php-general Digest 17 Feb 2008 15:34:09 -0000 Issue 5298
php-general Digest 17 Feb 2008 15:34:09 - Issue 5298 Topics (messages 269421 through 269429): Check time in between times 269421 by: Johny Burns 269423 by: Nathan Nobbe 269424 by: Emilio Astarita Re: Hex Strings Appended to Pathnames 269422 by: Mick Re: Fwrite Function 269425 by: Nick Stinemates Re: Session destruction problem 269426 by: Nick Stinemates 269428 by: Adil Drissi Re: Protected ZIP file with password 269427 by: Nick Stinemates regex usage 269429 by: Valedol Administrivia: To subscribe to the digest, e-mail: [EMAIL PROTECTED] To unsubscribe from the digest, e-mail: [EMAIL PROTECTED] To post to the list, e-mail: [EMAIL PROTECTED] -- ---BeginMessage--- I am having fields in my table where I put times like 4:30pm in string format Can anybody help with function which helps detect. Is it the current time between those fields? function checkinzone($time1,$time2):boolean Has to verify does the current time is in those 2 variables. Thank you for your help. My ability with time and date funtions in PHP are not that great ---End Message--- ---BeginMessage--- On Feb 17, 2008 12:53 AM, Johny Burns [EMAIL PROTECTED] wrote: I am having fields in my table where I put times like 4:30pm in string format Can anybody help with function which helps detect. Is it the current time between those fields? function checkinzone($time1,$time2):boolean Has to verify does the current time is in those 2 variables. Thank you for your help. My ability with time and date funtions in PHP are not that great convert $time1 and $time2 to unix timestamps; from there its a matter of basic logic; something like this (vaguely) function isTimeBetween($time1, $time2) { if(!($lowerBound = date('U', $time1)) { return false; } if(!($upperBound = date('U', $time2)) { return false; } $curTime = mktime(); if($curTime $lowerBound $curTime $upperBound) { return true; } else { return false; } } note; $time1 and $time2 will have to unix timestamps; this function will verify that by passing them through the date() function. http://www.php.net/manual/en/function.date.php if you want something a little more flexible; check out; strtotime(); http://www.php.net/manual/en/function.strtotime.php and also, the DateTime class will make for good reading ;) http://www.php.net/manual/en/function.date-create.php -nathan ---End Message--- ---BeginMessage--- Johny Burns [EMAIL PROTECTED] writes: I am having fields in my table where I put times like 4:30pm in string format Check this: http://dev.mysql.com/doc/refman/5.0/en/date-and-time-types.html Perhaps you could use a data type date for that. Can anybody help with function which helps detect. Is it the current time between those fields? function checkinzone($time1,$time2):boolean Has to verify does the current time is in those 2 variables. This may help you: function strange2min($strange) { $h24h = substr($strange,-2); list($hour,$minute) = preg_split(/(?i:am|pm|:)/,$strange); if ($h24h == 'am' $hour == 12) { $hour = 0; } elseif ($h24h == 'pm') { $hour = $hour + 12; } return ($hour * 60) + $minute; } function checkinzone($start,$end) { $now = (date('G') * 60) + date('i'); $start = strange2min($start); $end = strange2min($end); return ( ($start = $now ) ($now = $end)); } // test $start = 1:30am; $end = 9:39am; echo 'strong', var_dump(checkinzone($start,$end)),'/strong'; -- Emilio Astarita [EMAIL PROTECTED] ---End Message--- ---BeginMessage--- Nathan Rixham wrote: Richard Lynch wrote: I don't know if it's before/after, but PHP can't change the GET request to something it wasn't... So THAT was the URL requested. You might have some kind of funky mod_rewrite rule messing you up... On Tue, January 29, 2008 5:22 am, Mick wrote: Richard Lynch wrote: On Sun, January 27, 2008 7:57 am, Mick wrote: Operating System: CentOS 4.6 PHP Version: 4.3.9-3.22.9 Zend Optimizer (free) version: 3.2.6 Hello. I've got somewhat of a strange problem here involving Squirrelmail. Basically, what is happening is that one of our customers is logged out of his Squirrelmail session at random intervals. This can occur when he goes to read an email or, after composing an email, when he clicks on the Send button. The following log entries correspond with those times that the customer is logged out. [error] [client X.X.X.X] File does not exist: /var/www/squirrelmail/src/redirect.php3a5def33 [error] [client X.X.X.X] File does not exist: /var/www/squirrelmail/src/redirect.php29e09f87 [error] [client X.X.X.X] File does not exist: /var/www/squirrelmail/src/move_messages.phpf9f96dfb [error] [client X.X.X.X] File does not exist: /var/www/squirrelmail/src/redirect.phpdc6cc80a So what would be the cause of appending those hex strings to those
Re: [PHP] Session destruction problem
Adil Drissi wrote: Hi everybody, I need help with sessions. I have a simple authentification relying only on sessions (i don't use cookies). After the user submits his username and password, the script checks if that corresponds to a record in a mysql table. If this is the case $_SESSION['sessioname'] = $_POST['login'];. the $_SESSION['sessioname'] is checked in subsequent pages to see if the user is connected or not. The problem is after the user logs out, and after that uses the previous button of the browser he becomes connected. How can i prevent this please. Here is my logout.php: ?php session_start(); unset($_SESSION[sessioname]); session_destroy(); header(location: index.php); ? Thank you for advance Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping Is your session being set in any other place but your login page? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Protected ZIP file with password
Petrus Bastos wrote: Hey folks, Do you know how can I create a protected zip file with password? Is there anyway? I've search on the internet, but without success. Thank's in advance, Petrus Bastos. The easiest way to accomplish this would be to write a wrapper function using the zip tool provided by (almost every) Linux distribution. ?php function zip($directory, $password, $saveAs) { return exec(zip -r $saveAs -P $password $directory; } print zip(/home/nick, mypass, /tmp/homebackup.zip); ? Please note: the -P flag can be monitored on the local system so it is considered insecure. If you're going to be accepting input, you should also wrap your variables in escapeshellarg() http://us3.php.net/zip http://us.php.net/manual/en/function.exec.php from the zip manual entry THIS IS INSECURE! Many multi-user operating sys-tems provide ways for any user to see the current command line of any other user; even on stand-alone systems there is always the threat of over-the-shoulder peeking. Storing the plaintext password as part of a command line in an automated script is even worse. Whenever possible, use the non-echoing, interactive prompt to enter passwords. (And where security is truly important, use strong encryption such as Pretty Good Privacy instead of the relatively weak encryption provided by standard zipfile utilities.) == Nick Stinemates ([EMAIL PROTECTED]) http://nick.stinemates.org AIM: Nick Stinemates MSN: [EMAIL PROTECTED] Yahoo: [EMAIL PROTECTED] == -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session destruction problem
Is your session being set in any other place but your login page? No, just in the page just to which the form of login and password points. Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] regex usage
Valedol wrote: Is there a mothod to check string`s length with regex or the only way is using strlen? I want string consisting of 4 digits and check string with this code: if (preg_match(/\d{4}/,$_POST[id])) { echo $_POST[id]; } but preg_match returns true when string consists of 4 or more digits preg_match(/^\d{4}$/,$_POST['id']) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] regex usage
Is there a mothod to check string`s length with regex or the only way is using strlen? I want string consisting of 4 digits and check string with this code: if (preg_match(/\d{4}/,$_POST[id])) { echo $_POST[id]; } but preg_match returns true when string consists of 4 or more digits You could change the regex to use start/end anchors. Also, the trailing comma in the length specifier bit means 4 or more Eg: if (preg_match(/^\d{4,}$/, $_POST['id'])){ echo $_POST['id']; } -- Richard Heyes http://www.websupportsolutions.co.uk Knowledge Base and Helpdesk software hosted for you - no installation, no maintenance, new features automatic and free ** New Helpdesk demo now available ** -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: stream_select problem with signals
Nathan Rixham escribió: socket_strerror(socket_last_error()) maybe? That i can see in PHP manual socket functions sre not bundled by default in PHP 5.3.0 and above, so if i'm using the stream implementation, how i can determine if a signal interrupt a stream_select call, the stream not will to be a socket can be a any other stream supported types. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Protected ZIP file with password
Hi Nick, Sorry, but I forgot to tell you that I can't use this exec neither system commands because they are disabled for security precautions. So, Do you have any other ideas on how can I do that? Thanks for your help, Petrus Bastos. On Feb 17, 2008 5:15 AM, Nick Stinemates [EMAIL PROTECTED] wrote: Petrus Bastos wrote: Hey folks, Do you know how can I create a protected zip file with password? Is there anyway? I've search on the internet, but without success. Thank's in advance, Petrus Bastos. The easiest way to accomplish this would be to write a wrapper function using the zip tool provided by (almost every) Linux distribution. ?php function zip($directory, $password, $saveAs) { return exec(zip -r $saveAs -P $password $directory; } print zip(/home/nick, mypass, /tmp/homebackup.zip); ? Please note: the -P flag can be monitored on the local system so it is considered insecure. If you're going to be accepting input, you should also wrap your variables in escapeshellarg() http://us3.php.net/zip http://us.php.net/manual/en/function.exec.php from the zip manual entry THIS IS INSECURE! Many multi-user operating sys-tems provide ways for any user to see the current command line of any other user; even on stand-alone systems there is always the threat of over-the-shoulder peeking. Storing the plaintext password as part of a command line in an automated script is even worse. Whenever possible, use the non-echoing, interactive prompt to enter passwords. (And where security is truly important, use strong encryption such as Pretty Good Privacy instead of the relatively weak encryption provided by standard zipfile utilities.) == Nick Stinemates ([EMAIL PROTECTED]) http://nick.stinemates.org AIM: Nick Stinemates MSN: [EMAIL PROTECTED] Yahoo: [EMAIL PROTECTED] ==
Re: [PHP] PHP/mySQL dropping zeros after inserting number into record
On Feb 16, 2008 6:22 PM, Rob Gould [EMAIL PROTECTED] wrote: I've got a PHP script that inserts 00012345678 into a record in a mySQL database (it's a barcode). Things work ok unless the number has preceding zeros, and then the zeros get cut off and all I get is 12345678. I have the mySQL database fieldtype set to bigint(14). If the maximum length a barcode can be is 14, is there a better fieldtype to use that will keep the zeros? (or some way for PHP to tell mySQL not to chop off the zeros?) Rob, A few years ago, I developed a full-on inventory management system (with barcode printing and assignment, as well as scanning) and found that with Code 39 I didn't have the issue, but when using UPC or some other format, I often had to convert the code to string(). Then insert the data into a CHAR or VARCHAR column, because to most systems, INT 001234 is equal to INT 1234, but with more overhead, which is then normally trimmed. -- /Dan Daniel P. Brown Senior Unix Geek ? while(1) { $me = $mind--; sleep(86400); } ? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session destruction problem
On Feb 16, 2008 3:31 PM, Adil Drissi [EMAIL PROTECTED] wrote: Hi everybody, I need help with sessions. I have a simple authentification relying only on sessions (i don't use cookies). Just to let you know, if you're using sessions, you're using cookies. You're not setting the data in the client-side cookie, but a cookie is still installed on the system containing the PHPSESSID. -- /Dan Daniel P. Brown Senior Unix Geek ? while(1) { $me = $mind--; sleep(86400); } ? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] regex usage
--- Valedol [EMAIL PROTECTED] wrote: Is there a mothod to check string`s length with regex or the only way is using strlen? I want string consisting of 4 digits and check string with this code: if (preg_match(/\d{4}/,$_POST[id])) { echo $_POST[id]; } but preg_match returns true when string consists of 4 or more digits -- To check only 4 digit, you have to specify max lengh of the string in length specifier.. if (preg_match(/\d{4,4}/,$_POST[id])) { echo $_POST[id]; } --- Nirmalya Lahiri [+91-9433113536] Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Protected ZIP file with password
On Feb 16, 2008 3:39 PM, Petrus Bastos [EMAIL PROTECTED] wrote: Hey folks, Do you know how can I create a protected zip file with password? Is there anyway? I've search on the internet, but without success. If you have system() access, use something in the exec() family (and be sure to properly sanitize that). Otherwise, there is probably a PEAR or PECL module that will do the work for you. -- /Dan Daniel P. Brown Senior Unix Geek ? while(1) { $me = $mind--; sleep(86400); } ? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] regex usage
Valedol wrote: Is there a mothod to check string`s length with regex or the only way is using strlen? I want string consisting of 4 digits and check string with this code: if (preg_match(/\d{4}/,$_POST[id])) { echo $_POST[id]; } but preg_match returns true when string consists of 4 or more digits Yes you can, but why do it this way? What advantage is it over the following? Given that this isn't a real intense regex, I don't know how much you will save, but you could also do this. if ( strlen(intval($_POST['id'])) == 4 ) { echo $_POST['id']; } Not sure about speed, but it might be a little faster if you are looking for performance. Jim Lucas -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session destruction problem
Hi, I suppose this can be used to solve the problem i posted. Can you please tell me how, or send a link to ressource explaining that? Thanks --- Daniel Brown [EMAIL PROTECTED] wrote: On Feb 16, 2008 3:31 PM, Adil Drissi [EMAIL PROTECTED] wrote: Hi everybody, I need help with sessions. I have a simple authentification relying only on sessions (i don't use cookies). Just to let you know, if you're using sessions, you're using cookies. You're not setting the data in the client-side cookie, but a cookie is still installed on the system containing the PHPSESSID. -- /Dan Daniel P. Brown Senior Unix Geek ? while(1) { $me = $mind--; sleep(86400); } ? Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP/mySQL dropping zeros after inserting number into record
Daniel Brown wrote: On Feb 16, 2008 6:22 PM, Rob Gould [EMAIL PROTECTED] wrote: I've got a PHP script that inserts 00012345678 into a record in a mySQL database (it's a barcode). Things work ok unless the number has preceding zeros, and then the zeros get cut off and all I get is 12345678. I have the mySQL database fieldtype set to bigint(14). If the maximum length a barcode can be is 14, is there a better fieldtype to use that will keep the zeros? (or some way for PHP to tell mySQL not to chop off the zeros?) Rob, A few years ago, I developed a full-on inventory management system (with barcode printing and assignment, as well as scanning) and found that with Code 39 I didn't have the issue, but when using UPC or some other format, I often had to convert the code to string(). Then insert the data into a CHAR or VARCHAR column, because to most systems, INT 001234 is equal to INT 1234, but with more overhead, which is then normally trimmed. zerofill is the way - the stupid but works way is to store the barcodes backwards :D or indeed base convert them from 10 to 32.. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] upload issue
any idea why this fails?this is the error: Sorry, there was a problem uploading your file ?php require_once(classes/db.class.php); $target = ; $fileName = basename( $_FILES['uploaded']['name']); $extension = strtolower(strrchr($fileName,.)); $DB = new DB(); $insertID = $DB-insert_sql(INSERT INTO CMS_Media (File_Name) VALUES ('')); $target = media/ . $insertID . $extension; //echo $target; if (move_uploaded_file($_FILES['uploaded']['tmp_name'], $target)) { // Error echo File was uploaded!; } else { echo Sorry, there was a problem uploading your file.; } chmod($target, 0755); header(Location: crop.php?imageName=$newFileName); ? --- Edward H. Hotchkiss Chief Technical Officer Durgle, INC [EMAIL PROTECTED] http://www.durgle.com ---
Re: [PHP] Session destruction problem
At 12:31 PM -0800 2/16/08, Adil Drissi wrote: Hi everybody, I need help with sessions. I have a simple authentification relying only on sessions (i don't use cookies). After the user submits his username and password, the script checks if that corresponds to a record in a mysql table. If this is the case $_SESSION['sessioname'] = $_POST['login'];. the $_SESSION['sessioname'] is checked in subsequent pages to see if the user is connected or not. The problem is after the user logs out, and after that uses the previous button of the browser he becomes connected. How can i prevent this please. Here is my logout.php: ?php session_start(); unset($_SESSION[sessioname]); session_destroy(); header(location: index.php); ? That will destroy the session, but not the browser history. You'll need javascript to alter window history. Google window.history.forward Here's one link that may help: http://www.4guysfromrolla.com/webtech/111500-1.2.shtml Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] upload issue
On Sunday 17 February 2008 19:22:03 nihilism machine wrote: any idea why this fails?this is the error: Sorry, there was a problem uploading your file ?php require_once(classes/db.class.php); $target = ; $fileName = basename( $_FILES['uploaded']['name']); $extension = strtolower(strrchr($fileName,.)); $DB = new DB(); $insertID = $DB-insert_sql(INSERT INTO CMS_Media (File_Name) VALUES ('')); $target = media/ . $insertID . $extension; //echo $target; if (move_uploaded_file($_FILES['uploaded']['tmp_name'], $target)) { // Error echo File was uploaded!; } else { echo Sorry, there was a problem uploading your file.; } chmod($target, 0755); header(Location: crop.php?imageName=$newFileName); ? This looks weird. is this actually anything: $_FILES['uploaded']['tmp_name']. I always used $_FILES['tmp_name'], $_FILES['name'] and such --- Edward H. Hotchkiss Chief Technical Officer Durgle, INC [EMAIL PROTECTED] http://www.durgle.com --- -- --- Børge Holen http://www.arivene.net -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session destruction problem
Hi, Thanks for the link, it is very interesting, but as the author says, the solutions are not perfect. I'm wondering how yahoo mail for example are doing, or maybe they are using something else (not php)? Thank you --- tedd [EMAIL PROTECTED] wrote: At 12:31 PM -0800 2/16/08, Adil Drissi wrote: Hi everybody, I need help with sessions. I have a simple authentification relying only on sessions (i don't use cookies). After the user submits his username and password, the script checks if that corresponds to a record in a mysql table. If this is the case $_SESSION['sessioname'] = $_POST['login'];. the $_SESSION['sessioname'] is checked in subsequent pages to see if the user is connected or not. The problem is after the user logs out, and after that uses the previous button of the browser he becomes connected. How can i prevent this please. Here is my logout.php: ?php session_start(); unset($_SESSION[sessioname]); session_destroy(); header(location: index.php); ? That will destroy the session, but not the browser history. You'll need javascript to alter window history. Google window.history.forward Here's one link that may help: http://www.4guysfromrolla.com/webtech/111500-1.2.shtml Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Protected ZIP file with password
Petrus Bastos wrote: Hi Nick, Sorry, but I forgot to tell you that I can't use this exec neither system commands because they are disabled for security precautions. So, Do you have any other ideas on how can I do that? Thanks for your help, Petrus Bastos. On Feb 17, 2008 5:15 AM, Nick Stinemates [EMAIL PROTECTED] wrote: Petrus Bastos wrote: Hey folks, Do you know how can I create a protected zip file with password? Is there anyway? I've search on the internet, but without success. Thank's in advance, Petrus Bastos. The easiest way to accomplish this would be to write a wrapper function using the zip tool provided by (almost every) Linux distribution. ?php function zip($directory, $password, $saveAs) { return exec(zip -r $saveAs -P $password $directory; } print zip(/home/nick, mypass, /tmp/homebackup.zip); ? Please note: the -P flag can be monitored on the local system so it is considered insecure. If you're going to be accepting input, you should also wrap your variables in escapeshellarg() http://us3.php.net/zip http://us.php.net/manual/en/function.exec.php from the zip manual entry THIS IS INSECURE! Many multi-user operating sys-tems provide ways for any user to see the current command line of any other user; even on stand-alone systems there is always the threat of over-the-shoulder peeking. Storing the plaintext password as part of a command line in an automated script is even worse. Whenever possible, use the non-echoing, interactive prompt to enter passwords. (And where security is truly important, use strong encryption such as Pretty Good Privacy instead of the relatively weak encryption provided by standard zipfile utilities.) == Nick Stinemates ([EMAIL PROTECTED]) http://nick.stinemates.org AIM: Nick Stinemates MSN: [EMAIL PROTECTED] Yahoo: [EMAIL PROTECTED] == Unfortunately I don't have any other ideas. Since PHP's implementation of ZIP does not have password features you're left with the following options: * Write your own implementation based on RFC * Write an interface to another app which can zip the file for you * Something else I can't think of ;x Sorry I don't have any other ideas. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Protected ZIP file with password
Unfortunately I don't have access to this family of methods because security policy. Lefting this way out, I didn't find anyway on how to do that. If you have any idea or know any module can do that, I'll appreciate to know too! Thanks in advance, Petrus Bastos. On Feb 17, 2008 2:30 PM, Daniel Brown [EMAIL PROTECTED] wrote: On Feb 16, 2008 3:39 PM, Petrus Bastos [EMAIL PROTECTED] wrote: Hey folks, Do you know how can I create a protected zip file with password? Is there anyway? I've search on the internet, but without success. If you have system() access, use something in the exec() family (and be sure to properly sanitize that). Otherwise, there is probably a PEAR or PECL module that will do the work for you. -- /Dan Daniel P. Brown Senior Unix Geek ? while(1) { $me = $mind--; sleep(86400); } ?
Re: [PHP] Better DB Class MySQL
On Thursday 14 February 2008, Richard Lynch wrote: On Sun, February 10, 2008 9:31 am, Jochem Maas wrote: Larry Garfield schreef: http://www.php.net/pdo All the cool kids are doing it. not true - some of them use firebird ;-) And some have figured out that PDO does not quite live up to its promise (yet) and needs some more work... Particularly for the commercial DBs, as I understand it... You say that like I care about non-open-source databases. It's not PDO's fault that Oracle still thinks it's 1988. :-) Even if you're just using MySQL, PDO is far nicer than ext/mysql and ext/mysqli is not widely installed enough to be useful for those of us who have to deal with shared hosts. -- Larry Garfield AIM: LOLG42 [EMAIL PROTECTED] ICQ: 6817012 If nature has made any one thing less susceptible than all others of exclusive property, it is the action of the thinking power called an idea, which an individual may exclusively possess as long as he keeps it to himself; but the moment it is divulged, it forces itself into the possession of every one, and the receiver cannot dispossess himself of it. -- Thomas Jefferson -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Protected ZIP file with password
Nick, I thank you help! But unfortunalety I didn't find way to do this. I'll continue trying. If you have any other idea, I'll appreciate to hear! Best regards, Petrus Bastos. On Feb 17, 2008 4:57 PM, Nick Stinemates [EMAIL PROTECTED] wrote: Petrus Bastos wrote: Hi Nick, Sorry, but I forgot to tell you that I can't use this exec neither system commands because they are disabled for security precautions. So, Do you have any other ideas on how can I do that? Thanks for your help, Petrus Bastos. On Feb 17, 2008 5:15 AM, Nick Stinemates [EMAIL PROTECTED] wrote: Petrus Bastos wrote: Hey folks, Do you know how can I create a protected zip file with password? Is there anyway? I've search on the internet, but without success. Thank's in advance, Petrus Bastos. The easiest way to accomplish this would be to write a wrapper function using the zip tool provided by (almost every) Linux distribution. ?php function zip($directory, $password, $saveAs) { return exec(zip -r $saveAs -P $password $directory; } print zip(/home/nick, mypass, /tmp/homebackup.zip); ? Please note: the -P flag can be monitored on the local system so it is considered insecure. If you're going to be accepting input, you should also wrap your variables in escapeshellarg() http://us3.php.net/zip http://us.php.net/manual/en/function.exec.php from the zip manual entry THIS IS INSECURE! Many multi-user operating sys-tems provide ways for any user to see the current command line of any other user; even on stand-alone systems there is always the threat of over-the-shoulder peeking. Storing the plaintext password as part of a command line in an automated script is even worse. Whenever possible, use the non-echoing, interactive prompt to enter passwords. (And where security is truly important, use strong encryption such as Pretty Good Privacy instead of the relatively weak encryption provided by standard zipfile utilities.) == Nick Stinemates ([EMAIL PROTECTED]) http://nick.stinemates.org AIM: Nick Stinemates MSN: [EMAIL PROTECTED] Yahoo: [EMAIL PROTECTED] == Unfortunately I don't have any other ideas. Since PHP's implementation of ZIP does not have password features you're left with the following options: * Write your own implementation based on RFC * Write an interface to another app which can zip the file for you * Something else I can't think of ;x Sorry I don't have any other ideas. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] separating strings from extensions
i am using this code to get the extension of a filename: $extension = strtolower(strrchr($fileName,.)); how can i get the text BEFORE the . (period) ? thanks in advance. -e -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] separating strings from extensions
On Monday 18 February 2008 00:10:30 John Meyer wrote: Daniel Brown wrote: On Feb 17, 2008 5:37 PM, nihilism machine [EMAIL PROTECTED] wrote: i am using this code to get the extension of a filename: $extension = strtolower(strrchr($fileName,.)); how can i get the text BEFORE the . (period) You can STFW and RTFM. This list should never be your first place to ask simple questions. In any case ? $split = explode('.',strtolower($fileName)); $name = $split[0]; $ext = $split[1]; ? Flame job aside, that's going to fail on a compound extension such as .tar.gz by just returning .tar so. it.will.fail.this.one.to.txt and a fix would also fail because you would have to hardcord everygoddamn ending if thats what youre after. How many do you care to count for? I would say stick with the last dot, if its not particulary often you stumble over those .tar.bz2 endings. what does he want to upload anyway? Oi you, whats yer task? -- --- Børge Holen http://www.arivene.net -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] separating strings from extensions
Daniel Brown wrote: On Feb 17, 2008 5:37 PM, nihilism machine [EMAIL PROTECTED] wrote: i am using this code to get the extension of a filename: $extension = strtolower(strrchr($fileName,.)); how can i get the text BEFORE the . (period) You can STFW and RTFM. This list should never be your first place to ask simple questions. In any case ? $split = explode('.',strtolower($fileName)); $name = $split[0]; $ext = $split[1]; ? Flame job aside, that's going to fail on a compound extension such as .tar.gz by just returning .tar -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] separating strings from extensions
On Feb 17, 2008 5:37 PM, nihilism machine [EMAIL PROTECTED] wrote: i am using this code to get the extension of a filename: $extension = strtolower(strrchr($fileName,.)); how can i get the text BEFORE the . (period) You can STFW and RTFM. This list should never be your first place to ask simple questions. In any case ? $split = explode('.',strtolower($fileName)); $name = $split[0]; $ext = $split[1]; ? -- /Dan Daniel P. Brown Senior Unix Geek ? while(1) { $me = $mind--; sleep(86400); } ? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] separating strings from extensions
Børge Holen wrote: On Monday 18 February 2008 00:10:30 John Meyer wrote: Daniel Brown wrote: On Feb 17, 2008 5:37 PM, nihilism machine [EMAIL PROTECTED] wrote: i am using this code to get the extension of a filename: $extension = strtolower(strrchr($fileName,.)); how can i get the text BEFORE the . (period) You can STFW and RTFM. This list should never be your first place to ask simple questions. In any case ? $split = explode('.',strtolower($fileName)); $name = $split[0]; $ext = $split[1]; ? Flame job aside, that's going to fail on a compound extension such as .tar.gz by just returning .tar so. it.will.fail.this.one.to.txt and a fix would also fail because you would have to hardcord everygoddamn ending if thats what youre after. How many do you care to count for? I would say stick with the last dot, if its not particulary often you stumble over those .tar.bz2 endings. You could also stick with the first, i.e.: ? $split = explode('.',strtolower($fileName),1); $name = $split[0]; $ext = $split[1]; ? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] separating strings from extensions
John Meyer wrote: Børge Holen wrote: On Monday 18 February 2008 00:10:30 John Meyer wrote: Daniel Brown wrote: On Feb 17, 2008 5:37 PM, nihilism machine [EMAIL PROTECTED] wrote: i am using this code to get the extension of a filename: $extension = strtolower(strrchr($fileName,.)); how can i get the text BEFORE the . (period) You can STFW and RTFM. This list should never be your first place to ask simple questions. In any case ? $split = explode('.',strtolower($fileName)); $name = $split[0]; $ext = $split[1]; ? Flame job aside, that's going to fail on a compound extension such as .tar.gz by just returning .tar so. it.will.fail.this.one.to.txt and a fix would also fail because you would have to hardcord everygoddamn ending if thats what youre after. How many do you care to count for? I would say stick with the last dot, if its not particulary often you stumble over those .tar.bz2 endings. You could also stick with the first, i.e.: ? $split = explode('.',strtolower($fileName),1); $name = $split[0]; $ext = $split[1]; ? Or you can stop spreading bad advice and listen to Brady Mitchell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Session destruction problem
Adil Drissi wrote: Hi everybody, I need help with sessions. I have a simple authentification relying only on sessions (i don't use cookies). After the user submits his username and password, the script checks if that corresponds to a record in a mysql table. If this is the case $_SESSION['sessioname'] = $_POST['login'];. the $_SESSION['sessioname'] is checked in subsequent pages to see if the user is connected or not. The problem is after the user logs out, and after that uses the previous button of the browser he becomes connected. How can i prevent this please. Here is my logout.php: ?php session_start(); unset($_SESSION[sessioname]); session_destroy(); header(location: index.php); ? Thank you for advance Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping I don't think they are reconnected. What happens if they logout, then hit back, then hit refresh? Are they loggedin? Probably not. It may just appear that way because the back bottom brings up a cache of the previous page. But once the user tries to do anything that requires that they be loggedin, I doubt they can. -Shawn -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] separating strings from extensions
On Feb 17, 2008, at 256PM, Daniel Brown wrote: On Feb 17, 2008 5:37 PM, nihilism machine [EMAIL PROTECTED] wrote: i am using this code to get the extension of a filename: $extension = strtolower(strrchr($fileName,.)); how can i get the text BEFORE the . (period) You can STFW and RTFM. This list should never be your first place to ask simple questions. PLEASE start using the PHP manual! http://php.net/pathinfo http://php.net/basename Brady -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] upload issue
nihilism machine wrote: any idea why this fails?this is the error: Sorry, there was a problem uploading your file It can't move the file to the $target location, or maybe the file wasn't uploaded properly in the first place. What's in $_FILES['uploaded']['error'] ? http://www.php.net/manual/en/features.file-upload.errors.php if (move_uploaded_file($_FILES['uploaded']['tmp_name'], $target)) { // Error echo File was uploaded!; } else { echo Sorry, there was a problem uploading your file.; } chmod($target, 0755); Files do not need to be 0755, they should be 0644 unless you want them to actually run something (eg they are a shell script or perl script that you'd run from the cmd line). -- Postgresql php tutorials http://www.designmagick.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] upload issue
Børge Holen wrote: On Sunday 17 February 2008 19:22:03 nihilism machine wrote: any idea why this fails?this is the error: Sorry, there was a problem uploading your file ?php require_once(classes/db.class.php); $target = ; $fileName = basename( $_FILES['uploaded']['name']); $extension = strtolower(strrchr($fileName,.)); $DB = new DB(); $insertID = $DB-insert_sql(INSERT INTO CMS_Media (File_Name) VALUES ('')); $target = media/ . $insertID . $extension; //echo $target; if (move_uploaded_file($_FILES['uploaded']['tmp_name'], $target)) { // Error echo File was uploaded!; } else { echo Sorry, there was a problem uploading your file.; } chmod($target, 0755); header(Location: crop.php?imageName=$newFileName); ? This looks weird. is this actually anything: $_FILES['uploaded']['tmp_name']. I always used $_FILES['tmp_name'], $_FILES['name'] and such According to php docs it's always a multi-dimensional array: http://www.php.net/manual/en/features.file-upload.php The 'uploaded' is what you call the file input in your form. -- Postgresql php tutorials http://www.designmagick.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] upload issue
On Monday 18 February 2008 00:59:31 Chris wrote: Børge Holen wrote: On Sunday 17 February 2008 19:22:03 nihilism machine wrote: any idea why this fails?this is the error: Sorry, there was a problem uploading your file ?php require_once(classes/db.class.php); $target = ; $fileName = basename( $_FILES['uploaded']['name']); $extension = strtolower(strrchr($fileName,.)); $DB = new DB(); $insertID = $DB-insert_sql(INSERT INTO CMS_Media (File_Name) VALUES ('')); $target = media/ . $insertID . $extension; //echo $target; if (move_uploaded_file($_FILES['uploaded']['tmp_name'], $target)) { // Error echo File was uploaded!; } else { echo Sorry, there was a problem uploading your file.; } chmod($target, 0755); header(Location: crop.php?imageName=$newFileName); ? This looks weird. is this actually anything: $_FILES['uploaded']['tmp_name']. I always used $_FILES['tmp_name'], $_FILES['name'] and such According to php docs it's always a multi-dimensional array: http://www.php.net/manual/en/features.file-upload.php The 'uploaded' is what you call the file input in your form. oh well, as long as it works for me, thanks for the info -- Postgresql php tutorials http://www.designmagick.com/ -- --- Børge Holen http://www.arivene.net -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Protected ZIP file with password
Petrus Bastos wrote: Unfortunately I don't have access to this family of methods because security policy. Lefting this way out, I didn't find anyway on how to do that. If you have any idea or know any module can do that, I'll appreciate to know too! See if the pear package does what you want: http://pear.php.net/package/File_Archive -- Postgresql php tutorials http://www.designmagick.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Better DB Class MySQL
On Feb 17, 2008 3:49 PM, Larry Garfield [EMAIL PROTECTED] wrote: On Thursday 14 February 2008, Richard Lynch wrote: On Sun, February 10, 2008 9:31 am, Jochem Maas wrote: Larry Garfield schreef: http://www.php.net/pdo All the cool kids are doing it. not true - some of them use firebird ;-) And some have figured out that PDO does not quite live up to its promise (yet) and needs some more work... Particularly for the commercial DBs, as I understand it... You say that like I care about non-open-source databases. It's not PDO's fault that Oracle still thinks it's 1988. :-) Even if you're just using MySQL, PDO is far nicer than ext/mysql and ext/mysqli is not widely installed enough to be useful for those of us who have to deal with shared hosts. You say that like you're the only person using PHP for databases. ;-) Perhaps you don't care; some of us do. (SQL Server in my case, not Oracle.) I like the idea of PDO, but I don't like the way a couple things work with regard to parameterized queries and some things just flat out don't work right. Andrew
Re: [PHP] Protected ZIP file with password
Chris, Thanks for your help, but I think that package can't make what I want. But , I appreciate your help anyway and if you have any other ideas, please let me know! :) Thanks, Petrus Bastos. On Feb 17, 2008 10:38 PM, Chris [EMAIL PROTECTED] wrote: Petrus Bastos wrote: Unfortunately I don't have access to this family of methods because security policy. Lefting this way out, I didn't find anyway on how to do that. If you have any idea or know any module can do that, I'll appreciate to know too! See if the pear package does what you want: http://pear.php.net/package/File_Archive -- Postgresql php tutorials http://www.designmagick.com/
Re: [PHP] Re: Session destruction problem
Well, i'm doing all that. Maybe something is wrong in my code. I'll arrange my code in a way that it will be easy to run and i'll post it. I think like that, you'll see by yourself and you gonna help to fix that for sure. Thank you --- Shawn McKenzie [EMAIL PROTECTED] wrote: Adil Drissi wrote: Hi everybody, I need help with sessions. I have a simple authentification relying only on sessions (i don't use cookies). After the user submits his username and password, the script checks if that corresponds to a record in a mysql table. If this is the case $_SESSION['sessioname'] = $_POST['login'];. the $_SESSION['sessioname'] is checked in subsequent pages to see if the user is connected or not. The problem is after the user logs out, and after that uses the previous button of the browser he becomes connected. How can i prevent this please. Here is my logout.php: ?php session_start(); unset($_SESSION[sessioname]); session_destroy(); header(location: index.php); ? Thank you for advance Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping I don't think they are reconnected. What happens if they logout, then hit back, then hit refresh? Are they loggedin? Probably not. It may just appear that way because the back bottom brings up a cache of the previous page. But once the user tries to do anything that requires that they be loggedin, I doubt they can. -Shawn -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Protected ZIP file with password
Petrus Bastos wrote: Chris, Thanks for your help, but I think that package can't make what I want. But , I appreciate your help anyway and if you have any other ideas, please let me know! :) Thanks, Petrus Bastos. On Feb 17, 2008 10:38 PM, Chris [EMAIL PROTECTED] wrote: Petrus Bastos wrote: Unfortunately I don't have access to this family of methods because security policy. Lefting this way out, I didn't find anyway on how to do that. If you have any idea or know any module can do that, I'll appreciate to know too! See if the pear package does what you want: http://pear.php.net/package/File_Archive -- Postgresql php tutorials http://www.designmagick.com/ I'm sure you know what you're doing, but maybe you'd be better off letting us know the task / process to better understand what you'd like to accomplish. From there, since it's obvious that PHP does not have built in password functions, and that exec() is out of the question; maybe we can figure out how to move onward. -- == Nick Stinemates ([EMAIL PROTECTED]) http://nick.stinemates.org AIM: Nick Stinemates MSN: [EMAIL PROTECTED] Yahoo: [EMAIL PROTECTED] == -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Session destruction problem
Adil Drissi wrote: Well, i'm doing all that. Maybe something is wrong in my code. I'll arrange my code in a way that it will be easy to run and i'll post it. I think like that, you'll see by yourself and you gonna help to fix that for sure. Thank you --- Shawn McKenzie [EMAIL PROTECTED] wrote: Adil Drissi wrote: Hi everybody, I need help with sessions. I have a simple authentification relying only on sessions (i don't use cookies). After the user submits his username and password, the script checks if that corresponds to a record in a mysql table. If this is the case $_SESSION['sessioname'] = $_POST['login'];. the $_SESSION['sessioname'] is checked in subsequent pages to see if the user is connected or not. The problem is after the user logs out, and after that uses the previous button of the browser he becomes connected. How can i prevent this please. Here is my logout.php: ?php session_start(); unset($_SESSION[sessioname]); session_destroy(); header(location: index.php); ? Thank you for advance Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping I don't think they are reconnected. What happens if they logout, then hit back, then hit refresh? Are they loggedin? Probably not. It may just appear that way because the back bottom brings up a cache of the previous page. But once the user tries to do anything that requires that they be loggedin, I doubt they can. -Shawn -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs From the code you've shown it should work fine, but you might do unset($_SESSION); or $_SESSION = array(); instead of unset($_SESSION[sessioname]);. Regardless, the fact is that the page you see is cached and I can't believe that after logout you can go back and then click a link to another page and still be loggedin. -Shawn -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php