Re: [PHP] PHP not remembering sessions
Pablo Gosse [EMAIL PROTECTED] wrote: Strange, because I just set up the code exactly as posted below, under Win2K and Apache 2.0, and it worked fine. Cheers, Pablo -Original Message- From: Golawala, Moiz M (IndSys, GE Interlogix) [mailto:[EMAIL PROTECTED] Sent: Thursday, October 23, 2003 1:11 PM To: Daniel Guerrier; [EMAIL PROTECTED] Subject: RE: [PHP] PHP not remembering sessions It seems that there is a problem with the session management on windows/apache. I was surfing the web to find an answer, and I noticed that there are couple of other people who have the same problem. But alas, there were no answers posted to this problem. So someone, please help me if you know why this is happening. Thanks Moiz -Original Message- From: Daniel Guerrier [mailto:[EMAIL PROTECTED] Sent: Thursday, October 23, 2003 4:04 PM To: Golawala, Moiz M (IndSys, GE Interlogix); [EMAIL PROTECTED] Subject: Re: [PHP] PHP not remembering sessions Use $_SESSION['var'] instead of $_SESSION[var] --- Golawala, Moiz M (IndSys, GE Interlogix) [EMAIL PROTECTED] wrote: Hi All, I have a problem with PHP not remembering sessions. for example: in page1.php: ? session_start(); $_SESSION[var] = Please help; ? form action=sessionTest2.php method=post input type=text name=loopCount size=21, maxlength=20/td input type=submit value=Submit/td in page2.php ? session_start(); echo $_SESSION[var]; echo $_POST[loopCount]; ? what I see above is only data for loopCount. I am not able to see the Please help on page2 I noticed that 2 cookies were created one for each session start. When I opened one of the cookies, I noticed that the data Please help was in the session cookie. Somehow php thinks a session is not already created and starts a new session on page2.php. my php.ini file has: register_globals = off session.use_cookies = 1 session.use_only_cookies = 1 session.auto_start = 0 session.gc_maxlifetime = 1440 Please can someone help me. I am not sure what I am doing wrong? Maybe it is some configuration that is causing this issue. Any help appreciated. Thanks, moiz Seems strange to me, too. Did you set the save_handler for how sessions are stored right and the corresponding save_path (if using session.save_handler = file)? Also notice that the save_path should be made writable to php/apache. Between $_SESSION[var] and $_SESSION['var'] should be no difference (except the obvious difference between the and the ' themselves). I can't reproduce the problem on none of my systems (win9x, win2k, winxp, and some linux machines). -- Dennis Sterzenbach www.darknoise.de -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP not remembering sessions
Moiz M Golawala [EMAIL PROTECTED] wrote: This is what is defined in the php.ini file for save handler routines.. I am newbie, I left it with default values: session.save_handler = files session.save_path = c:/Program Files/Apache Group/Apache2/htdocs/Alarms/ thanks moiz Change your save_path to C:/tmp and create this directory, if it does not exist. I never trust the blanks in directory names under windoze. -- Dennis Sterzenbach www.darknoise.de -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: What does the word 'parse' meant when you do a XML parse...
Scott Fletcher [EMAIL PROTECTED] wrote: What does the word, 'parse' meant when you do a XML parse? What is it and what does it exactly do? Thanks, Scott F. Sorry, but I don't get clearly what you are asking for. Could you ask your question again being more precise? -- Dennis Sterzenbach www.darknoise.de -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Hotmail servers, Was RE: [PHP] LiteSpeed Web Server 1.1
Dpcma Metalito [EMAIL PROTECTED] wrote : Why don´t we stop talking about Microsoft and products that they don´t own? Reason: Can you imagine that Microsoft would show interest about PHP? Can you imagine Ms Visual PHP? we´ll get a non-working scripting non-free language while Microsoft think ASP it´s better than PHP and is not a threat wewill be able to sleep during nights and safe from this kind of nightmares . ACK It's almost horrible to imagine what will be, if Microsoft assmilated technologies like PHP. I still got in mind a cite of David Stutz, former a leading engineer of Microsoft. He wrote it in his open letter to Microsoft (see http://www.synthesist.net/writing/onleavingms.html ): Stop looking over your shoulder and invent something! This tells everything one needs to know about Microsoft, I guess. So far, Dennis -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: include() problems
Gustave Bernier [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Hi everyone,
I'm new to PHP and I'm trying to use the include function but with no
success... My server's ini file is set as (allow_url_fopen, 0) so I'm
having some trouble to pass different values for the php file I'm
calling.
The address is: http://mydomain.com/forums/ssi.php?a=active
The code I'm trying now is:
$_GET['a'] = 'active';
include('forums/ssi.php');
When I use this code I have no error, ssi.php is loaded but nothing is
done
(I believe the a value isn't passed to ssi.php) and the page where
the
include is stops loading just after the include().
You don't pass the value to that file, you simply tell the preprocessor
of PHP to copy the contents of forums/ssi.php file into the source
code before executing the script. You do NOT call the ssi.php by that!
As you are stating you want to call
http://mydomain.com/forums/ssi.php?a=active
why are you including the file in there?
The statement about allow_url_fopen, 0 setting controls access to
remote-resources, so if you are allowed to do something like
fopen(http://...;)
or include(http://..;).
Thus it doesn't have anything to do with your include.
--
Dennis Sterzenbach
www.darknoise.de
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Create from PHP on the Fly???
Jeffrey Fitzgerald [EMAIL PROTECTED] wrote: Can this be done? How much $$$? Quality of PDF?? Thanks very much... WTF are you talking about? If you are talking about PDF: google is your friend. -- Dennis -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: include() problems
I'm trying to include that file because in my index page because it has many functions I need to use in other pages... I'm on ADDR.com servers and I can't set allow_url_fopen to 1 (it sucks!). In ssi.php functions are called by accessing this address: http://mydomain.com/forums/ssi.php?a=active So how can I possibly include that page (ssi.php?a=active) on any of my pages??? In my oppinion, if these files you need the include for aren't on the same server as mydomain.com or even cannot access the root where mydomain.com got placed (like they cannot do an include by include '/home/web/com/mydomain/forums/ssi.php'), you will never have any chance of doing so. Due to allow_url_fopen being disabled, you cannot include files from remote. But just to be sure we're talking about the same problem: You try to get the SOURCE CODE of the script http://mydomain.com/forums/ssi.php?a=active to use it as part of another, say http://mydomain.co.uk/forum.php ? If you are talking about including it in http://mydomain.com/forum.php , simply adjust the forum.php code to have : ?php ... $a = $_GET['a']; include 'forums/ssi.php'; ... ? Regards Dennis -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Getting many virii the last time
Hello to all I am receiving many virii through the different PHP mailinglists I use to read and post in. Could the lists administrators please review that problem? i.e. my ISP told me that I receive quite a lot Worm.Gibe.F and I see they seem to be coming from PHP mailinglists. If you would like to know the mailing addresses I report them. Thanks in advance! -- Dennis Sterzenbach -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: removing an element from an array
Is there no function to do this? It seems like alot of overhead to do
this
process, especially if the array is big. comments?
Not if you do not create another array, which in my oppinion
is totally unnecessary.
I always did the following after finding the position from
where to strip off the element:
for ($i=$elpos; $icount($array); $i++) {
$array[$i] = $array[$i+1];
}
unset($array[count($array)-1]);
--
Dennis Sterzenbach
www.darknoise.de
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] removing an element from an array
Angelo Zanetti [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] isnt the unset function not a safe function to use was discontinued, i think thats why its not in the manual. Hi Angelo, look at the examples on http://www.php.net/manual/en/function.unset.php And you know that it is also used for purpose of deleting some element from an array at some key. -- Dennis Sterzenbach www.darknoise.de -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] removing an element from an array
Daniel Perez Clavero [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Angelo, Given array1 extract array2 from there, and put it into $array_result. $array2[0]=Value to extract; $array_result = array_diff ($array1, $array2); Should work. Rgrds. Well this only returns the differences between $array1 and $array2. But it doesn't touch/change the arrays themselves. -- Dennis Sterzenbach www.darknoise.de -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: removing an element from an array
for ($i=$elpos; $icount($array); $i++) {
$array[$i] = $array[$i+1];
}
unset($array[count($array)-1]);
I found another possible solution, which should be more
performant than the one above:
$input = array (a, b, c, d, e);
print_r($input);
$offset = 2;
$array1 = array_splice($input, 0, $offset);
$array2 = array_splice($input, $offset-1);
$input = array_merge($array1, $array2);
print_r($input);
Results in output of:
Array ( [0] = a [1] = b [2] = c [3] = d [4] = e )
Array ( [0] = a [1] = b [2] = d [3] = e )
--
Dennis Sterzenbach
www.darknoise.de
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: removing an element from an array
Angelo Zanetti [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] how do I find the position of the element in the array? based on the value that is passed? if there a funtion for this or do I manually have to get this value? $key = array_search(value-to-search); -- Dennis Sterzenbach www.darknoise.de -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] exec command
Nabil [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] so when i use php exec to do it , am i using apache user (nobody) or am i using php user , is there a php user ? so what can i do ? i want to execute #useradd -d /home/all -g wahtever -s /bin/false newuser as i want to create only pop user on the system when my user make regestration.. to give him an email account any comment ? Question to your answer has already been given. Review the thread and you will see it. But to answer your question (again): You are running as the user the Apache daemon got started. Apache handles the request and recognizes that it has to hand the request to PHP. Still you will have to check the stuff entered before executing!!! See the posts by Javier Tacon!! And to get it work, you must get the command executed as root. This may be achieved by using sudo (please lookup the man pages or internet for help on that!). Just one comment at last: Don't let Apache run as root! That would make it all worse than using sudo for your script, because Apache could execute critical code killing your system when running as root. One who is in practice could hack your system within seconds. Apache always MUST run as a non-privileged user! HTH. -- Dennis Sterzenbach www.darknoise.de -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: documentation on
Rich Fox [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Can someone point me to documentation on the operator? I am wondering if there are some quirks I don't know about. Yet I can't find it documented on the php website. THanks, Rich I've never seen a operator. Do you mean (shl, shift left)? shift left means each step multiplying by 2: $a = 4; $s = 2; $value = $a 1; // $a * 2 $value = $s 2; // $s * 4 $value = $a 4; // $a * 16 This is explained under http://ww.php.net/manual/en/language.operators.bitwise.php -- Dennis -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: documentation on
Sorry forgot about the heredoc, just waste my post unterneath -- Dennis Dennis Sterzenbach [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Rich Fox [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Can someone point me to documentation on the operator? I am wondering if there are some quirks I don't know about. Yet I can't find it documented on the php website. THanks, Rich I've never seen a operator. Do you mean (shl, shift left)? shift left means each step multiplying by 2: $a = 4; $s = 2; $value = $a 1; // $a * 2 $value = $s 2; // $s * 4 $value = $a 4; // $a * 16 This is explained under http://ww.php.net/manual/en/language.operators.bitwise.php -- Dennis -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: upload security
Philippe Lemmerling [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I have a question concerning security of my file upload script. I'm using the php upload routines (move_uploaded_file,...) and variables ($_FILES) to upload images to a webdirectory. Everything works fine, meaning that I can upload images BUT only if I change the permission of the directory to which the uploaded images are moved to 777. I guess that this is not such a good thing from security point of view. So here are some questions I have: Yeah, pretty sure about that 777-thingie. 1) is this really that dangerous? How could this be exploited by an attacker? Am unsure about it, as to I'm no attacker to any system. But from my background I can say, that whereever public write permissions are set, any (tricky) attacker will find a way into. 2)using chmod in my php script (to switch back and forth between 700 and 777) is not an option since I'm on a virtual host and PHP is in safe mode Are you really sure about the privileges set to 777? Think of the following: My server does run under account User websrv Group webusers So the PHP script will be running under the same user account, using it while doing all the chown,chmod,move_uploaded_file... things. But if the upload directory /www/uploads/ is created by root, the websrv user will have no write privilege to that directory. Another thing to keep in mind is the umask. If you chmod to 777, might be 755 only, due to an umask value of 022. So always keep an eye on that. Try looking up the ini-setting about upload-directory defined by the ISP (for you it should be the local value rather than a global) 3)creating a directory which is not reachable by webbrowser does not seem to be possible either since outside my webdirectory; everything is root-owned and obviously only my ISP has root permission ;-) You are able to do so, but not outside your chroot/docroot! Simple create the directory within the chroot you are able to and create an .htaccess disallowing all users from remote systems to change into or request files from inside (lookup some resource about .htaccess files. Should be something like the following (surrounded by Directory /your/path/to/upload/dir/Directory I guess): Order Deny,Allow Deny from all Allow from localhost -- Dennis Sterzenbach www.darknoise.de -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] retrieving information about state of a function
Hello all,
Wouldn't it be nice having a function which tells you whether you are
restricted to call a function or not?
I think of something like:
if (function_enabled(shell_exec)) {
$info = shell_exec(dig myname.com);
}
telling if it was defined as disabled function in php.ini
(disable_functions=...) or not.
--
Regards
Dennis
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: retrieving information about state of a function
Jon Kriek [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] get_defined_functions() http://www.php.net/get_defined_functions function_exists() http://www.php.net/function_exists I'm talking about disabled and enabled functions. You posted about (non-)existance / definition of functions. I already looked through this, and saw function still is defined but no longer enabled. -- Dennis -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: retrieving information about state of a function
I'm talking about disabled and enabled functions. You posted about (non-)existance / definition of functions. I already looked through this, and saw function still is defined but no longer enabled. How about using ini_get() to get the disabled functions, then parse that for the function you're looking for?? Well I already do so, but I think it would be more smooth having a function provided by PHP for that purpose, because there are functions for all the other kinds of checks: included files, declared classes, defined constants/variables, defined functions, etc. Why not having a function which gives the information to me? Also I think a function provided by PHP would make it faster and even quite secure. Think of having to explode() and in_array() check for the function or the PHP engine having the list in a good matter handing a true/false directly. Seems to me as a more consequent and ideal solution. -- Dennis -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
