php-general Digest 7 Nov 2010 22:22:14 -0000 Issue 7026

[php-general-digest-help]

php-general Digest 7 Nov 2010 22:22:14 -0000 Issue 7026

Topics (messages 309357 through 309366):

Newbie looking for a project
        309357 by: Ashim Kapoor
        309360 by: Ashley Sheridan
        309363 by: tedd

simple photo gallery
        309358 by: Tom Sparks
        309359 by: Ashley Sheridan

List-Unsubscribe
        309361 by: Robert Simson
        309362 by: Daniel P. Brown

Re: ignore_repeated_errors has no effect
        309364 by: Simon Marchi

Is session_start() using encrypted cookies with HTTPS
        309365 by: Yannick Warnier
        309366 by: Adam Richardson

Administrivia:

To subscribe to the digest, e-mail:
        php-general-digest-subscr...@lists.php.net

To unsubscribe from the digest, e-mail:
        php-general-digest-unsubscr...@lists.php.net

To post to the list, e-mail:
        php-gene...@lists.php.net


----------------------------------------------------------------------

--- Begin Message ---

Dear All,

I am a beginner looking for a project to contribute. Can someone tell me
some good quality projects where I would learn the most? I hope this is the
right forum for this query.

Many thanks,
Ashim Kapoor

--- End Message ---

--- Begin Message ---

On Sun, 2010-11-07 at 15:39 +0530, Ashim Kapoor wrote:

> Dear All,
> 
> I am a beginner looking for a project to contribute. Can someone tell me
> some good quality projects where I would learn the most? I hope this is the
> right forum for this query.
> 
> Many thanks,
> Ashim Kapoor



What most people do for their first projects is to build a website for
themselves. This lets you learn what you want at the pace you want, and
this list is always here to help!

Thanks,
Ash
http://www.ashleysheridan.co.uk

--- End Message ---

--- Begin Message ---

At 3:39 PM +0530 11/7/10, Ashim Kapoor wrote:

Dear All,

I am a beginner looking for a project to contribute. Can someone tell me
some good quality projects where I would learn the most? I hope this is the
right forum for this query.

Many thanks,
Ashim Kapoor

Hi Ashim:

When I started programming php/mysql, I purchased as many books as I could and went through each one creating demos of everything I found.

I still read at least one book every two weeks (or so my expense statement reads) and my demos have gotten more complex incorporating more than php/mysql (i.e., javascript, jquery, css, etc.)

Now I have a considerable amount of demos and when I need something, I have a great store of example to draw on.

Cheers,

tedd
--
-------
http://sperling.com/

--- End Message ---

--- Begin Message ---

I am looking for a simple photo gallery like this 
http://www.lavrsen.dk/webcam/cam1/movecam.php

I want to use it in place of apache autoindex


tom_a_sparks
"It's a nerdy thing I like to do"

--- End Message ---

--- Begin Message ---

On Sun, 2010-11-07 at 02:31 -0800, Tom Sparks wrote:

> I am looking for a simple photo gallery like this 
> http://www.lavrsen.dk/webcam/cam1/movecam.php
> 
> I want to use it in place of apache autoindex
> 
> 
> tom_a_sparks
> "It's a nerdy thing I like to do"
> 
> 
>       
> 

Erm, is there a question in there?

Thanks,
Ash
http://www.ashleysheridan.co.uk

--- End Message ---

--- Begin Message ---

--- End Message ---

--- Begin Message ---

    To unsubscribe, send a blank email to
php-general-unsubscr...@lists.php.net from the email address that is
subscribed to the list.  Alternatively, you may use the form at
http://php.net/mailinglists .

-- 
</Daniel P. Brown>
Dedicated Servers, Cloud and Cloud Hybrid Solutions, VPS, Hosting
(866-) 725-4321
http://www.parasane.net/

--- End Message ---

--- Begin Message ---

Hi,

Just a precision, I don't want to modify the user's code, I would like
to configure my server properly so it does not happen again even if
another user makes a similar mistake.

Thanks,

Simon

On Sun, Nov 7, 2010 at 09:02, Andre Polykanine <an...@oire.org> wrote:
> Hello Simon,
>
> Just modify the While statement:
> while(strlen(trim($ligne))==0 && file_exists($fic) && !feof($fic))
>
> --
> With best regards from Ukraine,
> Andre
> Skype: Francophile
> Twitter: http://twitter.com/m_elensule
> Facebook: http://facebook.com/menelion
>
> ----- Original message -----
> From: Simon Marchi <simon.mar...@polymtl.ca>
> To: php-gene...@lists.php.net <php-gene...@lists.php.net>
> Date: Sunday, November 7, 2010, 11:03:40 AM
> Subject: [PHP] ignore_repeated_errors has no effect
>
> Hi !
> My problem is the following. Due to crappy code by one of my users,
> PHP entered an infinite loop generating an error, causing very high
> load on the server and gigantic log files.
> The lines at fault were the following
>
> while(strlen(trim($ligne))==0 && !feof($fic))
>     $ligne = fgets($fic,1024);
>
> where $fic is not a valid file resource. The generated error is an
> almost infinite amount of:
>
> [Fri Nov 05 03:28:33 2010] [error] [client 66.249.65.124] PHP Warning:
>  feof() expects parameter 1 to be resource, boolean given in
> /home/comites/interne/polymond/nova_html/polysuisse2004/photo/gallerie.php
> on line 52
> [Fri Nov 05 03:28:33 2010] [error] [client 66.249.65.124] PHP Warning:
>  fgets() expects parameter 1 to be resource, boolean given in
> /home/comites/interne/polymond/nova_html/polysuisse2004/photo/gallerie.php
> on line 53
>
> However, I did set ignore_repeated_errors to On, as well as
> ignore_repeated_source. I checked that the settings is effective in
> phpinfo().
>
> Does anybody have an idea why I still get these repeated errors ?
>
> Thanks !
>
> Simon
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

--- End Message ---

--- Begin Message ---

Hi all,

It came to my attention through the Netcraft newsletter[1] that cookies
in a web application are not always sent encrypted when a server is
contacted through HTTPS.

Looking at the setcookie()[2] documentation, there is effectively a
specific parameter (set to false by default). The description of this
parameter says:
"Indicates that the cookie should only be transmitted over a secure
HTTPS connection from the client. When set to TRUE, the cookie will only
be set if a secure connection exists. On the server-side, it's on the
programmer to send this kind of cookie only on secure connection (e.g.
with respect to $_SERVER["HTTPS"])."

This part is clear. No problem with that.

However, my application relies on the session_start()[3] function, which
doesn't say anything about the potential differences in behaviour
between a secure and a non-secure connection (ie HTTPS or HTTP) when the
session identifier is set to be passed through cookies. However, the
session ID is still passed through a cookie, so somehow the cookie must
be set with a decision on whether the mode is secure or not.

Would someone know the internals of that function and whether there is a
way to force it to secure=true when the connection is made through
HTTPS? Or maybe my question doesn't make sense because I am missing the
point on how it works?

I develop an open-source application which can be used through both HTTP
and HTTPS, so I'm a bit worried about not having this question answered
in the doc for session_start().

Thanks,

Yannick Warnier

[1]
http://news.netcraft.com/archives/2010/11/03/github-moves-to-ssl-but-remains-firesheepable.html
[2] http://www.php.net/setcookie
[3] http://www.php.net/session-start

--- End Message ---

--- Begin Message ---

On Sun, Nov 7, 2010 at 2:39 PM, Yannick Warnier <ywarn...@beeznest.org>wrote:

> Hi all,
>
> It came to my attention through the Netcraft newsletter[1] that cookies
> in a web application are not always sent encrypted when a server is
> contacted through HTTPS.
>

Not quite.  Requests and responses over HTTPS are encrypted, including the
cookie header.  However, in the resource you cited, there were security
issues because auth cookies were sent even over standard requests.  The
browser has to be told (through the flag) that the cookie should only be
sent on encrypted requests.


>
> Would someone know the internals of that function and whether there is a
> way to force it to secure=true when the connection is made through
> HTTPS? Or maybe my question doesn't make sense because I am missing the
> point on how it works?
>

Call this function with the appropriate settings before you call
session_start() (or make some changes to php.ini):
http://php.net/manual/en/function.session-set-cookie-params.php


>
> I develop an open-source application which can be used through both HTTP
> and HTTPS, so I'm a bit worried about not having this question answered
> in the doc for session_start().
>

Perhaps a link could be added to the documentation, although the function
session_set_cookie_params() does appear in the secondary navigation in the
left column, and not all sessions use cookies.


>
> Thanks,
>
> Yannick Warnier
>
> [1]
>
> http://news.netcraft.com/archives/2010/11/03/github-moves-to-ssl-but-remains-firesheepable.html
> [2] http://www.php.net/setcookie
> [3] http://www.php.net/session-start
>

Hope this helps,

Adam

-- 
Nephtali:  PHP web framework that functions beautifully
http://nephtaliproject.com

--- End Message ---