php-general Digest 14 Oct 2006 06:33:45 -0000 Issue 4400
Topics (messages 243100 through 243122):
Re: Send process to background
243100 by: Richard Lynch
243105 by: Jon Anderson
243114 by: Ed Lazor
Re: Socket communications question
243101 by: Richard Lynch
243119 by: Manuel Lemos
Re: readfile() problem
243102 by: Richard Lynch
Re: canon jpegs
243103 by: Richard Lynch
243107 by: Al
Windows ENV['_'] equivalent
243104 by: Richard Lynch
243108 by: Roman Neuhauser
243109 by: M.Sokolewicz
243118 by: Ed Lazor
PHP Denial of service
243106 by: Ryan Barclay
243110 by: Robert Cummings
243112 by: Ryan Barclay
243113 by: Ryan Barclay
243115 by: Robert Cummings
243116 by: Jon Anderson
243121 by: Ed Lazor
Re: Understanding persistent connections...
243111 by: Google Kreme
Re: php mailer part 2
243117 by: Manuel Lemos
A no brainer...
243120 by: Tony Di Croce
243122 by: Larry Garfield
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
php-general@lists.php.net
----------------------------------------------------------------------
--- Begin Message ---
On Fri, October 13, 2006 11:05 am, André Medeiros wrote:
> I am working on a backup system that needs to be called through a
> webpage to start the process. I am trying to do this on a
> one-file-only sollution.
>
> The thing is, the first request to the site needs to start the backup,
> but I didn't want to use any command-line tools, since some of our
> servers rely on safe_mode. Is there any way to send output to the
> browser on this first instance, finish the request, but keeping the
> PHP running and making the backup.
Probably not, at least not in a portable way.
In *some* OS configurations this might work:
<?php `backup_script_here.xyz &`;?>
No promises.
--
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some starving artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?
--- End Message ---
--- Begin Message ---
Richard Lynch wrote:
On Fri, October 13, 2006 11:05 am, André Medeiros wrote:
I am working on a backup system that needs to be called through a
webpage to start the process. I am trying to do this on a
one-file-only sollution.
The thing is, the first request to the site needs to start the backup,
but I didn't want to use any command-line tools, since some of our
servers rely on safe_mode. Is there any way to send output to the
browser on this first instance, finish the request, but keeping the
PHP running and making the backup.
Probably not, at least not in a portable way.
In *some* OS configurations this might work:
<?php `backup_script_here.xyz &`;?>
No promises.
A hack I've used was to make a standalone script, then call it via curl
(http://localhost/path/to/script.php) with a timeout set to something
short. Output can be sent to a file or database somewhere that can be
read back and deleted later. That isn't pretty though...
jon
--- End Message ---
--- Begin Message ---
On Oct 13, 2006, at 12:12 PM, Richard Lynch wrote:
On Fri, October 13, 2006 11:05 am, André Medeiros wrote:
I am working on a backup system that needs to be called through a
webpage to start the process. I am trying to do this on a
one-file-only sollution.
The thing is, the first request to the site needs to start the
backup,
but I didn't want to use any command-line tools, since some of our
servers rely on safe_mode. Is there any way to send output to the
browser on this first instance, finish the request, but keeping the
PHP running and making the backup.
Probably not, at least not in a portable way.
In *some* OS configurations this might work:
<?php `backup_script_here.xyz &`;?>
No promises.
In unix, you can run something like this:
script >& output.log &
You can call something like that using PHP system calls.
You might be stuck if safe_mode_exec_dir is locked down. You're
especially screwed when you remove the option of using command-line
tools.
If you were to try to use PHP itself to manually get a directory
listing, open each file, compress it, add it to an archive, etc.,
you're definitely going the wrong route.
--- End Message ---
--- Begin Message ---
On Fri, October 13, 2006 11:15 am, Jeff Lanzarotta wrote:
How did you open the socket?
Did you check that it's valid?
You've already written to it, right?...
And Java got the data you sent?
One hack would be to try opening one socket just for reading and one
just for writing...
Might work out what's going on from that.
Or, if it works, just live with 2 one-way sockets instead of a 2-way
socket.
> while ($out = socket_read($socket, 2048, PHP_NORMAL_READ))
> {
> echo $out;
> }
>
> never returns.
>
> Any ideas?
>
> -Jeff
>
>
> -Jeff
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some starving artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?
--- End Message ---
--- Begin Message ---
Hello,
on 10/13/2006 01:15 PM Jeff Lanzarotta said the following:
> I am trying to get a php web page to communicate with a java
> application with little success...
>
> I can get the php page to send the request to the java application,
> just fine. But when the java app sends the response back, the php page
> does not seem to get it...
>
> As a side note, the java app works just fine if the client is another
> java app, or a C app. Everything is send and received just fine...
>
> From what I can tell in the php page, the
>
> while ($out = socket_read($socket, 2048, PHP_NORMAL_READ))
> {
> echo $out;
> }
>
> never returns.
>
> Any ideas?
If all you want to is to fetch a page via the GET method, you can use
either fopen/fread or file_get_contents functions passing the URL as
file name.
If what you want is a more complicated HTTP request like using the POST
methods, submit forms, handle cookies and redirection, HTTP
authentication, etc.., you may also want to take a look at this HTTP
client class:
http://www.phpclasses.org/httpclient
--
Regards,
Manuel Lemos
Metastorage - Data object relational mapping layer generator
http://www.metastorage.net/
PHP Classes - Free ready to use OOP components written in PHP
http://www.phpclasses.org/
--- End Message ---
--- Begin Message ---
On Fri, October 13, 2006 1:28 am, Peter Lauri wrote:
> Hi, I am trying to do this, but now I cannot set values with ini_set.
> I do
> the following and it outputs "could not set". I have also tried 0,
> "0", but
> that doesn't help.
>
> if(ini_set("output_buffering", "off")) echo "could set";
> else echo "could NOT set";
Even if you *COULD* set it, this PHP code is borked...
If the PREVIOUS value was 0, and ini_set returns the previous value on
success, you get 0 for the return, and then you'll see "could NOT set"
-- because 0 is type-juggled to false.
You'd want:
if (false !== ini_set("output_buffering", "off")) echo "could set";
else echo "could NOT set";
--
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some starving artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?
--- End Message ---
--- Begin Message ---
On Thu, October 12, 2006 7:35 pm, Emil Edeholt wrote:
> I'm trying to make thumbnails of uploaded jpegs via GD. It works fine
> on
> most jpegs but doesn't seem to work on canon jpegs (tried both a
> consumer canon and one of the finer DSLRs). When I resaved the canon
> jpeg in my imaging application GD could handle it.
>
> Any ideas of how to solve this? I'm in a bit of a panic.
I have frequently found that JPEG comments and EXIF meta-data and
whatnot in a JPEG will confuse GD.
See if you can find a way to prep the photos by stripping out the
non-visual data...
--
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some starving artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?
--- End Message ---
--- Begin Message ---
Emil Edeholt wrote:
Hi!
I'm trying to make thumbnails of uploaded jpegs via GD. It works fine on
most jpegs but doesn't seem to work on canon jpegs (tried both a
consumer canon and one of the finer DSLRs). When I resaved the canon
jpeg in my imaging application GD could handle it.
Any ideas of how to solve this? I'm in a bit of a panic.
Emil
Imagemagick will handle them and provide better quality.
http://www.imagemagick.org/script/index.php
I use it with exec()
--- End Message ---
--- Begin Message ---
So, I have this automated testing script I wrote, and I want to make
it work on more than just my computer.
In cygwin, and in Linux, EVN['_'] has the nice path to the binary CLI
which is running -- which I call again in a backticks for each test
script in turn, to provide a consistent starting point.
In windows... There ain't nothing in phpinfo() that matches the
php.exe which I'm running...
How do you handle this?
Note that I'm not attempting to test specific versions of PHP -- just
the PHP scripts, so I really just want to run whatever PHP they are
already running in their test environment, whatever that might be.
It's not in $argv, it's not in ENV.
I've check the getmyinode() friends in PHP Options/Info page.
Surely Windows provides this info to PHP somewhere, and PHP exposes
it, right?... Guess not, hunh.
Anybody got a solution?
--
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some starving artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?
--- End Message ---
--- Begin Message ---
# [EMAIL PROTECTED] / 2006-10-13 13:53:56 -0500:
> So, I have this automated testing script I wrote, and I want to make
> it work on more than just my computer.
>
> In cygwin, and in Linux, EVN['_'] has the nice path to the binary CLI
> which is running -- which I call again in a backticks for each test
> script in turn, to provide a consistent starting point.
>
> In windows... There ain't nothing in phpinfo() that matches the
> php.exe which I'm running...
>
> How do you handle this?
>
> Note that I'm not attempting to test specific versions of PHP -- just
> the PHP scripts, so I really just want to run whatever PHP they are
> already running in their test environment, whatever that might be.
>
> It's not in $argv, it's not in ENV.
What does $argv look like in windows?
--
How many Vietnam vets does it take to screw in a light bulb?
You don't know, man. You don't KNOW.
Cause you weren't THERE. http://bash.org/?255991
--- End Message ---
--- Begin Message ---
you've considered the fact that you might be running php as a module via
ie. apache, thus not using a php.exe at all? (you'd be using a
php4ts.lib/php5ts.lib instead)
- tul
Richard Lynch wrote:
So, I have this automated testing script I wrote, and I want to make
it work on more than just my computer.
In cygwin, and in Linux, EVN['_'] has the nice path to the binary CLI
which is running -- which I call again in a backticks for each test
script in turn, to provide a consistent starting point.
In windows... There ain't nothing in phpinfo() that matches the
php.exe which I'm running...
How do you handle this?
Note that I'm not attempting to test specific versions of PHP -- just
the PHP scripts, so I really just want to run whatever PHP they are
already running in their test environment, whatever that might be.
It's not in $argv, it's not in ENV.
I've check the getmyinode() friends in PHP Options/Info page.
Surely Windows provides this info to PHP somewhere, and PHP exposes
it, right?... Guess not, hunh.
Anybody got a solution?
--- End Message ---
--- Begin Message ---
On Oct 13, 2006, at 11:53 AM, Richard Lynch wrote:
So, I have this automated testing script I wrote, and I want to make
it work on more than just my computer.
In cygwin, and in Linux, EVN['_'] has the nice path to the binary CLI
which is running -- which I call again in a backticks for each test
script in turn, to provide a consistent starting point.
In windows... There ain't nothing in phpinfo() that matches the
php.exe which I'm running...
How do you handle this?
Note that I'm not attempting to test specific versions of PHP -- just
the PHP scripts, so I really just want to run whatever PHP they are
already running in their test environment, whatever that might be.
It's not in $argv, it's not in ENV.
I've check the getmyinode() friends in PHP Options/Info page.
Surely Windows provides this info to PHP somewhere, and PHP exposes
it, right?... Guess not, hunh.
Anybody got a solution?
Not a solution, but an idea... the dos chdir comand. Maybe you can
run it from within your script. It tells you the current working
directory and you end up indirectly knowing the location of the
php.exe that you're using.
-Ed
--- End Message ---
--- Begin Message ---
A simple question I imagine, but I am wondering how I would combat DoS
attacks by users holding the REFRESH key on their browsers?
I have reproduced this error on a PHP-MYSQL website and when I hold the
REFRESH key on for a while, page gen times shoot up dramatically and
hundreds of processes are created.
Is there a way I can stop this/limit the connections/processes in apache
conf/php.ini?
What can I do to combat this method of DoS?
--- End Message ---
--- Begin Message ---
On Fri, 2006-10-13 at 22:16 +0100, Ryan Barclay wrote:
> A simple question I imagine, but I am wondering how I would combat DoS
> attacks by users holding the REFRESH key on their browsers?
>
> I have reproduced this error on a PHP-MYSQL website and when I hold the
> REFRESH key on for a while, page gen times shoot up dramatically and
> hundreds of processes are created.
>
> Is there a way I can stop this/limit the connections/processes in apache
> conf/php.ini?
>
> What can I do to combat this method of DoS?
Check if the following is enabled in php.ini
ignore_user_abort
Or in the code via:
ignore_user_abort()
Cheers,
Rob.
--
.------------------------------------------------------------.
| InterJinn Application Framework - http://www.interjinn.com |
:------------------------------------------------------------:
| An application and templating framework for PHP. Boasting |
| a powerful, scalable system for accessing system services |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for |
| creating re-usable components quickly and easily. |
`------------------------------------------------------------'
--- End Message ---
--- Begin Message ---
Robert,
Thanks for the reply. I can't seem to find ignore_user_abort in my
php.ini. I would like to do it at server level, rather than individual
scripts. Do you know roughly where is it? I think there were some
versions with this missing in the ini, which was later fixed.
I'm guessing that if ignore_user_abort is set to on, this could be the
culprit?
Would simply adding the following to the ini work?:
ignore_user_abort = off
Best,
Ryan
Robert Cummings wrote:
On Fri, 2006-10-13 at 22:16 +0100, Ryan Barclay wrote:
A simple question I imagine, but I am wondering how I would combat DoS
attacks by users holding the REFRESH key on their browsers?
I have reproduced this error on a PHP-MYSQL website and when I hold the
REFRESH key on for a while, page gen times shoot up dramatically and
hundreds of processes are created.
Is there a way I can stop this/limit the connections/processes in apache
conf/php.ini?
What can I do to combat this method of DoS?
Check if the following is enabled in php.ini
ignore_user_abort
Or in the code via:
ignore_user_abort()
Cheers,
Rob.
--- End Message ---
--- Begin Message ---
Robert,
Thanks for the reply. I can't seem to find ignore_user_abort in my
php.ini. I would like to do it at server level, rather than individual
scripts. Do you know roughly where is it? I think there were some
versions with this missing in the ini, which was later fixed.
I'm guessing that if ignore_user_abort is set to on, this could be the
culprit?
Would simply adding the following to the ini work?:
ignore_user_abort = off
Best,
Ryan
--
Ryan Barclay
RBFTP Networks Ltd.
DDI: +44 (0)870 490 1870
WWW: http://www.rbftpnetworks.com
BBS: http://forums.rbftpnetworks.com
Robert Cummings wrote:
On Fri, 2006-10-13 at 22:16 +0100, Ryan Barclay wrote:
A simple question I imagine, but I am wondering how I would combat DoS
attacks by users holding the REFRESH key on their browsers?
I have reproduced this error on a PHP-MYSQL website and when I hold the
REFRESH key on for a while, page gen times shoot up dramatically and
hundreds of processes are created.
Is there a way I can stop this/limit the connections/processes in apache
conf/php.ini?
What can I do to combat this method of DoS?
Check if the following is enabled in php.ini
ignore_user_abort
Or in the code via:
ignore_user_abort()
Cheers,
Rob.
--- End Message ---
--- Begin Message ---
On Sat, 2006-10-14 at 01:25 +0100, Ryan Barclay wrote:
> Robert,
>
> Thanks for the reply. I can't seem to find ignore_user_abort in my
> php.ini. I would like to do it at server level, rather than individual
> scripts. Do you know roughly where is it? I think there were some
> versions with this missing in the ini, which was later fixed.
>
> I'm guessing that if ignore_user_abort is set to on, this could be the
> culprit?
>
> Would simply adding the following to the ini work?:
>
> ignore_user_abort = off
If it's not in your php.ini and not in your source code then it's
already off, unless it's being activated by an http.conf or .htaccess
setting. The default for ignore_user_abort is 0.
What exactly does your script do? It may be possible that whatever task
it is performing prevents PHP from immediately recognizing the user
abort and subsequently terminating.
Cheers,
Rob.
--
.------------------------------------------------------------.
| InterJinn Application Framework - http://www.interjinn.com |
:------------------------------------------------------------:
| An application and templating framework for PHP. Boasting |
| a powerful, scalable system for accessing system services |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for |
| creating re-usable components quickly and easily. |
`------------------------------------------------------------'
--- End Message ---
--- Begin Message ---
Ryan Barclay wrote:
Thanks for the reply. I can't seem to find ignore_user_abort in my
php.ini. I would like to do it at server level, rather than
individual scripts. Do you know roughly where is it? I think there
were some versions with this missing in the ini, which was later fixed.
I'm guessing that if ignore_user_abort is set to on, this could be the
culprit?
Would simply adding the following to the ini work?
Ignore user abort defaults to off, and doesn't necessarily help you if
the clients don't terminate their connections properly, or they're
actually trying to DoS you. I think your best bet is to either use some
lightweight detection in PHP (and maybe send an HTTP error header if
you're getting hit), or better yet, use a firewall if one is available
to prevent the connections from even getting to your webserver and
wasting its resources. (If your server is running on Linux, iptables
should be able to do what you need, and there are more complicated
solutions too.)
jon
--- End Message ---
--- Begin Message ---
On Oct 13, 2006, at 2:16 PM, Ryan Barclay wrote:
A simple question I imagine, but I am wondering how I would combat
DoS attacks by users holding the REFRESH key on their browsers?
I have reproduced this error on a PHP-MYSQL website and when I hold
the REFRESH key on for a while, page gen times shoot up
dramatically and hundreds of processes are created.
Is there a way I can stop this/limit the connections/processes in
apache conf/php.ini?
Apache.conf ThreadsPerChild?
What can I do to combat this method of DoS?
How do you consider this a DoS attack? Are you seeing servers
crippled because a user or a couple of users keep hitting the refresh
key? Honestly, it seems extreme. Your server should be able to
handle much higher loads than that, especially when PHP starts
caching pages, etc.. I would start double checking the server
config, etc..
Also, if you're really worried about someone "attacking" a site like
this, you could just take advantage of PHP's auto_prepend to
automatically log the IP and a time stamp of each page request... and
if the last page request is within N seconds of the current request,
you just redirect the user to a page that says something like "server
busy, try again in a moment".
-Ed
--- End Message ---
--- Begin Message ---
On 13 Oct 2006, at 06:35 , [EMAIL PROTECTED] wrote:
ATTENTION!
A message you recently sent to a 0Spam.com user with the subject
"Re: [PHP] Re: Understanding persistent connections..." was not
delivered because they are using the 0Spam.com anti-spam service.
Please click the link below to confirm that this is not spam. When
you confirm, this message and all future messages you send will
automatically be accepted.
So nice to have Prove You Love Me schemes on a mailing list.
Needless to say, I did not (and will not) click the stupid link.
--
I know that you believe you understand what you think I said but I am
not sure you realize that what you heard is not what I meant.
--- End Message ---
--- Begin Message ---
Hello,
on 10/13/2006 05:22 AM Ross said the following:
> Thanks Richard but now.....
>
> This script send out a few hundred email addresses but I do not seem to be
> getting any returned to from failed email addresses eg.
> [EMAIL PROTECTED]
I don't know about PHPMailer because I do not use it, but if you use the
MIME message class, you only need to set the Return-Path header pointing
it to whatever addresses that bounce your message.
BTW, the MIME message class also provides great optimization support for
bulk mail deliveries that can reduce the time to send the same message
to many recipients:
http://www.phpclasses.org/mimemessage
--
Regards,
Manuel Lemos
Metastorage - Data object relational mapping layer generator
http://www.metastorage.net/
PHP Classes - Free ready to use OOP components written in PHP
http://www.phpclasses.org/
--- End Message ---
--- Begin Message ---
Is their a slick way of automatically serializing Objects to the session
when a script exit()'s and de-serialize them in session_start()?
It seems to me that object oriented PHP might actually be useful if I could
persist an object across an entire session, and come to think of it, their
really ought to be an automatic way to do this... (IE, I'd not be suprised
one bit if its already a feature of PHP that I'm just not aware of)...
So, is their a way to do this?
--
Publish technical articles @ skilledwords.com and get 100% of the
ad-revenue!
http://www.skilledwords.com
--- End Message ---
--- Begin Message ---
On Friday 13 October 2006 20:18, Tony Di Croce wrote:
> Is their a slick way of automatically serializing Objects to the session
> when a script exit()'s and de-serialize them in session_start()?
>
> It seems to me that object oriented PHP might actually be useful if I could
> persist an object across an entire session, and come to think of it, their
> really ought to be an automatic way to do this... (IE, I'd not be suprised
> one bit if its already a feature of PHP that I'm just not aware of)...
>
> So, is their a way to do this?
class Foo {
...
}
session_start();
$foo = new Foo();
$_SESSION['myfoo'] = $foo;
Ta da. The catch is the class must be defined before you start the session,
so that it knows how to deserialize it.
Of course, the cost of serialization and deserialization is non-trivial for
any data structure that is of interesting size, and you have to keep in mind
that if you aren't syncing to the database periodically then you will end up
with stale data objects. (An issue in any case, but the longer the object
representing a view of your database exists, the more of a problem it
becomes. YMMV depending on the data you're holding.)
--
Larry Garfield AIM: LOLG42
[EMAIL PROTECTED] ICQ: 6817012
"If nature has made any one thing less susceptible than all others of
exclusive property, it is the action of the thinking power called an idea,
which an individual may exclusively possess as long as he keeps it to
himself; but the moment it is divulged, it forces itself into the possession
of every one, and the receiver cannot dispossess himself of it." -- Thomas
Jefferson
--- End Message ---
