Re: [PHP] [site is acting strange] - blank pages, download index.php, or works fine
Well if anyone cares to know what this problem was. We have no idea. We duplicated the sites templates, docroot, site is still using same shared plugins it was before, javascript, etc... The only thing that is different is that it is on a new doc root and new subdomain, members2.myhomegrown.com instead of just members. The only thing that is different is we disabled Proxy Pass however, we tried disabling this on the problem site and it did nothing to fix the issue. Anyhow from just simply duplicating the site, our errors seem to have gone away. Thanks for your help Thanks, T On Wed, Aug 4, 2010 at 3:31 PM, Tristan wrote: > The sites are all on the same server. LAMP. no load balancing or anything > really fancy for that matter. > > Looking a little closer, here's an error that we uncovered being thrown by > apache > > "As we have discussed, I have investigated this further and spoke with your > host. It appears that when the error page appears, the following error > appears in your apache/php error logs: > > Broken pipe: core_output_filter: writing data to the network > > Which would be causing empty responses (the error being seen in chrome). > Since this appears to be a server side issue, your host is investigating > this further. If your host needs us to take some further action in regards > to this issue, please let us know." > > This site has adult content on it btw. Like I said sometimes we won't see > the prob for hrs and sometimes its every other page load. > > members.myhomegrown.com > tmm / phpuser > > > Thanks, T > > > > On Fri, Jul 30, 2010 at 6:51 PM, David Hutto wrote: > >> On Fri, Jul 30, 2010 at 8:50 PM, David Hutto >> wrote: >> > On Fri, Jul 30, 2010 at 8:49 PM, David Hutto >> wrote: >> >> On Fri, Jul 30, 2010 at 2:50 PM, Ashley Sheridan >> >> wrote: >> >>> On Fri, 2010-07-30 at 13:38 -0400, Adam Richardson wrote: >> >>> >> On Fri, Jul 30, 2010 at 11:35 AM, Bill Guion >> wrote: >> >> > At 6:45 PM -0600 7/29/10, Tristan wrote: >> > >> > Yeah like i said site works 95% of the time when navigating. >> PHP5.2, Mysql >> >> 5. The site is completely dynamic so it wouldn't work at all if >> that was >> >> the >> >> case of it not being installed right. >> >> >> >> so the other 5% of the time is blank pages and download index.php >> files. >> >> In >> >> Firefox when you get a blank page, if you click view source it >> will show >> >> all >> >> the code that should be there but, I can't tell if it's requesting >> the >> >> page >> >> again when you do that. It never fails 2 times in a row. A refresh >> will >> >> always fix it. When you look in firebug there is no html so it >> leads me to >> >> believe FF may be doing just that...going for a second request >> instead of >> >> viewing currently opened source? In IE8 I would get something like >> >> >> >> diagnose problem button >> >> >> >> more information drop down with >> >> >> >> this problem can be caused by a variety of issues..this is a >> completely >> >> typical M$ error with no valid help >> >> >> >> >> >> >> >> chrome same thing with >> >> >> >> web page cannot be displayed >> >> >> >> more information etc... >> >> >> >> >> >> >> >> >> >> >> >> On Thu, Jul 29, 2010 at 6:36 PM, David McGlone < >> da...@dmcentral.net> >> >> wrote: >> >> >> >> On Thu, 2010-07-29 at 18:11 -0600, Tristan wrote: >> >>> > I have the strangest issue with my host. They can't figure it >> out and >> >>> I'm >> >>> > completely perplexed. We have other sites running on the >> server just >> >>> fine. >> >>> > However, this new site is acting very weird. Sometimes we get >> blank >> >>> pages, >> >>> > sometimes we get a blank page and then a dialog pops up asking >> if we >> >>> want >> >>> to >> >>> > download index.php, and then sometimes the site is working >> fine. Any >> >>> ideas >> >>> > on this? >> >>> > >> >>> > I'm at ends. Appreciate any advice. For authentication we are >> using >> >>> mysql >> >>> > auth module in apache/linux and proxy pass. We removed proxy >> pass to >> >>> see >> >>> if >> >>> > that was it but, it wasn't. its a members.domain.comsubdomain if >> >>> that >> >>> > helps. >> >>> >> >>> Do you have php-mysql installed? >> >>> >> >>> >> >>> -- >> >>> Blessings, >> >>> David M. >> >>> >> >>> >> >>> >> > Does the page validate at http://jigsaw.w3.org/css-validator/? >> > >> > -= Bill =- >> > -- >> > >> > Don't find fault. Find a remedy. - Henry Ford >> > >> > >> > >> > -- >> > PHP General Mailing List (http://www.php.net/) >> > To unsubscribe, visit: http://www.
Re: [PHP] Encryption/Decryption Question
>From my experience, I'd have to say that it would be a real tough go to crack that. If there was a weak point in the scheme is that your end result pattern ( the ssn ) is defined with a pair of constants, the hyphens. In our scheme we remove the dashes and just provide a mask for display. We also keep a unique key with each ssn, the record number for extra security. Where to keep it is tougher, OWASP suggests that the keys be stored on another non web facing server, with a locked down filesystem. That would be best if you have the hardware available. One other option here is to load the keys into ram on server start up and never have them physically on the machine. Bastien On 8/11/10, tedd wrote: > Hi gang: > > Okay, a question to the Encryption/Decryption gurus out there. > > If you were given: > > 1. This encrypted string: > > p3IVhDBT26i+p4vd7J4fAw== > > 2. Were told it was a social security number (i.e., in the form of > 123-45-6789). > > 3. And it had been generated from this code: > > $cipher = mcrypt_module_open(MCRYPT_TRIPLEDES,'','cbc',''); > mcrypt_generic_init($cipher, $key1, $key2); > $encrypted = mcrypt_generic($cipher,$social_security_number); > > 4. Where $key1 and $key2 are md5() values calculated from two > different security phrases. > > 5. Where each security phrase contains multiple non-English words. > > What would it take for you to break the encrypted string and decipher > the social security number? Can it be done? If so, how long? > > And lastly, where would the "best" place to store these security > phrases? (Note: I didn't ask where would be the best place for me to > put them.) :-) > > Cheers, > > tedd > > PS: No, the SS number in question is not 123-45-6789. :-) > > -- > --- > http://sperling.com/ > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- Sent from my mobile device Bastien Cat, the other other white meat -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Encryption/Decryption Question
On Aug 11, 2010, at 6:50 PM, tedd wrote: > Hi gang: > > Okay, a question to the Encryption/Decryption gurus out there. > > If you were given: > > 1. This encrypted string: > > p3IVhDBT26i+p4vd7J4fAw== > > 2. Were told it was a social security number (i.e., in the form of > 123-45-6789). > > 3. And it had been generated from this code: > > $cipher = mcrypt_module_open(MCRYPT_TRIPLEDES,'','cbc',''); > mcrypt_generic_init($cipher, $key1, $key2); > $encrypted = mcrypt_generic($cipher,$social_security_number); > > 4. Where $key1 and $key2 are md5() values calculated from two different > security phrases. > > 5. Where each security phrase contains multiple non-English words. > > What would it take for you to break the encrypted string and decipher the > social security number? Can it be done? If so, how long? > > And lastly, where would the "best" place to store these security phrases? > (Note: I didn't ask where would be the best place for me to put them.) :-) > > Cheers, > > tedd > > PS: No, the SS number in question is not 123-45-6789. :-) > > -- > --- > http://sperling.com/ > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > Tedd- Considering you can brute force the entire keyspace for Triple DES in under a few hours (without specialized equipment) I don't think it would take long. Granted, I'm not an encryption expert. I look forward to hearing more. Thanks, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Encryption/Decryption Question
Hi gang: Okay, a question to the Encryption/Decryption gurus out there. If you were given: 1. This encrypted string: p3IVhDBT26i+p4vd7J4fAw== 2. Were told it was a social security number (i.e., in the form of 123-45-6789). 3. And it had been generated from this code: $cipher = mcrypt_module_open(MCRYPT_TRIPLEDES,'','cbc',''); mcrypt_generic_init($cipher, $key1, $key2); $encrypted = mcrypt_generic($cipher,$social_security_number); 4. Where $key1 and $key2 are md5() values calculated from two different security phrases. 5. Where each security phrase contains multiple non-English words. What would it take for you to break the encrypted string and decipher the social security number? Can it be done? If so, how long? And lastly, where would the "best" place to store these security phrases? (Note: I didn't ask where would be the best place for me to put them.) :-) Cheers, tedd PS: No, the SS number in question is not 123-45-6789. :-) -- --- http://sperling.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] protecting a directory by php mysql
On Thu, 2010-08-12 at 02:02 +0430, Ali Asghar Toraby Parizy wrote: > Hi. > I need a protected directory in my server that only the authenticated user > can reach all files in that folder(file type is zip and picture or a web > page, maybe). I save user ID and passwords in mysql database. today I tried > to use htaccess but mod_auth_mysql isn't installed on my server. > I know that I can protect web pages by a simple PHP script(checking log in > session) but I don't know how I can protect images and files! > Thanks for any help You can protect with a .htaccess with a more basic protection, by having a password stored in an encrypted form in a file somewhere that Apache can see. However, if you need to authorise users via details in a DB, then your best bet is to store all the files themselves outside of the web root, and then use a script to access them. The script can authenticate users however you want, and only when they are logged in will it read from the file and write that back out to the client with the correct headers. If you can't put the files outside of web root, then you have little hope of securing them if you can't get mod_auth_mysql installed. Thanks, Ash http://www.ashleysheridan.co.uk
[PHP] protecting a directory by php mysql
Hi. I need a protected directory in my server that only the authenticated user can reach all files in that folder(file type is zip and picture or a web page, maybe). I save user ID and passwords in mysql database. today I tried to use htaccess but mod_auth_mysql isn't installed on my server. I know that I can protect web pages by a simple PHP script(checking log in session) but I don't know how I can protect images and files! Thanks for any help -- Ali Asghar Torabi
Re: [PHP] Variable variables into an array.
On 11 August 2010 13:58, Bob McConnell wrote: > From: Richard Quadling > >> Quick set of eyes needed to see what I've done wrong... >> >> The following is a reduced example ... >> >> > $Set = array(); >> $Entry = 'Set[1]'; > ^^ > Shouldn't that be $Set[1]? > >> $Value = 'Assigned'; >> $$Entry = $Value; >> print_r($Set); >> ?> > > Bob McConnell > No. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Variable variables into an array.
From: Richard Quadling > Quick set of eyes needed to see what I've done wrong... > > The following is a reduced example ... > > $Set = array(); > $Entry = 'Set[1]'; ^^ Shouldn't that be $Set[1]? > $Value = 'Assigned'; > $$Entry = $Value; > print_r($Set); > ?> Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Variable variables into an array.
On 10 August 2010 18:08, Andrew Ballard wrote: > On Tue, Aug 10, 2010 at 12:23 PM, Richard Quadling > wrote: >> On 10 August 2010 16:49, Jim Lucas wrote: >>> Richard Quadling wrote: Hi. Quick set of eyes needed to see what I've done wrong... The following is a reduced example ... >>> $Set = array(); $Entry = 'Set[1]'; $Value = 'Assigned'; $$Entry = $Value; print_r($Set); ?> The output is an empty array. Examining $GLOBALS, I end up with an entries ... [Set] => Array ( ) [Entry] => Set[1] [Value] => Assigned [Set[1]] => Assigned According to http://docs.php.net/manual/en/language.variables.basics.php, a variable named Set[1] is not a valid variable name. The [ and ] are not part of the set of valid characters. In testing all the working V4 and V5 releases I have, the output is always an empty array, so it looks like it is me, but the invalid variable name is an issue I think. Regards, Richard. NOTE: The above is a simple test. I'm trying to map in nested data to over 10 levels. >>> >>> For something like this, a string that looks like a nested array reference, >>> you might need to involve eval for it to "derive" that nested array. >>> >> >> I'm happy with that. >> >> It seems variable variables can produce variables that do not follow >> the same naming limitations as normal variables. >> > > It would seem so. If eval() works, can you rearrange the strings a > little to make use of parse_str() and avoid the use of eval()? > > Andrew > php -r "parse_str('a[1][2][3]=richard quadling'); var_dump($a);" outputs ... array(1) { [1]=> array(1) { [2]=> array(1) { [3]=> string(16) "richard quadling" } } } Perfect. Thanks. -- Richard Quadling. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php