Re: [PHP] Good php-news newsletter?
On 8/24/07 9:21 AM, Edward Kay wrote: > http://www.planet-php.org/rss/ > http://www.php-mag.net/magphpde/psecom,id,26,noeid,26,.html > http://www.phpdeveloper.org/phpdev.rss And also try http://devzone.zend.com/. They have regular PHP community news, articles, and weekly summaries of activity within the PHP developer community. -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Setting group sticky bit on directory with chmod()
On 8/2/07 11:45 AM, Tijnema wrote: > On 8/2/07, Ben Ramsey <[EMAIL PROTECTED]> wrote: >> So, what are we doing wrong with chmod() that is causing us to get the >> wrong results? Keep in mind that we are running the PHP script as the >> same user who owns the directory. > > Who is the owner of the directory containing this test1 directory? > That one should also be the same as PHP script is running on AFAIK. > Read my last paragraph. ;-) -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Setting group sticky bit on directory with chmod()
On 8/2/07 10:57 AM, Daniel Brown wrote: > On 8/2/07, Ben Ramsey <[EMAIL PROTECTED]> wrote: >> PHP (doesn't work): >> chmod('/path/to/dir', 02775); >> >> We've tested the PHP code on files, and it works, but it doesn't work on >> directories. > > Drop the preceding 0 from the chmod() function parameters. The > four-digit octal value is preferred, and the 0 is the first bit to > show that there's no user- or group-specific execution (su-exec'ing, > basically) or "stickiness" to the file/directory. However, > three-digit values will work. In either case, five digits will not > work. > > Right: > chmod 0755 file.php > chmod 1777 file.php > chmod('file.php',0755); > chmod('file.php',1777); What about on directories? That's our problem. The following works on files (even though you say it shouldn't). I'll clarify: 02775 sets permissions based on how we expect 2775 to work using chmod from the command prompt. The problem is that 2775 with PHP's chmod() doesn't set the permissions in the same way that it does from the command prompt. This works on files: chmod('/path/to/file.php', 02775); But it doesn't work on directories. Here's what we're doing: Here's what we get: $ ls -l d-ws-w-rwt 2 user user 4096 Aug 2 15:33 test1 Here's what we expect: $ chmod 2775 test1 drwxrwsr-x 2 user user 4096 Aug 2 15:34 test1 So, what are we doing wrong with chmod() that is causing us to get the wrong results? Keep in mind that we are running the PHP script as the same user who owns the directory. -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Setting group sticky bit on directory with chmod()
On 8/2/07 10:57 AM, Daniel Brown wrote: > On 8/2/07, Ben Ramsey <[EMAIL PROTECTED]> wrote: >> PHP (doesn't work): >> chmod('/path/to/dir', 02775); >> >> We've tested the PHP code on files, and it works, but it doesn't work on >> directories. > > Drop the preceding 0 from the chmod() function parameters. The > four-digit octal value is preferred, and the 0 is the first bit to > show that there's no user- or group-specific execution (su-exec'ing, > basically) or "stickiness" to the file/directory. However, > three-digit values will work. In either case, five digits will not > work. > > Right: > chmod 0755 file.php > chmod 1777 file.php > chmod('file.php',0755); > chmod('file.php',1777); What about on directories? That's our problem. The following works on files (even though you say it shouldn't). I'll clarify: 02775 sets permissions based on how we expect 2775 to work using chmod from the command prompt. The problem is that 2775 with PHP's chmod() doesn't set the permissions in the same way that it does from the command prompt. This works on files: chmod('/path/to/file.php', 02775); But it doesn't work on directories. Here's what we're doing: Here's what we get: $ ls -l d-ws-w-rwt 2 user user 4096 Aug 2 15:33 test1 Here's what we expect: $ chmod 2775 test1 drwxrwsr-x 2 user user 4096 Aug 2 15:34 test1 So, what are we doing wrong with chmod() that is causing us to get the wrong results? Keep in mind that we are running the PHP script as the same user who owns the directory. -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Setting group sticky bit on directory with chmod()
On 8/2/07 10:57 AM, Daniel Brown wrote: > On 8/2/07, Ben Ramsey <[EMAIL PROTECTED]> wrote: >> PHP (doesn't work): >> chmod('/path/to/dir', 02775); >> >> We've tested the PHP code on files, and it works, but it doesn't work on >> directories. > > Drop the preceding 0 from the chmod() function parameters. The > four-digit octal value is preferred, and the 0 is the first bit to > show that there's no user- or group-specific execution (su-exec'ing, > basically) or "stickiness" to the file/directory. However, > three-digit values will work. In either case, five digits will not > work. > > Right: > chmod 0755 file.php > chmod 1777 file.php > chmod('file.php',0755); > chmod('file.php',1777); What about on directories? That's our problem. The following works on files (even though you say it shouldn't). I'll clarify: 02775 sets permissions based on how we expect 2775 to work using chmod from the command prompt. The problem is that 2775 with PHP's chmod() doesn't set the permissions in the same way that it does from the command prompt. This works on files: chmod('/path/to/file.php', 02775); But it doesn't work on directories. Here's what we're doing: Here's what we get: $ ls -l d-ws-w-rwt 2 user user 4096 Aug 2 15:33 test1 Here's what we expect: $ chmod 2775 test1 drwxrwsr-x 2 user user 4096 Aug 2 15:34 test1 So, what are we doing wrong with chmod() that is causing us to get the wrong results? Keep in mind that we are running the PHP script as the same user who owns the directory. -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Setting group sticky bit on directory with chmod()
I'm trying to set a sticky bit on a directory with chmod(). The same octal value works from the command prompt, but it doesn't appear to work correctly with the PHP function. Anyone have an idea as to why? PROMPT (works): $> chmod 2775 /path/to/dir PHP (doesn't work): chmod('/path/to/dir', 02775); We've tested the PHP code on files, and it works, but it doesn't work on directories. Our current umask is 0002. We're using PHP 5.2.2 on Linux 2.6.9-42.0.10.ELsmp #1 SMP Fri Feb 16 17:17:21 EST 2007 i686 i686 i386 GNU/Linux. -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Redirecting in a PHP script
On 3/13/07 4:50 PM, Tijnema ! wrote: Did you guys ever noted that little arrow down just right of the back button, where you can go back 2 steps at once, so you don't have to click very fast?? Browsers have buttons in them? Next thing, you'll be telling me I can see images and color in my browser! What craziness! ;-) -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: $35 to the first person who can do this XML-parsing PHP script
On 3/8/07 2:59 PM, Rob Gould wrote: 1) Read XML data from an URL (www.librarytools.com/events/sampledata.txt) 2) Loop through all XML results and print to the screen the "eventname" and "eventnextoccurrencedate" (Just the date) values I'll probably kick myself once I see how easy it is, but I'm willing to pay to see it working. Feel free to email me off-list. If you're using PHP 5, take a look at SimpleXML. This is extremely easy to do. http://www.php.net/simplexml Take a look at Example 2134 on that page to get you started, and see http://www.php.net/simplexml_load_file to load XML from a URL. Do I get the $35 anyway for the consultation? ;-) -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Intro to PHP question
On 3/8/07 1:44 PM, Tijnema ! wrote: He wanted to use it for the web, so why should he try it out on CL first? Because there are some advantages to being able to run something quickly through the CLI without having to load it in a web browser. He was just doing a simple test, so the PHP CLI was perfect for the job. I can offer a few MBs for everyone that wants to get learning PHP. megabytes? -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Intro to PHP question
On 3/8/07 12:59 PM, Dave Goodchild wrote: If you really want to run that on the command line, you will need the path to php on the first line of the file. Or, he can run it through the PHP CLI with: $> php uri.php Please, forget the command line stuff unless you want to write command line scripts, and get that file running in a web environment where it belongs. happy to help if you need any more assistance doing that! What's so wrong with learning PHP from the command line? If he's comfortable with the command line, then he should be able to learn PHP from the command line. Why else does PHP have a CLI? -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Really strange / TYPO
On 10/4/06 9:14 PM, Deckard wrote: It's a typo. The file is really config.inc.php everywhere Check the file permissions. Does the Webserver have permission to read from the /var/www/html (it probably does, but it wouldn't hurt to check)? Does the Web server have permission to read /var/www/html/config.inc.php? Do you happen to have PHP running in safe_mode? If so, is the owner of /var/www/html/classes/dBInsert.php the same owner of /var/www/html/config.inc.php? These are just the things I can think of off the top of my head that would block your script from being able to include a file one directory above it. Ben Ramsey wrote: On 10/4/06 8:32 PM, Deckard wrote: Hi, I have this line of code: include_once('../config.inc.php'); I'm 100% sure that the file config.inc.php is a directory up. config.inc.php is in /var/www/html and the file that calls it is in /var/www/html/classes nevertheless, i'm getting the error: "Warning: main(../config.inc): failed to open stream: No such file or directory in /var/www/html/classes/dBInsert.php on line 10 Warning: main(): Failed opening '../config.inc' for inclusion (include_path='.:/usr/share/pear') in /var/www/html/classes/dBInsert.php on line 10" The first thing that jumps out at me is that your error says it failed to open ../config.inc, but you say the file is named config.inc.php. Check your code to ensure that you have: include_once('../config.inc.php'); and not: include_once('../config.inc'); If config.inc.php is the correct file you want to include and you're trying to include config.inc, then it obviously can't find it because it doesn't exist. :-) -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Really strange
On 10/4/06 8:32 PM, Deckard wrote: Hi, I have this line of code: include_once('../config.inc.php'); I'm 100% sure that the file config.inc.php is a directory up. config.inc.php is in /var/www/html and the file that calls it is in /var/www/html/classes nevertheless, i'm getting the error: "Warning: main(../config.inc): failed to open stream: No such file or directory in /var/www/html/classes/dBInsert.php on line 10 Warning: main(): Failed opening '../config.inc' for inclusion (include_path='.:/usr/share/pear') in /var/www/html/classes/dBInsert.php on line 10" The first thing that jumps out at me is that your error says it failed to open ../config.inc, but you say the file is named config.inc.php. Check your code to ensure that you have: include_once('../config.inc.php'); and not: include_once('../config.inc'); If config.inc.php is the correct file you want to include and you're trying to include config.inc, then it obviously can't find it because it doesn't exist. :-) -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Breaking lines
On 10/3/06 8:05 AM, Deckard wrote: $stringData = '$hostname = ' . $hostname . '\n' . '$mysql_username = ' . $mysql_username . '\n' . '$mysql_user_password = ' . $mysql_user_password . '\n'; but instead of breaking a line, it appears in the file the string \n How can i make the line break ? Use double quotation marks instead of single quotation marks: "\n" See here for why: http://us3.php.net/manual/en/language.types.string.php#language.types.string.syntax.double -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] GET, POST, REQUEST
On 6/17/06 5:34 PM, Satyam wrote: Your application might require that flexibility or accepting data via POST or GET, in which case, it is just fine. Contrary to another post I've read, there is nothing good of register_globals, that is why it is now defaulted to off and kept for compatibility, though highly discouraged. There is nothing intrinsically wrong with $_REQUEST, it is slightly more vulnerable than differentiating POSTs from GETs, but it is not the worst you can do I never said there was anything good about register_globals. In fact, I was implying that it was bad. With register_globals, you can't tell whether the variable $foo is local, global, from POST, from GET, from COOKIE, etc. I compared $_REQUEST to register_globals because it behaves similarly: you still don't know whether $_REQUEST['foo'] comes from POST, GET, or COOKIE. The good thing is that you at least know it comes from an HTTP request, so you know not to trust anything from it. -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] GET, POST, REQUEST
On 6/17/06 5:25 PM, Martin Marques wrote: I know user input shouldn't be trusted. What I want to know is IF and WHY $_REQUEST should be more untrusted then $_POST or $_GET. It's untrusted because you know the data comes from a request. It's more untrusted than GET, POST, or COOKIE because you can't tell the scope of the data. -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] GET, POST, REQUEST
On 6/17/06 3:07 PM, Anthony Ettinger wrote: it's more like painting the color of your front door, but still leaving it unlocked. It doesn't change the fact that people can still open the door. every input field needs to be validated regardless of get vs. post. the web developer toolbar for firefox can easily convert all form fields to one or the other, so it's trivial to send a get request as post, and vice-versa. Which is why, if you read the last paragraph of my post, it said that there are two things you must do: 1) always check the origin of the input and 2) always filter (validate) the input. -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] GET, POST, REQUEST
On 6/17/06 9:30 AM, David Tulloh wrote: Martin Marques wrote: Yesterday when reading some doc on PHP I noticed the $_REQUEST predefined array, which looked like a solution to having to check in GET and POST data (I'm not sure if it will really have an impact on my program yet). Yes, request is simply a merge of these arrays. It can be very useful and tends to be rather under used in PHP examples. Using $_REQUEST is similar to using register_globals. You simply cannot trust the origin of the data. It's possible that a variable by the name of "foo" exists as a cookie, POST value, and GET value. If you use $_REQUEST, you cannot be assured that the value you are getting is from the scope you intend to retrieve it. Consider the following script: Save this to a PHP file, access it through a Web browser, and click on the "Submit" button. You'll see four different arrays that output the $_REQUEST, $_GET, $_POST, and $_COOKIE values. The problem is that the $_REQUEST array contains only one value for "foo," but we know it exists in all scopes with different values. A user that knows this can make use of this knowledge to add a GET variable to the query string, add a cookie header to the request, or spoof the form with other values in POST than you intend. So, there are two things you must do here: 1) always check the origin of your data (don't use $_REQUEST, even if it seems convenient), and 2) always check that the input received is input expected (filter the input). -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: running php method in the background
On 6/8/06 10:10 AM, Nic Appleby wrote: I have a php web script which communicates with a server using sockets. There is a method in which the client listens for messages from the server, and this blocks the client. I need a way to 'fork' a process or to get this method to run in the background so that i can process user input while not interrupting the protocol. Have you looked at pcntl_fork()? http://www.php.net/pcntl-fork -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Pear DB and memcached
On 6/6/06 9:55 AM, Ruben Rubio Rey wrote: Im having a trouble using memcached with pear db. When im using memcache to store and retrieve an string, all works fine. When Im using memcache to store a pear db resulset, it does not work!! This retrieves data but pear::db does not understand it. I really dont know This is because $db->query returns a resource, which is a reference to the data and not the data itself. For example, let's say you're using the MySQL driver for PEAR::DB, then when you call $db->query(), it uses mysql_query(). This function will return a resource. When you store the resource to the memcache server and then later retrieve it, it no longer maintains its reference to the data. If you want to store the data to the cache, I suggest you use getAll() to retrieve an array of data and then store that to the memcache server: $db->setFetchMode(DB_FETCHMODE_ASSOC); $data =& $db->getAll($sSQL); memcache_set($MEMCACHE_STR, MD5($sSQL), $data, 0, 10); Now, your result set is stored properly on the memcache server. -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Filtering and Escaping (Was: Select and $_POST)
On 11/14/05 3:38 PM, Richard Lynch wrote: Perhaps one should use: $_ICLEAN $_OCLEAN for Input and Output. $kosher = '/[^A-Za-z0-9\\',\\.-]/'; $_ICLEAN['first_name'] = preg_replace($kosher, '', $_GET['first_name']; /* more code */ $_OCLEAN['first_name'] = htmlentities($_ICLEAN['first_name']); echo "$_OCLEAN[first_name] is way smarter than me.\n"; If you had anything other than $_OCLEAN in an echo and friends, then you would know you were screwing up. I don't like $_OCLEAN primarily because I like Chris's suggestion of using an output array that is named according to where the data is going, so $url, $sql, $html, etc. But, with that in mind, it wouldn't be too hard to use $_OCLEAN['url'], $_OCLEAN['sql'], and $_OCLEAN['html'] as arrays within the $_OCLEAN array. -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Select and $_POST
On 11/10/05 4:48 PM, Richard Lynch wrote: Here's an idea... Quite possibly half-baked. Suppose PHP had a superglobal $_CLEAN which was an empty array. Further suppose it was documented in the manual as *the* place to put your scrubbed data. This rather small and hopefully inexpensive change (in terms of PHP Dev/Docs team work) would quite possibly improve scripts by newbies, simply by nudging them in the proper direction, because it would be a documented feature, and it would have all the nifty cross-links in the manual and all that. It would also help to keep code cleaner to have $_CLEAN be a superglobal rather than just something I made up and have to declare as "global" all the time. Comments? Suggestions? Derogatory remarks? There is an Input Filter PECL extension that's still in beta, and I think it's a good step, though I'm not so sure about some of the sanitizing it performs. It doesn't offer the superglobal you're suggesting, but it probably wouldn't be too difficult to put it in there. The only issue I see with building in a superglobal to the language (or this extension) is that it doesn't force the user to instantiate the empty array at the top of the script. This could make for a lazy developer, and, if s/he's not careful, anyone running the application on a machine in which register_globals is turned on would run the risk of having a potentially tainted $_CLEAN array, which defeats the purpose of the clean array altogether. The point is that the developer should be able to trust the data in $clean. If PHP had a taint mode and didn't have register_globals, then we'd be making some progress. -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Richard Lynch's Email Address ...
On 11/9/05 7:20 PM, GamblerZG wrote: James Benson wrote: Would it not be better something like valid_email() email_validate()? Anyway, I agree that PHP needs such function. Check out http://pecl.php.net/package/filter I've been playing around with this for a while, and it should be noted that it's still in beta and should not be used in a production environment, but it's a promising step. The e-mail regex that's used isn't perfect, and it won't support RFC-compliant addresses, but I hope to put a little bit of work into it to help out with this. In the meantime, check out PEAR::Mail, which includes Mail_RFC822 that can be used to validate e-mail addresses. Also, if your PHP is compiled --with-imap, then you can use imap_rfc822_parse_adrlist() to validate e-mail addresses. -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Select and $_POST
On 11/9/05 6:21 PM, Ross wrote: What is the correct syntax for $query = "SELECT * FROM login where username='$_POST['username']' AND pass ='$_POST['pass']'"; Thought this would work. R. The correct syntax in this case is actually: $query = "SELECT * FROM login where username='{$_POST['username']}' AND pass='{$_POST['pass']}'"; Note the curly braces. BUT! Never do this! For example, consider if someone typed in their username like this: foo' AND 1=1 -- The "--" in most database engines starts a comment, so the query would end up being: SELECT * FROM login where username='foo' AND 1=1 --' AND pass='' Everything after the "--" is ignored. There doesn't have to be a user named "foo" because 1 will always equal 1, so the user is instantly logged in. Instead, filter your input (data received) and escape your output (in this case, data going to the database), and try something like this: $query = "SELECT * FROM login where username='{$sql['username']}' AND pass='{$sql['pass']}'"; ?> Everything in $_POST should be treated as tainted data. Everything in $clean can be treated as valid and untainted. This ensures that the username and password received only contain values that you expect. You can modify the filtering to suit your needs. Then, it ensures that data sent to the database in the SQL statement is always escaped so that it doesn't try to do something it shouldn't. This, of course, assumes you're using MySQL, but there are other escaping functions for other databases. Just look in the PHP manual. -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Unable to send variables to MySQL table
On 11/9/05 2:15 PM, Stewart Priest wrote: Comment out the mysql_query() line and just echo $add_to_db. Then take the echoed line and try to run it against the database. Does it still work, then? -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] java .vs php
On 11/9/05 11:58 AM, Rosty Kerei wrote: Yahoo gets 3.4 billion page views per day. That serious enough for you? I can't believe that Yahoo! works on PHP. Any proofs? As I know they use their own-written engine, if I'm correct it's called "yScript". Am I right? Try here for your "proof": http://public.yahoo.com/~radwin/talks/php-at-yahoo-zend2005.pdf -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Session's across Domains...
On 11/9/05 11:05 AM, Tony Di Croce wrote: If the shopping cart on site A submits to the secure CC processing page on site B, then the contextual data that describes the order (price, order number) was actually communicated from A to B via a hop at the users browser (likely via a hidden form field on site A). Thus it would need to be encrypted and urlencoded (otherwise anyone could hit "View Source" and see it all in plain text). Is the price and order number sensitive enough to encrypt? Like we've already discussed, the order number will be considered invalid once it's been processed, so any subsequent attempts to use the order number will result in a failed transaction. If the order number includes sensitive information, however (such as the full credit card number or something), then you should rethink how you create your order numbers. You also don't need to urlencode anything in a form field. When you submit the form, the browser handles the urlencoding for you. (If you were POSTing from a script, then, yes, you might need to urlencode it.) As for the other question about POSTing on a redirect, it is possible through several different means, and if this is a route you want to take, I would suggest looking at PEAR::HTTP_Request, since it provides an easy to use API for this. I, however, don't think you'll need to do this (at least it doesn't sound like something that's necessary given what I know about your form). -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Session's across Domains...
I'm posting this back to the list to keep the conversation there. I hope you don't mind. My comments are at the bottom . . . On 11/9/05 10:10 AM, Tony Di Croce wrote: The reason I even wanted to do this had more to do with sharing some data between two sites, and less with really maintaining a login. It occured to me that I need not "share sessions" at all. Instead, all of the data B needs could simply be encrypted by A and sent in a post field. Now, this does bring up the problem that someone could sniff this packet, capture this encrypted packet, and use it to authenticate themselves on B. They never had to decrypt it, just capture from A, and send to B at their leisure... Let me give some background here on exactly what I'm doing, as it may clear things up a bit. B is a secure page, with a CC info form that when submitted will process their card, charging the amount of money passed in the encrypted packet, and if the charge succeeds, redirecting back to A. A would probably need to send an order number to B, and B could pass that back to A upon success or failure. All of this is to get around the Apache limitation of allowing only one virtual host to use SSL. Anyhow, B could keep track of all of the order numbers it was sent by A, and if it was re-sent a duplicate could simply deny the whole transaction. Thus, if someone sniffed my encrypted "data burrito", and attempted to re-use it to gain access to B, they would fail, since B will only allow that burrito ONCE. Perhaps these order numbers could be GUID's. How does this sound? I think someone else here could probably offer some better advice, but here's what I would do. I would definitely use SSL when dealing with CC data, but I don't think there's an Apache limitation that restricts the use of SSL to one host. There is a limitation that restricts the use of an SSL certificate to one host, so, if you had two certificates, both hosts could use SSL sockets, but I don't think that's what you need here. (You could still use the same certificate across multiple hosts, but then the user is going to be prompted in the browser whether or no to allow the certificate to be used, and this is generally not a good idea.) What you need to do is ensure that your FORM action on domain A (the unsecured domain) is POSTing to https://domain-b.org. Note the usage of HTTPS. This will ensure that the data is sent along the secure channel and not in clear text. You don't need to perform any encryption, since SSL takes care of that for you. Then, B could simply redirect back to A after processing the order and pass the order number through the query string (since it's probably not very sensitive). Does this answer your question? And, yeah, denying used order numbers would be a good idea. -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Using the echo tag...
On 11/9/05 10:03 AM, Paul Williams wrote: So would it be acceptable if I used curly braces on all variables (whether superglobals or not) in a here document? Yes. -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Using the echo tag...
On 11/9/05 9:51 AM, Paul Williams wrote: Alright cool that one worked. Do I have to include the curly braces in all calls to variables or just the superglobals? It's not a superglobal issue; it's an array issue -- or, rather, it's an issue with using quotation marks. You could have also done it this way: $_SERVER[PHP_SELF] EOF; ?> Personally, I put curly braces around all interpolated variables because it makes it easier for me to read and see the variables, but this is really up to user preference. -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Using the echo tag...
On 11/9/05 9:45 AM, Paul Williams wrote: $_SERVER['PHP_SELF'] EOF; ?> Try it with curly braces: {$_SERVER['PHP_SELF']} EOF; ?> -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Session's across Domains...
On 11/8/05 11:52 PM, Chris Shiflett wrote: When I've provided this feature in the past, I've always taken advantage of launch and landing pages - e.g., users could only get to the other domain and still be logged in if they clicked a link from my application, and those links all go through a launch page. This page takes care of generating whatever data I plan to send to the remote domain (including the URL that the user wants to visit) and redirecting the user to the landing page at that domain. With servers synchronized with ntpd, this lets you close the window of opportunity down to just a few seconds, strengthening the technique. I spoke to Chris a little further about this last night (so I'm crediting him with this), and I've noticed he hasn't responded, so I'm doing so. He said that, since the domains are on the same machine, it's relatively easy for them to share the same session id (something I wasn't disputing), and he offered a solution to mitigate exposure of the session id: a temporary token. Instead of passing the session id, create a randomly generated session token that is only valid for, say, 2 to 5 minutes. On the server, you can specify to which session the token corresponds, but you never reveal this to the client. You only reveal the token. Since it's only valid for a very small window of time, then, even if it is sniffed or appended to a URL (like in the linking examples I was giving), it won't allow others to use it to log in because it will have already expired. This alleviates the exposure issues I was discussing. Hope this helps. -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Type of form element
On 11/8/05 11:52 PM, Ben Ramsey wrote: I know this is off-topic for this thread, but just as I see isset() misused (as in this case), I often see empty() misused. For example, when using empty(), the following all return TRUE: On second thought, "misused" is the wrong word. I mean "misunderstood." -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Type of form element
On 11/8/05 11:38 PM, Richard Lynch wrote: If you want to stuff NULL into something, and then use is_null() that makes sense. If you want to stuff NULL in there, and then use isset(), I'm not quite sure why you'd put NULL in there in the first place, but I don't rightly know what I'd expect isset() to return. Same for $a or $myarray['a'] I know this is off-topic for this thread, but just as I see isset() misused (as in this case), I often see empty() misused. For example, when using empty(), the following all return TRUE: $a = 0; $b = NULL; $c = FALSE; $d = "0"; var_dump(empty($a)); var_dump(empty($b)); var_dump(empty($c)); var_dump(empty($d)); But, hey, is the value of the variable really empty (especially for $a and $d)? Likewise, if you're encountering a NULL value in a variable and you're checking it with isset(), then you need to consider why you're even getting a NULL value? You should filter your variables before you use them--even variables coming from $_SERVER. Remember, $_SERVER variables can be overwritten: $_SERVER['SERVER_NAME'] = 'Howdy Doody'; echo $_SERVER['SERVER_NAME']; So, make sure they're what you expect them to be. -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Session's across Domains...
On 11/8/05 10:27 PM, Tony Di Croce wrote: The sites are both physically located on the same machine. What if I encrypt the session_id, and put it in a "hidden" text input box in a form, that is delivered via POST to the other site. This way, the session id is passed, but it is encrypted? To me, it's not a question of whether the sites are physically located on the same machine, and it's not a question of encrypting the session id. Anyone who even knows the encrypted session id could then POST it to the form in a replay attack, authenticating themselves as the intended user. Also, hidden form fields aren't really "hidden." For me, it's a question of practice. I would not attempt to share a session across to different domains. Even large sites (such as Yahoo) don't seem to do this. Yahoo appears to maintain sessions across its subdomains, and, for this reason, all Yahoo images are served from a completely separate domain (yimg.com). None of the images served from yimg.com contain the cookie headers associated with yahoo.com (and, thus, they are not associated with any user sessions). There are two reasons (I know of) for doing this: 1) bandwidth (less data passing across the HTTP headers), and 2) it prevents CSRF attacks on Yahoo user accounts that could occur by attackers serving images from a yahoo.com domain on other sites. I do know that Yahoo owns Flickr now, and I know that you are able to log into Flickr with your Yahoo account, but you cannot log into Yahoo! Mail and then go to Flickr and expect to be logged in. You must also authenticate yourself with Flickr. Now, you may notice and be tempted to point out that, when you authenticate yourself on Flickr with your Yahoo id, you are doing so from login.yahoo.com. This may be so, but Yahoo then passes some long "obfuscated" hash back to Flickr, where, I believe, Flickr is actually setting the session rather than sharing a session from Yahoo (someone else may correct me on this). This hash, however, is none other than a base64 encoded string that can be decoded like so: echo urldecode(base64_decode($var)); This does not, however, include your password information, or, if it does, it's even more securely encrypted in the values that you see when you decode it (as shown above). Neverthess, I could potentially (if I were stupid) paste the full Flickr URL to which Yahoo redirects me here and everyone of you would have immediate access to my Flickr account. Thankfully, it all happens in the background, so the normal user would never see this URL in their browser--it's all part of the HTTP Location headers redirecting them around. (Still not wholly secure, as I was able to see it and grab it, but it's more secure than exposing the URL to the user in the browser.) Still, I don't think Flickr is sharing the Yahoo session; it is, however, sharing the database information, I imagine. So, I say all that to say this: I just don't think it's a good practice to share sessions across two different domains. If you must share profile information, then (in my opinion) require authentication and a separate session on the second domain. Otherwise, use a subdomain to share sessions. -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Register Globals
On 11/8/05 10:20 PM, Richard Lynch wrote: I change this line to: mail($to, stripslashes($_POST["subject"]), wordwrap($_POST["message"], 60), "From: $_POST["from"]\r\n"); "From: $_POST[from]\r\n" No quotes. No apostrophes. Nothin but index. You can also use curly braces: "From: {$_POST["from"]}\r\n" -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Session's across Domains...
On 11/8/05 9:32 PM, Richard Lynch wrote: Call me crazy, but the session_id is already going in/out through Cookie headers. So, really, it's not THAT much less secure for it to go in POST, and only nominally less secure to go in GET, is it?... Okay, you're crazy. ;-) j/k [Hey, Richard!] Yeah, it's going out through the Cookie headers, so a POST (in this case would be no less secure than sending it through the Cookie). A sniffer is a sniffer is a sniffer, as they say--or something like that. I was thinking more of a GET request to the other domain, which would require passing the session id through the querystring. Like you said, it's probably nominally less secure, but there's more chance for exposure. With Cookie and POST, the attacker would basically need to sniff for the person's session id in order to hijack it, but when you pass the session id through the querystring, users are prone to bookmark the page, send the link to friends, post the link to a Web site, etc., all the while exposing their session, and, in essence, forcing every user to use their session. This actually performs two kinds of attacks: session fixation and session hijacking. It's fixation because the user is forcing everyone to use the same session ID (even though they don't know they're doing this) and it can lead to session hijacking by people who know what's going on. There are ways to prevent this, such as always requiring authentication (by logging in) before performing a sensitive action and always generating a new session ID when a user logs in, but I think it's just as important to mitigate these types of attacks by reducing the exposure of the session ID as much as possible. Now, even on the other domain (domain B), it becomes difficult to know for sure that the user using the session is the proper user (from domain A). Sure, you can check the IP and an assortment of the headers the browser sends to get an idea about whether the user is the same one from the session on domain A, but I think it just makes sense to force the user to authenticate themselves again (assuming that we're talking about authenticated users). This ensures that the user using that session is the proper user, but, at this point, we can just create another session for domain B and not even worry about sharing the session. I guess some kind of cross-site scripting hack might read HTML but not Cookies, though, really, you'd think most XSS hacks would focus on cookies at least as much as HTML source... There is some argument in favor of not sending/getting the session_id back and forth AS MUCH just to give it a more fleeting existence on the wire for snoopers, but the difference between COOKIE/POST/GET data integrity/security from snooping seems negligible to this naive user. Maybe this is just a knee-jerk reaction to all the mis-information about POST being "more secure" than GET that floats all over the 'net. :-) Indeed, neither are secure, but GET increases the risk of exposure. [Hi Ben!] -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Session's across Domains...
On 11/8/05 7:50 PM, Tony Di Croce wrote: I have a server with a few virtual hosts. All of my scripts use "session_start()", and $_SESSION[] to share data between invocations of different scripts. The problem I'm having is that if a form on site A submits to a script on site B the values stashed in $_SESSION[] appear to be lost... Should this work? If not, then what alternatives exist? I suppose I could pass the session id as a POST argument to the site B script (and theirs probably a method in PHP that given a session_id() makes available all of that sessions $_SESSION[] variables) but is that the best way? This won't work due to obvious security reasons. A session cannot be shared across two domains, nor can cookies (though cookies can be shared across subdomains of the same domain). I think the approach here will need to err on the site of caution. You don't want to pass the session identifier through the URL (or POST) too much because it risks exposure and the possibility for session hijacking, though it should be possible to do this and grab the session information for the session id from the directory where sessions are stored (often times this is in /tmp). I would advise against this for reasons I've already mentioned. Instead, as I said, err on the side of caution here by annoying your users just a little bit. Here's what I mean: the multiple virtual hosts can share the same authentication/user profile database. Thus, users can log into each individual host and access the same profile. So, you'll need to authenticate the user when they visit a new host. This may be a decrease in usability, but it's an increase in security. For more information about sessions, read the manual: http://www.php.net/session -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Parsing MS-WORD docs
zzapper wrote: On Wed, September 7, 2005 7:39 am, Shafiq Rehman wrote: Hello, I want to parse the .doc files with PHP. Anybody have some idea regarding this problem. Your help regarding this matter is really appreciated Also consider antiword And also: wvWare: http://wvware.sourceforge.net/ Word2x: http://word2x.sourceforge.net/ -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Deadlock with session handling code?
The following message is from a co-worker. I'm passing it along as a favor. Any help would be greatly appreciated since we're both somewhat stuck with no clue how to proceed with this. Thanks, Ben Ramsey I'm having a major problem with my PHP scripts getting stuck on one of our production servers. The system runs normally for a while, but after some time, certain httpd processed get wedged. This causes the server to spawn more httpd processes, but those eventually get stuck too, and the whole mess shuts down once we reach MaxServers. Without knowing too much about PHP, this appears to be related to some sort of deadlock in the session handling code. The problem seems to occur regardless of which script is being used, but I admittedly cannot figure out how to reproduce it. It only seems to occur when the system gets under heavy load, though. (The Red Cross linked to our site this morning to help collect volunteers for the hurricane relief effort, and that caused the server to die in short order. :-( ) We're using Apache 2.0.46-RH (prefork MPM) and PHP 4.3.2 (RedHat pl23). Unfortunately, we are running in a managed hosting environment, so we cannot easily change Apache or PHP versions. I was able to attach a GDB process to one of the running Apaches, and I found the following stack trace. Unfortunately, it couldn't figure out how to find the symbols (see above comment about the managed hosting environment), but there were a few useful tidbits: (gdb) bt #0 0x0042b291 in flock () from /lib/tls/libc.so.6 #1 0x010c23de in zm_info_session () from /etc/httpd/modules/libphp4.so #2 0x0002 in ?? () #3 0x0180 in ?? () #4 0x094919cc in ?? () #5 0x09273220 in ?? () #6 0xbfffa5a4 in ?? () #7 0xbfffa594 in ?? () #8 0xbfffa110 in ?? () #9 0x094107f4 in ?? () #10 0x093f32cf in ?? () #11 0x0001 in ?? () #12 0xbfffa120 in ?? () #13 0x706d742f in ?? () #14 0x7365732f in ?? () #15 0x32645f73 in ?? () #16 0x63393966 in ?? () #17 0x62393063 in ?? () #18 0x37663530 in ?? () #19 0x38643466 in ?? () #20 0x34353166 in ?? () #21 0x32366630 in ?? () #22 0x33663961 in ?? () #23 0x3965 in ?? () #24 0x011f9003 in ?? () from /etc/httpd/modules/libphp4.so #25 0xb5650760 in ?? () #26 0xb5650758 in ?? () #27 0xbfffa198 in ?? () #28 0xbfffa594 in ?? () #29 0x in ?? () I poked around in the PHP code until I found the zm_info_session function in the session handler. I didn't see how that function could be related, but I noticed an associated flock() call in the files module. On that hunch, I then decided to see what I could find with lsof: /usr/sbin/lsof | sort -k 9 | grep sess httpd 15498 apache 81uW REG104,5 172917162 /tmp/sess_d2f99cc09b05f7f4d8f1540f62a9f3e9 httpd 15594 apache 81u REG104,5 172917162 /tmp/sess_d2f99cc09b05f7f4d8f1540f62a9f3e9 httpd 15728 apache 81u REG104,5 172917162 /tmp/sess_d2f99cc09b05f7f4d8f1540f62a9f3e9 httpd 15934 apache 81u REG104,5 172917162 /tmp/sess_d2f99cc09b05f7f4d8f1540f62a9f3e9 httpd 15955 apache 81u REG104,5 172917162 /tmp/sess_d2f99cc09b05f7f4d8f1540f62a9f3e9 httpd 15957 apache 81u REG104,5 172917162 /tmp/sess_d2f99cc09b05f7f4d8f1540f62a9f3e9 httpd 15959 apache 81u REG104,5 172917162 /tmp/sess_d2f99cc09b05f7f4d8f1540f62a9f3e9 httpd 15982 apache 81u REG104,5 172917162 /tmp/sess_d2f99cc09b05f7f4d8f1540f62a9f3e9 httpd 16071 apache 81u REG104,5 172917162 /tmp/sess_d2f99cc09b05f7f4d8f1540f62a9f3e9 httpd 16072 apache 81u REG104,5 172917162 /tmp/sess_d2f99cc09b05f7f4d8f1540f62a9f3e9 [... many, many httpd processes later ...] httpd 16368 apache 81u REG104,5 172917162 /tmp/sess_d2f99cc09b05f7f4d8f1540f62a9f3e9 httpd 16372 apache 81u REG104,5 172917162 /tmp/sess_d2f99cc09b05f7f4d8f1540f62a9f3e9 httpd 16373 apache 81u REG104,5 172917162 /tmp/sess_d2f99cc09b05f7f4d8f1540f62a9f3e9 httpd 16375 apache 81u REG104,5 172917162 /tmp/sess_d2f99cc09b05f7f4d8f1540f62a9f3e9 httpd 16376 apache 81u REG104,5 172917162 /tmp/sess_d2f99cc09b05f7f4d8f1540f62a9f3e9 Aha! The "81uW" appears to tell us that PID 15498 has an exclusive write lock on the entire file, and that the other httpd processes have read or write locks of some length. All of these processes *stayed* in this state for a very long time. As an experiment, I tried killing PID 15498, but it just moved the "W" lock to some other process within the group, per lsof. Nonetheless, it seemed like all of the processes were waiting for something. In one other case, later in the day, I found a situation where the processes also seemed to be in the same state. It hadn't gotten to the point where it killed the machine, but I saw a
Re: [PHP] Re: PHP MySQL insert
Please always reply to the list so that others can benefit from the exchange. As it happens, I'm not exactly very knowledgeable about character sets, so someone on the list may be able to offer more help with regard to the problem you're experiencing. -Ben areguera wrote: On 8/19/05, Ben Ramsey <[EMAIL PROTECTED]> wrote: Alain Reguera Delgado wrote: you could try: 1. get all form variables into an array fine 2. validate values Good, but do this step as you put the values into a separate array, don't put all the values into the array first and then validate them later... make sure the input received is input expected and then save only the input to the array that passes the validation/filtering tests yes .. that's much better .. :) 3. convert all values into entities using htmlentities() Why do you want to do this before saving to the database? Ben, I got some troubles when moving database from one server to another, all Latin characters disappear, and the info turns a mess. Thought for a moment a server's language configuration setting. I was wondering by days to take this way, I thought if someone else wants the application and occurs the same because his configuration is not like mine. Then that solution came to me. Felt no matter what version or configuration of mysql or other db is used or what latin char is inserted, the data always be there for the web, in the language it speaks. This step has absolutely no bearing on preparing the statement for insertion into a database. It won't protect against SQL injection. Also, you will never be able to do anything with this data other than use it for HTML output (unless you try to reverse the entities, which seems like an awful lot of work to me). yes, I don't like either...its not flexible. It's best to save the raw data as entered and escape it (with htmlentities() or something else) ONLY on output. that was the first way I used to go... but after that problem, I am not sure As I mentioned in my last post to this thread, the best way to escape a string for insertion into a database (and protect against SQL injection) is to use the escape function for the particular database -- mysql_real_escape_string() in this case. You should never use htmlentities() to escape data before saving it to a database. Do that only after you've pulled data from the database and are outputting it somewhere (like on a Web page). 4. build sql query (do some tests 'til get it right) 5. execute the built query (with proper db function) by now, commas aren't a problem, they are limited between sql query's quotes. If some quotes are inserted as value they are previously converted to its entities and do not break the sql query. This is why you use mysql_real_escape_string(), etc. -- not htmlentities(). as previously said in this thread, the problem is on quoting and maybe on converting the values to entities, to prevent some quote break the sql structure. You don't need to convert the values to HTML entities when saving to a database. That's not going to prevent this problem. could you suggest something about Latin characters and portability?. Thanks for your time Ben. I am new in the list and in php too. Thanks for your answers. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: PHP MySQL insert
Alain Reguera Delgado wrote: you could try: 1. get all form variables into an array fine 2. validate values Good, but do this step as you put the values into a separate array, don't put all the values into the array first and then validate them later... make sure the input received is input expected and then save only the input to the array that passes the validation/filtering tests 3. convert all values into entities using htmlentities() Why do you want to do this before saving to the database? This step has absolutely no bearing on preparing the statement for insertion into a database. It won't protect against SQL injection. Also, you will never be able to do anything with this data other than use it for HTML output (unless you try to reverse the entities, which seems like an awful lot of work to me). It's best to save the raw data as entered and escape it (with htmlentities() or something else) ONLY on output. As I mentioned in my last post to this thread, the best way to escape a string for insertion into a database (and protect against SQL injection) is to use the escape function for the particular database -- mysql_real_escape_string() in this case. You should never use htmlentities() to escape data before saving it to a database. Do that only after you've pulled data from the database and are outputting it somewhere (like on a Web page). 4. build sql query (do some tests 'til get it right) 5. execute the built query (with proper db function) by now, commas aren't a problem, they are limited between sql query's quotes. If some quotes are inserted as value they are previously converted to its entities and do not break the sql query. This is why you use mysql_real_escape_string(), etc. -- not htmlentities(). as previously said in this thread, the problem is on quoting and maybe on converting the values to entities, to prevent some quote break the sql structure. You don't need to convert the values to HTML entities when saving to a database. That's not going to prevent this problem. -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Custom session handling - bad or good idea?
GamblerZG wrote: I'm not speaking about "session_set_save_handler", I'm considering writing session handler from scratch. Is it a bad idea? If so, why? I'm not going to say yes or no because I think it depends on your reasons, as someone else has already said, but I will point you to George Schlossnagle's _Advanced PHP Programming_ book. Take a look at pages 564 through 568. He talks about writing a custom session handler in C. -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: php cli script with if-then's very slow
Frans Fierens wrote: I've noticed that php cli scripts using for-loops with some if...then's are very slow using the php cli (command line interface). The following php script takes somewhat 100 seconds (php v5.0.3 on a redhat linux, 3 Ghz PC). The same program in c (see below) less than 1 second ... I know that php is a scripting language, but isn't the difference between de c compiled prog and de php script not very extreme ? The difference in the code isn't extreme, but the difference in the way it's processed is. C is compiled down to machine code and then executed at a later time. When you execute it, you are executing the compiled code that the machine natively understands. PHP, on the otherhand, is not compiled and has to be interpreted by the PHP engine each time it is run. This is, naturally, going to make it slower than C. -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: PHP MySQL insert
Dan Baker wrote: You are looking for the "addslashes" function. It prepares data for database querys: Better yet, don't use addslashes(). Use the escaping function that is specific to the database you're using. In this case, it's mysql_real_escape_string(). This is much better than using addslashes() because it takes into account the current character set of the database connection. http://www.php.net/mysql_real_escape_string Also, you will need to use the "removeslashes" function when you get data from a query. If you properly store data to a database, you should never have to use the stripslashes() function. Using stripslashes() will remove slashes that were intended to be in the output. Hint: turn off magic_quotes_gpc. -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Catching all errors and redirecting
Thomas Hochstetter wrote: Is it possible to catch all parser errors (notices), and as that happens redirecting to a 'sorry-page-not-available-at-this-moment' page, whilst storing the error (or notice) message somewhere else (e.g. emailing it to the developer). See set_error_handler() http://www.php.net/set_error_handler -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: date field
In PHP, you could do something like: $updated = strtotime($db_result['updated']); $one_year_ago = strtotime('-1 year'); if ($updated < $one_year_ago) { // updated date is older than a year ago } John Taylor-Johnston wrote: I have a field 'updated' How can I tell if the date is older than 1 year ago (or should I think of 365 days)? `updated` date NOT NULL default '1999-12-12' I've looked at: http://ca3.php.net/manual/en/function.getdate.php Thanks, John -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] reading PDF's
Is it possible to read text from a PDF file with PHP? How? There may be a free one, or even an OpenSource one, but I've never heard of it, possibly because they'd have to pay a license to Adobe (Macromedia this week?) to be legal... Free (as in beer): http://sourceforge.net/projects/pdfcreator/ It's built on top of Ghostscript... which AFAIK does most of the heavy lifting. Several licensing options too. This doesn't appear to read text from a PDF but, rather, create the PDF from text. Another, easy way to create PDFs with PHP is to use PDML: http://pdml.sourceforge.net/ As for reading the text from a PDF, maybe there's some sort of OCR library for PHP out there, but I don't know about it. It'd be a great thing to see, though. -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] shared library in php
Josip Dzolonga wrote: If you have NONE of those, you probably are trying to violate some kind of license. Don't do that. :-v Do not pay, to some reverse engineering :-) s/to/do , damn keyboard :) Which is obviously illegal if the shared library has a license that states he cannot do that. We don't want to promote illegal activities on this mailing list. :-) -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Is the syntax correct?
Labunski wrote: Is the syntax correct? (in connection with $order) : Nope. You need some semicolons (;). So, these would become: $order = "DESC"; $order = "ASC"; switch ($page) { case "news": $order = "DESC" break; case "articles": $order = "ASC" break; } mysql_query(" SELECT * FROM data ORDER BY id $order "); The rest of it looks fine to me. -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Can't Delete File Using Unlink
John Nichel wrote: b) Paths in the MS world are with the backslash (\) and not the forward slash (/) Windows NT onward (XP, 2003, etc.) should understand both the forward slash and the backslash in a file path. -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Can't Delete File Using Unlink
Ahmed Abdel-Aliem wrote: chmod("files/".$this->File_Name, 777); I'm not really sure how chmod() works on Windows. Someone else here may be able to answer that. However, I do know that chmod() expects an octal as the second argument, so you must prefix that 777 with a 0. It should be: chmod("files/".$this->File_Name, 0777); See here for more info: http://us2.php.net/chmod Like I said, I'm not sure whether this is the cause of the problem, but give it a shot and see what happens. :-) -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Can't Delete File Using Unlink
Ahmed Abdel-Aliem wrote: On Apr 11, 2005 8:28 PM, Ben Ramsey <[EMAIL PROTECTED]> wrote: Ahmed Abdel-Aliem wrote: i have a problem with deleting files, i use windows XP and installed on it apache server & PHP 5.1 i use unlink($file) to delete files but it doesn't work while it works fine on my webhosting which is on linux machine is there another function to use to delete files under windows instead of link ?? The webserver needs to have permission to modify the file that you are trying to delete. Check the file and directory permissions by right-clicking the directory and going to properties. You will probably need to give the user that controls apache either "full" or "modify" permissions to the Web directory. In general, permission settings under Windows suck. i tried that, when a file is being uploaded it becomes read-only, so it can't be deleted, how can i make it not read-only by default ? Can you post the code you're using to upload and save the file to the Web server? -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Can't Delete File Using Unlink
Ahmed Abdel-Aliem wrote: i have a problem with deleting files, i use windows XP and installed on it apache server & PHP 5.1 i use unlink($file) to delete files but it doesn't work while it works fine on my webhosting which is on linux machine is there another function to use to delete files under windows instead of link ?? The webserver needs to have permission to modify the file that you are trying to delete. Check the file and directory permissions by right-clicking the directory and going to properties. You will probably need to give the user that controls apache either "full" or "modify" permissions to the Web directory. In general, permission settings under Windows suck. -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: shared library in php
Angelo Ayres Camargo wrote: Hello, I have a shared library and i would like very much to use it in php. Do i have to do anything or i can just dl it and use? Angelo Without knowing what the shared library is that you're trying to use, there's not much I can say. It may be that PECL already has the extension you're looking for. If it's a library you created and you want to use it as a PHP extension, take a look at the PHP manual, particularly the section on creating extensions: http://www.php.net/manual/en/zend.creating.php -- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: php rich text editors
DuSTiN KRySaK wrote: Can anyone refer me to anything that will work with PHP? Just need it for a blog type application. FCKEditor works well, has a PHP version, and is cross-browser: http://www.fckeditor.net/ -- Ben Ramsey Zend Certified Engineer http://benramsey.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: mail problem at interland
David Edwards wrote: Hi, I have a fairly simple script written that uses the mail() function on a client site hosted at Interland. I have used a similar script quite a few times before with no problem. However although the script generates no errors, no emails appear at their intended destination. Interland support has not been that helpful and they did suggest I try the '-f' option in the header. That did not work either. Has anyone seen this before, I am running out of ideas. The mail portion of the script is below: $headers .= "MIME-Version: 1.0\n"; $headers .= "Content-type: text/plain; charset=iso-8859-1\n"; $headers .= "X-Priority: 1\n"; $headers .= "X-MSMail-Priority: High\n"; $headers .= "X-Mailer: php\n"; $headers .= "From: $emailfrom\n"; $mailsent = mail($emailto, $subject, $msg, $headers,"-f" . $emailfrom); Any help would be MUCH appreciated. If you haven't solved this yet, try sending it via SMTP instead of using mail(). This will require that you send it by first logging into a valid e-mail account and sending it through a socket. PEAR::Mail <http://pear.php.net/package/Mail> can do all this for you. Take a look at the documentation here: <http://pear.php.net/manual/en/package.mail.mail.intro.php>. -- Ben Ramsey Zend Certified Engineer http://benramsey.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: pcntl_fork doesn't work
John Davin wrote: Isn't there any other way to fork a process? PHP doesn't have thread support? Why isn't pcntl enabled by default? Surely the Windows compatibility isn't an issue, because pcntl could default to enabled in linux but disabled in windows. I'll tell you what I'm trying to do, in case there's another way to do it: I have a logging script which does a gethostbyaddr to obtain the hostname of the visitor to my site. But gethostbyaddr can take long or time out on some IP's, so I want to fork it so that the original script can terminate and not prevent the webpage from loading. I could run a background job which periodically does the gethostbyaddr on the IP's stored on disk, but that's sort of a hack, and is more complicated than if I could fork. Sounds like passthru() might do what you want <http://us3.php.net/passthru>. Take a look at that manual page and read the first note about leaving the program running in the background. -- Ben Ramsey Zend Certified Engineer http://benramsey.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: pcntl_fork doesn't work
John Davin wrote: The manual says pcntl is present in php >= 4.1.0. I have 4.3.10, just the standard installation included on fedora core 3. Why wouldn't pcntl be working? Is there any other way for me to fork a process or thread? Take a look at http://www.php.net/pcntl. If you're using the standard installation of PHP on FC3, then it won't have pcntl enabled with --enable-pcntl because it's not enabled by default. You will have to recompiled PHP with this feature. -- Ben Ramsey Zend Certified Engineer http://benramsey.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Fw: Identify which function called another
Lars B. Jensen wrote: Is there any way, I from one function can identify which other function called it, without parameter passing the name manually ? Please don't post twice in an hour if you haven't yet received your answer. With that in mind, I have an answer for you. :-) Use debug_backtrace(): http://www.php.net/debug-backtrace Harry Fuecks has an excellent post on how to use debug_backtrace() here: http://www.sitepoint.com/blog-post-view.php?id=157007 -- Ben Ramsey Zend Certified Engineer http://benramsey.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Checking if
Bruno B B Magalhães wrote: how to determine if the last char of a string is a '/'... The problem, a webpage can be accessed by www.domain.com/page.php or www.domain.com/page.php/ Use substr()... http://www.php.net/substr $url = 'http://example.com/index.php/'; if (strcmp(substr($url, -1), '/') == 0) { // it ends with a '/'; strip it off $url = substr($url, 0, -1); } -- Ben Ramsey Zend Certified Engineer http://benramsey.com --- Atlanta PHP - http://www.atlphp.org/ The Southeast's premier PHP community. --- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Finding the location of an included script
Gadi Cohen wrote: So if I have: include("/path/to/backend.php"); Is there a way from inside of backend.php to return "/path/to" ? Check out the filesystem functions in the PHP manual. You're probably particularly interested in pathinfo() http://www.php.net/pathinfo -- Ben Ramsey Zend Certified Engineer http://benramsey.com --- Atlanta PHP - http://www.atlphp.org/ The Southeast's premier PHP community. --- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Return value in Combo Box
Ahmed Abdel-Aliem wrote: can anyone please tell me how to make the choice the user selected in the combo box be selected when the validation page redirects to the form again ? One way is to do it like this: >Foo >Bar Another option is to use something like PEAR::HTML_QuickForm, which can do the validation for you: <http://pear.php.net/package/HTML_QuickForm> -- Ben Ramsey Zend Certified Engineer http://benramsey.com --- Atlanta PHP - http://www.atlphp.org/ The Southeast's premier PHP community. --- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: apache2 & php stability
Anthony Gauda wrote: I have read at various places on the web that Apache 2 and PHP running as a module isn't recommended for production sites. Does anyone here run PHP 4/5 and Apache2 in a high load production environment with success? If so, whats your configuration? Take a look at the following: http://us2.php.net/install.unix.apache2 http://us2.php.net/manual/en/faq.installation.php#faq.installation.apache2 This might be where you're getting the notion that it's not recommended for production sites. However, the last paragraph in that FAQ states that using "the prefork mpm with Apache 2 to avoid the threading is possible." Any RPM of Apache 2 on RedHat/Fedora systems uses the prefork mpm by default because these systems also ship with the PHP RPMs. I would imagine that many Apache 2 RPMs (or other package types) are configured similarly. I have been running PHP using --with-apxs2 and Apache 2 in production environments without problems. -- Ben Ramsey Zend Certified Engineer http://benramsey.com --- Atlanta PHP - http://www.atlphp.org/ The Southeast's premier PHP community. --- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Why $a +1 is not 02 ??
Labunski wrote: Hello, I have small problem.. $a = 01; echo $a+1; //this will display 2, instead of 02. How to get 02? thanks. Lab. You need to understand how PHP treats integers. It can never start an integer with a zero unless it's an octal or a hexadecimal number. And PHP will not hesitate to parse a string as an integer. For example, even if you had $a = "01" (clearly "01" is a string), and then did echo $a+1, you would still get 2 since "01" will evaluate to the integer 1. Read more on integers here: http://www.php.net/types.integer Now, to answer your question, just use the str_pad() function: http://www.php.net/str_pad Looks like this: $a = 1; echo str_pad($a+1, 2, "0", STR_PAD_LEFT); This will output "02" as desired. -- Ben Ramsey Zend Certified Engineer http://benramsey.com --- Atlanta PHP - http://www.atlphp.org/ The Southeast's premier PHP community. --- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: probably stupid, but...
You've got some parsing errors going on. Nothing particularly wrong with the logic... $i=1; while ($i<20) { if ($_POST[book_title_$i]' != "") change the if statement to: if ($_POST["book_title_$i"] != "") The problem you have is that the $_POST var you're referencing, first of all, isn't included in quotation marks, so the code probably thinks it's a constant that's not defined. Second of all, because it's not included in quotation marks, it's having problems with adding the $i var to the end of the POST var name. You could also do: $_POST['book_title_' . $i] and achieve the same effect. Lastly, what's that single quotation mark doing in there? Get rid of it. { INSERT INTO `curriculum` VALUES ('','$_POST[book_title_$i]','$_POST[book_level_$i]','$_POST[level_grades_$i]','$_POST[book_section_$i]','$_POST[chapter_$i]','$_POST[chapter_title_$i]','$_POST[lesson_title_$i]','$_POST[skill_$i]','$_POST[life_skill_$i]','$_POST[success_indicator_$i]','$_POST[ncscos_$i]','$_POST[subject_$i]','$_POST[pages_$i]','$_POST[c_kit_$i]'); First of all, you're trying to execute a SQL statement, but you're not saving it to a variable, nor are you executing it against any kind of database. So, it's doing nothing. Save it to a variable by doing: $sql = "INSERT INTO ... The next thing you need to worry about is how to get your $_POST variables into the SQL statement. This problem is similar to what you have above. It should look something like this: $sql = "INSERT INTO `curriculum` VALUES ('','" . $_POST['book_title_' . $i] . "','" . $_POST['book_level_' . $i] . "','" . and so on Lastly, you'll need to execute the statement against a database. Turn to the PHP manual for this help: <http://www.php.net/mysql> I would suggest you read up on how variables get processed, as well. <http://www.php.net/variables> $message .= "The entry $i was entered "; $i++; } else { $i++; } } But I get THIS error in the log: [12-Nov-2004 14:59:19] PHP Parse error: parse error, unexpected T_VARIABLE, expecting ']' in /home/public/html/depts/fourh/curriculum_form_post.php on line 19 - How can I go about iterating through the script? or do I just need to write 20 if/else statements and separate inserts? -- Ben Ramsey Zend Certified Engineer http://benramsey.com --- Atlanta PHP - http://www.atlphp.org/ The Southeast's premier PHP community. --- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: session.use_trans_sid
Jon Hill wrote: I have a site that has session.use_trans_sid = 1. It seems that the first time I visit a page when I open up my browser, URLs are getting rewritten even though a cookie IS being set. If I refresh or move on to another page, the problem goes away, i.e. no more session ids appended to URLs. I don't want to turn off trans_sid for this site because I want people to able to use it without cookies being set. When you first hit a page that creates a cookie, the cookie is not accessible to the application until the page is refreshed or you browse to another page in the same domain. This is why the SID is showing up in the URL when you first hit the site. Though the cookie is being saved to the browser, the application cannot yet access it until you browse to another page. Read up on it here: <http://www.php.net/setcookie> In particular: "Cookies will not become visible until the next loading of a page that the cookie should be visible for." -- Ben Ramsey Zend Certified Engineer http://benramsey.com --- Atlanta PHP - http://www.atlphp.org/ The Southeast's premier PHP community. --- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Variable for search results
Stuart Felenstein wrote: --- Ben Ramsey <[EMAIL PROTECTED]> wrote: I'm not exactly sure what the SQL statement you have above is supposed to do, but you could just do something like this: $curdate = date('Y-m-d H:i:s'); $sql = "SELECT * FROM records WHERE '$curdate' <= PostStart;"; I'm having some problems still. I'm trying to work here with a Dreamweaver extension and the code is not clear. Are there are good tutorials around , to learn how to create a database search and results page. Basically there would be about 6 form elements, some list boxes, some text fields. The more criteria that is filled in on the form the more refined the search. Not sure if this is beyond my skill level or not. Beginner. While you may be a beginner and this may be beyond your current skill level, I think it's an excellent exercise for you to learn how to work with both PHP and a SQL database. So, turn to both the PHP manual <http://www.php.net/manual> and some manual on SQL syntax (use the manual for the database you're using). It appears to me that you're relying on Dreamweaver (or the DW extension) to write the code for you, and my advice to you is: don't let Dreamweaver write the code for you; you'll never learn anything that way. Instead, take this as an opportunity to learn how to code in PHP and to learn how to write SQL queries on your own. First off, I'm not sure what database you're working from, so it would help to know that, but I did a quick Google search on "php search tutorial" and found a good many links to tutorials that might help. Here's one in particular that may do the job <http://www.phpbuilder.com/columns/clay19990421.php3> Hope that gets you started. -- Ben Ramsey Zend Certified Engineer http://benramsey.com --- Atlanta PHP - http://www.atlphp.org/ The Southeast's premier PHP community. --- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Variable for search results
Stuart Felenstein wrote: $sql.=sprintf("SELECT * FROM records WHERE Date_Sub(Curdate(), interval day) "$%s" <= PostStart") Yes, you can put the variable in right there. Read up on variables here <http://www.php.net/variables>. I'm not exactly sure what the SQL statement you have above is supposed to do, but you could just do something like this: $curdate = date('Y-m-d H:i:s'); $sql = "SELECT * FROM records WHERE '$curdate' <= PostStart;"; -- Ben Ramsey Zend Certified Engineer http://benramsey.com --- Atlanta PHP - http://www.atlphp.org/ The Southeast's premier PHP community. --- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Search engine : build a new one or use an alreadry existing one ?
Greg Donald wrote: I need to improve my current "search mecanism" but got stuck in a dilema : build one or use an existing engine? I recently put together a large company intranet site search using htdig and a simple php wrapper script: http://www.devshed.com/c/a/PHP/Search-This/ http://www.htdig.org/ I've used the Zoom search engine by Wrensoft <http://www.wrensoft.com/zoom/> with PHP on a Windows system, and it worked well. Also, I've never used it, but I've heard that mnoGoSearch works, well, too. -- Ben Ramsey Zend Certified Engineer http://benramsey.com --- Atlanta PHP - http://www.atlphp.org/ The Southeast's premier PHP community. --- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: PEAR mail
Is this somehow related to the "PEAR mail" thread? I don't see the connection. I think you're trying to ask a new question. When doing so, please don't reply to an existing message in an existing thread (even if you change the subject) because you're new question will become a part of the old thread. ALWAYS start a brand new message; a descriptive subject is also helpful. You'll get a better response and more help this way. Thanks! Jim Wharton wrote: I'm not very familiar with php's drawing abilities. I have found out how to get it to create multipoint polygons. What I am trying to do is implement something along the lines of LOGO. (You know, that old language that told a robotic turtle to draw on the floor) Seriously, I currently have an inherited Java program that takes traverse information (strings that look like this: BAS(L66D24R66U24)) and createds this: Left:66 Down:24 Right: 66 Up:24 and draws it out to the screen. These are building drawings made by field appraisers (for the local property appraisers office). I would really like to drop the Java stuff as I don't really use it. What I would really like to do is somehow turn these strings into coordinates so I can draw them using PHP's polygon function. -- Ben Ramsey Zend Certified Engineer http://benramsey.com --- Atlanta PHP - http://www.atlphp.org/ The Southeast's premier PHP community. --- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: PEAR mail
Marc Serra wrote: $hdrs = array( "From"=> "[EMAIL PROTECTED]", "Cc" => "[EMAIL PROTECTED]" "Subject" => "Tests" ); In your $hdrs array, you're missing a comma separating Cc from Subject. That's probably causing the problem. It should be: $hdrs = array( "From" => "[EMAIL PROTECTED]", "Cc" => "[EMAIL PROTECTED]", "Subject" => "Tests" ); -- Ben Ramsey Zend Certified Engineer http://benramsey.com --- Atlanta PHP - http://www.atlphp.org/ The Southeast's premier PHP community. --- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: PHP - MCRYPT - CBC - IDEA
Frantzcy Paisible wrote: But I've been thru this one, in and out, and it's exactly one of those that say "MCRYPT_IDEA (non-free)" but not more. Have you used mcrypt ? with cbc and IDEA ? Sorry about that. I must have read your message wrong. I have used mcrypt, but not with IDEA or cbc. Are you locked into that particular cipher? Can you not use a different one? (I suppose you can't since all your existing passwords would use the old cipher.) You could continue to use your old Perl script by using exec() or passthru() from PHP to call it, but, then again, your code could end up on thephpwtf.com, opening you to scorn and ridicule from the few who deem themselves worthy enough to criticize everyone's code. Have you checked out libmcrypt, installed it, and tried it? It looks like they've implemented the IDEA algorithm in libmcrypt. I could be wrong, since I've never used it. <http://mcrypt.sourceforge.net/> -- Ben Ramsey Zend Certified Engineer http://benramsey.com --- Atlanta PHP - http://www.atlphp.org/ The Southeast's premier PHP community. --- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: PHP - MCRYPT - CBC - IDEA
Frantzcy Paisible wrote: I'm looking for some information, rearging mcrypt. Now, I've been through the normal channels, I've been going in in cercles. even a simple "Look this way" would help. Look this way: <http://www.php.net/mcrypt> :-) -- Ben Ramsey Zend Certified Engineer http://benramsey.com --- Atlanta PHP - http://www.atlphp.org/ The Southeast's premier PHP community. --- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question: Validation on a text field
Jay Blanchard wrote: [snip] May I ask why you are suggesting this function ? You can use htmlentities() on the information placed [/snip] Because it will convert things like quotes into their HTML counterparts before you place them into the table. If you are reading it back out to a web interface they get properly displayed without any manipulation. http://www.php.net/htmlentities explains a little more in depth. It is one step towards preventing SQL injection and possible other hack attacks. You should also use mysql_real_escape_string() on the data from the client. http://www.php.net/mysql_real_escape_string -- Ben Ramsey Zend Certified Engineer http://benramsey.com --- Atlanta PHP - http://www.atlphp.org/ The Southeast's premier PHP community. --- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: php array question
Victor C. wrote: I did a print_r(array_values)before calling the codes that had errors in it.. the following content is contained in $this->orders; Aaaghh. Can you give that to us in pre-formatted text, rather than copying and pasting it from the browser. My eyes are going everywhere trying to make sense of it. View the source of the page and grab it from there, please. :-) -- Ben Ramsey Zend Certified Engineer http://benramsey.com --- Atlanta PHP - http://www.atlphp.org/ The Southeast's premier PHP community. --- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: php array question
Ben Ramsey wrote: Victor C. wrote: $OrderObject =$this->orders[$OrderID=>$value]; This line is confusing. $OrderID=>$value is either a typo or is just plain wrong. It looks like what it's meant to say is: $OrderObject = $this->orders[$OrderID]; But this will just set $OrderObject equal to $value, so you should just use: $OrderObject = $value; Try that and see if it works. Nevermind. I read that wrong. $this->orders is an array of objects, like you said, which I glanced over too quickly. My statement above still holds, though. $this->orders[$OrderID=>$value] still appears to be a typo to me. It might supposed to be: $OrderObject = $this->orders[$OrderID] which will return the order object at $OrderID location in the array ($OrderID being the array key). Then, $OrderObject->OrderID should work properly. However, I would think that echo $OrderObject->OrderID; should produce the same results as echo $OrderID; But I could be wrong since I'm not exactly sure how the order object looks. Perhaps doing a var_dump on the $this->orders would help us out? -- Ben Ramsey Zend Certified Engineer http://benramsey.com --- Atlanta PHP - http://www.atlphp.org/ The Southeast's premier PHP community. --- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: php array question
Victor C. wrote: $OrderObject =$this->orders[$OrderID=>$value]; This line is confusing. $OrderID=>$value is either a typo or is just plain wrong. It looks like what it's meant to say is: $OrderObject = $this->orders[$OrderID]; But this will just set $OrderObject equal to $value, so you should just use: $OrderObject = $value; Try that and see if it works. -- Ben Ramsey Zend Certified Engineer http://benramsey.com --- Atlanta PHP - http://www.atlphp.org/ The Southeast's premier PHP community. --- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Working With Excel File ?
Matt M. wrote: Can PHP work with Excel files as database ? If not, how can I conver it to MySQL format and reconvert it to Excel 'coz I need it to report it in Excel format, if you are on windows you could use a com object. if you have access to perl, you could use http://search.cpan.org/~kwitknr/Spreadsheet-ParseExcel-0.2603/ParseExcel.pm You could also just use the MySQL database and have a PHP script that outputs the contents of your report to a CSV (comma-separated value) file with an extension of .csv. Excel will automatically open these files without problem. -- Ben Ramsey Zend Certified Engineer http://benramsey.com --- Atlanta PHP - http://www.atlphp.org/ The Southeast's premier PHP community. --- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Question about function dns_check_record
First of all, don't ask two questions in one message. Send two separate messages. You're more likely to get better answers to both questions. Bao Vu wrote: I have a problem regard to function - dns_check_record - dns_get_mx Can you tell me why the PHP said the "Call to undefined function"? Did you read the manual? <http://us2.php.net/manual/en/function.checkdnsrr.php> dns_check_record() is an alias for checkdnsrr(), which isn't implemented on Windows. Same thing for dns_get_mx()/getmxrr(). Check your platform. If you're on Windows, that could be the problem. and also class Dog { function __construct() { } } the construct or descontruction are not working? Are you using PHP 5? If you're still on PHP 4, then that's the problem. -- Regards, Ben Ramsey http://benramsey.com --- Atlanta PHP - http://www.atlphp.org/ The Southeast's premier PHP community. --- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] calling javascript
Jay Blanchard wrote: [snip] I have a form and Im doing a check on submission to check whether there are any blank field and if there are I want to call function.. error_popup(); does this make anymore sense to you. Now I understand that you cant call javascript from within php. wot would you recommend as an alternative. I dont have a button or anything that I want to press, just want to call the function so it can open a popup window. [/snip] You would then be using pure JavaScript ... I think onBlur is what you are looking for IIRC. You might want to send this to a JavaScript list. Nah. I was just using the button as an example to get you started. You'll probably want to call it from the onsubmit attribute of the form tag. I didn't want to get into too much of an HTML/Javascript discussion, since that's off-topic for this list. Google for form handling and javascript, etc. There're plenty of resources on it. -- Regards, Ben Ramsey http://benramsey.com --- Atlanta PHP - http://www.atlphp.org/ The Southeast's premier PHP community. --- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] calling javascript
Garth Hapgood - Strickland wrote: by saying ? echo error_popup(); or print error_popup; As someone mentioned, you cannot call a javascript function from within PHP. What is meant by client side/server side is this: PHP is processed on the server before sending any content to the browser; that's server-side. Then, the server sends the HTML output of the PHP script to the browser. Any javascript you have in the output is enacted in the browser (client-side). So, you want your PHP to output the javascript just like it might output HTML: i.e. echo '';<br> echo 'function error_popup() { newwin = window.open("error_popup.php","sss","height=470,width=450") }';<br> echo ''; echo ''; Sounds to me like you need to go back and revisit the introductory pages of the PHP manual. Take a look at <http://www.php.net/introduction> and follow the subsequent pages to read more about PHP and what it can do. It'll also take you through a tutorial that's fairly helpful. -- Regards, Ben Ramsey http://benramsey.com --- Atlanta PHP - http://www.atlphp.org/ The Southeast's premier PHP community. --- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: SOAP w/PHP 4
Dan Joseph wrote: Does PHP 4 support SOAP, or does something have to be added to it?? I know I've already given you some pointers on this, and hopefully you're on your way to playing with PHP and SOAP, but I noticed a potentially helpful article in the current issue of PHP Magazine. It's by Adam Trachtenberg and entitled "Talking to eBay with PHP & SOAP." Unfortunately, it's not available on-line, but you may be able to find a copy in a bookstore or order it from the PHP Magazine Web site. <http://www.php-mag.net/itr/ausgaben/psecom,id,229,nodeid,112.html> -- Regards, Ben Ramsey http://benramsey.com --- Atlanta PHP - http://www.atlphp.org/ The Southeast's premier PHP community. --- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: php command to open a url?
Ken Tozier wrote: I've been looking around in the php documentation for a couple of hours now but can't seem to find any functions to open a url in the current browser window. Does php allow this? If so, could someone point me to a link? Check out the PHP header() function, specifically the "Location" header: <http://www.php.net/header> -- Regards, Ben Ramsey http://benramsey.com --- Atlanta PHP - http://www.atlphp.org/ The Southeast's premier PHP community. --- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: SOAP w/PHP 4
Dan Joseph wrote: Ahh ok. I actually thought about PEAR, but I don't think I have the option to install it on our web server I'm working with. If you need to, you can just download the appropriate PEAR packages and use the classes without needing to "install" anything. It's definitely easier just to use the PEAR installer, but you can also just download the packages and put them in a place where your application can find them. Be sure to download the package dependencies (and their dependencies), too, and make sure that the packages can find each other, as well. (The dependencies are listed on the package download page.) It's a bit of a pain to do all that, but if you can't use the PEAR installer, it's a way around it. :-) -- Regards, Ben Ramsey http://benramsey.com --- Atlanta PHP - http://www.atlphp.org/ The Southeast's premier PHP community. --- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: SOAP w/PHP 4
Dan Joseph wrote: Does PHP 4 support SOAP, or does something have to be added to it?? Check out these functions, which are listed as "experimental": <http://www.php.net/soap> Or this PEAR package, which is still in "beta" stage: <http://pear.php.net/package/SOAP> -- Regards, Ben Ramsey http://benramsey.com --- Atlanta PHP - http://www.atlphp.org/ The Southeast's premier PHP community. --- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Code help on a multi select list
Jay Blanchard wrote: [snip] I would choose javascript to to check this This response I don't understand. [/snip] What is not to understand here...you are the one who said, "I want to do a server side trap". JavaScript would be the only way to do that. I agree with Ben who said to do both. I don't understand this response. ;-) How is Javascript the /only way/ to do a /server-side/ trap? Javascript is for the client side (unless you're coding in ASP and choose to use JScript instead of VBScript). -- Regards, Ben Ramsey http://benramsey.com --- Atlanta PHP - http://www.atlphp.org/ The Southeast's premier PHP community. --- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Code help on a multi select list
Stuart Felenstein wrote: I would choose javascript to to check this This response I don't understand. There are 50 options and the intent is to allow 3 of those 50. Then some "genius" comes along and turns off javascripting and chooses all 50. I KNOW it will happen. I wouldn't even dare to dream that it may not. Stuart Precisely... you can't rely on the the client to do your checking. You need to check from the server side to make sure no one's going to spoof your code. With that in mind, you mind want to implement both client-side and server-side checking. That way, it gives your legitimate users a more user-friendly approach, while still ensuring from the server-side that no one's going to spoof your form. -- Regards, Ben Ramsey http://benramsey.com --- Atlanta PHP - http://www.atlphp.org/ The Southeast's premier PHP community. --- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Code help on a multi select list
Stuart Felenstein wrote: I want to do a server side trap if a user selects more from a mult select list then allowed. Just unsure and didn't find any examples. Seems people rely more on javascript these days. So here is how I grab the array: if ( is_array( $_REQUEST['LurkerIndustry'] ) ) { $_SESSION['l_industry'] = array_unique( array_merge( $_SESSION['l_industry'], $_REQUEST['LurkerIndustry'] ) ); } here is my somewhat hazy notion: if ( is_array( $_REQUEST['LurkerIndustry'] ) ) { $_SESSION['l_industry'] = array_unique( if $l_industry > 5 ( Here I'm guess I need to redirect back to page with and error message) else array_merge( $_SESSION['l_industry'], $_REQUEST['LurkerIndustry'] ) ); } First of all, you didn't show your HTML code for the form, so I'm going to assume that your SELECT form field is set up as an array with the square brackets in the name: Next, you'll want to check out the array functions at <http://www.php.net/array> and study them. In particular, you'll want to check out the count() function. I'm not exactly sure of the logic behind your code, so I can't really comment on what you're trying to do, but, assuming you're trying to only count the unique values picked on the form, you'll want to do something like this: $l_industry = array_unique($_REQUEST['LurkerIndustry']); if (count($l_industry) > 5) { // ... do your stuff like redirecting back // to the form or redisplaying your form } -- Regards, Ben Ramsey http://benramsey.com --- Atlanta PHP - http://www.atlphp.org/ The Southeast's premier PHP community. --- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Newbie again: get no $QUERY_STRING
Horst Jäger wrote: I get no $QUERY_STRING (and no GET- or POST-Params). I'm using PHP 4.3.3 on a SUSE LINUX 9.0 Machine. When I view the following page: [html][head][/head][body] [?php echo gettype($QUERY_STRING); ?] [/body][/html] register_globals Off Off You have register_globals turned off so $QUERY_STRING won't work. DO NOT turn on register_globals. Instead, use $_SERVER['QUERY_STRING'] as a replacement for $QUERY_STRING. Read here for more info: <http://www.php.net/variables.predefined> -- Regards, Ben Ramsey http://benramsey.com --- Atlanta PHP - http://www.atlphp.org/ The Southeast's premier PHP community. --- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] creating a folder in php
Greg Donald wrote: On Tue, 12 Oct 2004 12:27:07 -0700, ApexEleven <[EMAIL PROTECTED]> wrote: ok dudes, we understand, as much fun as I have downloading and reading your awsome requests, lets just stop beating the horse, it's bee dead for quite a while now... The can is open, the worms are everywhere. So, let's go fishing! -- Regards, Ben Ramsey http://benramsey.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: [PHP-DB] folder creation in php
Trevor Gryffyn wrote: It's worth noting that if you're just generating HTML that creates just a regular old HREF pointing to a regular old file, that the web server will handle sending out the proper headers. This isn't always the case. If the file is a CSV file and you don't pass the proper headers (and the proper MIME types are not configured in your Web server), then it may try to display the file as plain text in the browser. I could list other examples. Also, depending on your browser (*ahem* IE), the browser will try to open many file types in the browser without prompting for download. Plus, if you use a PHP script to generate content and you want a user to download it, often times, they will end up downloading a file of the name "generate-content.php" for every single download. With the Content-Disposition header, you can avoid these situations and force the browser to prompt the user to download the file with the correct filename you specify. -- Regards, Ben Ramsey http://benramsey.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] creating a folder in php
Matthew Sims wrote: Here's what i'm trying to do in php and using a mySQL database: I want a button on a page that if clicked it launches the browser's or OS's "Save As" window, allowing me to specify where to save my file and/or create a new folder. This needs to work on Mac and PC. thx in advance Adil.. What's wrong with: This isn't even PHP. Because the OP is asking for how to have it prompt the user where to save a (assumingly downloaded) file--not how to choose a file to upload. -- Regards, Ben Ramsey http://benramsey.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: creating a folder in php
Adil wrote: I want a button on a page that if clicked it launches the browser's or OS's "Save As" window, allowing me to specify where to save my file and/or create a new folder. This needs to work on Mac and PC. Take a look at the header() function: http://us2.php.net/header Specifically, read the part about the Content-Disposition header. -- Regards, Ben Ramsey http://benramsey.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: validate a tag
Pahlevanzadeh Mohsen wrote: Dear,I have a input text tag that it named question. Also i have a 2 radio bottum. When i receive their value,I want to test that question tag is empty or not.If empty,I again send to client until client fill out this tag. Can u solve my problem? I also forgot to mention that you may want to consider using PEAR::HTML_QuickForm as a way to rapidly develop forms that also provides form validation. http://pear.php.net/package/HTML_QuickForm -- Regards, Ben Ramsey http://benramsey.com --- http://www.phpcommunity.org/ Open Source, Open Community Visit for more information or to join the movement. --- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: validate a tag
I just glanced at your code, and your usage of empty() looks correct and should work just fine. However, you're calling the function recursively (from within itself), so you'll probably wind up in a loop. Pull that test out and do it at the top of your script instead of within the function. I've also found that empty() sometimes doesn't work well with form values, so you may want to test with (strlen(trim($HTTP_POST_VARS['question'])) > 0) instead. Pahlevanzadeh Mohsen wrote: Dear,I have a input text tag that it named question. Also i have a 2 radio bottum. When i receive their value,I want to test that question tag is empty or not.If empty,I again send to client until client fill out this tag. Can u solve my problem? "; echo "Your question"; echo "radio type "; echo "check box type "; echo ""; /* if (empty($HTTP_POST_VARS['question'])) { echo "please fill out question field."; display_form(); }//end of if*/ }//end of display_form func function test_var() { if (empty($HTTP_POST_VARS['question'])) { echo "please fill out question field."; display_form(); }//end of if }//end of func function insert_to_question() { display_form(); while(empty($HTTP_POST_VARS['question'])) test_var(); }//end of insert_to_question func insert_to_question(); ?> -- Regards, Ben Ramsey http://benramsey.com --- http://www.phpcommunity.org/ Open Source, Open Community Visit for more information or to join the movement. --- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Linux "locate" to html script?
According to the manual, exec() "does not output anything. It simply returns the last line from the result of the command." The OP wants to display the output of 'locate' to the browser, so he should use passthru(), which displays all raw output. Jay Blanchard wrote: [snip] Does anyone have a script that can be used to call linux's locate command and display the results in a browser? I don't think it would be that hard and will make an effort today... [/snip] exec("locate foo"); -- Regards, Ben Ramsey http://benramsey.com --- http://www.phpcommunity.org/ Open Source, Open Community Visit for more information or to join the movement. --- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: PHP Linux "locate" to html script?
Have you taken a look at the passthru() function? http://www.php.net/passthru Boot wrote: Does anyone have a script that can be used to call linux's locate command and display the results in a browser? I don't think it would be that hard and will make an effort today... -- Regards, Ben Ramsey http://benramsey.com --- http://www.phpcommunity.org/ Open Source, Open Community Visit for more information or to join the movement. --- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] MSSQL, PHP and Linux
Just try --with-mssql=/usr/include instead. Is that where freetds is installed for you? I think it's in /usr/local for me, so I use --with-mssql=/usr/local. Blackwater Dev wrote: I have tried recompiling with --with-mssql and --with-mssql=/usr/include/freetds It all appears to compile correctly, except the info page does not reflect the config was done with mssql at all. below is a snippet of the config switches that were used. --enable-ftp \ --enable-magic-quotes \ --enable-safe-mode \ --enable-sockets \ --enable-sysvsem \ --enable-sysvshm \ --enable-discard-path \ --enable-track-vars \ --enable-trans-sid \ --enable-yp \ --enable-wddx \ --without-oci8 \ --with-pear=/usr/share/pear \ --with-imap=shared \ --with-imap-ssl \ --with-kerberos=/usr/kerberos \ --with-ldap=shared \ --with-mysql=shared,%{_prefix} \ --with-sybase=/usr/include/freetds \ --with-mssql=/usr/include/freetds \ Any help would be appreciated. thanks, On Wed, 1 Sep 2004 08:29:55 -1200, blackwater dev <[EMAIL PROTECTED]> wrote: We just tried again with the -mssql switch but it still doesn't seem to be therethe -mssql isn't on the info page...I don't have a clue... http://mwvre.ht-tech.net/info.php On Wed, 01 Sep 2004 15:08:41 -0400, Ben Ramsey <[EMAIL PROTECTED]> wrote: Like I and others have said, you need to compile PHP --with-mssql Blackwater Dev wrote: No, I was using the mssql functions which I want to use. I tried the dbx functions example: $link = dbx_connect('mssql', $mssqldbhost,"",$mssqldbuser,$mssqldbpass); but go the error that the mssql module isn't loaded. On Wed, 1 Sep 2004 14:06:55 -0400, John Holmes <[EMAIL PROTECTED]> wrote: From: "blackwater dev" <[EMAIL PROTECTED]> I need some help...I am helping a local business with a site which needs to connect to a mssql db, my webhost uses linux and compiled php with the freetds library and when I go to the info page..it does show Microsoft SQL Server under dbx yet I still get the errors "called to undefined function mssql_pconnect()"...what can I try next? Are you using the dbx functions and not mssql_connect/pconnect()?? http://www.php.net/manual/en/ref.dbx.php ---John Holmes... -- Regards, Ben Ramsey http://benramsey.com --- http://www.phpcommunity.org/ Open Source, Open Community Visit for more information or to join the movement. ------- PGP Key ID: 0x3968B5EE -- Regards, Ben Ramsey http://benramsey.com --- http://www.phpcommunity.org/ Open Source, Open Community Visit for more information or to join the movement. --- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: xml tags interfere with php tags
Just do it like this: '; ?> Josh Close wrote: How do I get an xml tag to work with a php script? php is trying to parse that. -Josh -- Regards, Ben Ramsey http://benramsey.com --- http://www.phpcommunity.org/ Open Source, Open Community Visit for more information or to join the movement. --- PGP Key ID: 0x3968B5EE -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: register global off
Afan Pasalic wrote: I think I am a little bit "confused" about $HTTP_POST_VARS and $_POST. php.net manual: Note that $HTTP_POST_VARS and $_POST are different variables and that PHP handles them as such http://us4.php.net/reserved.variables This just means that they don't occupy the same space in memory; $_POST is not a reference to $HTTP_POST_VARS and vice versa. If you make a change to one, the change doesn't carry over to the other. And the example I wrote still doesn't work: name After submitting $HTTP_POST_VARS['SubmitForm'] has value 'Submit' and $POST['SubmitForm'] is empty. Why's that? Check to make sure you're using $_POST['SubmitForm'] and not $POST['SubmitForm']. -- Regards, Ben Ramsey http://benramsey.com --- http://www.phpcommunity.org/ Open Source, Open Community Visit for more information or to join the movement. --- PGP Key ID: 0x3968B5EE -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php