreciate any help that I might be able to get.

Thank you.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Program flow?

2005-03-01 Thread rory walsh

Hi I have a one simple question that I need to sort out before I
continue writing any PHP scripts. Every time I call a script are the
variables reset to the default values? If for example I call action.php
from a form with a hidden value "test", I set $NUMBER to 5. If I then
call action.php again from another form with another hidden value which
means that I do not assign any number to $NUMBER, will $NUMBER now go
back to being its default value or will it stay at 5? So basically I
think my question is, each time one runs a script is it the same as
starting the application all over again? Cheers,
Rory.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] (O-T) PHP developer position available

2005-03-01 Thread Radu Filip


Position: Senior PHP Developer & MySQL DBA
Responsibilities:
   - to continue the development of a web application written in PHP and
 based on a MySQL database, application that serves a Windows client
 application
   - to manage MySQL databases and MySQL server in a Linux environment
   - to provide level 2 technical support to the Customer Care Dept. and
 sometimes to customers directly
Minimum experience: 2 years (required)
Duration: permanent
Work place: at your location
Languages:
   - English (required)
Work hours:
   - minimum 4 hours a day (required)
   - fulltime (8 hours a day) (preferred)
Qualities:
   - very serious
   - honest
   - responsible
   - dedicated and commited
Others:
   - permanent Internet connection (required)
   - permanent availability for critical situation (requires mobile a
 phone)

To apply, please send:
   - a complete resume (PDF or HTML format) (required)
   - portfolio (preferred)
   - letter of recommendations (preferred)
to [EMAIL PROTECTED]

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] How can I send a gif picture to the mobile client via php?

> Dear phpers,
> I'm using php 4.2.2 and gd version 1.8 which seems don't 
> support gif pictures.
> However, I want to send a single gif picture to the client side.
> How can I do it?
> 
> Any help would be appreciated.

A single gif - that you have already made?



Or, if you are using a script to generate the image and are switching
between types, after you have sent the correct headers use:

readfile ("mygif.gif");

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Re: Like ternary but without the else.

2005-03-01 Thread Chris W. Parker

anirudh dutt 
on Monday, February 28, 2005 9:25 PM said:

> dunno if u've read the options ppl have given u or u've ignored their
> answers:

ugh...

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] How can I send a gif picture to the mobile client via php?

2005-03-01 Thread 牛坤


Dear phpers,
I'm using php 4.2.2 and gd version 1.8 which seems don't support gif pictures.
However, I want to send a single gif picture to the client side.
How can I do it?

Any help would be appreciated.


Sincerely,
Kun

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] textarea posting duplicate text

On Tue, 2005-03-01 at 10:19, Bret Hughes wrote:
> On Tue, 2005-03-01 at 08:43, Elizabeth Lawrence wrote:
> > Thanks, Dan. I copied your code exactly and posted it here:
> > http://www.tidefans.com/test.php I pasted a large part of O'Henry's "Gift of
> > the Magi" into the textarea, and it gets repeated, as before.
> > 
> > Thanks for any help,
> > Elizabeth
> 
> 
> There are some settings in php.ini that affect the max size of post
> variables.  It is sort of interesting to me that it is not a complete
> copy but the first 1303 bytes or so are printed and then the test as a
> whole is there preceded by testarea=.
> 
> It does not do this on my server. 4.3.6 apache 2
> 
> I notice that the Server API  says  Apache 2.0 Filter on your box and on
> mine it says Apache 2.0 Handler.  I have no idea what that means.
> 
> Bret
> 

Hmm I did not remember writing the bit about post_max_size.  I was
checking your settings in the phpinfo output when I found the
filter/handler deal. obviously the post_max_size is not the culprit.

Bret

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Inline Frame and php

> > Is there a way to "leave" the inline frame?

You could get your script to write some JavaScript instead of the header
along the lines of:

window.parent.document.location = "mypage.php";

(This is not tested, and YMMV...)

HTH,

Mikey

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Spam and this list

2005-03-01 Thread Richard Davey

Hello bob,

Tuesday, March 1, 2005, 4:11:47 PM, you wrote:

b> I am most surprised that a list like this would be so open to
b> Spiders and other creepie crawlies. Other PHP mailing lists are
b> fine, why can't the original and best one be one of them ?

I can't see how any list at all that displays the authors email
address as the From: address could ever protect you from spam of any
kind. Sure you can munge the email addresses on the archives, but you
can't stop a bot from subscribing or monitoring the usenet gateway.

Best regards,

Richard Davey
-- 
 http://www.launchcode.co.uk - PHP Development Services
 "I am not young enough to know everything." - Oscar Wilde

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Inline Frame and php

2005-03-01 Thread Joe Harman

Hey Todd, 

I use iframe alot.. what you have to do is tell it a target... but, i
am not sure if you can do that with header('Location:...") .. i would
be interested to know also

Joe


On Mon, 28 Feb 2005 16:30:28 -0800, Todd Cary <[EMAIL PROTECTED]> wrote:
> My client insists on using inline Frames that uses my php pages.  As an
> example, this is on one page:
> 
>  SRC="search.php?search_text=" WIDTH=592 HEIGHT=282>
> 
> 
> This works well with the "control" being given to search.php.  What I do
> not understand is that within search.php, I have a statement that is
> suppose to pass "control" to anther page.  The line is
> 
> header("location: http://192.168.0.23/mypath/mypage.php";);
> 
> Rather than going to the page, it opens mypage.php in the inline frame.
> 
> Is there a way to "leave" the inline frame?
> 
> [Excuse my nomenclature e.g. "control", "leave"]
> 
> Todd
> 
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 
>

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] textarea posting duplicate text

On Tue, 2005-03-01 at 08:43, Elizabeth Lawrence wrote:
> Thanks, Dan. I copied your code exactly and posted it here:
> http://www.tidefans.com/test.php I pasted a large part of O'Henry's "Gift of
> the Magi" into the textarea, and it gets repeated, as before.
> 
> Thanks for any help,
> Elizabeth

There are some settings in php.ini that affect the max size of post
variables.  It is sort of interesting to me that it is not a complete
copy but the first 1303 bytes or so are printed and then the test as a
whole is there preceded by testarea=.

It does not do this on my server. 4.3.6 apache 2

I notice that the Server API  says  Apache 2.0 Filter on your box and on
mine it says Apache 2.0 Handler.  I have no idea what that means.

Bret

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] On Topic - Theoretical Concents of Anti-password trading/sharing solutions

Robert Cummings wrote:
On Tue, 2005-03-01 at 09:58, Dan Trainor wrote:
[-- SNIIIP --]

Dear Dan,
You have yourself to blame for the responses you have been receiving.
You opened up the floodgates of personal opinion when you mentioned your
were a pr0n pusher. The fact that you deal with adult content was
completely irrelevant to your technical question. While I agree that
what you do is your own business, any person who finds your actions
reprehensible will more than likely find themselves morally obliged to
weigh in on their distaste.
Sincerely,
Rob.

And with that, I'd like to say that, as helpful as this list has been in 
regards to the subject that I have set forth, I won't continue this 
thread any longer.  You guys can, but I won't.

I've obviously struck a sour cord and made many people very angry, and 
although this was not my intent, I hope we can all take this as a 
learning experience - to learn what kind of questions not to ask.

If anyone would like to continue this converstaion privately, I would be 
more than happy to respond.  However, I believe that it is in the better 
interest of the majority of the members on the list to discontinue this 
converstaion, and move it to a private conversation.

Jochem, and Rasmus, for that matter, should not be offended by what I 
had to say.  Rasmus deserves much credit for his work in regards to PHP, 
but me, not being aware of who he actually was prior to all this, did 
not see how he might be able to contribute *directly* to this subject. 
When I asked what he has got to do with this, I believe what was 
interpreted was out of context.  Appologies are given where deserved, 
and I'm sorry.

Thanks again all, for your replies.
-dant
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] On Topic - Theoretical Concents of Anti-password trading/sharing solutions

2005-03-01 Thread John Nichel

Dan Trainor wrote:

Of course I would not consider Open Source software for this purpose if 
the sites themselves were making money.  but the sad fact is, most of 
these sites do not.

Why would you not consider OSS for a site/company that is making money? 
 Open Source doesn't mean free as in beer.  There's no rule stating 
that you _cannot_ pay for an OS solution.

--
John C. Nichel
ÜberGeek
KegWorks.com
716.856.9675
[EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Spam and this list

2005-03-01 Thread bob

Well, this time it took just 11 days to get my first bit of spam from 
this mailing list.

I am most surprised that a list like this would be so open to Spiders 
and other creepie crawlies. Other PHP mailing lists are fine, why can't 
the original and best one be one of them ?

Alexis
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] mcrypt_create_iv always returns same value?

2005-03-01 Thread Murray @ PlanetThoughtful

Hello All,

 

I'm just beginning to experiment with encryption using the mcrypt functions
and I'm wondering if anyone can tell me if it's normal that the following
code always returns the same value whenever executed on my system (PHP
5.0.3, WinXP, mcrypt 2.5.7):

 

$td = mcrypt_module_open('rijndael-256','','cbc','');

 

srand((double) microtime() * 100); 

 

$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td),MCRYPT_RAND);

 

I was under the impression that the value in $iv should be random, whereas
on my machine it always seems to be the same value.

 

For the time being I have replaced the $iv = mcrypt_create_iv(.) etc line
with:

 

$iv = md5(uniqid(rand(), true));

 

This, at least, returns a random (random-esque?) 32 char string, but because
I don't know a great deal about encryption, I don't know if the value
returned by mcrypt_create_iv() results in stronger encryption than this or
not.

 

Can anyone help me understand why the code at top would return the same
value over and over, and also whether or not using a 32 char string
generated by "md5(uniqid(rand(), true))" is suitable to use in place of a
value returned by mcrypt_create_iv() or if there is something inherently
wrong in doing so?

 

Many thanks in advance!

 

Murray

RE: [PHP] Semi-OT: Anti-password trading/sharing solutions

> The difficulty is trying to find a solution that would limit 
> access and do all the fancy stuff that we had discussed, 
> without interfering with the pre-existing authentication 
> system.

How about taking the auth status of a user from the headers and then
performing additional verification (such as IP checks - although I would
discourage that for previously mentioned reasons, or the display of a new
password for the next session and use system calls to modify the password
through htpasswd) and then storing a session var to say that the additional
auth had been passed?

Regards,

Mikry

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Semi-OT: Anti-password trading/sharing solutions

Mikey wrote:
To address Mikey's question - I am not looking for a way to 
uniquely identify users.  For one, it's just not possible.  
On top of that, the vast majority of members with to stay 
anonymous for reasons that I am not even going to begin to 
state on this list, because we all know where that will end up.

I think you have misunderstood me - I mean't uniquely identifying *clients*
- browsers.

I am trying to ensure that one login and one password are 
specific to one client.  Several methods of this include 
making sure that not more than two IPs use a specific 
login/password throughout a pre-set threshold, and on top of 
this, the automatic blocking of IPs that attempt brute-force 
style attacks.  These two items alone would be an invaluable 
tool in the assurance that logins and passwords are not abused.

As I say, have a look at phpsec.org - the article on sessions is what you
want, and it will explain why doing something like that will not work as
expected.  Some proxies assign new IPs for every request from a single
client (AOL in particular).  Do you really want to exclude a large
proportion of the internet population?
HTH,
Mikey
Mikey -
I'm pretty aware of how it all works.  However, the problem lies in the 
fact that because most of the pre-installed billing software relies 
solely on .htaccess/.htpasswd-based authentication, it's not possible to 
just change the whole login system.  For the most part, they're still 
using privative means of authentication which are broken to begin with.

The difficulty is trying to find a solution that would limit access and 
do all the fancy stuff that we had discussed, without interfering with 
the pre-existing authentication system.  Many of the solutions that I've 
seen so far include some mod-rewrite hackery that a PHP script or 
"Gateway" modifies to allow/disallow access based on a given set of 
criteria.

It's unfortunate that most of the billing systems operate this way. 
They're not going to change - and I know this because I had worked with 
the biggest.  It would benefit them greatly to investigate other means 
of authentication, perhaps with a SQL back end and such - but that is a 
subject I'd not want to bring up here because I know it's been discussed 
many a time on this list, and I'd hate to start another flame war.

Although it would benefit them greatly, most of their customers expect 
stuff in a simplistic and uniform manner.  Changing the whole 
login/authentication system would wreak havoc among these clients who 
are not technically inclined, and is just not possible at this time.

Friends and I have given serious thought to actually starting our own 
processing solution, but it is not possible at this time due to the 
large amount of liability that we would inherit.  Perhaps though, with 
time, this will be possible.  When that time comes, we plan on having an 
"open" solution that would try to set some sort of robust and highly 
configurable standard for this specific application.

Thanks again for taking the time to respond.
-dant
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] On Topic - Theoretical Concents of Anti-password trading/sharing solutions

2005-03-01 Thread Robert Cummings

On Tue, 2005-03-01 at 09:58, Dan Trainor wrote:
>
> [-- SNIIIP --]
>

Dear Dan,

You have yourself to blame for the responses you have been receiving.
You opened up the floodgates of personal opinion when you mentioned your
were a pr0n pusher. The fact that you deal with adult content was
completely irrelevant to your technical question. While I agree that
what you do is your own business, any person who finds your actions
reprehensible will more than likely find themselves morally obliged to
weigh in on their distaste.

Sincerely,
Rob.
-- 
..
| InterJinn Application Framework - http://www.interjinn.com |
::
| An application and templating framework for PHP. Boasting  |
| a powerful, scalable system for accessing system services  |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for   |
| creating re-usable components quickly and easily.  |
`'

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] How to handle actions that may take a long time?

On Tue, 2005-03-01 at 03:05, Cajus Pollmeier wrote:
> Am Dienstag, 1. März 2005 09:14 schrieb [EMAIL PROTECTED]:
> > You can send a piece of HTML defining some little thing like a div layer
> > with your "please wait, bla bla bla"
> > So the visitor can read something.
> > When the process is finished, you can write another piece of HTML
> > containing some JavaScript lines, changing the text (and icons or
> > images) so you can inform your visitor that the process had finished.
> 
> If it's possible I'd like to avoid js ;-)
> 
> > This is the clasical no end web page... You can do something similar
> > with frames, so in a little frame the visitor can see the status,
> > (searching, wait...) and in another big frame can do something usefull.
> 
> I'm going to evaluate some things...
> 

I don't know where I read it but there are some ideas out there that
people use to monitor long running html uploads and provide status on
them.  IIRC the main idea was to write the status to a file ( or like
you said, to a session var) and periodically reload the page to get the
latest status.  Now that I think about it it may have been a how to do a
status bar for uploads.  I do not recall if it needed js or not. 

HTH
Bret

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Semi-OT: Anti-password trading/sharing solutions

Dan Trainor wrote:
Jochem Maas wrote:
...
I don't think that this is an issue that is specific to pr0n.  Sure, the 
first thing that we think of when we hear a traded login is actually 
pr0n, but it is most definately not limited to this arena.
does anybody know whether pr0n sites have a much higher 'cheat'
percentage (regarding traded/cracked logins) than other kinds of sites..
for instance does the NewYorkTimes have major problems like this?
(I'll bet that regardless of whether NYT has these problems they are a
very expensive custom system in place to mitigate the problem!?)
I appreciate the kind words mentioned by Jochem and Mikey.  They see 
through the whole stereotypical "I have a username and password" thing 
and understand the true technical reasoning behind my question.
we understand the issues, we know that the topic appears regularly - and
that there are various bits of code out on the web that try to do, mostly
we are aware that its not 100% possible, and that doing it to some acceptable
level of approximation is hard... either you write it or you pay some to
write it... why? simply because only monkeys work for nothing while you rake it
in - unfortunately monkeys can't program (yet).
I think Richard Lynch already pointed that out but you didn't seem to get it.
(Also your explaination of what Open Source is showed a rather
Microsoftesque (i.e. purely economic) understanding of the concept - more's the 
pity)
To address Mikey's question - I am not looking for a way to uniquely 
identify users.  For one, it's just not possible.  On top of that, the 
vast majority of members with to stay anonymous for reasons that I am 
not even going to begin to state on this list, because we all know where 
that will end up.
true enough - sad to say we live in a world where looking at the 'wrong'
picture can cost you your job/reputation - then again if you're oggling
kiddiepr0n maybe you need a visit from the authorities.
double-edged sword and all that.
then again exactly how anonymous is a creditcard transaction!
I am trying to ensure that one login and one password are specific to 
one client.  Several methods of this include making sure that not more 
than two IPs use a specific login/password throughout a pre-set 
threshold, and on top of this, the automatic blocking of IPs that 
attempt brute-force style attacks.  These two items alone would be an 
invaluable tool in the assurance that logins and passwords are not abused.
true enough...
on a side note: maybe Dan would have been better off never mentioning his
line of business - then nobody would have been any wiser?
also you Dan, you might want to be careful how you use the word Rasmus around 
here

Rasmus?  Waht's he got to do with anything?

regardless of the context you say stuff like that in, its probably not going to 
go
down too well on this list...
(you might get away with it if your name was Zeev, Andi, Wez, etc)
Thanks again
-dant
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Semi-OT: Anti-password trading/sharing solutions

> To address Mikey's question - I am not looking for a way to 
> uniquely identify users.  For one, it's just not possible.  
> On top of that, the vast majority of members with to stay 
> anonymous for reasons that I am not even going to begin to 
> state on this list, because we all know where that will end up.

I think you have misunderstood me - I mean't uniquely identifying *clients*
- browsers.

> I am trying to ensure that one login and one password are 
> specific to one client.  Several methods of this include 
> making sure that not more than two IPs use a specific 
> login/password throughout a pre-set threshold, and on top of 
> this, the automatic blocking of IPs that attempt brute-force 
> style attacks.  These two items alone would be an invaluable 
> tool in the assurance that logins and passwords are not abused.

As I say, have a look at phpsec.org - the article on sessions is what you
want, and it will explain why doing something like that will not work as
expected.  Some proxies assign new IPs for every request from a single
client (AOL in particular).  Do you really want to exclude a large
proportion of the internet population?

HTH,

Mikey

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] On Topic - Theoretical Concents of Anti-password trading/sharing solutions

[EMAIL PROTECTED] wrote:
I agree with Mikey on the "live and let live" side of things. This forum is
about sharing technical knowlege and helping other users overcome technical challenges
relating to PHP.
Yeah, a site that's "adult oriented" is most likely a pay site. Doesn't mean they make money, but
assuming they made boat loads of it, then yeah, they should look into paying for a solution instead of
finding or conning someone into making a freebie solution. Ultimately, if they're making the kind of money
that would make us have no sympathy for them, then they're making the kind of money that $350 isn't going to
matter one way or another. It's not like "Muuahahahah.. we saved $350 by using free software, we're
even richer now!" it's more like "Well, that's 50% off this month's hosting fees.. big deal".
Of course I would not consider Open Source software for this purpose if
the sites themselves were making money. but the sad fact is, most of
these sites do not. Regardless, they're my customers, and they ask me
for solutions. I try my damndest to provide these solutions. Offering
the services that I provide, it would indeed be in my better interests
to make them run up a bandwidth bill, but this practice is frowned upon
by many.

But all of that deals with moral and personal issues. The meat of this discussion is "How do I make sure that someone isn't sharing their login with the world".
I totally respect the moral and personal issues of others. However, I
do not respect those who tell me that what I am doing is *wrong*. In my
eye, they're wrong. What if I were to tell them that I didn't agree
with the child-oriented Telletubbies Web Site that they were working on?
Do you see the logic in this? I don't.

Here are some thoughts:
Many BitTorrent sites that monitor U/D ratios seem to use a fairly universal
system that seems to involve logging into the site, your IP address is recorded
in the database as belong to that account. If you log in from a different
computer (which users should be able to do to some degree), it'll record THAT
IP address in the database too. I don't know their criteria (probably fairly
loose compared to what a pay site would want) but the issue here is more about
how many CONCURRENT connections under that account are occurring.
So let's say the criteria would be "A user logs in and their IP address is recorded.
They can have as many IP addresses attached to that account as they want BUT they can't
have XX number of IP addresses connect within YY minutes or we consider it a pattern of
login sharing."
So if you have someone who gets an account and shares it with a single friend,
it probably won't trip the alarms. But really, is that such a big deal
compared to someone posting their login info on a message board and 1000 people
trying to use it at once?
A single person, or a person and a friend or two, aren't going to be logging in from 150
IP addresses within 5 minutes. And that's really what you're trying to prevent. The
wholesale sharing of a login, not little petty sharing. So it doesn't have to be a
perfect system. No need for retinal scans or anything. Just preventing large scale
abuse. Which seems pretty simple to me espcially in the case of "adult
oriented" sites since their logins will either be used properly (or at least
reasonably) or they'll be abused to hell.
Now if you take a site like Consumer Reports or the Encyclopedia Britanica, that's a
little more difficult. 1000 people aren't going to be logging in rapid-fire if it's
shared. But you might get 5 or 6 a time if it's shared improperly. So you just set the
threshhold a little lower. Maybe do something like block the person and make it say
something like "This account is being used by too many sources at once. If this
happens too many times, the password will be reset and the new password will be emailed
to the legitmate owner of the account. If you received this message in error, please try
back in 5 minutes. If you continue to receive this message, please contact our technical
support team at [EMAIL PROTECTED]"
That'll discourage people from sharing since they'll get locked out of their
own account. It provides incentive not to share without being too harsh about
it and provides the legitmate owner a way to get in even if someone else stole
and/or is abusing their account. People who are abusing or using a stolen
account probably won't have access to the original account holder's email
account and if the owner is sharing with some friends, they can still share but
have incentive not to share TOO much.
See? None of this is impossible or even implausible and I don't see it as off topic at all. It's a good discussion with legitmate purpose, even if it is for an 'adult oriented' site.
And again, the only reason why I am looking for ideas on this list is
because it generally promotes and comes up with some amazing ideas. I
have full fai

Re: [PHP] Semi-OT: Anti-password trading/sharing solutions

Jochem Maas wrote:
Hi Mikey,
you writing is very balanced, nicely put... I very much
agree with the position you take/have (maybe my OP didn't put
it quite so clearly ;-)
but you write that Dan probably agrees that (any) exploitation
(that occurs) is a bad thing... a logical assumption now read
this a weep (it a offlist reply from Dan to a reply of mine to his reply
original reply to my OP), It really shows what a kind, caring guy Dan
is:

I do understand your points.  Being in this industry, you're not the 
first person who I've met that dislikes the idea of what I do.  There's 
nothing more that I can do aside from telling you to, well basically, 
fuck off.  I see people like you on a daily basis, and unfortunately 
they confront me about the "situation".  Most of the time I kindly just 
ignore them.

I do what I do because I understand the market, the Webmasters, and the 
customers.  I have a wonderful company.  My employees like what they 
do.  I like what I do.  I love it.  If you are trying to tell me that 
I'm a bad person for making a buck off of some slut who needs to pay 
rent for a month, then so be it.  I don't care.  I only host these sites 
and make sure that they stay online.  I don't have to deal with any of 
the "models".  I could give two shits and a giggle what they go 
through.  It was their choice to result to pornography - not mine.  I 
could, again, give two shits and a giggle what society thinks of them, 
myself, or my business.  It would be silly and foolish to try to change 
the minds of anyone that has anything to do with this industry.  The 
same level of foolishness that you are suggesting by telling me that I 
am a bad person...

The best I can tell you is to ignore what you don't like, because your 
views, as extensive and expressive as they are, will always fall on deaf 
ears.  I'm sorry.

With that being said, I cannot continue this conversation.  I would 
continue it if my time was worth it and you did not take an offensive 
manner to the situation.

Good luck with your church.
Thanks
-dant


Mikey wrote:
[snip everything irrelevant]
...
think it makes them bad people.  I also happen to know that not all 
pr0n is
about exploitation.  Some is, of course, and I'm sure that even Dan would
agree that this is not good - if anyone had bothered to find out in the
first place.

...
I don't think that this is an issue that is specific to pr0n.  Sure, the 
first thing that we think of when we hear a traded login is actually 
pr0n, but it is most definately not limited to this arena.

I appreciate the kind words mentioned by Jochem and Mikey.  They see 
through the whole stereotypical "I have a username and password" thing 
and understand the true technical reasoning behind my question.

To address Mikey's question - I am not looking for a way to uniquely 
identify users.  For one, it's just not possible.  On top of that, the 
vast majority of members with to stay anonymous for reasons that I am 
not even going to begin to state on this list, because we all know where 
that will end up.

I am trying to ensure that one login and one password are specific to 
one client.  Several methods of this include making sure that not more 
than two IPs use a specific login/password throughout a pre-set 
threshold, and on top of this, the automatic blocking of IPs that 
attempt brute-force style attacks.  These two items alone would be an 
invaluable tool in the assurance that logins and passwords are not abused.

Thanks again
-dant
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] On Topic - Theoretical Concents of Anti-password trading/sharing solutions

2005-03-01 Thread tg-php

I agree with Mikey on the "live and let live" side of things.  This forum is 
about sharing technical knowlege and helping other users overcome technical 
challenges relating to PHP.

Yeah, a site that's "adult oriented" is most likely a pay site.  Doesn't mean 
they make money, but assuming they made boat loads of it, then yeah, they 
should look into paying for a solution instead of finding or conning someone 
into making a freebie solution.  Ultimately, if they're making the kind of 
money that would make us have no sympathy for them, then they're making the 
kind of money that $350 isn't going to matter one way or another.  It's not 
like "Muuahahahah.. we saved $350 by using free software, we're even richer 
now!"  it's more like "Well, that's 50% off this month's hosting fees.. big 
deal".

But all of that deals with moral and personal issues.  The meat of this 
discussion is "How do I make sure that someone isn't sharing their login with 
the world".

Here are some thoughts:

Many BitTorrent sites that monitor U/D ratios seem to use a fairly universal 
system that seems to involve logging into the site, your IP address is recorded 
in the database as belong to that account.  If you log in from a different 
computer (which users should be able to do to some degree), it'll record THAT 
IP address in the database too.  I don't know their criteria (probably fairly 
loose compared to what a pay site would want) but the issue here is more about 
how many CONCURRENT connections under that account are occurring.

So let's say the criteria would be "A user logs in and their IP address is 
recorded.  They can have as many IP addresses attached to that account as they 
want BUT they can't have XX number of IP addresses connect within YY minutes or 
we consider it a pattern of login sharing."

So if you have someone who gets an account and shares it with a single friend, 
it probably won't trip the alarms.  But really, is that such a big deal 
compared to someone posting their login info on a message board and 1000 people 
trying to use it at once?

A single person, or a person and a friend or two, aren't going to be logging in 
from 150 IP addresses within 5 minutes.  And that's really what you're trying 
to prevent.  The wholesale sharing of a login, not little petty sharing.  So it 
doesn't have to be a perfect system.  No need for retinal scans or anything.  
Just preventing large scale abuse.  Which seems pretty simple to me espcially 
in the case of "adult oriented" sites since their logins will either be used 
properly (or at least reasonably) or they'll be abused to hell.

Now if you take a site like Consumer Reports or the Encyclopedia Britanica, 
that's a little more difficult.   1000 people aren't going to be logging in 
rapid-fire if it's shared.  But you might get 5 or 6 a time if it's shared 
improperly.  So you just set the threshhold a little lower.   Maybe do 
something like block the person and make it say something like "This account is 
being used by too many sources at once.  If this happens too many times, the 
password will be reset and the new password will be emailed to the legitmate 
owner of the account.  If you received this message in error, please try back 
in 5 minutes.  If you continue to receive this message, please contact our 
technical support team at [EMAIL PROTECTED]"

That'll discourage people from sharing since they'll get locked out of their 
own account.  It provides incentive not to share without being too harsh about 
it and provides the legitmate owner a way to get in even if someone else stole 
and/or is abusing their account.   People who are abusing or using a stolen 
account probably won't have access to the original account holder's email 
account and if the owner is sharing with some friends, they can still share but 
have incentive not to share TOO much.

See?  None of this is impossible or even implausible and I don't see it as off 
topic at all.  It's a good discussion with legitmate purpose, even if it is for 
an 'adult oriented' site.


-TG

= = = Original message = = =

[snip everything irrelevant]

On a tehnical note, I don't really see how you can prevent this sharing of
logins.  This is something I was actually looking into for a site that had
nothing to do with pr0n (would love to know where that came from, it seems
so universal now).

If you read up on the general issues surrounding client identification
(http://phpsec.org) it is pretty much impossible to come up with a solution
of uniquely identifying a specific browser session that will work in all
instances.  And really, this is what you are trying to get at isn't it?
Uniquely identifying your clients.

The only non-technical solution I can offer you is that you change the
passwords for each person as they login.  This would make people much more
reluctant to shre their account as they would not be able to access their
own account as soon as someone else logs in with it.

Of course, people aren't

RE: [PHP] textarea posting duplicate text

2005-03-01 Thread Elizabeth Lawrence

Thanks, Dan. I copied your code exactly and posted it here:
http://www.tidefans.com/test.php I pasted a large part of O'Henry's "Gift of
the Magi" into the textarea, and it gets repeated, as before.

Thanks for any help,
Elizabeth

-Original Message-
From: Dan Tappin [mailto:[EMAIL PROTECTED] 
Sent: Monday, February 28, 2005 6:59 PM
To: Elizabeth Lawrence
Subject: Re: [PHP] textarea posting duplicate text

Create a new file:

test.php

with this exactly in the contents:



TEST












Load the page, enter some text and hit submit.  Rule out some strange 
issue with your page.  Confirm it's a PHP issue not a coding one.

Dan T

On Feb 28, 2005, at 8:03 AM, Elizabeth Lawrence wrote:

> Hello. I have been asked to look at a PHP issue for someone, and I 
> can't
> figure out what the problem is. I'm hoping one of you experts can help!
>
>
>
> They are using Red Hat Linux / Ensim Pro 4.0.2, PHP 4.3.10, and Apache 
> 2.0.
>
>
>
> The problem: When a lot of text is entered into a textarea on a form, 
> the
> text that shows up in the $_POST['textarea'] variable has the text 
> that was
> entered, but it is duplicated. This is causing problems for their 
> forums.
> Here is a very simple script I placed on the server:
> www.tidefans.com/textarea_test.php (code below)
>
> When I place the same script on another server I have access to, the
> textarea text is "posted" fine.
>
> Is this a PHP setting somewhere that I'm missing?
>
>
>
> Here is the code for the PHP script mentioned above:
>
> 
>
> 
>
> Test PHP Script
>
> 
>
> 
>
> 
>
> 
>
> //[a bunch of text goes here]
>
> 
>
> 
>
> 
>
> 
> if ($_POST[Submit] != "")
>
> {
>
>   echo "_POST values";
>
>   echo "Textarea submitted:";
>
>   echo "" . $_POST[textarea] . "";
>
>   echo "Textbox submitted:";
>
>   echo "" . $_POST[text] . "";
>
>   echo "Submit submitted:";
>
>   echo "" . $_POST[Submit] . "";
>
> }
>
> ?>
>
> 
>
> 
> phpinfo();
>
> ?>
>
> 
>
> 
>
>
>
> If anyone can point me in the right direction, I would appreciate it so
> much!
>
> Elizabeth
>
>
>
> Elizabeth Lawrence
>
> [EMAIL PROTECTED]
>
>
>

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Semi-OT: Anti-password trading/sharing solutions

Hi Mikey,
you writing is very balanced, nicely put... I very much
agree with the position you take/have (maybe my OP didn't put
it quite so clearly ;-)
but you write that Dan probably agrees that (any) exploitation
(that occurs) is a bad thing... a logical assumption now read
this a weep (it a offlist reply from Dan to a reply of mine to his reply
original reply to my OP), It really shows what a kind, caring guy Dan
is:

I do understand your points. Being in this industry, you're not the first person who I've met that dislikes the idea of
what I do. There's nothing more that I can do aside from telling you to, well basically, fuck off. I see people like
you on a daily basis, and unfortunately they confront me about the "situation". Most of the time I kindly just ignore them.

I do what I do because I understand the market, the Webmasters, and the customers. I have a wonderful company. My
employees like what they do. I like what I do. I love it. If you are trying to tell me that I'm a bad person for
making a buck off of some slut who needs to pay rent for a month, then so be it. I don't care. I only host these sites
and make sure that they stay online. I don't have to deal with any of the "models". I could give two shits and a
giggle what they go through. It was their choice to result to pornography - not mine. I could, again, give two shits
and a giggle what society thinks of them, myself, or my business. It would be silly and foolish to try to change the
minds of anyone that has anything to do with this industry. The same level of foolishness that you are suggesting by
telling me that I am a bad person...

The best I can tell you is to ignore what you don't like, because your views, as extensive and expressive as they are,
will always fall on deaf ears. I'm sorry.

With that being said, I cannot continue this conversation. I would continue it if my time was worth it and you did not
take an offensive manner to the situation.

Good luck with your church.
Thanks
-dant

Mikey wrote:
[snip everything irrelevant]
...
think it makes them bad people. I also happen to know that not all pr0n is
about exploitation. Some is, of course, and I'm sure that even Dan would
agree that this is not good - if anyone had bothered to find out in the
first place.
...
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Semi-OT: Anti-password trading/sharing solutions

[snip everything irrelevant]

On a tehnical note, I don't really see how you can prevent this sharing of
logins.  This is something I was actually looking into for a site that had
nothing to do with pr0n (would love to know where that came from, it seems
so universal now).

If you read up on the general issues surrounding client identification
(http://phpsec.org) it is pretty much impossible to come up with a solution
of uniquely identifying a specific browser session that will work in all
instances.  And really, this is what you are trying to get at isn't it?
Uniquely identifying your clients.

The only non-technical solution I can offer you is that you change the
passwords for each person as they login.  This would make people much more
reluctant to shre their account as they would not be able to access their
own account as soon as someone else logs in with it.

Of course, people aren't gonna like have to remember all the different
passwords but I think it helps with your problem.

As for the rest of this whole thread, I think we should all be a little more
"live and let live" about this.  So you don't like pr0n?  So what?  I know a
lot of people who do (not so much myself, am more of a doer) but I don't
think it makes them bad people.  I also happen to know that not all pr0n is
about exploitation.  Some is, of course, and I'm sure that even Dan would
agree that this is not good - if anyone had bothered to find out in the
first place.

I'm not trying to invite more flaming here - there have been some very valid
points made, I just hope this thread can die a quick and silent death not
that the technical issue has been addressed.

Mikey

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php-help

2005-03-01 Thread Burhan Khalid

K Karthik wrote:
dear friends,
can u help me to find the current directory where my php files are..  
using php.
echo dirname($_SERVER['PHP_SELF']);
Please, read the manual and search the archives.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] _POST not working (using mini_httpd) - 2 attachments

2005-03-01 Thread Burhan Khalid

overbored wrote:

Hi all, I'm learning PHP and I'd need to create a simple Web-based
ifconfig tool for a Soekris box (running Pebble). However, I've been
unsuccessful at getting PHP working with mini_httpd. In particular,
the POST data is not being received. Here's what I did...
What version of PHP are you running? $_POST and other $_* variable are
only available in PHP versions 4.2.+ iirc.
> $ php --version
> PHP 4.3.10-2 (cli) (built: Dec 19 2004 03:41:45)
> Copyright (c) 1997-2004 The PHP Group
> Zend Engine v1.3.0, Copyright (c) 1998-2004 Zend Technologies
This is the client build, which might not be the same as your server 
build. Run phpinfo() and check your version there.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Semi-OT: Anti-password trading/sharing solutions