Re: [PHP] php versions between os/platform
pedro mpa wrote: Greetings! I am building a website using PHP 5.1.2 and MySQL 5.0.18 and I am using windows xp with IIS. All the hosting companies I have contacted are using php 4.x.x and mysql 4.x.x or 3.x.x, on linux I suppose. Are php versions the same for every os/platform? Thanks in advance. Hi - It's been my experience that, yes, this is the case. However, there may be other modules which versions differ from platform to platform. Take, for instance, PHP's download page. One version is offerend for both Windows and Linux/BSD/Whatever. This is how I came to this conclusion. Hope that helps... -dant -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Use of auto_prepend_file inside an Apache directory container
Good afternoon, all -
I've had problems with auto_prepend_file off and on for as long as I can
remember. It's hit or miss, and browsing the archives, it looks like
I'm not alone. I've even written to the list on several occasions
looking for a solution, to no avail.
I think that auto_{prepend,append}_file are incredibly useful functions,
but they're crap if they don't work.
Here's the basic setup. From within Apache's config file, here's my
whole VirtualHost container:
VirtualHost 192.168.1.51
DocumentRoot /var/www/virtual
ServerName 192.168.1.51
ErrorLog logs/192.168.1.51-error_log
CustomLog logs/192.168.1.51-access_log combined
#begin dan's protected
directory stuff
Directory /demo/protected
php_value auto_prepend_file /absolute/path/to/file.php
/Directory
/VirtualHost
So, as you can see, nothing completely out of the 'norm. The examples
given in the manual are not all that clear, so by using absolute path
names, I'm just guessing. I have used relative paths as well - same thing.
The auto_prepend_file directive set from within php.ini, is commented
out, as to not overwrite my specification. I've tried leaving that
directive blank, and setting it to something completely different. Same
results.
If you guys wouldn't mind taking a few more minutes to mow over all of
this, I would *greatly* appreciate it.
Thanks
-dant
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Use of auto_prepend_file inside an Apache directory container
Dan Trainor wrote:
Good afternoon, all -
I've had problems with auto_prepend_file off and on for as long as I can
remember. It's hit or miss, and browsing the archives, it looks like
I'm not alone. I've even written to the list on several occasions
looking for a solution, to no avail.
I think that auto_{prepend,append}_file are incredibly useful functions,
but they're crap if they don't work.
Here's the basic setup. From within Apache's config file, here's my
whole VirtualHost container:
VirtualHost 192.168.1.51
DocumentRoot /var/www/virtual
ServerName 192.168.1.51
ErrorLog logs/192.168.1.51-error_log
CustomLog logs/192.168.1.51-access_log combined
#begin dan's protected
directory stuff
Directory /demo/protected
php_value auto_prepend_file /absolute/path/to/file.php
/Directory
/VirtualHost
So, as you can see, nothing completely out of the 'norm. The examples
given in the manual are not all that clear, so by using absolute path
names, I'm just guessing. I have used relative paths as well - same thing.
The auto_prepend_file directive set from within php.ini, is commented
out, as to not overwrite my specification. I've tried leaving that
directive blank, and setting it to something completely different. Same
results.
If you guys wouldn't mind taking a few more minutes to mow over all of
this, I would *greatly* appreciate it.
Thanks
-dant
Wow, that example came out really badly. Let's try again:
VirtualHost 192.168.1.51
DocumentRoot /var/www/virtual
ServerName 192.168.1.51
ErrorLog logs/192.168.1.51-error_log
CustomLog logs/192.168.1.51-access_log combined
# begin dan's protected directory stuff
Directory /demo/protected
php_value auto_prepend_file /absolute/path/to/file.php
/Directory
/VirtualHost
Thanks
-dant
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Use of auto_prepend_file inside an Apache directory container
Jasper Bryant-Greene wrote: On Tue, 2005-11-08 at 13:36 -0700, Dan Trainor wrote: [snip] So, as you can see, nothing completely out of the 'norm. The examples given in the manual are not all that clear, so by using absolute path names, I'm just guessing. I have used relative paths as well - same thing. The auto_prepend_file directive set from within php.ini, is commented out, as to not overwrite my specification. I've tried leaving that directive blank, and setting it to something completely different. Same results. If you guys wouldn't mind taking a few more minutes to mow over all of this, I would *greatly* appreciate it. Would you mind telling us what the problem is? You've said that you are having problems and that you don't think you're alone, but you haven't mentioned what the actual problem is. Ah, oops. Well, the problem is simple; it just doesn't work. No script is prepended to the page that I access from within /demo/protected. My prepend script consists of the following line of code: ? echo This is prepended.br /br /; ? Sorry about that. Thanks -dant -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Use of auto_prepend_file inside an Apache directory container
Jasper Bryant-Greene wrote: On Tue, 2005-11-08 at 13:43 -0700, Dan Trainor wrote: Well, the problem is simple; it just doesn't work. No script is prepended to the page that I access from within /demo/protected. My prepend script consists of the following line of code: ? echo This is prepended.br /br /; ? Sorry about that. Thanks. Have you tried putting quotes around the auto_prepend_file value in .htaccess? I'm thinking maybe Apache is messing with the path somehow. Something like: php_value auto_prepend_file /absolute/path/to/file.php Oh, and you probably know this, but make sure AllowOverride is set correctly in your main Apache config file; try setting it to All for debugging this. Thanks for the help - I have tried putting quotes around the string, as well, and that yields the same results. AllowOverride is set to All. Thanks again -dant -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Use of auto_prepend_file inside an Apache directory container
Curt Zirzow wrote:
On Tue, Nov 08, 2005 at 01:36:24PM -0700, Dan Trainor wrote:
Dan Trainor wrote:
Good afternoon, all -
I've had problems with auto_prepend_file off and on for as long as I can
remember. It's hit or miss, and browsing the archives, it looks like
I'm not alone. I've even written to the list on several occasions
looking for a solution, to no avail.
I think that auto_{prepend,append}_file are incredibly useful functions,
but they're crap if they don't work.
...
VirtualHost 192.168.1.51
DocumentRoot /var/www/virtual
...
# begin dan's protected directory stuff
Directory /demo/protected
php_value auto_prepend_file /absolute/path/to/file.php
/Directory
/VirtualHost
I believe you want to use Location instead. The Directory path is
never going to be seen since your files are over in /var, and your
prepend is waiting for something in /demo
Curt.
Hello, Curt -
So a Directory container's specification is never relative to the
DocumentRoot? It's my understanding that it is.
Thanks
-dant
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Use of auto_prepend_file inside an Apache directory container
Dan Trainor wrote:
Curt Zirzow wrote:
On Tue, Nov 08, 2005 at 01:36:24PM -0700, Dan Trainor wrote:
Dan Trainor wrote:
Good afternoon, all -
I've had problems with auto_prepend_file off and on for as long as I can
remember. It's hit or miss, and browsing the archives, it looks like
I'm not alone. I've even written to the list on several occasions
looking for a solution, to no avail.
I think that auto_{prepend,append}_file are incredibly useful functions,
but they're crap if they don't work.
...
VirtualHost 192.168.1.51
DocumentRoot /var/www/virtual
...
# begin dan's protected directory stuff
Directory /demo/protected
php_value auto_prepend_file /absolute/path/to/file.php
/Directory
/VirtualHost
I believe you want to use Location instead. The Directory path is
never going to be seen since your files are over in /var, and your
prepend is waiting for something in /demo
Curt.
Hello, Curt -
So a Directory container's specification is never relative to the
DocumentRoot? It's my understanding that it is.
Thanks
-dant
...however, I did heed your advice, and it seemed to work well. Now I'm
a but confused, unfortunately; why would this not work in a Directory
container? I thought that I had used this method in the past, with
great success.
Thanks
-dant
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Using PHP for accsess control, preventing access to static files
Hello, all - I'm designing a controlled access system in PHP, and it's coming along quite well. It's very simple, and just sets a session varibale, such as $_SESSION['authenticated'] = 1, not a whole lot. Now I run a small sniplet of code on the top of each HTML and PHP file, which checks for this variable, and either allows or denys access to the page. However, how do people protect against the downloading of real files, ones which are not parsed by PHP? .WMV, .MOV, .ZIP, .EXE and so on? I want to protect access to these as well, and if a visitor just types in a URL and is able to access the file because my access control mechanism simply doesn't work on those types of files, what should be the solution here? It's been suggested to use readfile() to accomplish this, by forwarding content from outside of the document root - but this just sounds odd. On top of being (what I think would be) incredibly slow, it just doesn't sound right. Thanks! -dant -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Using PHP for accsess control, preventing access to static files
Jason Motes wrote: I'm designing a controlled access system in PHP, and it's coming along quite well. It's very simple, and just sets a session varibale, such as $_SESSION['authenticated'] = 1, not a whole lot. Now I run a small sniplet of code on the top of each HTML and PHP file, which checks for this variable, and either allows or denys access to the page. However, how do people protect against the downloading of real files, ones which are not parsed by PHP? .WMV, .MOV, .ZIP, .EXE and so on? I want to protect access to these as well, and if a visitor just types in a URL and is able to access the file because my access control mechanism simply doesn't work on those types of files, what should be the solution here? It's been suggested to use readfile() to accomplish this, by forwarding content from outside of the document root - but this just sounds odd. On top of being (what I think would be) incredibly slow, it just doesn't sound right. I had a similar issue. I ended up using a .htaccess so that you could not open the file directly. If checked for the referrer. This is not the most secure way to do it. I know it can be spoofed. IndexIgnore * SetEnvIfNoCase Referer ^http://example.com/viewer.php; local_ref=1 Order Allow,Deny Allow from env=local_ref Jason Motes php at imotes.com Thanks for the reply, Jason - I'd like to keep the application as portable as possible; thus, I cannot use any kind of htaccess hackery because I want this PHP application to run on IIS, as well. Thanks -dant -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Using PHP for accsess control, preventing access to staticfiles
Ben wrote: Dan Trainor said the following on 10/27/2005 10:39 AM: Jason Motes wrote: However, how do people protect against the downloading of real files, ones which are not parsed by PHP? .WMV, .MOV, .ZIP, .EXE and so on? I want to protect access to these as well, and if a visitor just types in a URL and is able to access the file because my access control mechanism simply doesn't work on those types of files, what should be the solution here? snip I'd like to keep the application as portable as possible; thus, I cannot use any kind of htaccess hackery because I want this PHP application to run on IIS, as well. Move the files outside the document root so that they aren't available via a direct URL, then create a 'file access page' in php that will check for the session variable and either send or not send the file based on whether the user has access. - Ben Ben - I knew this, but it was the send or not send thing that I was concerned about ;) Thanks -dant -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Using PHP for accsess control, preventing access to staticfiles
Ben wrote: Dan Trainor said the following on 10/27/2005 01:34 PM: Ben wrote: Move the files outside the document root so that they aren't available via a direct URL, then create a 'file access page' in php that will check for the session variable and either send or not send the file based on whether the user has access. - Ben Ben - I knew this, but it was the send or not send thing that I was concerned about ;) Sounds like you need to have a look here: http://ca3.php.net/manual/en/ref.filesystem.php and specifically here: http://ca3.php.net/manual/en/function.fpassthru.php and so you can set the proper headers: http://ca3.php.net/manual/en/function.filetype.php The on-line manual is your friend :-). Also, you will want to be _very_ careful about ensuring that the file you are sending is in fact the file you want to be sending (ie /etc/passwd would be a no-no). - Ben Ben - Yes, I've been playing with passthru() today, and it's quite interesting. I think it's going to work. I made a little pass-through (pardon the pun) scriupt to do exactly what I'm looking for. I've already started working on a set of sanity checks and such for the requested files to prevent such malicious activity. I want to thank you all again for your help. Thanks! -dant -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Forcing auto_prepend_file to work regardless of what document was accessed
Richard Lynch wrote: On Sat, October 22, 2005 11:42 pm, Dan Trainor wrote: This would be a great solution, and I'm sure my concern is something that's been discussed many times on this list - I'm worried about the performance hit that the machine would take, if/when parsing a large number of files, in this manner. For small sites, I have no problem adding .html, .htm and friends to PHP's own AddType. But I'm not so sure for larger sites. I'll browse the archive for info and data, and weigh my options. Last benchmarks I saw clocked in at 5 to 10% loss to run all .htm and html files through PHP. That was awhile ago, though. Test on a dev server with apache benchmark (ab) before and after and see. PHP doesn't really *DO* much until it hits '?php' if you think about it. It just reads the file, uses something like strtok() to search for '?php' and spits it back out. Richard - Excellent; I'll be looking into that more. Thanks -dant -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Using PHP-based form authentication, circumventing existing Apache .htaccess require valid-user
Hello, all - I'm trying to think of how this might be possible, but I can't seem to come up with anything. I'd like to make a login form of sorts, which would enable a user to authenticate against. A simple HTML form, with a PHP back-end, where a user enters a username and password. If this authentication succeeds, the user is redirected to the protected area. However, this protected area was originally protected by an Apache .htaccess-style require valid-user. After authentication succeeds, I'd like to redirect the user to the Apache protected directory, circumventing the .htaccess require valid-user method - because the user has already authenticated by some other means, and there's no need to re-authenticate against HTTP Basic Authentication. Anyone know if this is possible, and if so, how this might work? I'm just looking for some ideas here. As always, thanks for the time -dant -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Using PHP-based form authentication, circumventing existing Apache .htaccess require valid-user
Robert Cummings wrote: On Sat, 2005-10-22 at 19:28, Dan Trainor wrote: Hello, all - I'm trying to think of how this might be possible, but I can't seem to come up with anything. I'd like to make a login form of sorts, which would enable a user to authenticate against. A simple HTML form, with a PHP back-end, where a user enters a username and password. If this authentication succeeds, the user is redirected to the protected area. However, this protected area was originally protected by an Apache .htaccess-style require valid-user. After authentication succeeds, I'd like to redirect the user to the Apache protected directory, circumventing the .htaccess require valid-user method - because the user has already authenticated by some other means, and there's no need to re-authenticate against HTTP Basic Authentication. Anyone know if this is possible, and if so, how this might work? I'm just looking for some ideas here. If you know the appropriate login and password then you can redirect using the username and password in the url (not very secure though): http://user:[EMAIL PROTECTED]/blahBlahBlah.php Cheers, Rob. Thanks for the suggestion, Rob, but the dominant browser (sadly, IE) no longer supports this in later versions. Thanks -dant -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Using PHP-based form authentication, circumventing existing Apache .htaccess require valid-user
Richard Lynch wrote: You USED to be able to do that by putting http://username:[EMAIL PROTECTED] but then Microsoft, in its infinite wisdom, decided that was a security risk and stopped supporting it. AFAIK, there's no way to SET the USER/PASS from server to browser... H. You could maybe use cURL to login, then pass back all the responses to the browser, and then the headers that make them be logged in would work for both your login and their .htaccess. The PHP Form and HTTP Auth part of all this for your first login is documented right in the manual, so you needn't strain your brain on that bit. Thanks for the response, Richard - However, I'm not looking to insert usernames or passwords into the client browser. I'm simply looking for a way to have apache totally ignore all AuthConfig information if the user has already authenticated to the system using some PHP form hackery. I think I found a solution here that I'm going to play with. Thanks -dant -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Forcing auto_prepend_file to work regardless of what document was accessed
Hello, all - Anyone know if it's possible to use auto_prepend_file to force the appending of a file to the request, regardless of what kind of document is generated? I can see this being a problem if the document was a picture or a video or some such - but is thre a hidden argument list to auto_prepend_file where I can force inclusion of this file, if x, y, and z document types were requested? Thanks! -dant -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Forcing auto_prepend_file to work regardless of what document was accessed
Richard Lynch wrote: On Sat, October 22, 2005 11:25 pm, Dan Trainor wrote: Anyone know if it's possible to use auto_prepend_file to force the appending of a file to the request, regardless of what kind of document is generated? I can see this being a problem if the document was a picture or a video or some such - but is thre a hidden argument list to auto_prepend_file where I can force inclusion of this file, if x, y, and z document types were requested? Not the way you describe it, but... In .htaccess, put: Files .xyz ForceType application/x-httpd-php /Files Now all your .xyz files ARE PHP files. auto_prepend will happen. PHP will parse the files but do nothing unless they happen to contain the character combination ?php (or ? or ?= if you have short_tags on) This may or may not be suitable in your environment. This would be a great solution, and I'm sure my concern is something that's been discussed many times on this list - I'm worried about the performance hit that the machine would take, if/when parsing a large number of files, in this manner. For small sites, I have no problem adding .html, .htm and friends to PHP's own AddType. But I'm not so sure for larger sites. I'll browse the archive for info and data, and weigh my options. Thanks -dant -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Installing under IIS6.0
Jay Blanchard wrote: [snip] However, this really isn't what I'm looking for. I'm simply looking for a way to parse PHP code from within existing HTML pages, so that I can migrate a site from Apache to IIS6.0. Like I said, if I were using Apache, I would just add .html to my AddType directive, and call it good. Is it not this simple under IIS? [/snip] Sorry, I just saw this thread. In order to handle HTML you have to allow it to be handled via the ISAPI dll Open Internet Information Services, right click on the web site, click Properties. On the Home Directory tab make sure Execute Permissions is set to Scripts Only. Click the Configuration button just to the right of that. Click Add. In the Executable box put the path to yous PHP ISAPI dll In the Extension box put .html Click OK until you get back to the IIS main. Stop the web server, then restart. HTML files will now be handled through the PHP dll. Thanks for the response, Jay - Some trial and error led me to do just this, which works fine. The reason why I'm doing this, is because I'm trying to get someone to convert from using PHP embedded inside HTML pages, to making straight PHP pages ending with .php, so that only PHP will snag those. For right now I'm satisfied with a resource sacrafice to make this transition work. Thanks again -dant -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Installing under IIS6.0
Hello, all - This is a subject that I've seen pop up on the list a few times, but not in great detail about setting up PHP under IIS 6.0. What I'm trying to achieve here is to install PHP to process PHP code embedded inside of HTML pages. Under Apache, I'd just add .html to my AddType directive and call it good. I know I'd sacrafice some speed for a bit of functionality (and bad code), but that's a sacrafice that I need to make here. I've got PHP set up to the point where it will process files ending in .php, but I want to blanket the processing of PHP code under IIS in the same manner in which I blanket PHP code with Apache. If anyone has any suggestions, other than reading PHP's manual which I've read several times which does not cover this, I would greatly appreciate it. Thanks -dant -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Generating images on the fly, linking via symlink?
Hello, all - This is a question that could depend on a completely different (yet, relayed) subject, so I'm sending this email to both php-general@ and [EMAIL PROTECTED] I thank you in advance for your understanding. I am currently generating some images on the fly using some of PHP's image generation and rendering functions. I'm having loads of success, and like the results that I see. What I'd like this script to do is, to create symlinks to the origional image, and then when the script is done running, the symlinks are deleted. Basically trying to make it so that the origional image is not known to the client or browser. So I'm taking, say, image1.jpg. I'm creating a symlink via: $linkname = md5(rand()); or something similar. I'd then like to return $linkname to the client or browser. Then, when the browser has completed rendering the page to the client or browser, the symlink is then deleted. What I'm curious as to right now is if I do this, the client will see the link to $linkname via HTML's img src= specification. What happens if this is sent to the client or browser, and the symlink is deleted immediately after the name is sent to the client or browser? Would the web server (in this case, Apache) cache the image in memory until the client has downloaded said image, and then delete it from memory when the page is done rendering or being sent? Will PHP totally disregard the web server's request to hold the image, and render nothing to the browser? This is something I'm confused about. Thanks! -dant -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Generating images on the fly, linking via symlink?
Dan Trainor wrote: Hello, all - This is a question that could depend on a completely different (yet, relayed) subject, so I'm sending this email to both php-general@ and [EMAIL PROTECTED] I thank you in advance for your understanding. I am currently generating some images on the fly using some of PHP's image generation and rendering functions. I'm having loads of success, and like the results that I see. What I'd like this script to do is, to create symlinks to the origional image, and then when the script is done running, the symlinks are deleted. Basically trying to make it so that the origional image is not known to the client or browser. So I'm taking, say, image1.jpg. I'm creating a symlink via: $linkname = md5(rand()); or something similar. I'd then like to return $linkname to the client or browser. Then, when the browser has completed rendering the page to the client or browser, the symlink is then deleted. What I'm curious as to right now is if I do this, the client will see the link to $linkname via HTML's img src= specification. What happens if this is sent to the client or browser, and the symlink is deleted immediately after the name is sent to the client or browser? Would the web server (in this case, Apache) cache the image in memory until the client has downloaded said image, and then delete it from memory when the page is done rendering or being sent? Will PHP totally disregard the web server's request to hold the image, and render nothing to the browser? This is something I'm confused about. Thanks! -dant Hello - Don't suppose anyone has any pointers for me with this one, do ya? Thanks! -dant -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Questions regarding distribution of PHP modules as binaries
Hello, all - I've got one more question for you all, which I don't quite understand. What if, say, I'd like to develope an application which requires the use of, well for simplicity, some SSL functionality. I would distribute my PHP application, but then would provide compiled modules for each specific PHP version which I expect my application to run on, for use by the client to include them as a module in php.ini, to provide that functionality. As it currently stands in the licensing behind PHP, am I legally allowed to do this? I understand that this is an unorthadox approach to software distribution, but it's just an idea that I had. If someone who knows PHP's licesnsing deep down wouldn't mind taking a minute here telling me what I can and can't do in this respect, I would greatly appreciate it. Thanks! -dant -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] User redirection, passing HTTP AUTH credentials
Kristen G. Thorson wrote: Dan Trainor wrote: Hello once more, all - I was wondering if it's at all possible to redirect a user to a remote site, while passing HTTP AUTH credentials somehow. I've been tinkering around with making a secure login gateway, and the first server that they log in to would negotiate the login sequence, but the system would have to preserve HTTP USER and HTTP PASSWD to be passed to the remote site, as to be backwards compatible with existing HTTP AUTH-based systems. I'd rather not use http://user:[EMAIL PROTECTED], however. There's got to be a different way. I understand that the user's browser is the actual element in which the username and password are stored for HTTP auth. Is there a way to inject or update this information without any interaction from the visitor him/herself? Thanks again! -dant A few weeks ago, I was asked the same question, due to new M$ security feature: http://support.microsoft.com/kb/834489 The authenticated site is third party and cannot change their login process or type, so that's why HTTP authentication cannot be turned into something else. The idea is that someone can make user:[EMAIL PROTECTED] look like this: [EMAIL PROTECTED] which would make poor unsuspecting people think they were going to microsoft.com. The real problem is described here: http://www.microsoft.com/technet/security/bulletin/MS04-004.mspx and http://support.microsoft.com/?id=833786 If you hover your mouse over the link before this security update was applied, you should only see www.microsoft.com, not the entire link url because of the %01 character. So, obviously, the whole thing has to be disabled! Okay, so then I looked into an AJAX-type thing, wondering if the browser would cache authentication if I passed it in a Javascript call. I gave it a shot, but kept getting script syntax errors. Apparently the same security update that disabled authentication in the url disabled it in the XMLHTTP open method: http://www.codingforums.com/archive/index.php/t-45348.html The workarounds MS described in 834489 (two of which are tell them to enter the user name and password and don't do it at all. shoot me.) are all MS specific, and it'd be nice to find a method that would work on all (most) browsers. This is where I ended my research, but hopefully it will keep some other poor soul from having to wade through the MS knowledge base battling vague references to vulnerabilites and security holes. Good luck, and please let me know what your solution is. kgt Kristen - That's some very interesting research that you did there. I, too, tried to look into a JavaScript solution and found the same problems. I'm going to keep farting around with it here, and I'll let you know. I don't expect to find something new, but rather, just make the whole process that much less of a pain in the ass, of typing in a new username and password. Thanks -dant -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] htpasswd-style password generation w/PHP
Hello, all - I've been trying to figure out a reliable way of creating user:pass combinations to be used from within an Apache-based .htpasswd file. From what I understand, PHP's crypt() function is almost identical to the Linux system crypt() function, which 'htpasswd' uses. However, when using PHP's crypt(), my result string is much longer than the one that can be found in your ordinary .htpasswd file generated by 'htpasswd'. However, thi smight be what I'm looking for, since 'htpasswd' is know to use two different types of password encryption: (from htpasswd's manpage) htpasswd encrypts passwords using either a version of MD5 modified for Apache, or the system’s crypt() routine. Files managed by htpasswd may contain both types of passwords; some user records may have MD5-encrypted passwords while others in the same file may have passwords encrypted with crypt(). Does PHP's crypt() use that modified version of an MD5 routine, and that's what I'm seeing? Basically I'd like to make an application that can modify any .htpasswd file, adding and deleting users, without actually running the 'htpasswd' utility. Thanks! -dant -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Automatically generated emails
Rory Browne wrote: The thing is that we do want to help. We want everyone to have as positive experience as possible with PHP, and I've personally spent hours in the past helping people with their various PHP Problems, both on this list and elsewhere, so you'll understand if I take issue with your suggestions. Most of us here on the PHP list, and particularly the majority of those who have responded to this post are in the habit of bending over backwards to help people out... BUT: We need something to work with, and you haven't given us much. You need to give us WAY more information. What part of generating the email are you having problems with? Are you for example having problems getting the information from the form, in your PHP script? Are you having problems getting the mail() function to work? Are you having problems getting the text into the format that you want it in? You've asked a very broad question, and unless you can focus it down a bit, then all we can do is either ask you for clarification, or direct you to the PHP manual. In this case, I would direct you to the pages for predetermined variables(in this case $_GET and $_POST), sprintf, and mail www.php.net/manual/en/reserved.variables.php#reserved.variables.get , www.php.net/sprintf , and www.php.net/mail It would take a very long answer, and a waste of ours and the manual writers time if we simply rewrote what was already in the manual. Having that said, feel free at any stage to ask us for clarification of something you don't understand, but we request that you make some reasonable effort to solve your own problems before jumping to the list. On 8/29/05, Ravi Gogna [EMAIL PROTECTED] wrote: Nice to know that newbies are well looked after on these lists. If you didn't wanna help, you could have not clicked reply Jay Blanchard wrote: [snip] Yes. [/snip] Watch out, this'll start a flood of why can't you be nice? e-mail John, any relatives still in LA? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php While we're on the subject... Stop top-posting. ;) Seriously, however - as others have suggested, http://www.php.net/mail should get you well on your way. Use the manual as your number one reference. If you cannot figure it out using that, then resort to the list. You're more than welcome to write to the list at any point in time, however, if you do a bit of research first, it will save a considerable amount of time for both you and us. Hope that helps -dant -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Sessions, Constructors, and Destructors - Oh my!
Hello, all - I was doing some thinking today about the above three subjects. Now, I might sound like a complete tool here because I don't think I quite know exactly in which instances constructors and destructors can be used - but what about inside a session? Say I had a visitor hit a site. A session would start, and the constructor would preform some housekeeping with the session; setting data correctly, gathering other data, executing another PHP function, yada yada. Then, when the session expired, Mr. Destructor would come in and clean up - from within the session. Is this possible? Does it work this way? If so, or if not for that matter, please help me out here to better understand how these three elements interact with eachother, if at all. Also - how would one go about handling sessions behind a load-balancing configuration? The best I've thought of is to use some sort of load balancer which also has an NFS share. Sessions are created with this load balancer, and Apache or whatever proxy's the connection to the machines behind the load balancer. The machines behind the load balancer map the NFS share from the load balancer, and are able to interact with the session. I'm very curious as to how session tracking is done through multiple machines, as well. As always, thanks again for your time. -dant -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sessions, Constructors, and Destructors - Oh my!
Nathan Tobik wrote: Does your load balancer support sticky sessions? What this means is a client will make a request and the request will be sent through a load balancer. That LB will remember the client and always point the client's requests to the same webserver. This way you don't have to write your own session handler like someone else suggested. I know the F5 load balancers are able to support sticky sessions, I don't know if what you're using is able, but it might be worth an hour or two to look into it. Nate Tobik (412)661-5700 x206 VigilantMinds snip? Also - how would one go about handling sessions behind a load-balancing configuration? The best I've thought of is to use some sort of load balancer which also has an NFS share. Sessions are created with this load balancer, and Apache or whatever proxy's the connection to the machines behind the load balancer. The machines behind the load balancer map the NFS share from the load balancer, and are able to interact with the session. I'm very curious as to how session tracking is done through multiple machines, as well. /snip Thanks for the reply, Nathan - Are there any such interfaces that are software-based? I think that Jasper's suggestion would be the most feasable, but I'd still like to know my options. In my mind, hardware immediately equates to $$$, whereas software immediately does not. Thanks -dant -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sessions, Constructors, and Destructors - Oh my!
Thanks for replying, Jasper - snip Is this possible? Does it work this way? If so, or if not for that matter, please help me out here to better understand how these three elements interact with eachother, if at all. Ah yes, me being quite new didn't take into consideration in which versions constructors and destructors were available. Thank you. I think that (in PHP5 -- PHP4 doesn't have real destructors) you could put an object inside the $_SESSION variable and it would be serialized in the session (as long as you had the class definition available when it was unserialized, i.e. before session_start() is called). snip The best thing to do in this situation is to write your own session_save_handler that uses a database, and point it at the MySQL server [2]. If you really had to, you could maybe put the session_save_path on the NFS share [3]. I think that'sm y winner, and the best suggestion yet. I will consider my options. Thanks -dant -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sessions, Constructors, and Destructors - Oh my!
Nathan Tobik wrote: I've never looked into some of the open-source load balancing solutions, but I know they exist are are out there. The F5's I mentioned are probably around $20k each, and you need two obviously, so if you're on a limited budget those are not the solution for you. I'd google for open source load balancer. I know OpenBSD has some failover capacity through something called CARP, but I'm not sure how that would work with your solution. Nate Tobik (412)661-5700 x206 VigilantMinds . Thanks for the reply, Nathan - Are there any such interfaces that are software-based? I think that Jasper's suggestion would be the most feasable, but I'd still like to know my options. In my mind, hardware immediately equates to $$$, whereas software immediately does not. Thanks -dant Nathan - Sure, I know of some load balancing software, but I do not know of any that support sticky sessions out of the box. BTW, how are these sessions passed? Is this a client-server approach, where the LB accepts the session data and uses a proxy to forward them to the load balanced machine, or does the load balancer do it's thing at perhaps Layer 2, and completely forwards the connection to the LB'd server? Thanks! -dant -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] User redirection, passing HTTP AUTH credentials
Hello once more, all - I was wondering if it's at all possible to redirect a user to a remote site, while passing HTTP AUTH credentials somehow. I've been tinkering around with making a secure login gateway, and the first server that they log in to would negotiate the login sequence, but the system would have to preserve HTTP USER and HTTP PASSWD to be passed to the remote site, as to be backwards compatible with existing HTTP AUTH-based systems. I'd rather not use http://user:[EMAIL PROTECTED], however. There's got to be a different way. I understand that the user's browser is the actual element in which the username and password are stored for HTTP auth. Is there a way to inject or update this information without any interaction from the visitor him/herself? Thanks again! -dant -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Image Rendering/Generation Options
Hello, all - I've seen a few times, albeit I don't know how, people generate images on a page in different ways, such as maybe using base64 to output the raw image data into a page? Is this correct? If so, what does it look like? How would one go about doing this? If not, what are my options to achieve something like this? What are my alternatives? What kind of performance impact, if any, does this make on both the load on the server and the rendering time for a given image to the client? Last but certainly not least, is this a dumb idea? What I'm looking to do is to deliver dynamic content to the browser, without writing images to disk. I simply want what would be written to disk, be displayed in a specific area I'm talking about. I'm sorry if this is a dumb question. Once I get a few more clues here, I'll be able to figure the rest of this out pretty well, I'm quite sure. As always, thanks for the time -dant -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Resizing thumbnails to the browser
Richard Lynch wrote: On Sun, August 21, 2005 3:04 pm, Murray @ PlanetThoughtful wrote: I have a series of thumbnails on my site of photos I've taken that are all 150px in width, but of variable height. I want to randomly display one of the thumbnails each time the home page of my site is loaded in a column that is 140px wide. I'm wondering if anyone can point me at some code that would achieve this? All of the thumbnails are in jpg format. So, essentially, I'm trying to resize the thumbnails down to 140px wide while maintaining the aspect ratio of the image's height. The scaling is easy. It's getting the damn browsers not to screw up that's hard :-) Actually, a cheap and easy way would be to just use: img src=/image150.jpg width=140 The penalties are: 1. The browser downloads a 150x??? image which is a TINY bit larger than 140x???, but, really, this is negligible. 2. The browser has to scale the image, and that's slow if it's a really really old slow computer. But, to do it right server-side. 1. Edit a .htaccess file and add this to it: Files thumbnail ForceType application/x-httpd-php /Files This informs Apache that your 'thumbnail' file is REALLY a PHP file, even without the .php on the end. 2. Put this in 'thumbnail': ?php //Untested... $path = /full/hard/drive/directory/path/to/your/images/; $image = imagecreatefromjpeg(filename($path . $_SERVER['PATH_INFO'])); $width = imagesx($image); $height = imagesy($image); $new_width = 140; $new_height = round(140 * $height/$width); $new_image = imagecreatetruecolor($new_width, $new_height); // resource dst_image, resource src_image, int dst_x, int dst_y, int src_x, int src_y, int dst_w, int dst_h, int src_w, int src_h imagecopyresamples($new_image, $image, 0, 0, 0, 0, $new_width, $new_height, $width, $height); ob_start(); imagejpeg($new_image); $data = ob_get_contents(); ob_end_clean(); header(Content-type: image/jpeg); header(Content-length: . strlen($data)); echo $data; ? Now, to use this script, make an IMG tag like: img src=thumbnail/original150image.jpg width=140 The browser will never know the image is dynamic, nor that you are using PHP, and that's the way you want it. Hello, Richard - Would the abovementioned use of ForceType also allow one to produce an image given an HTTP GET query? I was tinkering around with something in the past where I wanted to implement something such as: img src=http://example.com/myscript.php?site=1image=2something=3; Would what you suggest force the server to return an image for that given URL, so that the img src specification listed above will work? Thanks! -dant -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Resizing thumbnails to the browser
Jasper Bryant-Greene wrote:
Dan Trainor wrote:
Would the abovementioned use of ForceType also allow one to produce an
image given an HTTP GET query? I was tinkering around with something in
the past where I wanted to implement something such as:
img src=http://example.com/myscript.php?site=1image=2something=3;
Would what you suggest force the server to return an image for that
given URL, so that the img src specification listed above will work?
From myscript.php in the above example, just return a Content-Type
header and output the image data. Example:
header('Content-Type: image/jpeg');
imagejpeg($my_gd_image);
Jasper
Hello, Jasper -
Very nice bit of information there.
Thanks.
-dant
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Need help with for loop, pulling MySQL data, completely lost
Hello, all -
As a pet project of mine, I've decided to write a bit of code. This is
what I have, and it's not working as expected:
if ($action == prepareforupdate) {
@unlink(UPDATES/.$id./9.jpg);
$query0 = SELECT * FROM updates WHERE id=.$id.;
if (!$dbdata = mysql_query($query0)) {
echo Can't run query: .mysql_error();
die;
};
for ($i = 9; $i = 0; $i--) {
$j = $i - 1;
echo Getting ready to rename UPDATES/$id/$j.jpg to
UPDATES/$id/$i.jpg || nbsp;nbsp;nbsp;nbsp;br /;
@rename(UPDATES/$id/$j.jpg,UPDATES/$id/$i.jpg);
$returned = mysql_fetch_assoc($dbdata);
$query1 = UPDATE updates SET . $i . d = '
.$returned[$j.d]. ' WHERE id=' . $id . ';
if (!mysql_query($query1)) {
echo MySQL Error: .mysql_error();
};
}
}
I have a database in the following format. Let's say that d stands
for date, and t stands for times, and I have ten days' worth of
archives going on:
|id|1d|1t|2d|2t|3d|3t|...|8d|8t|9d|9t|
I'm trying to move the contents of the previous field to the logical
next field, so the value of field 8d becomes 9d, the value of 7t
becomes the value of 8t, and so on.
The problem that I'm having here is that only the first iteration of the
for loop work properly. Everything after that, is not being pulled up
properly, I suspect. This is what MySQL shows:
174 Query SELECT * FROM updates WHERE id=5
174 Query UPDATE updates SET 9d = '2005-08-21' WHERE id='5'
174 Query UPDATE updates SET 8d = '' WHERE id='5'
174 Query UPDATE updates SET 1d = '' WHERE id='5'
174 Query UPDATE updates SET 0d = '' WHERE id='5'
So all in all, I think I might be a bit out of my league here, but I am
eager to learn. I think of this as more of a dynamic approach to a
situation that I'm trying to adapt to.
As always, any feedback, or flames for that matter, would be greatly
appreciated.
Thanks
-dant
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Need help with for loop, pulling MySQL data, completely lost
Evan Priestley wrote:
Dan,
When you run the second query ($query1), its results overwrite the
results of your first query ($query0). `mysql_fetch_assoc()' returns
results from the _most recent_ query, so after the first iteration, the
call to `mysql_fetch_assoc()' is returning results from `query1', not
from `query0'.
To solve this, retrieve all data from `query0' before iterating over
it. Sample code in /painstakingly exact/ PHP which I have tested
extensively:
?php
run query0
while( rows exist )
$rows[] = get next row
foreach $rows
for i = 0; i = 0; i-- {
build query1
run query1
}
?
Excellent description of your problem, by the way; this one's tricky
and definitely had me for a while when I first ran into it.
Evan
On Aug 21, 2005, at 7:24 AM, Dan Trainor wrote:
Hello, all -
As a pet project of mine, I've decided to write a bit of code. This
is what I have, and it's not working as expected:
if ($action == prepareforupdate) {
@unlink(UPDATES/.$id./9.jpg);
$query0= SELECT * FROM updates WHERE id=.$id.;
if (!$dbdata = mysql_query($query0)) {
echo Can't run query: .mysql_error();
die;
};
for ($i = 9; $i = 0; $i--) {
$j = $i - 1;
echo Getting ready to rename UPDATES/$id/$j.jpg to
UPDATES/$id/$i.jpg || nbsp;nbsp;nbsp;nbsp;br /;
@rename(UPDATES/$id/$j.jpg,UPDATES/$id/$i.jpg);
$returned = mysql_fetch_assoc($dbdata);
$query1 = UPDATE updates SET . $i . d = '
.$returned[$j.d]. ' WHERE id=' . $id . ';
if (!mysql_query($query1)) {
echo MySQL Error: .mysql_error();
};
}
}
I have a database in the following format. Let's say that d stands
for date, and t stands for times, and I have ten days' worth of
archives going on:
|id|1d|1t|2d|2t|3d|3t|...|8d|8t|9d|9t|
I'm trying to move the contents of the previous field to the
logical next field, so the value of field 8d becomes 9d, the
value of 7t becomes the value of 8t, and so on.
The problem that I'm having here is that only the first iteration of
the for loop work properly. Everything after that, is not being
pulled up properly, I suspect. This is what MySQL shows:
174 Query SELECT * FROM updates WHERE id=5
174 Query UPDATE updates SET 9d = '2005-08-21' WHERE id='5'
174 Query UPDATE updates SET 8d = '' WHERE id='5'
174 Query UPDATE updates SET 1d = '' WHERE id='5'
174 Query UPDATE updates SET 0d = '' WHERE id='5'
So all in all, I think I might be a bit out of my league here, but I
am eager to learn. I think of this as more of a dynamic approach to
a situation that I'm trying to adapt to.
As always, any feedback, or flames for that matter, would be greatly
appreciated.
Thanks
-dant
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Hello, Evan, and thanks for your reply -
I was under the impression that, since I specified $dbdata as the
argument to mysql_fetch_assoc(), that this would work exclusively with
query0. I'm a bit confused as to how query0's return is getting
overwritten, since I've tried to keep query0 and query1 seperate.
I'm going to drop this whole script, since I've found a much better way
of keeping records of updates involving one big-ass database, but I'd at
least like to know what I did wrong in this instance, so that I at least
learn something. Your explanation was very helpful, but please clarify,
if you would be so kind.
Thanks
-dant
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Help with a home-grown function
Hello, all -
I've been looking around for a function that would tell me if a $value
in a $key=$value array was empty, and I could not find one. So I
decided to make my own. Even if I am re-inventing the wheel, I thought
that the practice might be good for me.
However, my function doesn't *quite* work, and I'm having a difficult
time finding out why. The code is as follows:
function findMissingVals($workingArray) {
$newcount = count($workingArray);
for ($i = 0; $i = $newcount; $i++) {
if (empty($workingArray['$i'])) {
return 1;
}
}
}
So it takes in $workingArray as an array, runs a loop, checks $i, yada
yada. The thing is, that sometimes the function does not return 1, even
when it should.
I was hoping some experienced eyes could take a gander at this and give
me some pointers.
Thanks!
-dant
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Help with a home-grown function
Mike Johnson wrote:
From: Dan Trainor [mailto:[EMAIL PROTECTED]
Hello, all -
I've been looking around for a function that would tell me if a $value
in a $key=$value array was empty, and I could not find one. So I
decided to make my own. Even if I am re-inventing the wheel,
I thought that the practice might be good for me.
However, my function doesn't *quite* work, and I'm having a difficult
time finding out why. The code is as follows:
function findMissingVals($workingArray) {
$newcount = count($workingArray);
for ($i = 0; $i = $newcount; $i++) {
if (empty($workingArray['$i'])) {
return 1;
}
}
}
So it takes in $workingArray as an array, runs a loop, checks $i, yada
yada. The thing is, that sometimes the function does not
return 1, even when it should.
I was hoping some experienced eyes could take a gander at
this and give me some pointers.
PHP doesn't eval code in single-quotes, so what you want to do is
simply:
if (empty($workingArray[$i])) {
return 1;
}
With the single-quotes, it's looking for the string $i as a key.
HTH!
Hey there, Mike -
Your tips were very helpful, thank you. I saw my error, but I am still
having problems. Being somewhat novice to PHP, I think my error might
very well just be in my implementation of the function, as follows:
function findMissingVals($workingArray) {
$newcount = count($workingArray);
for ($i = 0; $i = $newcount; $i++) {
if (empty($workingArray[$i])) {
return 1;
}
}
}
if (findMissingVals($vars)) {
if (!$var1) { ? hi1 ? };
if (!$var2) { ? hi2 ? };
if (!$var3) { ? hi3 ? };
if (!$var4) { ? hi4 ? };
if (!$var5) { ? hi5 ? };
if (!$var6) { ? hi6 ? };
} else {
echo hi;
}
I never see hi, even if I have an array as $vars as such:
$vars = array(one,two,,four,five);
so I'm a bit confused.
If you wouldn't mind taking another few minutes here, I would greatly
appreciate it.
Thanks!
-dant
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Help with a home-grown function
Dan Trainor wrote:
Mike Johnson wrote:
From: Dan Trainor [mailto:[EMAIL PROTECTED]
Hello, all -
I've been looking around for a function that would tell me if a $value
in a $key=$value array was empty, and I could not find one. So I
decided to make my own. Even if I am re-inventing the wheel,
I thought that the practice might be good for me.
However, my function doesn't *quite* work, and I'm having a difficult
time finding out why. The code is as follows:
function findMissingVals($workingArray) {
$newcount = count($workingArray);
for ($i = 0; $i = $newcount; $i++) {
if (empty($workingArray['$i'])) {
return 1;
}
}
}
So it takes in $workingArray as an array, runs a loop, checks $i, yada
yada. The thing is, that sometimes the function does not
return 1, even when it should.
I was hoping some experienced eyes could take a gander at
this and give me some pointers.
PHP doesn't eval code in single-quotes, so what you want to do is
simply:
if (empty($workingArray[$i])) {
return 1;
}
With the single-quotes, it's looking for the string $i as a key.
HTH!
Hey there, Mike -
Your tips were very helpful, thank you. I saw my error, but I am still
having problems. Being somewhat novice to PHP, I think my error might
very well just be in my implementation of the function, as follows:
function findMissingVals($workingArray) {
$newcount = count($workingArray);
for ($i = 0; $i = $newcount; $i++) {
if (empty($workingArray[$i])) {
return 1;
}
}
}
if (findMissingVals($vars)) {
if (!$var1) { ? hi1 ? };
if (!$var2) { ? hi2 ? };
if (!$var3) { ? hi3 ? };
if (!$var4) { ? hi4 ? };
if (!$var5) { ? hi5 ? };
if (!$var6) { ? hi6 ? };
} else {
echo hi;
}
I never see hi, even if I have an array as $vars as such:
$vars = array(one,two,,four,five);
so I'm a bit confused.
If you wouldn't mind taking another few minutes here, I would greatly
appreciate it.
Thanks!
-dant
Er, sorry about that -
I never see hi even if an array is set as such:
$vars = array(one,two,three,four,five);
but I do see hi3 if I have an array set as such:
$vars = array(one,two,,four,five);
Thanks!
-dant
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Help with a home-grown function
Chris W. Parker wrote:
Dan Trainor mailto:[EMAIL PROTECTED]
on Thursday, July 21, 2005 2:03 PM said:
I never see hi even if an array is set as such:
$vars = array(one,two,three,four,five);
That's because your function always returns true. If it finds a missing
value it returns true. If it doesn't find a missing value it returns
true. Because of this the true code block is always executed.
You should do this instead:
function hasMissingVals($input)
{
// make sure we've been passed an array with values
if(is_array($input) (count($input) 0))
{
foreach($input as $v)
{
if(empty($v))
{
return true;
}
}
}
return false;
}
This way your function will always return false unless it finds a
missing value in which case it will return true.
As you can see I changed the name slightly from 'findMissingVals()' to
'hasMissingVals()' since your function is not actually finding any
missing values. Finding suggests that your function will return data
based on the location of the missing value which it does not do.
if (findMissingVals($vars)) {
if (!$var1) { ? hi1 ? };
if (!$var2) { ? hi2 ? };
if (!$var3) { ? hi3 ? };
if (!$var4) { ? hi4 ? };
if (!$var5) { ? hi5 ? };
if (!$var6) { ? hi6 ? };
} else {
echo hi;
}
1. Where are $var1, $var2, $var3, etc. coming from? I think you mean to
write $var[1], $var[2], $var[3], etc.?
2. It will be a good idea to get out of the habit of breaking in and out
of PHP like that. Instead just do: echo 'hi1';
You'll have problems down the road with modifying the headers (cookies,
redirects, content-type, etc.) if you break in and out.
Hope this helps,
Chris.
Hello, Chris -
I see what you're saying about always returning true. I really
understand now. I'd just like to take a minute to tell you thanks for
the help.
Thanks!
-dant
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] force https
Ross wrote:
Hi,
I need to force the url from http://mydomain.com to https://mydomain.com, so
my ssl is active. Anyway this can be done with php?
R.
i'm a newbie, you've been warned
header('Location: https://mydomain.com'); ?
/i'm a newbie, you've been warned
I don't know if that would work for an HTTPS referral - however, I don't
know why it wouldn't Give it a shot, and if nothing else, let *me*
know, even if it's off-list.
Thanks
-dant
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] force https
Robert Cummings wrote:
On Tue, 2005-06-28 at 23:26, Dan Trainor wrote:
Ross wrote:
Hi,
I need to force the url from http://mydomain.com to https://mydomain.com, so
my ssl is active. Anyway this can be done with php?
i'm a newbie, you've been warned
header('Location: https://mydomain.com'); ?
/i'm a newbie, you've been warned
I don't know if that would work for an HTTPS referral - however, I don't
know why it wouldn't Give it a shot, and if nothing else, let *me*
know, even if it's off-list.
It'll work fine, but here's a something a little more generic :)
header( 'Location:
https://'.$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'] );
Cheers,
Rob.
Hey, you learn something new every day, huh.
Thanks for the tip
-dant
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP's auto_prepend_file inside an Apache Directory container
Hello, all - I've been tinkering around with PHP's auto_prepend_file, specifying this from inside an Apache VirtualHost container, something as such: VirtualHost 1.2.3.4 blah blah blah php_value auto_prepend_file /super_duper_file.php /VirtualHost THis works fine from within the VirtualHost container, directly inside it's root. However, this does not seem to work inside an Apache Directory container. I was wondering first if anyone could verify this. Sure, I've had a few beers tonight - I want to make sure that I'm doing this properly. Secondly, I was wondering why this might not work - any real reasons? Like I said, I've been able to use auto_prepend_file in this method before, but never inside a Directory container. I'd like to prepend different files depending on which directory container the directive is in. THat's my ultimate goal here. I'm sending this off to the users@httpd.apache.org list, as well, for some more insight into this, as it is kindof bothering me. Thanks for your time -dant -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Temporary storage of data
Jason Barnett wrote: Dan wrote: dan wrote: ... Before we go through all of this, why isn't SQLite an option? It is in by default as of PHP5.0.0 so if the server is / will be PHP5 soon then I would go that route. http://php.net/manual/en/ref.sqlite.php Jason - Yea, I saw that, but for this I have to assume that they're running 4.x, else I most definately would go the route of SQLite :/ Thanks -dant -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Semi-OT: Anti-password trading/sharing solutions
AdamT wrote: On Mon, 28 Feb 2005 15:42:37 -0800 (PST), Richard Lynch [EMAIL PROTECTED] wrote: I know absolutely nothing about how ProxyPass, iProtect, and PureMember work 'Pure'member seems such an odd choice of name for something used on pr0n sites. This product is not marketed exclusively for 'pr0n' sites. I'm not really sure if it matters what you think of the name of a product, ever. Wait, nope. It doesn't. Not at all. I obviously pissed off many people for asking a simple question. Some of the feedback I've gotten was completely uncalled for, and many of you responded in a less than professional manner. However, those of you that did respond in a professional manner, I greatly appreciate your feedback. I'm not trying to tell anyone that the industry that I work for is ideal, and they should love it. Unfortunately, some people think that this is what I was saying. The only thing that I can say to you few people is to sod off. You're not making anyone else angry except for yourselves. This list is a very valuable resource to me. I enjoy PHP a lot, but I do get stuck on occasion, and when I ask a question to the list, I know that I can get the very best of help because there are some very clever people on this list. With that being said, I thought I'd go ahead and ask my original question, expecting clever answers from clever people. I'm not going to defend my industry or advocate my trade. However, I am going to personally apologize for pissing so many people off. This was clearly not my intent. Thanks for the time -dant -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Semi-OT: Anti-password trading/sharing solutions
Jochem Maas wrote: Hi Mikey, you writing is very balanced, nicely put... I very much agree with the position you take/have (maybe my OP didn't put it quite so clearly ;-) but you write that Dan probably agrees that (any) exploitation (that occurs) is a bad thing... a logical assumption now read this a weep (it a offlist reply from Dan to a reply of mine to his reply original reply to my OP), It really shows what a kind, caring guy Dan is: quote I do understand your points. Being in this industry, you're not the first person who I've met that dislikes the idea of what I do. There's nothing more that I can do aside from telling you to, well basically, fuck off. I see people like you on a daily basis, and unfortunately they confront me about the situation. Most of the time I kindly just ignore them. I do what I do because I understand the market, the Webmasters, and the customers. I have a wonderful company. My employees like what they do. I like what I do. I love it. If you are trying to tell me that I'm a bad person for making a buck off of some slut who needs to pay rent for a month, then so be it. I don't care. I only host these sites and make sure that they stay online. I don't have to deal with any of the models. I could give two shits and a giggle what they go through. It was their choice to result to pornography - not mine. I could, again, give two shits and a giggle what society thinks of them, myself, or my business. It would be silly and foolish to try to change the minds of anyone that has anything to do with this industry. The same level of foolishness that you are suggesting by telling me that I am a bad person... The best I can tell you is to ignore what you don't like, because your views, as extensive and expressive as they are, will always fall on deaf ears. I'm sorry. With that being said, I cannot continue this conversation. I would continue it if my time was worth it and you did not take an offensive manner to the situation. Good luck with your church. Thanks -dant /quote Mikey wrote: [snip everything irrelevant] ... think it makes them bad people. I also happen to know that not all pr0n is about exploitation. Some is, of course, and I'm sure that even Dan would agree that this is not good - if anyone had bothered to find out in the first place. ... I don't think that this is an issue that is specific to pr0n. Sure, the first thing that we think of when we hear a traded login is actually pr0n, but it is most definately not limited to this arena. I appreciate the kind words mentioned by Jochem and Mikey. They see through the whole stereotypical I have a username and password thing and understand the true technical reasoning behind my question. To address Mikey's question - I am not looking for a way to uniquely identify users. For one, it's just not possible. On top of that, the vast majority of members with to stay anonymous for reasons that I am not even going to begin to state on this list, because we all know where that will end up. I am trying to ensure that one login and one password are specific to one client. Several methods of this include making sure that not more than two IPs use a specific login/password throughout a pre-set threshold, and on top of this, the automatic blocking of IPs that attempt brute-force style attacks. These two items alone would be an invaluable tool in the assurance that logins and passwords are not abused. Thanks again -dant -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] On Topic - Theoretical Concents of Anti-password trading/sharing solutions
[EMAIL PROTECTED] wrote: I agree with Mikey on the live and let live side of things. This forum is about sharing technical knowlege and helping other users overcome technical challenges relating to PHP. Yeah, a site that's adult oriented is most likely a pay site. Doesn't mean they make money, but assuming they made boat loads of it, then yeah, they should look into paying for a solution instead of finding or conning someone into making a freebie solution. Ultimately, if they're making the kind of money that would make us have no sympathy for them, then they're making the kind of money that $350 isn't going to matter one way or another. It's not like Muuahahahah.. we saved $350 by using free software, we're even richer now! it's more like Well, that's 50% off this month's hosting fees.. big deal. Of course I would not consider Open Source software for this purpose if the sites themselves were making money. but the sad fact is, most of these sites do not. Regardless, they're my customers, and they ask me for solutions. I try my damndest to provide these solutions. Offering the services that I provide, it would indeed be in my better interests to make them run up a bandwidth bill, but this practice is frowned upon by many. But all of that deals with moral and personal issues. The meat of this discussion is How do I make sure that someone isn't sharing their login with the world. I totally respect the moral and personal issues of others. However, I do not respect those who tell me that what I am doing is *wrong*. In my eye, they're wrong. What if I were to tell them that I didn't agree with the child-oriented Telletubbies Web Site that they were working on? Do you see the logic in this? I don't. Here are some thoughts: Many BitTorrent sites that monitor U/D ratios seem to use a fairly universal system that seems to involve logging into the site, your IP address is recorded in the database as belong to that account. If you log in from a different computer (which users should be able to do to some degree), it'll record THAT IP address in the database too. I don't know their criteria (probably fairly loose compared to what a pay site would want) but the issue here is more about how many CONCURRENT connections under that account are occurring. So let's say the criteria would be A user logs in and their IP address is recorded. They can have as many IP addresses attached to that account as they want BUT they can't have XX number of IP addresses connect within YY minutes or we consider it a pattern of login sharing. So if you have someone who gets an account and shares it with a single friend, it probably won't trip the alarms. But really, is that such a big deal compared to someone posting their login info on a message board and 1000 people trying to use it at once? A single person, or a person and a friend or two, aren't going to be logging in from 150 IP addresses within 5 minutes. And that's really what you're trying to prevent. The wholesale sharing of a login, not little petty sharing. So it doesn't have to be a perfect system. No need for retinal scans or anything. Just preventing large scale abuse. Which seems pretty simple to me espcially in the case of adult oriented sites since their logins will either be used properly (or at least reasonably) or they'll be abused to hell. Now if you take a site like Consumer Reports or the Encyclopedia Britanica, that's a little more difficult. 1000 people aren't going to be logging in rapid-fire if it's shared. But you might get 5 or 6 a time if it's shared improperly. So you just set the threshhold a little lower. Maybe do something like block the person and make it say something like This account is being used by too many sources at once. If this happens too many times, the password will be reset and the new password will be emailed to the legitmate owner of the account. If you received this message in error, please try back in 5 minutes. If you continue to receive this message, please contact our technical support team at [EMAIL PROTECTED] That'll discourage people from sharing since they'll get locked out of their own account. It provides incentive not to share without being too harsh about it and provides the legitmate owner a way to get in even if someone else stole and/or is abusing their account. People who are abusing or using a stolen account probably won't have access to the original account holder's email account and if the owner is sharing with some friends, they can still share but have incentive not to share TOO much. See? None of this is impossible or even implausible and I don't see it as off topic at all. It's a good discussion with legitmate purpose, even if it is for an 'adult oriented' site. And again, the only reason why I am looking for ideas on this list is because it generally promotes and comes up with some amazing ideas. I have full faith in (most of)
Re: [PHP] Semi-OT: Anti-password trading/sharing solutions
Mikey wrote: To address Mikey's question - I am not looking for a way to uniquely identify users. For one, it's just not possible. On top of that, the vast majority of members with to stay anonymous for reasons that I am not even going to begin to state on this list, because we all know where that will end up. I think you have misunderstood me - I mean't uniquely identifying *clients* - browsers. I am trying to ensure that one login and one password are specific to one client. Several methods of this include making sure that not more than two IPs use a specific login/password throughout a pre-set threshold, and on top of this, the automatic blocking of IPs that attempt brute-force style attacks. These two items alone would be an invaluable tool in the assurance that logins and passwords are not abused. As I say, have a look at phpsec.org - the article on sessions is what you want, and it will explain why doing something like that will not work as expected. Some proxies assign new IPs for every request from a single client (AOL in particular). Do you really want to exclude a large proportion of the internet population? HTH, Mikey Mikey - I'm pretty aware of how it all works. However, the problem lies in the fact that because most of the pre-installed billing software relies solely on .htaccess/.htpasswd-based authentication, it's not possible to just change the whole login system. For the most part, they're still using privative means of authentication which are broken to begin with. The difficulty is trying to find a solution that would limit access and do all the fancy stuff that we had discussed, without interfering with the pre-existing authentication system. Many of the solutions that I've seen so far include some mod-rewrite hackery that a PHP script or Gateway modifies to allow/disallow access based on a given set of criteria. It's unfortunate that most of the billing systems operate this way. They're not going to change - and I know this because I had worked with the biggest. It would benefit them greatly to investigate other means of authentication, perhaps with a SQL back end and such - but that is a subject I'd not want to bring up here because I know it's been discussed many a time on this list, and I'd hate to start another flame war. Although it would benefit them greatly, most of their customers expect stuff in a simplistic and uniform manner. Changing the whole login/authentication system would wreak havoc among these clients who are not technically inclined, and is just not possible at this time. Friends and I have given serious thought to actually starting our own processing solution, but it is not possible at this time due to the large amount of liability that we would inherit. Perhaps though, with time, this will be possible. When that time comes, we plan on having an open solution that would try to set some sort of robust and highly configurable standard for this specific application. Thanks again for taking the time to respond. -dant -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] On Topic - Theoretical Concents of Anti-password trading/sharing solutions
Robert Cummings wrote: On Tue, 2005-03-01 at 09:58, Dan Trainor wrote: [-- SNIIIP --] Dear Dan, You have yourself to blame for the responses you have been receiving. You opened up the floodgates of personal opinion when you mentioned your were a pr0n pusher. The fact that you deal with adult content was completely irrelevant to your technical question. While I agree that what you do is your own business, any person who finds your actions reprehensible will more than likely find themselves morally obliged to weigh in on their distaste. Sincerely, Rob. And with that, I'd like to say that, as helpful as this list has been in regards to the subject that I have set forth, I won't continue this thread any longer. You guys can, but I won't. I've obviously struck a sour cord and made many people very angry, and although this was not my intent, I hope we can all take this as a learning experience - to learn what kind of questions not to ask. If anyone would like to continue this converstaion privately, I would be more than happy to respond. However, I believe that it is in the better interest of the majority of the members on the list to discontinue this converstaion, and move it to a private conversation. Jochem, and Rasmus, for that matter, should not be offended by what I had to say. Rasmus deserves much credit for his work in regards to PHP, but me, not being aware of who he actually was prior to all this, did not see how he might be able to contribute *directly* to this subject. When I asked what he has got to do with this, I believe what was interpreted was out of context. Appologies are given where deserved, and I'm sorry. Thanks again all, for your replies. -dant -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Semi-OT: Anti-password trading/sharing solutions
Hello, all - First, I'd like to appologize for treading a bit off-topic here, but I think that it will cover a lot of questions that others may have. My company hosts several Adult-oriented Web Sites. Among other tools that we use to combat Password Trading are ProxyPass and iProtect. They're both amazing products, which stop the use of Shared Passwords by detecting multiple logins from different IPs, and they also maintain a database of known abused proxies that are often used in conjunction with these shared/traded passwords, and block connections from them accordingly. The real magic comes about when you consider how these pieces of software actually work. They don't modify any existing authentication systems, but rather, they're both Apache modules. I've been unable to find an Open Source version of these programs, which I've been looking for, for quite some time. At more than $50.00 per license for ProxyPass and $300.00+ for iProtect, this would be more than a handful back in the pockets of my company, and ultimately, mine, when you consider the amount of our servers that run these tools. I've found one solution that looks promising called PureMember, but this too, costs a bit. Seeing that is what prompted me to write to the PHP list, because it makes itself into an Apache module using an mmencode procedure. With that being said, what kind of solutions might the PHP community suggest to combat the trading and abusing of shared or traded passwords? These solutions cannot modify the existing authentication procedures - meaning, I cannot convert a site that relies on .htaccess/.htpasswd authentication to a SQL-based authentication. The solution needs to have some sort of logging, either locally or remotely. The solution also has to be Open Source. I eagerly await some feedback on this, because like I said, I'm sure there are others that have some of these same questions. Thanks for your time -dant -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Using
Jochem Maas wrote:
Richard Lynch wrote:
Jochem Maas wrote:
Dan Trainor wrote:
Hello, all -
Being still fairly new to PHP, I thought I'd ask a few more questions
and get on to the right track here, developing correct coding habits
before I start to teah myself incorrect habits.
7. let others review your code if you can (that's not an invite to post
your complete codebase to the list ;-).
Hm. It *MIGHT* be an interesting forum somewhere/somehow to have a
Code Review site/forum/list for the express purpose of people posting
code, and tons of it, for critique...
I think such a place would be cool but If you let everyone upload their
code then everyone would be sitting around waiting for their own code to
be reviewed - I think that the reviews should be by invitation
('hey Richard fancy showing the world your new XXX?'),
1 codebase to be reviewed at a time, with a lead reviewer who acts as
moderator.
for those of you from the UK... kind of like Blue Peter meets PHP.
I cannot count the number of times I've seen code like this:
/** foo (void) : function foo
* Does foo and returns the result
**/
function foo(){
/* Insert spaghetti code here */
}
Hello?! What *GOOD* does that documentation do?
What always seems to be missing, to me, is the nuts and bolts of how to
write GOOD documentation.
I actually meant that you should add comments into the meat of the code.
yes,
start of each function with a description. BUT ALSO explain every
friggin' loop
so to speak... not just what it does, but how it does it and possibly why.
Richard is correct, I think, in saying that adding fancy Doc cruft to
make your
code look 'professional'... nothing wrong with fancy
documentation/comments - just
make sure you fill them with something. with the hope of not getting
laughed at here
is a function I use quite often to save myself from constant isset()
checks on
request vars.
okay so its 'fancy' documentation, but it really explains what it does -
and
yes it takes 5-6 times as much text to explain what it does than it does
to write
t.
/**
* getGP()
*
* this function will return the value of a GET or POST var that
corresponds to the
* variable name pasted, if nothing is found NULL is returned. contents
of POST array
* takes precendence over the contents of the GET array. You can specify
a value as second argument
* which will be returned if the GP var *does not* exist; a third
parameter can be given to
* which will act as the return value if the GP *does* exist - the
limitation is that the parameter cannot be
* used to return a literal NULL; but I suggest that this would probably
be a silly thing to do in practice
*
* @var string $v // the name of GP variable whose value to return
* @var mixed $r // value to return if the GP variable was not set
* @var mixed $t // value to return if the GP variable was set (i.e.
override the value from GP)
*
* @return mixed
*/
function getGP($v = '', $r = null, $t = null)
{
if (!empty($v)) {
if (isset($_GET[$v])) { $r = (!is_null($t)) ? $t: $_GET[$v]; }
if (isset($_POST[$v])) { $r = (!is_null($t)) ? $t: $_POST[$v];}
}
return $r;
}
Anybody got a good reference to something like Documentation Rules
such as:
Any jargon or technical term being discussed cannot be used as the
description of the term. IE, no self-referential definitions.
(see example above)
I'd really like to be able to recommend a reference of this nature to
Beginners.
I appreciate all the input that I've gotten from all the list members.
I think I've come to the conclusion that leaves me exactly where I was
prior to asking the question. The determination to split inline code
from included files is left strictly up to the programmer him/herself,
and there is no rule of thumb to any of this, except in cases where
painfully obvious.
I thank you all for your time. I'll continue to monitor this list for
many months to come.
Thanks
-dan trainor
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Using
Hello, all -
Being still fairly new to PHP, I thought I'd ask a few more questions
and get on to the right track here, developing correct coding habits
before I start to teah myself incorrect habits.
One of my biggest questions is how to go about writing an application
that uses a single file, i.e. all my html ACTION='s would go to, pretty
much, $_SERVER['PHP_SELF'].
From what I understand, I make a flat file (flat, as in, not using OOP
at this time), and then make one large procedural flow, flipping
triggers at various points to tell the script at which stage it's
at, something like the following:
if ($a = 1) {
// do first thing
} elseif ($a = 2) {
// do second thing
} elseif ($a = 3) {
// do final thing
}
Now, that all makes sense, but I'm wondering if it's the correct thing
to do, or would I be better off swapping out // do x thing for a
require() function to split things up into different files, calling a
different set appropriate for the step that we are on.
This may sound like a silly question, but like I said, I feel that I
should get myself off on the right foot as I start to do stuff that is
more infolved.
Any feedback would be greatly appreciated.
Best Regards
-Dan Trainor
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Using
Jay Blanchard wrote: [snip] ...stuff... [/snip] This is really a broad request, and you'll get as many opinions as there are posters. Instead of IFs you may want to use a SWITCH (http://www.php.net/switch). Why do you want to do the application all in one file? Is it small enough to be justified? Place common functions in an included file. Comment all of your code. Comment some more. Write a flowchart before you write even one line of code. Read an entire book on basic programming practices. Edit your flowchart. Then write some code and test. Eat lunch. Write some more code and test. Modify your flowchart. Read some more. Read each and every post to this list. Spend some time with the manual. You can use OOP in a single file application. Eat dinner. Take a nap. Look at your flowchart and make changes where needed. Add comments to the code when you change a section. Have fun, and when you get stuck and cannot find the answer in TFM or on TFW or in TFA send a specific request to the list and we'll all be glad to help. I don't know, I just always thought of it as clean to write an application inside of a single file itself. While I'm still fairly new to procedural programming, this may not be the proper way to do things. I've used switch statements to do this, which I've found to work quite well - but again, I ust didn't know if this was common or correct. I know that this could be split a million different ways, but those million different ways we what I am after. I'd like to find a way that is both easy and useful for me to use, as well as a way that may conform to some sort of standard. Sorry for the dumb topic, I sent the mail before I finished the subject, and didn't feel like spamming others with more mail for a simple mistake such as that. Thanks -dant -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Changing PHP properties (Previously: Cannot upload a file greater than 500 KB)
Todd Cary wrote: Richard - It turned out that the following was missing from Apache's httpd.conf file: Files *.php SetOutputFilter PHP SetInputFilter PHP LimitRequestBody 500 /Files Not sure what that does or where I should have read about it, but I did find that in an email I got with Google. Todd Richard Lynch wrote: Todd Cary wrote: I am using php 4 and Apache 1.3 on a RH 9 box. upload_max_filesize is set to 5M post_max_size is set to 8M MAX_FILE_SIZE in the HTML upload page is set to 500 I get the error The document contains no data with any file over 500 KB. What is creating the error? Are you sure the HTML one isn't 50?... :-) Also double-check your settings in ?php phpinfo();? to be sure that the php.ini you changed is the one PHP reads... Actually, though, you shouldn't get The document contains no data in any of these, unless your BROWSER is getting tired of waiting for a response from the server. The PHP script should still be invoked, and it should be able to detect the over-sized file uploaded, and it should print some kind of error message about that. It's quite possible your script does absolutely NOTHING when the file is over-sized, and then it prints nothing out, and so the document is completely empty, and you get that message. Review the PHP you wrote and see what you did for an over-sized check on the file uploaded, or any other kind of upload error. Are you printing SOMETHING out in that case? While we're touching base on this subject, I know that you don't know much about this Todd, but does anyone else know where we can find more information about making modifications to PHP's operations inline in a configuration file such as this? Thanks -dant -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Changing PHP properties (Previously: Cannot upload a file greater
Todd Cary wrote: Dan - Keep in mind that the change I made was within Apache on my server - not in the php.ini file. The changes to the php.ini file are well documented and have been covered within messages on this NewNet. However, s I stated, I am not sure why that change needs to be made...more reading for me I am sure! Todd Dan Trainor wrote: Todd Cary wrote: Richard - It turned out that the following was missing from Apache's httpd.conf file: Files *.php SetOutputFilter PHP SetInputFilter PHP LimitRequestBody 500 /Files Not sure what that does or where I should have read about it, but I did find that in an email I got with Google. Todd Richard Lynch wrote: Todd Cary wrote: I am using php 4 and Apache 1.3 on a RH 9 box. upload_max_filesize is set to 5M post_max_size is set to 8M MAX_FILE_SIZE in the HTML upload page is set to 500 I get the error The document contains no data with any file over 500 KB. What is creating the error? Are you sure the HTML one isn't 50?... :-) Also double-check your settings in ?php phpinfo();? to be sure that the php.ini you changed is the one PHP reads... Actually, though, you shouldn't get The document contains no data in any of these, unless your BROWSER is getting tired of waiting for a response from the server. The PHP script should still be invoked, and it should be able to detect the over-sized file uploaded, and it should print some kind of error message about that. It's quite possible your script does absolutely NOTHING when the file is over-sized, and then it prints nothing out, and so the document is completely empty, and you get that message. Review the PHP you wrote and see what you did for an over-sized check on the file uploaded, or any other kind of upload error. Are you printing SOMETHING out in that case? While we're touching base on this subject, I know that you don't know much about this Todd, but does anyone else know where we can find more information about making modifications to PHP's operations inline in a configuration file such as this? Thanks -dant Todd - I understand that, yes, which is why I'm more interested in changing this on a per-virtualhost basis, specifically within Apache. Thanks for keeping an eye out for me though. -dant -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] phpBB alternatives?
Tony Di Croce wrote: Due to the recent vulnerabilities discovered in phpBB and the content of this page: http://www.phpbb.com/ I have decided to consider other options for my forum needs... Does anyone have any reccomendations for a PHP based forum software? I'm not an advocate for phpBB by any means, but I am an advocate for correct information. If you clearly read that page, you will see how it is explained that the site was popped using a vulnerability in AWStats. Yes, this vulnerability exists, because two of the sites that I admin were hit by it :/ Just thought I'd pass that around. Thanks -dant -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Public/Private Key Encryption
Daniel Bowett wrote: Is there any way I can use public/private key encryption in php in a similar way to mcrypt. I have got php encrypting the data using gnugp but need to automate the decrytping element which is proving difficult because of the way the password is passed. While Daniel has brang up the subject of encryption, and I know that the other day we were talking about storing CC numbers in a database - i don't think we touched on storing CCs encrypted with a gpg-stype encryption. Is this generally acceptable at all, or do you developers still not store CC numbers in any way, shape or form in a database? THanks -dant -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Checking directory existance
Ashley M. Kirchner wrote: Through ftp commands, how can I check whether a directory already exists before executing ftp_mkdir() ? Thanks! Ashley - Try using: if (!ftp_chdir($ftpc,$ftproot.$srcrela)) Thanks -dant -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Connecting To Multiple MySQL Databases
NathanielGuy#21 wrote: I know this may be slightly off topic for a PHP listserv but I cant find my answer anywhere else. I start off generating a page connected to one database as a certain user and I call a script that requires a connection to a second database as a different user. Is there any way I could open that connection while maintaining the current one aswell? The connection of the script is opend and closed before any more of the other page is generated. Im not sure how to go about solving this problem other than rewriting my script. Any ideas? --nathan I'm a bit new myself, but why not call the resources seperate names? $sql1 = mysql_connect($host1, $user1, $pass1); $sql2 = mysql_connect($host2, $user2, $pass2); Hope that helps -dant -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
