php-general Digest 8 Oct 2005 03:15:57 -0000 Issue 3725

Fri, 07 Oct 2005 20:18:26 -0700 

php-general Digest 8 Oct 2005 03:15:57 -0000 Issue 3725

Topics (messages 223729 through 223758):

Re: ob_start and ob_get_contents buffering problem
        223729 by: Dasdan

Question
        223730 by: Sven Simons
        223732 by: Michael Crute
        223747 by: Richard Lynch

data move from mssql to mysql via php
        223731 by: blackwater dev
        223733 by: Matt Darby
        223734 by: blackwater dev
        223735 by: Jay Blanchard
        223736 by: Greg Donald
        223746 by: Richard Lynch

Re: [PEAR] PHP 4.4.0 references problems when using PEAR::SOAP
        223737 by: Justin Patrin

Re: How do I POST data with headers & make the browser follow?
        223738 by: Mark Rees
        223752 by: Richard Lynch

Patch for Suexec for Virtual Hosts to use PHP with FastCGI
        223739 by: Jason Kovacs

date comparisions...
        223740 by: aaronjw.martekbiz.com
        223741 by: Richard Davey
        223742 by: aaronjw.martekbiz.com
        223743 by: Richard Davey

DNS lookups only sometimes
        223744 by: Jadel Menard
        223745 by: Richard Lynch
        223749 by: Jadel Menard

Re: Linux/PHP and Windows/MSSQL
        223748 by: Richard Lynch

Re: form not submitting when I change action from PHP_SELF to thanks page
        223750 by: Richard Lynch

PHP 4.4.1RC1
        223751 by: Derick Rethans

Re: mail() with port & authentication
        223753 by: Richard Lynch

Re: sessions
        223754 by: Richard Lynch

Re: caching parsed XML files as DOM objects in memory
        223755 by: Richard Lynch

Re: displaying image from blog
        223756 by: Richard Lynch

Re: PROGRESS SQL_CUR_USE_ODBC
        223757 by: Richard Lynch

Dynamic sub directory listing without redirect
        223758 by: Terence

Administrivia:

To subscribe to the digest, e-mail:
        [EMAIL PROTECTED]

To unsubscribe from the digest, e-mail:
        [EMAIL PROTECTED]

To post to the list, e-mail:
        [email protected]


----------------------------------------------------------------------
--- Begin Message --- 
Thanks a lot Petr !!


"Petr Smith" <[EMAIL PROTECTED]> wrote in message 
news:[EMAIL PROTECTED]
> Dasdan wrote:
>> question:
>> I try to buffer the output of the 'system/views/main.php' into $contents.
>> and then do a print.
>> Problem is that the contents of the system/views/main.php are printed 2
>> times.
>> Someone who can explain me?
>> following the contents of testfile.php and main.php, php.ini settings
>> concerning ob_ ... functions and the output of the script.
>
> Hi,
>
> you have to use
>
> <?php
> //  testfile.php
> ob_start();
> include 'browsers.html';
> $contents = ob_get_contents();
> ob_end_clean();
> print 'no output above normally ??? :(';
> print $contents;
> ?>
>
> because include goes to buffer, print's go to buffer and on the end the 
> buffer is automatically flushed out. So it's the 2x - once for include, 
> once for "print $contents"
>
> Simple eh?
>
> Petr

--- End Message ---
--- Begin Message --- 
I've installed PHP using the windows installer 
I try to open then php pages containing the following script :
<?php
 echo "Current IP Address: ";
 $ipx = getenv("HTTP_CLIENT_IP") ? getenv("HTTP_CLIENT_IP") : 0;
 $ipx = !$ipx && getenv("HTTP_X_FORWARDED_FOR") ? 
getenv("HTTP_X_FORWARDED_FOR") : 0 ;
 $ipx = !$ipx && getenv("REMOTE_ADDR") ? getenv("REMOTE_ADDR") : 0 ;
 echo !$ipx ? "UNKNOWN" : $ipx;
 
 echo "<br>";
 
 echo "Server IP Address: ";
 $ipx = getenv("SERVER_ADDR") ? getenv("SERVER_ADDR") : 0;
 echo !$ipx ? "UNKNOWN" : $ipx;
?> 
It works and gives me a correct current IP address
 
When manually installing PHP it always gives me the status UNKNOWN.
 
The only difference I've seen is that the Windows installer uses the
php5ts.dll for ISAPI filter while the manually installed php uses the
php5isapi.dll.
I know that the PHP is working (when manually installed) because this script
works :
<?php
 phpinfo();
?>
 
The only strange thing is that the phpinfo says that the ini file is located
in C:\Winnt although it is not there (when installing manually it is in
C:\PHP)
 
How can I make the IP address script working when manually installing PHP ?
Or is it really so unsafe to use the windows installer on a online server?
 
Sincerely,
 
Sven

--- End Message ---
--- Begin Message --- 
On 10/7/05, Sven Simons <[EMAIL PROTECTED]> wrote:
>
> I've installed PHP using the windows installer
> I try to open then php pages containing the following script :
> <?php
> echo "Current IP Address: ";
> $ipx = getenv("HTTP_CLIENT_IP") ? getenv("HTTP_CLIENT_IP") : 0;
> $ipx = !$ipx && getenv("HTTP_X_FORWARDED_FOR") ?
> getenv("HTTP_X_FORWARDED_FOR") : 0 ;
> $ipx = !$ipx && getenv("REMOTE_ADDR") ? getenv("REMOTE_ADDR") : 0 ;
> echo !$ipx ? "UNKNOWN" : $ipx;
>
> echo "<br>";
>
> echo "Server IP Address: ";
> $ipx = getenv("SERVER_ADDR") ? getenv("SERVER_ADDR") : 0;
> echo !$ipx ? "UNKNOWN" : $ipx;
> ?>
> It works and gives me a correct current IP address
>
> When manually installing PHP it always gives me the status UNKNOWN.
>
>
Just use the $_SERVER[] superglobal array to grab the stuff you need. Don't
use the getenv function.
 -Mike

--
________________________________
Michael E. Crute
Software Developer
SoftGroup Development Corporation

Linux, because reboots are for installing hardware.
"In a world without walls and fences, who needs windows and gates?"

--- End Message ---
--- Begin Message --- 
On Fri, October 7, 2005 6:54 am, Sven Simons wrote:
> When manually installing PHP it always gives me the status UNKNOWN.

Definitely check $_SERVER instead of GetEnv to see if it gives you
what you want.

> The only strange thing is that the phpinfo says that the ini file is
> located
> in C:\Winnt although it is not there (when installing manually it is
> in
> C:\PHP)

In the old days, you'd be stuck with copying and maintaining C:\PHP
into C:\Winnt

Now, there's an Apache directive to let you define where php.ini lives.

You'd have to switch from IIS to Apache to use it, though.

But that's a good thing :-)

-- 
Like Music?
http://l-i-e.com/artists.htm

--- End Message ---
--- Begin Message --- 
I have an app with a requirement to hit an external mssql db and move
the data to a local mysql database.  What's the best way to do this? 
I was thinking of querying the mssql db and writing the contents to a
flat file then using mysql load data from infile query to pump it in
but I am not sure if this is the best option so am looking for
suggestions....

Thanks!

--- End Message ---
--- Begin Message --- 
blackwater dev wrote:


I have an app with a requirement to hit an external mssql db and move
the data to a local mysql database. What's the best way to do this? I was thinking of querying the mssql db and writing the contents to a 
flat file then using mysql load data from infile query to pump it in
but I am not sure if this is the best option so am looking for
suggestions....

Thanks!
You can easily do this; you could also cut out the middleman and use the ODBC driver to import/export directly. 

HTH
Matt Darby

--- End Message ---
--- Begin Message --- 
Matt,

So would you use an odbc driver and call it directly on the shell?  I
don't have much access on the server or is this something I can do
through php?

Thanks!

On 10/7/05, Matt Darby <[EMAIL PROTECTED]> wrote:
> blackwater dev wrote:
>
> >I have an app with a requirement to hit an external mssql db and move
> >the data to a local mysql database.  What's the best way to do this?
> >I was thinking of querying the mssql db and writing the contents to a
> >flat file then using mysql load data from infile query to pump it in
> >but I am not sure if this is the best option so am looking for
> >suggestions....
> >
> >Thanks!
> >
> >
> >
>
> You can easily do this; you could also cut out the middleman and use the
> ODBC driver to import/export directly.
>
> HTH
> Matt Darby
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

--- End Message ---
--- Begin Message --- 
[snip]
So would you use an odbc driver and call it directly on the shell?  I
don't have much access on the server or is this something I can do
through php?
[/snip]

There is an odbc driver for MySQL

http://dev.mysql.com/doc/mysql/en/odbc-connector.html

--- End Message ---
--- Begin Message --- 
On 10/7/05, blackwater dev <[EMAIL PROTECTED]> wrote:
> So would you use an odbc driver and call it directly on the shell?  I
> don't have much access on the server or is this something I can do
> through php?

Most of the time someone has already been there and done that:

http://www.kofler.cc/mysql/mssql2mysql.html


--
Greg Donald
Zend Certified Engineer
MySQL Core Certification
http://destiney.com/

--- End Message ---
--- Begin Message --- 
On Fri, October 7, 2005 8:31 am, blackwater dev wrote:
> I have an app with a requirement to hit an external mssql db and move
> the data to a local mysql database.  What's the best way to do this?
> I was thinking of querying the mssql db and writing the contents to a
> flat file then using mysql load data from infile query to pump it in
> but I am not sure if this is the best option so am looking for
> suggestions....

If one or the other database servers allows access from other than
'localhost', you can simply have two connections open, one to each db,
and XFer data in a single PHP script.

<?php
  $mssql = mssql_connect('whatever', ...);
  $mysql = mysql_connect('whatever', ...);

  $query = 'select ... from ....";
  $result = mssql_query($query, $mssql);

  while ($row = mssql_fetch_row($result)){
    $query = "insert into ... values(" . implode("', '", $row) . ")";
    mysql_query($query, $mysql);
  }
?>

Obviously you'd need a ton of error-checking etc.

This would be, perhaps, better than dump/load if you also need to do
some business logic in there to determine which records have changed
where, and which should or should not get re-loaded etc.

Would also be handy if you need to run this script often to syncronize
the two.

But if it's a one-time dump, then presumably SQL Server can be
convinced to dump out a flat-file that you can load into MySQL as you
originally intended -- That's probably gonna be fastest/easiest for a
one-time deal.

-- 
Like Music?
http://l-i-e.com/artists.htm

--- End Message ---
--- Begin Message --- 
On 10/7/05, Denis Gerasimov <[EMAIL PROTECTED]> wrote:
> Hello list,
>
> I am facing serious troubles when using PEAR::SOAP with PHP 4.4.0 while it
> works fine with PHP 4.3.9.
> PHP 4.4.0 produces many notices like these:
>
> Notice: Only variable references should be returned by reference in
> C:\PHP4\PEAR\SOAP\Value.php on line 118
> Notice: Only variable references should be returned by reference in
> C:\PHP4\PEAR\SOAP\WSDL.php on line 668
> Notice: Only variable references should be returned by reference in
> C:\PHP4\PEAR\SOAP\Value.php on line 118
>
> and so on.
>
> What is the problem?
>
> Currently I have rolled back to version 4.3.9 but this problem will appear
> again after upgrade, of course, - is there any solution (say, php.ini
> setting etc.)?
>
> Have a great day,
>

The solution is to fix the SOAP package. Instead of:
return $serializer->....
make it:
$ret = $serializer->...
return $ret;

This notice was added because PHP has memory corruption issues when
doing this particular thing (it always has).

--
Justin Patrin

--- End Message ---
--- Begin Message --- 
> The information that comes in from the first page is a creditcard form
> with the standard values (CCnumber, Expiry Date, Cardholder name etc).
>
> On page 2 an XMLrequest is done with a verification gateway (in this case
to
> check for enrolment in 3D-Secure), the result for that I get back on the
> same page and no redirection needs to be done.
>
> However AFTER the enrolment check with the gateway I need to send the user
> along to the 3rd page, which is a URL that is provided by the verification
> process.
> So to get there, as I need to pass a heap of data to that 3rd page I can
> either use GET or POST, but since the amount of data is fairly big the
only
> real option for this part seems POST.
>
> So it's not really about keeping the data persistent, it's more about the
> fact on how to push the user along correctly.

Is this what happens:

1. User enters payment data
2. XML check that payment data is OK
3. redirection to a page (on another site?), where for some reason the
payment data is required again (why?).

This sounds like a mixture of two ways of implementing online payments.
Forgive me if I'm telling you what you already know, but in general I
believe things work as follows:

1 The whole process from payment to verification takes place on the payment
provider's server
or
2.  the whole thing takes place on your server, with some inline (XML in
this case) communication with your payment provider to verify the card
details.

You seem to be doing a bit of both, or have I misunderstood?
Why do you need the payment details on the third page? If you don't actually
need them, then the security problem goes away, and you can use the session
object or whatever to persist the customer data.

Does this help?

--- End Message ---
--- Begin Message --- 
On Thu, October 6, 2005 4:52 am, Ragnar wrote:
Everything you are trying to do with the cURL, multiple pages, and
whatnot scares the bejesus out of me...

Especially that you seem to be passing people's credit card numbers
around in this manner. [shudder]

> I did see that there is a FOLLOWLOCATION option you can set in cURL
> when you
> do you request, and though "wicked, just what I needed" only to find
> out
> that it's not working (probably because I understand what it does
> wrong).

Most definitely you mis-understood what it does.

Here's what it REALLY does:

Suppose when cURL loads up the URL you ask for, it gets this back:

HTTP 302 Resource moved
Location: http://example.com/new_location_for_it.htm

If you have FOLLOWLOCATION set to 1, then cURL is just gonna go ahead
and request the new Location: and get you the damn answer you asked
for.

If you have it set to 0, you only get back the output from the 302
page -- So you can figure out exactly what the server is doing,
bouncing you around from page to page, with all these silly Location:
headers, chewing up valuable HTTP connection resources, and basically
putting a big server burden on whatever you are trying to get to.

[Actually, if HTTP/1.1 is being used, and Keep-alive is working
properly on all fronts, the burden is not so huge...  But that's not a
"given" for most servers/software today.]

> Pretty pretty please if anyone knows a solution for the above, let me
> know.

So I don't have any answer for what you're trying to do, except to sit
down and re-think all the bouncing around of data you're doing, and
most importantly where/how the credit card numbers are being
stored/transmitted, even in such temporary things as RAM, which is
swapped to hard drive, which is susceptible to attack.

On most shared servers, putting credit card info in SESSION data is
Really Bad Idea (tm) as every other user on the shared system can
troll through your session data with little to no effort.

> Oh, and I'd also like to add that the information I am trying to get
> to the
> 3rd page in the example is sensitive (Credit Card details etc.), so
> $_GET
> and $_COOKIE are out of the question.

This statement alone makes me think that you believe that $_POST is
somehow "safer" than $_GET and $_COOKIE.

Please purge that idea right out of your head this instant.

By the time you are on your PHP script, talking to some other server,
the data you send to/from that other server, via GET, POST, or COOKIE
is no more or less secure in any of the three.

POST data from the browser is only 1/100000000th "more secure" than
GET in that any idiot can see the "Location" URL and play with it, and
it takes a tenth of a clue to do "Save As.." and muck with the <INPUT
tags to change POST data...

As an exercise, please try this yourself:

Surf to some page that has a FORM on it.
Save As... to your hard drive.
Change the <INPUT tags to whatever you think will cause "interesting"
results on that server.
Open that file in your browser and click on the "Submit" button.

-- 
Like Music?
http://l-i-e.com/artists.htm

--- End Message ---
--- Begin Message --- 
Hello,
 
I am new to this list, but I thought I might contribute a patch implementation 
I've come up with and ask the other developers on the list to help me 
scrutinize its security implications.  I've posted this same message to 
fastcgi-developers list at fastcgi.org to look for feedback from them as well.
 
I've been working with Apache2, SuExec, PHP5, and FastCGI recently and ran 
across the seemingly-common problem of allowing Virtual Hosts to share a PHP 
(cgi-fcgi) binary that is SuExec'd to their User/Group.  I read everything I 
could find on the net about this subject, and the fastcgi.com archives were 
very helpful, but I was not happy or successful with some of the solutions 
presented.  I thought I would end up having to copying the php binary for every 
Virtual Host that existed and chown them to each user/group so that Suexec 
would work properly and I could stop getting permission errors.  Then I 
realized how it would be a nightmare to automate this process of copying and 
owning the php binary to the right user/group every time a Virtual Host was 
created (and I'm not that great at shell scripting).  If I wanted to recompile 
php, I would have to update all of the instances of php that now existed (which 
seemed to be getting too complex). So I finally gave in and decided to modify 
suexec.c, despite the warnings from apache.org not to do so because much 
thought had already been put into the conditions for suexec to work securely.  
However, the fact that I wanted the php binary to be shared is a special case 
from all other cgi scripts, since its user/group must be different from the 
target user/group of the Virtual Host.  So this is what I've come up with and 
it seems to fit my needs, so I thought it could help others in the same 
situation.
 
I've created a new user/group named "php-cgi-shared", which took on a UID and 
GID above 500.  My virtual hosts all reside in /home/<username>/ so in my 
Apache2 configuration I set '--with-suexec-docroot' to "/home" to encompass all 
virtual hosts and their cgi-bin directories (this made sense to me, but maybe I 
don't fully understand how the suexec docroot and userdir settings work).  Then 
I created /home/fcgi-bin/ where I would later copy /usr/bin/php (built as 
cgi-fcgi) to and chown the fcgi-bin directory and the php-fcgi binary to the 
user and group of "php-cgi-shared".  I've read some 3rd-party changes and 
patches to suexec.c that chose to completely ignore the check for the 
SuexecUserGroup UID and GID to match the UID and GID of the CGI file and its 
containing folder. However, I thought this was a too lenient and allows 
security holes, so I left that code as it is but added a custom hack of my own. 
 I've hard-coded the custom user/group of "php-cgi-shared" into the suexec.h 
header file, and within the code checked to see if this was a valid user/group 
on the system and obtained its UID and GID.  If the UID/GID of the target 
program and folder do not match the SuexecUserGroup (as done in the original 
code), then I additionally check if they match my "safe" UID/GID obtained from 
the "php-cgi-shared" user/group.  If a match occurs, then I allow the suexec 
program to proceed and not exit with an error.  So then when FastCGI passes the 
SuexecUserGroup from a Virtual Host to the Suexec wrapper, it will spawn a 
dynamic instance of the php-fcgi binary running as the user/group of the 
virtual host.  Likewise, I run a static instance of this php-fcgi using 
FastCgiServer with the -user and -group set to "php-cgi-shared", and not 
"apache/www/nobody" because those users are below the UID/GID of 500 that I've 
set as a minimum when building Apache/Suexec.  My assumption is that this 
fcgi-bin directory and php-fcgi program are the only two files that are owned 
by "php-cgi-shared", as set by root, and no other cgi's will ever take on this 
special privilege that suexec now allows.  This seems to be a valid solution, 
unless I don't fully understand how all of the components work together 
correctly and securely.  Please tell me otherwise if I am wrong.  All I know is 
that this setup is now working the way I want after many days of frustration, 
it keeps things secure as far as I can tell, and requires little to no extra 
maintenance in the future.
 
My httpd.conf file has the following directives that apply to 
PHP/FastCGI/Suexec (I built Apache2 using its default directory/file layout):
 
User apache
Group apache
...
LoadModule fastcgi_module modules/mod_fastcgi.so
AddType application/x-httpd-php .php
<IfModule mod_fastcgi.c>
   Alias /fcgi-bin/ /home/fcgi-bin/
   FastCgiIpcDir /usr/local/apache2/logs/fastcgi
   FastCgiWrapper /usr/local/apache2/bin/suexec
   FastCgiServer /home/fcgi-bin/php-fcgi -user php-cgi-shared -group 
php-cgi-shared
   <Directory /home/fcgi-bin/>
      SetHandler fastcgi-script
      Options +ExecCGI
   </Directory>
   AddHandler php-fastcgi .php
   Action php-fastcgi /fcgi-bin/php-fcgi
</IfModule>
 
Please respond with your comments on my method, and if it's generally correct 
and others are interested in using it, I can post my changes to suexec.c.
 
Thanks,
Jason Kovacs

--- End Message ---
--- Begin Message --- 
I am confused... probably because of lack of sleep.

Anyway... I have code that looks like this:

if ($discountResult["dateexpired"] > date("U"))
{

  //dosomething

}
else
{

  //do something else

}

Using Epoch obviously....

Anyway... it's supposed to read: IF the expired date is past the current
date... disallow "dosomething" otherwise... let it go.

I set the expire date to be Sept 30, 2005 and obviously today is the
current date but for some reason the "dosomething" is being allowed.

Do I have the operators mixed up here? Works is I reverse the operator but
shouldn't it work as I have it?

Thanks all. Appreciate the clarrification.

A

--- End Message ---
--- Begin Message --- 
Hi aaronjw,

Friday, October 7, 2005, 7:34:11 PM, you wrote:

> if ($discountResult["dateexpired"] > date("U"))
> {

>   //dosomething

> }
> else
> {

>   //do something else

> }

> Anyway... it's supposed to read: IF the expired date is past the current
> date... disallow "dosomething" otherwise... let it go.

> I set the expire date to be Sept 30, 2005 and obviously today is the
> current date but for some reason the "dosomething" is being allowed.

Start with the obvious - what actually IS the value of
$discountResult["dateexpired"]? var_dump it out and have a look. Check
you are comparing like with like. You're also not performing a strict
comparison, so string conversion could be going on here.

The other obvious fact is that if dateexpired is less than *right
now*, it'll always "dosomething" ! :)

Cheers,

Rich
-- 
Zend Certified Engineer
http://www.launchcode.co.uk

--- End Message ---
--- Begin Message --- 
Hi Rich,

Thanks for your reply.

dateexpired is: 1128052800 which translates into: 2005-09-30 00:00:00

Basically, I'm just trying to figure out when the dateexpired is. IF it is
past the current date then I am erroring out and if it's under the current
date... I'm allowing the transaction.

I would assume the following:

if (2005-09-30 00:00:00 > 2005-10-07 00:00:00)

it should error out, no?

Thanks!

Aaron

> Hi aaronjw,
>
> Start with the obvious - what actually IS the value of
> $discountResult["dateexpired"]? var_dump it out and have a look. Check
> you are comparing like with like. You're also not performing a strict
> comparison, so string conversion could be going on here.
>
> The other obvious fact is that if dateexpired is less than *right
> now*, it'll always "dosomething" ! :)
>
> Cheers,
>
> Rich

--- End Message ---
--- Begin Message --- 
Hi,

Friday, October 7, 2005, 7:55:45 PM, you wrote:

> dateexpired is: 1128052800 which translates into: 2005-09-30 00:00:00

> Basically, I'm just trying to figure out when the dateexpired is. IF
> it is past the current date then I am erroring out and if it's under
> the current date... I'm allowing the transaction.

> I would assume the following:

> if (2005-09-30 00:00:00 > 2005-10-07 00:00:00)

> it should error out, no?

Not given your logic above, no.

You said "If it is past the current date then I am erroring out",
therefore 2005-09-30 00:00:00 > 2005-10-07 00:00:00 will NEVER error
out, because it will never be greater than the current timestamp in
seconds.

A = 2005-09-03 = 1,128,052,800
B = 2005-10-07 = 1,128,713,278 (approx, that's actually the value now)

So A will never be greater than B, hence you're always allowing the
transaction.

Cheers,

Rich
-- 
Zend Certified Engineer
http://www.launchcode.co.uk

--- End Message ---
--- Begin Message --- 
        I have an email validation script written in PHP that works on most
Apache machines I try it on, with the exception (of course) of my production
box that it needs to go on.  This production machine is a Slackware 10.2 box,
running Apache 1.33 and PHP 4.4.0.

        The script works if I call it from the command line with "php -f
filename" however, if I try to call the same script from a browser (served by
httpd) the DNS check is never made, and the script returns that the domain of
the email address is invalid.

        The httpd people tell me that once Apache calls a .php page, PHP
handles the actual parsing of that page, so if these DNS queries aren't
happening when the page is called through a browser, what is changing from
when they are called from the command line?

        Thoughts?

Best,
Jadel

--- End Message ---
--- Begin Message --- 
On Fri, October 7, 2005 2:54 pm, Jadel Menard wrote:
>
>       I have an email validation script written in PHP that works on most
> Apache machines I try it on, with the exception (of course) of my
> production
> box that it needs to go on.  This production machine is a Slackware
> 10.2 box,
> running Apache 1.33 and PHP 4.4.0.
>
>       The script works if I call it from the command line with "php -f
> filename" however, if I try to call the same script from a browser
> (served by
> httpd) the DNS check is never made, and the script returns that the
> domain of
> the email address is invalid.
>
>       The httpd people tell me that once Apache calls a .php page, PHP
> handles the actual parsing of that page, so if these DNS queries
> aren't
> happening when the page is called through a browser, what is changing
> from
> when they are called from the command line?

You'd first have to show us the source code that does the email checks.

In addition, see if you can dig out the httpd.conf and php.ini that
are used on the production server, and post links to them, after
removing any data you consider sensitive.

There's no rule that the PHP binary they have laying around on the
machine for command line use has to have any real correspondence with
the (presumed) PHP Module they have loaded into Apache.

They could be different versions of PHP, with entirely different
compile-time switches, and have nothing more than "PHP" in their name
in common.

They are USUALLY very similar, but a host could easily dis-allow
certain functions in php.ini in the web environment, but your CLI PHP
can easily not be using that same php.ini, and then you get the
functions they don't want you to have.

Worst-case scenario, you could probably use http://php.net/exec in
your web PHP script to fire up PHP command line to run your DNS lookup
script.

This is a total hack and will have HORRIBLE performance penalties.

And if the real "problem" is that your host doesn't want you doing DNS
lookups in the first place, so they disabled the function in php.ini,
they're not gonna be happy to find you doing this...

Extreme Caution is called for.

-- 
Like Music?
http://l-i-e.com/artists.htm

--- End Message ---
--- Begin Message --- 
        Thank you for your reply.

> You'd first have to show us the source code that does the email checks.
> In addition, see if you can dig out the httpd.conf and php.ini that
> are used on the production server, and post links to them, after
> removing any data you consider sensitive.

        As I am responsible for the machine, I have created the following site
with all the information you have requested: http://emailtest.altig.ca

        There you will find:
        email.php (the actual script)
        email_php.php (the php code)
        httpd.conf
        php.ini

        I've set up several machines like this in the past, and have not done
anything too fancy regarding Apache or PHP, and in fact, have used the
Slackware 10.2 binaries for both.

        If there are any other questions you need before we can work towards a
solution, please let me know!  Otherwise, what to do next?!
        
Best,
Jadel

--- End Message ---
--- Begin Message --- 
On Thu, October 6, 2005 8:29 pm, Rick Emery wrote:
> Knowing that I'm not the only one to want to connect to Microsoft SQL
> Server on Windows from PHP and Apache on Linux, I'm seeking advice.

You may want to consider using the Sybase drivers if they are
available as up-to-date RPMs.

Last time I checked, several years ago, they worked better/faster than
the mssql drivers.

YMMV

-- 
Like Music?
http://l-i-e.com/artists.htm

--- End Message ---
--- Begin Message --- 
On Thu, October 6, 2005 9:37 am, Robert Cummings wrote:
>> > when I add that code I can the following error msg when submitting
>> the
>> > form.
>> > " *Warning*: Cannot modify header information - headers already
>> sent by
>> > (output started at /home/webadmin/dedicated75.virtual.vps-
>> > host.net/html/fortuneInteractive/Consultation_test.php:6<http://host.net/html/fortuneInteractive/Consultation_test.php:6>
>> > <http://host.net/html/fortuneInteractive/Consultation_test.php:6>)
>> > in */home/webadmin/dedicated75.virtual.vps-
>> > host.net/html/fortuneInteractive/Consultation_test.php<http://host.net/html/fortuneInteractive/Consultation_test.php>
>> > <http://host.net/html/fortuneInteractive/Consultation_test.php>
>> > * on line *168* "
>> > line 168 is the one with header( 'Location: thanks.php' );
>> > on it.
>> > can anyone explain why this is happening and how to rectify?

A long time ago, this error message would only have told you that the
line 168 was "wrong" and that data had already been sent earlier.

Now, however, buried in this error message, is the EXACT LINE of code
where the data was already sent:

/home/webadmin/dedicated75.virtual.vps-host.net/html/fortuneInteractive/Consultation_test.php:6

Line 6, of Consultation_test.php is the culprit.

WARNING:
Emacs, by default, on some system, will automatically ADD a newline
character at the end of any file you edit.

In older versions of PHP (possibly pre-dating this error message) that
would be problematic.  It may STILL be problematic for all I know.  I
don't use Emacs, but recall the grief it caused many a PHP beginner
from long ago on the list.

Disclosure:
I may have been the first/loudest to request that the original line of
data output be logged by PHP internally so that this message could
inform you of this fact.  Hell, for all I know, I'm the only guy that
asked for it.  Oh well.  It's there.  Use it.

-- 
Like Music?
http://l-i-e.com/artists.htm

--- End Message ---
--- Begin Message --- 
Hello!

I packed PHP 4.4.1RC1 today, which you can find here:
http://downloads.php.net/derick/

Please test it carefully, and report any bugs in the bug system, but 
only if you have a short reproducable test case.

If everything goes well, we can release it somewhere at the end of next 
week.

regards,
Derick

-- 
Derick Rethans
http://derickrethans.nl | http://ez.no | http://xdebug.org

--- End Message ---
--- Begin Message --- 
On Wed, October 5, 2005 11:59 pm, Brian Dunning wrote:
> Do I need to use Pear to specify port 587 and authentication when
> sending mail? I could not find any way to do it using mail().

If you have access to sendmail.cf on your box, you can probably do it
there...

Or, put it this way:

On MY box at home, I had to do this so the silly cable-modem provider
wouldn't block my outdoing emails, and I'm NOT a Sendmail expert by
any stretch of the imagination.

In this case, I wanted ALL outgoing email to go to a different port,
which my web/mail host has open for this very purpose.

I dunno how tricky it would be to make it only happen for specific
sender/recipient combinations etc...

-- 
Like Music?
http://l-i-e.com/artists.htm

--- End Message ---
--- Begin Message --- 
On Wed, October 5, 2005 10:17 am, blackwater dev wrote:
> I have an old site which uses this code on login:
>
> //it does a query then
>  if ($affected_rows>0){
>        session_start(mysite);
>           session_register('admin');
>           $wardadmin = yes;
>             header("location: admin.php");
> }
>
> and in the top of admin.php:
>
>   session_start(mysite);
>   if (@$admin != "yes")
>    {
>     header("location: login.php");
>     exit;
>   }
>
> The host recently upgraded to php 4.4 and now the login doesn't work.
> I do notice when I login that the page goes to admin the right back to
> login.  Why doesn't admin see the session var?

Not sure specifically what broke in 4.4 for you, but here some things
that are "wrong" in your code...

1. Technically, it's Location with a capital L, I think.

2. Technically, you should provide a FULL URL to Location:

3. @$admin is suppressing an error message.  What's the error message?

4. If you're not checking that 'admin' comes from $_SESSION, anybody
from can surf to: admin.php?admin=yes

5. You are relying on "register_globals" being "on" and you shouldn't.
http://php.net/register_globals might tell you more

6. You session_register('admin') but you change $wardadmin  They
should all match.

Methinks maybe it's time for you to re-write this code :-)

-- 
Like Music?
http://l-i-e.com/artists.htm

--- End Message ---
--- Begin Message --- 
On Wed, October 5, 2005 8:11 am, Petr Smith wrote:
> is it possible to cache parsed XML files somehow?

I think this is the wrong question...

I mean, OF COURSE, it's possible to cache them SOMEHOW.

You could toss them in your file system, or a database, insert a
machine with squid on it into the chain, or train an army of squirrels
to memorize the XML.

That last one might be impractical, as you'd need to breed super-smart
squirrels first :-)

> I'm writing template
> library based on XML. But it's not very efficient to create new
> DomDocument, load XML template, process it and show on every page hit.
> XML parsing is not very fast, and because I'm parsing XHTML with
> entities, all DTD's are parsed too. I thought about something similar
> to
> java - there I can have servlet which lives all the time the server
> lives. It can load XML and parse it only for the first time and send
> DOM
> objects to another servlets.
> I need something similar with PHP, can it be done?

I think you might want to avoid trying to do it the Java way in PHP.

PHP is share-none by architectural design, not accident, so that you
can scale up by throwing as much cheap/stock hardware at it as you can
afford instead of being forced to buy a single bigger hardware box in
the center for the shared data.

It would probably make a lot more sense to store whatever you use to
uniquely identify your XML source and the results in a database or
filesystem, and then compare time-stamps in some simple business logic
to decide to re-parse or serve from cache.

Yes, that does just foist off the shared-data to the database, or
file-system -- but those systems are specifically designed to handle
this task for a long time now with a lot of heavily tested and
optimized code.  PHP and even Java can't really match that level of
testing/optimization yet simply due to relative ages.

If db and filesystem are "too slow" or you already have too many
machines running this code-base, you could write your own PHP "XML
cache server" that takes an XML id and either gets it from the db/file
cache, or parses the true original, and set up your own "server" for
this express purpose and really make it scream on speed...  That's
quite a bit of work, though, and for the simplicity of the code
involved, you may be better off writing it as a C application... Or
out-sourcing that bit of code to be written with specific timing
targets for the employee to meet/beat to get their just due $$$.

-- 
Like Music?
http://l-i-e.com/artists.htm

--- End Message ---
--- Begin Message --- 
On Tue, October 4, 2005 12:07 pm, blackwater dev wrote:
> I am querying a MSSQL db where an jpg image is stored as a blog.
>
> I have this code:
>
> <html>
> <head>
> <meta http-equiv="Content-Type" content="image/jpg">

I don't think you can use Content-type for this purpose...

Or, at least, I wouldn't expect browsers to be reliable in doing it.

It MIGHT be just case-sensitive to Content-type...

Rip out ALL the HTML code here, and do:

> </head>
> <body>
> <?
> //Do the query
> include_once("../includes.list.php");
>   $ms_sql= new ms_db();
>   $my_sql=new Database();
>   $query="select photo from cars where id=22";
>   $data=$ms_sql->query($query);
>    while($obj = $ms_sql->objects('',$data)){

header("Content-type: image/jpg");

>     echo $obj->photo;
>    }
> $data=$ms_sql->disconnect();
> ?>
> </body>
> </html>
>
> But when viewed I just get all the junk code:
>
> !1AQaq"2B'¡±Á #3RðbrÑ
> $4á%ñ&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz‚ƒ„…â€
‡ˆ‰Å
'""•–—˜™š¢£¤¥¦§¨(c)ª²³´µ¶·¸¹ºÂÃÄÅÆÇÈÉÊÒÓÔÕÖ×ØÙÚâãäåæçèéêòóôõö÷øù
>
> What is wrong?

The browser is showing you the JPEG as "text"

If you had the actual JPEG, and you opened it in, like, Notepad or
whatever, that's what you would see.

-- 
Like Music?
http://l-i-e.com/artists.htm

--- End Message ---
--- Begin Message --- 
On Tue, October 4, 2005 11:47 am, cybermalandro cybermalandro wrote:
> I am connecting to a PROGRESS DB through the MERANT ODBC driver, When
> I have
> the 4th parameter SQL_CUR_USE_ODBC as shown, my queries return nothing
> but
> if I have the 4th parameter as lower case it returns my query results
> but
> with a PHP error complainning
> *Notice*: Use of undefined constant sql_cur_use_odbc - assumed
> 'sql_cur_use_odbc'
>
> Wtf? I don't get it, most of the documentation from people connecting
> to
> PROGRESS do have the 4th parameter uppercase can someone help me out ?

Well, you could put apostrophes or quotes around it and get rid of the
PHP Notice, and that would be syntactically correct for PHP.

What it would mean to MERANT ODBC, though, I dunno...

Though what you currently have, with lower-case, will be THE SAME to
MERANT ODBC as adding the quotes, because that's what PHP is doing for
you, and that's what the Notice is all about.

Translation:
PHP: You were supposed to put quotes on that sql_cur_use_odbc thing,
but you didn't, so I did it for you.


But this is probably NOT going to make things actually work as you
expect.

What happens next is that PHP has to convert your string
"sql_cur_use_odbc" into a number.  And that number will be 0.

So then MERANT ODBC gets the integer 0 as that 4th argument.

Which is probably NOT the number you want to send it to actually turn
on this SQL CUR USE ODBC thingie, whatever that is.

SQL_CUR_USE_ODBC is almost for sure an integer.

You could see what it is by doing:

echo "SQL_CUR_USE_ODBC has the value: ", SQL_CUR_USE_ODBC, "<hr />\n";

in your code.

If it's not 0, then adding quotes to suppress the PHP Notice is only
masking a symptom, not fixing the real problem.

I guess we'd need to know what your queries are, and if I had some
clue what SQL_CUR_USE_ODBC was supposed to be doing, it would help... 
Hopefully somebody else can chime in on this part.

-- 
Like Music?
http://l-i-e.com/artists.htm

--- End Message ---
--- Begin Message --- 
Hi List,

I am trying to allow dynamic URL's for my users to remember similiar to:

www.mysite.com/joesoap
So I want to use "joesoap" in a PHP script to pick up the user's details from a MySQL database. If the "joesoap" does not exist in the table 
I will handle that.
So basically I have one file www.mysite.com/index.php which should do all the processing.
I have tried with the apache .htaccess mod_rewrite, however when I echo $_SERVER['PHP_SELF'] I can't detect the "joesoap". It returns /index.php. 

Of course the easiest way is to do something like
www.mysite.com/index.php?username=joesoap
but that is too long and complicated for our users. As we have thousands of users, I don't want to create actual directories. 

Furthermore can this be done too (without a joesoap file):
www.mysite.com/joesoap?show_extra_details=yes
Any advice/links would be much appreciated. If I am barking up the wrong tree throw me a bone please. 

Thanks alot
Terence

--- End Message ---

Reply via email to