[PHP-DEV] Re: [PHP-CVS] cvs: php4 /ext/session mod_mm.c

[EMAIL PROTECTED] wrote: > Hello, > > On Wed, 6 Mar 2002, Yasuo Ohgaki wrote: > > >>yohgaki Wed Mar 6 01:29:43 2002 EDT >> >> Modified files: >>/php4/ext/session mod_mm.c >> Log: >> Make php start even with wrong save_path. >> > > It's rather see it fail he

[PHP-DEV] Re: [PHP-CVS] cvs: php4 /ext/session mod_mm.c

Hello, On Wed, 6 Mar 2002, Yasuo Ohgaki wrote: > yohgaki Wed Mar 6 01:29:43 2002 EDT > > Modified files: > /php4/ext/session mod_mm.c > Log: > Make php start even with wrong save_path. It's rather see it fail here, that way it is very obvious to the user

Re: [PHP-DEV] New Module

Well, so I'll try to port Crypto++ to my module, or make a new module out of it. First I'm adapting my php scripts to my new module. After that I'll begin to work on it, if anyone wants to join in, contact me. And where should I post my module to become public under PHP license in case anyone is

[PHP-DEV] Re: New function (repost from php-cvs)

Jim Winstead wrote: > Marcus Boerger <[EMAIL PROTECTED]> wrote: > >>what about a new function called strnlen str*n*len which will >>return the length of a string with a given maximum to avoid >>problems with strings not zero terminated. >> > > why not just use memchr()? > I agree. The code doe

Re: [PHP-DEV] New Module

Not yet, as it is still in the early, early stages. I need to get an idea as to how the class hierarchy is going to look first, and get used to working with Crypto++ (which seems quite easy -- I'm not having any major problems yet, although for the time being I'm just dealing with fixed-size

RE: [PHP-DEV] New Module

That's would be ideal. I've never worked with Crypto++ before or with heavy duty crypto libraries in general, and I was kind of delegated to take on the project at work, so I'm kind of stuck. And the only reason I started the project up was because libmcrypt/libmhash don't work too well unde

[PHP-DEV] Branching to PHP_4_2_0 (last warning :)

Hello again, in about 24 hours (22:00 GMT) we'll start branching to PHP_4_2_0, make sure you get your patches regarding new functionality in before that, or the RBM will get angry :) Happy hacking, Derick -- PHP Development Mailing List To unsubscribe, visit: http://w

Re: [PHP-DEV] Executing code with CLI without using a file

I agree that this functionality would be nice to have in CLI. I have tried to compile the code attached, but with no luck. Even after fixing obvious syntax errors, the compiled php just ignores passed string. > i just looked at the code for a possibility to extend CLI to execute code > without us

[PHP-DEV] cracklib under Windows

What's the status of cracklib support under windows? Has it even been attempted? Is anyone working on it? We're going to need to get it going, but I was wondering if anyone else has gotten started on this so that we could pool resources. Joseph -- PHP Development Mailing List

RE: [PHP-DEV] New Module

On Tue, 5 Mar 2002, Joseph Tate wrote: > Well, J Smith has mentioned Crypto++. I haven't looked into it, but that > sounds like a good little module as a substitute for mcrypt. If he truly is > working on a php extension using it, then it's purely acedemic to add it to > your module. IMO, if t

RE: [PHP-DEV] New Module

Well, J Smith has mentioned Crypto++. I haven't looked into it, but that sounds like a good little module as a substitute for mcrypt. If he truly is working on a php extension using it, then it's purely acedemic to add it to your module. > -Original Message- > From: Keyser Soze [mailto:

[PHP-DEV] Executing code with CLI without using a file

hi, i just looked at the code for a possibility to extend CLI to execute code without using files. For example: php -- 'echo "Hello World";' I saw that only files can be executed, so i had to pacth the following files: Zend/zend_compile.h: added new constant ZEND_HANDLE_STRING

Re: [PHP-DEV] New Module

I agree, so I think this module could be packaged with a default mycrypt library to make this easier Any idea? Keyser Soz - Original Message - From: "Joseph Tate" <[EMAIL PROTECTED]> To: "Keyser Soze" <[EMAIL PROTECTED]>; "Brad Fisher" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Cc: <[EMA

RE: [PHP-DEV] New Module

What Brad is suggesting doesn't take away from your module, just makes it easier to use from php land. No need to write your own crypt functions in C, just write them in PHP and use them as callbacks. Of course leaving that option for advanced users is a good idea. I personally don't think that

Re: [PHP-DEV] cli version and shell useability

On Tue, 5 Mar 2002, Marcus Börger wrote: > From my point of view both are necessary to make php a widely > accepted shell script language. Also i would appreciate --help to > show up with version and supported switches. php -h does that for you already. Derick > > marcus > > to make > > At

Re: [PHP-DEV] New Module

but that's what my module is meant for Keyser Soze - Original Message - From: "Brad Fisher" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Tuesday, March 05, 2002 3:03 PM Subject: Re: [PHP-DEV] New Module > > J Smith wrote: > > > I hesitate to mention this be

Re: [PHP-DEV] New Module

> loadable module? Something like: > > bool crypto_register_algorithm(string name, function &crypt, function > &decrypt) Actually after thinking about it a bit more, why not: bool crypto_register_algorithm(string name, function &crypt_decrypt) > > Then crypt and decrypt could have functio

Re: [PHP-DEV] New Module

J Smith wrote: > I hesitate to mention this because I don't want to get stuck in a corner > here, but I've been working on and off on a PHP encryption extension for > precisely the reasons you mention. I'm using Crypto++, a public ... This sounds to me like one of the better ways to do it. Jus

Re: [PHP-DEV] New Module

With this module you can store any configuration, you simply make an associative array with them and pass to cfg_set like this: $conf[name] = "my name"; $conf[myconf] = "i need this to bet set"; $conf[otherconf] = "anything i want it to be"; cfg_set("myconffile",$conf); and when you run $c

Re: [PHP-DEV] New Module

sorry...the correct name is my_crypt and my_decrypt - Original Message - From: "Jim Segrave" <[EMAIL PROTECTED]> To: "Keyser Soze" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Tuesday, March 05, 2002 2:44 PM Subject: Re: [PHP-DEV] New Module > On Tue 05 Mar 20

RE: [PHP-DEV] New Module

I agree that there should be a better way to store db connection data and such in PHP. Since php scripts have to be readable by a webserver, that usually makes them readable to the users on the box. Not necessarily, but it requires custom setup to have it otherwise, and unless you have a true ac

Re: [PHP-DEV] New Module

--- J Smith <[EMAIL PROTECTED]> wrote: > I have no idea of how much longer I'll be working on the extension > as I > have a ton of other stuff to do, but I'll keep plugging away at it. > No idea > what kind of timeframe I'm looking at, or even if I'll finish it, > just > thought I'd mention tha

Re: [PHP-DEV] New Module

On Tue 05 Mar 2002 (14:39 -0300), Keyser Soze wrote: > with my module you can use any crypt method you want, just need to make a > shared library with the name libmycrypt.so (in linux, didn´t make the > windows port yet) > > with the functions (char *)crypt(char *) and (char *) decrypt(char *) >

Re: [PHP-DEV] Re: Function to retrieve headers for message/rfc822 attachments

I was trying to keep the naming consistent with the naming of the functions in the c-client lib. The actual c-client function called is mail_fetch_header, so it became imap_fetch_header. It seems to be the general way in which the original imap module developers named their functions. But, I

Re: [PHP-DEV] New Module

with my module you can use any crypt method you want, just need to make a shared library with the name libmycrypt.so (in linux, didn´t make the windows port yet) with the functions (char *)crypt(char *) and (char *) decrypt(char *) so it can be customized with some limitations Keyser Soze ---

Re: [PHP-DEV] New Module

I hesitate to mention this because I don't want to get stuck in a corner here, but I've been working on and off on a PHP encryption extension for precisely the reasons you mention. I'm using Crypto++, a public domain crypto library written in C++. A few months back, I was faced with a somewh

Re: [PHP-DEV] cli version and shell useability

In addition to Markus Fischer: Does the CLI version has the ability to execute code without . Assuming "-s --" as solution. -s to skip Is there a way to execute code from the command line AND process > stdin/stdout without using an external file with php code? > > Currently the only

RE: [PHP-DEV] PHP 4.1.2 Official Patch for Win32

This sounds like saying the same thing, but i'm working on having it compile now. James -- PHP Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP-DEV] PHP 4.1.2 Official Patch for Win32

Title: RE: [PHP-DEV] PHP 4.1.2 Official Patch for Win32 Check the list for Rasmus Lerdorf posting on this issue... Ray Hunter Firmware Engineer ENTERASYS NETWORKS -Original Message- From: Fabio De Martin [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 05, 2002 9:20 AM To: [EMAI

[PHP-DEV] PHP 4.1.2 Official Patch for Win32

Dear developers, Somebody really knows when the PHP 4.1.2 for Win32 OFFICIAL version will be available for download on PHP.net website? Regards, -- Fabio De Martin BASE64 Soluções em Tecnologia Telefone: 011.5507.2426 Celular: 011.9639.8990 The information in this e-mail and any attachments is

Re: [PHP-DEV] New Module

Not if the webserver is in another machine, he could have gained access to my system thru a security flaw in my webserver, one that doesn't have in my database server. And he just could create the script in a tempfolder and execute it if php is a cgi module, unless he has apache html write rights

Re: [PHP-DEV] New Module

--- Rasmus Lerdorf <[EMAIL PROTECTED]> wrote: > Why not just store them using crypt() or md5(). With one-way > encoding > like that nobody can steal the passwords, not even you. On some further research, md5() seems like a very reasonable alternative given that it is supported in multiple langua

Re: [PHP-DEV] New Module

How can you avoid that? Even if you use two-way encryption, the user is going to want to type in his unencrypted password, obviously, and you are going to have to encrypt it and compare that with the encrypted version stored in the DB. How is this different? -Rasmus On Tue, 5 Mar 2002, Keyser

Re: [PHP-DEV] New Module

Yes, but to check the password you should supply the plain text pass to md5 again and compare it with the encrypted one. That's what I'm trying to avoid. regards, Keyser Soze - Original Message - From: "Rasmus Lerdorf" <[EMAIL PROTECTED]> To: "Brent R. Matzelle" <[EMAIL PROTECTED]> Cc:

[PHP-DEV] CVS Account Request: samih

Translation of the manual into Finnish -- PHP Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] New Module

> it's much easier to detect a modification of a script instead of just a "cat > dbconf.php". no need to modify a script. if a hacker has access to your webserver, in most cases he will be able to access your db server too. if not, in case of your extension it shouldnt be hard for him creating a s

Re: [PHP-DEV] Re: [PHP-CVS] cvs: php4 / README.TESTING

On Tue, 2002-03-05 at 09:00, Yasuo Ohgaki wrote: > [EMAIL PROTECTED] wrote: > > > > Isn't it an idea just to modify the scripts so that it uses the cli > > version always? > > > > Stig changed so that make test uses cli sapi. > Edin said it wouldn't work, and it does not work for me also. > >

Re: [PHP-DEV] New Module

Why not just store them using crypt() or md5(). With one-way encoding like that nobody can steal the passwords, not even you. -Rasmus On Tue, 5 Mar 2002, Brent R. Matzelle wrote: > --- [EMAIL PROTECTED] wrote: > > Hey, > > > > why not simply use the mcrypt functions available in PHP? > > I wil

Re: [PHP-DEV] New Module

--- [EMAIL PROTECTED] wrote: > Hey, > > why not simply use the mcrypt functions available in PHP? I will tell you why. Mcrypt is nearly useless for developers like myself who develop PHP applications for both *NIX and win32 platforms. The mcrypt libraries are not distributed with the Windows b

Re: [PHP-DEV] New Module

it's much easier to detect a modification of a script instead of just a "cat dbconf.php". Keyser Soze Original Message- What stops the hacker from doing: $vars_db = cfg_get("db.cfg"); connect($conf[dbhost], $conf[dbname] , $conf[dbuser] , $conf[dbpass] ); print_r($conf); // or var_d

Re: [PHP-DEV] New Module

On Tue, 2002-03-05 at 13:14, Keyser Soze wrote: > this is different...the idea around this new module is that you won't have > any script in your server with your configurations in plain text, let me > show you another exemple: > > runonce.php: > /* This script will be only run once and then must

Re: [PHP-DEV] New Module

this is different...the idea around this new module is that you won't have any script in your server with your configurations in plain text, let me show you another exemple: runonce.php: /* This script will be only run once and then must be erased */ $conf[dbhost] = "10.10.60.1"; $conf[dbname] =

[PHP-DEV] CVS Account Request: thales

To help translating the manual to the Portuguese. Andi Gutmans said: "Please apply for a CVS account at http://www.php.net/cvs-php.php and we'll give you access. I suggest joining the [EMAIL PROTECTED] mailing list at the same time." -- PHP Development Mailing List To u

[PHP-DEV] HELP Using PHP with Apache (IAS Oracle)

Hi to all, Im trying to use Apache Web Server from IAS (Oracle) with PHP 4.1.1. in a Windows NT server. When I try to load the php modules, apache shows an error that said that I need to recompile Apache with the flag -EAPI. Somody know to do this? There ara another way to use these librarie

Re: [PHP-DEV] Re: [PHP-CVS] cvs: php4 / README.TESTING

On Tue, 5 Mar 2002, Yasuo Ohgaki wrote: > I guess you've already figure out, but anyway. > Edin mentioned in > > Delivered-To: mailing list [EMAIL PROTECTED] > To: "Stig Bakken" <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> > Subject: Re: [PHP-CVS] cvs: php4 /build rules.mk > From: [EMAIL PROTECTED] (

Re: [PHP-DEV] Re: [PHP-CVS] cvs: php4 / README.TESTING

[EMAIL PROTECTED] wrote: > On Tue, 5 Mar 2002, Yasuo Ohgaki wrote: >>Thanks for catching this. I should have fix this description for now. >>Test script does _NOT_ work with CLI SAPI's php binary. >> > > Yeah, but why doesn't it work? > I guess you've already figure out, but anyway. Edin mentio

[PHP-DEV] cli version and shell useability

Is there a way to execute code from the command line AND process stdin/stdout without using an external file with php code? Currently the only way of feeding code to the script (to my knowledge) is: echo '' | php >output or | php -f code.php >output Bu