php-windows Digest 11 Jun 2002 17:30:29 -0000 Issue 1186
Topics (messages 14173 through 14187):
Re: beginner question to variables
14173 by: Steve Yates
Re: Somebody please help beginner with variable problem
14174 by: Steve Yates
Re: HTTP_WEREFERER / HTTP_REFERER
14175 by: hippo
Re: Apache 2.0.36 + PHP + Win2000 Server
14176 by: Brian McGarvie
14183 by: Matt Babineau
Men enough for this? LDAP, SSL, Active Directory
14177 by: Andres Petralli
Re: parsing from vb
14178 by: Alex Elderson
php script for downloading files???
14179 by: Alex Elderson
14182 by: Svensson, B.A.T. (HKG)
ImageCreateFromJPEG
14180 by: Sean
Re: How to pass passwd Server <-> Client in a "secure" way
14181 by: Svensson, B.A.T. (HKG)
14184 by: Svensson, B.A.T. (HKG)
14187 by: Michael Davey
Domain Authentication
14185 by: Blaine Dinsmore
14186 by: Svensson, B.A.T. (HKG)
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
--- Begin Message ---
"Si Ming" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> $totalqty = $tireqty + $oilqty + $sparkqty;
> ---------- change it to -----------
> $totalqty = $HTTP_POST_VAR["tireqty"] + $HTTP_POST_VAR["oilqty"] +
Some options:
1) extract($HTTP_POST_VARS); // note it's plural...
2) if you use these vars a lot:
$tireqty = $HTTP_POST_VAR["tireqty"];
(...)
$totalqty = $tireqty + ...
> and what about the $totalqty variable that has just been created? How do I
> refer to it?
As $totalqty since you created it. The arrays are only for post, get,
environment, etc., variables that come from outside your script.
- Steve Yates
- A pessimist complains about the noise when opportunity knocks.
/ Taglines by Taglinator - www.srtware.com /
--- End Message ---
--- Begin Message ---
> > > I have set register_globals = On.
Where is your php.ini file? Should be in your c:\windows folder.
- Steve Yates
- I used spot remover on my dog. Good thing his name is Rover.
/ Taglines by Taglinator - www.srtware.com /
--- End Message ---
--- Begin Message ---
Dobrý den,
Monday, June 10, 2002, 10:52:20 PM, napsal jste:
> Why not check to see which one is set?
Of course, I can do that but how to generate it online.
It should look like this :
referer -> check referer
-> if(!right(referer)) do_some_error()
else work_right() -> some application
I need to add referer online and i would generate referer and
werereferer on the server. But how ;))
hippo
> --
> Scott Hurring
> Systems Programmer
> EAC Corporation
> scott (*) eac.com
> "Hippo" <[EMAIL PROTECTED]> wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
>> Hi,
>>
>> I found the following problem, When using variable HTTP_REFERER and
>> client has installed Norton Personal Firewall, Apache changes the
>> system variable
>> $_DEPENDS_ON_VERSION_PHP[HTTP_REFERER] on HTTP_WEREFERER.
>>
>> I need to do check of HTTP_REFERER and can not say to the user do not use
>> NORTON. Is there any possibility to read changed variable or use some
>> other way to use HTTP_REFERER ?
>>
>> it usually looks like this
>> HTTP_WEFERER = KJVZCMHVIBGDADRZFSQHYUCDDJBLVLMHAALPT
>>
>> Thanx for any response!
>> hippo
>>
>>
>>
--
S pozdravem,
hippo
[EMAIL PROTECTED]
--- End Message ---
--- Begin Message ---
Having been a PHP developer for around 4 years now, I have'nt had the luxury of a
Linux machine at home,
however I have always had on my now quite slow machine - but still very reliable and
runs fast enuff for
development puposes - ran Apache/PHP/MySQL on it with no problems (win98), I do keep
it up-to-date, still
only win98 tho, but running apache2, php 4.2.1, mysql 3.23.49 without any problems.
Production servers have always been linux based, and it's always been jist a matter of
uploading and changing
the database information. The written code has always been fine - except any hand-made
bugs :)
I've recently been doing a contract developing an extranet for a client, the server if
a win2k machine, iis5,
with same PHP/MySQl as above, also without any problems.
I might even say that the benchmarking I have done with the application developed, on
the server above,
the server above but running apache, and the application running on a linux box with
apache2 and same versions
of PHP/MySQL. The results have virtually been identical.
If interested the w2k server is a dual 2ghz p4, as was the linux test-box, and both
with 1gb ram.
So I believe it's really down to personal choice, of course IIS/Apache have their
advantages/disadvantages.
If running on a w2k server, I'd lean to IIS - mainly because of the relationship of
Active Directory,
if you're developing an application that requires some extra security.
These are my personal findings... feel free to comment back. I'm always open to trying
new methods of deployment.
> -----Original Message-----
> From: Scott Carr [mailto:[EMAIL PROTECTED]]
> Sent: 10 June 2002 8:50 PM
> To: Matt Babineau
> Cc: PHP Windows
> Subject: RE: [PHP-WIN] Re: Apache 2.0.36 + PHP + Win2000 Server
>
>
> From what I understand, there is support for SSL just not in
> the Binary form of
> Apache 2.0. You have to compile it yourself. The reason
> being is US export
> laws of encryption stuff. The Apache Group is very if'y when
> it comes to that.
> With DMCA and such laws, I can understand why.
> --
> Scott Carr
> OpenOffice.org
> Whiteboard-Doc Maintainer
> http://whiteboard.openoffice.org/doc/
>
>
> Quoting Matt Babineau <[EMAIL PROTECTED]>:
>
> > Yeah Scott, that's also what I have been hearing. I am
> wondering though
> > is the PHP support in Apache 1.3 or 2.0 even on Windows the
> same type of
> > support that you would get on a Linux machine? I am not a
> Linux person
> > but I may need to be if I can't get good performance out of
> Windows. I
> > am a Windows person by trade but I am slowly moving towards
> open source
> > primarily because I can develop for free. I also was rading
> about Apache
> > 2.0 and it said that there was no SSL support for it. Does
> anyone know
> > if there is SSL support in Apache v1.3 for windows?
> >
> > Matt Babineau
> > Freelance Internet Developer
> > -----------------------------------------
> > e: [EMAIL PROTECTED]
> > p: 603.943.4237
> > w: http://www.criticalcode.com
> > PO BOX 601
> > Manchester, NH 03105
> >
> >
> > -----Original Message-----
> > From: Scott Hurring [mailto:[EMAIL PROTECTED]]
> > Sent: Monday, June 10, 2002 3:09 PM
> > To: [EMAIL PROTECTED]
> > Subject: [PHP-WIN] Re: Apache 2.0.36 + PHP + Win2000 Server
> >
> >
> > PHP support for Apache2 is still experimental, so i'd go with Apache
> > 1.3.x for now.
> >
> > Most people i hear from say that PHP/apache is much faster
> > than PHP/IIS.
> >
> > "Matt Babineau" <[EMAIL PROTECTED]> wrote in message
> > 003101c21097$69822c40$6501a8c0@developerx">news:003101c21097$69822c40$6501a8c0@developerx...
> > > Hello all;
> > >
> > > I am looking into a solution for a company and I want to use PHP.
> > > However I want to use PHP on Windows but do not want to use IIS.
> > > Currently on my test system I run IIS + WinXP + PHP, and
> I am running
> > > PHP as a CGI executable. If I use Apache as the Web
> server software,
> > > will I be able to take full advantage of PHP? Currently I
> know the CGI
> >
> > > runs slower then "navtive"? (is that correct?) If I
> install Apache on
> > > a Win2k machine, will my PHP performance be equivalent to a Linux
> > > machine?
> > >
> > > Thank for your response!
> > >
> > > Matt Babineau
> > > Freelance Internet Developer
> > > -----------------------------------------
> > > e: <mailto:[EMAIL PROTECTED]> [EMAIL PROTECTED]
> > > p: 603.943.4237
> > > w: <http://www.criticalcode.com/>
> http://www.criticalcode.com PO BOX
> > > 601 Manchester, NH 03105
> > >
> > >
> >
> >
> >
> > --
> > PHP Windows Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >
> > --
> > PHP Windows Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >
>
>
> -------------------------------------------------
> This mail sent through IMP: http://horde.org/imp/
>
--- End Message ---
--- Begin Message ---
Thanks Brian, that was the exact answer I was looking for. I love the
luxury of the win2k machine, but hate the IIS security issues + the PHP
running as a CGI. I'll look into Apache on 2k further then.
Also thanks to Scott for you response too!
Matt Babineau
Freelance Internet Developer
-----------------------------------------
e: [EMAIL PROTECTED]
p: 603.943.4237
w: http://www.criticalcode.com
PO BOX 601
Manchester, NH 03105
-----Original Message-----
From: Brian McGarvie [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, June 11, 2002 3:44 AM
To: PHP Windows
Subject: RE: [PHP-WIN] Re: Apache 2.0.36 + PHP + Win2000 Server
Having been a PHP developer for around 4 years now, I have'nt had the
luxury of a Linux machine at home, however I have always had on my now
quite slow machine - but still very reliable and runs fast enuff for
development puposes - ran Apache/PHP/MySQL on it with no problems
(win98), I do keep it up-to-date, still only win98 tho, but running
apache2, php 4.2.1, mysql 3.23.49 without any problems.
Production servers have always been linux based, and it's always been
jist a matter of uploading and changing the database information. The
written code has always been fine - except any hand-made bugs :)
I've recently been doing a contract developing an extranet for a client,
the server if a win2k machine, iis5, with same PHP/MySQl as above, also
without any problems.
I might even say that the benchmarking I have done with the application
developed, on the server above, the server above but running apache, and
the application running on a linux box with apache2 and same versions of
PHP/MySQL. The results have virtually been identical.
If interested the w2k server is a dual 2ghz p4, as was the linux
test-box, and both with 1gb ram.
So I believe it's really down to personal choice, of course IIS/Apache
have their advantages/disadvantages.
If running on a w2k server, I'd lean to IIS - mainly because of the
relationship of Active Directory, if you're developing an application
that requires some extra security.
These are my personal findings... feel free to comment back. I'm always
open to trying new methods of deployment.
> -----Original Message-----
> From: Scott Carr [mailto:[EMAIL PROTECTED]]
> Sent: 10 June 2002 8:50 PM
> To: Matt Babineau
> Cc: PHP Windows
> Subject: RE: [PHP-WIN] Re: Apache 2.0.36 + PHP + Win2000 Server
>
>
> From what I understand, there is support for SSL just not in
> the Binary form of
> Apache 2.0. You have to compile it yourself. The reason
> being is US export
> laws of encryption stuff. The Apache Group is very if'y when
> it comes to that.
> With DMCA and such laws, I can understand why.
> --
> Scott Carr
> OpenOffice.org
> Whiteboard-Doc Maintainer
> http://whiteboard.openoffice.org/doc/
>
>
> Quoting Matt Babineau <[EMAIL PROTECTED]>:
>
> > Yeah Scott, that's also what I have been hearing. I am
> wondering though
> > is the PHP support in Apache 1.3 or 2.0 even on Windows the
> same type of
> > support that you would get on a Linux machine? I am not a
> Linux person
> > but I may need to be if I can't get good performance out of
> Windows. I
> > am a Windows person by trade but I am slowly moving towards
> open source
> > primarily because I can develop for free. I also was rading
> about Apache
> > 2.0 and it said that there was no SSL support for it. Does
> anyone know
> > if there is SSL support in Apache v1.3 for windows?
> >
> > Matt Babineau
> > Freelance Internet Developer
> > -----------------------------------------
> > e: [EMAIL PROTECTED]
> > p: 603.943.4237
> > w: http://www.criticalcode.com
> > PO BOX 601
> > Manchester, NH 03105
> >
> >
> > -----Original Message-----
> > From: Scott Hurring [mailto:[EMAIL PROTECTED]]
> > Sent: Monday, June 10, 2002 3:09 PM
> > To: [EMAIL PROTECTED]
> > Subject: [PHP-WIN] Re: Apache 2.0.36 + PHP + Win2000 Server
> >
> >
> > PHP support for Apache2 is still experimental, so i'd go with Apache
> > 1.3.x for now.
> >
> > Most people i hear from say that PHP/apache is much faster than
> > PHP/IIS.
> >
> > "Matt Babineau" <[EMAIL PROTECTED]> wrote in message
> > 003101c21097$69822c40$6501a8c0@developerx">news:003101c21097$69822c40$6501a8c0@developerx...
> > > Hello all;
> > >
> > > I am looking into a solution for a company and I want to use PHP.
> > > However I want to use PHP on Windows but do not want to use IIS.
> > > Currently on my test system I run IIS + WinXP + PHP, and
> I am running
> > > PHP as a CGI executable. If I use Apache as the Web
> server software,
> > > will I be able to take full advantage of PHP? Currently I
> know the CGI
> >
> > > runs slower then "navtive"? (is that correct?) If I
> install Apache on
> > > a Win2k machine, will my PHP performance be equivalent to a Linux
> > > machine?
> > >
> > > Thank for your response!
> > >
> > > Matt Babineau
> > > Freelance Internet Developer
> > > -----------------------------------------
> > > e: <mailto:[EMAIL PROTECTED]> [EMAIL PROTECTED]
> > > p: 603.943.4237
> > > w: <http://www.criticalcode.com/>
> http://www.criticalcode.com PO BOX
> > > 601 Manchester, NH 03105
> > >
> > >
> >
> >
> >
> > --
> > PHP Windows Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >
> > --
> > PHP Windows Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >
>
>
> -------------------------------------------------
> This mail sent through IMP: http://horde.org/imp/
>
--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
Hi NG Users,
I have sent this message to php.general too, but didn't get any response
there. It looks like this is all to new for most of the readers... Since
LDAP is some kind of db too, I thaught I'd send it to php.windows...
I'm implementing some php 4.2.x code to manipulate Microsofts Active
Directory. I have already set-up the domain controller to handle LDAP
over SSL (Port 636) and it looks like it is working, at least I can
download a certificate when I browse the server with HTTPS.
The problem now is to get the certificate into php. Does anyone have
some clues how to manage this? Basically, what I'm trying to do is to
build a web-frontend to change passwords for AD accounts. I wouldn't
like to re-invent the wheel, so I'd really appreciate if someone could
post some code samples.
Also, if somebody already knows about some working ASP (VB) code, that
would also be very much appreciated. Anyway, it would be important to at
least be able to authenticate users agains AD with php, what probably
means that I still have to set-up a PHP/LDAP over a SSL connection to
AD. If anyone knows how to get a certificate into PHP, so that it is
possible to connect with something like this
$ds = ldap_connect("ldaps://servername:636");
that would be really great.
I've been browsing a lot on the web now and I really have tried almost
any search combinations with google and other search engines, but I
couldn't find any usefull docs on this topic. There are many people
looking into this issue, but finally most of them seem to fail when it
comes to connect to AD over SSL. If someone here has experience in this
field, I think he could do a favour to lots of developers, since it
looks like this is a major problem when it comes to interoperability
between Win2k and common Unix systems. Should I be successful in my
research, I really would be willing to write a decent documentation
about this, so that others wont have to waste so much time again, like
others did on this topic.
Kind regards to everyone,
Andres
--- End Message ---
--- Begin Message ---
http://www.php.net/manual/en/features.commandline.php
This is all you need.
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
>
>hi,
>
>1.
>I have to parse php scripts from a visual basic program without using apache
>or IIS or any other web server. There are several DLL's in php directory and
>I think I must use them. Do you have experience for this or know tutorials
>discribing the use of php libraries from other windows programs?
>
>Or maybe there is another simple way? For example using php.exe to parse the
>scripts. But I couldn't start it using parameters like
>
> php.exe script.php?par1=aaa.
>
>2.
>I have a DLL written in VB with several business logic functions. How can
>use it in php without compiling whole php? In the same way using com
>objects?
>
>Thank you very much
>
>Ergin Aytac
>
>
--- End Message ---
--- Begin Message ---
Hi,
I have made a script ware you can download some files. It work good, except if
you chose to open the file in place of save it. WinXP cann't find the file
after downloading for opening.
if i read the headers i see this:
HTTP/1.1 200 OK
Date: Tue, 11 Jun 2002 10:01:21 GMT
Server: Apache/1.3.24 (Win32)
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Content-Disposition: attachment; filename=Blauw 16.bmp
Content-Disposition-type: application/octet-stream
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
X-Powered-By: PHP/4.2.0
Connection: close
Content-Type: text/html
Alex Elderson
[EMAIL PROTECTED]
--- End Message ---
--- Begin Message ---
Maybe you should try to have the filename attribute as a quoted string(?).
> Hi,
>
> I have made a script ware you can download some files. It work good, except if
> you chose to open the file in place of save it. WinXP cann't find the file
> after downloading for opening.
>
> if i read the headers i see this:
>
> HTTP/1.1 200 OK
> Date: Tue, 11 Jun 2002 10:01:21 GMT
> Server: Apache/1.3.24 (Win32)
> Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
> Content-Disposition: attachment; filename=Blauw 16.bmp
RFC 2616:
19.5.1 Content-Disposition
The Content-Disposition response-header field has been proposed as a
means for the origin server to suggest a default filename if the user
requests that the content is saved to a file. This usage is derived
from the definition of Content-Disposition in RFC 1806 [35].
content-disposition = "Content-Disposition" ":"
disposition-type *( ";" disposition-parm )
disposition-type = "attachment" | disp-extension-token
disposition-parm = filename-parm | disp-extension-parm
filename-parm = "filename" "=" quoted-string
disp-extension-token = token
disp-extension-parm = token "=" ( token | quoted-string )
An example is
Content-Disposition: attachment; filename="fname.ext"
The receiving user agent SHOULD NOT respect any directory path
information present in the filename-parm parameter, which is the only
parameter believed to apply to HTTP implementations at this time. The
filename SHOULD be treated as a terminal component only.
If this header is used in a response with the application/octet-
stream content-type, the implied suggestion is that the user agent
should not display the response, but directly enter a `save response
as...' dialog.
See section 15.5 for Content-Disposition security issues.
--- End Message ---
--- Begin Message ---
I cant seem to get ImageCreateFromJPEG() to work with PHP 4+ on Apache.
Any ideas?
--- End Message ---
--- Begin Message ---
Thanks for your feedback Scott!
> You should also keep in mind that it's exceedingly dangerous
> to "re-invent the wheel" when it comes to cryptography. Heavily
> peer-reviewed algorithms (which are not always the most secure)
> are always your best bet.
I don't intend to do that: I just want to improve the rubber of
the wheel. ;)
> Even though SSL isn't the best overall option for 100%
> total security, if you go about putting another home-brewed
> layer over SSL, you'll only marginally increase your security,
> while increasing your workload by quite a lot (and give yourself
> a false sense of security)
Point taken. But SSL is a false sense of security anyway - that's
why I want to improve it.
> Another option nobody has mentioned:
> Perhaps install PGP/GPG on the server and email out encrypted
> passwords... this way, speed won't be such an issue, and you
> can use 3072-bit keys, which are quite secure. Of course, this
> would mean the client MUST have PGP/GPG installed on his
> computer.... :-)
I've already to started to impliment RSA cryptography within the database.
And then you can try to break my potential 50.000-bits keys if you feel
for it. =) I don't think even NSA will be able to crack such one even,
unless they haven't found a fast factorization algorithm. ;)
This is not going to be a high load thing - this is for the security
of the database maintenance tool - since the operator will have quite
a lot of power to create and change user account etc, it is important
to protect this communication - but this wont be used very often, and
it will be short interactive queries only with the data base - and the
database server has quite good crunching capacity to, so I don't worry
to much bout it. For example a manbdelbroth function I wrote in SQL at
my former job took about 20 minute to crunch on the our SQL server,
this server does the same job in 15 second. I got enough power! ;)
--
Anders Svensson
Member of International Association of Idiot Developer
The Dutch Government
--- End Message ---
--- Begin Message ---
> Have you looked and the Challenge-Response Authentication stuff in phplib?
>
> Just a thought...
Thanks for your tips. I am aware of it, but I can't (currently) use
php because of policy decisions. Also I realize that I need to make
an errata on my quote from Monday, June 10, 2002 15:49:
"And I can use php, so it pointless to refer to any php specific methods."
It should be.
"And I can NOT use php [...]"
I am sorry for that blunder.
--- End Message ---
--- Begin Message ---
So why are you asking this question to a PHP list?
> -----Original Message-----
> From: Svensson, B.A.T. (HKG) [mailto:[EMAIL PROTECTED]]
> Sent: 11 June 2002 15:44
> To: [EMAIL PROTECTED]
> Cc: Php Win32 list
> Subject: RE: [PHP-WIN] How to pass passwd Server <-> Client in a
> "secure" way
>
>
> > Have you looked and the Challenge-Response Authentication stuff
> in phplib?
> >
> > Just a thought...
>
> Thanks for your tips. I am aware of it, but I can't (currently) use
> php because of policy decisions. Also I realize that I need to make
> an errata on my quote from Monday, June 10, 2002 15:49:
>
> "And I can use php, so it pointless to refer to any php specific methods."
>
> It should be.
>
> "And I can NOT use php [...]"
>
> I am sorry for that blunder.
>
>
> --
> PHP Windows Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
>
--- End Message ---
--- Begin Message ---
Can someone tell me how I can force re-authentication to log in a different user?
It seems that once I'm authenticated I'm recognized and will not be prompted again for
a password even on a refresh.
Thanks,
Blaine
if (!isset($_SERVER['REMOTE_USER'])) {
header( 'WWW-Authenticate: Basic realm="myrealm"' );
header( 'HTTP/1.0 401 Unauthorized' );
echo 'Authorization Required.';
exit;
} else {
$userid = $_SERVER['REMOTE_USER'];
echo "Your username is: $userid <br>";
--- End Message ---
--- Begin Message ---
Kill the session?
> -----Original Message-----
> From: Blaine Dinsmore [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, June 11, 2002 4:54 PM
> To: [EMAIL PROTECTED]
> Subject: [PHP-WIN] Domain Authentication
>
>
> Can someone tell me how I can force re-authentication to log in a different user?
> It seems that once I'm authenticated I'm recognized and will not be prompted again
>for a password even on a refresh.
>
>
> Thanks,
>
> Blaine
>
>
> if (!isset($_SERVER['REMOTE_USER'])) {
>
> header( 'WWW-Authenticate: Basic realm="myrealm"' );
> header( 'HTTP/1.0 401 Unauthorized' );
> echo 'Authorization Required.';
> exit;
>
> } else {
>
> $userid = $_SERVER['REMOTE_USER'];
> echo "Your username is: $userid <br>";
>
>
>
>
> --
> PHP Windows Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
--- End Message ---
