Re: [PHP] 404 ErrorDocument in safe mode
quoth the Petr Kodytek: Hallo, I've problem with 404 ErrorDocument in safe mode on version 5.1.0RC1. I'm using error script to redirect nonexisting URLs to pages with content from database (something like mod_rewrite). After when my webhosting provider upgrades to 5.1.0RC1 my pages returns this error message : === = *Warning*: Unknown: SAFE MODE Restriction in effect. The script whose uid is 46790 is not allowed to access /path/to/404.phtml owned by uid 23708 in *Unknown* on line *0* *Warning*: Unknown: failed to open stream: No such file or directory in *Unknown* on line *0* *Warning*: Unknown: Failed opening '/path/to/404.phtml' for inclusion (include_path='.') in *Unknown* on line *0 *== == Note : /path/to/404.phtml is not real path, I'm changed it only for illustration * *When I'm trying to open 404.phtml script directly from browser everything gone OK. Have anyone idea to fix this. Sorry for my English. -- Kody First thing to check is that your server has permissions to read the script, as there seems to be a permissions problem here. More details about your server setup might help to diagnose this further... -d -- darren kirby :: Part of the problem since 1976 :: http://badcomputer.org ...the number of UNIX installations has grown to 10, with more expected... - Dennis Ritchie and Ken Thompson, June 1972 pgp8pIyqOJf8w.pgp Description: PGP signature
[PHP] How to know?
Hi there! I have a string like this... (envorinment string) HOSTfriggAUDIODEV/tmp/SUNWut/dev/utaudio/8dtstart_sessionlogfile/dev/nullDTSCREENSAVERLISTStartDtscreenBlankXMBINDDIR/usr/dt/lib/bindingsUTAUDIODEV/tmp/SUNWut/dev/utaudio/8AB_CARDCATALOG/usr/dt/share/answerbooks/C/ab_cardcatalogLC_ALLCDTLOGINDISPLAYCLASSSunRayOSTYPEsolarisPWD/home/student/2003/a03guswi/ht05USERa03guswiSESSION_SVRfriggLANGCLOGNAMEa03guswiGROUPstudentGNOME_DESKTOP_SESSION_IDDefaultG_BROKEN_FILENAMESyesSHLVL2XMICONBMSEARCHPATH/home/student/2003/a03guswi/.dt/icons/%B%M.bm:/home/student/2003/a03guswi/.dt/icons/%B%M.pm:/home/student/2003/a03guswi/.dt/icons/%B:/usr/dt/appconfig/icons/%L/%B%M.bm:/usr/dt/appconfig/icons/%L/%B%M.pm:/usr/dt/appconfig/icons/%L/%B:/usr/dt/appconfig/icons/C/%B%M.bm:/usr/dt/appconfig/icons/C/%B%M.pm:/usr/dt/appconfig/icons/C/%BPATH/usr/local/bin/system:/usr/bin:/usr/openwin/bin:/opt/SUNWspro/bin:/usr/ccs/bin:/usr/ucb:/opt/SUNWut/bin:/usr/sfw/bin:/opt/sfw/bin:/usr/local/bin:/openpkg/bin:/usr/dt/bin:.WINDOWID9437227DTXSERVERLOCATIONlocalCOLORTERMgnome-terminalHELPPATH/usr/openwin/lib/locale:/usr/openwin/lib/helpHOSTTYPEsun4DTDEVROOT/tmp/SUNWut/sessions/34TERMxtermHOME/home/student/2003/a03guswiCORONA_TOKENpseudo.080020b9346fXFILESEARCHPATH/usr/openwin/lib/locale/%L/%T/%N%S:/usr/openwin/lib/%T/%N%SMANPATH/usr/man:/usr/openwin/man:/usr/dt/man:/usr/local/man:/opt/SUNWspro/man:/openpkg/man:/opt/SUNWut/man:/usr/sfw/man:/opt/sfw/manDISPLAYfrigg:34DTHELPSEARCHPATH/home/student/2003/a03guswi/.dt/help/a03guswi-frigg-34/%H:/home/student/2003/a03guswi/.dt/help/a03guswi-frigg-34/%H.sdl:/home/student/2003/a03guswi/.dt/help/a03guswi-frigg-34/%H.hv:/home/student/2003/a03guswi/.dt/help/%H:/home/student/2003/a03guswi/.dt/help/%H.sdl:/home/student/2003/a03guswi/.dt/help/%H.hv:/usr/dt/appconfig/help/%L/%H:/usr/dt/appconfig/help/%L/%H.sdl:/usr/dt/appconfig/help/%L/%H.hv:/usr/dt/appconfig/help/C/%H:/usr/dt/appconfig/help/C/%H.sdl:/usr/dt/appconfig/help/C/%H.hvGTK_RC_FILES/etc/gtk/gtkrc:/home/student/2003/a03guswi/.gtkrc-1.2-gnome2EDITOR/usr/dt/bin/dtpadMAIL/var/mail/a03guswiTZMETSDT_NO_DTDBCACHE1DTDATABASESEARCHPATH/home/student/2003/a03guswi/.dt/types,/etc/dt/appconfig/types/%L,/etc/dt/appconfig/types/C,/usr/dt/appconfig/types/%L,/usr/dt/appconfig/types/CVENDORsunXMICONSEARCHPATH/home/student/2003/a03guswi/.dt/icons/%B%M.pm:/home/student/2003/a03guswi/.dt/icons/%B%M.bm:/home/student/2003/a03guswi/.dt/icons/%B:/usr/dt/appconfig/icons/%L/%B%M.pm:/usr/dt/appconfig/icons/%L/%B%M.bm:/usr/dt/appconfig/icons/%L/%B:/usr/dt/appconfig/icons/C/%B%M.pm:/usr/dt/appconfig/icons/C/%B%M.bm:/usr/dt/appconfig/icons/C/%BLC_CTYPECGNOME_KEYRING_SOCKET/var/tmp/keyring-6VSyxE/socketUTDEVROOT/tmp/SUNWut/sessions/34/unitSTART_SPECKEYSDnoSESSIONTYPEaltDtDTAPPSEARCHPATH/home/student/2003/a03guswi/.dt/appmanager:/etc/dt/appconfig/appmanager/%L:/etc/dt/appconfig/appmanager/C:/usr/dt/appconfig/appmanager/%L:/usr/dt/appconfig/appmanager/CDTUSERSESSIONa03guswi-frigg-34OPENWINHOME/usr/openwin_/usr/bin/gnome-sessionDESKTOP_STARTUP_IDSDT_NO_TOOLTALK1MACHTYPEsparcSHELL/bin/tcshSESSION_MANAGERlocal/frigg:/tmp/.ICE-unix/22161,inet6/frigg:38974,inet/frigg:[EMAIL PROTECTED],UTF-8SUN_SUNRAY_TOKENpseudo.080020b9346f I want to divide it into something like HOST=frigg AUDIODEV=HOSTfriggAUDIODEV/tmp/SUNWut/dev/utaudio/8dtstart_sessionlogfile/dev/null DTSCREENSAVERLISTS=tartDtscreenBlank XMBINDDIR=/usr/dt/lib/bindings UTAUDIODEV=/tmp/SUNWut/dev/utaudio/ 8AB_CARDCATALOG=/usr/dt/share/answerbooks/C/ab_cardcatalog LC_ALLCDTLOGINDISPLAYCLASS=SunRay
Re: [PHP] Login is not working. Please help....
try some code indentation to make it more readable. someone else pointed you to the 'user' 'name' mismatch already I see. twistednetadmin wrote: ... session_start(); switch (@$_GET['action']) // Gets set by the form action { case login: $sql = SELECT name FROM DB WHERE name='$_POST[user]'; $result = mysql_query($sql) or die(Couldn't execute query.); $num = mysql_num_rows($result); if ($num ==1) // loginname found { $sql = SELECT name FROM DB WHERE name='$_POST[user]' AND pass=password('$_POST[pass]'); $result2 = mysql_query($sql) or die(Couldn't execute query 2.); $num2 = mysql_num_rows($result2); if ($num2 0) // password is correct { $_SESSION['auth']=yes; $logname=$_POST['user']; $_SESSION['logname'] = $logname; header(Location: page1.php); } else // password is not correct { unset($action); header(Location: loginerror.php); } } elseif ($num == 0) // Wrong name. Name not in db { unset($action); header(Location: loginerror.php); } } ... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] test
please ignore. Sorry for the noise. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] test
please ignore -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] prevent user from getting scripts outside the web folder [this better?]
On 14 Oct 2005, at 04:48, David Robley wrote: That is incorrect. mysql_real_escape_string is a php function, not mysql. Mostly true: mysql_real_escape_string is a php function, but it's provided by the mysql extension as part of the mysql client libraries (which explains the name). It doesn't do anything significantly different to addslashes(), which is purely a PHP internal function. If you are writing database independent code, you should probably prefer addslashes (or things like adodb::qstr). Marcus -- Marcus Bointon Synchromedia Limited: Putting you in the picture [EMAIL PROTECTED] | http://www.synchromedia.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] 404 ErrorDocument in safe mode
darren kirby wrote: quoth the Petr Kodytek: Hallo, I've problem with 404 ErrorDocument in safe mode on version 5.1.0RC1. I'm using error script to redirect nonexisting URLs to pages with content from database (something like mod_rewrite). After when my webhosting provider upgrades to 5.1.0RC1 my pages returns this error message : === = *Warning*: Unknown: SAFE MODE Restriction in effect. The script whose uid is 46790 is not allowed to access /path/to/404.phtml owned by uid 23708 in *Unknown* on line *0* *Warning*: Unknown: failed to open stream: No such file or directory in *Unknown* on line *0* *Warning*: Unknown: Failed opening '/path/to/404.phtml' for inclusion (include_path='.') in *Unknown* on line *0 *== == Note : /path/to/404.phtml is not real path, I'm changed it only for illustration * *When I'm trying to open 404.phtml script directly from browser everything gone OK. Have anyone idea to fix this. Sorry for my English. -- Kody First thing to check is that your server has permissions to read the script, as there seems to be a permissions problem here. More details about your server setup might help to diagnose this further... -d When I open 404.phtml directly from browser ererything gone OK, no error message displayed. It looks like a different access method to the script on 404 error. I've tryed to create 404 script by other php script (to get server process uid on file), but it's still not working. -- kody -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Problem with special chars.
Hi all I have some problems when I make a string containing the following Malmö, Asunción to capital letters and then save it to a file. I use the following to make it to capital letters: $msg = mb_strtoupper($msg, HTML-ENTITIES); And this works just fine, everything looks as it should, but when I save it to a file, this is how it looks: MALMOuml;, ASUNCIOacute;N It seems it has problems with ó and Ö, does anybody know how this can be solved? I have tried some different encodings but nothing helps, I'm using PHP 4.3.2. Thx in advance for all help. /Erfan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Problem with special chars.
Erfan Shirazi wrote: Hi all I have some problems when I make a string containing the following Malmö, Asunción to capital letters and then save it to a file. I use the following to make it to capital letters: $msg = mb_strtoupper($msg, HTML-ENTITIES); ^- you are telling mb_strtoupper to encode your 'funky' chars into html entities. And this works just fine, everything looks as it should, but when I save it to a file, this is how it looks: MALMOuml;, ASUNCIOacute;N ^\ \-- notice the names: 'Ouml' meaning. 'O umlaut' It seems it has problems with ó and Ö, does anybody know how this it has no problems AFAICT, the characters you mention have been turned into html entities... these entities (in the form '' + xyz + ';') are shown in the browser as the relevant char. can be solved? I have tried some different encodings but nothing helps, the solution is to not convert to html entities, or (if its required) only converting to html entities when you want to output something to the browser I'm using PHP 4.3.2. Thx in advance for all help. /Erfan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Problem with special chars.
The problem is if I don't specify and encoding even an echo() on the string shows strange chars when I have made a mb_strtoupper() on the string. With HTML-ENTITIES at least it looked ok when you made an echo() but when saved in file it looks bad. Does anybody now what I can do in order to make the string into capital letters, be able to save it to a file and looking as it should look, that is: Asunción and not ASUNCIOacute;N? /Erfan Jochem Maas wrote: Erfan Shirazi wrote: Hi all I have some problems when I make a string containing the following Malmö, Asunción to capital letters and then save it to a file. I use the following to make it to capital letters: $msg = mb_strtoupper($msg, HTML-ENTITIES); ^- you are telling mb_strtoupper to encode your 'funky' chars into html entities. And this works just fine, everything looks as it should, but when I save it to a file, this is how it looks: MALMOuml;, ASUNCIOacute;N ^\ \-- notice the names: 'Ouml' meaning. 'O umlaut' It seems it has problems with ó and Ö, does anybody know how this it has no problems AFAICT, the characters you mention have been turned into html entities... these entities (in the form '' + xyz + ';') are shown in the browser as the relevant char. can be solved? I have tried some different encodings but nothing helps, the solution is to not convert to html entities, or (if its required) only converting to html entities when you want to output something to the browser I'm using PHP 4.3.2. Thx in advance for all help. /Erfan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Problem with special chars.
Erfan Shirazi wrote: The problem is if I don't specify and encoding even an echo() on the specify a different encoding if you don't want html entities. string shows strange chars when I have made a mb_strtoupper() on the string. With HTML-ENTITIES at least it looked ok when you made an echo() of course it looks ok - the browser is showing you the characters that the html entities represent. this string: 'Oacute;' ...is an html entity. but when saved in file it looks bad. time for you to find out (STFW) about html entities and encoding in general Does anybody now what I can do in order to make the string into capital try setting your encoding to 'UTF-8' or some such, your mileage may vary. letters, be able to save it to a file and looking as it should look, that is: Asunción and not ASUNCIOacute;N? /Erfan Jochem Maas wrote: Erfan Shirazi wrote: Hi all I have some problems when I make a string containing the following Malmö, Asunción to capital letters and then save it to a file. I use the following to make it to capital letters: $msg = mb_strtoupper($msg, HTML-ENTITIES); ^- you are telling mb_strtoupper to encode your 'funky' chars into html entities. And this works just fine, everything looks as it should, but when I save it to a file, this is how it looks: MALMOuml;, ASUNCIOacute;N ^\ \-- notice the names: 'Ouml' meaning. 'O umlaut' It seems it has problems with ó and Ö, does anybody know how this it has no problems AFAICT, the characters you mention have been turned into html entities... these entities (in the form '' + xyz + ';') are shown in the browser as the relevant char. can be solved? I have tried some different encodings but nothing helps, the solution is to not convert to html entities, or (if its required) only converting to html entities when you want to output something to the browser I'm using PHP 4.3.2. Thx in advance for all help. /Erfan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] OPTIMIZING - The fastest way to open and show a file
Hi, I m creating a cache system, and i have a problem: PHP takes a lot of time opening the file. (Im using 2.6.9-1.667smp and XFS) * For files less or equal 6 Kb, takes arround 0.02-0.03 miliseconds - its ok * For files arround 35 Kb takes arround 0.2-0.4 miliseconds - too much. What can I do to make faster opening files? ** Source code: if(file_exists($filename)){ $modified_date=filemtime($filename); if(time()($modified_date+1 * 24 * 60 * 60)){ $handle = fopen($filename, r); $contents = fread($handle, filesize($filename)); fclose($handle); echo $contents; } } ** Thinks that I have tried: * fopen is *much* faster than include * filemtime is faster than filectime * Pear Cache its too much slower (0.5-0.7 milsecond per file) Thanks in advance Tk421 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] OPTIMIZING - The fastest way to open and show a file
Hi Ruben, Friday, October 14, 2005, 12:29:09 PM, you wrote: What can I do to make faster opening files? ** Source code: if(file_exists($filename)){ $modified_date=filemtime($filename); if(time()($modified_date+1 * 24 * 60 * 60)){ $handle = fopen($filename, r); $contents = fread($handle, filesize($filename)); fclose($handle); echo $contents; } } ** You could try using file_get_contents instead of fopen/fread/fclose and see if that makes any difference. Also possibly try stat instead of filemtime? It would at least cache the file stats on the 2nd run through, etc. At the end of the day though any hard drive operation is going to be relatively slow. Perhaps there is another way to do what you need that avoids opening all the files? At the moment you appear to be checking every files modified time then opening it. Perhaps you could get back a directory listing instead and parse the modified time from this, rather than check every single file? Cheers, Rich -- Zend Certified Engineer http://www.launchcode.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] OPTIMIZING - The fastest way to open and show a file
Ruben Rubio Rey wrote: Hi, I m creating a cache system, and i have a problem: PHP takes a lot of time opening the file. (Im using 2.6.9-1.667smp and XFS) * For files less or equal 6 Kb, takes arround 0.02-0.03 miliseconds - its ok * For files arround 35 Kb takes arround 0.2-0.4 miliseconds - too much. What can I do to make faster opening files? faster disks. alternatively if you have RAM to spare you can mount a RAM partition and write and read all your cache files from there (I do it on some machine with session files too) there is also file_get_contents() ** Source code: if(file_exists($filename)){ $modified_date=filemtime($filename); if(time()($modified_date+1 * 24 * 60 * 60)){ $handle = fopen($filename, r); $contents = fread($handle, filesize($filename)); fclose($handle); echo $contents; } } ** Thinks that I have tried: * fopen is *much* faster than include * filemtime is faster than filectime * Pear Cache its too much slower (0.5-0.7 milsecond per file) Thanks in advance Tk421 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Problem with special chars.
I have tried every encoding which could be found in: http://www.php.net/manual/en/ref.mbstring.php But nothing seems to work, I don't have any problems displaying the funny chars in the browsers, there are some encodings which works fine for that, the problem is when I save it to a file using fwrite(). Jochem Maas wrote: Erfan Shirazi wrote: The problem is if I don't specify and encoding even an echo() on the specify a different encoding if you don't want html entities. string shows strange chars when I have made a mb_strtoupper() on the string. With HTML-ENTITIES at least it looked ok when you made an echo() of course it looks ok - the browser is showing you the characters that the html entities represent. this string: 'Oacute;' ...is an html entity. but when saved in file it looks bad. time for you to find out (STFW) about html entities and encoding in general Does anybody now what I can do in order to make the string into capital try setting your encoding to 'UTF-8' or some such, your mileage may vary. letters, be able to save it to a file and looking as it should look, that is: Asunción and not ASUNCIOacute;N? /Erfan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] test
did it work ;) On 10/14/05, Alan Lord [EMAIL PROTECTED] wrote: please ignore -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] OPTIMIZING - The fastest way to open and show a file
On 14 Oct 2005, at 12:29, Ruben Rubio Rey wrote: * For files less or equal 6 Kb, takes arround 0.02-0.03 miliseconds - its ok * For files arround 35 Kb takes arround 0.2-0.4 miliseconds - too much. Bearing in mind that average access time on a 7200rpm HD is around 8ms, those numbers sound too good to be true anyway. You could configure some kind of software disk cache on your system, or ideally a hardware caching RAID controller and it could improve things dramatically, but not down to that kind of level (which represents about 200x what a single disk system might be expected to deliver). Otherwise as Jochem says, use RAM for your cache in the first place. Marcus -- Marcus Bointon Synchromedia Limited: Putting you in the picture [EMAIL PROTECTED] | http://www.synchromedia.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Setting up Linux and SendMail for SMTP
Just about any mail server will accept mail from anywhere for local delivery. But if you are not sending email to a user account local to that mail server, the mail server is going to want you to authenticate. Without authentication, the mail server would be an open relay (no security), which is how spam gets around. Some mail servers are setup to allow any email to go out as long as it originates locally, like PHP running on the mail server or the local network. This is still a limited open relay (weak security), since it can be compromised by spoofing. The built-in PHP mail() function does not currently support authentication, so you would not be able to use a mail server that hasn't been setup for your computer to send email without authenticating. What you should look into is the PHPMailer class, which supports SMTP authentication. http://phpmailer.sourceforge.net/ I probably should have just said this first instead of giving a tutorial. On Oct 13, 2005, at 7:52 PM, Todd Cary wrote: I have a Linux server on my network, however my main mail is handled by Thunderbird on my PC which uses my ISP's SMTP server (UserName and PW). Can I configure SendMail to send mail to my ISP's SMTP server using the built in mail() function of PHP? If I use one of the Mail Classes, I can do it and on my client's Linux server, mail() works (but they are not using an outside SMTP server). Many thanks... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Brent Baisley Systems Architect Landover Associates, Inc. Search Advisory Services for Advanced Technology Environments p: 212.759.6400/800.759.0577 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Trouble moving directory
In your example, the problem is that the name has spaces, which the shell uses as a delimiter. So That Won't Move/ is kind of being considered parameters instead of part of the dir. Using the command line (i.e. shell/terminal) will give you more feedback as to what is happening (/some/dir/Dir: No such Directory). You need to either escape the characters or enclose it in quotes. For me, I always find it easier to just enclose directory names in quotes. $source_dir = '/some/dir/Dir That Won't Move/'; On Oct 12, 2005, at 10:11 PM, -k. wrote: I'm having trouble moving some directories. My script works fine on some directories but doesn't move others. It seems to have trouble with directories with non alphanumeric charters. I'm running Red Hat FC2. I'm trying to move the directory basically like this... ?Php $source_dir = '/some/dir/Dir That Won't Move/'; $dest_dir = '/some/other/dir/' $cmd = escapeshellcmd(mv .$source_dir. .$dest_dir); $result = shell_exec($cmd); ? Is there some way to escape the characters in the directories? For example if i put a \ in front of blank spaces it takes care of those (same for ',( etc.) but that obviously doesn't take care of everything. I'm hoping there is something easy i'm overlooking here that will escape all the characters. -k. __ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Brent Baisley Systems Architect Landover Associates, Inc. Search Advisory Services for Advanced Technology Environments p: 212.759.6400/800.759.0577 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] prevent user from getting scripts outside the web folder [this better?]
David Robley wrote: Ben wrote: snip My understanding is that mysql_real_escape_string will only work while you are connected to mysql. Not sure if that is the case in your situation. That is incorrect. mysql_real_escape_string is a php function, not mysql. Actually, it's both. And yes, you *do* have to be connected to the mysql server. -- John C. Nichel ÜberGeek KegWorks.com 716.856.9675 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Question about including files and server load
I just started working with a new company and they handed me some of their php code for me to look over. I noticed that they have a TON of include files being called into their scripts. For example, instead of having one file called functions.php and then having all their functions in that one file they have put each function into it's separate file and then have a define_functions.php file that creates each function. However, within the function itself it declared something like this: function xyz($abc) { return include(xyz_func.php); } function abc($xyz) { return include(abc_func.php); } I was wondering isn't this putting a bigger load on a server by including so many files for each function? Also, I was wondering what everyone's opinion was on this approach in terms of maintenance. Do you think it's better practice to put all your functions in one file or do it in this manner? thanks for any input! jay -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] prevent user from getting scripts outside the web folder [this better?]
Marcus Bointon wrote: On 14 Oct 2005, at 04:48, David Robley wrote: That is incorrect. mysql_real_escape_string is a php function, not mysql. Mostly true: mysql_real_escape_string is a php function, but it's provided by the mysql extension as part of the mysql client libraries (which explains the name). It doesn't do anything significantly different to addslashes(), which is purely a PHP internal function. If you are writing database independent code, you should probably prefer addslashes (or things like adodb::qstr). mysql_real_escape_string() takes into account the current characterset of the database. addslashes() does not. -- John C. Nichel ÜberGeek KegWorks.com 716.856.9675 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Trouble moving directory
One of the nice things MSFT did was to allow spaces in directory and file names. It created more work for programmers. One of the LOUSIEST things MSFT did was allowing spaces in directory and file names, because of the needless, tedious parsing and checking it requires. So much simpler to train users that computers are dumb and trip over spaces, so just use an underscore where you want to separate words. Funny thing, users accept that. Glad I got that off my chest - Miles At 10:11 AM 10/14/2005, Brent Baisley wrote: In your example, the problem is that the name has spaces, which the shell uses as a delimiter. So That Won't Move/ is kind of being considered parameters instead of part of the dir. Using the command line (i.e. shell/terminal) will give you more feedback as to what is happening (/some/dir/Dir: No such Directory). You need to either escape the characters or enclose it in quotes. For me, I always find it easier to just enclose directory names in quotes. $source_dir = '/some/dir/Dir That Won't Move/'; On Oct 12, 2005, at 10:11 PM, -k. wrote: I'm having trouble moving some directories. My script works fine on some directories but doesn't move others. It seems to have trouble with directories with non alphanumeric charters. I'm running Red Hat FC2. I'm trying to move the directory basically like this... ?Php $source_dir = '/some/dir/Dir That Won't Move/'; $dest_dir = '/some/other/dir/' $cmd = escapeshellcmd(mv .$source_dir. .$dest_dir); $result = shell_exec($cmd); ? Is there some way to escape the characters in the directories? For example if i put a \ in front of blank spaces it takes care of those (same for ',( etc.) but that obviously doesn't take care of everything. I'm hoping there is something easy i'm overlooking here that will escape all the characters. -k. __ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Brent Baisley Systems Architect Landover Associates, Inc. Search Advisory Services for Advanced Technology Environments p: 212.759.6400/800.759.0577 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about including files and server load
Hi Jay, Friday, October 14, 2005, 2:21:57 PM, you wrote: I was wondering isn't this putting a bigger load on a server by including so many files for each function? Also, I was wondering what everyone's opinion was on this approach in terms of maintenance. Do you think it's better practice to put all your functions in one file or do it in this manner? How many are there? I don't use functions in that way, but I do a similar thing for class files (minus that definedfucntions part of course). You could of course combine them all together, and yes it *would* be faster for the script to execute as there is far less drive activity going on. But then it's a trade-off between maintaining that single massive file, as opposed to updating smaller chunks. If it's a real issue looking at something like Zend Encoder would help. Cheers, Rich -- Zend Certified Engineer http://www.launchcode.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] test
Amazingly Yes! Dan McCullough wrote: did it work ;) On 10/14/05, Alan Lord [EMAIL PROTECTED] wrote: please ignore -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] prevent user from getting scripts outside the web folder [this better?]
John Nichel wrote: David Robley wrote: Ben wrote: snip My understanding is that mysql_real_escape_string will only work while you are connected to mysql. Not sure if that is the case in your situation. That is incorrect. mysql_real_escape_string is a php function, not mysql. Actually, it's both. And yes, you *do* have to be connected to the mysql server. Blush Note to self - engage brain before typing. Cheers -- David Robley Hummingbirds never remember the words to songs. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about including files and server load
Richard Davey wrote: Hi Jay, Friday, October 14, 2005, 2:21:57 PM, you wrote: I was wondering isn't this putting a bigger load on a server by including so many files for each function? Also, I was wondering what everyone's opinion was on this approach in terms of maintenance. Do you think it's better practice to put all your functions in one file or do it in this manner? How many are there? I don't use functions in that way, but I do a similar thing for class files (minus that definedfucntions part of course). You could of course combine them all together, and yes it *would* be faster for the script to execute as there is far less drive activity going on. But then it's a trade-off between maintaining that single massive file, as opposed to updating smaller chunks. If it's a real issue looking at something like Zend Encoder would help. Cheers, Rich Isn't it more work for PHP, or rather the Zend engine, to keep track of a bunch of functions that aren't being used, not to mention the memory it takes to load in one huge file. I agree that putting each function in it's own file is going a bit too far in the other direction. I tend to group functions together by purpose into seperate files. Kind of a happy medium. You don't have a bunch of includes in the code and you don't have a bunch of functions in memory that aren't being used. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Trouble moving directory
MSFT allowed spaces? They were behind in allowing spaces (and long file names) Apple allowed them far before MS, and Unix allowed spaces far before Apple. Unix just assumes a space is a command/parameter delimiter first and part of the name second. Just like multiplication takes precedence over addition unless you use parenthesis, a space takes precedence as a delimiter unless you use quotes. Spaces are permitted, underscores just means you don't have to use quotes to explain what you mean. It's like saying Unix doesn't allow you to use capitals in the file name because it won't find filename it you type FileName. It's a feature of a case sensitive file system available in most forms of Unix. It also caused a lot of confusion and frustration to people developing web sites under Windows and posting to a Unix host. Telling users to use underscores is a work around that works as long and everyone uses underscores all the time. It's still better to have knowledge of what's going on and why so when one does encounter a file name with a space they know how to reference it. I would say one of the lousiest things MSFT did was reversing the / to reference paths in DOS. On Oct 14, 2005, at 9:28 AM, Miles Thompson wrote: One of the nice things MSFT did was to allow spaces in directory and file names. It created more work for programmers. One of the LOUSIEST things MSFT did was allowing spaces in directory and file names, because of the needless, tedious parsing and checking it requires. So much simpler to train users that computers are dumb and trip over spaces, so just use an underscore where you want to separate words. Funny thing, users accept that. Glad I got that off my chest - Miles At 10:11 AM 10/14/2005, Brent Baisley wrote: In your example, the problem is that the name has spaces, which the shell uses as a delimiter. So That Won't Move/ is kind of being considered parameters instead of part of the dir. Using the command line (i.e. shell/terminal) will give you more feedback as to what is happening (/some/dir/Dir: No such Directory). You need to either escape the characters or enclose it in quotes. For me, I always find it easier to just enclose directory names in quotes. $source_dir = '/some/dir/Dir That Won't Move/'; On Oct 12, 2005, at 10:11 PM, -k. wrote: I'm having trouble moving some directories. My script works fine on some directories but doesn't move others. It seems to have trouble with directories with non alphanumeric charters. I'm running Red Hat FC2. I'm trying to move the directory basically like this... ?Php $source_dir = '/some/dir/Dir That Won't Move/'; $dest_dir = '/some/other/dir/' $cmd = escapeshellcmd(mv .$source_dir. .$dest_dir); $result = shell_exec($cmd); ? Is there some way to escape the characters in the directories? For example if i put a \ in front of blank spaces it takes care of those (same for ',( etc.) but that obviously doesn't take care of everything. I'm hoping there is something easy i'm overlooking here that will escape all the characters. -k. __ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Brent Baisley Systems Architect Landover Associates, Inc. Search Advisory Services for Advanced Technology Environments p: 212.759.6400/800.759.0577 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Brent Baisley Systems Architect Landover Associates, Inc. Search Advisory Services for Advanced Technology Environments p: 212.759.6400/800.759.0577 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Setting up Linux and SendMail for SMTP
On 10/14/05, Todd Cary [EMAIL PROTECTED] wrote: Can I configure SendMail to send mail to my ISP's SMTP server using the built in mail() function of PHP? i think you can, may be you would like to read the manual of your sendmail program, about how to configure it as a smart host. and if neccessary, tell it the un and pw you used to authenticate yourself to your smtp server. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Question about including files and server load
Jay Paulson schrieb: function xyz($abc) { return include(xyz_func.php); } function abc($xyz) { return include(abc_func.php); } Oh. My. God. Is this ugly. OK, it works, but that's not the way how one should abuse include(). I was wondering isn't this putting a bigger load on a server by including so many files for each function? Also, I was wondering what everyone's opinion was on this approach in terms of maintenance. Do you think it's better practice to put all your functions in one file or do it in this manner? First of all: Yes, it increases the load, but not as much as one might think. Modern filesystems are pretty good at caching so after the first access to your scripts after some pause (caches cleared) there is a big overhead but for subsequent page requests the overhead will be almost negligible. So: Favor well organised file collections over big bloated single-file function libraries! But: Don't do it this way! Group the functions into similar ones (e.g all functions regarding mail into functions/mail.php) and put each group in one file. Rule of thumb: Starting at over 500 lines you begin to get more problems at maintaining your script files. Then it makes sense not only grouping the functions into one file per function group but into directories containing one to many files (e.g. functions/mail/send.php and functions/mail/receive.php). Following this you should of course start to not include your whole function library in each request but to implement some library loader. You could do this in your pages: // your index.php (if using this for all pages) or something // you include in each file // this is a page sending html mails so I need this: $used_libs=array('mail/send','html/create'); foreach ($used_libs as $lib) { include('functions/'.$lib.'.php'); } You could extend this concept to check if the requested files exist and you could add some array with libraries that you want always to be included. You could also create a mail/all mechanism that includes all of the files in one directory. And with PHP5 you have even more choices. You could use classes instead of functions. Even if you don't want to instantiate objects you could use them as namespace simulators in a static way. Instead of function mail_send() {} you could write class Mail { public static function send() {} } This would then be called via Mail::send(). What's the advantage? Well, you can cretae an autoloader for classes with PHP5. If you write it so that the class Mail is in the file classes/Mail.php then you can autoload the class on access so you can Mail::send() without having to explicitly include anything! Youd wouldn't have to configure your scripts since only those classes you use will be included. This of course reduces your server load. So, long enough a response ? ;-) AllOLLi 6: Dr. Amrak gave the disc to me before he died. B: What? As opposed to after he died? [Battlestar Galactica 107] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: test
Ignored. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Trouble moving directory
escapeshellarg() works quite well, why you say its still failed? did u try? do a ?php echo escapeshellarg('Dir That (Won't Move)/'); ? will produce 'Dir That (Won'\''t Move)' and this does fit into shell, even `(' and `)' is not escaped, for in bash, all thing quoted in single quote will be treated as one whole string and any meta character wont be interpreted by the shell. so , please first try, then post your problem. On 10/13/05, -k. [EMAIL PROTECTED] wrote: --- Jasper Bryant-Greene [EMAIL PROTECTED] wrote: $source_dir = escapeshellarg( '/some/dir/Dir That Won't Move/' ); Unfortunately escapeshellarg doesn't work for all cases, it will escape the ' in that example but it doesn't escape other characters such as ) . So... $source_dir = escapeshellarg( '/some/dir/Dir That (Won't Move)/' ); ...fails as well. Any other ideas? -k. __ Yahoo! Music Unlimited Access over 1 million songs. Try it free. http://music.yahoo.com/unlimited/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- all born, to be dead -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: include file to global scope
Claudio schrieb: I'm using PHP 5. I have a class operation that includes php files. Is there a way to include this files to global scope? So that difined vars and functions are global accesseble? I know this problem from my early PHP days. If your problem is that you want to include some class or function libraries then the simple solution is: Do not include inside the function or class but let the class or function just return the path name! So instead of function include_lib($name) { $path='functions/'.$name.'.php'; // or more werid stuff include($path); } include_lib('test'); do function lib_path($name) { $path='functions/'.$name.'.php'; // or more werid stuff return $path; } include(lib_path('test')); Perhaps your problem is exactly of this type or similar. AllOLLi Inara: It sounds like the sort of thing this crew can handle. I can't guarantee they'll handle it particularly well, but... Nandi: If they got guns, and brains at all... Inara: They've got guns. [firefly 113] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: OPTIMIZING - The fastest way to open and show a file
where did these time measured? on a heavily loaded server or on your own almost idle desktop machine ? On 10/14/05, Ruben Rubio Rey [EMAIL PROTECTED] wrote: Hi, I m creating a cache system, and i have a problem: PHP takes a lot of time opening the file. (Im using 2.6.9-1.667smp and XFS) * For files less or equal 6 Kb, takes arround 0.02-0.03 miliseconds - its ok * For files arround 35 Kb takes arround 0.2-0.4 miliseconds - too much. What can I do to make faster opening files? ** Source code: if(file_exists($filename)){ $modified_date=filemtime($filename); if(time()($modified_date+1 * 24 * 60 * 60)){ $handle = fopen($filename, r); $contents = fread($handle, filesize($filename)); fclose($handle); echo $contents; } } ** Thinks that I have tried: * fopen is *much* faster than include * filemtime is faster than filectime * Pear Cache its too much slower (0.5-0.7 milsecond per file) Thanks in advance Tk421 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- all born, to be dying -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Question about including files and server load
Jay Paulson [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I just started working with a new company and they handed me some of their php code for me to look over. I noticed that they have a TON of include files being called into their scripts. For example, instead of having one file called functions.php and then having all their functions in that one file they have put each function into it's separate file and then have a define_functions.php file that creates each function. However, within the function itself it declared something like this: function xyz($abc) { return include(xyz_func.php); } function abc($xyz) { return include(abc_func.php); } I was wondering isn't this putting a bigger load on a server by including so many files for each function? Also, I was wondering what everyone's opinion was on this approach in terms of maintenance. Do you think it's better practice to put all your functions in one file or do it in this manner? Fascinating! The concept is that only the code that actually gets executed is ever loaded/compiled. Pretty sneaky! IF you had a gargantuan amount of code, that was tightly tied together -- yet, typically not much of it was really used on most pages -- this is a pretty good design. I would be interested in some timing tests, but I'm sure there is a point when this type of design would actually decrease the load on the server (because, the only code that needs to be compiled is the code that is executed). DanB -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Help with logic :(
Hi all, Just wondering how one would do multiple rows? Instead of me me copying and pasting the same row of code 15 times (multiple data entry form), I just loop until it counts 15? Loops are not a strong point for me at all :( Thanks in advance!!! Aaron -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Help with logic :(
NEVERMIND. Solved it. Thanks!!! A Hi all, Just wondering how one would do multiple rows? Instead of me me copying and pasting the same row of code 15 times (multiple data entry form), I just loop until it counts 15? Loops are not a strong point for me at all :( Thanks in advance!!! Aaron -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] automatic login..
hi, I created one site , and i implemented the concept of mypage same like as google or yahoo or excite.com, now my problem is i just want to put a line{href} in my mypge as set as home page so when the user will click on that , so it will set this page as default page.. And next time he/she will come then no need of login the mypage will open automatically, I think i hv to track the cookies and store the ip into the table or something like that, plz any body can help me and gv some hint , for how it is possible... any logic or ideas, thnx.. Open Source Ki Jai.. ~ ganu maharaj.. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Help with logic :(
Not a problem, good to see. On 10/14/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: NEVERMIND. Solved it. Thanks!!! A Hi all, Just wondering how one would do multiple rows? Instead of me me copying and pasting the same row of code 15 times (multiple data entry form), I just loop until it counts 15? Loops are not a strong point for me at all :( Thanks in advance!!! Aaron -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Question about including files and server load
On 10/14/05, Dan Baker [EMAIL PROTECTED] wrote: The concept is that only the code that actually gets executed is ever loaded/compiled. Pretty sneaky! I think that's the general idea behind PHP's autoload(): http://php.net/autoload Using a caching tool like APC or Zend Optimizer would be helpful in this area too: http://pecl.php.net/package/APC http://zend.com/store/products/zend-optimizer.php I think putting each function in it's own file is a bit drastic. There are simpler ways to gain performance. -- Greg Donald Zend Certified Engineer MySQL Core Certification http://destiney.com/
Re: [PHP] automatic login..
some logic and information. set the cookie to expire after 120 days or so, or never. you will have to set a cookie with the username and password, preferably a md5 encrypted password. also remember to have the logout function to remember those cookies. On 10/14/05, ganu [EMAIL PROTECTED] wrote: hi, I created one site , and i implemented the concept of mypage same like as google or yahoo or excite.com, now my problem is i just want to put a line{href} in my mypge as set as home page so when the user will click on that , so it will set this page as default page.. And next time he/she will come then no need of login the mypage will open automatically, I think i hv to track the cookies and store the ip into the table or something like that, plz any body can help me and gv some hint , for how it is possible... any logic or ideas, thnx.. Open Source Ki Jai.. ~ ganu maharaj.. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] automatic login..
On 10/14/05, Dan McCullough [EMAIL PROTECTED] wrote: some logic and information. set the cookie to expire after 120 days or so, or never. you will have to set a cookie with the username and password, preferably a md5 encrypted password. also remember to have the logout function to remember those cookies. I wouldn't use md5 on anything even slightly important. Since the initial hash collision discoveries were made earlier this year, md5 look-up sites are starting to pop up: http://md5.crysm.net/ http://passcracking.com/ For those wanting to get up to speed on md5 history and the current hash collisions work being done: http://en.wikipedia.org/wiki/Md5 Md5 has been adequate for 15 or so years, but now it's time to move on. Disclaimer: There are only 5 or 6 people in the entire world who know anything about encryption. I am not one of them. -- Greg Donald Zend Certified Engineer MySQL Core Certification http://destiney.com/
Re: [PHP] prevent user from getting scripts outside the web folder[this better?]
Ben wrote: My understanding is that mysql_real_escape_string will only work while you are connected to mysql. Not sure if that is the case in your situation. At least it requires a connection to mysql. I had an error, when using it without any connection opened before, that mysql_real_escape_string wants to connect to the DB as [EMAIL PROTECTED] without any password. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Obsession with BC, take 2
On Thu, October 13, 2005 7:07 pm, GamblerZG wrote: Richard Lynch wrote: PHP developers assume that PHP5 will be frequently used to parse PHP4 scripts. Why? Because that's how the real world works. The real world works that way because, as you just said, installing 2 php modules side by side is a great deal of system administration. There are more complications than that. If it was JUST setting up a second server and providing clients with a way to use 4 or 5, their choice, it would be a breeze. The problem with changing a whole server over is that a BUNCH of clients will come screaming because you broke their web-site. And what's so horrible about using separate engines to run php 4 and 5 scripts? Nothing, if you can identify which are which, and have the infrastructure to set up both and... It's a great deal of system administration Let me get it straight. There are two ways of running PHP four and five on one server. First one is by using five's compatibility mode, and it breaks some of the old scripts. Breaking old scripts is clearly not an option. The second one is by using two different apache modules. It *does not break anything*, but it's a pain to setup. Judging sheerly by functionality and compatibility the second ways is better. However, judging from what I know about PHP, nobody tries to make that way easier, because everybody assume that everyone else use the first way. Is it good old catch 22 in action, or are there some design considerations I'm not aware of? A great number of people have worked on, and are working on, ways to make this easier. Most people, however, find it more practical to simply have 2 different server configurations (old and new) and migrate clients onto the new server slowly, at the CLIENT'S pace, instead of losing customers by just trashing their site out from under them. I don't think the largest host is the best measure of what's easy or hard -- Presumably pair has more resources and different needs from the company running a handful of shared servers for a few hundred, or even a couple thousand clients all told. Certainly if I had to choose between php5 CGI and php4 as Module, I'd go with 4. PHP CGI has too many gotchas that always end up with my nose grinding against a brick wall. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] prevent user from getting scripts outside the web folder
On Thu, October 13, 2005 4:05 pm, Graham Anderson wrote: How does a hacker get access to your scripts located outside the web folder? Several obvious options: 1. Get an account on the machine, and write another PHP script to read it. 2. Find some other script on the machine that will cheerfully dump out any path you ask for: ?php include $_GET['hack_me']? 3. Guess/Get the username/password of the webmaster. 4. Find somebody hosted on a Windows box. Break the Windows security with any of the 2 zillion scripts to do that. 5. Physical access to the box. If he can touch the hardware, it's game over. There are presumably more arcane and obscure methods that might have been employed. I asked a friend to hack my php script within the web folder... all of my crucial function were called by: require_once(/home/siren/includes/fonovisa.inc); the 'encrypt' functions are MCRYPT_RIJNDAEL_256 He was able to get access to the 'fonovisa.inc' php script [outside the web folder] and all the stuff inside Ask your friend how they did it. Plug that hole, and any similar-shaped holes. Repeat. Based on my current knowledge, my security breaches are probably big enough to drive a truck through :( how can I prevent this ? Without knowing which way they got in, nobody can answer this. It's like this: A burglar stole my silverware! How do I stop this from happening again? Nobody can answer that. elseif(trim(decrypt($_REQUEST['cmd']))==getmovie) freadMovie($_REQUEST['path']); Okay, this sure looks like it might be #2 from above. Depends on how freadMovie() is written. //- // Santize the variables to prevent mysql injection and trim them function sanitizeVars() You specifically protect against MySQL injection in a script that doesn't seem to do anything with MySQL... But do NOTHING to protect against shell arguments. What's wrong in this picture? :-) Or should I say what's wrong in this Movie? :-) :-) :-) -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Still struggeling with my first script...
Here are all the scripts original. It still won't work. I can't see what's wrong with it??? It's from the tutorial PHP5 and Mysql for dummies. I have shorted it down though, since I am the only one who will register the User with a password. What I did was removing the Switch at the beginning of the loginscript(Guildlogin1.php) and change it with an if statement instead. Don't think that is the problem though. I use php5 with MySql 4.1.7 on my testingserver(Apache 2.0) -- Register.php(this works): -- html head titleHOoSRegisterpage for new membersHOoS/title meta http-equiv=Content-Type content=text/html; charset=iso-8859-1 link href=stylesheets/holyorder.css rel=stylesheet type=text/css /head body bgcolor=#00 ?php include (connections/HOoStest.php); if (isset($_POST[MM_insert]) $_POST[MM_insert] == reg) { $sql_reg = sprintf(INSERT INTO guildlogin (guilduser_name, guilduser_pass) VALUES ('%s', '%s'), $_POST['guilduser_name'], md5($_POST['guilduser_pass'])); // If I change md5 with password. I get undefined function password() in Register.php $reg = mysql_query($sql_reg) or die(mysql_error()); } ? table width=100% border=0 cellspacing=0 cellpadding=0 tr td width=200 align=centerimg src=guildimages/tabard.jpg alt=pic1/td td align=center !--Mainlogo-- img src=guildimages/main_logo.jpg alt=logo/td td width=200 align=centerimg src=guildimages/tabard.jpg alt=pic1/td /tr tr td colspan=3 align=center table form action=?php $_SERVER['PHP_SELF']; ? method=post tr td align=center valign=middle class=maintext New user:input name=guilduser_name /td /tr tr td align=center valign=middle class=maintext Password:input name=guilduser_pass type=passwordbr input type=hidden name=MM_insert value=reg /td /tr tr td align=center valign=middle class=maintext input name=submit type=image src=guildimages/register_btn.jpg value=update /td /tr /form /table /td /tr /table /body /html - Guildlogin1.php - ?php include (connections/HOoStest.php); session_start(); if (@$_GET['guildaction'] == login) { $sql = SELECT guilduser_name FROM guildlogin WHERE guilduser_name='.$_POST['guilduser_name'].'; $result = mysql_query($sql) or die(Couldn't execute query.); $num = mysql_num_rows($result); if ($num ==1) //loginname found { $sql = SELECT guilduser_name FROM guildlogin WHERE guilduser_name='.$_POST['guilduser_name'].' AND guilduser_pass=md5('.$_POST['guilduser_pass'].'); // if I change the md5() to password() I get an error saying: Undefined function password() in Guildlogin.php. $result2 = mysql_query($sql) or die(Couldn't execute query 2.); $num2 = mysql_num_rows($result2); if ($num2 0) //password is correct { $_SESSION['auth']=yes; $logname=$_POST['guilduser_name']; $_SESSION['logname'] = $logname; header(Location: HolyOrder1.php); exit(); } else //password is not correct { unset($guildaction); $message=Login not correct; header(Location: Guildloginerror.php); } } elseif ($num == 0) // Wrong name. Name not in db { unset($guildaction); $message=Login failed; header(Location: Guildloginerror.php); } } ? form: !DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.01 Transitional//EN http://www.w3.org/TR/html4/loose.dtd html head titleHOoSloginpage for membersHOoS/title meta http-equiv=Content-Type content=text/html; charset=iso-8859-1 link href=stylesheets/holyorder.css rel=stylesheet type=text/css /head body bgcolor=#00 table width=100% border=0 cellspacing=0 cellpadding=0 class=maintext tr td width=200 align=centerimg src=guildimages/tabard.jpg alt=pic1/td td align=center !--Mainlogo-- img src=guildimages/main_logo.jpg alt=logo/td td width=200 align=centerimg src=guildimages/tabard.jpg alt=pic1/td /tr tr td colspan=3 align=center table form action=Guildlogin1.php?guildaction=login method=post ?php if (isset($message)) echo $message; ? tr td align=center valign=middle class=maintext Login as:input type=text name=guilduser_name /td /tr tr td align=center valign=middle class=maintext Password:input type=password name=guilduser_passbr /td /tr tr td align=center valign=middle class=maintext input name=log type=submit src=guildimages/login_btn.jpg value=Enter/td /tr /form /table /td /tr /table /body /html
Re: [PHP] OPTIMIZING - The fastest way to open and show a file
On Fri, October 14, 2005 6:29 am, Ruben Rubio Rey wrote: if(file_exists($filename)){ $modified_date=filemtime($filename); if(time()($modified_date+1 * 24 * 60 * 60)){ $handle = fopen($filename, r); $contents = fread($handle, filesize($filename)); fclose($handle); echo $contents; } } Checking both file_exists and then doing fopen seems a bit silly. Trap the error from fopen, and just use that as your file_exists test. I suspect http://php.net/file_get_contents will be SLIGHTLY faster than doing all of this code, though: if (filemtime($filename) time()) $contents = @file_get_contents($filename); if ($contents === false){ //error-handling code } else{ echo $contents; } Then, of course, we have to wonder if you NEED $contents for later use in the script. If not, something like this will clock in better: $bytes = @readfile($filename); if ($bytes === false){ //error-handling code } The difference here is that you don't even stuff the file into the PHP string. It's all read and passed out to stdout in low-level internal PHP C code, and the data never needs to hit PHP variables which are more expensive to setup and maintain. Note that which is REALLY fastest will probably depend on the size of the files, your OS system cache, your hardware, and maybe which version of PHP you are using, if the underlying functions changed. Must be nice to be worried about 0.0x milliseconds -- I'm fighting a mystery 3.0 seconds in a data feed for a search engine myself :-) -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] editor
Hi! In advance, this is not a yet another editor question. :) I read somewhere about an editor, which has built in support for phpdocumentator and creating unit test. Now I could not find it, I tried a lot using Google without success. Can anybody find out from this little descrition which one could it be? Thx, Felhő -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] network speed
I've been spinning my wheels for weeks now on this, so am turning to the geniuses... My code has/had various combinations of: file_get_contents() fopen/fread fsockopen/fread to suck down some XML from a search engine feed The feed runs on Windows in .NET and I think it's written in C#. None of which SHOULD matter, but... So, here's the problem. file_get_contents is taking about 7-9 seconds to run. The vendor claims they can get results in 4-6 seconds. Somewhere, somehow, I'm losing 3 seconds of time, just in slurping down this XML file. This is not good. This is completely independent of processing the XML, displaying the results, etc. Which takes about 0.8 seconds, usually. Actually, there's an occasional 3-second spike in XML processing -- not tied to any particular search term nor in any pattern I can find... But that's, hopefully, irrelevant. I've tried the following: time wget [URL] surf to [URL] running a PHP bench on the Windows server (local to XML engine) surfing to [URL] on the Windows server Nothing I do seems to make much difference, though the tests on the Windows box are a second or so faster than the remote. These tests have all been too ad hoc to have a nice chart of numbers or anything pretty for you to look at... So far. The one sticking point is that another site, using the same feed, is faster than we are, though also not as fast as the feed vendor says it should be. I can understand that file_get_contents is going to add SOME overhead, but 3 seconds sounds a bit too much Is it just me? Any ideas where 3 seconds could be taken up, just in file_get_contents? Is it just that the Linux box and Windows box don't like each other? -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] prevent user from getting scripts outside the web folder [this better?]
On Fri, October 14, 2005 8:20 am, John Nichel wrote: David Robley wrote: Ben wrote: snip My understanding is that mysql_real_escape_string will only work while you are connected to mysql. Not sure if that is the case in your situation. That is incorrect. mysql_real_escape_string is a php function, not mysql. Actually, it's both. And yes, you *do* have to be connected to the mysql server. There is, however, mysql_escape_string() which does not require a connection -- but which also can't take into account the language/locale settings *OF* the connection, which is why it's not a real escape. It might, however, be useful in some circumstances. I missed the beginning of this thread, so apologies it that's a repeat. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] editor
Hodicska Gergely wrote: Hi! In advance, this is not a yet another editor question. :) I read somewhere about an editor, which has built in support for phpdocumentator and creating unit test. Now I could not find it, I tried a lot using Google without success. Can anybody find out from this little descrition which one could it be? Thx, Felhő Dunno about the unit test stuff, but I believe Zend Studio still has the phpDoc stuff. http://www.zend.com/store/products/zend-studio/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] network speed
Richard Lynch wrote: I've been spinning my wheels for weeks now on this, so am turning to the geniuses... My code has/had various combinations of: file_get_contents() fopen/fread fsockopen/fread to suck down some XML from a search engine feed The feed runs on Windows in .NET and I think it's written in C#. None of which SHOULD matter, but... So, here's the problem. file_get_contents is taking about 7-9 seconds to run. The vendor claims they can get results in 4-6 seconds. Somewhere, somehow, I'm losing 3 seconds of time, just in slurping down this XML file. This is not good. This is completely independent of processing the XML, displaying the results, etc. Which takes about 0.8 seconds, usually. Actually, there's an occasional 3-second spike in XML processing -- not tied to any particular search term nor in any pattern I can find... But that's, hopefully, irrelevant. I've tried the following: time wget [URL] surf to [URL] running a PHP bench on the Windows server (local to XML engine) surfing to [URL] on the Windows server Nothing I do seems to make much difference, though the tests on the Windows box are a second or so faster than the remote. These tests have all been too ad hoc to have a nice chart of numbers or anything pretty for you to look at... So far. The one sticking point is that another site, using the same feed, is faster than we are, though also not as fast as the feed vendor says it should be. I can understand that file_get_contents is going to add SOME overhead, but 3 seconds sounds a bit too much Is it just me? Any ideas where 3 seconds could be taken up, just in file_get_contents? Is it just that the Linux box and Windows box don't like each other? Could it be a DNS issue? It's taking the extra time to resolve the name maybe? You could try putting an entry in /etc/hosts to see if that speeds it up. *just throwin' things out there -- John C. Nichel ÜberGeek KegWorks.com 716.856.9675 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] editor
Hi! http://www.zend.com/store/products/zend-studio/ Thx, I know this one, but I'm really curious about this unit test support. Regards, Felhő -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Trouble moving directory
On Fri, October 14, 2005 8:28 am, Miles Thompson wrote: One of the nice things MSFT did was to allow spaces in directory and file names. It created more work for programmers. I'm not familiar with MSFT... It must be a new acronym for Apple MacOS :-), circa 1984, which (AFAIK) was the first consumer OS to allow human-centric filenames. It was considered a big boon to many users, who were sick and tired of 8.3 at that point. Of course, Unix and Vax and various mainframes allowed all kinds of characters in filenames... Including control-characters, which led to some interesting effects and pranks when crossed with various utilities that did not plan for such characters. But I digress... To some degree, the current filename problem is compounded here by PHP which works under so many different OSes. There's no problem with spaces or apostrophes in Mac filenames or the routines that operate upon them *IF* they are all Mac-based. The only character most humans want to use that is illegal is the colon (:) Similarly, if you stick solely to Windows or Linux, the rules are fairly straight-forward. Well, as straight-forward as anything is in Windows. But once you start writing multi-OS code, you've got : on Mac, / on Linux, \ on Windows, just in the directory separators. Then you start talking about path separaters and shell arguments, and life gets incredibly more complicated. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] network speed
On 10/14/05, Richard Lynch [EMAIL PROTECTED] wrote: I can understand that file_get_contents is going to add SOME overhead, but 3 seconds sounds a bit too much Yeah, it's like half a second or so of overhead when I test it against wget: for x in 1 2 3 4 5; do php -r 'system( time `wget yahoo.com /dev/null 21` );'; time php -r 'file_get_contents( http://yahoo.com; );'; done real0m0.462s user0m0.006s sys 0m0.011s real0m0.999s user0m0.164s sys 0m0.222s real0m0.343s user0m0.009s sys 0m0.006s real0m0.976s user0m0.162s sys 0m0.225s real0m0.337s user0m0.007s sys 0m0.010s real0m1.182s user0m0.158s sys 0m0.230s real0m0.340s user0m0.007s sys 0m0.010s real0m0.969s user0m0.159s sys 0m0.226s real0m0.336s user0m0.011s sys 0m0.007s real0m0.978s user0m0.160s sys 0m0.225s -- Greg Donald Zend Certified Engineer MySQL Core Certification http://destiney.com/
[PHP] fckeditor and PDF and pesky users
This is more of a user education problem than anything, I suspect, but... Okay, so I'm kind of like a closing pitcher on this project where the original developer is, errr, surfing in California or something... Anyway, he's got a bunch of custom back-end CMS pages using fckEditor (sp?) and I'm pretty much just leaving those alone as a black box -- don't touch :-) Unfortunately, I've recently received a bug report, to whit: We can upload GIFs okay, but we get an error message about wrong file type when we try to upload PDFs I was at first befuddled about this, as there is no file upload functionality AT ALL in this project... So I dunno where they thought they were uploadings GIFs. [Sure, *you* know it now cuz you got forshadowing about fckEditor in the first paragraph. Cheater.] Eventually, I realized they were talking about what they call the Microsoft-like editor (which you and I know as fckEditor) and that they were attempting to cram a PDF file into it. Since they are often using the fckEditor to cram in a Poster for theatre productions, this is not as weird as it sounds... Actually, from the end user perspective, I can completely understand that they expect to be able to cram a PDF in there, just like they do Posters in GIF and JPG format. To them, the end user, it's really all the same thing. To me, of course, it's so totally not the same thing, I don't even know how to proceed. The problem I have now is that they NEED PDF support. We're talking here about pre-existing documents such as floor charts for ticket sales, brochures, Technical Specifications (for potential renters or theatre production companies) and (some day) Legal Contracts. So... Do I: A) Attempt to hack fckEditor to allow a PDF to get uploaded, and then display a link to the PDF instead of alink to the fckEditor output. B) Give them a separate, possibly confusing, input to upload files to tie in as links to the fckEditor area C) Dump fckEditor and only allow file upload, requiring them to compose HTML pages in some external application Has anybody faced this, and with VERY non-technical users had better luck one way or another? Which of these fit in best with PHP, and why? I'm mostly used to educable users who can flex on functionality to get what they want, but this is more a case of needing to make this WORK for them their way. THANKS! PS He's also using some kind of template language -- I don't even know which one, as I'm just copy/pasting the bits of that to make it work, rather than actually diving into it. That probably doesn't matter, but if it does, I'll dig out the template name/version. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] chown function
Alle 17:25, giovedì 13 ottobre 2005, John Nichel ha scritto: nobody:nobody. nobody:nonexistant (random number abs() really high), at least for apache2. my personal suggestion is: - chown all files (avoid suid) and dir root - chgrp apache all files and dir - chmod 750 all dir, 640 all files - chmod 640, chown apache all files that apache or php need to modify. HTH, d. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] network speed
Once you involve the network, there are all sorts of delays that can crop up. Each network hop is going to add a bit of overhead unless every single step along the way has high end routers that can route at line speed. Otherwise the routers are doing a store and forward, which means they wait until the whole packets arrives, analyze where it needs to go, then sends it out. This happens very quickly, but say it take 2 ms. Five non-highend routers with add .1 seconds, each way. And that's with zero packet loss. Unless your server is hosted on a tier network, your biggest problem will be latency. You can do a trace route to find out how many hops you are away from the other server, and maybe even tell where the biggest delay is. Read this article to get an understanding of what effect a network and your geographical location can have on your website performance. http://www.samag.com/documents/s=9894/sam0511a/0511a.htm On Oct 14, 2005, at 4:03 PM, Richard Lynch wrote: I've been spinning my wheels for weeks now on this, so am turning to the geniuses... My code has/had various combinations of: file_get_contents() fopen/fread fsockopen/fread to suck down some XML from a search engine feed The feed runs on Windows in .NET and I think it's written in C#. None of which SHOULD matter, but... So, here's the problem. file_get_contents is taking about 7-9 seconds to run. The vendor claims they can get results in 4-6 seconds. Somewhere, somehow, I'm losing 3 seconds of time, just in slurping down this XML file. This is not good. This is completely independent of processing the XML, displaying the results, etc. Which takes about 0.8 seconds, usually. Actually, there's an occasional 3-second spike in XML processing -- not tied to any particular search term nor in any pattern I can find... But that's, hopefully, irrelevant. I've tried the following: time wget [URL] surf to [URL] running a PHP bench on the Windows server (local to XML engine) surfing to [URL] on the Windows server Nothing I do seems to make much difference, though the tests on the Windows box are a second or so faster than the remote. These tests have all been too ad hoc to have a nice chart of numbers or anything pretty for you to look at... So far. The one sticking point is that another site, using the same feed, is faster than we are, though also not as fast as the feed vendor says it should be. I can understand that file_get_contents is going to add SOME overhead, but 3 seconds sounds a bit too much Is it just me? Any ideas where 3 seconds could be taken up, just in file_get_contents? Is it just that the Linux box and Windows box don't like each other? -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Brent Baisley Systems Architect Landover Associates, Inc. Search Advisory Services for Advanced Technology Environments p: 212.759.6400/800.759.0577 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Still struggeling with my first script...
twistednetadmin mailto:[EMAIL PROTECTED] on Friday, October 14, 2005 12:39 PM said: Here are all the scripts original. It still won't work. I can't see what's wrong with it??? It's from the tutorial PHP5 and Mysql for dummies. What exactly is the problem? It still won't work is not the problem, nor is I can't see what's wrong with it???. I have shorted it down though, since I am the only one who will register the User with a password. What I did was removing the Switch at the beginning of the loginscript(Guildlogin1.php) and change it with an if statement instead. Don't think that is the problem though. Did it work before you made these changes? Chris. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: fckeditor and PDF and pesky users
Richard Lynch said the following on 10/14/05 13:39: So... Do I: A) Attempt to hack fckEditor to allow a PDF to get uploaded, and then display a link to the PDF instead of alink to the fckEditor output. Good luck! B) Give them a separate, possibly confusing, input to upload files to tie in as links to the fckEditor area If you can teach them how to use it this would work well. Perhaps you could have them upload the file and then on the page with fckEditor on it you could provide them with the URL to use for creating the link. C) Dump fckEditor and only allow file upload, requiring them to compose HTML pages in some external application I'd stay away from this if they are already used to using fckEditor, especially if they can't figure out option B. Has anybody faced this, and with VERY non-technical users had better luck one way or another? Which of these fit in best with PHP, and why? I'm mostly used to educable users who can flex on functionality to get what they want, but this is more a case of needing to make this WORK for them their way. There are a number of PDF conversion programs available for pretty much every platform. http://jeff.cs.mcgill.ca/~luc/PSto.html You could convert the file to jpeg or gif and then make the graphic available for using in fckeditor. - Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] prevent user from getting scripts outside the web folder
Many thanks for everyone's advice :) It is appreciated Is this a bit better ? In my 'cleaner' function, I amended the script to: function cleanser( $value ) { return mysql_real_escape_string( trim( escapeshellcmd($value ) )) ; } Instead of mysql_real_escape_string, I could use addslashes() All of my $_REQUEST variables are contained within a case statement The 'cmd' variable can ONLY be 'makesmil' or 'getmovie' If it exists, the 'path' variable is run through the 'cleanser' function and sent with the original encryption to the fread() function located outside the web folder The $path variable is decrypted in the fread function. //-- As to my fread function: //this function is located outside the web folder function freadMovie($path) { $key = myfakepassword; $path = decrypt($path); $filepath =/home/path_to_includes/Library/multimedia/h264/.$path; $fileSize = filesize($filepath); $chunkSize = 32768; header(ETag: .md5(time())); header(Accept-Ranges: bytes); header (Content-Length: .$fileSize); header('Content-Type: video/quicktime'); if( $fd = fopen($filepath, 'rb')) { while(!feof($fd)) { echo (fread($fd, $chunkSize)); } fclose ($fd); exit; } } anything more that comes to mind ? part of the script.. if (array_key_exists('cmd', $_REQUEST)) { switch($_REQUEST['cmd']) { case 'makesmil': // make an array of 'video src' urls from a database call buildSMILArray($d='siren',$playlist=Show Reel, $this_script_name); // format the SMIL playlist buildSMILPlaylist( / *timeslider*/true, / *chaptermode*/clip, / *immediateinstantiation*/false, / *autoplay*/true, / *left*/0, / *top*/0, / *height*/208, /*width */352, / *fit*/fill, /*title */Commercial Reel 2005, / *regionid*/siren, / *bgcolor*/black, / *movieid*/md5(time()), / *moviename*/Commercial Reel 2005, /*the array of movies*/$movieArray); break; case 'getmovie': // if the 'REQUEST variable, 'path' , exists: $path = isset($_REQUEST['path']) ? cleanser($_REQUEST ['path']): $path=null; // read the movie file [located outside the web folder] from binary into QuickTime freadMovie($path); break; } }else{ . . . . many thanks g On Oct 14, 2005, at 12:37 PM, Richard Lynch wrote: On Thu, October 13, 2005 4:05 pm, Graham Anderson wrote: How does a hacker get access to your scripts located outside the web folder? Several obvious options: 1. Get an account on the machine, and write another PHP script to read it. 2. Find some other script on the machine that will cheerfully dump out any path you ask for: ?php include $_GET['hack_me']? 3. Guess/Get the username/password of the webmaster. 4. Find somebody hosted on a Windows box. Break the Windows security with any of the 2 zillion scripts to do that. 5. Physical access to the box. If he can touch the hardware, it's game over. There are presumably more arcane and obscure methods that might have been employed. I asked a friend to hack my php script within the web folder... all of my crucial function were called by: require_once(/home/siren/includes/fonovisa.inc); the 'encrypt' functions are MCRYPT_RIJNDAEL_256 He was able to get access to the 'fonovisa.inc' php script [outside the web folder] and all the stuff inside Ask your friend how they did it. Plug that hole, and any similar-shaped holes. Repeat. Based on my current knowledge, my security breaches are probably big enough to drive a truck through :( how can I prevent this ? Without knowing which way they got in, nobody can answer this. It's like this: A burglar stole my silverware! How do I stop this from happening again? Nobody can answer that. elseif(trim(decrypt($_REQUEST['cmd']))==getmovie) freadMovie($_REQUEST['path']); Okay, this sure looks like it might be #2 from above.
Re: [PHP] Obsession with BC, take 2
The second one is by using two different apache modules. It *does not break anything*, but it's a pain to setup. Judging sheerly by functionality and compatibility the second ways is better. However, judging from what I know about PHP, nobody tries to make that way easier, because everybody assume that everyone else use the first way. Is it good old catch 22 in action, or are there some design considerations I'm not aware of? A great number of people have worked on, and are working on, ways to make this easier. Most people, however, find it more practical to simply have 2 different server configurations (old and new) and migrate clients onto the new server slowly, at the CLIENT'S pace, instead of losing customers by just trashing their site out from under them. Actually, I was speaking about PHP developers. The sheer fact that they bothered to write compatibility mode shows that they don't really count on hosters using two engines side-by-side. On the other hand, the only disadvantage of such approach is installation, and developers have the power to remove this shortcoming. Since they preferred the first way of handling compatibility, there must be some language design issues with the second one. It would be interesting to know/discuss them. -- Best regards, Roman S.I. http://sf.net/projects/naturalgine/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: ampersand in dom with utf-8
are there php functions to change from these different formats as #e8; doesn't seem to render correctly in a browser. ugghhh. -jonathan On Oct 13, 2005, at 4:53 AM, cc wrote: è -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: ampersand in dom with utf-8
the real characters (presumably è) won't render correctly. it seems like there should be a set of functions for encoding this to a different but understandable format and then another function for decoding and display within a browser. it makes me not want to use DOM for creating xml files. -jonathan On Oct 13, 2005, at 1:53 AM, Marcus Bointon wrote: On 13 Oct 2005, at 07:24, cc wrote: both `egrave;' and `icirc;' are not entities in charset utf-8, use `amp;egrave;' and `amp;icirc;' instead. I would expect that to result in unconverted entities in the output. If you're intending to send that content as HTML, then I guess that would be OK. However, if you're using UTF-8 anyway, why not just use the real characters? Marcus -- Marcus Bointon Synchromedia Limited: Putting you in the picture [EMAIL PROTECTED] | http://www.synchromedia.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] fckeditor and PDF and pesky users
Richard Lynch said the following on Friday, October 14, 2005 3:39 PM: So... Do I: A) Attempt to hack fckEditor to allow a PDF to get uploaded, and then display a link to the PDF instead of alink to the fckEditor output. B) Give them a separate, possibly confusing, input to upload files to tie in as links to the fckEditor area I've had success with this, creating a seperate utility to upload documents to the filesystem and keeping track of them in mysql. I chose to allow displaying the PDF's and Doc's through links in the FCKEditor content, because I have never found a way to embed the PDF data into pages. I added a custom drop-down menu to FCKEditor's Link window that fills in the URL upon selecting the menu item, but this url consisted of just a path to a redirect.php script where I set a GET variable to the ID of the document, then passing through the PDF or DOC data. Though you could link the full path to the PDF in the URL, I just had my documents stored behind the web-accessible address. Every time a new document was uploaded, I decided to write the URL's statically to a file that the FCKEditor script (changed fck_link.html to fck_link.php) will read into Javascript arrays, as opposed to accessing the DB every time this Link window was viewed. I added about 50 lines of Javascript code to fck_link.php to do what I wanted in setting the URL from the Select list. I must warn you though, every time that I upgrade FCKEditor, I have to reapply the changes I've done and there is the possibility that the FCKEditor scripts may change to cause compatibility problems. Let me know if you are interested in this route and I can post my alterations to FCKEditor, but the PDF file management is up to you. I've had many non-technical users working with this utility just fine for about 6 months, so it works and though its not the most graceful implementation from a developer's standpoint, it makes the user interface easiest to work with. -Jason Kovacs -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] running mode
Hello, How to test if the current script is running in CLI, CGI or Apache mode? thanks -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: ampersand in dom with utf-8
jonathan wrote: the real characters (presumably è) won't render correctly. Are you outputting the correct character set information (UTF-8), and are you sure that UTF-8 is being used throughout the entire process? -- Jasper Bryant-Greene General Manager Album Limited a: Freepost Album, PO Box 579, Christchurch 8015, New Zealand p: 0800 4 ALBUM (0800 425 286) or +64 21 232 3303 e: [EMAIL PROTECTED] w: http://www.album.co.nz/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Still struggeling with my first script...
All: Sorry. I forgot to write what's wrongstupid me... Mike:1) I'm not sure how to indent the code... 2) I'm using Dreamweaver, but not to write the code for me. I'm not that lazy :). And that's not the way for me to learn. It's just rather annoying that all the tutorials I have tried seems to fail. How can I learn when I'm apparently given the wrong information. I am searching php.net http://php.net for the right code, but it can be rather overwhelming at some points Chris: No, it did not work before I made these changes. The way it should work: --- Register.php - Sends the information from the form(guilduser_name and guilduser_pass) to the DB, encrypting the password with md5 encryption. This works as intended. No need for any security since am the only one with access to this. Code for Register.php: html head titleHOoSRegisterpage for new membersHOoS/title meta http-equiv=Content-Type content=text/html; charset=iso-8859-1 link href=stylesheets/holyorder.css rel=stylesheet type=text/css /head body bgcolor=#00 ?php include (connections/HOoStest.php); if (isset($_POST[MM_insert]) $_POST[MM_insert] == reg) { $sql_reg = sprintf(INSERT INTO guildlogin (guilduser_name, guilduser_pass) VALUES ('%s', '%s'), $_POST['guilduser_name'], md5($_POST['guilduser_pass'])); $reg = mysql_query($sql_reg) or die(mysql_error()); } ? table width=100% border=0 cellspacing=0 cellpadding=0 tr td width=200 align=centerimg src=guildimages/tabard.jpg alt=pic1/td td align=center !--Mainlogo-- img src=guildimages/main_logo.jpg alt=logo/td td width=200 align=centerimg src=guildimages/tabard.jpg alt=pic1/td /tr tr td colspan=3 align=center table form action=?php $_SERVER['PHP_SELF']; ? method=post tr td align=center valign=middle class=maintext New user:input name=guilduser_name /td /tr tr td align=center valign=middle class=maintext Password:input name=guilduser_pass type=passwordbr input type=hidden name=MM_insert value=reg /td /tr tr td align=center valign=middle class=maintext input name=submit type=image src=guildimages/register_btn.jpg value=update /td /tr /form /table /td /tr /table /body /html --- Guildlogin.php --- This should create a session variable for the authentication, but it fails at some point. I have checked the sessiondata on my testserver, and that shows blank. So it's clear for me that I don't get the information saved in the variable $_SESSION. I don't get any sql errors, so I don't think that is the problem. But then againit is my first script, and I could offcourse be wrong. I'm not sure where I should put the echo $sql; to check the query.Since the Guildlogin.php sends me directly to the error page at the end of execution. The script sends me to the loginerror.php even if the username and the password is correct. The point here is that this happens every time I press the button login in the form, regardless of the input in the form. Code for Guildlogin.php: -- ?php include (connections/HOoStest.php); session_start(); if (@$_GET['guildaction'] == login); { $sql = SELECT guilduser_name FROM guildlogin WHERE guilduser_name='$_POST[guilduser_name]'; $result = mysql_query($sql) or die(Couldn't execute query.); $num = mysql_num_rows($result); if ($num ==1) //loginname found { $sql = SELECT guilduser_name FROM guildlogin WHERE guilduser_name='$_POST[guilduser_name]' AND guilduser_pass=password('$_POST[guilduser_pass]'); $result2 = mysql_query($sql) or die(Couldn't execute query 2.); $num2 = mysql_num_rows($result2); if ($num2 0) //password is correct { $_SESSION['auth']=yes; $logname=$_POST['guilduser_name']; $_SESSION['logname'] = $logname; header(Location: HolyOrder1.php); exit(); } else //password is not correct { unset($guildaction); $message=Login not correct; header(Location: Guildloginerror.php); } } elseif ($num == 0) // Wrong name. Name not in db { unset($guildaction); $message=Login failed; header(Location: Guildloginerror.php); } } ? --- The form: --- I don't feel it's nessesary to explain this... --- Code for loginform: --- !DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.01 Transitional//EN http://www.w3.org/TR/html4/loose.dtd; html head titleHOoSloginpage for membersHOoS/title meta http-equiv=Content-Type content=text/html; charset=iso-8859-1 link href=stylesheets/holyorder.css rel=stylesheet type=text/css /head body bgcolor=#00 table width=100% border=0 cellspacing=0 cellpadding=0 class=maintext tr td width=200 align=centerimg src=guildimages/tabard.jpg alt=pic1/td td align=center !--Mainlogo-- img src=guildimages/main_logo.jpg alt=logo/td td width=200
Re: [PHP] Still struggeling with my first script...
Did one change in the script guildregister.php: Changed the md5 part in the INSERT query to: $sql_reg = sprintf(INSERT INTO guildlogin (guilduser_name, guilduser_pass) VALUES ('%s', password('%s')), $_POST['guilduser_name'], $_POST['guilduser_pass']); $reg = mysql_query($sql_reg) or die(mysql_error()); On 10/15/05, twistednetadmin [EMAIL PROTECTED] wrote: All: Sorry. I forgot to write what's wrongstupid me... Mike:1) I'm not sure how to indent the code... 2) I'm using Dreamweaver, but not to write the code for me. I'm not that lazy :). And that's not the way for me to learn. It's just rather annoying that all the tutorials I have tried seems to fail. How can I learn when I'm apparently given the wrong information. I am searching php.net http://php.net for the right code, but it can be rather overwhelming at some points Chris: No, it did not work before I made these changes. The way it should work: --- Guildregister.php - Sends the information from the form(guilduser_name and guilduser_pass) to the DB, encrypting the password with md5 encryption. This works as intended. No need for any security since am the only one with access to this. Code for Register.php: html head titleHOoSRegisterpage for new membersHOoS/title meta http-equiv=Content-Type content=text/html; charset=iso-8859-1 link href=stylesheets/holyorder.css rel=stylesheet type=text/css /head body bgcolor=#00 ?php include (connections/HOoStest.php); if (isset($_POST[MM_insert]) $_POST[MM_insert] == reg) { $sql_reg = sprintf(INSERT INTO guildlogin (guilduser_name, guilduser_pass) VALUES ('%s', '%s'), $_POST['guilduser_name'], md5($_POST['guilduser_pass'])); $reg = mysql_query($sql_reg) or die(mysql_error()); } ? table width=100% border=0 cellspacing=0 cellpadding=0 tr td width=200 align=centerimg src=guildimages/tabard.jpg alt=pic1/td td align=center !--Mainlogo-- img src=guildimages/main_logo.jpg alt=logo/td td width=200 align=centerimg src=guildimages/tabard.jpg alt=pic1/td /tr tr td colspan=3 align=center table form action=?php $_SERVER['PHP_SELF']; ? method=post tr td align=center valign=middle class=maintext New user:input name=guilduser_name /td /tr tr td align=center valign=middle class=maintext Password:input name=guilduser_pass type=passwordbr input type=hidden name=MM_insert value=reg /td /tr tr td align=center valign=middle class=maintext input name=submit type=image src=guildimages/register_btn.jpg value=update /td /tr /form /table /td /tr /table /body /html --- Guildlogin.php --- This should create a session variable for the authentication, but it fails at some point. I have checked the sessiondata on my testserver, and that shows blank. So it's clear for me that I don't get the information saved in the variable $_SESSION. I don't get any sql errors, so I don't think that is the problem. But then againit is my first script, and I could offcourse be wrong. I'm not sure where I should put the echo $sql; to check the query.Sincethe Guildlogin.php sends me directly to the error page at the end of execution. The script sends me to the loginerror.php even if the username and the password is correct. The point here is that this happens every time I press the button login in the form, regardless of the input in the form. Code for Guildlogin.php: -- ?php include (connections/HOoStest.php); session_start(); if (@$_GET['guildaction'] == login); { $sql = SELECT guilduser_name FROM guildlogin WHERE guilduser_name='$_POST[guilduser_name]'; $result = mysql_query($sql) or die(Couldn't execute query.); $num = mysql_num_rows($result); if ($num ==1) //loginname found { $sql = SELECT guilduser_name FROM guildlogin WHERE guilduser_name='$_POST[guilduser_name]' AND guilduser_pass=password('$_POST[guilduser_pass]'); $result2 = mysql_query($sql) or die(Couldn't execute query 2.); $num2 = mysql_num_rows($result2); if ($num2 0) //password is correct { $_SESSION['auth']=yes; $logname=$_POST['guilduser_name']; $_SESSION['logname'] = $logname; header(Location: HolyOrder1.php); exit(); } else //password is not correct { unset($guildaction); $message=Login not correct; header(Location: Guildloginerror.php); } } elseif ($num == 0) // Wrong name. Name not in db { unset($guildaction); $message=Login failed; header(Location: Guildloginerror.php); } } ? --- The form: --- I don't feel it's nessesary to explain this... --- Code for loginform: --- !DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.01
RE: [PHP] Still struggeling with my first script...
twistednetadmin mailto:[EMAIL PROTECTED] on Friday, October 14, 2005 5:15 PM said: All: Sorry. I forgot to write what's wrongstupid me... No problem. You'll get used to it. (I don't mean you'll get used to being stupid! I mean you'll get used to including all the relevant info!) It's just rather annoying that all the tutorials I have tried seems to fail. How can I learn when I'm apparently given the wrong information. The best way to learn is start with the very basics (which according to this one example you are not). First try to simply connect to a database and execute a simple query. --- Guildlogin.php --- This should create a session variable for the authentication, but it fails at some point. The way to debug this is by adding simple echo statements in each block of code. This will tell you what path the code is taking while processing. ?php if (this) { echo 1; } else { echo 2; if(this and that and the other) { echo 3; } } ? I have checked the sessiondata on my testserver, and that shows blank. Does every page that uses the $_SESSION variable have session_start() at beginning? I don't get any sql errors, so I don't think that is the problem. But then againit is my first script, and I could offcourse be wrong. I'm not sure where I should put the echo $sql; to check the query. Since the Guildlogin.php sends me directly to the error page at the end of execution. You should place the echo statement immediately before the SQL query is executed. (See below.) Code for Guildlogin.php: -- ?php include (connections/HOoStest.php); session_start(); if (@$_GET['guildaction'] == login); { $sql = SELECT guilduser_name FROM guildlogin WHERE guilduser_name='$_POST[guilduser_name]'; $_POST[guilduser_name] should look like {$_POST['guilduser_name']}. When an array is within a string it needs to be wrapped in curly braces. You should also always quote all your keys with ' so that the parser doesn't get confused with constants. Put the echo statement immediately before the following line. $result = mysql_query($sql) or die(Couldn't execute query.); That's all I have time for right now. HTH, Chris. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Offseting Binary File Data with php
I need to figure out a way to iterate through a binary file and offset values between two address by a fixed number //--- Why ? I am attempting to add file data to a pre-existing Quicktime file In the Quicktime file format, the 'stco' atom stores the location of all the track data in the Quicktime file If I add new data, all the 'stco' locations will be incorrect So, basically, I need to change all the offsets here is a picture of the stco data that needs to be offset http://www.siren.cc/code/stcoTable.gif here is the HEX data representation of the stco atom in a hex editor: http://www.siren.cc/code/stco_data.gif //-- Are there any good php tutorials out there that deal with binary/hex operations of this sort ? Thus far, I have not seen many tutorials featuring functions like bin2hex(), pack, and unpack I am a bit new to binary so any help is appreciated :) g -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Still struggeling with my first script...
twistednetadmin said the following on 10/14/05 17:15: All: Sorry. I forgot to write what's wrongstupid me... Mike:1) I'm not sure how to indent the code... By putting spaces in front of some of the lines, it will make your code much easier to read and your life much, much easier. At its most basic you want to group lines within braces using indents so that you can easily tell what code is included in a particular loop/conditional statement. Here's a totally nonsensical example: ?php if($this==$that) { // This is that, do something print(pThis is equal to that/p\n); foreach($otherThing AS $key = $value) { // Now we're looping through all the other things if($value!=$that) { print(pThat's the wrong value!/p\n); } } // After looping through all the other things do something else here print(pFinished with all those other things/p\n); } else { // This is NOT that print(pThis is not that... how was I to know?/p\n); } ? 2) I'm using Dreamweaver, but not to write the code for me. I'm not that lazy :). And that's not the way for me to learn. It's just rather annoying that all the tutorials I have tried seems to fail. How can I learn when I'm apparently given the wrong information. Are you 100% certain that your php install is working properly? What error messages are you receiving? Make a page with only the following: ?php phpinfo(); ? What do you see when you open it? - Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Still struggeling with my first script...
Well. I have figured out that the login is working as it should. The query brings back both the username and the userpass and stores them in $_SESSION as: auth|yes|logname|Test When I echoed the query with both user and pass, I got both back as they should be. In this case I ran user:Test Pass:Testing Both came back. JOY!! :) What I did: if (@$_GET['guildaction'] == login); { $guilduser = $_POST['guilduser_name']; $guildpass = $_POST['guilduser_pass']; $sql = SELECT guilduser_name FROM guildlogin WHERE guilduser_name='$_POST[guilduser_name]'; $result = mysql_query($sql) or die(Couldn't execute query.); $num = mysql_num_rows($result); if ($num == 1) //loginname found { $sql1 = SELECT guilduser_name FROM guildlogin WHERE guilduser_name='$guilduser' AND guilduser_pass=password('$guildpass'); $result2 = mysql_query($sql1) or die(Couldn't execute query 2.); $num2 = mysql_num_rows($result2); if ($num2 0) //password is correct Thanks Michael! I must have written something wrong the first time I tried it. It seems though that it was all I needed to do. And offcourse all the others! Thanks alot! Don't think it will be the last time I ask about this session thing though. -TW-