php-general Digest 3 Dec 2006 15:58:36 -0000 Issue 4494
php-general Digest 3 Dec 2006 15:58:36 - Issue 4494 Topics (messages 245460 through 245465): Re: alternative method 245460 by: Richard Lynch Re: security and .htaccess 245461 by: Richard Lynch 245465 by: tedd Error in php doc? 245462 by: MS P 245463 by: Roman Neuhauser Re: problem with register globals on new server 245464 by: Tony Marston Administrivia: To subscribe to the digest, e-mail: [EMAIL PROTECTED] To unsubscribe from the digest, e-mail: [EMAIL PROTECTED] To post to the list, e-mail: php-general@lists.php.net -- ---BeginMessage--- The browser is not supposed to change that, unless you hard-link to http:// somewhere in your application. I don't guarantee no browser ever had a bug like that, but I never heard of such a bug. And there ain't no stopping a pesky user from taking the 's' out to see what happens... So you should be ready for that, and Do The Right Thing, whatever that might be for your application. On Sat, December 2, 2006 3:31 pm, Alain Roger wrote: Hi Richard, i already work on SSL also. basically, if $_SERVER['HTTPS'] is not setup to 'on', i redirect everything on the logon form window. I'm just scared about how SSL can be hold on between pages... for example : if on page index.php, SSL is activate. customer click on submit button and his redirected to main.php, i will redirect him with https:// in link, but does it keep SSL working ? will it not stop it for a while and restart it ? Alain On 12/2/06, Richard Lynch [EMAIL PROTECTED] wrote: On Sat, December 2, 2006 10:29 am, Alain Roger wrote: Based on phpsec.org documentation it is written (between lines) that GET and POST methods are still used but they are not the most secured (except if we take care for that). So, i would like to know which other methods are more secured that those 2. In addendum to Larry's post: You should also consider requiring SSL for any sensitive data, to protect it in its travels from their computer to your server. SSL is kind of like an armored truck on the information super-highway. It doesn't stop bank robbers (server hacks) or muggers (viruses on your users' computers), but the data is safe in transit between the two. -- Some people have a gift link here. Know what I want? I want you to buy a CD from some starving artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- Alain Windows XP SP2 PostgreSQL 8.1.4 Apache 2.0.58 PHP 5 -- Some people have a gift link here. Know what I want? I want you to buy a CD from some starving artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? ---End Message--- ---BeginMessage--- On Sat, December 2, 2006 3:35 pm, Alain Roger wrote: I'm working on .htaccess file for improving security. Based on documentation from PHPSEC.org, we should be able to store DB_USER login and DB_PASS password in some secret-stuff (for example) file, which should be located outside root of web document root. (for example in some /path_to_secret folder) I think .htaccess *is* the file being included... It might be possible to use Apache's . operator (I think it's . ) to suck in yet another file, outside the web root, so that a change to the rules about not serving up .ht* files would not matter to that file to be included... But you've strayed into the this is an Apache question realm pretty heavily... http://apache.org/ probably addresses this somewhere, one way or the other, if you dig enough. -- Some people have a gift link here. Know what I want? I want you to buy a CD from some starving artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? ---End Message--- ---BeginMessage--- At 10:35 PM +0100 12/2/06, Alain Roger wrote: I'm working on .htaccess file for improving security. Based on documentation from PHPSEC.org, we should be able to store DB_USER login and DB_PASS password in some secret-stuff (for example) file, which should be located outside root of web document root. (for example in some /path_to_secret folder) The path_to_secret folder thing -- I have a question about. I'm working with what a host provides me and I've seen paths that I can traverse/access and paths in a .htpacess file that I can't. For example, in one site I see a .htaccess file that contains: AuthUserFile /home/admin/public_html/_vit_pvt/service.pwd But, the _vit_pvt folder is not apparent. I can't get to it -- is this a host file that only they can access, or is there a secret handshake I need to get to it, or what? Thanks. tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com ---End Message--- ---BeginMessage--- Hi. There seems to be a minor error in the page http://www.php.net/manual/en/features.file-upload.php. In Example 38-2 Validating file uploads,
php-general Digest 4 Dec 2006 07:54:00 -0000 Issue 4495
php-general Digest 4 Dec 2006 07:54:00 - Issue 4495 Topics (messages 245466 through 245474): Random pictures - not twice 245466 by: Gustav Wiberg 245467 by: tg-php.gryffyndevelopment.com 245468 by: Gustav Wiberg Re: problem with register globals on new server 245469 by: Richard Lynch Re: Error in php doc? 245470 by: Richard Lynch Re: security and .htaccess 245471 by: Richard Lynch 245472 by: Anas Mughal 245473 by: Frank Reichenbacher Help me about audio stream... 245474 by: Le Phuoc Canh Administrivia: To subscribe to the digest, e-mail: [EMAIL PROTECTED] To unsubscribe from the digest, e-mail: [EMAIL PROTECTED] To post to the list, e-mail: php-general@lists.php.net -- ---BeginMessage--- Hi there! I have created a script the generates random pictures... ?php //Random pictures // $pictures[0] = bil1.gif; $pictures[1] = bil2.gif; $pictures[2] = bil3.gif; $pictures[3] = bil4.gif; for ($i=0;$i3;$i++) { $r = rand(0,3); ? pnbsp;nbsp;img src=?php echo $pictures[$r];?/p ?php } ? With this above script the same picture can be shown twice. Is there any smart way of avoiding this without having to rely on cookies/sessionids? Best regards /Gustav Wiberg Stammis Internet - http://www.stammis.com/ - pedigrees on the net ---End Message--- ---BeginMessage--- Without using cookies or session information, you're going to go through your picture list faster depending on how many users are accessing the random pic page. If you don't make it user-specific, then it doesn't really matter if you go through the images sequentially.. it may appear random on the user end because other users are going to be grabbing sequential pics as well. If you want to stir the waters a bit, you could run them sequentially but randomize the sequence. This is what some music playlist programs do when you randomize a playlist. Instead of pulling a random song from the list and risking playing the same song back to back, it just shuffles the playlist and plays it sequentially. When you get to the end of your randomized list, you can re-shuffle it and start over. This gives some semblance of randomness. If you want to make sure each image gets its fair amount of time in the spotlight, you could keep track of how many times each image has been displayed. Having a database table with a list of all the image names and their 'served' count would let you weight your list a bit to give preference to the images that havn't been displayed that often. And if you want to give each user the total package, you can keep track of how many times each image was served to a specific user and weight your shuffling that way. I'm sure there are other ways, but there are just a few that may be viable for you, depending on the level of randomness per user you need. Let us know what solution you come up with. I'm sure others have had similar questions and just havn't asked. -TG = = = Original message = = = Hi there! I have created a script the generates random pictures... ?php //Random pictures // $pictures[0] = bil1.gif; $pictures[1] = bil2.gif; $pictures[2] = bil3.gif; $pictures[3] = bil4.gif; for ($i=0;$i3;$i++) $r = rand(0,3); ? pnbsp;nbsp;img src=?php echo $pictures[$r];?/p ?php ? With this above script the same picture can be shown twice. Is there any smart way of avoiding this without having to rely on cookies/sessionids? Best regards /Gustav Wiberg Stammis Internet - http://www.stammis.com/ - pedigrees on the net ___ Sent by ePrompter, the premier email notification software. Free download at http://www.ePrompter.com. ---End Message--- ---BeginMessage--- - Original Message - From: [EMAIL PROTECTED] To: php-general@lists.php.net Cc: [EMAIL PROTECTED] Sent: Sunday, December 03, 2006 11:52 PM Subject: Re: [PHP] Random pictures - not twice Without using cookies or session information, you're going to go through your picture list faster depending on how many users are accessing the random pic page. If you don't make it user-specific, then it doesn't really matter if you go through the images sequentially.. it may appear random on the user end because other users are going to be grabbing sequential pics as well. If you want to stir the waters a bit, you could run them sequentially but randomize the sequence. This is what some music playlist programs do when you randomize a playlist. Instead of pulling a random song from the list and risking playing the same song back to back, it just shuffles the playlist and plays it sequentially. When you get to the end of your randomized list, you can re-shuffle it and start over. This gives some semblance of randomness. If you want to make sure each image gets its fair amount of time in the spotlight, you