php-general Digest 12 Mar 2006 12:39:06 -0000 Issue 4011
php-general Digest 12 Mar 2006 12:39:06 - Issue 4011 Topics (messages 231797 through 231800): Re: Possible hacker using php script to send e-mails? 231797 by: Manuel Lemos 231799 by: Julius Hacker Re: PHP/CSS/Javascript question 231798 by: Jesús Fernández mb_strpos index woes 231800 by: joseph Administrivia: To subscribe to the digest, e-mail: [EMAIL PROTECTED] To unsubscribe from the digest, e-mail: [EMAIL PROTECTED] To post to the list, e-mail: php-general@lists.php.net -- ---BeginMessage--- Hello, on 03/11/2006 04:12 PM Rasmus Lerdorf said the following: I am running php 4.x on a suse 9.x machine. There is a php script which resides on a webapp that is responsible for sending e-mail to myself in case of errors like db-errors or similar. Called error.php This script does include phpmailer and uses it to send the e-mails to me. Now I am receiving on the e-mail specified as TO: e-mails with different subject than specified and different text?! All english text with wired sentences, must be a bot or so. How is this possible? The subject line is fixed and right after that commend send is executed. So no idea how they do it and how I can prevent it. It looks like this: $mail-Subject = 'Fehlerbericht'; $mail-Send(); How is it possible that they change this subject line? I checked the server log and each time an e-mail has been sent to me of that kind there is a logentry in apache log that says that this script has been executed. So the e-mails definatelly come from that script?! If you are setting message headers with untrusted values that may contain line breaks, that is your problem. Line breaks make mail systems interpret the next line as a new header. That header may be used to inject new recipients for instance using Bcc: . You can have line breaks in header but you need to escape them properly so they are interpreted as continuation lines rather than new headers. That is only true for the additional_headers (4th) argument to the mail function. That argument is specifically for doing free-form headers, so as long as you only use the to, subject and message arguments to the mail function you are safe. That is what I said, sending headers with untrusted values, so people have to use the 4th argument to set for instance the From: header. This From: header is often set to values set in forms to the e-mail address and name of the person that is trying to contact the site people. That is usually from where most the PHP mail form abuses come from. As I said line breaks in the From: or other headers are not invalid. Actually line breaks should be used to comply with RFC recommendations and do not exceed the 78/998 line length limit. When these limits are exceeded, messages may arrive corrupted. The mail function is a better than nothing solution. It can still be used but to send RFC compliant messages, often it is necessary to correctly format message contents. That is why I always recommend this or other class that takes care of those (many) details: http://www.phpclasses.org/mimemessage -- Regards, Manuel Lemos Metastorage - Data object relational mapping layer generator http://www.metastorage.net/ PHP Classes - Free ready to use OOP components written in PHP http://www.phpclasses.org/ ---End Message--- ---BeginMessage--- Merlin wrote: Hi there, I am running php 4.x on a suse 9.x machine. There is a php script which resides on a webapp that is responsible for sending e-mail to myself in case of errors like db-errors or similar. Called error.php This script does include phpmailer and uses it to send the e-mails to me. Now I am receiving on the e-mail specified as TO: e-mails with different subject than specified and different text?! All english text with wired sentences, must be a bot or so. How is this possible? The subject line is fixed and right after that commend send is executed. So no idea how they do it and how I can prevent it. It looks like this: $mail-Subject = 'Fehlerbericht'; $mail-Send(); How is it possible that they change this subject line? I checked the server log and each time an e-mail has been sent to me of that kind there is a logentry in apache log that says that this script has been executed. So the e-mails definatelly come from that script?! Can anybody help? Regards, Merlin Simply check whether the script using the error.php is including it (I think you include the error.php, right?). E. g. you can set a variable in your other script and check in the error.php wether the variable is set or not. This way only your script can use the error.php and noboy can abuse it :) -- Regards Julius Hacker http://www.julius-hacker.de [EMAIL PROTECTED] OpenPGP-Key-ID: 0x4B4A486E ---End Message--- ---BeginMessage--- On 3/11/06, Paul Goepfert [EMAIL PROTECTED] wrote: Hi all, Is it possible to
[PHP] what would a c extension buy me
hi, my site is www.myowndictionary.com i use javascript to create definitions for words (from open source dictionaries) as pop-ups and hook word-lists for vocabulary study with that. i can now parse the html from rss feeds and match only text of interest. i just wrote my own multibyte html parser by combining various other code i already had on hand for the parsing of multibyte text anyhow. but, that's not the slowest part. that takes maybe 3 seconds to get the page, 3 seconds to parse it, but it sometimes takes 5 minutes for the next step on huge rss files. (I know the time because they are cached) that last step... The slow part that's left is the dictionary searching itself. It's the parsing of complicated php code -- 550 lines of complex data structure loops, function calls, looping through arrays to make sql queeries -- lots of sql queeries the seconds ~ 5 minute it takes it all takes so much time. i want to ask for opinion about: 1) rewriting the php as C extension. Would it slow my down to the below 15 second range? 2) does mysql have server-side functions yet? 3) if i moved the php code off mysql to postgresql and wrote server-side functions (which i've been trained to do), how much of a time improvement would we be talking about? please send me your input! i am at a growing stage and need direction here. because any of those steps will require considerable time. thank you. joseph. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP/CSS/Javascript question
Hi all, Is it possible to modify a table using JavaScript to control CSS visabilty when the entire table is developed dynamically using PHP? Thanks, Paul Paul: I am sure that you can change css via javascript, but you can as well with php -- see: http://www.sperling.com/examples/styleswitch/ tedd -- http://sperling.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP/CSS/Javascript question
Hi all,
Is it possible to modify a table using JavaScript to control CSS
visabilty when the entire table is developed dynamically using PHP?
Thanks,
Paul
You don't need to change the CSS (I don't even know if it is possible), but
you can change specific styles of any element within the HTML. For example:
document.getElementById('IdOfDivContainingTable').style.display='none';
It is particularly usefull to enclose whichever set of elements that you
wish to change into a single entity, a DIV or SPAN, if at all possible.
Styles assigned in this way have precedence over those from a style sheet
Satyam
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP/CSS/Javascript question
Hi all,
Is it possible to modify a table using JavaScript to control CSS
visabilty when the entire table is developed dynamically using PHP?
Thanks,
Paul
Satyam said:
You don't need to change the CSS (I don't even know if it is
possible), but you can change specific styles of any element within
the HTML. For example:
Yes, it's just a text file -- it can be re-written. However, it needs
to be loaded again to take affect.
document.getElementById('IdOfDivContainingTable').style.display='none';
It is particularly usefull to enclose whichever set of elements that
you wish to change into a single entity, a DIV or SPAN, if at all
possible.
That's the main principle of ajax, isn't it? Using DOM to apply
changes within the document. It might be old-hat to most, but I find
it fascinating.
Styles assigned in this way have precedence over those from a style sheet
The precedence is simply inheritance -- last stated is applied.
tedd
--
http://sperling.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP/CSS/Javascript question
- Original Message -
From: tedd [EMAIL PROTECTED]
Hi all,
Is it possible to modify a table using JavaScript to control CSS
visabilty when the entire table is developed dynamically using PHP?
Thanks,
Paul
Satyam said:
You don't need to change the CSS (I don't even know if it is possible),
but you can change specific styles of any element within the HTML. For
example:
Yes, it's just a text file -- it can be re-written. However, it needs to
be loaded again to take affect.
And it affects all documents of all users. Suddenly, by the action of one
user, all other users reaching the same page will see things as per the
actions of another user. Unless you take care to keep separate CSS files.
document.getElementById('IdOfDivContainingTable').style.display='none';
It is particularly usefull to enclose whichever set of elements that you
wish to change into a single entity, a DIV or SPAN, if at all possible.
That's the main principle of ajax, isn't it? Using DOM to apply changes
within the document. It might be old-hat to most, but I find it
fascinating.
No, this is not AJAX, it is simply using the DOM. Ajax also involves
communication with the server in the background.
Styles assigned in this way have precedence over those from a style sheet
The precedence is simply inheritance -- last stated is applied.
No, if you dynamically load a new stylesheet after you set the style of an
element using the DOM, this style would still have precedence over the new
stylesheet. The precedence of styles is set by how you set it. Setting a
style through the DOM has precedence over CSS attributes, which have
precedence over styles specified by the style HTML attribute which has
precedence over the default rendering of an element. Only within the same
category the order of assignment would matter.
And, by the way, yes, you can load a new stylesheet.
Satyam
tedd
--
http://sperling.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Phone number validation
Hi all,
I am trying to validate phone numbers in a web form that I have
created. I am using a regular expression to validate the phone
number. It seems when I enter the phone number in the following ways
I get errors
(123) 456 7890
123 456 7890
(123) 456 - 7890
123 456-7890
I am using the ereg method in php to test the regular expression.
Here is the Regular Expression that I am using to test against
potential phone numbers
$validPhone = ^([0-9]{3}[ ]*)?[0-9]{3}[ ]*[0-9]{4}$;
By the way The phone numbers are in US format.
If anyone can help me with this I would really appreciate it.
Thanks,
Paul
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Phone number validation
On Sun, Mar 12, 2006 at 12:09:42PM -0700, Paul Goepfert wrote:
Hi all,
I am trying to validate phone numbers in a web form that I have
created. I am using a regular expression to validate the phone
number. It seems when I enter the phone number in the following ways
I get errors
(123) 456 7890
123 456 7890
(123) 456 - 7890
123 456-7890
Dont forget:
123.456.780
1-123-456-7890
...
$validPhone = ^([0-9]{3}[ ]*)?[0-9]{3}[ ]*[0-9]{4}$;
By the way The phone numbers are in US format.
With US phone numbers I always use this approach to avoid what
format people use to enter the phone:
- Remove any non digit
$check_phone = preg_replace('/[^0-9]/', '', $phone);
- If $check_phone strlen 10.. invalid
- if $check_phone strlen == 11 first char == '1'.. remove it
- if $check_phone strlen == 10, seems ok
- possible area code check with prefix check (if have db to
support that)
I would even go as far as storing the phone striped of any
formating and only format it when you display it.
The other option would to make three seperate input fields in the
form and join them together in your script:
(input name=phone[area]) input name=phone[code]-input
name=phone[num]
Curt.
--
cat .signature: No such file or directory
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Why Session can't be timed out!
On Sat, Mar 11, 2006 at 09:44:01PM +0800, wrote: Excuse me,when i develop programe php in linux FC3 , i want the life time of the session to be 20 minutes ,i do the follow things in the php.ini file What version of PHP are we talking about with FC3? 1.change session.gc_maxlifetime = 1200 2.change session.gc_probability = 100 3.change session.use_cookies = 0 The only one, in that list, that may effect when a session expires is the gc_maxlifetime. Wich means data not accessed in the seconds specified is able to be removed by the gc (garbage collection) system. The key setting you want is: session.cache_expire 4. restart the apache server and it does work happily, how can i troubeshooting this problem ? Does or doesn't, this is confusing me wether you have a problem with the session lifetime working or not? Curt. -- cat .signature: No such file or directory -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PDOStatement::execute() Return Values
On Fri, Mar 10, 2006 at 12:09:44PM -0500, Chris wrote:
Under what circumstances does PDOStatement::execute() return false?
It seems to always return true.
I'm assuming you have some code like:
$sth = $dbh-prepare($sql);
if(! $sth-execute() ) {
// false
} else {
//true
}
When it returns false sort of depends what kind of $sql you have.
if you have something like:
select * from something ...
-execute() will return true probably about 99.9% of the time,
except for cases like when you loose a connection to the db, since
the prepare() does the parsing of the statment, the errors in
parsing will occur at prepare().
If you have something like:
insert into blah values(something)
The -execute will fail if you violate a constraint on the DB like
a primary/foreign/unique key constraint.
Basically anytime the db server responsed with: Um this isn't
allowed even though the syntax is valid.
HTH,
Curt.
--
cat .signature: No such file or directory
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] DB calls vs Session solution
On Fri, Mar 10, 2006 at 02:10:54PM +0200, Thomas wrote: Hi there, Quick question on performance: I have got some expensive sql queries (doing lots of LEFT JOINS) that result in anything between 10 to 1 results. I need to do paging on those. So far I have used a LIMIT solution which will not do anymore because you don't get the whole total. The next couple paragraphs are assuming your are using mysql. A little side note (assuming your using Mysql), there is a select option called SQL_CALC_FOUND_ROWS, which will allow you to know the total of rows even though you specify a LIMIT clause. Becareful with this though, mysql has to perform the query fully before doing anything so it can be harmful with large results sets from queries. The first thing I would look at is, if there is a way you can make the query not have to use a left join, and ensure that indexes are all properly used. Another helpful suggestion is the SQL_CACHE option, this will take the logic of caching data from your hands. Be careful, again, cause if you are dealing with a heavily modified table it will bite you in the ass. Now, the idea is to store the results (or the sql query string?) in the session to avoid too many db calls (on paging). The question now is: is the serializing/unserializing more expensive than another db call? Well it depends. At first you might notice that you execute a query that takes very long 4 seconds before a response happens, you then store the resulted data in a session array variable. On the next page you just jump to the proper record from the array of data you have stored in the session array, and the page loads much quicker, probably less than 2 seconds (of course pending how many results your dealing with. The problem with this approach is you are taking the cost of the CPU to other resources, like disk usage, memory usage, as well with managing the session data yourself. If we take a resultset of 5000 records, with the above method those records will have to be stored in the session of some sort of array. Stored on that may or may not be used again. And if you get a medium load say 25 requests per second, now all this data is being transfered to a local disk. Now your bottle neck is your hard drive. I guess what I'm saying is try to find a solution on how to do this at the Database level vs trying to solve it with php, even if it means you have to flatten your table structure for the searches you are looking for. Curt. -- cat .signature: No such file or directory -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Phone number validation
On 3/12/06, Curt Zirzow [EMAIL PROTECTED] wrote:
On Sun, Mar 12, 2006 at 12:09:42PM -0700, Paul Goepfert wrote:
Hi all,
I am trying to validate phone numbers in a web form that I have
created. I am using a regular expression to validate the phone
number. It seems when I enter the phone number in the following ways
I get errors
(123) 456 7890
123 456 7890
(123) 456 - 7890
123 456-7890
Dont forget:
123.456.780
1-123-456-7890
...
$validPhone = ^([0-9]{3}[ ]*)?[0-9]{3}[ ]*[0-9]{4}$;
By the way The phone numbers are in US format.
With US phone numbers I always use this approach to avoid what
format people use to enter the phone:
- Remove any non digit
$check_phone = preg_replace('/[^0-9]/', '', $phone);
I just want to be sure about something. Is there a second quotation
mark missing? I only count one and I added a space between the
quotes.
Paul
- If $check_phone strlen 10.. invalid
- if $check_phone strlen == 11 first char == '1'.. remove it
- if $check_phone strlen == 10, seems ok
- possible area code check with prefix check (if have db to
support that)
I would even go as far as storing the phone striped of any
formating and only format it when you display it.
The other option would to make three seperate input fields in the
form and join them together in your script:
(input name=phone[area]) input name=phone[code]-input
name=phone[num]
Curt.
--
cat .signature: No such file or directory
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] X-Mailer and headers when sending mail
On Thu, Mar 09, 2006 at 05:27:11PM -0800, Angelo Zanetti wrote: Hi guys. When adding additional headers to an email that gets sent from the mail function. What purpose does the X-Mailer have? Any X-* header is generally a header that is not a standard but a way to trace things. Or still in eXperimental mode, not a standard yet, but a (becomming) common practice. X-Mailer:, has been in practice, to specify what software version/versions automatically mailed the email, usually from sort of script, ie: X-Mailer: phpmailer-3.2/php-4.3 Also are the following linked: -X-Priority -Importance -X-MSMail-Priority No. Personally, those things are rather useless, practically everyone sends message with those flags set at 'High', my client ignores those. Another question is can I omit the Message-ID for the email? or will this result in some mail servers viewing the mail as spam? What criteria do I use to generate the Message-ID? The message-id is generated by the MTA you shouldn't be generating this on your own. The only basic headers you ever (really) need to send is: To: valid email address From: valid from address Subject: A Subject Subject even isn't 100% needed. I've seen: $headers .= Message-ID: .date(YmdHis).you@.$_SERVER['SERVER_NAME'].\n; is this ok? No, forget about message-id in your headers. Perhaps if someone has a link on the headers for a mail that could help me it would be much appreciated. There are quite a few on google, I'm not entirely clear what focus you desire on the headers you desire. Curt. -- cat .signature: No such file or directory -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Phone number validation
On Sun, Mar 12, 2006 at 01:48:28PM -0700, Paul Goepfert wrote:
On 3/12/06, Curt Zirzow [EMAIL PROTECTED] wrote:
With US phone numbers I always use this approach to avoid what
format people use to enter the phone:
- Remove any non digit $check_phone =
preg_replace('/[^0-9]/', '', $phone);
I just want to be sure about something. Is there a second
quotation mark missing? I only count one and I added a space
between the quotes.
I'm not sure what you're seeing but the line reads like this:
http://pastebin.com/598522
Curt.
--
cat .signature: No such file or directory
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Phone number validation
I didn't realize that those were single quotes. I printed out the
email message and it looked like one set of double quotes for the
second parameter rather the two single quotes.
Is it possible for anyone to tell me what php method is used to grab
the first charater of a string? And onece I have it what method
removes the characted or number?
I know this seems trivial but I am still new to php and I don't have a
good understanding of the language yet. The more I do the better I'll
get.
Thanks
Paul
On 3/12/06, Curt Zirzow [EMAIL PROTECTED] wrote:
On Sun, Mar 12, 2006 at 01:48:28PM -0700, Paul Goepfert wrote:
On 3/12/06, Curt Zirzow [EMAIL PROTECTED] wrote:
With US phone numbers I always use this approach to avoid what
format people use to enter the phone:
- Remove any non digit $check_phone =
preg_replace('/[^0-9]/', '', $phone);
I just want to be sure about something. Is there a second
quotation mark missing? I only count one and I added a space
between the quotes.
I'm not sure what you're seeing but the line reads like this:
http://pastebin.com/598522
Curt.
--
cat .signature: No such file or directory
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP/CSS/Javascript question
JF on March 11th answered it appropriately.
Please take this topic off this group.
Thanks.
On 3/12/06, Satyam [EMAIL PROTECTED] wrote:
- Original Message -
From: tedd [EMAIL PROTECTED]
Hi all,
Is it possible to modify a table using JavaScript to control CSS
visabilty when the entire table is developed dynamically using PHP?
Thanks,
Paul
Satyam said:
You don't need to change the CSS (I don't even know if it is possible),
but you can change specific styles of any element within the HTML. For
example:
Yes, it's just a text file -- it can be re-written. However, it needs to
be loaded again to take affect.
And it affects all documents of all users. Suddenly, by the action of one
user, all other users reaching the same page will see things as per the
actions of another user. Unless you take care to keep separate CSS files.
document.getElementById('IdOfDivContainingTable').style.display='none';
It is particularly usefull to enclose whichever set of elements that you
wish to change into a single entity, a DIV or SPAN, if at all possible.
That's the main principle of ajax, isn't it? Using DOM to apply changes
within the document. It might be old-hat to most, but I find it
fascinating.
No, this is not AJAX, it is simply using the DOM. Ajax also involves
communication with the server in the background.
Styles assigned in this way have precedence over those from a style
sheet
The precedence is simply inheritance -- last stated is applied.
No, if you dynamically load a new stylesheet after you set the style of an
element using the DOM, this style would still have precedence over the
new
stylesheet. The precedence of styles is set by how you set it. Setting a
style through the DOM has precedence over CSS attributes, which have
precedence over styles specified by the style HTML attribute which has
precedence over the default rendering of an element. Only within the
same
category the order of assignment would matter.
And, by the way, yes, you can load a new stylesheet.
Satyam
tedd
--
http://sperling.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
Anas Mughal
Re: [PHP] Phone number validation
Paul:
Also check out:
http://www.weberdev.com/get_example-3605.html
tedd
Hi all,
I am trying to validate phone numbers in a web form that I have
created. I am using a regular expression to validate the phone
number. It seems when I enter the phone number in the following ways
I get errors
(123) 456 7890
123 456 7890
(123) 456 - 7890
123 456-7890
I am using the ereg method in php to test the regular expression.
Here is the Regular Expression that I am using to test against
potential phone numbers
$validPhone = ^([0-9]{3}[ ]*)?[0-9]{3}[ ]*[0-9]{4}$;
By the way The phone numbers are in US format.
If anyone can help me with this I would really appreciate it.
Thanks,
Paul
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
http://sperling.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP/CSS/Javascript question
Yes, it's just a text file -- it can be re-written. However, it
needs to be loaded again to take affect.
And it affects all documents of all users. Suddenly, by the action
of one user, all other users reaching the same page will see things
as per the actions of another user. Unless you take care to keep
separate CSS files.
Yes, that's true -- but I was thinking that the user was the coder
and that's what he/she wanted to do -- not that it was open to users
to change per their whim.
Perhaps I misunderstood the original post.
document.getElementById('IdOfDivContainingTable').style.display='none';
It is particularly usefull to enclose whichever set of elements
that you wish to change into a single entity, a DIV or SPAN, if at
all possible.
That's the main principle of ajax, isn't it? Using DOM to apply
changes within the document. It might be old-hat to most, but I
find it fascinating.
No, this is not AJAX, it is simply using the DOM. Ajax also
involves communication with the server in the background.
Yes, you are correct -- thanks for the clarification. At this point
in my learning, both appear so intertwined that they are synonymous.
Styles assigned in this way have precedence over those from a style sheet
The precedence is simply inheritance -- last stated is applied.
No, if you dynamically load a new stylesheet after you set the style
of an element using the DOM, this style would still have precedence
over the new stylesheet. The precedence of styles is set by how you
set it. Setting a style through the DOM has precedence over CSS
attributes, which have precedence over styles specified by the style
HTML attribute which has precedence over the default rendering of an
element. Only within the same category the order of assignment
would matter.
And, by the way, yes, you can load a new stylesheet.
As Johnny Carson said often I didn't know that! -- thanks.
So it's: DOM CSS HTML Browser Default -- is that the
precedence you are saying?
tedd
--
http://sperling.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] LDAP and Single Sign On MORE THOUGHTS
Quoting Rory Browne [EMAIL PROTECTED]: I've got a bit lost on this, but assuming that we are talking about an intranet enviornment, with windows/IE6 clients, and apache servers, then personally: I would check logins based on a valid session. If the user doesn't have a session they aren't logged in. Store the username in the session variable. PHP session variables are AFAIK designed to be hard to detect and fake. Any code that is run under a http:// website ( as opposed to an ssl or https:// one ), reads the session(ie does not write to it). Any authentication should be done using a script accessed over https, protected by mod_auth_kerb. The http:// script would be accessed by the person when they first access the protected site. The protected site would detect that the user is not logged in, and redirect them to the authentication site(which is behind mod_auth_kerb, and https), which would create the session, and redirect the user back, to the page where they originally tried to access. I think you're talking about the user logging on once through a web page and carrying that authentication throughout. We're (or *I* am, at least) talking about the user logging on to the network (LDAP or, in my case, Active Directory) and using those credentials for the web applications. Rick -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP/CSS/Javascript question
- Original Message -
From: tedd [EMAIL PROTECTED]
Yes, it's just a text file -- it can be re-written. However, it needs to
be loaded again to take affect.
And it affects all documents of all users. Suddenly, by the action of one
user, all other users reaching the same page will see things as per the
actions of another user. Unless you take care to keep separate CSS files.
Yes, that's true -- but I was thinking that the user was the coder and
that's what he/she wanted to do -- not that it was open to users to change
per their whim.
Perhaps I misunderstood the original post.
Well, the original question was quite short. Either of us might be right or
wrong. I assumed the case of a table with optional sub-items, like an
expanding tree, or a menu or a table with categories where you want to
expand any of the categories into its components.
document.getElementById('IdOfDivContainingTable').style.display='none';
It is particularly usefull to enclose whichever set of elements that you
wish to change into a single entity, a DIV or SPAN, if at all possible.
That's the main principle of ajax, isn't it? Using DOM to apply changes
within the document. It might be old-hat to most, but I find it
fascinating.
No, this is not AJAX, it is simply using the DOM. Ajax also involves
communication with the server in the background.
Yes, you are correct -- thanks for the clarification. At this point in my
learning, both appear so intertwined that they are synonymous.
Styles assigned in this way have precedence over those from a style
sheet
The precedence is simply inheritance -- last stated is applied.
No, if you dynamically load a new stylesheet after you set the style of an
element using the DOM, this style would still have precedence over the
new stylesheet. The precedence of styles is set by how you set it.
Setting a style through the DOM has precedence over CSS attributes, which
have precedence over styles specified by the style HTML attribute which
has precedence over the default rendering of an element. Only within the
same category the order of assignment would matter.
And, by the way, yes, you can load a new stylesheet.
As Johnny Carson said often I didn't know that! -- thanks.
So it's: DOM CSS HTML Browser Default -- is that the precedence
you are saying?
That's what my manual says. I remembered there was some precedence issue
from some code of mine, some time ago, that didn't work as expected. I
think it was a style= attribute that wasn't working while when assigning
it via the DOM did, and I couldn't figure out until I realized that a CSS
definition was in between, having higher precedence than the style
attribute, but lower than the DOM. One of those bugs that drive you nuts.
Satyam
tedd
--
http://sperling.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] what would a c extension buy me
joseph wrote: hi, my site is www.myowndictionary.com i use javascript to create definitions for words (from open source dictionaries) as pop-ups and hook word-lists for vocabulary study with that. i can now parse the html from rss feeds and match only text of interest. i just wrote my own multibyte html parser by combining various other code i already had on hand for the parsing of multibyte text anyhow. but, that's not the slowest part. that takes maybe 3 seconds to get the page, 3 seconds to parse it, but it sometimes takes 5 minutes for the next step on huge rss files. (I know the time because they are cached) that last step... The slow part that's left is the dictionary searching itself. It's the parsing of complicated php code -- 550 lines of complex data structure loops, function calls, looping through arrays to make sql queeries -- lots of sql queeries the seconds ~ 5 minute it takes it all takes so much time. i want to ask for opinion about: 1) rewriting the php as C extension. Would it slow my down to the below 15 second range? Who knows? We don't know what the code does or how it works. C will be quicker because it's already compiled. It will be harder to maintain and debug because it's compiled. 2) does mysql have server-side functions yet? Mysql 5 has stored procedures if that's what you mean. 3) if i moved the php code off mysql to postgresql and wrote server-side functions (which i've been trained to do), how much of a time improvement would we be talking about? See # 1. -- Postgresql php tutorials http://www.designmagick.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Phone number validation
On 3/12/06, tedd [EMAIL PROTECTED] wrote:
Paul:
Also check out:
http://www.weberdev.com/get_example-3605.html
tedd
Hi all,
I am trying to validate phone numbers in a web form that I have
created. I am using a regular expression to validate the phone
number. It seems when I enter the phone number in the following ways
I get errors
(123) 456 7890
123 456 7890
(123) 456 - 7890
123 456-7890
I am using the ereg method in php to test the regular expression.
Here is the Regular Expression that I am using to test against
potential phone numbers
$validPhone = ^([0-9]{3}[ ]*)?[0-9]{3}[ ]*[0-9]{4}$;
By the way The phone numbers are in US format.
If anyone can help me with this I would really appreciate it.
Thanks,
Paul
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
One suggestion is to have 1 field for all countries, I believe the total is
23?
+011-049-069-13788-1234
http://sperling.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
Anthony Ettinger
Signature: http://chovy.dyndns.org/hcard.html
[PHP] determining client's external IP
My web page needs to determine the client's external IP address, i.e., the IP address that others viewing the web page would be able to use to contact that user's machine (assuming they've setup the appropriate forwarding into their actual machine of course). In this environment the clients want their external IP to be correctly reported, so there's no issue of people trying to spoof and show a wrong IP. I'm currently using $_SERVER['REMOTE_ADDR'] as this seemed like the best approach as I thought it would yield the IP as seen from the web server and hence, hopefully, as seen by everyone else on the internet. This works in many cases, but in a couple cases users have reported issues with others not being able to use the IPs the web page reports to contact their machines. In these cases the $_SERVER['REMOTE_ADDR'] seems to be returning a different IP than what www.whatismyip.com http://www.whatismyip.com returned, for example. Is there another reccomended way to get the client's externally visible IP address? Or is $_SERVER['REMOTE_ADDR'] the right approach but might not always work? Thanks! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] php, fastcgi, mpm-worker and apache bottlenecks
Hi there, im am planning to spec the software install for one of our machines that gets an insane ammount of hits and traffic from referring sites. Im looking into if running the php for this server under fastcgi instead of as a php apache module will help reduce and apache bottlenecks ? Most of the scripting is done via perl and fastcgi, but there is some third party apps which run on php, there is also minimal mysql activity. Being more specific here, my question is will php running under fastcgi, being able to work in a multi-threaded apache environment running mpm-worker ? I know its not compatible as im aware, but under the standard apache module install. Its a long shot but if anyone has any recommendations let me know, or else ill have to stick to installing apache2 in pre-fork mode and tweak the settings as much as possible ? Let me know thanks. Daniel -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php, fastcgi, mpm-worker and apache bottlenecks
Dan Rossi wrote: Hi there, im am planning to spec the software install for one of our machines that gets an insane ammount of hits and traffic from referring sites. Im looking into if running the php for this server under fastcgi instead of as a php apache module will help reduce and apache bottlenecks ? Most of the scripting is done via perl and fastcgi, but there is some third party apps which run on php, there is also minimal mysql activity. Being more specific here, my question is will php running under fastcgi, being able to work in a multi-threaded apache environment running mpm-worker ? I know its not compatible as im aware, but under the standard apache module install. Its a long shot but if anyone has any recommendations let me know, or else ill have to stick to installing apache2 in pre-fork mode and tweak the settings as much as possible ? Don't know about the rest but php will compile fine as a fastcgi module. Add --enable-fastcgi to your configure command (I don't think there are any packages that do this by default so you'll have to compile it from source - but I could be wrong). -- Postgresql php tutorials http://www.designmagick.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php, fastcgi, mpm-worker and apache bottlenecks
Source is fine, i never install php with binaries, lets see how i go. On 13/03/2006, at 1:12 PM, Chris wrote: Dan Rossi wrote: Hi there, im am planning to spec the software install for one of our machines that gets an insane ammount of hits and traffic from referring sites. Im looking into if running the php for this server under fastcgi instead of as a php apache module will help reduce and apache bottlenecks ? Most of the scripting is done via perl and fastcgi, but there is some third party apps which run on php, there is also minimal mysql activity. Being more specific here, my question is will php running under fastcgi, being able to work in a multi-threaded apache environment running mpm-worker ? I know its not compatible as im aware, but under the standard apache module install. Its a long shot but if anyone has any recommendations let me know, or else ill have to stick to installing apache2 in pre-fork mode and tweak the settings as much as possible ? Don't know about the rest but php will compile fine as a fastcgi module. Add --enable-fastcgi to your configure command (I don't think there are any packages that do this by default so you'll have to compile it from source - but I could be wrong). -- Postgresql php tutorials http://www.designmagick.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Phone number validation
Paul Goepfert [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I didn't realize that those were single quotes. I printed out the email message and it looked like one set of double quotes for the second parameter rather the two single quotes. Is it possible for anyone to tell me what php method is used to grab the first charater of a string? And onece I have it what method removes the characted or number? I know this seems trivial but I am still new to php and I don't have a good understanding of the language yet. The more I do the better I'll get. Thanks Paul check out this page of the php manual for a few ideas. See the section String access and modification by character http://www.php.net/manual/en/language.types.string.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Phone number validation
I do this for phone numbers:
$row['mobile'] = ereg_replace([^0-9], '', $_POST['mobile']);
if ((strlen($phone)) = 14)
return preg_replace
(/[^0-9]*([0-9]{3})[^0-9]*([0-9]{3})[^0-9]*([0-9]{4}).*/, (\\1) \\2-\\3,
$phone);
Is it possible for anyone to tell me what php method is used to grab
the first charater of a string? And once I have it what method
removes the characted or number?
$foo = 'this is a string';
$foo[0] == 't';
-Original Message-
From: tedd [mailto:[EMAIL PROTECTED]
Sent: Sunday, March 12, 2006 2:20 PM
To: php-general@lists.php.net; Paul Goepfert
Subject: Re: [PHP] Phone number validation
Paul:
Also check out:
http://www.weberdev.com/get_example-3605.html
tedd
Hi all,
I am trying to validate phone numbers in a web form that I have
created. I am using a regular expression to validate the phone
number. It seems when I enter the phone number in the following ways
I get errors
(123) 456 7890
123 456 7890
(123) 456 - 7890
123 456-7890
I am using the ereg method in php to test the regular expression.
Here is the Regular Expression that I am using to test against
potential phone numbers
$validPhone = ^([0-9]{3}[ ]*)?[0-9]{3}[ ]*[0-9]{4}$;
By the way The phone numbers are in US format.
If anyone can help me with this I would really appreciate it.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
