Hi,
If i use sid in the url , is it dangerous - can hackers gain info on
important variables storing username and passwords or is it save to use , if
not what should i do.
shaun
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[snip]
This string is offered to the visitor in a cookie, but if they refuse it,
PHP will just append it to the end of every URL automatically.
_IF_ PHP is compiled with enable-trans-sid and you have it turned on in
php.ini.
---John Holmes...
--
PHP General Mailing List
Hi Shaun,
If i use sid in the url , is it dangerous -
can hackers gain info on important variables
storing username and passwords or is it save
to use , if not what should i do.
Theoretically, if you guess or sniff someone's session ID, you can hijack
their session. That doesn't mean you
I will give it a try and let you know what the results where..
You could, on the page where it initially creates there session,
get there IP address and make that a session variable, then in
one of your include files which is called on every page, check to
see if the current users's IP match's the one of the $_SESSION[ip]
variable, if it doesn't, just stop
Robert Samuel White wrote:
I am having a hard time understanding one of the features of the xml
parser functions.
If the string I am parsing includes nbsp; or something similar, it
encounters an error. I've read the docs and I don't understand how to
have the parser process these. Any advice
While were on the subject, Is it possible/wise t register a person's session
id in you useraccess db when they log in then always assign them the same
id, then if the session has not expired the user will pick up vars stored
there..
Cheers
-Original Message-
From: Adam Voigt
Well I suppose you could, but I wouldn't. If your worried about someone
stealing someone's sid when they are using a random one, then having
a fixed one would be even worse in this respect since they only have
to get it once instead of every time the session is re-initiated.
Adam Voigt
[EMAIL
Unfortunately, in a real world situation, verifying IP address does
*NOT* work. On our sites we have the following:
-- AOL. Their outgoing IP isn't necessarily the same IP address
throughout the session. AOL assigns IP addresses as needed.
-- People behind web caching servers. HTTP can be
It's common for IP addresses to change while people are surfing. So you may
be needlessly kicking people out.
---John Holmes...
- Original Message -
From: Adam Voigt [EMAIL PROTECTED]
To: Shaun [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Thursday, October 24, 2002 9:01 AM
Subject: Re:
I am building a form that posts to itself.
I have the following to detect the submit button being clicked:
If($_POST[go] == add link)
I am getting a warning that says 'go' is undefined. How do I define
this?
Thanks,
Clint
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe,
Really? Your IP randomly changes when your surfing between say
yahoo.com and msn.com does it? While it is true that you can
force an IP change while your connected, I have not yet seen a
provider which randomly decides to change your IP address in the
middle of your surfing, if your talking about
-- AOL. Their outgoing IP isn't necessarily the same IP address
throughout the session. AOL assigns IP addresses as needed.
I have not seen it where AOL randomly shunts a new IP to a client,
but then again I don't get to many AOL users on the websites which use
these sessions, ofcourse of
You can just check for
if(isset($_POST['go']))
You don't really care what the value is since it's just a button.
---John Holmes...
- Original Message -
From: Clint Tredway [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, October 24, 2002 9:33 AM
Subject: [PHP] Var question
is go a variable that is passed via post? I guess yes but you get this
error without submitting yet.
There are three solutions:
1. Change your error reporting level to 55: error_reporting(55). This
will stop warning your undefined variables.
2. Prefix the variable with an at-mark:
Really? Your IP randomly changes when your surfing between say
yahoo.com and msn.com does it?
Does mine? No. Can it change with other people? Yes...
I have been using an extra IP check in our sessions on a website
which get's somewhere in the area of 500,000 unique hits a month
and we have
Thanks guys..
I am moving away from ColdFusion to PHP and so I still forget about the
isset() function.
-Original Message-
From: 1LT John W. Holmes [mailto:holmes072000;charter.net]
Sent: Thursday, October 24, 2002 8:53 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: [PHP] Var
Maybe they aren't complaining. Maybe they don't know why it's happening, if
it is. If a 99% solution is good enough for you, then use it. It really
doesn't matter to me.
A 99% solution is what I strive to get, between javascript and CSS
incompatibilty's between browsers, all kinds of HTML,
Hi People,
I'm having problems with the dba extension.
An application I've written using db2 is working beautifully on my
machine, but due to various reasons, the machine it's supposed to work on
can have anything but db2 as the database backend.
I've tried gdbm, ndbm and db3, and they all have
Really? Your IP randomly changes when your surfing between say
yahoo.com and msn.com does it? While it is true that you can
force an IP change while your connected, I have not yet seen a
Mine doesn't because it's fixed. But for the reasons I stated in my
previous email, it may for someone
You can use register_shutdown_function().
Giles Constant wrote:
Hi People,
I'm having problems with the dba extension.
An application I've written using db2 is working beautifully on my
machine, but due to various reasons, the machine it's supposed to work on
can have anything but db2 as the
Maybe they aren't complaining. Maybe they don't know why it's happening,
if
it is. If a 99% solution is good enough for you, then use it. It really
doesn't matter to me.
A 99% solution is what I strive to get, between javascript and CSS
incompatibilty's between browsers, all kinds of
Hi to all (again ;-)
I need one or more PHP functions to handle a form input.
i.e. you write: [EMAIL PROTECTED]
I have to check that after the '@' comes 'test.com'. I think this is easy,
Any help on this ?
regards in advance...
f.
--
PHP General Mailing List (http://www.php.net/)
To
I tend to have the text as raw as possible... that way I can style the
content, apply a layout to it, etc etc over and over again without effecting
the content.
To use a well used term, separate content from presentation.
But, if you want bold, italics, paragraphs, headings, etc, then yes, some
Half of them are paying users, trust me, if there was a problem,
they would complain, god knows they do about every tiny comma
missing in the text, etc.
On Thu, 2002-10-24 at 10:06, Jaime Bozza wrote:
Really? Your IP randomly changes when your surfing between say
yahoo.com and msn.com does
Francisco Vaucher [EMAIL PROTECTED] wrote in message
news:3B966ABC166BAF47ACBF4639003B11AC848AE7;exchange.adtarg.com...
Hi to all (again ;-)
I need one or more PHP functions to handle a form input.
i.e. you write: [EMAIL PROTECTED]
I have to check that after the '@' comes 'test.com'. I
I agree with Jaime. The problems are out there, and documented. The fact
that you haven't had complaints isn't really a good argument for. AOL (and
many large ISP's) users' IP address can and will change from request to
request... grab an AOL account for a month and try it for yourself. I did.
... and a further note. In many corporations/schools, the entire network is
behind a firewall, hence using only one IP address for 10's or 1000's of
users. Depending on how you rely on IP address', this could also be a
problem.
Just say no to IP address' :)
Justin
--
PHP General Mailing
I have not seen it where AOL randomly shunts a new IP to a client,
but then again I don't get to many AOL users on the websites which use
these sessions, ofcourse of those who do, none have ever complained
about there session being lost.
It doesn't always happen, but I think AOL's IP timeout
Yes, overall, a 99% solution is all we can hope for. But all I'm saying is
why even check the IP address? What added security does this give you?
The hard part is hijacking the session ID. If you can figure out someone's
session ID, then I'm pretty sure it wouldn't be hard to figure out
I need to build a PHP extension that also talks to parts of the MacOS X
API/frameworks. I could build simple, generic extensions in gcc, but
for OS X APIs, I need to use something a bit bigger.
Can anybody give me any tips of how to build PHP extensions in
CodeWarrior or ProjectBuilder on MacOS
Well whatever, it works for me just fine, I have haven't had a single
complaint of session's being dropped from the site, with a great number
of customers who live to complain and are on many diverse networks
and configurations. Thats the end of what I'm going to say about it, and
I'm just going
Well, what you really trying to do? Validate the format of an email
address? If so, what you really should be doing is looking for an existing
library of code which validates email address formats against the RFC
standard.
phpclasses.org is bound to have some, but I really like this one:
A 99% solution is what I strive to get, between javascript
and CSS incompatibilty's between browsers, all kinds of HTML,
table and form tags looking different between systems, and
everything else which breaks design compatibility between the
two, the programming side, having the IP check
Can anyone point me in the right direction for packaging multiple
files together for a single download? Something like tar and gzip combo
is what I'm looking for, but I need something that wouldn't work on
multiple platforms (Windows, Mac 8,9,X). Something like creating a zip
file would be
Ok, so basically, what you are saying is:
do it yourself, or use other programms to do it for you.
The basic layout is IN the database!
I understand the way you might do it in xml, with e.g. a text element that
includes paragraph elements that might include bold elements etc.
I thought people
Yes I know, but what I need is to check after the @.
I think that regexp it's going to work fine. Erwin wrote something that i
think it's going to work.
Thanks!
-Mensaje original-
De: Justin French [mailto:justin;indent.com.au]
Enviado el: jueves, 24 de octubre de 2002 11:29
Para:
Look at the user notes on the man page for zip
http://www.php.net/manual/en/ref.zip.php, there are several solutions
there
-Original Message-
From: Brent Baisley [mailto:brent;landover.com]
Sent: Thursday, October 24, 2002 10:30 AM
To: php-gen
Subject: [PHP] Packaging files for
The point of doing it is, even if someone gets your SID, they
can't just paste it on to the URL because they don't have the
IP that matches that session, so when they go to that page,
your include file detects this, and stops them.
Definitely a problem. Which is why I recommend multiple
that'll do it.. cheers :-)
--
Giles Constant, Systems Programmer
Hyperlink Interactive
http://www.hyperlink-interactive.co.uk
On Thu, 24 Oct 2002, Marek Kilimajer wrote:
You can use register_shutdown_function().
Giles Constant wrote:
Hi People,
I'm having problems with the dba
I think my problem lies in the php.ini file. What should my include_path be
set to in my php.ini file??
Whenever I try and include anything I get the error message below.
Prachait Saxena [EMAIL PROTECTED] wrote in message
news:20021023212920.66050.qmail;pb1.pair.com...
Hello Paul
Fine tell
If you are trying to just validate the email you might also try to the email
validation function that php.net uses. You can get it in the CSV area of
the site.
_
/ Joshua Minnie\
++---+
| Wild Web Technology
?
// this is main
$foo = 'bar';
test();
test2();
function test() {
global $foo;
echo foo is $foobr;
}
function test2() {
echo foo is {$GLOBALS['foo']}br;
}
?
Kirk
Some have eluded to this but I haven't seen a working
example. I would like
to declare globals in my main script and
You either need to:
1) Set multiple cookies for each index:
setCookie('session[foo]'...)
setCookie('session[bar]'...)
2) Serialize/unserialize your array.
setCookie('session', serialize($session_array) );
$session = unserialize($_COOKIE['session']);
-js
Tom Woody wrote:
Did a google and
Hi, I wrote a simple page that tries to enter a string into a LDAP server.
I get the following error:
Warning: LDAP: add operation could not be completed. in
/var/www/html/user/adduser_p.php on line 65
Where in my log files can I go to look for more detailed info on that error,
I don't know if I
Hello, I know XP (argh...)
Anyways, I written a script where a user can upload a gif or jpeg and then I
email it to an email address. Now, everything works fine, the reciever can
view the attachments in Squirell Mail, Outlook Express, and Outlook (both
are Office 2000 versions). But under outlook
Hi guys I'm a little confused on how sessions work. ok I use session_start(); to get
started I know that but then the manual starts to confuse me with all of the garbled
text about passing the SID. How do I tell if it was compiled with transparent SID
passing?
Also I'm not sure how to use
I'm trying to register a session for a poll by first opening the session
(session_start()), then registering it like this:
$_SESSION['voted'] = yes;
Problem is, when I check to see if the session is there:
if(isset($_SESSION['voted']))
I have it load up a page containing the poll
Hey there,
I have around 50 checkboxes on an HTML form. Their value is 1. So,
when a user check the box, then no problem -- the value returned by the
form is 1 and I can enter that into my SQL database.
HOWEVER...
If the user does not check the box, I'm in trouble, because the value
does not
Actually that wouldn't work becuase if you tested this you would have
noticed that no name or value at all is passed for a checkbox or radio
button that is not checked.
input type=checkbox name=a value=1
input type=checkbox name=b value=1 checked
input type=checkbox name=c value=1 checked
In
One way you could do it is to put a hidden input before each checkbox with
the same name as the checkbox and set the value to 0.
This works because PHP will process all input fields in order overwriting
previous ones if it comes accross one with the same name..
eg..
input type=hidden name=one
Just add zero to the variables in your processing script...
ie...
$var_1 += 0;
$var_2 += 0;
That way if they are set to one, no difference. if they are set to
then they become zero.
It's worked for me in the past.
On Thu, 24 Oct 2002, Paul Kaiser wrote:
Hey there,
I have around 50
Hello,
On 10/24/2002 04:19 PM, Bobby wrote:
Hello, I know XP (argh...)
Anyways, I written a script where a user can upload a gif or jpeg and then I
email it to an email address. Now, everything works fine, the reciever can
view the attachments in Squirell Mail, Outlook Express, and Outlook (both
Hi-ya all, here's a quickie...
In my script I create a directory (mysql.backup.timestamp/) within a
directory called backup/.
I use the function mkdir(mysql.backup.timestamp, 0777); and it shows
the permissions
as after the function executes:
drx--t 2 nobodydaemon1024
If they're the only input in the form, you could do something like:
foreach($_GET as $key=$value){
if(!array_key_exists($key,$_GET)){
$_GET[$key] = 0;
}
}
//Subsitute $_POST for $_GET if it's a post form.
Paul Kaiser wrote:
Hey there,
I have around 50 checkboxes on an HTML form. Their value is
Hi all !
What I am missing?
I have script using IMAP function to open my mailbox- First I open the IMAP
using imap_open. After I read all my messages in my INBOX, up until now,
everything goes well. Now I want to open other folders and I can't.
I've trying these following functions:
-
Heya folks, not sure if this is more of a php question or an html question,
though I'm right now leaning towards a 50% php, 50% html, so I think this is
on topic still.
I have a form filled with checkboxes, each representing one of the 50
states. A user can check as many states as they want,
you need brackets, so when php initializes the variables, it knows to make
the variable state an array.
name=state[]
-Matias
James Taylor [EMAIL PROTECTED] wrote in message
news:DOEJIAGJHJHPBFMLOGOFKEJNCDAA.jtx;hatesville.com...
Heya folks, not sure if this is more of a php question or an
why don't you use the session_register(voted) function. Then if you want
to check it
you can use the session_is_registered(voted) .
-Matias
Stephen [EMAIL PROTECTED] wrote in message
news:000a01c27ba1$d8871e00$0200a8c0;melchior...
I'm trying to register a session for a poll by first opening the
Have a look through the articles and or tutorials that can be found on
phpbeginner.com and also phpbuilder.com they will give u a good place to
start learning about it all :)
-Original Message-
From: Bryan McLemore [mailto:Kaelten;worldnet.att.net]
Sent: Friday, 25 October 2002 2:19 AM
I'm trying to register a session for a poll by first opening the
session (session_start()), then registering it like this:
$_SESSION['voted'] = yes;
Problem is, when I check to see if the session is there:
if(isset($_SESSION['voted']))
I have it load up a page containing the poll
javascript.
and no, this isn't a php question :)
justin
on 25/10/02 2:04 AM, [EMAIL PROTECTED]
([EMAIL PROTECTED]) wrote:
Is there any way to have the client browser report what resolution it
currently uses?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit:
There are classes on phpclasses.org that attempt to do this. It's been
discussed MANY times before.
There are a couple of methods:
1. sessions -- count your active sessions
2. counters -- each time a page is acessed, log it with a time stamp...
after 30 seconds (or whatever you decide is enuff
That'd work nice for me too but I'm including a small table into the main
page toward the center. Forwarding them to the included page wouldn't work
in this case...
- Original Message -
From: Peter Houchin [EMAIL PROTECTED]
To: Stephen [EMAIL PROTECTED]; PHP List
[EMAIL PROTECTED]
Sent:
I recently switched my site from a server running PHP 4.0.1 to
a site using 4.2.1. Other than this the servers are identical, running
both the same
versions of redhat linux and apache.
Now however, I can no longer post to forms using HTTPS. It returns a
Page cannot be displayed error.
I have same troubles!!! I use php internet trade traffic system, and
10-20% of visitors lose their sessions data. Cut from logs:
Remote address: ##
Referer: http://mydomain.com/
URI: /out.php?id=1PHPSESSID=235a91cef853e750a6b67a70375e7d88
User-agent: Mozilla/4.0 (compatible; MSIE 5.5;
Hello,
I have a newsletter script with a very (going to be I hope) cool skinning system. One
part is creating a new skin and to do so, it needs to create a directory to hold the
template files in. How exactly can this be done?
Thanks,
Stephen Craton
http://www.melchior.us
What is supposed to be in the session? Maybe these users are just
denying cookies?
---John Holmes...
-Original Message-
From: Victor Soroka [mailto:vs240;yahoo.com]
Sent: Thursday, October 24, 2002 10:08 AM
To: [EMAIL PROTECTED]
Subject: [PHP] Re: PHP Session register variable not
mkdir()
-Original Message-
From: Stephen [mailto:webmaster;melchior.us]
Sent: Thursday, October 24, 2002 8:41 PM
To: PHP List
Subject: [PHP] Creating Directories
Hello,
I have a newsletter script with a very (going to be I hope) cool
skinning
system. One part is creating a new
Add [] to name of variable
tdinput type=checkbox name=state[] value=1nbsp;nbsp;Alabama/td
- Original Message -
From: James Taylor [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, October 24, 2002 6:05 PM
Subject: [PHP] processing form checkboxes
Heya folks, not sure if
Put square brackets behine the nameie
input type=checkbox name=state[] value=1
James Taylor wrote:
Heya folks, not sure if this is more of a php question or an html question,
though I'm right now leaning towards a 50% php, 50% html, so I think this is
on topic still.
I have a form
I don't know if it will solve your problem, but you may want to set the
session variable to a boolean (true | false)
$_SESSION['voted'] = true;
Stephen wrote:
I'm trying to register a session for a poll by first opening the session (session_start()), then registering it like this:
Depending on the size and current format, you may want
to import everything into the CMS. Might work well for
searching etc.
I recently converted our companies static website
(11,000 pages - we're a magazine publisher) to a mysql
database. Tough work, but not as gruelling as it
sounds. I wrote a
Doesn't work. It returned the same as what I put in: What's Up Doc?
-Shawn
Maxim Maletsky [EMAIL PROTECTED] wrote in message
news:20021024122630.4E99.MAXIM;php.net...
Use a regular expression like:
$str = ereg_replce(/[^[:alnum:]]/i, '', $str);
--
Maxim Maletsky
[EMAIL PROTECTED]
close but preg_replace(/[^[:print:]]/,'',$str); is what you want.
The below would work but typo'ed ... ereg_replce should be ereg_replace
Also..that is just A-Za-z0-9 ... many OS's allow punctation also...[:print:]
will cover this.
Now only if php supported [:control:] and [:graph:] :)
Thanks, the ereg_replace example didn't work for me (even after fixing the
typo). A-Za-z0-9 is fine for my needs, replacing them with .
What is your preg_replace allowing?
Thanks!
Shawn
Peter Mr. Eps Thoenen [EMAIL PROTECTED] wrote in
message
This is a more general server question: I know that having a large number of
files in one folder can slow down a web server, but, how many would it take
for this to be a problem? Wondering if I should store all articles for a
content site in one big 'articles' folder with each article having it's
Hi guys I'm a little confused on how sessions work. ok I use session_start(); to get
started I know that but then the manual starts to confuse me with all of the garbled
text about passing the SID. How do I tell if it was compiled with transparent SID
passing?
Also I'm not sure how to use
I read in here once or twice that it's worth worrying about at the 1000's
mark, not 100's.
However, hashing them into years (/2002/), or categories (/sports/), or
alphabetically (/a/, /b/, /c/), or by author might prove beneficial froma
content management point of view. Then logical end choice
have a look on phpbeginner there is a couple of articles/tutorials that
explain this also look at previous posts :)
-Original Message-
From: Bryan McLemore [mailto:Kaelten;worldnet.att.net]
Sent: Friday, 25 October 2002 6:39 AM
To: PHP - General
Subject: [PHP] Sessions help Please
Why not store them in a database with one php script selecting them?
Monty wrote:
This is a more general server question: I know that having a large number of
files in one folder can slow down a web server, but, how many would it take
for this to be a problem? Wondering if I should store all
on 25/10/02 6:38 AM, Bryan McLemore ([EMAIL PROTECTED]) wrote:
Hi guys I'm a little confused on how sessions work. ok I use
session_start(); to get started I know that but then the manual starts to
confuse me with all of the garbled text about passing the SID. How do I tell
if it was
Hi olinux
I wonder how to do that :)
i mean converting static pages to database driven web site.
looking for your comments sugessions / code
Tariq
olinux wrote:
Depending on the size and current format, you may want
to import everything into the CMS. Might work well for
searching etc.
I
Hello list,
I am writing a php script to fetch a html page and verify its content which
generated by a remote cgi program. The special cgi program generates endless
content to the http client. Therefore, I need to figure out a solution for
curl to fetch part of the html source code(In fact, I
I'm devastated to hear that extract($_POST) or extract($_GET) are security
risks because that's the method I went with for a bunch of scripts I'm
writing now. But I don't understand how this...
$admin = $_POST['admin'];
... is more secure? Isn't the security risk that they can hijack your
I'm storing the article text and details in a database, but, all the assets
(these articles have lots of photos) need to be organized into folders. So
logically I want to create a folder for each article using the article ID
number. But I want to be sure if I have within the Article folder about
I would strongly suggest using Apache 1.3.x and the associated existing
php rpms that are out there. Apache2+PHP is not a stable combination at
this point.
-Rasmus
On Thu, 24 Oct 2002, php user wrote:
Hi, I am having a difficult time compiling php-4.2.3 DSO with Apache 2 on a
RedHat 8.0. I
Hey there all
Im sure that someone out there can answer this question..
I have a problem, how can I print each element in an array so that is
returned into a table?
eg
table width=100%
th width=25% nowrap
Test1
/th
th width=25% nowrap
Test2
/th
th width=25% nowrap
Test3
/th
th width=25%
Test4
Hello,
Chris Grigor [EMAIL PROTECTED] wrote:
Hey there all
Im sure that someone out there can answer this question..
I have a problem, how can I print each element in an array so that is
returned into a table?
First, make sure that you have your tr/tr's in the proper places.
Then, make
Thanks to everyone for the help.
For those interested, I have posted the final code below. It functions
beautifully with one exception: the resized image quality is rather poor. I
am now reading through the php manual and newsgroups for a solution, but if
anyone knows how to handle this it would
You might want to check out netpbm. I've seen that it makes better quality
thumbnails.
Plus, you can include it in your package (if appropriate) and people that
don't have GD installed can use it.
---John Holmes...
- Original Message -
From: Rankin, Randy [EMAIL PROTECTED]
To: [EMAIL
91 matches
Mail list logo