php-general Digest 30 Apr 2010 05:11:42 -0000 Issue 6719
Topics (messages 304750 through 304764):
Re: Security/Development Question
304750 by: tedd
Re: Two color rows in table inside while iteration
304751 by: tedd
304752 by: Juan Rodriguez Monti
304754 by: Al
304759 by: tedd
304763 by: shiplu
Re: Malware Question
304753 by: Al
304757 by: Gary .
304762 by: Al
Re: CURL cannot connect to URL - IP address - after successful connection
304755 by: ioannes.btinternet.com
304756 by: Gary .
In need of CVS/SVN checkout script for Production servers
304758 by: Daevid Vincent
Admin Interface
304760 by: Brandon Rampersad
304761 by: Karl DeSaulniers
Getting root privs
304764 by: Nilesh Govindarajan
Administrivia:
To subscribe to the digest, e-mail:
[email protected]
To unsubscribe from the digest, e-mail:
[email protected]
To post to the list, e-mail:
[email protected]
----------------------------------------------------------------------
--- Begin Message ---
At 4:54 PM -0400 4/28/10, David Stoltz wrote:
My concern is passing SQL queries in this way is not best practice - am
I wrong? Please let me know how you would react to this?
David :
First, you are not wrong.
Second, that's exactly the type of security risk you want to protect
yourself from.
Third, never trust anything coming from client-side (i.e., POST, GET,
or COOKIE).
Now, they (the vendor) can throw all the layers of confusion/nonsense
(it's SSL, APS.NET, or will happen later) on this as they want, but
the point remains this is permitting client-side access to a database
and that is NOT good.
Cheers,
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--- End Message ---
--- Begin Message ---
At 8:29 AM -0300 4/28/10, Juan Rodriguez Monti wrote:
Hello Guys,
I would like to implement a two color row table for some queries
that I'm doing.
I use PHP to query a DB, then I use while to print all its results. I
have a code pretty similar to this one :
$results = Here the QUERY;
echo "<html>";
echo "<head>";
echo '<link rel="stylesheet" type="text/css" href="style.css" />';
echo "</head>";
echo "<body>";
echo '<div id="container">';
echo "<center><h2>Results</h2></center><br />";
echo ("<table border='1'>");
echo "<td><strong>At1</strong></td>
<td><strong>At2</strong></td> <td><strong>At3</strong></td> $
while ($row = while condition )) {
echo ("<tr>");
echo "<td>$row[0]</td><td>$row[1]</td> <td>$row[2]</td>
<td>$row[3]</td><td>$row[4]</td> ";
echo "</div>";
echo "</body>";
echo "</html>";
I just want to show you how I write the table. What I would like to
know is what do you suggest to do a two color row format.
Thanks!,
Juan
Juan:
Everyone has done this at one time or another -- this is my solution.
http://webbytedd.com/b/color-rows/
Plus, it validates and keeps things simple.
Cheers,
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--- End Message ---
--- Begin Message ---
2010/4/29 tedd <[email protected]>:
> At 8:29 AM -0300 4/28/10, Juan Rodriguez Monti wrote:
>>
>> Hello Guys,
>> I would like to implement a two color row table for some queries that I'm
>> doing.
>>
>> I use PHP to query a DB, then I use while to print all its results. I
>> have a code pretty similar to this one :
>>
>> $results = Here the QUERY;
>> echo "<html>";
>> echo "<head>";
>> echo '<link rel="stylesheet" type="text/css" href="style.css" />';
>> echo "</head>";
>> echo "<body>";
>> echo '<div id="container">';
>>
>> echo "<center><h2>Results</h2></center><br />";
>> echo ("<table border='1'>");
>> echo "<td><strong>At1</strong></td>
>> <td><strong>At2</strong></td> <td><strong>At3</strong></td> $
>>
>> while ($row = while condition )) {
>> echo ("<tr>");
>> echo "<td>$row[0]</td><td>$row[1]</td> <td>$row[2]</td>
>> <td>$row[3]</td><td>$row[4]</td> ";
>> echo "</div>";
>> echo "</body>";
>> echo "</html>";
>>
>> I just want to show you how I write the table. What I would like to
>> know is what do you suggest to do a two color row format.
>>
>> Thanks!,
>> Juan
>
>
> Juan:
>
> Everyone has done this at one time or another -- this is my solution.
>
> http://webbytedd.com/b/color-rows/
>
> Plus, it validates and keeps things simple.
>
> Cheers,
>
> tedd
Tedd,
Thanks. I'm gonna check it. I finally solved it using:
if ( CONDITIONS )) {
$results = query( QUERY );
$colors = array('#97b7cd','#96bf8c');
$index= 0;
echo "<html>";
echo "<head>";
echo '<link rel="stylesheet" type="text/css" href="is.css" />';
echo "</head>";
echo "<body>";
echo '<div id="container">';
echo "<table border='1'>";
echo "<td><strong>a1</strong></td> <td><strong>a2</strong></td>
<td><strong>a3</strong></td> <td><strong>a4</strong></td>
<td><strong>a5</strong></td> ";
while ($row = CONDITIONS )) {
echo '<tr style="background-color: ' . $colors[$index ++ % 2] .
';">';
echo "<td>$row[0]</td><td>$row[1]</td> <td>$row[2]</td>
<td>$row[3]</td><td>$row[4]</td> ";
}
echo "</tr>";
echo "</table>";
echo "</div>";
echo '<p><a href="back.html">back</a></p>';
echo "</body>";
echo "</html>";
This solution was the best for me. It's solved with your help.
Thanks a lot!.
Juan
--- End Message ---
--- Begin Message ---
On 4/28/2010 7:29 AM, Juan Rodriguez Monti wrote:
Hello Guys,
I would like to implement a two color row table for some queries that I'm doing.
I use PHP to query a DB, then I use while to print all its results. I
have a code pretty similar to this one :
$results = Here the QUERY;
echo "<html>";
echo "<head>";
echo '<link rel="stylesheet" type="text/css" href="style.css" />';
echo "</head>";
echo "<body>";
echo '<div id="container">';
echo "<center><h2>Results</h2></center><br />";
echo ("<table border='1'>");
echo "<td><strong>At1</strong></td>
<td><strong>At2</strong></td> <td><strong>At3</strong></td> $
while ($row = while condition )) {
echo ("<tr>");
echo "<td>$row[0]</td><td>$row[1]</td> <td>$row[2]</td>
<td>$row[3]</td><td>$row[4]</td> ";
echo "</div>";
echo "</body>";
echo "</html>";
I just want to show you how I write the table. What I would like to
know is what do you suggest to do a two color row format.
Thanks!,
Juan
$str= "<table>";
$alt = 'even';
foreach(...){
$alt = ($alt == 'odd')?'even':'odd';
$str .= "<tr class=\"$alt\"><td>foo</td></tr>"; // Populate each row;
}
$str .= "</table>\n";
echo $str;
--- End Message ---
--- Begin Message ---
At 11:01 AM -0300 4/29/10, Juan Rodriguez Monti wrote:
2010/4/29 tedd <[email protected]>:
At 8:29 AM -0300 4/28/10, Juan Rodriguez Monti wrote:
Hello Guys,
I would like to implement a two color row table for some queries that I'm
doing.
I use PHP to query a DB, then I use while to print all its results. I
have a code pretty similar to this one :
$results = Here the QUERY;
echo "<html>";
echo "<head>";
echo '<link rel="stylesheet" type="text/css" href="style.css" />';
echo "</head>";
echo "<body>";
echo '<div id="container">';
echo "<center><h2>Results</h2></center><br />";
echo ("<table border='1'>");
echo "<td><strong>At1</strong></td>
<td><strong>At2</strong></td> <td><strong>At3</strong></td> $
while ($row = while condition )) {
echo ("<tr>");
echo "<td>$row[0]</td><td>$row[1]</td> <td>$row[2]</td>
<td>$row[3]</td><td>$row[4]</td> ";
echo "</div>";
echo "</body>";
echo "</html>";
I just want to show you how I write the table. What I would like to
know is what do you suggest to do a two color row format.
Thanks!,
Juan
Juan:
Everyone has done this at one time or another -- this is my solution.
http://webbytedd.com/b/color-rows/
Plus, it validates and keeps things simple.
Cheers,
tedd
Tedd,
Thanks. I'm gonna check it. I finally solved it using:
if ( CONDITIONS )) {
$results = query( QUERY );
$colors = array('#97b7cd','#96bf8c');
$index= 0;
echo "<html>";
echo "<head>";
echo '<link rel="stylesheet" type="text/css" href="is.css" />';
echo "</head>";
echo "<body>";
echo '<div id="container">';
echo "<table border='1'>";
echo "<td><strong>a1</strong></td> <td><strong>a2</strong></td>
<td><strong>a3</strong></td> <td><strong>a4</strong></td>
<td><strong>a5</strong></td> ";
while ($row = CONDITIONS )) {
echo '<tr style="background-color: ' . $colors[$index ++ %
2] . ';">';
echo "<td>$row[0]</td><td>$row[1]</td> <td>$row[2]</td>
<td>$row[3]</td><td>$row[4]</td> ";
}
echo "</tr>";
echo "</table>";
echo "</div>";
echo '<p><a href="back.html">back</a></p>';
echo "</body>";
echo "</html>";
This solution was the best for me. It's solved with your help.
Thanks a lot!.
Juan
The above is far more complicated than it has to be.
Please critically review my example.
Cheers,
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--- End Message ---
--- Begin Message ---
$a=0;
while (++$a, $row=mysql_fetch_...){
echo "<tr class=\"alternate-row-".($a%2)."\"><..."
}
Shiplu Mokaddim
My talks, http://talk.cmyweb.net
Follow me, http://twitter.com/shiplu
SUST Programmers, http://groups.google.com/group/p2psust
Innovation distinguishes bet ... ... (ask Steve Jobs the rest)
--- End Message ---
--- Begin Message ---
On 4/28/2010 7:50 PM, Ashley Sheridan wrote:
Hi all,
This isn't exactly a PHP question, but I don't know anyone else with the
collected smarts of this list. Basically, a site I built and am managing
has been identified by Google as a source of malware. Now, I've been
over the source code with a fine-toothed comb and found nothing, I've
gone over the HTML output for anything suspicious, checked ever single
Javascript file out, looked to see the server headers are correct and
aren't malformed, checked the .htaccess is as expected and have run the
site against the unmask parasites website which found no problems except
the 'suspicious' listing which Google has given it.
The Google webmaster tools tell me nothing more than 'Of the 2 pages we
tested on the site over the past 90 days, 2 page(s) resulted in
malicious software being downloaded and installed without user consent.'
It won't tell me what pages, although it tells me that the malicious
software is hosted on one domain and tells me what it is. Needless to
say I can't find that domain string anywhere in the code. I can't find
any hidden iframe tags or hidden Javascript eval() statements.
Basically now, although this is totally beyond my control, the owner of
the site is expecting me to get this sorted asap. I want to, and have
spent the entire day today looking at it, but have really come to the
point where I'm coming unstuck. I can find nothing wrong with the site
at all.
Does anyone have any helpful advice for this sort of thing? Tools that I
can use to check out the site with, or any bit of information that I can
use to fix this? I can give the URL of the site to anyone off-list if
they wish to check it out.
Thanks,
Ash
http://www.ashleysheridan.co.uk
Ross had a good suggest about planted links to external malicious sites. One of
the sites I worked on a couple of years ago had this happen. They ask me to look
into it.
There were about 90 htaccess files that redirected the user to a malicious site
whenever there was an error, 404 etc.
About 400 html files had a javascript appended on the end that sent the
visitor's IP and the file's complete URL to a website in Russia.
About 300 php files had some php code that generated html code had likewise sent
the visitor's IP and the file's complete URL to a website in Russia.
About 75 implanted php stand-alone files that were very sophisticated file
manipulators. I would have taken me days to figure out exactly what it was doing.
A couple of years ago I was involved in cleansing a site and wrote a script for
searching it. It uses regex search patterns.
Wild cards "*", covering all directories and leading text, are assumed before
the filename. However, you must include an extension or append "*" to your
filename. Can use "*.htaccess"
It list all the files meeting the criteria e.g.,
Sel File Size[bytes] File Time DirPerms Del DirOwner Dir Time
1 /.htaccess 942 8Aug09 14:33:06 0750 * system 17Apr10 20:38:56
You can select a file and view its source including an htmlentities() version
And select one or a batch to delete.
Has a convenient notepad to record your result stats and add a note. e.g.
1Apr09 21 files; "*.htaccess" => "\*" Addition htaccess files added, OK
19Jul08 6 files; "*.htaccess" => "\*"
Has good PW protection,. etc.
Easy to install, one file, instructions at the top.
I'll send you a zip if you reply and send me addr.
Al...........
--- End Message ---
--- Begin Message ---
On 4/29/10, Al wrote:
> Ross had a good suggest about planted links to external malicious sites. One
> of
> the sites I worked on a couple of years ago had this happen. They ask me to
> look
> into it.
>
> There were about 90 htaccess files that redirected the user to a malicious
> site
> whenever there was an error, 404 etc.
>
> About 400 html files had a javascript appended on the end that sent the
> visitor's IP and the file's complete URL to a website in Russia.
>
> About 300 php files had some php code that generated html code had likewise
> sent
> the visitor's IP and the file's complete URL to a website in Russia.
[snip remainder of horror story]
How do people get their sites into this state? Is it just me, or
wouldn't a regular comparison of MD5s of the site contents with SCM
contents stop most of that kind of thing (after the event, but still,
better that than continue in that state).
--- End Message ---
--- Begin Message ---
On 4/29/2010 1:35 PM, Gary . wrote:
On 4/29/10, Al wrote:
Ross had a good suggest about planted links to external malicious sites. One
of
the sites I worked on a couple of years ago had this happen. They ask me to
look
into it.
There were about 90 htaccess files that redirected the user to a malicious
site
whenever there was an error, 404 etc.
About 400 html files had a javascript appended on the end that sent the
visitor's IP and the file's complete URL to a website in Russia.
About 300 php files had some php code that generated html code had likewise
sent
the visitor's IP and the file's complete URL to a website in Russia.
[snip remainder of horror story]
How do people get their sites into this state? Is it just me, or
wouldn't a regular comparison of MD5s of the site contents with SCM
contents stop most of that kind of thing (after the event, but still,
better that than continue in that state).
You are correct in theory; but, in practice maybe somewhat limited for CMS which
have DB contents and raw text files changed almost hourly.
When I departed the site I was working on a couple of years ago, I left a strong
recommendation that someone run my FileSniffer program weekly and check out any
suspect changes. They didn't and now have the above situation.
--- End Message ---
--- Begin Message ---
On 2010/04/29 19:46, Gary . wrote:
On 4/25/10, [email protected] wrote:
I can return a target page - once, but then on refresh within a few
hours the script curl_error is that it cannot connect to the host and
return is empty.
Failed to connect to host is a pretty strange error if they're doing
anything regarding cookies and so on, IMO - I think I'd expect at
least a connection to be established before they decide they don't
like you. Have you used curl's --trace& --trace-ascii options?
Is that debug_backtrace() in php, as I am not using the command line
(can't work out how to get the window up having downloaded curl, I am
not up to 'building libraries' that seems to be needed).
debug_backtrace() does not give any useful information other than saying
the target link fails to connect (this is after it connects once, and
then on refresh and for several hours does not connect). I guess there
is some program that notes the calling IP address and if it is in a
range it does not like, adds it to a list and refuses subsequent
connections to the same address for a while. Cookies are not required
when using the browser directly.
John
--- End Message ---
--- Begin Message ---
On 4/29/10, [email protected] wrote:
> On 2010/04/29 19:46, Gary . wrote:
>> Failed to connect to host is a pretty strange error if they're doing
>> anything regarding cookies and so on, IMO - I think I'd expect at
>> least a connection to be established before they decide they don't
>> like you. Have you used curl's --trace& --trace-ascii options?
>
> Is that debug_backtrace() in php
Not sure :-P
> as I am not using the command line
> (can't work out how to get the window up having downloaded curl, I am
> not up to 'building libraries' that seems to be needed).
Windows? http://curl.haxx.se/download.html *n*x variants should allow
installing via their packge management systems.
--- End Message ---
--- Begin Message ---
Semi-off-topic, but I'm pretty sure you all are faced with this same
challenge, I figured it's worth a shot and maybe some flaming.
I'm looking for a script (bash or php) that I would run on my production
web server that would do this or close to it:
1. do a CVS/SVN checkout to a new timestamped directory
2. change the symlink from the old directory
3. change permissions to www-data:www-data on new directory
4. and possibly tarball up the old directory.
I'm assuming this is a fairly common task, and I actually wrote one of
these at my previous job, but I can't find the script anymore. I remember
it's not quite as trivial as it sounds and took a few hours to perfect, so
I thought I'd try to save myself some time. :)
I have some other useful SVN scripts here if anyone is interested:
http://daevid.com/content/examples/snippets.php
--- End Message ---
--- Begin Message ---
What guide/ebook/tutorial/article that would explain best-practices and
best-interfaces for admin/backend panels would you recommend?. I already
know how to build them, now i just need to narrow my techniques to the best
ones by reading best practices and implementations :)
Thank You Buds
Brandon_R
--
A Brandon_R Production
--- End Message ---
--- Begin Message ---
JPMaster made a good simple login/admin panel. Google him maybe?
Karl
Sent from losPhone
On Apr 29, 2010, at 4:39 PM, Brandon Rampersad
<[email protected]> wrote:
What guide/ebook/tutorial/article that would explain best-practices
and
best-interfaces for admin/backend panels would you recommend?. I
already
know how to build them, now i just need to narrow my techniques to
the best
ones by reading best practices and implementations :)
Thank You Buds
Brandon_R
--
A Brandon_R Production
--- End Message ---
--- Begin Message ---
Hi,
As you know there are lot of control panels lying around like Cpanel,
Lxadmin, most of them based on PHP. The control panels allow editing of
system files which requires root privileges, can somebody tell me how to
gain root privileges inside the script so that it can be useful if I
want to give my users a DNS editing interface instead of loading a big
bloated control panel.
--
Nilesh Govindarajan
Site & Server Administrator
www.itech7.com
मेरा भारत महान !
मम भारत: महत्तम भवतु !
--- End Message ---
