[PHP] Please hack my app
Hi List, As this subject may start you wondering what the hell I'm thinking, let me clearify: I've been rewriting an GPL'ed PHP/MySQL app from scratch for the last 12 months or so. It facilitates storage of DNA mutations and the corresponding patient data. Because patient data is involved, privacy is very important. Now of course I read lots of pages on SQL injection and whatnot, and I strongly believe my application is protected from this kind of abuse. However, believing is not enough. I've had some comments in the past about security (previous version of the software) and although I didn't agree to the critic, I want to be able to say the new app went though various forms of attacks. This month, I want to release 2.0-alpha-01... *** THIS IS NOT ABOUT HACKING THE SERVER *** But about getting in the application when you're not allowed to! If you feel like helping me out, it's located at http://chromium.liacs.nl/LOVDv.2.0-dev/ 1) Please try to get in. There's one account in the system, a database administrator, capable of doing anything. If you get in, you can easily create a new user using the setup tab. This will be the prove of you breaking my security rules. 2) Can you manage to view unpublic data? Using the Variants tab, you can see there is currently one entry in the database (with two mutations). This entry has a hidden column, called 'Patient ID'. There is a text-string in that column. If you can tell me what that string is, you win :) 3) Feel free to register as a submitter to see if that gives you any rights that you shouldn't have. A submitter is only capable of adding new data to the database (Submit tab), but that data will not be published immediately. 4) After a while, I will release login details of a curator account. This user is allowed to see non-public data and handle the specific gene, but NOT create new users or the like. If you have any questions, please ask. Thank you in advance for using your expertise for the good cause :) Regards, Ivo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] ob_start() and a callback function within a class,not updating ob_get_level().
Richard Lynch wrote: On Thu, November 16, 2006 7:35 am, Mathijs wrote: I have a question about ob_start() and ob_get_level(). When i use ob_start(), and then check ob_get_level(), it shows me 1. This is a normal behavior. Now when i do the following ob_start(array('ClassName', 'ClassMethod')). It does execute the methode, but it doesn't update ob_get_level(). Is this a normal behavior? Can you show us where/how you checked ob_get_level()? Cuz I don't really understand what the OOP stuff should do for a callback, and would have to re-read the docs, but my first guess is you do the ob_get_level() after the buffer is all done and the callback is finished and gone, so the level is back to 0... To give an small example see below. The first file is the class file. Lets pretend the 'MyFunctions' class is included already. In index1 the ob_get_level() get the wrong count. In index2 however the ob_get_level() get the right count. Example: -- File: class.MyFunctions.php -- ?php class MyFunctions { public static function myObCallback($buffer) { return 'Samplebr'.$buffer.'brSample'; } //Several other functions etc.. etc.. } ? File: index1.php -- ?php ob_start(); //ob_get_level == 1 - This is correct. ob_start(array('MyFunctions', 'myObCallback')); //ob_get_level == 1 - This should be 2. ? File: index2.php -- ?php function myObCallback2($buffer) { return 'Sample2br'.$buffer.'brSample2'; //Or this. Works also. //return MyFunctions::myObCallback($buffer); } ob_start(); //ob_get_level == 1 - This is correct. ob_start('myObCallback2'); //ob_get_level == 2 - This is correct as it should be. ? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Please hack my app
This one time, at band camp, Ivo F.A.C. Fokkema [EMAIL PROTECTED] wrote: *** THIS IS NOT ABOUT HACKING THE SERVER *** But about getting in the application when you're not allowed to! So, basically, you want _us_ to do _your_ bug checking?? Kevin -- Democracy is two wolves and a lamb voting on what to have for lunch. Liberty is a well-armed lamb contesting the vote. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] backing up a database
I have a database and it needs to get backed up on a daily basis. Is there a class that allows me to create a backup and then save it as a .sql or excel or both to a folder of her choice? R. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] backing up a database
Ross wrote: I have a database and it needs to get backed up on a daily basis. Is there a class that allows me to create a backup and then save it as a .sql or excel or both to a folder of her choice? cron and mysqldump or pg_dump -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Please hack my app
Kevin Waterson wrote: This one time, at band camp, Ivo F.A.C. Fokkema [EMAIL PROTECTED] wrote: *** THIS IS NOT ABOUT HACKING THE SERVER *** But about getting in the application when you're not allowed to! So, basically, you want _us_ to do _your_ bug checking?? And just in case you do find some mug willing to work for you for nothing, if you're going to be releasing the source you need to do that before asking them to find holes. Having the source code makes it a lot easier. -Stut -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] backing up a database
Ross wrote: I have a database and it needs to get backed up on a daily basis. Is there a class that allows me to create a backup and then save it as a .sql or excel or both to a folder of her choice? I'm only helping cos there's a chick involved. ;-) the easiest solution would be to use a combination of mysqldump and cron. no-doubt there is php code out there capable of doing what you want ... if nothing else you could probably rip out the relevant bits from phpMyAdmin. I have a strong suspicion google can provide lots of potential winners for 'php mysql backup' like this one: http://www.0php.com/MySQL-Backup.php (found in 0.5 seconds) R. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] backing up a database
If you're using MySQL, set up a cron job/scheduled task to call mysqldump and save the output somewhere. Other DBMSs will likely have similar tools. Edward -Original Message- From: Ross [mailto:[EMAIL PROTECTED] Sent: 22 November 2006 09:54 To: php-general@lists.php.net Subject: [PHP] backing up a database I have a database and it needs to get backed up on a daily basis. Is there a class that allows me to create a backup and then save it as a .sql or excel or both to a folder of her choice? R. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Please hack my app
On Wed, 22 Nov 2006 20:14:37 +1100, Kevin Waterson wrote: This one time, at band camp, Ivo F.A.C. Fokkema [EMAIL PROTECTED] wrote: *** THIS IS NOT ABOUT HACKING THE SERVER *** But about getting in the application when you're not allowed to! So, basically, you want _us_ to do _your_ bug checking?? Hell No. I've done that myself (duh). I'm just not arrogant enough to think I tried everything that someone can think of. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Please hack my app
On Wed, 22 Nov 2006 09:53:00 +, Stut wrote: Kevin Waterson wrote: This one time, at band camp, Ivo F.A.C. Fokkema [EMAIL PROTECTED] wrote: *** THIS IS NOT ABOUT HACKING THE SERVER *** But about getting in the application when you're not allowed to! So, basically, you want _us_ to do _your_ bug checking?? And just in case you do find some mug willing to work for you for nothing, if you're going to be releasing the source you need to do that before asking them to find holes. Having the source code makes it a lot easier. You're right. http://www.dmd.nl/LOVD/2.0/download.php?sent=true -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Please hack my app
Hey there, I dont mean to be a total pri*k about this, but unless you have created something that you are willing to share with others and others can use/modify for their requirements, and you grant them this privilege...I think the norm is you pay someone to do what you are asking. What you are asking for is pretty unfair, unless I am missing something? If on the other hand you have identified the part that troubling you, or getting unexpected results from a code segment... then post that as a new question/thread and from the kindness of someones heart, you might get an answer from them. :) Cheers! R -- - The faulty interface lies between the chair and the keyboard. - Creativity is great, but plagiarism is faster! - Smile, everyone loves a moron. :-) - Sponsored Link $200,000 mortgage for $660/mo - 30/15 yr fixed, reduce debt, home equity - Click now for info
Re: [PHP] Mysql strategy
On 21/11/06, Richard Lynch [EMAIL PROTECTED] wrote: On Sun, November 12, 2006 6:02 pm, Dotan Cohen wrote: If I have to perform 30 LIKE searches for different keywords in a varchar field, which strategy would be recommended: 1) 30 searches, one for each keyword 2) To select the varchar field from all the rows, and search through them with php's array functions? There are about 500 rows in the table, and growing. The mysql server is on localhost, and the machine is a dedicated server running RHEL. It's not my machine, so I'd like to be responsible with resources, as much as I can be. Thanks in advance for any advice. I think what you have done is very similar to the full text index solution of MySQL, only yours is a lot slower... You may want to re-read about MySQL full text index: http://mysql.com/ Thanks, Richard. I'm looking into the full text index again. Dotan Cohen http://dotancohen.com/ http://lyricslist.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] multiple upload files?
Am Dienstag, 21. November 2006 18:26 schrieb Richard Lynch: Just have two INPUT TYPE=FILE tags. This is not rocket science... I mean without more than one inputs. Never mind.:-) I guess I should better look for some client side language. Regards, Oliver -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Please hack my app
If you need your code audited ( or site hacked, or any other PHP security related stuff), and you have a budget for it. and if you can find him you can hire - Chris Shiflett. google for brainbulb. On 11/22/06, Ivo F.A.C. Fokkema [EMAIL PROTECTED] wrote: On Wed, 22 Nov 2006 09:53:00 +, Stut wrote: Kevin Waterson wrote: This one time, at band camp, Ivo F.A.C. Fokkema [EMAIL PROTECTED] wrote: *** THIS IS NOT ABOUT HACKING THE SERVER *** But about getting in the application when you're not allowed to! So, basically, you want _us_ to do _your_ bug checking?? And just in case you do find some mug willing to work for you for nothing, if you're going to be releasing the source you need to do that before asking them to find holes. Having the source code makes it a lot easier. You're right. http://www.dmd.nl/LOVD/2.0/download.php?sent=true -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Please hack my app
This one time, at band camp, Rory Browne [EMAIL PROTECTED] wrote: you can hire - Chris Shiflett. BWAHAHAHAHAHAHAHH I actually did laugh... -- Democracy is two wolves and a lamb voting on what to have for lunch. Liberty is a well-armed lamb contesting the vote. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Please hack my app
Kevin Waterson wrote: This one time, at band camp, Rory Browne [EMAIL PROTECTED] wrote: you can hire - Chris Shiflett. BWAHAHAHAHAHAHAHH I actually did laugh... why you laugh =) -- Angelo Zanetti Systems developer *Telephone:* +27 (021) 469 1052 *Mobile:* +27 (0) 72 441 3355 *Fax:*+27 (0) 86 681 5885 * Web:* http://www.zlogic.co.za *E-Mail:* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Please hack my app
On Wed, 22 Nov 2006 03:20:16 -0800, Ryan A wrote: Hey there, I dont mean to be a total pri*k about this, but unless you have created something that you are willing to share with others and others can use/modify for their requirements, and you grant them this privilege...I think the norm is you pay someone to do what you are asking. It's GPL. I mentioned that and the source is available (just follow the link and download). I asked *kindly* if anyone wanted to take their time and toss something at it. If no-one wanted to take a look at it, fine, sorry to bother you. If someone wants to, thanks a bunch for your time. I didn't expect anyone to dive deeply into the source code of my project and filter out my mistakes. Just trying a few well-known (possibly not by me) methods would do. I tried anything I could think of, and it didn't break. After my question someone already kindly pointed out I didn't check for HTML code (and thus allowed JS injection). Something to fix in the next release :) What you are asking for is pretty unfair, unless I am missing something? I didn't realize someone may see this as unfair. So my apologies if any interpretation of my question was not received positively. :) I meant no harm in any way. If on the other hand you have identified the part that troubling you, or getting unexpected results from a code segment... then post that as a new question/thread and from the kindness of someones heart, you might get an answer from them. :) I know how the list works, thanks :D There are no known problems at the time. Just wanted to check if anyone thought of something I hadn't thought of. Ivo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Please hack my app
Ivo F.A.C. Fokkema wrote: On Wed, 22 Nov 2006 03:20:16 -0800, Ryan A wrote: Hey there, I dont mean to be a total pri*k about this, but unless you have created something that you are willing to share with others and others can use/modify for their requirements, and you grant them this privilege...I think the norm is you pay someone to do what you are asking. It's GPL. I mentioned that and the source is available (just follow the link and download). I asked *kindly* if anyone wanted to take their time and toss something at it. If no-one wanted to take a look at it, fine, sorry to bother you. If someone wants to, thanks a bunch for your time. I didn't expect anyone to dive deeply into the source code of my project and filter out my mistakes. Just trying a few well-known (possibly not by me) methods would do. I tried anything I could think of, and it didn't break. After my question someone already kindly pointed out I didn't check for HTML code (and thus allowed JS injection). Something to fix in the next release :) What you are asking for is pretty unfair, unless I am missing something? I didn't realize someone may see this as unfair. So my apologies if any interpretation of my question was not received positively. :) I meant no harm in any way. If on the other hand you have identified the part that troubling you, or getting unexpected results from a code segment... then post that as a new question/thread and from the kindness of someones heart, you might get an answer from them. :) I know how the list works, thanks :D There are no known problems at the time. Just wanted to check if anyone thought of something I hadn't thought of. Ivo I think some guys like trying to hack and break other's sites so Im sure those people will respond. guys I think we need to relax abit and not attack the guy so much! my 2 cents worth cheers -- Angelo Zanetti Systems developer *Telephone:* +27 (021) 469 1052 *Mobile:* +27 (0) 72 441 3355 *Fax:*+27 (0) 86 681 5885 * Web:* http://www.zlogic.co.za *E-Mail:* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Please hack my app
guys I think we need to relax a bit and not attack the guy so much! I agree. Ivo, have you tried Chorizo? http://chorizo-scanner.com/ Edward -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How to check value in multidimensional array
http://www.php.net/manual/en/function.array-search.php and look at the first User Contributed Notes. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Please hack my app
On Wed, 22 Nov 2006 13:37:43 +, Edward Kay wrote: guys I think we need to relax a bit and not attack the guy so much! I agree. Ivo, have you tried Chorizo? http://chorizo-scanner.com/ Thanks Angelo Edward! Chorizo looks good, especially the Morcilla extension mentioned on the website... I will try the free version first, see if that finds anything. I'll check with my boss to see if he wants to spend 289 on a one-year license for the standard version... Thanks for the suggestion! Ivo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] backing up a database
Here is a script that I found that has been working well for me. I set up a cron job to run this file every night just after midnight. It e-mails a gzipped sql dump file as an attachment to the specified e-mail address. Right now the database this is backing up is not very big. I'm not sure how scalable it is (probably not very). Suggestions/improvements are welcome. ?php set_time_limit(0); ini_set(memory_limit, 500M); $dbhost = 'localhost'; $dbuser = 'username'; $dbpass = 'password'; $dbname = 'database'; $backupDir = '/backups/'; $backupFileName = $dbname . date(Y-m-d-H-i-s) . '.sql.gz'; $backupFile = $backupDir . $backupFileName; $command = mysqldump -u $dbuser -p$dbpass $dbname | gzip $backupFile; system($command); $email_from = [EMAIL PROTECTED]; // Who the email is from $email_subject = MySQL Backup .date(m/d/Y, time()); // The Subject of the email $email_txt = Your file is attached.; // Message that the email has in it $email_to = [EMAIL PROTECTED]; // Who the email is to $headers = From: .$email_from; $file = fopen($backupFile,'rb'); $data = fread($file,filesize($backupFile)); fclose($file); $semi_rand = md5(time()); $mime_boundary = ==Multipart_Boundary_x{$semi_rand}x; $headers .= \nMIME-Version: 1.0\n . Content-Type: multipart/mixed;\n . boundary=\{$mime_boundary}\; $email_message .= This is a multi-part message in MIME format.\n\n . --{$mime_boundary}\n . Content-Type:text/html; charset=\iso-8859-1\\n . Content-Transfer-Encoding: 7bit\n\n . $email_txt . \n\n; $data = chunk_split(base64_encode($data)); $email_message .= --{$mime_boundary}\n . Content-Type: application/octet-stream;\n . name=\{$backupFileName}\\n . Content-Transfer-Encoding: base64\n\n . $data . \n\n . --{$mime_boundary}--\n; $ok = @mail($email_to, $email_subject, $email_message, $headers); if($ok) { echo date(Y-m-d H:i:s) . Operation completed.\n; } else { die(date(Y-m-d H:i:s) . Operation failed - The e-mail could not be sent.\n); } ? -Original Message- From: Edward Kay [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 22, 2006 5:25 AM To: PHP General List Subject: RE: [PHP] backing up a database If you're using MySQL, set up a cron job/scheduled task to call mysqldump and save the output somewhere. Other DBMSs will likely have similar tools. Edward -Original Message- From: Ross [mailto:[EMAIL PROTECTED] Sent: 22 November 2006 09:54 To: php-general@lists.php.net Subject: [PHP] backing up a database I have a database and it needs to get backed up on a daily basis. Is there a class that allows me to create a backup and then save it as a .sql or excel or both to a folder of her choice? R. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Resolution in .pdf
Hi, I must create .pdf file with resolution as 300 dpi not by default 72 dpi. Is there a way to create this with PHP? Thanks in advance, Rosen -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] newbie problem - extraneous newlines inserted in PHP-generated HTML form source
Thanks to Richard Lynch and Edward Kay for their help. The var_dump() showed unwanted whitespace appearing in the array data from record 2 onwards. The trim() worked a treat to get rid of it. Now all I have to do is work out what's wrong with my original handler functions that caused the problem in the first place. I'm emptying the temporary variables by setting them to (no space). Could it be a problem with the document encoding? All my text files are saved as Western(ISO Latin-1). Mark -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Please hack my app
Angelo Zanetti wrote: Kevin Waterson wrote: This one time, at band camp, Rory Browne [EMAIL PROTECTED] wrote: you can hire - Chris Shiflett. BWAHAHAHAHAHAHAHH I actually did laugh... why you laugh =) because rory spoofed the intro to the 'A-Team'. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] backing up a database
This is similar to mine, except I use a shell script. Also, instead of emailing the file, my script FTPs it to a remote server. I expect this approach would scale better as the file size increases. Another point to note: my email is hosted on the same server as the DB. Emailing it to myself wouldn't offer any more protection than just saving it locally. (My remote FTP location is in a different continent!) Edward -Original Message- From: Brad Fuller [mailto:[EMAIL PROTECTED] Sent: 22 November 2006 14:28 To: 'PHP General List' Subject: RE: [PHP] backing up a database Here is a script that I found that has been working well for me. I set up a cron job to run this file every night just after midnight. It e-mails a gzipped sql dump file as an attachment to the specified e-mail address. Right now the database this is backing up is not very big. I'm not sure how scalable it is (probably not very). Suggestions/improvements are welcome. ?php set_time_limit(0); ini_set(memory_limit, 500M); $dbhost = 'localhost'; $dbuser = 'username'; $dbpass = 'password'; $dbname = 'database'; $backupDir = '/backups/'; $backupFileName = $dbname . date(Y-m-d-H-i-s) . '.sql.gz'; $backupFile = $backupDir . $backupFileName; $command = mysqldump -u $dbuser -p$dbpass $dbname | gzip $backupFile; system($command); $email_from = [EMAIL PROTECTED]; // Who the email is from $email_subject = MySQL Backup .date(m/d/Y, time()); // The Subject of the email $email_txt = Your file is attached.; // Message that the email has in it $email_to = [EMAIL PROTECTED]; // Who the email is to $headers = From: .$email_from; $file = fopen($backupFile,'rb'); $data = fread($file,filesize($backupFile)); fclose($file); $semi_rand = md5(time()); $mime_boundary = ==Multipart_Boundary_x{$semi_rand}x; $headers .= \nMIME-Version: 1.0\n . Content-Type: multipart/mixed;\n . boundary=\{$mime_boundary}\; $email_message .= This is a multi-part message in MIME format.\n\n . --{$mime_boundary}\n . Content-Type:text/html; charset=\iso-8859-1\\n . Content-Transfer-Encoding: 7bit\n\n . $email_txt . \n\n; $data = chunk_split(base64_encode($data)); $email_message .= --{$mime_boundary}\n . Content-Type: application/octet-stream;\n . name=\{$backupFileName}\\n . Content-Transfer-Encoding: base64\n\n . $data . \n\n . --{$mime_boundary}--\n; $ok = @mail($email_to, $email_subject, $email_message, $headers); if($ok) { echo date(Y-m-d H:i:s) . Operation completed.\n; } else { die(date(Y-m-d H:i:s) . Operation failed - The e-mail could not be sent.\n); } ? -Original Message- From: Edward Kay [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 22, 2006 5:25 AM To: PHP General List Subject: RE: [PHP] backing up a database If you're using MySQL, set up a cron job/scheduled task to call mysqldump and save the output somewhere. Other DBMSs will likely have similar tools. Edward -Original Message- From: Ross [mailto:[EMAIL PROTECTED] Sent: 22 November 2006 09:54 To: php-general@lists.php.net Subject: [PHP] backing up a database I have a database and it needs to get backed up on a daily basis. Is there a class that allows me to create a backup and then save it as a .sql or excel or both to a folder of her choice? R. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: XML parser error ..
Delete the initial extra line in: $xml_data = EOF ?xml version=1.0? The XML Parser expects the XML document to start with a valid XML statement, which in your file is: ?xml version=1.0? but yours starts with an newline. $xml_data = EOF //newline ?xml version=1.0? onewaylife wrote: Hi all I am novice in XML. I have just started to creating PHP parser for XML files. I am using SAX. the file is : - html head basefont face=Arial /head body ?php // cdata handler function characterDataHandler($parser, $data) { echo $data . p; } // PI handler function PIHandler($parser, $target, $data) { // if php code, execute it if (strtolower($target) == php) { eval($data); } // otherwise just print it else { echo PI found: [$target] $data; } } // XML data $xml_data = EOF ?xml version=1.0? article headerinsert slug here/header bodyinsert body here/body footer?php print Copyright UNoHoo Inc, . date(Y, mktime()); ?/footer /article EOF; // initialize parser $xml_parser = xml_parser_create(); // set cdata handler xml_set_character_data_handler($xml_parser, characterDataHandler); // set PI handler xml_set_processing_instruction_handler($xml_parser, PIHandler); if (!xml_parse($xml_parser, $xml_data)) { die(XML parser error: . xml_error_string(xml_get_error_code($xml_parser))); } // all done, clean up! xml_parser_free($xml_parser); ? /body /html it give this output XML parser error: Reserved XML Name even i created two more php files but it give same message as out put. I am unable to understand why its come. Please help me out. onewaylife -- _ Myron Turner http://www.room535.org http://www.bstatzero.org http://www.mturner.org/XML_PullParser/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] multiple upload files?
testkonto wrote: Am Dienstag, 21. November 2006 18:26 schrieb Richard Lynch: Just have two INPUT TYPE=FILE tags. This is not rocket science... I mean without more than one inputs. Never mind.:-) I guess I should better look for some client side language. two paths to choose from: 1. go for some kind of 3rd party browser plugin (probably java, maybe flash, er?) 2. allow users to upload a zip file and unpack that server side 3. mimic/proxy/er? an ftp connection and allow the browser to handle the ftp interface (you control which dir(s)/etc the user can work with) - I have no idea how you would do this (or how many/which browsers support [which [sub|super]set of] ftp functionality. Regards, Oliver -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Encoding
I am facing a trouble in my system in which i am not able to show ISO-8859-1 encoding data. When i tried to use the follow meta tag it works in firefox but still not working in IE. meta http-equiv=Content-Type content=text/html; charset=ISO-8859-1 In firefox it shows: REMÉDIO PARA O GADO In IE it shows: REM?IOS PARA O GADO Could someone help me? Thanks in advance. -- João Cândido de Souza Neto Curitiba Online [EMAIL PROTECTED] (41) 3324-2294 (41) 9985-6894 http://www.curitibaonline.com.br -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Encoding
Hi! Could you check the default encoding of your webserver (in httpd.conf)? I noticed that the charset-information in meta-information is ignored and the default-charset of the webserver is used. Kind regards, Jens JoXo CXndido de Souza Neto schrieb: I am facing a trouble in my system in which i am not able to show ISO-8859-1 encoding data. When i tried to use the follow meta tag it works in firefox but still not working in IE. meta http-equiv=Content-Type content=text/html; charset=ISO-8859-1 In firefox it shows: REMÉDIO PARA O GADO In IE it shows: REM?IOS PARA O GADO Could someone help me? Thanks in advance. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Coding Standards Document
At 7:14 PM -0500 11/21/06, Robert Cummings wrote: On Tue, 2006-11-21 at 16:19 -0500, tedd wrote: It seems that every time I ask a security question, I find that I'm currently practicing the answers to avoid the pit-falls. Except that one time when his site got defaced... that was news ;) ;) Cheers, Rob. Rob: Good point, but that was a problem my host had and not something that was my fault. It seems that everyone who hosted with that company had every file that even contained the word index replaced. I keep a redirect index in every folder, so I had well over 200 indexes to replace -- joy, joy. Since then, that host has not answered any of my emails, but I can't complain too much because I use very inexpensive hosts for my test sites. You see, I'm at the other end of the spectrum than you guys. You can afford high-priced host, but I can't -- you probably can't guess as to how cheap I can buy hosting -- it's unbelievable. However, when it comes to providing a client with a host, that's a different matter and it's their cost,not mine -- for I can (and do) work with much less. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Encoding
On Wed, 22 Nov 2006 16:19:54 +0100, Jens Meyer wrote: Hi! Could you check the default encoding of your webserver (in httpd.conf)? I noticed that the charset-information in meta-information is ignored and the default-charset of the webserver is used. Kind regards, Jens Before outputting the HTML, try this: header('Content-Type: text/html; charset=ISO-8859-1'); Try if that works. HTH Ivo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Mysql strategy
At 1:50 PM +0200 11/22/06, Dotan Cohen wrote: Thanks, Richard. I'm looking into the full text index again. Dotan Cohen Dotan: The following is a great reference -- the code works and it gave me the basics to do full-text searches. http://www.phpfreaks.com/tutorials/129/0.php Go though that, and I'm sure you'll find what you need. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Coding Standards Document
On Wed, 2006-11-22 at 10:31 -0500, tedd wrote: At 7:14 PM -0500 11/21/06, Robert Cummings wrote: On Tue, 2006-11-21 at 16:19 -0500, tedd wrote: It seems that every time I ask a security question, I find that I'm currently practicing the answers to avoid the pit-falls. Except that one time when his site got defaced... that was news ;) ;) Cheers, Rob. Rob: Good point, Just some friendly ribbing :D but that was a problem my host had and not something that was my fault. It seems that everyone who hosted with that company had every file that even contained the word index replaced. I keep a redirect index in every folder, so I had well over 200 indexes to replace -- joy, joy. That took 10 seconds to replace right? If it took you an afternoon you might be maintaining things wrong... but then I guess it depend son whether your host gives you SSH access or just ftp. I would never go with an ftp only host. If for some ungodly reason I did, you can be sure I'd have an expect script to migrate the whole site hands free :) Since then, that host has not answered any of my emails, but I can't complain too much because I use very inexpensive hosts for my test sites. You see, I'm at the other end of the spectrum than you guys. You can afford high-priced host, but I can't -- you probably can't guess as to how cheap I can buy hosting -- it's unbelievable. Ummm, I'm no millionaire... yet... I host my InterJinn site from home. If you ever wondered why it's so slow, it's not the code... it's this crud 75k/s upload DSL with terrible latency. However, when it comes to providing a client with a host, that's a different matter and it's their cost,not mine -- for I can (and do) work with much less. I hear ya :) I have kids, if I don't need it, I don't buy it. Cheers, Rob. -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Encoding
After put this subject here i saw that it has been done by smarty. I tried to create the follow page: echo João; ? And it works fine. Anyone here know about encoding in smarty? João Cândido de Souza Neto [EMAIL PROTECTED] escreveu na mensagem news:[EMAIL PROTECTED] I am facing a trouble in my system in which i am not able to show ISO-8859-1 encoding data. When i tried to use the follow meta tag it works in firefox but still not working in IE. meta http-equiv=Content-Type content=text/html; charset=ISO-8859-1 In firefox it shows: REMÉDIO PARA O GADO In IE it shows: REM?IOS PARA O GADO Could someone help me? Thanks in advance. -- João Cândido de Souza Neto Curitiba Online [EMAIL PROTECTED] (41) 3324-2294 (41) 9985-6894 http://www.curitibaonline.com.br -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] backing up a database
On Wednesday 22 November 2006 15:49, Edward Kay wrote: This is similar to mine, except I use a shell script. Also, instead of emailing the file, my script FTPs it to a remote server. I expect this approach would scale better as the file size increases. Another point to note: my email is hosted on the same server as the DB. Emailing it to myself wouldn't offer any more protection than just saving it locally. (My remote FTP location is in a different continent!) Edward Shell script with ftp works pretty decent for me 2. -Original Message- From: Brad Fuller [mailto:[EMAIL PROTECTED] Sent: 22 November 2006 14:28 To: 'PHP General List' Subject: RE: [PHP] backing up a database Here is a script that I found that has been working well for me. I set up a cron job to run this file every night just after midnight. It e-mails a gzipped sql dump file as an attachment to the specified e-mail address. Right now the database this is backing up is not very big. I'm not sure how scalable it is (probably not very). Suggestions/improvements are welcome. ?php set_time_limit(0); ini_set(memory_limit, 500M); $dbhost = 'localhost'; $dbuser = 'username'; $dbpass = 'password'; $dbname = 'database'; $backupDir = '/backups/'; $backupFileName = $dbname . date(Y-m-d-H-i-s) . '.sql.gz'; $backupFile = $backupDir . $backupFileName; $command = mysqldump -u $dbuser -p$dbpass $dbname | gzip $backupFile; system($command); $email_from = [EMAIL PROTECTED]; // Who the email is from $email_subject = MySQL Backup .date(m/d/Y, time()); // The Subject of the email $email_txt = Your file is attached.; // Message that the email has in it $email_to = [EMAIL PROTECTED]; // Who the email is to $headers = From: .$email_from; $file = fopen($backupFile,'rb'); $data = fread($file,filesize($backupFile)); fclose($file); $semi_rand = md5(time()); $mime_boundary = ==Multipart_Boundary_x{$semi_rand}x; $headers .= \nMIME-Version: 1.0\n . Content-Type: multipart/mixed;\n . boundary=\{$mime_boundary}\; $email_message .= This is a multi-part message in MIME format.\n\n . --{$mime_boundary}\n . Content-Type:text/html; charset=\iso-8859-1\\n . Content-Transfer-Encoding: 7bit\n\n . $email_txt . \n\n; $data = chunk_split(base64_encode($data)); $email_message .= --{$mime_boundary}\n . Content-Type: application/octet-stream;\n . name=\{$backupFileName}\\n . Content-Transfer-Encoding: base64\n\n . $data . \n\n . --{$mime_boundary}--\n; $ok = @mail($email_to, $email_subject, $email_message, $headers); if($ok) { echo date(Y-m-d H:i:s) . Operation completed.\n; } else { die(date(Y-m-d H:i:s) . Operation failed - The e-mail could not be sent.\n); } ? -Original Message- From: Edward Kay [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 22, 2006 5:25 AM To: PHP General List Subject: RE: [PHP] backing up a database If you're using MySQL, set up a cron job/scheduled task to call mysqldump and save the output somewhere. Other DBMSs will likely have similar tools. Edward -Original Message- From: Ross [mailto:[EMAIL PROTECTED] Sent: 22 November 2006 09:54 To: php-general@lists.php.net Subject: [PHP] backing up a database I have a database and it needs to get backed up on a daily basis. Is there a class that allows me to create a backup and then save it as a .sql or excel or both to a folder of her choice? R. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- --- Børge Kennel Arivene http://www.arivene.net --- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Please hack my app
angelo. it appears from the responses on the list, that different people want the list to work as they believe it should. hell, this is an email list. if somebody posts something that you don't appreciate, ignore it, delete it, the topic will go away. on the other hand, somebody might actually respond to the post that you are offended by... so, perhaps we all need to be more laid back in how we deal with things... peace -Original Message- From: Angelo Zanetti [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 22, 2006 5:09 AM To: Ivo F.A.C. Fokkema Cc: php-general@lists.php.net Subject: Re: [PHP] Please hack my app Ivo F.A.C. Fokkema wrote: On Wed, 22 Nov 2006 03:20:16 -0800, Ryan A wrote: Hey there, I dont mean to be a total pri*k about this, but unless you have created something that you are willing to share with others and others can use/modify for their requirements, and you grant them this privilege...I think the norm is you pay someone to do what you are asking. It's GPL. I mentioned that and the source is available (just follow the link and download). I asked *kindly* if anyone wanted to take their time and toss something at it. If no-one wanted to take a look at it, fine, sorry to bother you. If someone wants to, thanks a bunch for your time. I didn't expect anyone to dive deeply into the source code of my project and filter out my mistakes. Just trying a few well-known (possibly not by me) methods would do. I tried anything I could think of, and it didn't break. After my question someone already kindly pointed out I didn't check for HTML code (and thus allowed JS injection). Something to fix in the next release :) What you are asking for is pretty unfair, unless I am missing something? I didn't realize someone may see this as unfair. So my apologies if any interpretation of my question was not received positively. :) I meant no harm in any way. If on the other hand you have identified the part that troubling you, or getting unexpected results from a code segment... then post that as a new question/thread and from the kindness of someones heart, you might get an answer from them. :) I know how the list works, thanks :D There are no known problems at the time. Just wanted to check if anyone thought of something I hadn't thought of. Ivo I think some guys like trying to hack and break other's sites so Im sure those people will respond. guys I think we need to relax abit and not attack the guy so much! my 2 cents worth cheers -- Angelo Zanetti Systems developer *Telephone:* +27 (021) 469 1052 *Mobile:* +27 (0) 72 441 3355 *Fax:*+27 (0) 86 681 5885 * Web:* http://www.zlogic.co.za *E-Mail:* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] what settings I have to use in php 5.1.2?
hi! the company I work for moves our web server to other hosting company (dedicated server). we use php 5.1.2, apache 2.2, mysql 5.0.18, and I wonder what else I have to change in php.ini settings? register_globals is Off magic_quotes_gpc is Off what else you recomand to do? thanks. -afan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] security question
Hi, Now that i finished the client side of the web application i would like to improve the security of my administration side of this web application. My web hoster support a shared SSL protocol, however i would like to do more than simply use the SSL... I've heard that cookies and sessions can be easily hacked...so what do you use to secure your web page. which methods ? thanks a lot Alain Windows XP SP2 PostgreSQL 8.1.4 Apache 2.0.58 PHP 5
Re: [PHP] Mysql strategy
On 22/11/06, tedd [EMAIL PROTECTED] wrote: At 1:50 PM +0200 11/22/06, Dotan Cohen wrote: Thanks, Richard. I'm looking into the full text index again. Dotan Cohen Dotan: The following is a great reference -- the code works and it gave me the basics to do full-text searches. http://www.phpfreaks.com/tutorials/129/0.php Go though that, and I'm sure you'll find what you need. Cheers, tedd Thanks, Tedd. That's exactly the type of tutorial that I've been looking for. I'm already a member of phpfreaks, too, though I haven't visited the site in quite a while. Dotan Cohen http://what-is-what.com/what_is/web_browser.html http://lyricslist.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Coding Standards Document
On Wednesday 22 November 2006 16:31, tedd wrote: At 7:14 PM -0500 11/21/06, Robert Cummings wrote: On Tue, 2006-11-21 at 16:19 -0500, tedd wrote: It seems that every time I ask a security question, I find that I'm currently practicing the answers to avoid the pit-falls. Except that one time when his site got defaced... that was news ;) ;) Cheers, Rob. Rob: Good point, but that was a problem my host had and not something that was my fault. It seems that everyone who hosted with that company had every file that even contained the word index replaced. I keep a redirect index in every folder, so I had well over 200 indexes to replace -- joy, joy. Since then, that host has not answered any of my emails, but I can't complain too much because I use very inexpensive hosts for my test sites. You see, I'm at the other end of the spectrum than you guys. You can afford high-priced host, but I can't -- you probably can't guess as to how cheap I can buy hosting -- it's unbelievable. Everyone can setup a cheapass old pentium to use as a testhost. These crappy hostings sites never put in any finecrafted unix tools nor any ssh support. Anyway, point is: Its free However, when it comes to providing a client with a host, that's a different matter and it's their cost,not mine -- for I can (and do) work with much less. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- --- Børge Kennel Arivene http://www.arivene.net --- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] security question
On Wed, November 22, 2006 11:20 am, Alain Roger wrote: Now that i finished the client side of the web application i would like to improve the security of my administration side of this web application. My web hoster support a shared SSL protocol, however i would like to do more than simply use the SSL... I think the amazing thing is that you just used simply and SSL in the same sentence... :-) SSL is a VERY safe way to ensure that the data traveling from the browser to the server, and data going back from server to browser, is secure in transit. SSL is pretty much the armored truck ploughing its way through the Internet, shedding bullets like a duck sheds water. I've heard that cookies and sessions can be easily hacked...so what do you use to secure your web page. which methods ? With SSL in place, you have reduced your vulnerabilities to, essentially, the endpoints of the communication: who has access to the browser/client who has access to the webhost/server The sentence cookies can be easily hacked is true in the sense that anybody who can get ahold of your laptop/desktop can add cookie files. Or, if they can run a virus on it, they can install any cookie files they like, for any site. There is very very very little you can do to secure the computers of your users, even your admin users. Probably your best bet is to EDUCATE those users, as early and often as you can, about safe computer practices. You should also be very careful to use sensible things in your Cookies -- Actually, with PHP, you should send JUST ONE cookie for your entire site, and track everything else you need in your $_SESSION data. Okay, if you've installed some forum software or something, maybe integrating its authentication into your main login is a Bad Idea, so you can have extra cookies for the forum. Though most forum software comes with its own whole new set of Security issues. :-( The sessions getting hacked generally mostly boils down to the session getting hijacked by a compromised client/browser (see above), or somebody who already can login to the webhost/server -- at which point the sesssion itself is a tiny part of a much bigger problem, which is the whole SERVER is compromised. My best advice would be to use *ONE* session_start() in a single include file, probably the same way you are doing your DB connection, and let PHP experts worry about the mechanics of sending a good cookie. You may want to use http://session_set_cookie_params to require the your SSL cookie ONLY go through SSL, though. You then only need to focus on the parts of the process that you scripted in PHP. Your authentication, for example, should be simple and straightforward enough that you can sit down and test it in an afternoon and be absolutely certain that you can't manage to get through to anything you shouldn't, without a valid username/password. Other things to consider: Educate users about what is or isn't a Good Password. Attempt to steer users away from using Bad Passwords. Read this site over and over until you internalize it: http://phpsec.org/ And, just a general note, not directed at the question/post/Alain: Security is not something one can just slap on to the site after one finishes it -- It has to be a living breathing process that is in symbiosis with the life-cycle of the project. -- Some people have a gift link here. Know what I want? I want you to buy a CD from some starving artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] what settings I have to use in php 5.1.2?
On Wed, November 22, 2006 11:10 am, [EMAIL PROTECTED] wrote: the company I work for moves our web server to other hosting company (dedicated server). we use php 5.1.2, apache 2.2, mysql 5.0.18, and I wonder what else I have to change in php.ini settings? register_globals is Off magic_quotes_gpc is Off what else you recomand to do? It depends on what the application does or doesn't do. If it never ever sends out email, get rid of the sendmail stuff in php.ini, so there's no chance of a silly mistake leading to sending bulk email. If you never need to use PHP to read content from a URL, turn off allow_url_fopen. Moving to a dedicated server is great for performance/features, but if you're inexperienced as a sysadmin, you might want to consider hiring a local sysadmin to help out. And, of course, there are a TON of things you can (and I should) read about sysadmin work, security, and more security. Finding the time to DO that, however, can be problematic. I personally work very very very hard to be sure that I have to admin a minimum number of boxes with very limited functionality, and foist off any generalized sysadmin work to a shared host, for precisely the reason that I *know* my limitations in being a sysadmin. :-) -- Some people have a gift link here. Know what I want? I want you to buy a CD from some starving artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Encoding
On Wed, November 22, 2006 9:15 am, João Cândido de Souza Neto wrote: I am facing a trouble in my system in which i am not able to show ISO-8859-1 encoding data. When i tried to use the follow meta tag it works in firefox but still not working in IE. meta http-equiv=Content-Type content=text/html; charset=ISO-8859-1 In firefox it shows: REMÉDIO PARA O GADO In IE it shows: REM?IOS PARA O GADO IE looks at the META tag, which you have. FF looks at the HTTP headers, which you probably do not have: ?php //this should be your very first line: header(Content-type: text/html; charset=ISO-8859-1); ? It seems to me that you would want UTF-8 or some other charset, not ISO-8859-1, to get the accent... So IE is actually doing what you asked, and FF is guessing you really wanted that accented E and using UTF-8, I think. I'm NOT Unicode-savvy, really, but this is my best guess. -- Some people have a gift link here. Know what I want? I want you to buy a CD from some starving artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] backing up a database
On Wed, November 22, 2006 3:53 am, Ross wrote: I have a database and it needs to get backed up on a daily basis. Is there a class that allows me to create a backup and then save it as a .sql or excel or both to a folder of her choice? I personally would not involve PHP in this process, in general, as the existing database backup software for almost any database will be more efficient and have less overhead than piping any of it through PHP... So just create a cron job in a shell to do: mysql_dump backup_path_here Of course, if one has no shell access, you're kinda stuck using PHP to run the http://php.net/exec to do that, and then some kind of hinky way to pretend to run cron... Finding a new webhost is my usual solution to that :-) -- Some people have a gift link here. Know what I want? I want you to buy a CD from some starving artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] problem using imagejpeg function all
On Tue, November 21, 2006 10:31 pm, Tom wrote: Im trying to use the imagejpeg function call in a php script and I cant quite seem to get it working properly. Can you clarify working properly into something a bit more concrete? Right now, we're left guessing from the most likely scenario, that you are seeing the: yoya%#(*H*([EMAIL PROTECTED] on your screen, because you've commented out the header line to tell the browser to expect an image, all the way up through the aliens attack and put me to sleep every time I reload :-) Would I need to have T1Lib support in order for this it work? No. Only if you wanted to use the T1 font/string functions within GD would you need the T1Lib support. As a quick example, here is some code Ive been playing around with that I found somewhere. ?php $image = imagecreate(200, 200); $colorRed = imagecolorallocate($image, 255, 0, 0); imagefill($image, 0, 0, $colorRed); ImageFill might not do what you want with a new raw JPEG... I mean, what color are all the pixels to start with?... I would suggest that this is more suitable: imagerectangle($image, 0, 0, 199, 199, $colorRed); //send image //header(Content-type: image/jpeg); If you took this out for testing/debugging, that's great, but you have to put it back in for the browser to know that it's a JPEG and not HTML. imagejpeg($image); Should make a red square. What did it actually make? -- Some people have a gift link here. Know what I want? I want you to buy a CD from some starving artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] what settings I have to use in php 5.1.2?
[EMAIL PROTECTED] wrote: hi! the company I work for moves our web server to other hosting company (dedicated server). we use php 5.1.2, apache 2.2, mysql 5.0.18, and I wonder what else I have to change in php.ini settings? register_globals is Off magic_quotes_gpc is Off what else you recomand to do? r2 turn off ALL the garbage disposers. and have a look at php.ini-recommended (or whatever it's called exactly) thanks. -afan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Little script that might help against some email-/webcrawlers
On Mon, 20 Nov 2006 13:37:29 +, Brynjar Guðnason wrote: I saw a clever solution to this once. There was a line of names: name1, name2, name3 etc. And then at the end stood all these are at someurl.com. That is the best way, I think. If they're all in the same domain, I guess. See my .sig for another tactic -- which I also employ on web pages. Jonesy -- Marvin L Jones| jonz | W3DHJ | linux 38.24N 104.55W | @ config.com | Jonesy | OS/2 *** Killfiling google posts: http//jonz.net/ng.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Powered by?
On Tue, November 21, 2006 6:21 pm, Robert Cummings wrote: Personally, if the customer pays me money to make a site, I don't put dirty little ego fluffers on their pages... I put them in the HTML comments or meta tags *heheh*. Frequently, by the time the Customer and the Designer have finished destroying a perfectly good site with a lot of cruft that makes zero sense, I don't even WANT my name on the damn thing. :-) I think it would be appropriate to negotiate for reasonable attribution before you build the site, but not to slap it in there at the end, nor ask for it upon delivery. -- Some people have a gift link here. Know what I want? I want you to buy a CD from some starving artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] what settings I have to use in php 5.1.2?
[EMAIL PROTECTED] wrote: hi! the company I work for moves our web server to other hosting company (dedicated server). we use php 5.1.2, apache 2.2, mysql 5.0.18, and I wonder what else I have to change in php.ini settings? register_globals is Off magic_quotes_gpc is Off what else you recomand to do? r2 turn off ALL the garbage disposers. what do you mean? and have a look at php.ini-recommended (or whatever it's called exactly) Thanks Jochem! thanks. -afan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Programmatic POST
I'm looking to write a function that will receive the contents of a web form, do some data manipulation, then pass on the manipulated data to another URL via POST. Is there a built-in function in PHP that I can use to send the data to another URL via POST without a user having to click submit on a form? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Programmatic POST
-Original Message- From: Gabe [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 22, 2006 3:08 PM To: php-general@lists.php.net Subject: [PHP] Programmatic POST I'm looking to write a function that will receive the contents of a web form, do some data manipulation, then pass on the manipulated data to another URL via POST. Is there a built-in function in PHP that I can use to send the data to another URL via POST without a user having to click submit on a form? Yep. There are several. I prefer to use cURL. http://www.php.net/curl -B -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Powered by?
At 11/21/2006 03:02 PM, pub wrote: Is it appropriate to ask your client to add Powered by your company to the sites you design and maintain? And when you see Powered by does it mean designed by or maintained by or both? 'Powered by' sounds like an engine or a fuel, so I imagine it to mean that the site utilizes is driven by a software package you wrote or runs on hardware you manage, both on an ongoing basis. For me it strongly implies that the agency credited for powering the site is not the one that designed or created it; otherwise they'd say so. 'Designed by' implies to me just graphic design. Since I'm primarily a programmer, most of my work is either implementing another agency's graphic design or, when my partner and I do all the work, both design and implementation. If this is a credit on page footers, brevity is golden. I generally just say 'Website by' and allow that ambiguity to fill the available space. It works by itself and also in conjunciton with a separate 'Design by' credit. Regards, Paul -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] security question
Alain Roger wrote: I've heard that cookies and sessions can be easily hacked...so what do you use to secure your web page. which methods ? If you want to be secure, don't trust anything. Cookies are easily modified by a user, so never store anything sensitive in there without masking it well. Personally, I don't like $_SESSION either, 'cause it doesn't work across clustered servers by default, and isn't usually terribly secure on a shared web host. I tend to use hashed data in the cookie for anything that needs to be semi-secure, and store everything sensitive in a database, one-way hashed wherever possible. jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: Encoding
Hi I'm working on a site and I'm using the same encoding you use and everything displays ok both in Firefox 1.5/2.0 and IE 6. The only difference is that I have the ISO in small letters and the tag terminator like this: meta http-equiv=Content-Type content=text/html; charset=iso-8859-1 / I can display João, Mão, Mãe, õ, and everything else (todos os acentos e caracteres portugueses) So, I think that the problem is not in the code because I only use the meta and never use the header... Hope this helps... (Se precisares de alguma coisa em Português diz... Mas sou novato no PHP) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Programmatic POST
Hello, on 11/22/2006 06:07 PM Gabe said the following: I'm looking to write a function that will receive the contents of a web form, do some data manipulation, then pass on the manipulated data to another URL via POST. Is there a built-in function in PHP that I can use to send the data to another URL via POST without a user having to click submit on a form? You may want to use this HTTP client class. It can emulate form submission via HTTP POST, and if necessary it can collect cookies, handle redirection, access SSL pages, etc... http://www.phpclasses.org/httpclient -- Regards, Manuel Lemos Metastorage - Data object relational mapping layer generator http://www.metastorage.net/ PHP Classes - Free ready to use OOP components written in PHP http://www.phpclasses.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] security question
dear richard, yours was an amazing reply... simple and true and well written... where did u learn all the stuff?... ;-) anyway. is there a step by step process for checking if your site is secure?... i know you would say to get a hacker or something... but as a programmer, i would like to know (some) more info... i use GET instead of POST for most of the forms... even in a shopping cart or admin panel... do u think that is risky? one the biggest threat is sql injections and now xml injections... but can u give some more info... like what commands do i need to use and what part of the website do i need to check?... what is penetration and black box testing for a php website? is there any software for this kind of testing... some part of the process can be automated... like grabbing all the links or urls and purposely bombarding them with sql statements. if i do the same from a professional, what should be a average cost for testing a website for security?... also Security is not something one can just slap on to the site after one finishes it -- It has to be a living breathing process that is in symbiosis with the life-cycle of the project. that is a beautiful statement... thanks a lot... sumeet Richard Lynch wrote: On Wed, November 22, 2006 11:20 am, Alain Roger wrote: Now that i finished the client side of the web application i would like to improve the security of my administration side of this web application. My web hoster support a shared SSL protocol, however i would like to do more than simply use the SSL... I think the amazing thing is that you just used simply and SSL in the same sentence... :-) SSL is a VERY safe way to ensure that the data traveling from the browser to the server, and data going back from server to browser, is secure in transit. SSL is pretty much the armored truck ploughing its way through the Internet, shedding bullets like a duck sheds water. Security is not something one can just slap on to the site after one finishes it -- It has to be a living breathing process that is in symbiosis with the life-cycle of the project. -- Thanking You Sumeet Shroff http://www.prateeksha.com Web Designers and PHP / Mysql Ecommerce Development, Mumbai India -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] security question
Western, Matthew wrote: where did u learn all the stuff?... ;-) Maybe reading the manual? thanks matthew, maybe we should all refer to forum and google, and stop posting in this forum can u please start first... thanks anyway...mani needed some silly sarcastic comments to get past my day. -- Thanking You Sumeet Shroff http://www.prateeksha.com Web Designers and PHP / Mysql Ecommerce Development, Mumbai India -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] security question
On Thu, 2006-11-23 at 09:56 +0530, Sumeet wrote: Western, Matthew wrote: where did u learn all the stuff?... ;-) Maybe reading the manual? thanks matthew, maybe we should all refer to forum and google Teach a man to fish... Cheers, Rob. -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] security question
On Wednesday 22 November 2006 22:38, Robert Cummings wrote: maybe we should all refer to forum and google Teach a man to fish... And you lose your monopoly on fisheries. -- Larry Garfield AIM: LOLG42 [EMAIL PROTECTED] ICQ: 6817012 If nature has made any one thing less susceptible than all others of exclusive property, it is the action of the thinking power called an idea, which an individual may exclusively possess as long as he keeps it to himself; but the moment it is divulged, it forces itself into the possession of every one, and the receiver cannot dispossess himself of it. -- Thomas Jefferson -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Programmatic POST
in PHP5, you could have a look at objects HTTPRequest and HTTPResponse. I never used them yet, though... vincent -Original Message- From: Brad Fuller [mailto:[EMAIL PROTECTED] Sent: Wed 22/11/2006 21:25 To: php-general@lists.php.net Subject: RE: [PHP] Programmatic POST -Original Message- From: Gabe [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 22, 2006 3:08 PM To: php-general@lists.php.net Subject: [PHP] Programmatic POST I'm looking to write a function that will receive the contents of a web form, do some data manipulation, then pass on the manipulated data to another URL via POST. Is there a built-in function in PHP that I can use to send the data to another URL via POST without a user having to click submit on a form? Yep. There are several. I prefer to use cURL. http://www.php.net/curl -B -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php