Re: [PHP] problems with exec()
What is the safe_mode value in your php.ini? To run exec the value of your safe_mode has to be OFF. [EMAIL PROTECTED] escribió: Try exec('/path/to/copy', $return); print_r($return); read the manual : http://nl3.php.net/manual/en/function.exec.php Description string exec ( string command [, array output [, int return_var]] ) gr, Thijs On Wed, 29 Nov 2006 23:22:13 -0700, Ray [EMAIL PROTECTED] wrote: hello; I am trying to write a script to do some auto configuration of my webserver. Part of the process involves copying some configuration files from other places on the server to a working directory where they can be modified. I am running freeBSD 6.0, Apache 2.2.3, php 5.1.5 I can't seem to get the exec() command to work. I have an external shell script called 'copy' that takes care of getting files. script is currently set to mode 777 when run from the shell it works perfectly. however, in the php script echo exec('whoami'); exec('/path/to/copy'); the only return is 'www' (the username correctly returned from whoami) also files aren't changed. any suggestions, pointers, log files to check would be appreciated as I have spent several hours on google, in manuals, etc. haven't tried the ougi board, but that's about it ;-) tia Ray -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] [PHP 4.4.5 / Apache 2.2.3] Abrupt and unrepeatable Segmentation fault (11)
Hi all! I'm having trouble with my server(s) for some weeks now and did not find any solution for now. My System is Opensuse 10.1 (32 bit) with Apache 2.2.3 and PHP 4.4.5-dev as apache module (latest stable CVS, but wasn't the solution). Im having abrupt segmentation faults in my Apache errorlog. Most frequently the problem seems to appear while accessing the start page of an actual Joomla installation, but i've had the error with an Worpress too. So it cannot be isolated to some php Scripts. Sadly i am not able to reproduce this error - when it appears it will not go until an apache restart, but then everything works fine for some time (maybe hours or even days). Here is a gdb backtrace of the request which died with a segmentation fault. Hopefully someon can help me with this. If you need any further details, tell me, and please also tell me how to obtain this information ;-). #0 0xb7fa91a4 in do_lookup_x () from /lib/ld-linux.so.2 #1 0xb7fa9587 in _dl_lookup_symbol_x () from /lib/ld-linux.so.2 #2 0xb7fad24d in _dl_fixup () from /lib/ld-linux.so.2 #3 0xb7fb2630 in _dl_runtime_resolve () from /lib/ld-linux.so.2 #4 0xb70f6029 in internal_getent () from /lib/libnss_files.so.2 #5 0xb70f6332 in _nss_files_gethostbyaddr_r () from /lib/libnss_files.so.2 #6 0xb7ddec22 in gethostbyaddr_r@@GLIBC_2.1.2 () from /lib/libc.so.6 #7 0xb7ddea32 in gethostbyaddr () from /lib/libc.so.6 #8 0xb79157fe in zif_gethostbyaddr (ht=1, return_value=0x8741224, this_ptr=0x0, return_value_used=1) at /usr/src/packages/BUILD/php4-4.4.4/ext/standard/dns.c:125 #9 0xb79b86ab in execute (op_array=0x856ff84) at /usr/src/packages/BUILD/php4-4.4.4/Zend/zend_execute.c:1675 #10 0xb79b42c7 in execute (op_array=0x856b3cc) at /usr/src/packages/BUILD/php4-4.4.4/Zend/zend_execute.c:1719 #11 0xb79a221e in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/src/packages/BUILD/php4-4.4.4/Zend/zend. #12 0xb7975215 in php_execute_script (primary_file=0xbfaee9d4) at /usr/src/packages/BUILD/php4-4.4.4/main/main.c:1752 #13 0xb79bc600 in php_handler (r=0x8596e68) at /usr/src/packages/BUILD/php4-4.4.4/sapi/apache2handler/sapi_apache2.c:581 #14 0x080796f9 in ap_run_handler () #15 0x08079e43 in ap_invoke_handler () #16 0x0809c1e0 in ap_process_request () #17 0x08098d62 in ap_process_http_connection () #18 0x08081b2b in ap_run_process_connection () #19 0x08081f38 in ap_process_connection () #20 0x080be32f in child_main () #21 0x080be511 in make_child () #22 0x080be762 in perform_idle_server_maintenance () #23 0x080bec8c in ap_mpm_run () #24 0x08062f06 in main () kind regards Jan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] problems with exec()
Think he's not getting an general error - just didn't read the manual concerning the return value of exec. kind regards jan Juanjo Pascual wrote: What is the safe_mode value in your php.ini? To run exec the value of your safe_mode has to be OFF. [EMAIL PROTECTED] escribió: Try exec('/path/to/copy', $return); print_r($return); read the manual : http://nl3.php.net/manual/en/function.exec.php Description string exec ( string command [, array output [, int return_var]] ) gr, Thijs On Wed, 29 Nov 2006 23:22:13 -0700, Ray [EMAIL PROTECTED] wrote: hello; I am trying to write a script to do some auto configuration of my webserver. Part of the process involves copying some configuration files from other places on the server to a working directory where they can be modified. I am running freeBSD 6.0, Apache 2.2.3, php 5.1.5 I can't seem to get the exec() command to work. I have an external shell script called 'copy' that takes care of getting files. script is currently set to mode 777 when run from the shell it works perfectly. however, in the php script echo exec('whoami'); exec('/path/to/copy'); the only return is 'www' (the username correctly returned from whoami) also files aren't changed. any suggestions, pointers, log files to check would be appreciated as I have spent several hours on google, in manuals, etc. haven't tried the ougi board, but that's about it ;-) tia Ray -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Detecting naughty sites
The Wikipedia article of the day provides some interesting facts about when if became naughty: http://en.wikipedia.org/wiki/History_of_erotic_depictions -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Tidy HTML source?
- Original Message - From: Paul Novitski [EMAIL PROTECTED] At 11/29/2006 05:13 AM, Satyam wrote: - Original Message - From: Paul Novitski [EMAIL PROTECTED] What I find to be a much greater problem is the human readability of logic code when HTML is mixed throughout. Your innovation is helpful here, as you're nearly making HTML tags into PHP key words, eliminating some of the literal quoting that makes PHP+HTML so tiresome. However, even with your pre-compiler the messy quotes are still there on the attribute level. The value of the attribute is any valid PHP expression and if they are literal strings there will be quotes, but then, you can also use heredoc if, for example, you are putting some JavaScript code into an event. If the value is a numeric value, there is no need for any quotes at all. In the end, the value of an attribute is any valid PHP expression and it follows PHP rules. XHTML, which I would hope you would lean toward in your pursuit of XML, does require quotes on all attributes: XHTMLT 1.0 4.4. Attribute values must always be quoted http://www.w3.org/TR/xhtml1/#h-4.4 Pht will always quote attribute values in its output, it does not require them on its input. The value of an attribute on a pht source can be anything that Php can take and somehow convert to a string, as per php rules. The output will always be quoted and escaped as required. And, stepping back, you're perpetuating the embedding of markup with logic so that it will still take a PHP programmer to modify the markup of one of your pages. Do you not see the advantage in separating the two layers? Yes, I do, and I would recommend using templates or similar tools to provide for separation of code and markup, but sometimes there are reasons not to do so, for example, web services. Please explain why you think web services promote mixing markup with logic. I didn't say it promotes but it does not require. In web services there is usually no presentation layer, there is no end user to see anything at all, then there is no need for a graphics designer separate from the application programmer. The application consuming that service might have to display the data, but the service does not. In fact, my original idea was some sort of embedded SQL as it exists for C, but I know it does not work quite Ok, in fact, it has been there for quite some time and it doesn't catch up. SQL is such a different kind of beast that it is hard to make it compatible. SQL cursors and error handling are concepts which are hard to blend into a procedural language so I believe it is better to handle SQL through functions where it is clearly separate from the language calling them. Thus, I thought, we have three main languages here, HTML, PHP and SQL. I know PHP and SQL don't mix well, how about the other end? That's when I started to think about this pre-compiler and found it to be a pretty logical mix. That's interesting, I don't have a problem allowing PHP MySQL to play together. I'm pretty happy with the PHP mysql function library in which the two communicate with strings and handles; and negotiation of SQL data structures maps nicely onto PHP logic blocks. Can you give an example of where you see the discord? Indeed, that's my point, the relationship in between php and Sql as it is, through function calls, is fine. Embedding SQL statements in the language is not. Google for Embed Sql and you will find samples of what it means. I try to separate the text of my SQL queries from my PHP logic in the same way that I try to separate PHP from HTML. Separating presentation, application and data layers by language (HTML, PHP and SQL) is the easy 'rule of thumb' way of doing it but it is not always the best. As I mentioned elsewhere, Wordpress separates each layer but not by language, the presentation layer section would still be hard on a graphic designer with no knowledge of PHP programming. The main reason to use templates is not the logic of the application but the abilities of the people and tools involved, graphic designers and editors on one side and coders on the other. That is quite a valid reason, but it might not be the prevailing one, specially, as I said, in web services, where there are no graphics involved. Cheers Satyam Warm regards, Paul -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] LDAP password question
Hi Ray, the question is for which reason you need to know something about the pwd ? to log on ? if yes, it's not needed. I personally did like that : 1. with login + pwd given by user, i try to bind. 2. if bind works, it means that user login+pwd are equal to AD login+pwd. 3. if error during bind, so error in pwd or login. that's all. Alain On 11/30/06, Ray Hauge [EMAIL PROTECTED] wrote: I'm working on integrating an application with an AD server, and I was wondering if the password is encrypted at all, or if I need to go through the troubles of setting up ldaps:// I checked the documentation, but I couldn't find any information about plain-text vs. encrypted. Thanks! -- Ray Hauge Application Development Lead American Student Loan Services www.americanstudentloan.com -- Alain Windows XP SP2 PostgreSQL 8.1.4 Apache 2.0.58 PHP 5
[PHP] Webbased Visual DOM Training Tool
Hi all I made a web based visual Document Object Model (DOM) Training Tool for my students: http://test.datenkueche.com (you need Firefox !!!) Before I torture my students with this tools, I would like to have some feedback from php mailinglist. This tool should help to learn the DOM Object of PHP5 http://www.php.net/manual/de/ref.dom.php There are 3 demos that shows you the functionality of the tool. For interactive training there are some html/xml files in a drop down list. You can also load files from http sources. There are also some special training files. The time you need to finish an exercise will be stored in a hi score list. have fun, give feedback Bernhard -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Help with strange include problem in PHP 5.2.0
Hi all, I have a strange problem including files in PHP 5.2.0 running on Unix. If I try to include a file using include 'filename.inc';, everything is fine. As soon as I try to put a . in front of the file name, for example include './filename.inc';, I get a failed to open stream: No such file or directory error. Does anyone have any suggestions as to what is going wrong?` This all works with php 4.4.4 built with the same environment and compiler on the same system. thanks Markus The files I am testing are: include.php: ?php $result = include 'filename.inc'; echo Result of first include = $result; $result = include './filename.inc'; echo Result of second include = $result; $result = include './include_test_dir/filename.inc'; echo Result of third include = $result; ? filename.inc: ?php echo I am the included file...; ? # ls -l total 6 -rw-r--r-- 1 root webservd 44 Nov 30 13:45 filename.inc -rw-r--r-- 1 root webservd 265 Nov 30 13:45 include.php drwxr-sr-x 2 root webservd 512 Nov 30 13:44 include_test_dir # ls -l include_test_dir/ total 2 -rw-r--r-- 1 root webservd 21 Nov 30 13:45 filename.inc -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] turning use session cookies off still uses cookies?
I asked a similar question the other day but I have been having an issue lately with my sessions and certain browsers. I then tried to set my session.use_cookies var in php.ini to 0 yet if I log in and don't have cookies turned on, the sessions still don't seem to work. Can I really use sessions without using cookies? Below is my code and sessions settings. If I can use sessions without cookies, seems like that would solve the issue of people having cookies turned on. Thanks, //this is from the login routine if ($this-db-getField('user_id')){ session_start(); $_SESSION['user']['user_id']=$this-db-getField('user_id'); $_SESSION['user']['email']=$this-db-getField('email'); return true; } ? //only show if they are logged in if (isset($_SESSION['user']['user_id']) !$_REQUEST['mlsid']){ //show something } ? Session Support enabled Registered save handlers files user Registered serializer handlers php php_binary wddx DirectiveLocal ValueMaster Value session.auto_startOffOff session.bug_compat_42OffOff session.bug_compat_warnOnOn session.cache_expire 180180 session.cache_limiternocachenocache session.cookie_domain*no value**no value* session.cookie_lifetime00 session.cookie_path// session.cookie_secure OffOff session.entropy_file*no value**no value* session.entropy_length00 session.gc_divisor10001000 session.gc_maxlifetime14401440 session.gc_probability11 session.hash_bits_per_character55 session.hash_function00 session.namePHPSESSIDPHPSESSID session.referer_check *no value**no value* session.save_handlerfilesfiles session.save_path /var/lib/php/session/var/lib/php/session session.serialize_handlerphpphp session.use_cookiesOffOff session.use_only_cookiesOffOff session.use_trans_sid00
Re: [PHP] Tidy HTML source?
Mark Kelly wrote: Am I crazy to make an extra effort in my code to make the generated HTML pretty? By this I mean linebreaks, indentation etc. - stuff that is aimed at readability rather than correctness. This is obviously above and beyond simply making sure it validates. It's not a huge burden by any means, but it *is* extra effort. tidy? look at http://www.php.net/tidy -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] LDAP password question
Hello, I was actually wondering if the PHP implementation of an LDAP client encodes the password before being sent, or if it sends the password in plain-text. The most information I've got on this subject, so far, is from http://adldap.sourceforge.net/faq.php Q. Why am I getting poor performance with Windows 2003 Server? A. Microsoft figured out that plain text passwords aren't a good thing and tightened the security on Windows 2003 Server. The passwords floating around with 2000 server were all encrypted but there are some new timeout problems during negotiation (I think). Anyways, I've set another LDAP option in version 1.2 to force encrypted passwords, and it has resolved this issue. After looking through their source code, this information seems to be for modifying passwords or creating a user. I would assume that passwords are plain text without SSL when using ldap_bind(). Thanks, -- Ray Hauge Application Development Lead American Student Loan Services www.americanstudentloan.com From: Alain Roger [mailto:[EMAIL PROTECTED] Sent: Thursday, November 30, 2006 6:15 AM To: Ray Hauge; PHP General List Subject: Re: [PHP] LDAP password question Hi Ray, the question is for which reason you need to know something about the pwd ? to log on ? if yes, it's not needed. I personally did like that : 1. with login + pwd given by user, i try to bind. 2. if bind works, it means that user login+pwd are equal to AD login+pwd. 3. if error during bind, so error in pwd or login. that's all. Alain On 11/30/06, Ray Hauge [EMAIL PROTECTED] wrote: I'm working on integrating an application with an AD server, and I was wondering if the password is encrypted at all, or if I need to go through the troubles of setting up ldaps:// I checked the documentation, but I couldn't find any information about plain-text vs. encrypted. Thanks! -- Ray Hauge Application Development Lead American Student Loan Services www.americanstudentloan.com -- Alain Windows XP SP2 PostgreSQL 8.1.4 Apache 2.0.58 PHP 5
Re: [PHP] hiding passwd in cmdlines that appear in the process list
Richard Lynch wrote: Don't use exec. ;-v yeah - which is annoying because outside of php/exec() using the `cat /path/2/myqyl/passwd` trick works (i.e. ps doesn't give the passwd away) thanks to everyone for there input - I have plenty to read/think about, I send something back to the list when i have decided upon and tested a working solutions thanks everyone! Or, perhaps, write a shell script that reads the password and provides it to MySQL somehow without invoking another exec of some kind. You also could look into other MySQL authentication mechanisms such as SSL keys and whatnot -- which I only vaguely recall seeing somewhere in the MySQL docs. That might still end up with a PHP/world readable file that has a private key in it, but at least it requires the Bad Guy to take one more step to read said file. On Wed, November 29, 2006 6:10 am, Jochem Maas wrote: I have been using exec() for a number of things recently - one of the things I'm using it for it to run mysql in order to import SQL scripts so I have some code that looks like: // build the cmdline $cmd = sprintf('mysql -h %s --user=%s --password=`cat %s` -D %s %s 21', MYSQL_SERVER, MYSQL_ROOT_USER, $rootPasswdFile, $data['db_name']['value'], $file); // run the mysql command via the cmdline $output = array(); $exit = 0; @exec($cmd, $output, $exit); everything works. but there is a security issue - one that I thought I had specifically tackled. the security issue occurs due to the fact that the process list (this is just linux I'm talking about) will show the complete command line, which in my case would look something like (in the processlist): mysql -h localhost --user=admin --password=`cat /my/sql/root/passwd/file` -D somedb /my/import/script.sql 21 AH I hear you say but the wily use of `cat /my/sql/root/passwd/file` masks the actual password from any looking in the process list. indeed undeer normal shell scripting circumstances that may have been true. BUT in using php's exec() to run the cmdline causes the following to show up in the processlist: sh -c mysql -h localhost --user=admin --password=`cat /my/sql/root/passwd/file` -D somedb /my/import/script.sql 21 AND that [sub]shell then lists it's process[s] in the list also, there is only one and it is this: mysql -h localhost --user=admin --password=MYFINGPWD -D somedb does anyone have an idea how to over come this security issue (without resorting to having to type in the mysql admin passwd interactively!) thanks regards, Jochem -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] SEGINT, readline extension clean script exit - how to do it
hi Richard, Richard Lynch wrote: On Tue, November 28, 2006 7:25 am, Jochem Maas wrote: so the question is how can I use readline() and handle the SIGINT gracefully whilst not waiting for readline() to return control to my script? I'm just guessing here, but you probably don't. I guess so too. would you consider it a bug that php defers the processing of system signals whilst readline() is waiting to return control to the script? and what is the likelihood that this has anything to do with php? if it is down to the readline extension itself I would be surprised - I would have expected a lib like GNU's readline to take account of signals and handle them correctly/gracefully. You could, howver, write your own PHP function similar to readline, only without whatever is in readline that ignores/buffers signals. You'd want something like an fread($x, 1) on a non-blocking stream, and then build up the string character by character, until you get a newline. I can live with it the way it is - having followed your battle with non-blocking madness in various threads in the past I don't feel much for diving into that abyss myself (it doesn't help that my undertstanding of streams is patchy at best!) one day the readline annoyance will start to grate so much I'll be forced to look into it :-) no doubt I'll get stuck and need the help of a Non-Blocking 'expert' anyway, thanks for all you input (on every question I posed in last few days!) regard, Jochem -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] problems with exec()
Hi, thanks for your help. I was using exec('/path/to/copy', $return); var_dump($return); (but I simplified it for posting) and I was still getting no output. actually, the return value is the least of my concerns, I just want this script to move some files around and the script works from the command line. as for safe_mode, it's off. Also the whoami in the previous line works as expected. Any pointers would be appreciared. Tia Ray -Original Message- From: Jan Schröter [EMAIL PROTECTED] To: php-general@lists.php.net Date: Thu, 30 Nov 2006 09:09:49 +0100 Subject: Re: [PHP] problems with exec() Think he's not getting an general error - just didn't read the manual concerning the return value of exec. kind regards jan Juanjo Pascual wrote: What is the safe_mode value in your php.ini? To run exec the value of your safe_mode has to be OFF. [EMAIL PROTECTED] escribió: Try exec('/path/to/copy', $return); print_r($return); read the manual : http://nl3.php.net/manual/en/function.exec.php Description string exec ( string command [, array output [, int return_var]] ) gr, Thijs On Wed, 29 Nov 2006 23:22:13 -0700, Ray [EMAIL PROTECTED] wrote: hello; I am trying to write a script to do some auto configuration of my webserver. Part of the process involves copying some configuration files from other places on the server to a working directory where they can be modified. I am running freeBSD 6.0, Apache 2.2.3, php 5.1.5 I can't seem to get the exec() command to work. I have an external shell script called 'copy' that takes care of getting files. script is currently set to mode 777 when run from the shell it works perfectly. however, in the php script echo exec('whoami'); exec('/path/to/copy'); the only return is 'www' (the username correctly returned from whoami) also files aren't changed. any suggestions, pointers, log files to check would be appreciated as I have spent several hours on google, in manuals, etc. haven't tried the ougi board, but that's about it ;-) tia Ray -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] turning use session cookies off still uses cookies?
look at this inside the PHP.INI ; trans sid support is disabled by default. ; Use of trans sid may risk your users security. ; Use this option with caution. ; - User may send URL contains active session ID ; to other person via. email/irc/etc. ; - URL that contains active session ID may be stored ; in publically accessible computer. ; - User may access your site with the same session ID ; always using URL stored in browser's history or bookmarks. session.use_trans_sid = 0 vincent -Original Message- From: blackwater dev [mailto:[EMAIL PROTECTED] Sent: Thu 30/11/2006 14:42 To: php-general@lists.php.net Subject: [PHP] turning use session cookies off still uses cookies? I asked a similar question the other day but I have been having an issue lately with my sessions and certain browsers. I then tried to set my session.use_cookies var in php.ini to 0 yet if I log in and don't have cookies turned on, the sessions still don't seem to work. Can I really use sessions without using cookies? Below is my code and sessions settings. If I can use sessions without cookies, seems like that would solve the issue of people having cookies turned on. Thanks, //this is from the login routine if ($this-db-getField('user_id')){ session_start(); $_SESSION['user']['user_id']=$this-db-getField('user_id'); $_SESSION['user']['email']=$this-db-getField('email'); return true; } ? //only show if they are logged in if (isset($_SESSION['user']['user_id']) !$_REQUEST['mlsid']){ //show something } ? Session Support enabled Registered save handlers files user Registered serializer handlers php php_binary wddx DirectiveLocal ValueMaster Value session.auto_startOffOff session.bug_compat_42OffOff session.bug_compat_warnOnOn session.cache_expire 180180 session.cache_limiternocachenocache session.cookie_domain*no value**no value* session.cookie_lifetime00 session.cookie_path// session.cookie_secure OffOff session.entropy_file*no value**no value* session.entropy_length00 session.gc_divisor10001000 session.gc_maxlifetime14401440 session.gc_probability11 session.hash_bits_per_character55 session.hash_function00 session.namePHPSESSIDPHPSESSID session.referer_check *no value**no value* session.save_handlerfilesfiles session.save_path /var/lib/php/session/var/lib/php/session session.serialize_handlerphpphp session.use_cookiesOffOff session.use_only_cookiesOffOff session.use_trans_sid00 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] turning use session cookies off still uses cookies?
hello, you can use sessions without cookies by asking PHP to ad the sessionid into every link on your website. I don't remember how to do this, but there should be a php_ini directive, and more info on the php.net/manual website. vincent -Original Message- From: blackwater dev [mailto:[EMAIL PROTECTED] Sent: Thu 30/11/2006 14:42 To: php-general@lists.php.net Subject: [PHP] turning use session cookies off still uses cookies? I asked a similar question the other day but I have been having an issue lately with my sessions and certain browsers. I then tried to set my session.use_cookies var in php.ini to 0 yet if I log in and don't have cookies turned on, the sessions still don't seem to work. Can I really use sessions without using cookies? Below is my code and sessions settings. If I can use sessions without cookies, seems like that would solve the issue of people having cookies turned on. Thanks, //this is from the login routine if ($this-db-getField('user_id')){ session_start(); $_SESSION['user']['user_id']=$this-db-getField('user_id'); $_SESSION['user']['email']=$this-db-getField('email'); return true; } ? //only show if they are logged in if (isset($_SESSION['user']['user_id']) !$_REQUEST['mlsid']){ //show something } ? Session Support enabled Registered save handlers files user Registered serializer handlers php php_binary wddx DirectiveLocal ValueMaster Value session.auto_startOffOff session.bug_compat_42OffOff session.bug_compat_warnOnOn session.cache_expire 180180 session.cache_limiternocachenocache session.cookie_domain*no value**no value* session.cookie_lifetime00 session.cookie_path// session.cookie_secure OffOff session.entropy_file*no value**no value* session.entropy_length00 session.gc_divisor10001000 session.gc_maxlifetime14401440 session.gc_probability11 session.hash_bits_per_character55 session.hash_function00 session.namePHPSESSIDPHPSESSID session.referer_check *no value**no value* session.save_handlerfilesfiles session.save_path /var/lib/php/session/var/lib/php/session session.serialize_handlerphpphp session.use_cookiesOffOff session.use_only_cookiesOffOff session.use_trans_sid00 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] problems with exec()
Output you will only get if something goes wrong with the copy process. But then again you say the 'whoami' command runs perfect. So the only things that comes to my sleepy brain is incorrect paths or permissions. Tried it here with 5.2 and 4.4.4 and seems to work. Maybe somebody else has a clue what's going on. On Thu, 30 Nov 2006 07:40:45 -0700, Ray [EMAIL PROTECTED] wrote: Hi, thanks for your help. I was using exec('/path/to/copy', $return); var_dump($return); (but I simplified it for posting) and I was still getting no output. actually, the return value is the least of my concerns, I just want this script to move some files around and the script works from the command line. as for safe_mode, it's off. Also the whoami in the previous line works as expected. Any pointers would be appreciared. Tia Ray -Original Message- From: Jan Schröter [EMAIL PROTECTED] To: php-general@lists.php.net Date: Thu, 30 Nov 2006 09:09:49 +0100 Subject: Re: [PHP] problems with exec() Think he's not getting an general error - just didn't read the manual concerning the return value of exec. kind regards jan Juanjo Pascual wrote: What is the safe_mode value in your php.ini? To run exec the value of your safe_mode has to be OFF. [EMAIL PROTECTED] escribió: Try exec('/path/to/copy', $return); print_r($return); read the manual : http://nl3.php.net/manual/en/function.exec.php Description string exec ( string command [, array output [, int return_var]] ) gr, Thijs On Wed, 29 Nov 2006 23:22:13 -0700, Ray [EMAIL PROTECTED] wrote: hello; I am trying to write a script to do some auto configuration of my webserver. Part of the process involves copying some configuration files from other places on the server to a working directory where they can be modified. I am running freeBSD 6.0, Apache 2.2.3, php 5.1.5 I can't seem to get the exec() command to work. I have an external shell script called 'copy' that takes care of getting files. script is currently set to mode 777 when run from the shell it works perfectly. however, in the php script echo exec('whoami'); exec('/path/to/copy'); the only return is 'www' (the username correctly returned from whoami) also files aren't changed. any suggestions, pointers, log files to check would be appreciated as I have spent several hours on google, in manuals, etc. haven't tried the ougi board, but that's about it ;-) tia Ray -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] hiding passwd in cmdlines that appear in the process list
Hi !. I don't know if my solution is better or not. but in one of my programs i had to make a backup online then my solution was to use shell vars to put important information like db_password . When we use putenv function those var only exists on the current shell and on its subshells. In your case the following code : ?php putenv(DBNAME=.DB_NAME); putenv(DBUSER=.DB_USER); putenv(DBPASSWD=.DB_PASSWD); system('mysql -h localhost --user=$DBUSER --password=$DBPASSWD -D $DBNAME /my/import/script.sql 21'); ? On 11/30/06, Jochem Maas [EMAIL PROTECTED] wrote: Richard Lynch wrote: Don't use exec. ;-v yeah - which is annoying because outside of php/exec() using the `cat /path/2/myqyl/passwd` trick works (i.e. ps doesn't give the passwd away) thanks to everyone for there input - I have plenty to read/think about, I send something back to the list when i have decided upon and tested a working solutions thanks everyone! Or, perhaps, write a shell script that reads the password and provides it to MySQL somehow without invoking another exec of some kind. You also could look into other MySQL authentication mechanisms such as SSL keys and whatnot -- which I only vaguely recall seeing somewhere in the MySQL docs. That might still end up with a PHP/world readable file that has a private key in it, but at least it requires the Bad Guy to take one more step to read said file. On Wed, November 29, 2006 6:10 am, Jochem Maas wrote: I have been using exec() for a number of things recently - one of the things I'm using it for it to run mysql in order to import SQL scripts so I have some code that looks like: // build the cmdline $cmd = sprintf('mysql -h %s --user=%s --password=`cat %s` -D %s %s 21', MYSQL_SERVER, MYSQL_ROOT_USER, $rootPasswdFile, $data['db_name']['value'], $file); // run the mysql command via the cmdline $output = array(); $exit = 0; @exec($cmd, $output, $exit); everything works. but there is a security issue - one that I thought I had specifically tackled. the security issue occurs due to the fact that the process list (this is just linux I'm talking about) will show the complete command line, which in my case would look something like (in the processlist): mysql -h localhost --user=admin --password=`cat /my/sql/root/passwd/file` -D somedb /my/import/script.sql 21 AH I hear you say but the wily use of `cat /my/sql/root/passwd/file` masks the actual password from any looking in the process list. indeed undeer normal shell scripting circumstances that may have been true. BUT in using php's exec() to run the cmdline causes the following to show up in the processlist: sh -c mysql -h localhost --user=admin --password=`cat /my/sql/root/passwd/file` -D somedb /my/import/script.sql 21 AND that [sub]shell then lists it's process[s] in the list also, there is only one and it is this: mysql -h localhost --user=admin --password=MYFINGPWD -D somedb does anyone have an idea how to over come this security issue (without resorting to having to type in the mysql admin passwd interactively!) thanks regards, Jochem -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] hiding passwd in cmdlines that appear in the process list
Edwin Barrios wrote: Hi !. I don't know if my solution is better or not. neither do I! but I'm certainly going to give the alternative a go and see what exsact it shows in the process list. thanks for the tip! but in one of my programs i had to make a backup online then my solution was to use shell vars to put important information like db_password . When we use putenv function those var only exists on the current shell and on its subshells. In your case the following code : ?php putenv(DBNAME=.DB_NAME); putenv(DBUSER=.DB_USER); putenv(DBPASSWD=.DB_PASSWD); system('mysql -h localhost --user=$DBUSER --password=$DBPASSWD -D $DBNAME /my/import/script.sql 21'); ? On 11/30/06, Jochem Maas [EMAIL PROTECTED] wrote: Richard Lynch wrote: Don't use exec. ;-v yeah - which is annoying because outside of php/exec() using the `cat /path/2/myqyl/passwd` trick works (i.e. ps doesn't give the passwd away) thanks to everyone for there input - I have plenty to read/think about, I send something back to the list when i have decided upon and tested a working solutions thanks everyone! Or, perhaps, write a shell script that reads the password and provides it to MySQL somehow without invoking another exec of some kind. You also could look into other MySQL authentication mechanisms such as SSL keys and whatnot -- which I only vaguely recall seeing somewhere in the MySQL docs. That might still end up with a PHP/world readable file that has a private key in it, but at least it requires the Bad Guy to take one more step to read said file. On Wed, November 29, 2006 6:10 am, Jochem Maas wrote: I have been using exec() for a number of things recently - one of the things I'm using it for it to run mysql in order to import SQL scripts so I have some code that looks like: // build the cmdline $cmd = sprintf('mysql -h %s --user=%s --password=`cat %s` -D %s %s 21', MYSQL_SERVER, MYSQL_ROOT_USER, $rootPasswdFile, $data['db_name']['value'], $file); // run the mysql command via the cmdline $output = array(); $exit = 0; @exec($cmd, $output, $exit); everything works. but there is a security issue - one that I thought I had specifically tackled. the security issue occurs due to the fact that the process list (this is just linux I'm talking about) will show the complete command line, which in my case would look something like (in the processlist): mysql -h localhost --user=admin --password=`cat /my/sql/root/passwd/file` -D somedb /my/import/script.sql 21 AH I hear you say but the wily use of `cat /my/sql/root/passwd/file` masks the actual password from any looking in the process list. indeed undeer normal shell scripting circumstances that may have been true. BUT in using php's exec() to run the cmdline causes the following to show up in the processlist: sh -c mysql -h localhost --user=admin --password=`cat /my/sql/root/passwd/file` -D somedb /my/import/script.sql 21 AND that [sub]shell then lists it's process[s] in the list also, there is only one and it is this: mysql -h localhost --user=admin --password=MYFINGPWD -D somedb does anyone have an idea how to over come this security issue (without resorting to having to type in the mysql admin passwd interactively!) thanks regards, Jochem -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Issues with tidy and utf-8 encoding
Hi list, this is my first post and I've only been lurking around these premises for the past week. I've been running into some strange issues with tidy. When I try and output my HTML in utf-8 all the accentuated characters come out as total gobbledeegook. I've have no issues echoing a string via utf8_encode(), the browser picks up the right encoding and everything comes out fine. The only workaround I've found so far is this : $tidy = new tidy; $tidy-parseString(utf8_encode($html), $config, 'utf8'); $tidy-cleanRepair(); echo $tidy; Which is really dodgy if you ask me. Has anyone run into the same kind of problem before? I've set a meta tag as follows, but that seems to be modified by tidy on the fly if ever the used encoding differs from the one indicated in the meta tag. meta http-equiv=Content-Type content=text/html; charset=utf-8 / Any help would be greatly appreciated. Cheers, Youri -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] magic_quotes
Chris schrieb: That part is correct. You shouldn't need to use addslashes - use mysql_real_escape_string or mysql_escape_string depending on your (current) php version - they are both locale aware and will escape things for you depending on mysql server (re: language setup). Then just use htmlentities to display on the frontend rather than using stripslashes. Of course other db's have similar functions, check the manual. -- Sorry I sent you this email to your personal account, Chris. Morning, Just a question out of pure curiosity. Why would one prefer using mysql_real_escape_string (I'm using 5.1.6 so mysql_escape_string is deprecated). and htmlentities instead of addslashes and stripslashes? I'm going to guess the main reason is to stop SQL injections? But wouldn't add- and stripslashes do the same? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] magic_quotes
On Thu, 2006-11-30 at 10:37 -0600, Johannes Lindenbaum wrote: Chris schrieb: That part is correct. You shouldn't need to use addslashes - use mysql_real_escape_string or mysql_escape_string depending on your (current) php version - they are both locale aware and will escape things for you depending on mysql server (re: language setup). Then just use htmlentities to display on the frontend rather than using stripslashes. Of course other db's have similar functions, check the manual. -- Sorry I sent you this email to your personal account, Chris. Morning, Just a question out of pure curiosity. Why would one prefer using mysql_real_escape_string (I'm using 5.1.6 so mysql_escape_string is deprecated). and htmlentities instead of addslashes and stripslashes? I'm going to guess the main reason is to stop SQL injections? But wouldn't add- and stripslashes do the same? addslashes() and stripslashes() are generic and don't properly take into consideration character set for the given database table. It states this explciitly int he help for mysql_real_escape_string(): Escapes special characters in the unescaped_string, taking into account the current character set of the connection so that it is safe to place it in a mysql_query(). If binary data is to be inserted, this function must be used. Cheers, Rob. -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] magic_quotes
On 11/30/06, Johannes Lindenbaum [EMAIL PROTECTED] wrote: And on retrieval stripslashes(). You shouldn't have to stripslashes your data coming from the DB. Addslashes and friends exist to escape your data. It is not part of your data. So when you INSERT Jingle\'s Bells when you retrieve it you should have Jingle's Bells not Jingle\'s Bells because \ was syntax to escape the single quote. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Issues with tidy and utf-8 encoding
On Thu, November 30, 2006 10:21 am, Youri LACAN-BARTLEY wrote: Which is really dodgy if you ask me. ... I've set a meta tag as follows, but that seems to be modified by tidy on the fly if ever the used encoding differs from the one indicated in the meta tag. E. Using an encoding other than what's indicated in the META tag seems like the dodgy thing to me. :-) :-) :-) meta http-equiv=Content-Type content=text/html; charset=utf-8 / Also make sure that you are sending proper header: Content-type: text/html; charset=utf-8 Firefox et al trust headers. IE trusts only META tags, and ignore headers. Don't ask me why. If Tidy really is messing up the charset/encoding, I can't help you with that part of it -- I just know that it will SEEM messed up in a browser until you get both headers and META tags agreeing with what you actually send. -- Some people have a gift link here. Know what I want? I want you to buy a CD from some starving artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] SEGINT, readline extension clean script exit - how to do it
On Thu, November 30, 2006 8:41 am, Jochem Maas wrote: hi Richard, Richard Lynch wrote: On Tue, November 28, 2006 7:25 am, Jochem Maas wrote: so the question is how can I use readline() and handle the SIGINT gracefully whilst not waiting for readline() to return control to my script? I'm just guessing here, but you probably don't. I guess so too. would you consider it a bug that php defers the processing of system signals whilst readline() is waiting to return control to the script? and what is the likelihood that this has anything to do with php? if it is down to the readline extension itself I would be surprised - I would have expected a lib like GNU's readline to take account of signals and handle them correctly/gracefully. From the outside looking in, it seems like it shouldn't do that... My first guess is that it has to for some geeky reason that would take me weeks and weeks to figure out, assuming I could even manage to read that C source at all. But it's entirely possible that it's just a silly simple mistake/oversight down in the guts of PHP somewhere. A query to PHP-DEV list followed up by a well-written bug report would probably take care of that, if it's the case. You could, howver, write your own PHP function similar to readline, only without whatever is in readline that ignores/buffers signals. You'd want something like an fread($x, 1) on a non-blocking stream, and then build up the string character by character, until you get a newline. I can live with it the way it is - having followed your battle with non-blocking madness in various threads in the past I don't feel much for diving into that abyss myself (it doesn't help that my undertstanding of streams is patchy at best!) Keep in mind that my understanding of streams is no better than yours! I do know that the trick is to use ini_set() to change the timeout of a stream connection to 0, so it won't block on connection. My attempts to add that to User Contributed Notes were rebuffed, however, so I don't see any good way to document it with the stream_set_blocking function where every newbie always looks for it. PS For most of a decade, finding more time to mess with the PHP source and try to contribute something useful has been on my To Do list... Sigh. -- Some people have a gift link here. Know what I want? I want you to buy a CD from some starving artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] hiding passwd in cmdlines that appear in the process list
On Thu, November 30, 2006 9:59 am, Edwin Barrios wrote: I don't know if my solution is better or not. but in one of my programs i had to make a backup online then my solution was to use shell vars to put important information like db_password . When we use putenv function those var only exists on the current shell and on its subshells. In your case the following code : ?php putenv(DBNAME=.DB_NAME); putenv(DBUSER=.DB_USER); putenv(DBPASSWD=.DB_PASSWD); system('mysql -h localhost --user=$DBUSER --password=$DBPASSWD -D $DBNAME /my/import/script.sql 21'); ? This solution, as most good ones, has pros and cons: Pro: Does keep the password from being exposed in the normal course of operations. Con: A simple debug statement to dump out all of ENV / $_GLOBALS will expose the password. So you have to ask yourself if you and all your employees and all the scripts you ever install, including any forums etc, are for sure never ever going to dump that password out in an attempt to debug something else. For a solo developer or even a small team, with all custom hand-coded stuff, this is pretty easy. But once your application blows up and you have a larger team, or you start caving in to client demands to install badly-written forums/carts/blogware, you are open to a potential security hole which: has two seemingly unrelated contributing causes the two causes can be years apart in time both are simple straight-forward obvious Right Things to do So you have to weigh carefully the Risks, and DOCUMENT what you did and DOCUMENT what *not* to do in the future to expose this sensitive data. -- Some people have a gift link here. Know what I want? I want you to buy a CD from some starving artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] regular expressions
At 11:42 PM +0200 11/29/06, Dotan Cohen wrote: On 20/11/06, Paul Novitski [EMAIL PROTECTED] wrote: -snip- Paul, I just got around to reading this thread. The post of yours that I quote above has got to be one of the best posts that I've read in the 5 years that I've been on and off the php list. The way you break that regex down taught me things that have eluded me for half a decade. Although I have nothing to do with the OP, I really want to say thanks for that bit of information. Paul: Same here -- and I saved your explanation in my references to review. You ought to put that on your site. Very well done. tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] turning use session cookies off still uses cookies?
On Thu, November 30, 2006 7:42 am, blackwater dev wrote: I asked a similar question the other day but I have been having an issue lately with my sessions and certain browsers. I then tried to set my session.use_cookies var in php.ini to 0 yet if I log in and don't have cookies turned on, the sessions still don't seem to work. Can I really use sessions without using cookies? Below is my code and sessions settings. One can really use session without cookies. PHP splices the SID (session_id) into every URL, and every ACTION in FORM tags, every IMG SRC, and various other places I won't try to list all of. If I can use sessions without cookies, seems like that would solve the issue of people having cookies turned on. If, in fact, the problem is related to browser acceptance/rejection of cookies, it would have solved that, assuming you had stopped/started Apache and gotten the right php.ini file changed and so on, so you really did tell PHP to never use cookies and use the URL to pass the session ID. session.use_cookiesOffOff session.use_only_cookiesOffOff session.use_trans_sid00 Here, however, it is clear that you turned OFF cookies, but did not turn ON trans_sid. You've got to have at least one or the other on to get the session ID to propogate from page to page. There is no Session ID Fairy to pass the ID back and forth :-) Turn trans_sid ON and test again, and you'll know if it was, in fact, a cookie issue. -- Some people have a gift link here. Know what I want? I want you to buy a CD from some starving artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Tidy HTML source?
At 11/30/2006 01:52 AM, Satyam wrote: And, stepping back, you're perpetuating the embedding of markup with logic so that it will still take a PHP programmer to modify the markup of one of your pages. Do you not see the advantage in separating the two layers? Yes, I do, and I would recommend using templates or similar tools to provide for separation of code and markup, but sometimes there are reasons not to do so, for example, web services. Please explain why you think web services promote mixing markup with logic. I didn't say it promotes but it does not require. In web services there is usually no presentation layer, there is no end user to see anything at all, then there is no need for a graphics designer separate from the application programmer. The application consuming that service might have to display the data, but the service does not. To reach clarity on this point, let's leave presentation out of it. I was referring to the separation of presentation from markup merely to suggest an analagous separation that many of us have accepted as being helpful to design, development, and maintenance. What I'm really curious about in this discussion is the separation of markup from logic. With respect to separating code and markup, you said sometimes there are reasons not to do so, for example, web services. What are some of those reasons? Cheers, Paul -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Webbased Visual DOM Training Tool
On Thu, November 30, 2006 6:56 am, Bernhard Zwischenbrugger wrote: I made a web based visual Document Object Model (DOM) Training Tool for my students: http://test.datenkueche.com (you need Firefox !!!) I found it annoying that I couldn't break out of demo1 by clicking on demo2 demo1 demo2 demo3 should probably change cursor or something to appear more clickable I didn't really understand what I was looking at, or why I'd want it or what I was supposed to learn from it... It looked very slick, but had an awful lot of repition of filling in some DOM field and clicking do it. I don't really need to see that more than a couple times to know I can fill in those fields and click do it. What I *do* need to know is what they heck to put in those boxes... bodylist listbody bodyList listBody I have no idea which of the above 4, if any, is the right thing to put in the box, and doubt that I'd figure it out any time soon... There are also some special training files. The time you need to finish an exercise will be stored in a hi score list. I'm not sure I even figured out how to START an exercise, much less finish it... Maybe I'm just the village idiot, but I needed a bit more instruction on what the heck I was supposed to be doing... Or maybe that's covered in a classroom somewhere. It was definitely very slick though, whatever it was. -- Some people have a gift link here. Know what I want? I want you to buy a CD from some starving artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Help with strange include problem in PHP 5.2.0
On Thu, November 30, 2006 6:49 am, Markus Mayer wrote: I have a strange problem including files in PHP 5.2.0 running on Unix. If I try to include a file using include 'filename.inc';, everything is fine. As soon as I try to put a . in front of the file name, for example include './filename.inc';, I get a failed to open stream: No such file or directory error. Does anyone have any suggestions as to what is going wrong?` This all works with php 4.4.4 built with the same environment and compiler on the same system. What is your include path in PHP 5.2.0? I'm going to go out on a limb and bet a dollar that the PHP 4.4.4 include_path has . as one element within the list and that the PHP 5.2.0 include_path does NOT have . within the list. I.e.: 4.4.4 include_path .:include_test_dir 5.2.0 include_path include_test_dir In the first case, 4.4.4, you've got . in there, so . combined with ./ will find the file you want. In the second case, 5.2.0, you've got no . in there, so ./ is looking in a directory, not the directory you expect, and it ain't finding the file because it's not there. Rant #24, not directed at Markus, but the world at large :-) PHP developers should understand and use include_path instead of hacking up their source with hard-coded paths and weird sub-directory / parent-directory hacks in include/require statements. It drives me nuts when I install nice software packages, but I can't put their components where I want them. End result: rm -rf [insert your nifty project directory name here] -- Some people have a gift link here. Know what I want? I want you to buy a CD from some starving artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] hiding passwd in cmdlines that appear in the process list
On 11/30/06, Richard Lynch [EMAIL PROTECTED] wrote: On Thu, November 30, 2006 9:59 am, Edwin Barrios wrote: I don't know if my solution is better or not. but in one of my programs i had to make a backup online then my solution was to use shell vars to put important information like db_password . When we use putenv function those var only exists on the current shell and on its subshells. In your case the following code : ?php putenv(DBNAME=.DB_NAME); putenv(DBUSER=.DB_USER); putenv(DBPASSWD=.DB_PASSWD); system('mysql -h localhost --user=$DBUSER --password=$DBPASSWD -D $DBNAME /my/import/script.sql 21'); ? This solution, as most good ones, has pros and cons: Pro: Does keep the password from being exposed in the normal course of operations. Con: This is not triue because a shell vars declered on a shell is only exposed to its subshells, that means that only exec's and system functions calls into the php itself resive those vars declared into the php ! You can see this argument in the following code ?php error_reporting(E_ALL); echo OLD pre; system(env); echo /pre; putenv(DBNAME=sidf); putenv(DBUSER=p); putenv(DBPASSWD=p); echo NEW pre; system(env); echo /pre; ? and reloading these a couple of times. A simple debug statement to dump out all of ENV / $_GLOBALS will expose the password. So you have to ask yourself if you and all your employees and all the scripts you ever install, including any forums etc, are for sure never ever going to dump that password out in an attempt to debug something else. For a solo developer or even a small team, with all custom hand-coded stuff, this is pretty easy. But once your application blows up and you have a larger team, or you start caving in to client demands to install badly-written forums/carts/blogware, you are open to a potential security hole which: has two seemingly unrelated contributing causes the two causes can be years apart in time both are simple straight-forward obvious Right Things to do So you have to weigh carefully the Risks, and DOCUMENT what you did and DOCUMENT what *not* to do in the future to expose this sensitive data. -- Some people have a gift link here. Know what I want? I want you to buy a CD from some starving artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So?
Re: [PHP] magic_quotes
On Wed, November 29, 2006 11:55 pm, Johannes Lindenbaum wrote: But... magic_quotes. If my understanding is correct magic quotes will give ', and \ (for ASCII characters, e.g. \n) a preceding backslash to escape it. I also see that magic_quotes_gpc() is On by default. So all data in $_POST and $_GET etc. has escaping backslashes. Yes, but the problem is that *ALL* data in GET/POST has the escaping backslashes as if it were ASCII data, and it may *NOT* be ASCII data. It might be UTF-8. It might be UTF-16. It might be some charset you've never even heard of. And guess what? addslashes() on non-ASCII data, UTF-8 for example, is like a condom with a hole in it. If in a .htaccess I should set php_flag magic_quotes_gpc Off That would lead to $_POST data like Jingle's Bells to be passed as Jingle's Bells, not Jingle\'s Bells. Usually most of my $_POST data gets written into a MySQL table to which I perform addslashes(). Switch to: http://php.net/mysql_real_escape_string And on retrieval stripslashes(). No, no, and no. You do *NOT* use stripslashes() on the data coming OUT of MySQL. Unless you've already screwed up and done BOTH addslashes() and MagicQuotes, which in essence did addslashes() twice, so you added bogus data to your database. Jingle's Bells + [magic quotes] === Jingle\'s Bells + [addslashes] === Jingle\\\'s Bells Corrupt data in MySQL: Jingle\'s Bells The whole point of this escaping is to identify characters that MySQL should store as data, rather than interpret as non-data Jingle's Bells + [magic quotes *OR* addslashes *OR* mysql_real_escape_string] = Jingle\'s Bells == Correct data in MySQL: Jingle's Bells Once you've done that correctly, what MySQL actually stores is the data, not the escapes it needed to identify the data. So if you find yourself using stripslashes() on your MySQL data to get it right, then, in reality, you've already screwed up and stored non-data as data. So go back and fix your script to NOT double-escape the input, then fix your bad data in MySQL to NOT have non-data (\ escape character) as part of your data. This is going to be a major pain, I know, but you'll only make it worse the longer you put it off. It will be a whole lot easier if you can freeze the input routines to not take anything in between the time you fix those and when you fix the data within the database... If not, you'll want to note EXACTLY which rows have corrupted extra backslashes and which do not, so you can apply stripslashes() to only the corrupt data. If I keep on doing that - and just start coding with magic_quotes_gpc Off - my scripts shouldn't alter behaviour upon PHP 6 arrival, should they? You are correct that turning off magic_quotes_gpc is a good way to prepare for PHP 6. This has been rant #53, brought to you by the character \ :-) :-) :-) -- Some people have a gift link here. Know what I want? I want you to buy a CD from some starving artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] cURL: can't prevent url redirect
On Wed, November 29, 2006 10:09 pm, Andrew Warner wrote: This login script works when I use Snoopy (php http class), but here with php curl the response is the redirected page. The script is following a 302 redirect and I don't want it to because I need some header info from the 302 page. The curl_setopt($ch, CURLOPT_MAXREDIRS, 0); doesn't seem to be preventing redirect: $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_MAXREDIRS, 0); //curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0); Put that line back in there, and parse the headers for yourself, and do the 302 in another curl request. I *think* that should work... -- Some people have a gift link here. Know what I want? I want you to buy a CD from some starving artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] cURL: can't prevent url redirect
On Wed, November 29, 2006 11:26 pm, Andrew Warner wrote: Actually, the problem is that the site isn't recognizing my cookies. Is there anything wrong with the below code? Same thing in Snoopy works perfectly. Going to stick with Snoopy. $the_headers = array( Language: en, Accept: */*, User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/418.9 (KHTML, like Gecko) Safari/419.3, Content-type: text/html ); $restored_cookies = restore_cookies (); foreach($restored_cookies as $name=$value) array_push($the_headers, Cookie: .$name.'='.$value); // headers look good: echo 'pre'; print_r($the_headers); echo '/pre'; $ch = curl_init($url); curl_setopt($ch, CURLOPT_HTTPHEADER, $the_headers); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $response = curl_exec($ch); curl_close($ch); If you don't need any other headers, you can just use curl's COOKIE_FILE and COOKIE_JAR, both pointing to the same file on your server, which PHP must be able to read/write. curl will maintain all the cookies for you. If you *do* need other headers, then you need to do all this stuff you're doing to both maintain the cookies and get the headers, as, at least in my experience, you can't convince curl to both give you the headers and to use the COOKIE_JAR :-( -- Some people have a gift link here. Know what I want? I want you to buy a CD from some starving artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] hiding passwd in cmdlines that appear in the process list
Hi .! First of all . Pardon if my last mail was not undestable !! Then Richrad said that, the following is a cons of my solution : A simple debug statement to dump out all of ENV / $_GLOBALS will expose the password. So you have to ask yourself if you and all your employees and all the scripts you ever install, including any forums etc, are for sure never ever going to dump that password out in an attempt to debug something else. ... This is not triue because a shell vars declered on a shell is only exposed to its subshells, that means that only exec's and system functions calls into the php itself resive those vars declared into the php ! You can see this argument in the following code ?php error_reporting(E_ALL); echo OLD pre; system(env); echo /pre; putenv(DBNAME=sidf); putenv(DBUSER=p); putenv(DBPASSWD=p); echo NEW pre; system(env); echo /pre; ? and reloading these a couple of times.
Re: [PHP] several sites sharing the same script
http://php.net/include_path On Wed, November 29, 2006 5:48 pm, [EMAIL PROTECTED] wrote: Hello all, I am writing new php application which will be used by several sites. All sites will use same script (all files), but every will have its own config.php file. I would like to place all necessary files to separate directory and all sites should share them, so all sites will be updated. for e.x. structure will be: | - script directory |- site1.com dir config.php |- site2.com dir config.php |- site3.com dir config.php Does anyone have idea how to organize and share files? Thanks For Your Time ! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Some people have a gift link here. Know what I want? I want you to buy a CD from some starving artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Maybe an HTML prob?
On Wed, November 29, 2006 3:14 pm, Frank Reichenbacher, Bio-Concepts, Inc. wrote: Well, my code worked fine with that one simple change from = to == Well, that means you aren't using E_ALL, as there *IS* an E_NOTICE being issued for $_POST['Permission'] when you attempt to read it, as it's not there. http://php.net/error_reporting You will find a LOT of mistakes early on with E_ALL. Early Detection is important in coding, as well as in medicine. :-) -- Some people have a gift link here. Know what I want? I want you to buy a CD from some starving artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] magic_quotes
Richard Lynch schrieb: On Wed, November 29, 2006 11:55 pm, Johannes Lindenbaum wrote: But... magic_quotes. If my understanding is correct magic quotes will give ', and \ (for ASCII characters, e.g. \n) a preceding backslash to escape it. I also see that magic_quotes_gpc() is On by default. So all data in $_POST and $_GET etc. has escaping backslashes. Yes, but the problem is that *ALL* data in GET/POST has the escaping backslashes as if it were ASCII data, and it may *NOT* be ASCII data. It might be UTF-8. It might be UTF-16. It might be some charset you've never even heard of. And guess what? addslashes() on non-ASCII data, UTF-8 for example, is like a condom with a hole in it. If in a .htaccess I should set php_flag magic_quotes_gpc Off That would lead to $_POST data like Jingle's Bells to be passed as Jingle's Bells, not Jingle\'s Bells. Usually most of my $_POST data gets written into a MySQL table to which I perform addslashes(). Switch to: http://php.net/mysql_real_escape_string And on retrieval stripslashes(). No, no, and no. You do *NOT* use stripslashes() on the data coming OUT of MySQL. Unless you've already screwed up and done BOTH addslashes() and MagicQuotes, which in essence did addslashes() twice, so you added bogus data to your database. Jingle's Bells + [magic quotes] === Jingle\'s Bells + [addslashes] === Jingle\\\'s Bells Corrupt data in MySQL: Jingle\'s Bells The whole point of this escaping is to identify characters that MySQL should store as data, rather than interpret as non-data Jingle's Bells + [magic quotes *OR* addslashes *OR* mysql_real_escape_string] = Jingle\'s Bells == Correct data in MySQL: Jingle's Bells Once you've done that correctly, what MySQL actually stores is the data, not the escapes it needed to identify the data. So if you find yourself using stripslashes() on your MySQL data to get it right, then, in reality, you've already screwed up and stored non-data as data. So go back and fix your script to NOT double-escape the input, then fix your bad data in MySQL to NOT have non-data (\ escape character) as part of your data. This is going to be a major pain, I know, but you'll only make it worse the longer you put it off. It will be a whole lot easier if you can freeze the input routines to not take anything in between the time you fix those and when you fix the data within the database... If not, you'll want to note EXACTLY which rows have corrupted extra backslashes and which do not, so you can apply stripslashes() to only the corrupt data. If I keep on doing that - and just start coding with magic_quotes_gpc Off - my scripts shouldn't alter behaviour upon PHP 6 arrival, should they? You are correct that turning off magic_quotes_gpc is a good way to prepare for PHP 6. This has been rant #53, brought to you by the character \ :-) :-) :-) Thank you very much all of you - I know what I'm doing with my weekend. I think I was disillusioned by the fact that I had a couple Queries screw up because they were of the format (example): INSERT INTO table (text) VALUES( '.$_POST['data'].'); where $_POST['data'] was filled with something similar to Jingle's Bells (a single quote), thus screwing up the query, because it was trying to do VALUES( 'Jingle's Bells'); So by pure ignorance I just added addslashes infront of my queries. I've come a long way since then, and I'll probably just end up writing a smartQuoting function for my MySQL class that will use mysql_real_escape_string() on INSERTS so I have the correct data in my table. :) Thanks again! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Tidy HTML source?
On Thursday 30 November 2006 18:51, Paul Novitski wrote: At 11/30/2006 01:52 AM, Satyam wrote: And, stepping back, you're perpetuating the embedding of markup with logic so that it will still take a PHP programmer to modify the markup of one of your pages. Do you not see the advantage in separating the two layers? Yes, I do, and I would recommend using templates or similar tools to provide for separation of code and markup, but sometimes there are reasons not to do so, for example, web services. Please explain why you think web services promote mixing markup with logic. I didn't say it promotes but it does not require. In web services there is usually no presentation layer, there is no end user to see anything at all, then there is no need for a graphics designer separate from the application programmer. The application consuming that service might have to display the data, but the service does not. To reach clarity on this point, let's leave presentation out of it. I was referring to the separation of presentation from markup merely to suggest an analagous separation that many of us have accepted as being helpful to design, development, and maintenance. What I'm really curious about in this discussion is the separation of markup from logic. With respect to separating code and markup, you said sometimes there are reasons not to do so, for example, web services. What are some of those reasons? Cheers, Paul What about performance ? What about compexity ? Those SO nice seperated template system produces lots of mini TPL files. You have to include them... You have to parse them. Also you have to track and manage them. And I'm not sure those template system gives you freedom. Because you cannot change your site design with this tpl files. If you change them too much you have to change your php code. Plus if I remember correctly there was thing named CSS to change your site looks. After 10 years of html coding by hand and 6 years of php coding and from my uber biased point of view. That template engine thing was flawed. Look open source cms projects, check open sourced forums etc etc. Then tell me what is effective use of tpl files for message posting form or blog showing pages. Or someting like that... Oh yes I know lots of sites are using them, then what ? People still use windows... Is that makes Windows best operating system ? Maybe it useful. when your Designer does not know php and or your programmer does not know html/css. And my point of view. Using html tag ?php echo value ? ?php echo value ?/htmltag days are over... These days we have to deal lots of other programming things. handle heavy loads, do lots of security things etc etc... Of course you could do nice things for your liddle home page via old style php. I believe Satyam's idea was best. I try to implement his idea with my way function getTab($intTab=1) { $strTab = NULL; for($i=0;$i$intTab;$i++) { $strTab.= \t; } return $strTab; } function html($arrOpt) { $arrKeys = array_keys($arrOpt['attlist']); $intSize = sizeof($arrOpt['attlist']); $strAttlist = null; for($a=0;$a$intSize;$a++) { $strAttlist.= .$arrKeys[$a].='.$arrOpt['attlist'][$arrKeys[$a]].'; } return getTab($arrOpt['tab'])..$arrOpt['tag'[EMAIL PROTECTED] $arrOpt['end'].\n; } MY RECENT METHOD $strReturn.= html(array('tag'='table','attlist'=array('id'='uberTable','border'='0','cellpadding'='0','cellspacing'='1','width'='100%','class'='cUberTable'),'tab'=4,'end'=NULL)) .html(array('tag'='tr','attlist'=array('class'='cUberTableTR'),'tab'=5,'end'=NULL)) .html(array('tag'='td','attlist'=array('align'='center','valign'='top','class'='cUberTableTD'),'tab'=6,'end'=NULL)) .Test Message\n .html(array('tag'='/td','tab'=6,'end'=NULL)) .html(array('tag'='/tr','tab'=5,'end'=NULL)) .html(array('tag'='/table','tab'=4,'end'=NULL)); TPL METHOD uber.tpl table id='uberTable' border='0' cellpadding='0' cellspacing='1' width='100%' class='cUberTable' tr class='cUberTableTR' td align='center' valign='top' class='cUberTableTD' |MESSAGE| /td /tr /table Code $TPL = new TplClass; $TPL- SetTplPath('tpl/meta.tpl',__FILE__,__LINE__); $TPL- ReadTpl(); $TPL - Assign('|MESSAGE| ,'Test Message',__FILE__, __LINE__); $TPL - Showtpl(); SATYAM WAY table border '0' colspan '0' cellpadding '1' width '100%' class 'uberTable'; { tr { td align 'right' valign 'top'; { ? Test message ; } } } (and his curret implementation need pre-compiler) Those Codes produces html like this
Re: [PHP] hiding passwd in cmdlines that appear in the process list
Richard Lynch wrote: On Thu, November 30, 2006 9:59 am, Edwin Barrios wrote: I don't know if my solution is better or not. but in one of my programs i had to make a backup online then my solution was to use shell vars to put important information like db_password . When we use putenv function those var only exists on the current shell and on its subshells. In your case the following code : ?php putenv(DBNAME=.DB_NAME); putenv(DBUSER=.DB_USER); putenv(DBPASSWD=.DB_PASSWD); system('mysql -h localhost --user=$DBUSER --password=$DBPASSWD -D $DBNAME /my/import/script.sql 21'); ? This solution, as most good ones, has pros and cons: Pro: Does keep the password from being exposed in the normal course of operations. Con: A simple debug statement to dump out all of ENV / $_GLOBALS will expose the password. So you have to ask yourself if you and all your employees and all the scripts you ever install, including any forums etc, are for sure never ever going to dump that password out in an attempt to debug something else. the script can only be run by root with the php cli, and all the relevant files are only readable by root. so I think it would be fairly safe. For a solo developer or even a small team, with all custom hand-coded stuff, this is pretty easy. But once your application blows up and you have a larger team, or you start caving in to client demands to install badly-written forums/carts/blogware, you are open to a potential security hole which: has two seemingly unrelated contributing causes the two causes can be years apart in time both are simple straight-forward obvious Right Things to do So you have to weigh carefully the Risks, and DOCUMENT what you did and DOCUMENT what *not* to do in the future to expose this sensitive data. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Webbased Visual DOM Training Tool
Richard Lynch wrote: On Thu, November 30, 2006 6:56 am, Bernhard Zwischenbrugger wrote: I made a web based visual Document Object Model (DOM) Training Tool for my students: http://test.datenkueche.com (you need Firefox !!!) I found it annoying that I couldn't break out of demo1 by clicking on demo2 demo1 demo2 demo3 should probably change cursor or something to appear more clickable I didn't really understand what I was looking at, or why I'd want it or what I was supposed to learn from it... It looked very slick, but had an awful lot of repition of filling in some DOM field and clicking do it. I don't really need to see that more than a couple times to know I can fill in those fields and click do it. What I *do* need to know is what they heck to put in those boxes... bodylist listbody bodyList listBody I have no idea which of the above 4, if any, is the right thing to put in the box, and doubt that I'd figure it out any time soon... There are also some special training files. The time you need to finish an exercise will be stored in a hi score list. I'm not sure I even figured out how to START an exercise, much less finish it... Maybe I'm just the village idiot, but I needed a bit more instruction on what the heck I was supposed to be doing... Or maybe that's covered in a classroom somewhere. It was definitely very slick though, whatever it was. my thoughts exactly. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] magic_quotes
Johannes Lindenbaum wrote: Just a question out of pure curiosity. Why would one prefer using mysql_real_escape_string (I'm using 5.1.6 so mysql_escape_string is deprecated). and htmlentities instead of addslashes and stripslashes? This example might be helpful: http://shiflett.org/archive/184 It highlights the importance of character encoding consistency by demonstrating an SQL injection attack that is immune to addslashes() but not mysql_real_escape_string(). Hope that helps. Chris -- Chris Shiflett http://shiflett.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] problem with register globals on new server
hi, I had to move my osComerce store to new hosting company. new server runs on php5/mysql5. got this error: FATAL ERROR: register_globals is disabled in php.ini, please enable it! since evenon old server globals was Off I was adding ifModule mod_php4.c php_value register_globals 1 /ifModule Now, I tried with ifModule mod_php5.c php_value register_globals On /ifModule but it doesn't work. any help will be appreciated. thanks -afan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Preg_match - Find URL and convert to lower case
I have some text that comes out of a database all in uppercase (old IBM Mainframe that only supports uppercase characters). Occasionally there are web addresses in this text and so I am trying to find them, convert them to a link, and convert them all to all lower case. Yes, I know that will not work for all links. However, it will work for about 90% of the links I have (vs. about 10% of them now). So anyway, here is my first stab at this, but it only finds the link and converts the first part to lowercase and converts it to a link. Is there anyway to convert the output to all lowercase by doing something like this? Or is there a better way? $pattern = /WWW.(.*?) /i; $replace = a href=\http://www.\\1\;http://www.\\1/a; $section_notes = preg_replace($pattern,$replace,$section_notes); -- Kevin Murphy Webmaster: Information and Marketing Services Western Nevada Community College www.wncc.edu 775-445-3326
Re: [PHP] Preg_match - Find URL and convert to lower case
Why not use strtolower on the string after the replacements have been made? -- http://www.web-buddha.co.uk
Re: [PHP] Preg_match - Find URL and convert to lower case
Well the problem would be then that the entire string would be lower case, and I only can have the link as lower case. Is there a way to apply strtolower into the preg_match? -- Kevin Murphy Webmaster: Information and Marketing Services Western Nevada Community College www.wncc.edu 775-445-3326 On Nov 30, 2006, at 2:26 PM, Dave Goodchild wrote: Why not use strtolower on the string after the replacements have been made? -- http://www.web-buddha.co.uk
Re: [PHP] Webbased Visual DOM Training Tool
Hi http://test.datenkueche.com (you need Firefox !!!) I found it annoying that I couldn't break out of demo1 by clicking on demo2 I have so many setTimout in javascript... but good point, I will change that. Reload the page can be a workaround for now. demo1 demo2 demo3 should probably change cursor or something to appear more clickable done. I didn't really understand what I was looking at, or why I'd want it or what I was supposed to learn from it... It's for learning DOM. There are the same commands in Javascript and PHP (diffent syntax . instand of -). It's very usefull for AJAX, Webservices,... To start, here is a simple example: http://www.khtml.org/guestbook/ http://www.khtml.org/guestbook/index.phps (a guestbook) It looked very slick, but had an awful lot of repition of filling in some DOM field and clicking do it. That's DOM. There are only low level functions. The good thing is, that you can do really a lot if you know about 10 DOM Methods. And the methods are the same in Javascript !!! I don't really need to see that more than a couple times to know I can fill in those fields and click do it. What I *do* need to know is what they heck to put in those boxes... bodylist listbody bodyList listBody I have no idea which of the above 4, if any, is the right thing to put in the box, and doubt that I'd figure it out any time soon... bodylist, body, divElement,... are variable names. You can fill in what you want. The variables are Objects. If you click on a variable (on the right side) the object will be highlighted in the Tree. body and div are tagNames - the names of HTML Elements. Everything with a $ is a variable. There are also some special training files. The time you need to finish an exercise will be stored in a hi score list. I'm not sure I even figured out how to START an exercise, much less finish it... choose guestbook2, guestbook3 Maybe I'm just the village idiot, but I needed a bit more instruction on what the heck I was supposed to be doing... Or maybe that's covered in a classroom somewhere. If you never did something with DOM, this tool is not really useable without more instructions. Maybe I will add a documentation. At the moment the starting point for learning is: http://www.php.net/dom The first thing you need to know is what an element, attribute and textNode is. Simple_xml maybe is a little bit simpler then DOM, but DOM you can also use in Javascript, Java, Python, Perl,... for HTML, SVG, MathML,... Together with XSLT it is really powerfull. It was definitely very slick though, whatever it was. Thank you. And thank you for testing and your comment!!! Bernhard -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: SOLVED: [PHP] Preg_match - Find URL and convert to lower case
$section_notes = preg_replace('/WWW.(.*?) /e', 'a href=\http:// www. . strtolower($1) . \ target=\_blank\http://www.; . strtolower($1) . /a', $section_notes); For some reason I can't get it to work if I decare those items as variables. They have to be inside the preg_replace as written. But, it works now. Thanks for the help. -- Kevin Murphy Webmaster: Information and Marketing Services Western Nevada Community College www.wncc.edu 775-445-3326 On Nov 30, 2006, at 3:04 PM, Kevin Murphy wrote: Well the problem would be then that the entire string would be lower case, and I only can have the link as lower case. Is there a way to apply strtolower into the preg_match? -- Kevin Murphy Webmaster: Information and Marketing Services Western Nevada Community College www.wncc.edu 775-445-3326 On Nov 30, 2006, at 2:26 PM, Dave Goodchild wrote: Why not use strtolower on the string after the replacements have been made? -- http://www.web-buddha.co.uk
Re: [PHP] Tidy HTML source?
On Thursday 30 November 2006 18:51, Paul Novitski wrote: With respect to separating code and markup, you said sometimes there are reasons not to do so, for example, web services. What are some of those reasons? At 11/30/2006 10:57 AM, Sancar Saran wrote: What about performance ? Web services tend to be quite small applications, but even for larger ones I've never found performance to be an issue. Servers are fast and built for this kind of work: opening and reading files, running software. They have fast chips and big RAM. Regardless of which technique you use, you're going to utilize server resources and get your results in however many milliseconds. A templating system requires the processor to merge content with template. An inline markup assembly system requires the processor to build the markup from function calls. Where is the technique that doesn't take machine cycles? What about compexity ? I separate logic from markup in order to reduce complexity. I find both PHP logic and HTML markup easier to write, read, proofread, and modify when they're separate from one another (I use the word 'clean'). Those SO nice seperated template system produces lots of mini TPL files. I'm not talking about those template systems, whichever ones you're referring to, I'm talking about programming style and practice. I don't use any templating system you've ever seen. I roll my own code. I can make my templates as few or many as the project deserves. You only need to produce as many template files as you need and want. Separation of markup from logic doesn't necessarily mean separate files: when I'm doing somethign quick dirty I'll include the markup in the PHP file as a heredoc. What's most helpful to me is to remove the markup tags and attributes from the PHP logic structures as much as possible. I haven't seen any templating system out there in the world that I like, mostly because they mix the markup logic too much for my taste or because they don't let me design the markup precisely the way I want. You have to include them... Includes are easy. Actually I usually use file_get_contents() in a function that selects accompanying CSS template files programmatically. You have to parse them. Not necessarily. But if you do need to parse them, you need to write the parsing engine only once. Also you have to track and manage them. Yes, as you must manage all the files that make up a project. Adding a few more isn't a burden, especially if they bring clarity and efficiency to the work. And I'm not sure those template system gives you freedom. Because you cannot change your site design with this tpl files. If you change them too much you have to change your php code. I beg to differ: you *can* change your site design if you're using templates. That's part of the purpose of layer separation and templating in the first place, to enable markup changes without necessarily requiring software changes. You're free to change the template and/or change the stylesheet and/or change the data source according to your needs. Although we talk of separating logic from markup from presentation, these are not absolutely clean separations -- each component must have hooks in the others, otherwise there's no basis for a merge! Therefore if you change one component greatly enough, at least one other component must change as well. This is true of HTML and CSS, it's true of HTML and JavaScript, it's true of HTML and PHP. It's true of any interactive components in any system. It's true of PHP itself -- if you change a function's arguments or return type or a class's methods, you'll have to change the parts of your code that call that function or invoke that class. That's just the way it is. I'm sure you wouldn't argue that we write our software as one long mainline stream just to avoid includes and function calls. But it sounds as though you're suggesting that logic markup should be combined in the same statements simply because you don't want to have to change more than one component. Really good website designs can make modification less onerous. Layer separation is one of those techniques. Fortunately there are many ways to accomplish similar goals. I'm not claiming that my own programming preferences are the best, only that they work the best for me. It's good that we take different paths -- that's how evolution happens. What I'm asking for are the rationales so I can see if Satyam's methodology could work for me. I agree that his pre-processed PHP looks very clean. If I thought markup should be constructed incrementally with program logic I'd be tempted to use it. ... And my point of view. Using html tag ?php echo value ? ?php echo value ?/htmltag days are over... I agree completely! I hate that messy crap that results from mixing markup with PHP. Sancar, you seem to have had some very
[PHP] EZ array problem - What's wrong with my brain?
var_dump() gives me this: array(1) { [1.2]= array(2) { [code]= array(1) { [0]= string(3) 111 } [status]= array(1) { [0]= string(3) new } } } I'm trying to set a variable to that 1.2. Shouldn't I be able to get it with $var = $arr[0][0]? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] [PHP 4.4.5 / Apache 2.2.3] Abrupt and unrepeatable Segmentation fault (11)
Jan Schröter wrote: Hi all! I'm having trouble with my server(s) for some weeks now and did not find any solution for now. My System is Opensuse 10.1 (32 bit) with Apache 2.2.3 and PHP 4.4.5-dev as apache module (latest stable CVS, but wasn't the solution). Im having abrupt segmentation faults in my Apache errorlog. Most frequently the problem seems to appear while accessing the start page of an actual Joomla installation, but i've had the error with an Worpress too. So it cannot be isolated to some php Scripts. Sadly i am not able to reproduce this error - when it appears it will not go until an apache restart, but then everything works fine for some time (maybe hours or even days). Here is a gdb backtrace of the request which died with a segmentation fault. Hopefully someon can help me with this. If you need any further details, tell me, and please also tell me how to obtain this information ;-). If nobody provides information then try the -internals list, they'll probably be able to help a bit more. -- Postgresql php tutorials http://www.designmagick.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] problem with register globals on new server
[EMAIL PROTECTED] wrote: hi, I had to move my osComerce store to new hosting company. new server runs on php5/mysql5. got this error: FATAL ERROR: register_globals is disabled in php.ini, please enable it! since evenon old server globals was Off I was adding ifModule mod_php4.c php_value register_globals 1 /ifModule Now, I tried with ifModule mod_php5.c php_value register_globals On /ifModule but it doesn't work. Maybe your host doesn't allow it to be changed through a htaccess.. Is htaccess support enabled? Put garbage in the file (random chars) and if you get a 500 internal server error, htaccess files work.. if you don't, that's the problem. Also I think apache is case sensitive: IfModule mod_php5.c ^ (not 100% sure but worth a try). -- Postgresql php tutorials http://www.designmagick.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Preg_match - Find URL and convert to lower case
On Thu, 30 Nov 2006 14:16:16 -0800, Kevin Murphy wrote: I have some text that comes out of a database all in uppercase (old IBM Mainframe that only supports uppercase characters). I see via other followups that you have your kludge working. *But* , What do you mean by old IBM Mainframe that only supports uppercase characters? The EBCDIC codes X'81' X'89' (a-i), X'91' X'99' (j-r), and X'A2' X'A9' (s-z) have been defined and used since probably before you were born. I have in front of me my first IBM Green Card (IBM System/360 Reference Data, GX20-1703-3) from 1966 which debunks that urban legend. If the data in the mainframe database is all upper case, it was sloppy programming or sloppy design that got it there. If it _is_ stored in the mainframe database in proper UC/lc form, then it is probably a sloppy extraction procedure that is to blame for your input. Jonesy -- Marvin L Jones| jonz | W3DHJ | linux 38.24N 104.55W | @ config.com | Jonesy | OS/2 *** Killfiling google posts: http//jonz.net/ng.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php