[PHP] RE: DAN (Didier McGillis) *** codeSECURE 1.0 - - Protecting PHP code
Ok, can we stop sending this to php-announce please... -- James Cox (Editor) :: [EMAIL PROTECTED] :: http://www.apress.com/ The Experts Voice (tm) Frasier Crane: Y'know, Niles, what say I buy us dinner and a lot of martinis? Niles Crane: Sounds great, except for the dinner part. > -Original Message- > From: John Black [mailto:[EMAIL PROTECTED] > Sent: 15 October 2003 10:16 > To: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED] > Subject: DAN (Didier McGillis) *** codeSECURE 1.0 - - > Protecting PHP code > > > Hi again Dan, > Sorry, I have been very busy and looking back I dont think I > cleared the license issue totally. > > If you are selling software from your site, it does not > matter how many people buy your software that is encoded with > codeSecure, the license is site wise, > ie: > if you are selling software from 1 site, thats 1 license, no > matter how many people buy your software (which is encoded > with CS) and use it on their sites. if selling from 3 sites > thats 3 licenses. And additional licenses are just 15$ > anyway, even less if you are purchasing 5 licenses and above. > > > Regards, > JB > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] RE: [PHP-DEV] [systems] cvs server moving
All, I think everything is now moved; cvs checkouts should still be fine, and as dns changes over, commits will become possible again. (if you need to make a commit now, please tell your system that cvs.php.net happens to point at pb11.pair.com) When dns converges, work will continue on lxr and bonsai to return them to service. Thanks, James Cox > > Just a heads up, > > we should be moving the cvs apparatus from one server to another > in the next > few hours. The only down time will be whilst your dns updates, > and this will > _only_ affect cvs COMMITS -- not checkouts. > > Thanks for your patience. > > James Cox > php sysadmin > > -- > James Cox :: [EMAIL PROTECTED] :: http://imajes.info/ > Was I helpful? > http://www.amazon.co.uk/exec/obidos/wishlist/23IVGHQ61RJGO/ > > > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] [systems] cvs server moving
Just a heads up, we should be moving the cvs apparatus from one server to another in the next few hours. The only down time will be whilst your dns updates, and this will _only_ affect cvs COMMITS -- not checkouts. Thanks for your patience. James Cox php sysadmin -- James Cox :: [EMAIL PROTECTED] :: http://imajes.info/ Was I helpful? http://www.amazon.co.uk/exec/obidos/wishlist/23IVGHQ61RJGO/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] manual notes
The manual notes should be live again. i dry rsynced phpweb on www so it contains all the latest updates. we are just now finalizing the manual builds so the whole thing can get switched on properly. - - james -- James Cox :: [EMAIL PROTECTED] :: http://james.blogs.at/ Was I helpful? http://www.amazon.co.uk/exec/obidos/wishlist/23IVGHQ61RJGO/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] User Contributed Notes at php.net?
they are missing temporarily as we work on re-enabling some php.net services. apologies for any inconveniences. -- James Cox php.net sysadmin -- James Cox :: [EMAIL PROTECTED] :: http://james.blogs.at/ Was I helpful? http://www.amazon.co.uk/exec/obidos/wishlist/23IVGHQ61RJGO/ > > At 23:33 11.11.2002, Tracy Finifter Rotton said: > [snip] > >Does anyone know what happened to the User Contributed Notes on the PHP > >Manual? I went to go find one today, and they all appear to be gone! > [snip] > > yeah, right... this afternoon they were still there I believe... > > > -- >>O Ernest E. Vogelsinger >(\)ICQ #13394035 > ^ http://www.vogelsinger.at/ > > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] two way encryption
sorry to step in, but did you consider base64_[encode|decode] ? -- james > > Justin French wrote: > > Well, that was on my local test server, which I didn't compile with > > mcrypt... so that solves that, but it appears my ISP didn't > compile with it > > either... so there's very little point in getting my local > server working > > with it. > > > > What alternatives do I have? > > I don't *think* PHP includes any builtin-by-default, non-one-way > encryption functions, but I haven't looked in a long time so I could be > wrong. You might be able to get your ISP to install mcrypt itself which > has a command line utility. Then you could use passthru() I suppose. > > Joe > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Nasty DoS in PHP
Well, if you were able to upload a PHP script, you'd also be able to upload
a binary file, which would have the ability to run exec("yourbinary");
...
-Original Message-
From: Dustin E. Childers [mailto:[EMAIL PROTECTED]]
Sent: Thursday, April 18, 2002 3:41 AM
To: James Cox
Cc: [EMAIL PROTECTED]
Subject: Re: [PHP] Nasty DoS in PHP
You can't upload a binary file to a server and access it through a web
browser. The most it will do is either show the 'source' for file or ask you
to download it. Yes, this is probably not a major DoS attack..and there
aren't many free hosts out there that have PHP support. The most you could
probably do is take out your own server, but you never know what script
kiddies are willing to do in order to take down a server.
Dustin E. Childers
Security Administrator. CEO, Digitux Security, Inc.
http://www.digitux.net/
- Original Message -
From: "James Cox" <[EMAIL PROTECTED]>
To: "Dustin E. Childers" <[EMAIL PROTECTED]>; "Jason Murray"
<[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Wednesday, April 17, 2002 5:28 PM
Subject: RE: [PHP] Nasty DoS in PHP
> so why not upload a binary file and execute that ? quick root-kit later
and
> you're in.
>
>
> -Original Message-
> From: Dustin E. Childers [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, April 18, 2002 3:22 AM
> To: Jason Murray
> Cc: [EMAIL PROTECTED]
> Subject: Re: [PHP] Nasty DoS in PHP
>
>
> "If the user has enough access to the server to place files on it" ?
>
> There are hosting places that have PHP and you can just upload the PHP
> script through FTP and access it in your browser.
>
> Dustin E. Childers
> Security Administrator. CEO, Digitux Security, Inc.
> http://www.digitux.net/
>
> - Original Message -
> From: "Jason Murray" <[EMAIL PROTECTED]>
> To: "'Dustin E. Childers'" <[EMAIL PROTECTED]>
> Cc: <[EMAIL PROTECTED]>
> Sent: Wednesday, April 17, 2002 5:14 PM
> Subject: RE: [PHP] Nasty DoS in PHP
>
>
> > > It's a default PHP installation. We aren't calling set_time_limit().
> > > I know its an infinite loop, the point is that if a user wanted to
> > > attack a server (happens every day) they would be able to use this
> > > method to take the server down.
> >
> > But, if the user has enough access to the server to place files on it,
> > then they can do much, much worse stuff than running an infinite loop
> > in PHP. Like I said, if it gets to that point you have bigger problems.
> >
> > Jason
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Nasty DoS in PHP
so why not upload a binary file and execute that ? quick root-kit later and you're in. -Original Message- From: Dustin E. Childers [mailto:[EMAIL PROTECTED]] Sent: Thursday, April 18, 2002 3:22 AM To: Jason Murray Cc: [EMAIL PROTECTED] Subject: Re: [PHP] Nasty DoS in PHP "If the user has enough access to the server to place files on it" ? There are hosting places that have PHP and you can just upload the PHP script through FTP and access it in your browser. Dustin E. Childers Security Administrator. CEO, Digitux Security, Inc. http://www.digitux.net/ - Original Message - From: "Jason Murray" <[EMAIL PROTECTED]> To: "'Dustin E. Childers'" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Wednesday, April 17, 2002 5:14 PM Subject: RE: [PHP] Nasty DoS in PHP > > It's a default PHP installation. We aren't calling set_time_limit(). > > I know its an infinite loop, the point is that if a user wanted to > > attack a server (happens every day) they would be able to use this > > method to take the server down. > > But, if the user has enough access to the server to place files on it, > then they can do much, much worse stuff than running an infinite loop > in PHP. Like I said, if it gets to that point you have bigger problems. > > Jason -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Nasty DoS in PHP
but to do so, they would need to be on the box, and there are a bunch of better methods in that situation. given that php's default install sets a max time limit of 30 seconds on a script timeout, it can't have run for 10+ minutes, nor is that a reasonable length of time for a DoS on a monitored box. This isn't really an exploit, just bad coding. -Original Message- From: Dustin E. Childers [mailto:[EMAIL PROTECTED]] Sent: Thursday, April 18, 2002 3:10 AM To: Jason Murray Cc: [EMAIL PROTECTED] Subject: Re: [PHP] Nasty DoS in PHP It's a default PHP installation. We aren't calling set_time_limit(). I know its an infinite loop, the point is that if a user wanted to attack a server (happens every day) they would be able to use this method to take the server down. Dustin E. Childers Security Administrator. CEO, Digitux Security, Inc. http://www.digitux.net/ - Original Message - From: "Jason Murray" <[EMAIL PROTECTED]> To: "'Dustin E. Childers'" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Wednesday, April 17, 2002 5:04 PM Subject: RE: [PHP] Nasty DoS in PHP > > It does not stop after its execution time. > > Is your PHP actually configured to stop running after 30 seconds, > though? Its the default, but you may have overridden it. > > > We have let this run for 10+ minutes to see if it would crash the > > server, and it did. > > Is it possible you're called set_time_limit() to increase the > script's timeout and thus allow it to run? > > > It does not affect the person that loads the code in the browser, > > just affects the server running the code. > > Well ... yeah. This is not surprising :p :) > > Either way, the fact still remains it's an infinite loop and you > just shouldn't write it. :) > > J -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: Cross DB application
Hello, "Arcadius A." wrote: > > Hello ! > I'm planning to write a database application for MySQL, and then port it to > PostrgeSQL. > Is there any library or class that could help me to write/maintain just one > source code for both MySQL and PostgreSQL ? I think your best (if not the only) option in PHP is Metabase. http://www.phpclasses.org/metabase you could also use PEAR (http://pear.php.net/) which has a more than adequate abstraction layer for various databases. But, I doubt even metabase can rewrite your SQL queries for you so that it's optimized for postgres AND mysql (and any other option you would like to choose). you're much better off either picking one DB system, or use both but maintain seperate SQL for each, to provide full optimization. james -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Help I killed PHP on mysever...
Chuck, what exactly is your situation? what has happened, step by step? what OS are you on? Thanks, James -- James Cox :: [EMAIL PROTECTED] :: Landonize It! http://landonize.it/ Was I helpful? http://www.amazon.co.uk/exec/obidos/wishlist/23IVGHQ61RJGO/ -Original Message- From: Chuck "PUP" Payne [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 09, 2002 8:31 AM To: Mika Tuupola Cc: PHP General Subject: Re: [PHP] Help I killed PHP on mysever... No, I have reinstall. So much I about to throw my box. PHP just wont load now everything I have work now it lost. Chuck on 4/9/02 3:28 AM, Mika Tuupola at [EMAIL PROTECTED] wrote: > On Tue, 9 Apr 2002, Chuck "PUP" Payne wrote: > >> I have done something stupid and not PHP won't work. Everytime you >> click on a link that is .php it wants you to download the file. What >> have I done and how can I fix it. > > This happens when you recompile and reinstall php as a module > and didn't restart your webserver. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] nl2br returns ? normality or a bug?
actually, is not parsed in the same way as for many browsers. is XHTML, and is not a fully supported language set yet. -- James Cox :: [EMAIL PROTECTED] :: Landonize It! http://landonize.it/ Was I helpful? http://www.amazon.co.uk/exec/obidos/wishlist/23IVGHQ61RJGO/ -Original Message- From: Maxim Maletsky [mailto:[EMAIL PROTECTED]] Sent: Saturday, April 06, 2002 1:31 AM To: 'Andrew Brampton'; [EMAIL PROTECTED] Subject: RE: [PHP] nl2br returns ? normality or a bug? Not same, Andrew, It had made my pages VERY VERY UGLY! I know that it can be parsed well, but should not have done such effect on the site. I wouldn't care about this thing if I wouldn't find a few pages on my site 1000 pixel wide. But, the question is: why only on this machine? I run the same PHP version and use same data as before. Sincerely, Maxim Maletsky Founder, Chief Developer PHPBeginner.com (Where PHP Begins) [EMAIL PROTECTED] www.phpbeginner.com > -Original Message- > From: Andrew Brampton [mailto:[EMAIL PROTECTED]] > Sent: Saturday, April 06, 2002 2:21 AM > To: Maxim Maletsky; [EMAIL PROTECTED] > Subject: Re: [PHP] nl2br returns ? normality or a bug? > > is that XML style newline or something... > > Don't worry about it, it parsed the same as > > Andrew > - Original Message - > From: "Maxim Maletsky" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Saturday, April 06, 2002 1:13 AM > Subject: [PHP] nl2br returns ? normality or a bug? > > > > > > I've never seen that nl2rb would return me instead of the > > traditional . But it did. > > > > Is that normal or it that a bug? > > > > > > Here's some test code: > > > > > > > $text = " > > > > Hello > > > > this is > > the > > silliest > > > > test > > > > I can > > > > > > ever > > > > invent > > > > "; > > > > echo nl2br($text); > > > > echo "on machine: $SERVER_SOFTWARE"; > > > > ?> > > > > > > returns me such HTML: > > > > -- > > > > > > > > > > Hello > > > > > > > > this is > > > > the > > > > silliest > > > > > > > > test > > > > > > > > I can > > > > > > > > > > > > ever > > > > > > > > invent > > > > > > > > on machine: [Apache-AdvancedExtranetServer/1.3.22 (Mandrake > > Linux/1.2mdk) mod_ssl/2.8.5 OpenSSL/0.9.6 PHP/4.0.6] > > -- > > > > > > > > I've triple-checked for what ANSI characters I had there. They were > > fine. And as you can read below, there were the same as when nl2br used > > to return me . > > > > The problem has never occurred to me on any of the previous machines > > site was hosted on. It does on this one though, with even the same > > version of PHP and the same data from DB. I've noticed this problem > > because I had a RegEx after nl2br() that always worked till we migrated > > on a new server, then my expression has obviously stopped to work > > because of that extra space and slash nl2br kindly provided me with. > > Temporarily fixed with another RegEx. But, I was wondering, is a known > > bug or it's because of my machine? Other than that nothing has > > changed... > > > > Enlighten me on this, please. Did I miss a bug report? > > > > > > Sincerely, > > > > Maxim Maletsky > > Founder, Chief Developer > > > > PHPBeginner.com (Where PHP Begins) > > [EMAIL PROTECTED] > > www.phpbeginner.com > > > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: Has anyone looked at phpinfo today?
the php daemon. -Original Message- From: lmlweb [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 02, 2002 2:50 AM To: [EMAIL PROTECTED] Subject: [PHP] Re: Has anyone looked at phpinfo today? who the heck was that :) "James Arthur" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]... > > > Notice anything different? > > --jaa -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] QA help needed
firstly, apologies for the cross post, but I urgently need a Windows 98 / PHP / PWS environment to test an issue on. if anyone could help out with that, please email me back directly. Thanks, James -- James Cox :: [EMAIL PROTECTED] :: Landonize It! http://landonize.it/ Was I helpful? http://www.amazon.co.uk/exec/obidos/wishlist/23IVGHQ61RJGO/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: How can I open URL using HTTP POST instead of HTTP GET?
http://php.net/curl > -Original Message- > From: Hugh Bothwell [mailto:[EMAIL PROTECTED]] > Sent: Sunday, February 10, 2002 4:31 PM > To: [EMAIL PROTECTED] > Subject: [PHP] Re: How can I open URL using HTTP POST instead of HTTP > GET? > > > > "Zlutarch G." <[EMAIL PROTECTED]> wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Hi everyone, > > > > PHP fopen function opens URL using the HTTP GET method. But what if one > > could only open the web page using the HTTP POST method? In this case, > fopen > > won't work. Is there a PHP function that is similar to fopen, but uses > HTTP > > POST method to open URL instead? If not, then how do I work around this > > problem? > > Umm... you might have to open a socket and read/write directly. > To do this, you'd have to look up the appropriate RFCs and write > the headers manually. > > Anyone got a better idea? > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] PHP / MYSQL security bug
The PHP developers are aware of this, and are working with MySQL to make it safer. it should be noted that PHP safe mode, whilst making the environment generally safer, is not an easy-answer to webserver security. The only real solution is to learn about better security and configuration. --james -- James Cox :: [EMAIL PROTECTED] Was I helpful? http://www.amazon.co.uk/exec/obidos/wishlist/23IVGHQ61RJGO/ > -Original Message- > From: Gerard Onorato [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, February 05, 2002 4:00 PM > To: [EMAIL PROTECTED] > Subject: [PHP] PHP / MYSQL security bug > > > Maybe I missed the thread but I was wondering if anyone has seen this > report or done any testing on it. > > We tested it and it seems a pretty valid problem. Can anyone comment on a > fix that may be in the works? > > Gerard > > -- > --- > Security Advisory DW020203-PHP > Release: 3rd February 2002 > PHP Safe Mode Filesystem Circumvention Problem > Severity: Medium to high. > Affects: PHP, all versions which include safe_mode feature. > Platform: UNIX, Microsoft Windows, any platforms on which PHP is > available. > Vendor: http://php.net. > Discovered: 12th January 2002, Dave Wilson <[EMAIL PROTECTED]>, using > PHP 4.1.0 & Apache 2 on Linux. > > -- > > > VULNERABILITY IN BRIEF > PHP (since version 3?) includes a commonly used feature known as > Safe Mode. > When enabled, scripts are highly limited in their ability to access or > execute local files, among other things. > PHP relies on a wrapper function around all filesystem calls to perform > access checks, but unforunately the bundled MySQL client library has not > been modified to perform such checks on "LOAD DATA INFILE LOCAL" > statements. > If an attacker has access to a MySQL server (either provided by you or > himself), he can use it as a proxy by which to download files residing on > the safe_mode-enabled web server. For large ISPs relying on this feature > for individual customer privacy, it could mean clients accessing each > other's files, or viewing of files on an improperly secured server. > > FIX > Currently, no fix exists. You may use other PHP safe_mode functions to > disable the use of the MySQL client library, or secure your servers in a > proper fashion.. A suggested fix for the PHP developers might be to scan > mysql_query()s for strings similar to "LOAD DATA LOCAL INFILE". > Happy hackers out there might like to look at libmysql.c:1764 if > interested > in fixing this problem, although that may only be possible from > within PHP. > > EXAMPLE > The attached script will (once configured correctly) attempt to read > "/var/log/lastlog" via the SQL daemon and return it to the client. > $ cp safe_mode.php /www > $ wget -qO lastlog_via_mysql localhost/safe_mode.php > $ diff /var/log/lastlog lastlog_via_mysql; echo $? > 0 > > COMMENTS > Due to the nature of the PHP project, development is very rapid and hence > many sites do not keep up with latest PHP versions. If a fix was > available, > it would take quite a while to propagate. > It is likely that this is not an isolated problem in PHP, my bets are on > PostgreSQL and other PHP database extensions missing this one too. > The MySQL support has been enabled in PHP by default for as long as I can > remember. > > DAVE WILSON > Currently residing in Belfast, Northern Ireland, he is available for work > relating to network security auditing, post-attack recovery and forensics, > and penetration testing. He may be contacted at <[EMAIL PROTECTED]>. If > you have any comments regarding this advisory, please contact him > directly. > > Sun Feb 3 21:23:03 GMT 2002 -dw > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] RE: [PHP-DEV] Re: Securite problem
Hi, this isn't a problem for [EMAIL PROTECTED], as that's the developers list. You will find most help on [EMAIL PROTECTED] or php-windows. Thanks, james cox > -Original Message- > From: Roebie [mailto:[EMAIL PROTECTED]] > Sent: Sunday, February 03, 2002 1:20 AM > To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; > [EMAIL PROTECTED] > Subject: [PHP-DEV] Re: Securite problem > > > I have tried absolute paths but that does not solve the problem. > Unlike the filename extension suggests I am using php4. > > The problem seems to be the password protection. When the three > files are in > the same directory (be it protected or unprotected) everything works fine. > When index.php3 is in one directory and the other two files are in another > directory everything works fine but only if both directories are protected > or both are unprotected. > > That including a script that is in a password protected directory is not > allowed seems reasonable to me, but the other way round ...? > > > > -- > PHP Development Mailing List <http://www.php.net/> > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] Apache PHP File Disclosure Vuln
Actually, as a note about this, we (i) did extensive testing to invoke the php.exe binary and apache in any way but using an action and virtual url, and found it didn't work. We have suitably amended the documentation for both the win32 installer, plus the manual, making it clearer that choosing those paths are bad. james -- James Cox :: [EMAIL PROTECTED] Please CC me when replying to my messages on lists. Was I helpful? http://www.amazon.co.uk/exec/obidos/wishlist/23IVGHQ61RJGO/ > -Original Message- > From: Analysis and Solutions [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, January 29, 2002 1:02 AM > To: PHP List > Subject: [PHP] Apache PHP File Disclosure Vuln > > > Hi Folks: > > I haven't been reading the list lately. I went to the mailing > list archives > on Google and MARC to see what's been said about the "Apache Win32 PHP.EXE > Remote File Disclosure Vulnerability." I was surprised to find > only one post > to the php-dev list: > > > As I responded on Bugtraq, this is, if anything, an Apache bug, > not a PHP > > bug. It could be a configuration bug too, but the bottom line is the > > Apache doesn't determine that the file is a PHP file when > requested in that > > way, and doesn't even invoke PHP on it. > > > > Zeev > > http://groups.google.com/groups?hl=en&threadm=5.1.0.14.2.200112160 > 32247.06833468%40localhost&rnum=10&prev=/groups%3Fhl%3Den%26q%3DAp > ache%2BPHP%2Bfile%2BDisclosure%2Bvulnerability%26btnG%3DGoogle%2BSearch > > > I was surprised that nothing is mentioned about it on the PHP web site. I > did a search on the whole site for "apache File Disclosure" and > got no hits. > > Similarly, looking in the Apache Bug Report Database brought up nothing. > Weird. > > So, I wanted to give the php-general list a heads up on this > matter. As Zeev > points out, it's an Apache problem, but it's something we, as PHP > users, will > run into... > > > clip from Security Focus > > SecurityFocus Newsletter #127. Tue, 15 Jan 2002. > > 1. Apache Win32 PHP.EXE Remote File Disclosure Vulnerability > BugTraq ID: 3786 > Remote: Yes > Date Published: Jan 04 2002 12:00A > Relevant URL: > http://www.securityfocus.com/bid/3786 > Summary: > > A vulnerability exists in the suggested default configuration for the > Apache PHP.EXE binary on Microsoft Windows platforms. This issue has the > potential to disclose the contents of arbitrary files to remote attackers. > > The ScriptAlias line of the following configuration in the httpd.conf > Apache configuration file is known to be the source of this issue: > > ScriptAlias /php/ "c:/php/"=20 > AddType application/x-httpd-php .php=20 > Action application/x-httpd-php "/php/php.exe" > > As a result, it is possible for an attacker to append a filepath to the > end of web request for php.exe. Files targetted in this manner will be > served to the attacker. > > It is also possible to run executables in the PHP directory via successful > exploitation of this vulnerability. > > ^ > > > A temporary workaround I though of off the cuff is modifying some of the > settings in the Apache configuration (httpd.conf, .htaccess, etc) files. > This way, crackers would have to guess the vulnerable path. Of > course, this > isn't a real security measure, but it reduces the likelyhood of problems. > > STANDARD SETTINGS: >Action application/x-httpd-php "/php/php.exe" >ScriptAlias /php/ "f:/Program Files/php4/" > > TWEAKED SETTINGS: >Action application/x-httpd-php "/SomeOtherName/php.exe" >ScriptAlias /SomeOtherName/ "f:/Program Files/php4/" > > > Another thing Win32/PHP/Apache users on NT and 2000 machines can do is run > the Apache service under a particular user id and tighten > permissions granted > that user. > > I guess mod_rewrite could be used to head off these calls to > /php/php.exe. > But I'm not familiar enough with mod_rewrite to do this. If anyone is, > please be kind enough to post the _complete_ set of commands one > would need > to handle this situation. > > Enjoy, > > --Dan > > -- > PHP scripts that make your job easier > http://www.analysisandsolutions.com/code/ > SQL Solution | Layout Solution | Form Solution > T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y > 4015 7 Ave, Brooklyn NY 11232v: 718-854-0335f: 718-854-0409 > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] PHP Chat REALTIME
Ok, i haven't been following this, but have you guys thought of ircg? http://php.net/ircg James -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] RE: Does anyone have the 'edit_member.php' script ....
change
printf ("\n",
$PHP_SELF, DISPLAY_ENTRY);
to
printf ("\n",
$PHP_SELF, $DISPLAY_ENTRY);
> -Original Message-
> From: Mike C [mailto:[EMAIL PROTECTED]]
> Sent: Saturday, January 19, 2002 12:02 PM
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: Re: Does anyone have the 'edit_member.php' script
>
>
> It was suggested I send this to the list. The 'samp_db.inc' file
> follows this. The parse error is:
> Parse error: parse error in /edit_member.php on line 11
>
> #edit_member.php
>
> include ("/users/mike/documents/include_files/samp_db.inc");
> define (initial_page, 0);
> define (display_entry, 1);
> define (update_entry, 2);
>
> function solicit_member_id ()
> {
> global $PHP_SELF;
>
> printf ("\n",
> $PHP_SELF, DISPLAY_ENTRY);
> print ("Enter your membership ID number and password,\n");
> print ("then select submit.\n\n");
> print ("\n");
> print ("");
> print ("Member ID");
> print ("\n");
> print ("");
> print ("");
> print ("Password");
> print ("\n");
> print ("");
> print ("\n");
> print ("\n");
> print "\n";
> }
>
> function display_entry ()
> {
> global $PHP_SELF;
> global $member_id, $password;
>
> $member_id = trim ($member_id);
> if (empty ($member_id))
> die ("No member ID specified");
> if (!ereg ("^[0-9]+$", $member_id))
> die ("Invalid member ID specified (must be a number)");
> if (empty ($password))
> die ("No password specified");
> if (check_pass ($member_id, $password))
> $admin = 0;
> else if (check_pass (0, $password))
> $admin = 1;
> else
> die ("Invalid password");
>
> $query = "SELECT last_name, first_name, suffix, email,"
> . "street, city, state, zip, phone, interests,"
> . "member_id, expiration"
> . " FROM member"
> . " WHERE member_id = $member_id"
> . " ORDER by last_name";
> $result = mysql_query ($query)
> or die ("Cannot execute query");
> if (mysql_num_rows ($result) == 0)
> die ("No user with member_id = $member_id found");
> if (mysql_num_rows ($result) > 1)
> die ("More than one user with member_id = $member_id found");
>
> printf ("\n",
> $PHP_SELF, UPDATE_ENTRY);
>
> hidden_field ("member_id", $member_id);
> hidden_field ("password", $password);
> print ("\n");
> $row = mysql_fetch_array ($result);
> display_column ("Member ID", $row, "member_id", 0);
>
> display_column ("Expiration", $row, "expiration", $admin);
>
> display_column ("Last name", $row, "last_name", 1);
> display_column ("First name", $row, "first_name", 1);
> display_column ("Suffix", $row, "suffix", 1);
> display_column ("Email", $row, "email", 1);
> display_column ("Street", $row, "street", 1);
> display_column ("City", $row, "city", 1);
> display_column ("State", $row, "state", 1);
> display_column ("Zip", $row, "zip", 1);
> display_column ("Phone", $row, "phone", 1);
> display_column ("Interests", $row, "interests", 1);
> print ("\n");
> print ("\n");
> print "\n";
>
> }
>
> function check_pass ($id, $pass)
> {
>
> $query = "Select password from member_pass where member_id = $id";
> if (!($result = mysql_query ($query)))
> die ("Error reading password table");
> if (!($row = mysql_fetch_array ($result)))
> return (FALSE);
> return ($row["password"] == $pass);
> }
>
> function display_column ($label, $row, $col_name, $editable)
> {
> print ("\n");
> printf ("%s\n", htmlspecialchars ($label));
> $value = htmlspecialchars ($row[$col_name]);
> if ($editable)
> {
> $str = sprintf (" $str .= sprintf (" VALUE=\"%s\" SIZE=\"80\">\n", $value);
> }
> else
> $str = $value;
> printf ("%s\n", $str);
> print ("\n");
> }
>
> function update_entry ()
> {
> global $row, $member_id, $password;
>
> $member_id = trim ($member_id);
> if (empty ($member_id))
> die ("No member ID specified");
> if (!ereg ("^[0-9]+$", $member_id))
> die ("Invalid member ID specified (must be number)");
> if (!check_pass ($member_id, $password) && !check_pass (0, $password))
> die ("Invalid password");
> $result = mysql_query ("select * from member where 1 = 0");
> if (!$result)
> die ("Cannot query member table");
>
> $query = "Update member ";
> $delim = "set ";# put "set" before first column,"," before others
> while (list ($col_name, $val) = each ($row))
> {
> $query .= "$delim $col_name =";
> $delim = ",";
>
> $val = trim ($val);
> if (empty ($val))
> {
> if (nullable ($result, $col_name))
> $query .= "NULL";
> else
> $query .= "\"\"";
> }
> else
> $query .= "\"" . addslashes ($val) . "\"";
> }
> $query .= " where member_id = $member_id";
> if (mysql_query ($query) && mysql_affected_rows () > 0)
> print ("Entry updated successfully.\n");
> else
> print ("Entry not updated.\n");
> }
>
> function nullable ($result, $col_name)
> {
> for ($i = 0; $i < mysql_num_fields ($result); $i++)
> {
> if (!($fld = mysql_fetch_field ($result, $i)))
> continue;
> if ($fld->name == $col_name)
> return (!$fld->not_null);
> }
> return (0);
> }
>
> if (empty ($action))
> $action = INITIAL_PAGE;
>
> $title = "Historical League member editing form";
> html_begin ($title, $title);
>
> samp_db_connect
RE: [PHP] Does anyone have the 'edit_member.php' script ....
copy and paste your self typed script, plus the parse error and i am sure someone - or i will be able to help you out :) James -- James Cox :: [EMAIL PROTECTED] Please CC me when replying to my messages on lists. Was I helpful? http://www.amazon.co.uk/exec/obidos/wishlist/23IVGHQ61RJGO/ > -Original Message- > From: Mike C [mailto:[EMAIL PROTECTED]] > Sent: Saturday, January 19, 2002 11:30 AM > To: [EMAIL PROTECTED] > Subject: [PHP] Does anyone have the 'edit_member.php' script > > > I have not been able to find an electronic copy of the above > script that is in the book 'MySQL'. > Is anyone prepared to help me out. My, self-typed version > contains a parse error that I cannot find? > > Regards > Mike C > -- > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] two lists (was: RE: [PHP] RTFM)
Hi, we could split it into two lists... but I think that the amount of help available to "newbies" would decrease if we split the list. James Cox -- James Cox :: [EMAIL PROTECTED] Please CC me when replying to my messages on lists. Was I helpful? http://www.amazon.co.uk/exec/obidos/wishlist/23IVGHQ61RJGO/ > -Original Message- > From: bvr [mailto:[EMAIL PROTECTED]] > Sent: Saturday, January 19, 2002 1:36 AM > To: [EMAIL PROTECTED] > Subject: Re: [PHP] RTFM > > > > Maybe anyone volunteers as moderator ?? > > thought so ;) > > bvr. > > On Sat, 19 Jan 2002 01:16:17 +, Shane Wright wrote: > > >Hi > > > >Maybe this list should be split - kindof into a php-newbies and a > >php-advanced ? > > > > > > > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] Mysterious />
can you give an example? eg, is XHTML correct, however /> isn't correct at all :) Thanks, James Cox -- James Cox :: [EMAIL PROTECTED] Please CC me when replying to my messages on lists. Was I helpful? http://www.amazon.co.uk/exec/obidos/wishlist/23IVGHQ61RJGO/ > -Original Message- > From: Gaylen Fraley [mailto:[EMAIL PROTECTED]] > Sent: Friday, January 18, 2002 10:49 PM > To: [EMAIL PROTECTED] > Subject: [PHP] Mysterious /> > > > For some (yet) unknown reason, when some text is being entered > into a form, > a mysterious /> is being appended. It's almost as if some XML > functionality > is bein added w/o my intention. For example, I might echo "" and the > html source will show . I might have an end anchor tag that > comes out />. > > Any clues? > > -- > Gaylen > [EMAIL PROTECTED] > Home http://www.gaylenandmargie.com/ > PHP KISGB v3.1 Guest Book http://www.gaylenandmargie.com/phpwebsite/ > > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] An idea for a PHP tool
You can achieve something like this by adding the following to your links bar:
javascript:void(srch=prompt('What are you looking
for?',''));if(srch){self.location.href='http://php.net/'+srch};
(drag the current url to the links bar, and then right-click and select "properties",
then paste the javascript in).
Hope that helps..
--
James Cox :: [EMAIL PROTECTED]
Please CC me when replying to my messages.
Was I helpfull? http://www.amazon.co.uk/exec/obidos/wishlist/23IVGHQ61RJGO/
> -Original Message-
> From: Jason Murray [mailto:[EMAIL PROTECTED]]
> Sent: Friday, January 04, 2002 12:03 AM
> To: 'Mike Eheler'; [EMAIL PROTECTED]
> Subject: RE: [PHP] An idea for a PHP tool
>
>
> > Like google has it's toolbar, why not have a PHP Manual toolbar? That
> > would be *great*. Just type in the function name and hit "go" and the
> > manual comes up.
>
> You could probably work a bit of javascript magic in a bookmark to
> do the same thing.
>
> I've seen bookmarks that pop up a javascript input window and then
> use the input in the resulting URL. So, take the manual query via
> javascript input and then append it to the www.php.net url.
>
> At least, I *think* I have :)
>
> J
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
>
RE: [PHP] How to strip off all html-comments
http://www.php.net/stripcodes happy new year! James Cox -- James Cox :: [EMAIL PROTECTED] Please CC me when replying to my messages > -Original Message- > From: Martin [mailto:[EMAIL PROTECTED]] > Sent: Monday, December 31, 2001 11:07 AM > To: [EMAIL PROTECTED] > Subject: [PHP] How to strip off all html-comments > > > Hello! How can I easily strip off all html-comments () from > a string? > > Martin > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] hotmail settings POP and SMTP under Mozilla
I think your best bet is to add a bookmark to www.hotmail.com . James Cox > -Original Message- > From: Bogdan Stancescu [mailto:[EMAIL PROTECTED]] > Sent: Friday, December 28, 2001 2:11 AM > To: ger > Cc: php-general > Subject: Re: [PHP] hotmail settings POP and SMTP under Mozilla > > > You most probably > 1. Have to ask about this somewhere else; > 2. Won't be able to set it up -- Hotmail is M$ and, as such, it implements > its own protocols. > > Bogdan > > ger wrote: > > > Does anybody know how to set up my mail reader (Mozilla ) to > > be able to read and > > send mail with my HOTMAIL account ? > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] Client side fatal PHP error
Yeah, I know it's executed client side, but if the buffer fills up because you have a lot to send to the client (and the network connection is saturated), then it might fail, since it cannot do the test. it is unlikely, but possible. Also, that code you quoted is (out of context) inefficient, so that might prove why. Also, it's worth noting that only 1 in 10 people complain about something. Thus, your one client reporting this error may mean there are 10 out there :) Best bet is to get his headers etc (set up a seperate log site? get him to dump the page for you as you echo variables and debug info? -- you certainly won't know which strtoupper it fails on if they are all on the same line :)) Also, get him to give you his cookies -- chances are there could be a datatype incompatibility. The bottom line i am getting across here is that there are so many possibilities here for potential errors, (like in many things) that it is hard to pinpoint what might be wrong. If it helps, i am more than happy to look at your code and see if i can break it. Regards, and now christmas day is drawing to a close, merry new year :) James Cox -- [EMAIL PROTECTED] Please always Cc to me when replying to me on the lists. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] Client side fatal PHP error
Well, what you have said here isn't that clear, however consider the
following revised code:
$teststr = strtoupper(substr($xmbrcode,11,1));
if(($teststr != "B") && ($teststr != "P") && ($teststr != "H") && ($teststr
!= "O")){
do..
}
What you are doing is executing the substr and strtoupper many times, which,
on a slow connection which may have backlog (thus slower time for the html
stream buffer to be delivered), it could timeout.
More detail on a: the error, and b: the code *in context* would help.
Regards,
James Cox
> -Original Message-
> From: jjt [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, December 25, 2001 6:36 PM
> To: [EMAIL PROTECTED]
> Subject: [PHP] Client side fatal PHP error
>
>
> A visitor to my site repeatedly receives a fatal error in one of
> my scripts.
>
> He is using a Compaq PC with IE 6; Windows 98. He gets this error message:
> "Call to unsupported or undefined function srtoupper() in on line 82."
>
> Line 82 is a compound IF statement which uses strtoupper(). As best I can
> tell, the syntax of the statement is fine:
>
> if (strtoupper(substr($xmbrcode,11,1)) != "B" &&
> strtoupper(substr($xmbrcode,11,1)) != "P" &&
> srtoupper(substr($xmbrcode,11,1)) != "H" &&
> srtoupper(substr($xmbrcode,11,1)) != "O") {
>
> And more significantly, no one else is reporting this error; I cannot
> reproduce it. The script is executed thousands of times each day. By the
> time he gets to line 82, he has successfully passed another simple
> strtoupper() statement. Every user running this script must get past line
> 82.
>
> I am very confused here. Why does this error occur only on his computer?
> How could it be machine or browser dependent? Isn't all PHP processing
> done on my host (server) computer? And if so, why does the error not
> occur every time the script is executed?
>
> I am totally baffled by this. Can anyone help?
>
> Thanks,
>
> Hershel M. Chicowitz
> [EMAIL PROTECTED]
>
>
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] Looking for a function
www.php.net/urlencode Merry Christmas! James Cox > -Original Message- > From: Valentin V. Petruchek [mailto:[EMAIL PROTECTED]] > Sent: Monday, December 24, 2001 3:58 PM > To: PHP > Subject: [PHP] Looking for a function > > > Hello, cannot find function to convert all dangerous symbols (spaces,dots > etc) into %20 variant. > > Is there any standard, or i have to develop my own? > > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] How to parse an XML document
http://www.php.net/manual/en/ref.xml.php HTH. James Cox > -Original Message- > From: PHP Rules [mailto:[EMAIL PROTECTED]] > Sent: 23 December 2001 10:15 AM > To: [EMAIL PROTECTED] > Subject: [PHP] How to parse an XML document > > > Hi fellas. > > I would like to know the way to parse an XML document. > > I come from Java world, and you can handle an XML document, > and > then show it as an HTML page. > > I suppose that it's also possible by using PHP, isn't it? > > I would like also to know if it's available in the 'standard > installation' of PHP. I mean, I want to develop this on a > remote > server. It uses PHP, and I suppose that it's not installated > any > extra module, so I wonder if the XML parsing needs any extra > module > or not. > > Best regards. > ___ > ¿Sabes que puedes redireccionar tu correo de HispaVista a donde > tú quieras? > http://www.hispavista.com/altascorreo/ > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] fsockopen / fopen
Anyone know what errno 0 is for fsockopen? Thanks, . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . James Cox :: Senior Support Engineer Wherewithal, Inc. e: [EMAIL PROTECTED] Wherewithal. Capture Creative Connections. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] telneting sockets help..
Hi, I had recent problems like this, and I traced it to firewall issues; however i just checked the destination, and found it is possible to telnet to that port, so it's not a firewall issue on their side. Try using the following code -- and let it run, see what response you get. \n"; } ?> Hope that helps, James Cox . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . James Cox :: Senior Support Engineer Wherewithal, Inc. e: [EMAIL PROTECTED] Wherewithal. Capture Creative Connections. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . > -Original Message- > From: brendan [mailto:[EMAIL PROTECTED]] > Sent: 19 December 2001 04:12 AM > To: [EMAIL PROTECTED] > Subject: [PHP] telneting sockets help.. > > > hi > > i have been trying to write a telnet client to a tn3270 IBM mainframe > database ( pericles.ipaustralia.gov.au:23 ) using fsockopen ... > i thought it wouldnt be that bad given i have done something similar > with usenet .. > however i cannot get it to work no matter what I do .. i just get a > permanent hang ... > has anyone ever attempted this or have any solutions? > > i know this is rather open ended but i cant offer any code which even > kind of works.. > > it would be much appreciated.. > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] Delivering NAMED pdf files
George,
your best bet is to have a table in your database which looks up the name of
the file, based on a more friendly name.
James
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
.
Politicalia admin and editor
e: [EMAIL PROTECTED] :: w: http://www.politicalia.com/
Today's Discussion, Tomorrow's Agenda.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
.
> -Original Message-
> From: George Pitcher [mailto:[EMAIL PROTECTED]]
> Sent: Friday, October 19, 2001 2:42 PM
> To: MrBaseball34; [EMAIL PROTECTED]
> Subject: Re: [PHP] Delivering NAMED pdf files
>
>
> Yes,
>
> If I download the file as it is named, it is the file I expected, only not
> named the way I wanted.
>
> George
>
> "MrBaseball34" <[EMAIL PROTECTED]> wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > >
> > > And the php page which is fileaccess.php:
> > >
> > > > > $fp1 = "D:\\Pdf\\" . $fp;
> > > $len = filesize($fp1);
> > > header("Content-Type: application/pdf");
> > > header("Content-Disposition: inline; filename=$fp1");
> > > header("Content-Length: $len");
> > > readfile($fp1);
> > > ?>
> >
> > Have you CHECKED the value of $fp?
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> > To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
>
> _
> Do You Yahoo!?
> Get your free @yahoo.com address at http://mail.yahoo.com
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] Delivering NAMED pdf files
can you paste the full text of the code as you have it? I don't see anywhere where you define the name of the file. James Cox . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Politicalia admin and editor e: [EMAIL PROTECTED] :: w: http://www.politicalia.com/ Today's Discussion, Tomorrow's Agenda. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . > -Original Message- > From: George Pitcher [mailto:[EMAIL PROTECTED]] > Sent: Friday, October 19, 2001 12:27 PM > To: speedboy; [EMAIL PROTECTED] > Subject: Re: [PHP] Delivering NAMED pdf files > > > Thanks for the [non] suggestion. > > I will not host these in a web-accessable directory. They are copyright > materials. > > I've done this type of hosting previously using Frontier on a Mac and it > worked fine. > > I thought that php was better than Frontier, though. > > George > - Original Message - > From: "speedboy" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Friday, October 19, 2001 12:27 PM > Subject: Re: [PHP] Delivering NAMED pdf files > > > > > Thanks for the suggestion but it didn't change anything. > > > > It won't. Put them in a web accessible directory and don't use custom > header calls because they do not work reliably. > > > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > To contact the list administrators, e-mail: [EMAIL PROTECTED] > > > _ > Do You Yahoo!? > Get your free @yahoo.com address at http://mail.yahoo.com > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] How to add a new color to JPEG
That's something you would need to do in photoshop. open your image, select save for web, look to the left of the image, you should see some buttons and a black box. you need to click on the black box, select the yellow you want, and then click ok. Then, click the button above the yellow - that will select the eyedropper. Then, go to the color palette opposite. click on the 3rd icon underneath it, which allows you to add eyedropper color to the palette. That should work. mail me if you get stuck, with your image dimensions/copy of image. James > -Original Message- > From: SED [mailto:[EMAIL PROTECTED]] > Sent: 11 July 2001 00:21 > To: 'James Cox'; [EMAIL PROTECTED] > Subject: RE: [PHP] How to add a new color to JPEG > > > How can I add colors to JPEG-palette? I never new It had a special > palette (until now :). > > -Original Message- > From: James Cox [mailto:[EMAIL PROTECTED]] > Sent: 10. júlí 2001 22:38 > To: Jeff@Hyrum. Net > Cc: [EMAIL PROTECTED]; Php-General@Lists. Php. Net > Subject: RE: [PHP] How to add a new color to JPEG > > > > hmm. > > If what I understand from your ImageColorClosest(); function, why don't > you just add yellow to the palette? that way it can be found by the > function, but isn't used in the image? > > HTH, > > James Cox > > apologies jeff for sending it twice to you :) > > > -Original Message- > > From: Jeff Lewis [mailto:[EMAIL PROTECTED]] > > Sent: 10 July 2001 23:00 > > To: [EMAIL PROTECTED]; [EMAIL PROTECTED] > > Subject: RE: [PHP] How to add a new color to JPEG > > > > > > Hmm, I create my image from scratch and haven't tried drawing on an > > existing pallette. If your start image is always a blank black box > > you could always > > create it on the fly... > > > > > -Original Message- > > > From: SED [mailto:[EMAIL PROTECTED]] > > > Sent: Tuesday, July 10, 2001 1:52 PM > > > To: [EMAIL PROTECTED]; [EMAIL PROTECTED] > > > Subject: RE: [PHP] How to add a new color to JPEG > > > > > > > > > Thats the problem, if I do that and the color is not used before in > > > > the image, I get only the closest match. Note, if I add a yellow > > > pixle into the JPEG-image with Photoshop, save it and try it again, > > > then I can use the yellow for my text. However, I dont want to have > > > > the yellow dot in my picture, only a yellow text. > > > > > > SED > > > > > > -Original Message- > > > From: Jeff Lewis [mailto:[EMAIL PROTECTED]] > > > Sent: 10. júlí 2001 17:26 > > > To: [EMAIL PROTECTED]; [EMAIL PROTECTED] > > > Subject: RE: [PHP] How to add a new color to JPEG > > > > > > > > > Could try this: > > > > > > $blue = ImageColorAllocate($image, 0, 0, 255); > > > > > > Substitue blue for yellow and you'll be the appropriate RGB values > > > for the numbers. > > > > > > Jeff > > > > > > > -Original Message- > > > > From: SED [mailto:[EMAIL PROTECTED]] > > > > Sent: Tuesday, July 10, 2001 1:27 PM > > > > To: [EMAIL PROTECTED] > > > > Subject: [PHP] How to add a new color to JPEG > > > > > > > > > > > > Lets say I have a black JPEG-image and I want to add yellow text > > > > to it, how can I define the yellow color? > > > > > > > > According to the manual, you can only get closest value of your > > > > desired color by letting the ImageColorClosest() find it. > > > > Therefore, if the image is totally black, you can not get the > > > > yellow color. I have not found a way to do this though I believe I > > > > > have tried everything. And yet, I have not found any documents > > > > covering this other than PHP-manual. > > > > > > > > Do you know of a way to do this? Or do you know of other > > > > manuals/tutorials covering this issue? > > > > > > > > Regards, > > > > Sumarlidi Einar Dadason > > > > > > > > SED - Graphic Design > > > > > > > > -- > > > > Phone: (+354) 4615501 > > > > Mobile: (+354) 8960376 > > > > Fax: (+354) 4615503 > > > > E-mail: [EMAIL PROTECTED] > > > > Homepage:www.sed.is > > > > -- > > > > > > > > > > > > &g
RE: [PHP] How to add a new color to JPEG
hmm. If what I understand from your ImageColorClosest(); function, why don't you just add yellow to the palette? that way it can be found by the function, but isn't used in the image? HTH, James Cox apologies jeff for sending it twice to you :) > -Original Message- > From: Jeff Lewis [mailto:[EMAIL PROTECTED]] > Sent: 10 July 2001 23:00 > To: [EMAIL PROTECTED]; [EMAIL PROTECTED] > Subject: RE: [PHP] How to add a new color to JPEG > > > Hmm, I create my image from scratch and haven't tried drawing on > an existing > pallette. If your start image is always a blank black box you > could always > create it on the fly... > > > -Original Message- > > From: SED [mailto:[EMAIL PROTECTED]] > > Sent: Tuesday, July 10, 2001 1:52 PM > > To: [EMAIL PROTECTED]; [EMAIL PROTECTED] > > Subject: RE: [PHP] How to add a new color to JPEG > > > > > > Thats the problem, if I do that and the color is not used before in the > > image, I get only the closest match. Note, if I add a yellow pixle into > > the JPEG-image with Photoshop, save it and try it again, then I can use > > the yellow for my text. However, I dont want to have the yellow dot in > > my picture, only a yellow text. > > > > SED > > > > -Original Message- > > From: Jeff Lewis [mailto:[EMAIL PROTECTED]] > > Sent: 10. júlí 2001 17:26 > > To: [EMAIL PROTECTED]; [EMAIL PROTECTED] > > Subject: RE: [PHP] How to add a new color to JPEG > > > > > > Could try this: > > > > $blue = ImageColorAllocate($image, 0, 0, 255); > > > > Substitue blue for yellow and you'll be the appropriate RGB values for > > the numbers. > > > > Jeff > > > > > -Original Message- > > > From: SED [mailto:[EMAIL PROTECTED]] > > > Sent: Tuesday, July 10, 2001 1:27 PM > > > To: [EMAIL PROTECTED] > > > Subject: [PHP] How to add a new color to JPEG > > > > > > > > > Lets say I have a black JPEG-image and I want to add yellow text to > > > it, how can I define the yellow color? > > > > > > According to the manual, you can only get closest value of your > > > desired color by letting the ImageColorClosest() find it. Therefore, > > > if the image is totally black, you can not get the yellow color. I > > > have not found a way to do this though I believe I have tried > > > everything. And yet, I have not found any documents covering this > > > other than PHP-manual. > > > > > > Do you know of a way to do this? Or do you know of other > > > manuals/tutorials covering this issue? > > > > > > Regards, > > > Sumarlidi Einar Dadason > > > > > > SED - Graphic Design > > > > > > -- > > > Phone: (+354) 4615501 > > > Mobile: (+354) 8960376 > > > Fax: (+354) 4615503 > > > E-mail: [EMAIL PROTECTED] > > > Homepage:www.sed.is > > > -- > > > > > > > > > > > > > > > > > > -- > > > PHP General Mailing List (http://www.php.net/) > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] To > > > contact the list administrators, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > To contact the list administrators, e-mail: [EMAIL PROTECTED] > > > > > > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] setting up / configuring mail()
hey does anyone know any good resource sites or documents about configuring the mail services for php so it works? Thanks, James Cox. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . James Cox :: Creative Director :: AWP imaJes t: +44 (0)7968 349990 | f: +44 (0)1992 300939 e: [EMAIL PROTECTED] w: http://www.awpimajes.com/ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
RE: [PHP] file("http://www.php.net") error?
You will also find that file(); may have been disabled - due to the possible
security issues..
ie file ( /etc/shadow); or file (/etc/passwd);
I believe that may apply to fopen, too.
James
-Original Message-
From: atan [mailto:[EMAIL PROTECTED]]
Sent: 23 June 2001 02:46
To: [EMAIL PROTECTED]
Subject: [PHP] file("http://www.php.net";) error?
file("http://www.163.com";) error?
this is a test:
http://www.php.net');
while (list ($line_num, $line) = each ($fcontents)) {
echo "Line $line_num: " . htmlspecialchars ($line) . "\n";
}
?>
/
This program run no error in my server ;
but it not work when i sent it to the Server (mtkj.51.net)
The message:
Warning: file("http://www.163.com";) - Permission denied in
/z1/mtkj/public_html/test.php on line 2
Warning: Variable passed to each() is not an array or object in
/z1/mtkj/public_html/test.php on line 3
why?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] Filtering out \ when a ' is user entered?
I might be wrong, but if you did something like this.. would work quite well, I think. James Cox -Original Message- From: Marcus James Christian [mailto:[EMAIL PROTECTED]] Sent: 27 June 2001 05:19 To: [EMAIL PROTECTED] Subject: [PHP] Filtering out \ when a ' is user entered? Hello, I'm pretty new to PHP but all I've seen of it so far I pretty much love! I've built a web log but when the user enters their data and they use ' or " (and you know they will) php always shows it from the included web log as \' How can I filter out these backslashes so they don't appear on the final public viewable page? Thanks, Marcus -- Marcus James Christian - UNLIMITED - Multimedia Internet Design http://mjchristianunlimited.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Using php4.02 on IIS5
Hey , I have been trying to set up some php applications on my local webserver, as part of a transition from asp to php. I have unzipped the php distro into it's own dir, added in the ini file, (left it at default setting) and then added the engine into IIS as described in the install document. Now, I have 500 Internal Server Errors on the php page.. any ideas? I will happily RTFM, if I can find one that'd help ;) Thanks, James
