Re: [PHP] checking dates not working
On 11/11/2011, at 11:35 AM, Marc Fromm wrote:
I have this bit of code to see if a date is greater or equal to a set date.
echo(date(m/d/Y,strtotime($jobs_effective_start)));// displays entered date
of 01/03/2012
echo(date(m/d/Y,strtotime(WSOFFBEGIN))); // displays set date of 09/16/2011
if (!(date(m/d/Y,strtotime($jobs_effective_start)) =
date(m/d/Y,strtotime(WSOFFBEGIN {
$error.=The effective start date must be AFTER
.WSOFFBEGIN.\n; unset($_POST[jobs_effective_start]);
}
My error message is displaying. The if statement is executing as true, as if
01/03/2012 is not greater or equal to 09/16/2011.
This is not correct since a date in 2012 should be greater than a date in
2011.
If I use 12/31/2011 as the $job_effective_start date the error message is not
displayed since 12/31/2011 is greater than 09/16/2011 and the if statement
executes as fasle.
Any ideas on why a 2012 date is treated as not greater than a 2011 date?
Thanks
Marc
String comparisons (which is what is happening here) are done left to right. so
it's comparing month, then day, then year. You could use a Ymd format or just
compare the values of strtotime().
---
Simon Welsh
Admin of http://simon.geek.nz/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] checking dates not working
On Thu, Nov 10, 2011 at 4:35 PM, Marc Fromm marc.fr...@wwu.edu wrote:
I have this bit of code to see if a date is greater or equal to a set date.
echo(date(m/d/Y,strtotime($jobs_effective_start)));// displays entered date
of 01/03/2012
echo(date(m/d/Y,strtotime(WSOFFBEGIN))); // displays set date of 09/16/2011
if (!(date(m/d/Y,strtotime($jobs_effective_start)) =
date(m/d/Y,strtotime(WSOFFBEGIN {
$error.=The effective start date must be AFTER
.WSOFFBEGIN.\n; unset($_POST[jobs_effective_start]);
}
Why in the world are you comparing the formatted display dates instead
of the numeric dates set by strtotime?
if (!strtoftime($jobs_effective_start) = strtotime(WSOFFBEGIN))
will do what you want.
Also -- why not just set WSOFFBEGIN to the converted date value
instead of converting it each time you use it? (Assuming that's a
defined constant.)
define('WSOFFBEGIN',strtotime(-MM-DD));
or whatever.
If you need both forms (string and numeric) define two constants, one
dependent on the other.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Checking file type when uploading
Catherine Madsen wrote:
Hi!
I have created a form following the PHP manual to upload files and need
to restrict the upload to only PDF. How do I check the file type
($_FILES['userfile']['type']?) and where: on the form page or on the
validation page? I want to be able to tell the users that their file
doesn't have the right format. Thank you very much for your help!
My form is :
?php
session_start();
$_SESSION['new_name'] = $_POST['new_name'];
?
form enctype=multipart/form-data action=upload_file.php method=POST
input type=hidden name=MAX_FILE_SIZE value=100 /
Upload this file: input name=userfile size=50 type=file /
input type=submit value=Upload File /
/form
The validation:
?php
session_start();
$dirname = $_SESSION['new_name'];
$uploaddir = 'my_path'. $dirname. '/';
if (!(is_dir($uploaddir)))
{
if (!mkdir($uploaddir,0775))
print error: . $uploaddir . \n;
exit;
}
$uploadfile = $uploaddir . basename($_FILES['userfile']['name']);
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
header('Location: my_page');
} else {
header('Location: my_error_page');
}
?
Catherine
Check here
http://www.w3schools.com/TAGS/att_form_accept.asp
You should also verify the extension on the processing page. Someone could post
the data to your processing script without using your form.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Checking for internet connection.
Hi Bob Bob McConnell wrote on 23/12/2009 14:35: From: Andy Shellam And I was pointing out that this would not be a valid test when there is a caching DNS on the LAN. I also pointed out how to avoid caching issues - the comment was aimed at the author of the message before mine. Too much of the conversation and most of the attribution was stripped too early for this to be coherent. Why the negativity? A question was asked and several possible solutions were provided based on that original question. All the conversation was relevant IMO. But long before it was done it was impossible to tell who had asked which questions, who had provided which answers and who had countered those answers. In several instances, replies appeared to be directed to the wrong individuals. Leaving the above for a reason. I find your answer to Andy rude and offensive! Remind me not to try to help you next time. Some people here tend to go way too far when trimming context from replies. Yes, I know it gets difficult to read when there are more than ten or twelve levels of attribution, but stripping all but the last layer is even worse. No, that's called netetiquette, have a look at: http://www.the-eggman.com/writings/etiquitte_1.html Quote: When responding to E-Mail, don't quote the entire original message in your reply. Only quote the relevant parts, and only to the extent that they will help orient the recipient on your reply. (and this mail is not to start a flame war) Removing the participants names from the top should be a hanging offense. I don't keep copies of every message in any of the dozens of mailing lists and news groups I follow, so there is no simple way to go back through the conversation to figure out where it all came from. Well, because _you_ don't wanna follow proper netetiquette doesn't mean everyone else should violate those rules, does it? :-) And a merry christmas to you. -- Kind regards Kim Emax - masterminds.dk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Checking for internet connection.
From: Kim Madsen Bob McConnell wrote on 23/12/2009 14:35: From: Andy Shellam And I was pointing out that this would not be a valid test when there is a caching DNS on the LAN. I also pointed out how to avoid caching issues - the comment was aimed at the author of the message before mine. Too much of the conversation and most of the attribution was stripped too early for this to be coherent. Why the negativity? A question was asked and several possible solutions were provided based on that original question. All the conversation was relevant IMO. But long before it was done it was impossible to tell who had asked which questions, who had provided which answers and who had countered those answers. In several instances, replies appeared to be directed to the wrong individuals. Some people here tend to go way too far when trimming context from replies. Yes, I know it gets difficult to read when there are more than ten or twelve levels of attribution, but stripping all but the last layer is even worse. No, that's called netetiquette, have a look at: http://www.the-eggman.com/writings/etiquitte_1.html Quote: When responding to E-Mail, don't quote the entire original message in your reply. Only quote the relevant parts, and only to the extent that they will help orient the recipient on your reply. The problem arises when too many of the relevant parts are also removed, which happened far too often on this thread as well as others. When the core context is not retained, the conversation drifts and quickly becomes useless to either the early posters or later readers. I did not mean to be rude, but to point out what I see as a serious problem that has been growing on this list recently. On the other hand, I have not had my cup of hot chocolate yet this morning, so am probably not completely awake yet. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Checking for internet connection.
On Wed, Dec 23, 2009 at 14:35, Bob McConnell r...@cbord.com wrote: I don't keep copies of every message in any of the dozens of mailing lists and news groups I follow, so there is no simple way to go back through the conversation to figure out where it all came from. Fortunately, other people keep complete archives for you: http://news.php.net/php.general http://marc.info/?l=php-general -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Checking for internet connection.
Kim Madsen wrote on 23/12/2009 17:01: Okay, explanation excepted, E-mails can easily be misunderstood :-) May you have a merry Christmas (grab another cup of choco, just in case ;-)) correction: accepted Now _I'M_ gonna get a cup of chocolate :-) -- Kind regards Kim Emax - masterminds.dk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Checking for internet connection.
On Sat, Dec 19, 2009 at 19:13, Angus Mann angusm...@pobox.com wrote:
Hi all.
I'w writing a PHP app that is designed to run over a LAN, so internet
connection for the server is not really essential. Some users may
deliberately not connect it to the internet as a security precaution.
But I'd like the app to make use of an internet connection if it exists to
check for an update, and notify the user.
Is there a simple way for a PHP script to check if it has an internet
connection?
If it's running on Linux, this will work. For other OS'es, you
may have to tweak it a bit.
?php
$ip = '24.254.254.1'; // This is a bogus address. Replace it with yours.
exec('ping -c 1 -w 3 '.$ip,$ret,$err);
if($err) die('Internet connection unavailable.');
?
This executes a system call to the PING utility, which then sends
a single packet with a deadline of 3 seconds to the address. If it
causes anything but a 0 return on STDERR, it dies with the message
Internet connection unavailable.
Don't use name-based lookups unless you absolutely have to in this
case. There are more points of failure and bottlenecking, which can
make your code run really slow or fail completely.
--
/Daniel P. Brown
daniel.br...@parasane.net || danbr...@php.net
http://www.parasane.net/ || http://www.pilotpig.net/
Looking for hosting or dedicated servers? Ask me how we can fit your budget!
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Checking for internet connection.
Both at home and at work there are caching DNS on the LAN. So a DNS request may come back with a valid IP address when the WAN connection is down. I still won't be able to connect to the remote site. Dig an external server - e.g. dig @a.root-servers.net google.co.uk If your net is down the query will fail even if the reply is cached locally, because you're specifically requesting a response from a.root-servers.net.
Re: [PHP] Checking for internet connection.
On 21 Dec 2009, at 19:40, Andy Shellam wrote: Both at home and at work there are caching DNS on the LAN. So a DNS request may come back with a valid IP address when the WAN connection is down. I still won't be able to connect to the remote site. Dig an external server - e.g. dig @a.root-servers.net google.co.uk If your net is down the query will fail even if the reply is cached locally, because you're specifically requesting a response from a.root-servers.net. I'm confused... what's the problem with just trying to hit the update server? If you can then you check for updates, if not then you, erm, don't. Simples, no? -Stuart -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Checking for internet connection.
From: Andy Shellam Both at home and at work there are caching DNS on the LAN. So a DNS request may come back with a valid IP address when the WAN connection is down. I still won't be able to connect to the remote site. Dig an external server - e.g. dig @a.root-servers.net google.co.uk If your net is down the query will fail even if the reply is cached locally, because you're specifically requesting a response from a.root-servers.net. What means dig? I can't find it in the function index of the online manual. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Checking for internet connection.
On Tue, 2009-12-22 at 08:27 -0500, Bob McConnell wrote: From: Andy Shellam Both at home and at work there are caching DNS on the LAN. So a DNS request may come back with a valid IP address when the WAN connection is down. I still won't be able to connect to the remote site. Dig an external server - e.g. dig @a.root-servers.net google.co.uk If your net is down the query will fail even if the reply is cached locally, because you're specifically requesting a response from a.root-servers.net. What means dig? I can't find it in the function index of the online manual. Bob McConnell It's not a PHP thing, it's a network thing (Domain Information Groper) http://en.wikipedia.org/wiki/Domain_Information_Groper Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] Checking for internet connection.
Bob McConnell wrote on 21/12/2009 15:05: Both at home and at work there are caching DNS on the LAN. So a DNS request may come back with a valid IP address when the WAN connection is down. I still won't be able to connect to the remote site. Then use fopen() to read a page you know exists? -- Kind regards Kim Emax - masterminds.dk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Checking for internet connection.
I'm confused... what's the problem with just trying to hit the update server? If you can then you check for updates, if not then you, erm, don't. Simples, no? True, I think I said this same thing in a previous post - I suggested the DNS option if all the OP wanted to do was check if an Internet connection was there. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Checking for internet connection.
From: Andy Shellam I'm confused... what's the problem with just trying to hit the update server? If you can then you check for updates, if not then you, erm, don't. Simples, no? True, I think I said this same thing in a previous post - I suggested the DNS option if all the OP wanted to do was check if an Internet connection was there. And I was pointing out that this would not be a valid test when there is a caching DNS on the LAN. Too much of the conversation and most of the attribution was stripped too early for this to be coherent. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Checking for internet connection.
And I was pointing out that this would not be a valid test when there is a caching DNS on the LAN. I also pointed out how to avoid caching issues - the comment was aimed at the author of the message before mine. Too much of the conversation and most of the attribution was stripped too early for this to be coherent. Why the negativity? A question was asked and several possible solutions were provided based on that original question. All the conversation was relevant IMO.
RE: [PHP] Checking for internet connection.
From: Andy Shellam By attempting to connect you will implicitly query DNS (which itself is a connection to server). No it's not - it's putting out a packet targeted at an IP address and hoping a server will answer - hence why multi-cast works for DNS because you're not directly connecting to a specified server, like you do with TCP/IP. I believe it's similar for ping which is why it's used so commonly in monitoring applications. If you're not online you won't be able to resolve the domain name. Exactly - so if all the OP wanted to check for was a working Internet connection, then DNS is a better way to go IMHO. Both at home and at work there are caching DNS on the LAN. So a DNS request may come back with a valid IP address when the WAN connection is down. I still won't be able to connect to the remote site. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Checking for internet connection.
I think the only way to detect if it can connect to the Internet is to see if you can grab a file from somewhere on the Internet. I'd hazard a guess that when operating systems are able to tell you they can connect to the Internet they are actually saying they can ping a predetermined remote host. I think checking if PHP can grab a remote file with Curl would be sufficient in this case. Personally, I'd do a DNS lookup - even connecting to a server is a lot more overhead than a simple DNS request. You could force the DNS server to be one external to your network - e.g. dig @a.root-servers.net www.google.co.uk. If the dig command fails, you're not connected. Or just try and get the update anyway - if the download fails, you're not connected (or there's something wrong with the update server.)
Re: [PHP] Checking for internet connection.
On Sun, Dec 20, 2009 at 2:32 AM, Andy Shellam andy-li...@networkmail.eu wrote: I think the only way to detect if it can connect to the Internet is to see if you can grab a file from somewhere on the Internet. I'd hazard a guess that when operating systems are able to tell you they can connect to the Internet they are actually saying they can ping a predetermined remote host. I think checking if PHP can grab a remote file with Curl would be sufficient in this case. Personally, I'd do a DNS lookup - even connecting to a server is a lot more overhead than a simple DNS request. You could force the DNS server to be one external to your network - e.g. dig @a.root-servers.net www.google.co.uk. If the dig command fails, you're not connected. Or just try and get the update anyway - if the download fails, you're not connected (or there's something wrong with the update server.) By attempting to connect you will implicitly query DNS (which itself is a connection to server). If you're not online you won't be able to resolve the domain name. Hence no overhead of actually connecting, because that won't even start to happen until the hostname is resolved to an IP. If it happens to resolve from some cache, oh well. Not like its that much overhead. You're nitpicking over the number of packets it takes to SYN/ACK. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Checking for internet connection.
By attempting to connect you will implicitly query DNS (which itself is a connection to server). No it's not - it's putting out a packet targeted at an IP address and hoping a server will answer - hence why multi-cast works for DNS because you're not directly connecting to a specified server, like you do with TCP/IP. I believe it's similar for ping which is why it's used so commonly in monitoring applications. If you're not online you won't be able to resolve the domain name. Exactly - so if all the OP wanted to check for was a working Internet connection, then DNS is a better way to go IMHO. Hence no overhead of actually connecting, because that won't even start to happen until the hostname is resolved to an IP. If it happens to resolve from some cache, oh well. Not like its that much overhead. You're nitpicking over the number of packets it takes to SYN/ACK. Yep and if it's running inside a LAN with x number of computers all doing the same thing, that mounts up to a lot of unnecessary traffic - I've seen it. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Checking for internet connection.
On Sun, 2009-12-20 at 10:13 +1000, Angus Mann wrote:
Hi all.
I'w writing a PHP app that is designed to run over a LAN, so internet
connection for the server is not really essential. Some users may
deliberately not connect it to the internet as a security precaution.
But I'd like the app to make use of an internet connection if it exists to
check for an update, and notify the user.
Is there a simple way for a PHP script to check if it has an internet
connection?
I thought of this :
if(fsockopen(www.google.com, 80)){
// we are connected
}
Is this OK or is there something better for the purpose?
Why can't you put the update on the same LAN server that the app
resides?
If that is not possible, what about using CURL, and update if it can
connect successfully, but don't if it cannot?
Thanks,
Ash
http://www.ashleysheridan.co.uk
Re: [PHP] Checking for internet connection.
Why can't you put the update on the same LAN server that the app resides? If that is not possible, what about using CURL, and update if it can connect successfully, but don't if it cannot? Thanks, Ash http://www.ashleysheridan.co.uk Since the LAN is remote (many hundreds of miles away) from the source of the update, the only practical way to deliver an update every month or week to multiple users is to make it available for download from a central update server. I'm just trying to maximize efficiency by checking if an internet connection exists, and abandoning further attempts to check for update availability if it does not. The idea to use CURL seems valid, but it pre-supposes that I know the answer to my own question. To use your suggestion, I'd have to have some mechanism to detect if it can connect successfully. I'm asking what that mechanism should be, and if the one I've suggested is good, or flawed in some way.
Re: [PHP] Checking for internet connection.
On Sun, 2009-12-20 at 10:36 +1000, Angus Mann wrote: Why can't you put the update on the same LAN server that the app resides? If that is not possible, what about using CURL, and update if it can connect successfully, but don't if it cannot? Thanks, Ash http://www.ashleysheridan.co.uk Since the LAN is remote (many hundreds of miles away) from the source of the update, the only practical way to deliver an update every month or week to multiple users is to make it available for download from a central update server. I'm just trying to maximize efficiency by checking if an internet connection exists, and abandoning further attempts to check for update availability if it does not. The idea to use CURL seems valid, but it pre-supposes that I know the answer to my own question. To use your suggestion, I'd have to have some mechanism to detect if it can connect successfully. I'm asking what that mechanism should be, and if the one I've suggested is good, or flawed in some way. I think the only way to detect if it can connect to the Internet is to see if you can grab a file from somewhere on the Internet. I'd hazard a guess that when operating systems are able to tell you they can connect to the Internet they are actually saying they can ping a predetermined remote host. I think checking if PHP can grab a remote file with Curl would be sufficient in this case. Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] Checking for internet connection.
Curl_init() will return a resource or false if it fails, like it would if no Internet connection were present. J Corry Sent from my iPhone On Dec 19, 2009, at 5:36 PM, Angus Mann angusm...@pobox.com wrote: Why can't you put the update on the same LAN server that the app resides? If that is not possible, what about using CURL, and update if it can connect successfully, but don't if it cannot? Thanks, Ash http://www.ashleysheridan.co.uk Since the LAN is remote (many hundreds of miles away) from the source of the update, the only practical way to deliver an update every month or week to multiple users is to make it available for download from a central update server. I'm just trying to maximize efficiency by checking if an internet connection exists, and abandoning further attempts to check for update availability if it does not. The idea to use CURL seems valid, but it pre-supposes that I know the answer to my own question. To use your suggestion, I'd have to have some mechanism to detect if it can connect successfully. I'm asking what that mechanism should be, and if the one I've suggested is good, or flawed in some way. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Checking for internet connection.
The next way to handle this might be to code an AIR app. Then it's a
simple js trap to see if connectivity exists.
Bastien
Sent from my iPod
On Dec 19, 2009, at 7:13 PM, Angus Mann angusm...@pobox.com wrote:
Hi all.
I'w writing a PHP app that is designed to run over a LAN, so
internet connection for the server is not really essential. Some
users may deliberately not connect it to the internet as a security
precaution.
But I'd like the app to make use of an internet connection if it
exists to check for an update, and notify the user.
Is there a simple way for a PHP script to check if it has an
internet connection?
I thought of this :
if(fsockopen(www.google.com, 80)){
// we are connected
}
Is this OK or is there something better for the purpose?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] checking local file size
I tried installing it like the documentation said... but I got the following errors. I contacted the hosting service (dreamhost) and they said they don't provide support for pecl, though they do support perl. Anyone? -- $ pecl install uploadprogress Failed to download pecl/uploadprogress within preferred state stable, latest release is version 0.9.1, stability beta, use channel://pecl.php.net/uploadprogress-0.9.1 to install Cannot initialize 'uploadprogress', invalid or missing package file Package uploadprogress is not valid install failed $ pecl install uploadprogress-beta Cannot install, php_dir for channel pecl.php.net is not writeable by the current user .com/ Um, sudo? Or be root when you install as the PEAR/PECL structure is usually owned by root. Just tried that - I don't have the permissions to sudo :( -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] checking local file size
John Pillion wrote: I already downloaded that, thanks. How do I apply it is my question. There's no documentation for the installation of it, that I see 'Course it is :) http://www.php.net/manual/en/install.pecl.php Linked from here: http://pecl.php.net/doc/index.php I tried installing it like the documentation said... but I got the following errors. I contacted the hosting service (dreamhost) and they said they don't provide support for pecl, though they do support perl. Anyone? -- $ pecl install uploadprogress Failed to download pecl/uploadprogress within preferred state stable, latest release is version 0.9.1, stability beta, use channel://pecl.php.net/uploadprogress-0.9.1 to install Cannot initialize 'uploadprogress', invalid or missing package file Package uploadprogress is not valid install failed $ pecl install uploadprogress-beta Cannot install, php_dir for channel pecl.php.net is not writeable by the current user .com/ Um, sudo? Or be root when you install as the PEAR/PECL structure is usually owned by root. Cheers -- David Robley This is a sick bird, said Tom illegally. Today is Sweetmorn, the 59th day of The Aftermath in the YOLD 3174. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] checking local file size
Well you need to know the TMP file name that has been in progress of upload, it is usually at /tmp folder also you need to know the actual size of file uploading, there is an extension for PHP that will give you this info but you need to compile it , on my cars site for uploading images I am using this one http://blog.liip.ch/archive/2006/09/28/upload-progress-meter- extension-for-php-5-2.html On Dec 16, 2008, at 9:20 PM, John P wrote: I know this isn't a php question (though I'm using PHP for the server side... does that count?). I'm hoping though that some of you guys are just as experienced in ajax as you are PHP, because I can't find any good ajax forums. you can respond to me personally if needed, to keep it off the php list my question: I know there are alot of ajax/php upload progress bars out there, but they're either complicated, unreliable, or just generally don't fit my needs. Thus, i'm making my own. One problem I'm running into though, is how to check the local file size as compared to the uploaded file size. I can check and display the total uploaded size (ie, 437kb uploaded so far...), but to get the percent, I have to know the total size - BEFORE it's fully uploaded. I would like to say 437kb of 932kb uploaded so far... but how do I get the 932 from the local file? It doesn't do too much good to say how much has been uploaded if they don't know how much is left... I know it's possible (most other meters do this) - I just can't figure out how. any hints? Thanks -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Bojan Tesanovic http://classiccars.carster.us/
Re: [PHP] checking local file size
Bojan Tesanovic btesano...@gmail.com wrote in message news:c4dac606-7711-49cd-9e03-5cdd5627f...@gmail.com... Well you need to know the TMP file name that has been in progress of upload, it is usually at /tmp folder I know how to get that... also you need to know the actual size of file uploading, there is an extension for PHP that will give you this info but you need to compile it , on my cars site for uploading images I am using this one http://blog.liip.ch/archive/2006/09/28/upload-progress-meter- extension-for-php-5-2.html I downloaded the uploadprogress zip from that site (their example looks like it provides what I'm looking for). At the expense of sounding ignorant... How do I add that extension to PHP? I looked through the example code, and I get the idea of what's happening, but I don't know how to add it to my server (I use shared hosting, though I have shell access). Does it need to be built into a *.so or *.dll and added to the PHP.ini file? If so, how do I build it? In short, what next? Thanks On Dec 16, 2008, at 9:20 PM, John P wrote: I know this isn't a php question (though I'm using PHP for the server side... does that count?). I'm hoping though that some of you guys are just as experienced in ajax as you are PHP, because I can't find any good ajax forums. you can respond to me personally if needed, to keep it off the php list my question: I know there are alot of ajax/php upload progress bars out there, but they're either complicated, unreliable, or just generally don't fit my needs. Thus, i'm making my own. One problem I'm running into though, is how to check the local file size as compared to the uploaded file size. I can check and display the total uploaded size (ie, 437kb uploaded so far...), but to get the percent, I have to know the total size - BEFORE it's fully uploaded. I would like to say 437kb of 932kb uploaded so far... but how do I get the 932 from the local file? It doesn't do too much good to say how much has been uploaded if they don't know how much is left... I know it's possible (most other meters do this) - I just can't figure out how. any hints? Thanks -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Bojan Tesanovic http://classiccars.carster.us/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] checking local file size
John Pillion wrote: Bojan Tesanovic btesano...@gmail.com wrote in message news:c4dac606-7711-49cd-9e03-5cdd5627f...@gmail.com... Well you need to know the TMP file name that has been in progress of upload, it is usually at /tmp folder I know how to get that... also you need to know the actual size of file uploading, there is an extension for PHP that will give you this info but you need to compile it , on my cars site for uploading images I am using this one http://blog.liip.ch/archive/2006/09/28/upload-progress-meter- extension-for-php-5-2.html I downloaded the uploadprogress zip from that site (their example looks like it provides what I'm looking for). At the expense of sounding ignorant... How do I add that extension to PHP? I looked through the example code, and I get the idea of what's happening, but I don't know how to add it to my server (I use shared hosting, though I have shell access). Does it need to be built into a *.so or *.dll and added to the PHP.ini file? If so, how do I build it? In short, what next? http://pecl.php.net/package/uploadprogress -- Postgresql php tutorials http://www.designmagick.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] checking local file size
Bojan Tesanovic btesano...@gmail.com wrote in message news:c4dac606-7711-49cd-9e03-5cdd5627f...@gmail.com... Well you need to know the TMP file name that has been in progress of upload, it is usually at /tmp folder I know how to get that... also you need to know the actual size of file uploading, there is an extension for PHP that will give you this info but you need to compile it , on my cars site for uploading images I am using this one http://blog.liip.ch/archive/2006/09/28/upload-progress-meter- extension-for-php-5-2.html I downloaded the uploadprogress zip from that site (their example looks like it provides what I'm looking for). At the expense of sounding ignorant... How do I add that extension to PHP? I looked through the example code, and I get the idea of what's happening, but I don't know how to add it to my server (I use shared hosting, though I have shell access). Does it need to be built into a *.so or *.dll and added to the PHP.ini file? If so, how do I build it? In short, what next? http://pecl.php.net/package/uploadprogress I already downloaded that, thanks. How do I apply it is my question. There's no documentation for the installation of it, that I see -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] checking local file size
In short, what next? http://pecl.php.net/package/uploadprogress I already downloaded that, thanks. How do I apply it is my question. There's no documentation for the installation of it, that I see 'Course it is :) http://www.php.net/manual/en/install.pecl.php Linked from here: http://pecl.php.net/doc/index.php -- Postgresql php tutorials http://www.designmagick.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] checking local file size
I already downloaded that, thanks. How do I apply it is my question. There's no documentation for the installation of it, that I see 'Course it is :) http://www.php.net/manual/en/install.pecl.php Linked from here: http://pecl.php.net/doc/index.php I tried installing it like the documentation said... but I got the following errors. I contacted the hosting service (dreamhost) and they said they don't provide support for pecl, though they do support perl. Anyone? -- $ pecl install uploadprogress Failed to download pecl/uploadprogress within preferred state stable, latest release is version 0.9.1, stability beta, use channel://pecl.php.net/uploadprogress-0.9.1 to install Cannot initialize 'uploadprogress', invalid or missing package file Package uploadprogress is not valid install failed $ pecl install uploadprogress-beta Cannot install, php_dir for channel pecl.php.net is not writeable by the current user .com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Checking for http://
On Fri, Aug 29, 2008 at 11:25 AM, Ron Piggott [EMAIL PROTECTED]wrote:
How do I check if http:// is at the beginning of $web_site and if it
isn't add it? Ron
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
You could use substr() (www.php.net/substr)
if ( substr( $web_site, 0, 7 ) != http://; )
{
$web_site = http://; . $web_site;
}
--
-Dan Joseph
www.canishosting.com - Plans start @ $1.99/month.
Build a man a fire, and he will be warm for the rest of the day.
Light a man on fire, and will be warm for the rest of his life.
Re: [PHP] Checking for http://
On Fri, Aug 29, 2008 at 11:33 AM, Dan Joseph [EMAIL PROTECTED] wrote:
You could use substr() (www.php.net/substr)
if ( substr( $web_site, 0, 7 ) != http://; )
{
$web_site = http://; . $web_site;
}
--
-Dan Joseph
Or parse_url()
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Checking for http://
You could use substr() (www.php.net/substr) strncmp is better and faster for this purpose. Best Regards, Felhő -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] checking if URL's exist
On Wednesday 09 July 2008 12:18:27 [EMAIL PROTECTED] wrote: Hi All, I have a Directory table with hundreds of URL's to sites and want to check periodically if all the URL's still exist. Does anyone know of a utility to check this ? Or a pointer to a piece of code ... TIA, Cor ping whois traceroute ... and a lot more -- --- Børge Holen http://www.arivene.net -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] checking if URL's exist
You need
$s= fsockopen('host.com',80);
fwrite($s,GET .$URL. HTTP/1.1 \r\n);
fwrite($s,Host: host.com \r\n\r\n);
and you must read first string - if url exists string begining with 200
or 304
if url not exists string begin - is 404
Børge Holen пишет:
On Wednesday 09 July 2008 12:18:27 [EMAIL PROTECTED] wrote:
Hi All,
I have a Directory table with hundreds of URL's to sites
and want to check periodically if all the URL's still exist.
Does anyone know of a utility to check this ?
Or a pointer to a piece of code ...
TIA, Cor
ping whois traceroute ... and a lot more
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] checking if URL's exist
On Wed, Jul 9, 2008 at 6:18 AM, [EMAIL PROTECTED] wrote:
Hi All,
I have a Directory table with hundreds of URL's to sites
and want to check periodically if all the URL's still exist.
Does anyone know of a utility to check this ?
Or a pointer to a piece of code ...
TIA, Cor
?php
// $urls = Your array of URLs
foreach($urls as $u) {
if(file_get_contents($u)) {
echo $u. appears to exist.\n;
} else {
echo $u. does not appear to exist.\n;
}
}
?
--
/Daniel P. Brown
Dedicated Servers - Intel 2.4GHz w/2TB bandwidth/mo. starting at just
$59.99/mo. with no contract!
Dedicated servers, VPS, and hosting from $2.50/mo.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Checking how many letters are in a string.
On 20/03/2008, tedd [EMAIL PROTECTED] wrote: At 9:29 PM +0200 3/19/08, Dotan Cohen wrote: I am asking the second question: how many Hebrew characters in a string that _very_likely_ contains other characters as well. The array suggestion sounds about what I am doing: checking if each letter is a Hebrew character. I will also look into the mb_ functions. I did not know about them before. Thanks. Dotan Cohen Dotan: It really doesn't make any difference. If you have a single character that is not ASCII, then it's something beyond ASCII and you'll need to use the mb_functions. Unicode contains all known characters (code points) including ASCII with values equal to ASCII -- so there's no problem between code points and ASCII. The beyond ASCII string problem is basically what is a character? We all know what an a is, but what about a with a ~ above it? Is it one character or two? If it's a combination of two code points, then it's a grapheme. What about the character fi when it's combined? Is it one character or two? In this case, it's a ligature and is a single code point. So, when you are trying to count characters in a string, using ASCII based functions won't work because they might count one character as two and break the character in two parts. Or, the character might be actually two characters, but they should be counted as one. As such, mb_functions are designed to work with these types of problems where as standard string functions won't. The easy way to tell IF you should use mb_functions is if all the characters you're working with appear in the ASCII table, then standard string functions apply. However, if any of the characters are not found in ASCII, then you need to go another route. At least, that's my understanding. Cheers, tedd Thank you Tedd, that was very helpful. After reading your mail from yesterday I went to wikipedia to learn what graphemes and ligatures are. Your example of fi was there, otherwise I would have had no idea that those letters can be combined. In Hebrew and Arabic, especially, I can see how the vowel points (Hebrew) and combinations like LA (Arabic) can confuse the ASCII function. Thanks. Dotan Cohen http://what-is-what.com http://gibberish.co.il א-ב-ג-ד-ה-ו-ז-ח-ט-י-ך-כ-ל-ם-מ-ן-נ-ס-ע-ף-פ-ץ-צ-ק-ר-ש-ת A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing?
Re: [PHP] Checking how many letters are in a string.
At 9:10 AM +0200 3/20/08, Dotan Cohen wrote: On 20/03/2008, tedd [EMAIL PROTECTED] wrote: At least, that's my understanding. Cheers, tedd Thank you Tedd, that was very helpful. After reading your mail from yesterday I went to wikipedia to learn what graphemes and ligatures are. Your example of fi was there, otherwise I would have had no idea that those letters can be combined. In Hebrew and Arabic, especially, I can see how the vowel points (Hebrew) and combinations like LA (Arabic) can confuse the ASCII function. Thanks. Dotan Cohen Dotan: No problem -- if you want a great book on the subject, try: Building Scalable Web Sites by Henderson Chapter 4 is all about l16n, L10n, and Unicode. Makes a good read. Plus, there's a lot more good stuff in that book. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Checking how many letters are in a string.
-Original Message- From: tedd Chapter 4 is all about l16n, L10n, and Unicode. Makes a good read. What's l16n? Did you mean i18n (internationasation)? (I'm not being a pedant; just wondered if I was missing something) :) Edward -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Checking how many letters are in a string.
I need to count how many Hebrew characters a given string has. I have been checking, character by character, if the given character is a [א-ת] and if so I simply ++ the counting variable. It turns out that this is rather resouce intensive, and I may need a better way of doing this. I have looked at count_chars and considered writing a wrapper function for each of the 27 letters of the Hebrew alphabet, but I am quite sure that there is a cleverer method. Any ideas? You may want to investigate mb_strlen(): http://uk.php.net/mb_strlen -- Richard Heyes Employ me: http://www.phpguru.org/cv -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Checking how many letters are in a string.
At 6:39 PM +0200 3/19/08, Dotan Cohen wrote: I need to count how many Hebrew characters a given string has. I have been checking, character by character, if the given character is a [ý] and if so I simply ++ the counting variable. It turns out that this is rather resouce intensive, and I may need a better way of doing this. I have looked at count_chars and considered writing a wrapper function for each of the 27 letters of the Hebrew alphabet, but I am quite sure that there is a cleverer method. Any ideas? Dotan Cohen Dotan: Are you using mb_whatever functions? Hebrew characters are not ASCII and as such may contain graphemes and ligatures. You need to use Unicode safe routines (i.e., mb_strlen() etc. ) for string manipulations. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Checking how many letters are in a string.
Is the question: How do I tell how many characters are in a string that may contain Hebrew characters? or is the question... How do I tell how many Hebrew characters are in a string that may contain Hebrew and non-Hebrew characters.. but I only want a count of the Hebrew characters? or maybe even... How do I tell if there are Hebrew characters in a string? Regardless of actual count? The mb_strlen() sounds like it would work for the first question, but that's not exactly what you asked. What you asked was closer to the second question, which wouldn't be solved by using mb_strlen() I believe. In the second two cases, you might be able to use a preg_match type search. If no other functions work, you could parse the string into an array and compare against an array containing hebrew characters. -TG - Original Message - From: Dotan Cohen [EMAIL PROTECTED] To: php php-general@lists.php.net Date: Wed, 19 Mar 2008 18:39:19 +0200 Subject: [PHP] Checking how many letters are in a string. I need to count how many Hebrew characters a given string has. I have been checking, character by character, if the given character is a [×-ת] and if so I simply ++ the counting variable. It turns out that this is rather resouce intensive, and I may need a better way of doing this. I have looked at count_chars and considered writing a wrapper function for each of the 27 letters of the Hebrew alphabet, but I am quite sure that there is a cleverer method. Any ideas? Dotan Cohen http://what-is-what.com http://gibberish.co.il ×-×-×-×-×-×-×-×-×-×-×-×-×-×-×-×-× -ס-×¢-×£-פ-×¥-צ-ק-ר-ש-ת A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Checking how many letters are in a string.
On 19/03/2008, TG [EMAIL PROTECTED] wrote: Is the question: How do I tell how many characters are in a string that may contain Hebrew characters? or is the question... How do I tell how many Hebrew characters are in a string that may contain Hebrew and non-Hebrew characters.. but I only want a count of the Hebrew characters? or maybe even... How do I tell if there are Hebrew characters in a string? Regardless of actual count? The mb_strlen() sounds like it would work for the first question, but that's not exactly what you asked. What you asked was closer to the second question, which wouldn't be solved by using mb_strlen() I believe. In the second two cases, you might be able to use a preg_match type search. If no other functions work, you could parse the string into an array and compare against an array containing hebrew characters. -TG I am asking the second question: how many Hebrew characters in a string that _very_likely_ contains other characters as well. The array suggestion sounds about what I am doing: checking if each letter is a Hebrew character. I will also look into the mb_ functions. I did not know about them before. Thanks. Dotan Cohen http://what-is-what.com http://gibberish.co.il א-ב-ג-ד-ה-ו-ז-ח-ט-י-ך-כ-ל-ם-מ-ן-נ-ס-ע-ף-פ-ץ-צ-ק-ר-ש-ת A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing?
Re: [PHP] Checking how many letters are in a string.
At 9:29 PM +0200 3/19/08, Dotan Cohen wrote: I am asking the second question: how many Hebrew characters in a string that _very_likely_ contains other characters as well. The array suggestion sounds about what I am doing: checking if each letter is a Hebrew character. I will also look into the mb_ functions. I did not know about them before. Thanks. Dotan Cohen Dotan: It really doesn't make any difference. If you have a single character that is not ASCII, then it's something beyond ASCII and you'll need to use the mb_functions. Unicode contains all known characters (code points) including ASCII with values equal to ASCII -- so there's no problem between code points and ASCII. The beyond ASCII string problem is basically what is a character? We all know what an a is, but what about a with a ~ above it? Is it one character or two? If it's a combination of two code points, then it's a grapheme. What about the character fi when it's combined? Is it one character or two? In this case, it's a ligature and is a single code point. So, when you are trying to count characters in a string, using ASCII based functions won't work because they might count one character as two and break the character in two parts. Or, the character might be actually two characters, but they should be counted as one. As such, mb_functions are designed to work with these types of problems where as standard string functions won't. The easy way to tell IF you should use mb_functions is if all the characters you're working with appear in the ASCII table, then standard string functions apply. However, if any of the characters are not found in ASCII, then you need to go another route. At least, that's my understanding. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] checking for and enforcing https
At 2:09 PM -0500 2/25/08, Daniel Brown wrote:
On Mon, Feb 25, 2008 at 1:40 PM, Rick Pasotto [EMAIL PROTECTED] wrote:
What is the best or recomended proceedure for making sure that a page is
accessed only via a secure connection?
Provided you're running SSL on the standard HTTPS port of 443,
include this at the very top of every file, before any output or
session information is sent. The best option would be to include it
in a file in a switched index.php or similar design.
?
if($_SERVER['SERVER_PORT'] != '443') {
$url = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] :
$_SERVER['SERVER_NAME'];
header(Location:
https://.$url.$_SERVER['PHP_SELF'].?.$_SERVER['QUERY_STRING']);
exit;
}
?
--
/Dan
Sometimes I feel like a child here.
Under what circumstances would one require that?
If your script is in a https directory, isn't that secure? OR, is
this something else?
Please explain.
Cheers,
tedd
--
---
http://sperling.com http://ancientstones.com http://earthstones.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] checking for and enforcing https
On Tue, Feb 26, 2008 at 9:39 AM, tedd [EMAIL PROTECTED] wrote: Sometimes I feel like a child here. Under what circumstances would one require that? If your script is in a https directory, isn't that secure? OR, is this something else? Well for instance. We have a web server here with http and https pointing to the same place. then we have an admin login for the site and we want to force people to go https even though they can do http to get there. So when our users go to http://domain/admin/ it then redirects them to https://domain/admin/. -- -Dan Joseph Build a man a fire, and he will be warm for the rest of the day. Light a man on fire, and will be warm for the rest of his life.
Re: [PHP] checking for and enforcing https
tedd wrote: Sometimes I feel like a child here. Under what circumstances would one require that? If your script is in a https directory, isn't that secure? OR, is this something else? Please explain. You might want to do such checks if your website (www.example.com) is accessible over http and https both. Typically you'll have separate content, but it might be possible for a user to accidentally access non-secure content over https which is just wasteful, or vice versa which is clearly a security risk. /Per Jessen, Zürich -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] checking for and enforcing https
On Tue, Feb 26, 2008 at 9:39 AM, tedd [EMAIL PROTECTED] wrote:
Sometimes I feel like a child here.
Under what circumstances would one require that?
If your script is in a https directory, isn't that secure? OR, is
this something else?
Please explain.
HTTPS is a protocol: HyperText Transfer Protocol - Secure. It
means using SSL (Secure Socket Layers) on an HTTP connection (via
TCP/IP, etc BVDs ;-P).
Just because your files reside in an https/ directory doesn't mean
anything if there's no SSL certificate and secure connection - usually
on port 443 as opposed to the non-secure HTTP port 80.
--
/Dan
Daniel P. Brown
Senior Unix Geek
? while(1) { $me = $mind--; sleep(86400); } ?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] checking for and enforcing https
If you are running Apache you could use a rewrite rule for such a case.
Example below
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(my|folder|examples) /https/://%{HTTP_HOST}%{REQUEST_URI}
[R=301,L]
Aleksander
Per Jessen wrote:
tedd wrote:
Sometimes I feel like a child here.
Under what circumstances would one require that?
If your script is in a https directory, isn't that secure? OR, is
this something else?
Please explain.
You might want to do such checks if your website (www.example.com) is
accessible over http and https both. Typically you'll have separate
content, but it might be possible for a user to accidentally access
non-secure content over https which is just wasteful, or vice versa
which is clearly a security risk.
/Per Jessen, ZĂĽrich
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] checking for and enforcing https
On Tue, 2008-02-26 at 09:45 -0500, Dan Joseph wrote: On Tue, Feb 26, 2008 at 9:39 AM, tedd [EMAIL PROTECTED] wrote: Sometimes I feel like a child here. Under what circumstances would one require that? If your script is in a https directory, isn't that secure? OR, is this something else? Well for instance. We have a web server here with http and https pointing to the same place. then we have an admin login for the site and we want to force people to go https even though they can do http to get there. So when our users go to http://domain/admin/ it then redirects them to https://domain/admin/. I do the same thing. For me I add an attribute to a page's pattern. Usually one of the following: 'https' = true, 'https' = false, 'https' = 'optional', Then a small bit of code checks the attribute and ensures the request meets the requirement. Cheers, Rob. -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] checking for and enforcing https
At 3:47 PM +0100 2/26/08, Per Jessen wrote: tedd wrote: Sometimes I feel like a child here. Under what circumstances would one require that? If your script is in a https directory, isn't that secure? OR, is this something else? Please explain. You might want to do such checks if your website (www.example.com) is accessible over http and https both. Typically you'll have separate content, but it might be possible for a user to accidentally access non-secure content over https which is just wasteful, or vice versa which is clearly a security risk. Let's take this scenario. I have a site that has http and https directories with the https having a certificate. I want to sell stuff. I offer the items for review in the http directories. Then a user wants to purchase something and I direct them to a unique script in the https directory and that script takes their sensitive data and finalizes the sale. What's wrong with that? Why would I also want to check if that a page is accessed only via a secure connection? Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] checking for and enforcing https
tedd [EMAIL PROTECTED] wrote: At 3:47 PM +0100 2/26/08, Per Jessen wrote: tedd wrote: Sometimes I feel like a child here. Under what circumstances would one require that? If your script is in a https directory, isn't that secure? OR, is this something else? Please explain. You might want to do such checks if your website (www.example.com) is accessible over http and https both. Typically you'll have separate content, but it might be possible for a user to accidentally access non-secure content over https which is just wasteful, or vice versa which is clearly a security risk. Let's take this scenario. I have a site that has http and https directories with the https having a certificate. I want to sell stuff. I offer the items for review in the http directories. Then a user wants to purchase something and I direct them to a unique script in the https directory and that script takes their sensitive data and finalizes the sale. What's wrong with that? Why would I also want to check if that a page is accessed only via a secure connection? Cheers, tedd The certificate/secure pages only need to be accessed via https, and those need to be the ones which gather personal/private data. It doesn't matter if someone browsing looks at them secure or non-secure. Put your data where it needs to be for the site to make sense to both the shoppers and the maintainers and use the server to handle the requires (make a /path/secure which contains the checkout pieces and require https for those via an .htaccess file) HTH, Wolf -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] checking for and enforcing https
On Tue, 2008-02-26 at 10:16 -0500, tedd wrote: At 3:47 PM +0100 2/26/08, Per Jessen wrote: tedd wrote: Sometimes I feel like a child here. Under what circumstances would one require that? If your script is in a https directory, isn't that secure? OR, is this something else? Please explain. You might want to do such checks if your website (www.example.com) is accessible over http and https both. Typically you'll have separate content, but it might be possible for a user to accidentally access non-secure content over https which is just wasteful, or vice versa which is clearly a security risk. Let's take this scenario. I have a site that has http and https directories with the https having a certificate. I want to sell stuff. I offer the items for review in the http directories. Then a user wants to purchase something and I direct them to a unique script in the https directory and that script takes their sensitive data and finalizes the sale. What's wrong with that? Nothing. But you do need to manage what files show up in which directories. Me, I just put them all into a shop directory or whatnot and check what protocol is required for access. Then I only need to manage one directory when updating the code. Why would I also want to check if that a page is accessed only via a secure connection? Because you're restricting based on access, not based on directory structure. Cheers, Rob. -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] checking for and enforcing https
At 10:24 AM -0500 2/26/08, Robert Cummings wrote:
On Tue, 2008-02-26 at 10:16 -0500, tedd wrote:
Then a user wants to purchase something and I direct them to a unique
script in the https directory and that script takes their sensitive
data and finalizes the sale. What's wrong with that?
Nothing. But you do need to manage what files show up in which
directories. Me, I just put them all into a shop directory or whatnot
and check what protocol is required for access. Then I only need to
manage one directory when updating the code.
Why would I also want to check if that a page is accessed only via a
secure connection?
Because you're restricting based on access, not based on directory
structure.
Ahhh, I see (I think).
I've been using the actual directories for my scripts, when I don't
really need to do that. I could do it automagically with code. That
would certainly make my work organization a bit easier.
So, let's say I wanted script secure.php to be forced to use https
-- do I use something like what Dan provided, namely?
?
if($_SERVER['SERVER_PORT'] != '443') {
$url = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] :
$_SERVER['SERVER_NAME'];
header(Location:
https://.$url.$_SERVER['PHP_SELF'].?.$_SERVER['QUERY_STRING']);
exit;
}
?
I know I could test the code for myself, but this is quicker.
Thanks,
tedd
--
---
http://sperling.com http://ancientstones.com http://earthstones.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] checking for and enforcing https
On Tue, Feb 26, 2008 at 10:16 AM, tedd [EMAIL PROTECTED] wrote: At 3:47 PM +0100 2/26/08, Per Jessen wrote: tedd wrote: Sometimes I feel like a child here. Under what circumstances would one require that? If your script is in a https directory, isn't that secure? OR, is this something else? Please explain. You might want to do such checks if your website (www.example.com) is accessible over http and https both. Typically you'll have separate content, but it might be possible for a user to accidentally access non-secure content over https which is just wasteful, or vice versa which is clearly a security risk. Let's take this scenario. I have a site that has http and https directories with the https having a certificate. I want to sell stuff. I offer the items for review in the http directories. Then a user wants to purchase something and I direct them to a unique script in the https directory and that script takes their sensitive data and finalizes the sale. What's wrong with that? I'm not sure I totally understand what you're meaning by having separate http and https directories. Assuming the directory where your https scripts are stored is named secure, what prevents someone from browsing to http://yourdomain/secure/ rather than https://yourdomain/secure/ ? The former would not be using SSL even though you intend it to do so; the latter would. The other issue I see, if I understand your structure correctly, is that any additional content such as images, external javascripts, flash files, etc. would have to be stored in two locations so that it could be included in both secure and nonsecure pages without throwing warnings in the browser about displaying mixed content. (Technically, you could do rewrites, symbolic links, etc. so that two paths resolve to the same physical folder.) Why would I also want to check if that a page is accessed only via a secure connection? Because you don't want someone entering information on a page that you intend to be secure unless they truly are using a secure connection. Cheers, tedd Am I misunderstanding you somewhere? Andrew -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] checking for and enforcing https
On Tue, Feb 26, 2008 at 10:56 AM, tedd [EMAIL PROTECTED] wrote:
So, let's say I wanted script secure.php to be forced to use https
-- do I use something like what Dan provided, namely?
?
if($_SERVER['SERVER_PORT'] != '443') {
$url = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] :
$_SERVER['SERVER_NAME'];
header(Location:
https://.$url.$_SERVER['PHP_SELF'].?.$_SERVER['QUERY_STRING']);
exit;
}
?
I know I could test the code for myself, but this is quicker.
Yep. Use that or: if ($_ENV[HTTPS] == off). Daniel's code is port
specific, this one checks for HTTPS being on or off.
--
-Dan Joseph
Build a man a fire, and he will be warm for the rest of the day.
Light a man on fire, and will be warm for the rest of his life.
Re: [PHP] checking for and enforcing https
On Tue, 2008-02-26 at 10:56 -0500, tedd wrote:
At 10:24 AM -0500 2/26/08, Robert Cummings wrote:
On Tue, 2008-02-26 at 10:16 -0500, tedd wrote:
Then a user wants to purchase something and I direct them to a unique
script in the https directory and that script takes their sensitive
data and finalizes the sale. What's wrong with that?
Nothing. But you do need to manage what files show up in which
directories. Me, I just put them all into a shop directory or whatnot
and check what protocol is required for access. Then I only need to
manage one directory when updating the code.
Why would I also want to check if that a page is accessed only via a
secure connection?
Because you're restricting based on access, not based on directory
structure.
Ahhh, I see (I think).
I've been using the actual directories for my scripts, when I don't
really need to do that. I could do it automagically with code. That
would certainly make my work organization a bit easier.
So, let's say I wanted script secure.php to be forced to use https
-- do I use something like what Dan provided, namely?
?
if($_SERVER['SERVER_PORT'] != '443') {
$url = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] :
$_SERVER['SERVER_NAME'];
header(Location:
https://.$url.$_SERVER['PHP_SELF'].?.$_SERVER['QUERY_STRING']);
exit;
}
?
I know I could test the code for myself, but this is quicker.
This is almost right, but you're presuming that HTTPS must be served
over port 443. It is the most likely port, but not always the case when
browsing an intranet. What you really want to check is:
$_SERVER['HTTPS'] == 'on'
Cheers,
Rob.
--
..
| InterJinn Application Framework - http://www.interjinn.com |
::
| An application and templating framework for PHP. Boasting |
| a powerful, scalable system for accessing system services |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for |
| creating re-usable components quickly and easily. |
`'
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] checking for and enforcing https
On Tue, 2008-02-26 at 10:57 -0500, Andrew Ballard wrote: On Tue, Feb 26, 2008 at 10:16 AM, tedd [EMAIL PROTECTED] wrote: At 3:47 PM +0100 2/26/08, Per Jessen wrote: tedd wrote: Sometimes I feel like a child here. Under what circumstances would one require that? If your script is in a https directory, isn't that secure? OR, is this something else? Please explain. You might want to do such checks if your website (www.example.com) is accessible over http and https both. Typically you'll have separate content, but it might be possible for a user to accidentally access non-secure content over https which is just wasteful, or vice versa which is clearly a security risk. Let's take this scenario. I have a site that has http and https directories with the https having a certificate. I want to sell stuff. I offer the items for review in the http directories. Then a user wants to purchase something and I direct them to a unique script in the https directory and that script takes their sensitive data and finalizes the sale. What's wrong with that? I'm not sure I totally understand what you're meaning by having separate http and https directories. Assuming the directory where your https scripts are stored is named secure, what prevents someone from browsing to http://yourdomain/secure/ rather than https://yourdomain/secure/ ? The former would not be using SSL even though you intend it to do so; the latter would. The other issue I see, if I understand your structure correctly, is that any additional content such as images, external javascripts, flash files, etc. would have to be stored in two locations so that it could be included in both secure and nonsecure pages without throwing warnings in the browser about displaying mixed content. (Technically, you could do rewrites, symbolic links, etc. so that two paths resolve to the same physical folder.) Why would I also want to check if that a page is accessed only via a secure connection? Because you don't want someone entering information on a page that you intend to be secure unless they truly are using a secure connection. Cheers, tedd Am I misunderstanding you somewhere? I don't think you are. I think Ted has been doing it the hard way... but the lightbulb may have just gone on :) Cheers, Rob. -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] checking for and enforcing https
On Tue, 2008-02-26 at 11:00 -0500, Dan Joseph wrote:
On Tue, Feb 26, 2008 at 10:56 AM, tedd [EMAIL PROTECTED] wrote:
So, let's say I wanted script secure.php to be forced to use https
-- do I use something like what Dan provided, namely?
?
if($_SERVER['SERVER_PORT'] != '443') {
$url = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] :
$_SERVER['SERVER_NAME'];
header(Location:
https://.$url.$_SERVER['PHP_SELF'].?.$_SERVER['QUERY_STRING']);
exit;
}
?
I know I could test the code for myself, but this is quicker.
Yep. Use that or: if ($_ENV[HTTPS] == off). Daniel's code is port
specific, this one checks for HTTPS being on or off.
Surely you mean $_SERVER['HTTPS'] and not $_ENV['HTTPS'].
Cheers,
Rob.
--
..
| InterJinn Application Framework - http://www.interjinn.com |
::
| An application and templating framework for PHP. Boasting |
| a powerful, scalable system for accessing system services |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for |
| creating re-usable components quickly and easily. |
`'
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] checking for and enforcing https
On Tue, Feb 26, 2008 at 11:04 AM, Robert Cummings [EMAIL PROTECTED] wrote: Surely you mean $_SERVER['HTTPS'] and not $_ENV['HTTPS']. woops! yep, I meant $_SERVER, thanks :) -- -Dan Joseph Build a man a fire, and he will be warm for the rest of the day. Light a man on fire, and will be warm for the rest of his life.
Re: [PHP] checking for and enforcing https
Robert Cummings wrote:
On Tue, 2008-02-26 at 11:00 -0500, Dan Joseph wrote:
On Tue, Feb 26, 2008 at 10:56 AM, tedd [EMAIL PROTECTED] wrote:
So, let's say I wanted script secure.php to be forced to use https
-- do I use something like what Dan provided, namely?
?
if($_SERVER['SERVER_PORT'] != '443') {
$url = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] :
$_SERVER['SERVER_NAME'];
header(Location:
https://.$url.$_SERVER['PHP_SELF'].?.$_SERVER['QUERY_STRING']);
exit;
}
?
I know I could test the code for myself, but this is quicker.
Yep. Use that or: if ($_ENV[HTTPS] == off). Daniel's code is port
specific, this one checks for HTTPS being on or off.
Surely you mean $_SERVER['HTTPS'] and not $_ENV['HTTPS'].
Cheers,
Rob.
And it doesn't say off. It either exists or doesn't.
if ( isset($_SERVER['HTTPS']) ) {
// Is using SSL
} else {
// Is NOT using SSL
}
--
Jim Lucas
Some men are born to greatness, some achieve greatness,
and some have greatness thrust upon them.
Twelfth Night, Act II, Scene V
by William Shakespeare
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] checking for and enforcing https
On Tue, Feb 26, 2008 at 11:12 AM, Jim Lucas [EMAIL PROTECTED] wrote:
And it doesn't say off. It either exists or doesn't.
if ( isset($_SERVER['HTTPS']) ) {
// Is using SSL
} else {
// Is NOT using SSL
}
Almost correct.
From http://php.net/reserved.variables :
'HTTPS'
Set to a non-empty value if the script was queried through the
HTTPS protocol. Note that when using ISAPI with IIS, the value will be
off if the request was not made through the HTTPS protocol.
--
/Dan
Daniel P. Brown
Senior Unix Geek
? while(1) { $me = $mind--; sleep(86400); } ?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] checking for and enforcing https
At 11:03 AM -0500 2/26/08, Robert Cummings wrote:
On Tue, 2008-02-26 at 10:57 -0500, Andrew Ballard wrote:
Am I misunderstanding you somewhere?
I don't think you are. I think Ted has been doing it the hard way... but
the lightbulb may have just gone on :)
Cheers,
Rob.
It's flickering -- sorry to be so dim.
At present, I use the actual directories (http/https) to determine if
the operation of the script is secure or not.
For scripts that don't collect sensitive date, I physically place in
the http directory. For scripts that do, I place in the https
directory.
That's the hard way, right?
Instead, I could place all my scripts where I want and then add
?php
if(!isset($_SERVER['HTTPS']) ) {
$url = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] :
$_SERVER['SERVER_NAME'];
header(Location:
https://.$url.$_SERVER['PHP_SELF'].?.$_SERVER['QUERY_STRING']);
exit;
}
?
at the beginning of each secure script -- is that correct?
But the redirect still requires a script to be in the https
directory, does it not?
Thanks,
tedd
--
---
http://sperling.com http://ancientstones.com http://earthstones.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] checking for and enforcing https
On Tue, Feb 26, 2008 at 11:54 AM, tedd [EMAIL PROTECTED] wrote:
At 11:03 AM -0500 2/26/08, Robert Cummings wrote:
On Tue, 2008-02-26 at 10:57 -0500, Andrew Ballard wrote:
Am I misunderstanding you somewhere?
I don't think you are. I think Ted has been doing it the hard way... but
the lightbulb may have just gone on :)
Cheers,
Rob.
It's flickering -- sorry to be so dim.
At present, I use the actual directories (http/https) to determine if
the operation of the script is secure or not.
For scripts that don't collect sensitive date, I physically place in
the http directory. For scripts that do, I place in the https
directory.
That's the hard way, right?
Instead, I could place all my scripts where I want and then add
?php
if(!isset($_SERVER['HTTPS']) ) {
$url = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] :
$_SERVER['SERVER_NAME'];
header(Location:
https://.$url.$_SERVER['PHP_SELF'].?.$_SERVER['QUERY_STRING']);
exit;
}
?
at the beginning of each secure script -- is that correct?
But the redirect still requires a script to be in the https
directory, does it not?
No, it doesn't. Any of your scripts can be in any folder you wish. All
the redirect does is add the 's' to the http protocol at the beginning
of the URL so that the browser knows to encrypt any data it sends and
decrypt any data it receives. I guess you could probably configure
your server so that all content served from your https directory must
use SSL, but then you are just moving the check from PHP to the web
server.
Andrew
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] checking for and enforcing https
On Tue, Feb 26, 2008 at 11:54 AM, tedd [EMAIL PROTECTED] wrote:
At present, I use the actual directories (http/https) to determine if
the operation of the script is secure or not.
You also hijack other people's threads. No-no, Tedd! *slaps hand*
For scripts that don't collect sensitive date, I physically place in
the http directory. For scripts that do, I place in the https
directory.
Not every server configuration has separate directories for secure
and non-secure differentiation. For example, log into your php1.net
account on my server.
That's the hard way, right?
Instead, I could place all my scripts where I want and then add
?php
if(!isset($_SERVER['HTTPS']) ) {
$url = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] :
$_SERVER['SERVER_NAME'];
header(Location:
https://.$url.$_SERVER['PHP_SELF'].?.$_SERVER['QUERY_STRING']);
exit;
}
?
at the beginning of each secure script -- is that correct?
I would still at least use the port 80/443 example that I provided
as a backup for portability.
Also, keep in mind that all $_SERVER Superglobals were only
introduced in 4.1.0. Any scripts written before that (and any old
versions of PHP) should be using $HTTP_SERVER_VARS.
But the redirect still requires a script to be in the https
directory, does it not?
That depends solely on the server configuration. Check with your sysop.
--
/Dan
Daniel P. Brown
Senior Unix Geek
? while(1) { $me = $mind--; sleep(86400); } ?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] checking for and enforcing https
Most of my ISP's setup their servers to pull from the same base path for
both secure forms and non-secure forms, and I use something similar to below
to enforce the right one is being used. One of the benefits of doing this
is I can imbed the same images and graphics by using the same business path
for them and only changing the protocol (https). Most browsers will
complain if you imbed http images in a https form.
I think this technique of a form enforcing it's own protocol is more
reliable that struggling with different paths imbedded things like images.
In fact, if a form is entered using the wrong protocol, I'll issue a
redirect to correct things.
HTH,
Warren Vail
-Original Message-
From: Daniel Brown [mailto:[EMAIL PROTECTED]
Sent: Tuesday, February 26, 2008 9:11 AM
To: tedd
Cc: PHP General list
Subject: Re: [PHP] checking for and enforcing https
On Tue, Feb 26, 2008 at 11:54 AM, tedd [EMAIL PROTECTED] wrote:
At present, I use the actual directories (http/https) to determine if
the operation of the script is secure or not.
You also hijack other people's threads. No-no, Tedd! *slaps hand*
For scripts that don't collect sensitive date, I physically place in
the http directory. For scripts that do, I place in the https
directory.
Not every server configuration has separate directories for secure
and non-secure differentiation. For example, log into your php1.net
account on my server.
That's the hard way, right?
Instead, I could place all my scripts where I want and then add
?php
if(!isset($_SERVER['HTTPS']) ) {
$url = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] :
$_SERVER['SERVER_NAME'];
header(Location:
https://.$url.$_SERVER['PHP_SELF'].?.$_SERVER['QUERY_STRING']);
exit;
}
?
at the beginning of each secure script -- is that correct?
I would still at least use the port 80/443 example that I provided
as a backup for portability.
Also, keep in mind that all $_SERVER Superglobals were only
introduced in 4.1.0. Any scripts written before that (and any old
versions of PHP) should be using $HTTP_SERVER_VARS.
But the redirect still requires a script to be in the https
directory, does it not?
That depends solely on the server configuration. Check with your
sysop.
--
/Dan
Daniel P. Brown
Senior Unix Geek
? while(1) { $me = $mind--; sleep(86400); } ?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] checking for and enforcing https
At 12:10 PM -0500 2/26/08, Daniel Brown wrote: On Tue, Feb 26, 2008 at 11:54 AM, tedd [EMAIL PROTECTED] wrote: At present, I use the actual directories (http/https) to determine if the operation of the script is secure or not. You also hijack other people's threads. No-no, Tedd! *slaps hand* It's a related hijack. And, it's hijacked (grammar police). At 9:51 AM -0800 2/26/08, Warren Vail wrote: Most of my ISP's setup their servers to pull from the same base path for both secure forms and non-secure forms, and I use something similar to below to enforce the right one is being used. One of the benefits of doing this is I can imbed the same images and graphics by using the same business path for them and only changing the protocol (https). Most browsers will complain if you imbed http images in a https form. You guys rock! You gave me a different perspective of what http and https is. I was thinking it was an inherited directory thing when it's actually a protocol that can be declared regardless of where the scripts are located. Mondo cool -- and that also solves the image problem I ran into some time ago. Thanks everyone. tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] checking for and enforcing https
On Tue, Feb 26, 2008 at 1:11 PM, tedd [EMAIL PROTECTED] wrote:
At 12:10 PM -0500 2/26/08, Daniel Brown wrote:
On Tue, Feb 26, 2008 at 11:54 AM, tedd [EMAIL PROTECTED] wrote:
At present, I use the actual directories (http/https) to determine if
the operation of the script is secure or not.
You also hijack other people's threads. No-no, Tedd! *slaps hand*
It's a related hijack. And, it's hijacked (grammar police).
Check your tense, Mr. Sperling. You said, At present, I use,
which sets the tense for my You also hijack statement. Grammar
Rent-A-Cop. ;-P
At 9:51 AM -0800 2/26/08, Warren Vail wrote:
Most of my ISP's setup their servers to pull from the same base path for
both secure forms and non-secure forms, and I use something similar to below
to enforce the right one is being used. One of the benefits of doing this
is I can imbed the same images and graphics by using the same business path
for them and only changing the protocol (https). Most browsers will
complain if you imbed http images in a https form.
And rightly they should! Any embedded images, Flash movies,
scripts, frames, references, or objects can sniff the wire with
minimal manipulation. As a proof of concept back in 2005 (which still
works today), I modified an image to be used on MySpace which is able
to grab personal information and redirect to http://www.gfy.com/. And
no, that's not short for Goofy.com even though he is the best
cartoon character ever. The problem is, there's nothing MySpace (or
any site in which the graphic is displayed) can do about it, short of
disabling all remote src= calls.
Thus, even locally, all things should be encrypted when sent on an
SSL connection. If not, why bother encrypting anything at all? A
house is only as secure as the strength of the glass in the windows.
On Tue, Feb 26, 2008 at 1:11 PM, tedd [EMAIL PROTECTED] wrote:
You guys rock!
Damn straight.
You gave me a different perspective of what http and https is. I was
thinking it was an inherited directory thing when it's actually a
protocol that can be declared regardless of where the scripts are
located.
It's fun to learn, 'cause knowledge is power! ;-P
---*
The More You Know!
--
/Dan
Daniel P. Brown
Senior Unix Geek
? while(1) { $me = $mind--; sleep(86400); } ?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] checking for and enforcing https
At 1:27 PM -0500 2/26/08, Daniel Brown wrote: It's fun to learn, 'cause knowledge is power! ;-P ---* The More You Know! Yes, as the ads say A mind is a terrible thing... Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] checking for and enforcing https
Andrew Ballard wrote:
On Tue, Feb 26, 2008 at 11:54 AM, tedd [EMAIL PROTECTED] wrote:
At 11:03 AM -0500 2/26/08, Robert Cummings wrote:
On Tue, 2008-02-26 at 10:57 -0500, Andrew Ballard wrote:
Am I misunderstanding you somewhere?
I don't think you are. I think Ted has been doing it the hard way... but
the lightbulb may have just gone on :)
Cheers,
Rob.
It's flickering -- sorry to be so dim.
At present, I use the actual directories (http/https) to determine if
the operation of the script is secure or not.
For scripts that don't collect sensitive date, I physically place in
the http directory. For scripts that do, I place in the https
directory.
That's the hard way, right?
Instead, I could place all my scripts where I want and then add
?php
if(!isset($_SERVER['HTTPS']) ) {
$url = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] :
$_SERVER['SERVER_NAME'];
header(Location:
https://.$url.$_SERVER['PHP_SELF'].?.$_SERVER['QUERY_STRING']);
exit;
}
?
at the beginning of each secure script -- is that correct?
But the redirect still requires a script to be in the https
directory, does it not?
No, it doesn't. Any of your scripts can be in any folder you wish. All
the redirect does is add the 's' to the http protocol at the beginning
of the URL so that the browser knows to encrypt any data it sends and
decrypt any data it receives. I guess you could probably configure
your server so that all content served from your https directory must
use SSL, but then you are just moving the check from PHP to the web
server.
Andrew
When most people talk about a http and https directory, they are most
likely talking about the common convention in shared hosting especially
on Apache where your account will have a httpdocs/ and a httpsdocs/
directory or similar. Apache sets the docroot depending upon what
protocol is used http or https. It seems fairly common.
In some control panels you have the option of serving secure and
non-secure content from the same directory. Then you would need to
enforce this yourself within the script or rewrite rule, etc...
-Shawn
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] checking for and enforcing https
On Tue, Feb 26, 2008 at 4:06 PM, Shawn McKenzie [EMAIL PROTECTED] wrote:
Andrew Ballard wrote:
On Tue, Feb 26, 2008 at 11:54 AM, tedd [EMAIL PROTECTED] wrote:
At 11:03 AM -0500 2/26/08, Robert Cummings wrote:
On Tue, 2008-02-26 at 10:57 -0500, Andrew Ballard wrote:
Am I misunderstanding you somewhere?
I don't think you are. I think Ted has been doing it the hard way... but
the lightbulb may have just gone on :)
Cheers,
Rob.
It's flickering -- sorry to be so dim.
At present, I use the actual directories (http/https) to determine if
the operation of the script is secure or not.
For scripts that don't collect sensitive date, I physically place in
the http directory. For scripts that do, I place in the https
directory.
That's the hard way, right?
Instead, I could place all my scripts where I want and then add
?php
if(!isset($_SERVER['HTTPS']) ) {
$url = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] :
$_SERVER['SERVER_NAME'];
header(Location:
https://.$url.$_SERVER['PHP_SELF'].?.$_SERVER['QUERY_STRING']);
exit;
}
?
at the beginning of each secure script -- is that correct?
But the redirect still requires a script to be in the https
directory, does it not?
No, it doesn't. Any of your scripts can be in any folder you wish. All
the redirect does is add the 's' to the http protocol at the beginning
of the URL so that the browser knows to encrypt any data it sends and
decrypt any data it receives. I guess you could probably configure
your server so that all content served from your https directory must
use SSL, but then you are just moving the check from PHP to the web
server.
Andrew
When most people talk about a http and https directory, they are most
likely talking about the common convention in shared hosting especially
on Apache where your account will have a httpdocs/ and a httpsdocs/
directory or similar. Apache sets the docroot depending upon what
protocol is used http or https. It seems fairly common.
In some control panels you have the option of serving secure and
non-secure content from the same directory. Then you would need to
enforce this yourself within the script or rewrite rule, etc...
-Shawn
Learn something new every day. I haven't used SSL on the few sites I
do on Apache, so I've never seen that. They just offer the ability to
install SSL certificates (or use their own SSL address rather than
your own domain name) and both sites just point to the root web
folder.
Andrew
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] checking for and enforcing https
On Tue, Feb 26, 2008 at 4:06 PM, Shawn McKenzie [EMAIL PROTECTED] wrote:
When most people talk about a http and https directory, they are most
likely talking about the common convention in shared hosting especially
on Apache where your account will have a httpdocs/ and a httpsdocs/
directory or similar. Apache sets the docroot depending upon what
protocol is used http or https. It seems fairly common.
That's not Apache-centric though. It's based upon the layout of
the operating system or control panel architecture, and it's not
really all too common. I believe Plesk and Helm may use it, but by
default (and in cPanel), your web files will normally go to
~/public_html/ for everything, and then HTTPS/SSL connections simply
encrypt everything served from there when called, as opposed to
non-encrypted content-serving on standard HTTP.
Of course, getting into that is a completely different discussion
from the post made by the OP whom, as it appears, gave up and took
off when Tedd *hijacked* his thread. ;-P
--
/Dan
Daniel P. Brown
Senior Unix Geek
? while(1) { $me = $mind--; sleep(86400); } ?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] checking for and enforcing https
On Tue, Feb 26, 2008 at 04:46:38PM -0500, Daniel Brown wrote: Of course, getting into that is a completely different discussion from the post made by the OP whom, as it appears, gave up and took off when Tedd *hijacked* his thread. ;-P No, I've been reading all the posts and have learned and implemented. Works great. I've had nothing to add although I've been somewhat annoyed by the excessive quoting. -- The most important thing in life is not simply to capitalize on your gains. Any fool can do that. The important thing is to profit from your losses. That requires intelligence, and makes the difference between a man of sense and a fool. -- Dale Carnegie Rick Pasotto[EMAIL PROTECTED]http://www.niof.net -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] checking for and enforcing https
On Tue, Feb 26, 2008 at 5:39 PM, Rick Pasotto [EMAIL PROTECTED] wrote:
I've had nothing to add although I've been somewhat annoyed by the
excessive quoting.
That's probably on the fault of people like myself who use Gmail.
It hides the quoted text automatically, so we don't even see the
jumbled mess unless we purposely look for it. I do my best to trim my
posts down, but I'm sure I'm guilty of quoting messages to a size of
Biblical proportions.
--
/Dan
Daniel P. Brown
Senior Unix Geek
? while(1) { $me = $mind--; sleep(86400); } ?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] checking for and enforcing https
At 5:39 PM -0500 2/26/08, Rick Pasotto wrote: I've had nothing to add although I've been somewhat annoyed by the excessive quoting. -- The most important thing in life is not simply to capitalize on your gains. Any fool can do that. The important thing is to profit from your losses. That requires intelligence, and makes the difference between a man of sense and a fool. -- Dale Carnegie Rick Pasotto[EMAIL PROTECTED]http://www.niof.net Yeah, that's a long quote. :-) Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] checking for and enforcing https
Date: Tue, 26 Feb 2008 17:39:13 -0500 From: [EMAIL PROTECTED] To: php-general@lists.php.net Subject: Re: [PHP] checking for and enforcing https On Tue, Feb 26, 2008 at 04:46:38PM -0500, Daniel Brown wrote: Of course, getting into that is a completely different discussion from the post made by the OP whom, as it appears, gave up and took off when Tedd *hijacked* his thread. ;-P No, I've been reading all the posts and have learned and implemented. Works great. I've had nothing to add although I've been somewhat annoyed by the excessive quoting. -- The most important thing in life is not simply to capitalize on your gains. Any fool can do that. The important thing is to profit from your losses. That requires intelligence, and makes the difference between a man of sense and a fool. -- Dale Carnegie Rick Pasotto[EMAIL PROTECTED]http://www.niof.net -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Now thats excessive quoting ;-) Bastien _ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Checking an array against user input?
On Wed, 2008-02-27 at 00:36 -0500, Keikonium wrote: Hello all, I am new to this news group, and figured this was the fastest way to get a good, helpful answer. Here is my problem: I have an array that I set up with numbers 00 thru 99. Now, I have some timestamps that look somewhat like this: [00:01:70] [00:06:50] [00:12:07] [00:15:04] [00:19:75] I am making a script that will convert them into this: [00:01.70] [00:06.50] [00:12.07] [00:15.04] [00:19.75] $newTimestamp = $oldTimestamp; $newTimestamp[5] = '.'; Cheers, Rob. -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Checking an array against user input?
Show me an example of actual text where you want to update the format.
Cheers,
Rob.
On Wed, 2008-02-27 at 01:42 -0500, Keikonium wrote:
I am a bit confused by your code, Rob. The timestamps will always change
(and have text after them) and that is what I am trying to take into
account. Perhaps having my entire code might be of more use:
html
head
titleLyrics Editor/title
?php
$letters = array(a, b, c, d, e, f, g, h, i, j, k, l,
m, n, o, p, q, r, s, t, u, v, w, x, y, z);
$lower = array(aint, i've, i'd, id , i''ll, ill , dont ,
i'm, im , i , ]a, ]b, ]c, ]d, ]e, ]f, ]g, ]h, ]i,
]j, ]k, ]l, ]m, ]n, ]o, ]p, ]q, ]r, ]s, ]t, ]u,
]v, ]w, ]x, ]y, ]z);
$upper = array(ain't, I've, I'd, I'd , I''ll, I'll , don't
, I'm, I'm , I , ]A, ]B, ]C, ]D, ]E, ]F, ]G, ]H,
]I, ]J, ]K, ]L, ]M, ]N, ]O, ]P, ]Q, ]R, ]S, ]T,
]U, ]V, ]W, ]X, ]Y, ]Z);
$nums = array(01, 02, 03, 04, 05, 06, 07, 08, 09, 10,
11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22,
23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34,
35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46,
47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58,
59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70,
71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82,
83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94,
95, 96, 97, 98, 99, 00);
$x = array_search($nums,$nums);
$format1 = array([$x:$x:$x], [$x:$x.$x]);
$format2 = array([$x:$x.$x], [$x:$x:$x]);
$textarea = '';
//
if (isset($_POST['uppercase']))
{
$textarea = $_POST['entry'];
$textarea = str_replace($lower, $upper, $_POST['entry']);
}
//
else if (isset($_POST['format1']))
{
$textarea = $_POST['entry'];
$textarea = str_replace($format1, $format2, $_POST['entry']);
}
//
else if (isset($_POST['format2']))
{
$textarea = $_POST['entry'];
$textarea = str_replace($format2, $format1, $_POST['entry']);
}
//
?
/head
body
FORM NAME =form1 METHOD =POST ACTION =lyricseditor.php
textarea name=entry cols=70 rows=20?PHP print
stripslashes($textarea); ?/textarea
pConvert first letter to uppercase: input type=submit
name=uppercase value=Convert.../p
pConvert to [xx:xx:xx] format: input type=submit name=format1
value=Convert.../p
pConvert to [xx:xx.xx] format: input type=submit name=format2
value=Convert.../p
/FORM
/body
/html
Robert Cummings [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
On Wed, 2008-02-27 at 00:36 -0500, Keikonium wrote:
Hello all,
I am new to this news group, and figured this was the fastest way to get
a
good, helpful answer. Here is my problem:
I have an array that I set up with numbers 00 thru 99. Now, I have some
timestamps that look somewhat like this:
[00:01:70]
[00:06:50]
[00:12:07]
[00:15:04]
[00:19:75]
I am making a script that will convert them into this:
[00:01.70]
[00:06.50]
[00:12.07]
[00:15.04]
[00:19.75]
$newTimestamp = $oldTimestamp;
$newTimestamp[5] = '.';
Cheers,
Rob.
--
..
| InterJinn Application Framework - http://www.interjinn.com |
::
| An application and templating framework for PHP. Boasting |
| a powerful, scalable system for accessing system services |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for |
| creating re-usable components quickly and easily. |
`'
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
..
| InterJinn Application Framework - http://www.interjinn.com |
::
| An application and templating framework for PHP. Boasting |
| a powerful, scalable system for accessing system services |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for |
| creating re-usable components quickly and easily. |
`'
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Checking an array against user input?
YE! That works perfectly ^_^. Thank you very much for helping out a PHP
noob lol.
Robert Cummings [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
On Wed, 2008-02-27 at 01:53 -0500, Keikonium wrote:
Here is an example of the text I want to update:
[01:19:23]And the city lit up the night
[01:21:04]With the green glow of the Camlin Hotel
[01:37:49][01:26:82]Ghosts are in the radio,
[01:42:13][01:31:53]They sing along, they sing along
[02:02:14]It's on and the ghosts in the radio
[02:05:80]Are singing along
?php
$text =
preg_replace(
'/\[([[:digit:]]{2}):([[:digit:]]{2}):([[:digit:]]{2})\]/ms',
'[\\1:\\2.\\3]', $text );
?
Cheers,
Rob.
--
..
| InterJinn Application Framework - http://www.interjinn.com |
::
| An application and templating framework for PHP. Boasting |
| a powerful, scalable system for accessing system services |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for |
| creating re-usable components quickly and easily. |
`'
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Checking an array against user input?
Here is an example of the text I want to update:
[01:19:23]And the city lit up the night
[01:21:04]With the green glow of the Camlin Hotel
[01:37:49][01:26:82]Ghosts are in the radio,
[01:42:13][01:31:53]They sing along, they sing along
[02:02:14]It's on and the ghosts in the radio
[02:05:80]Are singing along
Robert Cummings [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Show me an example of actual text where you want to update the format.
Cheers,
Rob.
On Wed, 2008-02-27 at 01:42 -0500, Keikonium wrote:
I am a bit confused by your code, Rob. The timestamps will always change
(and have text after them) and that is what I am trying to take into
account. Perhaps having my entire code might be of more use:
html
head
titleLyrics Editor/title
?php
$letters = array(a, b, c, d, e, f, g, h, i, j, k,
l,
m, n, o, p, q, r, s, t, u, v, w, x, y, z);
$lower = array(aint, i've, i'd, id , i''ll, ill , dont ,
i'm, im , i , ]a, ]b, ]c, ]d, ]e, ]f, ]g, ]h,
]i,
]j, ]k, ]l, ]m, ]n, ]o, ]p, ]q, ]r, ]s, ]t, ]u,
]v, ]w, ]x, ]y, ]z);
$upper = array(ain't, I've, I'd, I'd , I''ll, I'll ,
don't
, I'm, I'm , I , ]A, ]B, ]C, ]D, ]E, ]F, ]G, ]H,
]I, ]J, ]K, ]L, ]M, ]N, ]O, ]P, ]Q, ]R, ]S, ]T,
]U, ]V, ]W, ]X, ]Y, ]Z);
$nums = array(01, 02, 03, 04, 05, 06, 07, 08, 09, 10,
11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22,
23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34,
35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46,
47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58,
59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70,
71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82,
83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94,
95, 96, 97, 98, 99, 00);
$x = array_search($nums,$nums);
$format1 = array([$x:$x:$x], [$x:$x.$x]);
$format2 = array([$x:$x.$x], [$x:$x:$x]);
$textarea = '';
//
if (isset($_POST['uppercase']))
{
$textarea = $_POST['entry'];
$textarea = str_replace($lower, $upper, $_POST['entry']);
}
//
else if (isset($_POST['format1']))
{
$textarea = $_POST['entry'];
$textarea = str_replace($format1, $format2, $_POST['entry']);
}
//
else if (isset($_POST['format2']))
{
$textarea = $_POST['entry'];
$textarea = str_replace($format2, $format1, $_POST['entry']);
}
//
?
/head
body
FORM NAME =form1 METHOD =POST ACTION =lyricseditor.php
textarea name=entry cols=70 rows=20?PHP print
stripslashes($textarea); ?/textarea
pConvert first letter to uppercase: input type=submit
name=uppercase value=Convert.../p
pConvert to [xx:xx:xx] format: input type=submit name=format1
value=Convert.../p
pConvert to [xx:xx.xx] format: input type=submit name=format2
value=Convert.../p
/FORM
/body
/html
Robert Cummings [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
On Wed, 2008-02-27 at 00:36 -0500, Keikonium wrote:
Hello all,
I am new to this news group, and figured this was the fastest way to
get
a
good, helpful answer. Here is my problem:
I have an array that I set up with numbers 00 thru 99. Now, I have
some
timestamps that look somewhat like this:
[00:01:70]
[00:06:50]
[00:12:07]
[00:15:04]
[00:19:75]
I am making a script that will convert them into this:
[00:01.70]
[00:06.50]
[00:12.07]
[00:15.04]
[00:19.75]
$newTimestamp = $oldTimestamp;
$newTimestamp[5] = '.';
Cheers,
Rob.
--
..
| InterJinn Application Framework - http://www.interjinn.com |
::
| An application and templating framework for PHP. Boasting |
| a powerful, scalable system for accessing system services |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for |
| creating re-usable components quickly and easily. |
`'
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
..
| InterJinn Application Framework - http://www.interjinn.com |
::
| An application and templating framework for PHP. Boasting |
| a powerful, scalable system for accessing system services |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for |
| creating re-usable components quickly and easily. |
`'
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Checking an array against user input?
On Wed, 2008-02-27 at 01:53 -0500, Keikonium wrote:
Here is an example of the text I want to update:
[01:19:23]And the city lit up the night
[01:21:04]With the green glow of the Camlin Hotel
[01:37:49][01:26:82]Ghosts are in the radio,
[01:42:13][01:31:53]They sing along, they sing along
[02:02:14]It's on and the ghosts in the radio
[02:05:80]Are singing along
?php
$text =
preg_replace(
'/\[([[:digit:]]{2}):([[:digit:]]{2}):([[:digit:]]{2})\]/ms',
'[\\1:\\2.\\3]', $text );
?
Cheers,
Rob.
--
..
| InterJinn Application Framework - http://www.interjinn.com |
::
| An application and templating framework for PHP. Boasting |
| a powerful, scalable system for accessing system services |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for |
| creating re-usable components quickly and easily. |
`'
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Checking an array against user input?
I am a bit confused by your code, Rob. The timestamps will always change
(and have text after them) and that is what I am trying to take into
account. Perhaps having my entire code might be of more use:
html
head
titleLyrics Editor/title
?php
$letters = array(a, b, c, d, e, f, g, h, i, j, k, l,
m, n, o, p, q, r, s, t, u, v, w, x, y, z);
$lower = array(aint, i've, i'd, id , i''ll, ill , dont ,
i'm, im , i , ]a, ]b, ]c, ]d, ]e, ]f, ]g, ]h, ]i,
]j, ]k, ]l, ]m, ]n, ]o, ]p, ]q, ]r, ]s, ]t, ]u,
]v, ]w, ]x, ]y, ]z);
$upper = array(ain't, I've, I'd, I'd , I''ll, I'll , don't
, I'm, I'm , I , ]A, ]B, ]C, ]D, ]E, ]F, ]G, ]H,
]I, ]J, ]K, ]L, ]M, ]N, ]O, ]P, ]Q, ]R, ]S, ]T,
]U, ]V, ]W, ]X, ]Y, ]Z);
$nums = array(01, 02, 03, 04, 05, 06, 07, 08, 09, 10,
11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22,
23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34,
35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46,
47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58,
59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70,
71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82,
83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94,
95, 96, 97, 98, 99, 00);
$x = array_search($nums,$nums);
$format1 = array([$x:$x:$x], [$x:$x.$x]);
$format2 = array([$x:$x.$x], [$x:$x:$x]);
$textarea = '';
//
if (isset($_POST['uppercase']))
{
$textarea = $_POST['entry'];
$textarea = str_replace($lower, $upper, $_POST['entry']);
}
//
else if (isset($_POST['format1']))
{
$textarea = $_POST['entry'];
$textarea = str_replace($format1, $format2, $_POST['entry']);
}
//
else if (isset($_POST['format2']))
{
$textarea = $_POST['entry'];
$textarea = str_replace($format2, $format1, $_POST['entry']);
}
//
?
/head
body
FORM NAME =form1 METHOD =POST ACTION =lyricseditor.php
textarea name=entry cols=70 rows=20?PHP print
stripslashes($textarea); ?/textarea
pConvert first letter to uppercase: input type=submit
name=uppercase value=Convert.../p
pConvert to [xx:xx:xx] format: input type=submit name=format1
value=Convert.../p
pConvert to [xx:xx.xx] format: input type=submit name=format2
value=Convert.../p
/FORM
/body
/html
Robert Cummings [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
On Wed, 2008-02-27 at 00:36 -0500, Keikonium wrote:
Hello all,
I am new to this news group, and figured this was the fastest way to get
a
good, helpful answer. Here is my problem:
I have an array that I set up with numbers 00 thru 99. Now, I have some
timestamps that look somewhat like this:
[00:01:70]
[00:06:50]
[00:12:07]
[00:15:04]
[00:19:75]
I am making a script that will convert them into this:
[00:01.70]
[00:06.50]
[00:12.07]
[00:15.04]
[00:19.75]
$newTimestamp = $oldTimestamp;
$newTimestamp[5] = '.';
Cheers,
Rob.
--
..
| InterJinn Application Framework - http://www.interjinn.com |
::
| An application and templating framework for PHP. Boasting |
| a powerful, scalable system for accessing system services |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for |
| creating re-usable components quickly and easily. |
`'
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Checking an array against user input?
Keikonium wrote: I am a bit confused by your code, Rob. $newTimestamp = $oldTimestamp; $newTimestamp[5] = '.'; means make the 6th character (remember php is 0 based so the first character is index 0) a '.'. -- Postgresql php tutorials http://www.designmagick.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] checking for and enforcing https
Rick Pasotto wrote: What is the best or recomended proceedure for making sure that a page is accessed only via a secure connection? The guaranteed way is not serving it over an insecure connection. /Per Jessen, Zürich -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] checking for and enforcing https
Rick Pasotto [EMAIL PROTECTED] wrote: What is the best or recomended proceedure for making sure that a page is accessed only via a secure connection? Make the server only send over 443 instead of 80... But if you don't have the ability to change .htaccess or httpd.conf then you can use the $SERVER variables and make them work that way... Or you can cheat... $url = $_SERVER['SERVER_NAME']; header( 'Location:https://'.$url.''); Wolf -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] checking for and enforcing https
On Mon, Feb 25, 2008 at 1:40 PM, Rick Pasotto [EMAIL PROTECTED] wrote:
What is the best or recomended proceedure for making sure that a page is
accessed only via a secure connection?
Provided you're running SSL on the standard HTTPS port of 443,
include this at the very top of every file, before any output or
session information is sent. The best option would be to include it
in a file in a switched index.php or similar design.
?
if($_SERVER['SERVER_PORT'] != '443') {
$url = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] :
$_SERVER['SERVER_NAME'];
header(Location:
https://.$url.$_SERVER['PHP_SELF'].?.$_SERVER['QUERY_STRING']);
exit;
}
?
--
/Dan
Daniel P. Brown
Senior Unix Geek
? while(1) { $me = $mind--; sleep(86400); } ?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] checking for and enforcing https
Or you can cheat...
$url = $_SERVER['SERVER_NAME'];
header( 'Location:https://'.$url.'');
I think that would cause an infinite loop of redirection...
This would be better
?php
$curPort = $_SERVER['SERVER_PORT'];
$pageTo = $_SERVER['REQUEST_URI'];
if($curPort == 80) {
// go secure
header(location:https://www.domain.com$pageTo;);
exit;
}
?
--
Stephen Johnson c | eh
The Lone Coder
http://www.thelonecoder.com
continuing the struggle against bad code
http://www.fortheloveofgeeks.com
I¹m a geek and I¹m OK!
--
From: Wolf [EMAIL PROTECTED]
Date: Mon, 25 Feb 2008 13:55:41 -0500
To: Rick Pasotto [EMAIL PROTECTED]
Cc: php-general@lists.php.net
Subject: Re: [PHP] checking for and enforcing https
Rick Pasotto [EMAIL PROTECTED] wrote:
What is the best or recomended proceedure for making sure that a page is
accessed only via a secure connection?
Make the server only send over 443 instead of 80...
But if you don't have the ability to change .htaccess or httpd.conf then you
can use the $SERVER variables and make them work that way...
Wolf
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] checking for and enforcing https
Nope, it works like a charm for me, but I have it in an IF statement checking
to see if the requestor is https or not to begin with.
I actually have it called as a function that passes in the rest of the path of
the file that is being requested, which is called within an included page,
which is included via a function call in a page that is automagically
pre-pended to every page on the site.
And it works like a charm no matter where you are trying to hit it or how many
sites/links you move in an out of.
Wolf
Stephen Johnson [EMAIL PROTECTED] wrote:
Or you can cheat...
$url = $_SERVER['SERVER_NAME'];
header( 'Location:https://'.$url.'');
I think that would cause an infinite loop of redirection...
This would be better
?php
$curPort = $_SERVER['SERVER_PORT'];
$pageTo = $_SERVER['REQUEST_URI'];
if($curPort == 80) {
// go secure
header(location:https://www.domain.com$pageTo;);
exit;
}
?
--
Stephen Johnson c | eh
The Lone Coder
http://www.thelonecoder.com
continuing the struggle against bad code
http://www.fortheloveofgeeks.com
I¹m a geek and I¹m OK!
--
From: Wolf [EMAIL PROTECTED]
Date: Mon, 25 Feb 2008 13:55:41 -0500
To: Rick Pasotto [EMAIL PROTECTED]
Cc: php-general@lists.php.net
Subject: Re: [PHP] checking for and enforcing https
Rick Pasotto [EMAIL PROTECTED] wrote:
What is the best or recomended proceedure for making sure that a page is
accessed only via a secure connection?
Make the server only send over 443 instead of 80...
But if you don't have the ability to change .htaccess or httpd.conf then you
can use the $SERVER variables and make them work that way...
Wolf
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] checking for and enforcing https
Stephen Johnson [EMAIL PROTECTED] wrote:
Or you can cheat...
$url = $_SERVER['SERVER_NAME'];
header( 'Location:https://'.$url.'');
I think that would cause an infinite loop of redirection...
This would be better
?php
$curPort = $_SERVER['SERVER_PORT'];
$pageTo = $_SERVER['REQUEST_URI'];
if($curPort == 80) {
// go secure
header(location:https://www.domain.com$pageTo;);
exit;
}
?
Also realize, your code ONLY works if people use the standard ports...
With the way I have it check ($SERVER variables), then you eliminate that and
no matter what ports the server runs on, you get the correct switching you need.
Wolf
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] checking for and enforcing https
On 25 Feb 2008, at 18:40, Rick Pasotto wrote: What is the best or recomended proceedure for making sure that a page is accessed only via a secure connection? What web server are you using? In my experience this is best done there rather than in PHP. -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] checking for and enforcing https
OK.. I was referring to the lack of if checking on your post.. But I should have assumed that you did it that way. As long as your validating whether you are secure before you try and go secure is what I was getting at. Also, I agree on odd usage of port numbers, most of my stuff runs on standard ports, so I have never had any issues on that front. -- Stephen Johnson c | eh The Lone Coder http://www.thelonecoder.com continuing the struggle against bad code http://www.fortheloveofgeeks.com I¹m a geek and I¹m OK! -- From: Wolf [EMAIL PROTECTED] Date: Mon, 25 Feb 2008 14:26:12 -0500 To: Stephen Johnson [EMAIL PROTECTED] Cc: Rick Pasotto [EMAIL PROTECTED], php-general@lists.php.net Subject: Re: [PHP] checking for and enforcing https Nope, it works like a charm for me, but I have it in an IF statement checking to see if the requestor is https or not to begin with. I actually have it called as a function that passes in the rest of the path of the file that is being requested, which is called within an included page, which is included via a function call in a page that is automagically pre-pended to every page on the site. And it works like a charm no matter where you are trying to hit it or how many sites/links you move in an out of. Wolf -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] checking for and enforcing https
On Mon, Feb 25, 2008 at 2:09 PM, Daniel Brown [EMAIL PROTECTED] wrote:
?
if($_SERVER['SERVER_PORT'] != '443') {
$url = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] :
$_SERVER['SERVER_NAME'];
header(Location:
https://.$url.$_SERVER['PHP_SELF'].?.$_SERVER['QUERY_STRING']);
exit;
}
?
An alternative to this if you don't know the port would be to check
$_ENV[HTTPS] for off:
if ($_ENV[HTTPS] == off) ... [insert the rest of Daniel's code here]
--
-Dan Joseph
Build a man a fire, and he will be warm for the rest of the day.
Light a man on fire, and will be warm for the rest of his life.
Re: [PHP] checking user input of MM-DD-YYYY
I'm having users enter dates in MM-DD- format. is there a way to
check if what they have entered is invalid (like if they enter 1-15-2008
instead of 01-15-2008) ?
Something like this:
http://www.phpguru.org/date_preg/
?php
// Get this from where ever (format MM-DD-)
echo ($input = '01-02-2008') . 'br /br /';
$result = preg_match('/(\d{2})-(\d{2})-(\d{4})/', $input, $matches);
$date = $matches[2]; // Note month/date switched
$month = $matches[1]; // Note month/date switched
$year = $matches[3];
if (!$result) {
// Doesn't match...
}
echo Date: {$date}br /;
echo Month: {$month}br /;
echo Year: {$year}br /;
?
--
Richard Heyes
http://www.websupportsolutions.co.uk
Mailing list management service allowing you to reach your Customers
and increase your sales.
** NOW OFFERING FREE ACCOUNTS TO CHARITIES AND NON-PROFITS **
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] checking user input of MM-DD-YYYY
i think this ties into the thread tedd started a week or so ago about the best approach for collecting user data. it would be much easier to validate if there were 3 text input fields to collect the data, rather than 1, free-form field. -nathan
Re: [PHP] checking user input of MM-DD-YYYY
On 15/01/2008, Adam Williams [EMAIL PROTECTED] wrote: I'm having users enter dates in MM-DD- format. is there a way to check if what they have entered is invalid (like if they enter 1-15-2008 instead of 01-15-2008) ? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php You could use check boxes to make sure you get the right format first time and concatenate the results, or use strlen() to check there are enough characters and/or a regular expression.
Re: [PHP] checking user input of MM-DD-YYYY
On Jan 15, 2008 9:30 AM, Per Jessen [EMAIL PROTECTED] wrote: Adam Williams wrote: I'm having users enter dates in MM-DD- format. is there a way to check if what they have entered is invalid (like if they enter 1-15-2008 instead of 01-15-2008) ? A regular expression perhaps? you might also experiment w/ the date_parse() function. http://us3.php.net/manual/en/function.date-parse.php -nathan
Re: [PHP] checking user input of MM-DD-YYYY
Adam Williams wrote: I'm having users enter dates in MM-DD- format. is there a way to check if what they have entered is invalid (like if they enter 1-15-2008 instead of 01-15-2008) ? A regular expression perhaps? /Per Jessen, Zürich -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
