[PHP] Template Security Advice (WASP - http://wasp.sourceforge.net)

[Brian Fioca]

I'm finishing up my WASP framework 1.0 release (http:// 
wasp.sourceforge.net) and I'm trying to decide the best way to lay  
out the template directories.


WASP uses HTML_Template_Flexy for its template system.  The templates  
are compiled using "Chunk" classes that each refer to a html template.


The way it works now, the directory structure of applications is
|_ /webroot/module/templates

where module is where the php classes are stored, and templates is  
where the html templates are stored.  The templates used to be stored  
in a seperate directory outside of the web root, as such

|_ /templates/
|_ /webroot/ModuleDir

however it becomes cumbersome to keep track of which templates go to  
which php classes, so for organization sake having the template  
directory located beneath each module directory is easier to navigate.


My problem is, anyone who realizes a particular application uses WASP  
can go to a url, say http://blah/module, and look at the html files  
in the template directory (ex. http://blah/module/templates).  Is it  
too much of a security issue to justify this useful organization?   
Theoretically the addition of an .htaccess file in the templates  
directories could solve the problem, but is that compounding the  
issue even more?  I guess I'm asking for someone to tell me it's ok  
to do it this way, but if nobody agrees I can change it back.


Thanks for the input.
-Brian


/**
 * Brian Fioca
 * Chief Scientist / Sr. Technical Consultant
 * PangoMedia - http://pangomedia.com
 * @work 907.868.8092x108
 * @cell 907.440.6347
 */




smime.p7s
Description: S/MIME cryptographic signature

[PHP] NZ Aegir Users/Developers

[Tim Haines]

Hi there,

I'm on the hunt for some Aegir users/developers in New Zealand.  Please 
email me offlist - [EMAIL PROTECTED] if you know of any.


Cheers,

Tim.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Performance of server-side DOM?

[Jeff Schmidt]

Hello,
 I've been toying around, lately, with using PHP's DOM API 
(specifically, domxml because I'm still using PHP4) for doing some of my 
server side dynamic pages, instead of the 'classic' method of outputting 
a serial stream of html dynamically generated with, e.g. php print() 
statements. The reason this is attractive to me is that, 
programmatically, it makes it easier to seperate logic from 
presentation. I realize that PHP has available, through PEAR and 
otherwise, various templating systems that attempt to address that need, 
but I've found some of the templating systems, at least, to be somewhat 
confusing, whereas the DOM seems pretty straightforward to me.


 But, I've wondered about the performance implications of my would-be 
method. Namely, I would normally start by reading in an html 'template' 
file with the function domxml_open_file, modify it to my hearts content 
with DOM methods, and then use DomDocument->html_dump_mem() to 
re-serialize the html and send it to the web-browser.


 Is this horribly inefficient, or just a small, reasonable overhead?

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Can I call .html file as a form action instead of .php?

[Jasper Bryant-Greene]

Michael Crute wrote:

On 10/10/05, *Richard Lynch* <[EMAIL PROTECTED] > 
wrote:

In addition to the Good column, let me add this:

Once I made all my .html files go through PHP, I found myself adding a
lot of cool little snippets to my files that I wouldn't have bothered
with if I had to re-name the file, fix all the links, worry about
search engines "losing" my page, etc.

I would encourage anybody but the most hard-core million-hits-per-day
super-stressed folks to just go ahead and use PHP on .htm and .html


Except its terrible form and not at all portable.


I don't do this myself (I leave extensions off PHP files instead, but 
that's another story...), but it is reasonably portable -- every web 
host I've ever dealt with supports .htaccess files; just put the 
following line in an .htaccess file in the root of your application.


AddType application/x-httpd-php .html

--
Jasper Bryant-Greene
Freelance web developer
http://jasper.bryant-greene.name/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Can I call .html file as a form action instead of .php?

[Michael Crute]

On 10/10/05, Richard Lynch <[EMAIL PROTECTED]> wrote:
>
> In addition to the Good column, let me add this:
>
> Once I made all my .html files go through PHP, I found myself adding a
> lot of cool little snippets to my files that I wouldn't have bothered
> with if I had to re-name the file, fix all the links, worry about
> search engines "losing" my page, etc.
>
> I would encourage anybody but the most hard-core million-hits-per-day
> super-stressed folks to just go ahead and use PHP on .htm and .html


Except its terrible form and not at all portable.

If 5% to 10% is putting you over the edge on performance, you're
> already in trouble anyway.
>
> NOTE:
> 5% to 10% was a lonnng time ago. I'd love to see more current
> benchmarks or, better, real-live stats from a moderately busy/complex
> server.


I highly doubt that many people use this configuration so there really
hasn't been any need for a new benchmark.

-Mike

--

Michael E. Crute
Software Developer
SoftGroup Development Corporation

Linux, because reboots are for installing hardware.
"In a world without walls and fences, who needs windows and gates?"

Re: [PHP] str_replace

[Jochem Maas]

Charles Stuart wrote:
A student run server on my old campus used to turn off PHP for  security 
reasons - ridiculous.


Would it be possible to use XSS to call curl from a remote site? I'm  
just a beginner so that may or not make sense.


I'm not really a beginner but I don't know if that makes sense either :-S
I'm pretty sure the answer is no.



Indeed it does seem like JS is the solution - unfortunately - as it  


workaround, not solution. a new host would be a solution,
one that means you don't have to waste time coding around completely
crazy setups.

seems like their 'trap' catches any string including CURL U before I  


seems like a total bogus filter. exactly what makes 'CURL U' so evil when
passed to a php/cgi script anyway?

can str_replace the string after gathering the input with _POST.  Anyone 
disagree?


well you could check out something like:



or



or








best,

Charles



On Oct 10, 2005, at 3:12 PM, Rory Browne wrote:


I'm not completely sure, but I think they're talking shite. If curl is


I think I can smell it here too.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Problem w/ Hidden Input Fields

[Jochem Maas]

hi Jason,

Jason Ferguson wrote:

I have a  field with a value 86 characters long.
Here is the entire form:





Rootsweb




Other Site:



this text input has the same name, seeing as it comes after the
hidden field it will be submitted after it (in terms of the order
of the POST vars) too. the value of second incoming txtKeyValue
effectively overwrites the first - result is you always see an empty value.

after thought:
you can work around it with javascript or php (and possibly changing
'txtKeyValue' to 'txtKeyValue[]'), or just change the name of
one of the fields :-)



















However, when I submit and do a print_r($_POST), there is no value for
$_POST['txtKeyValue'].

Note: the setWizardAction() function sets the 
attribute so the Prev/Next buttons work correctly.

The application is very close to being complete, so I need help ASAP


don't quite follow that logic ;-)

.


Jason



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] ARG: Seg Faults with PHP 5.0.5, now on Solaris and SLES9

[Jochem Maas]

Chuck wrote:

After 3 months of headache and intermittent seg faults on Solaris 9, we
decided to give SLES 9 a try.

Now we get continuous seg faults.

I am running apache 2.0.54 on SLES 9 with all updates, and Oracle
10.2.0.1.
(everything is the 32-bit flavor)

I built PHP as follows:
adcinfops02:/usr/local/httpd-2.0.54/htdocs #./configure
--prefix=/usr/local/php-5.0.5 --with-apxs2=/usr/local/httpd-2.0.54/bin/apxs


long shot: which worker module do you have enabled in httpd.conf?
you can only use 'pre-fork' with php.


--enable-cli --enable-debug --with-config-file-path=/usr/local/php-5.0.5/lib
--enable-sigchild --with-zlib --with-bz2 --enable-ftp --with-gettext
--enable-mbstring --with-ncurses --with-oci8=/u01/app/oracle/product/10.2
--enable-session --enable-sockets --enable-shared --disable-xml
--disable-libxml --disable-dom --with-jpeg-dir=/usr/lib
--with-png-dir=/usr/lib --with-zlib-dir=/usr/lib --with-xpm-dir=/usr/lib
--disable-simplexml --without-pear

Here is the simply php page that seg faults _every_ time it is called. (On
solaris, it only seg faulted 25% of the time)
\n";

$keys = array_keys($results);
foreach($keys as $key)
{
print "$key\n";
}
for($i=0; $i < $rows; $i++)
{
print " " . $results["USERNAME"][$i] . "\n";
}

OCIFreeStatement($stmt);
OCILogoff($ora);

?>


I can run this script 100 times from the command line ( # php oratest.php )
and not a single seg fault.

Anyone have any idea why this is happenning?

Also, is there a config, any OS, any version, and combination AT ALL, where
PHP is reliable when using Oracle 10g as the back end? Any configuration at
all?

Thx,
CC
--



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Problem w/ Hidden Input Fields

[Jason Ferguson]

I have a  field with a value 86 characters long.
Here is the entire form:





Rootsweb




Other Site:


















However, when I submit and do a print_r($_POST), there is no value for
$_POST['txtKeyValue'].

Note: the setWizardAction() function sets the 
attribute so the Prev/Next buttons work correctly.

The application is very close to being complete, so I need help ASAP.

Jason

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] session save path

[Richard Lynch]

On Mon, October 3, 2005 9:15 am, jonathan wrote:
> I'm looking for where apache / php will be saving the user session
> files. when I do a phpinfo(), it tells me that session.save_path will
> be temp but when I look at the files in there, there are only a
> couple of files and they say nwIN;
>
> Is there any way to directly access the session files in this way to
> get at the values?

If it just says "temp" with no path info, that may mean "wherever the
Operating System temp directory is" which in Windoze is probably
C:\tmp or C:\temp or who knows where it is this week.

You should not be accessing the files directly other than for
educational purposes...  If you mess with them directly in your PHP
application, you're probably doing something wrong.

You could also use your Windows "search" function to find files newer
than, say, 5 minutes ago.  At least, I assume even Windows has that
functionality somewhere...

-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Making MYSQL's RAND() more random

[Richard Lynch]

On Mon, October 3, 2005 2:39 pm, Graham Anderson wrote:
> what would be the best way to make MYSQL's RAND() more random ?
>
> my random result set always seems pretty predictable.  The first
> record
> in the result set always seems to be the same 4 tracks :(
> Would adding some kind of random seed like
> RAND($randomNumberGenerator)
> work ?
> If so, how do you implement this ?
>
>
> $sql = "SELECT media.id,
>  artist.name as artist,
>  artist.spanish as bio,
>  artist.purchaseLink,
>  artist.picture,
>  media.spanish as trackName,
>  media.path,
>  media.quality,
>  mediaType.id as mediaType
>  FROM artist, media, playlistItems, mediaType
>  WHERE playlistItems.playlist_id = $myID
>  AND playlistItems.media_id = media.id
>  AND media.artist_id = artist.id
>  AND media.mediaType_id = mediaType.id
>  ORDER BY RAND($randomSeed) LIMIT 0, 30";
>
> many thanks in advance

If you are using a version of MySQL with sub-queries, you may want to
try wrapping the whole ORDER BY RAND() around it in an outer query...

Maybe the optimization/indexing of the results and the LIMIT are
somehow interacting to mess up RAND()

Just a guess, really.

Depending on the size of your library, you could get ALL the possible
tracks, and then use PHP and http://php.net/mt_rand to skip around
with mysql_result() at random.  If your library of tracks is WAY too
big for that, don't do it.

You may also want to consider using more than just RAND() to choose
tracks.

For example, the playlist I generate for a coffeehouse every day has 3
factors:
1. How soon/recently the artist plays/played there.
2. Subjective "Quality" rating by the sound engineer of the track.
3. Random factor

http://uncommonground.com/
has a link to the radio right under the photo.
[site is getting a facelift soon, so this may change without notice]

So GREAT tracks and tracks of artists who are coming back soon or who
just played are MORE likely to get played, but there's always a
"random factor".

There are "multipliers" for each quantity, and the coffeehouse owner
can play around with them and "shape" the function to weigh it more
heavily toward any of the three factors.

In your case, I'd guess that you could consider factors like:
1. How recently was this song in a playlist.
2. How good was this song rated by the user
3. Random

None of this will actually "fix" your random issue, but by confusing
the order with other factors, might make the lack or randomness less
obvious and less bothersome. :-)

-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Can I call .html file as a form action instead of .php?

[Richard Lynch]

On Mon, October 3, 2005 9:23 pm, Jasper Bryant-Greene wrote:
> 1/ Setting your webserver to consider all .html files to be PHP
> scripts
> is good and bad. It is sometimes considered good because it hides the
...
> up-to-date...), but it's sometimes bad because it causes PHP to
> process
> all HTML files, even if they don't have any PHP in them, which slows
> things down.

The last reported benchmark I saw was about 5% to 10% slow-down for
all HTML to go through PHP.

If 5% to 10% is a Big Deal to you, don't do it.

In addition to the Good column, let me add this:

Once I made all my .html files go through PHP, I found myself adding a
lot of cool little snippets to my files that I wouldn't have bothered
with if I had to re-name the file, fix all the links, worry about
search engines "losing" my page, etc.

I would encourage anybody but the most hard-core million-hits-per-day
super-stressed folks to just go ahead and use PHP on .htm and .html

If 5% to 10% is putting you over the edge on performance, you're
already in trouble anyway.

NOTE:
5% to 10% was a lonnng time ago.  I'd love to see more current
benchmarks or, better, real-live stats from a moderately busy/complex
server.

-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] chown function

[Richard Lynch]

On Tue, October 4, 2005 12:21 am, Keith Spiller wrote:
> chown("$endpath", "admin");
>
> to try to change the owner of directories after using mkdir()
> to create them.  It continues to fail on my remote Fedora server.
>
> I know the path is correct because mkdir() works perfectly.
> Apache sets the owner as 48 when the directory is created.
>
> I am not running in safe mode.
>
> The php.net documentation does not make certain things
> clear to me...  For example, do I need to be using a user id
> number instead of a name?  Will the chown only work if
> the server is setup as a super user?

Seems to me that 'chown' is simply not gonna work at all unless PHP is
running as root, which should really only be done (if at all) in CLI.

Okay, maybe some suExec CGI situation is "okay"...

But, yeah, your regular PHP script running on a website isn't gonna
have permission to chown() a file -- If it did, anybody on the system
could, oh, upload a binary, chown it to 'root', and chmod it to run AS
root, then take over the machine in about, oh, 10 seconds.

That would be bad.

It's not that chown() doesn't work -- It's that you're trying to use
it in a situation where it should NOT work.

What you may want to consider doing is putting user 48 and your FTP
users in a common group, and then chmod() the files to be
group-writable or whatever you need.  That's probably the easiest
answer.

Another possibility is to write a root-owned cron job to chown/chmod
the files as needed based on their directory and/or existence in some
kind of database or...  Gotta be more careful with that, as it's too
easy to end up opening up a hole.

-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] storing passwords in $_SESSION

[Oliver Grätz]

Dan Brow schrieb:
> Thanks, figured that would be the case. Can't for life of me think why I
> wanted to do that, must have had a brain infarction. I want to have an
> expired session prompt so people can log back in with out having to
> start at the login page. Would having the users login saved in $_SESSION
> be alright? prompt them for their password and compare it with the
> password in the DB be fine? I want to reduce the amount of typing
> someone has to do when a session expires.

Why don't you leave the decision if they want to type to the user?
My browser keeps track of what I entered into every login form I ever
visited...

AllOLLi


"We'll draw straws. They're coming. We don't have time to argue about
who gets to risk their life."
[Locke on LOST 124]

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] str_replace

[Charles Stuart]

A student run server on my old campus used to turn off PHP for  
security reasons - ridiculous.


Would it be possible to use XSS to call curl from a remote site? I'm  
just a beginner so that may or not make sense.


Indeed it does seem like JS is the solution - unfortunately - as it  
seems like their 'trap' catches any string including CURL U before I  
can str_replace the string after gathering the input with _POST.  
Anyone disagree?




best,

Charles



On Oct 10, 2005, at 3:12 PM, Rory Browne wrote:


I'm not completely sure, but I think they're talking shite. If curl is
a security problem, then disable curl. They seem from what you've
said, to be pretty irrational. I respect security paranoia, but this
is ridicules.

You could try replacing every letter in the word curl with it's &#xxx;
equivlent, but that might not work. You would also have to do it in
JS, although I think that any browser with the exception on lynx has
JS capabilities.

On 10/10/05, Charles Stuart <[EMAIL PROTECTED]> wrote:


Hi,

I'm on shared hosting. Because of security concerns on their part
[1], every time the text "curl u" is inputted, a 403 forbidden is
given and the form is not submitted. This is of course a problem as
I'm doing work for a children's literacy program, and plenty of
people try to input "curl up with a book".

I'm trying to use 'str_replace' to solve this issue, but I can't seem
to get around the 403 error.

It appears as if the hosting service doesn't give me a chance to
replace "curl u" with something else prior to them blocking the
attempted submit.

I can tell my str_replace is working as if I change the searched text
to something other than "curl u" it does in fact replace it and
submit it correctly.

Anyone have any ideas for a workaround? My next thought is to use
javascript, but I think the site serves quite a few people who might
not have javascript on.

Thanks for listening. Below is the PHP [2].


best,

Charles


[2]
// Grabbing the data from the form.

if ($task == "updateInfo")
 {
$activityChallenges = cs_remove_curl_up(sanitize_paranoid_string
($_POST["activityChallenges"]));
 }



// change "curl u" to "EDIT kurl u"

function cs_remove_curl_up($string, $min='', $max='')
{
   $string = str_replace("curl u", "EDIT kurl u", $string);
   $len = strlen($string);
   if((($min != '') && ($len < $min)) || (($max != '') && ($len >
$max)))
 return FALSE;
   return $string;
}



[1]
My host told me this:

"Mod_security is restricting this and blocks all url's with C-url.
This is done because of some php worms that are spread using c-url. I
would recommend trying to work around this. It will be a major
security issue for us to allow this."

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php









--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP5 Webhost

[Richard Lynch]

On Tue, October 4, 2005 11:29 am, Michael Crute wrote:
> I am in the process of looking for a webhost for the company I work
> for. I must have PHP5 support as the CMS I am using only supports
> PHP5. Does anyone know of any good quality hosts that also support
> PHP5 and MySQL for less than $40/mo? Dedicated hosting is right out as
> we obviously don't have the budget for that. Any thoughts/suggestions
> would be very much appreciated. Thanks.

http://hostbaby.com

I receive nothing for this link ; Just a satisfied customer

You may want to specify in the "special requests" box when you signup
to get PHP 5, but I'm almost positive any new accounts are getting PHP
5 anyway.

-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Dynamic sub directory listing without redirect

[Richard Lynch]

On Fri, October 7, 2005 10:19 pm, Terence wrote:
> I am trying to allow dynamic URL's for my users to remember similiar
> to:
>
> www.mysite.com/joesoap
>
> So I want to use "joesoap" in a PHP script to pick up the user's
> details
> from a MySQL database. If the "joesoap" does not exist in the table
> I will handle that.
>
> So basically I have one file www.mysite.com/index.php which should do
> all the processing.
>
> I have tried with the apache .htaccess mod_rewrite, however when I
> echo
> $_SERVER['PHP_SELF'] I can't detect the "joesoap". It returns
> /index.php.

No need to get all complicated with mod_rewrite and .htaccess
ForceType/Action:

echo $_SERVER['PATH_INFO'];

Just in case I mis-remember the key:

var_dump($_SERVER);

It's in there somewhere.

-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] str_replace

[Rory Browne]

I'm not completely sure, but I think they're talking shite. If curl is
a security problem, then disable curl. They seem from what you've
said, to be pretty irrational. I respect security paranoia, but this
is ridicules.

You could try replacing every letter in the word curl with it's &#xxx;
equivlent, but that might not work. You would also have to do it in
JS, although I think that any browser with the exception on lynx has
JS capabilities.

On 10/10/05, Charles Stuart <[EMAIL PROTECTED]> wrote:
> Hi,
>
> I'm on shared hosting. Because of security concerns on their part
> [1], every time the text "curl u" is inputted, a 403 forbidden is
> given and the form is not submitted. This is of course a problem as
> I'm doing work for a children's literacy program, and plenty of
> people try to input "curl up with a book".
>
> I'm trying to use 'str_replace' to solve this issue, but I can't seem
> to get around the 403 error.
>
> It appears as if the hosting service doesn't give me a chance to
> replace "curl u" with something else prior to them blocking the
> attempted submit.
>
> I can tell my str_replace is working as if I change the searched text
> to something other than "curl u" it does in fact replace it and
> submit it correctly.
>
> Anyone have any ideas for a workaround? My next thought is to use
> javascript, but I think the site serves quite a few people who might
> not have javascript on.
>
> Thanks for listening. Below is the PHP [2].
>
>
> best,
>
> Charles
>
>
> [2]
> // Grabbing the data from the form.
>
> if ($task == "updateInfo")
>  {
> $activityChallenges = cs_remove_curl_up(sanitize_paranoid_string
> ($_POST["activityChallenges"]));
>  }
>
>
>
> // change "curl u" to "EDIT kurl u"
>
> function cs_remove_curl_up($string, $min='', $max='')
> {
>$string = str_replace("curl u", "EDIT kurl u", $string);
>$len = strlen($string);
>if((($min != '') && ($len < $min)) || (($max != '') && ($len >
> $max)))
>  return FALSE;
>return $string;
> }
>
>
>
> [1]
> My host told me this:
>
> "Mod_security is restricting this and blocks all url's with C-url.
> This is done because of some php worms that are spread using c-url. I
> would recommend trying to work around this. It will be a major
> security issue for us to allow this."
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] How do I POST data with headers & make the browser follow?

[Richard Lynch]

On Sat, October 8, 2005 1:58 am, Ragnar wrote:
> What I gather from Richards answer earlier that the difference between
> $_POST, $_GET or $_COOKIE, $_SESSION is almost irrelevant, I might
> as well store the detail in a session to be able to use them on page
> 3 it seems.

On a DEDICATED server, $_SESSION is probably not a horrible place to
do this, if you really really really have to...

On a SHARED server, $_SESSION is a HORRIBLE place to tuck this info --
Any other user on that server can troll through your session files for
cc#s.  BAD.

I still fail to understand why you're bouncing the user around so much
and turning something so simple into something so complicated.

-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP5 Soap + .NET Webservice

[Richard Lynch]

On Mon, October 10, 2005 4:40 am, Chris Hemmings wrote:
> Can anyone explain how this works, and, how to fix it.  I'm can't find
> any documentation on the problem I am having.

colon-separated name-spaces in XML are a relatively new development.

Your XML parser probably is not up to speed on them yet...

You'd have to upgrade your XML parser, or replace it with one that is
aware of this newer XML format.

I forget the precise terminology for colon-separated name-spaces in
XML, so your first task is to find out what the heck it's called. :-)

-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] ARG: Seg Faults with PHP 5.0.5, now on Solaris and SLES9

[Chuck]

After 3 months of headache and intermittent seg faults on Solaris 9, we
decided to give SLES 9 a try.

Now we get continuous seg faults.

I am running apache 2.0.54 on SLES 9 with all updates, and Oracle
10.2.0.1.
(everything is the 32-bit flavor)

I built PHP as follows:
adcinfops02:/usr/local/httpd-2.0.54/htdocs #./configure
--prefix=/usr/local/php-5.0.5 --with-apxs2=/usr/local/httpd-2.0.54/bin/apxs
--enable-cli --enable-debug --with-config-file-path=/usr/local/php-5.0.5/lib
--enable-sigchild --with-zlib --with-bz2 --enable-ftp --with-gettext
--enable-mbstring --with-ncurses --with-oci8=/u01/app/oracle/product/10.2
--enable-session --enable-sockets --enable-shared --disable-xml
--disable-libxml --disable-dom --with-jpeg-dir=/usr/lib
--with-png-dir=/usr/lib --with-zlib-dir=/usr/lib --with-xpm-dir=/usr/lib
--disable-simplexml --without-pear

Here is the simply php page that seg faults _every_ time it is called. (On
solaris, it only seg faulted 25% of the time)
\n";

$keys = array_keys($results);
foreach($keys as $key)
{
print "$key\n";
}
for($i=0; $i < $rows; $i++)
{
print " " . $results["USERNAME"][$i] . "\n";
}

OCIFreeStatement($stmt);
OCILogoff($ora);

?>


I can run this script 100 times from the command line ( # php oratest.php )
and not a single seg fault.

Anyone have any idea why this is happenning?

Also, is there a config, any OS, any version, and combination AT ALL, where
PHP is reliable when using Oracle 10g as the back end? Any configuration at
all?

Thx,
CC
--

RE: [PHP] storing passwords in $_SESSION

[Jeffrey Santos]

Why not store a cookie and session variable with a randomly generated ID
code (see uniqid function in manuals) then just check to see if one is equal
to the other on your "relogin"  This way you don't record any "personal"
user information and can still do an autologin type script.

- Jeff

-Original Message-
From: Dan Brow [mailto:[EMAIL PROTECTED] 
Sent: Monday, October 10, 2005 4:51 PM
To: PHP-Users
Subject: Re: [PHP] storing passwords in $_SESSION

Sorry for the confusion, I should have changed the subject line to
reflect my new idea.

Thanks.

On Mon, 2005-10-10 at 22:03 +0200, Emil Novak wrote:
> Oh, just username... That's good idea.
> 
> Emil NOVAK
> LAMP Developer
> 
> On 10/10/05, Dan Brow <[EMAIL PROTECTED]> wrote:
> > I was meaning just the username, not the password, still the same issue?
> >
> > On Mon, 2005-10-10 at 21:35 +0200, Emil Novak wrote:
> > > Yet another unsafe way... You can try to write a program that reads
> > > stored cookies in Temporary Internet Files - it's peace of cake for
> > > somebody that is advanced programmer. The best way is to "eliminate"
> > > lazy users - you simply do not implement "auto login". It's the
> > > fastest, safest and the easiest way to solve the problem.
> > >
> > > Emil NOVAK
> > > LAMP Developer
> > >
> > > On 10/10/05, Dan Brow <[EMAIL PROTECTED]> wrote:
> > > > Well, um. ya. Back to the drawing board.  Save it in a cookie?
> > > >
> > > > On Mon, 2005-10-10 at 14:59 -0400, Kilbride, James wrote:
> > > > > If the session expired.. how will session hold their user id??
> > > > >
> > > > > > -Original Message-
> > > > > > From: Dan Brow [mailto:[EMAIL PROTECTED]
> > > > > > Sent: Monday, October 10, 2005 3:05 PM
> > > > > > To: PHP-Users
> > > > > > Subject: Re: [PHP] storing passwords in $_SESSION
> > > > > >
> > > > > > Thanks, figured that would be the case. Can't for life of me
> > > > > > think why I wanted to do that, must have had a brain
> > > > > > infarction. I want to have an expired session prompt so
> > > > > > people can log back in with out having to start at the login
> > > > > > page. Would having the users login saved in $_SESSION be
> > > > > > alright? prompt them for their password and compare it with
> > > > > > the password in the DB be fine? I want to reduce the amount
> > > > > > of typing someone has to do when a session expires.
> > > > > >
> > > > > > Thanks.
> > > > > >
> > > > > > --
> > > > > > PHP General Mailing List (http://www.php.net/) To
> > > > > > unsubscribe, visit: http://www.php.net/unsub.php
> > > > > >
> > > > > >
> > > >
> > > > --
> > > > PHP General Mailing List (http://www.php.net/)
> > > > To unsubscribe, visit: http://www.php.net/unsub.php
> > > >
> > > >
> > >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >
> 
> 
> --
> Emil NOVAK, razvijalec distribucije Slonix
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] str_replace

[Charles Stuart]

Hi,

I'm on shared hosting. Because of security concerns on their part  
[1], every time the text "curl u" is inputted, a 403 forbidden is  
given and the form is not submitted. This is of course a problem as  
I'm doing work for a children's literacy program, and plenty of  
people try to input "curl up with a book".


I'm trying to use 'str_replace' to solve this issue, but I can't seem  
to get around the 403 error.


It appears as if the hosting service doesn't give me a chance to  
replace "curl u" with something else prior to them blocking the  
attempted submit.


I can tell my str_replace is working as if I change the searched text  
to something other than "curl u" it does in fact replace it and  
submit it correctly.


Anyone have any ideas for a workaround? My next thought is to use  
javascript, but I think the site serves quite a few people who might  
not have javascript on.


Thanks for listening. Below is the PHP [2].


best,

Charles


[2]
// Grabbing the data from the form.

if ($task == "updateInfo")
{
$activityChallenges = cs_remove_curl_up(sanitize_paranoid_string 
($_POST["activityChallenges"]));

}



// change "curl u" to "EDIT kurl u"

function cs_remove_curl_up($string, $min='', $max='')
{
  $string = str_replace("curl u", "EDIT kurl u", $string);
  $len = strlen($string);
  if((($min != '') && ($len < $min)) || (($max != '') && ($len >  
$max)))

return FALSE;
  return $string;
}



[1]
My host told me this:

"Mod_security is restricting this and blocks all url's with C-url.  
This is done because of some php worms that are spread using c-url. I  
would recommend trying to work around this. It will be a major  
security issue for us to allow this."


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] storing passwords in $_SESSION

[Dan Brow]

Sorry for the confusion, I should have changed the subject line to
reflect my new idea.

Thanks.

On Mon, 2005-10-10 at 22:03 +0200, Emil Novak wrote:
> Oh, just username... That's good idea.
> 
> Emil NOVAK
> LAMP Developer
> 
> On 10/10/05, Dan Brow <[EMAIL PROTECTED]> wrote:
> > I was meaning just the username, not the password, still the same issue?
> >
> > On Mon, 2005-10-10 at 21:35 +0200, Emil Novak wrote:
> > > Yet another unsafe way... You can try to write a program that reads
> > > stored cookies in Temporary Internet Files - it's peace of cake for
> > > somebody that is advanced programmer. The best way is to "eliminate"
> > > lazy users - you simply do not implement "auto login". It's the
> > > fastest, safest and the easiest way to solve the problem.
> > >
> > > Emil NOVAK
> > > LAMP Developer
> > >
> > > On 10/10/05, Dan Brow <[EMAIL PROTECTED]> wrote:
> > > > Well, um. ya. Back to the drawing board.  Save it in a cookie?
> > > >
> > > > On Mon, 2005-10-10 at 14:59 -0400, Kilbride, James wrote:
> > > > > If the session expired.. how will session hold their user id??
> > > > >
> > > > > > -Original Message-
> > > > > > From: Dan Brow [mailto:[EMAIL PROTECTED]
> > > > > > Sent: Monday, October 10, 2005 3:05 PM
> > > > > > To: PHP-Users
> > > > > > Subject: Re: [PHP] storing passwords in $_SESSION
> > > > > >
> > > > > > Thanks, figured that would be the case. Can't for life of me
> > > > > > think why I wanted to do that, must have had a brain
> > > > > > infarction. I want to have an expired session prompt so
> > > > > > people can log back in with out having to start at the login
> > > > > > page. Would having the users login saved in $_SESSION be
> > > > > > alright? prompt them for their password and compare it with
> > > > > > the password in the DB be fine? I want to reduce the amount
> > > > > > of typing someone has to do when a session expires.
> > > > > >
> > > > > > Thanks.
> > > > > >
> > > > > > --
> > > > > > PHP General Mailing List (http://www.php.net/) To
> > > > > > unsubscribe, visit: http://www.php.net/unsub.php
> > > > > >
> > > > > >
> > > >
> > > > --
> > > > PHP General Mailing List (http://www.php.net/)
> > > > To unsubscribe, visit: http://www.php.net/unsub.php
> > > >
> > > >
> > >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >
> 
> 
> --
> Emil NOVAK, razvijalec distribucije Slonix
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Help with logic :(

[Richard Lynch]

On Mon, October 10, 2005 3:24 pm, Dan McCullough wrote:
> create a function to check if the rndnumber=couponcode row count = 0
> if not then redo rndnumber if it does = 0 then insert rndnumber

N!

You are creating a RACE CONDITION in which ONE user might generate a
'valid' code, and ANOTHER user might generate a 'valid' code AT THE
SAME TIME, and then they BOTH get the same coupon code.

The probability of this is very very very low, but still NOT zero.

And it's the kind of thing that won't show up in testing, but sure as
God made little green apples, it WILL happen at the worst possible
time after you "go live"

The database engine has a *TON* of code in it to avoid this kind of
Bad Thing happening.

Use it.

create a UNIQUE INDEX on the column that needs to be unique.

Trap the INSERT error.

-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Store a variable name in a database field.

[Richard Lynch]

On Mon, October 10, 2005 12:17 pm, Liam Delahunty wrote:
> I'm sure this is a pretty basic question, but I have searched for a
> decent answer and can't find one.
>
> I have a client that want to be able to write newsletters
> (newsleters_tbl.email_body) and use fields from his contact table, so
> as we grind through the contact list for newsletters subscribers it
> may pull out $first_name, or $last_name, or perhaps the address and so
> on, and send an individual email and have it in the $email_body field
> from another table.
>
> $email_body is a free form text field, and he wants to be able to type
> in anything he desires and have it pulled from the contact table.
>
> I've tried with and without addslashes, and htmlentities. Is there a
> solution or I will I have to resort to getting him to use
> {{$first_name}} etc.
>
> Lastly, if I have to use {{whatever}} then what's the reason I can't
> use $field_name in the database?

There's no reason why you can't do what you are trying to do...

But you'd have to show us some code to give us any idea why it's "not
working"

Right now, all we can say is:  It should work just fine.

You don't have to use {{$whatever}}

You could use [first_name] or {first_name} or ^first_name^ or whatever
you want.

But you ARE going to have to do some text processing to translate.

You *CAN* make it just match up whatever he types with whatever field
name you've got, but again, without seeing the code you thought should
work, we've got no idea what you did wrong.

-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Testing a String for 'most' Capitalised

[Richard Lynch]

On Mon, October 10, 2005 12:31 pm, zzapper wrote:
> On Mon, 10 Oct 2005 15:27:05 +0100,  wrote:
>
>>On 10/10/05, zzapper <[EMAIL PROTECTED]> wrote:
>>> Hi,
>>>
>>> Image that there could be a string
>>>
>>> fred
>>> Fred
>>> FRED
>>>
>>> First of all I need to know that these are same which I can do with
>>> strtolower, but how could I tell
>>> that 'FRED' is 'most captilised?
>
> Thanx 4 various replies. In fact speed is more important 4 me than
> exactitude as it's right inside a
> critical loop.
>
> I think strcmp will do the biz even though it sees fred as being
> greater than Fred ?!?

A = 65
B = 66
C = 67
.
.
.

a = 120 (?)
b = 121 (?)
c = 122 (?)
.
.
.

f > F
a > A
fred > Fred > FRED

The "smallest" string is the "most capitalized", assuming they are the
same in lowercase.

-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Help with logic :(

[Dan McCullough]

create a function to check if the rndnumber=couponcode row count = 0
if not then redo rndnumber if it does = 0 then insert rndnumber

On 10/10/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> Hey guys,
>
> Having trouble coming up with a solution to this idea I am trying to
> implement.
>
> I have a "Coupon" table.
>
> I am creating radonly generated coupon codes that go into this table. 12
> chars in length - both number and letters - all lowercase.
>
> I figure I need to do the following:
>
> 1) generate the radon coupon code;
>
> 2) Do query against thethe table to pull out all the currently entered codes;
>
> 3) Loop through all codes to see if any match the randomly generated code;
>
> 4) if a match exists, generate code again and keep doing this until we
> have a code that doesn't match;
>
> 5) If a match doesn't exist, insert code into DB and continue with rest of
> my process.
>
>
> What I am unsure of is how to loop through all codes in the DB and match
> against current randomly generated code and if a match exists, keep
> generating new random codes until one doesn't exist.
>
> Any ideas on how to go about this?
>
> Thank you in advance. Seems pretty simple I'm sure. Just confused on the
> logic.
>
> Thanks.
>
> Aaron
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] default mail headers ?

[Richard Lynch]

On Mon, October 10, 2005 1:54 pm, Tim Traver wrote:
> when using the mail() function in the base PHP distribution, is there
> a
> way to inject a default header onto all mail being sent out ?
>
> I thought at some point there was already a header that specified the
> script that was making the mail() call in it, but it doesn't look like
> that is happening. Did it used to be that way ? I could have sworn
> that
> I remember it being like that...

In php.ini, you can alter the command line used to send mail, and
insert a header there...

-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] PHP guru needed urgently

[Alnisa Allgood]

Hi-

I'm in urgent (today/tomorrow) need of someone with strong PHP 
programming skills. I was  adapting phpESP 
http://www.butterfat.net/wiki/Projects/phpESP/   an open source 
Survey program and have run into a couple road blocks that far exceed 
my programming skills.


The two things I'd like to accomplish are:

1) Change how page urls are handled so that redirects I created work.
phpESP handles advancing pages without adjusting the url, but I need 
the url to change from something like  http://survey/php  to 
http://survey/php?p=2  .  I've had to drammatically change the forms 
layout, and can't use the automatic forms created by the survey. I 
need to use the new forms for handling data.


2) Introduction of cookies or some sort of method of tracking, to 
insure that each of the new form pages are tagged to the proper user.


The project is for a nonprofit, so I can't pay a lot. I can pay 
$50/hr for up to $200. Out of my own personal funds. I screwed up 
when I started estimating timelines on the project.  I expected the 
survey urls to work the same way as the test urls; but they don't. 
And I'm just not that great at reading other peoples code to get a 
good handle on what needs to be changed where.


If you've worked with phpESP or think your programming skills are 
strong enough to make the adaptations without having seen the program 
then please contact me at [EMAIL PROTECTED]


Thanks

Alnisa

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Help with logic :(

[aaronjw]

Hey guys,

Having trouble coming up with a solution to this idea I am trying to
implement.

I have a "Coupon" table.

I am creating radonly generated coupon codes that go into this table. 12
chars in length - both number and letters - all lowercase.

I figure I need to do the following:

1) generate the radon coupon code;

2) Do query against thethe table to pull out all the currently entered codes;

3) Loop through all codes to see if any match the randomly generated code;

4) if a match exists, generate code again and keep doing this until we
have a code that doesn't match;

5) If a match doesn't exist, insert code into DB and continue with rest of
my process.


What I am unsure of is how to loop through all codes in the DB and match
against current randomly generated code and if a match exists, keep
generating new random codes until one doesn't exist.

Any ideas on how to go about this?

Thank you in advance. Seems pretty simple I'm sure. Just confused on the
logic.

Thanks.

Aaron

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] storing passwords in $_SESSION

[Emil Novak]

Oh, just username... That's good idea.

Emil NOVAK
LAMP Developer

On 10/10/05, Dan Brow <[EMAIL PROTECTED]> wrote:
> I was meaning just the username, not the password, still the same issue?
>
> On Mon, 2005-10-10 at 21:35 +0200, Emil Novak wrote:
> > Yet another unsafe way... You can try to write a program that reads
> > stored cookies in Temporary Internet Files - it's peace of cake for
> > somebody that is advanced programmer. The best way is to "eliminate"
> > lazy users - you simply do not implement "auto login". It's the
> > fastest, safest and the easiest way to solve the problem.
> >
> > Emil NOVAK
> > LAMP Developer
> >
> > On 10/10/05, Dan Brow <[EMAIL PROTECTED]> wrote:
> > > Well, um. ya. Back to the drawing board.  Save it in a cookie?
> > >
> > > On Mon, 2005-10-10 at 14:59 -0400, Kilbride, James wrote:
> > > > If the session expired.. how will session hold their user id??
> > > >
> > > > > -Original Message-
> > > > > From: Dan Brow [mailto:[EMAIL PROTECTED]
> > > > > Sent: Monday, October 10, 2005 3:05 PM
> > > > > To: PHP-Users
> > > > > Subject: Re: [PHP] storing passwords in $_SESSION
> > > > >
> > > > > Thanks, figured that would be the case. Can't for life of me
> > > > > think why I wanted to do that, must have had a brain
> > > > > infarction. I want to have an expired session prompt so
> > > > > people can log back in with out having to start at the login
> > > > > page. Would having the users login saved in $_SESSION be
> > > > > alright? prompt them for their password and compare it with
> > > > > the password in the DB be fine? I want to reduce the amount
> > > > > of typing someone has to do when a session expires.
> > > > >
> > > > > Thanks.
> > > > >
> > > > > --
> > > > > PHP General Mailing List (http://www.php.net/) To
> > > > > unsubscribe, visit: http://www.php.net/unsub.php
> > > > >
> > > > >
> > >
> > > --
> > > PHP General Mailing List (http://www.php.net/)
> > > To unsubscribe, visit: http://www.php.net/unsub.php
> > >
> > >
> >
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>


--
Emil NOVAK, razvijalec distribucije Slonix

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] user admin/site admin open source functions..

[Philip Hallstrom]

i'm trying to find an "open source" app that would provide me with user
admin/site admin functionality. i've been playing with a few of the open
source cms apps to get a feel for how they implement this kind of
funtionality. i could rip out what i need, but it might be painful for
something like mambo, given it's interconectivity.

anybody have pointers to an app that you can use as a user admin/site admin
function and tie it into a website/app...


Try here for a lot of CMS packages some of which might be easier to modify 
or some which might do exactly what you want...


http://www.opensourcecms.com/

And check zend.com in their dev section for apps/scripts under the 
"content management" section.


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] user admin/site admin open source functions..

[bruce]

hey...

i'm trying to find an "open source" app that would provide me with user
admin/site admin functionality. i've been playing with a few of the open
source cms apps to get a feel for how they implement this kind of
funtionality. i could rip out what i need, but it might be painful for
something like mambo, given it's interconectivity.

anybody have pointers to an app that you can use as a user admin/site admin
function and tie it into a website/app...

thanks

-bruce
[EMAIL PROTECTED]

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] storing passwords in $_SESSION

[Dan Brow]

I was meaning just the username, not the password, still the same issue?

On Mon, 2005-10-10 at 21:35 +0200, Emil Novak wrote:
> Yet another unsafe way... You can try to write a program that reads
> stored cookies in Temporary Internet Files - it's peace of cake for
> somebody that is advanced programmer. The best way is to "eliminate"
> lazy users - you simply do not implement "auto login". It's the
> fastest, safest and the easiest way to solve the problem.
> 
> Emil NOVAK
> LAMP Developer
> 
> On 10/10/05, Dan Brow <[EMAIL PROTECTED]> wrote:
> > Well, um. ya. Back to the drawing board.  Save it in a cookie?
> >
> > On Mon, 2005-10-10 at 14:59 -0400, Kilbride, James wrote:
> > > If the session expired.. how will session hold their user id??
> > >
> > > > -Original Message-
> > > > From: Dan Brow [mailto:[EMAIL PROTECTED]
> > > > Sent: Monday, October 10, 2005 3:05 PM
> > > > To: PHP-Users
> > > > Subject: Re: [PHP] storing passwords in $_SESSION
> > > >
> > > > Thanks, figured that would be the case. Can't for life of me
> > > > think why I wanted to do that, must have had a brain
> > > > infarction. I want to have an expired session prompt so
> > > > people can log back in with out having to start at the login
> > > > page. Would having the users login saved in $_SESSION be
> > > > alright? prompt them for their password and compare it with
> > > > the password in the DB be fine? I want to reduce the amount
> > > > of typing someone has to do when a session expires.
> > > >
> > > > Thanks.
> > > >
> > > > --
> > > > PHP General Mailing List (http://www.php.net/) To
> > > > unsubscribe, visit: http://www.php.net/unsub.php
> > > >
> > > >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] getting php to generate a 503

[Jasper Bryant-Greene]

[EMAIL PROTECTED] wrote:

I want to write a php page that can return a 503 with some useful
information. 


   
?>


Is what I've done so far - yet it doesn't work, the headers don't seem to be
modified and my page just returns the echoed contet and both firefox and IE
blithely ignore the fact that I set the server unavailable header :( can
anyone give me a clue as to what I've done wrong?


What did you expect to happen? The expected behaviour (unless I'm 
missing something) is that the browser should display the content (i.e. 
"Page execution failed") that you sent to it.


The 503 status is a signal to the browser, and I don't believe either 
Firefox or IE pass that signal on.


--
Jasper Bryant-Greene
Freelance web developer
http://jasper.bryant-greene.name/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] storing passwords in $_SESSION

[Emil Novak]

Yet another unsafe way... You can try to write a program that reads
stored cookies in Temporary Internet Files - it's peace of cake for
somebody that is advanced programmer. The best way is to "eliminate"
lazy users - you simply do not implement "auto login". It's the
fastest, safest and the easiest way to solve the problem.

Emil NOVAK
LAMP Developer

On 10/10/05, Dan Brow <[EMAIL PROTECTED]> wrote:
> Well, um. ya. Back to the drawing board.  Save it in a cookie?
>
> On Mon, 2005-10-10 at 14:59 -0400, Kilbride, James wrote:
> > If the session expired.. how will session hold their user id??
> >
> > > -Original Message-
> > > From: Dan Brow [mailto:[EMAIL PROTECTED]
> > > Sent: Monday, October 10, 2005 3:05 PM
> > > To: PHP-Users
> > > Subject: Re: [PHP] storing passwords in $_SESSION
> > >
> > > Thanks, figured that would be the case. Can't for life of me
> > > think why I wanted to do that, must have had a brain
> > > infarction. I want to have an expired session prompt so
> > > people can log back in with out having to start at the login
> > > page. Would having the users login saved in $_SESSION be
> > > alright? prompt them for their password and compare it with
> > > the password in the DB be fine? I want to reduce the amount
> > > of typing someone has to do when a session expires.
> > >
> > > Thanks.
> > >
> > > --
> > > PHP General Mailing List (http://www.php.net/) To
> > > unsubscribe, visit: http://www.php.net/unsub.php
> > >
> > >
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] storing passwords in $_SESSION

[Dan Brow]

Well, um. ya. Back to the drawing board.  Save it in a cookie?

On Mon, 2005-10-10 at 14:59 -0400, Kilbride, James wrote:
> If the session expired.. how will session hold their user id?? 
> 
> > -Original Message-
> > From: Dan Brow [mailto:[EMAIL PROTECTED] 
> > Sent: Monday, October 10, 2005 3:05 PM
> > To: PHP-Users
> > Subject: Re: [PHP] storing passwords in $_SESSION
> > 
> > Thanks, figured that would be the case. Can't for life of me 
> > think why I wanted to do that, must have had a brain 
> > infarction. I want to have an expired session prompt so 
> > people can log back in with out having to start at the login 
> > page. Would having the users login saved in $_SESSION be 
> > alright? prompt them for their password and compare it with 
> > the password in the DB be fine? I want to reduce the amount 
> > of typing someone has to do when a session expires.
> > 
> > Thanks.
> > 
> > --
> > PHP General Mailing List (http://www.php.net/) To 
> > unsubscribe, visit: http://www.php.net/unsub.php
> > 
> > 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] default mail headers ?

[Tim Traver]

Hi all,

when using the mail() function in the base PHP distribution, is there a 
way to inject a default header onto all mail being sent out ?


I thought at some point there was already a header that specified the 
script that was making the mail() call in it, but it doesn't look like 
that is happening. Did it used to be that way ? I could have sworn that 
I remember it being like that...


Thanks,

Tim.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Pocket PC(Mobile 2003 particularly)

[Kilbride, James]

> -Original Message-
> From: Jim Moseby [mailto:[EMAIL PROTECTED] 
> Sent: Monday, October 10, 2005 2:42 PM
> To: Kilbride, James
> Cc: php-general@lists.php.net
> Subject: RE: [PHP] Pocket PC(Mobile 2003 particularly)
> 
SNIPPED...
> > The first. As to why? I have web applications that currently run on 
> > the server, or will, that I want to be available through the Pocket 
> > PC's.
> > These Pocket PC's will not have network connectivity at the time of 
> > access but will have the necessary database fragments to allow the 
> > applications to run. I want to run the same code on both the Pocket 
> > PC's and the Webserver, in terms of the PHP. As such I need an 
> > Apache/PHP server that runs on the Pocket PC's to display 
> and run the 
> > pages on the Pocket PC's.
> > 
> > Answer your question?
> > 
> > James Kilbride
> 
> Hi James,
> 
> Perfectly.  After a _brief_ search, I could only find one web 
> server for a mobile platform, in this case WindowsCE.  
> http://www.cam.com/vxweb.html.  It does have CGI support, 
> though I'm not sure if it will help you.
> 
> The real question for this group is whether there is a PHP 
> binary for PocketPC, of if anyone has looked into porting the 
> code.  I found a few hits from 2002 where it was apparently 
> discussed, but nothing definitive.
> 
> JM
> 

It boggles my mind that after all these years of web development, and
PDA work, that there isn't an easy to find solution/suggestion for
running web apps natively on the Pocket PC's. It would seem a natural
match in my mind for geeks and their toys. Any pointers people have on
even just PHP running on Windows Mobile(Pocket PC) 2003 would be
appreciated. Another thing to look at is AppWeb, though it hasn't been
ported to the Windows Mobile platform yet, and I haven't figured out how
to compile it for that to see how hard the port would be.

James Kilbride

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] storing passwords in $_SESSION

[Dan Brow]

Thanks, figured that would be the case. Can't for life of me think why I
wanted to do that, must have had a brain infarction. I want to have an
expired session prompt so people can log back in with out having to
start at the login page. Would having the users login saved in $_SESSION
be alright? prompt them for their password and compare it with the
password in the DB be fine? I want to reduce the amount of typing
someone has to do when a session expires.

Thanks.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re[2]: [PHP] storing passwords in $_SESSION

[Richard Davey]

Hi Jay,

Monday, October 10, 2005, 7:36:12 PM, you wrote:

> I would think it neither safe nor practical. Once a user has logged
> in having the password in SESSION would be useless.

Agreed totally, I am curious as to why this question seems to get
asked a LOT though. I wonder what it is that causes this? (other than
inexperience) I mean there must be some common end result these
developers are hoping to obtain, resulting in a password being stashed
away in a session var.

I wonder if they're using it (+ a username) to perform a user look-up
on every page?

The mind boggles.

Cheers,

Rich
-- 
Zend Certified Engineer
http://www.launchcode.co.uk

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Pocket PC(Mobile 2003 particularly)

[Jim Moseby]

> > > 
> > > I am looking for a build of apache(or any http server) with 
> > PHP5 that 
> > > works for Pocket PC's. Specifically Windows Mobile. Can 
> > anybody point 
> > > me in a good direction to head in my search? I'm working 
> > here with the 
> > > PHP list because quite frankly PHP is the critical part of 
> > this in my 
> > > mind.
> > > Thanks.
> > > 
> > 
> > Hi James,
> > 
> > When you say "works for Pocket PC's", do you mean you want to 
> > host Apache/PHP on Pocket PC to act as a server or that you 
> > want to develop webpages on a server running PHP/Apache that 
> > can be accessed by Pocket PC clients?  If the former, I 
> > dunno, and why would you want to? If the latter, any version 
> > of Apache/PHP will work.
> > 
> The first. As to why? I have web applications that currently 
> run on the
> server, or will, that I want to be available through the Pocket PC's.
> These Pocket PC's will not have network connectivity at the time of
> access but will have the necessary database fragments to allow the
> applications to run. I want to run the same code on both the 
> Pocket PC's
> and the Webserver, in terms of the PHP. As such I need an Apache/PHP
> server that runs on the Pocket PC's to display and run the 
> pages on the
> Pocket PC's.
> 
> Answer your question?
> 
> James Kilbride

Hi James,

Perfectly.  After a _brief_ search, I could only find one web server for a
mobile platform, in this case WindowsCE.  http://www.cam.com/vxweb.html.  It
does have CGI support, though I'm not sure if it will help you.

The real question for this group is whether there is a PHP binary for
PocketPC, of if anyone has looked into porting the code.  I found a few hits
from 2002 where it was apparently discussed, but nothing definitive.

JM

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] storing passwords in $_SESSION

[Richard Davey]

Hi Dan,

Monday, October 10, 2005, 7:43:31 PM, you wrote:

> How secure is it to save a password in $_SESSION.

> i.e. $_SESSION['password'] 

> is it safe and is it practical?

No, and no (well, not if you want to be safe)

More to the point - why would you ever want to? If you've found
yourself in a situation where the only option open to you is this, you
need to hit the drawing board again and re-design your application.
Big time.

Cheers,

Rich
-- 
Zend Certified Engineer
http://www.launchcode.co.uk

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] storing passwords in $_SESSION

[Philip Hallstrom]

How secure is it to save a password in $_SESSION.

i.e. $_SESSION['password']

is it safe and is it practical?


Probably not.  If you're on a shared server, I could write a PHP script to 
look in /tmp and read the contents of every session file there...


-philip

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] storing passwords in $_SESSION

[Jay Blanchard]

[snip]
How secure is it to save a password in $_SESSION.

i.e. $_SESSION['password'] 

is it safe and is it practical?
[/snip]

I would think it neither safe nor practical. Once a user has logged in
having the password in SESSION would be useless.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] storing passwords in $_SESSION

[Dan Brow]

How secure is it to save a password in $_SESSION.

i.e. $_SESSION['password'] 

is it safe and is it practical?

Thanks,
Dan.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Having resource variables over several scripts

[Benjamin Mack]

Hey,

actually, the key problem is that:
I installed this ssh2 extension and want to connect to e.g. a server, 
and then, maybe on the next page, enter a command that will be executed 
on that server and so on. I can't connect to a server everytime (or: i 
COULD but I don't want to) because it takes a whole lot of time to do this.

  http://www.php.net/manual/en/function.ssh2-connect.php
the connection I receive there is a resource.

Maybe I'll find a way with not exiting a script...

--
greetings,
benni.
-SDG-


Jeffrey Santos wrote:

I was under the impression he was using the resource to get information then
trying to pass that information... rereading it makes it seem otherwise, so
sorry for the false information :-P  I've never actually tried passing
resources themselves among scripts so TG is most likely correct.  As far as
not exiting the script, that wouldn't seem very efficient and you might be
better off just reaccessing the resources as needed.

- Jeff
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
Sent: Monday, October 10, 2005 1:10 PM

To: php-general@lists.php.net
Subject: RE: [PHP] Having resource variables over several scripts

Ok, first let me disclaim that there are definitely a lot of people a lot
smarter than me out there who may have figured this one out already, but as
far as I know, resources like open file handles, database connection
handles, objects, etc..  but especially anything that returns a resource
number are not going to be carried over from one script execution to
another.

If I recall properly, lets say script1.php opens a file, that's resource #1,
then it opens a database connection, that's resource #2, etc..

Now let's say script2.php opens a database connection first, that's resource
#1 for that script, then opens another database connection, that's resource
#2, now it opens a file, that's resource #3..   


So the 'resource' number isn't tied to a certain type of handle (file, db
connection, etc), it's based on the order of resources allocated.

That's only semi-related to what you're talking about, but thought it was
worth mentioning.

But I believe all of these resources are freed up as soon as the script
finishes executing thereby necessitating re-opening files, db connections,
recreating objects, (maybe objects can be serialized, I forget) when the
next script is executed.  No carry-over possible.


The solution?  Don't exit the script.  Unfortunately in an web environment
you can't really keep a php script executing unless you create a php based
server that your scripts connect to (doesn't have to be php based really..
just any server that listens and can keep files open for as long as they're
needed).

Or maybe try to consolidate your file operations, in this case, so you can
do it all in one pass.  Don't open a file, read one little thing, close
it...  re-open it.. read something else... close it..  user makes changes..
opens file again.. writes changes.. closes it.  read once and write
once..See if you can streamline it somehow.

Just some thoughts off the top of my head.  Again, maybe someone else has a
better answer, but I can't see how you'd avoid opening and closing each time
unless you had a back-end server type program running.

-TG



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: Testing a String for 'most' Capitalised

[zzapper]

On Mon, 10 Oct 2005 15:27:05 +0100,  wrote:

>On 10/10/05, zzapper <[EMAIL PROTECTED]> wrote:
>> Hi,
>>
>> Image that there could be a string
>>
>> fred
>> Fred
>> FRED
>>
>> First of all I need to know that these are same which I can do with 
>> strtolower, but how could I tell
>> that 'FRED' is 'most captilised?

Thanx 4 various replies. In fact speed is more important 4 me than exactitude 
as it's right inside a
critical loop.

I think strcmp will do the biz even though it sees fred as being greater than 
Fred ?!?



-- 
zzapper
Success for Techies and Vim,Zsh tips
http://SuccessTheory.com/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Having resource variables over several scripts

[Jeffrey Santos]

I was under the impression he was using the resource to get information then
trying to pass that information... rereading it makes it seem otherwise, so
sorry for the false information :-P  I've never actually tried passing
resources themselves among scripts so TG is most likely correct.  As far as
not exiting the script, that wouldn't seem very efficient and you might be
better off just reaccessing the resources as needed.

- Jeff
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
Sent: Monday, October 10, 2005 1:10 PM
To: php-general@lists.php.net
Subject: RE: [PHP] Having resource variables over several scripts

Ok, first let me disclaim that there are definitely a lot of people a lot
smarter than me out there who may have figured this one out already, but as
far as I know, resources like open file handles, database connection
handles, objects, etc..  but especially anything that returns a resource
number are not going to be carried over from one script execution to
another.

If I recall properly, lets say script1.php opens a file, that's resource #1,
then it opens a database connection, that's resource #2, etc..

Now let's say script2.php opens a database connection first, that's resource
#1 for that script, then opens another database connection, that's resource
#2, now it opens a file, that's resource #3..   

So the 'resource' number isn't tied to a certain type of handle (file, db
connection, etc), it's based on the order of resources allocated.

That's only semi-related to what you're talking about, but thought it was
worth mentioning.

But I believe all of these resources are freed up as soon as the script
finishes executing thereby necessitating re-opening files, db connections,
recreating objects, (maybe objects can be serialized, I forget) when the
next script is executed.  No carry-over possible.


The solution?  Don't exit the script.  Unfortunately in an web environment
you can't really keep a php script executing unless you create a php based
server that your scripts connect to (doesn't have to be php based really..
just any server that listens and can keep files open for as long as they're
needed).

Or maybe try to consolidate your file operations, in this case, so you can
do it all in one pass.  Don't open a file, read one little thing, close
it...  re-open it.. read something else... close it..  user makes changes..
opens file again.. writes changes.. closes it.  read once and write
once..See if you can streamline it somehow.

Just some thoughts off the top of my head.  Again, maybe someone else has a
better answer, but I can't see how you'd avoid opening and closing each time
unless you had a back-end server type program running.

-TG

= = = Original message = = =

Ben,

If you grab the resource and store it in a variable, you certainly should be
able to send it via GET or POST.  For that matter, you should be able to
store the information in a SESSION variable too, so I'm not sure what is
going wrong.  Could you email the code you are using to grab the resource
variable and the code to store it in a session?


- Jeff

-Original Message-
From: Benjamin Mack [mailto:[EMAIL PROTECTED] 
Sent: Monday, October 10, 2005 11:03 AM
To: php-general@lists.php.net
Subject: [PHP] Having resource variables over several scripts

Hey,

I am trying to have e.g. a file opened over several scripts. When 
opening a file with "fopen" I receive a variable of the type resource 
(like "Resource ID #3"), but when I try to save this variable in the 
SESSION and try to use it on another page, I get a "null" variable.

Because I need to have the same and exact resource (not opened every 
time I load a new page) and since it is apparently not possible to store 
it in a session, I wanted to ask if somebody had the same issue once, 
and maybe there is some help out there.
Could I somehow serialize the resource, then give it to another page via 
GET or POST?

I would really appreciate if somebody has some hints...

Thanks,
benni.
-SDG-

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


___
Sent by ePrompter, the premier email notification software.
Free download at http://www.ePrompter.com.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Store a variable name in a database field.

[Liam Delahunty]

I'm sure this is a pretty basic question, but I have searched for a
decent answer and can't find one.

I have a client that want to be able to write newsletters
(newsleters_tbl.email_body) and use fields from his contact table, so
as we grind through the contact list for newsletters subscribers it
may pull out $first_name, or $last_name, or perhaps the address and so
on, and send an individual email and have it in the $email_body field
from another table.

$email_body is a free form text field, and he wants to be able to type
in anything he desires and have it pulled from the contact table.

I've tried with and without addslashes, and htmlentities. Is there a
solution or I will I have to resort to getting him to use
{{$first_name}} etc.

Lastly, if I have to use {{whatever}} then what's the reason I can't
use $field_name in the database?

--
Kind regards,
Liam Delahunty

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Having resource variables over several scripts

[tg-php]

Ok, first let me disclaim that there are definitely a lot of people a lot 
smarter than me out there who may have figured this one out already, but as far 
as I know, resources like open file handles, database connection handles, 
objects, etc..  but especially anything that returns a resource number are not 
going to be carried over from one script execution to another.

If I recall properly, lets say script1.php opens a file, that's resource #1, 
then it opens a database connection, that's resource #2, etc..

Now let's say script2.php opens a database connection first, that's resource #1 
for that script, then opens another database connection, that's resource #2, 
now it opens a file, that's resource #3..   

So the 'resource' number isn't tied to a certain type of handle (file, db 
connection, etc), it's based on the order of resources allocated.

That's only semi-related to what you're talking about, but thought it was worth 
mentioning.

But I believe all of these resources are freed up as soon as the script 
finishes executing thereby necessitating re-opening files, db connections, 
recreating objects, (maybe objects can be serialized, I forget) when the next 
script is executed.  No carry-over possible.


The solution?  Don't exit the script.  Unfortunately in an web environment you 
can't really keep a php script executing unless you create a php based server 
that your scripts connect to (doesn't have to be php based really.. just any 
server that listens and can keep files open for as long as they're needed).

Or maybe try to consolidate your file operations, in this case, so you can do 
it all in one pass.  Don't open a file, read one little thing, close it...  
re-open it.. read something else... close it..  user makes changes..   opens 
file again.. writes changes.. closes it.  read once and write once..See 
if you can streamline it somehow.

Just some thoughts off the top of my head.  Again, maybe someone else has a 
better answer, but I can't see how you'd avoid opening and closing each time 
unless you had a back-end server type program running.

-TG

= = = Original message = = =

Ben,

If you grab the resource and store it in a variable, you certainly should be
able to send it via GET or POST.  For that matter, you should be able to
store the information in a SESSION variable too, so I'm not sure what is
going wrong.  Could you email the code you are using to grab the resource
variable and the code to store it in a session?


- Jeff

-Original Message-
From: Benjamin Mack [mailto:[EMAIL PROTECTED] 
Sent: Monday, October 10, 2005 11:03 AM
To: php-general@lists.php.net
Subject: [PHP] Having resource variables over several scripts

Hey,

I am trying to have e.g. a file opened over several scripts. When 
opening a file with "fopen" I receive a variable of the type resource 
(like "Resource ID #3"), but when I try to save this variable in the 
SESSION and try to use it on another page, I get a "null" variable.

Because I need to have the same and exact resource (not opened every 
time I load a new page) and since it is apparently not possible to store 
it in a session, I wanted to ask if somebody had the same issue once, 
and maybe there is some help out there.
Could I somehow serialize the resource, then give it to another page via 
GET or POST?

I would really appreciate if somebody has some hints...

Thanks,
benni.
-SDG-

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


___
Sent by ePrompter, the premier email notification software.
Free download at http://www.ePrompter.com.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Having resource variables over several scripts

[Jeffrey Santos]

Ben,

If you grab the resource and store it in a variable, you certainly should be
able to send it via GET or POST.  For that matter, you should be able to
store the information in a SESSION variable too, so I'm not sure what is
going wrong.  Could you email the code you are using to grab the resource
variable and the code to store it in a session?


- Jeff

-Original Message-
From: Benjamin Mack [mailto:[EMAIL PROTECTED] 
Sent: Monday, October 10, 2005 11:03 AM
To: php-general@lists.php.net
Subject: [PHP] Having resource variables over several scripts

Hey,

I am trying to have e.g. a file opened over several scripts. When 
opening a file with "fopen" I receive a variable of the type resource 
(like "Resource ID #3"), but when I try to save this variable in the 
SESSION and try to use it on another page, I get a "null" variable.

Because I need to have the same and exact resource (not opened every 
time I load a new page) and since it is apparently not possible to store 
it in a session, I wanted to ask if somebody had the same issue once, 
and maybe there is some help out there.
Could I somehow serialize the resource, then give it to another page via 
GET or POST?

I would really appreciate if somebody has some hints...

Thanks,
benni.
-SDG-

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Testing a String for 'most' Capitalised

[Jochem Maas]

Greg Donald wrote:

On 10/10/05, Jochem Maas <[EMAIL PROTECTED]> wrote:


I AM NOT THE OP THANKS, I'm quite capable of solving
such a problem without the help of people who don't bother
to think beyond 'sample data' ...



Yeah, everyone should read minds automatically, I agree.


I guess reading the question was out of the question?

and as for me not being the OP - might I suggest a decent
new reader or mail client so you can actually view the
thread structure?





It's bloody obvious that
the data in question (sample or not) will not be in an order
that means the string with the most capital letters will be
'top of the list' after a sort().



No sense in getting your panties in a bloody wad.  Did I say that
right?  I so rarely get to use 'bloody' in programming conversation. 


you didn't say that right IFAICT. try exchanging 'wad' for 'panties'
- now you have an idiom.


The code I posted works with the sample data provided.  Sorry if it


right. but it doesn't answer the question, so you have probably
confused the OP (or the confusion will arise some four weeks after having
implemented your suggestion when he realises _something_ is not working as it
should) - although given the direction of this thread he has no
more excuse for not knowing that your cute trick will get him into 'trouble'.


bothers you that I didn't test it with a full dictionary word list.



the oxford abridged version would have sufficed. ;-)




*shrug* is rather blasee btw.



http://dictionary.reference.com/search?q=blasee

Blase?  Why yes..  that's me in a nutshell.


my point being that 'blase' is not a positive attribute
for an engineer. we can agree to disagree on that one though!

"the blase NASA launch engineer didn't bother to check
 the fuel line all the way through because it had passed
all the checks on a previous run."

"BOOM"



--
Greg Donald
Zend Certified Engineer
MySQL Core Certification
http://destiney.com/


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Pocket PC(Mobile 2003 particularly)

[Jim Moseby]

> -Original Message-
> From: Kilbride, James [mailto:[EMAIL PROTECTED]
> Sent: Monday, October 10, 2005 11:45 AM
> To: php-general@lists.php.net
> Subject: [PHP] Pocket PC(Mobile 2003 particularly)
> 
> 
> I am looking for a build of apache(or any http server) with PHP5 that
> works for Pocket PC's. Specifically Windows Mobile. Can 
> anybody point me
> in a good direction to head in my search? I'm working here 
> with the PHP
> list because quite frankly PHP is the critical part of this 
> in my mind.
> Thanks.
> 

Hi James,

When you say "works for Pocket PC's", do you mean you want to host
Apache/PHP on Pocket PC to act as a server or that you want to develop
webpages on a server running PHP/Apache that can be accessed by Pocket PC
clients?  If the former, I dunno, and why would you want to? If the latter,
any version of Apache/PHP will work.

JM

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Pocket PC(Mobile 2003 particularly)

[Kilbride, James]

I am looking for a build of apache(or any http server) with PHP5 that
works for Pocket PC's. Specifically Windows Mobile. Can anybody point me
in a good direction to head in my search? I'm working here with the PHP
list because quite frankly PHP is the critical part of this in my mind.
Thanks.

James Kilbride

[PHP] pgpgacl usage...

[bruce]

hey...

is there anyone here, who's actually used the phpgacl functions in an actual
app... i'm looking for comments on the pros/cons/etc...

thanks

-bruce
[EMAIL PROTECTED]

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Testing a String for 'most' Capitalised

[Greg Donald]

On 10/10/05, Jochem Maas <[EMAIL PROTECTED]> wrote:
> I AM NOT THE OP THANKS, I'm quite capable of solving
> such a problem without the help of people who don't bother
> to think beyond 'sample data' ...

Yeah, everyone should read minds automatically, I agree.

> It's bloody obvious that
> the data in question (sample or not) will not be in an order
> that means the string with the most capital letters will be
> 'top of the list' after a sort().

No sense in getting your panties in a bloody wad.  Did I say that
right?  I so rarely get to use 'bloody' in programming conversation. 
The code I posted works with the sample data provided.  Sorry if it
bothers you that I didn't test it with a full dictionary word list.

> *shrug* is rather blasee btw.

http://dictionary.reference.com/search?q=blasee

Blase?  Why yes..  that's me in a nutshell.


--
Greg Donald
Zend Certified Engineer
MySQL Core Certification
http://destiney.com/

[PHP] Having resource variables over several scripts

[Benjamin Mack]

Hey,

I am trying to have e.g. a file opened over several scripts. When 
opening a file with "fopen" I receive a variable of the type resource 
(like "Resource ID #3"), but when I try to save this variable in the 
SESSION and try to use it on another page, I get a "null" variable.


Because I need to have the same and exact resource (not opened every 
time I load a new page) and since it is apparently not possible to store 
it in a session, I wanted to ask if somebody had the same issue once, 
and maybe there is some help out there.
Could I somehow serialize the resource, then give it to another page via 
GET or POST?


I would really appreciate if somebody has some hints...

Thanks,
benni.
-SDG-

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Testing a String for 'most' Capitalised

[Jochem Maas]

Greg Donald wrote:

On 10/10/05, Jochem Maas <[EMAIL PROTECTED]> wrote:


cute - but it doesn't always work e.g.:

$a = array( "FrEDDie", "fREDdIE", "FReddie" );
sort( $a );
echo $a[ 0 ]; // we want the 2nd item from the unsort array



Works for the sample data you first posted.  *shrug*


I AM NOT THE OP THANKS, I'm quite capable of solving
such a problem without the help of people who don't bother
to think beyond 'sample data' ...  It's bloody obvious that
the data in question (sample or not) will not be in an order
that means the string with the most capital letters will be
'top of the list' after a sort().

*shrug* is rather blasee btw.




--
Greg Donald
Zend Certified Engineer
MySQL Core Certification
http://destiney.com/


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Testing a String for 'most' Capitalised

[Robin Vickery]

On 10/10/05, zzapper <[EMAIL PROTECTED]> wrote:
> Hi,
>
> Image that there could be a string
>
> fred
> Fred
> FRED
>
> First of all I need to know that these are same which I can do with 
> strtolower, but how could I tell
> that 'FRED' is 'most captilised?


strlen(preg_replace('/[^[:upper:]]/', '', $b)) ? $a : $b;
}

?>

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Testing a String for 'most' Capitalised

[Greg Donald]

On 10/10/05, Jochem Maas <[EMAIL PROTECTED]> wrote:
> cute - but it doesn't always work e.g.:
>
> $a = array( "FrEDDie", "fREDdIE", "FReddie" );
> sort( $a );
> echo $a[ 0 ]; // we want the 2nd item from the unsort array

Works for the sample data you first posted.  *shrug*


--
Greg Donald
Zend Certified Engineer
MySQL Core Certification
http://destiney.com/

[PHP] Remove X-PHP-SCRIPT from mail header

[Mike Pogue]

Hello!
 I'm looking for a way to remove or disable X-PHP-SCRIPT from mail headers,
then sending emails from a PHP script. (now just shows the location of my
php script)
Do I have to recompile PHP for this? or just set a param in php.ini?
 Any ideas are very appreciated.
 many thanks,
Mike

Re: [PHP] Testing a String for 'most' Capitalised

[Jochem Maas]

Greg Donald wrote:

On 10/10/05, zzapper <[EMAIL PROTECTED]> wrote:


Image that there could be a string

fred
Fred
FRED

First of all I need to know that these are same which I can do with strtolower,
but how could I tell




$a = array( 'fred', 'Fred', 'FRED' );
sort( $a );
echo $a[ 0 ];



cute - but it doesn't always work e.g.:

$a = array( "FrEDDie", "fREDdIE", "FReddie" );
sort( $a );
echo $a[ 0 ]; // we want the 2nd item from the unsort array



--
Greg Donald
Zend Certified Engineer
MySQL Core Certification
http://destiney.com/


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Testing a String for 'most' Capitalised

[Mark Rees]

> > Image that there could be a string
> > fred
> > Fred
> > FRED

It isn't hard to do.

> > First of all I need to know that these are same which I can do with
> > strtolower

Also note strcasecmp for this task -
http://uk2.php.net/manual/en/function.strcasecmp.php

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Testing a String for 'most' Capitalised

[Greg Donald]

On 10/10/05, zzapper <[EMAIL PROTECTED]> wrote:
> Image that there could be a string
>
> fred
> Fred
> FRED
>
> First of all I need to know that these are same which I can do with 
> strtolower,
> but how could I tell


$a = array( 'fred', 'Fred', 'FRED' );
sort( $a );
echo $a[ 0 ];


--
Greg Donald
Zend Certified Engineer
MySQL Core Certification
http://destiney.com/

Re: [PHP] Testing a String for 'most' Capitalised

[Chris Boget]

Image that there could be a string
fred
Fred
FRED
First of all I need to know that these are same which I can do with 
strtolower, but how could I tell

that 'FRED' is 'most captilised?


Iterate through the string and count the number of capitalised letters.
You can do something like this (untested pseudocode)

$myStr = "Fred";
$numOfCapLetters = 0;
$curLetter = '';

for( $i = 0; $i <= strlen( $myStr ); $i++ ) {
 $curLetter = $myStr{$i};
 if( strtoupper( $curLetter ) == $curLetter ) {
   $numOfCapLetters++;

 }
}

then just compare the $numOfCapLetters for each string.

thnx,
Chris 


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Testing a String for 'most' Capitalised

[zzapper]

Hi,

Image that there could be a string

fred
Fred
FRED

First of all I need to know that these are same which I can do with strtolower, 
but how could I tell
that 'FRED' is 'most captilised?
-- 
zzapper
Success for Techies and Vim,Zsh tips
http://SuccessTheory.com/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] getting php to generate a 503

[Jochem Maas]

[EMAIL PROTECTED] wrote:

I want to write a php page that can return a 503 with some useful
information. 




try

header("Status: 503 Service Unavailable");


echo "Page execution failed.\n";
   
?>


Is what I've done so far - yet it doesn't work, the headers don't seem to be
modified and my page just returns the echoed contet and both firefox and IE
blithely ignore the fact that I set the server unavailable header :( can
anyone give me a clue as to what I've done wrong?

Cheers,

 - Alex



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] getting php to generate a 503

[dnwo]

I want to write a php page that can return a 503 with some useful
information. 



Is what I've done so far - yet it doesn't work, the headers don't seem to be
modified and my page just returns the echoed contet and both firefox and IE
blithely ignore the fact that I set the server unavailable header :( can
anyone give me a clue as to what I've done wrong?

Cheers,

 - Alex

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] PHP5 Soap + .NET Webservice

[Chris Hemmings]

Hello,

Can anyone explain how this works, and, how to fix it.  I'm can't find 
any documentation on the problem I am having.


I'm using a .NET webservice and a PHP SOAP call using version 5.0.4. 
The returned result does not seem correct because of all the stuff at 
the top, the 'xs' stuff.  This makes the result invalid XML because 
there are two roots to the document,  and 


I use the following call to the service and this seems to work correctly.

http://xxx/authorswebservice/authorsservice.asmx?WSDL";
);
$response=$client->GetAuthors();
$xmls=$response->GetAuthorsResult->any;
?>

$xmls then contains:

http://www.tempuri.org/authors1.xsd"; 
xmlns="http://www.tempuri.org/authors1.xsd"; 
xmlns:xs="http://www.w3.org/2001/XMLSchema"; 
xmlns:msdata="urn:schemas-microsoft-com:xml-msdata" id="authors1" 	 
targetNamespace="http://www.tempuri.org/authors1.xsd"; 
attributeFormDefault="qualified" elementFormDefault="qualified">






















xmlns:diffgr="urn:schemas-microsoft-com:xml-diffgram-v1">

http://www.tempuri.org/authors1.xsd";>

807-91-6654
Panteley
Sylvia
Rockville


846-92-7186
Hunter
Sheryl
Palo Alto


893-72-1158
McBadden
Heather
Vacaville


899-46-2035
Ringer
Anne
Salt Lake City


998-72-3567
Ringer
Albert
Salt Lake City




Any thoughts why this is happening, and, how I can get rid of the 'xs' 
stuff.


Thanks,

Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] How do I POST data with headers & make the browser follow?

[Mark Rees]

> basically what I am working on is integrating a step inbetween the
checkout
> and the payment gateway processing.
>
> The cardholder information is checked for enrolment in the first step, if
> the cardholder is enrolled he will need to authenticate himself by
password
> (this is where the 2nd page comes in) if the authentication is successfull
> he is forwarded to the 3rd page where the payment gateway processing takes
> place.
>
> It's like any other online payment integration i have done before but this
> time there is this extra step required due to Visa's and Mastercards new
> security feature.
>
> I didn't see an issue with passing this information along since it's
already
> used in the verification of the cardholder which also requires
> the card number.
>
> I do require the payment info again on page 3 to pass it along to the
> payment gateway, but didn't want to store it on my end for that.
>
> What I gather from Richards answer earlier that the difference between
> $_POST, $_GET or $_COOKIE, $_SESSION is almost irrelevant, I might
> as well store the detail in a session to be able to use them on page
> 3 it seems.

Are you storing people's credit card numbers locally - if so, why? It seems
like you are using them to identify users? (if that's what I am to infer
from

" I didn't see an issue with passing this information along since it's
already  used in the verification of the cardholder which also requires  the
card number."

If you are, consider using email addresses instead.

If you need to check whether someone already has an account with you or
whatever, do it before you take their payment details and save yourself this
bother.

Or are you using 3d secure or similar, when the user has to enter their
password/security code on the payment provider's website? That means you
have to make 2 requests with the payment data, to different websites, is
that right? One way around this might be to ask for the security code anyway
at the first step, otherwise you are stuck with persisting the information
locally.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] caching parsed XML files as DOM objects in memory

[Petr Smith]

I'm writing template
library based on XML. But it's not very efficient to create new
DomDocument, load XML template, process it and show on every page hit.
XML parsing is not very fast, and because I'm parsing XHTML with
entities, all DTD's are parsed too. I thought about something similar
to
java - there I can have servlet which lives all the time the server
lives. It can load XML and parse it only for the first time and send
DOM
objects to another servlets.
I need something similar with PHP, can it be done?



I think you might want to avoid trying to do it the Java way in PHP.

PHP is share-none by architectural design, not accident, so that you
can scale up by throwing as much cheap/stock hardware at it as you can
afford instead of being forced to buy a single bigger hardware box in
the center for the shared data.

It would probably make a lot more sense to store whatever you use to
uniquely identify your XML source and the results in a database or
filesystem, and then compare time-stamps in some simple business logic
to decide to re-parse or serve from cache.

Yes, that does just foist off the shared-data to the database, or
file-system -- but those systems are specifically designed to handle
this task for a long time now with a lot of heavily tested and
optimized code.  PHP and even Java can't really match that level of
testing/optimization yet simply due to relative ages.

If db and filesystem are "too slow" or you already have too many
machines running this code-base, you could write your own PHP "XML
cache server" that takes an XML id and either gets it from the db/file
cache, or parses the true original, and set up your own "server" for
this express purpose and really make it scream on speed...  That's
quite a bit of work, though, and for the simplicity of the code
involved, you may be better off writing it as a C application... Or
out-sourcing that bit of code to be written with specific timing
targets for the employee to meet/beat to get their just due $$$.



Thanks for lot of ideas, you are probably right I'm trying to think it 
the "java way".
But my main bottleneck is the XML parsing part, so I was trying to avoid 
it somehow. It is also more slower because my XML is not "normal" XML, 
but XHTML file so I need to have resolveExternals=true to parse files 
with XHTML entities (  < etc.)
So I cannot cache my final objects to files or database, because it 
involves some sort of serialization and later (when accessing the cache) 
some unserialization (the slow parse part).

That was the reason I thought about caching in memory.
I'm sure I can setup some "XML cache server" but again, how will I 
exchange data with it? I cannot move all object trees between servers 
(XML files couldn't be serialized).
There is last chance to write some C extension, but why use PHP then? I 
can write it all in C, also with my own HTTP server :)
I think there should be some way to have all objects (including PHP 
internal) stored somewhere in memory and "living" all the time the web 
server lives. It solves many types of problems.


Petr

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] GET variables and mySQL functions inside an Image header.

[Gustav Wiberg]

- Original Message - 
From: "Kristopher Kane" <[EMAIL PROTECTED]>

To: 
Sent: Monday, October 10, 2005 8:33 AM
Subject: [PHP] GET variables and mySQL functions inside an Image header.


I am currently in Afghanistan and don't have much access to look these
questions up. I consider them basic and regret having to post them here.
When passing variables using GET as in:
index.php?first=value?second=value
My script is reading the first value, however through an included file and
another function, it can't read the second. What scope do these variables
have? Or what other reasons for not being able to read the variables might
there be?

Try index.php?first=value&second=value
(Use & instead of questionmark after first variable)

/G
http://www.varupiraten.se/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] GET variables and mySQL functions inside an Image header.

[David Tulloh]

Kristopher Kane wrote:


I am currently in Afghanistan and don't have much access to look these
questions up. I consider them basic and regret having to post them here.
When passing variables using GET as in:
index.php?first=value?second=value
My script is reading the first value, however through an included file and
another function, it can't read the second. What scope do these variables
have? Or what other reasons for not being able to read the variables might
there be?
 


Your GET syntax is wrong, you should be using:

index.php?first=value&second=value

The way you were doing it you should see the second variable contained within 
the first value.




Second:
When dynamcially creating an image:
I am drawing an image based on data retreived from a mySQL resource.
However, my DB code is in the same file as the php image file and I get the
non-descriptive error of "Error in the image 'url'" Are you allowed to do
any other functions inside an image header other than image functions?
(Functions being; open a connection to mySQL and do queries)
Thank you for your help,
-Kristopher Kane

 



You can use any valid PHP code before or after sending an image header 
so long as you don't inadvertantly output to the browser.  I am not sure 
what that error message means though, I'm sure someone who uses the 
image functions more frequently could give you some clues.



David

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php