Re: [PHP] PLEASE help, this is driving me crazy - is saveHTML() etc not UTF-8 capable?
mike wrote: On Tue, Feb 17, 2009 at 4:26 PM, mike mike...@gmail.com wrote: i tried that kind of stuff - it did not seem to work. i will try again... if anyone has any ideas i.e. use iconv to convert to A, then use DOM stuff, then use iconv to move it back to UTF8... etc. i am all ears. Nope - for example this is the input text (apologies if your reader isn't utf-8) - simplified chinese 足以概括英特尔为此所付出的努力。谈及移动设备,英特尔公司自诩在该领域的创新犹如其户友好性设计及能效等一样出类拔萃。同时,英特尔也一直表示要帮助构建能够 Output is this: auml;cedil;#128;aring;#143;yen;ldquo;egrave;#139;plusmn;ccedil;#137;sup1;aring;deg;#148;ccedil;#131;shy;egrave;iexcl;middot;auml;ordm;#142;ccedil;sect;raquo;aring;#138;u What is funny is I don't care about altering the actual content, only the content of the href and src attributes, which are all standard latin-based URLs, too. Here's the simplest code to create the behavior $q = db_query(SELECT id,old FROM testing, redirects); while(list($id, $doc) = db_rows($q)) { $new = fix_document($doc); $new = db_escape($new); db_query(UPDATE testing SET new='$new' WHERE id=$id, redirects); } db_free($q); function fix_document($string) { $dom = new DomDocument('1.0', 'UTF-8'); @$dom-loadHTML($string); $dom-preserveWhiteSpace = false; return $dom-saveHTML(); } (Note: it is not the db functions, if I do this: function fix_document($string) { return $string; } The content is unaltered. Anyone with any ideas? Any options to feed to the DOM stuff? It's translating the stuff to htmlentities, which I don't want either. As i understand all non ASCII characters will be converted to html entities. Try this function fix_document($string) { $dom = new DomDocument('1.0', 'UTF-8'); @$dom-loadHTML($string); $dom-preserveWhiteSpace = false; return html_entity_decode($dom-saveHTML(),ENT_QUOTES,UTF-8); } header(Content-Type: text/html; charset=UTF-8); echo fix_document('data here'); -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Unique User Hashes
'Twas brillig, and Ian at 18/02/09 07:09 did gyre and gimble: We dont have registration - its a once off vote anonymously using the hash in the original email. We dont want registration otherwise it would be much easier - but this was the best way I could think of without user registration :/ Do you have to invite people to vote or can anyone come along and cast? If the former you could email a UUID token to them or similar as part of the link. Once that UUID was spent it wouldn't allow voting again. I say UUID as a regular auto-incrementing id would be fairly easy to guess ;) Of course this may not be appropriate in this circumstance. Col -- Colin Guthrie gmane(at)colin.guthr.ie http://colin.guthr.ie/ Day Job: Tribalogic Limited [http://www.tribalogic.net/] Open Source: Mandriva Linux Contributor [http://www.mandriva.com/] PulseAudio Hacker [http://www.pulseaudio.org/] Trac Hacker [http://trac.edgewall.org/] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Fwd: [PHP] Re: Unique User Hashes
Forgot to send to list. -- Forwarded message -- From: Ian barnrac...@gmail.com Date: Wed, Feb 18, 2009 at 11:12 AM Subject: Re: [PHP] Re: Unique User Hashes To: Colin Guthrie gm...@colin.guthr.ie 'Twas brillig, and Ian at 18/02/09 07:09 did gyre and gimble: We dont have registration - its a once off vote anonymously using the hash in the original email. We dont want registration otherwise it would be much easier - but this was the best way I could think of without user registration :/ Do you have to invite people to vote or can anyone come along and cast? If the former you could email a UUID token to them or similar as part of the link. Once that UUID was spent it wouldn't allow voting again. I say UUID as a regular auto-incrementing id would be fairly easy to guess ;) Of course this may not be appropriate in this circumstance. Col Unfortunately its anyone can come along and vote - no email inviting :/ If you've already sent them an email with a hash in it, can you do something like: - require the hash be pasted into a field in your voting form - save the hash to a cookie - if the cookie doesn't exist, prompt for the hash again along with a link to resend the hash It's sort of 'login lite' in a way, but might be less oppressive than a full login process. Same as above - wouldnt work because we arent recording that info...
[PHP] Free XML and WDL classes/scripts
What are some good php classes/scripts to work with: Parsing XML data/files. Building SOAP/WDML (Im not too familiar with this so still trying to work it out) So far, I have a class from : PHP WSDL Generator - Version 1.1.0 b http://www.protung.ro Basically what I need to do is connect to/send some variables to a server, then get response in XML format and work with this data again (parse it) Hope this gives a good indication what I need, now to get some recomendations to some good free code to assist (or even some SOAP/XML/PHP/WDL(WSDL) tutorials also maybe) please. Thank you -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP strategy -- pass complex parameters by value or by reference?
Clancy schreef: I have a function to process a data file. This process opens the file, and then calls another function to process each entry. This function in turn calls another function to process each line of the entry. A set of fairly complex arrays specifies how all the possible types of entries and lines should be processed, and each function passes sections of these arrays to the next function. Is it better to pass the parameters by value, in which case they have to be copied into yet more memory when the function is called, or to pass by reference, which I suspect may involve additional overhead every time they are accessed? And is it better to combine several specifications arrays into one more complex array, and pass a single parameter, or to pass them individually as half a dozen different parameters? I suspect that I am probably asking a how long is a piece of string? type of question, but are there any general rules which are applicable to this type of situation? by reference is pointless (and less performant IIRC) unless the input will be changed, php does copy-on-write magic under the hood. one complex param or many simpler ones? I doubt either makes any difference, comes down to personal preference. ask yourself: will I still grok all this configuration magic/params 12 months from now? I might suggest you look into a refactoring the code to use an object, and have it store the parsing config/spec centrally as a property which each of the functions (methods) you mentioned can then read. in dutch they have a silly saying: 'How Long' is a chinaman. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Free XML and WDL classes/scripts
Anton Heuschen wrote: What are some good php classes/scripts to work with: Parsing XML data/files. xpath() or xslt. /Per -- Per Jessen, Zürich (-4.6°C) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Full versus relative URLs
2009/2/17 PJ af.gour...@videotron.ca: Stuart wrote: 2009/2/17 PJ af.gour...@videotron.ca: Dotan Cohen wrote: So put it all in one place: ?php include path.inc; printa href=\$path/dir/file.php\; ? Full URLs don't break when users save the pages to disk. That would be fine if the pages weren't being crafted in Dreamweaver, where inserting links like that is a pain. For that you'd have to ask on the Dreamweaver list. I don't really like those tools. I hope I'm not out of place here, but I have a problem that seems to be related. I am using some include statements for page headers with the pages in various directories on the site. The problem is this... if I put relative statements in the page (header.php) like ../images/file.jpg and ../file.php etc, if the page into which I include header.php is not in the top level directory, the links do not work and I have to copy header.php to header1.php and change the references to /images otherwise images are not displayed and links to not work in href. e.g.: 1. top level file books.php include (lib/db1.php);// Connect to database include (header1.php); 2. subdirectory: /authors/a.php include ../header.php; I thought that using referencing the top level of the directory tree (../) would work form anywhere within the tree? Am I the victim of my own misconceptions here? TIA to set me straight. Personally I always include files relative to my current location using the following... include dirname(__FILE__).'/lib/db1.php'; Could you clarify, please? I don't understand. And example, perhaps? my entry in books.php is ?php include ../header.php;? NOTE: Does it matter what ?php include dirname(__FILE__)./../header.php; ? Simple as! -Stuart -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP AS an FTP server
On Tue, 2009-02-17 at 18:54 +0200, Thodoris wrote: Hi, This is probably a bit stupid, but I've been having issues getting any of the good FTP servers running on my Ubuntu 6.06 (LTS) box. I've tried Pro-FTP, Pure-FTP, and briefly installed some others, but the versions available for my distro don't seem to support MySQL (or I'm simply doing something wrong). AFAIK in most distros the ftp servers come without mysql (or database) authentication support. If this is what is happening in your case you need to compile the ftp server from source adding a configuration time option to enable the database support. Anyway, I had the thought that the FTP server won't be used much, as I mainly use SSH, however I need to be able to give other people access, which is why I'm wondering if there are any PHP scripts that can be used AS an FTP server. That is, I'd setup Apache to accept on the standard FTP port(s), and get it to point everything to a PHP script, which I could then use to pull user/pass details each of which would have their own directories, allowing each user to access a sym-link to their domain(s) log file, website directory, and anything else. In case you have ssh enabled you may use the sftp subsystem that openssh supports if it fits your needs. It's more secure than plain ftp but you still have to add local user accounts which is a bad idea imo. You may use PHP to upload files using the http (and not the ftp) protocol by making a project that authenticates the user provides him the ability to upload, delete and download files using forms. There has to be something already written that implements such a procedure in case you don't want to code this by yourself. You may google to find whatever fits your needs. Has someone already got a script that does this (at least accepting FTP connections), or is this a crazy idea that's just not possible? Should I just compile the latest version of some FTP server, and try and configure that to do what I want instead? I suggest that since you need ftp access it would be much better if you could configure an ftp server instead of writing something on your own. The vsftp daemon is a good solution to your problem written including advanced security features but I don't know if it supports mysql authentication. On the other hand pro-ftpd does support modular authentication (mysql, ldap etc) if you compile the proper module. Thanks. -- Thodoris I used vsftp for several FTP systems at work, and bar a few problems (errors on my part!) they work just fine. I've even got PHP talking to various Bash scripts to manage users and permissions for the FTP, and, touch wood, everything works well. I wouldn't really agree that allowing local users to FTP in is a bad idea. I'm using just that method for my systems. The users, etc are only ever created through a web interface, which forces certain rules on usernames, which as far as I see it, is the only problem. As long as the vsftpd.conf file is configured correctly and securely, the whole thing will remain pretty tight. Ash www.ashleysheridan.co.uk The local users part was about ssh-sftp access Ash not ftp. IMO when you add local users you add extra risks to your system than simple ftp (non-local) users may not cause. Of course if you secure your system carefully everything will work fine but I would avoid that and there are many security issues that here is not the place to discuss. Of course if this fits your needs I have no objections. -- Thodoris
Re: [PHP] Full versus relative URLs
2009/2/18 PJ af.gour...@videotron.ca: Stuart wrote: 2009/2/17 PJ af.gour...@videotron.ca: Stuart wrote: 2009/2/17 PJ af.gour...@videotron.ca: Dotan Cohen wrote: So put it all in one place: ?php include path.inc; printa href=\$path/dir/file.php\; ? Full URLs don't break when users save the pages to disk. That would be fine if the pages weren't being crafted in Dreamweaver, where inserting links like that is a pain. For that you'd have to ask on the Dreamweaver list. I don't really like those tools. I hope I'm not out of place here, but I have a problem that seems to be related. I am using some include statements for page headers with the pages in various directories on the site. The problem is this... if I put relative statements in the page (header.php) like ../images/file.jpg and ../file.php etc, if the page into which I include header.php is not in the top level directory, the links do not work and I have to copy header.php to header1.php and change the references to /images otherwise images are not displayed and links to not work in href. e.g.: 1. top level file books.php include (lib/db1.php);// Connect to database include (header1.php); 2. subdirectory: /authors/a.php include ../header.php; I thought that using referencing the top level of the directory tree (../) would work form anywhere within the tree? Am I the victim of my own misconceptions here? TIA to set me straight. Personally I always include files relative to my current location using the following... include dirname(__FILE__).'/lib/db1.php'; Could you clarify, please? I don't understand. And example, perhaps? my entry in books.php is ?php include ../header.php;? NOTE: Does it matter what ?php include dirname(__FILE__)./../header.php; ? Simple as! -Stuart Ohhh... I think I just grasped my quandry by the tail... I had not thought about it before, but the problem seems to be that my header(s) do sometimes include links and/or other includes... so, I think there is no simple solution to this. I simply have to make different versions of such headers for different (sub)directories. Thanks for the clarification. I said what now? By using dirname it doesn't matter where a file is included from so long as it's never moved to a different relative location to the stuff it includes. But if you've had some sudden enlightenment I wish you luck with it. -Stuart -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Full versus relative URLs
Stuart wrote: 2009/2/17 PJ af.gour...@videotron.ca: Stuart wrote: 2009/2/17 PJ af.gour...@videotron.ca: Dotan Cohen wrote: So put it all in one place: ?php include path.inc; printa href=\$path/dir/file.php\; ? Full URLs don't break when users save the pages to disk. That would be fine if the pages weren't being crafted in Dreamweaver, where inserting links like that is a pain. For that you'd have to ask on the Dreamweaver list. I don't really like those tools. I hope I'm not out of place here, but I have a problem that seems to be related. I am using some include statements for page headers with the pages in various directories on the site. The problem is this... if I put relative statements in the page (header.php) like ../images/file.jpg and ../file.php etc, if the page into which I include header.php is not in the top level directory, the links do not work and I have to copy header.php to header1.php and change the references to /images otherwise images are not displayed and links to not work in href. e.g.: 1. top level file books.php include (lib/db1.php);// Connect to database include (header1.php); 2. subdirectory: /authors/a.php include ../header.php; I thought that using referencing the top level of the directory tree (../) would work form anywhere within the tree? Am I the victim of my own misconceptions here? TIA to set me straight. Personally I always include files relative to my current location using the following... include dirname(__FILE__).'/lib/db1.php'; Could you clarify, please? I don't understand. And example, perhaps? my entry in books.php is ?php include ../header.php;? NOTE: Does it matter what ?php include dirname(__FILE__)./../header.php; ? Simple as! -Stuart Ohhh... I think I just grasped my quandry by the tail... I had not thought about it before, but the problem seems to be that my header(s) do sometimes include links and/or other includes... so, I think there is no simple solution to this. I simply have to make different versions of such headers for different (sub)directories. Thanks for the clarification. -- Phil Jourdan --- p...@ptahhotep.com http://www.ptahhotep.com http://www.chiccantine.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] escape your variables
To focus on mysql_real_escape_string, I am recapping... questions below QUOTE:== Instead of doing this (for an imaginary table): $sql = insert into table1(field1, field2) values ('$value1', '$value2'); do $sql = insert into table1(field1, field2) values (' . mysql_real_escape_string($value1) . ', ' . mysql_real_escape_string($value2) . '); Now $value1 and $value2 can only be used as data, they can't be used against you. If you don't do that, try adding a last name of O'Reilly - your code will break because of the ' in the name. When you say escape all your inputs - just what do you mean? Does that mean I need some special routines that have to be repeated over and over every time there is an input... but what do you mean by an input? And, from looking at all the comments in the manual, it's not clear just where to stop... input means anything a user gives you. Whether it's a first name, last name, a comment in a blog, a website url - anything you get from a user must be escaped. END QUOTE === So, I am more confused than ever... TWO QUESTIONS: 1. It seems to me that submitting username, password and database_name is pretty dangerous. How does one deal with that? Do you use mysql_real_escape_string? e.g. ?php $db_host = 'localhost'; $db_user = 'root'; $db_pwd = 'gu...@#$'; $database = 'join_tutorial'; $table = 'authorBook'; if (!mysql_connect($db_host, $db_user, $db_pwd)) die(Can't connect to database); if (!mysql_select_db($database)) die(Can't select database); // sending query $result = mysql_query(SELECT * FROM {$table}); 2. How do you use mysql_real_escape_string on a string entered in a form page with input and $_POST where the inputs are strings like $titleIN, $authorINetc.? -- Phil Jourdan --- p...@ptahhotep.com http://www.ptahhotep.com http://www.chiccantine.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Full versus relative URLs
Stuart wrote: ?php include dirname(__FILE__)./../header.php; ? This generates a Fatal error: Cal to undefined function dirname() I must be really dense... What I don't understand in the above is this - dirname refers to what directory? -- the directory of the file that is including? what if the directory is the root directory of the site? (_FILE_) = what? - (_filename.ext_) or (filename.ext) --- what file is this, the file which is including the file header.php? and what does the . mean and then /../header.php --- I don't understand what to enter here Simple as! -Stuart Ohhh... I think I just grasped my quandry by the tail... I had not thought about it before, but the problem seems to be that my header(s) do sometimes include links and/or other includes... so, I think there is no simple solution to this. I simply have to make different versions of such headers for different (sub)directories. Thanks for the clarification. I said what now? By using dirname it doesn't matter where a file is included from so long as it's never moved to a different relative location to the stuff it includes. But if you've had some sudden enlightenment I wish you luck with it. -Stuart -- Phil Jourdan --- p...@ptahhotep.com http://www.ptahhotep.com http://www.chiccantine.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP AS an FTP server
Yeah, I don't want local user access (SSH, their own entries in passwd, etc..). Too much work to ensure they all have the correct file permissions, etc.. I think I'll just skip the PHP bit and use a proper FTP server. I've configured them a few times, but all the examples I found only had Anonymous FTP login, or MySQL (which is what I want), but the server wouldn't work with the MySQL plugin. Looks like I'll have to compile from source... joy. Thanks for all the replies though. Michael Kubler *G*rey *P*hoenix *P*roductions http://www.greyphoenix.biz Thodoris wrote: The local users part was about ssh-sftp access Ash not ftp. IMO when you add local users you add extra risks to your system than simple ftp (non-local) users may not cause. Of course if you secure your system carefully everything will work fine but I would avoid that and there are many security issues that here is not the place to discuss. Of course if this fits your needs I have no objections. -- Thodoris
Re: [PHP] Full versus relative URLs
2009/2/18 PJ af.gour...@videotron.ca: Stuart wrote: ?php include dirname(__FILE__)./../header.php; ? This generates a Fatal error: Cal to undefined function dirname() The dirname function is present in both PHP 4 and 5 and does not rely on any external libraries. Are you sure you're spelling it right? http://php.net/dirname I must be really dense... What I don't understand in the above is this - dirname refers to what directory? -- the directory of the file that is including? what if the directory is the root directory of the site? (_FILE_) = what? - (_filename.ext_) or (filename.ext) --- what file is this, the file which is including the file header.php? The __FILE__ (note 2 _'s either side) constant is the full path and filename to the current script. The dirname function knocks the filename off it to give you the directory the current script is in. You can then append a / and then the relative path to the script you want to include. By doing this you're ensuring that all includes are relative to the current script and are not affected by ini settings or anything else. and what does the . mean and then /../header.php --- I don't understand what to enter here The . is the string append operator. I tend to assume the most basic level of PHP knowledge from users of this list and I include the string append operator in that set. You might want to find a beginners tutorial for PHP and work through that to give you a solid foundation before attempting to work with multiple scripts. -Stuart -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Full versus relative URLs
--- Use FreeOpenSourceSoftwares, Stop piracy, Let the developers live. Get a Free CD of Ubuntu mailed to your door without any cost. Visit : www.ubuntu.com -- On Wed, Feb 18, 2009 at 8:02 PM, Stuart stut...@gmail.com wrote: 2009/2/18 PJ af.gour...@videotron.ca: Stuart wrote: ?php include dirname(__FILE__)./../header.php; ? This generates a Fatal error: Cal to undefined function dirname() The dirname function is present in both PHP 4 and 5 and does not rely on any external libraries. Are you sure you're spelling it right? http://php.net/dirname I must be really dense... What I don't understand in the above is this - dirname refers to what directory? -- the directory of the file that is including? what if the directory is the root directory of the site? (_FILE_) = what? - (_filename.ext_) or (filename.ext) --- what file is this, the file which is including the file header.php? The __FILE__ (note 2 _'s either side) constant is the full path and filename to the current script. The dirname function knocks the filename off it to give you the directory the current script is in. You can then append a / and then the relative path to the script you want to include. By doing this you're ensuring that all includes are relative to the current script and are not affected by ini settings or anything else. and what does the . mean and then /../header.php --- I don't understand what to enter here . (dot) is string concatenator/concatenation operator. And .. (double dot) used in a path is a shorthand for parent directory. Goto your command console . ie. CMD or Command.com or linux console type cd .. and press enter it will take you to one level up. also in this shorthand . (a single dot) means current directory/folder (please dont mixup with concatenation operator) The . is the string append operator. I tend to assume the most basic level of PHP knowledge from users of this list and I include the string append operator in that set. You might want to find a beginners tutorial for PHP and work through that to give you a solid foundation before attempting to work with multiple scripts. -Stuart -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] escape your variables
On Wed, Feb 18, 2009 at 8:34 AM, PJ af.gour...@videotron.ca wrote: To focus on mysql_real_escape_string, I am recapping... questions below QUOTE:== Instead of doing this (for an imaginary table): $sql = insert into table1(field1, field2) values ('$value1', '$value2'); do $sql = insert into table1(field1, field2) values (' . mysql_real_escape_string($value1) . ', ' . mysql_real_escape_string($value2) . '); Now $value1 and $value2 can only be used as data, they can't be used against you. If you don't do that, try adding a last name of O'Reilly - your code will break because of the ' in the name. When you say escape all your inputs - just what do you mean? Does that mean I need some special routines that have to be repeated over and over every time there is an input... but what do you mean by an input? And, from looking at all the comments in the manual, it's not clear just where to stop... input means anything a user gives you. Whether it's a first name, last name, a comment in a blog, a website url - anything you get from a user must be escaped. END QUOTE === So, I am more confused than ever... TWO QUESTIONS: 1. It seems to me that submitting username, password and database_name is pretty dangerous. How does one deal with that? Do you use mysql_real_escape_string? e.g. ?php $db_host = 'localhost'; $db_user = 'root'; $db_pwd = 'gu...@#$'; $database = 'join_tutorial'; $table = 'authorBook'; if (!mysql_connect($db_host, $db_user, $db_pwd)) die(Can't connect to database); if (!mysql_select_db($database)) die(Can't select database); // sending query $result = mysql_query(SELECT * FROM {$table}); Inputs are user supplied. Variables coming from inside the application code are not really inputs. I prefer a two step approach to ensure that I am (hopefully) free from potential problems. 1. Use filtering like regex and length checks [ http://ca2.php.net/manual/en/function.ereg.php] 2. Use mysql_real_escape_string in the query whereever the data is potentially harmful. 2. How do you use mysql_real_escape_string on a string entered in a form page with input and $_POST where the inputs are strings like $titleIN, $authorINetc.? ?php $error = ''; $title = ''; $authorIN=''; //initialize vars $title = (eregi(^[a-z0-9\.\s]+$,$_POST['title'])) ? $_POST['title'] : $error .= invalid title; $authorIN = (eregi(^[a-z\.\s]+$,$_POST['author'])) ? $_POST['author'] : $error .= invalid author; $sql = insert into table (title, author) values (' . mysql_real_escape_string($title) . ',' . mysql_real_escape_string($authorIN) . '); //rest of code ? -- Phil Jourdan --- p...@ptahhotep.com http://www.ptahhotep.com http://www.chiccantine.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Bastien Cat, the other other white meat
Re: [PHP] Opinions Please, Describing PHP as Web Framework of C and C++
Robert Cummings schreef: On Tue, 2009-02-17 at 11:48 -0800, Michael A. Peters wrote: Robert Cummings wrote: I think what you all are missing is that physics is just a framework for reality. I think you are missing that reality is just a construct of strawberry fields forever. Carl Sagan once said something like to make an apple pie you must first invent the universe. It follows that the invention of reality must come before the strawberry :) it doesn't if you are the strawberry. because from that point of view the strawberry would be the I, as in the inventor of the universe, ergo the strawberry comes before in that case. obviously this is subjective, but then given that reality implies total objectivity and that we can't surmount our own subjectivity we're stuck with the fact that we cannot prove either way whether the strawberry is self-aware (i.e. it might be or it might not be). additionally, given that the subjective I/inventor/ego is required in order to invent the universe (aka 'reality' according to Rob) leaves a few questions, namely, where/what is the inventor? is 'reality' actually real or merely a subjective construct? and what are ramifications for the apple pie? if the inventor is part of (contained within) the universe in which he/she/it makes the apple pie then how does that work? did the inventor invent him/her/it-self? and if he/she/it is not contained within why does the apple pie require such a container? am I boring anyone yet? this list is a framework for utter non-sense. Cheers, Rob. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Full versus relative URLs
Thodoris a écrit : Here's a question related to my last post. When specifying a link in a HTML file (like to the css or an image file), there are two ways of doing it. One is to simply include the relative path to the file (relative to the doc root), like: /graphics/my_portrait.gif Or you can include the full URL, like: http://example.com/graphics/my_portrait.gif My casual observation seems to indicate that the former will load faster than the latter. But has anyone done any benchmarking on it? Paul I am not aware if absolute URLs are faster or not (in case they are there will be such a small difference you cannot probably notice) but IMHO it is a bad practice to use full URLs. Basically because renaming directories or scripts will cause great pain in the ass. Of course resources that are coming outside your own site are needed to use absolute URLs and nobody is assuming that are useless. Hi Thodoris, In my opinion, the best use is to include your file with relative urls, like : img src=/path/to/img.jpg / for client side files (file from browsers. For includes serverside, i usually use $_SERVER['DOCUMENT_ROOT'] root path for inclusion, like : require_once($_SERVER['DOCUMENT_ROOT'] . '/../init/init.base.inc'); regards, Joko -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Unique User Hashes
On Wed, Feb 18, 2009 at 4:12 AM, Ian barnrac...@gmail.com wrote: Forgot to send to list. -- Forwarded message -- From: Ian barnrac...@gmail.com Date: Wed, Feb 18, 2009 at 11:12 AM Subject: Re: [PHP] Re: Unique User Hashes To: Colin Guthrie gm...@colin.guthr.ie 'Twas brillig, and Ian at 18/02/09 07:09 did gyre and gimble: We dont have registration - its a once off vote anonymously using the hash in the original email. We dont want registration otherwise it would be much easier - but this was the best way I could think of without user registration :/ Do you have to invite people to vote or can anyone come along and cast? If the former you could email a UUID token to them or similar as part of the link. Once that UUID was spent it wouldn't allow voting again. I say UUID as a regular auto-incrementing id would be fairly easy to guess ;) Of course this may not be appropriate in this circumstance. Col Unfortunately its anyone can come along and vote - no email inviting :/ If you've already sent them an email with a hash in it, can you do something like: - require the hash be pasted into a field in your voting form - save the hash to a cookie - if the cookie doesn't exist, prompt for the hash again along with a link to resend the hash It's sort of 'login lite' in a way, but might be less oppressive than a full login process. Same as above - wouldnt work because we arent recording that info... I think preregistration is essential if you truly need to prevent multiple votes. After all, when I go to cast my ballot in an election, I only get the privilege because I have preregistered to do so. If anyone can come along to a web site and vote and there is no registration, it sounds a lot more like a web poll than an actual ballot. Some sites I've seen that use polls seem to have done a pretty decent job of limiting votes (none come to mind off the top of my head) but ultimately all that any web poll has available to depend on will be an IP address (which may or may not be the actual client, depending on proxies and gateways) and the request headers (including cookies). Each has its own vulnerablities, as already discussed. Variables such as HTTP_X_FORWARDED_FOR, HTTP_X_VIA, etc. may get closer, but ultimately these are just request headers that are easy to forge, munge and/or discard at multiple points between the client and your server. Andrew -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] function array problem
I've had a bit of a problem with a function I'm using for a form. Essentially, the function looks like this: function addEvent($values = Array('name' = '', 'venue' = '', 'description' = '', 'errors' = Array())) { // code here displays the form } The function is used to both display an empty form, and the form populated with values again should there be any validation errors. Now this works fine when the form has been filled out and there are errors present, as I can call the function with the correct array values. However, when I call the function with no arguments (intending the function to populate the $values array itself) all it does is present me with an empty array. A print_r($values) just returns Array( ), no key values defined. I altered the function to this: function addEvent($values = Array()) { if(count($values) == 0) { $values = Array('name' = '', 'venue' = '', 'description' = '', 'errors' = Array()); } // code here displays the form } then all works as intended. Question is, am I being dense, or is there a reason why this shouldn't work? Ash www.ashleysheridan.co.uk While reading this thread I've noticed that you all use venue in the index of the parameter array. Is this intended or you actually mean value? You may want to consider these functions: |func_get_args ||func_get_arg| |func_num_args| to make the functions input more loose and have it accept multiple formats as needed like one dimensional, two dimensional or simple parameters the same time. -- Thodoris
Re: [PHP] Opinions Please, Describing PHP as Web Framework of C and C++
On Wed, 2009-02-18 at 15:55 +0100, Jochem Maas wrote: Robert Cummings schreef: On Tue, 2009-02-17 at 11:48 -0800, Michael A. Peters wrote: Robert Cummings wrote: I think what you all are missing is that physics is just a framework for reality. I think you are missing that reality is just a construct of strawberry fields forever. Carl Sagan once said something like to make an apple pie you must first invent the universe. It follows that the invention of reality must come before the strawberry :) it doesn't if you are the strawberry. because from that point of view the strawberry would be the I, as in the inventor of the universe, ergo the strawberry comes before in that case. obviously this is subjective, but then given that reality implies total objectivity and that we can't surmount our own subjectivity we're stuck with the fact that we cannot prove either way whether the strawberry is self-aware (i.e. it might be or it might not be). additionally, given that the subjective I/inventor/ego is required in order to invent the universe (aka 'reality' according to Rob) leaves a few questions, namely, where/what is the inventor? is 'reality' actually real or merely a subjective construct? and what are ramifications for the apple pie? if the inventor is part of (contained within) the universe in which he/she/it makes the apple pie then how does that work? did the inventor invent him/her/it-self? and if he/she/it is not contained within why does the apple pie require such a container? am I boring anyone yet? No, we all love infinite regressions :) Cheers, Rob. -- http://www.interjinn.com Application and Templating Framework for PHP -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] escape your variables
On Wed, Feb 18, 2009 at 8:34 AM, PJ af.gour...@videotron.ca wrote: To focus on mysql_real_escape_string, I am recapping... questions below QUOTE:== Instead of doing this (for an imaginary table): $sql = insert into table1(field1, field2) values ('$value1', '$value2'); do $sql = insert into table1(field1, field2) values (' . mysql_real_escape_string($value1) . ', ' . mysql_real_escape_string($value2) . '); Now $value1 and $value2 can only be used as data, they can't be used against you. If you don't do that, try adding a last name of O'Reilly - your code will break because of the ' in the name. When you say escape all your inputs - just what do you mean? Does that mean I need some special routines that have to be repeated over and over every time there is an input... but what do you mean by an input? And, from looking at all the comments in the manual, it's not clear just where to stop... input means anything a user gives you. Whether it's a first name, last name, a comment in a blog, a website url - anything you get from a user must be escaped. END QUOTE === So, I am more confused than ever... TWO QUESTIONS: 1. It seems to me that submitting username, password and database_name is pretty dangerous. How does one deal with that? Do you use mysql_real_escape_string? e.g. ?php $db_host = 'localhost'; $db_user = 'root'; $db_pwd = 'gu...@#$'; $database = 'join_tutorial'; $table = 'authorBook'; if (!mysql_connect($db_host, $db_user, $db_pwd)) die(Can't connect to database); if (!mysql_select_db($database)) die(Can't select database); // sending query $result = mysql_query(SELECT * FROM {$table}); 2. How do you use mysql_real_escape_string on a string entered in a form page with input and $_POST where the inputs are strings like $titleIN, $authorINetc.? -- Phil Jourdan --- p...@ptahhotep.com http://www.ptahhotep.com http://www.chiccantine.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Escaping means making sure your data remains data in the context of using it. If you don't escape your data correctly depending on the context, then user input can break your applications. Also if your site is worthy of it, perhaps even a malicious user might try something, but usually what ends up happening is O'Henry gets a white page. Why? Well most code I come across has that horrid or die() following the query. Keep in mind that you want to escape your variable when you're using it only. You do not want to escape the actual variable itself, but a copy of it. This is why magic quotes is such a bad idea. It taints your actual data with slashes. There's more to it than just that, but you can research it on your own. So here's some examples of bad behavior. = Database = Bad: $name = mysql_real_escape_string($_POST['name'], $link); myql_query(INSERT INTO foo (`name`) VALUES ('. $name .')); $name now contains slashes which means it is corrupt and not able to be echo'd without a stripslashes. You should never have to call stripslashes. If you do, you're doing it wrong. Better: myql_query(INSERT INTO foo (`name`) VALUES ('. mysql_real_escape_string($name, $link) .')); This is better because we escape it in the sql statement itself. $name remains unchanged in case we want to use it later. Best: Use prepared statements! = Html = Bad: $name = htmlspecialchars($name, ENT_QUOTES, 'UTF-8'); echo $name; This is bad because $name is contaminated with html entities. What happens if you want to use it to send an email? What happens if you want to get a substring of it or parse out a few sentences for a little preview? Better: echo htmlspecialchars($name, ENT_QUOTES, 'UTF-8'); This is better because we don't trust the data at all. You don't know what it contains. People find all sorts of interesting ways of getting weird characters into the apps I write, so just cover all bases. Another way: Create a pre-escaped version of the content in the db. Keep the original value so that the user can edit it, but also create a 'clean' version that you can just echo out. Just make sure you don't mess up. :) Keep in mind a lot of this is my opinion of course. I think keeping your data as data is the correct method. If you forget to escape even once though you open yourself up for broken applications/attacks. You could take the other approach of just letting ext/filter pre escape everything, but then you've got to decode all of that data if you ever want to use it as plain text. So find the happy balance that fits your needs the best and go for it. The main thing is understanding the difference between what your data is and its escaped version. Once you know that you can do what you need. -- http://www.voom.me | EFnet: #voom -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Opinions Please, Describing PHP as Web Framework of C and C++
Jochem Maas wrote: Robert Cummings schreef: On Tue, 2009-02-17 at 11:48 -0800, Michael A. Peters wrote: Robert Cummings wrote: I think what you all are missing is that physics is just a framework for reality. I think you are missing that reality is just a construct of strawberry fields forever. Carl Sagan once said something like to make an apple pie you must first invent the universe. It follows that the invention of reality must come before the strawberry :) it doesn't if you are the strawberry. because from that point of view the strawberry would be the I, as in the inventor of the universe, ergo the strawberry comes before in that case. obviously this is subjective, but then given that reality implies total objectivity and that we can't surmount our own subjectivity we're stuck with the fact that we cannot prove either way whether the strawberry is self-aware (i.e. it might be or it might not be). additionally, given that the subjective I/inventor/ego is required in order to invent the universe (aka 'reality' according to Rob) leaves a few questions, namely, where/what is the inventor? is 'reality' actually real or merely a subjective construct? and what are ramifications for the apple pie? if the inventor is part of (contained within) the universe in which he/she/it makes the apple pie then how does that work? did the inventor invent him/her/it-self? and if he/she/it is not contained within why does the apple pie require such a container? am I boring anyone yet Yet?!?! -Shawn -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] function array problem
Thodoris wrote: I've had a bit of a problem with a function I'm using for a form. Essentially, the function looks like this: function addEvent($values = Array('name' = '', 'venue' = '', 'description' = '', 'errors' = Array())) { // code here displays the form } The function is used to both display an empty form, and the form populated with values again should there be any validation errors. Now this works fine when the form has been filled out and there are errors present, as I can call the function with the correct array values. However, when I call the function with no arguments (intending the function to populate the $values array itself) all it does is present me with an empty array. A print_r($values) just returns Array( ), no key values defined. I altered the function to this: function addEvent($values = Array()) { if(count($values) == 0) { $values = Array('name' = '', 'venue' = '', 'description' = '', 'errors' = Array()); } // code here displays the form } then all works as intended. Question is, am I being dense, or is there a reason why this shouldn't work? Ash www.ashleysheridan.co.uk While reading this thread I've noticed that you all use venue in the index of the parameter array. Is this intended or you actually mean value? You may want to consider these functions: |func_get_args ||func_get_arg| |func_num_args| to make the functions input more loose and have it accept multiple formats as needed like one dimensional, two dimensional or simple parameters the same time. I'm not sure what the OP meant, but venue is a location, for example the location of a Metallica concert or the location of a court proceeding. Latin venire (to come) -- Thanks! -Shawn http://www.spidean.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Full versus relative URLs
PJ wrote: Stuart wrote: 2009/2/17 PJ af.gour...@videotron.ca: Stuart wrote: 2009/2/17 PJ af.gour...@videotron.ca: Dotan Cohen wrote: So put it all in one place: ?php include path.inc; printa href=\$path/dir/file.php\; ? Full URLs don't break when users save the pages to disk. That would be fine if the pages weren't being crafted in Dreamweaver, where inserting links like that is a pain. For that you'd have to ask on the Dreamweaver list. I don't really like those tools. I hope I'm not out of place here, but I have a problem that seems to be related. I am using some include statements for page headers with the pages in various directories on the site. The problem is this... if I put relative statements in the page (header.php) like ../images/file.jpg and ../file.php etc, if the page into which I include header.php is not in the top level directory, the links do not work and I have to copy header.php to header1.php and change the references to /images otherwise images are not displayed and links to not work in href. e.g.: 1. top level file books.php include (lib/db1.php);// Connect to database include (header1.php); 2. subdirectory: /authors/a.php include ../header.php; I thought that using referencing the top level of the directory tree (../) would work form anywhere within the tree? Am I the victim of my own misconceptions here? TIA to set me straight. Personally I always include files relative to my current location using the following... include dirname(__FILE__).'/lib/db1.php'; Could you clarify, please? I don't understand. And example, perhaps? my entry in books.php is ?php include ../header.php;? NOTE: Does it matter what ?php include dirname(__FILE__)./../header.php; ? Simple as! -Stuart Ohhh... I think I just grasped my quandry by the tail... I had not thought about it before, but the problem seems to be that my header(s) do sometimes include links and/or other includes... so, I think there is no simple solution to this. I simply have to make different versions of such headers for different (sub)directories. Thanks for the clarification. Well, just from what I've read of this thread, I think you need to step back and do a little planning on your directory/file layout. There are many ways to do it, and many on this list have their own good way, however, I think that one of the simplest for a beginner is the following: /index.php /header.php /footer.php /authors/a.php Now have your index.php include your header.php and then whatever file is necessary based upon certain conditions, such as GET vars in the URL, index.php?type=authorsfile=a and then whatever else, footer.php, etc... Obviously you don't want to just include whatever appears in the URL, but do some filtering and only accept specific values maybe, then append the result to the absolute path of the index.php. HTH -- Thanks! -Shawn http://www.spidean.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Full versus relative URLs
Stuart wrote: 2009/2/18 PJ af.gour...@videotron.ca: Stuart wrote: ?php include dirname(__FILE__)./../header.php; ? This generates a Fatal error: Cal to undefined function dirname() The dirname function is present in both PHP 4 and 5 and does not rely on any external libraries. Are you sure you're spelling it right? http://php.net/dirname I must be really dense... What I don't understand in the above is this - dirname refers to what directory? -- the directory of the file that is including? what if the directory is the root directory of the site? (_FILE_) = what? - (_filename.ext_) or (filename.ext) --- what file is this, the file which is including the file header.php? The __FILE__ (note 2 _'s either side) constant is the full path and filename to the current script. The dirname function knocks the filename off it to give you the directory the current script is in. You can then append a / and then the relative path to the script you want to include. By doing this you're ensuring that all includes are relative to the current script and are not affected by ini settings or anything else. and what does the . mean and then /../header.php --- I don't understand what to enter here The . is the string append operator. I tend to assume the most basic level of PHP knowledge from users of this list and I include the string append operator in that set. You might want to find a beginners tutorial for PHP and work through that to give you a solid foundation before attempting to work with multiple scripts. -Stuart What confused me here is that often, in examples, there are all sorts of references to files and there seems to be no standard as to how to refer to them in non-scripts such as these e-mails. So, I thought that dirname(_FILE_) was a general reference to a directory name and a file... :-( I don't want to defend myself here, but I cannot be expected to know all functions and look up anything that might resemble a function... I still do not understand, and that is the keyword here, I am trying to understand things - what does /../header.php mean. I know the 2 dots mean a higher directory in Unix... but I understood that ../ would mean the root directory - so what is the / before the ../header.php mean? When including scripts or pages, i find that if I am referencing to the current directory, just the filename or /filename works. If the reference is up a level, ../ works e.g. to reference root/images/ from root/authors = ../images/file.ext from root = /images/file.ext or images/file.ext I haven't needed to go to a deeper level yet. -- Phil Jourdan --- p...@ptahhotep.com http://www.ptahhotep.com http://www.chiccantine.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Full versus relative URLs
On Wed, Feb 18, 2009 at 12:05 PM, PJ af.gour...@videotron.ca wrote: Stuart wrote: 2009/2/18 PJ af.gour...@videotron.ca: Stuart wrote: ?php include dirname(__FILE__)./../header.php; ? This generates a Fatal error: Cal to undefined function dirname() The dirname function is present in both PHP 4 and 5 and does not rely on any external libraries. Are you sure you're spelling it right? http://php.net/dirname I must be really dense... What I don't understand in the above is this - dirname refers to what directory? -- the directory of the file that is including? what if the directory is the root directory of the site? (_FILE_) = what? - (_filename.ext_) or (filename.ext) --- what file is this, the file which is including the file header.php? The __FILE__ (note 2 _'s either side) constant is the full path and filename to the current script. The dirname function knocks the filename off it to give you the directory the current script is in. You can then append a / and then the relative path to the script you want to include. By doing this you're ensuring that all includes are relative to the current script and are not affected by ini settings or anything else. and what does the . mean and then /../header.php --- I don't understand what to enter here The . is the string append operator. I tend to assume the most basic level of PHP knowledge from users of this list and I include the string append operator in that set. You might want to find a beginners tutorial for PHP and work through that to give you a solid foundation before attempting to work with multiple scripts. -Stuart What confused me here is that often, in examples, there are all sorts of references to files and there seems to be no standard as to how to refer to them in non-scripts such as these e-mails. So, I thought that dirname(_FILE_) was a general reference to a directory name and a file... :-( I don't want to defend myself here, but I cannot be expected to know all functions and look up anything that might resemble a function... I still do not understand, and that is the keyword here, I am trying to understand things - what does /../header.php mean. I know the 2 dots mean a higher directory in Unix... but I understood that ../ would mean the root directory - so what is the / before the ../header.php mean? When including scripts or pages, i find that if I am referencing to the current directory, just the filename or /filename works. If the reference is up a level, ../ works e.g. to reference root/images/ from root/authors = ../images/file.ext from root = /images/file.ext or images/file.ext I haven't needed to go to a deeper level yet. -- Phil Jourdan --- p...@ptahhotep.com http://www.ptahhotep.com http://www.chiccantine.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php ../../ means go up two directories from the current working directory that your file is in -- Bastien Cat, the other other white meat
Re: [PHP] Full versus relative URLs
--- Use FreeOpenSourceSoftwares, Stop piracy, Let the developers live. Get a Free CD of Ubuntu mailed to your door without any cost. Visit : www.ubuntu.com -- On Wed, Feb 18, 2009 at 11:05 PM, PJ af.gour...@videotron.ca wrote: Stuart wrote: 2009/2/18 PJ af.gour...@videotron.ca: Stuart wrote: ?php include dirname(__FILE__)./../header.php; ? This generates a Fatal error: Cal to undefined function dirname() The dirname function is present in both PHP 4 and 5 and does not rely on any external libraries. Are you sure you're spelling it right? http://php.net/dirname dirname (PHP 4, PHP 5) dirname — Returns directory name component of path Description string dirname ( string $path ) Given a string containing a path to a file, this function will return the name of the directory. Parameters path A path. On Windows, both slash (/) and backslash (\) are used as directory separator character. In other environments, it is the forward slash (/). Return Values Returns the name of the directory. If there are no slashes in path , a dot ('.') is returned, indicating the current directory. Otherwise, the returned string is path with any trailing /component removed. Changelog Version Description 5.0.0 dirname() is now binary safe 4.0.3 dirname() was fixed to be POSIX-compliant. Examples Example #1 dirname() example ?php $path = /etc/passwd; $file = dirname($path); // $file is set to /etc ? Notes Note: Since PHP 4.3.0, you will often get a slash or a dot back from dirname() in situations where the older functionality would have given you the empty string. Check the following change example: ?php //before PHP 4.3.0 dirname('c:/'); // returned '.' //after PHP 4.3.0 dirname('c:/x'); // returns 'c:\' dirname('c:/Temp/x'); // returns 'c:/Temp' dirname('/x'); // returns '\' ? I must be really dense... What I don't understand in the above is this - dirname refers to what directory? -- the directory of the file that is including? what if the directory is the root directory of the site? (_FILE_) = what? - (_filename.ext_) or (filename.ext) --- what file is this, the file which is including the file header.php? The __FILE__ (note 2 _'s either side) constant is the full path and filename to the current script. The dirname function knocks the filename off it to give you the directory the current script is in. You can then append a / and then the relative path to the script you want to include. By doing this you're ensuring that all includes are relative to the current script and are not affected by ini settings or anything else. and what does the . mean and then /../header.php --- I don't understand what to enter here the . before the quotemark is the concatenation operator which joins the string(texts) together. :) The . is the string append operator. I tend to assume the most basic level of PHP knowledge from users of this list and I include the string append operator in that set. You might want to find a beginners tutorial for PHP and work through that to give you a solid foundation before attempting to work with multiple scripts. -Stuart What confused me here is that often, in examples, there are all sorts of references to files and there seems to be no standard as to how to refer to them in non-scripts such as these e-mails. So, I thought that dirname(_FILE_) was a general reference to a directory name and a file... :-( I don't want to defend myself here, but I cannot be expected to know all functions and look up anything that might resemble a function... I still do not understand, and that is the keyword here, I am trying to understand things - what does /../header.php mean. I know the 2 dots mean a higher directory in Unix... but I understood that ../ would mean the root directory - so what is the / before the ../header.php mean? When including scripts or pages, i find that if I am referencing to the current directory, just the filename or /filename works. If the reference is up a level, ../ works e.g. to reference root/images/ from root/authors = ../images/file.ext from root = /images/file.ext or images/file.ext I haven't needed to go to a deeper level yet. -- Phil Jourdan --- p...@ptahhotep.com http://www.ptahhotep.com http://www.chiccantine.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Full versus relative URLs
On Wed, Feb 18, 2009 at 12:05:21PM -0500, PJ wrote: Stuart wrote: 2009/2/18 PJ af.gour...@videotron.ca: Stuart wrote: ?php include dirname(__FILE__)./../header.php; ? snip What confused me here is that often, in examples, there are all sorts of references to files and there seems to be no standard as to how to refer to them in non-scripts such as these e-mails. So, I thought that dirname(_FILE_) was a general reference to a directory name and a file... :-( I don't want to defend myself here, but I cannot be expected to know all functions and look up anything that might resemble a function... I still do not understand, and that is the keyword here, I am trying to understand things - what does /../header.php mean. I know the 2 dots mean a higher directory in Unix... but I understood that ../ would mean the root directory - so what is the / before the ../header.php mean? When including scripts or pages, i find that if I am referencing to the current directory, just the filename or /filename works. If the reference is up a level, ../ works e.g. to reference root/images/ from root/authors = ../images/file.ext from root = /images/file.ext or images/file.ext I haven't needed to go to a deeper level yet. Let's break it down: dirname(__FILE__) . /../header.php; __FILE__ is a constant that represents the filename of whatever file it's in. This filename includes the directory to the file. dirname() parses out just the directory for the filename passed as a parameter. The . is, of course, the concatenate parameter for PHP. So we're going to add on whatever comes after the directory for the file. /../header.php This one is a little trickier. We want a file called header.php, but it's in a directory just above where you are. In Unix/Linux (and therefore most internet servers), ../header.php represents a file called header.php in the directory just above where you are. Now, you'll notice that what's quoted is /../header.php, not ../header.php. There's a leading slash there. Why? That's because we're going to append it to a directory which has no leading slash. So if dirname(__FILE__) yields /var/www/includes, and you just add ../header.php to it, you'd get: /var/www/includes../header.php, not the file you want. The file you want is: /var/www/includes/../header.php. And in this case, header.php actually resides in /var/www (one directory up from /var/www/includes). Paul -- Paul M. Foster -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Full versus relative URLs
Bastien Koert wrote: On Wed, Feb 18, 2009 at 12:05 PM, PJ af.gour...@videotron.ca wrote: Stuart wrote: 2009/2/18 PJ af.gour...@videotron.ca: Stuart wrote: ?php include dirname(__FILE__)./../header.php; ? This generates a Fatal error: Cal to undefined function dirname() The dirname function is present in both PHP 4 and 5 and does not rely on any external libraries. Are you sure you're spelling it right? http://php.net/dirname I must be really dense... What I don't understand in the above is this - dirname refers to what directory? -- the directory of the file that is including? what if the directory is the root directory of the site? (_FILE_) = what? - (_filename.ext_) or (filename.ext) --- what file is this, the file which is including the file header.php? The __FILE__ (note 2 _'s either side) constant is the full path and filename to the current script. The dirname function knocks the filename off it to give you the directory the current script is in. You can then append a / and then the relative path to the script you want to include. By doing this you're ensuring that all includes are relative to the current script and are not affected by ini settings or anything else. and what does the . mean and then /../header.php --- I don't understand what to enter here The . is the string append operator. I tend to assume the most basic level of PHP knowledge from users of this list and I include the string append operator in that set. You might want to find a beginners tutorial for PHP and work through that to give you a solid foundation before attempting to work with multiple scripts. -Stuart What confused me here is that often, in examples, there are all sorts of references to files and there seems to be no standard as to how to refer to them in non-scripts such as these e-mails. So, I thought that dirname(_FILE_) was a general reference to a directory name and a file... :-( I don't want to defend myself here, but I cannot be expected to know all functions and look up anything that might resemble a function... I still do not understand, and that is the keyword here, I am trying to understand things - what does /../header.php mean. I know the 2 dots mean a higher directory in Unix... but I understood that ../ would mean the root directory - so what is the / before the ../header.php mean? When including scripts or pages, i find that if I am referencing to the current directory, just the filename or /filename works. If the reference is up a level, ../ works e.g. to reference root/images/ from root/authors = ../images/file.ext from root = /images/file.ext or images/file.ext I haven't needed to go to a deeper level yet. -- Phil Jourdan --- p...@ptahhotep.com http://www.ptahhotep.com http://www.chiccantine.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php ../../ means go up two directories from the current working directory that your file is in Thanks, I know that it's the dirname and the _FILE_ that were not clear but why would I want to complicate things when my original works fine and adding dirname(_FILE_) is just extra typing. Original: include (lib/header1.php); change: include dirname(_FILE_)./lib/header1.php; works, but what have I gained? Maybe my application is just not sophisticated enough... -- Phil Jourdan --- p...@ptahhotep.com http://www.ptahhotep.com http://www.chiccantine.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Full versus relative URLs
Paul M Foster wrote: On Wed, Feb 18, 2009 at 12:05:21PM -0500, PJ wrote: Stuart wrote: 2009/2/18 PJ af.gour...@videotron.ca: Stuart wrote: ?php include dirname(__FILE__)./../header.php; ? snip What confused me here is that often, in examples, there are all sorts of references to files and there seems to be no standard as to how to refer to them in non-scripts such as these e-mails. So, I thought that dirname(_FILE_) was a general reference to a directory name and a file... :-( I don't want to defend myself here, but I cannot be expected to know all functions and look up anything that might resemble a function... I still do not understand, and that is the keyword here, I am trying to understand things - what does /../header.php mean. I know the 2 dots mean a higher directory in Unix... but I understood that ../ would mean the root directory - so what is the / before the ../header.php mean? When including scripts or pages, i find that if I am referencing to the current directory, just the filename or /filename works. If the reference is up a level, ../ works e.g. to reference root/images/ from root/authors = ../images/file.ext from root = /images/file.ext or images/file.ext I haven't needed to go to a deeper level yet. Let's break it down: dirname(__FILE__) . /../header.php; __FILE__ is a constant that represents the filename of whatever file it's in. This filename includes the directory to the file. dirname() parses out just the directory for the filename passed as a parameter. The . is, of course, the concatenate parameter for PHP. So we're going to add on whatever comes after the directory for the file. /../header.php This one is a little trickier. We want a file called header.php, but it's in a directory just above where you are. In Unix/Linux (and therefore most internet servers), ../header.php represents a file called header.php in the directory just above where you are. Now, you'll notice that what's quoted is /../header.php, not ../header.php. There's a leading slash there. Why? That's because we're going to append it to a directory which has no leading slash. So if dirname(__FILE__) yields /var/www/includes, and you just add ../header.php to it, you'd get: /var/www/includes../header.php, not the file you want. The file you want is: /var/www/includes/../header.php. And in this case, header.php actually resides in /var/www (one directory up from /var/www/includes). Paul OK, great explanation... it's what I had been hoping for ... you're a great educator Thanks... In my case though, changing from Original: include (lib/header1.php); to: include dirname(_FILE_)./lib/header1.php; works, but what have I gained? -- Phil Jourdan --- p...@ptahhotep.com http://www.ptahhotep.com http://www.chiccantine.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Which file Included me?
Is there a function or variable that will tell me if a file has asked another file to include something much the same as $_SERVER['HTTP_REFERER'] works. I have a script that is included on every page of a site but also needs to include some javascript only if it's called from a certain URL. thanks, Ed -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Which file Included me?
On Wed, Feb 18, 2009 at 1:16 PM, Ed Curtis e_cur...@homes2see.com wrote: Is there a function or variable that will tell me if a file has asked another file to include something much the same as $_SERVER['HTTP_REFERER'] works. I have a script that is included on every page of a site but also needs to include some javascript only if it's called from a certain URL. thanks, Ed Maybe include_once() would help? Or require_once() ? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Execute EXE with variables
2009/2/13 Dan Shirah mrsqua...@gmail.com: Use the system() command, and enclose both your command and its parameters in a pair of single quotes, as: system('mycmd -a alfa -b bravo'); Paul -- Paul M. Foster Using both exec() and system() I am getting the error: Unable to fork This sounds to me like it is an restriction on the server that doesn't allow php to fork so it could start another process. Maybe you should ask your hoster if you are not allowed to do this. -- Currently developing a browsergame... http://www.p-game.de Trade - Expand - Fight Follow me at twitter! http://twitter.com/moortier -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Which file Included me?
Ed Curtis wrote: Is there a function or variable that will tell me if a file has asked another file to include something much the same as $_SERVER['HTTP_REFERER'] works. I have a script that is included on every page of a site but also needs to include some javascript only if it's called from a certain URL. thanks, Ed Are you looking for $_SERVER['PHP_SELF'] ? -- With warm regards, Sudheer. S Business: http://binaryvibes.co.in, Tech stuff: http://techchorus.net, Personal: http://sudheer.net -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Which file Included me?
On Wed, 2009-02-18 at 23:57 +0530, Sudheer wrote: Ed Curtis wrote: Is there a function or variable that will tell me if a file has asked another file to include something much the same as $_SERVER['HTTP_REFERER'] works. I have a script that is included on every page of a site but also needs to include some javascript only if it's called from a certain URL. thanks, Ed Are you looking for $_SERVER['PHP_SELF'] ? I'd use $_SERVER['REQUEST_URI'] :) Cheers, Rob. -- http://www.interjinn.com Application and Templating Framework for PHP -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Full versus relative URLs
Johnny wrote: Hi Thodoris, In my opinion, the best use is to include your file with relative urls, like : img src=/path/to/img.jpg / I believe that it best. Including the hostname use to cause a dns lookup in some browsers which made it slower but I don't believe that is the case anymore. Doing the full path relative to document root though means it does not break when you move the page in your hierarchy. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Which file Included me?
Ed Curtis wrote: Is there a function or variable that will tell me if a file has asked another file to include something much the same as $_SERVER['HTTP_REFERER'] works. I have a script that is included on every page of a site but also needs to include some javascript only if it's called from a certain URL. thanks, Ed $_SERVER['PHP_SELF'] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Which file Included me?
Ed Curtis wrote: Is there a function or variable that will tell me if a file has asked another file to include something much the same as $_SERVER['HTTP_REFERER'] works. I have a script that is included on every page of a site but also needs to include some javascript only if it's called from a certain URL. thanks, Ed http://www.gfx-depot.com/forum/-php-server-php-self-validation-t-1636.html explains a technique to validate the input as well (don't trust that is clean) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Unique User Hashes
At 5:47 AM +0200 2/18/09, Ian wrote: Anyone had to deal with this in the past and does anyone have any suggestions/ideas as to how I could better this setup? Many thanks in advance, Ian Ian: As other people have said, using IP's are not really a good solution. If it was me, I would ask the user to submit their email address. Then my script would send them an email with a token for them to click. After they do that, they would be returned to my script and their email address would be confirmed. With a confirmed email address, they can vote -- they get only one vote per email address. Granted this is an involved method, but email addresses are unique and thus ensures one vote per email address. Now, this does not stop someone from getting several email address and voting several times, but it does slow down mass voting and you have a record of who voted. If you want to see how this works, try posting a comment on my web site under any of the web tips (http://sperling.com). Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Execute EXE with variables
Yannick Mortier wrote: 2009/2/13 Dan Shirah mrsqua...@gmail.com: Using both exec() and system() I am getting the error: Unable to fork This sounds to me like it is an restriction on the server that doesn't allow php to fork so it could start another process. Maybe you should ask your hoster if you are not allowed to do this. LOL - reminds me of a host I used that did not allow php to call exec() So what I did was put the command into a database and had cron once a minute pop the database and run any commands it had in it. After a week I got an e-mail notifying me my cron privileges had been revoked. So I went to a different host. I don't remember what it was I was doing, but I do remember I later found a php module that allowed me to do it all in pure php (something image processing related). -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Which file Included me?
Michael A. Peters wrote: Ed Curtis wrote: Is there a function or variable that will tell me if a file has asked another file to include something much the same as $_SERVER['HTTP_REFERER'] works. I have a script that is included on every page of a site but also needs to include some javascript only if it's called from a certain URL. thanks, Ed $_SERVER['PHP_SELF'] As Rob pointed out, $_SERVER['REQUEST_URI'] will give you the URI whereas $_SERVER['PHP_SELF'] will only give the path and script name. For: http://localhost/www/test.php?var=val $_SERVER['PHP_SELF'] = /www/test.php $_SERVER['REQUEST_URI'] = /www/test.php?var=val -- Thanks! -Shawn http://www.spidean.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Unique User Hashes
On Wed, Feb 18, 2009 at 1:41 PM, tedd tedd.sperl...@gmail.com wrote: At 5:47 AM +0200 2/18/09, Ian wrote: Anyone had to deal with this in the past and does anyone have any suggestions/ideas as to how I could better this setup? Many thanks in advance, Ian Ian: As other people have said, using IP's are not really a good solution. If it was me, I would ask the user to submit their email address. Then my script would send them an email with a token for them to click. After they do that, they would be returned to my script and their email address would be confirmed. With a confirmed email address, they can vote -- they get only one vote per email address. Granted this is an involved method, but email addresses are unique and thus ensures one vote per email address. E-mail addresses are (somewhat unique -- not getting into aliases, forwards, and such) e-mail delivery points, they are not a unique index of PEOPLE. You point out below that a single person can have multiple addresses. I also know several families where the entire family shares one address. Now, this does not stop someone from getting several email address and voting several times, but it does slow down mass voting and you have a record of who voted. If you want to see how this works, try posting a comment on my web site under any of the web tips (http://sperling.com). Cheers, tedd -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Which file Included me?
Robert Cummings wrote: On Wed, 2009-02-18 at 23:57 +0530, Sudheer wrote: Ed Curtis wrote: Is there a function or variable that will tell me if a file has asked another file to include something much the same as $_SERVER['HTTP_REFERER'] works. I have a script that is included on every page of a site but also needs to include some javascript only if it's called from a certain URL. thanks, Ed Are you looking for $_SERVER['PHP_SELF'] ? I'd use $_SERVER['REQUEST_URI'] :) Cheers, Rob. Hi Ed Curtis, Just do var_dump($_SERVER) ; and see which array key to use. REQUEST_URI gives you the request parameters as well, whereas PHP_SELF gives you the script name only. -- With warm regards, Sudheer. S Business: http://binaryvibes.co.in, Tech stuff: http://techchorus.net, Personal: http://sudheer.net -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Memcache and session management
Hello every body, I am a french student, I am using memcache to manage sessions by the handler, but sometimes I want to manage their from PHP; for example, for incrementing one or two variables of an other session, I want to know how I can update an other session, if I know its name ? Thank you in advance _ Téléphonez gratuitement à tous vos proches avec Windows Live Messenger ! Téléchargez-le maintenant ! http://www.windowslive.fr/messenger/1.asp
Re: [PHP] Which file Included me?
http://www.gfx-depot.com/forum/-php-server-php-self-validation-t-1636.html explains a technique to validate the input as well (don't trust that is clean) I do not understand the exploit. How is he spoofing any $_SERVER variables? The attack description doesn't make sense. -- Dotan Cohen http://what-is-what.com http://gibberish.co.il א-ב-ג-ד-ה-ו-ז-ח-ט-י-ך-כ-ל-ם-מ-ן-נ-ס-ע-ף-פ-ץ-צ-ק-ר-ש-ת ا-ب-ت-ث-ج-ح-خ-د-ذ-ر-ز-س-ش-ص-ض-ط-ظ-ع-غ-ف-ق-ك-ل-م-ن-ه-و-ي А-Б-В-Г-Д-Е-Ё-Ж-З-И-Й-К-Л-М-Н-О-П-Р-С-Т-У-Ф-Х-Ц-Ч-Ш-Щ-Ъ-Ы-Ь-Э-Ю-Я а-б-в-г-д-е-ё-ж-з-и-й-к-л-м-н-о-п-р-с-т-у-ф-х-ц-ч-ш-щ-ъ-ы-ь-э-ю-я ä-ö-ü-ß-Ä-Ö-Ü
Re: [PHP] Unique User Hashes
At 1:54 PM -0500 2/18/09, Andrew Ballard wrote: On Wed, Feb 18, 2009 at 1:41 PM, tedd tedd.sperl...@gmail.com wrote: Granted this is an involved method, but email addresses are unique and thus ensures one vote per email address. E-mail addresses are (somewhat unique -- not getting into aliases, forwards, and such) e-mail delivery points, they are not a unique index of PEOPLE. You point out below that a single person can have multiple addresses. I also know several families where the entire family shares one address. No -- email addresses are unique. Don't confuse the issue by looking at how many people can use a single email address, but rather that each email address IS unique that many people can use. Keep in mind that on the right side of the @ is the domain name, which is absolutely unique -- and on the left side of the @ only one mail box per specific string is allowed. While I can have t...@sperling.com and t...@sperling dump into one account, there is still only one account. The process has to be that way or this email thing would not work. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Unique User Hashes
On Wed, Feb 18, 2009 at 3:43 PM, tedd tedd.sperl...@gmail.com wrote: At 1:54 PM -0500 2/18/09, Andrew Ballard wrote: On Wed, Feb 18, 2009 at 1:41 PM, tedd tedd.sperl...@gmail.com wrote: Granted this is an involved method, but email addresses are unique and thus ensures one vote per email address. E-mail addresses are (somewhat unique -- not getting into aliases, forwards, and such) e-mail delivery points, they are not a unique index of PEOPLE. You point out below that a single person can have multiple addresses. I also know several families where the entire family shares one address. No -- email addresses are unique. Don't confuse the issue by looking at how many people can use a single email address, but rather that each email address IS unique that many people can use. Keep in mind that on the right side of the @ is the domain name, which is absolutely unique -- and on the left side of the @ only one mail box per specific string is allowed. While I can have t...@sperling.com and t...@sperling dump into one account, there is still only one account. The process has to be that way or this email thing would not work. Cheers, tedd You're missing my point. Yes, e-mail addresses are unique delivery points. They can not, however, uniquely identify one and only one person -- which is what one would need in the OP's situation. Andrew -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Unique User Hashes
On Wed, 2009-02-18 at 15:54 -0500, Andrew Ballard wrote: On Wed, Feb 18, 2009 at 3:43 PM, tedd tedd.sperl...@gmail.com wrote: At 1:54 PM -0500 2/18/09, Andrew Ballard wrote: On Wed, Feb 18, 2009 at 1:41 PM, tedd tedd.sperl...@gmail.com wrote: Granted this is an involved method, but email addresses are unique and thus ensures one vote per email address. E-mail addresses are (somewhat unique -- not getting into aliases, forwards, and such) e-mail delivery points, they are not a unique index of PEOPLE. You point out below that a single person can have multiple addresses. I also know several families where the entire family shares one address. No -- email addresses are unique. Don't confuse the issue by looking at how many people can use a single email address, but rather that each email address IS unique that many people can use. Keep in mind that on the right side of the @ is the domain name, which is absolutely unique -- and on the left side of the @ only one mail box per specific string is allowed. While I can have t...@sperling.com and t...@sperling dump into one account, there is still only one account. The process has to be that way or this email thing would not work. Cheers, tedd You're missing my point. Yes, e-mail addresses are unique delivery points. They can not, however, uniquely identify one and only one person -- which is what one would need in the OP's situation. Andrew No, but it is as close as you'll get to uniquely identifying a person. If worse comes to worse, you could limit by an amalgamation of data. So if several votes all come from the same IP, but they are spread over a large enough timespan, then they are probably genuine. If the same number of votes all came through within a few seconds, this is probably a bit more suspect. Likewise, a family might all decide to vote within minutes of each other, but they are generally going tp use the same browser. If you see lots of votes come through from different browsers on the same IP within a short space of time, it would more than likely be suspect, i.e. people trying to get around what they would presume any such identifier might look for. At the end of the day I think it's a fine line between accuracy and complexity, with your own time being somewhere between the extremes of both. Ash www.ashleysheridan.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Unique User Hashes
At 3:54 PM -0500 2/18/09, Andrew Ballard wrote: You're missing my point. Yes, e-mail addresses are unique delivery points. They can not, however, uniquely identify one and only one person -- which is what one would need in the OP's situation. Andrew Andrew: No -- I did not miss you point, your point is obvious. I simply said that if it were me, this is what I would do. I also added that my method ensures one vote per email address. I did not say that an email address ensures one person. I am sure we both agree. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] function array problem
On Wed, 2009-02-18 at 10:21 -0600, Shawn McKenzie wrote: Thodoris wrote: I've had a bit of a problem with a function I'm using for a form. Essentially, the function looks like this: function addEvent($values = Array('name' = '', 'venue' = '', 'description' = '', 'errors' = Array())) { // code here displays the form } The function is used to both display an empty form, and the form populated with values again should there be any validation errors. Now this works fine when the form has been filled out and there are errors present, as I can call the function with the correct array values. However, when I call the function with no arguments (intending the function to populate the $values array itself) all it does is present me with an empty array. A print_r($values) just returns Array( ), no key values defined. I altered the function to this: function addEvent($values = Array()) { if(count($values) == 0) { $values = Array('name' = '', 'venue' = '', 'description' = '', 'errors' = Array()); } // code here displays the form } then all works as intended. Question is, am I being dense, or is there a reason why this shouldn't work? Ash www.ashleysheridan.co.uk While reading this thread I've noticed that you all use venue in the index of the parameter array. Is this intended or you actually mean value? You may want to consider these functions: |func_get_args ||func_get_arg| |func_num_args| to make the functions input more loose and have it accept multiple formats as needed like one dimensional, two dimensional or simple parameters the same time. I'm not sure what the OP meant, but venue is a location, for example the location of a Metallica concert or the location of a court proceeding. Latin venire (to come) -- Thanks! -Shawn http://www.spidean.com Yes it was intended, as the queries all relate to an event-based CMS I'm putting together. Ash www.ashleysheridan.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] shell_exec - asynchronous would be cool!
Hi all, A while ago, i had a problem with shell_exec: I was writing some code to execute imagemagick to convert a bunch of images. This could take ages to execute and the page therefore ages to load. The solution was to get a linux box and append a at the end to do it in the background or make a ajax call to a page that does it in batches. The problem was really that i had to write a file that is then checked against to know when it was finished... Not very pretty. Anyway, would it be possible to make a new shell_exec_async function in php that just starts the process, puts it to the background and calls a callback function or another script with parameters when it finishes? I guess a callback function is not really going to work because the page needs to finish execution. It should be possible with PHP forking though. Anyway, just an idea. Regards, Tim Tim-Hinnerk Heuer http://www.ihostnz.com Emo Philips - I was the kid next door's imaginary friend.
Re: [PHP] Which file Included me?
Dotan Cohen wrote: http://www.gfx-depot.com/forum/-php-server-php-self-validation-t-1636.html explains a technique to validate the input as well (don't trust that is clean) I do not understand the exploit. How is he spoofing any $_SERVER variables? The attack description doesn't make sense. Did you actually try his example? Some browsers may have some client side protection and not execute it. I believe suhosin protects against it server side. NoScript would block it, even if you had scripts enabled globally. html headtitlefoo/title/head body form method=post action=?php echo $_SERVER['PHP_SELF']; ? input type=submit value=submit / /form /body /html Put that on a server w/o suhosin, turn off NoScript, and try it. If it doesn't work with current firefox - try with an older version of IE. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] shell_exec - asynchronous would be cool!
On Thu, 2009-02-19 at 10:30 +1300, German Geek wrote: Hi all, A while ago, i had a problem with shell_exec: I was writing some code to execute imagemagick to convert a bunch of images. This could take ages to execute and the page therefore ages to load. The solution was to get a linux box and append a at the end to do it in the background or make a ajax call to a page that does it in batches. The problem was really that i had to write a file that is then checked against to know when it was finished... Not very pretty. Anyway, would it be possible to make a new shell_exec_async function in php that just starts the process, puts it to the background and calls a callback function or another script with parameters when it finishes? I guess a callback function is not really going to work because the page needs to finish execution. It should be possible with PHP forking though. Anyway, just an idea. Regards, Tim Tim-Hinnerk Heuer http://www.ihostnz.com Emo Philips - I was the kid next door's imaginary friend. What about calling a shell script with the exec call, and as the last instruction (or continually throughout its execution) it can update a database entry. Your PHP code can then look to see if said entry either exists or is in the right state. It should be faster and prettier than writing a file. Ash www.ashleysheridan.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Which file Included me?
Dotan Cohen wrote: http://www.gfx-depot.com/forum/-php-server-php-self-validation-t-1636.html explains a technique to validate the input as well (don't trust that is clean) I do not understand the exploit. How is he spoofing any $_SERVER variables? The attack description doesn't make sense. Well, when you visit that page, $_SERVER['PHP_SELF'] is set to the value of his URL: form.php/%22%3E%3Cscript%3Ealert(’XSS attack!’)%3C/script%3E%3Cbr The page then echos out $_SERVER['PHP_SELF'] which when those urlencoded characters are decoded, they become the script action that you see. test it for yourself. Note, if you copy paste the code, then the delimiters around XSS attack! are actually apostrophes so it doesn't work, but if you change them to single quotes it works as advertised, except there is a wayward in the br as br. This doesn't keep the script from executing though. I prefer valid markup in my exploits, so I use: form.php/%22%3E%3Cscript%3Ealert('XSS attack!')%3C/script%3E%3Chr class=%22nothing -- Thanks! -Shawn http://www.spidean.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Which file Included me?
Michael A. Peters wrote: Dotan Cohen wrote: http://www.gfx-depot.com/forum/-php-server-php-self-validation-t-1636.html explains a technique to validate the input as well (don't trust that is clean) I do not understand the exploit. How is he spoofing any $_SERVER variables? The attack description doesn't make sense. Did you actually try his example? Some browsers may have some client side protection and not execute it. I believe suhosin protects against it server side. NoScript would block it, even if you had scripts enabled globally. html headtitlefoo/title/head body form method=post action=?php echo $_SERVER['PHP_SELF']; ? input type=submit value=submit / /form /body /html Put that on a server w/o suhosin, turn off NoScript, and try it. If it doesn't work with current firefox - try with an older version of IE. Works for me with Firefox 3.0.6, Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.5 with Suhosin-Patch 0.9.6.2. -- Thanks! -Shawn http://www.spidean.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Which file Included me?
Did you actually try his example? No, I could not understand it. Now I see why: 1) Where would the experienced hacker enter the attack? Now I see that it is the URL of the attacked site. That was not clear, I though that it was being entered into some form element that I did not see in the code. 2) I thought that yoursite.com is the attacked site, and mysite.com is the attacking site. Now I see that the author just messed up and they both should have been yoursite.com. Why not just use SCRIPT_NAME then? It doesn't contain the path variables. -- Dotan Cohen http://what-is-what.com http://gibberish.co.il א-ב-ג-ד-ה-ו-ז-ח-ט-י-ך-כ-ל-ם-מ-ן-נ-ס-ע-ף-פ-ץ-צ-ק-ר-ש-ת ا-ب-ت-ث-ج-ح-خ-د-ذ-ر-ز-س-ش-ص-ض-ط-ظ-ع-غ-ف-ق-ك-ل-م-ن-ه-و-ي А-Б-В-Г-Д-Е-Ё-Ж-З-И-Й-К-Л-М-Н-О-П-Р-С-Т-У-Ф-Х-Ц-Ч-Ш-Щ-Ъ-Ы-Ь-Э-Ю-Я а-б-в-г-д-е-ё-ж-з-и-й-к-л-м-н-о-п-р-с-т-у-ф-х-ц-ч-ш-щ-ъ-ы-ь-э-ю-я ä-ö-ü-ß-Ä-Ö-Ü
[PHP] Secure File Paths, File System
Hello PHPers, I am quite ignorant about file system security. I was hoping you all could help me understand things. How does one restrict php script from going (reading, writing) files in the file system? As I see it, a php programmer could change the include_path, with ini_set(), use ../ etc..., and browse all the files on the server to which the php engine has access. This would clearly not be acceptable to a web host company, so how do most hosts restrict this kind of behaviour? Now, suppose i only have php access to my 'files' as defined by my host somehow. (again, my first part of the question is how do they do this?). Is it possible for me to further restrict this file accessibility for different sub-folders? Let me provide an example folder hierarchy and user scenario. Suppose there are two php programmers (me and you). I want full access, but I want to restrict you to your subdomain (subdomain2). +AllUsers (me and you) +Domain1 ++Subdomain1 (me only) ++Subdomain2 (me and you) ++SharedDomain (me and you) +ServerFile1 (me only) +ServerFile2 (me only) +SecretFile (no user) Thanks for helping understand how to restrict/limit different php programmers from going into places I'd rather them not go. dK
Re: [PHP] shell_exec - asynchronous would be cool!
Yes, believe it or not, when i was writing this, i thought about a db soln as well. Just hadnt done it that way back then. I guess with Linux one could do something like: shell_exec('{longexecutingprogram -with -params; mysql -uuser -ppass database query; } '); Surely it should be possible in windows as well somehow. Does anyone know how (easily)? I mean i could write a win32 executable that could do it but that might be overkill. But still you have to continuously check the database if the value is the expected which seems kind of unelegant. Or, you could call a php script at the end like so: shell_exec('{longexecutingprogram -with -params; php myscript.php with params; } '); In myscript.php you could have something like: ?php // send request back to user whos ip and headers would have to be saved and sent. ? Would this work? Maybe one could write a library for that directly in php... So you could actually have a exec_async function without having to write a php module or something like that. I would be interested in writing a php module at some point anyway though. I know c(++), so it should be doable. Is it possible to retrieve the session variables of a user in php cli? Regards, Tim Tim-Hinnerk Heuer http://www.ihostnz.com George Burns - I would go out with women my age, but there are no women my age. 2009/2/19 Ashley Sheridan a...@ashleysheridan.co.uk On Thu, 2009-02-19 at 10:30 +1300, German Geek wrote: Hi all, A while ago, i had a problem with shell_exec: I was writing some code to execute imagemagick to convert a bunch of images. This could take ages to execute and the page therefore ages to load. The solution was to get a linux box and append a at the end to do it in the background or make a ajax call to a page that does it in batches. The problem was really that i had to write a file that is then checked against to know when it was finished... Not very pretty. Anyway, would it be possible to make a new shell_exec_async function in php that just starts the process, puts it to the background and calls a callback function or another script with parameters when it finishes? I guess a callback function is not really going to work because the page needs to finish execution. It should be possible with PHP forking though. Anyway, just an idea. Regards, Tim Tim-Hinnerk Heuer http://www.ihostnz.com Emo Philips - I was the kid next door's imaginary friend. What about calling a shell script with the exec call, and as the last instruction (or continually throughout its execution) it can update a database entry. Your PHP code can then look to see if said entry either exists or is in the right state. It should be faster and prettier than writing a file. Ash www.ashleysheridan.co.uk
Re: [PHP] Full versus relative URLs
2009/2/18 PJ af.gour...@videotron.ca: Paul M Foster wrote: On Wed, Feb 18, 2009 at 12:05:21PM -0500, PJ wrote: Stuart wrote: 2009/2/18 PJ af.gour...@videotron.ca: Stuart wrote: ?php include dirname(__FILE__)./../header.php; ? snip What confused me here is that often, in examples, there are all sorts of references to files and there seems to be no standard as to how to refer to them in non-scripts such as these e-mails. So, I thought that dirname(_FILE_) was a general reference to a directory name and a file... :-( I don't want to defend myself here, but I cannot be expected to know all functions and look up anything that might resemble a function... I still do not understand, and that is the keyword here, I am trying to understand things - what does /../header.php mean. I know the 2 dots mean a higher directory in Unix... but I understood that ../ would mean the root directory - so what is the / before the ../header.php mean? When including scripts or pages, i find that if I am referencing to the current directory, just the filename or /filename works. If the reference is up a level, ../ works e.g. to reference root/images/ from root/authors = ../images/file.ext from root = /images/file.ext or images/file.ext I haven't needed to go to a deeper level yet. Let's break it down: dirname(__FILE__) . /../header.php; __FILE__ is a constant that represents the filename of whatever file it's in. This filename includes the directory to the file. dirname() parses out just the directory for the filename passed as a parameter. The . is, of course, the concatenate parameter for PHP. So we're going to add on whatever comes after the directory for the file. /../header.php This one is a little trickier. We want a file called header.php, but it's in a directory just above where you are. In Unix/Linux (and therefore most internet servers), ../header.php represents a file called header.php in the directory just above where you are. Now, you'll notice that what's quoted is /../header.php, not ../header.php. There's a leading slash there. Why? That's because we're going to append it to a directory which has no leading slash. So if dirname(__FILE__) yields /var/www/includes, and you just add ../header.php to it, you'd get: /var/www/includes../header.php, not the file you want. The file you want is: /var/www/includes/../header.php. And in this case, header.php actually resides in /var/www (one directory up from /var/www/includes). Paul OK, great explanation... it's what I had been hoping for ... you're a great educator Thanks... I agree that Paul's explanation was good, and I apologise for not doing a better job of explaining it, but it would have taken you 30 seconds to break apart the line I posted and echo out each element which would have told you exactly what was happening. Teach a man to fish... For future reference, any token in PHP followed by a ( will be a function name. And if the token starts with a $ it's a function name in a variable. In my case though, changing from Original: include (lib/header1.php); to: include dirname(_FILE_)./lib/header1.php; works, but what have I gained? You have gained the ability to not care about INI settings. Your original requires the current directory (.) to be specified as one of the paths in include_path. In my experience you can never be too specific or configuration-independent whether you think you're likely to change server or not. -Stuart -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] shell_exec - asynchronous would be cool!
On Thu, 2009-02-19 at 11:15 +1300, German Geek wrote: Yes, believe it or not, when i was writing this, i thought about a db soln as well. Just hadnt done it that way back then. I guess with Linux one could do something like: shell_exec('{longexecutingprogram -with -params; mysql -uuser -ppass database query; } '); Surely it should be possible in windows as well somehow. Does anyone know how (easily)? I mean i could write a win32 executable that could do it but that might be overkill. But still you have to continuously check the database if the value is the expected which seems kind of unelegant. Or, you could call a php script at the end like so: shell_exec('{longexecutingprogram -with -params; php myscript.php with params; } '); In myscript.php you could have something like: ?php // send request back to user whos ip and headers would have to be saved and sent. ? Would this work? Maybe one could write a library for that directly in php... So you could actually have a exec_async function without having to write a php module or something like that. I would be interested in writing a php module at some point anyway though. I know c(++), so it should be doable. Is it possible to retrieve the session variables of a user in php cli? Regards, Tim Tim-Hinnerk Heuer http://www.ihostnz.com George Burns - I would go out with women my age, but there are no women my age. 2009/2/19 Ashley Sheridan a...@ashleysheridan.co.uk On Thu, 2009-02-19 at 10:30 +1300, German Geek wrote: Hi all, A while ago, i had a problem with shell_exec: I was writing some code to execute imagemagick to convert a bunch of images. This could take ages to execute and the page therefore ages to load. The solution was to get a linux box and append a at the end to do it in the background or make a ajax call to a page that does it in batches. The problem was really that i had to write a file that is then checked against to know when it was finished... Not very pretty. Anyway, would it be possible to make a new shell_exec_async function in php that just starts the process, puts it to the background and calls a callback function or another script with parameters when it finishes? I guess a callback function is not really going to work because the page needs to finish execution. It should be possible with PHP forking though. Anyway, just an idea. Regards, Tim Tim-Hinnerk Heuer http://www.ihostnz.com Emo Philips - I was the kid next door's imaginary friend. What about calling a shell script with the exec call, and as the last instruction (or continually throughout its execution) it can update a database entry. Your PHP code can then look to see if said entry either exists or is in the right state. It should be faster and prettier than writing a file. Ash www.ashleysheridan.co.uk I think the only way to do that would be to have a (don't know the Windows terminology) daemon sitting on the system just continually checking against the db/file and then it can make a call to the PHP. If your site has a high volume of traffic, and extra DB call every now and again won't hurt it too much. I use this for sites sometimes where I just need something done once a day. Ash www.ashleysheridan.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Unique User Hashes
On Wed, Feb 18, 2009 at 4:07 PM, tedd tedd.sperl...@gmail.com wrote: At 3:54 PM -0500 2/18/09, Andrew Ballard wrote: You're missing my point. Yes, e-mail addresses are unique delivery points. They can not, however, uniquely identify one and only one person -- which is what one would need in the OP's situation. Andrew Andrew: No -- I did not miss you point, your point is obvious. I simply said that if it were me, this is what I would do. I also added that my method ensures one vote per email address. I did not say that an email address ensures one person. I am sure we both agree. Cheers, tedd It all depends on the domain of the problem in which one is working. I agree that you could restrict it to one vote per e-mail address. Obviously, I can't speak for the OP. I've worked with applications where e-mail addresses were limited to a single domain and every user had one, and in those cases the e-mail address made an excellent key. I have also worked in situations where the correlation between people and e-mail addresses was n:m rather than 1:1 or even 1:m. In those cases, the e-mail address was totally unusable as any kind of key. Then there is a broader scope where one decides that, given the lack of a better solution, the overall population is broad enough to tolerate the imperfections since there is no better solution. To go back to what I said in my first reply on this thread, I consider that more about polling and statistics than voting. I'll be happy to let it go at that, though, since we all appear to be in agreement that there is no magic solution; only those that are close enough for government work. :-) Andrew -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: shell_exec - asynchronous would be cool!
German Geek napsal(a): Hi all, A while ago, i had a problem with shell_exec: I was writing some code to execute imagemagick to convert a bunch of images. This could take ages to execute and the page therefore ages to load. The solution was to get a linux box and append a at the end to do it in the background or make a ajax call to a page that does it in batches. The problem was really that i had to write a file that is then checked against to know when it was finished... Not very pretty. Anyway, would it be possible to make a new shell_exec_async function in php that just starts the process, puts it to the background and calls a callback function or another script with parameters when it finishes? I guess a callback function is not really going to work because the page needs to finish execution. It should be possible with PHP forking though. Anyway, just an idea. Regards, Tim Tim-Hinnerk Heuer http://www.ihostnz.com Emo Philips - I was the kid next door's imaginary friend. I would exec a script on linux (= multi-thread). That script would do anything what is needed (imagemagick) and then check if there are any processes running on the same session. If NOT than it would call (could be HTTP request also) a PHP script on the windows server. What's the deal? Martin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How should I ....--its a date/timestamp issue
What are your suggestions folks on how to go about setting a date on a form so that a user can not set a start date prior to the current days date? I've been looking around php.net but is it a javascript thing in the validation I should be dealing with, basically as it is I have a form and a user can select a start date, but they should not be able to select a date that is past, currently the start date form is a drop down (a very long drop down) I would like to use one of those nifty calendar popups but am not sure (aka..wasn't able to figure out) how to send the date to the db fields as they are... guidance on this would be great ..how would you do it? thanks guys and gals Terion Broadly, you're either going to have to limit their choices going in to the form (limit the choices in the drop-down box), or validate it afterwards and generate an error message if it's wrong. I've never seen one of those calendar gizmos that wasn't Javascript, except maybe for Ashley's (mentioned in another thread). And even at that, a PHP one won't be selectable the way you want unless you put radio buttons next to all the dates. And after all that, you'd still have to do some pre-processing of it to limit selections to current date and later. Paul -- Paul M. Foster What about just accepting any date in to the system, and defaulting to the current date if any numptys/users try to set one before? Do something maybe like this (untested) $userDate = strtotime($_REQUEST['date']); $startDate = ($userDate time())?time():$userDate; From there, you can use the timestamp how you wish. OOH found it: $startday = mktime(0, 0, 0, date(m) , date(d)+2, date(Y)); Well no, guess I didn't find it because that code above gives me this 1235109600 What is that??
[PHP] Re: Secure File Paths, File System
Daniel Kolbo wrote: Hello PHPers, I am quite ignorant about file system security. I was hoping you all could help me understand things. How does one restrict php script from going (reading, writing) files in the file system? As I see it, a php programmer could change the include_path, with ini_set(), use ../ etc..., and browse all the files on the server to which the php engine has access. This would clearly not be acceptable to a web host company, so how do most hosts restrict this kind of behaviour? Now, suppose i only have php access to my 'files' as defined by my host somehow. (again, my first part of the question is how do they do this?). Is it possible for me to further restrict this file accessibility for different sub-folders? Let me provide an example folder hierarchy and user scenario. Suppose there are two php programmers (me and you). I want full access, but I want to restrict you to your subdomain (subdomain2). +AllUsers (me and you) +Domain1 ++Subdomain1 (me only) ++Subdomain2 (me and you) ++SharedDomain (me and you) +ServerFile1 (me only) +ServerFile2 (me only) +SecretFile (no user) Thanks for helping understand how to restrict/limit different php programmers from going into places I'd rather them not go. dK Two methods come to mind, chroot and just setting perms for specific dirs. -- Thanks! -Shawn http://www.spidean.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Unique User Hashes
Guys, I have not seen a poll where you need to input your email address - and if I would I would not vote - because it's a waste of my time... if you want me to vote you do everything you can to make it as pleasant as possible -- certainly that isn't requirement of an email validation. Andrew Ballard napsal(a): On Wed, Feb 18, 2009 at 4:07 PM, tedd tedd.sperl...@gmail.com wrote: At 3:54 PM -0500 2/18/09, Andrew Ballard wrote: You're missing my point. Yes, e-mail addresses are unique delivery points. They can not, however, uniquely identify one and only one person -- which is what one would need in the OP's situation. Andrew Andrew: No -- I did not miss you point, your point is obvious. I simply said that if it were me, this is what I would do. I also added that my method ensures one vote per email address. I did not say that an email address ensures one person. I am sure we both agree. Cheers, tedd It all depends on the domain of the problem in which one is working. I agree that you could restrict it to one vote per e-mail address. Obviously, I can't speak for the OP. I've worked with applications where e-mail addresses were limited to a single domain and every user had one, and in those cases the e-mail address made an excellent key. I have also worked in situations where the correlation between people and e-mail addresses was n:m rather than 1:1 or even 1:m. In those cases, the e-mail address was totally unusable as any kind of key. Then there is a broader scope where one decides that, given the lack of a better solution, the overall population is broad enough to tolerate the imperfections since there is no better solution. To go back to what I said in my first reply on this thread, I consider that more about polling and statistics than voting. I'll be happy to let it go at that, though, since we all appear to be in agreement that there is no magic solution; only those that are close enough for government work. :-) Andrew -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How should I ....--its a date/timestamp issue
On Wed, Feb 18, 2009 at 05:25:16PM -0600, Terion Miller wrote: snip What about just accepting any date in to the system, and defaulting to the current date if any numptys/users try to set one before? Do something maybe like this (untested) $userDate = strtotime($_REQUEST['date']); $startDate = ($userDate time())?time():$userDate; From there, you can use the timestamp how you wish. OOH found it: $startday = mktime(0, 0, 0, date(m) , date(d)+2, date(Y)); Well no, guess I didn't find it because that code above gives me this 1235109600 What is that?? It's a *nix timestamp number. Give it to date() this way: date('Y-m-d', $startday) And you'll see the date it represents. (It's actually the number of seconds since, the Unix epoch, in 1970.) Paul -- Paul M. Foster -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Free XML and WDL classes/scripts
Per Jessen wrote: Anton Heuschen wrote: What are some good php classes/scripts to work with: Parsing XML data/files. xpath() or xslt. /Per you'll do no finer than wso2 wsf/php for anything webservice related http://wso2.org/projects/wsf/php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Having trouble with a multidimensional array menu
I'm trying to build a multi-array menu (but open to using classes or something if that makes this easier). Does anyone have a solution already working? I'm very close, but I can't seem to get my directories to work and I end up with extraneous ul blocks. here's what I need to re-create: div class = portlet nav closed div class=headerh2Admin/h2/div div class=content ul class=navTree li class=directory collapseda href= class=toggleUsers/a ul class=navTree toggleClosed li class=file ext_txta href=operatorsRoles/a/li li class=file ext_txta href=operatorsReport/a/li /ul /li li class=directory collapseda href= class=toggleAircraft/a ul class=navTree toggleClosed li class=file ext_txta href=operatorsAdmin/a/li li class=file ext_txta href=operatorsSearch/a/li li class=file ext_txta href=operatorsAudit/a/li /ul /li li class=directory collapseda href= class=toggleData/a ul class=navTree toggleClosed li class=file ext_txta href=operatorsAirline/Aircraft/a/li li class=directory collapseda href= class=toggleFault Logs/a ul class=navTree toggleClosed li class=file ext_txta href=operatorsDaily/a/li li class=file ext_txta href=operatorsOne Day/a/li /ul /li li class=file ext_txta href=operatorsDuplicate Fault Log/a/li /ul /li li class=file ext_txta href=operatorsNews/a/li /ul /div /div Here's my array (basically): $navArray['admin'] = array ('alt' = 'Administration', 'title' = 'Administration', 'description' = 'Administration Tools and Links', 'headline' = true, 'users' = array ('alt' = 'Users', 'title' = 'Users', 'description' = 'Users', 'panasonic_only' = true), 'aircraft' = array ('alt' = 'Aircraft', 'title' = 'Aircraft', 'description' = 'Aircraft', 'panasonic_only' = true), 'logs' = array ('alt' = 'Fault Logs', 'title' = 'Fault Logs', 'description' = 'Fault Logs', 'panasonic_only' = true), 'airline' = array ('alt' = 'Airline/Aircraft', 'title' = 'Airline/Aircraft', 'description' = 'Airline/Aircraft', 'page' = 'X.php', 'panasonic_only' = true), 'news' = array ('alt' = 'News', 'title' = 'News', 'description' =
[PHP] PHP - user profile page with pic
Any ideas or tutorials on how to build a user profile page sort of like facebook? -Jeff -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP - user profile page with pic
The question can be equally rephrased as How an Atom bom/Spaceship be created? Answer depends on the level of knowledge you have on coding / developing sites. Woud you be using any framework? or would you use any readymade CMS? Or write everything from scratch? Question can also be generalized further like would php be your developing language? Or you'd develop your own new language out of the box. :) --- Use FreeOpenSourceSoftwares, Stop piracy, Let the developers live. Get a Free CD of Ubuntu mailed to your door without any cost. Visit : www.ubuntu.com -- On Thu, Feb 19, 2009 at 9:46 AM, jeffery harris jhar...@harris4interactive.com wrote: Any ideas or tutorials on how to build a user profile page sort of like facebook? -Jeff -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Having trouble with a multidimensional array menu
Daevid Vincent wrote: I'm trying to build a multi-array menu (but open to using classes or something if that makes this easier). Does anyone have a solution already working? I'm very close, but I can't seem to get my directories to work and I end up with extraneous ul blocks. here's what I need to re-create: Try this function instead. function multiArray2MenuTree( $menu, $indent = 0, $sub = false ) { if ( is_array($menu) count($menu) ) { print(str_repeat(\t,$indent).'ul class=navTree toggleClosed'); foreach ($menu as $key = $value) { //echo b$key/b = $valuebr/\n; if ( is_array($value) ) { print(str_repeat(\t,$indent+1). 'li id='.$key.' class=file ext_txta href='. $value['page'].''.$value['alt'].'/a'); multiArray2MenuTree($value, $indent+1, true); print(str_repeat(\t,$indent+1).'/li'); } elseif ($key == 'alt' !$sub) { print(str_repeat(\t,$indent+1).'li id='.$key. ' class=directory collapseda href=# class=toggle'.$value['alt'].'/a/li'); } else { print(str_repeat(\t,$indent+1).'li id='.$key. ' class=directory collapsedI did not match either if condition, you need to figure out why.../li'); } } print(str_repeat(\t,$indent).'/ul'); } } This might point out what is happening. Now, to fix it. Use this... function multiArray2MenuTree( $menu, $indent = 0, $sub = false ) { $output = ''; if ( is_array($menu) count($menu) ) { foreach ($menu as $key = $value) { if ( is_array($value) ) { $output .= str_repeat(\t,$indent).'li id='.$key. ' class=file ext_txta href='. $value['page'].''.$value['alt']./a; $output .= multiArray2MenuTree($value, $indent+1, true); $output .= /li\n; } elseif ($key == 'alt' !$sub) { $output .= str_repeat(\t,$indent).'li id='.$key. ' class=directory collapseda href=# class=toggle'.$value['alt']./a/li\n; } } if ( strlen($output) 0 ) { $output = PHP_EOL.str_repeat(\t,$indent). 'ul class=navTree toggleClosed'. PHP_EOL.$output.PHP_EOL. str_repeat(\t,$indent).'/ul'; } } return $output; } echo multiArray2MenuTree($navArray); Try the above and let us know how it worked. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Having trouble with a multidimensional array menu
Daevid Vincent wrote: I'm trying to build a multi-array menu (but open to using classes or something if that makes this easier). Does anyone have a solution already working? I'm very close, but I can't seem to get my directories to work and I end up with extraneous ul blocks. here's what I need to re-create: Also, just to point out, you have a duplicate ID tag in your code. Watch out with those. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Accessors
Hi all. Maybe I'm wanting more Java-like functionality out of PHP, but I don't really like getting and setting members directly (even for public members) - I'd rather use accessors. This way you can control what is getting set and what is returning. However, I also don't really want to create a million get/set accessor methods - this is no fun and takes up a lot of space. After reading around a little bit, it got me thinking about overloading in PHP (which I'm sure we all know is completely different than any other language... but that's another day). I didn't want to use the standard __get and __set methods because that still leaves me with the same notation for getting/ setting members. So, instead, I used a close relative of __get and __set. Meet brother __call. Could it really be this trivial to get the notation I'm wanting? Yes. Yes it is. Ok, enough talking... onto the code. ?php class Person { public $age; private $first, $middle, $last; // Gotta have our construct public function __construct () {} // Here's the fun public function __call ($member, $args) { // Since I know members I want, force the user to only // access the ones I've created if (property_exists ('Person', $member)) { // If args is empty, I must be returning the value if (empty ($args)) { list ($value) = $this-$member; return $value; } // Oh, args is not empty! Set the value $this-$member = $args; } else { // Blow up! die (Fatal Error: Call to undefined member: $member. Exiting...); } } } $person = new Person(); // Set the (private) first and last names $person-first('Billy'); $person-last('Bob'); // Get the (private) first and last names echo $person-first() . . $person-last().br/; // Set the (public) age $person-age(103); // Get the (public) age echo Age: .$person-age().br/; // Explosions $person-first = 'Buford'; $person-pizza('Is yummy'); ? Now if you're reading this and thinking Duh! then good for you. However, I know there's at least 1 soul on this list who may benefit from this. But don't stop at the example above. If you want to add validation to the members you're getting/setting, build that into your code. If you want each member to be a specific type, include that as well (I'll leave the implementation up to you). ;-) So let's recap. • This functionality allows me to not have to write 2 accessors for every member • This allows me to use methods instead of directly getting/setting members (even though I can still access public members directly... if I want) • Keeps code consistent and less confusing - I know how to get and set every member What are your thoughts? Does this seem like a reasonable implementation? Useful? Pointless? Hit me up - I can handle *constructive* criticism. But for now, it's late and past my bedtime. Cheers, ~Philip innerHTML is a string. The DOM is not a string, it's a hierarchal object structure. Shoving a string into an object is impure and similar to wrapping a spaghetti noodle around an orange and calling it lunch. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php