php-windows Digest 19 Jul 2003 11:53:41 -0000 Issue 1830
Topics (messages 20832 through 20836):
Re: Sessions
20832 by: Luis Ferro
Re: need help with sessions
20833 by: Luis Ferro
Re: Back button error
20834 by: Luis Ferro
PHP and windows Server 2003
20835 by: Ronald Forster
Re: Newbie Q
20836 by: Gabriel_k
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
--- Begin Message ---
Depending on the implementation that it's in use for the generation and
bookkeeping of the sid... and if it is a flutuating sid or a fixed one...
The medium on how the session is mantained is irrelevant, even if with
cookies, it's a little easier to mantain the links... because they will
not change... BUT if the user has cookies disabled, php will try to use
a SID in the url's...
Regarding security, the problem is the same... the sid will be
transmited somewhere in "clear" thru the packets...
If the session is to mantain a login, it is advisable that the sid be of
an algoritmic form and not a fixed one... i think there are good
libraries with code that implements a schema like that and also allow
sessions to be mantained in a database server (which is a good thing if
you need more then one web server).
Cheers,
Luis Ferro
Miha Nedok wrote:
I'm developing web apps written in PHP for quite a long time.
I would like to know your preferred way using sessions ( cookie or TRANS
SID ). I'm using Cookies. I would like to hear some pro et contras. :)
-Mike
--- End Message ---
--- Begin Message ---
The meta tags are also passed thru the web servers and can have some
"strange" behaviors...
For a more deep insight of the kind of problems that redirects can have
you can check the phpBB, in the function.php there is a redirect
function that has loads of work-arrounds regarding redirection and
diferent servers... and in the end, you may need to test to see if the
solution proposed works with the web server/browser combination that is
beign tested...
Cheers,
Luis Ferro
Donatas wrote:
Thanks, this is something I was looking for.
I now retested this very same code at home where I have PHP 4.3.2 running on
Windows 2003 Standart Server and it worked, now I just want to find out
whether it was windows or PHP related.
Cheers,
Donny
PS. Thanks everyone for help
-----Original Message-----
From: Miha Nedok [mailto:[EMAIL PROTECTED]
Sent: Saturday, July 12, 2003 6:08 PM
To: Donatas
Cc: [EMAIL PROTECTED]
You can use HTML:
<meta http-equiv="refresh" content="0; url=XXXXXXXX">
-Mike
On Thu, 10 Jul 2003, Donatas wrote:
Date: Thu, 10 Jul 2003 19:25:46 +0200
From: Donatas <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: RE: [PHP-WIN] need help with sessions
Thanks Luis,
I had this idea in mind, but still... maybe someone knows a way how to
achieve same effect without using JavaScript? Not that I don't like it but
that there should be some way.
PS. Your english is just as great as mine :D
--- End Message ---
--- Begin Message ---
They are much diferent...
Get has a limit of about 2k of content that can be sent thru... and
there are things that are impossible to do with get, like sending files
(which uses a "special" kind of post).
Get has also the problem that the form you sent will be present on the
address box of the browser. Which will mean that if there are any kind
of login/session info, it will get passed to the bookmark/link... (which
can be a security problem or not depending on the way the forms are used).
Post has no memory limits and can handle sending of files to the web
server. And won't get passed in the url/address bar.
It must be noted, that both of the methods allow for data to be tampered
and looked upon... At the most parts are send thru in base64 (which is
almost equal to say that it is in clear language).
To get some security in the forms/pages there is need for SSL/https
Cheers,
Luis Ferro
Harpreet wrote:
Cristian,
You said by using the method in a form as Get in place of Post it allows me to use
the back button without getting the error message:
Warning: Page has Expired The page you requested was created using
information you submitted in a form. This page is no longer available.
As a security precaution, Internet Explorer does not automatically
resubmit your information for you.
I changed the post to a GET and it seems to work just right. Do I loose anything by using a get in place of a POST. How r they both different. Please help.
Thanks
"Cristian MARIN" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]
This is not an error, this is a security issue:
Your form has passed the form variable thru 'post' method and when you are
hitting back button or reloading with a JScript the history page you see the
message because the IE do not re-submit automatically the form because is a
security leak.
If you really don't want to see the message appearing you have to specify in
the form the "<post method='get' action='... >" and this will automatically
submit the form once again.
--
-------------------------------------------------
Cristian MARIN - Developer
InterAKT Online (www.interakt.ro)
Tel: +4021 312.53.12
Tel/Fax: +4021 312.51.91
[EMAIL PROTECTED]
"Harpreet" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
--- End Message ---
--- Begin Message ---
I am having problems bringing php to work on a Windows server 2003.
Done all the same as on server 2000 but I get always a 404 error.
Can anyone help ?
--- End Message ---
--- Begin Message ---
Yeah that worked fine :)
Thank you all!
/Gabbah
"Mike Jenck" <[EMAIL PROTECTED]> skrev i meddelandet
news:[EMAIL PROTECTED]
> try
> $_SERVER["PHP_SELF"]
>
>
>
> Mike
>
> "Gabriel_k" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]
> > Oh, I accidently typed PHP_INFO, but I DID USE PHP_SELF, with and
without
> a
> > dollar sign, and none worked. I tried the same with PATH_INFO.
> >
> > But I will check out the manual first :)
> >
> > /Gabbah
> >
> > "Luis Moreira" <[EMAIL PROTECTED]> skrev i meddelandet
> > news:[EMAIL PROTECTED]
> > > Gabriel,
> > >
> > > Try reading the manuals at http://www.php.net
> > > They are a good source of info, always, to start with.
> > >
> > > PHP_SELF and PATH_INFO are variables, and as such must have a dollar
> sign.
> > > Your error messages implies you did not put that sign.
> > > Furthermore, you complain about PHP_SELF and PATH_INFO and the
messages
> > > refers to PHP_INFO, wich is a function, therefore needing "()" at the
> end
> > >
> > > From the manual pages (function EXPLODE splits a string based on a
> > > separator) an example I DID NOT TRY myself :
> > >
> > > if(isset($PATH_INFO)) {
> > > $viewcode = explode('/', $PATH_INFO);
> > > $num = count($viewcode);
> > > if($num % 2 == 0) {
> > > $viewcode[] = '';
> > > $num++;
> > > }
> > > for($i = 1; $i < $num; $i += 2) {
> > >
> > > $$viewcode[$i] = $viewcode[$i+1];
> > >
> > > }
> > > }
> > >
> > > Luis
> > > ----- Original Message ----- From: "Gabriel_k"
<[EMAIL PROTECTED]>
> > > To: <[EMAIL PROTECTED]>
> > > Sent: Thursday, July 17, 2003 11:03 PM
> > > Subject: Re: [PHP-WIN] Re: Newbie Q
> > >
> > >
> > > > Hey man, I tried using PHP_SELF and PATH_INFO, but they both got
this
> > > error
> > > > message:
> > > >
> > > > Notice: Use of undefined constant PHP_INFO - assumed 'PHP_INFO' in
> > > > C:\Fedde\Share\Bilder-
Resa\Tyskland-Alemania\Tisdag-Martes\Index.php
> on
> > > > line 46
> > > >
> > > >
> > > > I found path_info when using phpinfo(), but not php_info.
> > > > What am I doing wrong?
> > > >
> > > > /Gabbah
> > > >
> > > > "H Marc Bower" <[EMAIL PROTECTED]> skrev i meddelandet
> > > > news:[EMAIL PROTECTED]
> > > > > Well, if you want the path as far as the website is concerned, use
> > > > > dirname($PHP_SELF). If you want the absolute file system path,
use
> > > > > getcwd().
> > > > >
> > > > > Example:
> > > > >
> > > > > Files located on server at
> > > > > D:\wwwroot\files\uploads\here
> > > > > By website address at:
> > > > > http://yourserver.com/files/uploads/here
> > > > > File being accessed:
> > > > > http://yourserver.com/files/uploads/here/file.php
> > > > >
> > > > > <?php
> > > > > $title = dirname($PHP_SELF);
> > > > > ?>
> > > > >
> > > > > This will set $title to
> > > > > /files/uploads/here
> > > > >
> > > > > <?php
> > > > > $title = getcwd();
> > > > > ?>
> > > > >
> > > > > This will set $title to
> > > > > D:\wwwroot\files\uploads\here
> > > > >
> > > > > Depends on what value you actually want to use.
> > > > >
> > > > > (V)
> > > > >
> > > > > ----- Original Message -----
> > > > > From: "Gabriel_k" <[EMAIL PROTECTED]>
> > > > > To: <[EMAIL PROTECTED]>
> > > > > Sent: Wednesday, July 16, 2003 8:18 AM
> > > > > Subject: Re: [PHP-WIN] Re: Newbie Q
> > > > >
> > > > >
> > > > > > Well, I want my php script to put the TITLE of a html page to
the
> > name
> > > > of
> > > > > > the directory the script is in.
> > > > > >
> > > > > > /Gabbah
> > > > > >
> > > > > > "H Marc Bower" <[EMAIL PROTECTED]> skrev i meddelandet
> > > > > > news:[EMAIL PROTECTED]
> > > > > > > Um... the file in which you put that command should be
there...
> > :)
> > > > > > >
> > > > > > > What is the purpose for knowing the directory name? Maybe
there
> > is
> > > > > > > something else you can tell us that will get you the answer
> you're
> > > > > looking
> > > > > > > for.
> > > > > > >
> > > > > > > (V)
> > > > > > >
> > > > > > > ----- Original Message -----
> > > > > > > From: "Gabriel_k" <[EMAIL PROTECTED]>
> > > > > > > > What if there is no file?
> > > > > > > > "Heyz" <[EMAIL PROTECTED]> skrev i meddelandet
> > > > > > > > > It's simple.
> > > > > > > > >
> > > > > > > > > dirname(__FILE__)
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > --
> > > > > > PHP Windows Mailing List (http://www.php.net/)
> > > > > > To unsubscribe, visit: http://www.php.net/unsub.php
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > > >
> > > > --
> > > > PHP Windows Mailing List (http://www.php.net/)
> > > > To unsubscribe, visit: http://www.php.net/unsub.php
> > > >
> > >
> >
> >
>
>
--- End Message ---
