php-general Digest 31 Jan 2005 08:46:19 -0000 Issue 3259
Topics (messages 207723 through 207746):
PHP5 + SPL - Creating an object as an array.
207723 by: Yotam Ofek
Re: Still cnanot figure out with much easier example...
207724 by: news.php.net
207729 by: Marek Kilimajer
207730 by: Jason Wong
Re: Regexp stopped working on my site
207725 by: Kristian Hellquist
PHP5 Cli bug ?
207726 by: daniel.electroteque.org
207727 by: Jason Wong
207731 by: daniel.electroteque.org
207734 by: Richard Lynch
207735 by: daniel.electroteque.org
207736 by: daniel.electroteque.org
Re: Permissions on uploaded image don't allow for over writing
207728 by: Jason Wong
207739 by: Raj Shekhar
Sending email when sendmail_from & sendmail_path = null.
207732 by: Tim Burgan
207733 by: Manuel Lemos
207741 by: Richard Lynch
Re: best way to handle user authentication, PHP vs. apache
207737 by: Richard Lynch
207742 by: Raymond Still
Re: Sessions memory allocation problem
207738 by: Richard Lynch
Re: Problems displaying images with PHP-GD
207740 by: Richard Lynch
Re: Is this a bug?!!! I cna't believe! Sorry, if im wrong...
207743 by: Santa
PHP Security Consortium
207744 by: Chris Shiflett
Credit card storing, for processing
207745 by: Angelo Zanetti
SSH system command problem
207746 by: Linn Fagerberg
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[email protected]
----------------------------------------------------------------------
--- Begin Message ---
I would like to create an object like this:
<?php
class TestClass {
private $some_array;
public $just;
public $some;
public $public;
public $vars;
}
?>
Is it possible, through SPL, to make the class accessible as
"$testclass['array_key']", which will return the value for the key
'array_key' from "$some_array"? Not only that, but I want the class to
be accessable as "$testclass->just" aswell!
Is that possible? Examples are welcome.
Thanks in advance,
Yotam Ofek!
--- End Message ---
--- Begin Message ---
Just compare the output of print_r($arr) and foreach(...)... !!! Please,
explain, or my understanding of the php is gonna ruin.
Thanx, Mark.
<?
$as = array();
$a10 = "10";
$a20 = "20";
$a = &$a10;
$arr[] = &$a;
$a = &$a20;
$arr[] = &$a;
print_r($arr);
foreach($arr as $a)
{
echo $a;
}
?>
--- End Message ---
--- Begin Message ---
news.php.net wrote:
Just compare the output of print_r($arr) and foreach(...)... !!! Please,
explain, or my understanding of the php is gonna ruin.
Thanx, Mark.
<?
$as = array();
$a10 = "10";
$a20 = "20";
$a = &$a10;
$arr[] = &$a;
$a = &$a20;
$arr[] = &$a;
print_r($arr);
foreach($arr as $a)
{
echo $a;
}
?>
You can file this as a bug.
--- End Message ---
--- Begin Message ---
On Monday 31 January 2005 07:09, news.php.net wrote:
> �$as = array();
> �$a10 = "10";
> �$a20 = "20";
>
> �$a = &$a10;
> �$arr[] = &$a;
> �$a = &$a20;
> �$arr[] = &$a;
>
> �print_r($arr);
> �foreach($arr as $a)
> �{
> � echo $a;
> �}
If you do:
�foreach($arr as $b)
�{
� echo $b;
�}
then it will work as you expect it.
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
------------------------------------------
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-general
------------------------------------------
New Year Resolution: Ignore top posted posts
--- End Message ---
--- Begin Message ---
The expression that I found won't work anymore is an own pseudo-lang
markup that renders into html-lists.
Expression for grabbing a list, Example:
[lista] some text [/lista]
@\[\s*(lista)\s*(sq|o|\*|#|a|i)?\s*\]([^\x00]*?)\[/[EMAIL PROTECTED]
$3 is then treated separated into html list-items <li>.
List-items are created by a pseudotag [punkt] or linebreaks. Its one
way, you can't mix them both here.
// Explode the string into an array
$hits = preg_split('#(\[\s*punkt\s*\][^\x00]*?\[/\s*\punkt\s*\])#',
$matches[3], -1, PREG_SPLIT_DELIM_CAPTURE);
$textarray=array();
foreach($hits as $index=>$element){
if( ($index%2)==0){
// strings
$element = preg_split('/\s*\r+
\s*/', trim($element), -1, PREG_SPLIT_NO_EMTPY);
foreach($element as $val){
// Replace innerstyles
if(strlen(trim
($val))>0){
// Replace
nestled lists
//$val=$this-
>search_and_replace($val, $this->_reg_search['lista'] );
$val=$this-
>_check_content($val , $matches[1] );
// Add list
element
array_push
($textarray, '<li '.$list_style.'>'.$val.'</li>');
}
}
}else{
// [punkt]
$element=preg_replace('#
\[\s*punkt\s*\]([^\x00]*?)\[/\s*\punkt\s*\]#', '$1',$element);
// replace linebreaks
$element = preg_replace('/\r/',
'<br />', $element);
// Replace innerstyles
// Replace nestled lists
//$val=$this->search_and_replace
($val, $this->_reg_search['lista'] );
$element=$this->_check_content
($element , $matches[1] );
// Add list element
array_push($textarray, '<li
'.$list_style.'>'.$element.'</li>');
}
}
> Kristian Hellquist wrote:
> > Hi!
> >
> > I had a script for parsing text into html, similar to phpBB. Everything
> > has been working fine until now. Some of my 'pseudotags' like [b] are
> > still recognized (parsed into <b>) but some more advanced pattern
> > matching is not. I haven't changed the code, but the php-version on the
> > server has changed from "default" on debian-woody to php-4.3.10. I
> > haven't made the upgrade myself.
> >
> > The users of the site reported the bug to me this week, but the users
> > aren't active so I don't really know when then bug was created. Because
> > I know it has worked before.
> >
> > Does any of you have a clue or experience of this? Or has my code been
> > mysterious altered on the server?
>
> An example of the expressions?
--- End Message ---
--- Begin Message ---
I have experienced an odd bug where i have been forced to recompile my
php. The cli is crappingout , firstly the include paths cant be found now this
dyld: php Undefined symbols:
_OnUpdateLong
_OnUpdateString
_compiler_globals
_executor_globals
_sapi_globals
_sapi_module
_zend_error_cb
_zend_extensions
_zend_ini_boolean_displayer_cb
Trace/BPT trap
Any ideas ? The module is working ok still.
--- End Message ---
--- Begin Message ---
You have started a new thread by taking an existing posting and replying to
it while you changed the subject.
That is bad, because it breaks threading. Whenever you reply to a message,
your mail client generates a "References:" header that tells all recipients
which posting(s) your posting refers to. A mail client uses this information
to build a threaded view ("tree view") of the postings.
With your posting style you successfully torpedoed this useful feature; your
posting shows up within an existing thread it has nothing to do with.
Always do a fresh post when you want to start a new thread. To achieve this,
click on "New message" instead of "Reply" within your mail client, and enter
the list address as the recipient. You can save the list address in your
address book for convenience.
--- End Message ---
--- Begin Message ---
I'll try this again.
I have experienced an odd bug where i have been forced to recompile my
php. The cli is crappingout , firstly the include paths cant be found now
this
dyld: php Undefined symbols:
_OnUpdateLong
_OnUpdateString
_compiler_globals
_executor_globals
_sapi_globals
_sapi_module
_zend_error_cb
_zend_extensions
_zend_ini_boolean_displayer_cb
Trace/BPT trap
Any ideas ? The module is working ok still. I have been heavily using the
cli for generating peardataobjects classes. I am running OSX for a dev server,
it happened at the
same time on my laptopand my G5 any ideas ? Really wierd, just recompiled and
its ok.
--- End Message ---
--- Begin Message ---
[EMAIL PROTECTED] wrote:
> I'll try this again.
>
> I have experienced an odd bug where i have been forced to recompile my
> php. The cli is crappingout , firstly the include paths cant be found now
> this
> dyld: php Undefined symbols:
> _OnUpdateLong
> _OnUpdateString
> _compiler_globals
> _executor_globals
> _sapi_globals
> _sapi_module
> _zend_error_cb
> _zend_extensions
> _zend_ini_boolean_displayer_cb
> Trace/BPT trap
>
>
> Any ideas ? The module is working ok still. I have been heavily using the
> cli for generating peardataobjects classes. I am running OSX for a dev
> server, it happened at the
> same time on my laptopand my G5 any ideas ? Really wierd, just recompiled
> and its ok.
Perhaps some kind of auto-update system software is REPLACING your PHP CLI
with a "new" version...
Wiping out your good one with a bad one...
I guess it's also possible that you are experiencing something triggered
by different users/path settings in your environment.
Try opening up a shell and doing 'which php' once in a while, and see if
it changes out from under you.
--
Like Music?
http://l-i-e.com/artists.htm
--- End Message ---
--- Begin Message ---
>
> Perhaps some kind of auto-update system software is REPLACING your PHP
> CLI with a "new" version...
>
> Wiping out your good one with a bad one...
>
> I guess it's also possible that you are experiencing something
> triggered by different users/path settings in your environment.
>
> Try opening up a shell and doing 'which php' once in a while, and see
> if it changes out from under you.
>
Wierd, no well I just did recompiles on both so I cant check now, could
the auto updates on OSXhave something to do with it ? It just happen today on
both machines too.
Btw how can i setup this list to simply do a reply to reply-to the phplist
rather than doing reply all? I know mailman can do it, just wondering why it
was never done ?
--- End Message ---
--- Begin Message ---
>
> Perhaps some kind of auto-update system software is REPLACING your PHP
> CLI with a "new" version...
>
> Wiping out your good one with a bad one...
>
> I guess it's also possible that you are experiencing something
> triggered by different users/path settings in your environment.
>
> Try opening up a shell and doing 'which php' once in a while, and see
> if it changes out from under you.
>
Wierd, no well I just did recompiles on both so I cant check now, could
the auto updates on OSXhave something to do with it ? It just happen today on
both machines too.
Btw how can i setup this list to simply do a reply to reply-to the phplist
rather than doing reply all? I know mailman can do it, just wondering why it
was never done ?
--- End Message ---
--- Begin Message ---
On Sunday 30 January 2005 23:04, Dave wrote:
> I'm not sure what you mean when you say "use PHP's FTP". I'm using
> $HTTP_POST_FILES because the files are retrieved through a web form.
What is meant by that is that after the file is uploaded, during your
processing of the upload file, instead of using something like
move_uploaded_file() you use php's ftp_*() functions to FTP upload that file
back to the server, in the process that file will be owned by whatever ftp
user account you used to perform the ftp operations.
> As for the user, I would assume that it's whatever default for any
> viewer coming to a web page. I have people log in using a user name and
> password retrieved from a MySQL database, but I don't see how the
> browser or the server would know about that.
> The thing is I'm really a newbie at this Unix server and file
> permission thing. I was really hoping that there was some parameter I
> could set to have the uploaded file set to full access permissions,
Have a look at umask() and chmod().
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
------------------------------------------
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-general
------------------------------------------
New Year Resolution: Ignore top posted posts
--- End Message ---
--- Begin Message ---
Dave <[EMAIL PROTECTED]> writes:
>
> The Question:
> How do I allow a user, who is uploading via the web, place an
> image on the server with permissions that allow the file to be over
> written?
>
Since you say that the images are uploaded using HTTP, the files will
be owned by the user apache (or nobody). The file permission allow
read and write to the owner. You do not need to modify them.
If the user again uploads the files via HTTP, you do not have to worry
about whether he has the permissions to overwrite the files. He *will*
be able to overwrite the files.
--
Raj Shekhar
System Administrator, programmer and slacker
home : http://rajshekhar.net
blog : http://rajshekhar.net/blog/
--- End Message ---
--- Begin Message ---
Hello,
My client's web host's PHP configuration for both sendmail_from and
sendmail_path are both = null.
How do I send email with PHP? What options do I need to set within my
code, and what to?
Tim
--- End Message ---
--- Begin Message ---
Hello,
on 01/31/2005 12:08 AM Tim Burgan said the following:
My client's web host's PHP configuration for both sendmail_from and
sendmail_path are both = null.
How do I send email with PHP? What options do I need to set within my
code, and what to?
You need to ask that web host as they probably do not want you send
e-mail in anyway.
If they let you send messages via an SMTP server, you may want to try
this class that comes with a function named smtp_mail() that works like
mail() except that it lets you send messages relaying on a SMTP server.
http://www.phpclasses.org/mimemessage
You also need this:
http://www.phpclasses.org/smtpclass
and this if the SMTP server requires authentication:
http://www.phpclasses.org/sasl
--
Regards,
Manuel Lemos
PHP Classes - Free ready to use OOP components written in PHP
http://www.phpclasses.org/
PHP Reviews - Reviews of PHP books and other products
http://www.phpclasses.org/reviews/
Metastorage - Data object relational mapping layer generator
http://www.meta-language.net/metastorage.html
--- End Message ---
--- Begin Message ---
Tim Burgan wrote:
> My client's web host's PHP configuration for both sendmail_from and
> sendmail_path are both = null.
>
> How do I send email with PHP? What options do I need to set within my
> code, and what to?
Not sure you can...
You might try using .htaccess to set things like:
php_value sendmail_path /usr/bin/sendmail -t -i
It may be that your host doesn't WANT you sending PHP email...
You then might be able to connect to another server with SMTP to send email.
Another possibility is to use PHP's IMAP functions to create emails in
your own Outbox, and then your regular mail usage to send them...
--
Like Music?
http://l-i-e.com/artists.htm
--- End Message ---
--- Begin Message ---
Raymond Still wrote:
> Hello;
> I'm trying to figure out the best (most secure and most
> user friendly, security of primary importance) way to
> let a user log-in.
> I am setting up a web application (database
> application) that will be for private use only and I
> want to keep it secure.
> As I understand it, using the Apache htaccess method is
> secure as there is essentially no communication without
> a username and password, but it does lack a little in
> flexibility and presentation.
> On the other hand, PHP certainly has the edge on
> flexibility and presentation, but I have questions
> regarding it's security. If you look at the threads
> regarding connecting to databases, you often see a
> warning to the effect of: store your connection
> password etc, outside of the document path in case PHP
> fails and your file is displayed unprocessed.
> So my question is, how can you count on PHP to log
> somebody in, and prevent access to files when PHP may
> fail, or the user could just go into the directory
> structure and bypass security.
You've smushed about 5 different security issues into one giant ball of
snarled yarn.
Your question is roughly allegorical to:
How can you call a deadbolt secure when the home-owner could just leave
their ADT off and the back window unlocked?
Now, for starters:
HTTP Authentication is not particularly secure over a non-SSL connection
as the password is transmitted in plain-text.
In fact, for *ANYTHING* where security matters for logging in and out, use
SSL.
After that, there's no real "win" to HTTP authentication except for that
cool/annoying popup window.
You've got a long way to go before you properly understand all the
security issues you've jumbled together -- Took me forever, too. :-)
--
Like Music?
http://l-i-e.com/artists.htm
--- End Message ---
--- Begin Message ---
On Sun, 30 Jan 2005 18:49:41 -0800 (PST), "Richard
Lynch" wrote:
>
> Raymond Still wrote:
> > Hello;
> > I'm trying to figure out the best (most secure and
> most
> > user friendly, security of primary importance) way
to
> > let a user log-in.
> > I am setting up a web application (database
> > application) that will be for private use only and I
> > want to keep it secure.
> > As I understand it, using the Apache htaccess method
> is
> > secure as there is essentially no communication
> without
> > a username and password, but it does lack a little
in
> > flexibility and presentation.
> > On the other hand, PHP certainly has the edge on
> > flexibility and presentation, but I have questions
> > regarding it's security. If you look at the threads
> > regarding connecting to databases, you often see a
> > warning to the effect of: store your connection
> > password etc, outside of the document path in case
PHP
> > fails and your file is displayed unprocessed.
> > So my question is, how can you count on PHP to log
> > somebody in, and prevent access to files when PHP
may
> > fail, or the user could just go into the directory
> > structure and bypass security.
>
> You've smushed about 5 different security issues into
> one giant ball of
> snarled yarn.
>
> Your question is roughly allegorical to:
> How can you call a deadbolt secure when the home-owner
> could just leave
> their ADT off and the back window unlocked?
>
> Now, for starters:
> HTTP Authentication is not particularly secure over a
> non-SSL connection
> as the password is transmitted in plain-text.
>
> In fact, for *ANYTHING* where security matters for
> logging in and out, use
> SSL.
>
> After that, there's no real "win" to HTTP
> authentication except for that
> cool/annoying popup window.
>
> You've got a long way to go before you properly
> understand all the
> security issues you've jumbled together -- Took me
> forever, too. :-)
>
> --
> Like Music?
> http://l-i-e.com/artists.htm
Hello;
Your absolutly right and I freely admit it. I know just
slightly more than zero about internet security. :)
Can any one recomend some good resources so that I can
learn? I'm not looking for "use this function" or "that
program", but something that will help me to actually
understand.
TIA
Ray
--- End Message ---
--- Begin Message ---
adrian zaharia wrote:
> Hi,
>
> I am testing the following code that pushes a file to the browser
> (Apache 1.3 + PHP 4.3.8 but tested also under several other configs)
>
> Try it with a BIG test1.zip (e.g. 100M in size)
>
> <?php
> ignore_user_abort();
> set_time_limit(0);
>
> session_save_path('/tmp');
> session_start();
>
> $sFileName = 'test1.zip';
> $sFileDir = '/var/www/html/';
>
> header("Content-Type: application/octet-stream");
> header("Content-Disposition: attachment;filename=\"" . $sFileName . "\"");
> header("Content-Length: " . filesize($sFileDir . $sFileName));
> header('Pragma: cache');
> header('Cache-Control: public, must-revalidate, max-age=0');
> header('Connection: close');
> header('Expires: ' . date('r', time()+60*60));
> header('Last-Modified: ' . date('r', time()));
>
> $oFp = fopen($sFileDir . $sFileName, "rb");
> $iReadBufferSize = 512;
> while (!feof($oFp)) {
> echo fread ($oFp, $iReadBufferSize);
> }
> fclose ($oFp);
> exit;
>
> ?>
>
> What i discovered is that if i keep the 2 session initialisation functions
> the script will work ONLY if the allocated memory is greater than the size
> of the tested file. If i remove the session functions the script works
> fine
> even if the test1.zip file is very big (hundreds of Megs)
>
> Is it something i do wrong? Or is a bug and i should report it?
>
> I mention that I NEED the 2 functions so removing them is not THE
> solution.
> Nor setting in php.ini a huge memory limit :(
This naive reader would suggest filing a bug report...
At least, *I* don't think it should behave this way.
http://bugs.php.net
--
Like Music?
http://l-i-e.com/artists.htm
--- End Message ---
--- Begin Message ---
Ian Johnson wrote:
> I am trying to use GD to create and manipulate images but the
> statement:
>
> header ("Content-type: image/jpg");
>
> generates the error message:
>
> The image "http://localhost/gdtst2.php"; cannot be displayed, because
> it contains errors.
Wild Guess:
You have a blank line in your file before the first <?php or after the
last ?> -- So even though it looks like a kosher JPEG, it's not.
Use "View Source" in your browser on the JPEG data to see what's there.
--
Like Music?
http://l-i-e.com/artists.htm
--- End Message ---
--- Begin Message ---
В сообщении от Воскресенье 30 Январь 2005 16:07 news.php.net написал(a):
> <?
>
> class A
> {
> var $name;
> function A($str)
> {
> $this->name = $str;
> }
> }
>
> $arr = array();
>
> //Put to array to objects of class A,
> // where their attribute A::a is assigned a different value
> //objects are assigned to an array by reference
>
> $a = &new A("qaz");
> $arr[0] = &$a;
>
> $a = &new A("wsx");
> $arr[1] = &$a;
>
>
> //But watch the output!!!
> // It is "(qaz)(qaz)", which means that the attribute of a first
> // object assigned to array is outputted!!! WHY?!?!!!
> foreach($arr as $a)
> {
> echo "(".$a->name.")";
> }
> ?>
--- End Message ---
--- Begin Message ---
The PHP Security Consortium has officially launched. The following is the
press release:
--
Leading PHP Experts Join Forces to Establish the PHP Security Consortium
NEW YORK, NY - January 31, 2005 - An international group of PHP experts
today announced the official launch of the PHP Security Consortium
(PHPSC), a group whose mission is to promote secure programming practices
within the PHP community through education and exposition while
maintaining high ethical standards.
"As PHP has transitioned from personal projects to enterprise application
development, the need to educate the community about secure programming
practices has risen," said Chris Shiflett, the group's founder.
The PHPSC web site (http://phpsec.org/) provides a variety of security
resources for PHP developers, including the group's flagship project, the
PHP Security Guide.
"PHP application security is a topic of growing importance," said Andi
Gutmans, one of the group's charter members. "The launch of the PHP
Security Consortium is a landmark event for the PHP community, and because
most web development technologies face similar security concerns, we
believe that developers using other solutions can also benefit from our
efforts."
About the PHP Security Consortium
Founded in January 2005, the PHP Security Consortium (PHPSC) is an
international group of PHP experts dedicated to promoting secure
programming practices within the PHP community. Members of the PHPSC seek
to educate PHP developers about security through a variety of resources,
including documentation, tools, and standards.
In addition to their educational efforts, the PHPSC engages in exploratory
and experimental research in order to develop and promote standards of
best practice for PHP application development.
--- End Message ---
--- Begin Message ---
HI all.
this might be slightly OT but I know that the list has quite a
knowledgable crowd =) So here is my situation:
I have a client who I have developed a site for in PHP it provides
various models for shares forecasts, the way it works is that people
register for free (with their credit card details-https) now if they
are
not satisfied after a month they must just unsubscribe. If they have
not
unsubscribed after the first month they become a customer and each
month
their credit card is charged the relevant amount depending on what
they
have subscribed for.
Now our the complication is as follows: I know that storing client's
credit card details online is a big NONO, so we would have to move the
credit card details offline when they register. Im not sure how to go
about this. Whether to save the details in text files somewhere else
on
the server or save to text files not on the server but another
location.
Can anyone recommend/advise the best way to do this, also what type of
encryption should I be using for the credit card info?
thanks in advance.
Angelo
--------------------------------------------------------------------
Disclaimer
This e-mail transmission contains confidential information,
which is the property of the sender.
The information in this e-mail or attachments thereto is
intended for the attention and use only of the addressee.
Should you have received this e-mail in error, please delete
and destroy it and any attachments thereto immediately.
Under no circumstances will the Cape Peninsula University of
Technology or the sender of this e-mail be liable to any party for
any direct, indirect, special or other consequential damages for any
use of this e-mail.
For the detailed e-mail disclaimer please refer to
http://www.ctech.ac.za/polic or call +27 (0)21 460 3911
--- End Message ---
--- Begin Message ---
Hi,
I am trying to use a php system command to run a script and access files
from another server using SSH. This does not seem to work in PHP or else I
am doing it wrong because I keep on getting the system return value=255 when
I do
system("/usr/bin/ssh 10.0.0.1", $value)
I tried to do a "ssh -help" command to see if the reason it did not work was
that there was a problem with the server, but that did not give me a correct
return value either, so I am starting to suspect that ssh is different from
other system commands in php?
Is it possible to run ssh using php system command or do I have to try
something else? I found a new php library called ssh2 but I don't know if
that could be the solution to my problem? Have anyone used it?
/Linn Fagerberg
--- End Message ---
