php-general Digest 7 Oct 2005 09:51:18 -0000 Issue 3724
php-general Digest 7 Oct 2005 09:51:18 - Issue 3724 Topics (messages 223715 through 223728): Re: How do I POST data with headers make the browser follow? 223715 by: Ragnar 223724 by: Ragnar 223725 by: cron.odi.com.br Re: PHP and XML 223716 by: Robbert van Andel incLomplete 223717 by: Daevid Vincent Re: PHP vs. ColdFusion 223718 by: Rick Emery 223720 by: Robert Cummings Linux/PHP and Windows/MSSQL 223719 by: Rick Emery 223721 by: Robbert van Andel 223722 by: Frank M. Kromann 223723 by: Michael Crute ob_start and ob_get_contents buffering problem 223726 by: Dasdan 223728 by: Petr Smith PHP 4.4.0 references problems when using PEAR::SOAP 223727 by: Denis Gerasimov Administrivia: To subscribe to the digest, e-mail: [EMAIL PROTECTED] To unsubscribe from the digest, e-mail: [EMAIL PROTECTED] To post to the list, e-mail: php-general@lists.php.net -- ---BeginMessage--- The information that comes in from the first page is a creditcard form with the standard values (CCnumber, Expiry Date, Cardholder name etc). On page 2 an XMLrequest is done with a verification gateway (in this case to check for enrolment in 3D-Secure), the result for that I get back on the same page and no redirection needs to be done. However AFTER the enrolment check with the gateway I need to send the user along to the 3rd page, which is a URL that is provided by the verification process. So to get there, as I need to pass a heap of data to that 3rd page I can either use GET or POST, but since the amount of data is fairly big the only real option for this part seems POST. So it's not really about keeping the data persistent, it's more about the fact on how to push the user along correctly. Hope that makes sense somehow. Thanks for the reply. --- Ursprüngliche Nachricht --- Von: Brent Baisley [EMAIL PROTECTED] An: Ragnar [EMAIL PROTECTED] Kopie: php-general@lists.php.net Betreff: Re: [PHP] How do I POST data with headers make the browser follow? Datum: Thu, 6 Oct 2005 08:57:02 -0400 If the information is sensitive, why are you trying to fake a POST submission? A POST can be received from anywhere. SSL is just encrypting it, not verifying the client is the same. I would use session variables to store information you need to access from page to page. That way you can verify that you are talking to the same computer from the first two pages. On Oct 6, 2005, at 5:52 AM, Ragnar wrote: Hi guys/girls, I have to apologize if this issue has been discussed in detail before but I couldn't find anything obvious so far. What I need/want to do is to : 1. Take POST data from a form (no problem) 2. Do whatever i need to on the target page (no problem) 3. Pass some other data on to a 3rd page as a POST request. 4. Get the browser to follow to said 3rd page. All this is happening via SSL. So basically what i am trying to do is to fake whatever happens at a normal POST request that is handled by the browser. Now point 4. in my example above is giving me a massive headache, I have managed to pass data on to the 3rd page as POST quite comfortably using cURL but the browser doesn't follow (ie. the URL in the address bar remains unchanged). I did see that there is a FOLLOWLOCATION option you can set in cURL when you do you request, and though wicked, just what I needed only to find out that it's not working (probably because I understand what it does wrong). Pretty pretty please if anyone knows a solution for the above, let me know. Oh, and I'd also like to add that the information I am trying to get to the 3rd page in the example is sensitive (Credit Card details etc.), so $_GET and $_COOKIE are out of the question. ANY help would be appreciated. Kind regards, Ben -- 5 GB Mailbox, 50 FreeSMS http://www.gmx.net/de/go/promail +++ GMX - die erste Adresse für Mail, Message, More +++ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Brent Baisley Systems Architect Landover Associates, Inc. Search Advisory Services for Advanced Technology Environments p: 212.759.6400/800.759.0577 -- 10 GB Mailbox, 100 FreeSMS/Monat http://www.gmx.net/de/go/topmail +++ GMX - die erste Adresse für Mail, Message, More +++ ---End Message--- ---BeginMessage--- Message-ID: [EMAIL PROTECTED] To: php-general@lists.php.net Date: Thu, 06 Oct 2005 15:04:41 +0200 From: Petr Smith [EMAIL PROTECTED] Subject: Re: How do I POST data with headers make the browser follow? I have to apologize if this issue has been discussed in detail before but I couldn't find anything obvious so far. What I need/want to do is to : 1. Take
php-general Digest 8 Oct 2005 03:15:57 -0000 Issue 3725
php-general Digest 8 Oct 2005 03:15:57 - Issue 3725 Topics (messages 223729 through 223758): Re: ob_start and ob_get_contents buffering problem 223729 by: Dasdan Question 223730 by: Sven Simons 223732 by: Michael Crute 223747 by: Richard Lynch data move from mssql to mysql via php 223731 by: blackwater dev 223733 by: Matt Darby 223734 by: blackwater dev 223735 by: Jay Blanchard 223736 by: Greg Donald 223746 by: Richard Lynch Re: [PEAR] PHP 4.4.0 references problems when using PEAR::SOAP 223737 by: Justin Patrin Re: How do I POST data with headers make the browser follow? 223738 by: Mark Rees 223752 by: Richard Lynch Patch for Suexec for Virtual Hosts to use PHP with FastCGI 223739 by: Jason Kovacs date comparisions... 223740 by: aaronjw.martekbiz.com 223741 by: Richard Davey 223742 by: aaronjw.martekbiz.com 223743 by: Richard Davey DNS lookups only sometimes 223744 by: Jadel Menard 223745 by: Richard Lynch 223749 by: Jadel Menard Re: Linux/PHP and Windows/MSSQL 223748 by: Richard Lynch Re: form not submitting when I change action from PHP_SELF to thanks page 223750 by: Richard Lynch PHP 4.4.1RC1 223751 by: Derick Rethans Re: mail() with port authentication 223753 by: Richard Lynch Re: sessions 223754 by: Richard Lynch Re: caching parsed XML files as DOM objects in memory 223755 by: Richard Lynch Re: displaying image from blog 223756 by: Richard Lynch Re: PROGRESS SQL_CUR_USE_ODBC 223757 by: Richard Lynch Dynamic sub directory listing without redirect 223758 by: Terence Administrivia: To subscribe to the digest, e-mail: [EMAIL PROTECTED] To unsubscribe from the digest, e-mail: [EMAIL PROTECTED] To post to the list, e-mail: php-general@lists.php.net -- ---BeginMessage--- Thanks a lot Petr !! Petr Smith [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Dasdan wrote: question: I try to buffer the output of the 'system/views/main.php' into $contents. and then do a print. Problem is that the contents of the system/views/main.php are printed 2 times. Someone who can explain me? following the contents of testfile.php and main.php, php.ini settings concerning ob_ ... functions and the output of the script. Hi, you have to use ?php // testfile.php ob_start(); include 'browsers.html'; $contents = ob_get_contents(); ob_end_clean(); print 'no output above normally ??? :('; print $contents; ? because include goes to buffer, print's go to buffer and on the end the buffer is automatically flushed out. So it's the 2x - once for include, once for print $contents Simple eh? Petr ---End Message--- ---BeginMessage--- I've installed PHP using the windows installer I try to open then php pages containing the following script : ?php echo Current IP Address: ; $ipx = getenv(HTTP_CLIENT_IP) ? getenv(HTTP_CLIENT_IP) : 0; $ipx = !$ipx getenv(HTTP_X_FORWARDED_FOR) ? getenv(HTTP_X_FORWARDED_FOR) : 0 ; $ipx = !$ipx getenv(REMOTE_ADDR) ? getenv(REMOTE_ADDR) : 0 ; echo !$ipx ? UNKNOWN : $ipx; echo br; echo Server IP Address: ; $ipx = getenv(SERVER_ADDR) ? getenv(SERVER_ADDR) : 0; echo !$ipx ? UNKNOWN : $ipx; ? It works and gives me a correct current IP address When manually installing PHP it always gives me the status UNKNOWN. The only difference I've seen is that the Windows installer uses the php5ts.dll for ISAPI filter while the manually installed php uses the php5isapi.dll. I know that the PHP is working (when manually installed) because this script works : ?php phpinfo(); ? The only strange thing is that the phpinfo says that the ini file is located in C:\Winnt although it is not there (when installing manually it is in C:\PHP) How can I make the IP address script working when manually installing PHP ? Or is it really so unsafe to use the windows installer on a online server? Sincerely, Sven ---End Message--- ---BeginMessage--- On 10/7/05, Sven Simons [EMAIL PROTECTED] wrote: I've installed PHP using the windows installer I try to open then php pages containing the following script : ?php echo Current IP Address: ; $ipx = getenv(HTTP_CLIENT_IP) ? getenv(HTTP_CLIENT_IP) : 0; $ipx = !$ipx getenv(HTTP_X_FORWARDED_FOR) ? getenv(HTTP_X_FORWARDED_FOR) : 0 ; $ipx = !$ipx getenv(REMOTE_ADDR) ? getenv(REMOTE_ADDR) : 0 ; echo !$ipx ? UNKNOWN : $ipx; echo br; echo Server IP Address: ; $ipx = getenv(SERVER_ADDR) ? getenv(SERVER_ADDR) : 0; echo !$ipx ? UNKNOWN : $ipx; ? It works and gives me a correct current IP address When manually installing PHP it always gives me the status UNKNOWN. Just use the $_SERVER[] superglobal array to grab the stuff you need. Don't use the getenv
Re: [PHP] Re: How do I POST data with headers make the browser follow?
Print out the form and on the body tag put some javascript to do the post stuff ex: body onLoad=formName.submit(); form style=display:none /form style=display:none, this will hide form from the user - Original Message - From: Ragnar [EMAIL PROTECTED] To: php-general@lists.php.net Sent: Friday, October 07, 2005 1:30 AM Subject: [PHP] Re: How do I POST data with headers make the browser follow? Message-ID: [EMAIL PROTECTED] To: php-general@lists.php.net Date: Thu, 06 Oct 2005 15:04:41 +0200 From: Petr Smith [EMAIL PROTECTED] Subject: Re: How do I POST data with headers make the browser follow? I have to apologize if this issue has been discussed in detail before but I couldn't find anything obvious so far. What I need/want to do is to : 1. Take POST data from a form (no problem) 2. Do whatever i need to on the target page (no problem) 3. Pass some other data on to a 3rd page as a POST request. 4. Get the browser to follow to said 3rd page. All this is happening via SSL. So basically what i am trying to do is to fake whatever happens at a normal POST request that is handled by the browser. Now point 4. in my example above is giving me a massive headache, I have managed to pass data on to the 3rd page as POST quite comfortably using cURL but the browser doesn't follow (ie. the URL in the address bar remains unchanged). I did see that there is a FOLLOWLOCATION option you can set in cURL when you do you request, and though wicked, just what I needed only to find out that it's not working (probably because I understand what it does wrong). Pretty pretty please if anyone knows a solution for the above, let me know. Oh, and I'd also like to add that the information I am trying to get to the 3rd page in the example is sensitive (Credit Card details etc.), so $_GET and $_COOKIE are out of the question. Hi, it seems you have no understanding how http protocol works.. I can't learn you the whole thing, but I can give you some hints. Read something about HTTP (http://www.digital-web.com/articles/powering_the_web_with_http/), install some network sniffer (ethereal, HttpWatch for IE - great tool for beginners) and see what happens. - you cannot force browser to POST something somewhere with PHP. You have to realize, that PHP is running on server, but the browser is the client. - you cannot use curl to do it. With curl it all happens on the server. If you want to use curl, you have to use same technique used by web based anonymous proxy. Return all loaded data to client, rewrite urls to your script, handle everything correctly until client closes browser. Very complex stuff - followlocation has nothing to do with browser. it only says to curl to evaluate Location header and do auto-redirection - sensitive information? GET, POST, COOKIE, everything could be intercepted - your only help is javascript. You can generate something like this to client browser with php. But you couldn't hide sensitive information this way. body onload=document.forms.myform.submit() form name=myform method=post input type=hidden name=... value=... /form - think about your problem and possible solutions again Petr Hi Petr, thanks for the reply, first off i certainly didn't claim to be an expert on the HTTP, which is why i was asking the question I did. I do realise that PHP runs on the server and can't force the browser to do anything directly, I was merely wondering why header(Location:); got the browser to follow and if there was a way for me to get the same behaiviour working when PHP was posting data. Anyway, I will look at my problem at hand again and will try something else. Thanks for the tips. -- Highspeed-Freiheit. Bei GMX supergünstig, z.B. GMX DSL_Cityflat, DSL-Flatrate für nur 4,99 Euro/Monat* http://www.gmx.net/de/go/dsl -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] ob_start and ob_get_contents buffering problem
question: I try to buffer the output of the 'system/views/main.php' into $contents. and then do a print. Problem is that the contents of the system/views/main.php are printed 2 times. Someone who can explain me? following the contents of testfile.php and main.php, php.ini settings concerning ob_ ... functions and the output of the script. Thanks in advance, Kevin Wood http://www.dasdan.be ?php // testfile.php ob_start(); include 'system/views/main.php'; $contents = ob_get_contents(); print 'no output above normally ??? :('; print $contents; ? ?php // file :system/views/main.php print P1 !DOCTYPE HTML PUBLIC -//W3C//DTD XHTML 1.0 Strict//EN http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd; html head titleThe Task List/title /head body div h3test/h3 p /body /html P1; ? php.ini settings output_buffering = Off output_handler = zlib.output_compression = Off implicit_flush = Off the output : !DOCTYPE HTML PUBLIC -//W3C//DTD XHTML 1.0 Strict//EN http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd; html head titleThe Task List/title /head body div h3test/h3 p /body /htmlno output above normally ??? :(!DOCTYPE HTML PUBLIC -//W3C//DTD XHTML 1.0 Strict//EN http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd; html head titleThe Task List/title /head body div h3test/h3 p /body /html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP 4.4.0 references problems when using PEAR::SOAP
Hello list, I am facing serious troubles when using PEAR::SOAP with PHP 4.4.0 while it works fine with PHP 4.3.9. PHP 4.4.0 produces many notices like these: Notice: Only variable references should be returned by reference in C:\PHP4\PEAR\SOAP\Value.php on line 118 Notice: Only variable references should be returned by reference in C:\PHP4\PEAR\SOAP\WSDL.php on line 668 Notice: Only variable references should be returned by reference in C:\PHP4\PEAR\SOAP\Value.php on line 118 and so on. What is the problem? Currently I have rolled back to version 4.3.9 but this problem will appear again after upgrade, of course, - is there any solution (say, php.ini setting etc.)? Have a great day, Denis S Gerasimov Web Developer Team Force LLC Web: www.team-force.org RU Int'l: +7 8362-468693 email:[EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: ob_start and ob_get_contents buffering problem
Dasdan wrote: question: I try to buffer the output of the 'system/views/main.php' into $contents. and then do a print. Problem is that the contents of the system/views/main.php are printed 2 times. Someone who can explain me? following the contents of testfile.php and main.php, php.ini settings concerning ob_ ... functions and the output of the script. Hi, you have to use ?php // testfile.php ob_start(); include 'browsers.html'; $contents = ob_get_contents(); ob_end_clean(); print 'no output above normally ??? :('; print $contents; ? because include goes to buffer, print's go to buffer and on the end the buffer is automatically flushed out. So it's the 2x - once for include, once for print $contents Simple eh? Petr -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: ob_start and ob_get_contents buffering problem
Thanks a lot Petr !! Petr Smith [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Dasdan wrote: question: I try to buffer the output of the 'system/views/main.php' into $contents. and then do a print. Problem is that the contents of the system/views/main.php are printed 2 times. Someone who can explain me? following the contents of testfile.php and main.php, php.ini settings concerning ob_ ... functions and the output of the script. Hi, you have to use ?php // testfile.php ob_start(); include 'browsers.html'; $contents = ob_get_contents(); ob_end_clean(); print 'no output above normally ??? :('; print $contents; ? because include goes to buffer, print's go to buffer and on the end the buffer is automatically flushed out. So it's the 2x - once for include, once for print $contents Simple eh? Petr -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Question
I've installed PHP using the windows installer I try to open then php pages containing the following script : ?php echo Current IP Address: ; $ipx = getenv(HTTP_CLIENT_IP) ? getenv(HTTP_CLIENT_IP) : 0; $ipx = !$ipx getenv(HTTP_X_FORWARDED_FOR) ? getenv(HTTP_X_FORWARDED_FOR) : 0 ; $ipx = !$ipx getenv(REMOTE_ADDR) ? getenv(REMOTE_ADDR) : 0 ; echo !$ipx ? UNKNOWN : $ipx; echo br; echo Server IP Address: ; $ipx = getenv(SERVER_ADDR) ? getenv(SERVER_ADDR) : 0; echo !$ipx ? UNKNOWN : $ipx; ? It works and gives me a correct current IP address When manually installing PHP it always gives me the status UNKNOWN. The only difference I've seen is that the Windows installer uses the php5ts.dll for ISAPI filter while the manually installed php uses the php5isapi.dll. I know that the PHP is working (when manually installed) because this script works : ?php phpinfo(); ? The only strange thing is that the phpinfo says that the ini file is located in C:\Winnt although it is not there (when installing manually it is in C:\PHP) How can I make the IP address script working when manually installing PHP ? Or is it really so unsafe to use the windows installer on a online server? Sincerely, Sven
[PHP] data move from mssql to mysql via php
I have an app with a requirement to hit an external mssql db and move the data to a local mysql database. What's the best way to do this? I was thinking of querying the mssql db and writing the contents to a flat file then using mysql load data from infile query to pump it in but I am not sure if this is the best option so am looking for suggestions Thanks! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question
On 10/7/05, Sven Simons [EMAIL PROTECTED] wrote: I've installed PHP using the windows installer I try to open then php pages containing the following script : ?php echo Current IP Address: ; $ipx = getenv(HTTP_CLIENT_IP) ? getenv(HTTP_CLIENT_IP) : 0; $ipx = !$ipx getenv(HTTP_X_FORWARDED_FOR) ? getenv(HTTP_X_FORWARDED_FOR) : 0 ; $ipx = !$ipx getenv(REMOTE_ADDR) ? getenv(REMOTE_ADDR) : 0 ; echo !$ipx ? UNKNOWN : $ipx; echo br; echo Server IP Address: ; $ipx = getenv(SERVER_ADDR) ? getenv(SERVER_ADDR) : 0; echo !$ipx ? UNKNOWN : $ipx; ? It works and gives me a correct current IP address When manually installing PHP it always gives me the status UNKNOWN. Just use the $_SERVER[] superglobal array to grab the stuff you need. Don't use the getenv function. -Mike -- Michael E. Crute Software Developer SoftGroup Development Corporation Linux, because reboots are for installing hardware. In a world without walls and fences, who needs windows and gates?
Re: [PHP] data move from mssql to mysql via php
blackwater dev wrote: I have an app with a requirement to hit an external mssql db and move the data to a local mysql database. What's the best way to do this? I was thinking of querying the mssql db and writing the contents to a flat file then using mysql load data from infile query to pump it in but I am not sure if this is the best option so am looking for suggestions Thanks! You can easily do this; you could also cut out the middleman and use the ODBC driver to import/export directly. HTH Matt Darby -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] data move from mssql to mysql via php
Matt, So would you use an odbc driver and call it directly on the shell? I don't have much access on the server or is this something I can do through php? Thanks! On 10/7/05, Matt Darby [EMAIL PROTECTED] wrote: blackwater dev wrote: I have an app with a requirement to hit an external mssql db and move the data to a local mysql database. What's the best way to do this? I was thinking of querying the mssql db and writing the contents to a flat file then using mysql load data from infile query to pump it in but I am not sure if this is the best option so am looking for suggestions Thanks! You can easily do this; you could also cut out the middleman and use the ODBC driver to import/export directly. HTH Matt Darby -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] data move from mssql to mysql via php
[snip] So would you use an odbc driver and call it directly on the shell? I don't have much access on the server or is this something I can do through php? [/snip] There is an odbc driver for MySQL http://dev.mysql.com/doc/mysql/en/odbc-connector.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] data move from mssql to mysql via php
On 10/7/05, blackwater dev [EMAIL PROTECTED] wrote: So would you use an odbc driver and call it directly on the shell? I don't have much access on the server or is this something I can do through php? Most of the time someone has already been there and done that: http://www.kofler.cc/mysql/mssql2mysql.html -- Greg Donald Zend Certified Engineer MySQL Core Certification http://destiney.com/
[PHP] Re: [PEAR] PHP 4.4.0 references problems when using PEAR::SOAP
On 10/7/05, Denis Gerasimov [EMAIL PROTECTED] wrote: Hello list, I am facing serious troubles when using PEAR::SOAP with PHP 4.4.0 while it works fine with PHP 4.3.9. PHP 4.4.0 produces many notices like these: Notice: Only variable references should be returned by reference in C:\PHP4\PEAR\SOAP\Value.php on line 118 Notice: Only variable references should be returned by reference in C:\PHP4\PEAR\SOAP\WSDL.php on line 668 Notice: Only variable references should be returned by reference in C:\PHP4\PEAR\SOAP\Value.php on line 118 and so on. What is the problem? Currently I have rolled back to version 4.3.9 but this problem will appear again after upgrade, of course, - is there any solution (say, php.ini setting etc.)? Have a great day, The solution is to fix the SOAP package. Instead of: return $serializer- make it: $ret = $serializer-... return $ret; This notice was added because PHP has memory corruption issues when doing this particular thing (it always has). -- Justin Patrin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How do I POST data with headers make the browser follow?
The information that comes in from the first page is a creditcard form with the standard values (CCnumber, Expiry Date, Cardholder name etc). On page 2 an XMLrequest is done with a verification gateway (in this case to check for enrolment in 3D-Secure), the result for that I get back on the same page and no redirection needs to be done. However AFTER the enrolment check with the gateway I need to send the user along to the 3rd page, which is a URL that is provided by the verification process. So to get there, as I need to pass a heap of data to that 3rd page I can either use GET or POST, but since the amount of data is fairly big the only real option for this part seems POST. So it's not really about keeping the data persistent, it's more about the fact on how to push the user along correctly. Is this what happens: 1. User enters payment data 2. XML check that payment data is OK 3. redirection to a page (on another site?), where for some reason the payment data is required again (why?). This sounds like a mixture of two ways of implementing online payments. Forgive me if I'm telling you what you already know, but in general I believe things work as follows: 1 The whole process from payment to verification takes place on the payment provider's server or 2. the whole thing takes place on your server, with some inline (XML in this case) communication with your payment provider to verify the card details. You seem to be doing a bit of both, or have I misunderstood? Why do you need the payment details on the third page? If you don't actually need them, then the security problem goes away, and you can use the session object or whatever to persist the customer data. Does this help? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Patch for Suexec for Virtual Hosts to use PHP with FastCGI
Hello, I am new to this list, but I thought I might contribute a patch implementation I've come up with and ask the other developers on the list to help me scrutinize its security implications. I've posted this same message to fastcgi-developers list at fastcgi.org to look for feedback from them as well. I've been working with Apache2, SuExec, PHP5, and FastCGI recently and ran across the seemingly-common problem of allowing Virtual Hosts to share a PHP (cgi-fcgi) binary that is SuExec'd to their User/Group. I read everything I could find on the net about this subject, and the fastcgi.com archives were very helpful, but I was not happy or successful with some of the solutions presented. I thought I would end up having to copying the php binary for every Virtual Host that existed and chown them to each user/group so that Suexec would work properly and I could stop getting permission errors. Then I realized how it would be a nightmare to automate this process of copying and owning the php binary to the right user/group every time a Virtual Host was created (and I'm not that great at shell scripting). If I wanted to recompile php, I would have to update all of the instances of php that now existed (which seemed to be getting too complex). So I finally gave in and decided to modify suexec.c, despite the warnings from apache.org not to do so because much thought had already been put into the conditions for suexec to work securely. However, the fact that I wanted the php binary to be shared is a special case from all other cgi scripts, since its user/group must be different from the target user/group of the Virtual Host. So this is what I've come up with and it seems to fit my needs, so I thought it could help others in the same situation. I've created a new user/group named php-cgi-shared, which took on a UID and GID above 500. My virtual hosts all reside in /home/username/ so in my Apache2 configuration I set '--with-suexec-docroot' to /home to encompass all virtual hosts and their cgi-bin directories (this made sense to me, but maybe I don't fully understand how the suexec docroot and userdir settings work). Then I created /home/fcgi-bin/ where I would later copy /usr/bin/php (built as cgi-fcgi) to and chown the fcgi-bin directory and the php-fcgi binary to the user and group of php-cgi-shared. I've read some 3rd-party changes and patches to suexec.c that chose to completely ignore the check for the SuexecUserGroup UID and GID to match the UID and GID of the CGI file and its containing folder. However, I thought this was a too lenient and allows security holes, so I left that code as it is but added a custom hack of my own. I've hard-coded the custom user/group of php-cgi-shared into the suexec.h header file, and within the code checked to see if this was a valid user/group on the system and obtained its UID and GID. If the UID/GID of the target program and folder do not match the SuexecUserGroup (as done in the original code), then I additionally check if they match my safe UID/GID obtained from the php-cgi-shared user/group. If a match occurs, then I allow the suexec program to proceed and not exit with an error. So then when FastCGI passes the SuexecUserGroup from a Virtual Host to the Suexec wrapper, it will spawn a dynamic instance of the php-fcgi binary running as the user/group of the virtual host. Likewise, I run a static instance of this php-fcgi using FastCgiServer with the -user and -group set to php-cgi-shared, and not apache/www/nobody because those users are below the UID/GID of 500 that I've set as a minimum when building Apache/Suexec. My assumption is that this fcgi-bin directory and php-fcgi program are the only two files that are owned by php-cgi-shared, as set by root, and no other cgi's will ever take on this special privilege that suexec now allows. This seems to be a valid solution, unless I don't fully understand how all of the components work together correctly and securely. Please tell me otherwise if I am wrong. All I know is that this setup is now working the way I want after many days of frustration, it keeps things secure as far as I can tell, and requires little to no extra maintenance in the future. My httpd.conf file has the following directives that apply to PHP/FastCGI/Suexec (I built Apache2 using its default directory/file layout): User apache Group apache ... LoadModule fastcgi_module modules/mod_fastcgi.so AddType application/x-httpd-php .php IfModule mod_fastcgi.c Alias /fcgi-bin/ /home/fcgi-bin/ FastCgiIpcDir /usr/local/apache2/logs/fastcgi FastCgiWrapper /usr/local/apache2/bin/suexec FastCgiServer /home/fcgi-bin/php-fcgi -user php-cgi-shared -group php-cgi-shared Directory /home/fcgi-bin/ SetHandler fastcgi-script Options +ExecCGI /Directory AddHandler php-fastcgi .php Action php-fastcgi /fcgi-bin/php-fcgi /IfModule Please respond with your
[PHP] date comparisions...
I am confused... probably because of lack of sleep. Anyway... I have code that looks like this: if ($discountResult[dateexpired] date(U)) { //dosomething } else { //do something else } Using Epoch obviously Anyway... it's supposed to read: IF the expired date is past the current date... disallow dosomething otherwise... let it go. I set the expire date to be Sept 30, 2005 and obviously today is the current date but for some reason the dosomething is being allowed. Do I have the operators mixed up here? Works is I reverse the operator but shouldn't it work as I have it? Thanks all. Appreciate the clarrification. A -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] date comparisions...
Hi aaronjw, Friday, October 7, 2005, 7:34:11 PM, you wrote: if ($discountResult[dateexpired] date(U)) { //dosomething } else { //do something else } Anyway... it's supposed to read: IF the expired date is past the current date... disallow dosomething otherwise... let it go. I set the expire date to be Sept 30, 2005 and obviously today is the current date but for some reason the dosomething is being allowed. Start with the obvious - what actually IS the value of $discountResult[dateexpired]? var_dump it out and have a look. Check you are comparing like with like. You're also not performing a strict comparison, so string conversion could be going on here. The other obvious fact is that if dateexpired is less than *right now*, it'll always dosomething ! :) Cheers, Rich -- Zend Certified Engineer http://www.launchcode.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] date comparisions...
Hi Rich, Thanks for your reply. dateexpired is: 1128052800 which translates into: 2005-09-30 00:00:00 Basically, I'm just trying to figure out when the dateexpired is. IF it is past the current date then I am erroring out and if it's under the current date... I'm allowing the transaction. I would assume the following: if (2005-09-30 00:00:00 2005-10-07 00:00:00) it should error out, no? Thanks! Aaron Hi aaronjw, Start with the obvious - what actually IS the value of $discountResult[dateexpired]? var_dump it out and have a look. Check you are comparing like with like. You're also not performing a strict comparison, so string conversion could be going on here. The other obvious fact is that if dateexpired is less than *right now*, it'll always dosomething ! :) Cheers, Rich -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re[2]: [PHP] date comparisions...
Hi, Friday, October 7, 2005, 7:55:45 PM, you wrote: dateexpired is: 1128052800 which translates into: 2005-09-30 00:00:00 Basically, I'm just trying to figure out when the dateexpired is. IF it is past the current date then I am erroring out and if it's under the current date... I'm allowing the transaction. I would assume the following: if (2005-09-30 00:00:00 2005-10-07 00:00:00) it should error out, no? Not given your logic above, no. You said If it is past the current date then I am erroring out, therefore 2005-09-30 00:00:00 2005-10-07 00:00:00 will NEVER error out, because it will never be greater than the current timestamp in seconds. A = 2005-09-03 = 1,128,052,800 B = 2005-10-07 = 1,128,713,278 (approx, that's actually the value now) So A will never be greater than B, hence you're always allowing the transaction. Cheers, Rich -- Zend Certified Engineer http://www.launchcode.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] DNS lookups only sometimes
I have an email validation script written in PHP that works on most Apache machines I try it on, with the exception (of course) of my production box that it needs to go on. This production machine is a Slackware 10.2 box, running Apache 1.33 and PHP 4.4.0. The script works if I call it from the command line with php -f filename however, if I try to call the same script from a browser (served by httpd) the DNS check is never made, and the script returns that the domain of the email address is invalid. The httpd people tell me that once Apache calls a .php page, PHP handles the actual parsing of that page, so if these DNS queries aren't happening when the page is called through a browser, what is changing from when they are called from the command line? Thoughts? Best, Jadel -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] DNS lookups only sometimes
On Fri, October 7, 2005 2:54 pm, Jadel Menard wrote: I have an email validation script written in PHP that works on most Apache machines I try it on, with the exception (of course) of my production box that it needs to go on. This production machine is a Slackware 10.2 box, running Apache 1.33 and PHP 4.4.0. The script works if I call it from the command line with php -f filename however, if I try to call the same script from a browser (served by httpd) the DNS check is never made, and the script returns that the domain of the email address is invalid. The httpd people tell me that once Apache calls a .php page, PHP handles the actual parsing of that page, so if these DNS queries aren't happening when the page is called through a browser, what is changing from when they are called from the command line? You'd first have to show us the source code that does the email checks. In addition, see if you can dig out the httpd.conf and php.ini that are used on the production server, and post links to them, after removing any data you consider sensitive. There's no rule that the PHP binary they have laying around on the machine for command line use has to have any real correspondence with the (presumed) PHP Module they have loaded into Apache. They could be different versions of PHP, with entirely different compile-time switches, and have nothing more than PHP in their name in common. They are USUALLY very similar, but a host could easily dis-allow certain functions in php.ini in the web environment, but your CLI PHP can easily not be using that same php.ini, and then you get the functions they don't want you to have. Worst-case scenario, you could probably use http://php.net/exec in your web PHP script to fire up PHP command line to run your DNS lookup script. This is a total hack and will have HORRIBLE performance penalties. And if the real problem is that your host doesn't want you doing DNS lookups in the first place, so they disabled the function in php.ini, they're not gonna be happy to find you doing this... Extreme Caution is called for. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] data move from mssql to mysql via php
On Fri, October 7, 2005 8:31 am, blackwater dev wrote: I have an app with a requirement to hit an external mssql db and move the data to a local mysql database. What's the best way to do this? I was thinking of querying the mssql db and writing the contents to a flat file then using mysql load data from infile query to pump it in but I am not sure if this is the best option so am looking for suggestions If one or the other database servers allows access from other than 'localhost', you can simply have two connections open, one to each db, and XFer data in a single PHP script. ?php $mssql = mssql_connect('whatever', ...); $mysql = mysql_connect('whatever', ...); $query = 'select ... from ; $result = mssql_query($query, $mssql); while ($row = mssql_fetch_row($result)){ $query = insert into ... values( . implode(', ', $row) . ); mysql_query($query, $mysql); } ? Obviously you'd need a ton of error-checking etc. This would be, perhaps, better than dump/load if you also need to do some business logic in there to determine which records have changed where, and which should or should not get re-loaded etc. Would also be handy if you need to run this script often to syncronize the two. But if it's a one-time dump, then presumably SQL Server can be convinced to dump out a flat-file that you can load into MySQL as you originally intended -- That's probably gonna be fastest/easiest for a one-time deal. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question
On Fri, October 7, 2005 6:54 am, Sven Simons wrote: When manually installing PHP it always gives me the status UNKNOWN. Definitely check $_SERVER instead of GetEnv to see if it gives you what you want. The only strange thing is that the phpinfo says that the ini file is located in C:\Winnt although it is not there (when installing manually it is in C:\PHP) In the old days, you'd be stuck with copying and maintaining C:\PHP into C:\Winnt Now, there's an Apache directive to let you define where php.ini lives. You'd have to switch from IIS to Apache to use it, though. But that's a good thing :-) -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Linux/PHP and Windows/MSSQL
On Thu, October 6, 2005 8:29 pm, Rick Emery wrote: Knowing that I'm not the only one to want to connect to Microsoft SQL Server on Windows from PHP and Apache on Linux, I'm seeking advice. You may want to consider using the Sybase drivers if they are available as up-to-date RPMs. Last time I checked, several years ago, they worked better/faster than the mssql drivers. YMMV -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] DNS lookups only sometimes
Thank you for your reply. You'd first have to show us the source code that does the email checks. In addition, see if you can dig out the httpd.conf and php.ini that are used on the production server, and post links to them, after removing any data you consider sensitive. As I am responsible for the machine, I have created the following site with all the information you have requested: http://emailtest.altig.ca There you will find: email.php (the actual script) email_php.php (the php code) httpd.conf php.ini I've set up several machines like this in the past, and have not done anything too fancy regarding Apache or PHP, and in fact, have used the Slackware 10.2 binaries for both. If there are any other questions you need before we can work towards a solution, please let me know! Otherwise, what to do next?! Best, Jadel -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: form not submitting when I change action from PHP_SELF to thanks page
On Thu, October 6, 2005 9:37 am, Robert Cummings wrote: when I add that code I can the following error msg when submitting the form. *Warning*: Cannot modify header information - headers already sent by (output started at /home/webadmin/dedicated75.virtual.vps- host.net/html/fortuneInteractive/Consultation_test.php:6http://host.net/html/fortuneInteractive/Consultation_test.php:6 http://host.net/html/fortuneInteractive/Consultation_test.php:6) in */home/webadmin/dedicated75.virtual.vps- host.net/html/fortuneInteractive/Consultation_test.phphttp://host.net/html/fortuneInteractive/Consultation_test.php http://host.net/html/fortuneInteractive/Consultation_test.php * on line *168* line 168 is the one with header( 'Location: thanks.php' ); on it. can anyone explain why this is happening and how to rectify? A long time ago, this error message would only have told you that the line 168 was wrong and that data had already been sent earlier. Now, however, buried in this error message, is the EXACT LINE of code where the data was already sent: /home/webadmin/dedicated75.virtual.vps-host.net/html/fortuneInteractive/Consultation_test.php:6 Line 6, of Consultation_test.php is the culprit. WARNING: Emacs, by default, on some system, will automatically ADD a newline character at the end of any file you edit. In older versions of PHP (possibly pre-dating this error message) that would be problematic. It may STILL be problematic for all I know. I don't use Emacs, but recall the grief it caused many a PHP beginner from long ago on the list. Disclosure: I may have been the first/loudest to request that the original line of data output be logged by PHP internally so that this message could inform you of this fact. Hell, for all I know, I'm the only guy that asked for it. Oh well. It's there. Use it. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How do I POST data with headers make the browser follow?
On Thu, October 6, 2005 4:52 am, Ragnar wrote: Everything you are trying to do with the cURL, multiple pages, and whatnot scares the bejesus out of me... Especially that you seem to be passing people's credit card numbers around in this manner. [shudder] I did see that there is a FOLLOWLOCATION option you can set in cURL when you do you request, and though wicked, just what I needed only to find out that it's not working (probably because I understand what it does wrong). Most definitely you mis-understood what it does. Here's what it REALLY does: Suppose when cURL loads up the URL you ask for, it gets this back: HTTP 302 Resource moved Location: http://example.com/new_location_for_it.htm If you have FOLLOWLOCATION set to 1, then cURL is just gonna go ahead and request the new Location: and get you the damn answer you asked for. If you have it set to 0, you only get back the output from the 302 page -- So you can figure out exactly what the server is doing, bouncing you around from page to page, with all these silly Location: headers, chewing up valuable HTTP connection resources, and basically putting a big server burden on whatever you are trying to get to. [Actually, if HTTP/1.1 is being used, and Keep-alive is working properly on all fronts, the burden is not so huge... But that's not a given for most servers/software today.] Pretty pretty please if anyone knows a solution for the above, let me know. So I don't have any answer for what you're trying to do, except to sit down and re-think all the bouncing around of data you're doing, and most importantly where/how the credit card numbers are being stored/transmitted, even in such temporary things as RAM, which is swapped to hard drive, which is susceptible to attack. On most shared servers, putting credit card info in SESSION data is Really Bad Idea (tm) as every other user on the shared system can troll through your session data with little to no effort. Oh, and I'd also like to add that the information I am trying to get to the 3rd page in the example is sensitive (Credit Card details etc.), so $_GET and $_COOKIE are out of the question. This statement alone makes me think that you believe that $_POST is somehow safer than $_GET and $_COOKIE. Please purge that idea right out of your head this instant. By the time you are on your PHP script, talking to some other server, the data you send to/from that other server, via GET, POST, or COOKIE is no more or less secure in any of the three. POST data from the browser is only 1/1th more secure than GET in that any idiot can see the Location URL and play with it, and it takes a tenth of a clue to do Save As.. and muck with the INPUT tags to change POST data... As an exercise, please try this yourself: Surf to some page that has a FORM on it. Save As... to your hard drive. Change the INPUT tags to whatever you think will cause interesting results on that server. Open that file in your browser and click on the Submit button. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP 4.4.1RC1
Hello! I packed PHP 4.4.1RC1 today, which you can find here: http://downloads.php.net/derick/ Please test it carefully, and report any bugs in the bug system, but only if you have a short reproducable test case. If everything goes well, we can release it somewhere at the end of next week. regards, Derick -- Derick Rethans http://derickrethans.nl | http://ez.no | http://xdebug.org -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] mail() with port authentication
On Wed, October 5, 2005 11:59 pm, Brian Dunning wrote: Do I need to use Pear to specify port 587 and authentication when sending mail? I could not find any way to do it using mail(). If you have access to sendmail.cf on your box, you can probably do it there... Or, put it this way: On MY box at home, I had to do this so the silly cable-modem provider wouldn't block my outdoing emails, and I'm NOT a Sendmail expert by any stretch of the imagination. In this case, I wanted ALL outgoing email to go to a different port, which my web/mail host has open for this very purpose. I dunno how tricky it would be to make it only happen for specific sender/recipient combinations etc... -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] sessions
On Wed, October 5, 2005 10:17 am, blackwater dev wrote: I have an old site which uses this code on login: //it does a query then if ($affected_rows0){ session_start(mysite); session_register('admin'); $wardadmin = yes; header(location: admin.php); } and in the top of admin.php: session_start(mysite); if (@$admin != yes) { header(location: login.php); exit; } The host recently upgraded to php 4.4 and now the login doesn't work. I do notice when I login that the page goes to admin the right back to login. Why doesn't admin see the session var? Not sure specifically what broke in 4.4 for you, but here some things that are wrong in your code... 1. Technically, it's Location with a capital L, I think. 2. Technically, you should provide a FULL URL to Location: 3. @$admin is suppressing an error message. What's the error message? 4. If you're not checking that 'admin' comes from $_SESSION, anybody from can surf to: admin.php?admin=yes 5. You are relying on register_globals being on and you shouldn't. http://php.net/register_globals might tell you more 6. You session_register('admin') but you change $wardadmin They should all match. Methinks maybe it's time for you to re-write this code :-) -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] caching parsed XML files as DOM objects in memory
On Wed, October 5, 2005 8:11 am, Petr Smith wrote: is it possible to cache parsed XML files somehow? I think this is the wrong question... I mean, OF COURSE, it's possible to cache them SOMEHOW. You could toss them in your file system, or a database, insert a machine with squid on it into the chain, or train an army of squirrels to memorize the XML. That last one might be impractical, as you'd need to breed super-smart squirrels first :-) I'm writing template library based on XML. But it's not very efficient to create new DomDocument, load XML template, process it and show on every page hit. XML parsing is not very fast, and because I'm parsing XHTML with entities, all DTD's are parsed too. I thought about something similar to java - there I can have servlet which lives all the time the server lives. It can load XML and parse it only for the first time and send DOM objects to another servlets. I need something similar with PHP, can it be done? I think you might want to avoid trying to do it the Java way in PHP. PHP is share-none by architectural design, not accident, so that you can scale up by throwing as much cheap/stock hardware at it as you can afford instead of being forced to buy a single bigger hardware box in the center for the shared data. It would probably make a lot more sense to store whatever you use to uniquely identify your XML source and the results in a database or filesystem, and then compare time-stamps in some simple business logic to decide to re-parse or serve from cache. Yes, that does just foist off the shared-data to the database, or file-system -- but those systems are specifically designed to handle this task for a long time now with a lot of heavily tested and optimized code. PHP and even Java can't really match that level of testing/optimization yet simply due to relative ages. If db and filesystem are too slow or you already have too many machines running this code-base, you could write your own PHP XML cache server that takes an XML id and either gets it from the db/file cache, or parses the true original, and set up your own server for this express purpose and really make it scream on speed... That's quite a bit of work, though, and for the simplicity of the code involved, you may be better off writing it as a C application... Or out-sourcing that bit of code to be written with specific timing targets for the employee to meet/beat to get their just due $$$. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] displaying image from blog
On Tue, October 4, 2005 12:07 pm, blackwater dev wrote: I am querying a MSSQL db where an jpg image is stored as a blog. I have this code: html head meta http-equiv=Content-Type content=image/jpg I don't think you can use Content-type for this purpose... Or, at least, I wouldn't expect browsers to be reliable in doing it. It MIGHT be just case-sensitive to Content-type... Rip out ALL the HTML code here, and do: /head body ? //Do the query include_once(../includes.list.php); $ms_sql= new ms_db(); $my_sql=new Database(); $query=select photo from cars where id=22; $data=$ms_sql-query($query); while($obj = $ms_sql-objects('',$data)){ header(Content-type: image/jpg); echo $obj-photo; } $data=$ms_sql-disconnect(); ? /body /html But when viewed I just get all the junk code: !1AQaq2ÂB'¡±à #3Rðbrà $4á%ñ'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyzâÆââ¦â â¡Ëâ°Å 'â¢ââËâ¢Å¡Â¢Â£Â¤Â¥Â¦Â§Â¨(c)ª²³´µ¶·¸¹ºÃÃÃà ÃÃÃÃÃÃÃÃÃÃÃÃÃÃâãäåæçèéêòóôõö÷øù What is wrong? The browser is showing you the JPEG as text If you had the actual JPEG, and you opened it in, like, Notepad or whatever, that's what you would see. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PROGRESS SQL_CUR_USE_ODBC
On Tue, October 4, 2005 11:47 am, cybermalandro cybermalandro wrote: I am connecting to a PROGRESS DB through the MERANT ODBC driver, When I have the 4th parameter SQL_CUR_USE_ODBC as shown, my queries return nothing but if I have the 4th parameter as lower case it returns my query results but with a PHP error complainning *Notice*: Use of undefined constant sql_cur_use_odbc - assumed 'sql_cur_use_odbc' Wtf? I don't get it, most of the documentation from people connecting to PROGRESS do have the 4th parameter uppercase can someone help me out ? Well, you could put apostrophes or quotes around it and get rid of the PHP Notice, and that would be syntactically correct for PHP. What it would mean to MERANT ODBC, though, I dunno... Though what you currently have, with lower-case, will be THE SAME to MERANT ODBC as adding the quotes, because that's what PHP is doing for you, and that's what the Notice is all about. Translation: PHP: You were supposed to put quotes on that sql_cur_use_odbc thing, but you didn't, so I did it for you. But this is probably NOT going to make things actually work as you expect. What happens next is that PHP has to convert your string sql_cur_use_odbc into a number. And that number will be 0. So then MERANT ODBC gets the integer 0 as that 4th argument. Which is probably NOT the number you want to send it to actually turn on this SQL CUR USE ODBC thingie, whatever that is. SQL_CUR_USE_ODBC is almost for sure an integer. You could see what it is by doing: echo SQL_CUR_USE_ODBC has the value: , SQL_CUR_USE_ODBC, hr /\n; in your code. If it's not 0, then adding quotes to suppress the PHP Notice is only masking a symptom, not fixing the real problem. I guess we'd need to know what your queries are, and if I had some clue what SQL_CUR_USE_ODBC was supposed to be doing, it would help... Hopefully somebody else can chime in on this part. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Dynamic sub directory listing without redirect
Hi List, I am trying to allow dynamic URL's for my users to remember similiar to: www.mysite.com/joesoap So I want to use joesoap in a PHP script to pick up the user's details from a MySQL database. If the joesoap does not exist in the table I will handle that. So basically I have one file www.mysite.com/index.php which should do all the processing. I have tried with the apache .htaccess mod_rewrite, however when I echo $_SERVER['PHP_SELF'] I can't detect the joesoap. It returns /index.php. Of course the easiest way is to do something like www.mysite.com/index.php?username=joesoap but that is too long and complicated for our users. As we have thousands of users, I don't want to create actual directories. Furthermore can this be done too (without a joesoap file): www.mysite.com/joesoap?show_extra_details=yes Any advice/links would be much appreciated. If I am barking up the wrong tree throw me a bone please. Thanks alot Terence -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Global unavailable?
Problem not reproducable. Test case used: --- a.inc.php: ?php $a = 123; --- b.inc.php: ?php require 'a.inc.php'; class b { function test() { global $a; echo $a; } } --- t.php: ?php require 'b.inc.php'; $x=new b(); $x-test(); --- Command line: php t.php Output: 123 I used PHP-5.1 RC1. No problem whatsoever. Such problems shouldn't arise in new versions since they are touching very basic concepts that didn't change. AllOLLi You see, Mr. President: The worlds hates America. And for good reason. (I wont bother going into details) [24 319] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Non-Javascript PHP Onsubmit function?
zzapper schrieb: Hi, I'd like to have a non-Javascript based general purpose Are you quite Sure? PHP form submitter, conventionally done using the Javascript Onsubmit Event. One way would be to store all the Form Variables in hidden fields generated by a foreach $_POST but anyone have anything simpler? How about the user saying no? You would have to return to the form page and repopulate the form with the data. So not storing the data in a usable format is not an option. Here's a dirty hack: How about displaying the same form in a hidden DIV? OK, that one was cruel... A better one: You could fetch the RAW post data and store it in the session. Problems arise when there's more than one window open! Use a unique ID for the form. Best solution: Use the hidden fields! AllOLLi Sidney: Are you sure you don't wanna stay for dinner. Eric: I'd love to but... I gotta save the world. [Alias 402] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Dynamic sub directory listing without redirect
http://httpd.apache.org/docs/2.0/misc/rewriteguide.html AllOLLi -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Dynamic sub directory listing without redirect
On 10/7/05, Terence [EMAIL PROTECTED] wrote: Hi List, I am trying to allow dynamic URL's for my users to remember similiar to: www.mysite.com/joesoap So I want to use joesoap in a PHP script to pick up the user's details from a MySQL database. If the joesoap does not exist in the table I will handle that. So basically I have one file www.mysite.com/index.php which should do all the processing. I have tried with the apache .htaccess mod_rewrite, however when I echo $_SERVER['PHP_SELF'] I can't detect the joesoap. It returns /index.php. Of course the easiest way is to do something like www.mysite.com/index.php?username=joesoap but that is too long and complicated for our users. As we have thousands of users, I don't want to create actual directories. Furthermore can this be done too (without a joesoap file): www.mysite.com/joesoap?show_extra_details=yes Any advice/links would be much appreciated. If I am barking up the wrong tree throw me a bone please. mod_rewrite can handle this easy enough: RewriteEngine on RewriteRule ^([a-z].*) /index.php?username=$1 [L,qsappend] RewriteRule ^$ /index.php [L,qsappend] $_GET[ 'username' ] will be available in your index.php when you pass a url like: www.mysite.com/joesoap This can be expanded for more variables/matches by adding more matching groups to the regex. ^([a-z].*)/([a-z].*) and so forth. -- Greg Donald Zend Certified Engineer MySQL Core Certification http://destiney.com/
Re: [PHP] Re: Non-Javascript PHP Onsubmit function?
Oliver Grätz wrote: zzapper schrieb: Hi, I'd like to have a non-Javascript based general purpose Are you quite Sure? PHP form submitter, conventionally done using the Javascript Onsubmit Event. One way would be to store all the Form Variables in hidden fields generated by a foreach $_POST but anyone have anything simpler? How about the user saying no? You would have to return to the form page and repopulate the form with the data. So not storing the data in a usable format is not an option. Here's a dirty hack: How about displaying the same form in a hidden DIV? OK, that one was cruel... A better one: You could fetch the RAW post data and store it in the session. Problems arise when there's more than one window open! Use a unique ID for the form. Best solution: Use the hidden fields! I disagree. Best solution: Don't use a confirmation thing, provide the ability to undo changes instead. That way you don't piss off the advanced users who KNOW what they're doing, but you still allow the less advanced users to undo changes they accidentally make. -- Jasper Bryant-Greene Freelance web developer http://jasper.bryant-greene.name/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Dynamic sub directory listing without redirect
Hi List, I am trying to allow dynamic URL's for my users to remember similiar to: www.mysite.com/joesoap So I want to use joesoap in a PHP script to pick up the user's details from a MySQL database. If the joesoap does not exist in the table I will handle that. So basically I have one file www.mysite.com/index.php which should do all the processing. I have tried with the apache .htaccess mod_rewrite, however when I echo $_SERVER['PHP_SELF'] I can't detect the joesoap. It returns /index.php. Of course the easiest way is to do something like www.mysite.com/index.php?username=joesoap but that is too long and complicated for our users. As we have thousands of users, I don't want to create actual directories. Furthermore can this be done too (without a joesoap file): www.mysite.com/joesoap?show_extra_details=yes Any advice/links would be much appreciated. If I am barking up the wrong tree throw me a bone please. If you are using apache, add this to your VirtualHost section for www.mysite.com: ForceType application/x-httpd-php Action application/x-httpd-php /script-to-handle-every-request.php Then in your document root, put a file named script-to-handle-every-request.php and do whatever you want. You'll probably want to start by looking at $_SERVER[PATH_INFO] and go from there. I do this to make urls easier to remember for our sales guys so they don't have to remember that www.mysite.com:8001 is their sales demo site. Instead they can remember salesdemo.mysite.com/philip and it redirects them. good luck! -philip -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Dynamic sub directory listing without redirect
-Original Message- From: Terence [mailto:[EMAIL PROTECTED] Sent: Friday, October 07, 2005 11:19 PM To: php-general@lists.php.net Subject: [PHP] Dynamic sub directory listing without redirect Hi List, I am trying to allow dynamic URL's for my users to remember similiar to: www.mysite.com/joesoap So I want to use joesoap in a PHP script to pick up the user's details from a MySQL database. If the joesoap does not exist in the table I will handle that. So basically I have one file www.mysite.com/index.php which should do all the processing. I have tried with the apache .htaccess mod_rewrite, however when I echo $_SERVER['PHP_SELF'] I can't detect the joesoap. It returns /index.php. Of course the easiest way is to do something like www.mysite.com/index.php?username=joesoap but that is too long and complicated for our users. As we have thousands of users, I don't want to create actual directories. Furthermore can this be done too (without a joesoap file): www.mysite.com/joesoap?show_extra_details=yes Any advice/links would be much appreciated. If I am barking up the wrong tree throw me a bone please. Thanks alot Terence Hi Terence, I would handle this in a custom 404 error script. Essentially, just have the 404 page parse out the joesoap, check the database to see if its valid, and act accordingly. JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php