php-general Digest 13 Jun 2008 13:43:20 -0000 Issue 5512
php-general Digest 13 Jun 2008 13:43:20 - Issue 5512 Topics (messages 275299 through 275324): Re: a questoin about the # char 275299 by: Daniel Brown 275300 by: DeadTOm 275302 by: Chris 275303 by: Robert Cummings 275305 by: Robert Cummings 275324 by: Daniel Brown Re: unlink oddity 275301 by: Chris Re: class? package? 275304 by: Shelley 275306 by: Shelley 275318 by: Iv Ray Re: PHP connection to external application 275307 by: hce 275311 by: Per Jessen 275315 by: Iv Ray Re: PHP code will not work 275308 by: Joseph Subida Problem with php execution and variables 275309 by: SenTnel Apache RewriteRule Help 275310 by: Miguel J. Jiménez Re: HTML 5 275312 by: Richard Heyes 275322 by: Eric Butera why are passwords stored encrypted in databases even when the data they protect is stored in the same database? 275313 by: Dietrich Bollmann 275314 by: Per Jessen 275317 by: M. Sokolewicz 275319 by: Dietrich Bollmann 275321 by: M. Sokolewicz Re: UK PHP Host/Developer Required 275316 by: Iv Ray PDF to images or something similar 275320 by: Ray Mckoy 275323 by: Per Jessen Administrivia: To subscribe to the digest, e-mail: [EMAIL PROTECTED] To unsubscribe from the digest, e-mail: [EMAIL PROTECTED] To post to the list, e-mail: [EMAIL PROTECTED] -- ---BeginMessage--- On Thu, Jun 12, 2008 at 8:18 PM, Sebastian Camino [EMAIL PROTECTED] wrote: Hello, I want to know what the # char does. On a website I was working at, I tried to open a file with a # in it's name and I got an error. So I'd really appreciate any help to know how to avoid the error and what does the character do. That's pretty vague there, Sebastian. What error are you getting? What operating system? How are you attempting to open the file? What is the file name? Details, man! ;-P -- /Daniel P. Brown Dedicated Servers - Intel 2.4GHz w/2TB bandwidth/mo. starting at just $59.99/mo. with no contract! Dedicated servers, VPS, and hosting from $2.50/mo. ---End Message--- ---BeginMessage--- Inside a php script the '#' denotes the beginning of a comment. I don't know that it has any use at all in the address line. What specifically is the error? I'd guess that php would ignore the rest of the line following the '#' and so this could generate any number of errors depending on what information is carried in the address and what that info is for. I'm not aware of any way to scan the address within php, this might need to be done with a proxy of some kind. If it can be done or if you can talk to the owner of the site you're trying to get the file from, you might try replacing the '#' with a '%23'. -Allen Hello, I want to know what the # char does. On a website I was working at, I tried to open a file with a # in it's name and I got an error. So I'd really appreciate any help to know how to avoid the error and what does the character do. Thanks a lot Sebastian ---End Message--- ---BeginMessage--- Sebastian Camino wrote: Hello, I want to know what the # char does. In a url it's an anchor tag (http://www.w3schools.com/HTML/html_links.asp). In php it's used to mark a comment. ?php # this is a comment and not executed. ? It means nothing specific in a filename. -- Postgresql php tutorials http://www.designmagick.com/ ---End Message--- ---BeginMessage--- On Fri, 2008-06-13 at 11:10 +1000, Chris wrote: Sebastian Camino wrote: Hello, I want to know what the # char does. In a url it's an anchor tag (http://www.w3schools.com/HTML/html_links.asp). In php it's used to mark a comment. ?php # this is a comment and not executed. ? It means nothing specific in a filename. CVS conflict?? :) Cheers, Rob. -- http://www.interjinn.com Application and Templating Framework for PHP ---End Message--- ---BeginMessage--- On Thu, 2008-06-12 at 22:03 -0400, Robert Cummings wrote: On Fri, 2008-06-13 at 11:10 +1000, Chris wrote: Sebastian Camino wrote: Hello, I want to know what the # char does. In a url it's an anchor tag (http://www.w3schools.com/HTML/html_links.asp). In php it's used to mark a comment. ?php # this is a comment and not executed. ? It means nothing specific in a filename. CVS conflict?? :) Actually, I should say... the backup file due to a CVS conflict or auto merge. Cheers, Rob. -- http://www.interjinn.com Application and Templating Framework for PHP ---End Message--- ---BeginMessage--- On Thu, Jun 12, 2008 at 10:05 PM, Robert Cummings [EMAIL PROTECTED] wrote: CVS conflict?? :) Actually, I should say... the backup file due to a CVS conflict or auto merge. Which is funny to see when you're editing a Vim-backup of a backed-up file and
Re: [PHP] PHP code will not work
Daniel Brown wrote: On Wed, Jun 11, 2008 at 11:51 PM, Joseph Subida [EMAIL PROTECTED] wrote: Hi. I am new to PHP. I found a tutorial that said to copy and paste the code into a .php document and open it in my browser: ?php echo $_SERVER['HTTP_USER_AGENT']; ? I'm pretty sure PHP is enabled on my computer. I've tested code such as: PHP is definitely on your system. [snip!] The error I get when I try ?php echo $_SERVER['HTTP_USER_AGENT']; ? is Parse error: syntax error, unexpected T_VARIABLE in /Library/WebServer/Documents/test.php on line 106 What is the code on lines 105 and 106 of test.php? If there's nothing on line 105, please send us the immediately-preceding code. 105: ?php 106: echo $_SERVER['HTTP_USER_AGENT']; 107: ? All the code before line 105 is code that I've been messing around with. I tried testing those three lines in its own file. But I still get the same error: Parse error: syntax error, unexpected T_VARIABLE in /Library/WebServer/Documents/error.php on line 2 By the way, a T_VARIABLE is just a variable --- anything beginning with a $dollar_sign. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Problem with php execution and variables
Hello! Im new to programing and this is the situation I have with a first level basic php tutorial: One of the samples uses a simple order form that submits to this page and is supposed to return the values entered on that form. This is the code not working: ? echo pYour order; // Start printing order echo date(jS F,H:i ); echo br; echo pThis is your order:; echo br; echo $actionqty. ActionScriptbr; echo $photoqty. Photoshopbr; echo $flashqty. Flash MXbr; ? The problem is that with this code my page does not shows the amounts entered in he form, but the tutorial works with the exact same code, then, the same tutorial showed another long way to do the same thing and is using this other code that works on my page: ? echo pYour order; // Start printing order echo date(jS F,H:i ); echo br; echo pThis is your order:; echo br; echo $HTTP_POST_VARS[actionqty]. ActionScriptbr; echo $HTTP_POST_VARS[photoqty]. Photoshopbr; echo $HTTP_POST_VARS[flashqty]. Photoshopbr; ? I want to use the short way, why doesn't work on my server? Do I have to set some settings in php configuration to be able to use php in the short format? Thanks ! -- View this message in context: http://www.nabble.com/Problem-with-php-execution-and-variables-tp17816172p17816172.html Sent from the PHP - General mailing list archive at Nabble.com. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Apache RewriteRule Help!!!!
Hi, I am having a little problem here, I have a .htaccess that looks thus: RewriteEngine on RewriteBase /INDEX RewriteRule ^(.*\.(log|sqlite))$ index.php [L] RewriteRule ^(.*\.(js|css|png|jpg|gif|xml))$ [L] RewriteRule ^(.*)$ index.php?m=$1 [L,QSA] When I type http://foo/INDEX/mp3; it goes [internally] to http://foo/INDEX/index.php?m=mp3;. Great so far... The problem is when I try to forbid access to http://foo/INDEX/index.php?m=mp3; for the user. I mean if the user types http://foo/INDEX/index.php?m=mp3; I want the apache to send a redirect code or something... I tried: RewriteCond %{IS_SUBREQ} false RewriteRule index.php - [L,NS,R=404] ...just below the line RewriteBase /INDEX but when I do this, it just redirect *always* even if I type http://foo/INDEX/mp3;. How can I make apache work fine with http://foo/INDEX/mp3; and redirect to an error page (or moved url or wahtever) with http://foo/INDEX/index.php?m=mp3; (from the client view) thanks for the help --- .-. | Miguel J. Jiménez | | Sector Público, ISOTROL S.A.| | [EMAIL PROTECTED] | :-: | KeyID 0xFFE63EC6 hkp://pgp.rediris.es:11371 | :-: | Edificio BLUENET, Avda. Isaac Newton nº3, 4ª planta.| | Parque Tecnológico Cartuja '93, 41092 Sevilla (ESP).| | Tlfn: +34 955 036 800 (ext.1805) - Fax: +34 955 036 849 | | http://www.isotrol.com | :-: | UTM ED-50 X:765205.09 Y:4144614.91 Huso: 29 | :-: | Me dijeron: 'instala Windows, se listo'; así que | | instalé primero Windows y luego fui listo y lo borré| | para instalar Linux| '-' signature.asc Description: PGP signature
Re: [PHP] PHP connection to external application
hce wrote: I am not certain if the msg_send / msg_receive in PHP can talk to the external C program msg_send / msg_receive as PHP and external C program are in different processes, different memory spaces. System V message queues are intended for just that; IPC = Inter Process Communication. (a) A simple way is if for every PHP request, it opens socket, sends a request and gets a response from the C server then closes the socket. It should work, but I am not sure: (i) if the open / close socket per request will cause delays and performance issues. They will cause both delays and performance issues. But whether these will matter for your use is a different question. The process you've describe (open,get,close) is no different to sending an email or getting a web-page. People send a lot of email and serve a lot of webpages without major performance issues :-) (ii) What is the maximum number concurrent requests in a PHP web application? That's up to your webserver - if it's big enough, you can serve a lot of concurrent requests. Will the maximum socket number / or port number (up to 2^16) be a bottleneck for large number of concurrent requests (hundred and thousands)? Probably not. (b) If for all PHP requests share only one socket to connect to the external C server, I am not sure if the PHP is able to do multiplex responses for each request as the PHP is stateless. PHP is stateless ?? PHP is a scripting language, not a protocol. Besides, it would take quite a bit of work to make your thousands of concurrent PHP requests share a single socket. /Per Jessen, Zürich -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: HTML 5
i suppose i put too much faith in the right hand nav on the w3cschools site =/ http://www.w3.org/ is the site to use for up to date standards. -- Richard Heyes Employ me: http://www.phpguru.org/cv ++ | Access SSH with a Windows mapped drive | |http://www.phpguru.org/sftpdrive| ++ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] why are passwords stored encrypted in databases even when the data they protect is stored in the same database?
Hi, As far as I remember, in all books I read about PHP and SQL, the password was stored in an encrypted form, even when all the data which should be protected by the password was stored in the same database. Can anybody tell me what is the motivation behind this approach? If somebody hacks the database, he has the data anyway; if he doesn't, he can't retrieve the password, encrypted or not. I am asking because I would like to implement a simple file server. A user would upload his files and get them listed on his user page. If he wants to allow some other person to download the file, he pushes a button beside the file entry in the listing and a page opens where he can enter the email of the other person. An email is send with the link where the file can be found and a password included... The person who asked me to write this file server wants everybody who to receive the same link together with the same password for the same file. In order to implement this approach, the password has to be stored somewhere... I thought about storing the password as it is in the database - but somehow wonder why this never was done in any of the books I read... By the way: in most cases, when pushing the I forgot my password button, an email with a user name and a link to activate the password is generated. Anybody who gets into the possession of the email could access the data... Should I rather send two emails, one with the link, one with the new password? Thanks for your help :) Dietrich -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] why are passwords stored encrypted in databases even when the data they protect is stored in the same database?
Dietrich Bollmann wrote: As far as I remember, in all books I read about PHP and SQL, the password was stored in an encrypted form, even when all the data which should be protected by the password was stored in the same database. Can anybody tell me what is the motivation behind this approach? The general idea is that only one person should have the password in clear text. If you store it as clear text, anyone who's got access to the database can read the password. The person who asked me to write this file server wants everybody who to receive the same link together with the same password for the same file. Well, if _lots_ of people have the password anyway, there's no need to be secretive about it :-) By the way: in most cases, when pushing the I forgot my password button, an email with a user name and a link to activate the password is generated. Anybody who gets into the possession of the email could access the data... Should I rather send two emails, one with the link, one with the new password? If you're _really_ converned about this, you send a new password by recorded/registered mail (Einschreiben). /Per Jessen, Zürich -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP connection to external application
hce wrote: Let me first describe the requirement more: The C program is a major business server I would not connect applications on low level. I would think of a web services type of interface - http request and xml response (Steven suggested, for example, SOAP - but it does not need to be that complicated). The has several benefits - a) Clearly defined, the web services gate will not be affected by changes in the C program. b) You can use the web services gate to plug not only your php application, but any other application that can (be made to) talk web services. c) The implementation of the php application, in this case, will be trivial, resulting in cheaper developers/development/maintenance/expansion. (ii) What is the maximum number concurrent requests in a PHP web application? Will the maximum socket number / or port number (up to 2^16) be a bottleneck for large number of concurrent requests (hundred and thousands)? Nobody can tell you this for your existing infrastructure. The only thing you can do is try and optimize. Iv -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] UK PHP Host/Developer Required
2. It's useful if the host company and the client keep the same office hours. If you have a hosting company with 9 to 5 office hours, you are dead, even if it is next door. Iv -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: why are passwords stored encrypted in databases even when the datathey protect is stored in the same database?
Dietrich Bollmann wrote: Hi, As far as I remember, in all books I read about PHP and SQL, the password was stored in an encrypted form, even when all the data which should be protected by the password was stored in the same database. Can anybody tell me what is the motivation behind this approach? If somebody hacks the database, he has the data anyway; if he doesn't, he can't retrieve the password, encrypted or not. I am asking because I would like to implement a simple file server. A user would upload his files and get them listed on his user page. If he wants to allow some other person to download the file, he pushes a button beside the file entry in the listing and a page opens where he can enter the email of the other person. An email is send with the link where the file can be found and a password included... The person who asked me to write this file server wants everybody who to receive the same link together with the same password for the same file. In order to implement this approach, the password has to be stored somewhere... I thought about storing the password as it is in the database - but somehow wonder why this never was done in any of the books I read... By the way: in most cases, when pushing the I forgot my password button, an email with a user name and a link to activate the password is generated. Anybody who gets into the possession of the email could access the data... Should I rather send two emails, one with the link, one with the new password? Thanks for your help :) Dietrich Assuming that noone will ever get direct access to your database or is able to access the password directly: there is no need for any type of encryption. However, people usually write code which may (and will most of the time) containt exploitable sections which might give a malicious user the ability to get a dump of the database. A password dump is always interesting, since it gives a LOT of information. People usually don't use 1 password per login, but rather have a standard password for most things. Now, if it were unprotected, the person getting the information can instantly log in as that user, or if he wants might even take over that person's identity in other places (rare, but it happens). If it were protected by encryption of some kind then it would first need to be decrypted to be usable (unless there is a designflaw which makes this unnecessery as has been the case in a few messageboards a few years ago). Now, you can either encrypt or hash your passwords. Hashes are one-way, encryption two-way. If the malicious user gets hold of a hash: he'll still not have anything useful in his hands. He might make a reverse lookup table and figure out the password from that (though there's an infinite number of possible inputs for each single [hash] output), but add a salt and don't put that in the database and the user has a low chance of ever finding out what it was. But, just as the malicious user can't figure out what the password was, neither can you: so goodby lost-password feature. Instead you'd have to regenerate a new password and send that over, or do some other fancy magic which doesn't involve sending the current password as-is, since you don't know it either. If you were to use encryption there, you could always decrypt it. If you have the key. Storing the key separately from the encrypted password would make this quite safe. enctpyed_string = (data + key), if you know neither the data nor the key, things get very tough. Because you know the key, you can figure out the password and make a forgot-password feature easily which sends out the actual password. But, because your key is publicly available (if your page has to use it, then it's automatically publicly available, maybe not easily, but a malicious user which managed to get hold of a full password table, could just aswell get hold of the key for the encryption)! Putting in neither, so just keeping the passwords in their plain form is safe. As long as noone _ever_ sees them. Guarantee that and you won't have to bother with hashing/encrypting. If you can't guarantee it, build in some extra safety in the form of hashing and/or encrypting. hope that explains it all a bit, - tul -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] class? package?
Shelley wrote: I am working on a sns site, and now my practice is grouping classes of a function classes of a function... perhaps classes related to certain functionality? (i. e. subscription) together. When I need it, just load the package: subscription. Right? ;) Hm... I do not know your project, but to have many classes just to handle subscription, sounds a bit too much to me. Why don't you have a class called subscription, which might even extend a class called person or user - the subscription class can have methods, for instance subscribe and unsubscribe, and because subscription extends person or user - it already knows who is the person/user. And then, for example, to subscribe a person/user, you do - $subscription-subscribe($list_id); Other possible actions - $subscription-un_subscribe($list_id); $subscription-is_subscriber($list_id); $subscription-lists(); etc. This way class subscription packs the methods needed to handle subscription related activities, so in your own jargon, this class is a package. Of course, if the subscription process is extremely complicated, you can have more classes. Iv -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: why are passwords stored encrypted in databases even when the datathey protect is stored in the same database?
Hi tul, So this was a very long and informative answer :) Thank you very much! On Fri, 2008-06-13 at 12:02 +0200, M. Sokolewicz wrote: [...] However, people usually write code which may (and will most of the time) containt exploitable sections which might give a malicious user the ability to get a dump of the database. A password dump is always interesting, since it gives a LOT of information. People usually don't use 1 password per login, but rather have a standard password for most things. So if the user is allowed to change his password, it should be encrypted always as there are chances that the same password is used at some other place? That makes a lot of sense to me :) If all passwords are generated by the system on the other hand and the user is not allowed to change his password, if further all the protected data is in the same database as the password, there would be no need for encrypting the passwords following your argumentation? But if some information is stored outside the database - in my case (simple file server) for example, the database only contains the file meta-data while the files themselves are stored in some data directory on the server - some malicious user who would have broken into the database could get hold of the files if the passwords are stored unencrypted; if some encryption scheme would have been used on the other hand the data found in the database wouldn't be of any use at all? And if the password should be recoverable some encryption with a key stored somewhere else would force the hacker to break into two systems, the database itself and the system which is used to store the key. That makes sense also. I didn't think about the fact that database and a directory on the server are two different things which would have to be hacked separately. So I am happy about writing my mail and getting such a nice answer before implementing some stupid password logic myself :) Now, if it were unprotected, the person getting the information can instantly log in as that user, or if he wants might even take over that person's identity in other places (rare, but it happens). If it were protected by encryption of some kind then it would first need to be decrypted to be usable (unless there is a designflaw which makes this unnecessery as has been the case in a few messageboards a few years ago). Now, you can either encrypt or hash your passwords. Hashes are one-way, encryption two-way. If the malicious user gets hold of a hash: he'll still not have anything useful in his hands. He might make a reverse lookup table and figure out the password from that (though there's an infinite number of possible inputs for each single [hash] output), but add a salt and don't put that in the database and the user has a low chance of ever finding out what it was. But, just as the malicious user can't figure out what the password was, neither can you: so goodby lost-password feature. Instead you'd have to regenerate a new password and send that over, or do some other fancy magic which doesn't involve sending the current password as-is, since you don't know it either. If you were to use encryption there, you could always decrypt it. If you have the key. Storing the key separately from the encrypted password would make this quite safe. enctpyed_string = (data + key), if you know neither the data nor the key, things get very tough. Because you know the key, you can figure out the password and make a forgot-password feature easily which sends out the actual password. But, because your key is publicly available (if your page has to use it, then it's automatically publicly available, maybe not easily, but a malicious user which managed to get hold of a full password table, could just aswell get hold of the key for the encryption)! Putting in neither, so just keeping the passwords in their plain form is safe. As long as noone _ever_ sees them. Guarantee that and you won't have to bother with hashing/encrypting. If you can't guarantee it, build in some extra safety in the form of hashing and/or encrypting. hope that explains it all a bit, - tul Yes. A bit. I am actually impressed. But I better read some more redundant book about intelligent malicious users as I still feel like not understanding everything of what you said completely. ...any nice book recommendation for naive people like me :? So how about the following solution to my simple file-server problem: I generate a new url for every user who is allowed to download a file and a private password for every new url. Using this approach, the same file will be downloaded by different users via different urls and passwords. The password for an url is stored in the database encrypted and send over to the user unencrypted per email. Of course this makes some more logic and tables necessary - and a new row for every user also - but who cares :) What do you think?
[PHP] PDF to images or something similar
Hi!. I need to create a pageflip magazine (you know, a flash magazine). My client ask me to do a little php program that convert a full pdf magazine into a pageflip magazine. My doubt is: It's possible with php to read a full pdf and make an image for each page? Thanks a lot. Ray. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: why are passwords stored encrypted in databases even when thedatathey protect is stored in the same database?
Dietrich Bollmann wrote: Hi tul, So this was a very long and informative answer :) Thank you very much! On Fri, 2008-06-13 at 12:02 +0200, M. Sokolewicz wrote: [...] However, people usually write code which may (and will most of the time) containt exploitable sections which might give a malicious user the ability to get a dump of the database. A password dump is always interesting, since it gives a LOT of information. People usually don't use 1 password per login, but rather have a standard password for most things. So if the user is allowed to change his password, it should be encrypted always as there are chances that the same password is used at some other place? That makes a lot of sense to me :) If all passwords are generated by the system on the other hand and the user is not allowed to change his password, if further all the protected data is in the same database as the password, there would be no need for encrypting the passwords following your argumentation? But if some information is stored outside the database - in my case (simple file server) for example, the database only contains the file meta-data while the files themselves are stored in some data directory on the server - some malicious user who would have broken into the database could get hold of the files if the passwords are stored unencrypted; if some encryption scheme would have been used on the other hand the data found in the database wouldn't be of any use at all? And if the password should be recoverable some encryption with a key stored somewhere else would force the hacker to break into two systems, the database itself and the system which is used to store the key. That makes sense also. I didn't think about the fact that database and a directory on the server are two different things which would have to be hacked separately. So I am happy about writing my mail and getting such a nice answer before implementing some stupid password logic myself :) Now, if it were unprotected, the person getting the information can instantly log in as that user, or if he wants might even take over that person's identity in other places (rare, but it happens). If it were protected by encryption of some kind then it would first need to be decrypted to be usable (unless there is a designflaw which makes this unnecessery as has been the case in a few messageboards a few years ago). Now, you can either encrypt or hash your passwords. Hashes are one-way, encryption two-way. If the malicious user gets hold of a hash: he'll still not have anything useful in his hands. He might make a reverse lookup table and figure out the password from that (though there's an infinite number of possible inputs for each single [hash] output), but add a salt and don't put that in the database and the user has a low chance of ever finding out what it was. But, just as the malicious user can't figure out what the password was, neither can you: so goodby lost-password feature. Instead you'd have to regenerate a new password and send that over, or do some other fancy magic which doesn't involve sending the current password as-is, since you don't know it either. If you were to use encryption there, you could always decrypt it. If you have the key. Storing the key separately from the encrypted password would make this quite safe. enctpyed_string = (data + key), if you know neither the data nor the key, things get very tough. Because you know the key, you can figure out the password and make a forgot-password feature easily which sends out the actual password. But, because your key is publicly available (if your page has to use it, then it's automatically publicly available, maybe not easily, but a malicious user which managed to get hold of a full password table, could just aswell get hold of the key for the encryption)! Putting in neither, so just keeping the passwords in their plain form is safe. As long as noone _ever_ sees them. Guarantee that and you won't have to bother with hashing/encrypting. If you can't guarantee it, build in some extra safety in the form of hashing and/or encrypting. hope that explains it all a bit, - tul Yes. A bit. I am actually impressed. But I better read some more redundant book about intelligent malicious users as I still feel like not understanding everything of what you said completely. ...any nice book recommendation for naive people like me :? So how about the following solution to my simple file-server problem: I generate a new url for every user who is allowed to download a file and a private password for every new url. Using this approach, the same file will be downloaded by different users via different urls and passwords. The password for an url is stored in the database encrypted and send over to the user unencrypted per email. Of course this makes some more logic and tables necessary - and a new row for every user also - but who cares :) What do you think? Thanks for your
Re: [PHP] Re: HTML 5
On Fri, Jun 13, 2008 at 4:35 AM, Richard Heyes [EMAIL PROTECTED] wrote: i suppose i put too much faith in the right hand nav on the w3cschools site =/ http://www.w3.org/ is the site to use for up to date standards. Well that is a bit ironic as just the other day you said you didn't care about standards[1] as far as redirects were concerned. :P [1] http://www.mail-archive.com/php-general@lists.php.net/msg228512.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PDF to images or something similar
Ray Mckoy wrote: Hi!. I need to create a pageflip magazine (you know, a flash magazine). My client ask me to do a little php program that convert a full pdf magazine into a pageflip magazine. My doubt is: It's possible with php to read a full pdf and make an image for each page? Dunno, but there are websites that offer this service on demand. /Per Jessen, Zürich -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] a questoin about the # char
On Thu, Jun 12, 2008 at 10:05 PM, Robert Cummings [EMAIL PROTECTED] wrote: CVS conflict?? :) Actually, I should say... the backup file due to a CVS conflict or auto merge. Which is funny to see when you're editing a Vim-backup of a backed-up file and it gets swept up by an automated CVS commit script. You wind up with something like the following: #.a.php.bak.swp~ This happened when I was double-checking a function in a script I was working on about a year ago. The file looked like a toddler's drawing of a choo-choo train in the TTY. -- /Daniel P. Brown Dedicated Servers - Intel 2.4GHz w/2TB bandwidth/mo. starting at just $59.99/mo. with no contract! Dedicated servers, VPS, and hosting from $2.50/mo. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP code will not work
On Fri, Jun 13, 2008 at 2:09 AM, Joseph Subida [EMAIL PROTECTED] wrote: 105: ?php 106: echo $_SERVER['HTTP_USER_AGENT']; 107: ? All the code before line 105 is code that I've been messing around with. I tried testing those three lines in its own file. But I still get the same error: Parse error: syntax error, unexpected T_VARIABLE in /Library/WebServer/Documents/error.php on line 2 Odd if you can run a phpinfo(), see if there's anything set in `auto_prepend_file`. Is this a shared hosting system, or are you running it on your own system? Can you give us the output of your entire phpinfo() by link? -- /Daniel P. Brown Dedicated Servers - Intel 2.4GHz w/2TB bandwidth/mo. starting at just $59.99/mo. with no contract! Dedicated servers, VPS, and hosting from $2.50/mo. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Problem with php execution and variables
SenTnel wrote: Hello! Im new to programing and this is the situation I have with a first level basic php tutorial: One of the samples uses a simple order form that submits to this page and is supposed to return the values entered on that form. This is the code not working: ? echo pYour order; // Start printing order echo date(jS F,H:i ); echo br; echo pThis is your order:; echo br; echo $actionqty. ActionScriptbr; echo $photoqty. Photoshopbr; echo $flashqty. Flash MXbr; ? The problem is that with this code my page does not shows the amounts entered in he form, but the tutorial works with the exact same code, then, the same tutorial showed another long way to do the same thing and is using this other code that works on my page: ? echo pYour order; // Start printing order echo date(jS F,H:i ); echo br; echo pThis is your order:; echo br; echo $HTTP_POST_VARS[actionqty]. ActionScriptbr; echo $HTTP_POST_VARS[photoqty]. Photoshopbr; echo $HTTP_POST_VARS[flashqty]. Photoshopbr; ? I want to use the short way, why doesn't work on my server? Do I have to set some settings in php configuration to be able to use php in the short format? Thanks ! To use your 'short way' you need register_globals=on which is a security risk/bad practice. You can use a 'shorter than the long way' which is the way you should be doing it anyway (BTW... your tutorial is old): echo $_POST['actionqty']. ActionScriptbr; -Shawn -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Problem with php execution and variables
Thank you Shawn! Just to make sure, the long way IS the correct way? Thanks again! Shawn McKenzie wrote: SenTnel wrote: Hello! Im new to programing and this is the situation I have with a first level basic php tutorial: One of the samples uses a simple order form that submits to this page and is supposed to return the values entered on that form. This is the code not working: ? echo pYour order; // Start printing order echo date(jS F,H:i ); echo br; echo pThis is your order:; echo br; echo $actionqty. ActionScriptbr; echo $photoqty. Photoshopbr; echo $flashqty. Flash MXbr; ? The problem is that with this code my page does not shows the amounts entered in he form, but the tutorial works with the exact same code, then, the same tutorial showed another long way to do the same thing and is using this other code that works on my page: ? echo pYour order; // Start printing order echo date(jS F,H:i ); echo br; echo pThis is your order:; echo br; echo $HTTP_POST_VARS[actionqty]. ActionScriptbr; echo $HTTP_POST_VARS[photoqty]. Photoshopbr; echo $HTTP_POST_VARS[flashqty]. Photoshopbr; ? I want to use the short way, why doesn't work on my server? Do I have to set some settings in php configuration to be able to use php in the short format? Thanks ! To use your 'short way' you need register_globals=on which is a security risk/bad practice. You can use a 'shorter than the long way' which is the way you should be doing it anyway (BTW... your tutorial is old): echo $_POST['actionqty']. ActionScriptbr; -Shawn -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- View this message in context: http://www.nabble.com/Problem-with-php-execution-and-variables-tp17816172p17824587.html Sent from the PHP - General mailing list archive at Nabble.com. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Apache RewriteRule Help!!!!
On Fri, Jun 13, 2008 at 4:11 AM, Miguel J. Jiménez [EMAIL PROTECTED] wrote: How can I make apache work fine with http://foo/INDEX/mp3; and redirect to an error page (or moved url or wahtever) with http://foo/INDEX/index.php?m=mp3; (from the client view) You can start by asking your question on an Apache list. This has nothing to do with PHP. ;-P To answer your question, use this in your .htaccess file: RewriteCond %{SCRIPT_FILENAME} index RewriteCond %{QUERY_STRING} ^[a-zA-Z0-9] RewriteRule .* http://www.yourdomain.com/404.php [L] Next time, though, please try to ask questions on the appropriate lists. -- /Daniel P. Brown Dedicated Servers - Intel 2.4GHz w/2TB bandwidth/mo. starting at just $59.99/mo. with no contract! Dedicated servers, VPS, and hosting from $2.50/mo. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] UK PHP Host/Developer Required
On Fri, Jun 13, 2008 at 5:56 AM, Iv Ray [EMAIL PROTECTED] wrote: 2. It's useful if the host company and the client keep the same office hours. If you have a hosting company with 9 to 5 office hours, you are dead, even if it is next door. I was waiting for someone to say that. ;-P -- /Daniel P. Brown Dedicated Servers - Intel 2.4GHz w/2TB bandwidth/mo. starting at just $59.99/mo. with no contract! Dedicated servers, VPS, and hosting from $2.50/mo. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PDF to images or something similar
Imagemagick, with some php code, probably will do it. Per Jessen wrote: Ray Mckoy wrote: Hi!. I need to create a pageflip magazine (you know, a flash magazine). My client ask me to do a little php program that convert a full pdf magazine into a pageflip magazine. My doubt is: It's possible with php to read a full pdf and make an image for each page? Dunno, but there are websites that offer this service on demand. /Per Jessen, Zürich -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] PHP Runs But Does NOT Connect to MSSQL Server
Hi, Greg: I have just run the command [EMAIL PROTECTED] php-5.2.6]# php -m | grep mssql mssql It appears that my RPM is fully installed. I could ping to the machine, but I could not connect to it. I have set the TCP to 1433, and UDP to 1434. Therefore, even though my syntax $dbhandle= mssql_connect($myServer, $myUser, $myPass) appears to be accurate with the proper password, ip, and username defined prior to this, I only get PHP Warning: mssql_connect(): Unable to connect to server: 192.168.10.128 in /usr/local/apache/htdocs/test.php on line 22 Could there be something that I have missed? Alice == Alice Wei MIS 2009 School of Library and Information Science Indiana University Bloomington [EMAIL PROTECTED] From: Greg Maruszeczka [EMAIL PROTECTED] Sent: Wednesday, June 11, 2008 10:37 PM To: php-general@lists.php.net Subject: Re: [PHP] PHP Runs But Does Not Display on Linux On Wed, 11 Jun 2008 22:03:53 -0400 Wei, Alice J. [EMAIL PROTECTED] wrote: Hi, I am currently using a Linux box with Fedora to run my PHP scripts, which I have seen in the download page at http://www.php.net/downloads.php that We do not distribute UNIX/Linux binaries. Most Linux distributions come with PHP these days. What I am wondering is, if I can run my scripts by using the command like php some_php.php, as long as it does not require me to have it displayed on the web page or in need of using a mssql_connect function, it does not give me any errors at all. Otherwise, it consistently gives me errors Call to undefined function: mysql_connect() This (likely) means you don't have the mysql extension installed. If you type the following at the command line: php -m | grep mysql and nothing prints out, you'll need to install the rpm that provides mysql-related functions and restart apache. HTH, GM -- Greg Maruszeczka http://websagesolutions.com skype: websage.ca googletalk: gmarus Those who are possessed by nothing possess everything. -- Morihei Ueshiba -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] SimpleXML and registerXPathNamespace
Hi, I am having problems with the below test case. I am using an extended googlebase Atom format to store my data. Included in the test case is a simplified version of my XML-document. PROBLEM: Why do I need to re-register namespace 'a' when using xpath through the result of a previous xpath()-statement? As you may notice the same is not true for namespace 'g'. I can't get this to make sense! Any insight would be much appreciated. Best regards, Mario Caprino ?php #Simpliefied sample data $str= EOF ?xml version=1.0 encoding=iso-8859-1? feed xmlns=http://www.w3.org/2005/Atom; xmlns:g=http://base.google.com/ns/1.0; xml:lang=en entry g:mpn10100/g:mpn titleMy product/title title xml:lang=noMitt produkt/title g:price299/g:price /entry /feed EOF; #Load document $xml= simplexml_load_string ($str); $xml-registerXPathNamespace ('a', 'http://www.w3.org/2005/Atom'); $xml-registerXPathNamespace ('g', 'http://base.google.com/ns/1.0'); echo This is what I am trying to achieve...\n; $lang= 'no'; $id= '10100'; $title= $xml-xpath (/a:feed/a:entry[g:mpn='$id']/a:title[lang('$lang')]); echo utf8_decode ($title[0]) . \n; #--- echo But I'd fist like to store the entity node, and then request several data nodes relative to it\n; $entry= $xml-xpath (/a:feed/a:entry[g:mpn='$id']); $entry= $entry[0]; $price= $entry-xpath (g:price); echo This works as expected: $price[0]\n; #$entry-registerXPathNamespace ('a', 'http://www.w3.org/2005/Atom'); $title= $entry-xpath (a:title[lang('$lang')]); echo '... but this will only work if I re-register the namespace a? ' . utf8_decode ($title[0]); ? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] UK PHP Host/Developer Required
On Jun 13, 2008, at 10:27 AM, Daniel Brown wrote: On Fri, Jun 13, 2008 at 5:56 AM, Iv Ray [EMAIL PROTECTED] wrote: 2. It's useful if the host company and the client keep the same office hours. If you have a hosting company with 9 to 5 office hours, you are dead, even if it is next door. I was waiting for someone to say that. ;-P Personally... I like to run my hosting company where I am open from 10 to 2 Monday, Wednesday, and fridays! Saves time for golfing! :) -- Jason Pruim Raoset Inc. Technology Manager MQC Specialist 3251 132nd ave Holland, MI, 49424-9337 www.raoset.com [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Runs But Does NOT Connect to MSSQL Server
On Fri, 13 Jun 2008 10:32:22 -0400 Wei, Alice J. [EMAIL PROTECTED] wrote: Hi, Greg: I have just run the command [EMAIL PROTECTED] php-5.2.6]# php -m | grep mssql mssql It appears that my RPM is fully installed. I could ping to the machine, but I could not connect to it. I have set the TCP to 1433, and UDP to 1434. Therefore, even though my syntax $dbhandle= mssql_connect($myServer, $myUser, $myPass) appears to be accurate with the proper password, ip, and username defined prior to this, I only get PHP Warning: mssql_connect(): Unable to connect to server: 192.168.10.128 in /usr/local/apache/htdocs/test.php on line 22 Could there be something that I have missed? Alice Perhaps. Check the documentation for myssql_connect and be sure that you're not supposed to also provide a port number (in your case 1433) along with the hostname argument. IIRC you can tag it after the hostname/ip using a colon (e.g. myhostname:1433). Other than that it seems more like a network connectivity issue. This is OT for this list but if it was my problem I'd ensure there aren't any packet filters between my web server and db hosts. Since MSSql has to run on windows I'd start there and ensure inbound connects to TCP 1433 are allowed. You're using private address space (192.168.x.x). Are BOTH servers on the same subnet? GM -- Greg Maruszeczka http://websagesolutions.com skype: websage.ca googletalk: gmarus -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Problem with php execution and variables
SenTnel wrote: Thank you Shawn! Just to make sure, the long way IS the correct way? Thanks again! Shawn McKenzie wrote: SenTnel wrote: Hello! Im new to programing and this is the situation I have with a first level basic php tutorial: One of the samples uses a simple order form that submits to this page and is supposed to return the values entered on that form. This is the code not working: ? echo pYour order; // Start printing order echo date(jS F,H:i ); echo br; echo pThis is your order:; echo br; echo $actionqty. ActionScriptbr; echo $photoqty. Photoshopbr; echo $flashqty. Flash MXbr; ? The problem is that with this code my page does not shows the amounts entered in he form, but the tutorial works with the exact same code, then, the same tutorial showed another long way to do the same thing and is using this other code that works on my page: ? echo pYour order; // Start printing order echo date(jS F,H:i ); echo br; echo pThis is your order:; echo br; echo $HTTP_POST_VARS[actionqty]. ActionScriptbr; echo $HTTP_POST_VARS[photoqty]. Photoshopbr; echo $HTTP_POST_VARS[flashqty]. Photoshopbr; ? I want to use the short way, why doesn't work on my server? Do I have to set some settings in php configuration to be able to use php in the short format? Thanks ! To use your 'short way' you need register_globals=on which is a security risk/bad practice. You can use a 'shorter than the long way' which is the way you should be doing it anyway (BTW... your tutorial is old): echo $_POST['actionqty']. ActionScriptbr; -Shawn -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Using $_POST is the correct way unless you are on an old version of PHP, in which case you would have to use $HTTP_POST_VARS which may or may not work on newer versions, so stick with $_POST. -Shawn -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Problem with php execution and variables
Thanks! :handshake: Shawn McKenzie wrote: SenTnel wrote: Thank you Shawn! Just to make sure, the long way IS the correct way? Thanks again! Shawn McKenzie wrote: SenTnel wrote: Hello! Im new to programing and this is the situation I have with a first level basic php tutorial: One of the samples uses a simple order form that submits to this page and is supposed to return the values entered on that form. This is the code not working: ? echo pYour order; // Start printing order echo date(jS F,H:i ); echo br; echo pThis is your order:; echo br; echo $actionqty. ActionScriptbr; echo $photoqty. Photoshopbr; echo $flashqty. Flash MXbr; ? The problem is that with this code my page does not shows the amounts entered in he form, but the tutorial works with the exact same code, then, the same tutorial showed another long way to do the same thing and is using this other code that works on my page: ? echo pYour order; // Start printing order echo date(jS F,H:i ); echo br; echo pThis is your order:; echo br; echo $HTTP_POST_VARS[actionqty]. ActionScriptbr; echo $HTTP_POST_VARS[photoqty]. Photoshopbr; echo $HTTP_POST_VARS[flashqty]. Photoshopbr; ? I want to use the short way, why doesn't work on my server? Do I have to set some settings in php configuration to be able to use php in the short format? Thanks ! To use your 'short way' you need register_globals=on which is a security risk/bad practice. You can use a 'shorter than the long way' which is the way you should be doing it anyway (BTW... your tutorial is old): echo $_POST['actionqty']. ActionScriptbr; -Shawn -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Using $_POST is the correct way unless you are on an old version of PHP, in which case you would have to use $HTTP_POST_VARS which may or may not work on newer versions, so stick with $_POST. -Shawn -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php :handshake::handshake::handshake::handshake::rules: -- View this message in context: http://www.nabble.com/Problem-with-php-execution-and-variables-tp17816172p17825702.html Sent from the PHP - General mailing list archive at Nabble.com. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: HTML 5
-Original Message- From: Eric Butera [mailto:[EMAIL PROTECTED] Sent: Friday, June 13, 2008 7:22 AM To: [EMAIL PROTECTED] Cc: php-general@lists.php.net Subject: Re: [PHP] Re: HTML 5 On Fri, Jun 13, 2008 at 4:35 AM, Richard Heyes [EMAIL PROTECTED] wrote: i suppose i put too much faith in the right hand nav on the w3cschools site =/ http://www.w3.org/ is the site to use for up to date standards. Well that is a bit ironic as just the other day you said you didn't care about standards[1] as far as redirects were concerned. :P [1] http://www.mail-archive.com/php- [EMAIL PROTECTED]/msg228512.html Someone who does not adhere to them can nonetheless recommend them to someone else who is curious. No need to be cranky. ;) Todd Boyd Web Programmer
RE: [PHP] Forum coded in PHP with mail and news gateway
-Original Message- From: Arno Kuhl [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2008 1:13 AM To: 'Michelle Konzack'; 'PHP - General' Subject: RE: [PHP] Forum coded in PHP with mail and news gateway Not sure about the gateways but you can look at www.phpbb.com -Original Message- From: Michelle Konzack [mailto:[EMAIL PROTECTED] Sent: 11 June 2008 04:52 To: PHP - General Subject: [PHP] Forum coded in PHP with mail and news gateway Hello, because it is actual for me while having some problems with Ubuntu's LAUNCHPAD (does not support threating) I like to know, whether there is a light Forum software written in PHP availlable. It should support: 1) PostgreSQL(my own database) 2) MySQL (my current hosting provider offer it only) 3) Threating 4) Gateway to mailinglist including threating 5) Gateway to usenet including threating 6) Subscriber only 7) Scanning for SPAM :-D I also think it's fair to mention (if the OP has dismissed phpBB due to the immediately-obvious features and missing features) that phpBB--and several other forum software packages--are modifiable with plug-ins. There may very well be a phpBB-Usenet and/or phpBB-Listserv Archive plugin to suit your needs. Todd Boyd Web Programmer -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] PHP Runs But Does NOT Connect to MSSQL Server
Hi, Greg: i have went back to the conf file I have in the freetds directory to edit the server information to # A typical Microsoft server [egServer70] host = 192.168.10.128 port = 1433 tds version = 7.2 Since I am using MS SQL 2005, I thought I would have to change this to tds version 7.2 instead of 7.0. I have edited the MSSQL connection to as follows: //connection to the database $dbhandle = mssql_connect($myServer, $myUser, $myPass) or die(Couldn't connect to SQL Server on $myServer); //select a database to work with $selected = mssql_select_db($myDB, $dbhandle) or die(Couldn't open database $myDB); Since I could not find the exact syntax for this on http://www.php.net, I have modified it as you suggested. The error message that says couldn't connect to the server was brought back a lot quicker than before, but I still could not connect it. Are there other packages I have to install? Thanks for your help. Alice == Alice Wei MIS 2009 School of Library and Information Science Indiana University Bloomington [EMAIL PROTECTED] From: Greg Maruszeczka [EMAIL PROTECTED] Sent: Friday, June 13, 2008 10:51 AM To: php-general@lists.php.net Subject: Re: [PHP] PHP Runs But Does NOT Connect to MSSQL Server On Fri, 13 Jun 2008 10:32:22 -0400 Wei, Alice J. [EMAIL PROTECTED] wrote: Hi, Greg: I have just run the command [EMAIL PROTECTED] php-5.2.6]# php -m | grep mssql mssql It appears that my RPM is fully installed. I could ping to the machine, but I could not connect to it. I have set the TCP to 1433, and UDP to 1434. Therefore, even though my syntax $dbhandle= mssql_connect($myServer, $myUser, $myPass) appears to be accurate with the proper password, ip, and username defined prior to this, I only get PHP Warning: mssql_connect(): Unable to connect to server: 192.168.10.128 in /usr/local/apache/htdocs/test.php on line 22 Could there be something that I have missed? Alice Perhaps. Check the documentation for myssql_connect and be sure that you're not supposed to also provide a port number (in your case 1433) along with the hostname argument. IIRC you can tag it after the hostname/ip using a colon (e.g. myhostname:1433). Other than that it seems more like a network connectivity issue. This is OT for this list but if it was my problem I'd ensure there aren't any packet filters between my web server and db hosts. Since MSSql has to run on windows I'd start there and ensure inbound connects to TCP 1433 are allowed. You're using private address space (192.168.x.x). Are BOTH servers on the same subnet? GM -- Greg Maruszeczka http://websagesolutions.com skype: websage.ca googletalk: gmarus -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHPMailer not working but Squirell mail works
Hi, In my web server, I cant send mail by PHPMailer. But If I login by the squirellmail webclient my hosting provider gave, it sends email promptly. Can anyone tell me what could be the reason? -- Shiplu http://talk.cmyweb.net
Re: [PHP] UK PHP Host/Developer Required
2008/6/13 Iv Ray [EMAIL PROTECTED]: 2. It's useful if the host company and the client keep the same office hours. If you have a hosting company with 9 to 5 office hours, you are dead, even if it is next door. Out of hours technical support often gets billed at a punitive rate. Which is a bugger if their out of hours is your working day. And while you might get tech support out of hours, accounts and billing usually keep normal office hours. -robin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHPMailer not working but Squirell mail works
On Fri, Jun 13, 2008 at 11:55 AM, Shiplu [EMAIL PROTECTED] wrote: Hi, In my web server, I cant send mail by PHPMailer. But If I login by the squirellmail webclient my hosting provider gave, it sends email promptly. Can anyone tell me what could be the reason? -- Shiplu http://talk.cmyweb.net Could be an authentication issue between PHP Mailer and the squirrelmail. -- Bastien Cat, the other other white meat
Re: [PHP] a questoin about the # char
On Thu, Jun 12, 2008 at 8:18 PM, Sebastian Camino [EMAIL PROTECTED] wrote: Hello, I want to know what the # char does. On a website I was working at, I tried to open a file with a # in it's name and I got an error. So I'd really appreciate any help to know how to avoid the error and what does the character do. Thanks a lot Sebastian -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Assuming you are talking about the filename which contains '#' char, I think its the filesystem which is not supporting the file name with '#' character. what is the filesystem?
RE: [PHP] PHPMailer not working but Squirell mail works
-Original Message- From: Shiplu [mailto:[EMAIL PROTECTED] Sent: Friday, June 13, 2008 10:55 AM To: PHP General list Subject: [PHP] PHPMailer not working but Squirell mail works Hi, In my web server, I cant send mail by PHPMailer. But If I login by the squirellmail webclient my hosting provider gave, it sends email promptly. Can anyone tell me what could be the reason? Let's start with a LOT more information about your situation. What version of PHP? What hosting platform? Is SMTP set in your php.ini? If not, do you use ini_set(smtp, 'host.name.here')? Is your SMTP port set correctly (see above 2 questions)? Are you sure SquirrelMail and PHP's mail() function are using the same SMTP server? Has your hosting provider denied mail()? ... Generally, coming to a list with, This is broken. Why? will not get you a helpful response. (At least, not very quickly.) Until my copy of Outlook's MindReader plug-in starts functioning properly, more information will be needed. :) Todd Boyd Web Programmer -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: why are passwords stored encrypted in databases even when thedatathey protect is stored in the same database?
On Fri, Jun 13, 2008 at 8:20 AM, M. Sokolewicz [EMAIL PROTECTED] wrote: Dietrich Bollmann wrote: Hi tul, So this was a very long and informative answer :) Thank you very much! On Fri, 2008-06-13 at 12:02 +0200, M. Sokolewicz wrote: [...] However, people usually write code which may (and will most of the time) containt exploitable sections which might give a malicious user the ability to get a dump of the database. A password dump is always interesting, since it gives a LOT of information. People usually don't use 1 password per login, but rather have a standard password for most things. So if the user is allowed to change his password, it should be encrypted always as there are chances that the same password is used at some other place? That makes a lot of sense to me :) If all passwords are generated by the system on the other hand and the user is not allowed to change his password, if further all the protected data is in the same database as the password, there would be no need for encrypting the passwords following your argumentation? But if some information is stored outside the database - in my case (simple file server) for example, the database only contains the file meta-data while the files themselves are stored in some data directory on the server - some malicious user who would have broken into the database could get hold of the files if the passwords are stored unencrypted; if some encryption scheme would have been used on the other hand the data found in the database wouldn't be of any use at all? And if the password should be recoverable some encryption with a key stored somewhere else would force the hacker to break into two systems, the database itself and the system which is used to store the key. That makes sense also. I didn't think about the fact that database and a directory on the server are two different things which would have to be hacked separately. So I am happy about writing my mail and getting such a nice answer before implementing some stupid password logic myself :) Now, if it were unprotected, the person getting the information can instantly log in as that user, or if he wants might even take over that person's identity in other places (rare, but it happens). If it were protected by encryption of some kind then it would first need to be decrypted to be usable (unless there is a designflaw which makes this unnecessery as has been the case in a few messageboards a few years ago). Now, you can either encrypt or hash your passwords. Hashes are one-way, encryption two-way. If the malicious user gets hold of a hash: he'll still not have anything useful in his hands. He might make a reverse lookup table and figure out the password from that (though there's an infinite number of possible inputs for each single [hash] output), but add a salt and don't put that in the database and the user has a low chance of ever finding out what it was. But, just as the malicious user can't figure out what the password was, neither can you: so goodby lost-password feature. Instead you'd have to regenerate a new password and send that over, or do some other fancy magic which doesn't involve sending the current password as-is, since you don't know it either. If you were to use encryption there, you could always decrypt it. If you have the key. Storing the key separately from the encrypted password would make this quite safe. enctpyed_string = (data + key), if you know neither the data nor the key, things get very tough. Because you know the key, you can figure out the password and make a forgot-password feature easily which sends out the actual password. But, because your key is publicly available (if your page has to use it, then it's automatically publicly available, maybe not easily, but a malicious user which managed to get hold of a full password table, could just aswell get hold of the key for the encryption)! Putting in neither, so just keeping the passwords in their plain form is safe. As long as noone _ever_ sees them. Guarantee that and you won't have to bother with hashing/encrypting. If you can't guarantee it, build in some extra safety in the form of hashing and/or encrypting. hope that explains it all a bit, - tul Yes. A bit. I am actually impressed. But I better read some more redundant book about intelligent malicious users as I still feel like not understanding everything of what you said completely. ...any nice book recommendation for naive people like me :? So how about the following solution to my simple file-server problem: I generate a new url for every user who is allowed to download a file and a private password for every new url. Using this approach, the same file will be downloaded by different users via different urls and passwords. The password for an url is stored in the database encrypted and send over to the user unencrypted per email. Of course this makes some more
RE: [PHP] PHP Runs But Does NOT Connect to MSSQL Server
-Original Message- From: Wei, Alice J. [mailto:[EMAIL PROTECTED] Sent: Friday, June 13, 2008 10:25 AM To: Greg Maruszeczka; php-general@lists.php.net Subject: RE: [PHP] PHP Runs But Does NOT Connect to MSSQL Server Hi, Greg: i have went back to the conf file I have in the freetds directory to edit the server information to # A typical Microsoft server [egServer70] host = 192.168.10.128 port = 1433 tds version = 7.2 Since I am using MS SQL 2005, I thought I would have to change this to tds version 7.2 instead of 7.0. I have edited the MSSQL connection to as follows: //connection to the database $dbhandle = mssql_connect($myServer, $myUser, $myPass) or die(Couldn't connect to SQL Server on $myServer); //select a database to work with $selected = mssql_select_db($myDB, $dbhandle) or die(Couldn't open database $myDB); Since I could not find the exact syntax for this on http://www.php.net, I have modified it as you suggested. The error message that says couldn't connect to the server was brought back a lot quicker than before, but I still could not connect it. Are there other packages I have to install? Thanks for your help. Alice ---8--- snip From: Greg Maruszeczka [EMAIL PROTECTED] Perhaps. Check the documentation for myssql_connect and be sure that you're not supposed to also provide a port number (in your case 1433) along with the hostname argument. IIRC you can tag it after the hostname/ip using a colon (e.g. myhostname:1433). Other than that it seems more like a network connectivity issue. This is OT for this list but if it was my problem I'd ensure there aren't any packet filters between my web server and db hosts. Since MSSql has to run on windows I'd start there and ensure inbound connects to TCP 1433 are allowed. You're using private address space (192.168.x.x). Are BOTH servers on the same subnet? Alice, You still have not tried to connect to your MS SQL server using your supplied port number in your code above. A quick glance at http://us.php.net/mssql_connect shows that a port number can, in fact, be passed in the hostname parameter. For instance: $dbhandle = mssql_connect($myServer . , . $myPort, $myUser, $myPass) or die(Uh-oh!); The hostname and port are separated by a comma, as mentioned in the PHP reference page I have linked to. Give it a shot, and see if it helps at all. If not, sorry... but it was worth a try, eh? ;) Todd Boyd Web Programmer -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Runs But Does NOT Connect to MSSQL Server
On Fri, 13 Jun 2008 10:41:54 -0500 Boyd, Todd M. [EMAIL PROTECTED] wrote: -Original Message- From: Wei, Alice J. [mailto:[EMAIL PROTECTED] Sent: Friday, June 13, 2008 10:25 AM To: Greg Maruszeczka; php-general@lists.php.net Subject: RE: [PHP] PHP Runs But Does NOT Connect to MSSQL Server Hi, Greg: i have went back to the conf file I have in the freetds directory to edit the server information to # A typical Microsoft server [egServer70] host = 192.168.10.128 port = 1433 tds version = 7.2 Since I am using MS SQL 2005, I thought I would have to change this to tds version 7.2 instead of 7.0. I have edited the MSSQL connection to as follows: //connection to the database $dbhandle = mssql_connect($myServer, $myUser, $myPass) or die(Couldn't connect to SQL Server on $myServer); //select a database to work with $selected = mssql_select_db($myDB, $dbhandle) or die(Couldn't open database $myDB); Since I could not find the exact syntax for this on http://www.php.net, I have modified it as you suggested. The error message that says couldn't connect to the server was brought back a lot quicker than before, but I still could not connect it. Are there other packages I have to install? Thanks for your help. Alice ---8--- snip From: Greg Maruszeczka [EMAIL PROTECTED] Perhaps. Check the documentation for myssql_connect and be sure that you're not supposed to also provide a port number (in your case 1433) along with the hostname argument. IIRC you can tag it after the hostname/ip using a colon (e.g. myhostname:1433). Other than that it seems more like a network connectivity issue. This is OT for this list but if it was my problem I'd ensure there aren't any packet filters between my web server and db hosts. Since MSSql has to run on windows I'd start there and ensure inbound connects to TCP 1433 are allowed. You're using private address space (192.168.x.x). Are BOTH servers on the same subnet? Alice, You still have not tried to connect to your MS SQL server using your supplied port number in your code above. A quick glance at http://us.php.net/mssql_connect shows that a port number can, in fact, be passed in the hostname parameter. For instance: $dbhandle = mssql_connect($myServer . , . $myPort, $myUser, $myPass) or die(Uh-oh!); Alice: Oops...it seems Todd is correct. Sorry for misleading you with the port number syntax, I should have mentioned along with the 'IIRC' that I don't *always* recall things correctly :) Documentation is my best friend and it should be yours as well. It seems pretty obvious but can you confirm that MSSQL is actually running on 192.168.10.128 and listening on the port you think it is? Try 'netstat -an' from what passes for a command line on the windows host and make sure TCP 1433 is bound to that address (and not just 127.0.0.1). Then check that windows isn't blocking that port using whatever it has for a 'firewall'. However, none of this concerns PHP per se so I won't be replying again in this thread unless that changes. If you still have troubles I suggest you consider bribing your friendly-neighbourhood system or network administrator with a good cup of coffee and a donut in order to troubleshoot further. GM -- Greg Maruszeczka http://websagesolutions.com skype: websage.ca googletalk: gmarus -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHPMailer not working but Squirell mail works
On Fri, Jun 13, 2008 at 12:00 PM, Boyd, Todd M. [EMAIL PROTECTED] wrote: -Original Message- From: Shiplu [mailto:[EMAIL PROTECTED] Sent: Friday, June 13, 2008 10:55 AM To: PHP General list Subject: [PHP] PHPMailer not working but Squirell mail works Hi, In my web server, I cant send mail by PHPMailer. But If I login by the squirellmail webclient my hosting provider gave, it sends email promptly. Can anyone tell me what could be the reason? Let's start with a LOT more information about your situation. What version of PHP? 5.2.4 What hosting platform? Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.7a mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.4 Is SMTP set in your php.ini? SMPT = localhost If not, do you use ini_set(smtp, 'host.name.here')? Is your SMTP port set correctly (see above 2 questions)? smtp_port = 25 Are you sure SquirrelMail and PHP's mail() function are using the same SMTP server? well, I am using the squirrelmail that I got from cpanel. its not installed in any path. Has your hosting provider denied mail()? no. Only dl,passthru,proc_open,proc_close,shell_exec,system are disabled ... Generally, coming to a list with, This is broken. Why? will not get you a helpful response. (At least, not very quickly.) Until my copy of Outlook's MindReader plug-in starts functioning properly, more information will be needed. :) Todd Boyd Web Programmer
[PHP] Capture homepage screenshot
Hello, How can i capture homepage screenshot of a webpage by php? I know a way. I'll run a executable written in C/C++. when It will be called to process a screen shot It will just load the webpage in firefox and capture the image. It'll send the image path to php. The executable will be running. The problem with this solution is, I have to run X, Firefox in my web server, which doesn't look efficient for a server. I wanna know, is there any other way to achieve this? without creating a screen shot server. Thanks Shiplu http://talk.cmyweb.net/
Re: [PHP] PHP code will not work
Joseph Subida wrote: Daniel Brown wrote: On Wed, Jun 11, 2008 at 11:51 PM, Joseph Subida [EMAIL PROTECTED] wrote: Hi. I am new to PHP. I found a tutorial that said to copy and paste the code into a .php document and open it in my browser: ?php echo $_SERVER['HTTP_USER_AGENT']; ? I'm pretty sure PHP is enabled on my computer. I've tested code such as: PHP is definitely on your system. [snip!] The error I get when I try ?php echo $_SERVER['HTTP_USER_AGENT']; ? is Parse error: syntax error, unexpected T_VARIABLE in /Library/WebServer/Documents/test.php on line 106 What is the code on lines 105 and 106 of test.php? If there's nothing on line 105, please send us the immediately-preceding code. 105: ?php 106: echo $_SERVER['HTTP_USER_AGENT']; 107: ? All the code before line 105 is code that I've been messing around with. I tried testing those three lines in its own file. But I still get the same error: Parse error: syntax error, unexpected T_VARIABLE in /Library/WebServer/Documents/error.php on line 2 By the way, a T_VARIABLE is just a variable --- anything beginning with a $dollar_sign. I had a similar problem and this was suggested and it worked for me: Try to put the global $_SERVER['HTTP_USER_AGENT'] into {}brackets: echo '{$_SERVER['HTTP_USER_AGENT']}'; I'm not sure about the single quotes in your situation... I'm new at this too :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: HTML 5
Well that is a bit ironic as just the other day you said you didn't care about standards[1] as far as redirects were concerned. :P [1] http://www.mail-archive.com/php-general@lists.php.net/msg228512.html Note the smileys... :-) -- Richard Heyes Employ me: http://www.phpguru.org/cv ++ | Access SSH with a Windows mapped drive | |http://www.phpguru.org/sftpdrive| ++ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP code will not work
On Fri, Jun 13, 2008 at 1:51 PM, PJ [EMAIL PROTECTED] wrote: I had a similar problem and this was suggested and it worked for me: Try to put the global $_SERVER['HTTP_USER_AGENT'] into {}brackets: echo '{$_SERVER['HTTP_USER_AGENT']}'; I'm not sure about the single quotes in your situation... I'm new at this too :) There actually two problems with that. First, single-quotes force everything inside to be taken literally, as opposed to double quotes performing translation. This means, with single quotes, the expression won't even be evaluated between the brackets, but you'd get this response: {$_SERVER['HTTP_USER_AGENT']} that is, if not for the second part. Since you're using single (literal) quotes, PHP will come back with a parse error based on syntax, because of the $_SERVER array element name being included in single quotes. If you wanted to echo the actual name on purpose, you can transpose quotes; place the literal (single) quotes on the outside, and use translating (double) quotes within the brackets of the $_SERVER superglobal array brackets. -- /Daniel P. Brown Dedicated Servers - Intel 2.4GHz w/2TB bandwidth/mo. starting at just $59.99/mo. with no contract! Dedicated servers, VPS, and hosting from $2.50/mo. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Capture homepage screenshot
On Fri, Jun 13, 2008 at 1:46 PM, Shiplu [EMAIL PROTECTED] wrote: Hello, How can i capture homepage screenshot of a webpage by php? I know a way. I'll run a executable written in C/C++. when It will be called to process a screen shot It will just load the webpage in firefox and capture the image. It'll send the image path to php. The executable will be running. The problem with this solution is, I have to run X, Firefox in my web server, which doesn't look efficient for a server. I wanna know, is there any other way to achieve this? without creating a screen shot server. Thanks Shiplu http://talk.cmyweb.net/ google php screen scraping tutorial for more solutions -- Bastien Cat, the other other white meat
Re: [PHP] Re: HTML 5
On Fri, 2008-06-13 at 19:22 +0100, Richard Heyes wrote: Well that is a bit ironic as just the other day you said you didn't care about standards[1] as far as redirects were concerned. :P [1] http://www.mail-archive.com/php-general@lists.php.net/msg228512.html Note the smileys... :-) Oh, I thought you were admitting to things working out for you as one of the ignorant masses ;) Cheers, Rob. -- http://www.interjinn.com Application and Templating Framework for PHP -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Capture homepage screenshot
On Fri, Jun 13, 2008 at 1:46 PM, Shiplu [EMAIL PROTECTED] wrote: Hello, How can i capture homepage screenshot of a webpage by php? I know a way. I'll run a executable written in C/C++. when It will be called to process a screen shot It will just load the webpage in firefox and capture the image. It'll send the image path to php. The executable will be running. The problem with this solution is, I have to run X, Firefox in my web server, which doesn't look efficient for a server. I wanna know, is there any other way to achieve this? without creating a screen shot server. There are several commercial options available, but I may put together a script this afternoon capable of generating thumbnails from websites. If I do, I'll keep you informed. -- /Daniel P. Brown Dedicated Servers - Intel 2.4GHz w/2TB bandwidth/mo. starting at just $59.99/mo. with no contract! Dedicated servers, VPS, and hosting from $2.50/mo. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Capture homepage screenshot
Daniel Brown wrote: On Fri, Jun 13, 2008 at 1:46 PM, Shiplu [EMAIL PROTECTED] wrote: Hello, How can i capture homepage screenshot of a webpage by php? I know a way. I'll run a executable written in C/C++. when It will be called to process a screen shot It will just load the webpage in firefox and capture the image. It'll send the image path to php. The executable will be running. The problem with this solution is, I have to run X, Firefox in my web server, which doesn't look efficient for a server. I wanna know, is there any other way to achieve this? without creating a screen shot server. There are several commercial options available, but I may put together a script this afternoon capable of generating thumbnails from websites. If I do, I'll keep you informed. Do it Dan! Do it!!! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Capture homepage screenshot
On Fri, 2008-06-13 at 14:38 -0400, Bastien Koert wrote: On Fri, Jun 13, 2008 at 1:46 PM, Shiplu [EMAIL PROTECTED] wrote: Hello, How can i capture homepage screenshot of a webpage by php? I know a way. I'll run a executable written in C/C++. when It will be called to process a screen shot It will just load the webpage in firefox and capture the image. It'll send the image path to php. The executable will be running. The problem with this solution is, I have to run X, Firefox in my web server, which doesn't look efficient for a server. I wanna know, is there any other way to achieve this? without creating a screen shot server. Thanks Shiplu http://talk.cmyweb.net/ google php screen scraping tutorial for more solutions Screen scraping is not what he wants. He wants a thumbnail of the homepage, not to extract a data structure by parsing the HTML. Cheers, Rob. -- http://www.interjinn.com Application and Templating Framework for PHP -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: SPAM SPAM Re: [PHP] Capture homepage screenshot
On Fri, 2008-06-13 at 14:45 -0400, Daniel Brown wrote: There are several commercial options available, but I may put together a script this afternoon capable of generating thumbnails from websites. If I do, I'll keep you informed. In my project, we do this through a small Python application. The cool thing for you, is that the functionality is exposed through an XML-RPC service as well... You are free to use it, as long as you don't abuse it of course (we have limited bandwidth in Africa). The other option is to read the docs as to how its done and copy it (it's all GPL anyway). To see it in action, take a look at: http://avoir.uwc.ac.za/index.php?module=cmsaction=showfulltextsectionid=init_1id=gen14Srv2Nme49_8062_1213073978 In my framework, we simply call it through a filter, so to get a screnshot of the PHP site, I would simply add in: [SCREENSHOT]http://www.php.net/[/SCREENSHOT] in any place that I can add content (blog, wiki, cms etc). Lastly, but not least at all, you could also just use our framework... Download from http://avoir.uwc.ac.za/ --Paul All Email originating from UWC is covered by disclaimer http://www.uwc.ac.za/portal/public/portal_services/disclaimer.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Capture homepage screenshot
On Fri, Jun 13, 2008 at 12:45 PM, Daniel Brown [EMAIL PROTECTED] wrote: On Fri, Jun 13, 2008 at 1:46 PM, Shiplu [EMAIL PROTECTED] wrote: Hello, How can i capture homepage screenshot of a webpage by php? I know a way. I'll run a executable written in C/C++. when It will be called to process a screen shot It will just load the webpage in firefox and capture the image. It'll send the image path to php. The executable will be running. The problem with this solution is, I have to run X, Firefox in my web server, which doesn't look efficient for a server. I wanna know, is there any other way to achieve this? without creating a screen shot server. There are several commercial options available, but I may put together a script this afternoon capable of generating thumbnails from websites. If I do, I'll keep you informed. i already wrote prototype of this about 5 months back. it was really slow and needed more work, but it was working. i can share the code w/ anyone who wants it; but its pretty crappy atm, and has some major dependecies outside of php. anyone who's interested just let me know. btw. im curious to see your implementation dan ;) -nathan
RE: [PHP] PHP Runs But Does NOT Connect to MSSQL Server
Hi, Greg: One of the members on the list advised me to use telnet to see if this is working. I have fixed up my errors so that it now gives me this: Connected to 192.168.10.68. Escape character is '^]'. This appears to signify that I can now actually connect to the actual server, while I cannot actually connect to the MS SQL through the PHP. What I am confused about is that when I was compiling freetds into my PHP installation, I used this as my configuration option: ./configure --with-mssql=/usr/local/freetds --prefix=/usr/local/php I get this in my last few lines of my installation before I started to make the file. checking for MSSQL support via FreeTDS... yes configure: error: Directory /usr/local/freetds is not a FreeTDS installation directory Is this one of the reasons why I am having issues getting connected? If yes, are there other options to solve it as my application is running on Linux? Thanks again for your help. == Alice Wei MIS 2009 School of Library and Information Science Indiana University Bloomington [EMAIL PROTECTED] From: Greg Maruszeczka [EMAIL PROTECTED] Sent: Friday, June 13, 2008 12:31 PM To: php-general@lists.php.net Subject: Re: [PHP] PHP Runs But Does NOT Connect to MSSQL Server On Fri, 13 Jun 2008 10:41:54 -0500 Boyd, Todd M. [EMAIL PROTECTED] wrote: -Original Message- From: Wei, Alice J. [mailto:[EMAIL PROTECTED] Sent: Friday, June 13, 2008 10:25 AM To: Greg Maruszeczka; php-general@lists.php.net Subject: RE: [PHP] PHP Runs But Does NOT Connect to MSSQL Server Hi, Greg: i have went back to the conf file I have in the freetds directory to edit the server information to # A typical Microsoft server [egServer70] host = 192.168.10.128 port = 1433 tds version = 7.2 Since I am using MS SQL 2005, I thought I would have to change this to tds version 7.2 instead of 7.0. I have edited the MSSQL connection to as follows: //connection to the database $dbhandle = mssql_connect($myServer, $myUser, $myPass) or die(Couldn't connect to SQL Server on $myServer); //select a database to work with $selected = mssql_select_db($myDB, $dbhandle) or die(Couldn't open database $myDB); Since I could not find the exact syntax for this on http://www.php.net, I have modified it as you suggested. The error message that says couldn't connect to the server was brought back a lot quicker than before, but I still could not connect it. Are there other packages I have to install? Thanks for your help. Alice ---8--- snip From: Greg Maruszeczka [EMAIL PROTECTED] Perhaps. Check the documentation for myssql_connect and be sure that you're not supposed to also provide a port number (in your case 1433) along with the hostname argument. IIRC you can tag it after the hostname/ip using a colon (e.g. myhostname:1433). Other than that it seems more like a network connectivity issue. This is OT for this list but if it was my problem I'd ensure there aren't any packet filters between my web server and db hosts. Since MSSql has to run on windows I'd start there and ensure inbound connects to TCP 1433 are allowed. You're using private address space (192.168.x.x). Are BOTH servers on the same subnet? Alice, You still have not tried to connect to your MS SQL server using your supplied port number in your code above. A quick glance at http://us.php.net/mssql_connect shows that a port number can, in fact, be passed in the hostname parameter. For instance: $dbhandle = mssql_connect($myServer . , . $myPort, $myUser, $myPass) or die(Uh-oh!); Alice: Oops...it seems Todd is correct. Sorry for misleading you with the port number syntax, I should have mentioned along with the 'IIRC' that I don't *always* recall things correctly :) Documentation is my best friend and it should be yours as well. It seems pretty obvious but can you confirm that MSSQL is actually running on 192.168.10.128 and listening on the port you think it is? Try 'netstat -an' from what passes for a command line on the windows host and make sure TCP 1433 is bound to that address (and not just 127.0.0.1). Then check that windows isn't blocking that port using whatever it has for a 'firewall'. However, none of this concerns PHP per se so I won't be replying again in this thread unless that changes. If you still have troubles I suggest you consider bribing your friendly-neighbourhood system or network administrator with a good cup of coffee and a donut in order to troubleshoot further. GM -- Greg Maruszeczka http://websagesolutions.com skype: websage.ca googletalk: gmarus -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Capture homepage screenshot
On Fri, Jun 13, 2008 at 2:38 PM, Daniel Brown [EMAIL PROTECTED] wrote: On Fri, Jun 13, 2008 at 4:35 PM, Nathan Nobbe [EMAIL PROTECTED] wrote: btw. im curious to see your implementation dan ;) I thought I was going to have time to do it all start to finish today, but that won't be the case. However, once I have it working, it'll be in the Subversion repository and on the website of my as-yet unannounced non-profit open source company. it took me longer than i thought too. the main issues are performance ones. 1. time to capture a single screen (need a decent box to ensure this is reasonable) there are several things here, load url from client; bring it up in browser, snap it, put it on disc so subsequent requests can be fast, resize, and finally, ship it off to the client via php's binay output support 2. handling silmultaneous requests using the browser / full screen capture approach, simultaneous requests have to be queued. perhaps a priority queue is best because cached requests can be served immediately. this is what i ran into anyway. and i had plans to streamline my prototype, but other things came up :D anyway, the best way to do it would be to hack something into firefox, directly. another lesser issue is capturing all of a page that runs off the screen. for example, a web page that produces a scroll bar. you cant get that w/ a snap of the screen because its cut off... and dont bother w/ export to print either, that butchers the web pages =/ w/ my prototype on a ~400MHz box w/ linux and a crappy video card; it was taking like 30 seconds for a complete turnaround on an uncached request. using lighttpd and php, imagemagik, ajax and some other cli programs, i cant remember off the top of my head. again, eager to see your stab at it. -nathan
Re: [PHP] Capture homepage screenshot
On Fri, Jun 13, 2008 at 4:56 PM, Nathan Nobbe [EMAIL PROTECTED] wrote: it took me longer than i thought too. the main issues are performance ones. My main issues are paid projects taking precedence over non-paid. ;-P 1. time to capture a single screen (need a decent box to ensure this is reasonable) there are several things here, load url from client; bring it up in browser, snap it, put it on disc so subsequent requests can be fast, resize, and finally, ship it off to the client via php's binay output support 2. handling silmultaneous requests using the browser / full screen capture approach, simultaneous requests have to be queued. perhaps a priority queue is best because cached requests can be served immediately. Mine will be browserless, X-less, et cetera. It'll likely be one of the first, too, I guess. [snip!] w/ my prototype on a ~400MHz box w/ linux and a crappy video card; it was taking like 30 seconds for a complete turnaround on an uncached request. using lighttpd and php, imagemagik, ajax and some other cli programs, i cant remember off the top of my head. My preliminary test averages 0.7 seconds (seven-tenths of one second), but I expect that to increase by quite a bit. Possibly in the 5-10 second area. again, eager to see your stab at it. I'll try to get it out this weekend, and anyone who wants the details to access it via Subversion, when ready, can send me a request privately. -- /Daniel P. Brown Dedicated Servers - Intel 2.4GHz w/2TB bandwidth/mo. starting at just $59.99/mo. with no contract! Dedicated servers, VPS, and hosting from $2.50/mo. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Capture homepage screenshot
On Fri, Jun 13, 2008 at 4:35 PM, Nathan Nobbe [EMAIL PROTECTED] wrote: btw. im curious to see your implementation dan ;) I thought I was going to have time to do it all start to finish today, but that won't be the case. However, once I have it working, it'll be in the Subversion repository and on the website of my as-yet unannounced non-profit open source company. -- /Daniel P. Brown Dedicated Servers - Intel 2.4GHz w/2TB bandwidth/mo. starting at just $59.99/mo. with no contract! Dedicated servers, VPS, and hosting from $2.50/mo. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Kindla 0T, but here goes...
Hey! Heres what i have done so far: I ask the user for his style of music by displaying for example 3 links in the div id=music like rock, pop,sentimental when the user clicks on any of those links i do a quick trip to the DB via ajax and update the div with all the artists that his choice merits... same thing when he clicks the bands name... this time i display all of their songs... and here's where i am stumped... when he clicks any of those songs... it should start playing in the background WITHOUT reloading the whole page... is this possible or am i just barking up the wrong tree? music files are midi, wav and mp3... would be happy if i can have just one if i cant have all three.. Thanks in advance! R -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Kindla 0T, but here goes...
On Fri, Jun 13, 2008 at 4:49 PM, Ryan S [EMAIL PROTECTED] wrote: when the user clicks on any of those links i do a quick trip to the DB via ajax and update the div with all the artists that his choice merits... same thing when he clicks the bands name... this time i display all of their songs... and here's where i am stumped... when he clicks any of those songs... it should start playing in the background WITHOUT reloading the whole page... is this possible or am i just barking up the wrong tree? Most sites, such as Project Playlist (now just Playlist.com) use Flash for this. Check it out: http://www.playlist.com/ -- /Daniel P. Brown Dedicated Servers - Intel 2.4GHz w/2TB bandwidth/mo. starting at just $59.99/mo. with no contract! Dedicated servers, VPS, and hosting from $2.50/mo. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Kindla 0T, but here goes...
-Original Message- From: Daniel Brown [mailto:[EMAIL PROTECTED] Sent: Friday, June 13, 2008 4:13 PM To: Ryan S Cc: php php Subject: Re: [PHP] Kindla 0T, but here goes... On Fri, Jun 13, 2008 at 4:49 PM, Ryan S [EMAIL PROTECTED] wrote: when the user clicks on any of those links i do a quick trip to the DB via ajax and update the div with all the artists that his choice merits... same thing when he clicks the bands name... this time i display all of their songs... and here's where i am stumped... when he clicks any of those songs... it should start playing in the background WITHOUT reloading the whole page... is this possible or am i just barking up the wrong tree? Most sites, such as Project Playlist (now just Playlist.com) use Flash for this. Check it out: http://www.playlist.com/ I agree with Daniel. Your most likely solution is to use a Flash player (or similar implementation) and populate a portion of your page with the object via AJAX (which you are already apparently comfortable with). Todd Boyd Web Programmer -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Another way to send variables
Hello. I have this script (script1.php): ?php $a = Hello; header(Location: script2.php); ? I need to send the $a variable to script2.php, but i don´t want to send it in the url. Is there another method? Maybe with another header instruction without putting in the url? Thank you.
Re: [PHP] Another way to send variables
On Fri, Jun 13, 2008 at 3:49 PM, R B [EMAIL PROTECTED] wrote: Hello. I have this script (script1.php): ?php $a = Hello; header(Location: script2.php); ? I need to send the $a variable to script2.php, but i don´t want to send it in the url. Is there another method? Maybe with another header instruction without putting in the url? store the variable in a session, on disk (explicitly), in apc (or something similar), or a database. -nathan
RE: [PHP] Another way to send variables
-Original Message- From: R B [mailto:[EMAIL PROTECTED] Sent: Friday, June 13, 2008 4:50 PM To: PHP List Subject: [PHP] Another way to send variables Hello. I have this script (script1.php): ?php $a = Hello; header(Location: script2.php); ? I need to send the $a variable to script2.php, but i don´t want to send it in the url. Is there another method? Maybe with another header instruction without putting in the url? Thank you. Well, you can use POST instead of GET. If you're trying to hide it from laymen, this is fine. If you're trying to hide it altogether, it's still visible for people who know where to look. HTH, Todd Boyd Web Programmer -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Capture homepage screenshot
On Fri, Jun 13, 2008 at 5:01 PM, Daniel Brown [EMAIL PROTECTED] wrote: On Fri, Jun 13, 2008 at 4:56 PM, Nathan Nobbe [EMAIL PROTECTED] wrote: it took me longer than i thought too. the main issues are performance ones. My main issues are paid projects taking precedence over non-paid. ;-P 1. time to capture a single screen (need a decent box to ensure this is reasonable) there are several things here, load url from client; bring it up in browser, snap it, put it on disc so subsequent requests can be fast, resize, and finally, ship it off to the client via php's binay output support 2. handling silmultaneous requests using the browser / full screen capture approach, simultaneous requests have to be queued. perhaps a priority queue is best because cached requests can be served immediately. Mine will be browserless, X-less, et cetera. It'll likely be one of the first, too, I guess. [snip!] w/ my prototype on a ~400MHz box w/ linux and a crappy video card; it was taking like 30 seconds for a complete turnaround on an uncached request. using lighttpd and php, imagemagik, ajax and some other cli programs, i cant remember off the top of my head. My preliminary test averages 0.7 seconds (seven-tenths of one second), but I expect that to increase by quite a bit. Possibly in the 5-10 second area. again, eager to see your stab at it. I'll try to get it out this weekend, and anyone who wants the details to access it via Subversion, when ready, can send me a request privately. -- /Daniel P. Brown Dedicated Servers - Intel 2.4GHz w/2TB bandwidth/mo. starting at just $59.99/mo. with no contract! Dedicated servers, VPS, and hosting from $2.50/mo. I can't understand how do you create thumbnail without X and any browser. Waiting to hear it from you. Before that I tell you another technique. I don't know how tough it will be. Normally Js is not used to initial page rendering. I am assuming it. Now I run any browser engine (say Mozilla) in the background. Mozilla will supply position of colored and picture elements. But not the text unless its in h1,h2... . Text is not needed because in the thumbnail size its absence will not change the image too much. we can ignore it. I'll just take the image and colored elements positions and size. then create an image by php-gd. But i think this process too tough. What do you think?? Well, As I need it. is there any cheap commercial solution?
Re: [PHP] Another way to send variables
On Fri, Jun 13, 2008 at 5:49 PM, R B [EMAIL PROTECTED] wrote: Hello. I have this script (script1.php): ?php $a = Hello; header(Location: script2.php); ? I need to send the $a variable to script2.php, but i don´t want to send it in the url. Is there another method? ?php // script1.php session_start(); $_SESSION['a'] = Hello; header(Location: script2.php); exit(0); ? ?php // script2.php session_start(); $a = $_SESSION['a']; echo $_SESSION['a']; ? -- /Daniel P. Brown Dedicated Servers - Intel 2.4GHz w/2TB bandwidth/mo. starting at just $59.99/mo. with no contract! Dedicated servers, VPS, and hosting from $2.50/mo. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Capture homepage screenshot
On Fri, Jun 13, 2008 at 5:59 PM, Shiplu [EMAIL PROTECTED] wrote: Well, As I need it. is there any cheap commercial solution? Sure. You can hire me to write it for you. ;-P Searching Google for `website thumbnail scripts` should give you some results --- including some that are hosted applications. -- /Daniel P. Brown Dedicated Servers - Intel 2.4GHz w/2TB bandwidth/mo. starting at just $59.99/mo. with no contract! Dedicated servers, VPS, and hosting from $2.50/mo. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Memory cache problem
Hello, I´m making a video manual, but i don´t want to be cached in the client machine. I make a script like this: ?php header(Expires: Mon, 26 Jul 1997 05:00:00 GMT); header(Last-Modified: . gmdate(D, d M Y H:i:s) . GMT); header(Cache-Control: no-store, no-cache, must-revalidate); header(Cache-Control: post-check=0, pre-check=0, false); header(Pragma: no-cache); readfile($video_name); ? With Internet explorer the script works fine. But Firefox have two types of cache: Memory cache and disk cache. With firefox disk cache, the script works fine, because don´t appears in the disk cache, but i have problems with the Memory cache. How can i avoid to appears in the firefox memory cache?
Re: [PHP] Memory cache problem
On 13 Jun 2008, at 23:12, R B wrote: I´m making a video manual, but i don´t want to be cached in the client machine. I make a script like this: ?php header(Expires: Mon, 26 Jul 1997 05:00:00 GMT); header(Last-Modified: . gmdate(D, d M Y H:i:s) . GMT); header(Cache-Control: no-store, no-cache, must-revalidate); header(Cache-Control: post-check=0, pre-check=0, false); header(Pragma: no-cache); readfile($video_name); ? With Internet explorer the script works fine. But Firefox have two types of cache: Memory cache and disk cache. With firefox disk cache, the script works fine, because don´t appears in the disk cache, but i have problems with the Memory cache. How can i avoid to appears in the firefox memory cache? Why don't you want it cached? What makes you think it's cached in memory on FF? -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Memory cache problem
The video manual it´s not for me, it´s for a customer and he don´t want to be cached in the client machine... If you put in firefoxin the url area: about:cache , firefox display the Memory cache and the Disk cache... I search in both caches, and the video appears in the memory cache. On Fri, Jun 13, 2008 at 4:17 PM, Stut [EMAIL PROTECTED] wrote: On 13 Jun 2008, at 23:12, R B wrote: I´m making a video manual, but i don´t want to be cached in the client machine. I make a script like this: ?php header(Expires: Mon, 26 Jul 1997 05:00:00 GMT); header(Last-Modified: . gmdate(D, d M Y H:i:s) . GMT); header(Cache-Control: no-store, no-cache, must-revalidate); header(Cache-Control: post-check=0, pre-check=0, false); header(Pragma: no-cache); readfile($video_name); ? With Internet explorer the script works fine. But Firefox have two types of cache: Memory cache and disk cache. With firefox disk cache, the script works fine, because don´t appears in the disk cache, but i have problems with the Memory cache. How can i avoid to appears in the firefox memory cache? Why don't you want it cached? What makes you think it's cached in memory on FF? -Stut -- http://stut.net/
Re: [PHP] Memory cache problem
On 13 Jun 2008, at 23:20, R B wrote: The video manual it´s not for me, it´s for a customer and he don´t want to be cached in the client machine... If you put in firefoxin the url area: about:cache , firefox display the Memory cache and the Disk cache... I search in both caches, and the video appears in the memory cache. Sorry, but that doesn't answer the question of why you/he doesn't want it to be cached. If he's trying to protect the videos from being copied then you're going to need to make it clear to him that you can't stop that from happening without DRM which is a whole other kettle of fish and usually not worth it. Aside from that I'm not aware of anything else you can do to stop clients caching your content. At the end of the day you have no reliable control over what happens after the data leaves the server. -Stut -- http://stut.net/ On Fri, Jun 13, 2008 at 4:17 PM, Stut [EMAIL PROTECTED] wrote: On 13 Jun 2008, at 23:12, R B wrote: I´m making a video manual, but i don´t want to be cached in the client machine. I make a script like this: ?php header(Expires: Mon, 26 Jul 1997 05:00:00 GMT); header(Last-Modified: . gmdate(D, d M Y H:i:s) . GMT); header(Cache-Control: no-store, no-cache, must-revalidate); header(Cache-Control: post-check=0, pre-check=0, false); header(Pragma: no-cache); readfile($video_name); ? With Internet explorer the script works fine. But Firefox have two types of cache: Memory cache and disk cache. With firefox disk cache, the script works fine, because don´t appears in the disk cache, but i have problems with the Memory cache. How can i avoid to appears in the firefox memory cache? Why don't you want it cached? What makes you think it's cached in memory on FF? -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] UK PHP Host/Developer Required
Robin Vickery wrote: Out of hours technical support often gets billed at a punitive rate. Which is a bugger if their out of hours is your working day. It seems you haven't tried Rackspace (UK) yet. And while you might get tech support out of hours, accounts and billing usually keep normal office hours. True. But if you pay your bills on time, you will never talk to these. Iv PS I am NOT advocating that one should take hosting outside the UK. I do projects in Austria and I do have the hosting in the UK. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHPMailer not working but Squirell mail works
Shiplu wrote: In my web server, I cant send mail by PHPMailer. What does this mean? Do you get an error message, etc.? Iv -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Kindla 0T, but here goes...
Hey guys! Thanks for replying! Cant find any midi flash player... looks like it has to be mp3, in which case can anybody recommend a place for open licensed mp3s for songs like happy birthday etc maybe just instrumental stuff? Thanks! R -Original Message- From: Daniel Brown [mailto:[EMAIL PROTECTED] Sent: Friday, June 13, 2008 4:13 PM To: Ryan S Cc: php php Subject: Re: [PHP] Kindla 0T, but here goes... On Fri, Jun 13, 2008 at 4:49 PM, Ryan S [EMAIL PROTECTED] wrote: when the user clicks on any of those links i do a quick trip to the DB via ajax and update the div with all the artists that his choice merits... same thing when he clicks the bands name... this time i display all of their songs... and here's where i am stumped... when he clicks any of those songs... it should start playing in the background WITHOUT reloading the whole page... is this possible or am i just barking up the wrong tree? Most sites, such as Project Playlist (now just Playlist.com) use Flash for this. Check it out: http://www.playlist.com/ I agree with Daniel. Your most likely solution is to use a Flash player (or similar implementation) and populate a portion of your page with the object via AJAX (which you are already apparently comfortable with). Todd Boyd Web Programmer -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Memory cache problem
At 11:47 PM +0100 6/13/08, Stut wrote: On 13 Jun 2008, at 23:20, R B wrote: I search in both caches, and the video appears in the memory cache. Sorry, but that doesn't answer the question of why you/he doesn't want it to be cached. If he's trying to protect the videos from being copied then you're going to need to make it clear to him that you can't stop that from happening without DRM which is a whole other kettle of fish and usually not worth it. Aside from that I'm not aware of anything else you can do to stop clients caching your content. At the end of the day you have no reliable control over what happens after the data leaves the server. -Stut Caching is one thing, but viewing the video is another -- unless I am mistaken. While it's true that you have no control over the video file once it leaves the server, however, what the file does in a foreign environment is something else. Typically, DRM schemes are needed when someone wants to protect digital media from being copied to play in standard players. But, if you want to restrict playing a video to just your site, then that's another matter. One can place actionscript in the video that will stop it from playing if certain conditions are not met. For example, you can have a file that exits in your site, but no where else. If the video is downloaded and an attempt is made to play it, then the video simply looks for the companion file and if it's not there, then it won't play. Is this not true? Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: UK PHP Host/Developer Required
Hello, on 06/12/2008 09:46 AM Colin Sidwell said the following: Hi, We are looking for someone to develop host a PHP site in the UK. The site is a corporate rewards site that enables users to buy gifts with with points they have been given by their employer. URL is here- http://www.waystoamaze.co.uk/ There are databases of users, companies, products and categories. An admin section allows for product and user updating etc. Interested parties should contact the client directly on +44 7970 461 295 or email [EMAIL PROTECTED] You may want to take a look at this directory of PHP professionals from UK available for taking jobs. You even choose from developers near your region and check if they have the skills you need: http://www.phpclasses.org/professionals/country/uk/ -- Regards, Manuel Lemos PHP professionals looking for PHP jobs http://www.phpclasses.org/professionals/ PHP Classes - Free ready to use OOP components written in PHP http://www.phpclasses.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Capture homepage screenshot
Hello, on 06/13/2008 02:46 PM Shiplu said the following: Hello, How can i capture homepage screenshot of a webpage by php? I know a way. I'll run a executable written in C/C++. when It will be called to process a screen shot It will just load the webpage in firefox and capture the image. It'll send the image path to php. The executable will be running. The problem with this solution is, I have to run X, Firefox in my web server, which doesn't look efficient for a server. I wanna know, is there any other way to achieve this? without creating a screen shot server. If you run PHP on Windows, you can use this PHP class that was just released and does exactly what you need. I think it could be adapted to work with Firefox too. http://www.phpclasses.org/win-screenshot -- Regards, Manuel Lemos PHP professionals looking for PHP jobs http://www.phpclasses.org/professionals/ PHP Classes - Free ready to use OOP components written in PHP http://www.phpclasses.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: why are passwords stored encrypted in databases even when thedatathey protect is stored in the same database?
On Fri, 2008-06-13 at 14:20 +0200, M. Sokolewicz wrote: Considering you're already jailing access by linking a specific url to a specific password you're making the impact of a hacked password pretty small. Which is a good thing :) I would recommend, if you go this way, to add an expiry date to the url/password combo. So for example you can only use that url/password combo for 3 days before it expires, after that, you need a new combo. Doing it this way (with server-generated passwords) you make sure that _if_ it were ever to fall into hands-it-should-not-be-in, it won't be there for long. - Tul P.S. in other words, sounds fine to me :) Thank you again! ...so finally I can get to work :) Best wishes, Dietrich On Fri, 2008-06-13 at 14:20 +0200, M. Sokolewicz wrote: Dietrich Bollmann wrote: Hi tul, So this was a very long and informative answer :) Thank you very much! On Fri, 2008-06-13 at 12:02 +0200, M. Sokolewicz wrote: [...] However, people usually write code which may (and will most of the time) containt exploitable sections which might give a malicious user the ability to get a dump of the database. A password dump is always interesting, since it gives a LOT of information. People usually don't use 1 password per login, but rather have a standard password for most things. So if the user is allowed to change his password, it should be encrypted always as there are chances that the same password is used at some other place? That makes a lot of sense to me :) If all passwords are generated by the system on the other hand and the user is not allowed to change his password, if further all the protected data is in the same database as the password, there would be no need for encrypting the passwords following your argumentation? But if some information is stored outside the database - in my case (simple file server) for example, the database only contains the file meta-data while the files themselves are stored in some data directory on the server - some malicious user who would have broken into the database could get hold of the files if the passwords are stored unencrypted; if some encryption scheme would have been used on the other hand the data found in the database wouldn't be of any use at all? And if the password should be recoverable some encryption with a key stored somewhere else would force the hacker to break into two systems, the database itself and the system which is used to store the key. That makes sense also. I didn't think about the fact that database and a directory on the server are two different things which would have to be hacked separately. So I am happy about writing my mail and getting such a nice answer before implementing some stupid password logic myself :) Now, if it were unprotected, the person getting the information can instantly log in as that user, or if he wants might even take over that person's identity in other places (rare, but it happens). If it were protected by encryption of some kind then it would first need to be decrypted to be usable (unless there is a designflaw which makes this unnecessery as has been the case in a few messageboards a few years ago). Now, you can either encrypt or hash your passwords. Hashes are one-way, encryption two-way. If the malicious user gets hold of a hash: he'll still not have anything useful in his hands. He might make a reverse lookup table and figure out the password from that (though there's an infinite number of possible inputs for each single [hash] output), but add a salt and don't put that in the database and the user has a low chance of ever finding out what it was. But, just as the malicious user can't figure out what the password was, neither can you: so goodby lost-password feature. Instead you'd have to regenerate a new password and send that over, or do some other fancy magic which doesn't involve sending the current password as-is, since you don't know it either. If you were to use encryption there, you could always decrypt it. If you have the key. Storing the key separately from the encrypted password would make this quite safe. enctpyed_string = (data + key), if you know neither the data nor the key, things get very tough. Because you know the key, you can figure out the password and make a forgot-password feature easily which sends out the actual password. But, because your key is publicly available (if your page has to use it, then it's automatically publicly available, maybe not easily, but a malicious user which managed to get hold of a full password table, could just aswell get hold of the key for the encryption)! Putting in neither, so just keeping the passwords in their plain form is safe. As long as noone _ever_ sees them. Guarantee that and you won't have to bother with hashing/encrypting. If you
Re: [PHP] Re: why are passwords stored encrypted in databases even when thedatathey protect is stored in the same database?
Taking into mind that email addresses extracted out of hacked databases is one of the main spam industry seeders, I always wonder why web application developers don't consider encrypting emails the same way they consider encrypting password! Once a hacker has full access to a database, an encrypted password becomes like locking the door while keeping the window open! Say a user has an account in some discussion forum, that uses an open source, or visible-source software. She has about 5000 posts in which she has expressed her personal opinions on just about many things. Now what a hacker has to do is to dump the database into a local server running the same software, and begin analyzing the data, creating well-crafted lists of potential customers for which he's going to deliver very well-targeted mailing newsletters! Regards, Usamah -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Memory cache problem
On Fri, Jun 13, 2008 at 8:02 PM, tedd [EMAIL PROTECTED] wrote: At 11:47 PM +0100 6/13/08, Stut wrote: On 13 Jun 2008, at 23:20, R B wrote: I search in both caches, and the video appears in the memory cache. Sorry, but that doesn't answer the question of why you/he doesn't want it to be cached. If he's trying to protect the videos from being copied then you're going to need to make it clear to him that you can't stop that from happening without DRM which is a whole other kettle of fish and usually not worth it. Aside from that I'm not aware of anything else you can do to stop clients caching your content. At the end of the day you have no reliable control over what happens after the data leaves the server. -Stut Caching is one thing, but viewing the video is another -- unless I am mistaken. While it's true that you have no control over the video file once it leaves the server, however, what the file does in a foreign environment is something else. Typically, DRM schemes are needed when someone wants to protect digital media from being copied to play in standard players. But, if you want to restrict playing a video to just your site, then that's another matter. One can place actionscript in the video that will stop it from playing if certain conditions are not met. For example, you can have a file that exits in your site, but no where else. If the video is downloaded and an attempt is made to play it, then the video simply looks for the companion file and if it's not there, then it won't play. Is this not true? are you asking a rhetorical question here tedd? i thought you implemented something like that w/ help of the list some months back. -nathan