php-general Digest 15 Mar 2013 06:21:40 -0000 Issue 8163
Topics (messages 320536 through 320556):
Re: Accessing Files Outside the Web Root
320536 by: Jim Giner
320537 by: Ravi Gehlot
320538 by: Dale H. Cook
320541 by: Jim Giner
320544 by: Maciek Sokolewicz
320545 by: Marc Guay
320547 by: Dale H. Cook
320550 by: Dale H. Cook
Accessing Files Outside the Web Root - Progress Report 1
320539 by: Dale H. Cook
320540 by: Jim Giner
320548 by: Dale H. Cook
320551 by: Jim Giner
variable type - conversion/checking
320542 by: georg
320543 by: Matijn Woudt
320546 by: Samuel Lopes Grigolato
320554 by: Jim Lucas
320555 by: Matijn Woudt
320556 by: Jim Lucas
ODBC obscuring the SQL result ?
320549 by: georg
PHP context editor
320552 by: georg
php gd extension with cPanel
320553 by: David Mehler
Administrivia:
To subscribe to the digest, e-mail:
php-general-digest-subscr...@lists.php.net
To unsubscribe from the digest, e-mail:
php-general-digest-unsubscr...@lists.php.net
To post to the list, e-mail:
php-gene...@lists.php.net
----------------------------------------------------------------------
--- Begin Message ---
On 3/13/2013 4:38 PM, Dale H. Cook wrote:
Let me preface my question by noting that I am virtually a PHP novice. Although
I am a long-time webmaster, and have used PHP for some years to give visitors
access to information in my SQL database, this is my first attempt to use it
for another purpose. I have browsed the mailing list archives and have searched
online but have not yet succeeded in teaching myself how to do what I want to
do. This need not provoke a lengthy discussion or involve extensive
hand-holding - if someone can point to an appropriate code sample or online
tutorial that might do the trick.
I am the author of a number of PDF files that serve as genealogical reference
works. My problem is that there are a number of sites which are posing as
search engines and which display my PDF files in their entirety on their own
sites. These pirate sites are not simply opening a window that displays my
files as they appear on my site. They are using Google Docs to display copies
of my files that are cached or stored elsewhere online. The proof of that is
that I can modify one of my files and upload it to my site. The file, as seen
on my site, immediately displays the modification. The same file, as displayed
on the pirate sites, is unmodified and may remain unmodified for weeks.
It is obvious that my files, which are stored under public_html, are being
spidered and then stored or cached. This displeases me greatly. I want my
files, some of which have cost an enormous amount of work over many years, to
be available only on my site. Legitimate search engines, such as Google, may
display a snippet, but they do not display the entire file - they link to my
site so the visitor can get the file from me.
A little study has indicated to me that if I store those files in a folder
outside the web root and use PHP to provide access they will not be spidered.
Writing a PHP script to provide access to the files in that folder is what I
need help with. I have experimented with a number of code samples but have not
been able to make things work. Could any of you point to code samples or
tutorials that might help me? Remember that, aside from the code I have written
to handle my SQL database I am a PHP novice.
Dale H. Cook, Member, NEHGS and MA Society of Mayflower Descendants;
Plymouth Co. MA Coordinator for the USGenWeb Project
Administrator of http://plymouthcolony.net
You can't link to these files outside of the web root using any html
tags - you have to do it thru php. So, instead of an <a> tag pointing
to it, just have the <a> tag point to a script with a url containing a
?file=xxx portion as in:
<a href="pdflookups.php?filename=pdf_1">Show Me File 1</a>
In that script you simply recognize the filename argument and retrieve
it from the folder that you are storing it in and send that pdf to the
client or place it in the page that you are currently trying to display.
Whatever.
And use a captcha (which I personally can never read!) to keep the
robots at bay.
--- End Message ---
--- Begin Message ---
Hello Dale,
The spiders are not the only problem. The issue here is that anyone can
download your files from your website and then make them available
elsewhere. In order to address the problem, you should create a "Members
Restricted Area" where members only could download your files. You can then
make your PDF directory only visible through your Members Restricted Area.
That directory would be invisible to the web. In some Linux distros, if the
file/directory is not a member of www-data, it is not visible online. But
you can still link the files to your PHP page.
Ravi.
On Wed, Mar 13, 2013 at 4:38 PM, Dale H. Cook
<radiot...@plymouthcolony.net>wrote:
> Let me preface my question by noting that I am virtually a PHP novice.
> Although I am a long-time webmaster, and have used PHP for some years to
> give visitors access to information in my SQL database, this is my first
> attempt to use it for another purpose. I have browsed the mailing list
> archives and have searched online but have not yet succeeded in teaching
> myself how to do what I want to do. This need not provoke a lengthy
> discussion or involve extensive hand-holding - if someone can point to an
> appropriate code sample or online tutorial that might do the trick.
>
> I am the author of a number of PDF files that serve as genealogical
> reference works. My problem is that there are a number of sites which are
> posing as search engines and which display my PDF files in their entirety
> on their own sites. These pirate sites are not simply opening a window that
> displays my files as they appear on my site. They are using Google Docs to
> display copies of my files that are cached or stored elsewhere online. The
> proof of that is that I can modify one of my files and upload it to my
> site. The file, as seen on my site, immediately displays the modification.
> The same file, as displayed on the pirate sites, is unmodified and may
> remain unmodified for weeks.
>
> It is obvious that my files, which are stored under public_html, are being
> spidered and then stored or cached. This displeases me greatly. I want my
> files, some of which have cost an enormous amount of work over many years,
> to be available only on my site. Legitimate search engines, such as Google,
> may display a snippet, but they do not display the entire file - they link
> to my site so the visitor can get the file from me.
>
> A little study has indicated to me that if I store those files in a folder
> outside the web root and use PHP to provide access they will not be
> spidered. Writing a PHP script to provide access to the files in that
> folder is what I need help with. I have experimented with a number of code
> samples but have not been able to make things work. Could any of you point
> to code samples or tutorials that might help me? Remember that, aside from
> the code I have written to handle my SQL database I am a PHP novice.
>
> Dale H. Cook, Member, NEHGS and MA Society of Mayflower Descendants;
> Plymouth Co. MA Coordinator for the USGenWeb Project
> Administrator of http://plymouthcolony.net
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--- End Message ---
--- Begin Message ---
At 11:20 AM 3/14/2013, Jim Giner wrote:
>And use a captcha (which I personally can never read!) to keep the robots at
>bay.
I dislike CAPTCHAs, and some bots are pretty good at beating them. I'm
exploring alternatives that exploit the differences between the ways that bots
deal with pages and the ways that humans deal with pages.
Dale H. Cook, Member, NEHGS and MA Society of Mayflower Descendants;
Plymouth Co. MA Coordinator for the USGenWeb Project
Administrator of http://plymouthcolony.net
--- End Message ---
--- Begin Message ---
On 3/14/2013 12:43 PM, Dale H. Cook wrote:
At 11:20 AM 3/14/2013, Jim Giner wrote:
And use a captcha (which I personally can never read!) to keep the robots at
bay.
I dislike CAPTCHAs, and some bots are pretty good at beating them. I'm
exploring alternatives that exploit the differences between the ways that bots
deal with pages and the ways that humans deal with pages.
Dale H. Cook, Member, NEHGS and MA Society of Mayflower Descendants;
Plymouth Co. MA Coordinator for the USGenWeb Project
Administrator of http://plymouthcolony.net
My thinking is that if your web page doesn't have a reference to a
document name in it (which it won't in my example), then the bots don't
have anything to identify and therefore won't steal your product. Your
users can either be presented with the document immediately or can
choose one from a list (menu) and have it appear on the next page they
see. Again - the document names will not be present in the html page,
only in the php behind its creation.
--- End Message ---
--- Begin Message ---
On 14-3-2013 17:43, Dale H. Cook wrote:
At 11:20 AM 3/14/2013, Jim Giner wrote:
And use a captcha (which I personally can never read!) to keep the robots at
bay.
I dislike CAPTCHAs, and some bots are pretty good at beating them. I'm
exploring alternatives that exploit the differences between the ways that bots
deal with pages and the ways that humans deal with pages.
Captcha is not a specific system like the ones you're thinking of. Most
people think of the unreadable scribbles which are made so incredibly
hard to read that computers end up being better able to read them than
humans (hey, that might be a good way of solving it! A reverse Turing
test! Prove you're a computer, or be allowed to pass :p)
Anyway, there are more captcha systems around. Not just the text in an
image one. A very specific captcha that I quite like is to have it ask a
simple question. For instance "What is the capital of the UK?" Possible
answers: [London, The color green, 27]. Or "Pick the option that
represents a number: [Red, twelve, fire]". These very simple tasks
require the computer/bot to correlate various types of information,
which is very hard. For a human, this is very simple. It's simple, and
very friendly to your guests. If you simply make 5 different questions,
and have them rotate, I guarantee it will stop the bots for a very long
time.
- Tul
--- End Message ---
--- Begin Message ---
> correlate various types of information, which is very hard. For a human,
> this is very simple. It's simple, and very friendly to your guests.
Assuming humans will continue to behave as I've seen them behave so
far, even this "simple" system will guarantee you angry emails from
people who'll want to argue that "five" is a colour in some
circumstances. Please see discussions on this list about top-posting
as a reference.
TGIAF
Marc
--- End Message ---
--- Begin Message ---
At 12:40 PM 3/14/2013, Ravi Gehlot wrote:
>In order to address the problem, you should create a "Members Restricted Area"
You need to understand my target demo to understand my approach. Much of my
target audience for those files is elderly and not very computer savvy. Having
to register for access would discourage some of them. I prefer to keep their
access as simple as possible and as close as possible to the way in which I
have always provided it. Some of those files have been available (and have been
updated quarterly) for nearly a decade, and many visitors are used to
downloading and perusing some of those files quarterly.
Registration poses its own problems, as some miscreants will attempt to
register in order to usurp my resources. It probably wouldn't be as much of a
nuisance as it is when running a phpbb (I run two of those) but I'd rather
avoid dealing with registration.
All in all, I'd rather use a server-side approach incorporating methods to
differentiate between human visitors and bad bots.
Dale H. Cook, Member, NEHGS and MA Society of Mayflower Descendants;
Plymouth Co. MA Coordinator for the USGenWeb Project
Administrator of http://plymouthcolony.net
--- End Message ---
--- Begin Message ---
At 02:27 PM 3/14/2013, Marc Guay wrote:
>Assuming humans will continue to behave as I've seen them behave so
>far, even this "simple" system will guarantee you angry emails from
>people who'll want to argue that "five" is a colour in some
>circumstances.
Marc has a very valid point. My goal is to weed out the scrapers without
angering humans.
>Please see discussions on this list about top-posting as a reference.
I don't care about top-posters vs. bottom posters. What irks me are those who
do not edit their quotes, and they are one of the reasons why I do not sub any
list in digest mode. :-)
Dale H. Cook, Member, NEHGS and MA Society of Mayflower Descendants;
Plymouth Co. MA Coordinator for the USGenWeb Project
Administrator of http://plymouthcolony.net
--- End Message ---
--- Begin Message ---
I have made some progress. It occurred to me that the problem that I had in
accessing files outside the web root could be a pathing problem, and that was
the case. I finally ran phpinfo() and examined &_SERVER["DOCUMENT_ROOT"] to see
what the correct path should be. I then figured that for portability my script
should build the paths for desired files beginning with a truncated
&_SERVER["DOCUMENT_ROOT"] and concatenating the external folder and the
filename, and that is working fine. I now have a script that will give the
visitor access to a PDF file stored outside the web root and whose filename is
hard-coded in the script
The next step is to create the mechanism that lets one of my HTML pages pass
the desired filename to the script and have the script retrieve that file for
the visitor. That should be simple enough since it is just string manipulation
(once I get the hang of some additional PHP string manipulation functions).
Then I can move on to making my script bot-resistant before implementing it on
my site.
Dale H. Cook, Member, NEHGS and MA Society of Mayflower Descendants;
Plymouth Co. MA Coordinator for the USGenWeb Project
Administrator of http://plymouthcolony.net
--- End Message ---
--- Begin Message ---
On 3/14/2013 12:40 PM, Dale H. Cook wrote:
I have made some progress. It occurred to me that the problem that I had in accessing files outside the web
root could be a pathing problem, and that was the case. I finally ran phpinfo() and examined
&_SERVER["DOCUMENT_ROOT"] to see what the correct path should be. I then figured that for
portability my script should build the paths for desired files beginning with a truncated
&_SERVER["DOCUMENT_ROOT"] and concatenating the external folder and the filename, and that is
working fine. I now have a script that will give the visitor access to a PDF file stored outside the web
root and whose filename is hard-coded in the script
The next step is to create the mechanism that lets one of my HTML pages pass
the desired filename to the script and have the script retrieve that file for
the visitor. That should be simple enough since it is just string manipulation
(once I get the hang of some additional PHP string manipulation functions).
Then I can move on to making my script bot-resistant before implementing it on
my site.
Dale H. Cook, Member, NEHGS and MA Society of Mayflower Descendants;
Plymouth Co. MA Coordinator for the USGenWeb Project
Administrator of http://plymouthcolony.net
I don't think you ever want the filename buried in the web page. You
should only specify (perhaps) the title and let the php script determine
from that the filename.
Plus - easy way to specify a path outside of your webroot:
$root = $_SERVER['DOCUMENT_ROOT'];
$php_path = $root."/../php";
In my environment, my php folder is located at the same level as my
webroot. Modify as you need.
--- End Message ---
--- Begin Message ---
At 01:26 PM 3/14/2013, Jim Giner wrote:
>I don't think you ever want the filename buried in the web page.
Why not? The file itself is outside the root. In any case the finished product
will use tokens instead of filenames. While I am working out the bugs it is
easier to use filenames. I use an incremental approach to programming (and have
used that approach ever since I moved from batch programming to time-shared
terminals over 40 years ago).
>Plus - easy way to specify a path outside of your webroot:
That is precisely what I indicated that I was doing, using
&_SERVER["DOCUMENT_ROOT"], and then using truncation and concatenation.
Dale H. Cook, Member, NEHGS and MA Society of Mayflower Descendants;
Plymouth Co. MA Coordinator for the USGenWeb Project
Administrator of http://plymouthcolony.net
--- End Message ---
--- Begin Message ---
On 3/14/2013 3:44 PM, Dale H. Cook wrote:
At 01:26 PM 3/14/2013, Jim Giner wrote:
I don't think you ever want the filename buried in the web page.
Why not? The file itself is outside the root. In any case the finished product
will use tokens instead of filenames. While I am working out the bugs it is
easier to use filenames. I use an incremental approach to programming (and have
used that approach ever since I moved from batch programming to time-shared
terminals over 40 years ago).
Plus - easy way to specify a path outside of your webroot:
That is precisely what I indicated that I was doing, using
&_SERVER["DOCUMENT_ROOT"], and then using truncation and concatenation.
Dale H. Cook, Member, NEHGS and MA Society of Mayflower Descendants;
Plymouth Co. MA Coordinator for the USGenWeb Project
Administrator of http://plymouthcolony.net
the ../ method alleviates the need to identify and truncate. Simpler
that's all.
As for the filename - you're saying that your html page is outside the
web root? Guess I'm not getting you, cause I didn't think you could do
that.
--- End Message ---
--- Begin Message ---
Hi,
I have tried to find a way to check if a character string is possible to test
whether it is convertible to an intger !
any suggestion ?
BR georg
--- End Message ---
--- Begin Message ---
On Thu, Mar 14, 2013 at 7:02 PM, georg <georg.chamb...@telia.com> wrote:
> Hi,
>
> I have tried to find a way to check if a character string is possible to
> test whether it is convertible to an intger !
>
> any suggestion ?
>
> BR georg
You could use is_numeric for that, though it also accepts floats.
- Matijn
--- End Message ---
--- Begin Message ---
Something like "if (is_numeric($var) && $var == floor($var))" will do the
trick. I don't know if there's a better (more elegant) way.
On Thu, Mar 14, 2013 at 3:09 PM, Matijn Woudt <tijn...@gmail.com> wrote:
> On Thu, Mar 14, 2013 at 7:02 PM, georg <georg.chamb...@telia.com> wrote:
>
> > Hi,
> >
> > I have tried to find a way to check if a character string is possible to
> > test whether it is convertible to an intger !
> >
> > any suggestion ?
> >
> > BR georg
>
>
> You could use is_numeric for that, though it also accepts floats.
>
> - Matijn
>
--- End Message ---
--- Begin Message ---
On 03/14/2013 11:50 AM, Samuel Lopes Grigolato wrote:
Something like "if (is_numeric($var)&& $var == floor($var))" will do the
trick. I don't know if there's a better (more elegant) way.
On Thu, Mar 14, 2013 at 3:09 PM, Matijn Woudt<tijn...@gmail.com> wrote:
On Thu, Mar 14, 2013 at 7:02 PM, georg<georg.chamb...@telia.com> wrote:
Hi,
I have tried to find a way to check if a character string is possible to
test whether it is convertible to an intger !
any suggestion ?
BR georg
You could use is_numeric for that, though it also accepts floats.
- Matijn
for that type of test I have always used this:
if ( $val == (int)$val ) {
http://www.php.net/manual/en/language.types.integer.php#language.types.integer.casting
--
Jim Lucas
http://www.cmsws.com/
http://www.cmsws.com/examples/
--- End Message ---
--- Begin Message ---
On Thu, Mar 14, 2013 at 11:44 PM, Jim Lucas <li...@cmsws.com> wrote:
> On 03/14/2013 11:50 AM, Samuel Lopes Grigolato wrote:
>
>> Something like "if (is_numeric($var)&& $var == floor($var))" will do the
>>
>> trick. I don't know if there's a better (more elegant) way.
>>
>>
>> On Thu, Mar 14, 2013 at 3:09 PM, Matijn Woudt<tijn...@gmail.com> wrote:
>>
>> On Thu, Mar 14, 2013 at 7:02 PM, georg<georg.chamb...@telia.com**>
>>> wrote:
>>>
>>> Hi,
>>>>
>>>> I have tried to find a way to check if a character string is possible to
>>>> test whether it is convertible to an intger !
>>>>
>>>> any suggestion ?
>>>>
>>>> BR georg
>>>>
>>>
>>>
>>> You could use is_numeric for that, though it also accepts floats.
>>>
>>> - Matijn
>>>
>>>
>>
> for that type of test I have always used this:
>
> if ( $val == (int)$val ) {
>
> http://www.php.net/manual/en/**language.types.integer.php#**
> language.types.integer.casting<http://www.php.net/manual/en/language.types.integer.php#language.types.integer.casting>
>
>
I hope you're not serious about this...
When comparing a string and an int, PHP will translate the string to int
too, and of course they will always be equal then.
So:
$a = "abc";
if($a == (int)$a) echo "YES";
else echo "NO";
Will always return YES.
- Matijn
--- End Message ---
--- Begin Message ---
On 3/14/2013 4:05 PM, Matijn Woudt wrote:
On Thu, Mar 14, 2013 at 11:44 PM, Jim Lucas <li...@cmsws.com> wrote:
On 03/14/2013 11:50 AM, Samuel Lopes Grigolato wrote:
Something like "if (is_numeric($var)&& $var == floor($var))" will do the
trick. I don't know if there's a better (more elegant) way.
On Thu, Mar 14, 2013 at 3:09 PM, Matijn Woudt<tijn...@gmail.com> wrote:
On Thu, Mar 14, 2013 at 7:02 PM, georg<georg.chamb...@telia.com**>
wrote:
Hi,
I have tried to find a way to check if a character string is possible to
test whether it is convertible to an intger !
any suggestion ?
BR georg
You could use is_numeric for that, though it also accepts floats.
- Matijn
for that type of test I have always used this:
if ( $val == (int)$val ) {
http://www.php.net/manual/en/**language.types.integer.php#**
language.types.integer.casting<http://www.php.net/manual/en/language.types.integer.php#language.types.integer.casting>
I hope you're not serious about this...
When comparing a string and an int, PHP will translate the string to int
too, and of course they will always be equal then.
So:
$a = "abc";
if($a == (int)$a) echo "YES";
else echo "NO";
Will always return YES.
- Matijn
Hmmmm... Interesting. Looking back at my code base where I thought I
was doing that, turns out the final results were not that, but this:
$value = "asdf1234";
if ( $value === (string)intval($value) ) {
Looking back at the OP's request and after a little further searching,
it seems that there might be a better possible solution for what the OP
is requesting.
<?php
$values = array("asdf1234", "123.123", "123");
foreach ( $values AS $value ) {
echo $value;
if ( ctype_digit($value) ) {
echo ' - is all digits';
} else {
echo ' - is NOT all digits';
}
echo '<br />'.PHP_EOL;
}
returns...
asdf1234 - is NOT all digits
123.123 - is NOT all digits
123 - is all digits
http://www.php.net/manual/en/function.ctype-digit.php
An important note:
This function expects a string to be useful, so for example passing in
an integer may not return the expected result. However, also note that
HTML forms will result in numeric strings and not integers. See also the
types section of the manual.
--
Jim
--- End Message ---
--- Begin Message ---
Hi (again),
Im doing a
$res = odbc_prepare ... with a select statement
and
$succ = odbc_execute($res)
im missing how to get the return information on whether I got any hit or not in
the table
now !! the REF MAN is clearly sloppy;
in writing moment i see that $succ is a boolean (which is undefined about what
is meant by success, retreiving ZERO rows is a success ? guess so)
HOWEVER the sloppy thing comes with the REF MAN not explicitly saying that $res
is not only the connecting from prepare but
also "output" from the execution activity !!
is that so ?
--- End Message ---
--- Begin Message ---
hello,
annyone knows of some good PHP context editor freeware ?
(tired of missing out on trivials like ; )
regards
Georg
--- End Message ---
--- Begin Message ---
Hello,
I'm hoping there's an easy fix for this. I've got a centos server
machine 6.4 I believe with cPanel running on it. I need to enable the
gd extension, both the gd and gd-devel rpm packages are installed, but
php is not, that is showing up in a package list. It is however
installed as it's gone through cPanel. It does not however have the
php-gd extension. I am wondering if there's an easy way to get this
extension working? I do not want to have to recompile the whole php to
do this.
Thanks.
Dave.
--- End Message ---
