date:20040323

Re: [PHP] Image Storage

2004-03-23 Thread James Coder

Michal Migurski wrote:
I am creating a system to allow users to upload images to the site.
Would it be better to store the images in a MySQL table, or having it
save the images to a directory on the server?  Anyone have any
suggestions on this? Pros? Cons?

MySQL themselves advise you use the filesystem for images - faster.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] $x base64_decode(base64_encode($x)) for imagecreatefromstring

2004-03-23 Thread James Coder

I'm writing a script that does image manipulation, and trying to take 
some of the images I use in an imagecopy() out of the filesystem as 
images, and put them directly in the php file as strings assigned to 
variables.  Of course, they're binary so they garbledygook everything if 
they're not converted, so I want to convert them with base64_encode.  To 
test this I have a test script that makes me think that this may be 
impossible, and that there may be a weird bug somewhere in this php 
version.  Weird thing is, the string works ok if it's read with fread or 
imagecreatefrompng, and then directly output with imagepng.  However, if 
this data is encoded with base64_encode as $x1, and $x1 is then decoded 
as $x2 with base64_decode, imagecreatefrompng($x2) hangs (php produces 
no output it seems, none either from code prior to imagecreatefrompng() 
), even if the script determines that all these values are identical 
(with the === operator and strcmp() ) on scriptruns when the critical 
line imagecreatefrompng($whatever) is commented out.

Sample: (run on 4.3.4)

 if (is_file($filename)) {
  $fd = @fopen($filename,r);
  $image_string = fread($fd,filesize($filename));
  $image2 = base64_encode($image_string);
  $image3 = base64_decode($image2);
//  echo strcmp($image_string, $image3); commented line 0
  if($image_string  $image3) die('not equal');
//  if($image_string === $image3) die('same type');  commented line 1
  if(!$image3) die('none');
//  echo 'got here';  2
  $im = imagecreatefromstring($image3);
//$im = imagecreatefromstring($image_string); 3
//  echo 'and here';  4
  imagePNG($im, 'thisimage.png');
//  echo 'and here';  5
  header('Content-type: image/png');
  imagePNG($im);
  imagedestroy($im);
  fclose($fd);
}
when commented line 0 is uncommented, the script outputs 0, output for 
strcmp in cases of equality.  and 1 makes the script die('same type'). 
When commented line 3 is uncommented and the line before it commented 
out, the script works fine.  When the commented echo lines are 
uncommented (when the script uses imagecreatefromstring($image3)), php 
seems to produce no output.

I'd greatly appreciate any advise on getting the image source into the 
php file itself, and on why this is behaving so oddly.  Also: is this 
likely to be more load-intensive than just reading in the image files 
with imagecreatefrompng or fopen?

Thanks,
James Coder
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] php and email

2004-03-23 Thread Steven Mac Intye

Hi all,

Im wondering if anyone can help me with this problem

I have a form with the following line of code;

$message .= a 
href=\http://127.0.0.1/devsite/activate.php?member=$realnamehash=$initPass\;Click 
here to activate/a\n;

What I actually get is the following output;

a href=ttp://127.0.0.1/devsite/activate.php?member=Steven Mac 
Intyrehash95aea7a8aee0fdcc90d7e9893c75bb3Click here to activate/a

You will see it is missing the h out of http and the = out of hash= 
... also the first charactor of the hash variable is missing.

Has anyone else seen this ? Know how to fix it ?

PLEASE HELP

Steven

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: php and email

2004-03-23 Thread Jakes

Make sure that your header function as it set to send html mail

Steven Mac Intye [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
 Hi all,

 Im wondering if anyone can help me with this problem

 I have a form with the following line of code;

 $message .= a

href=\http://127.0.0.1/devsite/activate.php?member=$realnamehash=$initPass
\Click
 here to activate/a\n;

 What I actually get is the following output;

 a href=ttp://127.0.0.1/devsite/activate.php?member=Steven Mac
 Intyrehash95aea7a8aee0fdcc90d7e9893c75bb3Click here to activate/a

 You will see it is missing the h out of http and the = out of hash=
 ... also the first charactor of the hash variable is missing.

 Has anyone else seen this ? Know how to fix it ?

 PLEASE HELP

 Steven

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: [GLUG-chat] Re: email form

2004-03-23 Thread Steven Mac Intye

hehe,

Thanks ... I got it

I replaced my content type with the following:

Content-Type: text/html; charset=iso-8859-15

Now it works perfectly :))

Thanks all

Steven Mac Intye wrote:

Hi Ray,

Nope... this is what it outputs now.

activate.php?member=Steven+Mac+Intyrehash95aea7a8aee0fdcc90d7e9893c75bb3

It simply adds + to the name ...

Ray Leach wrote:

On Tue, 2004-03-23 at 11:12, Steven Mac Intye wrote:

erm ... it is also removing the first charactor of the hash.

The correct hash is: 395aea7a8aee0fdcc90d7e9893c75bb3

PLEASE HELP

Steven Mac Intye wrote:


Hi all,

Please help me.

I have the following line in my code;

$message .= a 
href=\http://127.0.0.1/devsite/activate.php?member=$realnamehash=$initPass\;Click 
here to activate/a\n;


Try using urlencode to encode the values for member and hash.


But if I recieve the email, i get the following output;

a href=ttp://127.0.0.1/devsite/activate.php?member=Steven Mac 
Intyrehash95aea7a8aee0fdcc90d7e9893c75bb3Click here to activate/a

You will see that it is missing the h on http and the = just after 
hash ...

Any idea's ?

---
To unsubscribe: send the line unsubscribe glug-chat in the
subject of a mail to [EMAIL PROTECTED].
Problems? Email [EMAIL PROTECTED]. Archives are at
http://www.linux.org.za/Lists-Archives/


---
To unsubscribe: send the line unsubscribe glug-chat in the
subject of a mail to [EMAIL PROTECTED].
Problems? Email [EMAIL PROTECTED]. Archives are at
http://www.linux.org.za/Lists-Archives/
---
To unsubscribe: send the line unsubscribe glug-chat in the
subject of a mail to [EMAIL PROTECTED].
Problems? Email [EMAIL PROTECTED]. Archives are at
http://www.linux.org.za/Lists-Archives/


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: Ticketing system

2004-03-23 Thread Henry Grech-Cini

Hi

I am using deskpro. see http://www.deskpro.com

It's written in PHP, but it is not cheap. From my brief experience I would
have to say however that it certainly seems to be worth it.

Such a sophisticated ticketing system would take a very significant amount
of time to build from scratch.

HTH


[EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
 Hi there, ok i am asking now, but be assured that I have googled already.
I
 am looking for a good customisable ticketing system in PHP, i had a look
at
 request tracker, but it doesnt look customisable and its in Perl.

 I am trying to find if there are solutions to what we want before i go and
 build it from scratch, let me know thanks.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] syntax for printing multi-dimensional arrays

2004-03-23 Thread Bob Pillford

Hi all

I am having problems printing members of an array that has two 
dimensions and am wondering if someone can help me with the syntax 
required to do this.

If i have the follwing code:
?php
$test=array('test1'='a','test2'='b');
print $test[test1];
?
I get 'a' echoed to the screen as expected. But if i make the array 2 
dimensional like this:

?php
$test[0]=array('test1'='a','test2'='b');
print $test[0][test1];
?
I would expect to get 'a' echoed to the screen again but instead i get this:
Array[test1].
Has anyone seen this before and can help or point me to some goods docs 
on it?

Thanks in advance for any help

Cheers

Bob

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] syntax for printing multi-dimensional arrays

2004-03-23 Thread Bob Pillford

Just found the answer so please disregard this.

Cheers

Bob

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] syntax for printing multi-dimensional arrays

2004-03-23 Thread Tom Rogers

Hi,

Tuesday, March 23, 2004, 8:03:05 PM, you wrote:
BP Hi all

BP I am having problems printing members of an array that has two 
BP dimensions and am wondering if someone can help me with the syntax
BP required to do this.

BP If i have the follwing code:
BP ?php
BP $test=array('test1'='a','test2'='b');
BP print $test[test1];
?

BP I get 'a' echoed to the screen as expected. But if i make the array 2
BP dimensional like this:

BP ?php
BP $test[0]=array('test1'='a','test2'='b');
BP print $test[0][test1];
?

BP I would expect to get 'a' echoed to the screen again but instead i get this:
BP Array[test1].

BP Has anyone seen this before and can help or point me to some goods docs
BP on it?

BP Thanks in advance for any help

BP Cheers

BP Bob


You don't need the outside quotes just

print $test[0]['test1']

( Note test1 needs the quotes )

If you need to output other stuff then use the . operator like

print 'Value = '.$test[0]['test1'].'br';

-- 
regards,
Tom

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Java script prompt - help

2004-03-23 Thread Brent Clark

Hi all

I know this is not a Javascript mailling list, and I do apologies. 

I someone could please help me a url or an email, this would be most appreciated.

I would like to have a yes \ no prompt displayed and depending on which  button is 
pressed
take the right course of action.

Kind Regards and thank you

Brent Clark

[PHP] PHPSESSID in passthru

2004-03-23 Thread Guillouet Nicolas

Hi,
I discover a surprising thing with PHPSESSID, I try something like this
: 

$var=htmldoc -t html --quiet ''
'https://login:[EMAIL 
PROTECTED]/file.php?documentIdent=157typeAffiche=3PHPSESSID=068dd351a106bb6ead80e11a27f75100';
echo 'var='.$var;
passthru($var);


passthru is waiting for and don't give the result.

In the other hand, if I use an other word than PHPSESSID it works. It
seems to be a security constraint, how can I do to forcing PHP to use it
?


Thanks Nicolas

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] string to float

2004-03-23 Thread Diana Castillo

How do I change a string to a float, when the string may be in this format :
4,999.90 , or this format: 4999,90 (european style)


--
Diana Castillo
Global Reservas, S.L.
C/Granvia 22 dcdo 4-dcha
28013 Madrid-Spain
Tel : 00-34-913604039 ext 214
Fax : 00-34-915228673
email: [EMAIL PROTECTED]
Web : http://www.hotelkey.com
  http://www.destinia.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] receiving ndr for each email sent to list

2004-03-23 Thread Jay Blanchard

[snip]
(no theories please. unless it's correct. in which case it's ok. :)
[/snip]

ROFLMFAO! If it is correct then it is no longer theory! Sorry Chris,
maybe I should go lay down.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Constants

2004-03-23 Thread Jay Blanchard

[snip]
?php
   interface Foo {
  const MY_FOO = hello world;
 }
class Bar implements Foo  {
public function displayFoo(){
   print MY_FOO;
}
}
$obj = new Bar;
  $obj-displayFoo();
?

The results should display hello world, but it prints out MY_FOO.
[/snip]


This is not a bug, but a misunderstanding of constants. You have not
defined the constant

define(MY_FOO, hello world.);

http://us4.php.net/constants

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] string to float

2004-03-23 Thread Jay Blanchard

[snip]
How do I change a string to a float, when the string may be in this
format :
4,999.90 , or this format: 4999,90 (european style)
[/snip]

http://us4.php.net/settype

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

php-general Digest 23 Mar 2004 13:33:36 -0000 Issue 2663

2004-03-23 Thread php-general-digest-help


php-general Digest 23 Mar 2004 13:33:36 - Issue 2663

Topics (messages 181215 through 181251):

Re: Passing by conditional IF statement...why?
181215 by: Ligaya Turmelle
181217 by: Daniel Guerrier
181219 by: Ryan A
181221 by: John W. Holmes
181224 by: Ryan A

Re: Any Ideas?
181216 by: John W. Holmes

PHP5 Release
181218 by: daniel.electroteque.org
181227 by: Yann Larrivee

Re: PHP installation problem in FreeBSD OS.
181220 by: Filip de Waard

Image Storage
181222 by: Matt Palermo
181223 by: Michal Migurski
181237 by: James Coder

Re: SQL Injection check (mysql)
181225 by: trlists.clayst.com

Re: RE:[PHP] sessions...how to use not clear?
181226 by: trlists.clayst.com

an if statement
181228 by: Andy B
181229 by: John W. Holmes
181232 by: Andy B
181234 by: Evgeny Pedya

Unable connect to ORACLE
181230 by: Timotius

Ticketing system
181231 by: daniel.electroteque.org
181242 by: Henry Grech-Cini

mysql_connect error
181233 by: T UmaShankari
181235 by: php-general.lists.php.net

Constants
181236 by: Jakes
181250 by: Jay Blanchard

$x  base64_decode(base64_encode($x)) for imagecreatefromstring
181238 by: James Coder

php and email
181239 by: Steven Mac Intye
181240 by: Jakes

Re: [GLUG-chat] Re: email form
181241 by: Steven Mac Intye

syntax for printing multi-dimensional arrays
181243 by: Bob Pillford
181244 by: Bob Pillford
181245 by: Tom Rogers

Java script prompt - help
181246 by: Brent Clark

PHPSESSID in passthru
181247 by: Guillouet Nicolas

string to float
181248 by: Diana Castillo
181251 by: Jay Blanchard

Re: receiving ndr for each email sent to list
181249 by: Jay Blanchard

Administrivia:

To subscribe to the digest, e-mail:
[EMAIL PROTECTED]

To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]

To post to the list, e-mail:
[EMAIL PROTECTED]


--
---BeginMessage---
I think it is because the query ran successfully and returns an empty set.
So the pointer is still good.

Respectfully,
Ligaya Turmelle


Ryan A [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
 Hi,
 I have this simple code in my php script:

 * * * * *
 $res = mysql_query(SELECT product_id, now()-1 FROM .$tc._prods where
 cno=$cno AND product_id='$product_id' LIMIT 1);

 if($res)
  {
  $r = mysql_fetch_row($res);
  $product_id2   = $r[0];
  $th_pres= $r[1];
 echo debug echo;
  }else {echo No results, sorry;}
 * * * * *

 its working great when the data actually exists but when there are no
 matches it still executes the if($res) part instead of
 displaying No results, sorry.
 Why is that? or am I using the syntax wrong?

 Thanks,
 -Ryan
---End Message---
---BeginMessage---
if(mysql_num_rows($res))

returns count of rows returned.
if it 0 is false so it shouldn't execute the
conditional code
--- Ligaya Turmelle [EMAIL PROTECTED] wrote:
 I think it is because the query ran successfully and
 returns an empty set.
 So the pointer is still good.
 
 Respectfully,
 Ligaya Turmelle
 
 
 Ryan A [EMAIL PROTECTED] wrote in message

news:[EMAIL PROTECTED]
  Hi,
  I have this simple code in my php script:
 
  * * * * *
  $res = mysql_query(SELECT product_id, now()-1
 FROM .$tc._prods where
  cno=$cno AND product_id='$product_id' LIMIT 1);
 
  if($res)
   {
   $r = mysql_fetch_row($res);
   $product_id2   = $r[0];
   $th_pres= $r[1];
  echo debug echo;
   }else {echo No results, sorry;}
  * * * * *
 
  its working great when the data actually exists
 but when there are no
  matches it still executes the if($res) part
 instead of
  displaying No results, sorry.
  Why is that? or am I using the syntax wrong?
 
  Thanks,
  -Ryan
 
 -- 
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php
 


__
Do you Yahoo!?
Yahoo! Finance Tax Center - File online. File on time.
http://taxes.yahoo.com/filing.html
---End Message---
---BeginMessage---
 Ryan A [EMAIL PROTECTED] wrote in message

news:[EMAIL PROTECTED]
  Hi,
  I have this simple code in my php script:
 
  * * * * *
  $res = mysql_query(SELECT product_id, now()-1
 FROM .$tc._prods where
  cno=$cno AND product_id='$product_id' LIMIT 1);
 
  if($res)
   {
   $r = mysql_fetch_row($res);
   $product_id2   = $r[0];
   $th_pres= $r[1];
  echo debug echo;
   }else {echo No results, sorry;}
  * * * * *
 
  its working great when the data actually exists
 but when there are no
  matches it still executes the if($res) part
 instead of
  displaying No results, sorry.
  Why is that? or am I using the syntax wrong?
 
  Thanks,
  -Ryan

Thanks guys,
I'm now using:

if(($r = mysql_fetch_row($res)) =1)

and its working fine, if the above

RE: [PHP] Constants

2004-03-23 Thread Vincent Jansen

Not too fast.

From http://www.php.net/zend-engine-2.php


PHP 5 introduces per-class constants: 

?php
class Foo {
   const constant = constant;
}

echo Foo::constant =  . Foo::constant . \n;
? 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Constants

2004-03-23 Thread Jay Blanchard

[snip]
Not too fast.

From http://www.php.net/zend-engine-2.php


PHP 5 introduces per-class constants: 

?php
class Foo {
   const constant = constant;
}

echo Foo::constant =  . Foo::constant . \n;
? 
[/snip]

My bad. Still not a bug. 

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] login scripts not secure?? help!

2004-03-23 Thread Andy B

hi

in an attempt to create a login system for site administrators on a website i come 
into the following problem that bothers me because i cant find any way to fix it.

problem:
most login scripts/systems i look at for examples on how to make a login section from 
sessions (allow the administrator to go between login required pages and also be able 
to go to public pages) without having to login again (the only way an administrator 
has to login again is if they close the browser on that site)...

i run into the deal where most login scripts check to see if $_SESSION[username] or a 
$_SESSION var has been set or is valid.  i noticed this could be a very bad thing 
because there is nothing stopping an outside link from doing something like:
a href=securepage.php?_SESSION[username]=admin_SESSION[pwd]=passwordgo to secure 
page/a
and being valid (that is if they manage to hack the user/pwd)...

any ideas how to create such a system?

any ways around that?? i need a system that will not do that

[PHP] Re: Constants

2004-03-23 Thread Gerben

this is probably because Foo is an interface instead of a class. interfaces
can't contain any data as far as I know.

Jakes [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
 The bug server looks like its down, so I will just post the bug here, and
 hopefully someone
 will spot it

 PHP version: 5RC1

 ?php
interface Foo {
   const MY_FOO = hello world;
  }
 class Bar implements Foo  {
 public function displayFoo(){
print MY_FOO;
 }
 }
 $obj = new Bar;
   $obj-displayFoo();
 ?

 The results should display hello world, but it prints out MY_FOO.

 Thanks

 Jakes

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: php and email

2004-03-23 Thread Gerben

try using '  instead of 


Steven Mac Intye [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
 Hi all,

 Im wondering if anyone can help me with this problem

 I have a form with the following line of code;

 $message .= a

href=\http://127.0.0.1/devsite/activate.php?member=$realnamehash=$initPass
\Click
 here to activate/a\n;

 What I actually get is the following output;

 a href=ttp://127.0.0.1/devsite/activate.php?member=Steven Mac
 Intyrehash95aea7a8aee0fdcc90d7e9893c75bb3Click here to activate/a

 You will see it is missing the h out of http and the = out of hash=
 ... also the first charactor of the hash variable is missing.

 Has anyone else seen this ? Know how to fix it ?

 PLEASE HELP

 Steven

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: login scripts not secure?? help!

2004-03-23 Thread Gerben

try using $HTTP_SESSION_VARS[]

by the way. if hacks can find out the user-pass combination they can just
use the normal way of logging in ;-)

Andy B [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
hi

in an attempt to create a login system for site administrators on a website
i come into the following problem that bothers me because i cant find any
way to fix it.

problem:
most login scripts/systems i look at for examples on how to make a login
section from sessions (allow the administrator to go between login required
pages and also be able to go to public pages) without having to login again
(the only way an administrator has to login again is if they close the
browser on that site)...

i run into the deal where most login scripts check to see if
$_SESSION[username] or a $_SESSION var has been set or is valid.  i noticed
this could be a very bad thing because there is nothing stopping an outside
link from doing something like:
a href=securepage.php?_SESSION[username]=admin_SESSION[pwd]=passwordgo
to secure page/a
and being valid (that is if they manage to hack the user/pwd)...

any ideas how to create such a system?

any ways around that?? i need a system that will not do that

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] login scripts not secure?? help!

2004-03-23 Thread Matt Matijevich

snip
a
href=securepage.php?_SESSION[username]=admin_SESSION[pwd]=passwordgo
to secure page/a
/snip

Turn off register globals.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] login scripts not secure?? help!

2004-03-23 Thread Red Wingate

hi,

securepage.php?_SESSION[username]=admin_SESSION[pwd]=password

would not register 'username' and 'pwd' to the $_SESSION array but
to the $_GET and $_REQUEST-Array like:

   $_GET['_SESSION']['username'] = 'admin'

There is no way to inject any kind of data to the super-global Arrays at all

Hope this helps,
   red

Am Dienstag, 23. März 2004 14:45 schrieb Andy B:
 hi

 in an attempt to create a login system for site administrators on a website
 i come into the following problem that bothers me because i cant find any
 way to fix it.

 problem:
 most login scripts/systems i look at for examples on how to make a login
 section from sessions (allow the administrator to go between login required
 pages and also be able to go to public pages) without having to login again
 (the only way an administrator has to login again is if they close the
 browser on that site)...

 i run into the deal where most login scripts check to see if
 $_SESSION[username] or a $_SESSION var has been set or is valid.  i noticed
 this could be a very bad thing because there is nothing stopping an outside
 link from doing something like: a
 href=securepage.php?_SESSION[username]=admin_SESSION[pwd]=passwordgo to
 secure page/a and being valid (that is if they manage to hack the
 user/pwd)...

 any ideas how to create such a system?

 any ways around that?? i need a system that will not do that

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: Constants

2004-03-23 Thread Jakes

You can keep constant variables in an interface, because thay are
static and do not change. Trust me, it is a bug.

Gerben [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
 this is probably because Foo is an interface instead of a class.
interfaces
 can't contain any data as far as I know.

 Jakes [EMAIL PROTECTED] wrote in message
 news:[EMAIL PROTECTED]
  The bug server looks like its down, so I will just post the bug here,
and
  hopefully someone
  will spot it
 
  PHP version: 5RC1
 
  ?php
 interface Foo {
const MY_FOO = hello world;
   }
  class Bar implements Foo  {
  public function displayFoo(){
 print MY_FOO;
  }
  }
  $obj = new Bar;
$obj-displayFoo();
  ?
 
  The results should display hello world, but it prints out MY_FOO.
 
  Thanks
 
  Jakes

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] session.bug_compat_42

2004-03-23 Thread James E Hicks III

What does the code look like that is causing this error? I know I can turn the 
error off but how do I fix the code that is causing it?

Warning: Unknown(): Your script possibly relies on a session side-effect which 
existed until PHP 4.2.3. Please be advised that the session extension does 
not consider global variables as a source of data, unless register_globals is 
enabled. You can disable this functionality and this warning by setting 
session.bug_compat_42 or session.bug_compat_warn to off, respectively. in 
Unknown on line 0

It only seems to appear when viewed using MSIE, Konqueror and Mozilla do not 
display this error, why?

Here is some example code that I am using.
?php
if (!session_is_registered('U_SI')) {
#do some stuff.
}
session_register(last_time);
$last_time = time();
echo $_SESSION['last_time'];
?

Here are some settings from php.ini from the server that is giving the error.

/etc/php4/php.ini

register_globals = Off
[Session]
session.save_handler = files
session.save_path = /tmp
session.use_cookies = 1
session.name = PHPSESSID
session.auto_start = 1
session.cookie_lifetime = 0
session.cookie_path = /
session.cookie_domain =
session.serialize_handler = php
session.gc_probability = 1
session.gc_divisor = 100
session.gc_maxlifetime = 1440
session.bug_compat_42 = 1
session.bug_compat_warn = 1
session.referer_check =
session.entropy_length = 0
session.entropy_file =
session.cache_limiter = nocache
session.cache_expire = 180
session.use_trans_sid = 0
url_rewriter.tags = a=href,area=href,frame=src,input=src,form=,fieldset=


PHP 4.3.2 (cli) (built: Aug 12 2003 14:25:22)
Copyright (c) 1997-2003 The PHP Group
Zend Engine v1.3.0, Copyright (c) 1998-2003 Zend Technologies
with Turck MMCache v2.3.20, Copyright (c) 2002-2003 TurckSoft, St. 
Petersburg, by Dmitry Stogov


James Hicks

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] RE:[PHP] login scripts not secure?? help!

2004-03-23 Thread Andy B

[snip]
There is no way to inject any kind of data to the super-global Arrays at all
[snip]

duhhh...how come i didnt think of that... well..guess its long nights
without coffee.. tnx...

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Constants

2004-03-23 Thread Jakes

If you define constants with in a interface and then implement that
interface
it does not work on 5RC1

This should work, but it displays the constant name rather than value it
references

interface Settings {
   const UNAME = somename;
   const PWORD = password;
   const SERVER = localhost;
}

class Conn implements Settings {
   public function  __construct(){
   $dbConn = mysql_connect(SERVER, UNAME, PWORD);
  }
}




Jay Blanchard [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
[snip]
Not too fast.

From http://www.php.net/zend-engine-2.php


PHP 5 introduces per-class constants:

?php
class Foo {
   const constant = constant;
}

echo Foo::constant =  . Foo::constant . \n;
?
[/snip]

My bad. Still not a bug.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Constants

2004-03-23 Thread Red Wingate

IIRC it was changed to
  self::CONST_NAME recently

interface Settings {
   const UNAME = somename;
   const PWORD = password;
   const SERVER = localhost;
}

class Conn implements Settings {
   public function  __construct(){
   $dbConn = mysql_connect(self::SERVER, self::UNAME, self::PWORD);
  }
}

 -- red

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Constants

2004-03-23 Thread Red Wingate

Give this a read:

http://marc.theaimsgroup.com/?l=php-devm=107936530102181w=2

Am Dienstag, 23. März 2004 15:16 schrieb Red Wingate:
 IIRC it was changed to
   self::CONST_NAME recently

 interface Settings {
const UNAME = somename;
const PWORD = password;
const SERVER = localhost;
 }

 class Conn implements Settings {
public function  __construct(){
$dbConn = mysql_connect(self::SERVER, self::UNAME, self::PWORD);
   }
 }

  -- red

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] fsockopen to spit out the HTTP's Location...

2004-03-23 Thread Scott Fletcher

In plain english, can't use the header(Location: ), so have to use the
fsockopen() instead.  Just that header() is not allowed, don't ask me why.
Just couldn't get the browser perform the HTTP LOCATION event.  It does work
when using fsockopen() for HTTP POST or GET as stated in the
http://us2.php.net/manual/en/function.fsockopen.php with the user's comment.
What could be more difficult than this?

--snip--
$host = 192.168.0.2;
$port = 443;
$url_str = ssl://www.whatever.com?str1=truestr2=falsestr3=true;

$fp = fsockopen(ssl://.$host, $port, $errno, $errstr, $timeout = 30);

if(!$fp){
  echo $errstr ($errno)\n;
}else{
  //send out to the browser.
  fputs($fp, Location: .$url_str.\r\n);

  fclose($fp);
}

FletchSOD

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] fsockopen to spit out the HTTP's Location...

2004-03-23 Thread Scott Fletcher

In plain english, can't use the header(Location: ), so have to use the
fsockopen() instead.  Just that header() is not allowed, don't ask me why.
Just couldn't get the browser perform the HTTP LOCATION event.  It does work
when using fsockopen() for HTTP POST or GET as stated in the
http://us2.php.net/manual/en/function.fsockopen.php with the user's comment.
What could be more difficult than this?

--snip--
$host = 192.168.0.2;
$port = 443;
$url_str = ssl://www.whatever.com?str1=truestr2=falsestr3=true;

$fp = fsockopen(ssl://.$host, $port, $errno, $errstr, $timeout = 30);

if(!$fp){
  echo $errstr ($errno)\n;
}else{
  //send out to the browser.
  fputs($fp, Location: .$url_str.\r\n);

  fclose($fp);
}

FletchSOD

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: RE:[PHP] login scripts not secure?? help!

2004-03-23 Thread Scott Fletcher

You can use the HTTP Authentication instead for username and password.

Andy B [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
 [snip]
 There is no way to inject any kind of data to the super-global Arrays at
all
 [snip]

 duhhh...how come i didnt think of that... well..guess its long nights
 without coffee.. tnx...

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Constants

2004-03-23 Thread Jakes

Thanks, will do.

Red Wingate [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Give this a read:

http://marc.theaimsgroup.com/?l=php-devm=107936530102181w=2

Am Dienstag, 23. März 2004 15:16 schrieb Red Wingate:
 IIRC it was changed to
   self::CONST_NAME recently

 interface Settings {
const UNAME = somename;
const PWORD = password;
const SERVER = localhost;
 }

 class Conn implements Settings {
public function  __construct(){
$dbConn = mysql_connect(self::SERVER, self::UNAME,
self::PWORD);
   }
 }

  -- red

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Bogus headers returned by firewalls

2004-03-23 Thread Christophe Chisogne

Pablo Gosse a écrit :
munging up the HTTP_REFERER for a page?
In HTTP, Referer is an OPTIONAL field in the HTTP/1.1 spec
(see rfc 2616). I saw many strange referers
(like 'Empty', 'bookmarks' 'XXX++', 'Removed by YYY', etc)
sent or modified by security assistants, browsers, spiders...
You can throw away many referers because of this (perhaps 20%)
Some user agent (ex browsers) are broken and send bad referers
(some mozilla, some browsers on Mac did this, from my memory).
Relying on the referer is not the best solution
- can be faked (using scripts, not std browser, well, ok)
- referer is not mandatory and not reliable
- pblm will only rise (privacy concerns is main reason,
  thousands of companies use systems 'cleaning' the referers)
Hope this helps

Christophe

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: RE:[PHP] login scripts not secure?? help!

2004-03-23 Thread Andy B

[snip]
You can use the HTTP Authentication instead for username and password.
[/snip]

no i cant this time because the people want the login form to follow their
color setup and stuff and with www-authenticate: box you cant do that...so
for this project its out of the question...

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHPSESSID in passthru

2004-03-23 Thread Raditha Dissanayake

Guillouet Nicolas wrote:

Hi,
I discover a surprising thing with PHPSESSID, I try something like this
: 

$var=htmldoc -t html --quiet ''
'https://login:[EMAIL 
PROTECTED]/file.php?documentIdent=157typeAffiche=3PHPSESSID=068dd351a106bb6ead80e11a27f75100';
echo 'var='.$var;
passthru($var);
passthru is waiting for and don't give the result.

In the other hand, if I use an other word than PHPSESSID it works. It
seems to be a security constraint, how can I do to forcing PHP to use it
?
 

Could be that your sessions are set up to work with cookies, this 
mechanism that you are using will not send the cookie to the browser and 
thus it causes the wait state.





--
Raditha Dissanayake.
-
http://www.radinks.com/print/upload.php
SFTP, FTP and HTTP File Upload solutions 

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] session_register vs. $_SESSION superglobal

2004-03-23 Thread Kim L. Laage

Hi,

Newbie warning - this may be extremely simple.

I've been given a bit of code to get to work on our test machines, but at
the moment I'm drawing a blank. As far as I can tell the problem lies in the
dev. using a server environment with register_globals = On, while we use
the default setting of register_globals = Off.

The culprit in this seems to be this bit of code:

session_start();
session_register(user);
session_register(pass);


Which probably works with register_globals = On, however I'd like to go
with the default and more safe setting of register_globals = Off.

As far as I understand it I need to replace the two session_register(*)
lines with the superglobal $_SESSION, but I'm not sure of the syntax, at
first I tried this:

session_start();
$_SESSION = user;
$_SESSION = pass;

This doesn't work of course, but as I said I'm unsure of how the $_SESSION
superglobal is used, and the info I've found about it didn't shed much
light... I hope I'm just tired today 8-)


Another semi-related question is, is it common to include the username and
password for a site directly in the PHP code on a site... even if it is in
an include file?

-- 
/KLL



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] RE:[PHP] session_register vs. $_SESSION superglobal

2004-03-23 Thread Andy B

[snip]
session_start();
$_SESSION = user;
$_SESSION = pass;

This doesn't work of course, but as I said I'm unsure of how the $_SESSION
superglobal is used, and the info I've found about it didn't shed much
light... I hope I'm just tired today 8-)

Another semi-related question is, is it common to include the username and
password for a site directly in the PHP code on a site... even if it is in
an include file?
[/snip]

first $_SESSION works like this:

session_start();
$_session[user]=$_POST[user];//if using register_globals=off
$_SESSION[user]=$user;//if register_globals=on..unsafe though

$_SESSION superglobal is an array (usually associative) meaning that the
element of the array (the part in the []) is either a variable name or some
custom name instead of the element number

$_POST[user] and $user are 2 different variables if register_globals=off...

to answer the second question about user/password names in scripts...if at
all possible avoid it at any cost to yourself...even in an include file...
use some other way to store/retrieve the user/password (mysql or something
like that). and for me if its a password i usually encrypt it before storing
it..

hope that helps..

grin

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: RE:[PHP] session_register vs. $_SESSION superglobal

2004-03-23 Thread Scott Fletcher

 $_session[user]=$_POST[user];//if using register_globals=off
Actually, $_SESSION with a capital letters does work...

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: RE:[PHP] login scripts not secure?? help!

2004-03-23 Thread Scott Fletcher

Then do what I did, the script below is only an example..

--snip--
?
if ($_REQUEST['dw'] == 0) {
   session_start()
   $_SESSION['username'] = ; //Wherever you got the userid from
   $_SESSION['password'] = ; //Wherever you got the password from

   //if successful
   header(Location: *);
} else if ($_REQUEST['dw'] == 1) {
   //blah blah blah
}
?
form  method=POST action=page1.php?dw=0
a href=page1.php?dw=1page1/a
--snip--

That way, no one see the hidden code in html stuff like a href='' or form
*** action='' for example.  Hope that will give you an idea...  :-)

FletchSOD

Andy B [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
 [snip]
 You can use the HTTP Authentication instead for username and password.
 [/snip]

 no i cant this time because the people want the login form to follow their
 color setup and stuff and with www-authenticate: box you cant do that...so
 for this project its out of the question...

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: RE:[PHP] login scripts not secure?? help!

2004-03-23 Thread Scott Fletcher

Here's what I do, maybe this will help to give you an idea...

--snip--
?
if ($_REQUEST['dw'] == 0) {
   session_start();
   $_SESSION['username'] = ; //Wherever you got the username from...
   $_SESSION['password'] = ; //Wherever you got hte password from...
} else if ($_REQUEST['dw'] ==1) {
   //blah blah
}
?
form *** action=page1.php?dw=0
a href=page1.php?dw=1
--snip--
Andy B [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
 [snip]
 You can use the HTTP Authentication instead for username and password.
 [/snip]

 no i cant this time because the people want the login form to follow their
 color setup and stuff and with www-authenticate: box you cant do that...so
 for this project its out of the question...

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] SQL Injection check (mysql)

2004-03-23 Thread Pablo Gosse

snip
 The idea is exactly not to do any queries dynamically generated based
 on user input! In the rare cases where this is needed you should not
 allow any unparsed input.  
/snip

A RARE case, in the world of web applications??? Hardly!

I agree that in an optimal situation queries will not be based on user
input, but in the world of the web this is a pipe dream.  In 99.99% of
the cases there will be some dynamic element to a query.  The only
safeguard is to validate the hell out of the data.

P.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] replacing chars in input

2004-03-23 Thread David T-G

Hi, all --

I would like to make things easier for my users and replace all of the
garbage characters

  `';:[EMAIL PROTECTED]*()[]{}/?\|+=

plus white space (\s) with underscores in the input.  I am, however,
having trouble getting my regexp to work.

I can comfortably do

  $i = preg_replace(/[\s]/,_,$i) ;

but trying to add other chars doesn't do a thing.

I want to end up with

  A-Za-z0-9_-

(letters, numbers, underscore and dash).

If there isn't a handy character class waiting for me, what must I do to
get those chars replaced?


TIA  HAND

:-D
-- 
David T-G  * There is too much animal courage in 
(play) [EMAIL PROTECTED] * society and not sufficient moral courage.
(work) [EMAIL PROTECTED]  -- Mary Baker Eddy, Science and Health
http://justpickone.org/davidtg/  Shpx gur Pbzzhavpngvbaf Qrprapl Npg!



pgp0.pgp
Description: PGP signature

[PHP] Re: RE:[PHP] session_register vs. $_SESSION superglobal

2004-03-23 Thread Kim L. Laage

(This msg. may arrive twice, with two different senders, I've had a little
trouble with the news server)

Hi, thanks for your reply.

 first $_SESSION works like this:

 session_start();
 $_session[user]=$_POST[user];//if using register_globals=off
 $_SESSION[user]=$user;//if register_globals=on..unsafe though

 $_SESSION superglobal is an array (usually associative) meaning that the
 element of the array (the part in the []) is either a variable name or
some
 custom name instead of the element number

 $_POST[user] and $user are 2 different variables if
register_globals=off...

Just a couple of questions.
1. I tried adding the lines as you wrote them, but then I got a Notice: Use
of undefined constant user - assumed 'user' in [FILENAME], I assume I need
to add quotation marks around user on both sides of the equal sign, that
at least removes that notice.
2. I also get a Notice: Undefined index: user in [FILENAME], do I need to
declare the $_SESSION variable before populating it?


 to answer the second question about user/password names in scripts...if at
 all possible avoid it at any cost to yourself...even in an include file...
 use some other way to store/retrieve the user/password (mysql or something
 like that). and for me if its a password i usually encrypt it before
storing
 it..

This was what I thought too
The code we got from this person seems all messed up, I'm starting to wonder
if it wouldn't be easier for me to build things from scratch rather than try
to fix this *sigh*.

 hope that helps..

I'm pretty sure that it will, once I get my head around this 8-)

/KLL

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] fsockopen to spit out the HTTP's Location...

2004-03-23 Thread Michal Migurski

In plain english, can't use the header(Location: ), so have to use
the fsockopen() instead.  Just that header() is not allowed, don't ask me
why. Just couldn't get the browser perform the HTTP LOCATION event.
--snip--
$host = 192.168.0.2;
$port = 443;
$url_str = ssl://www.whatever.com?str1=truestr2=falsestr3=true;

$fp = fsockopen(ssl://.$host, $port, $errno, $errstr, $timeout = 30);
--snip--
  //send out to the browser.
  fputs($fp, Location: .$url_str.\r\n);

That won't get sent to the browser, it will get sent to 192.168.0.2, which
is (I guess) some machine behind your router. You can't initiate a TCP
connection -- what fsockopen does -- with the client's machine.

I'll ask even though you said not to - Why doesn't header() work?

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] replacing chars in input

2004-03-23 Thread Michal Migurski

I want to end up with

  A-Za-z0-9_-

(letters, numbers, underscore and dash).

If there isn't a handy character class waiting for me, what must I do to
get those chars replaced?

$out = preg_replace('/\W+/', '', $in);

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] session.bug_compat_42

2004-03-23 Thread Rasmus Lerdorf

This has nothing to do with the browser.  Instead of using 
session_register(last_time) and setting $last_time, do this:

  $_SESSION['last_time'] = time();

It's shorter and it will make the warning go away.

-Rasmus

On Tue, 23 Mar 2004, James E Hicks III wrote:

 What does the code look like that is causing this error? I know I can turn the 
 error off but how do I fix the code that is causing it?
 
 Warning: Unknown(): Your script possibly relies on a session side-effect which 
 existed until PHP 4.2.3. Please be advised that the session extension does 
 not consider global variables as a source of data, unless register_globals is 
 enabled. You can disable this functionality and this warning by setting 
 session.bug_compat_42 or session.bug_compat_warn to off, respectively. in 
 Unknown on line 0
 
 It only seems to appear when viewed using MSIE, Konqueror and Mozilla do not 
 display this error, why?
 
 Here is some example code that I am using.
 ?php
 if (!session_is_registered('U_SI')) {
   #do some stuff.
 }
 session_register(last_time);
 $last_time = time();
 echo $_SESSION['last_time'];
 ?
 
 Here are some settings from php.ini from the server that is giving the error.
 
 /etc/php4/php.ini
 
 register_globals = Off
 [Session]
 session.save_handler = files
 session.save_path = /tmp
 session.use_cookies = 1
 session.name = PHPSESSID
 session.auto_start = 1
 session.cookie_lifetime = 0
 session.cookie_path = /
 session.cookie_domain =
 session.serialize_handler = php
 session.gc_probability = 1
 session.gc_divisor = 100
 session.gc_maxlifetime = 1440
 session.bug_compat_42 = 1
 session.bug_compat_warn = 1
 session.referer_check =
 session.entropy_length = 0
 session.entropy_file =
 session.cache_limiter = nocache
 session.cache_expire = 180
 session.use_trans_sid = 0
 url_rewriter.tags = a=href,area=href,frame=src,input=src,form=,fieldset=
 
 
 PHP 4.3.2 (cli) (built: Aug 12 2003 14:25:22)
 Copyright (c) 1997-2003 The PHP Group
 Zend Engine v1.3.0, Copyright (c) 1998-2003 Zend Technologies
 with Turck MMCache v2.3.20, Copyright (c) 2002-2003 TurckSoft, St. 
 Petersburg, by Dmitry Stogov
 
 
 James Hicks
 
 -- 
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php
 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] receiving ndr for each email sent to list

2004-03-23 Thread Chris W. Parker

Jay Blanchard mailto:[EMAIL PROTECTED]
on Tuesday, March 23, 2004 5:27 AM said:

 [snip]
 (no theories please. unless it's correct. in which case it's ok. :)
 [/snip]
 
 ROFLMFAO! If it is correct then it is no longer theory! Sorry Chris,
 maybe I should go lay down.

exactly! that's what i'm saying!

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] login scripts not secure?? help!

2004-03-23 Thread Chris Shiflett

--- Andy B [EMAIL PROTECTED] wrote:
 i run into the deal where most login scripts check to see if
 $_SESSION[username] or a $_SESSION var has been set or is valid.
 i noticed this could be a very bad thing because there is nothing
 stopping an outside link from doing something like:
 a
 href=securepage.php?_SESSION[username]=admin_SESSION[pwd]=passwordgo
 to secure page/a
 and being valid (that is if they manage to hack the user/pwd)...

Not to be rude, but it looks like you're just making stuff up. Did you try
this? The $_SESSION array is safe in the sense that a user cannot
directly manipulate it.

Chris

=
Chris Shiflett - http://shiflett.org/

PHP Security - O'Reilly
 Coming Fall 2004
HTTP Developer's Handbook - Sams
 http://httphandbook.org/
PHP Community Site
 http://phpcommunity.org/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: RE:[PHP] login scripts not secure?? help!

2004-03-23 Thread Andy B

[snip]
Then do what I did, the script below is only an example..

--snip--
?
if ($_REQUEST['dw'] == 0) {
   session_start()
   $_SESSION['username'] = ; //Wherever you got the userid from
   $_SESSION['password'] = ; //Wherever you got the password from

   //if successful
   header(Location: *);
} else if ($_REQUEST['dw'] == 1) {
   //blah blah blah
}
?
[/snip]

will test it and play with it a little but will it let the admin go from a
login required part of the site to a public/free access part of the site
i.e. jump out of the session without losing any currently open sessions??

they need to be able to go from the login section (admin only part) to the
public part and back to the admin part again without having to login again
unless the browser is closed from that site...

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] SQL Injection check (mysql)

2004-03-23 Thread Chris Shiflett

--- Michael Rasmussen [EMAIL PROTECTED] wrote:
 The idea is exactly not to do any queries dynamically generated based
 on user input!

This argument still makes no sense to me. Originally, you stated that a
better option to filtering and escaping data was to use a prepared
statement. Some of us have decided that you are referring to stored
procedures.

You still have yet to defend your original statement in my mind. If there
is no foreign data of any kind in a query, it doesn't really matter how
the query is processed. For every other case (not as rare as you seem to
think), data filtering is a must.

Chris

=
Chris Shiflett - http://shiflett.org/

PHP Security - O'Reilly
 Coming Fall 2004
HTTP Developer's Handbook - Sams
 http://httphandbook.org/
PHP Community Site
 http://phpcommunity.org/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] fsockopen to spit out the HTTP's Location...

2004-03-23 Thread Chris Shiflett

--- Scott Fletcher [EMAIL PROTECTED] wrote:
 In plain english, can't use the header(Location: ), so have to
 use the fsockopen() instead. Just that header() is not allowed, don't
 ask me why.

I'm asking anyway. :-)

You cannot (thank goodness) connect to a remote client with fsockopen(),
so you can probably save yourself some trouble by forgetting this whole
approach. You need to focus on why header() is not working for you,
because this is the way to send HTTP headers to the client.

Chris

=
Chris Shiflett - http://shiflett.org/

PHP Security - O'Reilly
 Coming Fall 2004
HTTP Developer's Handbook - Sams
 http://httphandbook.org/
PHP Community Site
 http://phpcommunity.org/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: RE:[PHP] login scripts not secure?? help!

2004-03-23 Thread Scott Fletcher

Um, you would be able to jump out of the admin area (logged in area) to
public/free area and back to the admin area (logged in area) only if either
one of these two, not necessnary both is maintained on every webpage of that
website, 1) session_start() or 2) session_id via links/form.  But if the
person go to a website like Google or something and back then no, it would
not be possible unless there is a known way for the web browser to hold the
token like cookie for example.

FletchSOD

Andy B [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
 [snip]
 Then do what I did, the script below is only an example..

 --snip--
 ?
 if ($_REQUEST['dw'] == 0) {
session_start()
$_SESSION['username'] = ; //Wherever you got the userid from
$_SESSION['password'] = ; //Wherever you got the password from

//if successful
header(Location: *);
 } else if ($_REQUEST['dw'] == 1) {
//blah blah blah
 }
 ?
 [/snip]

 will test it and play with it a little but will it let the admin go from a
 login required part of the site to a public/free access part of the site
 i.e. jump out of the session without losing any currently open sessions??

 they need to be able to go from the login section (admin only part) to the
 public part and back to the admin part again without having to login again
 unless the browser is closed from that site...

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: session.bug_compat_42

2004-03-23 Thread Justin Patrin

James E Hicks III wrote:

What does the code look like that is causing this error? I know I can turn the 
error off but how do I fix the code that is causing it?

Warning: Unknown(): Your script possibly relies on a session side-effect which 
existed until PHP 4.2.3. Please be advised that the session extension does 
not consider global variables as a source of data, unless register_globals is 
enabled. You can disable this functionality and this warning by setting 
session.bug_compat_42 or session.bug_compat_warn to off, respectively. in 
Unknown on line 0

It only seems to appear when viewed using MSIE, Konqueror and Mozilla do not 
display this error, why?

Here is some example code that I am using.
?php
if (!session_is_registered('U_SI')) {
#do some stuff.
}
session_register(last_time);
$last_time = time();
echo $_SESSION['last_time'];
?
Here are some settings from php.ini from the server that is giving the error.

/etc/php4/php.ini

register_globals = Off
[Session]
session.save_handler = files
session.save_path = /tmp
session.use_cookies = 1
session.name = PHPSESSID
session.auto_start = 1
session.cookie_lifetime = 0
session.cookie_path = /
session.cookie_domain =
session.serialize_handler = php
session.gc_probability = 1
session.gc_divisor = 100
session.gc_maxlifetime = 1440
session.bug_compat_42 = 1
session.bug_compat_warn = 1
session.referer_check =
session.entropy_length = 0
session.entropy_file =
session.cache_limiter = nocache
session.cache_expire = 180
session.use_trans_sid = 0
url_rewriter.tags = a=href,area=href,frame=src,input=src,form=,fieldset=
PHP 4.3.2 (cli) (built: Aug 12 2003 14:25:22)
Copyright (c) 1997-2003 The PHP Group
Zend Engine v1.3.0, Copyright (c) 1998-2003 Zend Technologies
with Turck MMCache v2.3.20, Copyright (c) 2002-2003 TurckSoft, St. 
Petersburg, by Dmitry Stogov

James Hicks
It's complaining because you're registering last_time then using the 
global $last_time to set the value. You should be using 
$_SESSION['last_time'] = 'value'.

In addition, you also don't need to use the session_ functions. All you 
need is $_SESSION. For session_is_registered() just use 
isset($_SESSION['key']). For session_register() use $_SESSION['key'] = 
'value'. For session_unregister() use unset($_SESSION['key']).

--
paperCrane Justin Patrin
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] session_register vs. $_SESSION superglobal

2004-03-23 Thread Justin Patrin

Kim L. Laage wrote:

(This msg. may arrive twice, with two different senders, I've had a little
trouble with the news server)
Hi, thanks for your reply.


first $_SESSION works like this:

session_start();
$_session[user]=$_POST[user];//if using register_globals=off
$_SESSION[user]=$user;//if register_globals=on..unsafe though
$_SESSION superglobal is an array (usually associative) meaning that the
element of the array (the part in the []) is either a variable name or
some

custom name instead of the element number

$_POST[user] and $user are 2 different variables if
register_globals=off...

Just a couple of questions.
1. I tried adding the lines as you wrote them, but then I got a Notice: Use
of undefined constant user - assumed 'user' in [FILENAME], I assume I need
to add quotation marks around user on both sides of the equal sign, that
at least removes that notice.
2. I also get a Notice: Undefined index: user in [FILENAME], do I need to
declare the $_SESSION variable before populating it?
This is due to using this syntax:
$_SESSION[user]
You want to do this instead:
$_SESSION['user'] = $_POST['user'];
Whenever you index into an associative array, you should use strings for 
the key/index (i.e. use quotation marks). That is, unless you're using 
define(), but that's out of scope for this thread. ;-)

--
paperCrane Justin Patrin
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] fsockopen to spit out the HTTP's Location...

2004-03-23 Thread Scott Fletcher

Boy!  Everyone here is itching for an answer!!!  :-)  Sigh!  Well, I guess
all web browsers suck at it by the way!!  Michal Migurski from other posting
had explained that fsockopen() do the TCP stuff or the Transport Layer.  So,
no wonder fsockopen() can't get to the Network layer, like the IP Address
stuff.  I'll think of a workaround to the header() instead.  I don't want to
use cURL because it take more time.  And finally, for those of you who are
dying to know the answer to why I can't use the header().  It's the 3rd
party coding that contain the code,

--snip--
if(headers_sent())
$this-Error('  ');
--snip--

FletchSOD

Chris Shiflett [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
 --- Scott Fletcher [EMAIL PROTECTED] wrote:
  In plain english, can't use the header(Location: ), so have to
  use the fsockopen() instead. Just that header() is not allowed, don't
  ask me why.

 I'm asking anyway. :-)

 You cannot (thank goodness) connect to a remote client with fsockopen(),
 so you can probably save yourself some trouble by forgetting this whole
 approach. You need to focus on why header() is not working for you,
 because this is the way to send HTTP headers to the client.

 Chris

 =
 Chris Shiflett - http://shiflett.org/

 PHP Security - O'Reilly
  Coming Fall 2004
 HTTP Developer's Handbook - Sams
  http://httphandbook.org/
 PHP Community Site
  http://phpcommunity.org/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: replacing chars in input

2004-03-23 Thread Justin Patrin

David T-G wrote:

Hi, all --

I would like to make things easier for my users and replace all of the
garbage characters
  `';:[EMAIL PROTECTED]*()[]{}/?\|+=

plus white space (\s) with underscores in the input.  I am, however,
having trouble getting my regexp to work.
I can comfortably do

  $i = preg_replace(/[\s]/,_,$i) ;

but trying to add other chars doesn't do a thing.

I want to end up with

  A-Za-z0-9_-

(letters, numbers, underscore and dash).

If there isn't a handy character class waiting for me, what must I do to
get those chars replaced?
TIA  HAND

:-D
$i = preg_replace('/[^A-Za-z0-9_-]/', '_', $i);

That means anything that is not in that class should be replaced with '_'.

--
paperCrane Justin Patrin
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] fsockopen to spit out the HTTP's Location...

2004-03-23 Thread Scott Fletcher

See the reply to the Chris Shiflett's reply...

Michal Migurski [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
 In plain english, can't use the header(Location: ), so have to use
 the fsockopen() instead.  Just that header() is not allowed, don't ask me
 why. Just couldn't get the browser perform the HTTP LOCATION event.
 --snip--
 $host = 192.168.0.2;
 $port = 443;
 $url_str = ssl://www.whatever.com?str1=truestr2=falsestr3=true;
 
 $fp = fsockopen(ssl://.$host, $port, $errno, $errstr, $timeout = 30);
 --snip--
   //send out to the browser.
   fputs($fp, Location: .$url_str.\r\n);

 That won't get sent to the browser, it will get sent to 192.168.0.2, which
 is (I guess) some machine behind your router. You can't initiate a TCP
 connection -- what fsockopen does -- with the client's machine.

 I'll ask even though you said not to - Why doesn't header() work?

 -
 michal migurski- contact info and pgp key:
 sf/cahttp://mike.teczno.com/contact.html

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Domain Sub-domain Handling with PHP

2004-03-23 Thread Galen

Hi,

I've done loads and loads with PHP and MySQL and stuff like that... but 
never had to really deal with actually creating new domains and 
subdomains with PHP. Especially with subdomains, I've seen lots of 
sites create subdomains automatically.

What is the best technique for doing all this (if there is one)? I'm 
sure I could hack something together (I always have) but I'd really 
like the best way - cleanest, fastest, whatever the technique may be.

Thanks,
Galen
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: RE:[PHP] login scripts not secure?? help!

2004-03-23 Thread John W. Holmes

Scott Fletcher wrote:
Um, you would be able to jump out of the admin area (logged in area) to
public/free area and back to the admin area (logged in area) only if either
one of these two, not necessnary both is maintained on every webpage of that
website, 1) session_start() or 2) session_id via links/form.  But if the
person go to a website like Google or something and back then no, it would
not be possible unless there is a known way for the web browser to hold the
token like cookie for example.
By default the session id (token) _is_ maintained in a cookie, so it 
wouldn't matter where you go, the cookie would still be present. That 
means your user can go back and forth between areas without any problem. 
You only need the session_start() in the admin areas to start and 
retrieve the existing session. The cookie will be maintained whether 
session_start() is encountered or not so long as the browser window 
stays open.

--
---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/

php|architect: The Magazine for PHP Professionals  www.phparch.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] fsockopen to spit out the HTTP's Location...

2004-03-23 Thread Michal Migurski

And finally, for those of you who are dying to know the answer to why I
can't use the header().  It's the 3rd party coding that contain the code,

--snip--
if(headers_sent())
$this-Error('  ');
--snip--

Why not delete that part of the 3rd party code then? Or send your Location
header before you call it? Curl won't help you here, for the same reasons
that fsockopen won't work.

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] fsockopen to spit out the HTTP's Location...

2004-03-23 Thread Chris Shiflett

--- Scott Fletcher [EMAIL PROTECTED] wrote:
 Sigh!  Well, I guess all web browsers suck at it by the way!

Suck at what exactly?

 Michal Migurski from other posting had explained that fsockopen()
 do the TCP stuff or the Transport Layer. So, no wonder fsockopen()
 can't get to the Network layer, like the IP Address stuff.

What do you consider to be the network layer? This figure might be helpful
to you:

http://shiflett.org/images/18fig06.jpg

 I don't want to use cURL because it take more time.

A better reason is that it also cannot make a connection to a remote
client.

 And finally, for those of you who are dying to know the answer to
 why I can't use the header(). It's the 3rd party coding that contain
 the code,
 
 --snip--
 if(headers_sent())
 $this-Error('  ');
 --snip--

Yeah, this is why everyone was interested - you're wrong. :-)

That code will throw an error is headers have already been sent. Headers
are sent as soon as output begins, so you can either set all of your
headers prior to any output or use output buffering with ob_start().

So, use header().

Hope that helps.

Chris

=
Chris Shiflett - http://shiflett.org/

PHP Security - O'Reilly
 Coming Fall 2004
HTTP Developer's Handbook - Sams
 http://httphandbook.org/
PHP Community Site
 http://phpcommunity.org/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Oracle 8i -- execution stops

2004-03-23 Thread Matthew Hillebrand

When I make a complex query to a table with 500,000 rows via PHP, my web 
browser thinks for a minute and then stops the execution of the script with 
no error messages at all.

I have set the max_execution_time to 400 and called error_reporting(E_ALL) 
with the same results. I'm using PHP 4.3.1 and Oracle 8i with Solaris 5.8.

I'm using the ORA functions because my sysadmin has not enabled the OCI 
functions. Oh, I'm also calling ora_commiton($conn) at the start of every 
script.

What's really strange is that I can often hit Refresh after a halt like 
this, and the script will then work perfectly. I don't understand why that 
is because I examine the $_REQUEST and $_SESSION variables each time, and 
nothing is changing.

Any advice would be greatly appreciated. I normaly use MySQL or SQL Server, 
so I'm assuming my Oracle ignorance is to blame.

Thanks!
Matt
_
Check out MSN PC Safety  Security to help ensure your PC is protected and 
safe. http://specials.msn.com/msn/security.asp

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Clearing Post Data with IE

2004-03-23 Thread Chris Boget

 Is there a way to get it so that i can clear _post and get it so they
arent
 in the header??

After you've finished all of the processing, just do:

header( 'location: ' . $_SERVER['PHP_SELF'] );
exit();

Chris

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: Domain Sub-domain Handling with PHP

2004-03-23 Thread Justin Patrin

Galen wrote:

Hi,

I've done loads and loads with PHP and MySQL and stuff like that... but 
never had to really deal with actually creating new domains and 
subdomains with PHP. Especially with subdomains, I've seen lots of sites 
create subdomains automatically.

What is the best technique for doing all this (if there is one)? I'm 
sure I could hack something together (I always have) but I'd really like 
the best way - cleanest, fastest, whatever the technique may be.

Thanks,
Galen
You're confusing a couple of concepts I think. PHP cannot create 
subdomains and such (unless you alter your DNS records with PHP, but I 
don't think that's what you're talking about.)

Some other people have suggested having your DNS set up to resolve all 
sub-domains to your main web server, then using a custom 404 script (or 
index on the site) to look at the requested URL and redirect accordingly.

--
paperCrane Justin Patrin
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] SQL Injection check (mysql)

2004-03-23 Thread Michael Rasmussen

On Tue, 23 Mar 2004 08:25:32 -0800, Pablo Gosse wrote:

 
 A RARE case, in the world of web applications??? Hardly!
 
 I agree that in an optimal situation queries will not be based on user
 input, but in the world of the web this is a pipe dream.  In 99.99% of the
 cases there will be some dynamic element to a query.  The only safeguard
 is to validate the hell out of the data.
 
I don't know which web applications you develop, but the ones I have be
developing the last 10 years all user interaction was done thrue forms
where users where asked specific question, and the input to these specific
questions where used as input in prepared statements. Eg. select
tuple1.table1, tuple1.table2, tuple3.table1 from table1, table2 where
tuple1.table1 = tuple1.table2 and tuple1.table1=? and tuple3.table3? and
so forth.

In any case the users input where to be used in queries defined by the
design of the application!

I think you have misunderstod the concepts of making queries based on
user input. It is not the users who should create the query, all to should
do is provide the input to narrow down the queries.

-- 
Hilsen/Regards
Michael Rasmussen
--
Beauty and harmony are as necessary to you as the very breath of life.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] SQL Injection check (mysql)

2004-03-23 Thread Michael Rasmussen

On Tue, 23 Mar 2004 09:27:29 -0800, Chris Shiflett wrote:

 
 This argument still makes no sense to me. Originally, you stated that a
 better option to filtering and escaping data was to use a prepared
 statement. Some of us have decided that you are referring to stored
 procedures.
 
 You still have yet to defend your original statement in my mind. If there
 is no foreign data of any kind in a query, it doesn't really matter how
 the query is processed. For every other case (not as rare as you seem to
 think), data filtering is a must.
 
See my reply to Pablo Gosse.
-- 
Hilsen/Regards
Michael Rasmussen
--
It was all so different before everything changed.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] SQL Injection check (mysql)

2004-03-23 Thread Chris Shiflett

--- Michael Rasmussen [EMAIL PROTECTED] wrote:
 I think you have misunderstod the concepts of making queries based
 on user input. It is not the users who should create the query, all
 to should do is provide the input to narrow down the queries.

To be honest, I think Pablo understands the concepts quite well, and you
seem to have the misunderstanding. I'm happy to be wrong about this, but
you'll need to explain yourself more instead of making these types of
vague statements. As it is, I just don't buy your argument at all.

How can user input only narrow down queries? Are you telling me that
you've never had to write an application that had to store data
originating from a foreign source? If so, that's fine, but don't use your
inexperience to try to convince others that data filtering is unnecessary.

If you're only talking about SELECT statements, that's also fine, but it's
also rather irrelevant to the topic at hand (which might explain the
confusion).

Chris

=
Chris Shiflett - http://shiflett.org/

PHP Security - O'Reilly
 Coming Fall 2004
HTTP Developer's Handbook - Sams
 http://httphandbook.org/
PHP Community Site
 http://phpcommunity.org/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] SQL Injection check (mysql)

2004-03-23 Thread Pablo Gosse

snip
PG A RARE case, in the world of web applications??? Hardly!
PG 
PG I agree that in an optimal situation queries will not be based on
PG user input, but in the world of the web this is a pipe dream.  In
PG 99.99% of the cases there will be some dynamic element to a query. 
PG The only safeguard is to validate the hell out of the data.

 I don't know which web applications you develop, but the ones I have
 be developing the last 10 years all user interaction was done thrue
 forms where users where asked specific question, and the input to
 these specific questions where used as input in prepared statements.
 Eg. select tuple1.table1, tuple1.table2, tuple3.table1 from table1,
 table2 where tuple1.table1 = tuple1.table2 and tuple1.table1=? and
 tuple3.table3? and so forth.  
 
 In any case the users input where to be used in queries defined by
 the design of the application! 
 
 I think you have misunderstod the concepts of making queries based on
 user input. It is not the users who should create the query, all to
 should do is provide the input to narrow down the queries.  
/snip

I have not misunderstood the concepts of making queries based on user
input.

I think the issue here is we all need to clarify what we're referring to
as user input, because ultimately we are all saying the same thing.

1)  Hard coding a query into an application is good, if the situation
permits it;

2)  Letting a user select (or enter) a value(s) to be used in a query is
good, as long as you validate the hell out of said value(s);

3)  Letting a user arbitrarily enter unvalidated value(s) to be used in
a query is very very stupid and very very bad, and done far too often.

In a broader scope I would here consider to be user input ANY input
which is not hard coded into the application, and any input which is not
hard coded should be thoroughly examined before being used.

I've not misunderstood the concept, we're all saying the same thing,
just in different ways.

Cheers,
Pablo

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] fsockopen to spit out the HTTP's Location...

2004-03-23 Thread Scott Fletcher

  Sigh!  Well, I guess all web browsers suck at it by the way!
 Suck at what exactly?
Not suck at receiving the HTTP commands from the webserver but suck at not
receiving the HTTP commands from the PHP.  :-)  I understand how the
browser/webserver communication work so no wonder why it doesn't work.  Kind
of make you jealous of the flash player that are both client and server side
on the web-browser

 What do you consider to be the network layer? This figure might be helpful
 to you: http://shiflett.org/images/18fig06.jpg

Application -- Web Browser/Web Server
Presentation -- HTTP/HTTPS/SSL and language (HTML/JavaScript, etc).
Session -- Browser-Server connection, etc.
Transport -- Port 80/Port 443, packet transfer control, etc.
Network -- IP Address/Internet/Router
Data Link -- Network card driver/binding
Physical -- Media stuffs (Network cable, wireless, etc).

 Yeah, this is why everyone was interested - you're wrong. :-)
Me wrong?  Really!  :-)

 That code will throw an error is headers have already been sent. Headers
 are sent as soon as output begins, so you can either set all of your
 headers prior to any output or use output buffering with ob_start().

 So, use header().
Yea, working on it  Wish can make the 3rd party software come after the
header()..

FletchSOD

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] fsockopen to spit out the HTTP's Location...

2004-03-23 Thread Scott Fletcher

 Why not delete that part of the 3rd party code then? Or send your Location
 header before you call it? Curl won't help you here, for the same reasons
 that fsockopen won't work.
Not sure about deleting the part of the 3rd party code though, I had thought
about it alot and I had been itching for it.  Can't say that I would
remember this 2 months from now with the upgrading parting.  Location
header, it wouldn't hurt to move it around in the script.

FletchSOD

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] fsockopen to spit out the HTTP's Location...

2004-03-23 Thread Chris Shiflett

--- Scott Fletcher [EMAIL PROTECTED] wrote:
 Application -- Web Browser/Web Server
 Presentation -- HTTP/HTTPS/SSL and language (HTML/JavaScript, etc).
 Session -- Browser-Server connection, etc.
 Transport -- Port 80/Port 443, packet transfer control, etc.
 Network -- IP Address/Internet/Router
 Data Link -- Network card driver/binding
 Physical -- Media stuffs (Network cable, wireless, etc).

In this case, fsockopen() basically handles everything from the Transport
layer down, and whatever you write needs to handle everything from the
Session layer up.

  So, use header().

 Yea, working on it  Wish can make the 3rd party software come after
 the header()..

You don't have to. All you have to do is make sure no output comes before
your 3rd party software. If you can't avoid this, you can put ob_start()
at the very top, and PHP will buffer the output for you, so that headers
aren't sent until the script terminates. Whatever works best for you.

Hope that helps.

Chris

=
Chris Shiflett - http://shiflett.org/

PHP Security - O'Reilly
 Coming Fall 2004
HTTP Developer's Handbook - Sams
 http://httphandbook.org/
PHP Community Site
 http://phpcommunity.org/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] http webmail problems.

2004-03-23 Thread Tom Reed

On some webmail programs, when I send them an email from php, they appear as
being blank emails.

Here's the code I am using:

  $headers .= From: \$WEBSITE_name\ $ADMIN_email\n;
  $headers .= X-Sender: $ADMIN_email\n;
  $headers .= X-Mailer: $WEBSITE_name Mailer\n; // mailer
  $headers .= X-Priority: 1\n; // Urgent message!
  $headers .= Return-Path: $ADMIN_email\n;  // Return path for errors

  $headers .= MIME-version: 1.0\n;
  $headers .= Content-type: multipart/mixed; ;
  $headers .= boundary=\Message-Boundary\\n;
  $headers .= Content-transfer-encoding: 7BIT\n;

  $message = --Message-Boundary\n;
  $message .= Content-Type: text/html; charset=iso-8859-1\n; // Mime type
  $message .= Content-transfer-encoding: 7BIT\n;
  $message .= Content-description: Mail message body\n\n;

  $message .= bTest message with html/b;

  mail($email, Test HTML message., $message, $headers);

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Null Variables after session_register() ( Radio Inputs Problem )

2004-03-23 Thread gohaku

Apologies if this has been asked before,

I'm experiencing problems with Session Variables and Radio Inputs 
values.
For some reason, after I use session_register(number) where
$number has 3 possible values { 1,2,3 }, $number IS NULL.

If I don't use session_register(number), $number IS NOT NULL.
I did not see any difference with checkbox inputs either.
Any help would be greatly appreciated.

Thank you.
-gohaku
!--Form.html--
form action=session.php method=POST
Name: input type=text name=name size=30br
input type=radio name=number value=1 CHECKED1br
input type=radio name=number value=22br
input type=radio name=number value=33br
input type=submit name=submit value=Session Test
/form
?
/***Session.php**/
$varcount = 0;
if($name)   {   $varcount++;}
if($number){$varcount++;}
session_start();
session_register(name);
session_register(number);
?
html
headtitle?=$number?/title/head
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: http webmail problems.

2004-03-23 Thread Justin Patrin

Tom Reed wrote:

On some webmail programs, when I send them an email from php, they appear as
being blank emails.
Here's the code I am using:

  $headers .= From: \$WEBSITE_name\ $ADMIN_email\n;
  $headers .= X-Sender: $ADMIN_email\n;
  $headers .= X-Mailer: $WEBSITE_name Mailer\n; // mailer
  $headers .= X-Priority: 1\n; // Urgent message!
  $headers .= Return-Path: $ADMIN_email\n;  // Return path for errors
  $headers .= MIME-version: 1.0\n;
  $headers .= Content-type: multipart/mixed; ;
  $headers .= boundary=\Message-Boundary\\n;
  $headers .= Content-transfer-encoding: 7BIT\n;
  $message = --Message-Boundary\n;
  $message .= Content-Type: text/html; charset=iso-8859-1\n; // Mime type
  $message .= Content-transfer-encoding: 7BIT\n;
  $message .= Content-description: Mail message body\n\n;
  $message .= bTest message with html/b;

  mail($email, Test HTML message., $message, $headers);
Try using PEAR's Mail_MIME class. It will do this kind of thing for you.
http://pear.php.net/package/Mail_MIME
--
paperCrane Justin Patrin
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: Null Variables after session_register() ( Radio Inputs Problem )

2004-03-23 Thread Justin Patrin

Gohaku wrote:

Apologies if this has been asked before,

I'm experiencing problems with Session Variables and Radio Inputs values.
For some reason, after I use session_register(number) where
$number has 3 possible values { 1,2,3 }, $number IS NULL.
If I don't use session_register(number), $number IS NOT NULL.
I did not see any difference with checkbox inputs either.
Any help would be greatly appreciated.

Thank you.
-gohaku
!--Form.html--
form action=session.php method=POST
Name: input type=text name=name size=30br
input type=radio name=number value=1 CHECKED1br
input type=radio name=number value=22br
input type=radio name=number value=33br
input type=submit name=submit value=Session Test
/form
?
/***Session.php**/
$varcount = 0;
if($name){$varcount++;}
if($number){$varcount++;}
session_start();
session_register(name);
session_register(number);
?
html
headtitle?=$number?/title/head
You may want to look into using the superglobal $_SESSION instead of 
using session_register and global variables. It's far more secure and 
generally works without so many problems.

--
paperCrane Justin Patrin
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: RE:[PHP] login scripts not secure?? help!

2004-03-23 Thread Scott Fletcher

Also remember to keep in mind, some user's browser had the cookie disabled.
Once that happen then it wouldn't work.

John W. Holmes [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
 Scott Fletcher wrote:
  Um, you would be able to jump out of the admin area (logged in area) to
  public/free area and back to the admin area (logged in area) only if
either
  one of these two, not necessnary both is maintained on every webpage of
that
  website, 1) session_start() or 2) session_id via links/form.  But if the
  person go to a website like Google or something and back then no, it
would
  not be possible unless there is a known way for the web browser to hold
the
  token like cookie for example.

 By default the session id (token) _is_ maintained in a cookie, so it
 wouldn't matter where you go, the cookie would still be present. That
 means your user can go back and forth between areas without any problem.
 You only need the session_start() in the admin areas to start and
 retrieve the existing session. The cookie will be maintained whether
 session_start() is encountered or not so long as the browser window
 stays open.

 -- 
 ---John Holmes...

 Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/

 php|architect: The Magazine for PHP Professionals  www.phparch.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] CGI Error

2004-03-23 Thread Alex Hogan

Hi All,

I am getting this error when I trying to pass some url params;

CGI Error
The specified CGI application misbehaved by not returning a complete set of
HTTP headers. The headers it did return are:

And nothing

Has anybody seen this before?  I did a search and it seems that there are a
few references to it, but nobody seems to have an explanation.

alex hogan


** 
The contents of this e-mail and any files transmitted with it are 
confidential and intended solely for the use of the individual or 
entity to whom it is addressed.  The views stated herein do not 
necessarily represent the view of the company.  If you are not the 
intended recipient of this e-mail you may not copy, forward, 
disclose, or otherwise use it or any part of it in any form 
whatsoever.  If you have received this e-mail in error please 
e-mail the sender. 
**

[PHP] Can i get all content for list box in $_POST

2004-03-23 Thread Sheeraz fazal

Hi All,

I have a list box in a page (html select tag with multiple selection
option). Items are added dynamically in list box, using javascript. Can i
get all elements of listbox in my php code.

If i do $_POST['select_tag_name']. I get a variable not an array. Thus
getting only one item.

Comments?

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: replacing chars in input

2004-03-23 Thread David T-G

Justin, et al --

...and then Justin Patrin said...
% 
% David T-G wrote:
% 
% I would like to make things easier for my users and replace all of the
% garbage characters
% 
%   `';:[EMAIL PROTECTED]*()[]{}/?\|+=
% 
% plus white space (\s) with underscores in the input.  I am, however,
% having trouble getting my regexp to work.
...
% 
% If there isn't a handy character class waiting for me, what must I do to
% get those chars replaced?
% 
% $i = preg_replace('/[^A-Za-z0-9_-]/', '_', $i);
% 
% That means anything that is not in that class should be replaced with '_'.

*duh*  Of course!  Brilliant in its simplicity.  I can't wait to try it.


% 
% -- 
% paperCrane Justin Patrin


Thanks  HAND

:-D
-- 
David T-G  * There is too much animal courage in 
(play) [EMAIL PROTECTED] * society and not sufficient moral courage.
(work) [EMAIL PROTECTED]  -- Mary Baker Eddy, Science and Health
http://justpickone.org/davidtg/  Shpx gur Pbzzhavpngvbaf Qrprapl Npg!



pgp0.pgp
Description: PGP signature

RE: [PHP] Can i get all content for list box in $_POST

2004-03-23 Thread Pablo Gosse

Sheeraz fazal wrote:
 Hi All,
 
 I have a list box in a page (html select tag with multiple
 selection option). Items are added dynamically in list box, using
 javascript. Can i get all elements of listbox in my php code.  
 
 If i do $_POST['select_tag_name']. I get a variable not an array.
 Thus getting only one item. 
 
 Comments?

http://www.php.net/manual/en/faq.html.php#faq.html.select-multiple

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Image Storage

2004-03-23 Thread David T-G

Matt --

...and then Matt Palermo said...
% 
% I am creating a system to allow users to upload images to the site.  Would
% it be better to store the images in a MySQL table, or having it save the
% images to a directory on the server?  Anyone have any suggestions on this?
% Pros? Cons?

This has been debated to death; check the archives.  Although there are
passionate arguments for both approaches, I *think* that the consensus
for general applications where you don't have a specific reason to put
them in the DB is to go with the filesystem -- but, then, I'm also a
subscriber of that camp :-)


% 
% Thanks,
% 
% Matt
% http://sweetphp.com/


HTH  HAND

:-D
-- 
David T-G  * There is too much animal courage in 
(play) [EMAIL PROTECTED] * society and not sufficient moral courage.
(work) [EMAIL PROTECTED]  -- Mary Baker Eddy, Science and Health
http://justpickone.org/davidtg/  Shpx gur Pbzzhavpngvbaf Qrprapl Npg!



pgp0.pgp
Description: PGP signature

[PHP] Storing encrypted data in a database with

2004-03-23 Thread Jay Blanchard

Good afternoon!

I am storing some encrypted data using PHP to do the encryption and a MySQL database. 
I have encountered a couple of times where I get back a query sytax error.

INSERT INTO `test`.`tblEncTest` (`encAlg`, `encMode`, `encIV`, `reqName`, `reqSSN`, 
`reqEMail`) VALUES ( 'blowfish', 'cbc', '3I}', ' p_9', 
'kf?Qg', '-%+AR'HXppT 7 
GH' ) 

You have an error in your SQL syntax near 'HXppT 7 GH' ) 
' at line 1 

Now, if you look closely you can see and additional single quote in R'HX. I 
cannot use addslashes() here can I? Or should I base64_encode each item and then 
decode on the way back out. Any thoughts would be appreciated.

TVMIA!

[PHP] $_POST not working with str_replace

2004-03-23 Thread PHP Email List

Hey gang,

Ok here's my problem, I'm in the midst of creating a string replace to work
on a rtf file that is on the server, this fuctionallity works perfect with
GET but not POST, I guess I don't understand why.  The reason I don't
want to use GET over POST is due to the character restrictions. I need to be
able to place more characters than what are allowed in the URL. I created a
test script to have a person fill in the form fields and it would write a
detailed letter for them. This was just an idea I was using to test the
replacement functions within a rtf document.  My main project that I'm going
for, is to allow our on-site techs to enter in what they have done for a
client, lay it out perfect for our stationary and then hand the client their
spec sheet and invoice straight from the printer without having to come back
to the office.

The overall end of this will more than likely be database driven and maybe I
should place these items into the database then turn around and pull them
out assigning them to the given replace functions.  But my problem still
lies in the fact that I don't understand why the GET functionallity works
with this form and POST will not.

After some rough testing, the template is being displayed as it fills in the
static parts of the form by itself and then replaces all of my FNAME
LNAME with  (blank spaces).

Code is below, any help would be wonderful!

rtfform.html::
HTMLHEADTITLETesting RTF Input/TITLE/HEAD
BODY
FORM NAME=TEST ACTION=rtf.php METHOD=POST
FIRST NAME: INPUT TYPE=TEXT NAME=FNAME LENGTH=30BR
...
Rest of form elements
...
INPUT TYPE=SUBMIT NAME=SUBMIT VALUE=TEST ME
/FORM
/BODY/HTML
end rtfform


rtf.php::
$name = $_POST['FNAME'];
... rest of post variable conversions

$filename = Lettertest.rtf;

header('Content-type: application/msword');
header('Content-Disposition: Rtftest.rtf');
$fp = fopen($filename, r);

$output = fread($fp, filesize($filename));

$output = str_replace(FNAME,$name,$output);
... rest of output str_replace items

echo $output;
end rtf.php

Thanks in advanced
Wolf

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] PHP 4.3.4 EAPI

2004-03-23 Thread Jordan S. Jones

Hello all..

For some odd reason, I am having a very very difficult time compiling 
PHP with EAPI support.. Here is my configure line:

CFLAGS= -DEAPI \
./configure \
--with-apxs \
--with-config-file-path=/etc \
--disable-short-tags \
--with-zlib \
--with-bz2 \
--with-curl \
--with-mcrypt \
--with-mhash \
--with-mysql \
--enable-xslt \
--without-pear \
--with-pgsql \
--with-gd \
--enable-gd-native-ttf \
--with-xslt-sablot \
--disable-debug \
--enable-bcmath \
--enable-calendar \
--enable-inline-optimization \
--enable-memory-limit \
--enable-rule=EAPI
Any help on the matter would be greatly appreciated..

Thanks,
Jordan S. Jones
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Can i get all content for list box in $_POST

2004-03-23 Thread Sheeraz fazal

Thanks.
As same select element is used in PHP and JavaScript. Naming a tag ending
in sqare brackets [] is JavaScript error. Till now either PHP will not
produce desired results or JavaScript will give me error :(

Pablo Gosse [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Sheeraz fazal wrote:
 Hi All,

 I have a list box in a page (html select tag with multiple
 selection option). Items are added dynamically in list box, using
 javascript. Can i get all elements of listbox in my php code.

 If i do $_POST['select_tag_name']. I get a variable not an array.
 Thus getting only one item.

 Comments?

http://www.php.net/manual/en/faq.html.php#faq.html.select-multiple

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Can i get all content for list box in $_POST

2004-03-23 Thread Sheeraz fazal

My Mistake. I over looked :(

Pablo Gosse [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Sheeraz fazal wrote:
 Hi All,

 I have a list box in a page (html select tag with multiple
 selection option). Items are added dynamically in list box, using
 javascript. Can i get all elements of listbox in my php code.

 If i do $_POST['select_tag_name']. I get a variable not an array.
 Thus getting only one item.

 Comments?

http://www.php.net/manual/en/faq.html.php#faq.html.select-multiple

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Storing encrypted data in a database with

2004-03-23 Thread John W. Holmes

Jay Blanchard wrote:

You have an error in your SQL syntax near 'HXppT 7 GH' ) ' at line 1 

Now, if you look closely you can see and additional single quote in R'HX. I cannot use addslashes() here can I? Or should I base64_encode each item and then decode on the way back out. Any thoughts would be appreciated.
Yes, you still need to use addslashes() or mysql_escape_string() on the 
encrypted data string. It will not mess up the encryption. Encrypted or 
not, it's still a string and special characters need to be escaped.

--
---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/

php|architect: The Magazine for PHP Professionals  www.phparch.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: RE:[PHP] login scripts not secure?? help!

2004-03-23 Thread John W. Holmes

Scott Fletcher wrote:

Also remember to keep in mind, some user's browser had the cookie disabled.
Once that happen then it wouldn't work.
Very true. If that was the case, you'd have to maintain the session ID 
in every URL/form for the private area and also provide it in any URLs 
that go from the public area _back into_ the private area. You 
wouldn't need to maintain the session ID on every link that goes from 
public to public areas or private to public areas, though.

--
---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/

php|architect: The Magazine for PHP Professionals  www.phparch.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] $_POST not working with str_replace

2004-03-23 Thread John W. Holmes

PHP Email List wrote:

Ok here's my problem, I'm in the midst of creating a string replace to work
on a rtf file that is on the server, this fuctionallity works perfect with
GET but not POST, I guess I don't understand why.  
[snip]
$name = $_POST['FNAME'];
[snip]
$output = str_replace(FNAME,$name,$output);
There's no reason why something would work with $_GET['FNAME'] and not 
with $_POST['FNAME'], so I can understand why you're confused. Are you 
sure there are even any values in $_POST? Right at the beginning of 
rtf.php, put a print_r($_POST) to see what the values are. If $_POST is 
empty even when you put values in the form, then it must be an issue 
with your web browser or server not allowing POST values (that would be 
very odd, though).

--
---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/

php|architect: The Magazine for PHP Professionals  www.phparch.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Storing encrypted data in a database with

2004-03-23 Thread Evan Nemerson

What version of mysql are you using? IIRC, there is support for AES in newer 
(4+?) versions. If I were you, I'd handle are the encryption and decryption 
in the database, if possible.

Yep, http://www.mysql.com/doc/en/Encryption_functions.html


On Tuesday 23 March 2004 02:04 pm, Jay Blanchard wrote:
 Good afternoon!

 I am storing some encrypted data using PHP to do the encryption and a MySQL
 database. I have encountered a couple of times where I get back a query
 sytax error.

 INSERT INTO `test`.`tblEncTest` (`encAlg`, `encMode`, `encIV`, `reqName`,
 `reqSSN`, `reqEMail`) VALUES ( 'blowfish', 'cbc', '3I}', ' p_9',
 'kf?Qg', '-%+AR'HXppT 7 
 GH' )

 You have an error in your SQL syntax near 'HXppT 7 GH' ) '
 at line 1

 Now, if you look closely you can see and additional single quote in
 R'HX. I cannot use addslashes() here can I? Or should I base64_encode
 each item and then decode on the way back out. Any thoughts would be
 appreciated.

 TVMIA!

-- 
Evan Nemerson
[EMAIL PROTECTED]
http://coeusgroup.com/en

--
Only the other day, historically speaking, the 'holy inquisition' burned or 
silenced scientists. The discovery of the microscope and telescope, for 
instance, was delayed for a long time because the inventor, in fear of 
priestly persecution, was afraid to write his scientific discoveries in plain 
language. He had to write them in cipher- a fact discovered only a few years 
ago. Those afflicted with diseases can easily realize where our science in 
general, and medical science in particular, might be today if not for the 
holy zeal of powerful enemies of science who vehemently and ruthlessly 
sponsored ignorance, old s.r, and so disease.

-Alfred Korzybski

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] $_POST not working with str_replace

2004-03-23 Thread PHP Email List

PHP Email List wrote:

 Ok here's my problem, I'm in the midst of creating a string replace to
work
 on a rtf file that is on the server, this fuctionallity works perfect with
 GET but not POST, I guess I don't understand why.
[snip]
 $name = $_POST['FNAME'];
[snip]
 $output = str_replace(FNAME,$name,$output);

There's no reason why something would work with $_GET['FNAME'] and not
with $_POST['FNAME'], so I can understand why you're confused. Are you
sure there are even any values in $_POST? Right at the beginning of
rtf.php, put a print_r($_POST) to see what the values are. If $_POST is
empty even when you put values in the form, then it must be an issue
with your web browser or server not allowing POST values (that would be
very odd, though).

::John,

Ok I tried the print_r($_POST) and received...

Array ( [FNAME] = test [LNAME] = t [ADDRESS] = t [CITY] = t [STATE] = t
[ZIP] = t [DATE] = t [PARAGRAPH1]= t [PARAGRAPH2] = t [FROM] = t
[SUBMIT] = TEST ME )

So they array isn't empty for my post. Obviously the values don't matter for
this array, but the array is still not being brought into the str_replace
function.  Is it possible that str_replace requires GET opposed to POST
for it to work? This is becoming very odd! Possible bug? I hate throwing
that out there but it doesn't make sense why one would work and the other
wouldn't since all any of them are doing is holding strings.  Any other
ideas?

Thanks,
Wolf

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] REGISTER_GLOBALS set to off and other issues

2004-03-23 Thread Alisa Davis

I have REGISTER_GLOBALS set to off. I have read and read, but cannot figure out what I 
need to do code wise to keep from getting the following message:

Warning: Unknown(): Your script possibly relies on a session side-effect which existed 
until PHP 4.2.3. Please be advised that the session extension does not consider global 
variables as a source of data, unless register_globals is enabled. You can disable 
this functionality and this warning by setting session.bug_compat_42 or 
session.bug_compat_warn to off, respectively. in Unknown on line 0

We upgrade from 4.1.1 about a month ago and since then several things are now broken. 
I need to know how to code around this problem so I don't get this WARNING.

I am also having another problem since the upgrade. This seems to be a javascript 
problem, but it's weird that it's happened on two different servers just after a PHP 
upgrade. 

I have static page tops and bottoms that I call with an include for each page. 
Currently, I have all the javascripts that I use for my entire site in the header:
script language=javascript src=library/script1.js/script
script language=javascript src=library/script2.js/script etc...

If use script1.js on page 1 but don't use script2.js, then I get a javascript error on 
script1.js. The reason I know this is that if I strip out all but what is essential to 
page 1, then the javascript runs error free, but if not, I get errors. 

I don't know if this is a php problem or not, but like I said above, I do know it 
started with the upgrades. I can deal with this though, because I know how to fix it. 
I will just take a while.

This is a school site and they are on spring break right now. I have until Monday 
3/29/2004 to get this fixed. The school's website, which includes homework 
assignments, lunch menu, etc... will be dead in the water until I do.


--
Thanks,
Alisa Davis - Madison Academy webmaster
--

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] $_POST not working with str_replace

2004-03-23 Thread Chris W. Parker

PHP Email List mailto:[EMAIL PROTECTED]
on Tuesday, March 23, 2004 3:08 PM said:

 This is becoming very odd!
 Possible bug? I hate throwing that out there but it doesn't make
 sense why one would work and the other wouldn't since all any of them
 are doing is holding strings.  Any other ideas?

sorry, jumping in late. hopefully this hasn't already been covered.

using some code from a previous email:

 why. [snip] $name = $_POST['FNAME'];
 [snip]
 $output = str_replace(FNAME,$name,$output);

what happens if you do the following?

?php

$name = $_POST['FNAME'];

echo ::$name::;

$output = str_replace(FNAME, $name, $output);

?

??

Do you get the expected value betwee the two ::'s? If you aren't getting
what you're expecting that's where your problem is. If the contrary is
true, I have no idea. ;)


chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Null Variables after session_register() ( Radio Inputs Problem )

2004-03-23 Thread gohaku

Thanks.
Below is what I changed to session.php.
Are there any possible problems with my changes?

On Mar 23, 2004, at 4:28 PM, Justin Patrin wrote:

?
/***Session.php**/
$varcount = 0;
if($name){$varcount++;}
if($number){$varcount++;}
session_start();
session_register(name);
session_register(number);
?


?
/***Session.php**/
$varcount = 0;
if($name){$varcount++;}
if($number){$varcount++;}
$_SESSION[name] = $name;
$_SESSION[number] = $number;
?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] string concatination

2004-03-23 Thread Matthew Oatham

Hi, 

What is the correct way, using php to join to strings, vars or other wise.

i.e. how do I join

$string1 = hello;
$string2 = world;

do i do

$string1 . $string2;

and what about ..

$string2 = $string1 . world;

Is that correct?

RE: [PHP] string concatination

2004-03-23 Thread Chris W. Parker

Matthew Oatham mailto:[EMAIL PROTECTED]
on Tuesday, March 23, 2004 3:59 PM said:

 Hi,

hi.

 What is the correct way, using php to join to strings, vars or other
 wise. 

[snip]

 i.e. how do I join
 
 $string1 = hello;
 $string2 = world;
 
 do i do
 
 $string1 . $string2;

[snip]

 Is that correct?

that's correct except that the result won't go anywhere (but maybe you
already knew this?).

$string3 = $string1.$string2;



chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Clearing Post Data with IE

2004-03-23 Thread Chris Thomas

I tried using the Header('location: ') but it seems the posted data
follows the redirection
Im going from my main page to a processing page then back to my main page.
i printed $_POST on the main page and it still has the values that were
originally posted to the
processing page.  Also after the redirection the address in the address bar
is that of the processing page

Here is some code to help explain:

--index.php
print_r($_POST);
...
echo form action='poll.php' method='POST';
echo input name='poll_id' type='hidden' value='$poll_id'\n;
echo input name='calling' type='hidden' value=' .
$_SERVER['PHP_SELF'] . '\n;
foreach($poll-choices as $id = $choice) {
echo input name='poll_choice' type='radio' value=$choice-id
$choice-choicebr\n;
}
echo input type='submit' value='submit';
echo /form;


--poll.php
$poll_id = $_POST['poll_id'];
$poll_choice = $_POST['poll_choice'];
$calling = $_POST['calling'];

if (isset($poll_id)) {
unset($_POST);
Header(Location: $calling);
exit();
}


When poll.php loads up index.php the Posted data is still there.

Chris


Chris Boget [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
  Is there a way to get it so that i can clear _post and get it so they
 arent
  in the header??

 After you've finished all of the processing, just do:

 header( 'location: ' . $_SERVER['PHP_SELF'] );
 exit();

 Chris

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] $_POST not working with str_replace

2004-03-23 Thread PHP Email List

what happens if you do the following?

?php

$name = $_POST['FNAME'];

echo ::$name::;

$output = str_replace(FNAME, $name, $output);

?

??

I tried that, but I know I can get the values from the $_POST array as per
John's email about using print_r($_POST) to see what was showing. And yes I
get the value I wanted in between the :: ::.

Thanks for trying though,

Anyone else have any ideas on this problem?
Thanks!
Wolf

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

1 2 >

1 - 100 of 118 matches

Mail list logo