php-general Digest 5 Aug 2006 18:25:34 -0000 Issue 4276
Topics (messages 240180 through 240187):
PayPal's PHP SDK on Windows
240180 by: s2j1j1b0
240182 by: Peter Lauri
240183 by: Paul Scott
Re: Problem with wrapper script for Tidy
240181 by: Frank Arensmeier
Sending data to persistent process stdin
240184 by: Ville Mattila
240187 by: Stut
Re: php behind firewall
240185 by: tedd
Re: PHP Frameworks - Opinion
240186 by: Tony Marston
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
php-general@lists.php.net
----------------------------------------------------------------------
--- Begin Message ---
I'm trying to get PayPal's PHP SDK
running on Windows. After running install.php, I get the following error:
"The PayPal SDK requires curl with SSL support"
How do I fix this?
--
View this message in context:
http://www.nabble.com/PayPal%27s-PHP-SDK-on-Windows-tf2054950.html#a5661901
Sent from the PHP - General forum at Nabble.com.
--- End Message ---
--- Begin Message ---
Hi,
Try www.php.net/curl
/Peter
-----Original Message-----
From: s2j1j1b0 [mailto:[EMAIL PROTECTED]
Sent: Saturday, August 05, 2006 1:51 PM
To: php-general@lists.php.net
Subject: [PHP] PayPal's PHP SDK on Windows
I'm trying to get PayPal's PHP SDK
running on Windows. After running install.php, I get the following error:
"The PayPal SDK requires curl with SSL support"
How do I fix this?
--
View this message in context:
http://www.nabble.com/PayPal%27s-PHP-SDK-on-Windows-tf2054950.html#a5661901
Sent from the PHP - General forum at Nabble.com.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
On Fri, 2006-08-04 at 23:50 -0700, s2j1j1b0 wrote:
> "The PayPal SDK requires curl with SSL support"
>
> How do I fix this?
You do what it says, install and configure cURL with SSL support. cURL
releases binaries for your OS at http://curl.haxx.se/ AFAIK they will
have a precompiled binary with SSL support built in. All that is left
after that is to enable curl as an extension in php.ini
;extension=curl.dll or something like that...
You just need to uncomment that line and restart your webserver.
HTH
--Paul
All Email originating from UWC is covered by disclaimer
http://www.uwc.ac.za/portal/uwc2006/content/mail_disclaimer/index.htm
--- End Message ---
--- Begin Message ---
Thank you Richard. I will test that (piping the output). Regarding my
concerns about "rubbing security" by not validating the included
code, I actually meant that the script does not validate where the
included PHP script is coming from. Could someone set the
environmental variable $_SERVER('PATH_TRANSLATED') from outside, so
to say? Or is there no reason to be worried?
/frank
4 aug 2006 kl. 22.22 skrev Richard Lynch:
Did you try to use "-" as the file and pipe the output?...
That might work...
As far as the Tidy not validating the included PHP, I'm not sure what
you mean, but I don't see this making the PHP code any less secure
than it was before you wrapped Tidy around it...
On Fri, August 4, 2006 6:21 am, Frank Arensmeier wrote:
Hello.
Since my ISP does not provide the tidy module for Apache, I tested
writing a wrapper script for a locally installed tidy binary. In
general, the script is triggered by a modification to the .htaccess
file like so:
AddHandler server-parsed .php
Action server-parsed /tidy_wrapper.php5
All php pages are by that means "treated" by the script
tidy_wrapper.php5.
Here is the code for tidy_wrapper.php5:
<?php
chdir ( dirname ( $_SERVER['PATH_TRANSLATED'] ) );
ob_start();
include ( $_SERVER['PATH_TRANSLATED'] );
$output = ob_get_contents();
ob_end_clean();
// Including a line with the commend "<!-- NO TIDY !-->" will turn
off tidy conversion
if ( !stristr ( $output, "<!-- NO TIDY !-->" ) ) {
$localfile = tempnam ( '../tmp', "tmp" );
$handle = fopen($localfile, "w");
fwrite($handle, $output);
fclose($handle);
$command = '/Library/WebServer/CGI-Executables/tidy -iq --show-
errors 0 --show-warnings 0 -wrap 100 ' . $localfile . ' 2>&1';
exec ( $command, $output_exec );
echo implode ( "\n", $output_exec );
unlink ( $localfile );
} else {
echo $output;
}
exit;
?>
Although the script is actually working fine, there is at least one
downside: speed. As you can see, the output buffer must be written to
a file in order to be processed by tidy. I was not able to get tidy
to accept a string for processing. Doing so, tidy throws en error. I
have looked through tidy documentation without finding any clues. I
would appreciate any hints. Any ideas for a walk-around for that file
saving-thing would be welcome!
Otherwise, I strongly feel that this script might become/be a
security hole. Because it does not validate the included PHP code, it
could be misused for doing bad stuff, or am I wrong? Once more, any
suggestions are welcome.
regards,
/frank
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
Like Music?
http://l-i-e.com/artists.htm
----------------------------------
Frank Arensmeier
Marketing Support & Webmaster
NIKE Hydraulics AB
Box 1107
631 80 Eskilstuna
Sweden
phone +46 - (0)16 16 82 34
fax +46 - (0)16 13 93 16
[EMAIL PROTECTED]
www.nikehydraulics.se
--- End Message ---
--- Begin Message ---
Hello readers,
I have been thinking of making a simple web-based interface to control
my media center box (running debian linux). Being a bit enthustiatic, I
thought I could use some generic tools for playing media files and write
the whole UI by my own.
I found mpg123 program that can be run in "remote mode" (mpg123 -R) so
that playback can be controlled via stdin. Writing "LOAD <mp3 file>" to
the stdin will begin output, "PAUSE" will stop it and so on.
How could I use PHP and its process functions to send something to stdin
of a persistent process? I would like to run mpg123 only once,
whichafter a few PHP scripts would send data and proper commands to its
stdin. Maybe a kind of daemon process would be needed? Anyway, sending
data to a daemon can be problematic... Maybe a kind of socket wrapper?
Well - I have no experience about socket functions of PHP...
Tips and tricks are welcome, or should I just go to the local hi-tech
market and by a CD player LOL :D
Thanks,
Ville
--- End Message ---
--- Begin Message ---
Ville Mattila wrote:
> How could I use PHP and its process functions to send something to stdin
> of a persistent process? I would like to run mpg123 only once,
> whichafter a few PHP scripts would send data and proper commands to its
> stdin. Maybe a kind of daemon process would be needed? Anyway, sending
> data to a daemon can be problematic... Maybe a kind of socket wrapper?
> Well - I have no experience about socket functions of PHP...
>
> Tips and tricks are welcome, or should I just go to the local hi-tech
> market and by a CD player LOL :D
I would probably approach this in one of two ways.
1) Find out how to create a named pipe and start mpg123 to take its
input from that named pipe. Your PHP scripts can then write commands to
that pipe.
2) Write a daemon that starts mpg123 and listens on a local socket. Your
PHP scripts send commands to that socket and the daemon passes them to
the running mpg123.
IMHO option 1 would be a lot more stable than option 2, but both should
work quite well.
-Stut
--- End Message ---
--- Begin Message ---
At 3:37 PM -0500 8/4/06, Richard Lynch wrote:
> http://www.caida.org/publications/papers/2005/fingerprinting/
Just to be pedantic...
It's using the clock skew of the user's computer, and I don't think
that has anything to do with PC-NIC-CABLE-FIREWALL combination
communication.
Rather, it is the error margin of the internal clock chip within the
device, as I understand it...
Or not, as I don't claim to understand that article 100%...
Richard:
As I read it, and I don't claim to understand the article 100%
either, it's more than the margin of error of the internal clock, but
rather how the user's computer responds do to the skew -- the timing
in sending packets of information to a server.
The fingerprint is not instant, but derived from the performance of
the computer over time. The more information gathered, the more
unique the fingerprint becomes. A sort of stacking (sum) of the
events to increase the fold (confidence) and as a result, computer
respond times fall into different identifiable groups.
Any temporal series of data can be thought of as a waveform that can
be analyzed via a FFT, as they mention in their article and add that
the FFT may not be a solution. However, they fail to acknowledge that
a time series can be analyzed via many different techniques other
than FFT.
However, barring that, they have posed an interesting idea (but not
proved) that every computer currently made can be identified by the
way it responds -- each computer is unique.
Their sample size was relatively small, several hundred computers,
and the time to distinguish individual computers took several hours.
If their technique was applied to net, I would think it would take a
great deal of time (perhaps prohibitively so) to gather enough data
to clearly distinguish and identify individual computers visiting a
server. On the other hand, a set visiting a specific server would be
much smaller than the entire net-set.
In any event, the confidence level for identifying each computer
would depend upon how many times the user's computer visited the site
in question, which in the real world would lead to a vast range of
confidence levels.
IF their claim is true and IF they could cut the analysis time
required, then the ramifications of the technique could be
significant in terms of Internet security, spam, law enforcement,
software registrations, and so on.
The article presents a possible answer for those wanting to uniquely
identify computers -- kind of an unintended built-in V chip for
computers.
Interesting research.
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--- End Message ---
--- Begin Message ---
"Robert Cummings" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> On Fri, 2006-08-04 at 17:23 -0300, Manuel Lemos wrote:
>> Hello,
>>
>> on 08/03/2006 02:53 PM Robert Cummings said the following:
>> >>> The main thing in Manual's post that got me writing this in the first
>> >>> place was :
>> >>>
>> >>> "Imagine if there would be only one PDBC (JDBC for PHP). Instead of
>> >>> that
>> >>> we have a never ending choice of PHP database abstraction layers that
>> >>> does not help newcoming developers that are lost and don't know what
>> >>> to
>> >>> use."
>> >> I admit I have not expressed myself clearly. What I meant is not that
>> >> people should be disallowed to implement alternative APIs, but rather
>> >> that they should not feel the need to do it.
>> >
>> > I think you may be missing the point. Many people probably don't feel
>> > the "need" to create an alternative API, they may just feel the desire
>> > to do so. It's a great way to practice your skills, and in the end, you
>> > have a nice API that meets your needs.
>>
>> I do not think many people want to reinvent the wheel. Only those that
>> feel forced to do it, because the alternatives are insufficient, will do
>> it, only if they feel capable of doing it.
>>
>> If there were consensual API specifications like in Java world, very few
>> people would feel forced to reinvent the wheel.
>
> I beg to differ. I think a good number of people really enjoy
> re-inventing the wheel :)
Also because some people don't like working with other people's square
wheels, or wheels designed for a pram when they want wheels for a racing
bike, or wheels that run in the wrong direction, or wheels that turn too
slowly, or wheels that need expensive tyres, or .... (the list is endless)
--
Tony Marston
http://www.tonymarston.net
http://www.radicore.org
--- End Message ---