php-general Digest 26 Aug 2005 07:27:36 -0000 Issue 3646
Topics (messages 221375 through 221408):
Re: make it remember
221375 by: George B
221384 by: Robert Cummings
221386 by: George B
invert
221376 by: George B
221377 by: Jordan Miller
221378 by: Jay Blanchard
221379 by: George B
221380 by: £ukasz 'nostra' Wojciechowski
221381 by: George B
221382 by: Jordan Miller
Re: Problem with handling quotes after server upgrade
221383 by: Vinayakam Murugan
Newbie: Safe function call to a .inc file outside the web folder
221385 by: Graham Anderson
221387 by: Chris Shiflett
221388 by: Graham Anderson
221389 by: Chris Shiflett
Computer name?
221390 by: Gustav Wiberg
221392 by: Chris Shiflett
221408 by: Adrian Cid Almaguer
Re: Easier way to clean GET Variables ?
221391 by: Chris Shiflett
221393 by: Jasper Bryant-Greene
PHP CMS
221394 by: Joseph Oaks
short type codes for use in array conversion
221395 by: Ken Tozier
221397 by: Jasper Bryant-Greene
221402 by: Ken Tozier
PHP Security
221396 by: Ian C. McGarvey
221398 by: Santosh Jambhlikar
221399 by: Jasper Bryant-Greene
221400 by: Chris Shiflett
221401 by: Santosh Jambhlikar
221403 by: Chris Shiflett
221404 by: Jasper Bryant-Greene
php ldap
221405 by: Santosh Jambhlikar
221406 by: Jeff Loiselle
221407 by: Santosh Jambhlikar
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
php-general@lists.php.net
----------------------------------------------------------------------
--- Begin Message ---
Robert Cummings wrote:
On Thu, 2005-08-25 at 00:19, George B wrote:
Robert Cummings wrote:
On Thu, 2005-08-25 at 00:10, George B wrote:
Ok, I am doing a sort of a project right now... It is like a php chat
room that records every message into a database. Now, on the first post
I want it to like set the name, so on first post it would say Name: and
you set your name, then on every other message you post it just says
Posted by and remembers your name from the last entry. Is this anyhow
possible?
Check session... if no name, display name prompt, otherwise don't
display name prompt.
Cheers,
Rob.
which would I choose.
http://us2.php.net/manual-lookup.php?pattern=sessions
In brief:
if( isset( $_POST['userName'] ) && !empty( trim( $_POST['userName'] ) )
)
{
//
// Save userName to session.
//
$_SESSION['userName'] = trim( $_POST['userName'] );
}
if( isset( $_POST['message'] ) && !empty( trim( $_POST['message'] ) )
&&
isset( $_SESSION['userName'] ) )
{
//
// Handle submission of message.
//
}
if( !isset( $_SESSION['userName'] ) )
{
//
// Display user name prompt.
//
}
If I do that then i get this error
Fatal error: Can't use function return value in write context in
myfilename line 2
What does that mean. And one more thing, on the code where it says
if( !isset( $_SESSION['userName'] ) )
Does that mean that in this code
<form name="form1" method="" action="">
the method is session?
--- End Message ---
--- Begin Message ---
On Thu, 2005-08-25 at 15:18, George B wrote:
> Robert Cummings wrote:
> > On Thu, 2005-08-25 at 00:19, George B wrote:
> >
> >>Robert Cummings wrote:
> >>
> >>>On Thu, 2005-08-25 at 00:10, George B wrote:
> >>>
> >>>
> >>>>Ok, I am doing a sort of a project right now... It is like a php chat
> >>>>room that records every message into a database. Now, on the first post
> >>>>I want it to like set the name, so on first post it would say Name: and
> >>>>you set your name, then on every other message you post it just says
> >>>>Posted by and remembers your name from the last entry. Is this anyhow
> >>>>possible?
> >>>
> >>>
> >>>Check session... if no name, display name prompt, otherwise don't
> >>>display name prompt.
> >>>
> >>>Cheers,
> >>>Rob.
> >>
> >>which would I choose.
> >>http://us2.php.net/manual-lookup.php?pattern=sessions
> >
> >
> >
> > In brief:
> >
> > if( isset( $_POST['userName'] ) && !empty( trim( $_POST['userName'] ) )
> > )
> > {
> > //
> > // Save userName to session.
> > //
> > $_SESSION['userName'] = trim( $_POST['userName'] );
> > }
> >
> > if( isset( $_POST['message'] ) && !empty( trim( $_POST['message'] ) )
> > &&
> > isset( $_SESSION['userName'] ) )
> > {
> > //
> > // Handle submission of message.
> > //
> > }
> >
> > if( !isset( $_SESSION['userName'] ) )
> > {
> > //
> > // Display user name prompt.
> > //
> > }
> >
> >
> If I do that then i get this error
>
> Fatal error: Can't use function return value in write context in
> myfilename line 2
>
> What does that mean.
I don't know. I don't think it comes form the snippet I sent you...
which wasn't meant to be a functional snippet, more of a overview of the
process.
> And one more thing, on the code where it says
> if( !isset( $_SESSION['userName'] ) )
> Does that mean that in this code
>
> <form name="form1" method="" action="">
> the method is session?
No, it would be "post".
It sounds like you don't have a clue what you're doing. You might want
to read up on forms and sessions using PHP.
Cheers,
Rob.
--
.------------------------------------------------------------.
| InterJinn Application Framework - http://www.interjinn.com |
:------------------------------------------------------------:
| An application and templating framework for PHP. Boasting |
| a powerful, scalable system for accessing system services |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for |
| creating re-usable components quickly and easily. |
`------------------------------------------------------------'
--- End Message ---
--- Begin Message ---
Robert Cummings wrote:
On Thu, 2005-08-25 at 15:18, George B wrote:
Robert Cummings wrote:
On Thu, 2005-08-25 at 00:19, George B wrote:
Robert Cummings wrote:
On Thu, 2005-08-25 at 00:10, George B wrote:
Ok, I am doing a sort of a project right now... It is like a php chat
room that records every message into a database. Now, on the first post
I want it to like set the name, so on first post it would say Name: and
you set your name, then on every other message you post it just says
Posted by and remembers your name from the last entry. Is this anyhow
possible?
Check session... if no name, display name prompt, otherwise don't
display name prompt.
Cheers,
Rob.
which would I choose.
http://us2.php.net/manual-lookup.php?pattern=sessions
In brief:
if( isset( $_POST['userName'] ) && !empty( trim( $_POST['userName'] ) )
)
{
//
// Save userName to session.
//
$_SESSION['userName'] = trim( $_POST['userName'] );
}
if( isset( $_POST['message'] ) && !empty( trim( $_POST['message'] ) )
&&
isset( $_SESSION['userName'] ) )
{
//
// Handle submission of message.
//
}
if( !isset( $_SESSION['userName'] ) )
{
//
// Display user name prompt.
//
}
If I do that then i get this error
Fatal error: Can't use function return value in write context in
myfilename line 2
What does that mean.
I don't know. I don't think it comes form the snippet I sent you...
which wasn't meant to be a functional snippet, more of a overview of the
process.
And one more thing, on the code where it says
if( !isset( $_SESSION['userName'] ) )
Does that mean that in this code
<form name="form1" method="" action="">
the method is session?
No, it would be "post".
It sounds like you don't have a clue what you're doing. You might want
to read up on forms and sessions using PHP.
Cheers,
Rob.
nope never worked with sessions before.
--- End Message ---
--- Begin Message ---
I have written a shoutbox, and it works great, but I am wondering...
When a user posts a shout it goes below the first shout. Like the
auto_increment puts the ID up higher. I need it to go about the first
shout, so like the auto_increment would invert. Someone told me this is
possible through PHP. Is that true? and if so how do you do it?
--- End Message ---
--- Begin Message ---
if you are using mysql, just put the "DESC" (descending) directive at
the end of your sql statement (default is no "DESC" directive,
meaning ascending). most recent records will be returned first.
Jordan
On Aug 25, 2005, at 2:21 PM, George B wrote:
I have written a shoutbox, and it works great, but I am
wondering... When a user posts a shout it goes below the first
shout. Like the auto_increment puts the ID up higher. I need it to
go about the first shout, so like the auto_increment would invert.
Someone told me this is possible through PHP. Is that true? and if
so how do you do it?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
[snip]
I have written a shoutbox, and it works great, but I am wondering...
When a user posts a shout it goes below the first shout. Like the
auto_increment puts the ID up higher. I need it to go about the first
shout, so like the auto_increment would invert. Someone told me this is
possible through PHP. Is that true? and if so how do you do it?
[/snip]
It is true and I would use some code.
C'mon George, send us some of your code so the we can may an educated
guess about what to do.
--- End Message ---
--- Begin Message ---
Jordan Miller wrote:
if you are using mysql, just put the "DESC" (descending) directive at
the end of your sql statement (default is no "DESC" directive, meaning
ascending). most recent records will be returned first.
Jordan
On Aug 25, 2005, at 2:21 PM, George B wrote:
I have written a shoutbox, and it works great, but I am wondering...
When a user posts a shout it goes below the first shout. Like the
auto_increment puts the ID up higher. I need it to go about the first
shout, so like the auto_increment would invert. Someone told me this
is possible through PHP. Is that true? and if so how do you do it?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Where do I find DESC? I am looking at the php my admin and I see Field
Type Length/Values Attributes Null Default** Extra No place to add DESC
--- End Message ---
--- Begin Message ---
W odpowiedzi na maila (21:21 - 25 sierpnia 2005):
> I have written a shoutbox, and it works great, but I am wondering...
> When a user posts a shout it goes below the first shout. Like the
> auto_increment puts the ID up higher. I need it to go about the first
> shout, so like the auto_increment would invert. Someone told me this is
> possible through PHP. Is that true? and if so how do you do it?
mysql_query('SELECT * FROM table ORDER BY increment_field DESC');
http://dev.mysql.com/doc/mysql/en/order-by-optimization.html
or
get all output from DB into array and use array_reverse();
http://us2.php.net/manual/pl/function.array-reverse.php
--
pozdrawiam
Łukasz "nostra" Wojciechowski
gg.1028640 * icq.23059512
----------------------------------------------------------------------
Startuj z INTERIA.PL! >>> http://link.interia.pl/f186c
--- End Message ---
--- Begin Message ---
Łukasz 'nostra' Wojciechowski wrote:
W odpowiedzi na maila (21:21 - 25 sierpnia 2005):
I have written a shoutbox, and it works great, but I am wondering...
When a user posts a shout it goes below the first shout. Like the
auto_increment puts the ID up higher. I need it to go about the first
shout, so like the auto_increment would invert. Someone told me this is
possible through PHP. Is that true? and if so how do you do it?
mysql_query('SELECT * FROM table ORDER BY increment_field DESC');
http://dev.mysql.com/doc/mysql/en/order-by-optimization.html
or
get all output from DB into array and use array_reverse();
http://us2.php.net/manual/pl/function.array-reverse.php
If I do that... then i get this error
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL
result resource in myfile name on line 30
and on line 30 it says
while ($line = mysql_fetch_array($result, MYSQL_ASSOC)) {
I dont understand what is problem here...
--- End Message ---
--- Begin Message ---
you need to provide more information. we cannot tell what you are
doing. you should:
**PASTE THE RELEVANT SECTION OF YOUR CODE IN YOUR EMAIL**
On Aug 25, 2005, at 2:38 PM, George B wrote:
Łukasz 'nostra' Wojciechowski wrote:
W odpowiedzi na maila (21:21 - 25 sierpnia 2005):
I have written a shoutbox, and it works great, but I am wondering...
When a user posts a shout it goes below the first shout. Like the
auto_increment puts the ID up higher. I need it to go about the
first
shout, so like the auto_increment would invert. Someone told me
this is
possible through PHP. Is that true? and if so how do you do it?
mysql_query('SELECT * FROM table ORDER BY increment_field DESC');
http://dev.mysql.com/doc/mysql/en/order-by-optimization.html
or
get all output from DB into array and use array_reverse();
http://us2.php.net/manual/pl/function.array-reverse.php
If I do that... then i get this error
Warning: mysql_fetch_array(): supplied argument is not a valid
MySQL result resource in myfile name on line 30
and on line 30 it says
while ($line = mysql_fetch_array($result, MYSQL_ASSOC)) {
I dont understand what is problem here...
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
> http://www.php.net/magic_quotes
>
> Check the php.ini for the settings on magic_quotes
>
Thanks, Jay. That was a lifesaver.
--
Warm Regards
~~~~~~~~~~~~~~~
Vinayak
--- End Message ---
--- Begin Message ---
I am relatively new to security....
Is the below reasonable safe ?
I have all of my main functions outside the web folder
I am including this function with every php script that accesses
fonovisa.inc
function getBrain()
{
$temp = explode('.', $_SERVER['SERVER_NAME']); // returns
'www.myserver.com'
$size = count($temp);
$server = $temp[$size -2]; // returns 'myserver'
$brainPath = "/home/".$server."/includes/fonovisa.inc";
require_once($brainPath);
}
is this ok ?
Any help is appreciated :)
g
--- End Message ---
--- Begin Message ---
Graham Anderson wrote:
Is the below reasonable safe ?
I have all of my main functions outside the web folder
I am including this function with every php script that
accesses fonovisa.inc
function getBrain()
{
$temp = explode('.', $_SERVER['SERVER_NAME']);
Because $_SERVER['SERVER_NAME'] can be manipulated by the user in some
cases, you must consider $temp tainted at this point.
$size = count($temp);
$server = $temp[$size -2];
Now $server is tainted.
$brainPath = "/home/".$server."/includes/fonovisa.inc";
Therefore, this is a security vulnerability.
Hope that helps.
Chris
--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/
--- End Message ---
--- Begin Message ---
Is their some other reasonably safe way to call to the script outside
the web folder ?
Or, is there some other secure method to get the server name?
As an alternative:
I tried using a relative path: FROM the php script location TO the
fono.inc script location outside the web folder
$mypath = realpath ("../../../../../includes/fono.inc");
require_once($mypath);
although using this path worked within my ftp program...it did not
work in the php script :(
I get the error:
Fatal error: main(): Failed opening required ''
(include_path='.:/usr/local/lib/php') in
/home/www/siren/siren/fonovisa/Library/php/genericTestv4.php on line 6
many thanks, Chris :)
g
On Aug 25, 2005, at 6:44 PM, Chris Shiflett wrote:
Graham Anderson wrote:
Is the below reasonable safe ?
I have all of my main functions outside the web folder
I am including this function with every php script that
accesses fonovisa.inc
function getBrain()
{
$temp = explode('.', $_SERVER['SERVER_NAME']);
Because $_SERVER['SERVER_NAME'] can be manipulated by the user in some
cases, you must consider $temp tainted at this point.
$size = count($temp);
$server = $temp[$size -2];
Now $server is tainted.
$brainPath = "/home/".$server."/includes/fonovisa.inc";
Therefore, this is a security vulnerability.
Hope that helps.
Chris
--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
Graham Anderson wrote:
Is their some other reasonably safe way to call to the script outside
the web folder?
Assuming you don't have too many hosts, a better way to write this:
$brainPath = "/home/".$server."/includes/fonovisa.inc";
is to use a switch statement to make sure $server is valid:
switch($server)
{
case 'yourserver':
case 'another':
case 'yetanother':
$brain_path = "/home/$server/includes/fonovisa.inc";
break;
}
Something like that. :-)
Chris
--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/
--- End Message ---
--- Begin Message ---
Is it possible to retrieve (view) the computers name from the client in PHP?
/G
@varupiraten.se
--- End Message ---
--- Begin Message ---
Gustav Wiberg wrote:
Is it possible to retrieve (view) the computers name from the client in
PHP?
If you mean the client, then no - this is not a standard part of an HTTP
request.
Chris
--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/
--- End Message ---
--- Begin Message ---
You can find the IP and find with it the name.
On 25/08/05, Chris Shiflett <[EMAIL PROTECTED]> wrote:
> Gustav Wiberg wrote:
> > Is it possible to retrieve (view) the computers name from the client in
> > PHP?
>
> If you mean the client, then no - this is not a standard part of an HTTP
> request.
>
> Chris
>
> --
> Chris Shiflett
> Brain Bulb, The PHP Consultancy
> http://brainbulb.com/
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--
***********************************************************************
Si se encuentra bien, no se preocupe. Se le pasará.
--- End Message ---
--- Begin Message ---
Graham Anderson wrote:
Is there a way to loop thru all of these GET requests by:
putting the GET variables into an array
processing the variable strings with trim/striptags/etc in a loop
exploding the variables back out into separate variables
otherwise this gets a bit tedious
Proper filtering is necessarily tedious. There is no way to filter a
last name, a server name, a file name, an IP address, a ZIP code, and a
comment with the same function. Those who try wind up creating a "lowest
common denominator" filtering function, or they confuse filtering with
escaping (as demonstrated by some of the replies).
As a good friend of mine likes to say, you have to get your hands dirty.
Hope that helps.
Chris
--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/
--- End Message ---
--- Begin Message ---
Chris Shiflett wrote:
Graham Anderson wrote:
Is there a way to loop thru all of these GET requests by:
putting the GET variables into an array
processing the variable strings with trim/striptags/etc in a loop
exploding the variables back out into separate variables
otherwise this gets a bit tedious
Proper filtering is necessarily tedious. There is no way to filter a
last name, a server name, a file name, an IP address, a ZIP code, and a
comment with the same function. Those who try wind up creating a "lowest
common denominator" filtering function, or they confuse filtering with
escaping (as demonstrated by some of the replies).
As a good friend of mine likes to say, you have to get your hands dirty.
Chris,
While I'm not disagreeing with your statements, the OP didn't ask
specifically for filtering IIRC. His example usage of strip_tags() etc
made me think that he just wanted to remove any security issues, which
is why I (and several others) gave him the escaping functions.
While it's a bit annoying to find someone's put their email address in
their postal address field, it's not a security issue in most contexts.
That's not to say that proper filtering for such problems isn't very
useful though.
Jasper
--- End Message ---
--- Begin Message ---
Guys I'm doing some research trying to find a good PHP based CMS. As
there a quite a few, I would really like to get your opinions so I can
narrow the search down.
We were using Webedit Pro, but have found it a pain not to be able to
use Firefox with it.
Thanks for your input.
Trell
--
"Computers are like air conditioners - they stop working properly when you
open Windows"
--- End Message ---
--- Begin Message ---
I found a method for converting javascript arrays to PHP arrays here:
"http://aspn.activestate.com/ASPN/Cookbook/PHP/Recipe/414334"; and
would like to expand the list of types the function knows about. It
looks like 's' = string, 'a' = array but 'i' for integer and 'n' for
number don't work. Is there a list of type codes somewhere on the php
site? I did a search but apparently didn't hit upon the correct
phrase as all searches came up with zero results.
Thanks for any help
Ken
--- End Message ---
--- Begin Message ---
Ken Tozier wrote:
I found a method for converting javascript arrays to PHP arrays here:
"http://aspn.activestate.com/ASPN/Cookbook/PHP/Recipe/414334"; and would
like to expand the list of types the function knows about. It looks
like 's' = string, 'a' = array but 'i' for integer and 'n' for number
don't work. Is there a list of type codes somewhere on the php site? I
did a search but apparently didn't hit upon the correct phrase as all
searches came up with zero results.
The JS code is creating a string in the same way that serialize() does,
so that it can be passed through unserialize() to get the actual array.
There isn't really a description (that I could find, anyway) in the PHP
manual of how serialize() actually stores its values. Take a look at
"PHP's Serialization Format", about 1/3 of the way down on this page:
http://hurring.com/code/perl/serialize/
Jasper
--- End Message ---
--- Begin Message ---
Thanks for the link Jasper. That solved it.
Ken
On Aug 26, 2005, at 1:22 AM, Jasper Bryant-Greene wrote:
Ken Tozier wrote:
I found a method for converting javascript arrays to PHP arrays
here: "http://aspn.activestate.com/ASPN/Cookbook/PHP/Recipe/
414334" and would like to expand the list of types the function
knows about. It looks like 's' = string, 'a' = array but 'i' for
integer and 'n' for number don't work. Is there a list of type
codes somewhere on the php site? I did a search but apparently
didn't hit upon the correct phrase as all searches came up with
zero results.
The JS code is creating a string in the same way that serialize()
does, so that it can be passed through unserialize() to get the
actual array.
There isn't really a description (that I could find, anyway) in the
PHP manual of how serialize() actually stores its values. Take a
look at "PHP's Serialization Format", about 1/3 of the way down on
this page:
http://hurring.com/code/perl/serialize/
Jasper
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
I have been studying PHP all summer because I wanted to put some PHP
code on my schools web site. I got to school and went to the web design
teacher. I asked him if they had installed PHP on their server. He said
that the district thinks that it would be a HUGE security risk and that
people at my school would try to hack into the server (what bull).
Anyway, can you give me some tips to make the server secure? Any help
would be appreciated!
--- End Message ---
--- Begin Message ---
also
PHP HIT BY ANOTHER CRITICAL FLAW
A new security flaw in the PHP Web service protocol used by a large
number of Web applications could allow attackers to take control of
vulnerable servers.
http://www.computerworld.com/securitytopics/security/holes/story/0,10801,104124,00.html
Ian C. McGarvey wrote:
I have been studying PHP all summer because I wanted to put some PHP
code on my schools web site. I got to school and went to the web
design teacher. I asked him if they had installed PHP on their server.
He said that the district thinks that it would be a HUGE security risk
and that people at my school would try to hack into the server (what
bull). Anyway, can you give me some tips to make the server secure?
Any help would be appreciated!
--- End Message ---
--- Begin Message ---
Santosh Jambhlikar wrote:
also
PHP HIT BY ANOTHER CRITICAL FLAW
A new security flaw in the PHP Web service protocol used by a large
number of Web applications could allow attackers to take control of
vulnerable servers.
http://www.computerworld.com/securitytopics/security/holes/story/0,10801,104124,00.html
You are spreading FUD about PHP. Stop it. If you actually *read* the
article carefully you will find that not only is this not a PHP bug, but
a bug with two XMLRPC libraries written *for* PHP. Not PHP itself. This
is completely irrelevant to the original topic, as I didn't see the OP
asking for XMLRPC security advice.
While you're at it, why not publish an article "PHP HIT BY ANOTHER
CRITICAL FLAW" with the text "A new security flaw in my website, which
is developed using PHP, surfaced today..."
Jasper
--- End Message ---
--- Begin Message ---
Ian C. McGarvey wrote:
> I have been studying PHP all summer because I wanted to put some
> PHP code on my schools web site. I got to school and went to the
> web design teacher. I asked him if they had installed PHP on their
> server. He said that the district thinks that it would be a HUGE
> security risk and that people at my school would try to hack into
> the server (what bull).
If you want to know why people have this perception, read the first
response you received:
Santosh Jambhlikar wrote:
PHP HIT BY ANOTHER CRITICAL FLAW
A new security flaw in the PHP Web service protocol used by a
> large number of Web applications could allow attackers to take
> control of vulnerable servers.
This is what people read in the media. Developers write vulnerable code,
and the "blame" gets shared by PHP itself. The end result is that people
think PHP itself is insecure.
Of course, if you ever see a news story that describes PHP as a web
service protocol, you probably want to stop reading immediately. :-)
Chris
--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/
--- End Message ---
--- Begin Message ---
As this is the php mailing list it is obvious that i should not write
against php. but people should know the truth. And it's a news (not by
me) that's why i wanted to send link to u peoples.
I am sorry if i did something wrong, i am new user in php mailing list.
Jasper Bryant-Greene wrote:
Santosh Jambhlikar wrote:
also
PHP HIT BY ANOTHER CRITICAL FLAW
A new security flaw in the PHP Web service protocol used by a large
number of Web applications could allow attackers to take control of
vulnerable servers.
http://www.computerworld.com/securitytopics/security/holes/story/0,10801,104124,00.html
You are spreading FUD about PHP. Stop it. If you actually *read* the
article carefully you will find that not only is this not a PHP bug,
but a bug with two XMLRPC libraries written *for* PHP. Not PHP itself.
This is completely irrelevant to the original topic, as I didn't see
the OP asking for XMLRPC security advice.
While you're at it, why not publish an article "PHP HIT BY ANOTHER
CRITICAL FLAW" with the text "A new security flaw in my website, which
is developed using PHP, surfaced today..."
Jasper
--- End Message ---
--- Begin Message ---
Santosh Jambhlikar wrote:
As this is the php mailing list it is obvious that i should not write
against php. but people should know the truth.
Jasper is trying to make sure people know the truth. Articles like the
one you mentioned are doing quite the opposite.
I am sorry if i did something wrong, i am new user in php mailing list.
I don't think you did anything wrong. However, you must realize how
frustrating it is to see such misinformation being spread. Responsible
members of the community should always speak out against such things.
Don't take offense. :-)
Chris
--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/
--- End Message ---
--- Begin Message ---
Santosh Jambhlikar wrote:
As this is the php mailing list it is obvious that i should not write
against php. but people should know the truth. And it's a news (not by
me) that's why i wanted to send link to u peoples.
I am sorry if i did something wrong, i am new user in php mailing list.
The problem is, it's not the truth. News isn't always true (gasp).
You're welcome to write against PHP in this list, but only if what you
write is true!
I am just saying, you should take what you read in the media with a
grain of salt. The person that wrote this article obviously has no idea
what PHP or XMLRPC are, as he thinks that a vulnerability in PEAR's
XMLRPC package (*not* part of PHP, but simply a library built using PHP)
is a vulnerability in PHP itself.
Jasper
--- End Message ---
--- Begin Message ---
Hi ,
I have a ldap server the user password are stored in that. my php
ldasearch result says that the result is
ldap user password : {SMD5}eRuT8dttD6M6N6tgMJF33/TNAvc=
i want to compare this password with the user given password in other
application (obviously php) but when i md5("passwordgiven") then it is
showing different output.
Any suggestions.
--- End Message ---
--- Begin Message ---
Santosh Jambhlikar wrote:
Hi ,
I have a ldap server the user password are stored in that. my php
ldasearch result says that the result is
ldap user password : {SMD5}eRuT8dttD6M6N6tgMJF33/TNAvc=
i want to compare this password with the user given password in other
application (obviously php) but when i md5("passwordgiven") then it is
showing different output.
Any suggestions.
MD5 and SMD5 are not the same type of encryption. md5() will not return
the correct results.
--- End Message ---
--- Begin Message ---
then can i output the SMD5 of my password in php.
Jeff Loiselle wrote:
Santosh Jambhlikar wrote:
Hi ,
I have a ldap server the user password are stored in that. my php
ldasearch result says that the result is
ldap user password : {SMD5}eRuT8dttD6M6N6tgMJF33/TNAvc=
i want to compare this password with the user given password in other
application (obviously php) but when i md5("passwordgiven") then it
is showing different output.
Any suggestions.
MD5 and SMD5 are not the same type of encryption. md5() will not
return the correct results.
--
Santosh Jambhlikar
Linux Administrator
Cash-Tech Solutions
Pride Parmar Galaxy, Pune
Maharashtra.
Ph.
O.:- 56052000
ext. 2150
--- End Message ---
