php-general Digest 20 Jun 2005 11:42:07 -0000 Issue 3522
php-general Digest 20 Jun 2005 11:42:07 - Issue 3522 Topics (messages 217200 through 217214): Re: comparing two texts 217200 by: jenny mathew 217203 by: Jochem Maas 217207 by: JamesBenson Returned mail: see transcript for details 217201 by: MAILER-DAEMON Re: Fshockopen error while opening a https stream urgent help needed 217202 by: choksi SIMPLExml problem 217204 by: Cruonit 217205 by: Cruonit 217206 by: Cruonit 217208 by: Paul Waring 217214 by: Jochem Maas Allowed memory size of 217209 by: david forums Re: rename 217210 by: JamesBenson Re: possible jscript/php/frames question!! 217211 by: JamesBenson file upload 217212 by: Han Re: Permission argh! 217213 by: Jochem Maas Administrivia: To subscribe to the digest, e-mail: [EMAIL PROTECTED] To unsubscribe from the digest, e-mail: [EMAIL PROTECTED] To post to the list, e-mail: php-general@lists.php.net -- ---BeginMessage--- so,what what should i conclude .it is not possible to compare two texts and hight the difference at this moment. thanks. Yours , Jenny On 6/19/05, Robert Cummings [EMAIL PROTECTED] wrote: On Sun, 2005-06-19 at 12:33, M. Sokolewicz wrote: Robert Cummings wrote: On Sun, 2005-06-19 at 09:22, M. Sokolewicz wrote: jenny mathew wrote: Untested, very crude: ?php $maxlen = max(strlen($text1), strlen($text2)); for ($i = 0; $i $maxlen; $i++){ if (@$text1[$i] == @$text2[$i]) echo @$text1[$i]; else @echo font color=red$text1[$i]|$text2[$i]/font; } ? donot you think you program will just bring the server to its foot ,if the text message encountered is very large of order of 40 KB or larger.is http://larger.ishttp://larger.isthere any other efficient method. 40KB isn't large... now, when you're talking about hundreds of MBs of text, then it gets large :) 40KB, with that method, is nothing... It's a bit of a dirty hack though. If I compare a 2 character text against a 40k text, the error handler will be invoked (39998 * 3) times if $text1 is the 2 byte string. That's extremely inefficient. I don't think I've ever seen error suppression abused so badly to prevent writing an extra line or 2 using isset(). Cheers, Rob. I agree with what you said fully; however, even though that's the case, and it indeed could be written a lot faster and cleaner, it would not pose a problem on most systems. That was the point I tried to make ;) Oh absolutely, 40k is tiny :) Just never seen error suppression used for such mundane processing. Now if we up it to 2 chars and 5 megs :) With a custom user space error handler in the background... ugh. Cheers, Rob. -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php ---End Message--- ---BeginMessage--- jenny mathew wrote: so,what what should i conclude .it is not possible to compare two texts and hight the difference at this moment. 1. conclude whatever the you like 2. 'hight' is not an english word (I guess you mean highlight) 3. actually it is possible but you have to write some code 4. nobody will be writing a compare_these_two_strings_and_show_the_differences_in_a_complete_webpage_styled_the_way_I_like_it() function for php anytime soon. 5. go read about 'DIFF' like I said the first time. thanks. Yours , humour class=monday, crass, dark, sexist with regard to the concept of 'objectification of women' you might consider another sign off than 'Yours' - or maybe you want to be 0wn3d? /humour Jenny On 6/19/05, Robert Cummings [EMAIL PROTECTED] wrote: On Sun, 2005-06-19 at 12:33, M. Sokolewicz wrote: Robert Cummings wrote: On Sun, 2005-06-19 at 09:22, M. Sokolewicz wrote: jenny mathew wrote: Untested, very crude: ?php $maxlen = max(strlen($text1), strlen($text2)); for ($i = 0; $i $maxlen; $i++){ if (@$text1[$i] == @$text2[$i]) echo @$text1[$i]; else @echo font color=red$text1[$i]|$text2[$i]/font; } ? donot you think you program will just bring the server to its foot ,if the text message encountered is very large of order of 40 KB or larger.is http://larger.ishttp://larger.isthere any other efficient method. 40KB isn't large... now, when
[PHP] Returned mail: see transcript for details
The original message was included as attachment -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Fshockopen error while opening a https stream urgent help needed
Hi i have changed the re-complile php openssl but now its giving me connection refused error. Warning: fsockopen() [function.fsockopenhttps://192.168.0.85/voip/function.fsockopen]: unable to connect to ssl://192.168.65.20:443 (Connection refused) in * /www/htdocs/voip/api_class.php* on line *323* Now I really wonder what could be the issue dhaval On 17/06/05, JamesBenson [EMAIL PROTECTED] wrote: You pointed the configure line to the source files and not the installed version of openssl, you should compile and install openssl first, change... --with-openssl-dir=/usr/local/src/webserver/openssl-0.9.7d to... --with-openssl-dir=/usr/local Or wherever you installed openssl, /usr/local is default, it will then find all openssl files in /usr/local/lib and wherever else it needs but openssl needs to be compiled installed then linked by PHP from an installed version and NOT the origanal source files. James choksi wrote: Hello All I am running PHP5.0.2 over apache 1.3.29 and openssl-0.9.7d on a Debian Php Configure command './configure' '--with-apxs=/www/bin/apxs' '--with-openssl-dir=/usr/local/src/webserver/openssl-0.9.7d/' '--enable-trans-sid' '--disable-libxml' Registered PHP Streams : php, file, http, ftp Registered Stream Socket Transports : tcp, udp, unix, udg allow_url_fopen : On On Now when i try to open a https url via it gives me this error [Wed Jun 15 19:03:36 2005] [error] PHP Warning: fsockopen() [a href='function.fsockopen'function.fsockopen/a]: unable to connect to ssl:// 192.168.0.10:443 http://192.168.0.10:443 http://www.google.com/url?sa=Dq=http://www.testcall.com:443(Unable to find the socket transport quot;sslquot; - did you forget to enable it when you configured PHP?) in /www/htdocs/testcon.php on line 2 I am trying to fix this from last few days but not successful can some please help me its very urgent. Do I need to register ssl and https as registered php streams? and if so how do i register them. Thankyou Regards Dhaval Choksi -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Rgds Choksi
Re: [PHP] comparing two texts
jenny mathew wrote: so,what what should i conclude .it is not possible to compare two texts and hight the difference at this moment. 1. conclude whatever the you like 2. 'hight' is not an english word (I guess you mean highlight) 3. actually it is possible but you have to write some code 4. nobody will be writing a compare_these_two_strings_and_show_the_differences_in_a_complete_webpage_styled_the_way_I_like_it() function for php anytime soon. 5. go read about 'DIFF' like I said the first time. thanks. Yours , humour class=monday, crass, dark, sexist with regard to the concept of 'objectification of women' you might consider another sign off than 'Yours' - or maybe you want to be 0wn3d? /humour Jenny On 6/19/05, Robert Cummings [EMAIL PROTECTED] wrote: On Sun, 2005-06-19 at 12:33, M. Sokolewicz wrote: Robert Cummings wrote: On Sun, 2005-06-19 at 09:22, M. Sokolewicz wrote: jenny mathew wrote: Untested, very crude: ?php $maxlen = max(strlen($text1), strlen($text2)); for ($i = 0; $i $maxlen; $i++){ if (@$text1[$i] == @$text2[$i]) echo @$text1[$i]; else @echo font color=red$text1[$i]|$text2[$i]/font; } ? donot you think you program will just bring the server to its foot ,if the text message encountered is very large of order of 40 KB or larger.is http://larger.ishttp://larger.isthere any other efficient method. 40KB isn't large... now, when you're talking about hundreds of MBs of text, then it gets large :) 40KB, with that method, is nothing... It's a bit of a dirty hack though. If I compare a 2 character text against a 40k text, the error handler will be invoked (39998 * 3) times if $text1 is the 2 byte string. That's extremely inefficient. I don't think I've ever seen error suppression abused so badly to prevent writing an extra line or 2 using isset(). Cheers, Rob. I agree with what you said fully; however, even though that's the case, and it indeed could be written a lot faster and cleaner, it would not pose a problem on most systems. That was the point I tried to make ;) Oh absolutely, 40k is tiny :) Just never seen error suppression used for such mundane processing. Now if we up it to 2 chars and 5 megs :) With a custom user space error handler in the background... ugh. Cheers, Rob. -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] SIMPLExml problem....
I tryed this simple PHP script that uses SimpleXML control: ?php $users = simplexml_load_file('baza.xml'); echo $users - name; ? and i got: Fatal error: Cannot clone object of class SimpleXMLElement due to 'zend.ze1_compatibility_mode' in /mnt/storage/users/w/i/p/wipe/formular.php on line 381 i tryed the same code on 3 other servers including my localhost and it works (the versions where PHP 5.04 and on the server with the problem it's 5.03) i searched google but i didn't got the answer... http://wipe.host.sk http://bihnet.org/Cruonit/wipe/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] SIMPLExml problem....
I tryed this simple PHP script that uses SimpleXML control: ?php $users = simplexml_load_file('baza.xml'); echo $users - name; ? and i got: Fatal error: Cannot clone object of class SimpleXMLElement due to 'zend.ze1_compatibility_mode' in /mnt/storage/users/w/i/p/wipe/formular.php on line 381 i tryed the same code on 3 other servers including my localhost and it works (the versions where PHP 5.04 and on the server with the problem it's 5.03) i searched google but i didn't got the answer... http://wipe.host.sk http://bihnet.org/Cruonit/wipe/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] SIMPLExml problem....
I tryed this simple PHP script that uses SimpleXML control: ?php $users = simplexml_load_file('baza.xml'); echo $users - name; ? and i got: Fatal error: Cannot clone object of class SimpleXMLElement due to 'zend.ze1_compatibility_mode' in /mnt/storage/users/w/i/p/wipe/formular.php on line 381 i tryed the same code on 3 other servers including my localhost and it works (the versions where PHP 5.04 and on the server with the problem it's 5.03) i searched google but i didn't got the answer... http://wipe.host.sk http://bihnet.org/Cruonit/wipe/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] comparing two texts
I saw a function in the php manual the other day which displays the difference as a percentage, for instance two strings, foo foos would be maybe 90% match, not sure thats what you mean though, you can always do a str_replace like so, $string1 = 'foo'; $string2 = 'foos'; $string = (str_replace($string1, , $string2)); echo $string; The difference being one letter in this case, the letter 's', whether that would work for what your after im not sure because it would depend on string1 containg string in the same order but not work for random characters. jenny mathew wrote: so,what what should i conclude .it is not possible to compare two texts and hight the difference at this moment. thanks. Yours , Jenny On 6/19/05, Robert Cummings [EMAIL PROTECTED] wrote: On Sun, 2005-06-19 at 12:33, M. Sokolewicz wrote: Robert Cummings wrote: On Sun, 2005-06-19 at 09:22, M. Sokolewicz wrote: jenny mathew wrote: Untested, very crude: ?php $maxlen = max(strlen($text1), strlen($text2)); for ($i = 0; $i $maxlen; $i++){ if (@$text1[$i] == @$text2[$i]) echo @$text1[$i]; else @echo font color=red$text1[$i]|$text2[$i]/font; } ? donot you think you program will just bring the server to its foot ,if the text message encountered is very large of order of 40 KB or larger.is http://larger.ishttp://larger.isthere any other efficient method. 40KB isn't large... now, when you're talking about hundreds of MBs of text, then it gets large :) 40KB, with that method, is nothing... It's a bit of a dirty hack though. If I compare a 2 character text against a 40k text, the error handler will be invoked (39998 * 3) times if $text1 is the 2 byte string. That's extremely inefficient. I don't think I've ever seen error suppression abused so badly to prevent writing an extra line or 2 using isset(). Cheers, Rob. I agree with what you said fully; however, even though that's the case, and it indeed could be written a lot faster and cleaner, it would not pose a problem on most systems. That was the point I tried to make ;) Oh absolutely, 40k is tiny :) Just never seen error suppression used for such mundane processing. Now if we up it to 2 chars and 5 megs :) With a custom user space error handler in the background... ugh. Cheers, Rob. -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] SIMPLExml problem....
On Mon, Jun 20, 2005 at 10:48:41AM +0200, Cruonit wrote: I tryed this simple PHP script that uses SimpleXML control: snip In future, please don't post the same thing to the list three times, there really is no point. If your post isn't showing up, at least have the patience to wait a few minutes before re-sending if you think it hasn't got through. Paul -- Rogue Tory http://www.roguetory.org.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Allowed memory size of
Hello I got the following message. PHP Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 69505726 bytes) I read on several forums to increase the size of the memory limit in php.ini. As you can wee which as already be done cause 13421772869505726. But I still get the message. I'll like to understand and find how to do. The aim of this script is to get a big file (69MB) and to encrypt (using mcrypt). then to send it by ftp. Thanks for your helps david -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: rename
Well, why not first check for existance of the file then check if its able to write to the new location, do something like, if(!file_exists('/my/file/name')) { echo 'File does not exist'; } if(!is_writable('/my/new/file/name')) { echo 'Destination dir is not writable'; } then finally check if the actual file was renamed or not, what else would you need to check for? Mister Jack wrote: Hi, I would like to know precisely what rename do in case of error. any link for that ? I do a : @rename($old, $new), what happens if I run out of space ? is the rename just an alias for C function library ? thanks -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: possible jscript/php/frames question!!
Ive never seen this happen with an image map. Dont this work? MAP Name=mymap AREA Shape=rect Coords=25,180,125,280 Href=http://www.example.com; /MAP IMG Src=/images/imagemap.gif Width=500 Height=300 Alt=Image Map Usemap=#mymap bruce wrote: hi... i've got a problem where i'm trying to play with imagemaps. i created a test image map, but when i select inside the image map, i 'see' the ?x,y from the imagemap, appended to the url in the browser address bar... i get http://foo.com?3,5 etc... is there a way to prevent this from occuring?? i'd like to be able to select the imagemap, get the coordinate, and not have the x,y mouse coordinate show up in the address bar... i thought i could use an onClick, and go to a javascript function, but i couldn't figure out how to get the mouse coordinates within the jscript function. if i slammed all this inside a frame, would that prevent the url-x,y information from being displayed?? my sample code is below... thanks -bruce [EMAIL PROTECTED] --- [EMAIL PROTECTED] site]# cat map.php ? /* test for image maps... */ ? ? $_self = $_SERVER['PHP_SELF']; ? html body script language=javascript type=text/javascript !-- function foo1(q) { // str = window.location.search // document.write(fff +q+br); // location.href=map.php; // return true; } function foo(e) { //q = q+1; mX = event.clientX; mY = event.clientY; // str = window.location.search document.write(fff +mX+ y= +mY+br); location.href=map.php; return true; } // -- /script !-- centera href=?=$_self;?img -- center !-- a href=?=$_self;? onclick =alert(self.location.search); return false -- a href=ff.php onclick= img src=imagemap.gif ISMAP/a/center p script language=javascript type=text/javascript !-- str = location.search if(str) { document.write(fff +str+br); //location.href=map.php; } // -- /script /body /html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] file upload
Hello, I'm having a problem with a file upload. The following works on one server I use : - --- function add_me(){ global $filename; global $maxFileSize; global $yourdirectory; // put this in a file that is called by your webpage with a form // use the form file input type and call it 'file' $maxFileSize = 204800; $filename = $_FILES['file']['tmp_name']; echo f is .$filename; if (file_exists($filename)) { // open the file $handle = fopen($filename, r); // 1. read the file in line by line while (!feof($handle)) { $buffer = fgets($handle, 4096); // if you were reading a text file you can // do any operations on each line as you go here } // 2. otherwise just read the whole file // in one go, e.g. for an image. $buffer = fgets($handle, 4096); // then you can write to the database or // do whatever with it here // close the file fclose($handle); } $uploaddir = '/home/folder1/htdocs/folder2/'.myfolder.'/'; echo BRYYY .$uploaddir; $uploadfile2 = $_FILES['file']['tmp_name']; $uploadfile2 = preg_replace(/\/tmp\//, , $uploadfile2); $uploadfile = $uploaddir . $uploadfile2 ..gif; //$$uploadfile2 =~ s/\/[a-zA-Z]\///g; //print pre; if (move_uploaded_file($_FILES['file']['tmp_name'], $uploadfile)) { print File is valid, and was successfully uploaded. ; } else { print Possible file upload attack! Here's some debugging info:\n; } //print /pre$uploadfile; chmod($uploadfile,0777); -- But when I use this same code on a different server, it doesn't work as there seem to be no $_FILES['file']['tmp_name']. Is $_FILES['file']['tmp_name'] something configured by the server (I'm using Apache on a Linux system), or something default within PHP itself? Han. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Permission argh!
Andy Pieters wrote: Hi all I am in the process of creating an installer for my php application. During the test proces, it does this: isdir(root)?create dir root ok?chmod 0777 isdir(root/child)?create dir root/child ok?chmod 0777 isdir(root/child/grandchild)?create dir root/child/grandchild ok?chmod 0777 The script fails on the grandchild part: when you are testing your script does 'child' already exist? does the chmod(777) actually change the perms? what dirs exists before you start the test? (and what are the perms?) ... try doing an 'ls -Rt' on the 'root' dir. stat failed for /root/child/grandchild (errno=13 - Permission denied) when I try to force the hand and create it anyway: mkdir() failed (Permission denied) The files/directories are owned by the 'nobody' user... the same as the apachephp user. Anybody know how to remedy this problem? With kind regards Andy -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] SIMPLExml problem....
Cruonit wrote: I tryed this simple PHP script that uses SimpleXML control: ?php $users = simplexml_load_file('baza.xml'); echo $users - name; ? and i got: Fatal error: Cannot clone object of class SimpleXMLElement due to 'zend.ze1_compatibility_mode' in /mnt/storage/users/w/i/p/wipe/formular.php on line 381 a, zend.ze1_compatibility_mode is a php.ini setting - it needs to off in your case. b, your test script is 3 lines ... which begs the question of where the other 378 lines are? are you maybe using auto_prepend to include stuff automatically? i tryed the same code on 3 other servers including my localhost and it works (the versions where PHP 5.04 and on the server with the problem it's 5.03) i searched google but i didn't got the answer... http://wipe.host.sk http://bihnet.org/Cruonit/wipe/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] SIMPLExml problem....
Cruonit wrote: I just copy/paste the error from other code, but i talked to the admin and he said I might suggest that reading the error (and maybe reseaching the meaning - if you don't understand what it means) ... read this: http://www.php.net/manual/en/ini.core.php now assuming your simpleXML code is not including any shite from phpNuke etc (stuff that relies on php4 object behaviour) you can set the zend.ze1_compatibility_mode to Off/0 in either a .htaccess file or in the virtualhost directive or elsewhere ... zend.ze1_compatibility_mode falls under PHP_INI_ALL which means you can even set it in your script: Table H-2. Definition of PHP_INI_* constants ConstantValue Meaning PHP_INI_USER1 Entry can be set in user scripts or in Windows registry PHP_INI_PERDIR 2 Entry can be set in php.ini, .htaccess or httpd.conf PHP_INI_SYSTEM 4 Entry can be set in php.ini or httpd.conf PHP_INI_ALL 7 Entry can be set anywhere - actually it means you can turn the value on and off countless times inside a script depending on which code/objects are being used/accessed/etc - but I have a funny feeling that if I combined some simeplXML code with some phpNuke code and made it switch ze1_compatibility_mode as required that it wouldn't work very well... but then again its completely untested. we can't set it off because then all PHP-4 written object code would be not functional. thats not true perse. alot of php4 OO codes works as-is. That means 99% of all code (all these forums, CMS - phpNuke, phpBB) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] editor in WEB PAGE
Hello I want to use a RTF editor within a web page like the Hotmail or Yahoo where when writing the content of the email him can be put format like Bold, fonts, etc. I'll like to find how to do. Thanks for your helps Denyl.
[PHP] Re: Allowed memory size of
David, Perhaps your memory usage and/or memory limit is different than what you are assuming it is. If you add the following code to your script, in several places if necessary, it should help you debug it . // PRINT CURRENT MEMORY USAGE: http://us4.php.net/manual/en/function.memory-get-usage.php print 'CURRENT MEMORY USAGE = '.memory_get_usage().'br /'; // PRINT CURRENT MEMORY LIMIT: http://us4.php.net/manual/en/function.ini-get.php print 'MEMORY LIMIT = '.ini_get('memory_limit').'br /'; You can also set the memory limit on a per page basis // SET MEMORY LIMIT:http://us4.php.net/manual/en/function.ini-set.php $mem_limit = '128'; print SETTING MEMORY LIMIT TO $mem_limit Megabytesbr /; ini_set('memory_limit', $mem_limit.'M'); //http://us4.php.net/manual/en/ini.core.php#ini.memory-limit There are a variety of limitations and restrictions to the commands noted above, be sure to read the documentation. -- Bob david forums wrote: Hello I got the following message. PHP Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 69505726 bytes) I read on several forums to increase the size of the memory limit in php.ini. As you can wee which as already be done cause 13421772869505726. But I still get the message. I'll like to understand and find how to do. The aim of this script is to get a big file (69MB) and to encrypt (using mcrypt). then to send it by ftp. Thanks for your helps david -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: editor in WEB PAGE
Denyl Meneses Guillén wrote: Hello I want to use a RTF editor within a web page like the Hotmail or Yahoo where when writing the content of the email him can be put format like Bold, fonts, etc. I'll like to find how to do. Thanks for your helps Denyl. JavaScript; this has nothing whatsoever to do with php; try using google... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] editor in WEB PAGE
there is a product called spaw, i think the site is www.solmetra.com check it out HTH Angelo Zanetti Z Logic www.zlogic.co.za Denyl Meneses Guillén wrote: Hello I want to use a RTF editor within a web page like the Hotmail or Yahoo where when writing the content of the email him can be put format like Bold, fonts, etc. I'll like to find how to do. Thanks for your helps Denyl. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: SFTP problems
Read the php man, it says to use the 'b' flag for binary files, infact it says to use it most the time anyway, if im not mistaken. Lowell Allen wrote: I need to use SFTP to send text files and binary files from one server to another, but I'm unable to use fopen on the remote server, and if I send with ssh2_scp_send the files are truncated. I'm assuming the libssh2-PECL/ssh2 installation isn't the problem because I'm able to connect using ssh2_auth_password, create a directory on the remote server with ssh2_sftp_mkdir, and copy files with ssh2_sftp_send and ssh2_sftp_recv (even though ssh2_sftp_send truncates files). When I try to use fopen, I get this error message: Warning: fopen(): Unable to open ssh2.sftp://Resource id #10/whatever.com:22/home/whatever/public_html/flamingo/test.txt on remote host in /home/user/public_html/cms/sftp_test.php on line 79 Warning: fopen(ssh2.sftp://Resource id #10/whatever.com:22/home/whatever/public_html/flamingo/test.txt): failed to open stream: Resource temporarily unavailable in /home/user/public_html/cms/sftp_test.php on line 79 Here's line 79 of sftp_test.php: $stream = fopen(ssh2.sftp://$sftp/whatever.com:22/home/whatever/public_html/ flamingo/.$filename, wt) I've read Secure Communications with PHP and SSH in the February PHP Architect. That's what prompted me to try PECL/ssh2, but now I'm stuck. Anybody successfully using fopen with SFTP or anybody using ssh2_sftp_send without getting truncated files? -- Lowell Allen -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] word lists
Hi guys, i'm new on the list, so hi ! anyway, sorry if this is the wrong place to ask. uhm, wouldn't any one by any chance know where i could find a list of rubbish words, i mean, words like {and,this,that,those,are,is} ect. words that are meaningless when used alone. i have been googling a bit and came up with nothing. thanks ! -cilliè -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] word lists
Cilliè wrote: Hi guys, i'm new on the list, so hi ! anyway, sorry if this is the wrong place to ask. uhm, wouldn't any one by any chance know where i could find a list of rubbish words, i mean, words like {and,this,that,those,are,is} ect. words that are meaningless not that I know of, sorry. it might be worth taking a look at some of the forum software out there - maybe one of them uses such a list to filter search terms or something similar. when used alone. i have been googling a bit and came up with nothing. out of interest what are you trying/going to do with such a list? thanks ! -cilliè -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] word lists
On 6/20/05, Jochem Maas [EMAIL PROTECTED] wrote: Cilliè wrote: Hi guys, i'm new on the list, so hi ! anyway, sorry if this is the wrong place to ask. uhm, wouldn't any one by any chance know where i could find a list of rubbish words, i mean, words like {and,this,that,those,are,is} ect. words that are meaningless not that I know of, sorry. it might be worth taking a look at some of the forum software out there - maybe one of them uses such a list to filter search terms or something similar. when used alone. i have been googling a bit and came up with nothing. out of interest what are you trying/going to do with such a list? thanks ! -cilliè Did you try google sets? http://labs.google.com/sets returned this: those that and this are the a is to of it you in for I he was on with they be his as at not these from have can an me or here one we list see by up my but play their big down find help away said only Dotan http://lyricslist.com/lyrics/artist_albums/64/beatles.php Beatles Song Lyrics -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] word lists
out of interest what are you trying/going to do with such a list? playing with categorizing stuff based on word frequency and relevance to other stuff with similar word frequency. the will give a lot of false positives :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: SFTP problems
On Jun 20, 2005, at 11:19 AM, JB05UK wrote: Read the php man, it says to use the 'b' flag for binary files, infact it says to use it most the time anyway, if im not mistaken. Substituting wb for wt also fails. As I said in my OP below, I need to send both text files and binary files, and the remote server will be Windows (although I'm now testing on Linux), so that's why I have the t flag, but you're probably right to suggest just using b in all cases. Thanks for your reply. -- Lowell Allen Lowell Allen wrote: I need to use SFTP to send text files and binary files from one server to another, but I'm unable to use fopen on the remote server, and if I send with ssh2_scp_send the files are truncated. I'm assuming the libssh2-PECL/ssh2 installation isn't the problem because I'm able to connect using ssh2_auth_password, create a directory on the remote server with ssh2_sftp_mkdir, and copy files with ssh2_sftp_send and ssh2_sftp_recv (even though ssh2_sftp_send truncates files). When I try to use fopen, I get this error message: Warning: fopen(): Unable to open ssh2.sftp://Resource id #10/whatever.com:22/home/whatever/public_html/flamingo/test.txt on remote host in /home/user/public_html/cms/sftp_test.php on line 79 Warning: fopen(ssh2.sftp://Resource id #10/whatever.com:22/home/whatever/public_html/flamingo/test.txt): failed to open stream: Resource temporarily unavailable in /home/user/public_html/cms/sftp_test.php on line 79 Here's line 79 of sftp_test.php: $stream = fopen(ssh2.sftp://$sftp/whatever.com:22/home/whatever/public_html/ flamingo/.$filename, wt) I've read Secure Communications with PHP and SSH in the February PHP Architect. That's what prompted me to try PECL/ssh2, but now I'm stuck. Anybody successfully using fopen with SFTP or anybody using ssh2_sftp_send without getting truncated files? -- Lowell Allen -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] security question...??
hi... a number of you write apache/web/server apps that deal with secure information.. in doing some research it occured to me that a potential weak link is on the client side, regarding the browser? how many of you actually attempt to verify that the browser being used by the client is indeed a legitimate (non-hacked) browser?? or is there even a way to do this? or should i just go back to sleep..?? thanks -bruce [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Extensions: parameters as references
Yasir Malik wrote: Is there any list (or forum) that can help me with this? Thanks, Yasir You probably will have more luck trying out the PECL group. These authors write PHP extensions and have the knowledge / desire to work on extensions. Not too many of us regular developers have actually had the need to write our own extensions, you know what I mean? Jason -- NEW? | http://www.catb.org/~esr/faqs/smart-questions.html STFA | http://marc.theaimsgroup.com/?l=php-generalw=2 STFM | http://php.net/manual/en/index.php STFW | http://www.google.com/search?q=php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: editor in WEB PAGE
of course that is Javascript, but I want to know if it is possible and if they know some application - Original Message - From: M. Sokolewicz [EMAIL PROTECTED] To: php-general@lists.php.net Sent: Monday, June 20, 2005 8:01 AM Subject: [PHP] Re: editor in WEB PAGE Denyl Meneses Guillén wrote: Hello I want to use a RTF editor within a web page like the Hotmail or Yahoo where when writing the content of the email him can be put format like Bold, fonts, etc. I'll like to find how to do. Thanks for your helps Denyl. JavaScript; this has nothing whatsoever to do with php; try using google... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.323 / Virus Database: 267.7.8/22 - Release Date: 17/06/2005 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Delivery failed
The original message was received at Tue, 21 Jun 2005 01:38:16 +0900 from [133.60.182.142] - The following addresses had permanent fatal errors - php-general@lists.php.net - Transcript of the session follows - ... while talking to 206.244.153.37: RCPT To:php-general@lists.php.net 550 5.1.1 php-general@lists.php.net... Not known here -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] asterix for arrray_search?
Richard Lynch wrote: On Sat, June 18, 2005 10:11 am, Merlin said: ... I believe that in recent versions of PHP, the preg_* functions will accept an array as an argument... Or maybe I dreamed that. FYI I thought this also... but it appears that you can only do one match at a time with preg_match(). The only one I found that allows the array syntax that you're referring to above is preg_replace(). All the same you can still set up an array full of regex patterns, loop through each of these, and do whatever you want with those matches. ?php $regs = array( '/match this text/', '/match this/', '/match/' ); $text = Why don't you run this code and see if you can match this example?; $matches = array(); foreach($regs as $regex) { preg_match($regex, $text, $matches[]); } print_r($matches); ? -- NEW? | http://www.catb.org/~esr/faqs/smart-questions.html STFA | http://marc.theaimsgroup.com/?l=php-generalw=2 STFM | http://php.net/manual/en/index.php STFW | http://www.google.com/search?q=php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Predictable-random array
I've got an array $items which has about 200 entires. I want to print them out in random order, but as usual, I have a catch! I need to add a 'key' so that if need be, I can always return to the same 'random' order, like so: $items=predicatable_random($items, qwerty); so for each place that I need the items rearranged, I will replace qwerty with a different string, and get a different 'random' order. I haven't played around with it much as I stumbled into a brick wall fairly early and can't get much going. Any ideas? I tried to play with usort, uksort, ksort, and various combinations with shuffle. The 'randomization' can be based on qualities of each string, such as 'sort alphebetically by the 7th character', so I thought that I'd try that, but I got lost in explodes and such. Thanks all. I always look forward to my php lessons! Dotan http://english-lyrics.com/el/index.php Song Lyrics -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: security question...??
bruce wrote: hi... a number of you write apache/web/server apps that deal with secure information.. in doing some research it occured to me that a potential weak link is on the client side, regarding the browser? how many of you actually attempt to verify that the browser being used by the client is indeed a legitimate (non-hacked) browser?? or is there even a way to do this? or should i just go back to sleep..?? thanks -bruce [EMAIL PROTECTED] Quite frankly I don't see how you are going to do this. The only thing I know of that might indicate the version / type of browser that is being used is the User Agent string, but it's not hard for this to be forged. So you could very well be dealing with an IE user that has a Mozilla Fire(fox|bird|) User Agent string. More to the point: are you concerned that someone is using an unpatched browser that has holes, or are you concerned that someone is using a binary that has been hacked to pieces and rebuilt to look just like a normal browser? Because I really, REALLY don't think there would be a way to test for the second problem. What do you look for? How in the world do you find it? -- NEW? | http://www.catb.org/~esr/faqs/smart-questions.html STFA | http://marc.theaimsgroup.com/?l=php-generalw=2 STFM | http://php.net/manual/en/index.php STFW | http://www.google.com/search?q=php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Returned mail: Data format error
ALERT! This e-mail, in its original form, contained one or more attached files that were infected with a virus, worm, or other type of security threat. This e-mail was sent from a Road Runner IP address. As part of our continuing initiative to stop the spread of malicious viruses, Road Runner scans all outbound e-mail attachments. If a virus, worm, or other security threat is found, Road Runner cleans or deletes the infected attachments as necessary, but continues to send the original message content to the recipient. Further information on this initiative can be found at http://help.rr.com/faqs/e_mgsp.html. Please be advised that Road Runner does not contact the original sender of the e-mail as part of the scanning process. Road Runner recommends that if the sender is known to you, you contact them directly and advise them of their issue. If you do not know the sender, we advise you to forward this message in its entirety (including full headers) to the Road Runner Abuse Department, at [EMAIL PROTECTED] The original message was included as attachment file attachment: attachment.pif This e-mail in its original form contained one or more attached files that were infected with the [EMAIL PROTECTED] virus or worm. They have been removed. For more information on Road Runner's virus filtering initiative, visit our Help Member Services pages at http://help.rr.com, or the virus filtering information page directly at http://help.rr.com/faqs/e_mgsp.html. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Predictable-random array
Dotan Cohen wrote: I've got an array $items which has about 200 entires. I want to print them out in random order, but as usual, I have a catch! I need to add a 'key' so that if need be, I can always return to the same 'random' order, like so: $items=predicatable_random($items, qwerty); so for each place that I need the items rearranged, I will replace qwerty with a different string, and get a different 'random' order. I haven't played around with it much as I stumbled into a brick wall fairly early and can't get much going. Any ideas? I tried to play with usort, uksort, ksort, and various combinations with shuffle. The 'randomization' can be based on qualities of each string, such as 'sort alphebetically by the 7th character', so I thought that I'd try that, but I got lost in explodes and such. Seed the generator with some integer using srand(): srand(384884); $a = range(0, 100); shuffle($a); print_r($a); -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Predictable-random array
Dotan Cohen wrote: I've got an array $items which has about 200 entires. I want to print them out in random order, but as usual, I have a catch! I need to add a 'key' so that if need be, I can always return to the same 'random' order, like so: $items=predicatable_random($items, qwerty); Try using multi-dimensional arrays, something like: ?php $items = array(1,2,3,4,5,6,7,8,9,10); for($i = 1, $random[0] = $items, shuffle($random[0]); $i 10; $i++) { /* Initialize each pass with previous array, then randomize */ $random[$i] = $items; shuffle($random[$i]); } $selected = rand(0,10); echo There are a total of . count($random) . randomly sorted arrays. Here are the randomly shuffled numbers for array number $selected.\n; /* Now you can access each random array */ print_r($random[$selected]); ? -- NEW? | http://www.catb.org/~esr/faqs/smart-questions.html STFA | http://marc.theaimsgroup.com/?l=php-generalw=2 STFM | http://php.net/manual/en/index.php STFW | http://www.google.com/search?q=php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] So many returned mail notices!
Hey, I know this kind of post can be annoying to some people but I must ask anyway. Is everyone else getting a bunch of returned mail from [EMAIL PROTECTED] It looks like it has something to do with (possibly) an email address that is subscribed through Road Runner? Anyway this kind of thing always makes me a bit nervous because I start to think something is wrong with my end. Chris. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] So many returned mail notices!
Chris W. Parker wrote: Hey, I know this kind of post can be annoying to some people but I must ask anyway. Is everyone else getting a bunch of returned mail from [EMAIL PROTECTED] It looks like it has something to do with (possibly) an email address that is subscribed through Road Runner? Anyway this kind of thing always makes me a bit nervous because I start to think something is wrong with my end. It's not just you. -- John C. Nichel ÜberGeek KegWorks.com 716.856.9675 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] So many returned mail notices!
Hello Chris, Monday, June 20, 2005, 6:33:24 PM, you wrote: CWP Anyway this kind of thing always makes me a bit nervous because I CWP start to think something is wrong with my end. It's not just you, we all get them. Bloody annoying. Best regards, Richard Davey -- http://www.launchcode.co.uk - PHP Development Services I do not fear computers. I fear the lack of them. - Isaac Asimov -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] So many returned mail notices!
Richard Davey mailto:[EMAIL PROTECTED] on Monday, June 20, 2005 10:51 AM said: Hello Chris, Monday, June 20, 2005, 6:33:24 PM, you wrote: Anyway this kind of thing always makes me a bit nervous because I start to think something is wrong with my end. It's not just you, we all get them. Bloody annoying. Thanks for confirming. Chris. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] phpInfo() executed on Yahoo!
Yes! phpInfo() on Yahoo! URL: http://advr1.advertising.scd.yahoo.com/ 1) First I was at: http://promo.yahoo.com/user_research/ 2) I moved to the upper directory: http://promo.yahoo.com/ 3) Do you Yahoo!, the new page said. So I did View Source. 4) http://advr1.advertising.scd.yahoo.com/ Cheers, Behzad -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] word lists
At 6:00 PM +0200 6/20/05, Cilliè wrote: out of interest what are you trying/going to do with such a list? playing with categorizing stuff based on word frequency and relevance to other stuff with similar word frequency. the will give a lot of false positives :) You might want to look at full text indexing or text analysis/data mining software, eg: http://www.textanalysis.info/ You could also check the stop-word lists from MySQL's fulltext indexing, or from search engines like htdig... http://dev.mysql.com/doc/mysql/en/fulltext-search.html http://www.htdig.org/ Googling for the phrase stop word list also may be useful steve -- +--- my people are the people of the dessert, ---+ | Steve Edberghttp://pgfsun.ucdavis.edu/ | | UC Davis Genome Center[EMAIL PROTECTED] | | Bioinformatics programming/database/sysadmin (530)754-9127 | + said t e lawrence, picking up his fork + -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: So many returned mail notices!
Im suscribed to the newsgroup and dont receive emails, I simply browse the threads in Thunderbird, you must of signed up for daily digests. Chris W. Parker wrote: Hey, I know this kind of post can be annoying to some people but I must ask anyway. Is everyone else getting a bunch of returned mail from [EMAIL PROTECTED] It looks like it has something to do with (possibly) an email address that is subscribed through Road Runner? Anyway this kind of thing always makes me a bit nervous because I start to think something is wrong with my end. Chris. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] phpInfo() executed on Yahoo!
Yes! phpInfo() on Yahoo! URL: http://advr1.advertising.scd.yahoo.com/ 1) First I was at: http://promo.yahoo.com/user_research/ 2) Then I moved to an upper directory: http://promo.yahoo.com/ 3) Do you Yahoo!, the new page said. So I did View Source. 4) http://advr1.advertising.scd.yahoo.com/ Cheers, Behzad -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: security question...??
jason... it's the 2nd point... the hacked app that i'm concerned/thinking about... as i stated, a secure app/system incorporates not just the system, and the wire, it also deals with the client app that's being used. and in fact, i'm of the belief that the manufacturers/developers of a given app could in fact provide some function on their servers that you could check against to verify that the browser/app in question is indeed legitimate... as to the details, i'm not exactly sure how it could be accomplished, but i'm pretty sure it could be done... i'm not trying to stop someone from copying an app... i just want to know that the version of IE that i'm talking to is indeed a good/not hacked copy... -bruce -Original Message- From: Jason Barnett [mailto:[EMAIL PROTECTED] Sent: Monday, June 20, 2005 10:05 AM To: php-general@lists.php.net Subject: [PHP] Re: security question...?? bruce wrote: hi... a number of you write apache/web/server apps that deal with secure information.. in doing some research it occured to me that a potential weak link is on the client side, regarding the browser? how many of you actually attempt to verify that the browser being used by the client is indeed a legitimate (non-hacked) browser?? or is there even a way to do this? or should i just go back to sleep..?? thanks -bruce [EMAIL PROTECTED] Quite frankly I don't see how you are going to do this. The only thing I know of that might indicate the version / type of browser that is being used is the User Agent string, but it's not hard for this to be forged. So you could very well be dealing with an IE user that has a Mozilla Fire(fox|bird|) User Agent string. More to the point: are you concerned that someone is using an unpatched browser that has holes, or are you concerned that someone is using a binary that has been hacked to pieces and rebuilt to look just like a normal browser? Because I really, REALLY don't think there would be a way to test for the second problem. What do you look for? How in the world do you find it? -- NEW? | http://www.catb.org/~esr/faqs/smart-questions.html STFA | http://marc.theaimsgroup.com/?l=php-generalw=2 STFM | http://php.net/manual/en/index.php STFW | http://www.google.com/search?q=php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] phpinfo(); executed on Yahoo!
Yes! phpInfo() on Yahoo! URL: http://advr1.advertising.scd.yahoo.com/ 1) First I was at: http://promo.yahoo.com/user_research/ 2) Then I moved to an upper directory: http://promo.yahoo.com/ 3) Do you Yahoo!, the new page said. So I did View Source. 4) http://advr1.advertising.scd.yahoo.com/ Cheers, Behzad -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] phpInfo() executed on Yahoo!
Hello AmirBehzad, Monday, June 20, 2005, 7:07:27 PM, you wrote: AE Yes! phpInfo() on Yahoo! AE URL: http://advr1.advertising.scd.yahoo.com/ Very cool :) I like the amount of Yahoo modules they are using within PHP. I'm not entirely sure this page will stay up for much longer though (at least I'd hope not) Best regards, Richard Davey -- http://www.launchcode.co.uk - PHP Development Services I do not fear computers. I fear the lack of them. - Isaac Asimov -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: So many returned mail notices!
I'm subbed to both the newsgroup, and the emails, and I have them in both. It's a virus using the PHP list address as sender, apparently going through RoadRunner, and then posting itself to the newsserver. Since the messages don't have the [PHP] marker, they're posted to the newsgroup, not the email list ... all messages going through the email list server gets the [PHP] marker in the subject. It has nothing to do with the digest ... I didn't even know there was a digest option for the PHP.net lists ... Rene Documented research indicate that on Mon, 20 Jun 2005 19:11:09 +0100, JamesBenson wrote: Im suscribed to the newsgroup and dont receive emails, I simply browse the threads in Thunderbird, you must of signed up for daily digests. Chris W. Parker wrote: Hey, I know this kind of post can be annoying to some people but I must ask anyway. Is everyone else getting a bunch of returned mail from [EMAIL PROTECTED] It looks like it has something to do with (possibly) an email address that is subscribed through Road Runner? Anyway this kind of thing always makes me a bit nervous because I start to think something is wrong with my end. Chris. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: security question...??
Please do not CC me; I will check the newsgroups and usually respond to all messages there. Onward! bruce wrote: jason... it's the 2nd point... the hacked app that i'm concerned/thinking about... as i stated, a secure app/system incorporates not just the system, and the wire, it also deals with the client app that's being used. Very true. and in fact, i'm of the belief that the manufacturers/developers of a given app could in fact provide some function on their servers that you could check against to verify that the browser/app in question is indeed legitimate... OK, but if someone is truly skilled enough to rip apart an IE binary, don't you think it would be trivial for them to override / alter this checkIntegrity() function? Or whatever the heck you would call it. as to the details, i'm not exactly sure how it could be accomplished, but i'm pretty sure it could be done... As to the details, the current way of checking app integrity usually involves checking the MD5 hash of a program against a published / known good MD5 hash. Although as was discussed in a recent thread it may be feasible for hackers to create new binaries that have the same MD5 checksum as a legit / non-hacked binary. i'm not trying to stop someone from copying an app... i just want to know that the version of IE that i'm talking to is indeed a good/not hacked copy... -bruce I don't see how this is feasible for reasons mentioned above. Even if it was feasible can you also guarantee that there aren't other mailicous processes running in the background (e.g. keystroke loggers)? Since MS has a web-based auto-update program then there is likely some way to find all of this critical information over an HTTP connection... but I just don't know how they do it. Also when MS checks your system it is really slow so it would be a huge performance impact on your site. But all of this is dark voodoo magic that doesn't really belong on this list. :) -- NEW? | http://www.catb.org/~esr/faqs/smart-questions.html STFA | http://marc.theaimsgroup.com/?l=php-generalw=2 STFM | http://php.net/manual/en/index.php STFW | http://www.google.com/search?q=php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: So many returned mail notices!
Chris W. Parker wrote: Hey, I know this kind of post can be annoying to some people but I must ask anyway. Is everyone else getting a bunch of returned mail from [EMAIL PROTECTED] It looks like it has something to do with (possibly) an email address that is subscribed through Road Runner? Yes, I see lots of them coming through to the newsgroup. Upon inspection of the message it appears to have come from 65.32.5.135 (nslookup shows this is ms-smtp-05-smtplb.tampabay.rr.com). I_am_no_security_expertThis message looks ok to me, however, the thread that it replied to certainly has some suspicious looking messages./I_am_no_security_expert It sucks when we see several messages coming from [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] and so on. Rasmus, can you do something about these? Or are these actually legit messages? Anyway this kind of thing always makes me a bit nervous because I start to think something is wrong with my end. Chris. -- NEW? | http://www.catb.org/~esr/faqs/smart-questions.html STFA | http://marc.theaimsgroup.com/?l=php-generalw=2 STFM | http://php.net/manual/en/index.php STFW | http://www.google.com/search?q=php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] phpInfo() executed on Yahoo!
Rats, I guess Andrei is watching this list because it's already down :P I knew they used PHP... but it would have been cool to see what things they've done to handle the number of page requests they have. Oh well. :-/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] phpInfo() executed on Yahoo!
On 6/20/05, Jason Barnett [EMAIL PROTECTED] wrote: Rats, I guess Andrei is watching this list because it's already down :P I knew they used PHP... but it would have been cool to see what things they've done to handle the number of page requests they have. Oh well. :-/ If anybody wants it- I've got the output right here on my hard drive. Just email me privately. Dotan http://english-lyrics.com/el/index.php English Song Lyrics -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: So many returned mail notices!
JamesBenson mailto:[EMAIL PROTECTED] on Monday, June 20, 2005 11:11 AM said: Im suscribed to the newsgroup and dont receive emails, I simply browse the threads in Thunderbird, you must of signed up for daily digests. Nope. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] phpInfo() executed on Yahoo!
On Monday, June 20, 2005, Jason Barnett wrote: JB [..] but it would have been cool to see what things they've done to handle the number of page requests they have. Take a look at the attached file. HTH, Behzad -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] phpInfo() executed on Yahoo!
AmirBehzad Eslami mailto:[EMAIL PROTECTED] on Monday, June 20, 2005 12:11 PM said: On Monday, June 20, 2005, Jason Barnett wrote: [..] but it would have been cool to see what things they've done to handle the number of page requests they have. Take a look at the attached file. Please do not attach files to a public mailing list. Not everyone wants it. Chris. p.s. The attachment doesn't even make it to the list. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] phpInfo() executed on Yahoo!
On 6/20/05, Chris W. Parker [EMAIL PROTECTED] wrote: AmirBehzad Eslami mailto:[EMAIL PROTECTED] on Monday, June 20, 2005 12:11 PM said: On Monday, June 20, 2005, Jason Barnett wrote: [..] but it would have been cool to see what things they've done to handle the number of page requests they have. Take a look at the attached file. Please do not attach files to a public mailing list. Not everyone wants it. Chris. p.s. The attachment doesn't even make it to the list. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php I got a LOT of requests for yahoo's phpinfo(), so here it is: http://dotancohen.com/yahoo_phpinfo.html Have fun with it! Dotan http://english-lyrics.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: security question...??
* bruce [EMAIL PROTECTED]: a number of you write apache/web/server apps that deal with secure information.. in doing some research it occured to me that a potential weak link is on the client side, regarding the browser? how many of you actually attempt to verify that the browser being used by the client is indeed a legitimate (non-hacked) browser?? or is there even a way to do this? or should i just go back to sleep..?? What's the point? The reason I ask is that (1) it shouldn't matter HOW the HTTP request is initiated. What *should* matter is that the page handles the request gracefully and returns something (HTTP headers only, or headers + page) as a result. The request is simply a TCP transmission, nothing more, nothing less. (2) What is done with the page once received by the client shouldn't be an issue, either. Browsers may render the page however they choose; HTML is meant to give hints as to how to perform layout, but in the end, it's just a huge string. Is there some specific issue you're thinking about? -- Matthew Weier O'Phinney | WEBSITES: Webmaster and IT Specialist | http://www.garden.org National Gardening Association| http://www.kidsgardening.com 802-863-5251 x156 | http://nationalgardenmonth.org mailto:[EMAIL PROTECTED] | http://vermontbotanical.org -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] word lists
thanks steve! Steve Edberg wrote: At 6:00 PM +0200 6/20/05, Cilliè wrote: out of interest what are you trying/going to do with such a list? playing with categorizing stuff based on word frequency and relevance to other stuff with similar word frequency. the will give a lot of false positives :) You might want to look at full text indexing or text analysis/data mining software, eg: http://www.textanalysis.info/ You could also check the stop-word lists from MySQL's fulltext indexing, or from search engines like htdig... http://dev.mysql.com/doc/mysql/en/fulltext-search.html http://www.htdig.org/ Googling for the phrase stop word list also may be useful steve -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Predictable-random array
Dotan Cohen wrote: I've got an array $items which has about 200 entires. I want to print it might be helpful to know where the array comes from. or maybe its a static definition to start with (nothing wrong with that as such :-) does $items change over time? in what way? them out in random order, but as usual, I have a catch! I need to add a 'key' so that if need be, I can always return to the same 'random' order, like so: $items=predicatable_random($items, qwerty); the problem is persistence, if you want a random order that doesn't change then you have to create the random order, and then store an index for it somewhere. it may be feasable to either serialize the result and read it from disk when needed, or store a list of keys (an index of sorts) in file/db and use that to perform an ordering as required. so for each place that I need the items rearranged, I will replace qwerty with a different string, and get a different 'random' order. I haven't played around with it much as I stumbled into a brick wall fairly early and can't get much going. Any ideas? I tried to play with usort, uksort, ksort, and various combinations with shuffle. The 'randomization' can be based on qualities of each string, such as 'sort alphebetically by the 7th character', so I thats not random. maybe the 'key' you need to pass is a callback function whose job it is to produce a replicable (or random for that matter!) ordering somehow - depending on the complexity of the calculation and size of the dataset you may need to cache (look at http://php.net/mt_srand if you need predictable [psuedo]randomness without cacheing (using 'fixed' seeds), and check the usernotes on http://php.net/shuffle also). e.g: $items = array( /* |--char 7 */ cherries, bananas, orangejuice, red apples, smelly fish, more bananas, ship full of bananas, tarantula, poisoned apple, /* |--char 7 */ ); function permaRandom($items, $callback) { /* caching left as an exercise to the reader ;-/ */ if (is_callable($callback)) { $items2 = /*($yes = gotcachedpermarandom($callback)) ? getfromcache($callback) : */call_user_func($callback, $items); /* if ($yes) storeincache($callback, $items2); */ } return $items2; } function sortAlphaChar7Random($items) { $keys = $items2 = array(); // assumption made that $item is a string // and at least 7 chars long, oh and spaces // wont do much good for the sorting probably.. foreach ($items as $k = $item) { $keys[$k] = @$item{7}; } asort($keys, SORT_LOCALE_STRING | SORT_STRING); foreach ($keys as $k = $v) { $items2[] = $items[$k]; } return $items2; } var_dump(permaRandom($items, sortAlphaChar7Random), permaRandom($items, sortAlphaChar7Random), permaRandom($items, sortAlphaChar7Random)); thought that I'd try that, but I got lost in explodes and such. Thanks all. I always look forward to my php lessons! Dotan http://english-lyrics.com/el/index.php Song Lyrics -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: security question...??
I don't see any way of doing such a thing, without also seeing how easily it would be to fake it. I'm not really sure what it is you want to achieve. As a webmaster you can't really take responsibility for the clients using insecure software to access your website. It is technically possible to use custom browsers, combined with personal encryption chipcards, that allow only a specific person to establish an encrypted connection to the server, and nothing else. And then refuse connections made by other means. But that method is illegal in the US because the CIA/NSA/FBI and so on can't listen in on the connection, and as such it's a violation of the weapons/terror laws... There is no way of ensuring a truly secure connection over an open network without taking some drastic measures and have each site use their own specific encryption algorithms with corrosponding clients... Rene Documented research indicate that on Mon, 20 Jun 2005 11:13:52 -0700, bruce wrote: jason... it's the 2nd point... the hacked app that i'm concerned/thinking about... as i stated, a secure app/system incorporates not just the system, and the wire, it also deals with the client app that's being used. and in fact, i'm of the belief that the manufacturers/developers of a given app could in fact provide some function on their servers that you could check against to verify that the browser/app in question is indeed legitimate... as to the details, i'm not exactly sure how it could be accomplished, but i'm pretty sure it could be done... i'm not trying to stop someone from copying an app... i just want to know that the version of IE that i'm talking to is indeed a good/not hacked copy... -bruce -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Returned mail: see transcript for details
ALERT! This e-mail, in its original form, contained one or more attached files that were infected with a virus, worm, or other type of security threat. This e-mail was sent from a Road Runner IP address. As part of our continuing initiative to stop the spread of malicious viruses, Road Runner scans all outbound e-mail attachments. If a virus, worm, or other security threat is found, Road Runner cleans or deletes the infected attachments as necessary, but continues to send the original message content to the recipient. Further information on this initiative can be found at http://help.rr.com/faqs/e_mgsp.html. Please be advised that Road Runner does not contact the original sender of the e-mail as part of the scanning process. Road Runner recommends that if the sender is known to you, you contact them directly and advise them of their issue. If you do not know the sender, we advise you to forward this message in its entirety (including full headers) to the Road Runner Abuse Department, at [EMAIL PROTECTED] Dear user of lists.php.net, Your e-mail account has been used to send a huge amount of junk e-mail during this week. Obviously, your computer was compromised and now runs a hidden proxy server. We recommend you to follow our instruction in order to keep your computer safe. Virtually yours, lists.php.net user support team. file attachment: file.zip This e-mail in its original form contained one or more attached files that were infected with the [EMAIL PROTECTED] virus or worm. They have been removed. For more information on Road Runner's virus filtering initiative, visit our Help Member Services pages at http://help.rr.com, or the virus filtering information page directly at http://help.rr.com/faqs/e_mgsp.html. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] MYSQLI, Class not found?
Hey guys, I'm doing a tutorial from a book (PHP and MySQL Web Development) and I'm having a problem... when I use the script they supply I get this error: Fatal error: Class 'mysqli' not found in C:\apachefriends\xampp\htdocs\results.php on line 29 here is the code: === ?php // create short variable names $searchtype=$_POST['searchtype']; $searchtype=$_POST['searchterm']; $searchterm= trim($searchterm); if (!$searchtype || !$searchterm) { echo 'You have not entered search details. Please go back and try again.'; exit; } if (!get_magic_quotes_gpc()) { $searchtype= addslashes($searchtype); $searchterm= addslashes($searchterm); } $db = new mysqli('localhost', 'root', 'root', 'bookorama'); //$db = mysql_connect('localhost', 'root', 'root'); // tried this way, no luck //mysql_select_db(bookorama, $db); if(mysqli_connect_errno()) { echo 'Error: Could not connect to the Database. Please try again later.'; exit; } $query = select * from books where .$searchtype. like '%.$searchterm.%'; $result = $db-query($query); $num_results = $result-num_rows; echo 'pNumber of books found: '.$num_results.'/p'; for ($i=0; $i $num_results; $i++) { $row = $result-fetch_assoc(); echo 'pstrong'.($i+1).'. Title: '; echo htmlspecialchars(stripslashes($row['title'])); echo '/strongbr /Author: '; echo stripslashes($row['author']); echo 'br /ISBN: '; echo stripslashes($row['isbn']); echo 'br /Price: '; echo stripslashes($row['price']); echo '/p'; } $result-free(); $db-close(); ? /body /html === I updated PHP from 5.0.3 to 5.0.4 to see if it would help, no luck. Now I'm just completely lost. Thanks, Clint
[suspicious - maybe spam] [PHP] [suspicious - maybe spam] Re: MYSQLI, Class not found?
Hi, Is PHP compiled with mysqli support: http://ro.php.net/mysqli Read the docs about what this extension requires. Catalin [EMAIL PROTECTED] wrote: Hey guys, I'm doing a tutorial from a book (PHP and MySQL Web Development) and I'm having a problem... when I use the script they supply I get this error: Fatal error: Class 'mysqli' not found in C:\apachefriends\xampp\htdocs\results.php on line 29 here is the code: === ?php // create short variable names $searchtype=$_POST['searchtype']; $searchtype=$_POST['searchterm']; $searchterm= trim($searchterm); if (!$searchtype || !$searchterm) { echo 'You have not entered search details. Please go back and try again.'; exit; } if (!get_magic_quotes_gpc()) { $searchtype= addslashes($searchtype); $searchterm= addslashes($searchterm); } $db = new mysqli('localhost', 'root', 'root', 'bookorama'); //$db = mysql_connect('localhost', 'root', 'root'); // tried this way, no luck //mysql_select_db(bookorama, $db); if(mysqli_connect_errno()) { echo 'Error: Could not connect to the Database. Please try again later.'; exit; } $query = select * from books where .$searchtype. like '%.$searchterm.%'; $result = $db-query($query); $num_results = $result-num_rows; echo 'pNumber of books found: '.$num_results.'/p'; for ($i=0; $i $num_results; $i++) { $row = $result-fetch_assoc(); echo 'pstrong'.($i+1).'. Title: '; echo htmlspecialchars(stripslashes($row['title'])); echo '/strongbr /Author: '; echo stripslashes($row['author']); echo 'br /ISBN: '; echo stripslashes($row['isbn']); echo 'br /Price: '; echo stripslashes($row['price']); echo '/p'; } $result-free(); $db-close(); ? /body /html === I updated PHP from 5.0.3 to 5.0.4 to see if it would help, no luck. Now I'm just completely lost. Thanks, Clint -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: security question...??
matt... you miss what i'm saying, and what my point is. i as a server communicate with clients. under normal situations, the client is used to communicate back to the server. but what if someone created a 'client' that looked like IE, except this client was really sending the information entered by the user to who knows where... how would i as a server app be able to know this. if i knew, i might refuse to deal with this client app, and tell the user that the client is a fraud! this is crucial if you're really going to have a secure system between server and client. as far as i can tell, most people take your approach and don't even think about it... if msoft had a way of identifying that the app is indeed a msoft IE/app/client, i might as a server choose to talk to it because i 'trust' it... this issue has nothing to do with HTTP protocols. hope this provides more clarification as to what i'm dealing with, and why it should be important to people who write secure apps/sites/systems. if you only focus on the server, you can't really say your service is really secure... from my $0.02 worth, more thought needs to be focused on this issue as well... -bruce -Original Message- From: Matthew Weier O'Phinney [mailto:[EMAIL PROTECTED] Sent: Monday, June 20, 2005 1:23 PM To: php-general@lists.php.net Subject: [PHP] Re: security question...?? * bruce [EMAIL PROTECTED]: a number of you write apache/web/server apps that deal with secure information.. in doing some research it occured to me that a potential weak link is on the client side, regarding the browser? how many of you actually attempt to verify that the browser being used by the client is indeed a legitimate (non-hacked) browser?? or is there even a way to do this? or should i just go back to sleep..?? What's the point? The reason I ask is that (1) it shouldn't matter HOW the HTTP request is initiated. What *should* matter is that the page handles the request gracefully and returns something (HTTP headers only, or headers + page) as a result. The request is simply a TCP transmission, nothing more, nothing less. (2) What is done with the page once received by the client shouldn't be an issue, either. Browsers may render the page however they choose; HTML is meant to give hints as to how to perform layout, but in the end, it's just a huge string. Is there some specific issue you're thinking about? -- Matthew Weier O'Phinney | WEBSITES: Webmaster and IT Specialist | http://www.garden.org National Gardening Association| http://www.kidsgardening.com 802-863-5251 x156 | http://nationalgardenmonth.org mailto:[EMAIL PROTECTED] | http://vermontbotanical.org -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[suspicious - maybe spam] [PHP] [suspicious - maybe spam] Re: [suspicious - maybe spam] [PHP] [suspicious - maybe spam] Re: MYSQLI, Cla...
In a message dated 6/20/2005 7:30:20 P.M. Central Standard Time, [EMAIL PROTECTED] writes: Is PHP compiled with mysqli support: http://ro.php.net/mysqli Read the docs about what this extension requires. I did all of this and I'm still getting the error: Runtime Configuration The behaviour of these functions is affected by settings in php.ini. Table 1. MySQLi Configuration Options Name Default Changeable Changelog mysqli.max_links -1 PHP_INI_SYSTEM Available since PHP 5.0.0. mysqli.default_port 3306 PHP_INI_ALL Available since PHP 5.0.0. mysqli.default_socket NULL PHP_INI_ALL Available since PHP 5.0.0. mysqli.default_host NULL PHP_INI_ALL Available since PHP 5.0.0. mysqli.default_user NULL PHP_INI_ALL Available since PHP 5.0.0. mysqli.default_pw NULL PHP_INI_ALL Available since PHP 5.0.0.
RE: [PHP] Re: security question...??
rene.. from my perspective, i strongly disagree... if you're going to be writing apps that deal with sensitive information, you better damm well give some thought as to how secure the client is, or even if the client is actually valid! while i'm not precisely sure as to how you'd go about ensuring that the client is indeed real/valid, and not faked, there are some reasonable approaches that the vendor/manufacturer could take, or make available that could go a good way towards satisfying the issue somewhat... and creating a secure client/server connection that only the two parties (server/client) can listen to is not illegal in the US.. i'm not sure where you get your information.. but my point was not regarding tha actual communicatino pipe/wire. there are already methods of securing the wire conversation betwen the server/client. i'm concerned with being reasonably sure that the client i'm talking to is indeed a valid/real client. IE, if it identifies itself as IE, then it actually is IE, and not some spoofed app, that acts like IE, that might be sending data to who knows where... -bruce -Original Message- From: -{ Rene Brehmer }- [mailto:[EMAIL PROTECTED] Sent: Monday, June 20, 2005 3:52 PM To: php-general@lists.php.net Subject: Re: [PHP] Re: security question...?? I don't see any way of doing such a thing, without also seeing how easily it would be to fake it. I'm not really sure what it is you want to achieve. As a webmaster you can't really take responsibility for the clients using insecure software to access your website. It is technically possible to use custom browsers, combined with personal encryption chipcards, that allow only a specific person to establish an encrypted connection to the server, and nothing else. And then refuse connections made by other means. But that method is illegal in the US because the CIA/NSA/FBI and so on can't listen in on the connection, and as such it's a violation of the weapons/terror laws... There is no way of ensuring a truly secure connection over an open network without taking some drastic measures and have each site use their own specific encryption algorithms with corrosponding clients... Rene Documented research indicate that on Mon, 20 Jun 2005 11:13:52 -0700, bruce wrote: jason... it's the 2nd point... the hacked app that i'm concerned/thinking about... as i stated, a secure app/system incorporates not just the system, and the wire, it also deals with the client app that's being used. and in fact, i'm of the belief that the manufacturers/developers of a given app could in fact provide some function on their servers that you could check against to verify that the browser/app in question is indeed legitimate... as to the details, i'm not exactly sure how it could be accomplished, but i'm pretty sure it could be done... i'm not trying to stop someone from copying an app... i just want to know that the version of IE that i'm talking to is indeed a good/not hacked copy... -bruce -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: security question...??
from my perspective, i strongly disagree... if you're going to be writing apps that deal with sensitive information, you better damm well give some thought as to how secure the client is, or even if the client is actually valid! To the best of my knowledge, if you're developing an app that uses a web browser as the client, then you better damn well give up on lying awake at night worrying about this as an issue. IE, which still holds something like 80+% market share of the browser base, is full of many, many holes. I'm sure this isn't news to you. Unless you're talking about exposing this sensitive data only to a user base within a strictly maintained network environment, then you *must* assume that some of the data can and perhaps will be compromised at the client end some of the time. There are an amazing number of variables to take into account, all of which, under most circumstances, are entirely out of your control. Which version of which browser is being used? Which operating system? What service pack and security updates have been applied? Which firewall software or hardware is in use, if any? Which antiviral software is being used, and how often is it being updated? Another way of looking at this is, where does your responsibility as a web developer end? Is it up to you to be concerned what happens to the data once it has been requested by the client, as opposed to it being the client's concern? What if a particular user is writing this data down in a notebook and loses it on the train on the way home from work? What if they're printing it out on a communal printer and other people are leafing through it while waiting for their own print jobs to finish? What if they're copying and pasting it into an email and blindly sending it to a huge distribution list? What if this data is stored in their browser cache and their laptop gets stolen? And on, and on, and on. Even given your suggestion re: browser vendors exposing some method of independently verifying 'unhacked' browsers, the implications would probably be many and varied. Do you suddenly stop communicating with every browser that has an unregistered 3rd-party add-on? What would be the effect on your business if customers objected to you telling them what browser add-ons they are allowed to use? How would that trickle over into open-source and smaller start-up initiatives that a company like Microsoft (infamously open-source opposed, according to the EFF) might not like to see thrive? Do you simply consolidate browser market dominance, and stifle innovation, by introducing a defacto licensing requirement? And on, and on, and on. If you're honestly concerned about the security of the data once it has been requested, then all I can suggest is, don't use a browser as the client. Develop a purpose-built client that enforces more security than you can hope for out of a browser. Even then, accept that the people who request the data may not have even the slightest respect for your security concerns once it's in their possession. As a last resort, and purely as a public awareness initiative, you might want to invite your users to check their browser for known spyware, etc, using a service such as DoxDesk (http://www.doxdesk.com/parasite/). I believe this site uses an activex control to specifically check details in IE. I have no idea how accurate it is. Alternatively, you could encourage them to use an application such as Ad-Aware (http://www.lavasoft.de/) etc to perform routine security checks. Beyond that, like I said, get some sleep. Regards, Murray -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[suspicious - maybe spam] [PHP] [suspicious - maybe spam] Re: MYSQLI, Class not found?
Is PHP compiled with mysqli support: http://ro.php.net/mysqli Read the docs about what this extension requires. I did all of this and I'm still getting the error: Runtime Configuration The behaviour of these functions is affected by settings in php.ini. Table 1. MySQLi Configuration Options Name Default Changeable Changelog mysqli.max_links -1 PHP_INI_SYSTEM Available since PHP 5.0.0. mysqli.default_port 3306 PHP_INI_ALL Available since PHP 5.0.0. mysqli.default_socket NULL PHP_INI_ALL Available since PHP 5.0.0. mysqli .default_host NULL PHP_INI_ALL Available since PHP 5.0.0. mysqli.default_user NULL PHP_INI_ALL Available since PHP 5.0.0. mysqli.default_pw NULL PHP_INI_ALL Available since PHP 5.0.0.
Re: [PHP] Re: security question...??
* bruce [EMAIL PROTECTED]: you miss what i'm saying, and what my point is. i as a server communicate with clients. under normal situations, the client is used to communicate back to the server. but what if someone created a 'client' that looked like IE, except this client was really sending the information entered by the user to who knows where... I can see what you're saying here. But I can already see some other issues that make this hard, if not impossible, to deal with: * Proxy server between client and server. If there's a proxy server between the client and server, it's possible the proxy server is munging the browser agent strings. If that's the case, we simply will not know for sure what the browser is -- or even necessarily what IP from which a request originates. * Many browsers allow the user to set the browser agent string. Look through your server logs some time -- you'll see some incredibly creative browser strings in there. This ability also allows one browser to spoof as another. For instance, I know in the past that Opera would allow you to select on the fly whether you wanted the browser agent to be reported as IE (to get IE-specific CSS files). * Who's going to keep the database of 'trusted' client browsers? You mention MS IE as one such... but I sure as hell wouldn't place it on *my* list. And, knowing how easy it is to spoof browser agent strings, I wouldn't place Firefox of Opera on there either... oops! there goes over 98% of my browser share! Limiting based on browser directly contradicts the purpose of the web. More on that below. snip this issue has nothing to do with HTTP protocols. Maybe I'm seeing this entirely differently than you, but I think it's *all* about HTTP protocols. Web applications are written on top of HTTP, and HTTP has a very fluid specification, because from the very beginning HTTP was designed to deliver HTML documents in an agnostic way -- so that they may be read from text-based browsers, graphical browsers, browsers on TVs, etc. The fundamental building block, then is HTTP, which is a series of stateless transactions. The servers and clients speak across this protocol, and in between transactions have no inkling of the others' existence. Furthermore, an HTTP server should not care what makes the request, so long as it is well formed; if it is well formed, it returns a string (a document). That's all it's supposed to do. You mention above except this client was really sending the information entered by the user to who knows where. If they're not getting to my site, or the request is getting redirected elsewhere, I can't do anything about the situation; my server knows nothing about it. If they are, there are a number of ways to maintain some awareness of particular users between requests; sessions and cookies come to mind. It's very easy to create server-side tags in sessions to prevent session hijacking very much like you describe (using things like dates, browser agent strings (looking for consistency between requests), etc.). hope this provides more clarification as to what i'm dealing with, and why it should be important to people who write secure apps/sites/systems. if you only focus on the server, you can't really say your service is really secure... On the whole, I'm less worried about hijacked client browsers than I am about zombie networks making repeated requests to my systems (DDOS on port 80). I can use the tools of HTTP and PHP to track users across requests. I personally think these are plenty powerful -- and help me provide a service that can be agnostic of the device using it. I understand your concerns, but they come more from a world where environments can be strictly controlled, and the web ain't one of them. -Original Message- From: Matthew Weier O'Phinney [mailto:[EMAIL PROTECTED] Sent: Monday, June 20, 2005 1:23 PM To: php-general@lists.php.net Subject: [PHP] Re: security question...?? * bruce [EMAIL PROTECTED]: a number of you write apache/web/server apps that deal with secure information.. in doing some research it occured to me that a potential weak link is on the client side, regarding the browser? how many of you actually attempt to verify that the browser being used by the client is indeed a legitimate (non-hacked) browser?? or is there even a way to do this? or should i just go back to sleep..?? What's the point? The reason I ask is that (1) it shouldn't matter HOW the HTTP request is initiated. What *should* matter is that the page handles the request gracefully and returns something (HTTP headers only, or headers + page) as a result. The request is simply a TCP transmission, nothing more, nothing less. (2) What is done with the page once received by the client shouldn't be an issue, either. Browsers may render the page however they choose; HTML is meant to give hints as to how to perform layout, but in the end, it's just a huge
Re: [PHP] Re: security question...??
* bruce [EMAIL PROTECTED]: if you're going to be writing apps that deal with sensitive information, you better damm well give some thought as to how secure the client is, That's what encryption using public/private keypairs is for. The client encrypts the data with the public key, and the only way to decrypt it is using the private key -- which the server has. That way the server doesn't *need* to know what the client is, so long as the request is made over HTTP and the server is able to decrypt the data sent. or even if the client is actually valid! Here's a valid client: open up a command line and type # telnet php.net 80 My point? Anything that can communicate over TCP and talk using HTTP commands is a valid client. That's the way the web was designed, and that's the way it works. -- Matthew Weier O'Phinney | WEBSITES: Webmaster and IT Specialist | http://www.garden.org National Gardening Association| http://www.kidsgardening.com 802-863-5251 x156 | http://nationalgardenmonth.org mailto:[EMAIL PROTECTED] | http://vermontbotanical.org -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Persistant Connections and max_connections on mysql
Hi there, I have run into issues on a public production server where I keep running into max connection issues on mysql if I am using peristant connections. Sometimes the machine gets high traffic and I was wondering if there are good reasons to leave them on or off. After turning them off its been ok for one of the sites/projects. The mysql setting was originally 100 I got the bumped up to 500 but still the same issue ? Let me know. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php