php-general Digest 5 Apr 2007 18:43:01 -0000 Issue 4717
Topics (messages 252074 through 252096):
SimpleXML end of element/tag error
252074 by: Don Don
252075 by: JM Guillermin
DOMDocument::schemaValidate() -> libxml_get_errors()
252076 by: Sébastien WENSKE
252078 by: Tijnema !
252083 by: JM Guillermin
Re: Audio CAPTCHA review request
252077 by: Tijnema !
252079 by: tedd
252080 by: Jason Pruim
252082 by: tedd
252085 by: Robert Cummings
252086 by: tedd
252087 by: tedd
252088 by: Tijnema !
252089 by: Robert Cummings
252092 by: jochem
252093 by: Tijnema !
advice on sql injection/XSS prevention
252081 by: Bing Du
252084 by: Zoltán Németh
Debugging Extensions (APD, etc.)
252090 by: Daniel Brown
252091 by: Eric Butera
Re: error
252094 by: Mário Gamito
252095 by: Tijnema !
Re: Mail function
252096 by: Zhimmy Kanata
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[email protected]
----------------------------------------------------------------------
--- Begin Message ---
I am using simple xml to parse an xml file, the program parses the file and
produces an error at the end of the foreach loop when it reaches the end of the
tag, it tries to look for an element/tag when there is none and produces an
error "Call to a member function attributes() on a non-object" the foreach loop
looks like this
foreach($xml->CS as $CS)
{
//processing takes place here
}
when there are no more CS it fires an error
How can i detect when there are no more elements/tags to parse and handle it?
cheers
---------------------------------
It's here! Your new message!
Get new email alerts with the free Yahoo! Toolbar.
--- End Message ---
--- Begin Message ---
And with :
foreach ($xml as $cs) {
.....
}
??
jm
----- Original Message -----
From: "Don Don" <[EMAIL PROTECTED]>
To: "PHP List" <[email protected]>
Sent: Thursday, April 05, 2007 10:32 AM
Subject: [PHP] SimpleXML end of element/tag error
I am using simple xml to parse an xml file, the program parses the file and
produces an error at the end of the foreach loop when it reaches the end of
the tag, it tries to look for an element/tag when there is none and
produces an error "Call to a member function attributes() on a non-object"
the foreach loop looks like this
foreach($xml->CS as $CS)
{
//processing takes place here
}
when there are no more CS it fires an error
How can i detect when there are no more elements/tags to parse and handle
it?
cheers
---------------------------------
It's here! Your new message!
Get new email alerts with the free Yahoo! Toolbar.
--- End Message ---
--- Begin Message ---
Hello all, (sorry for my bad english)
I've this script, it checks an XML file with an XSD file.
it reports errors in the XML with line number, but i've large XML file (up
to 560MB) and the line number
doesn't exceed 65535. for upper lines he return always 65535.
An idea ?
Thx in advance.
---HERE IS THE CODE---
<?
include("fonctions.php");
$xsd_file = $_COOKIE['xsd_file'];
$xml_file = "xml/".basename($_COOKIE['xml_file']);
libxml_use_internal_errors(true);
$xml = new DOMDocument();
$xml->load($xml_file);
if (!$xml->schemaValidate($xsd_file)) {
print '<b>DOMDocument::schemaValidate() Generated Errors!</b>';
libxml_display_errors();
}
?>
/// fonctions.php ///
<?
function libxml_display_error($error)
{
$return = "<br/>\n";
switch ($error->level) {
case LIBXML_ERR_WARNING:
$return .= "<b>Warning $error->code</b>: ";
break;
case LIBXML_ERR_ERROR:
$return .= "<b>Error $error->code</b>: ";
break;
case LIBXML_ERR_FATAL:
$return .= "<b>Fatal Error $error->code</b>: ";
break;
}
$return .= trim($error->message);
if ($error->file) {
$return .= " in <b>$error->file</b>";
}
$return .= " on line <b>$error->line</b>\n";
return $return;
}
function libxml_display_errors() {
$errors = libxml_get_errors();
foreach ($errors as $error) {
print libxml_display_error($error);
}
libxml_clear_errors();
}
?>
--- End Message ---
--- Begin Message ---
On 4/5/07, Sébastien WENSKE <[EMAIL PROTECTED]> wrote:
Hello all, (sorry for my bad english)
I've this script, it checks an XML file with an XSD file.
it reports errors in the XML with line number, but i've large XML file (up
to 560MB) and the line number
doesn't exceed 65535. for upper lines he return always 65535.
An idea ?
Thx in advance.
I don't really understand what you're saying, but i might be able to
help you if you post the output of the script you posted, and then
tell what the expected output is.
Tijnema
--- End Message ---
--- Begin Message ---
If the error occure after the line 65535, libxml_get_errors() returns 65535.
Maybe this can help you Sébastien :
Class: LibXMLError
Properties (Read-Only):
(int) level
(int) code
(int) column
(string) message
(string) file
(int) line
jm
----- Original Message -----
From: "Tijnema !" <[EMAIL PROTECTED]>
To: "Sébastien WENSKE" <[EMAIL PROTECTED]>
Cc: <[email protected]>
Sent: Thursday, April 05, 2007 3:56 PM
Subject: Re: [PHP] DOMDocument::schemaValidate() -> libxml_get_errors()
On 4/5/07, Sébastien WENSKE <[EMAIL PROTECTED]> wrote:
Hello all, (sorry for my bad english)
I've this script, it checks an XML file with an XSD file.
it reports errors in the XML with line number, but i've large XML file (up
to 560MB) and the line number
doesn't exceed 65535. for upper lines he return always 65535.
An idea ?
Thx in advance.
I don't really understand what you're saying, but i might be able to
help you if you post the output of the script you posted, and then
tell what the expected output is.
Tijnema
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
I often wondered why simple CAPTCHA's like "Type the number seven
four three", or "What is the sum of two plus three?", or "Spell cat",
or "Spell two" wouldn't work? Certainly, one can create a routine
coupled a dB to randomly produce thousands of different combinations
of simple questions. Likewise, a sound file could be produced the
same way.
This could get hard for people, not everybody does understand a lot of
English. So if you're asking a question, it does also get harder for
some humans and that's not what we are looking for.
Tijnema
--- End Message ---
--- Begin Message ---
At 3:28 PM +0200 4/5/07, Tijnema ! wrote:
I often wondered why simple CAPTCHA's like "Type the number seven
four three", or "What is the sum of two plus three?", or "Spell cat",
or "Spell two" wouldn't work? Certainly, one can create a routine
coupled a dB to randomly produce thousands of different combinations
of simple questions. Likewise, a sound file could be produced the
same way.
This could get hard for people, not everybody does understand a lot of
English. So if you're asking a question, it does also get harder for
some humans and that's not what we are looking for.
Tijnema
That's a good point. Not only should a captcha be accessible by
sighted, visually impaired, deaf-blind, cognitive impaired, and other
disabilities not mentioned, but also deal with all languages as well.
It certainly sounds impossible, but what are the commonalities of the
above groups?
Clearly specific languages won't work. However, similar problems
arose in maritime and aviation industries where different nationality
captains were/are required to know specific "English" words to pilot
globally. So, the net may present some words that should be
recognized by all, but that's not up to me, but rather to the
consensuses of the net to develop. For example, perhaps "About" and
"Home" may be good candidates, if yo see what I mean.
If not language, what? Mathematical symbols, Dingbats, Miscellaneous
symbols, General Punctuation from the Unicode dB may be candidates
for a more universal basis for communication. But how does one convey
that information to everyone? Hell, some current browsers still can't
render Unicode correctly in the url's, let alone a way to "show" them
to screen readers. In addition, even OS's make it hard for user to
even enter/use those type of characters (except for Mac of course).
There has to be some commonality -- any suggestions?
Cheers,
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--- End Message ---
--- Begin Message ---
On Apr 5, 2007, at 10:08 AM, tedd wrote:
That's a good point. Not only should a captcha be accessible by
sighted, visually impaired, deaf-blind, cognitive impaired, and
other disabilities not mentioned, but also deal with all languages
as well.
It certainly sounds impossible, but what are the commonalities of
the above groups?
Clearly specific languages won't work. However, similar problems
arose in maritime and aviation industries where different
nationality captains were/are required to know specific "English"
words to pilot globally. So, the net may present some words that
should be recognized by all, but that's not up to me, but rather to
the consensuses of the net to develop. For example, perhaps "About"
and "Home" may be good candidates, if yo see what I mean.
If not language, what? Mathematical symbols, Dingbats,
Miscellaneous symbols, General Punctuation from the Unicode dB may
be candidates for a more universal basis for communication. But how
does one convey that information to everyone? Hell, some current
browsers still can't render Unicode correctly in the url's, let
alone a way to "show" them to screen readers. In addition, even
OS's make it hard for user to even enter/use those type of
characters (except for Mac of course).
There has to be some commonality -- any suggestions?
Would it be possible to change the phrase in your audio captcha
depending on the character set chosen by the user? In other words, if
someone is using a chinese character set, could you have it say "3 5
7" in chinese?
Or maybe just have a button to select to play it in chinese (Or
french, dutch, spanish, etc. etc.)
Cheers,
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
Jason Pruim
[EMAIL PROTECTED]
Production & Technology Manager
MQC Specialist (2005 certified)
3251 132nd Ave
Holland MI 49424
616.399.2355
www.raoset.com
"We hold these truths to be self-evident. That all men are created
equal, that they are endowed by their creator with certain
unalienable rights, (and) that among these are Life, Liberty, and the
pursuit of Happiness."
smime.p7s
Description: S/MIME cryptographic signature
--- End Message ---
--- Begin Message ---
At 3:39 PM +0200 4/5/07, Tijnema ! wrote:
Yes, but using a too hard protection where it isn't needed makes
people irritated and they will hate your site. If you're using more
then 1 CAPTCHA program on a simple board for example. But if you have
a site like the NSA, yes, then it wouldn't be very strange to use 10
different CAPTCHA programs.
Tijnema
Tijnema:
I sent this to Daevid off-list because I was trying not to continue a
topic that is not specifically php, but instead deals with a problem
that may be solvable/mitigated by a php script (I know very thin
thread there to keep this php related).
However, I like my dot captcha (been fixed for IE 5 & IE 6) , see:
http://sperling.com/examples/dot-captcha/index.php
As you can "see", it's only for sighted users.
Using that type of captcha coupled with asking questions (such as
click the green dot while presenting several different colored dots)
and providing several captchas in session to pass, could raise the
level of security quite high while not inconveniencing the user too
much -- or so I think.
Remember, spam bots have no information as to what to present for
entry and visual recognition routines would have a lot of trouble
with these as my imagination and coding can change with much less
effort. It makes for an interesting problem.
Cheers,
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--- End Message ---
--- Begin Message ---
On Thu, 2007-04-05 at 10:19 -0400, tedd wrote:
> At 3:39 PM +0200 4/5/07, Tijnema ! wrote:
> >Yes, but using a too hard protection where it isn't needed makes
> >people irritated and they will hate your site. If you're using more
> >then 1 CAPTCHA program on a simple board for example. But if you have
> >a site like the NSA, yes, then it wouldn't be very strange to use 10
> >different CAPTCHA programs.
> >
> >Tijnema
>
> Tijnema:
>
> I sent this to Daevid off-list because I was trying not to continue a
> topic that is not specifically php, but instead deals with a problem
> that may be solvable/mitigated by a php script (I know very thin
> thread there to keep this php related).
>
> However, I like my dot captcha (been fixed for IE 5 & IE 6) , see:
>
> http://sperling.com/examples/dot-captcha/index.php
>
> As you can "see", it's only for sighted users.
My mouse is broken and I couldn't navigate to it using my keyboard! :B
Cheers,
Rob.
--
.------------------------------------------------------------.
| InterJinn Application Framework - http://www.interjinn.com |
:------------------------------------------------------------:
| An application and templating framework for PHP. Boasting |
| a powerful, scalable system for accessing system services |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for |
| creating re-usable components quickly and easily. |
`------------------------------------------------------------'
--- End Message ---
--- Begin Message ---
At 3:39 PM +0200 4/5/07, Tijnema ! wrote:
Still, I don't see any way that a computer could make the difference
between a user and a computer. Because some computers can't be smarter
then others. It's only the way they're programmed.
Tijnema
Tijnema:
You may very well be correct. I've often said that anything a
computer can generate another computer can interpret. However, there
are differences between the two technologies with respect to timing
(a technology lag) and cost. If one develops a better captcha, there
will be a lag time between it's introduction and spammer's catch-up.
Also, what's the cost involved between development of the captcha as
compared to cost for it's solution? If the cost for development is
less then it may simply cost the spammer too much to keep up.
On these two points, I have to say it's possible to develop a captcha
that will work. However, that isn't saying that the captcha will be
accessible to all.
We may find ourselves at a point of asking the disabled (or anyone)
to take an alternate path for contributing. Such as, sending an email
asking for a password allowing them to contribute to a blog for
example.
However, a spammer could do the same. But, if you pass all requesting
emails through a spam filter, like spamcop.net, then that should
reduce spam to an acceptable level.
Perhaps I don't fully understand the problem, but there are many
things here to consider before giving up.
Cheers,
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--- End Message ---
--- Begin Message ---
At 10:25 AM -0400 4/5/07, Robert Cummings wrote:
> However, I like my dot captcha (been fixed for IE 5 & IE 6) , see:
http://sperling.com/examples/dot-captcha/index.php
As you can "see", it's only for sighted users.
My mouse is broken and I couldn't navigate to it using my keyboard! :B
Cheers,
Rob.
Rob:
How do you do that?
Is there a php or javascript solution? I'm open to suggestion.
Cheers,
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--- End Message ---
--- Begin Message ---
On 4/5/07, tedd <[EMAIL PROTECTED]> wrote:
At 10:25 AM -0400 4/5/07, Robert Cummings wrote:
> > However, I like my dot captcha (been fixed for IE 5 & IE 6) , see:
>>
>> http://sperling.com/examples/dot-captcha/index.php
>>
>> As you can "see", it's only for sighted users.
>
>My mouse is broken and I couldn't navigate to it using my keyboard! :B
>
>Cheers,
>Rob.
Rob:
How do you do that?
Is there a php or javascript solution? I'm open to suggestion.
Cheers,
tedd
If you're gonna do this, you probably need to remove a little piece in
your security, which isn't wanted of course :)
Tijnema
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
On Thu, 2007-04-05 at 16:52 +0200, Tijnema ! wrote:
> On 4/5/07, tedd <[EMAIL PROTECTED]> wrote:
> > At 10:25 AM -0400 4/5/07, Robert Cummings wrote:
> > > > However, I like my dot captcha (been fixed for IE 5 & IE 6) , see:
> > >>
> > >> http://sperling.com/examples/dot-captcha/index.php
> > >>
> > >> As you can "see", it's only for sighted users.
> > >
> > >My mouse is broken and I couldn't navigate to it using my keyboard! :B
> > >
> > >Cheers,
> > >Rob.
> >
> > Rob:
> >
> > How do you do that?
> >
> > Is there a php or javascript solution? I'm open to suggestion.
> >
> > Cheers,
> >
> > tedd
>
> If you're gonna do this, you probably need to remove a little piece in
> your security, which isn't wanted of course :)
I'm just playing devil's advocate... (my mouse isn't really broken) this
is about accessibility after all >:)
Cheers,
Rob.
--
.------------------------------------------------------------.
| InterJinn Application Framework - http://www.interjinn.com |
:------------------------------------------------------------:
| An application and templating framework for PHP. Boasting |
| a powerful, scalable system for accessing system services |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for |
| creating re-usable components quickly and easily. |
`------------------------------------------------------------'
--- End Message ---
--- Begin Message ---
tedd wrote:
>
> However, I'm not convinced that all sound methodologies can be
> resolved as simply as that. For example -- your method looks for
> pauses/high points and then capsulizes segments for comparison
> against known sounds. That's OK, but what if there is other meaning
> in the sound?
>
> I often wondered why simple CAPTCHA's like "Type the number seven
> four three", or "What is the sum of two plus three?", or "Spell cat",
> or "Spell two" wouldn't work? Certainly, one can create a routine
> coupled a dB to randomly produce thousands of different combinations
> of simple questions. Likewise, a sound file could be produced the
> same way.
>
That will not help much. I have seen this suggestions a lot, see for
example:
http://www.standards-schmandards.com/2005/captcha/ for a nicely written one.
But it makes breaking the captcha a two-step problem. First use speech to
text to make a sentence and then
parse the grammar. Both problems are studied a lot and have lots of
solution.
The segmentation I use in devoicecaptcha is very naive. I agree, but it
works! There are however better (and more complex) segmentation algorithms
readily available. To break your suggested captcha you just use
devoicecaptcha, but you also train the extra words into the model. So
besides statistics for '1' '2' '3' etc. you also add statistics for the word
'+', 'type' etc. Then you transcribe the voice to text ('add' '2' '3') and
parse that text output for example with a BNF parser. That solves the
problem and gives the solution '5'.
What can you do to make audio captcha's harder? Add more voice! This is
exactly what google has done on their updated audio captcha. This really
helps, you need a much more fine grained and larger voice model to trancribe
that. I still think it is doable, but the amount of training work that is
involved scares at least me away from actually doing it.
This is the same for the latest image captchas, trying to segment them is
hard (matching the broken segments to determine the charachter with a
statistical model is relatively easy).
tedd wrote:
>
> Perhaps I'm underestimating the capabilities of bots and
> overestimating the abilities of humans. I suspect that the
> distribution of both camps have an overlap and therein lies the
> problem. The problem may not have a solution.
>
> But to bring this back to my intent -- my intent here is to provide a
> simple audio CAPTCHA that could be used by anyone to provide some
> degree of protection for their personal use THAT would also be
> accessible to screen readers. It's not foolproof, but it appears to
> work in that regard.
>
I think any captcha that is different from a standard library one will help,
you should just know that if someone is really convinced to break it, he/she
can. So think of a captcha and implement it quietly (no bragging how good it
is, that will draw the wrong attention). Standard bots will not be able to
parse it and only if you have a high profile site it will be economally
viable for spammers to break it.
--
View this message in context:
http://www.nabble.com/Audio-CAPTCHA-review-request-tf3487541.html#a9859801
Sent from the PHP - General mailing list archive at Nabble.com.
--- End Message ---
--- Begin Message ---
What can you do to make audio captcha's harder? Add more voice! This is
exactly what google has done on their updated audio captcha. This really
helps, you need a much more fine grained and larger voice model to trancribe
that. I still think it is doable, but the amount of training work that is
involved scares at least me away from actually doing it.
This is the same for the latest image captchas, trying to segment them is
hard (matching the broken segments to determine the charachter with a
statistical model is relatively easy).
tedd wrote:
>
> Perhaps I'm underestimating the capabilities of bots and
> overestimating the abilities of humans. I suspect that the
> distribution of both camps have an overlap and therein lies the
> problem. The problem may not have a solution.
>
> But to bring this back to my intent -- my intent here is to provide a
> simple audio CAPTCHA that could be used by anyone to provide some
> degree of protection for their personal use THAT would also be
> accessible to screen readers. It's not foolproof, but it appears to
> work in that regard.
>
I think any captcha that is different from a standard library one will help,
you should just know that if someone is really convinced to break it, he/she
can. So think of a captcha and implement it quietly (no bragging how good it
is, that will draw the wrong attention). Standard bots will not be able to
parse it and only if you have a high profile site it will be economally
viable for spammers to break it.
What about semi-automatic bots? They load page and fill in all the
details in the form, and they pass the captcha *shit* to you, you type
over the code and the bot can start spamming right?
About your dot-captcha program tedd, it's another trick, it hasn't
been used yet, so somebody needs to look at it to crack. Like Jochem
said, if someone really wants to break it, he will do it. Making a
real though CAPTCHA isn't that hard, it's hard to create a CAPTCHA
that's easy to the user, but very hard to bots.
I was thinking about animation, very simple like a moving dot. "Did it
move from left to right, right to left, top to bottom or bottom to
top?"
As animated images/flash/movies are really though items to parse for a
bot. So just creating an AVI made up from a few simple frames.
Everyone can see if which side the dot moves. But yet, there's no
movie support in PHP, i discussed this on the internals list, but
nobody seems interested, and this is the case i need it again :).
I was thinking about creating random frames from PHP(also a random
number, with different frame rates) and then creating an movie from
that frames. I prefer no compression then, because that would require
the user to install decoders. I think these days every user has a
browser supporting inline movies right?
I know, this wouldn't stop the semi-automatic bots, but i think these
are very hard to stop. (Unstoppable maybe?)
Tijnema
--- End Message ---
--- Begin Message ---
Hi,
I'm not an experienced PHP developer. We're hosting a content management
system that allow authorized people to add PHP contents. Their PHP coding
levels varies. Some are very security sensitive, but some are not. I
want to know if PHP has any ready-to-use funtion to validate form input to
help prevent SQL injection/XSS? So each programmer doesn't have to write
their own form validation code. I'd appreciate any advice or pointers.
Thanks in advance,
Bing
--- End Message ---
--- Begin Message ---
I think it is generally a Bad Idea to allow users to submit code into
your system...
you would be better off if you would provide some pseudo-coding
possibilities which would allow them to insert certain functionalities
into their content - with you providing the real code running behind and
replacing the pseudo-codes with the process results
greets
Zoltán Németh
2007. 04. 5, csütörtök keltezéssel 09.17-kor Bing Du ezt írta:
> Hi,
>
> I'm not an experienced PHP developer. We're hosting a content management
> system that allow authorized people to add PHP contents. Their PHP coding
> levels varies. Some are very security sensitive, but some are not. I
> want to know if PHP has any ready-to-use funtion to validate form input to
> help prevent SQL injection/XSS? So each programmer doesn't have to write
> their own form validation code. I'd appreciate any advice or pointers.
>
> Thanks in advance,
>
> Bing
>
--- End Message ---
--- Begin Message ---
Does anyone have any experience using engine-level debuggers and/or
extensions in PHP? I installed the PECL module APD just a moment ago, and
haven't even used it yet, because I wanted to see if anyone here has a
better suggestion. I'd like something that will track which functions are
being called and output a log of this information, as well as code execution
times so I can see exactly how many cycles are being wasted and reduce it.
--
Daniel P. Brown
[office] (570-) 587-7080 Ext. 272
[mobile] (570-) 766-8107
--- End Message ---
--- Begin Message ---
On 4/5/07, Daniel Brown <[EMAIL PROTECTED]> wrote:
Does anyone have any experience using engine-level debuggers and/or
extensions in PHP? I installed the PECL module APD just a moment ago, and
haven't even used it yet, because I wanted to see if anyone here has a
better suggestion. I'd like something that will track which functions are
being called and output a log of this information, as well as code execution
times so I can see exactly how many cycles are being wasted and reduce it.
--
Daniel P. Brown
[office] (570-) 587-7080 Ext. 272
[mobile] (570-) 766-8107
Well the tools I've played around with are:
Xdebug - really nice for seeing everything about your script. (see
http://xdebug.org/docs-profiling2.php)
If you need to see internals you can look into valgrind (see
http://talks.php.net/show/oscon06/6).
--- End Message ---
--- Begin Message ---
Hi,
I've managed to make the PDF download system work.
But when it opens in acrobat reader, i get the error you can see in:
http://www.gamito.org/fucked-pdf-2.jpg
The code follows my signature.
Any help would be appreciated.
Warm Regards
--
:wq! Mário Gamito
--
<?php
session_start();
if (isset($_SESSION['email'])) {
$error = false;
if (isset($_GET['file'])) {
$file = basename($_GET['file']);
$full = '/var/www/testudio.pdf';
if (!is_readable($full))
$error = "Invalid filename.";
} else {
$error = "No filename given.";
}
header('Content-type: application/pdf');
header("Content-Length: " . filesize($data));
header('Content-disposition: attachment; filename="testudio.pdf"');
readfile("testudio.pdf");
}
?>
--- End Message ---
--- Begin Message ---
On 4/5/07, Mário Gamito <[EMAIL PROTECTED]> wrote:
Hi,
I've managed to make the PDF download system work.
But when it opens in acrobat reader, i get the error you can see in:
http://www.gamito.org/fucked-pdf-2.jpg
The code follows my signature.
Any help would be appreciated.
Warm Regards
--
:wq! Mário Gamito
--
<?php
session_start();
if (isset($_SESSION['email'])) {
$error = false;
if (isset($_GET['file'])) {
$file = basename($_GET['file']);
$full = '/var/www/testudio.pdf';
if (!is_readable($full))
$error = "Invalid filename.";
} else {
$error = "No filename given.";
}
header('Content-type: application/pdf');
header("Content-Length: " . filesize($data));
header('Content-disposition: attachment; filename="testudio.pdf"');
readfile("testudio.pdf");
}
?>
Where did you get the $data variable?
as filesize($data) would return false here, and that's not a good
value for the Content-Length header :)
Tijnema
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
Hi,
Tried it...but it didn't work...Not sure why. I am using a respectable ISP
and they are looking at the problem although they tend to take their time.
I figure I must not be passing the variable. I will post my entire code.
For all those that help again thank you.
<?php
require("config.php");
require("functions.php");
//echo some styles to spice it up...
echo "
<style>
body
{
background: #131313;
font-family: Verdana, Arial;
font-weight: bold;
font-size: 9px;
color: #FFFFFF;
}
.register_box
{
border: 1px solid #323232;
background: #202020;
font-family: Verdana, Arial;
font-weight: bold;
font-size: 9px;
color: #FFFFFF;
}
</style>
";
switch($_GET['action'])
{
case "new":
//--------------------------------------
//[New Registration]
//--------------------------------------
if(!isset($_POST['register']))
{
echo "
<form action='register.php?action=new' method='POST'>
Username: <br />
<input type='text' name='username' class='register_box'>
<br />
Email: <br />
<input type='text' name='email' class='register_box'>
<br />
Password: <br />
<input type='password' name='password' class='register_box'>
<br />
<input type='submit' name='register' value='New Registration!'
class='register_box'>
</form>
";
}
elseif(isset($_POST['register']))
{
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$email = mysql_real_escape_string($_POST['email']);
$activation_code = generateCode(25);
$userq = "SELECT username FROM user_system WHERE username = '$username' LIMIT
1";
$emailq = "SELECT email FROM user_system WHERE email = '$email' LIMIT 1";
//put errors into an array
$errors = array();
if(empty($username))
{
$errors[] = "The username field was blank! <br />";
}
if(mysql_num_rows(mysql_query($userq)) > 0)
{
$errors[] = "The username given is already in use! Please try another one!
<br />";
}
if(empty($password))
{
$errors[] = "The password field was blank! <br />";
}
if(empty($email))
{
$errors[] = "The email field was blank! <br />";
}
if(mysql_num_rows(mysql_query($emailq)) > 0)
{
$errors[] = "The email given is already in use! Please try another one! <br
/>";
}
if(count($errors) > 0)
{
foreach($errors as $err)
{
echo $err;
}
}
else
{
$sqlq = "INSERT INTO user_system (username, password, email, is_activated,
activation_code)";
$sqlq .= "VALUES ('$username', '".md5($password)."', '$email', '0',
'$activation_code')";
mysql_query($sqlq) or die(mysql_error());
echo "$email"; <----- As you can see I am echoing here...so it should be
passed.
echo "Thanks for registering!
You will recieve an email shortly containing your validation code,
and a link to activate your account!";
mail($email, "New Registration, www.sitename.com", " I'm passing it here
Thanks for registering on SITE NAME.
Here are your login details:
Username: ".$username."
Password: ".$password."
In order to login and gain full access, you must validate your account.
Click here to validate:
http://www.sitename.com/register.php?action=activate&user=".$username."&code=".$activation_code.";
Thanks!
[Webmaster]
");
}
}
break;
case "activate":
//--------------------------------------
//[Activate Account]
//--------------------------------------
if(isset($_GET['user']) && isset($_GET['code']))
{
$username = mysql_real_escape_string($_GET['user']);
if(mysql_num_rows(mysql_query("SELECT id FROM user_system WHERE username =
'$username'")) == 0)
{
echo "That username is not in the database!";
}
else
{
$activate_query = "SELECT is_activated FROM user_system WHERE username =
'$username'";
$is_already_activated = mysql_fetch_object(mysql_query($activate_query)) or
die(mysql_error());
if($is_already_activated->is_activated == 1)
{
echo "This user is already activated!";
}
else
{
$code = mysql_real_escape_string($_GET['code']);
$code_query = "SELECT activation_code FROM user_system WHERE username =
'$username' LIMIT 1";
$check_code = mysql_fetch_object(mysql_query($code_query)) or
die(mysql_error());
if($code == $check_code->activation_code)
{
$update = "UPDATE user_system SET is_activated = '1' WHERE username =
'$username'";
mysql_query($update) or die(mysql_error());
echo "User $username has been activated! Thanks! You may now login!";
}
else
{
echo "The activation code was wrong! Please try again!";
}
}
}
}
else
{
echo "No ID or user given to activate!";
}
break;
}
?>
Shafiq Rehman <[EMAIL PROTECTED]> wrote:
Hi,
What i understand is, you have written a new function for sending emails.
Are you passing all the variables to that function? If not, you have to
pass.
or you can use my function
// function declaration, This function can send only HTML emails
function sendMail ($toEmail, $subject, $message, $fromName, $fromEmail)
{
$header .= "From: $from_name <$fromEmail>\n";
$header .= "Reply-To: <$fromEmail>\n";
$header .= "MIME-Version: 1.0\n";
$header .= "Content-type: text/html; charset=us-ascii; format=flowed\n";
$header .= "Content-Transfer-Encoding: 7bit\n";
$header .= "X-Mailer: php\n\n";
mail($toEmail, $subject, $message, $header);
}
// variable values and usage
$toEmail = "[EMAIL PROTECTED]";
$subject = "Hello, This is test";
$message = "Hellow Shafiq,
This is test
message
Regards
Shafiq";
$fromName = "Sender Name";
$fromEmail = "[EMAIL PROTECTED]";
sendMail ($toEmail, $subject, $message, $fromName, $fromEmail);
?>
--
Shafiq Rehman (ZCE)
http://www.phpgurru.com | http://shafiq.pk
On 4/5/07, Zhimmy Kanata wrote:
>
> Hi,
>
> I am working on a program to create a registration feature through a
> email notificaiton much like this list. For functional use but also for
> personal training.
>
> However, I can't seem to pass the variable into the mail function() ? If
> I echo the variable it displays it so it must be passing the variable down.
> If I enter in a fixed and workable email address where $email is then it
> works as well. So I am a little confused to this problem. I have other
> programs where I do this but I place the mail function within a new
> function(). However, when I do that it just barks back at me. Contacted my
> Hosting company they are investigating.
>
> Thanks in advance for your help...
>
> Here is the code..
>
> echo "$email";
> echo "Thanks for registering! <----- It does echo it.
> You will recieve an email shortly containing your validation code,
> and a link to activate your account!";
>
>
> mail($email, "New Registration, www.sitename.com", "
> Thanks for registering on SITE NAME.
> Here are your login details:
>
> Username: ".$username."
> Password: ".$password."
>
> In order to login and gain full access, you must validate your
> account.
>
> Click here to validate:
>
> http://www.sitename.com/login/register.php?action=activate&user=
> ".$username."&code=".$activation_code."
>
> Thanks!
>
> [Webmaster]
> ");
>
> I got the code from www.avengingsorrow.com to see all the code.
>
> Sorry about the HTML email. I am new to the list (first post) and I
> don't believe you can turn off HTML email in Yahoo.
>
> Thanks again in advance
>
> Zhimmy
>
>
> ---------------------------------
> Make free worldwide PC-to-PC calls. Try the new Yahoo! Canada Messenger
> with Voice
---------------------------------
All new Yahoo! Mail -
---------------------------------
Get a sneak peak at messages with a handy reading pane.
--- End Message ---
