Re: [PHP] Novice question
> cURL is the best one in my experience, but you have to manage security > yourself. Meaning: Remember to escape/encode data. > > http://php.net/manual/en/book.curl.php Thanks everyone, appreciated, I'll investigate .. Cheers J >> -- >> 01723 376477 >> >> Cost-free marketing: http://www.flowmarketing.co.uk/ >> >> Affordable marketing guidance for small businesses: >> http://www.amilliontweaks.co.uk/ >> >> Effective marketing services for SMEs: coming soon at >> http://www.surgemarketing.co.uk >> >> Professional Internet marketing consultancy: >> http://www.johnallsopp.co.uk >> >> >> -- >> PHP General Mailing List (http://www.php.net/) >> To unsubscribe, visit: http://www.php.net/unsub.php >> > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- 01723 376477 Cost-free marketing: http://www.flowmarketing.co.uk/ Affordable marketing guidance for small businesses: http://www.amilliontweaks.co.uk/ Effective marketing services for SMEs: coming soon at http://www.surgemarketing.co.uk Professional Internet marketing consultancy: http://www.johnallsopp.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Novice question
Hi I'm afraid I've fallen a little out of touch with PHP dev, so a stupid question for you. I want to write a script that requests a URL and then reads that website .. I'm interested to map web structures. My web host is saying I'll need URL file access enabled but that it's a) a security risk and b) deprecated. So .. what's the good / proper / acceptable / secure way of reading in URLs in PHP or .. isn't there one? Cheers J -- 01723 376477 Cost-free marketing: http://www.flowmarketing.co.uk/ Affordable marketing guidance for small businesses: http://www.amilliontweaks.co.uk/ Effective marketing services for SMEs: coming soon at http://www.surgemarketing.co.uk Professional Internet marketing consultancy: http://www.johnallsopp.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How to secure this
Robert Cummings wrote: Ashley Sheridan wrote: On Fri, 2010-02-12 at 16:12 -0500, Robert Cummings wrote: John Allsopp wrote: Hi everyone There may be blinding bits of total ignorance in this so don't ignore the obvious. This is a security question, but a sentence of background: I'm writing software for a mapping/location website and I want to be able to provide something others can plug into their website that would display their map. So I'm providing a URL like http://www.mydomain.com?h=300&w=250&username=name&password=password The idea is they can define their own height and width and it plugs in as an iframe. That takes the username and password and throws it over web services to get back the data from which we can create the map. My question (and it might be the wrong question) is how can I not give away the password to all and sundry yet still provide a self-contained URL? MD5() (or SHA()) hash the information and supply that along with the settings. Then you know it was generated by your site. So you can do the following: $url = "http://www.mydomain.com?h=$height&w=$width&username=$username&key=$key";; ?> Then when you get this URL via the iframe, you re-compute the expected key and then compare it against the given key. Since only you know the SECRET_SALT value then nobody should be able to forge the key. Cheers, Rob. -- http://www.interjinn.com Application and Templating Framework for PHP What about requiring them to sign in the first time to use your service, and then give them a unique id which i tied to their details. You could then get them to pass across this id in the url. You could link their account maybe to some sorts of limits with regards to what they can access maybe? Presumably they ARE logged in when you create this URL for them... otherwise someone else could generate it :) Cheers, Rob. Well no they are not logged in, it's just an embedded iframe so that's my main issue with my method, anyone could look at the web page source, pinch the URL of the iframe and they'd have the username and password. I'd got as far as MD5, but not the Secret Salt bit. The thing that warped my head was .. if the URL then becomes http://www.mydomain.com?h=$height&w=$width&username=$username&key=$key that's the same thing isn't it .. a URL anyone could use anywhere? In a sense, we would have simply created another password, the MD5 key, which was a valid way to get into the system. So then validating the domain from a list stops anyone using it anywhere and means we can switch it off by domain if we need to. And .. we're not passing the password, right? We're not mixing that into the MD5? We are just saying, if you have the right username, if we know you've come via our code (secret salt), and you're from an approved domain, we'll let you in. Sorted, I think .. unless you spot any faulty reasoning in the above. Thanks very much guys :-) J -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] How to secure this
Hi everyone There may be blinding bits of total ignorance in this so don't ignore the obvious. This is a security question, but a sentence of background: I'm writing software for a mapping/location website and I want to be able to provide something others can plug into their website that would display their map. So I'm providing a URL like http://www.mydomain.com?h=300&w=250&username=name&password=password The idea is they can define their own height and width and it plugs in as an iframe. That takes the username and password and throws it over web services to get back the data from which we can create the map. My question (and it might be the wrong question) is how can I not give away the password to all and sundry yet still provide a self-contained URL? Thanks in advance :-) Cheers J -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Call to object function, want to PHP interpret returned string
Stuart wrote: 2009/7/6 John Allsopp : David Robley wrote: John Allsopp wrote: Hi At the top of a webpage I have: getTop("my company title"); ?> to deliver the first lines of HTML, everything in HEAD and the first bits of page furniture (menu, etc). In the furniture object in getTop(), I want to return a string that includes the CSS file that I call with an include_once. But the include_once isn't interpreted by PHP, it's just outputted. So from: $toReturn = " ..."; return $toReturn; I get in my code. Do I really have to break up my echo $myFurniture->getTop("my company title"); call to getTopTop, then include my CSS, then call getTopBottom, or can I get PHP to interpret that text that came back? PS. I may be stupid, this may be obvious .. I don't program PHP every day Thanks in advance for your help :-) Cheers J First guess is that your page doing the including doesn't have a filename with a .php extension, and your server is set to only parse php in files with a .php extension. Cheers Ah, thanks. It's a PHP object returning a string, I guess the PHP interpreter won't see that. So, maybe my object has to write a file that my calling file then includes after the object function call. Doesn't sound too elegant, but is that how it's gotta be? You appear to be looking for the eval function: http://php.net/eval However, in 99.99% of cases using eval is not the right solution. In your case there are two ways to solve it. The first way, assuming the thing you're trying to include is a stylesheet, is to use an external link to a CSS file. That would be the "normal" way to include a stylesheet in an HTML page and is far more efficient that including it inline. If it's not just a stylesheet that you're including then you'll want to load the file in the getTop method. For example... $toReturn = " Thanks guys. Yes, actually file_get_contents didn't work for me, and yes you're right, of course I should be including my CSS like rel='stylesheet' type='text/css' media='screen' href='style3.css' title='style1'> in the header. The style3.txt file I was trying to PHP include was there so I could include more than one stylesheet and make just one amendment. One for printing and I'm guessing one for mobile. All that file contained was the That was legacy code. Now I have a furniture object, of course, I can put my stylesheet code in one place there just as part of the header, and have no need for style3.txt. Thanks for all your help. J -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Call to object function, want to PHP interpret returned string
David Robley wrote: John Allsopp wrote: Hi At the top of a webpage I have: getTop("my company title"); ?> to deliver the first lines of HTML, everything in HEAD and the first bits of page furniture (menu, etc). In the furniture object in getTop(), I want to return a string that includes the CSS file that I call with an include_once. But the include_once isn't interpreted by PHP, it's just outputted. So from: $toReturn = " ..."; return $toReturn; I get in my code. Do I really have to break up my echo $myFurniture->getTop("my company title"); call to getTopTop, then include my CSS, then call getTopBottom, or can I get PHP to interpret that text that came back? PS. I may be stupid, this may be obvious .. I don't program PHP every day Thanks in advance for your help :-) Cheers J First guess is that your page doing the including doesn't have a filename with a .php extension, and your server is set to only parse php in files with a .php extension. Cheers Ah, thanks. It's a PHP object returning a string, I guess the PHP interpreter won't see that. So, maybe my object has to write a file that my calling file then includes after the object function call. Doesn't sound too elegant, but is that how it's gotta be? Cheers J -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Call to object function, want to PHP interpret returned string
Hi At the top of a webpage I have: getTop("my company title"); ?> to deliver the first lines of HTML, everything in HEAD and the first bits of page furniture (menu, etc). In the furniture object in getTop(), I want to return a string that includes the CSS file that I call with an include_once. But the include_once isn't interpreted by PHP, it's just outputted. So from: $toReturn = "Transitional//EN' ..."; return $toReturn; I get in my code. Do I really have to break up my echo $myFurniture->getTop("my company title"); call to getTopTop, then include my CSS, then call getTopBottom, or can I get PHP to interpret that text that came back? PS. I may be stupid, this may be obvious .. I don't program PHP every day Thanks in advance for your help :-) Cheers J -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] is_readable(http://.... text file) says not, but I canin browser
Nathan Rixham wrote: John Allsopp wrote: Nathan Nobbe wrote: On Sun, Dec 28, 2008 at 11:02 AM, John Allsopp wrote: Hi I'm sure this is simple for yous all but I'm not sure I know the answer. $myFileLast = "http://www.myDomain.com/text.txt";; if (is_readable($myFileLast)) { $fh = fopen($myFileLast, 'r'); $theDataLast = fread($fh, 200); fclose($fh); echo ("The dataLast: ".$theDataLast."\n"); } else { echo ("Last fix file unavailable: $myFileLast\n"); } returns Last fix file unavailable even for a file that my browser can read. All I want to do is skip over files This could be a very simple error, I'd appreciate a pointer. Is it permissions being different for PHP versus the browser or something? PHP is running on a different server. are you basically trying to tell if theres a resource @ the given url? if so, id prefer curl myself. something like if(($ch = curl_init($url) === false) echo ("Last fix file unavailable: $myFileLast\n"); else { curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);* * $theDataLast = curl_exec($ch); echo ("The dataLast: ".$theDataLast."\n");* * curl_close($ch);* *} obviously, youll need the curl extension installed for this to work. i know the fopen wrappers will allow you to get a read-only handle to an http url, but im not sure what is_readable() will do w/ that, it may be limited to the local filesystem. -nathan Thanks. I'm trying to read the contents of the file at the URL, but it might not exist. So far I'm getting a lot of *Warning*: curl_setopt(): supplied argument is not a valid cURL handle resource in */home/myAcc/public_html/test.php* on line *58 * I searched phpinfo for 'curl' and it came up nothing, so I'm just checking with my hosts to see if I have the extension installed. I'll be back, thanks J might be a bracket thing.. could try: if( ($ch = curl_init($url)) === false) { echo ("Last fix file unavailable: $myFileLast\n"); } else { or if( !is_resource($ch = curl_init($url)) ) { echo ("Last fix file unavailable: $myFileLast\n"); } else { Ah, perfect, it was a bracket thing. Thanks muchly J -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] is_readable(http://.... text file) says not, but I can in browser
Nathan Nobbe wrote: On Sun, Dec 28, 2008 at 11:02 AM, John Allsopp wrote: Hi I'm sure this is simple for yous all but I'm not sure I know the answer. $myFileLast = "http://www.myDomain.com/text.txt";; if (is_readable($myFileLast)) { $fh = fopen($myFileLast, 'r'); $theDataLast = fread($fh, 200); fclose($fh); echo ("The dataLast: ".$theDataLast."\n"); } else { echo ("Last fix file unavailable: $myFileLast\n"); } returns Last fix file unavailable even for a file that my browser can read. All I want to do is skip over files This could be a very simple error, I'd appreciate a pointer. Is it permissions being different for PHP versus the browser or something? PHP is running on a different server. are you basically trying to tell if theres a resource @ the given url? if so, id prefer curl myself. something like if(($ch = curl_init($url) === false) echo ("Last fix file unavailable: $myFileLast\n"); else { curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);* * $theDataLast = curl_exec($ch); echo ("The dataLast: ".$theDataLast."\n");* * curl_close($ch);* *} obviously, youll need the curl extension installed for this to work. i know the fopen wrappers will allow you to get a read-only handle to an http url, but im not sure what is_readable() will do w/ that, it may be limited to the local filesystem. -nathan Thanks. I'm trying to read the contents of the file at the URL, but it might not exist. So far I'm getting a lot of *Warning*: curl_setopt(): supplied argument is not a valid cURL handle resource in */home/myAcc/public_html/test.php* on line *58 * I searched phpinfo for 'curl' and it came up nothing, so I'm just checking with my hosts to see if I have the extension installed. I'll be back, thanks J -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] is_readable(http://.... text file) says not, but I can in browser
Daniel Brown wrote: On Sun, Dec 28, 2008 at 13:02, John Allsopp wrote: $myFileLast = "http://www.myDomain.com/text.txt";; if (is_readable($myFileLast)) { $fh = fopen($myFileLast, 'r'); $theDataLast = fread($fh, 200); fclose($fh); echo ("The dataLast: ".$theDataLast."\n"); } else { echo ("Last fix file unavailable: $myFileLast\n"); } Simplified: http://www.myDomain.com/text.txt";; $theDataLast = file_get_contents($myFileLast); ?> You can manipulate the code as you see fit. If it doesn't work, then check your php.ini file (if you have access) to ensure that you have this line: allow_url_fopen = On Thanks, that worked a treat except I was getting warnings on 404. I looked around for solutions to that and it appears curl might handle that better, so I'm currently working on that. Many thanks tho .. let me know if you know how to stop the warnings :-) J -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] is_readable(http://.... text file) says not, but I can in browser
Hi I'm sure this is simple for yous all but I'm not sure I know the answer. $myFileLast = "http://www.myDomain.com/text.txt";; if (is_readable($myFileLast)) { $fh = fopen($myFileLast, 'r'); $theDataLast = fread($fh, 200); fclose($fh); echo ("The dataLast: ".$theDataLast."\n"); } else { echo ("Last fix file unavailable: $myFileLast\n"); } returns Last fix file unavailable even for a file that my browser can read. All I want to do is skip over files This could be a very simple error, I'd appreciate a pointer. Is it permissions being different for PHP versus the browser or something? PHP is running on a different server. Cheers J -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Pear XML parser finding nothing in ATOM / Movable Type feed
Nathan Rixham wrote: Atom and RSS are completely different; the only similarities lie in the fact they are both XML, and both used frequently for syndicating news. Really? OK, back to the books, thanks You need an atom parser; or just load the feed into DOMDocument.. SimplePie and RssPhp are the only two I know that handle atom feeds well. Fab, thanks. J -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Pear XML parser finding nothing in ATOM / Movable Type feed
Hi I know nothing about Pear, so I don't know how to debug this: I've got a newly installed Movable Type blog with a couple of entries in it, and I just found from php.net the pear classes to parse an RSS feed, parser.php and rss.php, and this code from the PEAR site works require_once "XML/RSS.php"; $rss =& new XML_RSS("http://rss.slashdot.org/Slashdot/slashdot";); $rss->parse(); echo "Headlines from slashdot\n"; echo "\n"; foreach ($rss->getItems() as $item) { echo "" . $item['title'] . "\n"; } echo "\n"; but if I point it at my blog: http://www.bluetreeservices.co.uk/gps_tracking_news/atom.xml or http://www.bluetreeservices.co.uk/gps_tracking_news/ or http://www.bluetreeservices.co.uk/gps_tracking_news , parse returns an empty array. Am I just using the wrong code for that type of feed (I would have thought any RSS reader would handle an atom format feed) or is it that my server needs to provide atom.xml or .. what's going on? I've no idea how to use PEAR::error with regard to $rss->parse() so I'm a bit stumped about debugging it. I'd certainly call myself a PHP programmer, but I've never really used pear is the thing. All help appreciated :-) Cheers J -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php