php-general Digest 7 Sep 2007 01:48:45 -0000 Issue 5004
Topics (messages 261773 through 261808):
Re: capital "I" letters in func/class method names do not work with turkish
locale in php5
261773 by: Dan Shirah
261775 by: Roman
261780 by: Eric Butera
Re: cant mail
261774 by: Daniel Brown
261784 by: David Wonderly
261785 by: Sanjeev N
Re: Curl redirection problem.
261776 by: Rahul Sitaram Johari
261777 by: Stut
Flow chart graph library
261778 by: Dani Castaños
261779 by: Jay Blanchard
261792 by: Sanjeev N
Re: Generating foldout menus in php
261781 by: Ken Kixmoeller -- reply to ken.kixmoeller.com
261782 by: Edward Kay
261783 by: Ken Kixmoeller -- reply to ken.kixmoeller.com
261786 by: Ken Kixmoeller -- reply to ken.kixmoeller.com
261787 by: tedd
IE Not Following Header("Location: /path/to/file.php");
261788 by: Scott Wilcox
261789 by: Edward Kay
261790 by: Kevin Murphy
261791 by: Sanjeev N
261793 by: Andrew Brampton
261800 by: brian
Preventing Access to Private Files
261794 by: Stephen
261795 by: mike
261796 by: Daevid Vincent
261797 by: TG
261804 by: tedd
261805 by: Daevid Vincent
261807 by: brian
Loosing session data between requests
261798 by: robert mena
261799 by: Edward Kay
261803 by: robert mena
403 Forbiden
261801 by: Jesús de Diego Alarcón
261802 by: Jesús de Diego Alarcón
261806 by: brian
Re: Opening a file
261808 by: Ronald Wiplinger
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
--- Begin Message ---
Now that's service!
On 9/6/07, Tijnema <[EMAIL PROTECTED]> wrote:
>
> On 9/6/07, Roman Neumüller <[EMAIL PROTECTED]> wrote:
> > I'm a german web-designer living in Turkey.
> > Sometimes I use opensource software like gallery2 or WP to have
> customers
> > have some
> > nice web albums or blog. The turkish translation files of such
> opensource
> > software
> > usually use gettext and .po files for i18n and are always a bit behind
> the
> > translation
> > status of other european languages.
> >
> > I decided to work a bit on some of those tr.po files on my local linux
> box
> > (opensuse 10.2 with apache 2.x mysql 5.x and php 5.2.0). But when I
> > started the
> > test phase in turkish I couldn't test because of strange errors.
> > I contacted the forum of gallery2 and after investigating the problem I
> > stumbled over an answer of bug #35050 at bugs.php.net:
> >
> > http://bugs.php.net/bug.php?id=35050
> >
> > and its status: WONT FIX
> >
> > Now that's really great. It means that turkish hosting providers cannot
> > use php5 at all!
> > And as of the news on php.net php4 will not be supported or developed
> any
> > further
> > after the end of 2007! Will Turks really have now to wait for a php6?
> > When will that come out?
> > That's seems to me to be a sort of discrimination of turkish language in
> > php5.
> > Is it technical so difficult to develop a patch for this bug?
> >
> > Sincerely
> >
>
> Well, only 1 hour later than your email, there has been posted a patch
> on the bug page that fixes it.
>
> Tijnema
>
>
> --
> If this is a mailing list: DO NOT TOP POST! why?:
> http://www.caliburn.nl/topposting.html
>
> Vote for PHP Color Coding (aka Syntax Highlighting) in Gmail! ->
> http://gpcc.tijnema.info
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--- End Message ---
--- Begin Message ---
On Thu, 06 Sep 2007 15:57:57 +0300, Tijnema <[EMAIL PROTECTED]> wrote:
On 9/6/07, Roman Neumüller <[EMAIL PROTECTED]> wrote:
I'm a german web-designer living in Turkey.
Sometimes I use opensource software like gallery2 or WP to have
customers
have some
nice web albums or blog. The turkish translation files of such
opensource
software
usually use gettext and .po files for i18n and are always a bit behind
the
translation
status of other european languages.
I decided to work a bit on some of those tr.po files on my local linux
box
(opensuse 10.2 with apache 2.x mysql 5.x and php 5.2.0). But when I
started the
test phase in turkish I couldn't test because of strange errors.
I contacted the forum of gallery2 and after investigating the problem I
stumbled over an answer of bug #35050 at bugs.php.net:
http://bugs.php.net/bug.php?id=35050
and its status: WONT FIX
Now that's really great. It means that turkish hosting providers cannot
use php5 at all!
And as of the news on php.net php4 will not be supported or developed
any
further
after the end of 2007! Will Turks really have now to wait for a php6?
When will that come out?
That's seems to me to be a sort of discrimination of turkish language in
php5.
Is it technical so difficult to develop a patch for this bug?
Sincerely
Well, only 1 hour later than your email, there has been posted a patch
on the bug page that fixes it.
Tijnema
Now that's great!
But...
I had a view in my php5.2.0 source package in the Zend folder
(phpinfo says: Zend Engine v2.2.0) for the file to be patched
(zend_operators.c) and there is no such code in the file and no
#define zend_tolower(c)
What do I have to do now?
--- End Message ---
--- Begin Message ---
On 9/6/07, Tijnema <[EMAIL PROTECTED]> wrote:
> On 9/6/07, Roman Neumüller <[EMAIL PROTECTED]> wrote:
> > I'm a german web-designer living in Turkey.
> > Sometimes I use opensource software like gallery2 or WP to have customers
> > have some
> > nice web albums or blog. The turkish translation files of such opensource
> > software
> > usually use gettext and .po files for i18n and are always a bit behind the
> > translation
> > status of other european languages.
> >
> > I decided to work a bit on some of those tr.po files on my local linux box
> > (opensuse 10.2 with apache 2.x mysql 5.x and php 5.2.0). But when I
> > started the
> > test phase in turkish I couldn't test because of strange errors.
> > I contacted the forum of gallery2 and after investigating the problem I
> > stumbled over an answer of bug #35050 at bugs.php.net:
> >
> > http://bugs.php.net/bug.php?id=35050
> >
> > and its status: WONT FIX
> >
> > Now that's really great. It means that turkish hosting providers cannot
> > use php5 at all!
> > And as of the news on php.net php4 will not be supported or developed any
> > further
> > after the end of 2007! Will Turks really have now to wait for a php6?
> > When will that come out?
> > That's seems to me to be a sort of discrimination of turkish language in
> > php5.
> > Is it technical so difficult to develop a patch for this bug?
> >
> > Sincerely
> >
>
> Well, only 1 hour later than your email, there has been posted a patch
> on the bug page that fixes it.
>
> Tijnema
>
>
> --
> If this is a mailing list: DO NOT TOP POST! why?:
> http://www.caliburn.nl/topposting.html
>
> Vote for PHP Color Coding (aka Syntax Highlighting) in Gmail! ->
> http://gpcc.tijnema.info
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
I wouldn't hold my breath on that.
--- End Message ---
--- Begin Message ---
On 9/6/07, Diana Castillo <[EMAIL PROTECTED]> wrote:
> I found telenet.exe that comes with windows, but when I type in
> <SMTPSERVER> 25, type EHLO <ENTER>
> it says Command not valid
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
First of all, I wasn't sure which post of yours to reply to, but
since Rob replied here, I'll jump in on this one.
What he means is to do the following (since you're on Windows):
1.) Click the Start menu.
2.) Click `Run`
3.) Type: telnet
4.) When telnet starts, type: open <SMTPSERVER> 25
(Note: Replace <SMTPSERVER> with the correct server address)
5.) If it connects, type: EHLO
5b.) If it doesn't connect, then investigate the possible reasons why.
Hope that helps with the part your testing now, Diana.
--
Daniel P. Brown
[office] (570-) 587-7080 Ext. 272
[mobile] (570-) 766-8107
Give a man a fish, he'll eat for a day. Then you'll find out he was
allergic and is hospitalized. See? No good deed goes unpunished....
--- End Message ---
--- Begin Message ---
Diana Castillo wrote:
when I try to send mail using this code:
mail("[EMAIL PROTECTED]","TEST MAIL","TESTING MAIL");
I get this error:
Warning: mail() [function.mail]: Failed to connect to mailserver at
"smtp.tsanalytics.com" port 25, verify your "SMTP" and "smtp_port" setting
in php.ini or use ini_set() in C:\Inetpub\wwwroot\intranet\test.php on line
4
my settings in php.ini are
SMTP = "smtp.tsanalytics.com"
smtp_port = 25
I had this problem and I found that changing the port to 26 instead of
25 fixed all SMTP problems that I had.
Maybe this will help.
-Dave
--- End Message ---
--- Begin Message ---
Hi,
Try to set from the program using ini_set()function and or check your mail
server is correct or what.
In most of the case I have used as follows
Ini_set("SMPT","mail.domainname.com");
And port
If mail server doesn't exist then used as
Ini_set("SMPT","domainname.com");
And port
And believe me it worked well...
You just confirm your mailing server and your problem solves
Warm Regards,
Sanjeev
http://www.sanchanworld.com/
http://webdirectory.sanchanworld.com - Submit your website URL
http://webhosting.sanchanworld.com - Choose your best web hosting plan
-----Original Message-----
From: Diana Castillo [mailto:[EMAIL PROTECTED]
Sent: Thursday, September 06, 2007 4:12 PM
To: [EMAIL PROTECTED]
Subject: [PHP] cant mail
when I try to send mail using this code:
mail("[EMAIL PROTECTED]","TEST MAIL","TESTING MAIL");
I get this error:
Warning: mail() [function.mail]: Failed to connect to mailserver at
"smtp.tsanalytics.com" port 25, verify your "SMTP" and "smtp_port" setting
in php.ini or use ini_set() in C:\Inetpub\wwwroot\intranet\test.php on line
4
my settings in php.ini are
SMTP = "smtp.tsanalytics.com"
smtp_port = 25
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
Chris wrote:
>> Curl won't redirect you, you have to do it.
>> header('Location: http://www.website.org');
>
> But bear in mind that any cookies you've set up with curl will not be
> there when you redirect the client since they're in your cookie jar not
> on the clients machine, so if you're trying to do what I think you're
> trying to do it won't work.
>
> -Stut
Exactly!! And it doesn¹t work!
Stut you¹re absolutely right. I did indeed try the header('Location:
http://www.website.org'); directive in many different ways. When it failed
to work, I realized that the cookies that curl setup are stores in the
cookie jar, not the client browser/machine therefore the redirection
took me to the ³unlogged-in² page, and not the ³logged-in² page of the
website.
So what¹s the work around?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rahul Sitaram Johari
CEO, Twenty Four Seventy Nine Inc.
W: http://www.rahulsjohari.com
E: [EMAIL PROTECTED]
³I morti non sono piu soli ... The dead are no longer lonely²
--- End Message ---
--- Begin Message ---
Rahul Sitaram Johari wrote:
Chris wrote:
> Curl won't redirect you, you have to do it.
> header('Location: http://www.website.org');
But bear in mind that any cookies you've set up with curl will not be
there when you redirect the client since they're in your cookie jar not
on the clients machine, so if you're trying to do what I think you're
trying to do it won't work.
-Stut
Exactly!! And it doesn’t work!
Stut you’re absolutely right. I did indeed try the header('Location:
http://www.website.org'); directive in many different ways. When it
failed to work, I realized that the cookies that curl setup are stores
in the cookie jar, not the client browser/machine – therefore – the
redirection took me to the “unlogged-in” page, and not the “logged-in”
page of the website.
So what’s the work around?
If you really need to do this you need to do it with client-side
technology like activex so the cookies get set in the browser.
The only site I know that does this is egg.com, and they do it with an
activex control that runs an embedded IE control. Yes, it's IE only.
If all you want to do is log them in using a username and password that
you have simply fake the login form from the other site on your page
with hidden text fields, auto-fill it with the details and set the
action to the same place the login form on the other site submits to.
Then submit that form using javascript and boom, the user is logged in
to that other site.
Evil, nasty, insecure and other such stuff but that's how I'd do it if I
had to do it at all.
-Stut
--
http://stut.net/
--- End Message ---
--- Begin Message ---
Hi all!
Does anybody know a PHP library to create Flow chart graphs??
I need it to do something like this:
(yes)
Is it true ----> ? -------> Update
|
(no) |
|
>
Cancel
Thank you in advance!
--- End Message ---
--- Begin Message ---
[snip]
Does anybody know a PHP library to create Flow chart graphs??
I need it to do something like this:
(yes)
Is it true ----> ? -------> Update
|
(no) |
|
>
Cancel
Thank you in advance!
[/snip]
http://www.phpclasses.org/browse/file/13723.html
It was the first thing that Google came up with.
--- End Message ---
--- Begin Message ---
Hi,
The following link may help you for what you want to achieve. I had
bookmarked this link a long back.
http://www.phpclasses.org/browse/package/3009.html
But I have not tried.
Warm Regards,
Sanjeev
http://www.sanchanworld.com/
http://webdirectory.sanchanworld.com - Submit your website URL
http://webhosting.sanchanworld.com - Choose your best web hosting plan
-----Original Message-----
From: Dani Castaños [mailto:[EMAIL PROTECTED]
Sent: Thursday, September 06, 2007 8:22 PM
To: [EMAIL PROTECTED]
Subject: [PHP] Flow chart graph library
Hi all!
Does anybody know a PHP library to create Flow chart graphs??
I need it to do something like this:
(yes)
Is it true ----> ? -------> Update
|
(no) |
|
>
Cancel
Thank you in advance!
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
On Sep 3, 2007, at 12:42 PM, tedd wrote:
that would be more complicated than just using css with js, like so:
http://sperling.com/examples/menuh/
http://sperling.com/examples/menuv/
Why complicate your life?
Hey, tedd - - - -
I like this tool, and am playing with it -- --
Just wondering, though, if you have ever created PHP code to generate
these menus on-the-fly? I am working on an intranet application in
which I take values from rights-and-responsibilities tables and use
it to generate navigation options. Got a start on it, but if you
already had some code I'd appreciate getting a gander at it.
KixJaguar - -
--- End Message ---
--- Begin Message ---
> -----Original Message-----
> From: Ken Kixmoeller -- reply to [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]
> Sent: 06 September 2007 16:48
> To: tedd; [EMAIL PROTECTED]
> Subject: Re: [PHP] Generating foldout menus in php
>
>
>
> On Sep 3, 2007, at 12:42 PM, tedd wrote:
>
>
> > that would be more complicated than just using css with js, like so:
> >
> > http://sperling.com/examples/menuh/
> >
> > http://sperling.com/examples/menuv/
> >
> > Why complicate your life?
> >
>
> Hey, tedd - - - -
>
> I like this tool, and am playing with it -- --
>
> Just wondering, though, if you have ever created PHP code to generate
> these menus on-the-fly? I am working on an intranet application in
> which I take values from rights-and-responsibilities tables and use
> it to generate navigation options. Got a start on it, but if you
> already had some code I'd appreciate getting a gander at it.
>
Hi Ken,
You may want to take a look at Yahoo's YUI menu:
http://developer.yahoo.com/yui/menu/
These can be defined using standard XHTML markup.
Edward
--- End Message ---
--- Begin Message ---
On Sep 6, 2007, at 11:02 AM, Edward Kay wrote:
You may want to take a look at Yahoo's YUI menu:
http://developer.yahoo.com/yui/menu/
These can be defined using standard XHTML markup.
Thank you --- I will do that --
--- End Message ---
--- Begin Message ---
On Sep 6, 2007, at 10:47 AM, Ken Kixmoeller -- reply to
[EMAIL PROTECTED] wrote:
Just wondering, though, if you have ever created PHP code to
generate these menus on-the-fly?
Never mind === I got it working. (Mechanically) --
Aesthetically, though, even though I used the "horizontal" classes,
it comes out vertical -- any clues?
thanks ---
Ken
--- End Message ---
--- Begin Message ---
At 10:05 AM -0500 9/6/07, phphelp -- kbk wrote:
On Sep 3, 2007, at 12:42 PM, tedd wrote:
that would be more complicated than just using css with js, like so:
http://sperling.com/examples/menuh/
http://sperling.com/examples/menuv/
Why complicate your life?
Hey, tedd - - - -
I like this tool, and am playing with it -- --
Just wondering, though, if you have ever created PHP code to
generate these menus on-the-fly? I am working on an intranet
application in which I take values from rights-and-responsibilities
tables and use it to generate navigation options. Got a start on it,
but if you already had some code I'd appreciate getting a gander at
it.
KixJaguar - -
Unfortunately, I have not done anything in php with this and I could
not do anything without the aid of some client-side help (i.e., ajax)
-- so, why reinvent the wheel? CSS works!
Cheers,
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--- End Message ---
--- Begin Message ---
hey folks.
I have a strange problem with IE sometimes. It doesn't seem to accept
and follow a header sent to the browser. The action occurs when a user
logs in, then is sent this header.
Any hints/ideas appreciated.
Scott.
--- End Message ---
--- Begin Message ---
Scott Wilcox wrote:
hey folks.
I have a strange problem with IE sometimes. It doesn't seem to accept
and follow a header sent to the browser. The action occurs when a user
logs in, then is sent this header.
Any hints/ideas appreciated.
Scott.
Get Microsoft's (free) Fiddler Tool and look at the exact info been sent
and received:
http://www.fiddlertool.com/fiddler/
Edward
--- End Message ---
--- Begin Message ---
Also, turn on error reporting and see if an error is being generated
before the header is sent.
--
Kevin Murphy
Webmaster: Information and Marketing Services
Western Nevada College
www.wnc.edu
775-445-3326
P.S. Please note that my e-mail and website address have changed from
wncc.edu to wnc.edu.
On Sep 6, 2007, at 11:44 AM, Edward Kay wrote:
Scott Wilcox wrote:
hey folks.
I have a strange problem with IE sometimes. It doesn't seem to accept
and follow a header sent to the browser. The action occurs when a
user
logs in, then is sent this header.
Any hints/ideas appreciated.
Scott.
Get Microsoft's (free) Fiddler Tool and look at the exact info been
sent and received:
http://www.fiddlertool.com/fiddler/
Edward
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
There may be some output before header() or may be IE browsing interface is
not getting refresh properly
Warm Regards,
Sanjeev
http://www.sanchanworld.com/
http://webdirectory.sanchanworld.com - Submit your website URL
http://webhosting.sanchanworld.com - Choose your best web hosting plan
-----Original Message-----
From: Scott Wilcox [mailto:[EMAIL PROTECTED]
Sent: Thursday, September 06, 2007 11:59 PM
To: [EMAIL PROTECTED]
Subject: [PHP] IE Not Following Header("Location: /path/to/file.php");
hey folks.
I have a strange problem with IE sometimes. It doesn't seem to accept
and follow a header sent to the browser. The action occurs when a user
logs in, then is sent this header.
Any hints/ideas appreciated.
Scott.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
That is not valid, the Location field must contain the full URL, so
/path/to/file.php
should be
http://yourserver/path/to/file.php
Read RFC rfc2616, section 14
Will help find it:
http://www.google.com/search?hl=en&q=HTTP+Header+Field&btnG=Google+Search
Andrew
----- Original Message -----
From: "Scott Wilcox" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, September 06, 2007 7:29 PM
Subject: [PHP] IE Not Following Header("Location: /path/to/file.php");
hey folks.
I have a strange problem with IE sometimes. It doesn't seem to accept
and follow a header sent to the browser. The action occurs when a user
logs in, then is sent this header.
Any hints/ideas appreciated.
Scott.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
Edward Kay wrote:
Get Microsoft's (free) Fiddler Tool and look at the exact info been sent
and received:
http://www.fiddlertool.com/fiddler/
Edward
I'd just like to say thanks for posting that. This might be the sugar i
need to face the bitter prospect of booting Windows for testing.
brian
--- End Message ---
--- Begin Message ---
I understand how to use PHP with MySQL to have a
members table to validate passwords. And to limit the
generation of "member" pages to members only.
But what about photographs? If someone knows the
complete URL they could view it directly, unless the
directory is protected using .htpassword
But I don't want to have passwords in two places, nor
muck with the password file everytime a new member
joins.
Suggestions?
Thanks
Stephen
--- End Message ---
--- Begin Message ---
On 9/6/07, Stephen <[EMAIL PROTECTED]> wrote:
> I understand how to use PHP with MySQL to have a
> members table to validate passwords. And to limit the
> generation of "member" pages to members only.
>
> But what about photographs? If someone knows the
> complete URL they could view it directly, unless the
> directory is protected using .htpassword
>
> But I don't want to have passwords in two places, nor
> muck with the password file everytime a new member
> joins.
you could use a PHP wrapper file, and do something like:
if(is logged in and has rights) {
passthru('file.jpg')
} else {
header("location: somewhere else");
exit();
}
--- End Message ---
--- Begin Message ---
> -----Original Message-----
> From: Stephen [mailto:[EMAIL PROTECTED]
> Sent: Thursday, September 06, 2007 1:04 PM
> To: [EMAIL PROTECTED]
> Subject: [PHP] Preventing Access to Private Files
>
> I understand how to use PHP with MySQL to have a
> members table to validate passwords. And to limit the
> generation of "member" pages to members only.
>
> But what about photographs? If someone knows the
> complete URL they could view it directly, unless the
> directory is protected using .htpassword
>
> But I don't want to have passwords in two places, nor
> muck with the password file everytime a new member
> joins.
>
> Suggestions?
>
> Thanks
> Stephen
http://modauthmysql.sourceforge.net/
Pretty much the greatest plugin ever invented for Apache.
I use it religiously.
Then you can have both methods sharing the same db table and it's seemless
and WAY more secure than trying to do some 'index.php' or 'header' tricks...
Basically add something like this to your apache vhost_foo.conf file:
<Directory /home/foo/public_html/admin>
Options All +Includes
AllowOverride None
AuthName "My Private Admin Stuff"
AuthType Basic
require valid-user
AuthMySQLHost localhost
AuthMySQLDB mydatabase
AuthMySQLUser mydbuser
AuthMySQLPassword mydbpass
AuthMySQLPwEncryption sha1
AuthMySQLUserTable users
AuthMySQLNameField username
AuthMySQLPasswordField password
AuthMySQLUserCondition "type = 'Admin' AND enabled = 1"
</Directory>
That last AuthMySQLUserCondition is the most useful addition.
Also take a look at this, for some additional ideas in making your "login"
look more professional than just some form fields on a web page...
http://www.php.net/manual/en/features.http-auth.php
You can combine all three methods and chicks will love you like no other...
D.Vin
http://daevid.com
--- End Message ---
--- Begin Message ---
You could use PHP to read the file and send the proper image format header.
Your URL might look something like this:
http://www.yoursite.com/image.php?id=234
If you're worried about people hotlinking it in web forums or something, you
can research 'hotlink protection'. There's a million ways you could do it.
I don't know what the "best" common practice is, but it could involve
something in the URL that indicates the ID # of the image plus a date/time
so if someone tried to use the link more than like 10 seconds after the
link was generated, it wouldn't load.
example:
http://www.yoursite.com/image.php?id=20070909150523234
So if someone tried to access the link after Sept 9, 2007, 3:05pm and 23
seconds (+/- like 10 sec maybe) using the image id 234, it would fail.
You could encode that number so it wasn't so obvious what it was.
You could also maybe look at the REFERRER to see what page linked to the
image and if it's not one of your pages, block it.
Also, a common practice for using files without them being publicly
accessible (outside the web server) would be to store the files in a path
that's not available to the web server.
For example, if you have your files in:
/somepath/webroot/
/somepath/webroot/images (for common public things like buttons, banner
graphics, etc)
/somepath/webroot/docs (for public documents like PDFs or something you
want people to be able to download easily)
Store sensitive files in:
/somepath/includes (included/required files that may contain stuff like
database passwords and such)
/somepath/photos (photos you don't want publicly available to be
direct linked as you describe)
The web server software has access to certain directories, but PHP itself can
have access to things outside the main web folders.
Just some thoughts. Good luck!
-TG
----- Original Message -----
From: Stephen <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Date: Thu, 6 Sep 2007 16:03:52 -0400 (EDT)
Subject: [PHP] Preventing Access to Private Files
> I understand how to use PHP with MySQL to have a
> members table to validate passwords. And to limit the
> generation of "member" pages to members only.
>
> But what about photographs? If someone knows the
> complete URL they could view it directly, unless the
> directory is protected using .htpassword
>
> But I don't want to have passwords in two places, nor
> muck with the password file everytime a new member
> joins.
>
> Suggestions?
>
> Thanks
> Stephen
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--- End Message ---
--- Begin Message ---
At 1:15 PM -0700 9/6/07, Daevid Vincent wrote:
Basically add something like this to your apache vhost_foo.conf file:
Where's that?
I'm on a hosted server -- is that something that I can get to?
Cheers,
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--- End Message ---
--- Begin Message ---
Depends on your host I guess. Some hosts give you an entire Virtual Machine
with root access. It depends on your distro too. But usually it's in
/etc/apache...
If you don't have direct access, you will have to talk to them about if
mod_auth_mysql is installed and have them setup for you. If it's installed,
you could also do the .htaccess route, but that's not as elegant.
d
> -----Original Message-----
> From: tedd [mailto:[EMAIL PROTECTED]
> Sent: Thursday, September 06, 2007 5:02 PM
> To: Daevid Vincent; [EMAIL PROTECTED]
> Subject: RE: [PHP] Preventing Access to Private Files
>
> At 1:15 PM -0700 9/6/07, Daevid Vincent wrote:
> >Basically add something like this to your apache vhost_foo.conf file:
>
> Where's that?
>
> I'm on a hosted server -- is that something that I can get to?
>
> Cheers,
>
> tedd
> --
> -------
> http://sperling.com http://ancientstones.com http://earthstones.com
>
--- End Message ---
--- Begin Message ---
Daevid Vincent wrote:
Depends on your host I guess. Some hosts give you an entire Virtual Machine
with root access. It depends on your distro too. But usually it's in
/etc/apache...
If you don't have direct access, you will have to talk to them about if
mod_auth_mysql is installed and have them setup for you. If it's installed,
you could also do the .htaccess route, but that's not as elegant.
You can see if the module is installed with phpinfo() (under the apache
section).
brina
--- End Message ---
--- Begin Message ---
Hi,
I am facing a strange problem. I have two servers (both Centos 4.5, httpd
2.0.52, php 5.1.6) and in one of them a webmail (uebimiau) looses session
data between requests and in another it does not.
I've compared php.ini from both with nothing different except for some
memory limits they are equal.
I've checked both /tmp and the session file sess_xxxxx in one server is
empty and in another has the data. Both $_SESSION are ok (I've checked with
a var_dump).
What could it be?
thanks.
--- End Message ---
--- Begin Message ---
robert mena wrote:
I've checked both /tmp and the session file sess_xxxxx in one server is
empty and in another has the data. Both $_SESSION are ok (I've checked with
a var_dump).
Check the permissions on /var/lib/php/session
Edward
--- End Message ---
--- Begin Message ---
Edward,
My session.save_path = "/tmp".
The sess_X is created but with no contents....
On 9/6/07, Edward Kay <[EMAIL PROTECTED]> wrote:
>
>
>
> robert mena wrote:
> > I've checked both /tmp and the session file sess_xxxxx in one server is
> > empty and in another has the data. Both $_SESSION are ok (I've checked
> with
> > a var_dump).
> >
> >
> Check the permissions on /var/lib/php/session
>
> Edward
>
--- End Message ---
--- Begin Message ---
Hello all and thank you in advance.
I'm totally beginer in PHP .
I'm developing:
http://www.my3dgis.es/visor/visor.htm#
At Options > Herramientas > Búsq
--- End Message ---
--- Begin Message ---
(Excuse me... wrong button....)
Hello all and thank you in advance.
I'm totally beginer in PHP .
I'm developing:
http://www.my3dgis.es/visor/visor.htm#
At Options > Herramientas > Búsqueda en Catastro the application shows a
form (ExtJS). In this form, the combobox Provincias should be loaded using:
http://www.my3dgis.es/visor/php/provincias.php
However, using Firebug i can see that call to php/provincias.php always
shows 403 (403 Forbidden).
I don't know where the problem can be... this application is working ok for
me at localhost....
Thank you in advance.
Jesús de Diego
--- End Message ---
--- Begin Message ---
Jesús de Diego Alarcón wrote:
(Excuse me... wrong button....)
Hello all and thank you in advance.
I'm totally beginer in PHP .
I'm developing:
http://www.my3dgis.es/visor/visor.htm#
At Options > Herramientas > Búsqueda en Catastro the application shows a
form (ExtJS). In this form, the combobox Provincias should be loaded using:
http://www.my3dgis.es/visor/php/provincias.php
However, using Firebug i can see that call to php/provincias.php always
shows 403 (403 Forbidden).
I don't know where the problem can be... this application is working ok for
me at localhost....
Check the permissions on php/provincias.php
brian
--- End Message ---
--- Begin Message ---
On Wed, 2007-09-05 at 10:29 -0400, Dan Shirah wrote:
> Correction, I am now getting this error:
>
> PHP Warning: file(fruits.txt)
> [function.file<http://develop1/credit%20card%20processing/function.file>]:
> failed to open stream: No such file or directory
> PHP Warning: in_array()
> [function.in-array<http://develop1/credit%20card%20processing/function.in-array>]:
> Wrong datatype for second argument
>
> But the file IS in the same folder.
does ls -l give you the answer? (Does your web server has permission
to read the file?)
bye
Ronald
>
>
> On 9/5/07, Dan Shirah <[EMAIL PROTECTED]> wrote:
> >
> > Good Morning!
> >
> > Opening this file is proving to be a pain. I have a folder that contains a
> > PHP page and a text file. I am trying to open the contents of the txt file
> > using file() but it keeps erroring out. Below is the code I'm using to try
> > and open it:
> >
> > <?php
> > $fruit = "apple");
> > $lines = file("fruits.txt");
> > if (in_array($fruit,$lines))
> > {
> > $a = "Y";
> > }
> > ?>
> >
> > So, I'm setting my variable, opening my file as an array in $lines, then
> > checking to see if my variable is in the array, and if it is, assign a value
> > ot a new variable. However, I am getting the following error:
> >
> > PHP Warning: in_array()
> > [function.in-array<http://develop1/credit%20card%20processing/function.in-array>]:
> > Wrong datatype for second argument
> >
> > Any ideas?
> >
--- End Message ---
