php-general Digest 1 Jul 2002 02:16:39 -0000 Issue 1437
Topics (messages 104573 through 104611):
Re: bug in sessions
104573 by: John Holmes
Re: Getting IP from behind proxies
104574 by: Bruce Karstedt
104577 by: Rasmus Lerdorf
104598 by: Peter
Re: Two cases going to same case?
104575 by: Chris Shiflett
104586 by: Anil Kumar K.
Register Globals = off
104576 by: PHPCoder
104580 by: Jason Wong
104583 by: Justin French
Re: pop-up windows
104578 by: Bruce Karstedt
104593 by: SP
PEAR website down
104579 by: Paul Reilly
XML Problem
104581 by: Sebastian A.
104590 by: Analysis & Solutions
104596 by: Sebastian A.
Re: [Session] SID automatically add on all pages?
104582 by: Justin French
104584 by: John Holmes
104587 by: Tim Stoop
104597 by: César Aracena
fopen(); deciding if going for the IP or domain.
104585 by: php.net.co.cr
104588 by: Chris Hewitt
Re: Gradients in PHP & GD
104589 by: Joshua Alexander
104605 by: Bogdan Stancescu
104607 by: Joshua Alexander
104608 by: Lazor, Ed
Re: PHP with online cedit card processing
104591 by: Steve Yates
Re: securing an 'includes' dir
104592 by: Steve Yates
104594 by: Chris Shiflett
Re: Blank emails
104595 by: César Aracena
Finding all instances
104599 by: mikeyb
[more info] Finding all instances
104600 by: mikeyb
104604 by: Andrew Brampton
Re: include files or fopen
104601 by: David Freeman
Globals bug??
104602 by: troy.recipezaar.com
104603 by: Rasmus Lerdorf
Re: More on removing item from cart
104606 by: Analysis & Solutions
How to put these 2 IF statements into 1, with regex?
104609 by: php.net.co.cr
104610 by: Martin Towell
104611 by: CC Zona
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
--- Begin Message ---
Same for me (PHP4.2.1 on Win). Unset removes the variable from the
session for the duration of the script, but doesn't actually remove it
from the session. Using session_unregister() does remove the variable
from the session. You should post it as a bug, Michal, or tell them to
change the documentation.
---John Holmes...
> -----Original Message-----
> From: Michal Dvoracek [mailto:[EMAIL PROTECTED]]
> Sent: Sunday, June 30, 2002 7:37 AM
> To: [EMAIL PROTECTED]
> Subject: [PHP] bug in sessions
>
> Hello,
>
> i discovered bug in sessions:
>
> when using unset($_SESSION[...]) insted session_unregister(...) and
> before calling read _$SESSION[...] variable WILL NOT unset.
>
> please try these examples and see result.
>
> here is method how to produce this bug (you must have cookies
enabled):
> 1. run script
> 2. reload page (you should see 2 $_SESSION arrays with the same value)
> 3. click on unset link
> 4. now you should see first array filled with test value and second
> should be empty - that's OK - but variable test should be deleted from
> session
> 5. reload page
> 6. here is BUG: i unset session variable test so i shouldn't exists,
> but exists.
> ---
>
> 7. comment line marked #fatal
>
> and go to repeat process from begining
> on step 6. both arrays will be empty!!!!
>
> ----------------cut here----------------------------------------------
> <?php
> session_start();
> echo '<pre>';
>
> print_r($_SESSION);
>
> if (isset($_GET['submit'])) {
> $test = $_SESSION['test']; # fatal
> unset($_SESSION['test']);
> } else {
> $_SESSION['test'] = 'this is test';
> }
> echo '<a href="'.$_SERVER['PHP_SELF'].'?submit=yes">unset</a><br>';
> print_r($_SESSION);
> echo '</pre>';
> ?>
> ----------------cut here----------------------------------------------
>
>
> replace unset($_SESSION['test']); with
> session_unregister('test'); and repeat process - here will be
> everything OK.
>
> http://www.php.net/manual/en/ref.session.php (see Example 3.)
>
> Tested on PHP 4.2.1 (win, Debian).
>
> Epilogue: using unset at $_SESSION array is NOT safe.
>
> Regards,
> Michal Dvoracek [EMAIL PROTECTED]
> Capitol Internet Publisher, Korunovacni 6, 170 00 Prague 7, Czech
Republic
> tel.: ++420 2 3337 1117, fax: ++420 2 3337 1112
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
Why not create a cookie for that poll. When the vote check for the cookie.
Unless a user clears the cookie himself, you basically limit votes to one
per computer or one per computer per user.
Bruce Karstedt
President
Technology Consulting Associates, Ltd.
Tel: 847-735-9488
Fax: 847-735-9474
-----Original Message-----
From: Rasmus Lerdorf [mailto:[EMAIL PROTECTED]]
Sent: Saturday, June 29, 2002 10:34 PM
To: JJ Harrison
Cc: [EMAIL PROTECTED]
Subject: Re: [PHP] Getting IP from behind proxies
Importance: Low
You need to assign each person a unique identifier of some sort. ie.
assign them a login and password and verify that information by sending a
message to their email address. Then only people with multiple email
addresses can spam your system with votes.
Beyond that it comes down to verifying each voter manually. Get a phone
number and call each one up. Even that is not quite foolproof.
Personal certificates might be an option here, but that is rather
cumbersome for everyone involved.
Basically there is no good solution for this problem. Until everyone in
the world has a unique and non-spoofable, easily verifiable id number,
what you are trying to do is impossible.
Basically live with the fact that your voting system will be inaccurate
and spoofable.
-Rasmus
On Sun, 30 Jun 2002, JJ Harrison wrote:
> what esle could i use?
> "Rasmus Lerdorf" <[EMAIL PROTECTED]> wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > You can only get it if the proxy provides you with this data. Most
don't,
> > so this is not a reliable approach.
> >
> > -Rasmus
> >
> > On Sat, 29 Jun 2002, JJ Harrison wrote:
> >
> > > I want to check to see if people have voted yet for a poll.
> > >
> > > How can I get the ip of a user from both behind a proxy and the
proxies
> ip?
> > >
> > > is this simple?
> > >
> > > will i have trouble with firewalls etc?
> > >
> > >
> > > --
> > > JJ Harrison
> > > [EMAIL PROTECTED]
> > > www.tececo.com
> > >
> > >
> > >
> > > --
> > > PHP General Mailing List (http://www.php.net/)
> > > To unsubscribe, visit: http://www.php.net/unsub.php
> > >
> >
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
It is rather trivial to turn off cookies. It's not a matter of clearing
cookies, the user simply turns it off. Heck, many users browse with
cookies turned off by default.
-R
On Sun, 30 Jun 2002, Bruce Karstedt wrote:
> Why not create a cookie for that poll. When the vote check for the cookie.
> Unless a user clears the cookie himself, you basically limit votes to one
> per computer or one per computer per user.
>
> Bruce Karstedt
> President
> Technology Consulting Associates, Ltd.
> Tel: 847-735-9488
> Fax: 847-735-9474
>
>
> -----Original Message-----
> From: Rasmus Lerdorf [mailto:[EMAIL PROTECTED]]
> Sent: Saturday, June 29, 2002 10:34 PM
> To: JJ Harrison
> Cc: [EMAIL PROTECTED]
> Subject: Re: [PHP] Getting IP from behind proxies
> Importance: Low
>
>
> You need to assign each person a unique identifier of some sort. ie.
> assign them a login and password and verify that information by sending a
> message to their email address. Then only people with multiple email
> addresses can spam your system with votes.
>
> Beyond that it comes down to verifying each voter manually. Get a phone
> number and call each one up. Even that is not quite foolproof.
>
> Personal certificates might be an option here, but that is rather
> cumbersome for everyone involved.
>
> Basically there is no good solution for this problem. Until everyone in
> the world has a unique and non-spoofable, easily verifiable id number,
> what you are trying to do is impossible.
>
> Basically live with the fact that your voting system will be inaccurate
> and spoofable.
>
> -Rasmus
>
> On Sun, 30 Jun 2002, JJ Harrison wrote:
>
> > what esle could i use?
> > "Rasmus Lerdorf" <[EMAIL PROTECTED]> wrote in message
> > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > You can only get it if the proxy provides you with this data. Most
> don't,
> > > so this is not a reliable approach.
> > >
> > > -Rasmus
> > >
> > > On Sat, 29 Jun 2002, JJ Harrison wrote:
> > >
> > > > I want to check to see if people have voted yet for a poll.
> > > >
> > > > How can I get the ip of a user from both behind a proxy and the
> proxies
> > ip?
> > > >
> > > > is this simple?
> > > >
> > > > will i have trouble with firewalls etc?
> > > >
> > > >
> > > > --
> > > > JJ Harrison
> > > > [EMAIL PROTECTED]
> > > > www.tececo.com
> > > >
> > > >
> > > >
> > > > --
> > > > PHP General Mailing List (http://www.php.net/)
> > > > To unsubscribe, visit: http://www.php.net/unsub.php
> > > >
> > >
> >
> >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
--- End Message ---
--- Begin Message ---
why not assign your user a unique id when they first visit you site and this
is registered in a database. The unique id is then passed from page to page
in the URL (i.e. get method)
when they submit their vote, the PHP page:
1: check to see if that Unique ID is stored in the database (checks it
hasn't just been made up)
2: checks to see if the "Voted" field is set to false
if either of the above return as FALSE reject the vote because either the
user has already voted or they modified the unique id to try and cheat the
system.
Now, the only way for them to make multiple votes is to keep getting to the
voting page by going back to your homepage and following the links to your
vote page or to make up a unique id and hope it's already been created by
someone else.
Every time you change the poll, you should empty the database as there could
be a few unique ids that were created but the visitor didn't vote.
It's a bit overkill for a web poll though!!!
"Bruce Karstedt" <[EMAIL PROTECTED]> wrote in message
000401c22047$925f4840$768c3841@c3">news:000401c22047$925f4840$768c3841@c3...
> Why not create a cookie for that poll. When the vote check for the cookie.
> Unless a user clears the cookie himself, you basically limit votes to one
> per computer or one per computer per user.
>
> Bruce Karstedt
> President
> Technology Consulting Associates, Ltd.
> Tel: 847-735-9488
> Fax: 847-735-9474
>
>
> -----Original Message-----
> From: Rasmus Lerdorf [mailto:[EMAIL PROTECTED]]
> Sent: Saturday, June 29, 2002 10:34 PM
> To: JJ Harrison
> Cc: [EMAIL PROTECTED]
> Subject: Re: [PHP] Getting IP from behind proxies
> Importance: Low
>
>
> You need to assign each person a unique identifier of some sort. ie.
> assign them a login and password and verify that information by sending a
> message to their email address. Then only people with multiple email
> addresses can spam your system with votes.
>
> Beyond that it comes down to verifying each voter manually. Get a phone
> number and call each one up. Even that is not quite foolproof.
>
> Personal certificates might be an option here, but that is rather
> cumbersome for everyone involved.
>
> Basically there is no good solution for this problem. Until everyone in
> the world has a unique and non-spoofable, easily verifiable id number,
> what you are trying to do is impossible.
>
> Basically live with the fact that your voting system will be inaccurate
> and spoofable.
>
> -Rasmus
>
> On Sun, 30 Jun 2002, JJ Harrison wrote:
>
> > what esle could i use?
> > "Rasmus Lerdorf" <[EMAIL PROTECTED]> wrote in message
> > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > You can only get it if the proxy provides you with this data. Most
> don't,
> > > so this is not a reliable approach.
> > >
> > > -Rasmus
> > >
> > > On Sat, 29 Jun 2002, JJ Harrison wrote:
> > >
> > > > I want to check to see if people have voted yet for a poll.
> > > >
> > > > How can I get the ip of a user from both behind a proxy and the
> proxies
> > ip?
> > > >
> > > > is this simple?
> > > >
> > > > will i have trouble with firewalls etc?
> > > >
> > > >
> > > > --
> > > > JJ Harrison
> > > > [EMAIL PROTECTED]
> > > > www.tececo.com
> > > >
> > > >
> > > >
> > > > --
> > > > PHP General Mailing List (http://www.php.net/)
> > > > To unsubscribe, visit: http://www.php.net/unsub.php
> > > >
> > >
> >
> >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
--- End Message ---
--- Begin Message ---
Leif K-Brooks wrote:
> I have a switch in a script I'm working on. I need to have case 1 and
> 2 both to to case 3, but without case 1 going through case 2. Is this
> possible?
Does "case 3" have to be in the switch? If not, just leave it to execute
just after the end of the switch.
Otherwise, consider making your program modular. For case 3, include a
file that has the code you're wanting to execute. Then all you have to
do is include the same file at the bottom of both cases 1 and 2.
Chris
--- End Message ---
--- Begin Message ---
Can't you write it this way?
switch( $bar) {
case 2:
...
case 1:
...
case 3:
...
}
On Sun, 30 Jun 2002, Leif K-Brooks wrote:
> I have a switch in a script I'm working on. I need to have case 1 and 2
> both to to case 3, but without case 1 going through case 2. Is this
> possible?
>
>
--
+91 471 329302 (Office)
+91 9473 22280 (Cell)
Linuxense Information Systems Pvt. Ltd., Trivandrum, India
http://www.linuxense.com
--- End Message ---
--- Begin Message ---
Hi
Going through some literature, it seems like the use of registered
globals can cause security issues. Now, the dilemma, all my previous PHP
installations ( for the last year or so ) have come with register
globals = on in the php.ini file by default, and users on my system has
happily coded their websites using this function.
Now , with all the new versions of PHP, the registered globals are
turned off in the ini and will basically cause all those previous sites
not to function. Which means that I'm between a rock and a hard place,
turn the register globals back on and carry on with the security risks,
or keep it off and have all those people re-code their sites...
Is there a more "gentle" solution out there? Am I just misunderstanding
the issue?
Any light on the matter will be appreciated.
Thanks
--- End Message ---
--- Begin Message ---
On Sunday 30 June 2002 23:12, PHPCoder wrote:
> Hi
> Going through some literature, it seems like the use of registered
> globals can cause security issues. Now, the dilemma, all my previous PHP
> installations ( for the last year or so ) have come with register
> globals = on in the php.ini file by default, and users on my system has
> happily coded their websites using this function.
> Now , with all the new versions of PHP, the registered globals are
> turned off in the ini and will basically cause all those previous sites
> not to function. Which means that I'm between a rock and a hard place,
> turn the register globals back on and carry on with the security risks,
> or keep it off and have all those people re-code their sites...
> Is there a more "gentle" solution out there? Am I just misunderstanding
> the issue?
> Any light on the matter will be appreciated.
I don't there are any "gentle" approaches to this. People will have to bite
the bullet sooner or later.
What may help slightly is the fact that you can have different settings for
register_globals for each virtual host. Thus the global setting for
register_globals, ie php.ini, can be off. Then for each of your users who
have not yet recoded, enable register_globals in their virtual host setting.
Thus the people who have bothered to recode will be able to benefit from a
more secure application without being affected by the people who have not yet
recoded.
--
Jason Wong -> Gremlins Associates -> www.gremlins.com.hk
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
/*
Depart in pieces, i.e., split.
*/
--- End Message ---
--- Begin Message ---
You could leave the setting to ON in your php.ini, and impose OFF on a
per-directory (account, domain, etc) basis with a .htaccess file (or
vice-versa), assuming you have Apache.
This will mean all new clients will have the setting to OFF, and will do
things "the right way" from day 1. It will also allow existing clients to
modify their setting to OFF (as I do on a shared server) to keep things a
little more secure.
You could also advise all existing clients of a planned changeover in 12
months, offer code advise (including a simple function at the top of each
script can push all $_GET['var'], POST, SESSION, etc vars into standard
$vars), and document the many security holes and benefits of upgrading over
time.
In 12 months, you can changeover to OFF in the php.ini file. At which time
coding practices, books, websites, applications and all the rest will be
much more inline than they are now.
Justin French
on 01/07/02 1:12 AM, PHPCoder ([EMAIL PROTECTED]) wrote:
> Hi
> Going through some literature, it seems like the use of registered
> globals can cause security issues. Now, the dilemma, all my previous PHP
> installations ( for the last year or so ) have come with register
> globals = on in the php.ini file by default, and users on my system has
> happily coded their websites using this function.
> Now , with all the new versions of PHP, the registered globals are
> turned off in the ini and will basically cause all those previous sites
> not to function. Which means that I'm between a rock and a hard place,
> turn the register globals back on and carry on with the security risks,
> or keep it off and have all those people re-code their sites...
> Is there a more "gentle" solution out there? Am I just misunderstanding
> the issue?
> Any light on the matter will be appreciated.
>
> Thanks
>
>
--- End Message ---
--- Begin Message ---
Here ! Here ! Everyone's time is valuable, and therefore the more we all
respect each other's time and opinions, the more valuable a resource this
will become.
Bruce Karstedt
President
Technology Consulting Associates, Ltd.
Tel: 847-735-9488
Fax: 847-735-9474
-----Original Message-----
From: Justin French [mailto:[EMAIL PROTECTED]]
Sent: Sunday, June 30, 2002 2:45 AM
To: Kevin Stone; [EMAIL PROTECTED]
Subject: Re: [PHP] pop-up windows
Importance: Low
on 29/06/02 2:53 AM, Kevin Stone ([EMAIL PROTECTED]) wrote:
> John I hate to critisize you since you are one of the most active members
on
> this list. But are these types of comments really useful?
> -Kevin
No, I'm with John on this one. I'd say I type "no, JavaScript is
client-side, and PHP is server side" around 20 times a week to this list,
and that's only when I can be bothered.
Searching for pop-up in the archives would have solved the writers problem
in about 2 minutes.
For this group to maintain it's worth, we need to encourage users to do a
LITTLE research before asking obvious questions, and we need to discourage
people wasting our time with repetitive questions, or those who clearly
subscribe to the "but it's so easy to just send an email and wait to be
flamed" mentality.
Regards,
Justin French
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
Perhaps we could agree on a standard response when someone asks about doing
javascript in php. Then when someone asks that question, the first one to
send out that canned response wins 1 php credit. John and Jason would be
php millionaires by the year out I think.
-----Original Message-----
From: Bruce Karstedt [mailto:[EMAIL PROTECTED]]
Sent: June 30, 2002 11:27 AM
To: 'Justin French'; 'Kevin Stone'; [EMAIL PROTECTED]
Subject: RE: [PHP] pop-up windows
Here ! Here ! Everyone's time is valuable, and therefore the more we all
respect each other's time and opinions, the more valuable a resource this
will become.
Bruce Karstedt
President
Technology Consulting Associates, Ltd.
Tel: 847-735-9488
Fax: 847-735-9474
-----Original Message-----
From: Justin French [mailto:[EMAIL PROTECTED]]
Sent: Sunday, June 30, 2002 2:45 AM
To: Kevin Stone; [EMAIL PROTECTED]
Subject: Re: [PHP] pop-up windows
Importance: Low
on 29/06/02 2:53 AM, Kevin Stone ([EMAIL PROTECTED]) wrote:
> John I hate to critisize you since you are one of the most active members
on
> this list. But are these types of comments really useful?
> -Kevin
No, I'm with John on this one. I'd say I type "no, JavaScript is
client-side, and PHP is server side" around 20 times a week to this list,
and that's only when I can be bothered.
Searching for pop-up in the archives would have solved the writers problem
in about 2 minutes.
For this group to maintain it's worth, we need to encourage users to do a
LITTLE research before asking obvious questions, and we need to discourage
people wasting our time with repetitive questions, or those who clearly
subscribe to the "but it's so easy to just send an email and wait to be
flamed" mentality.
Regards,
Justin French
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
The pear.php.net site seems to have a problem with no MySQL server
running. I need to download PEAR in a hurry. Can someone get the site
back up or tell me if I can get PEAR from somewhere else??
Thanks
Paul
--- End Message ---
--- Begin Message ---
Hello,
I am having some problems parsing XML with PHP. Here is an example of my
problem:
Example 1:
<PAGE>
<TAG1>
SOME TEXT
</TAG1>
</PAGE>
When I try to use the expat XML functions I cannot parse TAG1 in the above
example. I simply get nothing. However with the following example:
Example 2:
<PAGE>
<TAG1>SOME TEXT</TAG1>
</PAGE>
I have absolutely no problems. I get the text in between TAG1 without any
problems. However I have some very long documents that I would like to
translate to XML and I cannot put the whole document on one line, as it
would be impossible to read. I have, however seen other XML files like
example 1 that were parsed fine, AND they were parsed with the expat
functions. I cannot figure how though. Any help would be appreciated.
Thanks in Advance
--- End Message ---
--- Begin Message ---
On Sun, Jun 30, 2002 at 05:58:59PM +0200, Sebastian A. wrote:
>
> I am having some problems parsing XML with PHP. Here is an
> example of my problem:
The answer hasn't changed since the last time we had this same
discussion back in early May. Search groups.google.com for message id
[EMAIL PROTECTED]
--Dan
--
PHP classes that make web design easier
SQL Solution | Layout Solution | Form Solution
sqlsolution.info | layoutsolution.info | formsolution.info
T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y
4015 7 Av #4AJ, Brooklyn NY v: 718-854-0335 f: 718-854-0409
--- End Message ---
--- Begin Message ---
You were right, I found the following:
# Declare the function that runs each time
# character data is encountered.
function CharacterHandler($Parser, $Line) {
global $CData;
# Place lines into an array because elements
# can contain more than one line of data.
$CData[] = $Line;
This should, obviously solve the problem, but I am not sure how I should go
about using it?
Later on, you make the $Cdata a string, $temp, and then the next time you
use it: $Temp = $Data['TRADE-DATETIME']
You re-assign it again without using the data. Did I miss something?
-----Original Message-----
From: Analysis & Solutions [mailto:[EMAIL PROTECTED]]
Sent: Sunday, June 30, 2002 8:27 PM
To: PHP List
Subject: Re: [PHP] XML Problem
On Sun, Jun 30, 2002 at 05:58:59PM +0200, Sebastian A. wrote:
>
> I am having some problems parsing XML with PHP. Here is an
> example of my problem:
The answer hasn't changed since the last time we had this same
discussion back in early May. Search groups.google.com for message id
[EMAIL PROTECTED]
--Dan
--
PHP classes that make web design easier
SQL Solution | Layout Solution | Form Solution
sqlsolution.info | layoutsolution.info | formsolution.info
T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y
4015 7 Av #4AJ, Brooklyn NY v: 718-854-0335 f: 718-854-0409
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
on 30/06/02 11:33 PM, Tim Stoop ([EMAIL PROTECTED]) wrote:
> Ah yes, I forgot about that... I need to resume the session, of course.
> Would session.auto_start set to 1 work without these session_start()'s?
I believe so... and Jason Wong has sent an email suggesting this.
> The
> thing is, I need as less as possible of a hassle to have the sessions
> work... Read on for an explanation.
[snip]
I'd say everything will work out, depending of course on the code you're
writing to manage everything :)
It's worth pointing out that you may not really have to worry about the
session_start() call at the top of script. In reality, you may replace this
with a single include() statement which contains a library of functions,
maintains the session, etc etc as the first line of the file. Much simpler
than imposing yet another requirement on the host (portability is always an
issue), and much simpler than multiple includes and stuff scattered every
where.
<? include('inc/header.inc'); ?> // includes sessions, functions, etc
<HTML>
<HEAD>
bla bla..
</HEAD>
<BODY>
<H1>Buy this product!</H1>
<P>bla bla</P>
<?=makeBuyButton("black shoes, size 34")?>
</BODY>
</HTML>
Good luck.
Justin French
--- End Message ---
--- Begin Message ---
Tim,
You might want to look into a good templating solution, too. You can
make it so the customer can maintain all of the HTML and you maintain
the PHP, and it's all kept separate. It's would be similar to what it
looks like you are doing now.
Instead of telling the client to put <?=makeBuyButton("black shoes, size
34")?>, you could do something like <BuyButton type="shoes" size="34">,
which may be easier for someone with an HTML background to understand.
It's up to you.
---John Holmes...
> -----Original Message-----
> From: Justin French [mailto:[EMAIL PROTECTED]]
> Sent: Sunday, June 30, 2002 12:15 PM
> To: Tim Stoop; [EMAIL PROTECTED]
> Subject: Re: [PHP] [Session] SID automatically add on all pages?
>
> on 30/06/02 11:33 PM, Tim Stoop ([EMAIL PROTECTED]) wrote:
>
> > Ah yes, I forgot about that... I need to resume the session, of
course.
> > Would session.auto_start set to 1 work without these
session_start()'s?
>
> I believe so... and Jason Wong has sent an email suggesting this.
>
> > The
> > thing is, I need as less as possible of a hassle to have the
sessions
> > work... Read on for an explanation.
>
> [snip]
>
> I'd say everything will work out, depending of course on the code
you're
> writing to manage everything :)
>
>
> It's worth pointing out that you may not really have to worry about
the
> session_start() call at the top of script. In reality, you may
replace
> this
> with a single include() statement which contains a library of
functions,
> maintains the session, etc etc as the first line of the file. Much
> simpler
> than imposing yet another requirement on the host (portability is
always
> an
> issue), and much simpler than multiple includes and stuff scattered
every
> where.
>
> <? include('inc/header.inc'); ?> // includes sessions, functions, etc
> <HTML>
> <HEAD>
> bla bla..
> </HEAD>
> <BODY>
> <H1>Buy this product!</H1>
> <P>bla bla</P>
> <?=makeBuyButton("black shoes, size 34")?>
> </BODY>
> </HTML>
>
> Good luck.
>
>
> Justin French
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
Thanks for the help guys. The one-line include is definitly a very good
idea, which I'll use.
Templating is very interesting, although, only if it works exactly as you
say, with HTML-like tags. I looked at Smart, patTemplate en some others,
but they all use {} or [] style tags. In that case, I prefer de php. If
anyone knows of a template-engine that can recognise the difference between
a custom-tag with <> and a HTML-tag, I'd appreciate the URL :)
For now, I'm going to make this work.
--
Kind regards,
Tim
--- End Message ---
--- Begin Message ---
Well Tim, I don't have much time working with PHP, but I did study the
template format made by Ying Zhang. I found it when searching for a
shopping cart - PHP made - script. If you want to look at it, search
hotscripts for "mymarket". To give you an idea, I make just one page
with session_start() for all my sites... in the header.inc which is
obviously inserted at the top of every page... This page also inserts
the login and logout functions, so I can make all the other pages
without having to worry about session management.
I don't know if this is going to help you, but it sure makes my life
easier when working with sessions.
C.
> -----Original Message-----
> From: Tim Stoop [mailto:[EMAIL PROTECTED]]
> Sent: Sunday, June 30, 2002 3:05 PM
> To: [EMAIL PROTECTED]
> Subject: RE: [PHP] [Session] SID automatically add on all pages?
>
> Thanks for the help guys. The one-line include is definitly a very
good
> idea, which I'll use.
>
> Templating is very interesting, although, only if it works exactly as
you
> say, with HTML-like tags. I looked at Smart, patTemplate en some
others,
> but they all use {} or [] style tags. In that case, I prefer de php.
If
> anyone knows of a template-engine that can recognise the difference
> between
> a custom-tag with <> and a HTML-tag, I'd appreciate the URL :)
>
> For now, I'm going to make this work.
>
> --
> Kind regards,
> Tim
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
Hello,
Is there anyway I can do fopen to try to open a connection to a domain
name, if it cant try opening it to the IP? For some weird reason today
a domain name wont resolve and Iam getting this error:
Warning: php_network_getaddresses: getaddrinfo failed: Name or service
not known
Thanks.
--- End Message ---
--- Begin Message ---
The manual shows fopen("http://www.php.net/","r";) works. If you are
saying it is only today that it is not working then I wonder if the
server (or dns server for it) is down.
If on unix, does "dig domain.com" give an ANSWER section with ip
address? If on NT, does "nslookup domain.com" give an ip address? (with
domain.com changed to be whatever server the url you are looking for is on).
I don't know anything about the particular error you are getting but
maybe the above are some pointers (assuming you didn't just do a typo).
HTH
Chris
[EMAIL PROTECTED] wrote:
>Hello,
>
>Is there anyway I can do fopen to try to open a connection to a domain
>name, if it cant try opening it to the IP? For some weird reason today
>a domain name wont resolve and Iam getting this error:
>
>Warning: php_network_getaddresses: getaddrinfo failed: Name or service
>not known
>
>Thanks.
>
--- End Message ---
--- Begin Message ---
>Well, I'm deeply moved by your concern - I don't think I was either
>hostile or impatient however - I was just stating the obvious and
>implying a question (why isn't it straightforward).
That was my problem with your post--why imply the question, and leave
it open to interpretation? Why not just ask? Who would mistake a
direct request for more info as hostile or impatient?
--- End Message ---
--- Begin Message ---
The only question I could possibly have asked to leave it open enough to
all the possibilities was basically the one I asked. That's because
possible reasons for not writing his own function may have been:
- he wanted a very basic gradient, but he was such a newbie in PHP that
he didn't know how - I would've been happy to help in this case;
- he needed some strange gradient/shape/mask - in which case someone who
needed the same kind of thing at a previous date would've been able to
answer;
- he was pressed for time;
- he was lazy.
Please tell me what would be a question which would leave all these
answer opportunities open while also being brief and obviously not being
hostile?
Bogdan
Joshua Alexander wrote:
>> Well, I'm deeply moved by your concern - I don't think I was either
>> hostile or impatient however - I was just stating the obvious and
>> implying a question (why isn't it straightforward).
>
>
> That was my problem with your post--why imply the question, and leave
> it open to interpretation? Why not just ask? Who would mistake a
> direct request for more info as hostile or impatient?
--- End Message ---
--- Begin Message ---
By this point, I am trying to speak generally. Not trying to pick on
Bogdan specifically, since communication can always be improved.
>Please tell me what would be a question which would leave all these
>answer opportunities open while also being brief and obviously not
>being hostile?
Hmm... not sure... how about, "I don't have enough info from your
post to help... please tell us more about what exactly you are
having problems with?" How does that sound?
That's fairly general, based on a post I saw here recently. Of course
it could be augmented with questions like "Are you new to PHP?" and,
in the specific case we've been discussing, "Are you trying to create
a basic gradient or something unusual?", etc.
-Josh
--- End Message ---
--- Begin Message ---
You guys are over-complicating this. If you want to help someone and don't
understand their question, just say so. People asking for help are usually
more than happy to provide additional information or rephrase their
question.
Be careful when using the question, "Are you new to PHP?". It has an
implied, "That was an awfully silly question... are you new to PHP?". Some
may take that as an insult. Of course, it could be funny as well. Imagine
responding to Rasmus, "Are you new to PHP?" ;) hehe
> -----Original Message-----
> it could be augmented with questions like "Are you new to PHP?" and,
> in the specific case we've been discussing, "Are you trying to create
> a basic gradient or something unusual?", etc.
****************************************************************************
This message is intended for the sole use of the individual and entity to
whom it is addressed, and may contain information that is privileged,
confidential and exempt from disclosure under applicable law. If you are
not the intended addressee, nor authorized to receive for the intended
addressee, you are hereby notified that you may not use, copy, disclose or
distribute to anyone the message or any information contained in the
message. If you have received this message in error, please immediately
advise the sender by reply email and delete the message. Thank you very
much.
--- End Message ---
--- Begin Message ---
> > names of companies that charge a reasonable rate, that you can use you
own
> > shopping cart and work well with PHP
My company's site uses Innuity as a gateway with PHP pages. You can do
whatever you want to get the totals, then POST the charge to their secure
server which can return all values back to a script on your site to finish.
Pretty well documented too. We use it for web site hosting and domain name
registration orders.
http://www.teamITS.com/internet/credit_cards.html
- Steve Yates
- A Penny saved is a congressional oversight.
/ Taglines by Taglinator - www.srtware.com /
--- End Message ---
--- Begin Message ---
"Justin French" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> 1. Name all included files .inc
If you name them *.php then put anything in them inside a function, then
when the user browses to that file he/she won't see anything at all.
- Steve Yates
- A fool and his money... Hey! Where's my wallet?
/ Taglines by Taglinator - www.srtware.com /
--- End Message ---
--- Begin Message ---
Steve Yates wrote:
>"Justin French" <[EMAIL PROTECTED]> wrote in message
>[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
>
>
>>1. Name all included files .inc
>>
>>
>If you name them *.php then put anything in them inside a function, then
>when the user browses to that file he/she won't see anything at all.
>
I think this is a very poor tactic, because it "covers up" the problem
rather than doing anything about it. You still allow people to access
your modules directly, and worse, you allow them to execute these
modules out of context. By restricting your modules to only allow
function declarations, you also make things more difficult on yourself
without any real benefit.
It's much better to properly name your included files *.inc as suggested
by Mr. French and either:
1. don't put them under document root (my preference)
or:
2. configure your Web server to not allow access to .inc files
Chris
--- End Message ---
--- Begin Message ---
This is one of the mails headers:
/dev/cdrom 595M 596M 0 100% /mnt/cdrom
bash-2.05$ rpm -q redhat-release
redhat-release-7.2-1
X-UIDL: =aK"!>16"!7o9"!jCB!!
******************************************************************
And this is it's content:
System: Linux angel 2.4.7-10 #1 Thu Sep 6 17:21:28 EDT 2001 i586 unknown
Architecture: i586
Some paths: /usr/bin/perl /usr/bin/make /usr/bin/gmake /usr/bin/gcc
/usr/bin/cc
GCC: Reading specs from /usr/lib/gcc-lib/i386-redhat-linux/2.96/specs
gcc version 2.96 20000731 (Red Hat Linux 7.1 2.96-98)
Compilation info: CC='gcc' CFLAGS='-O6 -fno-omit-frame-pointer
-mpentium' CXX='gcc' CXXFLAGS='-O6 -fno-omit-frame-pointer
-felide-constructors -fno-exceptions -fno-rtti -mpentium' LDFLAGS=''
LIBC:
lrwxrwxrwx 1 root root 13 Dec 16 2001 /lib/libc.so.6
-> libc-2.2.4.so
-rwxr-xr-x 1 root root 5716491 Sep 4 2001
/lib/libc-2.2.4.so
-rw-r--r-- 1 root root 27304836 Sep 4 2001 /usr/lib/libc.a
-rw-r--r-- 1 root root 178 Sep 4 2001 /usr/lib/libc.so
Configure command: ./configure --disable-shared
--with-mysqld-ldflags=-all-static --with-client-ldflags=-all-static
--without-berkeley-db --with-innodb --enable-assembler
--with-mysqld-user=mysql
--with-unix-socket-path=/var/lib/mysql/mysql.sock --prefix=/
--with-extra-charsets=complex --exec-prefix=/usr --libexecdir=/usr/sbin
--sysconfdir=/etc --datadir=/usr/share --localstatedir=/var/lib/mysql
--infodir=/usr/info --includedir=/usr/include --mandir=/usr/man
--with-embedded-server --enable-thread-safe-client
'--with-comment=Official MySQL RPM'
---------------------------------------------------------------------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail
<[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
>From [EMAIL PROTECTED] Sun Jun 30
06:31:59 2002
Return-Path: <[EMAIL PROTECTED]>
> -----Original Message-----
> From: Peter [mailto:[EMAIL PROTECTED]]
> Sent: Sunday, June 30, 2002 6:52 AM
> To: [EMAIL PROTECTED]
> Subject: [PHP] Re: Blank emails
>
> Can you post the code on here?
> There must be some headers somewhere because the mail has been sent to
> you -> to header.
> Have you clicked on the email in Outlook and looked at the headers /
> message
> source?
>
> "César aracena" <[EMAIL PROTECTED]> wrote in message
> 002a01c22019$21a0c210$dfc405c8@gateway">news:002a01c22019$21a0c210$dfc405c8@gateway...
> Hi all.
>
> I know it's Sunday morning and that I'm NOT getting many responses
right
> now ;-)
>
> I connected to the net, opened my browser, pointed it towards an
e-mail
> script I've installed this afternoon in my site (SquirrelMail) qnd got
> into the INBOX. once there, I opened my MS Outlook and received 21
> messages regarding PHP mailing list stuff, but all these had no FROM,
> SUBJECT, TO or CC... I mean, they had body content but no headers to
> show. ¿¿¿???
>
> <mailto:[EMAIL PROTECTED]> Cesar Aracena
> CE / MCSE+I
> Neuquen, Argentina
> +54.299.6356688
> +54.299.4466621
>
>
>
>
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
Hi,
I have a little problem I am trying to solve but right now I have no idea where to
begin. I am preying that someone out there might be able to help me.
In my MySQL database I have a group of figures, one for each record. Through PHP I
have concluded at a 'magical' number which I will need to compare against. What I
need to do is try to find all instances or combinations of figures from the database
which fit inside this magical figure, but how I do this I am not sure. I'm thinking I
need to somehow read the figures into an array somehow but I have not had enough
experience with php to know how to even do this effectively. I have read up on the
issue but it all seems double dutch, and I don't know what I need to do from this
point anyway.
For example:
Magic Number: 7
Numbers in database: 12, 6, 2, 8, 5, 3, 1
Combinations returned: 1, 3, 5, 2, 6, 5&2, 3&2, 3&2&1, 5&1, 6&1, 2&1, 3&1
Can anyone please help?
Thanks,
Michael.
--- End Message ---
--- Begin Message ---
Hi,
I have a little problem I am trying to solve but right now I have no idea
where to begin. I am preying that someone out there might be able to help
me.
In my MySQL database I have a group of figures, one for each record.
Through PHP I have concluded at a 'magical' number which I will need to
compare against. What I need to do is try to find all instances or
combinations of figures from the database which fit inside this magical
figure, but how I do this I am not sure. I'm thinking I need to somehow
read the figures into an array somehow but I have not had enough experience
with php to know how to even do this effectively. I have read up on the
issue but it all seems double dutch, and I don't know what I need to do from
this point anyway.
For example:
Magic Number: 7
Numbers in database: 12, 6, 2, 8, 5, 3, 1
Combinations returned: 1, 3, 5, 2, 6, 5&2, 3&2, 3&2&1, 5&1, 6&1, 2&1, 3&1
Can anyone please help?
[MORE INFO: Each record in the database has a unique identifier, numberid,
which would be used to identify which records are used in the combinations.
We can assume for now that the numberid is equal to the number in the
database for simplicity sake. Sorry for not making this clear the first
time]
Thanks,
Michael.
--- End Message ---
--- Begin Message ---
Well I'm not good enough at SQL to do this, but how about you get PHP to
figure out all the combinations, ie
1, 3, 5, 2, 6, 5&2, 3&2, 3&2&1, 5&1, 6&1, 2&1, 3&1
Then do a set of
SELECT * FROM table WHERE number=1
SELECT * FROM table WHERE number=3
....
SELECT * FROM table WHERE number=3 OR number=1
Then you can read all these values into a array of some kind and do what you
want...
I think I may mis-understood the problem a little, but I hope this helps
Andrew
----- Original Message -----
From: "mikeyb" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, June 30, 2002 10:26 PM
Subject: [PHP] [more info] Finding all instances
>
> Hi,
>
> I have a little problem I am trying to solve but right now I have no idea
> where to begin. I am preying that someone out there might be able to help
> me.
>
> In my MySQL database I have a group of figures, one for each record.
> Through PHP I have concluded at a 'magical' number which I will need to
> compare against. What I need to do is try to find all instances or
> combinations of figures from the database which fit inside this magical
> figure, but how I do this I am not sure. I'm thinking I need to somehow
> read the figures into an array somehow but I have not had enough
experience
> with php to know how to even do this effectively. I have read up on the
> issue but it all seems double dutch, and I don't know what I need to do
from
> this point anyway.
>
> For example:
>
> Magic Number: 7
> Numbers in database: 12, 6, 2, 8, 5, 3, 1
>
> Combinations returned: 1, 3, 5, 2, 6, 5&2, 3&2, 3&2&1, 5&1, 6&1, 2&1, 3&1
>
> Can anyone please help?
>
> [MORE INFO: Each record in the database has a unique identifier, numberid,
> which would be used to identify which records are used in the
combinations.
> We can assume for now that the numberid is equal to the number in the
> database for simplicity sake. Sorry for not making this clear the first
> time]
>
> Thanks,
> Michael.
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--- End Message ---
--- Begin Message ---
> I am trying to write a program that is very modular in
> nature & one of the
> features I need the user to be able to do is install/uninstall or
> enable/disable the module though the interface.
I have, in the past, stored such information in a database. In projects
that have need of such functionality I create a modules table and use
that to store what information I need - normally that's a path to the
module, the name of the config file for that module and any other
relevant bits that the project as a whole needs to know about.
Then when a page loads it can check for any appropriate modules in the
process and deal with them accordingly.
CYA, Dave
--- End Message ---
--- Begin Message ---
We are seeing a rare bug that seems to imply that there is a bug in PHP's
global variables across httpd processes. To make a long story short, it
appears that on rare occassions our script gets the value of a HTTP_GET_VARS
variable from another user's process. Is this possible? BTW, it seems to occur
when using HTTP_GET_VARS and the new 'super globals'.
FWIW, we're using PHP 4.1.2 on (Red Hat) Linux 2.4.9 with Apache 1.3.12.
Thanks!
(please reply via email in addition to posting here if possible)
--- End Message ---
--- Begin Message ---
I don't see how. But if what you are saying is actually happening, then
it is a Linux kernel-level bug if memory is leaking from one process to
another. No matter how badly we screwed up in PHP, the kernel prevents
such a screwup from infecting a separate process.
I'd suggest having a close look at your code.
-Rasmus
On 30 Jun 2002 [EMAIL PROTECTED] wrote:
> We are seeing a rare bug that seems to imply that there is a bug in PHP's
> global variables across httpd processes. To make a long story short, it
> appears that on rare occassions our script gets the value of a HTTP_GET_VARS
> variable from another user's process. Is this possible? BTW, it seems to occur
> when using HTTP_GET_VARS and the new 'super globals'.
>
> FWIW, we're using PHP 4.1.2 on (Red Hat) Linux 2.4.9 with Apache 1.3.12.
>
> Thanks!
>
> (please reply via email in addition to posting here if possible)
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
--- End Message ---
--- Begin Message ---
Hi Vicki:
I'm not going to cover everything in the email. BUT, the essence of
the solution is right here. I made a little test script based on the
values you said were in the cart array at the top of the page and the
variables contained in the form...
#! /usr/local/bin/php -q
<?php
# Simulate the $cart session variable:
$cart[1] = 1;
$cart[3] = 1;
# Simulate the $checkbox array from the form:
# $checkbox[1] = 'yes';
$checkbox[3] = 'yes';
# Run through each item in the cart:
foreach($cart as $artID => $value) {
if ( !isset($checkbox[$artID]) ) {
unset($cart[$artID]);
echo "<br />removed $artID from cart\n";
} else {
echo "<br />kept $artID in cart\n";
}
}
?>
This behaves exactly as expected. Now, let's put my foreach
loop from above (leave out all the rest of the stuff) in the place of
your foreach loop (which is in the if($save) statement).
Run it and things _should_ work right.
--Dan
--
PHP classes that make web design easier
SQL Solution | Layout Solution | Form Solution
sqlsolution.info | layoutsolution.info | formsolution.info
T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y
4015 7 Av #4AJ, Brooklyn NY v: 718-854-0335 f: 718-854-0409
--- End Message ---
--- Begin Message ---
Hi People,
I was wondering if there is anyway to combine these two IF statements
into one:
if (preg_match("@siteUserList.cgi?group=site177@", $QUERY_STRING))
and:
if (preg_match("@siteUserList.cgi?group=site177&@", $QUERY_STRING))
In other words I need it to match if the query string HAS or DOESNT
HAVE a "&" at the end.
Thanks.
--- End Message ---
--- Begin Message ---
try this
if (preg_match("@siteUserList.cgi?group=site177&?@", $QUERY_STRING))
(I added a "?" after get "&")
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Monday, July 01, 2002 11:29 AM
To: [EMAIL PROTECTED]
Subject: [PHP] How to put these 2 IF statements into 1, with regex?
Hi People,
I was wondering if there is anyway to combine these two IF statements
into one:
if (preg_match("@siteUserList.cgi?group=site177@", $QUERY_STRING))
and:
if (preg_match("@siteUserList.cgi?group=site177&@", $QUERY_STRING))
In other words I need it to match if the query string HAS or DOESNT
HAVE a "&" at the end.
Thanks.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
wrote:
> I was wondering if there is anyway to combine these two IF statements
> into one:
>
> if (preg_match("@siteUserList.cgi?group=site177@", $QUERY_STRING))
>
> and:
>
> if (preg_match("@siteUserList.cgi?group=site177&@", $QUERY_STRING))
Remember that preg_* functions aren't equivalent to str_*; you're matching
against a regex pattern now, not just a simple text string. So you must
first escape any regex special characters within your text string if you
want reliable results. Otherwise, you're going to eventually end up with
unintended matches like "siteUserList9cggroup=site177&".
Regarding the rest of your question: the "?" character is what you seek.
if (preg_match("/siteUserList\.cgi\?group=site177&?/", $QUERY_STRING))
--
CC
--- End Message ---
