Re: [PHP] Installation Warning?
On Friday 08 April 2005 20:27, [EMAIL PROTECTED] wrote: > > Anyone have any ideas on why it is suggesting NOT to use php and Apache > 2.0.x in a production environment? I'm planning on developing several large > apps for my company and expect 300-400 people to be hitting it throughout > the business day. > Off course I know of tons and tons of sites out there that have Linux + Apache2 + MySql + Php > 4 And the're running just fine, day after day after day. It is a calculated risk we made and haven't regreted it since. Andy -- Registered Linux User Number 379093 -- ---BEGIN GEEK CODE BLOCK- Version: 3.12 GAT/O/CM d- s:+ a- C UL P+ L+++ E--- W+++ N++ o+ K w--- O+++ M- V PS+ PE++ Y+ PGP+++ t+ 5-- X R !tv b DI+++ D++ G e-- h+ r--- y+ -- ---END GEEK CODE BLOCK-- Check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Problem with ob_get_contents()
Hi,
I've tested your code on PHP 4.3.3 and I have the same behavior has yours.
"Hello" is output at the end of the PhpInfo data, followed by a PHP notice :
Notice: ob_end_clean(): failed to delete buffer. No buffer to delete. in
...
And there is an empty "logfile" file created in the Apache directory insteaf
of the script's directory.
If you change in your script:
***
register_shutdown_function("hello");
echo ("HELLO ");
die();
***
by
***
// register_shutdown_function("hello");
echo ("HELLO ");
hello()
die();
***
then it runs as expected and the "logfile" file is created in the script's
directory.
It seems that when calling the shutdown function, all the buffered output is
immedialty sent to the client and the buffer mode is closed.
You maybe have PHP bug here, or the manual is wrong about the possibility to
retrieve the contents.
But we can notice that this also happens at the end of a script when there
is no shutdown function.
---
Skrol29
www.tinybutstrong.com
---
"Prathaban Mookiah" <[EMAIL PROTECTED]> a Ãcrit dans le message de news:
[EMAIL PROTECTED]
Hello,
I've posted a miniature version of my code here to explain my problem.
ob_start();
register_shutdown_function("hello");
echo ("HELLO");
die();
function hello()
{
$logfile = "logfile";
$error_string = ob_get_contents();
if(!$handle = fopen($logfile, "a"))
{
echo("Could not open logfile for writing!");
ob_end_flush();
exit;
}
if(fwrite($handle, $error_string) === FALSE)
{
echo("Could not write to logfile!");
ob_end_flush();
exit;
}
fclose($handle);
ob_end_clean();
}
?>
This simply does not work the way it should. i.e ob_get_contents doen't
return
any string and the buffer just gets flushed by itself at termination.
Though the PHP manual says it is not possible to retrieve the contents of
any
output buffers using ob_get_contents() with PHP < 4.0.6. But I am using
PHP 5.
x.x
Thanks in advance for any help.
Prathap
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] [PHP-INSTALL] Install Problems on Fedora 3
John Nichel wrote: Mark Sargent wrote: http://www.php.net/manual/en/install.unix.php it has 2 examples, 4-1 and 4-2. Little confused with what shared and static modules are and which 1 pertains to me. I was wanting to get php running to allow base to show results of snort logging in mysql. Snort/Mysql/Base etc are installed fine, just php is the last hurdle. Again, sorry. Cheers. When you installed php, did you install it the same time as Apache (--with-apache=../apache-1.3.x) or was Apache already installed (--with-apxs=/path/to/apxs)? Hi All, okay, I need to ask this "dumb"(?) question. What is the difference between httpd, already installed and Apache..? I thought they were the same. If they are, and I'm using the default version, from install, I just add those lines to the .conf file, yes..? Again, I do truly apologize for what may seem mundane questions. Cheers. Mark Sargent. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Simple Licensing System
Hi Richard, And how do I generate this, and how would I check it?!?! Thanks, Bruno B B Magalhaes On Apr 8, 2005, at 11:48 PM, Richard Lynch wrote: On Fri, April 8, 2005 1:06 pm, Bruno B B Magalhães said: I need a help with a licensing system, I want something very simple, for example a simple var store into the configuration file, and witch is sent to a server called licenses.hostname.com.br, and this one returns true or false... I don't wanna use SOAP or XML. Does any body have a simple idea for it? Best Regards, Bruno B B Magalhaes Generate an SSH key-pair. Give them the public key, or use that to "sign" their license. Then you can just test that it's signed. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Viewing a specific item within a php web-page?
I have a document entitled: articles.php Within this document, I want to store various written articles which are headed by a string value - example: $post_040905 = "text for April 9th 2005"; print($post_040905); $post_041005 = "article for April 10th 2005"; print($post_041005); How can I view a specific string's text via the browser? I thought I could use domain.com/articles.php?post_040905 and only the content written for that post would be shown. However, all of the posts are shown. I just began reading about PHP from limited tutorials so I am at a loss as to how I can accomplish this. I would appreciate all assistance in this matter. Best Regards, Carlos
Re: [PHP] Variable Passing
* Jordi Canals <[EMAIL PROTECTED]>:
> What I do to control it only by PHP without using the mod_rewrite for
> apache is to use URL with this format:
>
> http://sample.com/script.php/param1/param2/param3
>
> Then, work in the script looking at the variable
> $_SERVER['REQUEST_URI'] wich will contain, in this sample:
> /script.php/param1/param2/param3
>
> You can explode the uri in an array:
>
> $params = explode('/', substr($_SERVER['REQUEST_URI'], 1);
> I used the substr dunction to remove the first slash.
>
> On the resulting array you will have, by index
>
> [0] = script.php
> [1] = param1
> [2] = param2
> [3] = param3
>
> This works with Apache. I've not tested it on IIS, but suspect that it
> will not work on ISS.
I noted in a previous post, you can also do this using
$_SERVER['PATH_INFO'] (though the first element from exploding will be
the first parameter, and not the script name) -- and, to my
understanding, this *does* work with IIS. (Somebody, correct me if I'm
wrong.)
Another note -- you can still pass a query string with either method --
which can make for some nice behaviour as well.
> On Apr 8, 2005 4:11 PM, Brad Brevet <[EMAIL PROTECTED]> wrote:
> > Hi, I am curious how to pass a variable without using something like id=321.
> >
> > I have seen sites that have something like
> > http://www.website.com/something/321 and the variable is passed how exactly
> > is that done? And is it called something specific so I know how to refer to
> > it in the future?
--
Matthew Weier O'Phinney | WEBSITES:
Webmaster and IT Specialist | http://www.garden.org
National Gardening Association| http://www.kidsgardening.com
802-863-5251 x156 | http://nationalgardenmonth.org
mailto:[EMAIL PROTECTED] | http://vermontbotanical.org
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Storing password in cookie
On Sat, 09 Apr 2005 14:51:49 -0400 [EMAIL PROTECTED] wrote: > A digression to a related issue (where I did take the conservative > approach): A system I'm working on now was originally set up with > password hashes in the database -- the PW itself was never stored. But > the client wanted an "email me my password" feature so we had to > encrypt and store the PW. Of course if someone had access to the > database they'd get a lot of other stuff probably more useful than PWs > so I don't worry about this too much. But I would rather have used the > hash. You could've changed the password for them to something random, mail it to them and keep the hash in the database. -- Skippy - Romanian Web Developers - http://ROWD.ORG -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Variable Passing
What I do to control it only by PHP without using the mod_rewrite for
apache is to use URL with this format:
http://sample.com/script.php/param1/param2/param3
Then, work in the script looking at the variable
$_SERVER['REQUEST_URI'] wich will contain, in this sample:
/script.php/param1/param2/param3
You can explode the uri in an array:
$params = explode('/', substr($_SERVER['REQUEST_URI'], 1);
I used the substr dunction to remove the first slash.
On the resulting array you will have, by index
[0] = script.php
[1] = param1
[2] = param2
[3] = param3
This works with Apache. I've not tested it on IIS, but suspect that it
will not work on ISS.
Hope this helps you.
Jordi.
On Apr 8, 2005 4:11 PM, Brad Brevet <[EMAIL PROTECTED]> wrote:
> Hi, I am curious how to pass a variable without using something like id=321.
>
> I have seen sites that have something like
> http://www.website.com/something/321 and the variable is passed how exactly
> is that done? And is it called something specific so I know how to refer to
> it in the future?
>
> Thanks,
>
> Brad
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Storing password in cookie
[EMAIL PROTECTED] wrote: On 9 Apr 2005 John Nichel wrote: While it is not absolute that you can't store passwords in a cookie, it is an absolute that you _shouldn't_ Sorry, I don't agree. There are very few absolute rules in software development. This isn't a rule. It's common sense. The less a password is sent thru cyberspace, the smaller the risk is to it being compromised. The fewer places it's stored, the smaller the risk. For sites accessing sensitive information or that allow spending money, I would not store anything in a cookie that permitted a login. However, for something like a web-based discussion board where I don't really care if a person who sits at my computer or a thief who robs my house gets access, I think it is not a big deal. I might, depending on the needs, store a hash code as others have suggested, or an encrypted version of the password, with user permission of course. What's the difference? How many users out there do you think use the same password for the chat room as they do for their bank? Remember AOL has millions of users. There is almost always a tradeoff between convenience and risk. Sometimes convenience is far more important. Often risk is. True, but here, there's almost no trade off in convenience. The difference in amount of code to store a token in the cookie as compared to the password is almost non-existent. -- By-Tor.com ...it's all about the Rush http://www.by-tor.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] [PHP-INSTALL] Install Problems on Fedora 3
Mark Sargent wrote: http://www.php.net/manual/en/install.unix.php it has 2 examples, 4-1 and 4-2. Little confused with what shared and static modules are and which 1 pertains to me. I was wanting to get php running to allow base to show results of snort logging in mysql. Snort/Mysql/Base etc are installed fine, just php is the last hurdle. Again, sorry. Cheers. When you installed php, did you install it the same time as Apache (--with-apache=../apache-1.3.x) or was Apache already installed (--with-apxs=/path/to/apxs)? -- By-Tor.com ...it's all about the Rush http://www.by-tor.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How can i do refresh my web since java script?
Tomás Rodriguez Orta wrote:
Re: [PHP] Re: Why is it possible to assign data to _not_declared_ vars in a class (PHP 5.0.3)?
* Hanez <[EMAIL PROTECTED]>: > On Friday 08 April 2005 20:22, Matthew Weier O'Phinney wrote: > > * Johannes Findeisen <[EMAIL PROTECTED]>: > > > If i understand right, all variables should be declared in PHP5. So > > > why is it possible to add a membervariable called "c" to the object > > > without making a declaration? I got no error with this. I thought > > > E_STRICT should show me things like that. Could someone explain me > > > that? > > > > You don't understand correctly. Class properties/attributes do not need > > to be explicitly declared in PHP. This did *not* change in PHP5. What > > changed in PHP5 is visibility. By default, unless declared otherwise, a > > class attribute is publicly visible -- the same behaviour seen in PHP4. > > Okay, allright. I missunderstood that. But wouldn't it be nice to see things > like this in the error log when E_STRICT is activated. I know some > programming languages and i ever have dreamed about some features like this > in PHP5 and the main thing i was dreaming about was strict declaration. Now > since PHP5 i have thought about programming PHP again because of features > which would help me debugging my code. And this is not implemented perfectly. E_STRICT doesn't catch it because it's not considered bad behaviour; this is perfectly legal behaviour according to the PHP parser. PHP doesn't have the same scoping issues as, say, Perl. Variables in PHP do *not* need to be pre-declared (though testing for a value on an undeclared variable, be it in a class or otherwise, *will* generate an E_NOTICE). This is a *difference* in PHP from other languages, and likely exists for a reason. If you want to know why it exists that way, or feel it should be changed, you should probably go over to the php-dev list. -- Matthew Weier O'Phinney | WEBSITES: Webmaster and IT Specialist | http://www.garden.org National Gardening Association| http://www.kidsgardening.com 802-863-5251 x156 | http://nationalgardenmonth.org mailto:[EMAIL PROTECTED] | http://vermontbotanical.org -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Variable Passing
* Brad Brevet <[EMAIL PROTECTED]>:
> This seems to be what I was looking for, but I am curious, will the "/" be
> included in the variable? Will I have to do a stripslashes() command on it?
If you echo out $_SERVER['PATH_INFO'] for the URL shown below, it will
give you:
/321
Usually what you do is something like:
$pi = substr($_SERVER['PATH_INFO', 1);
$args = explode('/', $pi);
and then you'll have an array of arguments without the forward slashes.
If you're only expecting a single argument, you can possibly skip that
second step; if you want to limit the number of arguments you'll accept,
you can add a third parameter to the explode() function call.
You should still treat data passed in this way as tainted, just like
data from the query string or a form. Scrub it and validate it before
doing anything with it.
Note: to get a script called 'something' to be parsed as PHP on your
server, you'll need to do the following (assuming you're using Apache):
create a .htaccess file in that directory with the contents:
ForceType application/x-httpd-php
This will tell Apache that the file is a PHP script.
> "Hans Juergen von Lengerke" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]
> > > Brad Brevet:
> > >
> > > Hi, I am curious how to pass a variable without using something like
> > > id=321.
> > >
> > > I have seen sites that have something like
> > > http://www.website.com/something/321 and the variable is passed
> > > how exactly is that done? And is it called something specific so I
> > > know how to refer to it in the future?
> >
> > You can do that with $_SERVER["PATH_INFO"]. If your script
> > is /something, this variable will be set to /321
--
Matthew Weier O'Phinney | WEBSITES:
Webmaster and IT Specialist | http://www.garden.org
National Gardening Association| http://www.kidsgardening.com
802-863-5251 x156 | http://nationalgardenmonth.org
mailto:[EMAIL PROTECTED] | http://vermontbotanical.org
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Storing password in cookie
On 9 Apr 2005 Ryan A wrote: > This certainly has turned out to be an interesting discussion.I > usually send the info via sessions...how bad is that? Well if you are using sessions it is worth thinking about session security, for example: http://shiflett.org/articles/the-truth-about-sessions http://www.acros.si/papers/session_fixation.pdf Beyond that -- what info are you sending?? Session data is stored on the server, not at the client, so the security is as good as for anything else on the server (assuming of course that session data is outside the web document tree). Personally there is little if any data that I would encrypt when saving it as session data (maybe CC numbers, if I had to save them across pages at all, or maybe passwords, but nothing else), because I think that's a weak defense. If access to your session data means they have gained access to the server then they can also find the code you use to decrypt that session data, so it is just one more small obstacle, not a true defense. Another point is that this might require a different analysis on a shared vs. dedicated server as a shared server may well be less secure than a dedicated server, and a dedicated server you don't physically control (e.g. colocated) may be less secure than one you do. -- Tom -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Storing password in cookie
On 9 Apr 2005 Jason Wong wrote: > > I might, depending on > > the needs, store a hash code as others have suggested > > Why not in *all* cases? Well, just because I'm not sure it is worth the effort. What is the point of storing a hash code as a proxy (in the colloquial sense of the word) for an encrypted password if knowing the hash code gets you the same access as knowing the password? True, the hash code can have a timeout -- but so can the cookie. For places where the point of the PW is authentication only, and not control of access to significant resources, I'm not sure there is any benefit to complicating things. > I can't see where the convenience lies. For you as a developer, you've > already got the necessary code to do the token thing so there is > practically no difference whether you use a token or a password. For the > user, what are they going to do with an encrypted password -- are you > going to tell them how to decrypt in the case that they have forgotten > the password? A fair comment. I guess it is more just about keeping things simple where appropriate. Just as an FYI, I'm partly playing devil's advocate here. I've never written anything that stored the encrypted PW in a cookie (though I have stored encrypted user IDs that way for a "remember me" feature). I'm just reacting to the sense that there is One True Way to handle this issue. In software development there are most often many good options. A digression to a related issue (where I did take the conservative approach): A system I'm working on now was originally set up with password hashes in the database -- the PW itself was never stored. But the client wanted an "email me my password" feature so we had to encrypt and store the PW. Of course if someone had access to the database they'd get a lot of other stuff probably more useful than PWs so I don't worry about this too much. But I would rather have used the hash. -- Tom -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Alternate to timediff() (might be slightly 0T)
Hmmm. we have a new sql guru on the list eh? welcome master... :-) Thanks mate. -Ryan On 4/9/2005 8:18:10 PM, Greg Donald ([EMAIL PROTECTED]) wrote: > On Apr 9, 2005 1:09 PM, Ryan A <[EMAIL PROTECTED]> wrote: > > > So how can I compare 2 timedates which are: > > > > > > now() and now() + 5 mins > > > > > > to see if I get a positive or negitive value? > > > > mysql> select NOW() > DATE_ADD( NOW(), INTERVAL 5 MINUTE ); > > +--+ > > | NOW() > DATE_ADD( NOW(), INTERVAL 5 MINUTE ) | > > +--+ > > |0 | > > +--+ > > 1 row in set (0.01 sec) > > > > mysql> select NOW() < DATE_ADD( NOW(), INTERVAL 5 MINUTE ); > > +--+ > > | NOW() < DATE_ADD( NOW(), INTERVAL 5 MINUTE ) | > > +--+ > > |1 | > > +--+ > > 1 row in set (0.00 sec) > > > > > > -- > > Greg Donald -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.308 / Virus Database: 266.9.5 - Release Date: 4/7/2005 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Alternate to timediff() (might be slightly 0T)
On Apr 9, 2005 1:09 PM, Ryan A <[EMAIL PROTECTED]> wrote: > So how can I compare 2 timedates which are: > > now() and now() + 5 mins > > to see if I get a positive or negitive value? mysql> select NOW() > DATE_ADD( NOW(), INTERVAL 5 MINUTE ); +--+ | NOW() > DATE_ADD( NOW(), INTERVAL 5 MINUTE ) | +--+ |0 | +--+ 1 row in set (0.01 sec) mysql> select NOW() < DATE_ADD( NOW(), INTERVAL 5 MINUTE ); +--+ | NOW() < DATE_ADD( NOW(), INTERVAL 5 MINUTE ) | +--+ |1 | +--+ 1 row in set (0.00 sec) -- Greg Donald Zend Certified Engineer http://destiney.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Alternate to timediff() (might be slightly 0T)
Hey, Reading the time and date functions of MySql I see that to compare my two timedates I would need to go with TIMEDIFF, but theres a "note" there that states: TIMEDIFF() was added in MySQL 4.1.1. and our host is running 4.0 and another 3.23.x So how can I compare 2 timedates which are: now() and now() + 5 mins to see if I get a positive or negitive value? Thanks, Ryan -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.308 / Virus Database: 266.9.5 - Release Date: 4/7/2005 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Date time simplicity gotten out of hand
On 4/9/2005 7:28:34 PM, Greg Donald ([EMAIL PROTECTED]) wrote: > On Apr 9, 2005 12:35 PM, Ryan A <[EMAIL PROTECTED]> wrote: > > > Hey, > > > I thought this would be simple and just a few mins of programming but > along > > > the way...i have managed to confuse myself ;-D > > > > > > I have 2 field in my table users_online: > > > present_date_time datetime > > > expires_in datetime > > > > > > for present_date_time I am using now() to insert > > > but for expires_in I need to have it now()+5 mins > > > > > > I was screwing around with now()+ X > > > but thats getting me some weird results if its the end of the hour or > day... > > > > mysql> select NOW(), DATE_ADD( NOW(), INTERVAL 5 MINUTE ); > > +-+--+ > > | NOW() | DATE_ADD( NOW(), INTERVAL 5 MINUTE ) | > > +-+--+ > > | 2005-04-09 12:27:36 | 2005-04-09 12:32:36 | > > +-+--+ > > 1 row in set (0.00 sec) F**K! If every you see me on the roadjust give a kick. WTF was I thinkingI went all around the monkeys butt trying to do this in another way instead of simple SQL. Thanks dude, Ryan -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.308 / Virus Database: 266.9.5 - Release Date: 4/7/2005 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Date time simplicity gotten out of hand
On Apr 9, 2005 12:35 PM, Ryan A <[EMAIL PROTECTED]> wrote: > Hey, > I thought this would be simple and just a few mins of programming but along > the way...i have managed to confuse myself ;-D > > I have 2 field in my table users_online: > present_date_time datetime > expires_in datetime > > for present_date_time I am using now() to insert > but for expires_in I need to have it now()+5 mins > > I was screwing around with now()+ X > but thats getting me some weird results if its the end of the hour or day... mysql> select NOW(), DATE_ADD( NOW(), INTERVAL 5 MINUTE ); +-+--+ | NOW() | DATE_ADD( NOW(), INTERVAL 5 MINUTE ) | +-+--+ | 2005-04-09 12:27:36 | 2005-04-09 12:32:36 | +-+--+ 1 row in set (0.00 sec) -- Greg Donald Zend Certified Engineer http://destiney.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Date time simplicity gotten out of hand
Hey, I thought this would be simple and just a few mins of programming but along the way...i have managed to confuse myself ;-D I have 2 field in my table users_online: present_date_time datetime expires_in datetime for present_date_time I am using now() to insert but for expires_in I need to have it now()+5 mins I was screwing around with now()+ X but thats getting me some weird results if its the end of the hour or day... Please help. Thanks, Ryan -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.308 / Virus Database: 266.9.5 - Release Date: 4/7/2005 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Installation Warning?
[EMAIL PROTECTED] wrote: So it seems that Apache's multi-threading is the issue. So IIS is the way to go then or Apache 1.x eh? The trouble with going the Apache 1.x route is that I've been having trouble downgrading from 2.x to 1.x... Well someday I'll find a use for Linux...The check is in the mail, Mr. Gates. humbug! php5 works fine with apache2, just make sure you use a nonthreaded module. the 'prefork' module to be more precise...needs an OS though... which is where you might find a use for Linux :-) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session gets corrupted (or lost)
What does your class definition look like, and when you you declare it? Maybe your class isn't defined when you do the session_start() ? Chris Binomic | Marcelo wrote: Hi, I´ve made a simple site with a loguin, that in my machine works perfectly, but not on the server. The problem seems to be on the session handling. I don´t loose the SID, but the session gets corrupted. If I do a print_r($_SESSION), after the loguin i get the correct vars, but after i click on a link, while the session ID is still the same (i pass it both in the URL and using cookies) the print_r returns something like the following: __PHP_Incomplete_Class Object ( [__PHP_Incomplete_Class_Name] => user [ID] => 30 [nick] => This are the steps after the loguin: 1) First page that shows: http://www.site.com/index.php?b44590661eba2475ea2ff8a96d53c0b6§ion=userarea print_r($_COOKIE) Array ( [PHPSESSID] => b44590661eba2475ea2ff8a96d53c0b6 ) print_r($_SESSION) Array ( [LANG] => en [user] => Username [pass] => 37bfafe651a55eef [group] => 5 ) I click on the following link: http://www.site.com/index.php?b44590661eba2475ea2ff8a96d53c0b6§ion=userarea&subsection=deletefile&id=33 2) And this page displays: http://www.site.com/index.php?b44590661eba2475ea2ff8a96d53c0b6§ion=userarea&subsection=deletefile&id=33 print_r($_COOKIE) Array ( [PHPSESSID] => b44590661eba2475ea2ff8a96d53c0b6 ) print_r($_SESSION) Array ( [LANG] => en [user] => __PHP_Incomplete_Class Object ( [__PHP_Incomplete_Class_Name] => user [ID] => 30 [nick] => Username [password] => 37bfafe651a55eef [group] => 5 ) Any idea? Regards, -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Including class of Exception in exception message
On ÑÐÐ, 2005-04-09 at 11:27 -0400, C Drozdowski wrote: > where CODE is some php code that refers to the class of the exception > being thrown. Take a look at magic constants [ http://www.php.net/manual/en/language.constants.predefined.php ]. Hope this helps, Josip Dzolonga http://josip.dotgeek.org -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Session gets corrupted (or lost)
Hi, IÂve made a simple site with a loguin, that in my machine works perfectly, but not on the server. The problem seems to be on the session handling. I donÂt loose the SID, but the session gets corrupted. If I do a print_r($_SESSION), after the loguin i get the correct vars, but after i click on a link, while the session ID is still the same (i pass it both in the URL and using cookies) the print_r returns something like the following: __PHP_Incomplete_Class Object ( [__PHP_Incomplete_Class_Name] => user [ID] => 30 [nick] => This are the steps after the loguin: 1) First page that shows: http://www.site.com/index.php?b44590661eba2475ea2ff8a96d53c0b6§ion=userarea print_r($_COOKIE) Array ( [PHPSESSID] => b44590661eba2475ea2ff8a96d53c0b6 ) print_r($_SESSION) Array ( [LANG] => en [user] => Username [pass] => 37bfafe651a55eef [group] => 5 ) I click on the following link: http://www.site.com/ index.php?b44590661eba2475ea2ff8a96d53c0b6§ion=userarea&subsection=deletefile&id=33 2) And this page displays: http://www.site.com/index.php?b44590661eba2475ea2ff8a96d53c0b6§ion=userarea&subsection=deletefile&id=33 print_r($_COOKIE) Array ( [PHPSESSID] => b44590661eba2475ea2ff8a96d53c0b6 ) print_r($_SESSION) Array ( [LANG] => en [user] => __PHP_Incomplete_Class Object ( [__PHP_Incomplete_Class_Name] => user [ID] => 30 [nick] => Username [password] => 37bfafe651a55eef [group] => 5 ) Any idea? Regards, -- Marcelo Volmaro -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Session gets corrupted (or lost)
Hi, I´ve made a simple site with a loguin, that in my machine works perfectly, but not on the server. The problem seems to be on the session handling. I don´t loose the SID, but the session gets corrupted. If I do a print_r($_SESSION), after the loguin i get the correct vars, but after i click on a link, while the session ID is still the same (i pass it both in the URL and using cookies) the print_r returns something like the following: __PHP_Incomplete_Class Object ( [__PHP_Incomplete_Class_Name] => user [ID] => 30 [nick] => This are the steps after the loguin: 1) First page that shows: http://www.site.com/index.php?b44590661eba2475ea2ff8a96d53c0b6§ion=userarea print_r($_COOKIE) Array ( [PHPSESSID] => b44590661eba2475ea2ff8a96d53c0b6 ) print_r($_SESSION) Array ( [LANG] => en [user] => Username [pass] => 37bfafe651a55eef [group] => 5 ) I click on the following link: http://www.site.com/index.php?b44590661eba2475ea2ff8a96d53c0b6§ion=userarea&subsection=deletefile&id=33 2) And this page displays: http://www.site.com/index.php?b44590661eba2475ea2ff8a96d53c0b6§ion=userarea&subsection=deletefile&id=33 print_r($_COOKIE) Array ( [PHPSESSID] => b44590661eba2475ea2ff8a96d53c0b6 ) print_r($_SESSION) Array ( [LANG] => en [user] => __PHP_Incomplete_Class Object ( [__PHP_Incomplete_Class_Name] => user [ID] => 30 [nick] => Username [password] => 37bfafe651a55eef [group] => 5 ) Any idea? Regards, -- Marcelo Volmaro - CTO __ Binomic - Desarrollos Inteligentes Córdoba 1253, p 10, of. 4 y 5 cp: S2000AWQ, rosario, ar tel: ++ 54 [341] 440 7863 http://www.binomic.net -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Including class of Exception in exception message
> I'm using Exceptions and variously handling them in
> try..catch blocks or defaulting to my set_exception_handler handler.
> When I create an Exception I'd like to prepend the class of
> the Exception to the message. Can this be done with code or
> do I have to hard code the name of the Exception class into
> the message every time I throw the exception?
>
> For Example:
>
> I'd like to turn this...
>
> throw new myException("myException: So this is it, we're
> going to die");
>
> into...
>
> throw new myException( CODE . ": So this is it, we're going to die");
>
> where CODE is some php code that refers to the class of the
> exception being thrown.
>
Subclass exception, and do it in there?
class myException extends Exception
{
function __construct($message) {
parent::__construct(get_class($this).$message); }
}
class AnotherException extends myException
{
}
Jared
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Including class of Exception in exception message
I'm using Exceptions and variously handling them in try..catch blocks
or defaulting to my set_exception_handler handler.
When I create an Exception I'd like to prepend the class of the
Exception to the message. Can this be done with code or do I have to
hard code the name of the Exception class into the message every time I
throw the exception?
For Example:
I'd like to turn this...
throw new myException("myException: So this is it, we're going to die");
into...
throw new myException( CODE . ": So this is it, we're going to die");
where CODE is some php code that refers to the class of the exception
being thrown.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Storing password in cookie
On 4/9/2005 3:33:50 PM, [EMAIL PROTECTED] wrote: > On 9 Apr 2005 John Nichel wrote: > > > > > While it is not absolute that you > can't store passwords in a cookie, it > > is an absolute that you _shouldn't_ > > > > Sorry, I > don't agree. There are very few absolute rules in software > development. > > For sites accessing sensitive information or that allow spending money, > I would not store anything in a cookie that permitted a login. > > However, for something like a web-based discussion board where I don't > > > really care if a person who sits at my computer or a thief who robs my > > house gets access, I think it is not a big deal. I might, depending on > > the needs, store a hash code as others have suggested, or an encrypted > > version of the password, with user permission of course. > > > > There is almost always a tradeoff between convenience and risk. > > Sometimes convenience is far more important. Often risk is. > > > > > This certainly has turned out to be an interesting discussion.I usually send the info via sessions...how bad is that? Thanks, Ryan -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.308 / Virus Database: 266.9.5 - Release Date: 4/7/2005 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] sessions not being stored : DAY 2
but then what could be causing that the sessions are not being stored in /tmp/sess ? --- On Sat 04/09, Burhan Khalid < [EMAIL PROTECTED] > wrote: From: Burhan Khalid [mailto: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: php-general@lists.php.net Date: Sat, 09 Apr 2005 14:13:53 +0300 Subject: Re: [PHP] sessions not being stored : DAY 2 Yuri Huitrón Alvarado wrote:> > > running whoami in php returns : " root "Are you saying that you typed 'whoami' from a shell, and it gave you root.Or are you saying that when you did you got 'root'. If this is the case, then you are running a big security risk if your PHP scripts are executing with root permissions. ___ Join Excite! - http://www.excite.com The most personalized portal on the Web! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Storing password in cookie
On ÑÐÐ, 2005-04-09 at 22:56 +0800, Jason Wong wrote: > > Sorry, I don't agree. There are very few absolute rules in software > > development. > > But in this case there really is no reason *why* you need to store a > password (encrypted or otherwise). IMO storing the password hash (md5,sha1, whatever:)) in a Cookie is not smart. Some of the browsers (read IE) have some security holes so getting the value of the cookie won't be a really hard job (this can be dine with cross site scripting and DNS hacking too). When the attackers have the hash of the password, in most of the cases they're brute forcing , so if the user has an easy-to-guess password, it _can_ be revelead (brute-forcing numbers, dictionary words). I don't get the point, _why_ to store a password hash on the client-side as a cookie, when you can do it on the server-side. Josip Dzolonga, http://josip.dotgeek.org -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Storing password in cookie
On Saturday 09 April 2005 21:33, [EMAIL PROTECTED] wrote: > On 9 Apr 2005 John Nichel wrote: > > While it is not absolute that you can't store passwords in a cookie, > > it is an absolute that you _shouldn't_ > > Sorry, I don't agree. There are very few absolute rules in software > development. But in this case there really is no reason *why* you need to store a password (encrypted or otherwise). > I might, depending on > the needs, store a hash code as others have suggested Why not in *all* cases? > Sometimes convenience is far more important. Often risk is. I can't see where the convenience lies. For you as a developer, you've already got the necessary code to do the token thing so there is practically no difference whether you use a token or a password. For the user, what are they going to do with an encrypted password -- are you going to tell them how to decrypt in the case that they have forgotten the password? -- Jason Wong -> Gremlins Associates -> www.gremlins.biz Open Source Software Systems Integrators * Web Design & Hosting * Internet & Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general -- New Year Resolution: Ignore top posted posts -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] [PHP-INSTALL] Install Problems on Fedora 3
On Saturday 09 April 2005 21:27, Mark Sargent wrote: > >> I did a source install, of which I'm a newb at, and then created a > >> index.php file containing the following, > >> > >> >> phpinfo(); ?> > >> > >> but, that shows in the browser, Firefox, when typing > > > > > > > > You need to tell Apache how to handle php files. > sorry guys, quite new to all this. On this page, > > http://www.php.net/manual/en/install.unix.php > > it has 2 examples, > > 4-1 and 4-2. Little confused with what shared and static modules are > and which 1 pertains to me. I was wanting to get php running to allow > base to show results of snort logging in mysql. Snort/Mysql/Base etc > are installed fine, just php is the last hurdle. Again, sorry. Cheers. OK you said you had already installed it, so which did you follow 4-1 or 4-2? 4-1 (shared modules) compiles PHP as an Apache module, this means that when Apache needs to process a page that contains PHP it will have to load in the PHP module (this is all done automatically), however you need to tell it what PHP files look like and what the PHP module is. This is done in steps 14 & 15. 4-2 (static) means that PHP will be compiled into the Apache executable however you still need to tell it what PHP files look like (step 15). -- Jason Wong -> Gremlins Associates -> www.gremlins.biz Open Source Software Systems Integrators * Web Design & Hosting * Internet & Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general -- New Year Resolution: Ignore top posted posts -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Storing password in cookie
On 9 Apr 2005 John Nichel wrote: > While it is not absolute that you can't store passwords in a cookie, it > is an absolute that you _shouldn't_ Sorry, I don't agree. There are very few absolute rules in software development. For sites accessing sensitive information or that allow spending money, I would not store anything in a cookie that permitted a login. However, for something like a web-based discussion board where I don't really care if a person who sits at my computer or a thief who robs my house gets access, I think it is not a big deal. I might, depending on the needs, store a hash code as others have suggested, or an encrypted version of the password, with user permission of course. There is almost always a tradeoff between convenience and risk. Sometimes convenience is far more important. Often risk is. -- Tom -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] [PHP-INSTALL] Install Problems on Fedora 3
John Nichel wrote: Mark Sargent wrote: Hi All, I did a source install, of which I'm a newb at, and then created a index.php file containing the following, but, that shows in the browser, Firefox, when typing You need to tell Apache how to handle php files. Hi All, sorry guys, quite new to all this. On this page, http://www.php.net/manual/en/install.unix.php it has 2 examples, 4-1 and 4-2. Little confused with what shared and static modules are and which 1 pertains to me. I was wanting to get php running to allow base to show results of snort logging in mysql. Snort/Mysql/Base etc are installed fine, just php is the last hurdle. Again, sorry. Cheers. P.S. Ah, sorry, John, think I emailed you this post directly, unintentionally Mark Sargent. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] [PHP-INSTALL] Install Problems on Fedora 3
Mark Sargent wrote: Hi All, I did a source install, of which I'm a newb at, and then created a index.php file containing the following, but, that shows in the browser, Firefox, when typing You need to tell Apache how to handle php files. -- By-Tor.com ...it's all about the Rush http://www.by-tor.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Storing password in cookie
[EMAIL PROTECTED] wrote: A couple of people have stated this but I think it is incorrect. For one thing the users themselves are very likely to store the password there, so why shouldn't you -- with permission of course? If the user wants to circumvent security measures by storing passwords, that's their option, but it's the programmer's obligation to keep his/her app as secure as possible. Many sites will do this with a "remember my password and log me in automatically" feature. Web-based discussion boards, for example, do this routinely and the only security risk is that someone who got access to your computer might get access to your account on the board. As long as the discussion topics are not sensitive I suspect most people using private computers would judge this to be an acceptable risk. On the other hand I would never do it (or allow a site to do it) for a site where my email account could be accessed, or money could be charged. But others might feel their computer is secure enough that they are willing to take even those risks. While 'remember me' is a popular option, it doesn't mean that the site is storing your password in a cookie. In applications I create, the password never 'leaves the database'. When the user submits their login, I'll check the password against what is in the db (after doing various encrypt methods on it), and that's as far as it goes. If the login is successful, and the user has a 'remember me' option, I'll create a unique hash based on a combination of things (like username, ip, time, random words, etc.), and store that hash in in a temporay table (as well as in the cookie). When the user comes back, I'll check that hash, and if successful I'll delete it, and generate a new one for next visit. And even this type of 'login' may not give the user full access to their account, as I may ask for the password again if they want to update some items. Like many such questions, to me this is not something that should be subject to absolutes but to considered judgment, some on the part of the developer and some on the part of the user. While it is not absolute that you can't store passwords in a cookie, it is an absolute that you _shouldn't_ -- By-Tor.com ...it's all about the Rush http://www.by-tor.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] [PHP-INSTALL] Install Problems on Fedora 3
On Saturday 09 April 2005 20:17, Mark Sargent wrote: > I did a source install, of which I'm a newb at, and then created a > index.php file containing the following, > > phpinfo(); ?> > > > > but, that shows in the browser, Firefox, when typing > localhost/index.php. I've confirmed that httpd is running, and > generates pages as I got the Apache welcome page b4 creating the > index.php page. I'm swaying towards that I may have compiled the source > wrongly, like leaving something out. Happy to post whatever is needed > to help you help me here. Cheers. You seem to have missed out some important steps ie editing httpd.conf so that it knows about PHP. RTFM for details. -- Jason Wong -> Gremlins Associates -> www.gremlins.biz Open Source Software Systems Integrators * Web Design & Hosting * Internet & Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general -- New Year Resolution: Ignore top posted posts -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] [PHP-INSTALL] Install Problems on Fedora 3
Hi All, I did a source install, of which I'm a newb at, and then created a index.php file containing the following, but, that shows in the browser, Firefox, when typing localhost/index.php. I've confirmed that httpd is running, and generates pages as I got the Apache welcome page b4 creating the index.php page. I'm swaying towards that I may have compiled the source wrongly, like leaving something out. Happy to post whatever is needed to help you help me here. Cheers. Mark Sargent. [EMAIL PROTECTED] php-5.0.3]# ./configure --with-mysql=/usr/local/mysql too much to post. [EMAIL PROTECTED] php-5.0.3]# make install Installing PHP SAPI module: cgi Installing PHP CGI into: /usr/local/bin/ Installing PEAR environment: /usr/local/lib/php/ [PEAR] Archive_Tar- installed: 1.1 [PEAR] Console_Getopt - installed: 1.2 [PEAR] PEAR - installed: 1.3.3 Wrote PEAR system config file at: /usr/local/etc/pear.conf You may want to add: /usr/local/lib/php to your php.ini include_path [PEAR] XML_RPC- installed: 1.1.0 Installing build environment: /usr/local/lib/php/build/ Installing header files: /usr/local/include/php/ Installing helper programs: /usr/local/bin/ program: phpize program: php-config program: phpextdist [EMAIL PROTECTED] php-5.0.3]# service httpd restart Stopping httpd:[ OK ] Starting httpd:[ OK ] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Need libmcrypt.dll for Windows PHP 4.3.9
Got it. Thanks. "Computer Programmer" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Go to http://ftp.emini.dk/pub/php/win32/mcrypt/ > > On Apr 9, 2005 2:05 PM, HarryG <[EMAIL PROTECTED]> wrote: > > Need libmcrypt.dll for Windows PHP 4.3.9. Can anyone send it to me? > > > > Thanks > > > > HarryG -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Problem with ob_get_contents()
Hello, I've posted a miniature version of my code here to explain my problem. This simply does not work the way it should. i.e ob_get_contents doen't return any string and the buffer just gets flushed by itself at termination. Though the PHP manual says it is not possible to retrieve the contents of any output buffers using ob_get_contents() with PHP < 4.0.6. But I am using PHP 5. x.x Thanks in advance for any help. Prathap -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Storing password in cookie
Thanks for all of your reply. :) Just like what trlists said, I'd like to create an auto-login at least with a maximum of 30 days. Users will have the option to choose whether to logout and/or prompt for their password for the next 1 hour, 4 hours, etc. just like what Yahoo! is doing. What is the difference between what Richard Lynch has suggested (using sessions) and the one suggested by Andy (using table links)? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Storing password in cookie
On Saturday 09 April 2005 19:29, [EMAIL PROTECTED] wrote: > On 9 Apr 2005 Andy Pieters wrote: > > It doesn't matter how you encrypt it. > > > > DO NOT STORE PASSWORDS ON USERS COMPUTER > > > > I hope that's clear enough. > > A couple of people have stated this but I think it is incorrect. For > one thing the users themselves are very likely to store the password > there, so why shouldn't you -- with permission of course? Because you should know better than the user! > Many sites will do this with a "remember my password and log me in > automatically" feature. It doesn't necessarily mean that it will literally store your password in a cookie, it could just be storing a token. With a token, your website could impose expiry dates on them or invalidate them (and possibly issue a new one) whenever the user performs a full password login etc. Thus if a bad person gets hold of your token it'll probably mean that they'll only have access to that account for a limited period of time (depending on what security measures your website employs). However if you had stored the actual password and some bad person got hold of it then there is no reasonable way for your website to distinguish the bad person using the password to gain access from the legitimate user. -- Jason Wong -> Gremlins Associates -> www.gremlins.biz Open Source Software Systems Integrators * Web Design & Hosting * Internet & Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general -- New Year Resolution: Ignore top posted posts -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Need libmcrypt.dll for Windows PHP 4.3.9
Go to http://ftp.emini.dk/pub/php/win32/mcrypt/ On Apr 9, 2005 2:05 PM, HarryG <[EMAIL PROTECTED]> wrote: > Need libmcrypt.dll for Windows PHP 4.3.9. Can anyone send it to me? > > Thanks > > HarryG -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Storing password in cookie
On 9 Apr 2005 Andy Pieters wrote: > It doesn't matter how you encrypt it. > > DO NOT STORE PASSWORDS ON USERS COMPUTER > > I hope that's clear enough. A couple of people have stated this but I think it is incorrect. For one thing the users themselves are very likely to store the password there, so why shouldn't you -- with permission of course? Many sites will do this with a "remember my password and log me in automatically" feature. Web-based discussion boards, for example, do this routinely and the only security risk is that someone who got access to your computer might get access to your account on the board. As long as the discussion topics are not sensitive I suspect most people using private computers would judge this to be an acceptable risk. On the other hand I would never do it (or allow a site to do it) for a site where my email account could be accessed, or money could be charged. But others might feel their computer is secure enough that they are willing to take even those risks. Like many such questions, to me this is not something that should be subject to absolutes but to considered judgment, some on the part of the developer and some on the part of the user. -- Tom -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] sessions not being stored : DAY 2
Yuri Huitrón Alvarado wrote: running whoami in php returns : " root " Are you saying that you typed 'whoami' from a shell, and it gave you root. Or are you saying that when you did you got 'root'. If this is the case, then you are running a big security risk if your PHP scripts are executing with root permissions. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Why is it possible to assign data to _not_declared_ vars in a class (PHP 5.0.3)?
On Friday 08 April 2005 20:22, Matthew Weier O'Phinney wrote: > * Johannes Findeisen <[EMAIL PROTECTED]>: > > If i understand right, all variables should be declared in PHP5. So > > why is it possible to add a membervariable called "c" to the object > > without making a declaration? I got no error with this. I thought > > E_STRICT should show me things like that. Could someone explain me > > that? > > You don't understand correctly. Class properties/attributes do not need > to be explicitly declared in PHP. This did *not* change in PHP5. What > changed in PHP5 is visibility. By default, unless declared otherwise, a > class attribute is publicly visible -- the same behaviour seen in PHP4. Okay, allright. I missunderstood that. But wouldn't it be nice to see things like this in the error log when E_STRICT is activated. I know some programming languages and i ever have dreamed about some features like this in PHP5 and the main thing i was dreaming about was strict declaration. Now since PHP5 i have thought about programming PHP again because of features which would help me debugging my code. And this is not implemented perfectly. I have some days ago allready posted a PHP5 issue which i thought that it should be catched from the internal error handling with E_STRICT on. You can see it here: http://www.spinics.net/lists/php/msg117368.html Thanks, have a nice day. Johannes Findeisen -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
