php-general Digest 21 Apr 2007 09:09:16 -0000 Issue 4747
Topics (messages 253390 through 253410):
Re: retrieve POST body?
253390 by: Richard Lynch
253391 by: Richard Lynch
Re: running linux
253392 by: Richard Lynch
253393 by: Edward Vermillion
253401 by: Haig (Home)
Find MAC Address in PHP
253394 by: Nathaniel Hall
253395 by: Daniel Brown
253404 by: Satyam
253406 by: Zoltán Németh
253407 by: Satyam
upload file then move between servers
253396 by: blackwater dev
Re: Appending into associative arrays
253397 by: Tijnema !
253399 by: Robert Cummings
Re: first script
253398 by: Thufir
Preventing SQL Injection/ Cross Site Scripting
253400 by: Dotan Cohen
253402 by: Leonard Burton
CSS position:absolute for <INPUT ... > on form
253403 by: rwhartung
253405 by: Zoltán Németh
Re: Session with microtime
253408 by: Tim
should I be looking to eliminate all notices?
253409 by: Ross
253410 by: Zoltán Németh
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
--- Begin Message ---
On Thu, April 19, 2007 10:28 pm, Myron Turner wrote:
> that should be necessary at this time. For instance, if it's
> necessary
> to pass in CGI parameters at the same time as sending out a file,
> the
> parameters can be tacked onto a query string and they will be packed
> into both the $_POST and the $_GET arrays.
I've lost track of why the OP needs an md5 or whatever it is of the
raw POST data, but MAYBE using an unknown MIME type and putting all
the other args in the URL as $_GET parameters, would leave them with
only the file itself to be "parsed" which would be pretty minimal
parsing...
--
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?
--- End Message ---
--- Begin Message ---
On Thu, April 19, 2007 11:58 pm, Justin Frim wrote:
> Regarding some discussion a while back about putting in a feature
> request for obtaining the POST body...
>
> I can see the advantage of streaming the POST body directly to disk,
> because then you don't have to allocate a huge amount of memory for
> keeping a copy of the POST body in a variable. So maybe (and this is
> wishful thinking), a feature could be added to PHP where the entire
> POST
> body, unaltered, is streamed to a file in the same fasion as those
> individual temporary files referenced in the $_FILES[] array.
>
> Then for HTTP digest authenticated requests with integrity protection,
> I
> could just call md5_file() on this special file, and my world would be
> a
> whole lot simpler! (And any other script programmers, should they
> need
> to access the POST body for whatever reason, can just read the file
> and
> parse it however necessary. No gigantic memory overhead involved.)
This sounds like a perfectly reasonable Feature Request to this naive
reader...
http://bugs.php.net/
--
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?
--- End Message ---
--- Begin Message ---
On Fri, April 20, 2007 3:59 pm, Edward Vermillion wrote:
>
> On Apr 20, 2007, at 3:10 PM, Daniel Brown wrote:
>
>> You're exactly right, Richard. MacOS is based on BSD.
>>
>>
>
> And if you have any familiarity with linux administration, forget
> almost everything you know 'cause they changed it in OSX...
Hmmm.
I didn't try to "administer" much, but once I find and open up a
terminal window, it pretty was just like being on BSD, afaict...
I'm not a BSD (nor Linux) guru, but I typed things in the shell, and
they did what I expected...
--
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?
--- End Message ---
--- Begin Message ---
On Apr 20, 2007, at 4:09 PM, Richard Lynch wrote:
On Fri, April 20, 2007 3:59 pm, Edward Vermillion wrote:
On Apr 20, 2007, at 3:10 PM, Daniel Brown wrote:
You're exactly right, Richard. MacOS is based on BSD.
And if you have any familiarity with linux administration, forget
almost everything you know 'cause they changed it in OSX...
Hmmm.
I didn't try to "administer" much, but once I find and open up a
terminal window, it pretty was just like being on BSD, afaict...
I'm not a BSD (nor Linux) guru, but I typed things in the shell, and
they did what I expected...
Yeah, the shell is familiar and except for a few differences between
linux and bsd in some of the commands it's very familiar.
But pretty much everything under /etc has been replaced with NetInfo.
I'm sure it's great for guys that have a thousand boxes to admin, but
it's a pain for just setting up one box. I guess I could spend a week
or so getting familiar with all the command line stuff for NetInfo
since the GUI is no real help. But it sure would be nice to just be
able to edit the config files like I'm used to...
Ed
--- End Message ---
--- Begin Message ---
Dual booting on 1 physical drive isn't really bullet proof.
Assuming your laptop bios supports booting from a usb drive, you can use a
usb stick or a usb hard drive and install linux on that along with putting
the boot loader on the usb drive as well.
I've installed Suse on a 4g usb stick and haven't had any issues yet.
-----Original Message-----
From: Edward Vermillion [mailto:[EMAIL PROTECTED]
Sent: Friday, April 20, 2007 4:39 PM
To: [EMAIL PROTECTED]
Cc: php Lists
Subject: Re: [PHP] running linux
On Apr 20, 2007, at 4:09 PM, Richard Lynch wrote:
> On Fri, April 20, 2007 3:59 pm, Edward Vermillion wrote:
>>
>> On Apr 20, 2007, at 3:10 PM, Daniel Brown wrote:
>>
>>> You're exactly right, Richard. MacOS is based on BSD.
>>>
>>>
>>
>> And if you have any familiarity with linux administration, forget
>> almost everything you know 'cause they changed it in OSX...
>
> Hmmm.
>
> I didn't try to "administer" much, but once I find and open up a
> terminal window, it pretty was just like being on BSD, afaict...
>
> I'm not a BSD (nor Linux) guru, but I typed things in the shell, and
> they did what I expected...
>
Yeah, the shell is familiar and except for a few differences between
linux and bsd in some of the commands it's very familiar.
But pretty much everything under /etc has been replaced with NetInfo.
I'm sure it's great for guys that have a thousand boxes to admin, but
it's a pain for just setting up one box. I guess I could spend a week
or so getting familiar with all the command line stuff for NetInfo
since the GUI is no real help. But it sure would be nice to just be
able to edit the config files like I'm used to...
Ed
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
Hi all,
I am attempting to find the MAC address of systems visiting my page from
the local LAN. I have tried several things, but it appears it will not
let me run system commands. For example, running <?php $MAC =
system("arp 192.168.200.254"); echo $MAC; ?>" does not give me any
output. I have copied arp to a place that the apache user can execute
from and ensured arp is executable.
This is on a Fedora Core 6 box running PHP 5.1.6-3.4 and Apache
2.2.3-5. Any help is appreciated.
--
Nathaniel Hall
--- End Message ---
--- Begin Message ---
Usually arp on Linux requires the user to be logged in as root. If you
can run it, try this:
<?
ob_start();
passthru('arp '.$ip_addr);
$MAC = ob_get_contents();
ob_end_clean();
?>
On 4/20/07, Nathaniel Hall <[EMAIL PROTECTED]> wrote:
Hi all,
I am attempting to find the MAC address of systems visiting my page from
the local LAN. I have tried several things, but it appears it will not
let me run system commands. For example, running <?php $MAC =
system("arp 192.168.200.254"); echo $MAC; ?>" does not give me any
output. I have copied arp to a place that the apache user can execute
from and ensured arp is executable.
This is on a Fedora Core 6 box running PHP 5.1.6-3.4 and Apache
2.2.3-5. Any help is appreciated.
--
Nathaniel Hall
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
Daniel P. Brown
[office] (570-) 587-7080 Ext. 272
[mobile] (570-) 766-8107
--- End Message ---
--- Begin Message ---
Don't bother, if you manage to get a MAC, it won't be that of the client
machine in the majority of cases since the IP you get for the request is
not, in most cases, the one for that machine, but that of the proxy, router
and zillion of other things that step in the middle and change the IP.
Satyam
----- Original Message -----
From: "Nathaniel Hall" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, April 20, 2007 10:00 PM
Subject: [PHP] Find MAC Address in PHP
Hi all,
I am attempting to find the MAC address of systems visiting my page from
the local LAN. I have tried several things, but it appears it will not
let me run system commands. For example, running <?php $MAC = system("arp
192.168.200.254"); echo $MAC; ?>" does not give me any output. I have
copied arp to a place that the apache user can execute from and ensured
arp is executable.
This is on a Fedora Core 6 box running PHP 5.1.6-3.4 and Apache 2.2.3-5.
Any help is appreciated.
--
Nathaniel Hall
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.446 / Virus Database: 269.5.5/769 - Release Date: 19/04/2007
17:56
--- End Message ---
--- Begin Message ---
The OP said he wants MACs for the machines on his local LAN. In that
case I don't think he would have meet the things you said.
greets
Zoltán Németh
2007. 04. 21, szombat keltezéssel 07.49-kor Satyam ezt írta:
> Don't bother, if you manage to get a MAC, it won't be that of the client
> machine in the majority of cases since the IP you get for the request is
> not, in most cases, the one for that machine, but that of the proxy, router
> and zillion of other things that step in the middle and change the IP.
>
> Satyam
>
> ----- Original Message -----
> From: "Nathaniel Hall" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Friday, April 20, 2007 10:00 PM
> Subject: [PHP] Find MAC Address in PHP
>
>
> > Hi all,
> >
> > I am attempting to find the MAC address of systems visiting my page from
> > the local LAN. I have tried several things, but it appears it will not
> > let me run system commands. For example, running <?php $MAC = system("arp
> > 192.168.200.254"); echo $MAC; ?>" does not give me any output. I have
> > copied arp to a place that the apache user can execute from and ensured
> > arp is executable.
> >
> > This is on a Fedora Core 6 box running PHP 5.1.6-3.4 and Apache 2.2.3-5.
> > Any help is appreciated.
> >
> > --
> > Nathaniel Hall
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >
> >
> > --
> > No virus found in this incoming message.
> > Checked by AVG Free Edition.
> > Version: 7.5.446 / Virus Database: 269.5.5/769 - Release Date: 19/04/2007
> > 17:56
> >
> >
>
--- End Message ---
--- Begin Message ---
I'm sorry, I missed that, you are right, unless there are subnets within the
company, several offices in distant locations.
Satyam
----- Original Message -----
From: "Zoltán Németh" <[EMAIL PROTECTED]>
To: "Satyam" <[EMAIL PROTECTED]>
Cc: "Nathaniel Hall" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Saturday, April 21, 2007 9:10 AM
Subject: Re: [PHP] Find MAC Address in PHP
The OP said he wants MACs for the machines on his local LAN. In that
case I don't think he would have meet the things you said.
greets
Zoltán Németh
2007. 04. 21, szombat keltezéssel 07.49-kor Satyam ezt írta:
Don't bother, if you manage to get a MAC, it won't be that of the client
machine in the majority of cases since the IP you get for the request is
not, in most cases, the one for that machine, but that of the proxy,
router
and zillion of other things that step in the middle and change the IP.
Satyam
----- Original Message -----
From: "Nathaniel Hall" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, April 20, 2007 10:00 PM
Subject: [PHP] Find MAC Address in PHP
> Hi all,
>
> I am attempting to find the MAC address of systems visiting my page
> from
> the local LAN. I have tried several things, but it appears it will not
> let me run system commands. For example, running <?php $MAC =
> system("arp
> 192.168.200.254"); echo $MAC; ?>" does not give me any output. I have
> copied arp to a place that the apache user can execute from and ensured
> arp is executable.
>
> This is on a Fedora Core 6 box running PHP 5.1.6-3.4 and Apache
> 2.2.3-5.
> Any help is appreciated.
>
> --
> Nathaniel Hall
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
>
> --
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.5.446 / Virus Database: 269.5.5/769 - Release Date:
> 19/04/2007
> 17:56
>
>
--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.463 / Virus Database: 269.5.6/770 - Release Date: 20/04/2007
18:43
--- End Message ---
--- Begin Message ---
I need to allow a user to upload a file. Once the file is up, I need to
then move it to another server and wsync it to our webclusters. What's the
best way to do this with php? I don't really want php issuing root
commands. I've considered storing the file in the db but really need it to
be scanned (they should just be images) then pushed out to my servers.
Thanks!
--- End Message ---
--- Begin Message ---
On 4/17/07, Richard Lynch <[EMAIL PROTECTED]> wrote:
On Sun, April 15, 2007 2:20 pm, Otto Wyss wrote:
> I want to sort directories according there modification time and
> thought
> accociative arrays would be perfect. But when I add an element like
>
> $dirs = array (filemtime($d) => $d)
>
> the previous ones are lost. I tried array_push but that doesn't seems
> to
> work, at least I always get syntax errors. Next try was
> array_merge(array (...)). So what next?
Two files may have the same modification time.
You are storing only ONE file for any given timestamp.
You could do something like this:
foreach($files as $file){
$dirs[filemtime($file)][] = $file;
}
You will then have an ARRAY for each timestamp with all the files that
were modified at that time.
So you end up with a big useless array? How big is the chance that
there are 2 files modified at the same time? 0.00001? or is it
0.0000000001?
Tijnema
--- End Message ---
--- Begin Message ---
On Sat, 2007-04-21 at 00:11 +0200, Tijnema ! wrote:
> On 4/17/07, Richard Lynch <[EMAIL PROTECTED]> wrote:
> > On Sun, April 15, 2007 2:20 pm, Otto Wyss wrote:
> > > I want to sort directories according there modification time and
> > > thought
> > > accociative arrays would be perfect. But when I add an element like
> > >
> > > $dirs = array (filemtime($d) => $d)
> > >
> > > the previous ones are lost. I tried array_push but that doesn't seems
> > > to
> > > work, at least I always get syntax errors. Next try was
> > > array_merge(array (...)). So what next?
> >
> > Two files may have the same modification time.
> >
> > You are storing only ONE file for any given timestamp.
> >
> > You could do something like this:
> >
> > foreach($files as $file){
> > $dirs[filemtime($file)][] = $file;
> > }
> >
> > You will then have an ARRAY for each timestamp with all the files that
> > were modified at that time.
>
> So you end up with a big useless array? How big is the chance that
> there are 2 files modified at the same time? 0.00001? or is it
> 0.0000000001?
Depends on how the files are used, frequency of modification, number of
concurrent processes that may modify them, etc, etc. Probably for all we
know may be as high as 1.0 in any given second.
The resolution of filemtime() is in seconds, I consider that a low
enough resolution to worry about possible timestamp collisions.
Cheers,
Rob.
--
.------------------------------------------------------------.
| InterJinn Application Framework - http://www.interjinn.com |
:------------------------------------------------------------:
| An application and templating framework for PHP. Boasting |
| a powerful, scalable system for accessing system services |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for |
| creating re-usable components quickly and easily. |
`------------------------------------------------------------'
--- End Message ---
--- Begin Message ---
Richard Lynch <ceo <at> l-i-e.com> writes:
>
> On Fri, April 20, 2007 2:05 pm, Thufir wrote:
>
> Please tell me that's not your real name...
[...]
It's the name I use on the internet.
-Thufir
--- End Message ---
--- Begin Message ---
I've got a comments form that I'd like to harden against SQL Injection
/ XSS attacks. The data is stored in UTF-8 in a mysql database. I
currently parse the data as such:
$_POST["commentform"]=str_replace ("'", "''", $_POST["commentform"]);
// q->qq
$_POST["commentform"]=str_replace ("--", "", $_POST["commentform"]);
// -- -> x
$_POST["commentform"]=str_replace (";", "", $_POST["commentform"]);
// ; -> x
$_POST["commentform"]=str_replace ("=", "''", $_POST["commentform"]);
// = -> x
$_POST["commentform"]=preg_replace ("/java/i", "''", $_POST["commentform"]);
$_POST["commentform"]=preg_replace ("/script/i", "''", $_POST["commentform"]);
$_POST["commentform"]=preg_replace ("/src=/i", "''", $_POST["commentform"]);
$_POST["commentform"]=preg_replace ("/src =/i", "''", $_POST["commentform"]);
$_POST["commentform"]=preg_replace ("/iframe/i", "''", $_POST["commentform"]);
$_POST["commentform"]=preg_replace ("/rel=/i", "''", $_POST["commentform"]);
$_POST["commentform"]=preg_replace ("/rel =/i", "''", $_POST["commentform"]);
$_POST["commentform"]=preg_replace ("/href=/i", "''", $_POST["commentform"]);
$_POST["commentform"]=preg_replace ("/href =/i", "''", $_POST["commentform"]);
$_POST["commentform"]=preg_replace ("//i", "''", $_POST["commentform"]);
$_POST["commentform"]=htmlspecialchars( mysql_real_escape_string
($_POST["commentform"]) );
The first statement doubles up quotes, it's a bit difficult to see in the code.
After seeing this:
http://ha.ckers.org/xss.html
and another similar one for SQL injection, I'm worried that my filters
are not enough. What do the pro php programers out there use?
Thanks in advance.
Dotan Cohen
http://lyricslist.com/
http://what-is-what.com/
--- End Message ---
--- Begin Message ---
Hi Dotan,
Why not use mysql_escape_string()?
On 4/20/07, Dotan Cohen <[EMAIL PROTECTED]> wrote:
I've got a comments form that I'd like to harden against SQL Injection
/ XSS attacks. The data is stored in UTF-8 in a mysql database. I
currently parse the data as such:
$_POST["commentform"]=str_replace ("'", "''", $_POST["commentform"]);
// q->qq
$_POST["commentform"]=str_replace ("--", "", $_POST["commentform"]);
// -- -> x
$_POST["commentform"]=str_replace (";", "", $_POST["commentform"]);
// ; -> x
$_POST["commentform"]=str_replace ("=", "''", $_POST["commentform"]);
// = -> x
$_POST["commentform"]=preg_replace ("/java/i", "''", $_POST["commentform"]);
$_POST["commentform"]=preg_replace ("/script/i", "''", $_POST["commentform"]);
$_POST["commentform"]=preg_replace ("/src=/i", "''", $_POST["commentform"]);
$_POST["commentform"]=preg_replace ("/src =/i", "''", $_POST["commentform"]);
$_POST["commentform"]=preg_replace ("/iframe/i", "''", $_POST["commentform"]);
$_POST["commentform"]=preg_replace ("/rel=/i", "''", $_POST["commentform"]);
$_POST["commentform"]=preg_replace ("/rel =/i", "''", $_POST["commentform"]);
$_POST["commentform"]=preg_replace ("/href=/i", "''", $_POST["commentform"]);
$_POST["commentform"]=preg_replace ("/href =/i", "''", $_POST["commentform"]);
$_POST["commentform"]=preg_replace ("//i", "''", $_POST["commentform"]);
$_POST["commentform"]=htmlspecialchars( mysql_real_escape_string
($_POST["commentform"]) );
The first statement doubles up quotes, it's a bit difficult to see in the code.
After seeing this:
http://ha.ckers.org/xss.html
and another similar one for SQL injection, I'm worried that my filters
are not enough. What do the pro php programers out there use?
Thanks in advance.
Dotan Cohen
http://lyricslist.com/
http://what-is-what.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
Leonard Burton, N9URK
http://www.jiffyslides.com
[EMAIL PROTECTED]
[EMAIL PROTECTED]
"The prolonged evacuation would have dramatically affected the
survivability of the occupants."
--- End Message ---
--- Begin Message ---
Hi all,
I have an internal project where I need to position input text boxes
to simulate a desktop app that i am replacing. Can I define a
stylesheet with absolute positioning for <INPUT>s. If so do the calls
to class="..." or index="..." work in placed within the <INPUT . . .>
statement?
My understanding is that the <INPUT> is an inline element and that
absolute positioning may be difficult. I have looked at well over 100
google responses without finding a clear answer.
Thanks,
Bob
--- End Message ---
--- Begin Message ---
I think you cannot directly position the input tag itself, but rather
you should create a div around the input tag and position that div
greets
Zoltán Németh
2007. 04. 20, péntek keltezéssel 22.33-kor rwhartung ezt írta:
> Hi all,
> I have an internal project where I need to position input text boxes
> to simulate a desktop app that i am replacing. Can I define a
> stylesheet with absolute positioning for <INPUT>s. If so do the calls
> to class="..." or index="..." work in placed within the <INPUT . . .>
> statement?
>
> My understanding is that the <INPUT> is an inline element and that
> absolute positioning may be difficult. I have looked at well over 100
> google responses without finding a clear answer.
>
> Thanks,
>
> Bob
>
--- End Message ---
--- Begin Message ---
> -----Message d'origine-----
> De : Matthew Powell [mailto:[EMAIL PROTECTED]
> Envoyé : vendredi 20 avril 2007 18:57
> À : [EMAIL PROTECTED]
> Objet : Re: [PHP] Session with microtime
>
> Panquekas wrote:
> > On 20/04/07, Panquekas <[EMAIL PROTECTED]> wrote:
>
> <snip>
>
> > I'm sorry, my mistake. What I tried to say is that the
> session_start()
> > was on the top of the page, and the if( ) block was after
> that and the
> > login script was even after the if( ), so the first thing
> to ran was
> > the
> > session_start() then the if( ) block and after that the
> login script
> > registering the $_SESSION's. I moved the login script to
> the middle of
> > the
> > session_start() and the if( ).
>
> <snip>
>
> Am I the only one that uses 'session.auto_start = 1'?
>
> It saves me from worrying about that type of problem.
>
I like control over what goes on ;)
Tim
--- End Message ---
--- Begin Message ---
A quick one this morning.
When coding should I be trying to code so there are no notices or is it ok
to turn them off.
I don't really want to do a isset check for every index I have.
Ross
--- End Message ---
--- Begin Message ---
When coding I think it is better to turn error_reporting to E_ALL and
try to write code that emits no notices.
Of course there might be some notices left, which you decide not to care
about, in production notices should be turned off then
greets
Zoltán Németh
2007. 04. 21, szombat keltezéssel 10.01-kor Ross ezt írta:
> A quick one this morning.
>
> When coding should I be trying to code so there are no notices or is it ok
> to turn them off.
>
> I don't really want to do a isset check for every index I have.
>
>
> Ross
>
--- End Message ---
