RE: [PHP] transactions
Matthew Oatham wrote: Hi, Is there an elegant way to recover from DB errors in MySQL using PHP, i.e. transactions and rolling back - basically I have an insert statement then an update statement. if the insert succeeds the update is run but if the update fails I want to undo the insert! Any suggestions, I guess I could get the last inserted row id and perform an sql delete but is there a more elegant way? Cheers Matt Though I know there are many people out there who cringe at the thought of using DB abstraction layers, I really like ADOdb and it has very nice transaction support built in (as long as the underlying database supports it, obviously). $conn-BeginTrans(); $commit = false; $query = 'select col1, col2 from table 1'; $rs = $conn-Execute($query) ? true : false; $commit = $rs ? true : false; $query = 'insert into table1 (col1, col2) values (col1, col2)'; $commit = $commit == true $conn-Execute($query) ? true : false; $query = 'insert into table2 (col1, col2) values (col1, col2)'; $commit = $commit == true $conn-Execute($query) ? true : false; $query = 'insert intod table3 (col1, col2) values (col1, col2)'; $commit = $commit == true $conn-Execute($query) ? true : false; $commit == true ? $conn-BeginTrans() : $conn-RollbackTrans(); None of the above will be committed since there is a syntax error in the third query. HTH. Pablo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] DB Abstraction Layers
Hi folks. Given the last response by Justin to my comment about some people's dislike for DB abstraction layers I'm electing to throw this out into the general discussion as a new topic. I have mixed feelings about abstraction layers. At times I love them (mostly) and at times I hate them. I posted a problem to a postgresql forum recently where I was having a query return different results from the command line and from within PHP, and it turned out to be a bug in ADOdb's debugging code which was the problem, incorrectly reporting the query which had just run ('%,123' is not the same as '%, 123' but it will drive you insane! ;o). I hated it for a brief time then ;o) The link below points to a page which contains a message from someone in response to my post looking for help solving the above problem, someone whom I consider to be quite, quite knowledgeable about databases and whose opinion I very much respect, so I think it deserves a read. It makes some interesting points: http://web.unbc.ca/~gossep/dbx.html Anybody care to throw their hat into the ring for a debate on the pros and cons of using DB abstraction layers such as ADOdb (which I really like) against Pear::DB and PHP's DBX functions, for example?? Cheers, Pablo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] the problem in if
German wrote: the problem consists of which I must list all the tables of a data base under SQL server, but I do not have idea of like doing it... Quick and dirty way: Download ADOdb (http://php.weblogs.com/adodb#downloads) and use their MetaTables() method http://phplens.com/lens/adodb/docs-adodb.htm#metatables HTH. Pablo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] SQL Injection check (mysql)
snip The idea is exactly not to do any queries dynamically generated based on user input! In the rare cases where this is needed you should not allow any unparsed input. /snip A RARE case, in the world of web applications??? Hardly! I agree that in an optimal situation queries will not be based on user input, but in the world of the web this is a pipe dream. In 99.99% of the cases there will be some dynamic element to a query. The only safeguard is to validate the hell out of the data. P. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] SQL Injection check (mysql)
snip PG A RARE case, in the world of web applications??? Hardly! PG PG I agree that in an optimal situation queries will not be based on PG user input, but in the world of the web this is a pipe dream. In PG 99.99% of the cases there will be some dynamic element to a query. PG The only safeguard is to validate the hell out of the data. I don't know which web applications you develop, but the ones I have be developing the last 10 years all user interaction was done thrue forms where users where asked specific question, and the input to these specific questions where used as input in prepared statements. Eg. select tuple1.table1, tuple1.table2, tuple3.table1 from table1, table2 where tuple1.table1 = tuple1.table2 and tuple1.table1=? and tuple3.table3? and so forth. In any case the users input where to be used in queries defined by the design of the application! I think you have misunderstod the concepts of making queries based on user input. It is not the users who should create the query, all to should do is provide the input to narrow down the queries. /snip I have not misunderstood the concepts of making queries based on user input. I think the issue here is we all need to clarify what we're referring to as user input, because ultimately we are all saying the same thing. 1) Hard coding a query into an application is good, if the situation permits it; 2) Letting a user select (or enter) a value(s) to be used in a query is good, as long as you validate the hell out of said value(s); 3) Letting a user arbitrarily enter unvalidated value(s) to be used in a query is very very stupid and very very bad, and done far too often. In a broader scope I would here consider to be user input ANY input which is not hard coded into the application, and any input which is not hard coded should be thoroughly examined before being used. I've not misunderstood the concept, we're all saying the same thing, just in different ways. Cheers, Pablo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Can i get all content for list box in $_POST
Sheeraz fazal wrote: Hi All, I have a list box in a page (html select tag with multiple selection option). Items are added dynamically in list box, using javascript. Can i get all elements of listbox in my php code. If i do $_POST['select_tag_name']. I get a variable not an array. Thus getting only one item. Comments? http://www.php.net/manual/en/faq.html.php#faq.html.select-multiple -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Bogus headers returned by firewalls
Hi folks. Has anyone out there ever had any issues with a user's personal firewall munging up the HTTP_REFERER for a page? I've got a mailer script which is accessed from a few domains within our network of sites, and sometimes users have been getting an error which informs them the script has been illegally accessed from outside of our domain. The error occurs when the string 'unbc.ca' is not found in the HTTP_REFERER. However, after adding some checking I've found that for users who encounter this error when on a valid form, there is no HTTP_REFERER in the $_SERVER array and instead there is an HTTP_WEFERER: HTTP_WEFERERNQEMSFDULHPQQWOYIYZUNNYCGPKYLEJGDGVCJVTLBXFGGMEPYOQKED I've googled this and this was the most informative piece I came up with: http://lists.evolt.org/archive/Week-of-Mon-20030901/147671.html It seems from this post and the links to the norton site within it that it is the firewall that is munging up the headers and that there is no way for me to avoid this. Am I mistaken in thinking this? Does anyone out there have any knowledge as to whether this can be dealt with? Cheers and TIA, Pablo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] SQL Injection check (mysql)
snip The reason is security. A prepared statement cannot comprimize the security of our database because all sql-statements are precompiled in the DBMS. An example using pear: $res = DB:connect('mysql://someuser:[EMAIL PROTECTED]/thedb'); $sth = $res-prepare('select * from sometable where id ?'); $sth-execute(10); As the example demonstrates the request is hardcoded which means it cannot be manipulated by any user supplied input. A beneficial side effect is that all characters which need exscaping is automatically handled by the DBMS. E.g the string O'leary would not cause any problems. /snip Huh? How does this accommodate for a dynamically generated query which is based upon user input? For example, $query = 'select p.name, a.location, p.editable '; $query .= 'from cms_pages p, cms_areas a '; $query .= 'where p.p_id = '.$p_id.' and p.a_id = a.a_id'; In this query the value against which p_id is tested would have to be supplied by the user and as such would not be hard coded as in your example above. It is validated and its type set before it is inserted into the query, so how does what you state above deal with this? Cheers and TIA. Pablo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] What is the best way to backup a MySQL Database
Elliot J. Balanza wrote: Hi I've been trying to use MySQL dump with a php query (since we dont have like a mysql_dump function) but it's not working. Can anyone please point me to a page so i can read a method to backup MySQL databases to an .sql file using php? thanks. Vamp Why can't you use mysqldump? If you don't have command-line access, how are you managing your DB (I would assume PHPMyAdmin or MySQL-Front)? I haven't used any of the PHPMyAdmin or PHPPGAdmin (or MySQL-Front) for some time now, but there should be a way to back up your database within them. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Passing by conditional IF statement...why?
Ryan A wrote: Hi, I have this simple code in my php script: * * * * * $res = mysql_query(SELECT product_id, now()-1 FROM .$tc._prods where cno=$cno AND product_id='$product_id' LIMIT 1); if($res) { $r = mysql_fetch_row($res); $product_id2 = $r[0]; $th_pres= $r[1]; echo debug echo; }else {echo No results, sorry;} * * * * * its working great when the data actually exists but when there are no matches it still executes the if($res) part instead of displaying No results, sorry. Why is that? or am I using the syntax wrong? Thanks, -Ryan You need to test the number of records being returned. By just using if ($res) you're simply ensuring that it is returning a valid resource. It is, but it's just that the resource has zero rows. Change the test such that it check the number of results to be = 1 and it should work. Cheers, Pablo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Character Question
David Westbrooks wrote: I have articles held in a MySQL database for a law firm. When I pull the information from the DB and display it, words like that's are shown as that\'s. To take care of this problem I have done this: $newsart = eregi_replace(\\\',', $newsart); Is there a better way to handle this to catch all irregular characters? Thank you for your help in advance. -Dave --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.598 / Virus Database: 380 - Release Date: 2/28/2004 http://www.php.net/stripslashes -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Parsing large log files with PHP
Hi folks. Has anyone encountered any problems parsing large log files with PHP? I've got a log file that's about 1.2 gig that I need to parse. Can PHP handle this or am I better of breaking this down into 12 100mb chunks and processing it? Any advice is appreciated. Cheers, Pablo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Parsing large log files with PHP
snip What kind of a log file are we talking here? regardless what processing you need to do generally working on a 1.2GB file with out RAID and/or lots of memory is going to be slow. Pablo Gosse wrote: Hi folks. Has anyone encountered any problems parsing large log files with PHP? I've got a log file that's about 1.2 gig that I need to parse. Can PHP handle this or am I better of breaking this down into 12 100mb chunks and processing it? /snip It's an Apache log file. I'm going to have to parse this file outside of the web server, probably on my desktop machine. It's a Dell Precision with 1GB RAM running RH9 with Apache and PHP 4.2.2. If I can get the log file broken down into 100MB chunks I assume this would not be a problem? I've not attempted to deal with the file yet as I didn't know how PHP would react to a 1.2 gig file, and I'm in the final stages of a very important project and cannot afford any downtime. I assume PHP can handle 100MB chunks without choking. Cheers and TIA. Pablo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Parsing large log files with PHP
snip IMHO bad idea to use a web script to process log files of these size (please ignore this comment if you are using the command line version). /snip Yes, this will be a script run from the command line. snip There are several good open source tools for parsing the apache log files (analog, webalizer, awstats to name a few). These are very fast and designed to handle large files that are generated by heavy traffic sites. You might want to look into it. Some of these log tools can produce a 'machine readable' as well. /snip I'm not actually looking for stats in this case. We had a very strange occurrence yesterday wherein we had a few reports of porn links appearing on one of our websites. So basically I'm going to be looking for all log entries relating to that one specific section of our site (which won't be a huge number) and then I will just need to take a look through them and see if there's anything strange there. snip finally 100MB chunks wouldn't be a problem. even 1.2gb wouldn't be a problem if you had raid and at least 512MB of memory. /snip That's good. I'm going to be doing this from my workstation so RAID isn't an option so I guess I'll use split to break the file into 100MB chunks. Thanks for your help. Cheers, Pablo Pablo Gosse wrote: snip What kind of a log file are we talking here? regardless what processing you need to do generally working on a 1.2GB file with out RAID and/or lots of memory is going to be slow. Pablo Gosse wrote: Hi folks. Has anyone encountered any problems parsing large log files with PHP? I've got a log file that's about 1.2 gig that I need to parse. Can PHP handle this or am I better of breaking this down into 12 100mb chunks and processing it? /snip It's an Apache log file. I'm going to have to parse this file outside of the web server, probably on my desktop machine. It's a Dell Precision with 1GB RAM running RH9 with Apache and PHP 4.2.2. If I can get the log file broken down into 100MB chunks I assume this would not be a problem? I've not attempted to deal with the file yet as I didn't know how PHP would react to a 1.2 gig file, and I'm in the final stages of a very important project and cannot afford any downtime. I assume PHP can handle 100MB chunks without choking. Cheers and TIA. Pablo -- Raditha Dissanayake. http://www.radinks.com/sftp/ | http://www.raditha.com/megaupload Lean and mean Secure FTP applet with | Mega Upload - PHP file uploader Graphical User Inteface. Just 150 KB | with progress bar. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] date functions
snip You might already be fed up with my posts but I'm a complete PHP newbie and find these groups are the best way to learn! Anyway I have the database date in the format: -mm-dd hh:mm:ss e.g. 2004-02-24 07:57:59 but when in some situations I only want to show the user the date in the format dd-mm- what is the correct / best php function to use for this purpose ? /snip strtotime() in conjunction with date() http://ca2.php.net/manual/en/ref.datetime.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] running php through cron
Hi folks. I've got a quick question about security when running a php script through a cron job. I've got a cron job set up that executes every minute and looks for idle users and pending content within a cms. I know that if I wanted to execute the script with an exec() call from within another php script I would need to chmod +x it. I don't seem to need to do this with a cron job, as I use the following command in the cron job, php /home/pablo/cmsutil/CMS_monitor.php and the permissions on CMS_monitor.php are as follows: -rw-rw-r--1 pablopablo3636 Feb 21 00:48 CMS_monitor.php My question is under these permissions could someone else with an account on this server execute this file? I'm pretty sure they couldn't but my knowledge of Linux isn't yet as extensive as I would like it to be so I can't say for sure. Can someone verify or correct me on this? Cheers and TIA. Pablo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] running php through cron
snip php /home/pablo/cmsutil/CMS_monitor.php and the permissions on CMS_monitor.php are as follows: -rw-rw-r--1 pablopablo3636 Feb 21 00:48 CMS_monitor.php My question is under these permissions could someone else with an account on this server execute this file? I'm pretty sure they couldn't but my knowledge of Linux isn't yet as extensive as I would like it to be so I can't say for sure. If the script can be read (the r permission) it can be run through the php cli like you are doing in cron. If the cron command you have is running under your username, and the script does not need to be viewable by the web server, you can set the permissions to 600, which would be -rw---. This will allow you as the user to read (as well as execute through php) and write to the file and not let anyone else (besides root of course) to do anything with it. Technically, if an executable can be read it can be executed. If it's a binary it can be copied by a user and the copy can be run, if it's a script it can be passed to an interpreter and run. /snip Thanks for the replies. Very helpful. The crontab running is my own so if I change the permission on the file as Adam mentions above I'll be fine (please let me know if this is not the case!). Thanks again. Pablo. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] sending reply, the continuing
Lucas Gonze wrote: I have a situation where I want to send a cached result back then recalculate the cache. This is necessary because it takes a long time to generate a page. Is there a way for me to return what the browser needs, then terminate the connection without stopping my script? Thanks in advance. - Lucas If by terminate the connection you mean stop sending back information to the browser, then perhaps you should look into output control functions: http://ca3.php.net/manual/en/ref.outcontrol.php HTH. Pablo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] PHP or MSIE Problem?
snip Beau Hartshorne wrote: as you (6.0.2800.1106) (different product ID though), and can't reproduce the problem on any of my Linux webservers, or the one Win2k machine I have running PHP/Apache. I also hit your URL with IE, and The problem only occurs in the second form. Did you try that one too? Yes, both worked fine. /snip I was only able to reproduce the error on the second form, and then only if I DID NOT check the checkbox. Any other combination of the elements worked fine. HTH. Pablo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] How check if URL is running ok before try open it?
snipHello, I decided to make a pre-URL caller into my script, so when user try link to another URL, instead show these annoying http errors (when URL off), I could direct him to more user friendly environment. I checked FOPEN($url-name,'R') command, but in some cases it will pop up fire-walls alerts for users who uses firewalls, when FOPEN is executed. I would like to try more silent tricks for this task, and appreciate any help./snip Create custom error handling pages which you would specify in your apache configuration. In your conf file you would need to add something like: ErrorDocument 403 /path/to/403.php ErrorDocument 404 /path/to/404.php wherever you define the configuration directives for the site in question. Hope that helps. Cheers, Pablo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP Kerberos examples/tutorials
Hi folks. I'm wondering if anyone out there can point me in the direction of a good tutorial/article on how to implement authentication using Kerberos in a PHP application running on Apache 2.0. I've googled and searched the lists but I can't find any tutorials or articles which fully explain this. Does anyone have any suggestions? Cheers and TIA, Pablo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] uploaded files are corrupted
snip I have a script that allows the user to browse his/her local hard drive for a file and email it as an attachment. Text files come through OK but any binary type file, e.g., JPEG or PDF arrive broken. JPEG will show as a red X in my browser and Adobe will complain about the PDF. I don't know why??? /snip I recently encountered this issue and as far as I can tell it has nothing to do with PHP. In my case it was caused by some arcane problem which occurred when installing the os and software (Apache, PHP, PostgreSQL, etc.) straight from a RedHat cd instead of downloading and compiling the source files. Everything worked fine except POST method uploads. Whenever I attempted to upload a file it would not upload properly, and if I was using a textarea to post a large chunk of code to a page for processing the code would also get mangled somewhere after clicking the submit button and before it was accessible via the $_POST array in the receiving script. The only thing I was able to surmise was that the problem had something to do with the vanilla install (as my sysadmin described it) of Apache, PHP and PostgreSQL. When I moved the project I was working on to its permanent home (an actual Dell server with everything compiled properly from the source) the problem disappeared altogether. I also tested it on a number of other production machines here and it worked fine on all of them. If possible I would suggest you take your code to another machine and test it out there as I would wager that the problem is within your system, not your code or PHP settings. I know this isn't an answer per se but I hope that is of some use and will save wasted time in trying to figure out the problem. Cheers, Pablo. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] problem identifying $_SERVER['HTTP_REFERER']
Hi all. I've got a simple mailer script that I wrote a few years ago that has been acting up over the past week. The problem is with the following check I perform at the very top of the script: if (!stristr($_SERVER['HTTP_REFERER'],unbc.ca)) { die(You can't access this script outside of our domain.); } The mailer is located in my personal webspace on the web.unbc.ca server and the calling forms are all located on www.unbc.ca. For some reason some people (apparently around 10 over the past week) are getting this error from two particular forms, but I know for certain that these forms are within our domain. Does anyone know why this would be happening other than someone making an illegal copy of the form and posting it on another domain (which I doubt is the case)? As I wrote earlier this script is about three years old, so at the time I didn't code using the $_SERVER and $_POST vars and just refered to them variable names explicitly. However, the PHP version on the machine hasn't changed for a long time (4.1.2) so I can't see why this would suddenly start happening now. To be safe I've just converted all the $_SERVER and $_POST vars in the script to use these references, so I'll be interested to see if the error goes away but I doubt it will. I was debating writing a simple regular expression to use instead of the stristr check but I don't really think it will make a difference as the only way the stristr check will fail is if the string 'unbc.ca' is NOT found in the referring page. Does anyone have any idea what could be causing this problem? Short of removing the check altogether I can't really see another way around it. Cheers and thanks much in advance, Pablo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Problem setting include_path for virtual servers
Hi folks. I have two virtual servers running under Apache. I want each to have a different include_path so I've set the following in each conf file: For Domain 1: IfModule mod_php4.c php_value include_path .:/u0/vservers/domain1.mydomain.ca/html /IfModule For Domain 2 IfModule mod_php4.c php_value include_path .:/u0/vservers/ domain2.mydomain.ca/html /IfModule However when I call the following file under either domain: ?php echo get_include_path(); ? I get this: .:/usr/local/lib/php which is obviously not right, and I know for certain that the daemon has been restarted. Can anyone tell me why this might be happening, or what I need to do to get the different include paths to be recognized? Cheers and TIA, Pablo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PCRE vs. POSIX-extended for regular expressions
Hi all. Quick quesiton about PCRE vs. POSIX-extended regular expressions. How much of a difference is there between these two types of regular expressions. I know I've read that PCRE is faster, but is it that much of a difference? A while ago I had to write a bunch of regular expression patterns for an application and I wrote them using the POSIX-extended functions, but now I'm debating converting them to their PCRE equivalents, because a) it says they are often faster, and b) I want the experience in both. Any thoughts on this? Cheers and TIA, Pablo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Migrating from SSI and Perl
snip My site, at the moment, uses SSI to call a Perl browser-sniffing script. I would like to: 1. use php to call the Perl script. 2. then save the values the Perl script outputs as php variables. Can this be done? If so, how? /snip Hi, Philip. If you are not 100% stuck on using a perl script to sniff the browser, you might want to use Phpsniff, a class available on sourceforge: http://phpsniff.sourceforge.net I've used it in many of my applications with excellent results. Cheers, Pablo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Pear install problem
Hi all. I'm trying to install PHPDocumentor (www.phpdoc.org) and I'm getting an error when using the pear install feature. I've got the necessary files stored in /home/phpDocumentor-1.2.2 but when I run pear install /home/phpDocumentor-1.2.2/package.xml I get the following error: Invalid checksum : 44835 calculated, 0 expected I've been looking around on google but I haven't been able to find much of any use. Can anyone give me an idea as to what's causing this and how to fix it? Cheers and TIA, Pablo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] PHP IDE?
snip Was wondering what everyone's favortie IDE is for coding in PHP. I've got a big PHP project in the works. I'll be doing alot with it and am looking for ways to boost my productivity. --Jough /snip If you're willing to purchase a commercial product I'd highly recommend Zend's IDE. I've been working on a large PHP development project for a little over a year now and switched to the Zend IDE about three months ago and it has really increased my productivity. My $0.02 CDN ($0.0151483 USD). P. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] (0t) SSH cp (copy help)
snip Hi, I'm on a win2k pro machine and need to copy a modified httpd.conf file to my linux box, I dont really know much about SSH and just learned a bit with my pals help (google) I am able to navigate around the directories, get a directory listing and delete...am unable to copy files from my harddisk for some reason /snip Hey Ryan. I'd suggest going to http://www.ssh.com/support/downloads/secureshellwks/ and downloading either the commercial evaluation version or non-commercial version. It has the standard SSH terminal, but it also features an SSH File Transfer client which will allow you to do what you want. Cheers, Pablo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] restrict access to multiple pages
Kelly Hallman wrote: On Mon, 8 Dec 2003, Chris W. Parker wrote: Ok so I am working on the admin sectin of the e-commerce app I'm writing and I'm hoping there's a better way to do what I am currently doing. In an effort to prevent circumvention of the login page I've placed a check at the beginning of each page that basically does the following: ... In the case that this is part of a larger application, as it seems to be, you probably should have an include that you are doing on each hit that handles the user identity/authentication.. Not just for your admin users, but a general container for all the user-related functions. On that page Within that include, let's call it loguser.php, you could write functions such as require_admin() or require_login() .. then, call those functions on the pages that require the user to be an admin or be logged in. The functions would determine if the logged-in user had adequate permission, and redirect them if not. That way, you can control this behavior from a central location--you don't want to have to go through each page of your app and change a URL. -- Kelly Hallman // Ultrafancy What I've done for the CMS I've been working on for a while is I have a base class which is the core of the application, and all modules in the CMS extend from this base class. Part of this base class is a check_login() method, and I simply call this in the constructor of each module to verify login and access privelidges. This method first verifies a basic login, and assuming the login passes it then checks the user's credentials against a list of credentials which are necessary to access the different functionalities in each module, and away we go. If the login test fails, the session is destroyed and the user is sent back to the login page. Otherwise if they are attempting to access functionality to which they don't have access they get notified of this, else they proceed as normal. Cheers, Pablo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] display settings
Hartley, Matt wrote: I am sort of new at this, I am wondering if it is possible to find the display settings of the user I know that ?php echo $_SERVER[HTTP_USER_AGENT]; ? will give you Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0) is there one that will recover the display settings of the user? Matt Hi Matt. I'm not sure if this will do what you want or not, but it's worth a look. It's provides a plethora of browser info. http://phpsniff.sourceforge.net/ Cheers, Pablo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] restrict access to multiple pages
Kelly Hallman wrote: On Mon, 8 Dec 2003, Chris W. Parker wrote: Ok so I am working on the admin sectin of the e-commerce app I'm writing and I'm hoping there's a better way to do what I am currently doing. In an effort to prevent circumvention of the login page I've placed a check at the beginning of each page that basically does the following: ... In the case that this is part of a larger application, as it seems to be, you probably should have an include that you are doing on each hit that handles the user identity/authentication.. Not just for your admin users, but a general container for all the user-related functions. On that page Within that include, let's call it loguser.php, you could write functions such as require_admin() or require_login() .. then, call those functions on the pages that require the user to be an admin or be logged in. The functions would determine if the logged-in user had adequate permission, and redirect them if not. That way, you can control this behavior from a central location--you don't want to have to go through each page of your app and change a URL. -- Kelly Hallman // Ultrafancy What I've done for the CMS I've been working on for a while is I have a base class which is the core of the application, and all modules in the CMS extend from this base class. Part of this base class is a check_login() method, and I simply call this in the constructor of each module to verify login and access privelidges. This method first verifies a basic login, and assuming the login passes it then checks the user's credentials against a list of credentials which are necessary to access the different functionalities in each module, and away we go. If the login test fails, the session is destroyed and the user is sent back to the login page. Otherwise if they are attempting to access functionality to which they don't have access they get notified of this, else they proceed as normal. Cheers, Pablo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Persistence of session files
Hi all. I'm wondering if anyone can tell me how long temporary session files stay on the server after the session has ended if session_destroy() is not called. I'm curious as part of the CMS I've been writing for the past year is a class which dynamically generates and validates all forms in the CMS. This class relies heavily on sessions so I've implemented a method which is called upon the execution of every page within the CMS, and which checks for expired forms and deletes them from the session. This is proving to be very effective in minimizing the overall size of the session while still having the user work with very large amounts of session data. However if the user just closes the browser instead of logging out the final cleanup isn't called and there can be some large session files left on the server. What I'm curious about is how long these last before they are somehow deleted? Is there some way I can control this? Cheers and TIA, Pablo. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] PHP on a Domino Web Server
Jonathan Villa wrote: Where can I find information on installing/configuring PHP for Domino? http://www.alise.lv/ALISE/technolog.nsf/0/b2dc72112f3df625c2256dad002e40 c5?OpenDocument It's called Google man. Use it and love it. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Maximum execution time
John J Foerch wrote: Hi, Is there some way to turn off maximum execution time? Preferably within the script itself? Thanks, John ini_set('max_execution_time',0); -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] sendmail vs smpt
Hi all. I'm curious as to the performance difference between scripts that use sendmail vs. smtp for their mailing abilities. I use the following class for delivering emails, http://phpmailer.sourceforge.net http://phpmailer.sourceforge.net/ , and since I don't have sendmail running on my local machine I'm using the smtp server of the university where I work to deliver my messages. However, it seems to be a bit sluggish. I'm going to run a test of switching the mail handler from smtp to sendmail once the application is in its permanent home in a few weeks, but for now does anyone have any opinions on this, and is there any advantage to using one over the other? Thanks in advance, Pablo
[PHP] Kerberos authentication with PHP
Hi all. I'd like to use Kerberos to authenticate users and I'm looking for a decent tutorial on how to accomplish this. I've Googled this and have searched the archives but I can't find any decent links which point to useful tutorials. Anyone have one they'd like to share? Cheers and TIA, Pablo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Excel Table download it
Jay Blanchard wrote: [snip] I want generate an excel table download it as a file (not view in IE), what HTML mimetype should i use? [/snip] header(Content-Type: application/vnd.ms-excel); header(Content-Disposition: inline; filename=\excel.xls\); header(Expires: 0); header(Cache-Control: must-revalidate, post-check=0, pre-check=0); header(Content-type: application/octet-stream); header(Content-Disposition: attachment; filename=yourfile.xls); header(Pragma: no-cache); header(Expires: 0); -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] different PHP configs for multiple sites on same machine
Hi all. Is it possible to have different php.ini settings for different sites running on the same server (Apache)? What I want to do exactly is change the include_path on a per-site basis, without having to call ini_set in each page. I have the following: /home/vservers/cms.mysite.com /home/vservers/wwwdev.mysite.com /home/vservers/cmsdev.mysite.com And I would like to be able to run an individual php.ini file for each. I'm pretty new to administering Apache so I'm just wondering if this Is doable? Cheers, Pablo
[PHP] Changing php directives inside apache config file
Hi all. I'm trying to alter the include_path for three different sites running on the same machine, and I do not want to use ini_set in each file. Here's what I've set up for each virtual host inside my httpd.conf file: VirtualHost ###.###.##.### IfModule mod_php4.c php_value include_path .:/usr/local/lib/php:/path/to/cmsdev.unbc.ca/html /IfModule ServerAdmin [EMAIL PROTECTED] DocumentRoot /path/to/cmsdev.unbc.ca/html ServerName cmsdev.unbc.ca ErrorLog /path/to/cmsdev.unbc.ca/logs/cmsdev.unbc.ca-error_log CustomLog logs/dummy-host.example.com-access_log common ErrorDocument 403 /403.php ErrorDocument 404 /404.php /VirtualHost However even after restarting apache the include_path is not being set correctly. Can anyone give me any advice as to where I'm going wrong? Cheers and TIA, Pablo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Changing php directives inside apache config file
[snip] There's really no reason to wrap the 'php_value' in the IfModule statement. Other than the, the syntax looks good...I know it's supposed to work in the httpd.conf, but I've never tested that...I've always done it in a .htaccess in the document root for the virtual. [/snip] I'm pretty much a newbie to administering Apache so could you provide an example? I've set my .htaccess file up like this, and placed it in the root of the site: php4_include_path .:/usr/local/lib/php:/path/to/cmsdev.unbc.ca/html but I'm still not seeing the changes taking effect. Any ideas? Cheers and TIA. Pablo -Original Message- From: John Nichel [mailto:[EMAIL PROTECTED] Sent: Monday, November 24, 2003 3:02 PM To: Pablo Gosse Cc: [EMAIL PROTECTED] Subject: Re: [PHP] Changing php directives inside apache config file Pablo Gosse wrote: Hi all. I'm trying to alter the include_path for three different sites running on the same machine, and I do not want to use ini_set in each file. Here's what I've set up for each virtual host inside my httpd.conf file: VirtualHost ###.###.##.### IfModule mod_php4.c php_value include_path .:/usr/local/lib/php:/path/to/cmsdev.unbc.ca/html /IfModule ServerAdmin [EMAIL PROTECTED] DocumentRoot /path/to/cmsdev.unbc.ca/html ServerName cmsdev.unbc.ca ErrorLog /path/to/cmsdev.unbc.ca/logs/cmsdev.unbc.ca-error_log CustomLog logs/dummy-host.example.com-access_log common ErrorDocument 403 /403.php ErrorDocument 404 /404.php /VirtualHost However even after restarting apache the include_path is not being set correctly. Can anyone give me any advice as to where I'm going wrong? Cheers and TIA, Pablo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: IE 6 mangling posted code
David Strencsev wrote: You may play with these functions: addslashes(); stripslashes(); htmlentities(); html_entity_decode(); Thanks for your help manu and david. I'm going to attempt converting the html characters and see if that works, but something also makes me think this might be a server configuration issue. The reason I say this is that I've run into this error on my machine, but when I try it on our academic web server it works fine, and when I ran a test on my system administrator's machine it worked fine as well. Now, some time ago I ran into a problem with the uploading of images on my machine, in that during the upload process the image was somehow being mangled and the uploaded copy was always a few K larger than the original, and no longer a valid file. I ran the test on my system administrator's machine and it was fine. These two things make me think it's something in the way my server is configured. I'm pretty new to Linux, so I have absolutely no idea what it might be and will be posting to some Linux and Apache forums to see if I can pinpoint it. In the meantime I will try converting the characters before they're displayed in the textarea for editing and before they're submitted to the db. Thanks again guys. Cheers, Pablo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] IE 6 mangling posted code
Hi all. I'm not sure if this is a browser issue, or a php issue, but while I'm leaning more towards the side of browser I'm not really certain and I'm interested to see if anyone has had problems similar to this. I've got a form by which html code is being submitted to a database. When I submit the form for some reason the code is being mangled. About the last half of the code is pasted at the end of the correct code, thus rendering it useless. Please view the text files via the links below to see what I mean. The code as it should be submitted is here: http://web.unbc.ca/~gossep/good_code.txt The code as it is received after being posted is here: http://web.unbc.ca/~gossep/bad_code.txt As you can see, everything from just after the onmouseout handler on line 10 to the end of the code is being replicated at the end of the code. Again, this happens immediately after the data is posted. Does anyone have any ideas here? TMIA, Pablo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Arrays and performance
Raditha Dissanayake wrote: [snip]The biggest XML job i have handled with PHP is parsing the ODP RDF dump which is around 700MB. Obviously arrays are out of the question in such a scenario, even though only one user will be accessing the script At a given moment. the ODP dump has a couple of million records[/snip] What was your solution for this, Raditha? How did you handle the parsing of such a large job? Cheers, Pablo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Random Function
Teren wrote: Anyways, it works fine if I put 0 in for 1 on line 9 where it uses the rand(), but it include 0 and I can't have 0. Why not just change the following: if($ran == $sh) { $add = no; } to: if($ran == $sh || $ran == 0) { $add = no; } That way you're testing for $ran to be 0, and if so then you do not add it. Cheers, Pablo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Multiple values in a form option field
On Thursday, November 13, Jeff wrote: [snip]What I now need to do is store not only the userID but the email address as well. Is there a way using a form to store 2 values using one drop down box? So basically I want to store the userID and the Email address to a variable in the form so that both may be written to different fields in the database later.[/snip] Hi Jeff. For this you'll need to use javascript and hidden form fields. I've had to do this in a few places in my CMS and it's not too difficult. The Javascript will be something like this: script type=text/javascript !-- // x is the select list in question function setEmail(x) { var users = new Array(); ?php $count = 0; foreach ($users as $id=$user) { echo 'users['.$count.'] = '.$id.';'; $count++; } ? for (i=0;ix.length;i++) { if (x.options[i].selected) hiddenidfield.value = users[i]; } } //-- /script One thing to make sure of is that you are looping through your results in the same order both when you create the javascript array inside the function, and also when creating the select list. Then in your form have a hidden input as follows: input type=hidden name=id And for the select list, use the onchange attribute to set the value of the hidden input field (onchange=setEmail(this);). You'll obviously need to update hiddenidfield.value with the proper reference to this input in the elements collection for this form. I'm writing this off the top of my head, so if there are any problems let me know. It should be pretty close though as I had to do just what you asked a few times recently. Cheers, Pablo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] form action=?
On Wednesday, November 12, 2003 8:23 AM Alan and Chris wrote: --- Alan --- can I put a function_name() in the form action=... place holder? --- Chris --- I think you can do this with JavaScript, yes. What is it that you hope to achieve by using a function instead of a url? You could, as chris writes, use action=Javascript:dosomething();, but that has almost an identical effect as calling said function in the onsubmit event handler. The only difference would be that if you use the onsubmit handler and the function does not return false, the action parameter of the form will be called after the function executes. Cheers, Pablo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Calendar
On Wednesday, November 12, 2003 10:50 AM, Steve wrote: I am looking for a simple easy to edit php calendar program. Does anyone know where I can find one? Pear is always a good place to start: http://pear.php.net/package/Calendar Cheers, Pablo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] help create community newbie guide to security
[snip] It might be best to not try and definitely declare what counts as foreign data, because it's a sort of everything else type of thing. If it doesn't originate within the PHP script itself, it is foreign.[/snip] What about data from a database which is retrieved within the PHP script? Would you consider this type of data to be internal (since it is being accessed within php) or external (since the database is external to php)? Cheers, Pablo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] $HTTP_Referer
On Thursday, November 06, 2003 10:31 AM, Josephin wrote: snip xy.html ---form.html--formmailer.php want the $HTTP_Referer or HTTP_URI, file only, (of xy.html) --to be forwarded to form.html, --to be converted in a variable, --which is passed on to formmailer.php, which will use it as subject. /snip Hi Josephin. Simply use $_SERVER['HTTP_REFERER'] to populate a hidden field in your form. So, input type=hidden name=referrer value=?php echo $_SERVER['HTTP_REFERER']; ? Cheers, Pablo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Sessions within new windows
On Thursday, November 06, 2003 5:51 AM, Donald wrote: I no one has mentioned getting it to work on Windows XP. That is what I am using, Windows XP Professional. Maybe the problem is confined to XP. Here is the EXACT IE version that I am using: 6.0.2800.1106.xpsp2.030422-1633 Hi Donald. I just tried this in XP Professional on IE 6.0 and it worked fine, both via a javascript function and a standard link with the target set to _blank. Anyone else have any idea why this would be happening? Cheers, Pablo -Original Message- From: olinux [mailto:[EMAIL PROTECTED] Sent: Thursday, November 06, 2003 12:48 AM To: Pablo Gosse; [EMAIL PROTECTED] Subject: RE: [PHP] Sessions within new windows If, as Chris wrote, this is indeed a feature/bug of IE, then it must be configurable somewhere, though I'm lost as to where that might be. Does anyone have any ideas how this could be controlled via IE's settings? I've experienced a similar problem on a php based system I use. I don't know what their code looks like. I think its an IE issue though - windows update always fixes the problem for me. http://windowsupdate.microsoft.com olinux __ Do you Yahoo!? Protect your identity with Yahoo! Mail AddressGuard http://antispam.yahoo.com/whatsnewfree -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Having trouble with Uploading Files to Server...
On Wednesday, November 05, 2003 8:03 AM, Dimitri wrote: I'm trying to allow users to upload files to my server. I have the appropriate code (I think) but I'm getting this error message. Can someone tell me why, and how to fix this? Warning: move_uploaded_file(/home/unit- dir/public_html/members/memberpix/dimitrihomel ess.gif): failed to open stream: Permission denied in /home/unit-dir/public_html/members/updatehomepage.php on line 36 Warning: move_uploaded_file(): Unable to move '/tmp/php9PUwlg' to '/home/unit-dir/public_html/members/memberpix/dimitrihomeless.gif' in /home/unit-dir/public_html/members/updatehomepage.php on line 36 Couldn't upload first image Hi Dimitri. Check the permissions on the directories you're working with. The user which php runs as (usually apache or nobody) needs to be able to write to the directories to which you are trying to upload the files (both the temp directory and the final location). Cheers, Pablo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Sessions within new windows
That's strange, as I've been writing a CMS over the past year which requires the user to have IE 5.5 or newer, and I have no problems with pop-ups accessing session values under IE 6.0. Perhaps it's an issue of how you're invoking the new windows? Are you using a normal link with target=_blank or are you using Javascript to launch the new window? Cheers, Pablo -Original Message- From: Chris Shiflett [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 05, 2003 8:42 AM To: Donald Tyler; [EMAIL PROTECTED] Subject: Re: [PHP] Sessions within new windows --- Donald Tyler [EMAIL PROTECTED] wrote: I have a site that has a members section. In the news area, when a user clicks the link for an article, it pops open a new window a requests the article via a PHP script. What's happening is that when the new window pops up, the script isn't getting the session info properly. [snip] P.S. Its Internet Explorer 6 I am using. This is a feature/bug of IE 6. It might be something you can configure somewhere, but I avoid IE like the plague, so I'm not sure about that. Every other browser, to my knowledge, will work properly. Hope that helps. Chris = My Blog http://shiflett.org/ HTTP Developer's Handbook http://httphandbook.org/ RAMP Training Courses http://www.nyphp.org/ramp -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Sessions within new windows
Hmm, that's strange. I use Javascript functions to control the few pop-up windows in the CMS, but I just went in and changed some to standard href tags with the _blank for the target attribute, as you have, and it still works with no problem. If, as Chris wrote, this is indeed a feature/bug of IE, then it must be configurable somewhere, though I'm lost as to where that might be. I just tested it out on a number of systems around here, both on a Windoze 2000 box and on a RedHat box using a Terminal Services connection, and it worked fine for me. Does anyone have any ideas how this could be controlled via IE's settings? Cheers, Pablo -Original Message- From: Donald Tyler [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 05, 2003 11:48 AM To: [EMAIL PROTECTED] Subject: RE: [PHP] Sessions within new windows I am using a normal link. Here is the exact html code: a href=View_Article.php?ID={ID} target=_blankimg src=../Images/view.gif width=22 height=22 border=0/a -Original Message- From: Pablo Gosse [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 05, 2003 11:17 AM To: [EMAIL PROTECTED]; Donald Tyler; [EMAIL PROTECTED] Subject: RE: [PHP] Sessions within new windows That's strange, as I've been writing a CMS over the past year which requires the user to have IE 5.5 or newer, and I have no problems with pop-ups accessing session values under IE 6.0. Perhaps it's an issue of how you're invoking the new windows? Are you using a normal link with target=_blank or are you using Javascript to launch the new window? Cheers, Pablo -Original Message- From: Chris Shiflett [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 05, 2003 8:42 AM To: Donald Tyler; [EMAIL PROTECTED] Subject: Re: [PHP] Sessions within new windows --- Donald Tyler [EMAIL PROTECTED] wrote: I have a site that has a members section. In the news area, when a user clicks the link for an article, it pops open a new window a requests the article via a PHP script. What's happening is that when the new window pops up, the script isn't getting the session info properly. [snip] P.S. Its Internet Explorer 6 I am using. This is a feature/bug of IE 6. It might be something you can configure somewhere, but I avoid IE like the plague, so I'm not sure about that. Every other browser, to my knowledge, will work properly. Hope that helps. Chris = My Blog http://shiflett.org/ HTTP Developer's Handbook http://httphandbook.org/ RAMP Training Courses http://www.nyphp.org/ramp -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Sessions within new windows
On Wednesday, November 05, 2003 12:38 PM, Chris wrote: I would also be interested in this, as well as some sort of confirmation of this behavior. It could be that the person who described this behavior was wrong. :-) I think Chris is correct in thinking that the person who started the previous thread on this subject described the behavior incorrectly. I've been developing web applications with PHP/PostgreSQL for a few years now, and I've never been able to duplicate the behaviors described in the original thread. From my experience over the past few years, here's how IE works with sessions and new windows. If you open a web application in Internet Explorer and a session is activated, opening a new window either via a JavaScript link, an href with the target attribute set to _blank or by hitting ctrl-n will cause the new window to inherit the session of the opener. However, if you have a window open in which a session is activated and you open a new IE window via a desktop shortcut (basically create a separate instance of the browser) this window will NOT inherit the session of the already active window. I tried to replicate the behaviors described in the previous thread with IE 5.5 and 6.0 running on Win2K boxes and on Linux boxes connected via TSS, and was unsuccessful. Anyone else have any ideas as to why this would be happening? It seems a very strange behavior to me. Cheers, Pablo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Input Validation of $_SESSION values
Hi all. A quick question as an extension to the threads about input validation over the past weeks. It's obviously best practice to rigorously check and validate all input coming via $_GET or $_POST, but what about $_SESSION values? Without proper checking of $_GET and $_POST, it is very easy for someone to exploit an application. But what are the potentials of this happening with session values? As an example, in my CMS when the user logs in a number of session variables are registered, including a user id, group id and clearance level, all of which are used extensively in queries. Throughout the CMS I use a custom function to validate any ids coming from $_GET or $_POST, but are those which come from $_SESSION equally dangerous? It would seem to me that they wouldn't be quite as dangerous, but I can't really say for sure. For example, if someone is attempting to retrieve a specific content block within the CMS for editing, the following query is executed: $query = 'select c.* from cms_content c, cms_access x '; $query .= 'where x.status = 1 and x.c_id = c.c_id and '; $query .= 'x.p_id = '.$p_id.' and c.p_id = '.$p_id.' '; $query .= 'and x.u_id = '.$_SESSION['u_id'].' and '; $query .= 'x.g_id = '.$_SESSION['g_id'].' '; $query .= $_SESSION['clearance'] 2 ? 'and (c.release now() and (c.expires is null or c.expires now()) and ((c.begin_suspend is null and c.end_suspend is null) or (now() not between c.begin_suspend and c.end_suspend))) ' : ''; What are the implications of not validating the $_SESSION['u_id'], $_SESSION['g_id'] and $_SESSION['clearance'] values? In this query, for example, the last ternary statement checks if the clearance value for the current session is less than 2, and if so the content can only be accessed if the conditions run against the timestamp fields for that specific record are valid. However, if someone were somehow able to hijack the value of $_SESSION['clearance'] and set it to 3 or 4, then this check would be ignored. How big of an issue is this? I'd be very interested in some opinions from those with more experience on the security side of things. Cheers, Pablo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] REPOST TO FIX MANGLED QUERY - Input validation of $_SESSION values
Hi all. Sorry for the repost but the query got seriously mangled in the previous post. A quick question as an extension to the threads about input validation over the past weeks. It's obviously best practice to rigorously check and validate all input coming via $_GET or $_POST, but what about $_SESSION values? Without proper checking of $_GET and $_POST, it is very easy for someone to exploit an application. But what are the potentials of this happening with session values? As an example, in my CMS when the user logs in a number of session variables are registered, including a user id, group id and clearance level, all of which are used extensively in queries. Throughout the CMS I use a custom function to validate any ids coming from $_GET or $_POST, but are those which come from $_SESSION equally dangerous? It would seem to me that they wouldn't be quite as dangerous, but I can't really say for sure. For example, if someone is attempting to retrieve a specific content block within the CMS for editing, the following query is executed: $query = 'select c.* from cms_content c, cms_access x '; $query .= 'where x.status = 1 and x.c_id = c.c_id and '; $query .= 'x.p_id = '.$p_id.' and c.p_id = '.$p_id.' '; $query .= 'and x.u_id = '.$_SESSION['u_id'].' and '; $query .= 'x.g_id = '.$_SESSION['g_id'].' '; $query .= $_SESSION['clearance'] 2 ? 'and (c.release now() and (c.expires is null or c.expires now()) and ((c.begin_suspend is null and c.end_suspend is null) or (now() not between c.begin_suspend and c.end_suspend))) ' : ''; What are the implications of not validating the $_SESSION['u_id'], $_SESSION['g_id'] and $_SESSION['clearance'] values? In this query, for example, the last ternary statement checks if the clearance value for the current session is less than 2, and if so the content can only be accessed if the conditions run against the timestamp fields for that specific record are valid. However, if someone were somehow able to hijack the value of $_SESSION['clearance'] and set it to 3 or 4, then this check would be ignored. How big of an issue is this? I'd be very interested in some opinions from those with more experience on the security side of things. Cheers, Pablo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: Input Validation of $_SESSION values
On Wednesday, November 05, 2003 5:43 PM, Lang wrote: /*---*/ 1. Have register_globals set to off in your php.ini and 2. Check the values before you put them in the session. You should be ok. ie. if you just go $_SESSION['g_id'] = $_GET['g_id'] on one page, then you still have the same security risks as using just $_GET. If you are slightly more paranoid then you have to look at the way session variables are stored between one page and another. If you are using files (the default), can someone else edit the files on your server? Even if you use a custom session handler to store session variables, the main question is.. Can something else change the session variables, other than my php scripts. If the answer is yes, then you need to do more checking. /*---*/ Hi, Lang. Thanks for the reply. Currently I do have register_globals turned off, and the session values are all set with values pulled from a database. The $_POST values passed to the query which retrieves this info are validated using regular expressions. I just checked the PHP session files and they're stored in /tmp and owned by apache. Should I change this to another directory and lock down the directory to make this a little more secure? As to your last point, can something else change the session vars other than my php scripts, answers to that question are exactly what I'm looking for. In all honesty I don't know enough about how one would go about attempting to hack the values of a session other than through hacking into the session files, so if anyone has any input on this please pass it along. Cheers, Pablo Pablo Gosse wrote: Hi all. A quick question as an extension to the threads about input validation over the past weeks. It's obviously best practice to rigorously check and validate all input coming via $_GET or $_POST, but what about $_SESSION values? Without proper checking of $_GET and $_POST, it is very easy for someone to exploit an application. But what are the potentials of this happening with session values? As an example, in my CMS when the user logs in a number of session variables are registered, including a user id, group id and clearance level, all of which are used extensively in queries. Throughout the CMS I use a custom function to validate any ids coming from $_GET or $_POST, but are those which come from $_SESSION equally dangerous? It would seem to me that they wouldn't be quite as dangerous, but I can't really say for sure. For example, if someone is attempting to retrieve a specific content block within the CMS for editing, the following query is executed: $query = 'select c.* from cms_content c, cms_access x '; $query .= 'where x.status = 1 and x.c_id = c.c_id and '; $query .= 'x.p_id = '.$p_id.' and c.p_id = '.$p_id.' '; $query .= 'and x.u_id = '.$_SESSION['u_id'].' and '; $query .= 'x.g_id = '.$_SESSION['g_id'].' '; $query .= $_SESSION['clearance'] 2 ? 'and (c.release now() and (c.expires is null or c.expires now()) and ((c.begin_suspend is null and c.end_suspend is null) or (now() not between c.begin_suspend and c.end_suspend))) ' : ''; What are the implications of not validating the $_SESSION['u_id'], $_SESSION['g_id'] and $_SESSION['clearance'] values? In this query, for example, the last ternary statement checks if the clearance value for the current session is less than 2, and if so the content can only be accessed if the conditions run against the timestamp fields for that specific record are valid. However, if someone were somehow able to hijack the value of $_SESSION['clearance'] and set it to 3 or 4, then this check would be ignored. How big of an issue is this? I'd be very interested in some opinions from those with more experience on the security side of things. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] hard(?) syntax problem
On Tuesday, November 04, 2003 8:12 AM Adam wrote: I want to access a value of an array by key, but the array is not a variable - it is a constant. How do I do it? I tried $value = PL_ORT[$key]; , but this doesn't work (parse error)... I even tried $value = {PL_ORT[$key]}; Hi Adam. As per the manual, constants may only evaluate to scalar values. Are you sure what you're trying to do is even possible here? If you try to define a constant as an array, as follows: ?php define('something',array('foo','bar')); ? the following error results: Warning: Constants may only evaluate to scalar values in c:\phpdev\www\constant.php on line 2. The valid types for use within constants are: - boolean - integer - floating-point number (float) - string Cheers, Pablo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Retrieving my domain name
On Tuesday, November 04, 2003 8:35 AM Shaun wrote: I want to generate an email with a link in it that links back to the domain name I am sending it from. How can I do this in PHP? $_SERVER['SERVER_NAME'] will return of the domain under which the script is called. Cheers, Pablo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Handling checkboxes that aren't checked!!!
On Tuesday, November 04, 2003 12:45 PM Kevin wrote: [snipped] How can I test for it without getting an error if it is not checked?? [/snipped] Hey Kevin. Use isset($var) to test if a var has been set. So you would need: If (isset($_POST['checkboxname']) $_POST['checkboxname'] == 'on') { echo 'Selected'; } else { echo 'Not selected'; } Cheers, Pablo -Original Message- From: KB [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 04, 2003 12:45 PM To: [EMAIL PROTECTED] Subject: [PHP] Handling checkboxes that aren't checked!!! Hi, I have a page with a Form and a Checkbox. I have a second page which wants to do something depending on if the checkbox is selected or not. If its selected there is no problem. But if I tryand do anything if it isn't selected then it says the variable is 'undefined'. How can I test for it without getting an error if it is not checked?? Or is there a way of ensuring it is either on or off. if ($want_it == TRUE { echo Selected; } else { echo Not Selected;} Will give an undefined eror if the checbox is not selected, but works if it is selected. I have been tearing my hair (what is left) out over the past week and I could really do with some help. Suggestions?? Thanks in advance Kevin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] text input truncated
On Tuesday, November 04, 2003 3:28 PM Jay wrote: echo forminput type=test size=25 value=$xyz/form; [snip] The text box shows up with Hello NOT Hello World. How do I get the entire variable? Hi Jay. You need to wrap the value attribute in quotes, or else it'll truncate at the first space. echo forminput type=text size=25 value=\$xyz\/form; Oh, and you'd also misspelled the type value text as test (which incidentally shows up as a text input anyways, since that's the default. Cheers, Pablo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP]eventKey
On Wednesday, October 29, 2003 8:04 AM David wrote: One of my friends wants to create a page that shows current time by pressing space key or enter key. What is the best way to do this with PHP? PHP is a server-side technology, and what you want to do is on the client side. Your friend will need to use Javascript to accomplish this. Try forums.devshed.com for a good javascript forum. Cheers, Pablo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Query explanation
On Wednesday, October 29, 2003 8:20 AM Robb Kerr wrote: I am attempting to hack a tutorial from the Zend site. I have found the tutorial/project to be excellent, but I don't completely understand what's being done in the following Query statement. //query database, assemble data for selectors $Query = SELECT s.ID, s.Name, a.Code . FROM areacode a, state s . WHERE a.State = s.ID . ORDER BY s.Name, a.Code; Hey Rob. In plain english, what this query is doing is the following: Selecting ID, Name and Code from the areacode and state tables, where the State in the areacode table is equal to the ID in the state table. You are correct in assuming that the s in s.Name and the a in a.Code reference the table from which these fields are retrieved. So from this, the a following the areacode table and the s following the state table are basically shortcuts for referring to these tables, as per your assumption. You could leave it just as FROM areacode, state and reference the fields as state.ID and areacode.Code, but this is much more cumbersome. Not sure I understand what you're asking when you refer to being unable to find the ID, Name and Code variables initiated in the preceding code. Can you elaborate on that a little? Cheers, Pablo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Possible query problem
On Tuesday, October 28, 2003 8:50 AM Frank Tudor wrote: $query=SELECT payment FROM payment WHERE dln='.$_POST[dln].' = payment.dln='.$_POST[dln].' and users.password='.$_POST[password].'; Okay, there seem to be a few problems here. The first issue is: users.password Using this means you are referencing a table which you've identified as users, however there is no such table in your query. If the password field is part of the payment table, then you would reference it as payment.password. However if the password field is part of a users table, then you need to perform a join here, as you will be attempting to get the data from two tables. The second issue is here: WHERE dln='.$_POST[dln].' = payment.dln='.$_POST[dln] You're first comparind dln to $_POST['dln'], and then to payment.dln and then to $_POST['dln'] again. What fields is it you're trying to compare? Each where clause in sql must be joined with an and, or, like, etc. So perhaps you were trying for something like this: WHERE dln = '.$_POST[dln].' and payment.dln = '.$_POST[dln] However, if this were the case you're essentially asking the same thing twice. So, based on your query, I suspect you're trying for something like this: $query = 'select payment from payment where dln = \''.$_POST['dln'].'\' and password = \''.$_POST['password'].'\''; However, this again assumes that the password and dln fields are in the same table. If they're in separate tables then you'll need to perform a join. Hope this helps. Cheers, Pablo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] URL Variables
On Tuesday, October 28, 2003 8:57 AM Jed R. Brubaker wrote: Is there a way to preserve URL variables and have a link simply add a new variable to the end? I am tabulating data and I have URL variables defining which dataset to view and in what way to view it. I would now like to set the SQL statement up with a limit and add some Previous, Next commands, and even paging numbers, but how should I go about setting up the link so that the existing URL variables are preserved? $_SERVER['HTTP_REFERER'] will give you the referring url with all vars attached, so then all you'll need to do is append your new vars to the end of this. Cheers, Pablo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] revised query problem (sorry)
Yours: $query=SELECT payment FROM payment WHERE payment.dln='.$_POST[dln].' = users.dln='.$_POST[dln].' and payment.payment='.$_POST[payment].'; Mine: $query=SELECT payment FROM payment WHERE payment.dln='.$_POST[dln].' AND users.dln='.$_POST[dln].' and payment.payment='.$_POST[payment].'; See the difference? -Original Message- From: Frank Tudor [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 28, 2003 9:09 AM To: 1PHP Subject: [PHP] revised query problem (sorry) $query=SELECT payment FROM payment WHERE payment.dln='.$_POST[dln].' = users.dln='.$_POST[dln].' and payment.payment='.$_POST[payment].'; Will this work? Frank __ Do you Yahoo!? Exclusive Video Premiere - Britney Spears http://launch.yahoo.com/promos/britneyspears/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Menu populated based on previous menu
Hi Robb. This is exactly what you'll need to do. Something like the following, assuming you're populating an array with user information: script type=text/javascript !-- var users = new Array(); ?php $count = 0; while (!$users-EOF)) { echo 'users['.$count.'] = '.$users-fields['username'].chr(10); $count++; $users-MoveNext(); } ? //-- /script The users array will now be populated with the usernames returned from your query. Cheers, Pablo -Original Message- From: Robb Kerr [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 28, 2003 9:48 AM To: [EMAIL PROTECTED] Subject: Re: [PHP] Menu populated based on previous menu I've found some JavaScripts that will do what I require. Here's the question before I get to deeply into hacking the scripts... Can you embed PhP in JavaScript. In other words, the Java requires that arrays be filled. The entries into these arrays need to come from my database which is accessed via PhP. In Java line... new Array() can I embed the PhP... ?php echo $database['field']; ? Thanx, -- Robb Kerr Digital IGUANA -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] php sessions
Hi Rob. That seems perfectly logical. I've written a Content Management System which (when it's finished in a couple of months ;o) run the website at the university where I work. I can presently open an instance of the CMS in IE, login as admin, then open a new window and request another instance of the CMS, and login as a less-privelidged user. I can then use these two separate instances and work as two individual users in the CMS at the same time. Cheers, Pablo -Original Message- From: Rob Adams [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 28, 2003 11:56 AM To: [EMAIL PROTECTED] Subject: Re: [PHP] php sessions I will test it, because it seems I don't understand this issue as much as I could. But I can already tell you results I see right now: I open a web browser (IE) and login to my application. I open another window (IE) and goto the web application, and it asks me to login. This is all on the same computer. (As I've explained all this before.) Now, perhaps I don't know what I'm talking about, and this is a different issue. If so, I'm pretty sure you'll certainly try to set me straight. If not, then it certainly seems relevant to the discussion, and that my one client (IE) is sending two different requests from two different windows on the same computer. -- Rob Chris Shiflett [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] --- Rob Adams [EMAIL PROTECTED] wrote: Test it yourself. With all due respect, it seems you should be doing the testing. Login to a PHP app using a standard browser and session cookies and see for yourself. I understand the philosophy of the web server only seeing what the client sends it, but it looks like my client (IE6, right here) does send different requests per instance. Then show us these requests and point out how they are different. Otherwise, I have to assume you have no idea what you're talking about. Chris = My Blog http://shiflett.org/ HTTP Developer's Handbook http://httphandbook.org/ RAMP Training Courses http://www.nyphp.org/ramp -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] php sessions
On Tuesday, October 28, 2003 2:13 PM CPT John W. Holmes wrote: It may depend upon how you open the second window, too. Control-N may use the same cookies whereas starting a whole new instance may not. This is the case with IE. If I'm in my CMS and ctrl-N to get a new window, I can operate under both windows using the same session. If I open a new instance of IE and go to a page in the CMS beyond the login screen, it boots me back to the login screen. Cheers, Pablo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Session Timeout
On Tuesday, October 28, 2003 6:46 PM wrote: Hi there, i am experiencing a session timeout problem with one of my projects. One of the users had left their machine for less than 15 mins, maybe a bit more and it logged them out when posting data. This isnt good as they lost their data. I was wondering how i can dynamically set the session timeout to try and prevent this. Use ini_set() to alter the max lifetime of a session. ini_set('session.gc_maxlifetime',n); where n is the number of seconds you want to pass before the session is expired. Default is 1440. Cheers, Pablo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Shortening a String
On Tuesday, October 28, 2003 6:53 PM Jason Williard wrote: I would like to display part of the output of a query. In many cases, the string returned by this query exceeds 200 characters. Is there a way to cut it off after 200 characters? Even better, is there a way to cut it off at the next space after 200 characters? This should do what you want. substr($str,0,strpos($str,' ',200)); Cheers, Pablo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: function help simple redirect
On Monday, October 27, 2003 11:26 AM, Frank Tudor wrote: This one worked (kinda) I have no more errors but it doesn't do the redirect (hmmm)?? ?PHP $payment = 1; function payment(){ global $payment; if ($payment == 0){ header ('Location: http://ftudor/test/test_page.html'); } elseif ($payment == 1) { header ('Location: http://ftudor/test/test_page2.html'); } } ? You need to add payment(); to your php code. The function is defined, but it's not going to do anything until you call it. Cheers, Pablo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] php temp table question (for mysql)
On Larry Brown wrote: - Does anyone know whether the use of persistent connections with php will allow a temp table created by a script to linger around and cause a problem with the next execution of the script when it tries to create the temp table again? Also if it does present a problem with the next script execution trying to create the temp table again, if I drop the temp table at the end of the script will I still have problems if the script is run by two client in tandem? For instance two people connect, both hit the script at about the same time. One script creates the temp table and before it can drop the table the second script tries to create the table. Will it see the table created by the other script? Again the use of persistent connections would be a the heart of this I would think. - Perhapds you could add a check at the beginning of the script to see if the table exists, and if the table does not exist then you create it. If it does exist, you use the existing table. Cheers, Pablo -Original Message- From: Larry Brown [mailto:[EMAIL PROTECTED] Sent: Monday, October 27, 2003 1:24 PM To: PHP List Subject: [PHP] php temp table question (for mysql) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Idea for new operator
On Sunday, October 26, 2003 5:40 PM Al wrote: Is it just me, or would everybody else like to see a case-insensitive string comparison operator introduced into PHP? You could use the strcasecmp() function as well: http://ca3.php.net/manual/en/function.strcasecmp.php ?php $var1 = Hello; $var2 = hello; if (strcasecmp($var1, $var2) == 0) { echo '$var1 is equal to $var2 in a case-insensitive string comparison'; } ? Cheers, Pablo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] w3c-compliant form-action parameters
Hi, Timo. Why can't use use hidden fields instead of appending the values to the url? It would be the same to access them via $_GET['para1'] $_GET['para2] (unless you were using post as your method, in which case it would simply be $_POST['varname']) if they were on the url or in hidden fields. Why can't you make this switch? Also, have you tried using the % entity for ampersand (%26 if memory serves me correct) instead of amp; or the literal ampersand? So instead of mypage.php?para1=val1para2=val2 you would use mypage.php?para1=val1%26para2=val2. Cheers, Pablo -Original Message- From: Timo Boettcher [mailto:[EMAIL PROTECTED] Sent: Friday, October 24, 2003 9:59 AM To: [EMAIL PROTECTED] Subject: [PHP] w3c-compliant form-action parameters Hi, I am trying to get my pages through the w3c-validator for html. It doesn't like my FORM action=mypage.php?para1=val1para2=val2 Changing to amp; got my page through the validator, but broke my app, which seems not to be getting any parameters over URL anymore. How can I fix that? PS.: Moving that information from the URL to hidden fields or cookies/sessions is not an option. Timo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Post form variables to a frame
On Friday, October 24, 2003 8:28 PM Luis Lebron wrote I tried that but it did not work. Can you post the html code you used? Setting form action=foo.php target=frame should do the trick. This is very standard, so if it's not working that's very strange. Post the code so we can take a look. Cheers, Pablo -Original Message- From: Evan Nemerson [mailto:[EMAIL PROTECTED] Sent: Friday, October 24, 2003 10:14 PM To: Luis Lebron; [EMAIL PROTECTED] Subject: Re: [PHP] Post form variables to a frame On Friday 24 October 2003 06:08 pm, Luis Lebron wrote: How can I post a form to the left frame of a frameset. I want to have an user submit a form that opens a frameset. The left frame contains the results of a query based on the posted parameters. Try setting the target attribute of the form element to the name of the left frame. http://www.w3schools.com/tags/tag_form.asp What I want to create is a master detail page. Let's say a person is looking for a particular car. They would fill out a form. When the form is submitted a frameset shows up with thumbnails and some information on the car on the left frame. When the person clicks on the thumbnail, a larger picture and more information shows up on the right hand frame. My only problem is getting the form variables to the left frame. thanks, Luis -- Evan Nemerson [EMAIL PROTECTED] -- ...the whole idea of revenge and punishment is a childish daydream. Properly speaking, there is no such thing as revenge. Revenge is an act which you want to commit when you are powerless and because you are powerless: as soon as the sense of impotence is removed, the desire evaporates also. -George Orwell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Images being uploaded in ASCII format
Hi Tom. make sure you have ENCTYPE=multipart/form-data in the form tag Thanks for the tip, but that's not the problem. My code is below, and as you can see there is nothing in the code that would be causing this. It has to be something in the server, and while there have been a few posts to these lists about this problem, never a resolution for the problem. Here's the code: ?php function handleupload() { if (is_uploaded_file($_FILES['userfile']['tmp_name'])) { $realname = $_FILES['userfile']['name']; if(copy($_FILES['userfile']['tmp_name'], '/path/to/file/'.$realname)) { echo 'br /'.$realname.' uploaded/font'; } else { echo 'br /'.$realname.'could not be uploaded/font'; } } else { echo 'br /Possible file upload attack: filename '.$_FILES['userfile']['name'].'.'; } } ? html head titleFile Upload/title /head body ?php if (isset($_POST['method']) $_POST['method'] == 'upload') handleupload(); ? form ENCTYPE=multipart/form-data method=POST action=?php echo $_SERVER['PHP_SELF']; ? input type=hidden name=method value=upload File:input type=file name=userfile size=35 input type=submit value=upload name=submit /form /body /html This is very standard code, yet the images are uploaded in ascii format. Does anyone have any idea why this is happening? How can I for the http uploads to auto-detect? I've looked through the entire php.ini and httpd.conf files and I can't seem to find anything, and as I mentioned above none of the previous posts on this topic have been resolved. Anyone? Thanks much in advance, Pablo Thursday, October 23, 2003, 4:05:13 AM, you wrote: PG Hi all. I'd like to take a brief sentence to introduce myself first. PG My name is Pablo Gosse, and I've just recently joined the php-general PG list. I've been using PHP since early 2000, and work as webmaster PG at the University of Northern British Columbia. PG I'm running into a problem with file uploads being handled in ascii PG rather than binary format. PG I've been writing a CMS for the past few months and the wysiwyg editor PG we're integrating has a very nice image manager built in PG (www.devedit.com). However, the uploads are being transferred in ascii PG format instead of binary (or auto-detect) which is mangling all the PG images. PG I've done a lot of research into this but can't seem to pin down the PG problem. I've looked through both my php.ini and httpd.conf and can't PG seem to find anything there that would remedy this problem. PG Does anyone have any advice as to where I should be looking to fix this PG problem? PG Thanks much in advance. PG Cheers, PG Pablo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Images being uploaded in ASCII format
Hi Raditha. Thanks very much for your reply. I've not been having much luck with this one. This is how the images should appear: http://web.unbc.ca/~gossep/sample_images/1.gif http://web.unbc.ca/~gossep/sample_images/nav-02.jpg And here is how they appear after being uploaded: http://web.unbc.ca/~gossep/sample_images/1_uploaded.gif http://web.unbc.ca/~gossep/sample_images/nav-02_uploaded.jpg The results to me seem the same as if an image were FTPed in ascii mode instead of binary mode (or auto-detect which would ultimately set the mode to binary). I just downloaded the XVI32 hex editor, but what should I be looking for when I open the files and examine the contents? Some other particulars to this situation: I've tried uploading the same images through the demo site on the company from which we purchased our editor (www.devedit.com) and they upload fine, making me certain it's a system setting on my system causing the problem. My system is as follows: Dell Precision 340 Workstation RedHat 9.0 Apache 2.0 PHP 4.2.2 Thanks with your help, Raditha. Greatly appreciated. Cheers, Pablo -Original Message- From: Raditha Dissanayake [mailto:[EMAIL PROTECTED] Sent: Thursday, October 23, 2003 10:19 AM Cc: [EMAIL PROTECTED] Subject: Re: [PHP] Images being uploaded in ASCII format Hi Pablo, Could you explain what exactly you mean by transferred in ASCII mode? do you find that cr/lf combinations are translated (there by corrupting your image) or some other corruption takes place? Have you opened the files with a hex editor to see the contents? I am sorry if you have mentioned these before, i don't have the older messages in this thread. Pablo Gosse wrote: Hi Tom. make sure you have ENCTYPE=multipart/form-data in the form tag Thanks for the tip, but that's not the problem. My code is below, and as you can see there is nothing in the code that would be causing this. It has to be something in the server, and while there have been a few posts to these lists about this problem, never a resolution for the problem. Here's the code: ?php function handleupload() { if (is_uploaded_file($_FILES['userfile']['tmp_name'])) { $realname = $_FILES['userfile']['name']; if(copy($_FILES['userfile']['tmp_name'], '/path/to/file/'.$realname)) { echo 'br /'.$realname.' uploaded/font'; } else { echo 'br /'.$realname.'could not be uploaded/font'; } } else { echo 'br /Possible file upload attack: filename '.$_FILES['userfile']['name'].'.'; } } ? html head titleFile Upload/title /head body ?php if (isset($_POST['method']) $_POST['method'] == 'upload') handleupload(); ? form ENCTYPE=multipart/form-data method=POST action=?php echo $_SERVER['PHP_SELF']; ? input type=hidden name=method value=upload File:input type=file name=userfile size=35 input type=submit value=upload name=submit /form /body /html This is very standard code, yet the images are uploaded in ascii format. Does anyone have any idea why this is happening? How can I for the http uploads to auto-detect? I've looked through the entire php.ini and httpd.conf files and I can't seem to find anything, and as I mentioned above none of the previous posts on this topic have been resolved. Anyone? Thanks much in advance, Pablo Thursday, October 23, 2003, 4:05:13 AM, you wrote: PG Hi all. I'd like to take a brief sentence to introduce myself first. PG My name is Pablo Gosse, and I've just recently joined the php-general PG list. I've been using PHP since early 2000, and work as webmaster PG at the University of Northern British Columbia. PG I'm running into a problem with file uploads being handled in ascii PG rather than binary format. PG I've been writing a CMS for the past few months and the wysiwyg editor PG we're integrating has a very nice image manager built in PG (www.devedit.com). However, the uploads are being transferred in ascii PG format instead of binary (or auto-detect) which is mangling all the PG images. PG I've done a lot of research into this but can't seem to pin down the PG problem. I've looked through both my php.ini and httpd.conf and can't PG seem to find anything there that would remedy this problem. PG Does anyone have any advice as to where I should be looking to fix this PG problem? PG Thanks much in advance. PG Cheers, PG Pablo -- Raditha Dissanayake. http://www.radinks.com/sftp/ | http://www.raditha/megaupload/ Lean and mean Secure FTP applet with | Mega Upload - PHP file uploader Graphical User Inteface. Just 150 KB | with progress bar. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe
RE: [PHP] Images being uploaded in ASCII format
Thanks Raditha. At least now I know I've been looking in the wrong place! I'll look forward to the perl script to see if it sheds any more light on this situation. I'm currently running Windoze, but when I boot to Linux later I'll try Khexedit to see what I can come up with. Cheers, Pablo -Original Message- From: Raditha Dissanayake [mailto:[EMAIL PROTECTED] Sent: Thursday, October 23, 2003 10:48 AM To: [EMAIL PROTECTED] Subject: Re: [PHP] Images being uploaded in ASCII format Hi Pablo Pablo Gosse wrote: Hi Raditha. Thanks very much for your reply. I've not been having much luck with this one. welcome This is how the images should appear: http://web.unbc.ca/~gossep/sample_images/1.gif http://web.unbc.ca/~gossep/sample_images/nav-02.jpg And here is how they appear after being uploaded: http://web.unbc.ca/~gossep/sample_images/1_uploaded.gif http://web.unbc.ca/~gossep/sample_images/nav-02_uploaded.jpg 1.gif and 1_uploaded.gif differ by much as 4Kb in length! and the first difference occurs at byte number 1276. (I used cmp) The results to me seem the same as if an image were FTPed in ascii mode instead of binary mode (or auto-detect which would ultimately set the mode to binary). Though the output might look like that it's misleading because you are using HTTP post. Unfortunately PHP does not allow access to raw POST data, else this can be debugged by looking at that data. I will mail you (offlist) a small perl script that you can use to write out the POST to a temp file and may be help you get to the bottom of this. I just downloaded the XVI32 hex editor, but what should I be looking for when I open the files and examine the contents? Khexedit might be installed by default. all the best -- Raditha Dissanayake. http://www.radinks.com/sftp/ | http://www.raditha/megaupload/ Lean and mean Secure FTP applet with | Mega Upload - PHP file uploader Graphical User Inteface. Just 150 KB | with progress bar. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] PHP not remembering sessions
Strange, because I just set up the code exactly as posted below, under Win2K and Apache 2.0, and it worked fine. Cheers, Pablo -Original Message- From: Golawala, Moiz M (IndSys, GE Interlogix) [mailto:[EMAIL PROTECTED] Sent: Thursday, October 23, 2003 1:11 PM To: Daniel Guerrier; [EMAIL PROTECTED] Subject: RE: [PHP] PHP not remembering sessions It seems that there is a problem with the session management on windows/apache. I was surfing the web to find an answer, and I noticed that there are couple of other people who have the same problem. But alas, there were no answers posted to this problem. So someone, please help me if you know why this is happening. Thanks Moiz -Original Message- From: Daniel Guerrier [mailto:[EMAIL PROTECTED] Sent: Thursday, October 23, 2003 4:04 PM To: Golawala, Moiz M (IndSys, GE Interlogix); [EMAIL PROTECTED] Subject: Re: [PHP] PHP not remembering sessions Use $_SESSION['var'] instead of $_SESSION[var] --- Golawala, Moiz M (IndSys, GE Interlogix) [EMAIL PROTECTED] wrote: Hi All, I have a problem with PHP not remembering sessions. for example: in page1.php: ? session_start(); $_SESSION[var] = Please help; ? form action=sessionTest2.php method=post input type=text name=loopCount size=21, maxlength=20/td input type=submit value=Submit/td in page2.php ? session_start(); echo $_SESSION[var]; echo $_POST[loopCount]; ? what I see above is only data for loopCount. I am not able to see the Please help on page2 I noticed that 2 cookies were created one for each session start. When I opened one of the cookies, I noticed that the data Please help was in the session cookie. Somehow php thinks a session is not already created and starts a new session on page2.php. my php.ini file has: register_globals = off session.use_cookies = 1 session.use_only_cookies = 1 session.auto_start = 0 session.gc_maxlifetime = 1440 Please can someone help me. I am not sure what I am doing wrong? Maybe it is some configuration that is causing this issue. Any help appreciated. Thanks, moiz -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php __ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Images being uploaded in ASCII format
Hi all. I'd like to take a brief sentence to introduce myself first. My name is Pablo Gosse, and I've just recently joined the php-general list. I've been using PHP since early 2000, and work as webmaster at the University of Northern British Columbia. I'm running into a problem with file uploads being handled in ascii rather than binary format. I've been writing a CMS for the past few months and the wysiwyg editor we're integrating has a very nice image manager built in (www.devedit.com). However, the uploads are being transferred in ascii format instead of binary (or auto-detect) which is mangling all the images. I've done a lot of research into this but can't seem to pin down the problem. I've looked through both my php.ini and httpd.conf and can't seem to find anything there that would remedy this problem. Does anyone have any advice as to where I should be looking to fix this problem? Thanks much in advance. Cheers, Pablo --- Pablo Gosse Webmaster University of Northern British Columbia 250.960.5621 [EMAIL PROTECTED] --- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] link question
a href=path/to/file.php?var=?php echo $val; ?link/a And on the receiving page access var via $_GET['var'] Of course, how you actually append the value in question to your link will depend on your own code. I use ADOdb for all my db work, so for me it would be something like this: echo 'table'; while (!$rs-EOF) { echo 'tr tda href=/path/to/file.php?var='.$rs-fields['unique_key'].'link/a/td tdmore table cells.../td /tr $rs-MoveNext(); } echo '/table'; Cheers, Pablo -Original Message- From: Davy Campano [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 22, 2003 1:30 PM To: [EMAIL PROTECTED] Subject: [PHP] link question I have a php page that makes a table from data in a mySQL database. What I want to do is make the first entry in the table be a Unique key that is a link, that when you click on this key it opens another page with some more information. Basically I am trying to figure out how to pass this key from this page to the next. Thanks for any help! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php