php-general Digest 3 Dec 2006 15:58:36 -0000 Issue 4494
php-general Digest 3 Dec 2006 15:58:36 - Issue 4494 Topics (messages 245460 through 245465): Re: alternative method 245460 by: Richard Lynch Re: security and .htaccess 245461 by: Richard Lynch 245465 by: tedd Error in php doc? 245462 by: MS P 245463 by: Roman Neuhauser Re: problem with register globals on new server 245464 by: Tony Marston Administrivia: To subscribe to the digest, e-mail: [EMAIL PROTECTED] To unsubscribe from the digest, e-mail: [EMAIL PROTECTED] To post to the list, e-mail: php-general@lists.php.net -- ---BeginMessage--- The browser is not supposed to change that, unless you hard-link to http:// somewhere in your application. I don't guarantee no browser ever had a bug like that, but I never heard of such a bug. And there ain't no stopping a pesky user from taking the 's' out to see what happens... So you should be ready for that, and Do The Right Thing, whatever that might be for your application. On Sat, December 2, 2006 3:31 pm, Alain Roger wrote: Hi Richard, i already work on SSL also. basically, if $_SERVER['HTTPS'] is not setup to 'on', i redirect everything on the logon form window. I'm just scared about how SSL can be hold on between pages... for example : if on page index.php, SSL is activate. customer click on submit button and his redirected to main.php, i will redirect him with https:// in link, but does it keep SSL working ? will it not stop it for a while and restart it ? Alain On 12/2/06, Richard Lynch [EMAIL PROTECTED] wrote: On Sat, December 2, 2006 10:29 am, Alain Roger wrote: Based on phpsec.org documentation it is written (between lines) that GET and POST methods are still used but they are not the most secured (except if we take care for that). So, i would like to know which other methods are more secured that those 2. In addendum to Larry's post: You should also consider requiring SSL for any sensitive data, to protect it in its travels from their computer to your server. SSL is kind of like an armored truck on the information super-highway. It doesn't stop bank robbers (server hacks) or muggers (viruses on your users' computers), but the data is safe in transit between the two. -- Some people have a gift link here. Know what I want? I want you to buy a CD from some starving artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- Alain Windows XP SP2 PostgreSQL 8.1.4 Apache 2.0.58 PHP 5 -- Some people have a gift link here. Know what I want? I want you to buy a CD from some starving artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? ---End Message--- ---BeginMessage--- On Sat, December 2, 2006 3:35 pm, Alain Roger wrote: I'm working on .htaccess file for improving security. Based on documentation from PHPSEC.org, we should be able to store DB_USER login and DB_PASS password in some secret-stuff (for example) file, which should be located outside root of web document root. (for example in some /path_to_secret folder) I think .htaccess *is* the file being included... It might be possible to use Apache's . operator (I think it's . ) to suck in yet another file, outside the web root, so that a change to the rules about not serving up .ht* files would not matter to that file to be included... But you've strayed into the this is an Apache question realm pretty heavily... http://apache.org/ probably addresses this somewhere, one way or the other, if you dig enough. -- Some people have a gift link here. Know what I want? I want you to buy a CD from some starving artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? ---End Message--- ---BeginMessage--- At 10:35 PM +0100 12/2/06, Alain Roger wrote: I'm working on .htaccess file for improving security. Based on documentation from PHPSEC.org, we should be able to store DB_USER login and DB_PASS password in some secret-stuff (for example) file, which should be located outside root of web document root. (for example in some /path_to_secret folder) The path_to_secret folder thing -- I have a question about. I'm working with what a host provides me and I've seen paths that I can traverse/access and paths in a .htpacess file that I can't. For example, in one site I see a .htaccess file that contains: AuthUserFile /home/admin/public_html/_vit_pvt/service.pwd But, the _vit_pvt folder is not apparent. I can't get to it -- is this a host file that only they can access, or is there a secret handshake I need to get to it, or what? Thanks. tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com ---End Message--- ---BeginMessage--- Hi. There seems to be a minor error in the page http://www.php.net/manual/en/features.file-upload.php. In Example 38-2 Validating file uploads,
php-general Digest 4 Dec 2006 07:54:00 -0000 Issue 4495
php-general Digest 4 Dec 2006 07:54:00 - Issue 4495
Topics (messages 245466 through 245474):
Random pictures - not twice
245466 by: Gustav Wiberg
245467 by: tg-php.gryffyndevelopment.com
245468 by: Gustav Wiberg
Re: problem with register globals on new server
245469 by: Richard Lynch
Re: Error in php doc?
245470 by: Richard Lynch
Re: security and .htaccess
245471 by: Richard Lynch
245472 by: Anas Mughal
245473 by: Frank Reichenbacher
Help me about audio stream...
245474 by: Le Phuoc Canh
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
php-general@lists.php.net
--
---BeginMessage---
Hi there!
I have created a script the generates random pictures...
?php
//Random pictures
//
$pictures[0] = bil1.gif;
$pictures[1] = bil2.gif;
$pictures[2] = bil3.gif;
$pictures[3] = bil4.gif;
for ($i=0;$i3;$i++) {
$r = rand(0,3);
?
pnbsp;nbsp;img src=?php echo $pictures[$r];?/p
?php
}
?
With this above script the same picture can be shown twice. Is there any
smart way of avoiding this without having to rely on cookies/sessionids?
Best regards
/Gustav Wiberg
Stammis Internet - http://www.stammis.com/ - pedigrees on the net
---End Message---
---BeginMessage---
Without using cookies or session information, you're going to go through your
picture list faster depending on how many users are accessing the random pic
page. If you don't make it user-specific, then it doesn't really matter if you
go through the images sequentially.. it may appear random on the user end
because other users are going to be grabbing sequential pics as well.
If you want to stir the waters a bit, you could run them sequentially but
randomize the sequence. This is what some music playlist programs do when you
randomize a playlist. Instead of pulling a random song from the list and
risking playing the same song back to back, it just shuffles the playlist and
plays it sequentially. When you get to the end of your randomized list, you
can re-shuffle it and start over. This gives some semblance of randomness.
If you want to make sure each image gets its fair amount of time in the
spotlight, you could keep track of how many times each image has been
displayed. Having a database table with a list of all the image names and
their 'served' count would let you weight your list a bit to give preference to
the images that havn't been displayed that often.
And if you want to give each user the total package, you can keep track of how
many times each image was served to a specific user and weight your shuffling
that way.
I'm sure there are other ways, but there are just a few that may be viable for
you, depending on the level of randomness per user you need.
Let us know what solution you come up with. I'm sure others have had similar
questions and just havn't asked.
-TG
= = = Original message = = =
Hi there!
I have created a script the generates random pictures...
?php
//Random pictures
//
$pictures[0] = bil1.gif;
$pictures[1] = bil2.gif;
$pictures[2] = bil3.gif;
$pictures[3] = bil4.gif;
for ($i=0;$i3;$i++)
$r = rand(0,3);
?
pnbsp;nbsp;img src=?php echo $pictures[$r];?/p
?php
?
With this above script the same picture can be shown twice. Is there any
smart way of avoiding this without having to rely on cookies/sessionids?
Best regards
/Gustav Wiberg
Stammis Internet - http://www.stammis.com/ - pedigrees on the net
___
Sent by ePrompter, the premier email notification software.
Free download at http://www.ePrompter.com.
---End Message---
---BeginMessage---
- Original Message -
From: [EMAIL PROTECTED]
To: php-general@lists.php.net
Cc: [EMAIL PROTECTED]
Sent: Sunday, December 03, 2006 11:52 PM
Subject: Re: [PHP] Random pictures - not twice
Without using cookies or session information, you're going to go through
your picture list faster depending on how many users are accessing the
random pic page. If you don't make it user-specific, then it doesn't
really matter if you go through the images sequentially.. it may appear
random on the user end because other users are going to be grabbing
sequential pics as well.
If you want to stir the waters a bit, you could run them sequentially but
randomize the sequence. This is what some music playlist programs do when
you randomize a playlist. Instead of pulling a random song from the list
and risking playing the same song back to back, it just shuffles the
playlist and plays it sequentially. When you get to the end of your
randomized list, you can re-shuffle it and start over. This gives some
semblance of randomness.
If you want to make sure each image gets its fair amount of time in the
spotlight, you
[PHP] Error in php doc?
Hi. There seems to be a minor error in the page http://www.php.net/manual/en/features.file-upload.php. In Example 38-2 Validating file uploads, there is a line: $uploadfile = $uploaddir . basename($_FILES['userfile']['name']); It looks like basename() is not required there. Because i found that when i upload a file using IE6 (IE6 includes the whole path to the uploaded file, see http://jakarta.apache.org/commons/fileupload/faq.html#whole-path-from-IE), the value of $_FILES['userfile']['name'] is a file name but not a path. It looks like php has taken the file name from the path automatically. (I am using php 5.2.0 and win2k.) Can someone check if i am correct? Thanks. _ Learn English via Shopping Game, FREE! http://www.linguaphonenet.com/BannerTrack.asp?EMSCode=MSN06-03ETFJ-0211E -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Error in php doc?
# [EMAIL PROTECTED] / 2006-12-03 18:39:41 +0800: Hi. There seems to be a minor error in the page http://www.php.net/manual/en/features.file-upload.php. In Example 38-2 Validating file uploads, there is a line: $uploadfile = $uploaddir . basename($_FILES['userfile']['name']); It looks like basename() is not required there. Because i found that when i upload a file using IE6 (IE6 includes the whole path to the uploaded file, see http://jakarta.apache.org/commons/fileupload/faq.html#whole-path-from-IE), the value of $_FILES['userfile']['name'] is a file name but not a path. It looks like php has taken the file name from the path automatically. (I am using php 5.2.0 and win2k.) Can someone check if i am correct? Thanks. That basename() call costs virtually nothing and protects you against a bug in PHP and whatnot. Leave it there. -- How many Vietnam vets does it take to screw in a light bulb? You don't know, man. You don't KNOW. Cause you weren't THERE. http://bash.org/?255991 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] problem with register globals on new server
Richard Lynch [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] On Sat, December 2, 2006 5:31 am, Tony Marston wrote: If you site administrator thinks that using an htaccess file is a security issue then he is very much mistaken. The directives in an htaccess file DO NOT enable you to access any one else's data on a shared server. All they do is apply additional settings to your own site while leaving UNTOUCHED the settings being used by other sites. Most professional web hosting companies do not have an issue with htaccess files, so if yours does I would suggest switching to one with a more professional attuitude. I think it is quite possible for a sysAdmin to configure AllowOverride and .htaccess in such a way that too much latitude is granted to their clients to access each others' data... I disagree. What directives can give you access to other people's data? And there is alleged to be a significant performance loss to .htaccess, so a hurried sysAdmin may have over-simplified their decision process... Alleged is the word. Where are the figures to support this? While there is some performance loss, with the speed of today;'s PCs can this really be considered as significant? At any rate, if you need .htaccess, and they don't want to provide it, there are a few thousand webhosts that do. Exactly. So it canno be that much of a problem. I certainly wouldn't sign up with a host that didn't provide it, and would move to one that did ASAP if I found myself using one that didn't provide that. I agree absolutely. -- Tony Marston http://www.tonymarston.net http://www.radicore.org -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] security and .htaccess
At 10:35 PM +0100 12/2/06, Alain Roger wrote: I'm working on .htaccess file for improving security. Based on documentation from PHPSEC.org, we should be able to store DB_USER login and DB_PASS password in some secret-stuff (for example) file, which should be located outside root of web document root. (for example in some /path_to_secret folder) The path_to_secret folder thing -- I have a question about. I'm working with what a host provides me and I've seen paths that I can traverse/access and paths in a .htpacess file that I can't. For example, in one site I see a .htaccess file that contains: AuthUserFile /home/admin/public_html/_vit_pvt/service.pwd But, the _vit_pvt folder is not apparent. I can't get to it -- is this a host file that only they can access, or is there a secret handshake I need to get to it, or what? Thanks. tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Random pictures - not twice
Hi there!
I have created a script the generates random pictures...
?php
//Random pictures
//
$pictures[0] = bil1.gif;
$pictures[1] = bil2.gif;
$pictures[2] = bil3.gif;
$pictures[3] = bil4.gif;
for ($i=0;$i3;$i++) {
$r = rand(0,3);
?
pnbsp;nbsp;img src=?php echo $pictures[$r];?/p
?php
}
?
With this above script the same picture can be shown twice. Is there any
smart way of avoiding this without having to rely on cookies/sessionids?
Best regards
/Gustav Wiberg
Stammis Internet - http://www.stammis.com/ - pedigrees on the net
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Random pictures - not twice
Without using cookies or session information, you're going to go through your picture list faster depending on how many users are accessing the random pic page. If you don't make it user-specific, then it doesn't really matter if you go through the images sequentially.. it may appear random on the user end because other users are going to be grabbing sequential pics as well. If you want to stir the waters a bit, you could run them sequentially but randomize the sequence. This is what some music playlist programs do when you randomize a playlist. Instead of pulling a random song from the list and risking playing the same song back to back, it just shuffles the playlist and plays it sequentially. When you get to the end of your randomized list, you can re-shuffle it and start over. This gives some semblance of randomness. If you want to make sure each image gets its fair amount of time in the spotlight, you could keep track of how many times each image has been displayed. Having a database table with a list of all the image names and their 'served' count would let you weight your list a bit to give preference to the images that havn't been displayed that often. And if you want to give each user the total package, you can keep track of how many times each image was served to a specific user and weight your shuffling that way. I'm sure there are other ways, but there are just a few that may be viable for you, depending on the level of randomness per user you need. Let us know what solution you come up with. I'm sure others have had similar questions and just havn't asked. -TG = = = Original message = = = Hi there! I have created a script the generates random pictures... ?php //Random pictures // $pictures[0] = bil1.gif; $pictures[1] = bil2.gif; $pictures[2] = bil3.gif; $pictures[3] = bil4.gif; for ($i=0;$i3;$i++) $r = rand(0,3); ? pnbsp;nbsp;img src=?php echo $pictures[$r];?/p ?php ? With this above script the same picture can be shown twice. Is there any smart way of avoiding this without having to rely on cookies/sessionids? Best regards /Gustav Wiberg Stammis Internet - http://www.stammis.com/ - pedigrees on the net ___ Sent by ePrompter, the premier email notification software. Free download at http://www.ePrompter.com. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Random pictures - not twice
- Original Message -
From: [EMAIL PROTECTED]
To: php-general@lists.php.net
Cc: [EMAIL PROTECTED]
Sent: Sunday, December 03, 2006 11:52 PM
Subject: Re: [PHP] Random pictures - not twice
Without using cookies or session information, you're going to go through
your picture list faster depending on how many users are accessing the
random pic page. If you don't make it user-specific, then it doesn't
really matter if you go through the images sequentially.. it may appear
random on the user end because other users are going to be grabbing
sequential pics as well.
If you want to stir the waters a bit, you could run them sequentially but
randomize the sequence. This is what some music playlist programs do when
you randomize a playlist. Instead of pulling a random song from the list
and risking playing the same song back to back, it just shuffles the
playlist and plays it sequentially. When you get to the end of your
randomized list, you can re-shuffle it and start over. This gives some
semblance of randomness.
If you want to make sure each image gets its fair amount of time in the
spotlight, you could keep track of how many times each image has been
displayed. Having a database table with a list of all the image names and
their 'served' count would let you weight your list a bit to give
preference to the images that havn't been displayed that often.
And if you want to give each user the total package, you can keep track of
how many times each image was served to a specific user and weight your
shuffling that way.
I'm sure there are other ways, but there are just a few that may be viable
for you, depending on the level of randomness per user you need.
Let us know what solution you come up with. I'm sure others have had
similar questions and just havn't asked.
-TG
= = = Original message = = =
Hi there!
I have created a script the generates random pictures...
?php
//Random pictures
//
$pictures[0] = bil1.gif;
$pictures[1] = bil2.gif;
$pictures[2] = bil3.gif;
$pictures[3] = bil4.gif;
for ($i=0;$i3;$i++)
$r = rand(0,3);
?
pnbsp;nbsp;img src=?php echo $pictures[$r];?/p
?php
?
With this above script the same picture can be shown twice. Is there any
smart way of avoiding this without having to rely on cookies/sessionids?
Best regards
/Gustav Wiberg
Stammis Internet - http://www.stammis.com/ - pedigrees on the net
___
Sent by ePrompter, the premier email notification software.
Free download at http://www.ePrompter.com.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Hi again!
I've solved it with array_rand. It wasn't that hard at all, just had to know
which function to use! :-)
code:
?php
//Random pictures
//
$pictures[0] = bil1.gif;
$pictures[1] = bil2.gif;
$pictures[2] = bil3.gif;
$pictures[3] = bil4.gif;
$randomNr = array_rand($pictures, count($pictures));
$occurences = 3;
for ($i=0;$i$occurences;$i++) {
?
img src=?php echo $pictures[$randomNr[$i]];?
?php
}
?
Best regards
/Gustav Wiberg
Stammis Internet - http://www.stammis.com/ - pedigrees on the net
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] problem with register globals on new server
On Sun, December 3, 2006 5:22 am, Tony Marston wrote: Richard Lynch [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] On Sat, December 2, 2006 5:31 am, Tony Marston wrote: I think it is quite possible for a sysAdmin to configure AllowOverride and .htaccess in such a way that too much latitude is granted to their clients to access each others' data... I disagree. What directives can give you access to other people's data? I believe I once managed to track down a bit of data using FollowSymlink for a client that wasn't available otherwise. In our case, it was data they actually had a legal/moral right to see, but technical snafus were in the way. Presumably all the other combinations of AllowOverride are not there just for the sheer fun of complexity by the Apache team. I'm betting that at least some of them have security trade-offs in mind, and are not just about random features nor performance. And there is alleged to be a significant performance loss to .htaccess, so a hurried sysAdmin may have over-simplified their decision process... Alleged is the word. Where are the figures to support this? While there is some performance loss, with the speed of today;'s PCs can this really be considered as significant? I don't have benchmarks. Do you? -- Some people have a gift link here. Know what I want? I want you to buy a CD from some starving artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Error in php doc?
On Sun, December 3, 2006 4:39 am, MS P wrote: Hi. There seems to be a minor error in the page http://www.php.net/manual/en/features.file-upload.php. In Example 38-2 Validating file uploads, there is a line: $uploadfile = $uploaddir . basename($_FILES['userfile']['name']); It looks like basename() is not required there. Because i found that when i upload a file using IE6 (IE6 includes the whole path to the uploaded file, see http://jakarta.apache.org/commons/fileupload/faq.html#whole-path-from-IE), the value of $_FILES['userfile']['name'] is a file name but not a path. It looks like php has taken the file name from the path automatically. (I am using php 5.2.0 and win2k.) Can someone check if i am correct? Thanks. There are probably other reasons to keep that there... For starters, IE is not the only browser, much less the only User Agent. In particular, I would presume somebody out there has crafted an evil uploader that sends paths like, oh, ../../../../../../etc/passwd as the 'name' of the upload. If you are silly enough to blindly use that and overwrite your passwd file, well, there ya go. The 'name' field should not be trusted. It comes from tbe user, and anybody who can count past 10 with their shoes on could spoof it to any value they like, including malicious values. Plus, unless you check every single minor release version of PHP, you can't be sure it ALWAYS stripped the path out. -- Some people have a gift link here. Know what I want? I want you to buy a CD from some starving artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] security and .htaccess
On Sun, December 3, 2006 9:57 am, tedd wrote: At 10:35 PM +0100 12/2/06, Alain Roger wrote: I'm working on .htaccess file for improving security. Based on documentation from PHPSEC.org, we should be able to store DB_USER login and DB_PASS password in some secret-stuff (for example) file, which should be located outside root of web document root. (for example in some /path_to_secret folder) The path_to_secret folder thing -- I have a question about. I'm working with what a host provides me and I've seen paths that I can traverse/access and paths in a .htpacess file that I can't. For example, in one site I see a .htaccess file that contains: AuthUserFile /home/admin/public_html/_vit_pvt/service.pwd But, the _vit_pvt folder is not apparent. I can't get to it -- is this a host file that only they can access, or is there a secret handshake I need to get to it, or what? That's a bull-crap made-up directory reference that FrontPage or something of that ilk added because everybody uses FrontPage, and everybody uses their lame-brained security layout of weird directory names. Replace it with a real AuthUserFile reference. :-) -- Some people have a gift link here. Know what I want? I want you to buy a CD from some starving artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] security and .htaccess
Sample .htaccess file that uses an authentication file: Options -Indexes AuthName Photo Access AuthType Basic AuthUserFile /home/me/BasicAuth/photo_users.txt require valid-user Hope this helps. -- Anas Mughal On 12/3/06, Richard Lynch [EMAIL PROTECTED] wrote: On Sun, December 3, 2006 9:57 am, tedd wrote: At 10:35 PM +0100 12/2/06, Alain Roger wrote: I'm working on .htaccess file for improving security. Based on documentation from PHPSEC.org, we should be able to store DB_USER login and DB_PASS password in some secret-stuff (for example) file, which should be located outside root of web document root. (for example in some /path_to_secret folder) The path_to_secret folder thing -- I have a question about. I'm working with what a host provides me and I've seen paths that I can traverse/access and paths in a .htpacess file that I can't. For example, in one site I see a .htaccess file that contains: AuthUserFile /home/admin/public_html/_vit_pvt/service.pwd But, the _vit_pvt folder is not apparent. I can't get to it -- is this a host file that only they can access, or is there a secret handshake I need to get to it, or what? That's a bull-crap made-up directory reference that FrontPage or something of that ilk added because everybody uses FrontPage, and everybody uses their lame-brained security layout of weird directory names. Replace it with a real AuthUserFile reference. :-) -- Some people have a gift link here. Know what I want? I want you to buy a CD from some starving artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Anas Mughal
RE: [PHP] security and .htaccess
That is the MS FrontPage auth system. Directories beginning with _ underscores cannot be viewed in your browser. Unless you want to dump FrontPage, you do not want to be messing with this setup. If you can't view these directories in FrontPage, it's because you do not have the website set to show hidden files. ToolsSite Settings. Frank -Original Message- From: tedd [mailto:[EMAIL PROTECTED] Sent: Sunday, December 03, 2006 08:57 To: PHP General List Subject: Re: [PHP] security and .htaccess At 10:35 PM +0100 12/2/06, Alain Roger wrote: I'm working on .htaccess file for improving security. Based on documentation from PHPSEC.org, we should be able to store DB_USER login and DB_PASS password in some secret-stuff (for example) file, which should be located outside root of web document root. (for example in some /path_to_secret folder) The path_to_secret folder thing -- I have a question about. I'm working with what a host provides me and I've seen paths that I can traverse/access and paths in a .htpacess file that I can't. For example, in one site I see a .htaccess file that contains: AuthUserFile /home/admin/public_html/_vit_pvt/service.pwd But, the _vit_pvt folder is not apparent. I can't get to it -- is this a host file that only they can access, or is there a secret handshake I need to get to it, or what? Thanks. tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Help me about audio stream...
Dears, I want to make a web app about music online. But i don't know how to use streaming in PHP to load a music file for playing. Please help me for the best direction. Thanks alot and best regard.
