php-general Digest 25 Sep 2004 11:12:35 -0000 Issue 3016
php-general Digest 25 Sep 2004 11:12:35 - Issue 3016 Topics (messages 197802 through 197815): php upload script problems 197802 by: AMC 197813 by: Marek Kilimajer 197815 by: Pablo M. Rivas Re: A few questions about system requirements 197803 by: Steven Re: opening table 2 inside table1 197804 by: John Taylor-Johnston echo to rtf format 197805 by: John Taylor-Johnston 197807 by: Manuel Lemos 197808 by: Manuel Lemos simple templateing 197806 by: Mag Parse Error... can not find cause of error 197809 by: GH 197814 by: Marek Kilimajer supplied argument is not a valid 197810 by: John Taylor-Johnston 197811 by: Ramil Sagum 197812 by: John Taylor-Johnston Administrivia: To subscribe to the digest, e-mail: [EMAIL PROTECTED] To unsubscribe from the digest, e-mail: [EMAIL PROTECTED] To post to the list, e-mail: [EMAIL PROTECTED] -- ---BeginMessage--- Hi, I have the following php page. The page just opens up blank and I assume I made an error I cannot see. I'm new to php and any help would be greatly appreciated: ?php $extlimit = yes; //Do you want to limit the extensions of files uploaded $limitedext = array(.pdf); //Extensions you want files uploaded limited to. $sizelimit = no; //Do you want a size limit, yes or no? $sizebytes = 20; //size limit in bytes $dl = http://www.corrige2.bluehill.com/pdfs;; //url where files are uploaded $absolute_path = http://www.corrige2.bluehill.com/pdfs;; //Absolute path to where files are uploaded $websiteurl = http://www.corrige2.bluehill.com;; //Url to you website $websitename = Corrigent; switch($action) { default: echo htmlheadtitleUpload Or Download/title/headbodya href=$PHP_SELF?action=uploadUpload File/a a href=$PHP_SELF?action=downloadDownload File/a; echo a href=$websiteurlReturn to $websitename/abrbrPowered by PHP Uploader Downloader/a/body/html; break; case download: echo htmlheadtitleFile Download/title/headbodya href=$PHP_SELF?action=uploadUpload File/a a href=$websiteurlReturn to $websitename/a; $list = table width=700 border=1 bordercolor=#00 style=\border-collapse: collapse\; $list .= trtd width=700centerbClick To Download/b/center/td/tr; $dir = opendir($absolute_path); while($file = readdir($dir)) { if (($file != ..) and ($file != .)) { $list .= trtd width=700a href='$dl/$file'$file/a/center/td/tr; } } $list .= /table; echo $list; echobrbrPowered by PHP Uploader Downloader/a/body/html; break; case upload: echohtmlheadtitleFile Upload/title/headbodyform method=POST action=$PHP_SELF?action=doupload enctype=multipart/form-data ID=Form1pFile to upload:brinput type=file name=file size=30 ID=File1; echopbutton name=submit type=submit ID=Button1Upload/button/formbrbrPowered by PHP Uploader Downloader/a/body/html; break; //File Upload case doupload: $dir = dir; if ($file != ) { if (file_exists($absolute_path/$file_name)) { die(File already exists); } $ext = strrchr($file_name,'.'); if (($extlimit == yes) (!in_array($ext,$limitedext))) { die(The file you are uploading doesn't have the correct extension.); } @copy($file, $absolute_path/$file_name) or die(The file you are trying to upload couldn't be copied to the server); } else { die(Must select file to upload); } echo htmlheadtitleFile Uploaded/title/headbody; echo $file_name. was uploaded; echo bra href=$PHP_SELF?action=uploadUpload Another File/aa href=$PHP_SELF?action=download Download File/aa href=$websiteurl Return to $websitename/abrbrPowered by a href=http://www.zachwhite.com/PHP Uploader Downloader/a/body/html; break; } ? ---End Message--- ---BeginMessage--- AMC wrote: Hi, I have the following php page. The page just opens up blank and I assume I made an error I cannot see. I'm new to php and any help would be greatly appreciated: What is your register_globals and display_errors setting? ---End Message--- ---BeginMessage--- Hello: When you want to know where is your error, set: error_reporting(E_ALL); http://www.php.net/manual/en/function.error-reporting.php the error is here: case upload: echohtmlheadtitleFile Upload/title/headbodyform method=POST action=$PHP_SELF?action=doupload enctype=multipart/form-data ID=Form1pFile to upload:brinput type=file name=file size=30 ID=File1; you might change : ID=Form1 and ID=File1 for : ID=\Form1\ and ID=\File1\ echohtmlheadtitleFile Upload/title/headbodyform method=POST action=$PHP_SELF?action=doupload enctype=multipart/form-data ID=\Form1\pFile to upload:brinput type=file name=file size=30 ID=\File1\; Good Luck! On Fri, 24 Sep 2004 16:01:48 -0700, AMC [EMAIL PROTECTED] wrote: Hi, I have the following php page. The page just opens up blank and I assume I made an error I cannot see. I'm new to php and any help would be greatly appreciated: ?php $extlimit =
php-general Digest 25 Sep 2004 23:12:54 -0000 Issue 3017
php-general Digest 25 Sep 2004 23:12:54 - Issue 3017 Topics (messages 197816 through 197845): how to retrieve path to web server files 197816 by: AMC 197817 by: M. Sokolewicz 197832 by: Jasper Howard 197833 by: Jasper Howard Re: interesting behavior of ob_end_flush() in __destruct() 197818 by: Daniel Schierbeck 197821 by: aRZed Re: mailing to hotmail 197819 by: -{ Rene Brehmer }- 197820 by: -{ Rene Brehmer }- New PHP tutorial - suggestions welcome 197822 by: Paul Hudson 197823 by: Daniel Schierbeck 197826 by: Chris Shiflett Re: php upload script problems 197824 by: Jim Grill redirecting to another page 197825 by: AMC 197827 by: Jason Davidson 197828 by: Chris Shiflett Re: simple templateing 197829 by: Matthew Weier O'Phinney Problems installing smarty on a shared host 197830 by: Pablo Gosse 197831 by: Marek Kilimajer 197834 by: Pablo Gosse 197836 by: Marek Kilimajer 197839 by: Pablo Gosse 197841 by: Pablo Gosse 197843 by: Marek Kilimajer ftp_put Problems 197835 by: Julian 197837 by: Marek Kilimajer 197838 by: Julian 197840 by: Jason Wong 197842 by: Julian 197844 by: Marek Kilimajer 197845 by: Julian Administrivia: To subscribe to the digest, e-mail: [EMAIL PROTECTED] To unsubscribe from the digest, e-mail: [EMAIL PROTECTED] To post to the list, e-mail: [EMAIL PROTECTED] -- ---BeginMessage--- Hi, How can I get the string that is the path to the directories on my web server? I need to upload some files, but don't know what to supply for the destination path. In asp I used server.mappath, but I'm new to php. Thanks, ---End Message--- ---BeginMessage--- $path = getcwd(); Amc wrote: Hi, How can I get the string that is the path to the directories on my web server? I need to upload some files, but don't know what to supply for the destination path. In asp I used server.mappath, but I'm new to php. Thanks, ---End Message--- ---BeginMessage--- On Sat, 25 Sep 2004 14:29:27 +0200, M. Sokolewicz [EMAIL PROTECTED] wrote: $path = getcwd(); Amc wrote: Hi, How can I get the string that is the path to the directories on my web server? I need to upload some files, but don't know what to supply for the destination path. In asp I used server.mappath, but I'm new to php. Thanks, -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Jasper Howard - Database Administration ApexEleven.com 530 559 0107 --- ---End Message--- ---BeginMessage--- $base_dir = $_SERVER['document_root'] On Sat, 25 Sep 2004 14:17:16 -0700, Jasper Howard [EMAIL PROTECTED] wrote: On Sat, 25 Sep 2004 14:29:27 +0200, M. Sokolewicz [EMAIL PROTECTED] wrote: $path = getcwd(); Amc wrote: Hi, How can I get the string that is the path to the directories on my web server? I need to upload some files, but don't know what to supply for the destination path. In asp I used server.mappath, but I'm new to php. Thanks, -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Jasper Howard - Database Administration ApexEleven.com 530 559 0107 --- -- Jasper Howard - Database Administration ApexEleven.com 530 559 0107 --- ---End Message--- ---BeginMessage--- Arzed wrote: it seems that php first ends output buffering and then calls then destrcuts the objects. so the output buffering is still ended when the destructor is calles. one has to unset the object to reverse that order manually. I've encountered the same problem. It would be nice if there was an option to keep the buffered output, even after script termination. ---End Message--- ---BeginMessage--- Chris Dowell wrote: I haven't searched through the archives to refresh my memory, but it's something to bear in mind. I wonder whether error messages are also not passed to the browser. I have pointed out some more aspects of this issue: Error messages and normal output are passed to the browser as expected. (my first examlpe and the following) ?php class foo { public function __construct() { ob_start(); } public function __destruct() { echo Destructor; } } $f = new foo(); // outputs Destructor ? still unclear is what happens when ob_start() is called in the destructor. but
Re: [PHP] php upload script problems
AMC wrote: Hi, I have the following php page. The page just opens up blank and I assume I made an error I cannot see. I'm new to php and any help would be greatly appreciated: What is your register_globals and display_errors setting? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Parse Error... can not find cause of error....
GH wrote: Greetings... I am getting a parse error (line 45) and I do not know what is causing it... since I have the same code with minor changes nyc_ renamed to fed_ and it works... can someone please assit. code is also available at http://www.phpaste.com/536 File: /var/www/html/cert/mod/nyc_threat.php error message: Parse error: parse error in /var/www/html/cert/mod/nyc_threat.php on line 45 $nyc_alert .= CODE There is a white space after CODE -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php upload script problems
Hello: When you want to know where is your error, set: error_reporting(E_ALL); http://www.php.net/manual/en/function.error-reporting.php the error is here: case upload: echohtmlheadtitleFile Upload/title/headbodyform method=POST action=$PHP_SELF?action=doupload enctype=multipart/form-data ID=Form1pFile to upload:brinput type=file name=file size=30 ID=File1; you might change : ID=Form1 and ID=File1 for : ID=\Form1\ and ID=\File1\ echohtmlheadtitleFile Upload/title/headbodyform method=POST action=$PHP_SELF?action=doupload enctype=multipart/form-data ID=\Form1\pFile to upload:brinput type=file name=file size=30 ID=\File1\; Good Luck! On Fri, 24 Sep 2004 16:01:48 -0700, AMC [EMAIL PROTECTED] wrote: Hi, I have the following php page. The page just opens up blank and I assume I made an error I cannot see. I'm new to php and any help would be greatly appreciated: ?php $extlimit = yes; //Do you want to limit the extensions of files uploaded $limitedext = array(.pdf); //Extensions you want files uploaded limited to. $sizelimit = no; //Do you want a size limit, yes or no? $sizebytes = 20; //size limit in bytes $dl = http://www.corrige2.bluehill.com/pdfs;; //url where files are uploaded $absolute_path = http://www.corrige2.bluehill.com/pdfs;; //Absolute path to where files are uploaded $websiteurl = http://www.corrige2.bluehill.com;; //Url to you website $websitename = Corrigent; switch($action) { default: echo htmlheadtitleUpload Or Download/title/headbodya href=$PHP_SELF?action=uploadUpload File/a a href=$PHP_SELF?action=downloadDownload File/a; echo a href=$websiteurlReturn to $websitename/abrbrPowered by PHP Uploader Downloader/a/body/html; break; case download: echo htmlheadtitleFile Download/title/headbodya href=$PHP_SELF?action=uploadUpload File/a a href=$websiteurlReturn to $websitename/a; $list = table width=700 border=1 bordercolor=#00 style=\border-collapse: collapse\; $list .= trtd width=700centerbClick To Download/b/center/td/tr; $dir = opendir($absolute_path); while($file = readdir($dir)) { if (($file != ..) and ($file != .)) { $list .= trtd width=700a href='$dl/$file'$file/a/center/td/tr; } } $list .= /table; echo $list; echobrbrPowered by PHP Uploader Downloader/a/body/html; break; case upload: echohtmlheadtitleFile Upload/title/headbodyform method=POST action=$PHP_SELF?action=doupload enctype=multipart/form-data ID=Form1pFile to upload:brinput type=file name=file size=30 ID=File1; echopbutton name=submit type=submit ID=Button1Upload/button/formbrbrPowered by PHP Uploader Downloader/a/body/html; break; //File Upload case doupload: $dir = dir; if ($file != ) { if (file_exists($absolute_path/$file_name)) { die(File already exists); } $ext = strrchr($file_name,'.'); if (($extlimit == yes) (!in_array($ext,$limitedext))) { die(The file you are uploading doesn't have the correct extension.); } @copy($file, $absolute_path/$file_name) or die(The file you are trying to upload couldn't be copied to the server); } else { die(Must select file to upload); } echo htmlheadtitleFile Uploaded/title/headbody; echo $file_name. was uploaded; echo bra href=$PHP_SELF?action=uploadUpload Another File/aa href=$PHP_SELF?action=download Download File/aa href=$websiteurl Return to $websitename/abrbrPowered by a href=http://www.zachwhite.com/PHP Uploader Downloader/a/body/html; break; } ? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Pablo M. Rivas. http://pmrivas.ipupdater.com http://www.r3soft.com.ar --- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] how to retrieve path to web server files
Hi, How can I get the string that is the path to the directories on my web server? I need to upload some files, but don't know what to supply for the destination path. In asp I used server.mappath, but I'm new to php. Thanks, -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: how to retrieve path to web server files
$path = getcwd(); Amc wrote: Hi, How can I get the string that is the path to the directories on my web server? I need to upload some files, but don't know what to supply for the destination path. In asp I used server.mappath, but I'm new to php. Thanks, -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: interesting behavior of ob_end_flush() in __destruct()
Arzed wrote: it seems that php first ends output buffering and then calls then destrcuts the objects. so the output buffering is still ended when the destructor is calles. one has to unset the object to reverse that order manually. I've encountered the same problem. It would be nice if there was an option to keep the buffered output, even after script termination. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] mailing to hotmail
At 19:05 24-09-2004, you wrote: Diana Castillo wrote: for some reasons my mails I send to hotmail are never arriving, (using mail($email,$subject_line,$msg,$headers);) anyone ever heard of this? Does the box that you're running php on have a dynamic address? Do you have reverse DNS? You can actually have a static IP and still be listed as dynamic in the databases. That's the problem I have. My secondary MX, which is also my workstation and thus test-bed, is on a privately leased static IP, but alot of databases lists it as dial-up pool which is incorrect, and thus they don't accept mail from my server. Luckily sofar all the mail that's been refused because of this have been my server's auto-generated complaints to spamhouses. -- Rene Brehmer aka Metalbunny If your life was a dream, would you wake up from a nightmare, dripping of sweat, hoping it was over? Or would you wake up happy and pleased, ready to take on the day with a smile? http://metalbunny.net/ References, tools, and other useful stuff... Check out the new Metalbunny forums at http://forums.metalbunny.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] mailing to hotmail
At 18:23 24-09-2004, Diana Castillo wrote: for some reasons my mails I send to hotmail are never arriving, (using mail($email,$subject_line,$msg,$headers);) anyone ever heard of this? Usually if mail is not accepted by hotmail you'll get a very long and polite error message about it after some time, usually almost immediately ... (for some reason they can deliver error messages immediately, but regular mail takes hours to days)... Have you checked the junk folder??? ... atleast I assume you've tested with your own hotmail account... -- Rene Brehmer aka Metalbunny If your life was a dream, would you wake up from a nightmare, dripping of sweat, hoping it was over? Or would you wake up happy and pleased, ready to take on the day with a smile? http://metalbunny.net/ References, tools, and other useful stuff... Check out the new Metalbunny forums at http://forums.metalbunny.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] interesting behavior of ob_end_flush() in __destruct()
Chris Dowell wrote: I haven't searched through the archives to refresh my memory, but it's something to bear in mind. I wonder whether error messages are also not passed to the browser. I have pointed out some more aspects of this issue: Error messages and normal output are passed to the browser as expected. (my first examlpe and the following) ?php class foo { public function __construct() { ob_start(); } public function __destruct() { echo Destructor; } } $f = new foo(); // outputs Destructor ? still unclear is what happens when ob_start() is called in the destructor. but it seems that this has no serious effect. ?php class foo { public function __construct() { ob_start(); } public function __destruct() { ob_start(); echo Destructor; } } $f = new foo(); // no output - output is buffered ? it seems that the destructor is called when output buffering is still deactivated but the connection to the client is active. i consider it a bit strange that output buffering is deactivated when there is still the possibility of passing something to the browser. greets aRZed -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] New PHP tutorial - suggestions welcome
Hi there, I've written a short PHP tutorial and am looking for input - does it cover enough ground? Is it hard to use as a reference? Does it get too technical? Anyway, if you have any ideas as to how it can be improved, I'd be happy to hear from you. The URL is http://www.hudzilla.org/php and my email address is [EMAIL PROTECTED] Thanks for your time! Paul -- www.hudzilla.org -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: New PHP tutorial - suggestions welcome
Paul Hudson wrote: I've written a short PHP tutorial and am looking for input - does it cover enough ground? Is it hard to use as a reference? Does it get too technical? Anyway, if you have any ideas as to how it can be improved, I'd be happy to hear from you. The URL is http://www.hudzilla.org/php and my email address is [EMAIL PROTECTED] Looks nice :l One thing: replace weakly typed with loosely typed in http://www.hudzilla.org/php/3_1_0.php (after the first red box) Good job, Scotty! Daniel -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php upload script problems
Hi, I have the following php page. The page just opens up blank and I assume I made an error I cannot see. I'm new to php and any help would be greatly appreciated: ?php $extlimit = yes; //Do you want to limit the extensions of files uploaded $limitedext = array(.pdf); //Extensions you want files uploaded limited to. $sizelimit = no; //Do you want a size limit, yes or no? $sizebytes = 20; //size limit in bytes $dl = http://www.corrige2.bluehill.com/pdfs;; //url where files are uploaded $absolute_path = http://www.corrige2.bluehill.com/pdfs;; //Absolute path to where files are uploaded Aside from what others have pointed out, your absolute path is not a file path at all. This will cause some problems later on in the script when you try to upload an image file to a URL instead of a file path. Jim Grill -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] redirecting to another page
Hi, What code do I use to redirect a user to a different page in php? Thanks -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: New PHP tutorial - suggestions welcome
--- Paul Hudson [EMAIL PROTECTED] wrote: I've written a short PHP tutorial and am looking for input - does it cover enough ground? Is it hard to use as a reference? Does it get too technical? Anyway, if you have any ideas as to how it can be improved, I'd be happy to hear from you. Well done. It looks like you put a lot of work into it. One suggestion I have is to leverage your medium - why not allow user comments on each page or even make the entire thing a wiki? I read a few pages and had a few comments to make, and this would be convenient if I could type them in as I think of them. I think this is one of the greatest things about the PHP manual. You could also try to point people toward other resources - for some topics, there are already numerous resources on the Web that are very good. These would be nice to include at the end of a particular topic, because getting multiple perspectives is always best for the reader. Hope that helps. Chris = Chris Shiflett - http://shiflett.org/ PHP Security - O'Reilly Coming December 2004 HTTP Developer's Handbook - Sams http://httphandbook.org/ PHP Community Site http://phpcommunity.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] redirecting to another page
eh hem,,, that is a great question to consult the manual... but as for a hint, search for header() Jason AMC [EMAIL PROTECTED] wrote: Hi, What code do I use to redirect a user to a different page in php? Thanks -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] redirecting to another page
--- AMC [EMAIL PROTECTED] wrote: What code do I use to redirect a user to a different page in php? There are several methods, but my favorite is to use a Location header which also changes the response status code. This method is transparent to the history mechanism, so users can still click the Back button. header('Location: http://example.org/'); Another method is to use the Refresh header, which also allows you to set a timer for the redirect. One disadvantage is that it can prevent a user from using the Back button. header('Refresh: 0; url=http://example.org/'); There are also client-side methods of redirecting the user, but this is a PHP list. :-) Hope that helps. Chris = Chris Shiflett - http://shiflett.org/ PHP Security - O'Reilly Coming December 2004 HTTP Developer's Handbook - Sams http://httphandbook.org/ PHP Community Site http://phpcommunity.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: simple templateing
* Mag [EMAIL PROTECTED]: I am searching for a REAL simple templateing class/package I have googled for this and basically SMARTY and PAT is too bulky, the people who will be using this script will be pretty dumb and all I can trust them to do would be something like this: header category contents footer and the template should have a cacheing feature... I use Smarty. The thing about Smarty is it can be as simple or as complex as you want it. I personally feel you could do exactly as you describe with it -- just tell your designers the bare minimum of what you will allow in a template. You might look into Savant as well -- but the idea behind Savant is that a template is simply another PHP page, only you do code related to display logic only. I don't believe it does caching, either (though I'm unsure of that point). PEAR also has a number of templating systems, and I'd be surprised if they don't do caching; look under the HTTP or HTML categories on PEAR for some possibilities. -- Matthew Weier O'Phinney | mailto:[EMAIL PROTECTED] Webmaster and IT Specialist | http://www.garden.org National Gardening Association| http://www.kidsgardening.com 802-863-5251 x156 | http://nationalgardenmonth.org -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Problems installing smarty on a shared host
Hi folks. I've recently moved my site to a shared host, and this is the first time I've had to set up my site in a really restrictive environment, and I'm running into problems getting smarty installed. Using the basic example set up from the Smarty docs, when I run the file I get the following error: Warning: main(Smarty.class.php): failed to open stream: No such file or directory in /home/virtual/site357/fst/var/www/html/smarty.php on line 4 Fatal error: main(): Failed opening required 'Smarty.class.php' (include_path='.:/php/includes:/usr/share/php:/home/pablogosse/smarty/') in /home/virtual/site357/fst/var/www/html/smarty.php on line 4 Now, as you can see by the value of my include path, I've got the path to smarty added, but it's still not finding the file even though /home/pablogosse/smarty/Smarty.class.php does indeed exist. Can anyone tell me why this is happening? As I said up until now I've been lucky enough to always have access to dedicated servers where setting this up was never a problem, but I know there's something I'm missing in understanding why this isn't working. Any help is appreciated. Cheers and TIA. Pablo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Problems installing smarty on a shared host
Pablo Gosse wrote: Hi folks. I've recently moved my site to a shared host, and this is the first time I've had to set up my site in a really restrictive environment, and I'm running into problems getting smarty installed. Using the basic example set up from the Smarty docs, when I run the file I get the following error: Warning: main(Smarty.class.php): failed to open stream: No such file or directory in /home/virtual/site357/fst/var/www/html/smarty.php on line 4 Fatal error: main(): Failed opening required 'Smarty.class.php' (include_path='.:/php/includes:/usr/share/php:/home/pablogosse/smarty/') in /home/virtual/site357/fst/var/www/html/smarty.php on line 4 You are including from file that is located in /home/virtual/site357/fst/var/www/html/, and the smarty class is in /home/pablogosse/smarty/? The paths seems strange, what if you try include_path = /home/virtual/site357/+ whatever is the relative path to Smarty.class.php from smarty.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: how to retrieve path to web server files
On Sat, 25 Sep 2004 14:29:27 +0200, M. Sokolewicz [EMAIL PROTECTED] wrote: $path = getcwd(); Amc wrote: Hi, How can I get the string that is the path to the directories on my web server? I need to upload some files, but don't know what to supply for the destination path. In asp I used server.mappath, but I'm new to php. Thanks, -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Jasper Howard - Database Administration ApexEleven.com 530 559 0107 --- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: how to retrieve path to web server files
$base_dir = $_SERVER['document_root'] On Sat, 25 Sep 2004 14:17:16 -0700, Jasper Howard [EMAIL PROTECTED] wrote: On Sat, 25 Sep 2004 14:29:27 +0200, M. Sokolewicz [EMAIL PROTECTED] wrote: $path = getcwd(); Amc wrote: Hi, How can I get the string that is the path to the directories on my web server? I need to upload some files, but don't know what to supply for the destination path. In asp I used server.mappath, but I'm new to php. Thanks, -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Jasper Howard - Database Administration ApexEleven.com 530 559 0107 --- -- Jasper Howard - Database Administration ApexEleven.com 530 559 0107 --- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Problems installing smarty on a shared host
I tried that and got the same error. I'm trying to place the smarty directories outside my webroot to minimize security risks, however given my experiences thus far, I don't really see that being possible. Would a viable solution perhaps to be to include the smarty directories in the webroot such that my scripts can access them, but to protect the directories via .htaccess to prevent direct execution of files from said directories, since my scripts will be including them but are themselves executed from valid locations? Cheers and TIA, Pablo -Original Message- From: Marek Kilimajer [mailto:[EMAIL PROTECTED] Sent: Saturday, September 25, 2004 1:52 PM To: Pablo Gosse Cc: [EMAIL PROTECTED] Subject: Re: [PHP] Problems installing smarty on a shared host Pablo Gosse wrote: Hi folks. I've recently moved my site to a shared host, and this is the first time I've had to set up my site in a really restrictive environment, and I'm running into problems getting smarty installed. Using the basic example set up from the Smarty docs, when I run the file I get the following error: Warning: main(Smarty.class.php): failed to open stream: No such file or directory in /home/virtual/site357/fst/var/www/html/smarty.php on line 4 Fatal error: main(): Failed opening required 'Smarty.class.php' (include_path='.:/php/includes:/usr/share/php:/home/pablogosse/smarty/') in /home/virtual/site357/fst/var/www/html/smarty.php on line 4 You are including from file that is located in /home/virtual/site357/fst/var/www/html/, and the smarty class is in /home/pablogosse/smarty/? The paths seems strange, what if you try include_path = /home/virtual/site357/+ whatever is the relative path to Smarty.class.php from smarty.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] ftp_put Problems
Hello, I need to use FTP to upload a local file to a server. The uploads must be done through FTP and not HTTP. Unfortunately, the example in the manual is not working for me. If someone has any suggestions I would really appreciate it. Thanks, Julian -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Problems installing smarty on a shared host
Pablo Gosse wrote: I tried that and got the same error. I'm trying to place the smarty directories outside my webroot to minimize security risks, however given my experiences thus far, I don't really see that being possible. It should not matter, unless open_basedir is in effect, but that would be another error. I would check if the directories are right, you can start by using relative path. Would a viable solution perhaps to be to include the smarty directories in the webroot such that my scripts can access them, but to protect the directories via .htaccess to prevent direct execution of files from said directories, since my scripts will be including them but are themselves executed from valid locations? Cheers and TIA, Pablo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] ftp_put Problems
Julian wrote: Hello, I need to use FTP to upload a local file to a server. The uploads must be done through FTP and not HTTP. Unfortunately, the example in the manual is not working for me. If someone has any suggestions I would really appreciate it. Not much information. There is not error checking in the example, try this and tell us the output: $file = 'somefile.txt'; $remote_file = 'readme.txt'; // set up basic connection $conn_id = ftp_connect($ftp_server); if(!$conn_id) die(Could not open connection to $ftp_server); // login with username and password $login_result = ftp_login($conn_id, $ftp_user_name, $ftp_user_pass); if(!$login_result) die(Could not login as user $ftp_user_name); // upload a file if (ftp_put($conn_id, $remote_file, $file, FTP_ASCII)) { echo successfully uploaded $file\n; } else { echo There was a problem while uploading $file\n; } // close the connection ftp_close($conn_id); -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] ftp_put Problems
Maybe I should be more specific about what I am trying to do. I may be way off base in my approach. I want to upload using ftp a file from my local c drive (c:\somefile.text) to my server. I have been trying the ftp_put function example in the manual and it is failing. It reports There was a problem uploading the file. Any suggestions would be greatly appreciated. Thanks, Julian Marek Kilimajer [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Julian wrote: Hello, I need to use FTP to upload a local file to a server. The uploads must be done through FTP and not HTTP. Unfortunately, the example in the manual is not working for me. If someone has any suggestions I would really appreciate it. Not much information. There is not error checking in the example, try this and tell us the output: $file = 'somefile.txt'; $remote_file = 'readme.txt'; // set up basic connection $conn_id = ftp_connect($ftp_server); if(!$conn_id) die(Could not open connection to $ftp_server); // login with username and password $login_result = ftp_login($conn_id, $ftp_user_name, $ftp_user_pass); if(!$login_result) die(Could not login as user $ftp_user_name); // upload a file if (ftp_put($conn_id, $remote_file, $file, FTP_ASCII)) { echo successfully uploaded $file\n; } else { echo There was a problem while uploading $file\n; } // close the connection ftp_close($conn_id); -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Problems installing smarty on a shared host
[snip] I'm trying to place the smarty directories outside my webroot to minimize security risks, however given my experiences thus far, I don't really see that being possible. It should not matter, unless open_basedir is in effect, but that would be another error. I would check if the directories are right, you can start by using relative path. [/snip] It appears I've found the problem. I used passthru(ls -l [dirname],$ret) to start reading from /home all the way up through the following: /home/ /home/virtual/ /home/virtual/site357/ /home/virtual/site357/fst/ and all returned complete directory listings and a return code of 0. Now, when I read through /home/virtual/site357/fst/var/ /home/virtual/site357/fst/var/www/ /home/virtual/site357/fst/var/www/html/ I see the files that I would see when I SSH in and ls -l the following paths: /var/ /var/www/ /var/www/html/ HOWEVER, when I attempt the passthru call on /home/virtual/site357/fst/home/ I get no results back, and the return code is 1. So it appears scripts running under the apache user cannot access that folder or anything beneath it Any ideas? Cheers and TIA. Pablo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] ftp_put Problems
On Sunday 26 September 2004 06:38, Julian wrote: Maybe I should be more specific about what I am trying to do. I may be way off base in my approach. I want to upload using ftp a file from my local c drive (c:\somefile.text) to my server. I have been trying the ftp_put function example in the manual and it is failing. It reports There was a problem uploading the file. If the script is running on the server then yes you're way off base. Remember the ftp_*() functions operate relative to where the script is running. What exactly is it you're trying to do? -- Jason Wong - Gremlins Associates - www.gremlins.biz Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general -- /* Laughter is the closest distance between two people. -- Victor Borge */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Problems installing smarty on a shared host
[snip] It should not matter, unless open_basedir is in effect, but that would be another error. I would check if the directories are right, you can start by using relative path. [/snip] Just the relative path from smarty.php, ../../../home/pablogosse/smarty/Smarty.class.php And I get a permission denied error. So it appears for sure that I can't read anything inside my home directory, or outside the webroot it would seem. Any ideas? Cheers and TIA, Pablo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] ftp_put Problems
i am trying to get a file from my local c drive to my server using something other than a form. thanks, julian Jason Wong [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] On Sunday 26 September 2004 06:38, Julian wrote: Maybe I should be more specific about what I am trying to do. I may be way off base in my approach. I want to upload using ftp a file from my local c drive (c:\somefile.text) to my server. I have been trying the ftp_put function example in the manual and it is failing. It reports There was a problem uploading the file. If the script is running on the server then yes you're way off base. Remember the ftp_*() functions operate relative to where the script is running. What exactly is it you're trying to do? -- Jason Wong - Gremlins Associates - www.gremlins.biz Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general -- /* Laughter is the closest distance between two people. -- Victor Borge */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Problems installing smarty on a shared host
Pablo Gosse wrote: [snip] It should not matter, unless open_basedir is in effect, but that would be another error. I would check if the directories are right, you can start by using relative path. [/snip] Just the relative path from smarty.php, ../../../home/pablogosse/smarty/Smarty.class.php And I get a permission denied error. So it appears for sure that I can't read anything inside my home directory, or outside the webroot it would seem. Any ideas? Then put it in webroot. You should protect template and compiled template directories using .htaccess. Smarty.class.php does not really matter, it only defines a class. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] ftp_put Problems
Julian wrote: i am trying to get a file from my local c drive to my server using something other than a form. Hmm, you can run an ftp server on your local machine and use php script on the server to retrieve the files. http server will work just as well. Is this what you want? thanks, julian Jason Wong [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] On Sunday 26 September 2004 06:38, Julian wrote: Maybe I should be more specific about what I am trying to do. I may be way off base in my approach. I want to upload using ftp a file from my local c drive (c:\somefile.text) to my server. I have been trying the ftp_put function example in the manual and it is failing. It reports There was a problem uploading the file. If the script is running on the server then yes you're way off base. Remember the ftp_*() functions operate relative to where the script is running. What exactly is it you're trying to do? -- Jason Wong - Gremlins Associates - www.gremlins.biz Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general -- /* Laughter is the closest distance between two people. -- Victor Borge */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] ftp_put Problems
well, i suspect i am at a dead end. here is the layout of things. we want to put up an internet kiosk at certain thoroughbred auctions to allow people to send ecards as well as contact associates. we have a web cam on the kiosk and a partner came up with the idea of letting them send photos of themselves as well. the problem is i cannot find a way to use the form type FILE without giving the user access to everything on the kiosk computer. try as i might i cannot get around that browse button. so i thought i would try the ftp functions which i am totally unfamiliar with. i do truly appreciate the time you and others took to look into this. julian Marek Kilimajer [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Julian wrote: i am trying to get a file from my local c drive to my server using something other than a form. Hmm, you can run an ftp server on your local machine and use php script on the server to retrieve the files. http server will work just as well. Is this what you want? thanks, julian Jason Wong [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] On Sunday 26 September 2004 06:38, Julian wrote: Maybe I should be more specific about what I am trying to do. I may be way off base in my approach. I want to upload using ftp a file from my local c drive (c:\somefile.text) to my server. I have been trying the ftp_put function example in the manual and it is failing. It reports There was a problem uploading the file. If the script is running on the server then yes you're way off base. Remember the ftp_*() functions operate relative to where the script is running. What exactly is it you're trying to do? -- Jason Wong - Gremlins Associates - www.gremlins.biz Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general -- /* Laughter is the closest distance between two people. -- Victor Borge */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Problems installing smarty on a shared host
* Thus wrote Pablo Gosse: Hi folks. I've recently moved my site to a shared host, and this is the first time I've had to set up my site in a really restrictive environment, and I'm running into problems getting smarty installed. Using the basic example set up from the Smarty docs, when I run the file I get the following error: Warning: main(Smarty.class.php): failed to open stream: No such file or directory in /home/virtual/site357/fst/var/www/html/smarty.php on line 4 Fatal error: main(): Failed opening required 'Smarty.class.php' (include_path='.:/php/includes:/usr/share/php:/home/pablogosse/smarty/') in /home/virtual/site357/fst/var/www/html/smarty.php on line 4 Now, as you can see by the value of my include path, I've got the path to smarty added, but it's still not finding the file even though /home/pablogosse/smarty/Smarty.class.php does indeed exist. You'll probably notice that the permissions for /home/pablogosse are like: drwxr-x--- with user:group pablogosse:pablogosse If you have permissions to, i would set up a directory like: /home/virtual/site357/fst/var/include/smarty/ And then set the include_path appropriatly. Curt -- The above comments may offend you. flame at will. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] ftp_put Problems
Julian wrote: well, i suspect i am at a dead end. here is the layout of things. we want to put up an internet kiosk at certain thoroughbred auctions to allow people to send ecards as well as contact associates. we have a web cam on the kiosk and a partner came up with the idea of letting them send photos of themselves as well. the problem is i cannot find a way to use the form type FILE without giving the user access to everything on the kiosk computer. try as i might i cannot get around that browse button. so i thought i would try the ftp functions which i am totally unfamiliar with. i do truly appreciate the time you and others took to look into this. You can setup a apache and php on the kiosk machine. Document root will be the folder where the webcam stores images, or just one directory up. You can create a simple php script that will let them browse the pictures (only the pictures :)), or not so simple that will allow them to make some adjustments to the pictures using image functions. When everything is ready, with a press of a button then can mail the ecards. What would be done on the server will do the kiosk. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Problems installing smarty on a shared host
[snip] You'll probably notice that the permissions for /home/pablogosse are like: drwxr-x--- with user:group pablogosse:pablogosse If you have permissions to, i would set up a directory like: /home/virtual/site357/fst/var/include/smarty/ And then set the include_path appropriatly. [/snip] Unfortunately I don't have write access to /var as it is owned by root. I've just discovered another thing which makes me even more nervous. I just wrote a script as a quick test and I was able to use file_get_contents to read a file out of another user's webroot. So, anyone who is storing passwords or other valuable information under their webroot risks having that information being easily accessible to anyone else hosting here. As I said earlier, most of my experience until now has been in situations where the sites I've worked on have been hosted on dedicated servers, and this has never been a problem. Is this a common set up for shared hosting? Is there any way around this? Cheers and TIA, Pablo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] ftp_put Problems
Julian wrote: i am trying to get a file from my local c drive to my server using something other than a form. This is pretty much an impossible task for server side scripting. You can perhaps use an applet to upload either via FTP or HTTP. but marek's last mail is probably the best solution. -- Raditha Dissanayake. http://www.radinks.com/sftp/ | http://www.raditha.com/megaupload Lean and mean Secure FTP applet with | Mega Upload - PHP file uploader Graphical User Inteface. Just 128 KB | with progress bar. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] is that possible with Objects in php 4 or php5 ?
Alawi Albaity wrote: I have object A and object B that extended from object A and have it Own abilities and object C that extended from object A and have it Own abilities I want to use the abilities of object B on object C and abilities of object C on object B , but the problem that what found out is that I must merge this classes with the original class together so I can do all abilities . this is not work out with me if I have to merge big class , so is there any possibility to do that so I can win the abilities of this two classes together without merge ? Shor answer no: long answer: you can use an interface to describe the behaviour of class B and implement that interface in class C so that class C can be made to behave like class B does. Having said all that if you want class B to behave like class C there is a problem in the design and any time spent now in rectifying the issue (possibly by mering the two classes) will definitely save you countless hours of hair pulling in the future. -- Raditha Dissanayake. http://www.radinks.com/sftp/ | http://www.raditha.com/megaupload Lean and mean Secure FTP applet with | Mega Upload - PHP file uploader Graphical User Inteface. Just 128 KB | with progress bar. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Conceptual ?: using 'multi-purpose' form for validation
I can get a single form to call itself again if there's nothing fancy going on. This code will prompt the user for their mail if it doesn't already exist, and if the email does exist, provides some data out of database. ?php if ( !isset($_POST['email']) ): ? !-- No email, so prompt the user for one.-- form action=?=$_SERVER['PHP_SELF']? method=post Login: input type=text name=email / input type=submit value=GO / /form ?php else: ? pData for email: ?=$_GET['email']?/p // do some database stuff and display the results ?php endif; ? I'd like to validate the email that was entered against a database - if the email address is found, continue on with the ELSE code. If not found, though, run the IF section again. Conceptually I'm missing how to do that. I've done it in two pages, where the form action calls a second PHP page, and the code in that second page looks for the address and displays one result or another depending on if it's found. How do I do this in one page, if it's appropriate and practical (i.e. good coding) to do so? Thanks, Whil -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] php security on shared hosts
Hi folks. I recently set up hosting for my site and have noticed something which is making me nervous. I can't seem to include files outside of my webroot, so I wrote a script to test permissions using passthru to output the results of a bunch of ls -la commands to see what I did and did not have access to. Eventually I was able to read the directory which holds the root folders for all sites on the server, and from there I was able to read files (revealing the php source) from the webroot of another site. This to me is a huge security issue since if anyone has any sensitive information there, it could easily be accessed by anyone else hosting on the same server. And because I can't seem to include files from outside my webroot, if I stay with this company I'll be forced to include information such as database passwords inside my webroot, therefore exposing the information to every other user on the server, and that's just not acceptable. All of my experience until now has been in situations where the sites I've worked on have been hosted on dedicated servers, so this has never been a problem. Is this a common set up for shared hosting? Is there any way around this? Cheers and TIA. Pablo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php security on shared hosts
Pablo, As a shared hosting company myself (http://www.simplenet.com/), I can guarantee that is not the way it is supposed to be. We make sure that can't happen by running in Safe mode, using the open_basedir directive, and making sure the directory tree has the correct permissions so the situation you described cannot happen. So, I'd say that your shared host is doing a poor job of implementing PHP. Tim. At 08:31 PM 9/25/2004, Pablo Gosse wrote: Hi folks. I recently set up hosting for my site and have noticed something which is making me nervous. I can't seem to include files outside of my webroot, so I wrote a script to test permissions using passthru to output the results of a bunch of ls -la commands to see what I did and did not have access to. Eventually I was able to read the directory which holds the root folders for all sites on the server, and from there I was able to read files (revealing the php source) from the webroot of another site. This to me is a huge security issue since if anyone has any sensitive information there, it could easily be accessed by anyone else hosting on the same server. And because I can't seem to include files from outside my webroot, if I stay with this company I'll be forced to include information such as database passwords inside my webroot, therefore exposing the information to every other user on the server, and that's just not acceptable. All of my experience until now has been in situations where the sites I've worked on have been hosted on dedicated servers, so this has never been a problem. Is this a common set up for shared hosting? Is there any way around this? Cheers and TIA. Pablo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php SimpleNet's Back ! http://www.simplenet.com
[PHP] Server's IP Adress
Greetings, How can I get Server's IP address? I know $_SERVER[SERVER_ADDRSS] but this do not work all the time. Is there any other method? Thanks a ton in advance. Kevin. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Server's IP Adress
You can use getbyhostname() func. --- Kevin Javia [EMAIL PROTECTED] wrote: Greetings, How can I get Server's IP address? I know $_SERVER[SERVER_ADDRSS] but this do not work all the time. Is there any other method? Thanks a ton in advance. Kevin. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php = -DIGITAL SIGNATURE--- ///Mohsen Pahlevanzadeh Network administrator programmer My home phone is: +98213810146 My email address is m_pahlevanzadeh at yahoo dot com My website is: http://webnegar.net __ Do you Yahoo!? New and Improved Yahoo! Mail - Send 10MB messages! http://promotions.yahoo.com/new_mail -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: New PHP tutorial - suggestions welcome
Consistently crashes my Netscape 4.8 (circa 2003). yeah, I still use it, because I prefer its news reader. Very few attacks on this mature mail program. That said, you're forcing me to use IE6 :-| -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: New PHP tutorial - suggestions welcome
On Sunday 26 September 2004 12:32 am, John Taylor-Johnston wrote: Consistently crashes my Netscape 4.8 (circa 2003). yeah, I still use it, because I prefer its news reader. Very few attacks on this mature mail program. That said, you're forcing me to use IE6 :-| No one is forcing you to use anything. You made your own choice to use an older browser. His site works great with Mozilla 1.4 on Linux an Mozilla 1.7.1 on Windows -- Jack The Rhino Gates, Registered Linux user #342662 Morning Star Communications, www.morningstarcom.net Web Hosting, Site Design, Domain Registration, VMware Workstation Software and GSX Server Software -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php security on shared hosts
--- Pablo Gosse [EMAIL PROTECTED] wrote: Hi folks. I recently set up hosting for my site and have noticed something which is making me nervous. I can't seem to include files outside of my webroot, so I wrote a script to test permissions using passthru to output the results of a bunch of ls -la commands to see what I did and did not have access to. Eventually I was able to read the directory which holds the root folders for all sites on the server, and from there I was able to read files (revealing the php source) from the webroot of another site. This to me is a huge security issue since if anyone has any sensitive information there, it could easily be accessed by anyone else hosting on the same server. And because I can't seem to include files from outside my webroot, if I stay with this company I'll be forced to include information such as database passwords inside my webroot, therefore exposing the information to every other user on the server, and that's just not acceptable. I just published a free article on my Web site about shared hosting: http://shiflett.org/articles/security-corner-mar2004 In short, what you've found is typical for most shared hosts, and safe_mode (a directive created to help mitigate this problem a bit) does little to help. However, there are some things you can do as a developer, and I give some specific examples. Hope that helps. Chris = Chris Shiflett - http://shiflett.org/ PHP Security - O'Reilly Coming December 2004 HTTP Developer's Handbook - Sams http://httphandbook.org/ PHP Community Site http://phpcommunity.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php security on shared hosts
--- Tim Traver [EMAIL PROTECTED] wrote: I can guarantee that is not the way it is supposed to be. We make sure that can't happen by running in Safe mode, using the open_basedir directive, and making sure the directory tree has the correct permissions so the situation you described cannot happen. The safe_mode and open_basedir directives are certainly no protection. I'm curious what sort of permissions you are using that prevents this scenario, since it seems impossible to me. If the legitimate developer can include code using include or require, it means the Web server must be able to read those files. The exception would be if you're running each user in a chroot jail or something, mimicking a dedicated environment. So, I'd say that your shared host is doing a poor job of implementing PHP. I used to think the same, but I've changed my mind, because: 1. safe_mode is no protection. 2. Many prepackaged PHP applications don't work with safe_mode enabled. Hope that helps. Chris = Chris Shiflett - http://shiflett.org/ PHP Security - O'Reilly Coming December 2004 HTTP Developer's Handbook - Sams http://httphandbook.org/ PHP Community Site http://phpcommunity.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php