php-general Digest 21 Oct 2007 22:33:26 -0000 Issue 5084
Topics (messages 263461 through 263478):
Re: Securing PHP
263461 by: Grant
Re: newbie questions
263462 by: Ravi
263463 by: Richard Heyes
263465 by: Ravi
263467 by: Richard Heyes
263472 by: Larry Garfield
263478 by: Ravi
Re: Multi-table pager sorted by date
263464 by: Bastien Koert
263466 by: Nathan Hawks
Unsetting a header
263468 by: Richard Heyes
263470 by: admin.buskirkgraphics.com
263471 by: Richard Heyes
263473 by: Rafael
263474 by: Rafael
263475 by: Richard Heyes
263476 by: Richard Heyes
263477 by: Stut
Re: This, then that.
263469 by: Robert Cummings
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
--- Begin Message ---
Hi Nathan,
Thanks for taking the time to reply.
Yes, this is a shared server. Each (UNIX) user's home directory is thier
domain name i.e. /home/usersdomainnamehere.com and thier http root is www
i.e. /home/usersdomainnamehere.com/www
I am running apache 2. and mod_php. Most servers are running php 4.x right
now, but we will be upgrading to 5 soon.
Also, apache is running suexec for perl (cgi).
When files are written via ftp and cgi they are owned by the user who logged
in, and in both cases are limited to writing to thier home directory.
In the case of PHP, the files are owned by www.
Should I consider phpsuexec? Or will the apache directives you mentioned
below take care of it?
-Grant
"Nathan Hawks" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Are you running a multi-user hosting service?
>
> If so you can create include files on a per-user or per-domain basis.
> Use the Apache config directive php_value to set your include_path and
> open_basedir appropriately for each account; and other options as
> desired.
>
> I don't know of a particular site, but that is the config framework that
> Plesk uses.
>
> As for building PHP, make sure you run the testing battery ('make test'
> after you 'make' and before you 'make install') in order to see how
> 'hardened' your build is.
>
>
>
> On Sat, 2007-10-20 at 21:00 -0400, Grant wrote:
>> Hi all,
>>
>> You've all likely heard this before...."I was hacked..." , "Had register
>> globals on..." etc etc.
>>
>> Well, this is true of me as well.
>>
>> Does anyone know of a site that would help a semi professional lock down
>> php, i.e.
>>
>> Perhaps how to install phpsuexec,
>>
>> Jail users to only have the ability to read/write to thier own files and
>> directories,
>>
>> php.ini directives that have simiar affect as mentioned above.
>>
>> Any help appreciated.
>>
>> -Grant
>>
--- End Message ---
--- Begin Message ---
That was very very helpful. Thanks a ton!
One more question. For every request, I am sending a redirect back to
the user and the browser takes the user to another url. The problem is
that the browser is not redirecting until the script finishes. Even if I
do flush(), the browser waits til script ends. Is there a way to force
browser to redirect and not wait for the script to end?
In Java I can think of many ways, one is to use threads, hand of data to
another thread and return the response. Another solution would be to
store data in memory (static variable) and update only after every 100
requests.
Is any of this possible in PHP?
M. Sokolewicz wrote:
Ravi wrote:
Guys, I am fairly new to PHP. Here are a few questions, if anybody can
answer it will help me get started. Thanks
I am trying to build a website and I would like to do the following in
my scripts
1. I want to return response to the browser and AFTERWARDS make a log
entry in to a database. I need this so user can experience a fast
response.
There is no "before and after". Everything you do happens during (part
of) the response. But you can just output your data, whatever it may be,
flush() it and then log it via the same script. Your user won't notice a
thing (Hell, even without the flush your user won't notice it probably).
2. If the database update fails, I want to ignore it (since it is just
log entry). Something like try-catch construct in Java. This is more
important if item1 mentioned above is not possible. Essentially
whether I make a database entry or not, I must return a valid response
to user.
So ignore it :) If you don't check for errors, you won't see them...
Makes debugging very annoying, but you won't see em nevertheless. If
your output is not based on anything from your database-update, then
there apparently is no need to worry about it.
3. Is there something like connection pool in php? Do usually people
open/close database connection for every request (I doubt that, it
sounds really slow).
There is something like that, the persistent connections (ie. via
mysql_pconnect), but generally people DO open/close connections via the
same script each and every time the script is executed (this might sound
very slow, but it's actually not too bad). Using persistent connections
is not always the best option (and usually doesn't even make much
sense); there's a good bit of documentation about it in the php docs:
http://www.php.net/manual/en/features.persistent-connections.php
Some code samples or pointers to documentation for the above would
also be very helpful.
code samples of what exactly ?
Thanks
Ravi
--- End Message ---
--- Begin Message ---
Ravi wrote:
That was very very helpful. Thanks a ton!
One more question. For every request, I am sending a redirect back to
the user and the browser takes the user to another url. The problem is
that the browser is not redirecting until the script finishes. Even if I
do flush(), the browser waits til script ends. Is there a way to force
browser to redirect and not wait for the script to end?
In Java I can think of many ways, one is to use threads, hand of data to
another thread and return the response. Another solution would be to
store data in memory (static variable) and update only after every 100
requests.
Not having read the rest of the thread, you could call exit just after
the redirect header is sent, eg:
<?php
header('Location: http://www.yahoo.com');
exit;
?>
Richard Heyes
+44 (0)800 0213 172
http://www.websupportsolutions.co.uk
Knowledge Base and HelpDesk software
that can cut the cost of online support
--- End Message ---
--- Begin Message ---
Richard, unfortunately I cannot end the script. I need something like this:
<?php
header('Location: http://www.yahoo.com');
// somehow let the browser move to yahoo.com
// now update the database to store some information about user
exit;
?>
Richard Heyes wrote:
Ravi wrote:
That was very very helpful. Thanks a ton!
One more question. For every request, I am sending a redirect back to
the user and the browser takes the user to another url. The problem is
that the browser is not redirecting until the script finishes. Even if
I do flush(), the browser waits til script ends. Is there a way to
force browser to redirect and not wait for the script to end?
In Java I can think of many ways, one is to use threads, hand of data
to another thread and return the response. Another solution would be
to store data in memory (static variable) and update only after every
100 requests.
Not having read the rest of the thread, you could call exit just after
the redirect header is sent, eg:
<?php
header('Location: http://www.yahoo.com');
exit;
?>
Richard Heyes
+44 (0)800 0213 172
http://www.websupportsolutions.co.uk
Knowledge Base and HelpDesk software
that can cut the cost of online support
--- End Message ---
--- Begin Message ---
Ravi wrote:
Richard, unfortunately I cannot end the script. I need something like this:
<?php
header('Location: http://www.yahoo.com');
// somehow let the browser move to yahoo.com
// now update the database to store some information about user
exit;
?>
In that case you might want to look at register_shutdown_function().
Richard Heyes
+44 (0)800 0213 172
http://www.websupportsolutions.co.uk
Knowledge Base and HelpDesk software
that can cut the cost of online support
--- End Message ---
--- Begin Message ---
On Sunday 21 October 2007, Richard Heyes wrote:
> Ravi wrote:
> > Richard, unfortunately I cannot end the script. I need something like
> > this:
> >
> > <?php
> > header('Location: http://www.yahoo.com');
> > // somehow let the browser move to yahoo.com
> > // now update the database to store some information about user
> > exit;
> > ?>
>
> In that case you might want to look at register_shutdown_function().
That would work, but I think you're probably not approaching the question
properly. Why do you need to redirect the user first, then log the request?
PHP/MySQL are fast enough that logging first and then redirecting will have
no noticeable impact on performance or your user experience. (I'm assuming a
logging process here that's only 1-3 queries.) It sounds like you're trying
to over-optimize, which is always a bad idea as it makes the code harder to
understand later. :-)
--
Larry Garfield AIM: LOLG42
[EMAIL PROTECTED] ICQ: 6817012
"If nature has made any one thing less susceptible than all others of
exclusive property, it is the action of the thinking power called an idea,
which an individual may exclusively possess as long as he keeps it to
himself; but the moment it is divulged, it forces itself into the possession
of every one, and the receiver cannot dispossess himself of it." -- Thomas
Jefferson
--- End Message ---
--- Begin Message ---
Maybe you have a point. I will do performance testing and then decide if
I should try to optimize to that point.
Yes the logging is just one simple insert into the database.
--- End Message ---
--- Begin Message ---
damn hotmail blows....
But if the database supports it, what about using a view that is made up of the
two tables?
Could that be a possibility?
Bastien
----------------------------------------> From: [EMAIL PROTECTED]> To: [EMAIL
PROTECTED]> Date: Sat, 20 Oct 2007 21:39:03 -0400> Subject: [PHP] Multi-table
pager sorted by date>> I'm doing a project where the database was designed
before me and they> don't have a budget for a database re-design. There are two
entity> tables which /should/ have been the same model with some meta-fields>
keyed off a type field, but it's not. It's two tables, which should be>
displayed intermixed, paged, and sorted by date.>> The solution I thought up
didn't do the trick. I:> - made two pagers, one for each table> - got the
current page's set> - intermixed them by making an array of references, keyed
off the> datetime string, refering to items in both result sets> - krsort()ed
the intermixed array>> The result is probably obvious, but I'll explain it
anyway... there is> nowhere near an equal density in entries-per-date between
the two> tables, and so, each page shows results from both tables, but the
dates> for the two models on the same page are very different; on page 1, i'll>
get items from tableA with dates ranging 10/5/2007-10/9/2007 and tableB> with
dates ranging from 10/13/2007 12:00:00 to 10/13/2007 at 15:00:00.>> So I'm
thinking I need to find a way to align the results, and it needs> to happen
somehow in the pagers themselves (this being symfony, the> pager grabs the
query criteria object and sets limit and offset for> you.) I am already
generating pager links based on the resultset with> the most pages; so
artificially generating page links won't be a far> step.>> The only solution
I've thought up, I don't want to do, which is to break> the query into dates
e.g. if the date range is 2007-10-01 to 2007-10-31,> I do not want a separate
pager link for each date which then subpages> the results or shows all results
for that date; the date range might> span years and there might be hundreds of
entries for a date. I need a> single pager which aligns the two tables'
entries' dates in each page of> results throughout the span.>> I am very open
to a ready-made class that can do this, especially if> it's based on Propel, or
if it can take raw sql queries.>> Thoughts?>> Nathan>>>> --> PHP General
Mailing List (http://www.php.net/)> To unsubscribe, visit:
http://www.php.net/unsub.php>
_________________________________________________________________
Express yourself with free Messenger emoticons. Get them today!
http://www.freemessengeremoticons.ca/?icid=EMENCA122
--- End Message ---
--- Begin Message ---
Possibly... I've never read about MySQL views, so I can't refute it :)
The problem at hand is solved, but thanks. Might have to give views a
glance in TFM.
--- End Message ---
--- Begin Message ---
Does anyone know of a way to unset a header? I have an Expires: header
that I believe Apache is setting, and I don't want it. Thanks.
--
Richard Heyes
+44 (0)800 0213 172
http://www.websupportsolutions.co.uk
Knowledge Base and HelpDesk software
that can cut the cost of online support
--- End Message ---
--- Begin Message ---
Try this never gives me a problem. I use it to keep proxy servers from
caching.
<?
header("HTTP/1.1 200 OK");
header("Status: 200 OK");
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); //
Date in the past
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); // always
modified
header("Cache-Control: no-cache, must-revalidate"); //
HTTP/1.1
header("Pragma: no-cache");
// HTTP/1.0
?>
Richard L. Buskirk
-----Original Message-----
From: Richard Heyes [mailto:[EMAIL PROTECTED]
Sent: Sunday, October 21, 2007 7:55 AM
To: PHP General List
Subject: [PHP] Unsetting a header
Does anyone know of a way to unset a header? I have an Expires: header
that I believe Apache is setting, and I don't want it. Thanks.
--
Richard Heyes
+44 (0)800 0213 172
http://www.websupportsolutions.co.uk
Knowledge Base and HelpDesk software
that can cut the cost of online support
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
Try this never gives me a problem. I use it to keep proxy servers from
caching.
<?
header("HTTP/1.1 200 OK");
header("Status: 200 OK");
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); //
Date in the past
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); // always
modified
header("Cache-Control: no-cache, must-revalidate"); //
HTTP/1.1
header("Pragma: no-cache");
// HTTP/1.0
?>
Yes but I want to unset an Expires: header and not give a any value.
1. PHP (I believe) is setting an Expires: header.
2. The Expires: header is causing the page to be cached too long,
Longer than the Last-Modified: header would allow.
3. Setting the Expires: header to garbage, eg: Expires: none causes
no caching to occur at all.
Let me reiterate, I want this page to get cached, but not based on an
Expires: header. Rather a Last-Modified header.
--
Richard Heyes
+44 (0)800 0213 172
http://www.websupportsolutions.co.uk
Knowledge Base and HelpDesk software
that can cut the cost of online support
--- End Message ---
--- Begin Message ---
Let me reiterate, I want this page to get cached, but not based on an
Expires: header. Rather a Last-Modified header.
Have you tried setting the value to FALSE, NULL, or something else? I
recall having read something along those lines. I'll see if I can find
it again, meanwhile you could experiment a little.
Regards
--- End Message ---
--- Begin Message ---
Let me reiterate, I want this page to get cached, but not based on an
Expires: header. Rather a Last-Modified header.
Have you tried setting the value to FALSE, NULL, or something else? I
recall having read something along those lines. I'll see if I can find
it again, meanwhile you could experiment a little.
Regards
--- End Message ---
--- Begin Message ---
[EMAIL PROTECTED] wrote:
Try this never gives me a problem. I use it to keep proxy servers from
caching.
But I want the page to be cached...
--
Richard Heyes
+44 (0)800 0213 172
http://www.websupportsolutions.co.uk
Knowledge Base and HelpDesk software
that can cut the cost of online support
--- End Message ---
--- Begin Message ---
Have you tried setting the value to FALSE, NULL, or something else?
Yes, nada I'm afraid.
--
Richard Heyes
+44 (0)800 0213 172
http://www.websupportsolutions.co.uk
Knowledge Base and HelpDesk software
that can cut the cost of online support
--- End Message ---
--- Begin Message ---
Richard Heyes wrote:
[EMAIL PROTECTED] wrote:
Try this never gives me a problem. I use it to keep proxy servers from
caching.
But I want the page to be cached...
Maybe I'm being dense, but why not set it to what you want it to be?
Clearing it is leaving the decision up to the browser which will not
necessarily have the effect you want for all users.
Incidentally, it might not be possible if Apache is setting it. Not sure
if PHP has the ability to override headers being sent by Apache.
-Stut
--
http://stut.net/
--- End Message ---
--- Begin Message ---
On Sat, 2007-10-20 at 18:45 -0700, Instruct ICC wrote:
> > > >
> > > >One idea that has always been REALLY popular around here... stuff your
> > > >image in a database. *MUHAWHAWHAWHAWHAW* *Ducks from the flying rocks*.
> > > >
> > > >Cheers,
> > > >Rob.
> > > >--
> > >
> > > Rob:
> > >
> > > That's really not a bad idea, but in this experiment I'm using images
> > > as a stand-in for larger files (CD's, Videos, etc).
> > >
> > > Side note to everyone else (Rob knows this) Storing images in a dB
> > > has some advantages, but the concept has been beat to death on this
> > > list and no need to repeat it -- everything that could be said
> > > pro/con has been said -- just review the archives.
> >
> > I use the db for images sometimes. I don't really care what some people
> > think since I've thought it out for myself and like th epros versus the
> > cons sometimes. At any rate, y our problem appears to be related to
> > safe_mode for not putting images outside the web tree. Most likely
> > though, you have access to .htaccess and so you could create a locked
> > images directory that exists within the web tree but which can't be
> > accessed by a browser. This would give you what you need to be within
> > the confines of safe mode.
> >
>
> Regardless, I said from your file or db when I gave more of an example.
> And in this thread I merely said "display image". Haha?
I wasn't commenting against what you've written. It was more generally a
tongue in cheek shot at previous threads where some people took a hard
line against images in databases :)
Cheers
Rob.
--
...........................................................
SwarmBuy.com - http://www.swarmbuy.com
Leveraging the buying power of the masses!
...........................................................
--- End Message ---
