php-general Digest 15 Feb 2007 14:52:35 -0000 Issue 4627
php-general Digest 15 Feb 2007 14:52:35 - Issue 4627
Topics (messages 248896 through 248903):
Password and FTP Folder
248896 by: Helder Lopes
248901 by: Brad Fuller
Re: Extending DOMNode
248897 by: Rob Richards
remote fopen not working, despite allow_url_fopen = on
248898 by: alex handle
248899 by: Aras
248900 by: alex handle
248902 by: Aras
248903 by: cajbecu
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
php-general@lists.php.net
--
---BeginMessage---
Hi people
hi have a problem
i need a script for make a ftp folder that have a password for enter
Have anyway to do this??
/mrpostiga
---End Message---
---BeginMessage---
-Original Message-
From: Helder Lopes [mailto:[EMAIL PROTECTED]
Sent: Thursday, February 15, 2007 5:32 AM
To: php-general@lists.php.net
Subject: [PHP]Password and FTP Folder
Hi people
hi have a problem
i need a script for make a ftp folder that have a password for enter
Have anyway to do this??
/mrpostiga
you can upload .htaccess and .htpasswd files via FTP and password protect
it. If you do a search for password protect htaccess you should find a lot
of tutorials on how to create the .htaccess file and generate user/password
combinations for the .htpasswd file.
---End Message---
---BeginMessage---
Eli wrote:
?php
class MyDOMNode extends DOMNode {
public $v = 10;
function __construct() {}
}
$dom = new DOMDocument();
$dom-registerNodeClass('DOMNode','MyDOMNode');
$dom-loadXML('roota//root');
echo $dom-firstChild-v; #-- not outputs 10
?
But I get the notice:
PHP Notice: Undefined property: DOMElement::$v in ...
I want the extension to be valid for all DOM nodes that are derived from
DOMNode, such as DOMElement, DOMAttr, DOMNodeList, DOMText, etc...
I try not to extend all the classes one by one.
Due to the internals of the DOM extension, you need to register the
class types that are actually instantiated and not the underlying base
DOMNode class. Unfortunately in your case this means you need to
register all of those classes separately.
$dom-registerNodeClass('DOMElement','MyDOMNode');
$dom-registerNodeClass('DOMAttr','MyDOMNode');
$dom-registerNodeClass('DOMText','MyDOMNode');
...
Rob
---End Message---
---BeginMessage---
Hi all,
i recently upgraded a server from
freebsd 5.x to 6.2
php 4.4.2 - php 4.4.4
apache 1.3 - apache 2.2.4.
It worked all great till i noticed that the remote fopen()/file() did not
work.
allow_url_fopen is set to On and the httpd-error.log shows this error
message:
[Thu Feb 15 14:15:42 2007] [error] [client xxx] PHP Warning: file() [a
href='function.file'function.file/a]: php_network_getaddresses:
getaddrinfo failed: hostname nor servname provided, or not known in
/home/domains/x/xxx/tmp/remote.php on line 2
[Thu Feb 15 14:15:42 2007] [error] [client xxx] PHP Warning: file(
http://google.com/) [a href='function.file'function.file/a]: failed to
open stream: Invalid argument in /home/domains/x/xxx/tmp/remote.php on line
2
A lynx from the server to google.com works.
Then i put google.com in the /etc/hosts file and i got this message:
[Thu Feb 15 14:19:47 2007] [error] [client xxx] PHP Warning: file(
http://google.com/) [a href='function.file'function.file/a]: failed to
open stream: HTTP request failed! in /home/domains/x/xxx/tmp/remote.php on
line 2
With curl i can fetch remote content, but i have to put the domainname in
the hosts file. Verry strange!?
Here my test file:
?php
var_dump(file('http://google.com/'));
?
phpinfo and configure.log of the freebsd-ports is attached
http://www.dict.cc/englisch-deutsch/Thanks+in+advance+TIA.htmlThanks in
advance!
Alex
System FreeBSD 6.2-RELEASE FreeBSD 6.2-RELEASE #0: Fri Jan 12 11:05:30
UTC 2007 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/SMP i386
Build Date Feb 14 2007 17:04:14
Configure Command './configure' '--enable-versioning'
'--enable-memory-limit' '--with-layout=GNU'
'--with-config-file-scan-dir=/usr/local/etc/php' '--disable-all'
'--program-prefix=' '--disable-cgi' '--with-apxs2=/usr/local/sbin/apxs'
'--with-regex=php' '--with-zlib=/usr' '--enable-zend-multibyte'
'--prefix=/usr/local' 'i386-portbld-freebsd6.2'
Server API Apache 2.0 Handler
Virtual Directory Support disabled
Configuration File (php.ini) Path /usr/local/etc/php.ini
Scan this dir for additional .ini files /usr/local/etc/php
additional .ini files parsed/usr/local/etc/php/extensions.ini
PHP API 20020918
PHP Extension 20020429
Zend Extension 20050606
Debug Build no
Zend Memory Manager enabled
Thread Safety disabled
Registered PHP Streams php, http, ftp, compress.zlib, compress.bzip2
This program makes use of the Zend Scripting Language
[PHP]Password and FTP Folder
Hi people hi have a problem i need a script for make a ftp folder that have a password for enter Have anyway to do this?? /mrpostiga
[PHP] Re: Extending DOMNode
Eli wrote:
?php
class MyDOMNode extends DOMNode {
public $v = 10;
function __construct() {}
}
$dom = new DOMDocument();
$dom-registerNodeClass('DOMNode','MyDOMNode');
$dom-loadXML('roota//root');
echo $dom-firstChild-v; #-- not outputs 10
?
But I get the notice:
PHP Notice: Undefined property: DOMElement::$v in ...
I want the extension to be valid for all DOM nodes that are derived from
DOMNode, such as DOMElement, DOMAttr, DOMNodeList, DOMText, etc...
I try not to extend all the classes one by one.
Due to the internals of the DOM extension, you need to register the
class types that are actually instantiated and not the underlying base
DOMNode class. Unfortunately in your case this means you need to
register all of those classes separately.
$dom-registerNodeClass('DOMElement','MyDOMNode');
$dom-registerNodeClass('DOMAttr','MyDOMNode');
$dom-registerNodeClass('DOMText','MyDOMNode');
...
Rob
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] remote fopen not working, despite allow_url_fopen = on
Hi all,
i recently upgraded a server from
freebsd 5.x to 6.2
php 4.4.2 - php 4.4.4
apache 1.3 - apache 2.2.4.
It worked all great till i noticed that the remote fopen()/file() did not
work.
allow_url_fopen is set to On and the httpd-error.log shows this error
message:
[Thu Feb 15 14:15:42 2007] [error] [client xxx] PHP Warning: file() [a
href='function.file'function.file/a]: php_network_getaddresses:
getaddrinfo failed: hostname nor servname provided, or not known in
/home/domains/x/xxx/tmp/remote.php on line 2
[Thu Feb 15 14:15:42 2007] [error] [client xxx] PHP Warning: file(
http://google.com/) [a href='function.file'function.file/a]: failed to
open stream: Invalid argument in /home/domains/x/xxx/tmp/remote.php on line
2
A lynx from the server to google.com works.
Then i put google.com in the /etc/hosts file and i got this message:
[Thu Feb 15 14:19:47 2007] [error] [client xxx] PHP Warning: file(
http://google.com/) [a href='function.file'function.file/a]: failed to
open stream: HTTP request failed! in /home/domains/x/xxx/tmp/remote.php on
line 2
With curl i can fetch remote content, but i have to put the domainname in
the hosts file. Verry strange!?
Here my test file:
?php
var_dump(file('http://google.com/'));
?
phpinfo and configure.log of the freebsd-ports is attached
http://www.dict.cc/englisch-deutsch/Thanks+in+advance+TIA.htmlThanks in
advance!
Alex
System FreeBSD 6.2-RELEASE FreeBSD 6.2-RELEASE #0: Fri Jan 12 11:05:30
UTC 2007 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/SMP i386
Build Date Feb 14 2007 17:04:14
Configure Command './configure' '--enable-versioning'
'--enable-memory-limit' '--with-layout=GNU'
'--with-config-file-scan-dir=/usr/local/etc/php' '--disable-all'
'--program-prefix=' '--disable-cgi' '--with-apxs2=/usr/local/sbin/apxs'
'--with-regex=php' '--with-zlib=/usr' '--enable-zend-multibyte'
'--prefix=/usr/local' 'i386-portbld-freebsd6.2'
Server API Apache 2.0 Handler
Virtual Directory Support disabled
Configuration File (php.ini) Path /usr/local/etc/php.ini
Scan this dir for additional .ini files /usr/local/etc/php
additional .ini files parsed/usr/local/etc/php/extensions.ini
PHP API 20020918
PHP Extension 20020429
Zend Extension 20050606
Debug Build no
Zend Memory Manager enabled
Thread Safety disabled
Registered PHP Streams php, http, ftp, compress.zlib, compress.bzip2
This program makes use of the Zend Scripting Language Engine:
Zend Engine v1.3.0, Copyright (c) 1998-2004 Zend Technologies
Configuration
PHP Core
Directive Local Value Master Value
allow_call_time_pass_reference On On
allow_url_fopen Off Off
always_populate_raw_post_data Off Off
arg_separator.input
arg_separator.output
asp_tagsOff Off
auto_append_fileno valueno value
auto_prepend_file no valueno value
browscapno valueno value
default_charset no valueno value
default_mimetypetext/html text/html
define_syslog_variables Off Off
disable_classes no valueno value
disable_functions no valueno value
display_errors Off Off
display_startup_errors Off Off
doc_rootno valueno value
docref_ext no valueno value
docref_root no valueno value
enable_dl On On
error_append_string no valueno value
error_log no valueno value
error_prepend_stringno valueno value
error_reporting 20392039
expose_php Off Off
extension_dir /usr/local/lib/php/20020429 /usr/local/lib/php/20020429
file_uploadsOn On
gpc_order GPC GPC
highlight.bg#FF #FF
highlight.comment #FF8000 #FF8000
highlight.default #BB #BB
highlight.html #00 #00
highlight.keyword #007700 #007700
highlight.string#DD #DD
html_errors On On
ignore_repeated_errors Off Off
ignore_repeated_source Off Off
ignore_user_abort Off Off
implicit_flush Off Off
include_path.:/usr/local/share/pear .:/usr/local/share/pear
log_errors On On
log_errors_max_len 10241024
magic_quotes_gpcOn On
magic_quotes_runtimeOff Off
magic_quotes_sybase Off Off
max_execution_time 30 30
max_input_time 60 60
memory_limit32M 32M
open_basedirno valueno value
output_bufferingno valueno value
output_handler no valueno value
post_max_size 8M 8M
precision 12 12
register_argc_argv On On
register_globalsOff On
report_memleaks On On
safe_mode Off On
safe_mode_exec_dir no valueno value
safe_mode_gid Off Off
safe_mode_include_dir no valueno value
sendmail_from no valueno value
sendmail_path /usr/sbin/sendmail -t -i/usr/sbin/sendmail -t -i
RE: [PHP] remote fopen not working, despite allow_url_fopen = on
Alex,
Either the domain you are trying to fetch data is unknown or your resolver
settings do not point to a regular resolving server. (check
/etc/resolv.conf)
Aras Koktas
[EMAIL PROTECTED]
Business Excellence Development
Phi.dot Internet Systems
-Original Message-
From: alex handle [mailto:[EMAIL PROTECTED]
Sent: Thursday, February 15, 2007 3:52 PM
To: php-general@lists.php.net
Subject: [PHP] remote fopen not working, despite allow_url_fopen = on
Hi all,
i recently upgraded a server from
freebsd 5.x to 6.2
php 4.4.2 - php 4.4.4
apache 1.3 - apache 2.2.4.
It worked all great till i noticed that the remote fopen()/file() did not
work.
allow_url_fopen is set to On and the httpd-error.log shows this error
message:
[Thu Feb 15 14:15:42 2007] [error] [client xxx] PHP Warning: file() [a
href='function.file'function.file /a]: php_network_getaddresses:
getaddrinfo failed: hostname nor servname provided, or not known in
/home/domains/x/xxx/tmp/remote.php on line 2
[Thu Feb 15 14:15:42 2007] [error] [client xxx] PHP Warning: file(
http://google.com/) [a href='function.file'function.file/a]: failed to
open stream: Invalid argument in /home/domains/x/xxx/tmp/remote.php on line
2
A lynx from the server to google.com works.
Then i put google.com in the /etc/hosts file and i got this message:
[Thu Feb 15 14:19:47 2007] [error] [client xxx] PHP Warning: file(
http://google.com/) [a href='function.file'function.file/a]: failed to
open stream: HTTP request failed! in /home/domains/x/xxx/tmp/remote.php on
line 2
With curl i can fetch remote content, but i have to put the domainname in
the hosts file. Verry strange!?
Here my test file:
?php
var_dump(file('http://google.com/'));
?
phpinfo and configure.log of the freebsd-ports is attached
Thanks in advance!
Alex
Re: [PHP] remote fopen not working, despite allow_url_fopen = on
On 2/15/07, Aras [EMAIL PROTECTED] wrote:
Alex,
Either the domain you are trying to fetch data is unknown or your resolver
settings do not point to a regular resolving server. (check
/etc/resolv.conf)
Aras Koktas
[EMAIL PROTECTED]
Business Excellence Development
Phi.dot Internet Systems
-Original Message-
*From:* alex handle [mailto:[EMAIL PROTECTED]
*Sent:* Thursday, February 15, 2007 3:52 PM
*To:* php-general@lists.php.net
*Subject:* [PHP] remote fopen not working, despite allow_url_fopen = on
Hi all,
i recently upgraded a server from
freebsd 5.x to 6.2
php 4.4.2 - php 4.4.4
apache 1.3 - apache 2.2.4.
It worked all great till i noticed that the remote fopen()/file() did not
work.
allow_url_fopen is set to On and the httpd-error.log shows this error
message:
[Thu Feb 15 14:15:42 2007] [error] [client xxx] PHP Warning: file() [a
href='function.file'function.file /a]: php_network_getaddresses:
getaddrinfo failed: hostname nor servname provided, or not known in
/home/domains/x/xxx/tmp/remote.php on line 2
[Thu Feb 15 14:15:42 2007] [error] [client xxx] PHP Warning: file(
http://google.com/) [a href='function.file'function.file/a]: failed to
open stream: Invalid argument in /home/domains/x/xxx/tmp/remote.php on line
2
A lynx from the server to google.com works.
Then i put google.com in the /etc/hosts file and i got this message:
[Thu Feb 15 14:19:47 2007] [error] [client xxx] PHP Warning: file(
http://google.com/) [a href='function.file'function.file/a]: failed to
open stream: HTTP request failed! in /home/domains/x/xxx/tmp/remote.php on
line 2
With curl i can fetch remote content, but i have to put the domainname in
the hosts file. Verry strange!?
Here my test file:
?php
var_dump(file('http://google.com/') http://google.com/%27%29);
?
phpinfo and configure.log of the freebsd-ports is attached
http://www.dict.cc/englisch-deutsch/Thanks+in+advance+TIA.htmlThanks in
advance!
Alex
Hello Aras!
my /etc/resolv.conf is ok - a host google.com works and i can reach
google.com with lynx.
There are no firewall or dns issues on the server.
RE: [PHP]Password and FTP Folder
-Original Message- From: Helder Lopes [mailto:[EMAIL PROTECTED] Sent: Thursday, February 15, 2007 5:32 AM To: php-general@lists.php.net Subject: [PHP]Password and FTP Folder Hi people hi have a problem i need a script for make a ftp folder that have a password for enter Have anyway to do this?? /mrpostiga you can upload .htaccess and .htpasswd files via FTP and password protect it. If you do a search for password protect htaccess you should find a lot of tutorials on how to create the .htaccess file and generate user/password combinations for the .htpasswd file. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] remote fopen not working, despite allow_url_fopen = on
I do suppose this as a networking error rather than a php problem, or a bug which may be caused by your current combination of OS and software set. By the way, allow_url_fopen is set to OFF, not ON, as it is in the attachement of phpinfo in your previous mail. That would produce a different error i know, but an apache restart may be one more trial for this to work. Aras Koktas [EMAIL PROTECTED] Business Excellence Development Phi.dot Internet Systems -Original Message- From: alex handle [mailto:[EMAIL PROTECTED] Sent: Thursday, February 15, 2007 4:34 PM To: Aras Cc: php-general@lists.php.net Subject: Re: [PHP] remote fopen not working, despite allow_url_fopen = on Hello Aras! my /etc/resolv.conf is ok - a host google.com works and i can reach google.com with lynx. There are no firewall or dns issues on the server. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] remote fopen not working, despite allow_url_fopen = on
Hello Aras!
my /etc/resolv.conf is ok - a host google.com works and i can reach
google.com with lynx.
There are no firewall or dns issues on the server.
try: var_dump(file('http://ip_google/'));
replace ip_google with google`s main ip.
cajb.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] remote fopen not working, despite allow_url_fopen = on
On 2/15/07, cajbecu [EMAIL PROTECTED] wrote:
Hello Aras!
my /etc/resolv.conf is ok - a host google.com works and i can reach
google.com with lynx.
There are no firewall or dns issues on the server.
try: var_dump(file('http://ip_google/'));
replace ip_google with google`s main ip.
cajb.
Hi cajb,
I tried that before but, it doesn't even work with 127.0.0.1 or localhost.
Got this Error:
[Thu Feb 15 14:19:47 2007] [error] [client xxx] PHP Warning: file(
http://72.14.207.99/) [a href='function.file'function.file/a]: failed to
open stream: HTTP request failed! in /home/domains/x/xxx/tmp/remote.php on
line 2
Alex
[PHP] Re: Extending DOMNode
Rob Richards wrote:
Due to the internals of the DOM extension, you need to register the
class types that are actually instantiated and not the underlying base
DOMNode class. Unfortunately in your case this means you need to
register all of those classes separately.
$dom-registerNodeClass('DOMElement','MyDOMNode');
$dom-registerNodeClass('DOMAttr','MyDOMNode');
$dom-registerNodeClass('DOMText','MyDOMNode');
...
Not good... :-(
?php
class MyDOMNode extends DOMNode {
public $x = 100;
}
$dom = new DOMDocument();
$dom-registerNodeClass('DOMElement','MyDOMNode');
?
PHP Fatal error: DOMDocument::registerNodeClass(): Class MyDOMNode is
not derived from DOMElement.
So I have to extend DOMElement and register MyDOMElement. But all my
nodes should be also based on MyDOMNode.
Problem is that in PHP you can only extend one class in a time, so you
cannot build your own class-tree which extends a base class-tree of DOM. :-/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Deny processing of non included files
OK here is the background: My app will: have an admin access at http://sitename/admin/ Obviously authenticated users only are allowed access.. Now my issues is this, i do all the processing from a single index.php in admin/ folder that includes files from all over the webapp directory structure for example modules/thismodule/admin/index.php folder for getting the admin page for the module or modules/thismodule/index.php for displaying the modules in the public part of the page etc.. You get the picture.. What i want is to restrict acces to all these included php files such that by typing http://sitename/modules/thismodule/admin/index.php, this file will only be processed by the browser if and only if it has been included by http://sitename/admin/index.php NO included php file should be able to be processed by itself or accessed even for files that do not output anything.. So essentially i think i may be doing somethings wrong.. 1. My included files assume the top file has initiated an instance of an certain object thus being able to use the resources of the instanced objects in the top file..(obviously i have the necessary checks to make sure the instance has been created before including the file) -Should i be initializing new instances of the object at the top of each included file to prevent errors from appearing incase someone access the file directly? Or should i believe it doesn't really matter as in a production environment display_errors is set to off so no error output will be shown... 2. what is the assesed security risk if someone access a file directly even if it does not output anything? 3. is their a way to check that a file has been included by such and such file or should i develop a hash system where the top page that includes files generates a hash, stores it in the db for the length of the script and in a variable, and have the included file check that the variable from the top file and the hash in the db correspond? Security is driving me insane i'm becoming totally psychotic at the possiblity of someone taking over my admin systems... Regards, Tim -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] mysql_affected_rows inaccurate?
Hi a long time ago I stopped using mysql_affected_rows because I believed it was giving me an inaccurate number. Now I was not very knowledged then so it could of been my own fault. Is this function safe and functional? Could it possibly give me the row result of a previous query I did and not the latest? -- View this message in context: http://www.nabble.com/mysql_affected_rows-inaccurate--tf3234567.html#a8988123 Sent from the PHP - General mailing list archive at Nabble.com. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Deny processing of non included files
Easy answer: deny access to them. Use your web server to prevent
execution of the files. Generally, if you're using Apache, you can just
do this:
Directory /path/to/modules/
Order Allow,Deny
Deny From All
/Directory
You may also be able to do that from a .htaccess file.
If you can't configure the server, just use a define at the top of your
index script:
define('__INDEX_PHP',TRUE);
Then just check it with a one-liner at the top of each script that is
for inclusion only.
Tim wrote:
1. My included files assume the top file has initiated an instance of an
certain object thus being able to use the resources of the instanced objects
in the top file..(obviously i have the necessary checks to make sure the
instance has been created before including the file)
-Should i be initializing new instances of the object at the top of each
included file to prevent errors from appearing incase someone access the
file directly? Or should i believe it doesn't really matter as in a
production environment display_errors is set to off so no error output will
be shown...
I don't think you ever want include files to be executed in the wrong
context. Just deny access.
If anything, just make an index.php page in each module dir that
contains only Thanks for visiting this page, but the link you followed
is probably mistyped. Try a href=\$document_root\this/a instead.
2. what is the assesed security risk if someone access a file directly even
if it does not output anything?
Depends on what the file contains. If it contains this: `sudo rm -r
$directory/*`, then the results could be disastrous, but let's hope
that it wouldn't contain code like that. :-)
3. is their a way to check that a file has been included by such and such
file or should i develop a hash system where the top page that includes
files generates a hash, stores it in the db for the length of the script and
in a variable, and have the included file check that the variable from the
top file and the hash in the db correspond?
See above define(...) bit, which is really based on the old C header
trick:
#ifndef __SOME_FILE_H
#define __SOME_FILE_H
a bunch of stuff
#endif
jon
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Extending DOMNode
Eli wrote:
Rob Richards wrote:
Due to the internals of the DOM extension, you need to register the
class types that are actually instantiated and not the underlying base
DOMNode class. Unfortunately in your case this means you need to
register all of those classes separately.
$dom-registerNodeClass('DOMElement','MyDOMNode');
$dom-registerNodeClass('DOMAttr','MyDOMNode');
$dom-registerNodeClass('DOMText','MyDOMNode');
...
Not good... :-(
?php
class MyDOMNode extends DOMNode {
public $x = 100;
}
$dom = new DOMDocument();
$dom-registerNodeClass('DOMElement','MyDOMNode');
?
PHP Fatal error: DOMDocument::registerNodeClass(): Class MyDOMNode is
not derived from DOMElement.
So I have to extend DOMElement and register MyDOMElement. But all my
nodes should be also based on MyDOMNode.
Problem is that in PHP you can only extend one class in a time, so you
cannot build your own class-tree which extends a base class-tree of DOM.
:-/
maybe the runkit extension can help - no idea how big it might explode in your
face if you try to hack the DOM* stuff with runkit :-)
you never stated why you want to extend all the DOM classes, maybe there
is a different way of achieving what you want (i.e. without going through the
hassle of what you seem to have to do at the moment)
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Deny processing of non included files
-Message d'origine-
De : Jon Anderson [mailto:[EMAIL PROTECTED]
Envoyé : jeudi 15 février 2007 17:11
À : Tim
Cc : 'php-general'
Objet : Re: [PHP] Deny processing of non included files
Easy answer: deny access to them. Use your web server to
prevent execution of the files. Generally, if you're using
Apache, you can just do this:
Directory /path/to/modules/
Order Allow,Deny
Deny From All
/Directory
Great i'll go the .htaccess way i don't need any files accesible through the
browser other then http://thissite/index.php and
http://thissite/admin/index.php.
You may also be able to do that from a .htaccess file.
If you can't configure the server, just use a define at the
top of your index script:
define('__INDEX_PHP',TRUE);
Then just check it with a one-liner at the top of each script
that is for inclusion only.
Tim wrote:
1. My included files assume the top file has initiated an
instance
of an certain object thus being able to use the resources of the
instanced objects in the top file..(obviously i have the necessary
checks to make sure the instance has been created before
including the
file) -Should i be initializing new instances of the object
at the top
of each included file to prevent errors from appearing
incase someone
access the file directly? Or should i believe it doesn't
really matter
as in a production environment display_errors is set to off so no
error output will be shown...
I don't think you ever want include files to be executed in
the wrong context. Just deny access.
Sure that's what i thought but couldn't get it to work you put me on the
right track with the directory directive.
If anything, just make an index.php page in each module dir
that contains only Thanks for visiting this page, but the
link you followed is probably mistyped. Try a
href=\$document_root\this/a instead.
Well i do have a blank index.html in ALL directories to stop directory
listing..
2. what is the assesed security risk if someone access a
file directly
even if it does not output anything?
Depends on what the file contains. If it contains this:
`sudo rm -r $directory/*`, then the results could be
disastrous, but let's hope that it wouldn't contain code like
that. :-)
3. is their a way to check that a file has been included by
such and
such file or should i develop a hash system where the top page that
includes files generates a hash, stores it in the db for
the length of
the script and in a variable, and have the included file check that
the variable from the top file and the hash in the db correspond?
See above define(...) bit, which is really based on the old C header
trick:
#ifndef __SOME_FILE_H
#define __SOME_FILE_H
a bunch of stuff
#endif
Ok lets just deny access :)
Thanks a bunch ;)
Tim
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Banner rotation with links
On my home page i have all my banners in a MySQL database which includes the image path, the link, and the description as separate fields. The then do a MySQL query with a query that will look something like this: $query = select * FROM banner ORDER BY RAND() LIMIT 1; Seems to work just fine. -- Kevin Murphy Webmaster: Information and Marketing Services Western Nevada Community College www.wncc.edu 775-445-3326 On Feb 14, 2007, at 8:29 AM, Chris Carter wrote: How can I rotate a banner as well as the link in it within a page using PHP. This can be done as a include file php. Anybody please supply some code or a link for this. Thanks in advance. Chris -- View this message in context: http://www.nabble.com/Banner-rotation- with-links-tf3228157.html#a8968148 Sent from the PHP - General mailing list archive at Nabble.com. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Deny processing of non included files
At 4:44 PM +0100 2/15/07, Tim wrote: OK here is the background: My app will: have an admin access at http://sitename/admin/ Obviously authenticated users only are allowed access.. Now my issues is this, i do all the processing from a single index.php in admin/ folder that includes files from all over the webapp directory structure for example modules/thismodule/admin/index.php folder for getting the admin page for the module or modules/thismodule/index.php for displaying the modules in the public part of the page etc.. You get the picture.. What i want is to restrict acces to all these included php files such that by typing http://sitename/modules/thismodule/admin/index.php, this file will only be processed by the browser if and only if it has been included by http://sitename/admin/index.php NO included php file should be able to be processed by itself or accessed even for files that do not output anything.. So essentially i think i may be doing somethings wrong.. 1. My included files assume the top file has initiated an instance of an certain object thus being able to use the resources of the instanced objects in the top file..(obviously i have the necessary checks to make sure the instance has been created before including the file) -Should i be initializing new instances of the object at the top of each included file to prevent errors from appearing incase someone access the file directly? Or should i believe it doesn't really matter as in a production environment display_errors is set to off so no error output will be shown... 2. what is the assesed security risk if someone access a file directly even if it does not output anything? 3. is their a way to check that a file has been included by such and such file or should i develop a hash system where the top page that includes files generates a hash, stores it in the db for the length of the script and in a variable, and have the included file check that the variable from the top file and the hash in the db correspond? Security is driving me insane i'm becoming totally psychotic at the possiblity of someone taking over my admin systems... Regards, Tim Tim: Use require_once (auth.php); in every include. This should be the same auth code you use for your admin page. If you want I can provide an example. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Extending DOMNode
Jochem Maas wrote: maybe the runkit extension can help - no idea how big it might explode in your face if you try to hack the DOM* stuff with runkit :-) you never stated why you want to extend all the DOM classes, maybe there is a different way of achieving what you want (i.e. without going through the hassle of what you seem to have to do at the moment) I want to add a common function to all nodes extended from DOMNode (e.g DOMElement, DOMText, DOMAttr, etc), and also keep the code maintainable so changing the common function will not force me to do in 10 places [I don't want to create a global function for this]. -thanks! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Retrieve value of newly inserted row.
Okay, I found the correct function and below is what I have: - Show quoted text - $insert1 = INSERT INTO table1 ( debit_card, card_type, card_number, exp_date, payment_amount, cvv_number, first_name, middle_name, last_name, address_1, address_2, city, zip_code, zip_4, phone_number, fax_number, email_address, receipt, comments, date_request_received, employee_received_call, research_phase_date, research_phase_user, submit_phase_date, submit_phase_user, status_code, state_code) VALUES ( '$debit_card', '$card_type', '$card_number', '$exp_date', '$amount', '$cvv', '$cc_first', '$cc_middle', '$cc_last', '$cc_address_1', '$cc_address_2', '$cc_city', '$cc_zip', '$cc_zip_4', '$cc_phone_number', '$cc_fax_number', '$cc_email_address', '$receipt', '$cc_comments', '$create_date', '$create_user', '$research_date', '$research_user', '$submit_date', '$submit_user', '$status_code', '$cc_state') SELECT scope_identity() INSERT INTO table2 ( credit_card_id, case_number, comments) VALUES ( 'scope_identity', '$case', '$comments'); echo $insert1; mssql_query($insert1) or die (Query failed: br /.mssql_get_last_message()); echo Insert complete; the scope_identity function is suppose to select the last inserted ID for the first insert statement. When my query executes, it appears to go thru all the steps correctly...it inserts the first record just fine, displays the echo of my query and returns the echo of Insert Complete HOWEVER, when I go to look at the data base there is NO data inserted into table2 even though my query returned that Insert Complete statement. Any ideas? On 2/14/07, Jim Lucas [EMAIL PROTECTED] wrote: Brad Fuller wrote: From looking on the web (MSDN) I found the @@identity and the explanation of what it is, but MS's example is horrible and does not show a good context for using this function. Could you elaborate more on its use? $q = mssql_query(INSERT INTO TableName(...) VALUES(...) SELECT LAST_INSERT_ID=@@IDENTITY); $r = mssql_fetch_assoc($q); HTH, Brad Might look at this http://us3.php.net/manual/en/function.mssql-query.php#46026 -- Enjoy, Jim Lucas Different eyes see different things. Different hearts beat on different strings. But there are times for you and me when all such things agree. - Rush
Re: [PHP] Re: Extending DOMNode
Eli wrote: Jochem Maas wrote: maybe the runkit extension can help - no idea how big it might explode in your face if you try to hack the DOM* stuff with runkit :-) you never stated why you want to extend all the DOM classes, maybe there is a different way of achieving what you want (i.e. without going through the hassle of what you seem to have to do at the moment) I want to add a common function to all nodes extended from DOMNode (e.g DOMElement, DOMText, DOMAttr, etc), and also keep the code maintainable so changing the common function will not force me to do in 10 places why? [I don't want to create a global function for this]. why not? -thanks! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Retrieve value of newly inserted row.
Okay, I found the correct function and below is what I have:
- Show quoted text -
$insert1 = INSERT INTO table1 (
snip
)
VALUES (
snip
)
SELECT scope_identity()
INSERT INTO table2 (
credit_card_id,
case_number,
comments)
VALUES (
'scope_identity',
'$case',
'$comments');
echo $insert1;
mssql_query($insert1) or die (Query failed: br
/.mssql_get_last_message());
echo Insert complete;
the scope_identity function is suppose to select the last inserted ID for
the first insert statement.
When my query executes, it appears to go thru all the steps
correctly...it
inserts the first record just fine, displays the echo of my query and
returns the echo of Insert Complete
HOWEVER, when I go to look at the data base there is NO data inserted into
table2 even though my query returned that Insert Complete statement.
Any ideas?
On 2/14/07, Jim Lucas [EMAIL PROTECTED] wrote:
Brad Fuller wrote:
From looking on the web (MSDN) I found the @@identity and the
explanation
of
what it is, but MS's example is horrible and does not show a good
context
for using this function. Could you elaborate more on its use?
$q = mssql_query(INSERT INTO TableName(...) VALUES(...) SELECT
LAST_INSERT_ID=@@IDENTITY);
$r = mssql_fetch_assoc($q);
HTH,
Brad
Might look at this
http://us3.php.net/manual/en/function.mssql-query.php#46026
--
Enjoy,
Jim Lucas
Different eyes see different things. Different hearts beat on different
strings. But there are times for you and me when all such things agree.
- Rush
I don't think you can do multiple inserts in a single query. Or maybe you
can but the select statement after it causes the second insert not to be
run? I don't know, but I've seen several examples - each use 2 separate
insert queries.
My reply to your original message was incomplete; I apologize
$q1 = mssql_query(INSERT INTO Table1 (...) VALUES (...) SELECT
SCOPE_IDENTITY() AS [SCOPE_IDENTITY]);
$r = mssql_fetch_assoc($q1);
$insert_id = $r['SCOPE_IDENTITY'];
$q2 = mssql_query(INSERT INTO Table2 (...) VALUES ({$insert_id}, ...));
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Banner rotation with links
Kevin Murphy wrote:
On my home page i have all my banners in a MySQL database which includes
the image path, the link, and the description as separate fields. The
then do a MySQL query with a query that will look something like this:
$query = select * FROM banner ORDER BY RAND() LIMIT 1;
Seems to work just fine.
just wait till you have 10 items in that table :-)
in practice that may never happen and maybe MySQL can optimize a
SELECT that does ORDER BY RAND() LIMIT 1
(can anyone confirm what MySQL does with ORDER BY RAND() LIMIT 1 exactly in
terms
of scanning the table? - the MySQL docs don't mention whether this is scalable
at all)
*but* if that is not the case then using a field (call it 'randomized' or
something like that)
and indexing on that and then updating that field periodically with random
integers using a cronjob script would make the resulting query alot more robust
..
the compromise being that you don't get a different banner each request:
$query = select * FROM banner ORDER BY randomized LIMIT 1;
the compromise can be mitigated some what by doing something like this
(assuming you use sessions):
// BRC = Banner Random Count
if (!isset($_SESSION['BRC']))
$_SESSION['BRC'] = 0;
$query = select * FROM banner ORDER BY randomized LIMIT {$_SESSION['BRC']},1;
$_SESSION['BRC']++;
--Kevin Murphy
Webmaster: Information and Marketing Services
Western Nevada Community College
www.wncc.edu
775-445-3326
On Feb 14, 2007, at 8:29 AM, Chris Carter wrote:
How can I rotate a banner as well as the link in it within a page
using PHP.
This can be done as a include file php. Anybody please supply some
code or a
link for this.
Thanks in advance.
Chris
--View this message in context:
http://www.nabble.com/Banner-rotation-with-links-tf3228157.html#a8968148
Sent from the PHP - General mailing list archive at Nabble.com.
--PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Retrieve value of newly inserted row.
I GOT IT! WooHoo!
Thanks to a co-worker, this problem has been solved! I was using
scope_identity incorrectly.
This is how you should use it:
INSERT INTO Table1 (
Column1,
Column2)
VALUES (
Value1,
Value2)
INSERT INTO Table2 (
Column1,
Column2)
VALUES (
scope_identity(),
Value2)
Using scope_identity() for the value in insert #2 will return the value of
the identity field just created from insert #1.
On 2/15/07, Brad Fuller [EMAIL PROTECTED] wrote:
Okay, I found the correct function and below is what I have:
- Show quoted text -
$insert1 = INSERT INTO table1 (
snip
)
VALUES (
snip
)
SELECT scope_identity()
INSERT INTO table2 (
credit_card_id,
case_number,
comments)
VALUES (
'scope_identity',
'$case',
'$comments');
echo $insert1;
mssql_query($insert1) or die (Query failed: br
/.mssql_get_last_message());
echo Insert complete;
the scope_identity function is suppose to select the last inserted ID
for
the first insert statement.
When my query executes, it appears to go thru all the steps
correctly...it
inserts the first record just fine, displays the echo of my query and
returns the echo of Insert Complete
HOWEVER, when I go to look at the data base there is NO data inserted
into
table2 even though my query returned that Insert Complete statement.
Any ideas?
On 2/14/07, Jim Lucas [EMAIL PROTECTED] wrote:
Brad Fuller wrote:
From looking on the web (MSDN) I found the @@identity and the
explanation
of
what it is, but MS's example is horrible and does not show a good
context
for using this function. Could you elaborate more on its use?
$q = mssql_query(INSERT INTO TableName(...) VALUES(...) SELECT
LAST_INSERT_ID=@@IDENTITY);
$r = mssql_fetch_assoc($q);
HTH,
Brad
Might look at this
http://us3.php.net/manual/en/function.mssql-query.php#46026
--
Enjoy,
Jim Lucas
Different eyes see different things. Different hearts beat on
different
strings. But there are times for you and me when all such things
agree.
- Rush
I don't think you can do multiple inserts in a single query. Or maybe you
can but the select statement after it causes the second insert not to be
run? I don't know, but I've seen several examples - each use 2 separate
insert queries.
My reply to your original message was incomplete; I apologize
$q1 = mssql_query(INSERT INTO Table1 (...) VALUES (...) SELECT
SCOPE_IDENTITY() AS [SCOPE_IDENTITY]);
$r = mssql_fetch_assoc($q1);
$insert_id = $r['SCOPE_IDENTITY'];
$q2 = mssql_query(INSERT INTO Table2 (...) VALUES ({$insert_id}, ...));
RE: [PHP] Deny processing of non included files
Ok i have actually discovered a great side-effect that i thought i'd share
with any interested by using these .htaccess directives.
As i only have two index.php files on the site and they are the only two
files accesible through browser i have done this:
Files *.*
Order Deny,Allow
Deny from All
/Files
Files index.php
Order Deny,Allow
Allow from All
/Files
Files *.css
Order Deny,Allow
Allow from All
/Files
Now the great side affect i told you about is that you cannot blind check
the presence of *.php files in any directory any you file you look for
regardless if it exists returns a 403 forbidden, so it is impossible to find
the structure of the site...
You can though test for directories.
These directives along with a site that uses index.php as an engine to
generate content via includes, are great for really restricing site access
(of course this does not mean my includes don't have holes but thats another
issue) on top of a regular authentication. And makes it easier for my own
authentication system as i only have to authenticate through one file
index.php thus not needing any authentication on any of the included files
as suggested, and not needing to worry about that test.php file that got
forgotten during dev or something, or even a user uploading a $.php file i
dont want him to execute..
Thanks guys,
Regards,
Tim
-Message d'origine-
De : Jon Anderson [mailto:[EMAIL PROTECTED]
Envoyé : jeudi 15 février 2007 17:11
À : Tim
Cc : 'php-general'
Objet : Re: [PHP] Deny processing of non included files
Easy answer: deny access to them. Use your web server to
prevent execution of the files. Generally, if you're using
Apache, you can just do this:
Directory /path/to/modules/
Order Allow,Deny
Deny From All
/Directory
You may also be able to do that from a .htaccess file.
If you can't configure the server, just use a define at the
top of your index script:
define('__INDEX_PHP',TRUE);
Then just check it with a one-liner at the top of each script
that is for inclusion only.
Tim wrote:
1. My included files assume the top file has initiated an
instance
of an certain object thus being able to use the resources of the
instanced objects in the top file..(obviously i have the necessary
checks to make sure the instance has been created before
including the
file) -Should i be initializing new instances of the object
at the top
of each included file to prevent errors from appearing
incase someone
access the file directly? Or should i believe it doesn't
really matter
as in a production environment display_errors is set to off so no
error output will be shown...
I don't think you ever want include files to be executed in
the wrong context. Just deny access.
If anything, just make an index.php page in each module dir
that contains only Thanks for visiting this page, but the
link you followed is probably mistyped. Try a
href=\$document_root\this/a instead.
2. what is the assesed security risk if someone access a
file directly
even if it does not output anything?
Depends on what the file contains. If it contains this:
`sudo rm -r $directory/*`, then the results could be
disastrous, but let's hope that it wouldn't contain code like
that. :-)
3. is their a way to check that a file has been included by
such and
such file or should i develop a hash system where the top page that
includes files generates a hash, stores it in the db for
the length of
the script and in a variable, and have the included file check that
the variable from the top file and the hash in the db correspond?
See above define(...) bit, which is really based on the old C header
trick:
#ifndef __SOME_FILE_H
#define __SOME_FILE_H
a bunch of stuff
#endif
jon
--
PHP General Mailing List (http://www.php.net/) To
unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Banner rotation with links
On Feb 15, 2007, at 10:57 AM, Jochem Maas wrote: Kevin Murphy wrote: On my home page i have all my banners in a MySQL database which includes the image path, the link, and the description as separate fields. The then do a MySQL query with a query that will look something like this: $query = select * FROM banner ORDER BY RAND() LIMIT 1; Seems to work just fine. just wait till you have 10 items in that table :-) in practice that may never happen and maybe MySQL can optimize a SELECT that does ORDER BY RAND() LIMIT 1 (can anyone confirm what MySQL does with ORDER BY RAND() LIMIT 1 exactly in terms of scanning the table? - the MySQL docs don't mention whether this is scalable at all) Apparently a lot of folks think it's a bad idea on large tables... http://www.google.com/search?client=safarirls=enq=ORDER+BY+RAND ();ie=UTF-8oe=UTF-8 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] plugging gmmktime value into gmdate yields incorrect date
I tried running the following script on three different servers:
?php
echo gmdate('m, d, Y', gmmktime(0,0,0,3,23,2000) );
?
On two of the servers, I got 03, 23, 2000 back. On the other,
however, I got 03, 22, 2000. This doesn't make any sense to me.
On the servers that return the correct date (03, 23, 2000),
gmmktime(0,0,0,3,23,2000) returns 953769600. On the server that
returns the incorrect date (03, 22, 2000), gmmktime(0,0,0,3,23,2000)
returns 953766000. There's a difference of 3600 between the two,
which makes me think that some daylight savings time setting is to
blame.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] plugging gmmktime value into gmdate yields incorrect date
And what are the time zones for those two different machines? And what is
the time? :)
Best regards,
Peter Lauri
www.dwsasia.com - company web site
www.lauri.se - personal web site
www.carbonfree.org.uk - become Carbon Free
-Original Message-
From: Terra Frost [mailto:[EMAIL PROTECTED]
Sent: Thursday, February 15, 2007 8:47 PM
To: php-general@lists.php.net
Subject: [PHP] plugging gmmktime value into gmdate yields incorrect date
I tried running the following script on three different servers:
?php
echo gmdate('m, d, Y', gmmktime(0,0,0,3,23,2000) );
?
On two of the servers, I got 03, 23, 2000 back. On the other,
however, I got 03, 22, 2000. This doesn't make any sense to me.
On the servers that return the correct date (03, 23, 2000),
gmmktime(0,0,0,3,23,2000) returns 953769600. On the server that
returns the incorrect date (03, 22, 2000), gmmktime(0,0,0,3,23,2000)
returns 953766000. There's a difference of 3600 between the two,
which makes me think that some daylight savings time setting is to
blame.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] mysql_affected_rows inaccurate?
Sometimes you can get fooled by the result. If nothing is changed on a update the result for this function will give 0, because nothing was affected. Although you might think so just because you are doing an update. However, an update doesn't necessary mean an update :) Best regards, Peter Lauri www.dwsasia.com - company web site www.lauri.se - personal web site www.carbonfree.org.uk - become Carbon Free -Original Message- From: altendew [mailto:[EMAIL PROTECTED] Sent: Thursday, February 15, 2007 6:06 PM To: php-general@lists.php.net Subject: [PHP] mysql_affected_rows inaccurate? Hi a long time ago I stopped using mysql_affected_rows because I believed it was giving me an inaccurate number. Now I was not very knowledged then so it could of been my own fault. Is this function safe and functional? Could it possibly give me the row result of a previous query I did and not the latest? -- View this message in context: http://www.nabble.com/mysql_affected_rows-inaccurate--tf3234567.html#a898812 3 Sent from the PHP - General mailing list archive at Nabble.com. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Extending DOMNode
Eli wrote:
Rob Richards wrote:
Due to the internals of the DOM extension, you need to register the
class types that are actually instantiated and not the underlying base
DOMNode class. Unfortunately in your case this means you need to
register all of those classes separately.
$dom-registerNodeClass('DOMElement','MyDOMNode');
$dom-registerNodeClass('DOMAttr','MyDOMNode');
$dom-registerNodeClass('DOMText','MyDOMNode');
...
Not good... :-(
?php
class MyDOMNode extends DOMNode {
public $x = 100;
}
$dom = new DOMDocument();
$dom-registerNodeClass('DOMElement','MyDOMNode');
?
PHP Fatal error: DOMDocument::registerNodeClass(): Class MyDOMNode is
not derived from DOMElement.
So I have to extend DOMElement and register MyDOMElement. But all my
nodes should be also based on MyDOMNode.
Problem is that in PHP you can only extend one class in a time, so you
cannot build your own class-tree which extends a base class-tree of DOM.
:-/
Ooops. Wasn't thinking when I wrote that. Yup, you will need to extend
every one of the node types separately and then register those classes.
Rob
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] plugging gmmktime value into gmdate yields incorrect date
date('Z') on the server producing the incorrect output returns 3600. On
the other two, I get -18000 and -21600.
That said, I don't see how that'd make a difference. The whole reason
I'm using the gm* functions, in the first place, is because those are
supposed to work with a fixed timezone - GMT. Testament to this is the
fact that gmdate('Z') returns 0 on all three of those.
Peter Lauri wrote:
And what are the time zones for those two different machines? And what is
the time? :)
Best regards,
Peter Lauri
www.dwsasia.com - company web site
www.lauri.se - personal web site
www.carbonfree.org.uk - become Carbon Free
-Original Message-
From: Terra Frost [mailto:[EMAIL PROTECTED]
Sent: Thursday, February 15, 2007 8:47 PM
To: php-general@lists.php.net
Subject: [PHP] plugging gmmktime value into gmdate yields incorrect date
I tried running the following script on three different servers:
?php
echo gmdate('m, d, Y', gmmktime(0,0,0,3,23,2000) );
?
On two of the servers, I got 03, 23, 2000 back. On the other,
however, I got 03, 22, 2000. This doesn't make any sense to me.
On the servers that return the correct date (03, 23, 2000),
gmmktime(0,0,0,3,23,2000) returns 953769600. On the server that
returns the incorrect date (03, 22, 2000), gmmktime(0,0,0,3,23,2000)
returns 953766000. There's a difference of 3600 between the two,
which makes me think that some daylight savings time setting is to
blame.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Session problems with 4.4.5?
Is anyone else having problems with session in 4.4.5? I'm under apache 1.3.27 in linux 2.4.34 and all my web sites break under 4.4.5. As soon as a page tries to register a session variable with session_register apache will segfault. Has worked perfectly fine for the past 2 years and like 10 version of PHP 4.4.X. [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] plugging gmmktime value into gmdate yields incorrect date
-Original Message-
From: Terra Frost [mailto:[EMAIL PROTECTED]
Sent: Thursday, February 15, 2007 3:20 PM
To: Peter Lauri
Cc: php-general@lists.php.net
Subject: Re: [PHP] plugging gmmktime value into gmdate yields incorrect
date
date('Z') on the server producing the incorrect output returns 3600. On
the other two, I get -18000 and -21600.
That said, I don't see how that'd make a difference. The whole reason
I'm using the gm* functions, in the first place, is because those are
supposed to work with a fixed timezone - GMT. Testament to this is the
fact that gmdate('Z') returns 0 on all three of those.
Peter Lauri wrote:
And what are the time zones for those two different machines? And what
is
the time? :)
Best regards,
Peter Lauri
www.dwsasia.com - company web site
www.lauri.se - personal web site
www.carbonfree.org.uk - become Carbon Free
-Original Message-
From: Terra Frost [mailto:[EMAIL PROTECTED]
Sent: Thursday, February 15, 2007 8:47 PM
To: php-general@lists.php.net
Subject: [PHP] plugging gmmktime value into gmdate yields incorrect date
I tried running the following script on three different servers:
?php
echo gmdate('m, d, Y', gmmktime(0,0,0,3,23,2000) );
?
On two of the servers, I got 03, 23, 2000 back. On the other,
however, I got 03, 22, 2000. This doesn't make any sense to me.
On the servers that return the correct date (03, 23, 2000),
gmmktime(0,0,0,3,23,2000) returns 953769600. On the server that
returns the incorrect date (03, 22, 2000), gmmktime(0,0,0,3,23,2000)
returns 953766000. There's a difference of 3600 between the two,
which makes me think that some daylight savings time setting is to
blame.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
I may be way off... but isn't it redundant to use both gmdate() and
gmmktime()? I thought each of these functions were used to convert your
local time into GMT...
So for example if you're GMT+5, the gmmktime() would subtract 5 hours, and
then gmdate() would subtract another 5 hours?
Like I said - I could be way off, but just a thought.
-Brad
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Accessing cookies in PHP and Javascript
Assuming I have a cookie setcookie (username,$_SESSION['Username'], $expires); how can I access the same cookie in Javascript? Or how do I have to create a cookies so it's accessable as $_COOKIE[username] O. Wyss -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Session Problem
I am having a problem where it appears that the session is not being saved properly. While on a page, I can start a session and set variables to it. however, when I go to the next page.. the session variables appear to have been cleared out. first page: session_start(); $_SESSION[user_level] = test; second page: session_start(); echo $_SESSION[user_level] ; We just installed php on the 2003 server. Is there maybe a problem with the php.ini file that I need to fix? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Session Problem
Does your system have permission to write to the temp directory? Put on error_reporting(E_ALL) and see if it throws an error. -Original Message- From: LoneWolf [mailto:[EMAIL PROTECTED] Sent: Thursday, February 15, 2007 2:35 PM To: php-general@lists.php.net Subject: [PHP] Session Problem I am having a problem where it appears that the session is not being saved properly. While on a page, I can start a session and set variables to it. however, when I go to the next page.. the session variables appear to have been cleared out. first page: session_start(); $_SESSION[user_level] = test; second page: session_start(); echo $_SESSION[user_level] ; We just installed php on the 2003 server. Is there maybe a problem with the php.ini file that I need to fix? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session Problem
LoneWolf wrote: I am having a problem where it appears that the session is not being saved properly. While on a page, I can start a session and set variables to it. however, when I go to the next page.. the session variables appear to have been cleared out. first page: session_start(); $_SESSION[user_level] = test; How do you move from one page to the other? You have to pass the session along, I believe.. Something like: $s = SID; // session contant page2.php?$s second page: session_start(); echo $_SESSION[user_level] ; We just installed php on the 2003 server. Is there maybe a problem with the php.ini file that I need to fix? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Session Problem
-Original Message- From: LoneWolf [mailto:[EMAIL PROTECTED] Sent: Thursday, February 15, 2007 4:35 PM To: php-general@lists.php.net Subject: [PHP] Session Problem I am having a problem where it appears that the session is not being saved properly. While on a page, I can start a session and set variables to it. however, when I go to the next page.. the session variables appear to have been cleared out. Is there anything unusual about your setup that you failed to mention? (e.g. using frameset etc.) A few things to check: - Make sure cookies (at least session cookies) are enabled in your browser. - Try browsing the site from another computer. - Make sure session_start() is being called before any HTML output (including blank lines before the first ?php tag) -Brad -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] plugging gmmktime value into gmdate yields incorrect date
-Original Message-
From: Brad Fuller [mailto:[EMAIL PROTECTED]
Sent: Thursday, February 15, 2007 3:48 PM
To: 'Terra Frost'; 'Peter Lauri'
Cc: php-general@lists.php.net
Subject: RE: [PHP] plugging gmmktime value into gmdate yields incorrect
date
-Original Message-
From: Terra Frost [mailto:[EMAIL PROTECTED]
Sent: Thursday, February 15, 2007 3:20 PM
To: Peter Lauri
Cc: php-general@lists.php.net
Subject: Re: [PHP] plugging gmmktime value into gmdate yields incorrect
date
date('Z') on the server producing the incorrect output returns 3600. On
the other two, I get -18000 and -21600.
That said, I don't see how that'd make a difference. The whole reason
I'm using the gm* functions, in the first place, is because those are
supposed to work with a fixed timezone - GMT. Testament to this is the
fact that gmdate('Z') returns 0 on all three of those.
Peter Lauri wrote:
And what are the time zones for those two different machines? And what
is
the time? :)
Best regards,
Peter Lauri
www.dwsasia.com - company web site
www.lauri.se - personal web site
www.carbonfree.org.uk - become Carbon Free
-Original Message-
From: Terra Frost [mailto:[EMAIL PROTECTED]
Sent: Thursday, February 15, 2007 8:47 PM
To: php-general@lists.php.net
Subject: [PHP] plugging gmmktime value into gmdate yields incorrect
date
I tried running the following script on three different servers:
?php
echo gmdate('m, d, Y', gmmktime(0,0,0,3,23,2000) );
?
On two of the servers, I got 03, 23, 2000 back. On the other,
however, I got 03, 22, 2000. This doesn't make any sense to me.
On the servers that return the correct date (03, 23, 2000),
gmmktime(0,0,0,3,23,2000) returns 953769600. On the server that
returns the incorrect date (03, 22, 2000), gmmktime(0,0,0,3,23,2000)
returns 953766000. There's a difference of 3600 between the two,
which makes me think that some daylight savings time setting is to
blame.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
I may be way off... but isn't it redundant to use both gmdate() and
gmmktime()? I thought each of these functions were used to convert your
local time into GMT...
So for example if you're GMT+5, the gmmktime() would subtract 5 hours, and
then gmdate() would subtract another 5 hours?
Like I said - I could be way off, but just a thought.
-Brad
Yes, I was a little off...
gmmktime() takes a GMT date and converts it to a local unix timestamp.
gmdate() takes a local unix timestamp and converts it to a GMT date.
So in theory you *should* get the same date you put in, if using both
functions like your example.
I think you are on the right track with the Daylight Saving time issue.
Starting this year, DST in the U.S. begins in March instead of April.
Given that the year of your date input is 2000, it shouldn't be affected,
but perhaps that is in fact the culprit? Your date 3/23 falls in between the
previous and future DST start dates.
Hmm...
Have you gotten similar results using a different month/day?
-Brad
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: [PHP-DEV] Suggestion: global variables being accessed in localscope
[Taking this back on-list, as it's my final answer.] On Wed, February 14, 2007 5:30 pm, Christian Schneider wrote: Richard Lynch wrote: But the code that checks for E_NOTICE also has to be altered to check for E_STRICT... How many applications use error handlers. And how many of them rely on a specific code being a specific level? Out of curiousity: I wouldn't even know why someone would do something like that, perhaps you have a good example. Anyway, that's a BC break I find worth doing but I'm fully aware that you will disagree. Anybody on shared hosting who wants to log their errors somewhere out of the morass of system logs without dinking around with .htaccess is going to use set_error_handler. For that matter, if .htaccess is off, and you can't edit php.ini, set_error_handler is just about your only option for reasonable error handling. I think you will find that a LOT of distributed applications use this to avoid splatting PHP error messages out. Or, at least, they should be using it, as there's no other way without using something you can't rely on if your code is widely distributed in unknown environments. I know *I* have used it more than a few times. Once you decide to use set_error_handler, of course you are going to treat E_ERROR, E_NOTICE, E_USER_ERROR differently. You want to just halt your script for E_ERROR, but probably just tell yourself to fix the buglet of an E_NOTICE. You may even put them in separate logs, or perhaps even email yourself E_ERROR, but only log E_NOTICE. I *know* I have switch() statements on the error level in my error handlers, and you are going to break them. I can understand why the purist / anal-retentive camp wants un-initiliazed varaibles as E_STRICT rather than E_NOTICE, but does it really make that much difference? And, honestly, there *ARE* bugs that can be introduced if somebody makes a typo that results in using an unitialized variable. Though the PHP auto-initialization to '' (or 0 or false or whatever is suitable after type-juggling) works 99% of the time, imagine something like this: ?php /* lots of code */ $foo = 42; /* lots of code */ if ($foo === 42) echo foo!; ? Now imagine that somebody deletes all the lots of code and also accidentally deletes the initialization. The thing you believe should be E_STRICT is, in fact, an E_NOTICE worthy issue. Not only CAN this happen, it HAS happened to me, and the E_NOTICE made it patently obvious what had happened as soon as I ran my tests. Therefore, I believe the uninitialized variables should NOT be moved to E_STRICT. -- Some people have a gift link here. Know what I want? I want you to buy a CD from some starving artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] plugging gmmktime value into gmdate yields incorrect date
Brad Fuller wrote:
-Original Message-
From: Brad Fuller [mailto:[EMAIL PROTECTED]
Sent: Thursday, February 15, 2007 3:48 PM
To: 'Terra Frost'; 'Peter Lauri'
Cc: php-general@lists.php.net
Subject: RE: [PHP] plugging gmmktime value into gmdate yields incorrect
date
-Original Message-
From: Terra Frost [mailto:[EMAIL PROTECTED]
Sent: Thursday, February 15, 2007 3:20 PM
To: Peter Lauri
Cc: php-general@lists.php.net
Subject: Re: [PHP] plugging gmmktime value into gmdate yields incorrect
date
date('Z') on the server producing the incorrect output returns 3600. On
the other two, I get -18000 and -21600.
That said, I don't see how that'd make a difference. The whole reason
I'm using the gm* functions, in the first place, is because those are
supposed to work with a fixed timezone - GMT. Testament to this is the
fact that gmdate('Z') returns 0 on all three of those.
Peter Lauri wrote:
And what are the time zones for those two different machines? And what
is
the time? :)
Best regards,
Peter Lauri
www.dwsasia.com - company web site
www.lauri.se - personal web site
www.carbonfree.org.uk - become Carbon Free
-Original Message-
From: Terra Frost [mailto:[EMAIL PROTECTED]
Sent: Thursday, February 15, 2007 8:47 PM
To: php-general@lists.php.net
Subject: [PHP] plugging gmmktime value into gmdate yields incorrect
date
I tried running the following script on three different servers:
?php
echo gmdate('m, d, Y', gmmktime(0,0,0,3,23,2000) );
?
On two of the servers, I got 03, 23, 2000 back. On the other,
however, I got 03, 22, 2000. This doesn't make any sense to me.
On the servers that return the correct date (03, 23, 2000),
gmmktime(0,0,0,3,23,2000) returns 953769600. On the server that
returns the incorrect date (03, 22, 2000), gmmktime(0,0,0,3,23,2000)
returns 953766000. There's a difference of 3600 between the two,
which makes me think that some daylight savings time setting is to
blame.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
I may be way off... but isn't it redundant to use both gmdate() and
gmmktime()? I thought each of these functions were used to convert your
local time into GMT...
So for example if you're GMT+5, the gmmktime() would subtract 5 hours, and
then gmdate() would subtract another 5 hours?
Like I said - I could be way off, but just a thought.
-Brad
Yes, I was a little off...
gmmktime() takes a GMT date and converts it to a local unix timestamp.
gmdate() takes a local unix timestamp and converts it to a GMT date.
So in theory you *should* get the same date you put in, if using both
functions like your example.
I think you are on the right track with the Daylight Saving time issue.
Starting this year, DST in the U.S. begins in March instead of April.
Given that the year of your date input is 2000, it shouldn't be affected,
but perhaps that is in fact the culprit? Your date 3/23 falls in between the
previous and future DST start dates.
Hmm...
Have you gotten similar results using a different month/day?
-Brad
if you run:
echo gmdate('I', gmmktime(0,0,0,3,23,2000) ); //Capital 'i'
I (capital i) - 1 if Daylight Savings Time, 0 otherwise.
This might help you
--
Enjoy,
Jim Lucas
Different eyes see different things. Different hearts beat on different
strings. But there are times for you and me when all such things agree.
- Rush
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Accessing cookies in PHP and Javascript
Your favorite search engine would provide you with far better JavaScript answers than a PHP mailing list... Otto Wyss wrote: Assuming I have a cookie setcookie (username,$_SESSION['Username'], $expires); how can I access the same cookie in Javascript? Parse out document.cookie. Or how do I have to create a cookies so it's accessable as $_COOKIE[username] document.cookie = username= + escape(username); You can add expiry, path, etc. with JavaScript, but you can google for that. jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Problem Directing the Page with header
Hi, I am having problem with redirecting the page in user
authenication page . I am working on my windows machine as a
localhost with PHP Version 5.2.0. Everything is working good in
local machine (in Windows) but now when i tried to upload the
same code to the server which is using PHP Version 5.1.6, it does
not seem to redirect my page. I have a main loginpage which on
post goes to the logincheck.php and in Login.php i have all the
stuffs to authenticate and redirect the user. I am pasting the
logincheck.php code below.
?php
session_start();
require_once 'functions.php';
$UserName = $_POST['UserName'];
$Password = $_POST['Password'];
$error = login_check($_POST);
$adminAddress = getAbsolutePath().'adminlogin.php';
$userAddress = getAbsolutePath().'userlogin.php';
$samePage = getAbsolutePath().'login-new.php';
if (trim ($error)==)
{
$accesslevel = accessLevel($UserName);
if ($accesslevel == admin){
$_SESSION[userid] = login($_POST);
header(Location: $adminAddress);
exit();
}
else if ($accesslevel == user){
$_SESSION[userid] = login($_POST);
header(Location: $userAddress);
exit();
}
}
else {
$errorMessage = '$error';
header(Location: $samePage);
exit();
}
?
Any Help would be highly aprriciated.
Thanks a lot
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Problem Directing the Page with header
Ashish Rizal wrote:
Hi, I am having problem with redirecting the page in user
authenication page . I am working on my windows machine as a
localhost with PHP Version 5.2.0. Everything is working good in
local machine (in Windows) but now when i tried to upload the
same code to the server which is using PHP Version 5.1.6, it does
not seem to redirect my page. I have a main loginpage which on
post goes to the logincheck.php and in Login.php i have all the
stuffs to authenticate and redirect the user. I am pasting the
logincheck.php code below.
one thing to watch for is case-sensitivity. you have a logincheck.php
and then a Login.php are you sure that the file has a 'L' in the name?
This is actually all mute if you are running on a windows server also.
Do you know what OS is on the server? Linux, BSD, Windows, Mac...
when you say it does not seem to rediret my page... What does it do
instead??? Error...
?php
session_start();
require_once 'functions.php';
$UserName = $_POST['UserName'];
$Password = $_POST['Password'];
$error = login_check($_POST);
$adminAddress = getAbsolutePath().'adminlogin.php';
$userAddress = getAbsolutePath().'userlogin.php';
$samePage = getAbsolutePath().'login-new.php';
if (trim ($error)==)
{
$accesslevel = accessLevel($UserName);
if ($accesslevel == admin){
$_SESSION[userid] = login($_POST);
header(Location: $adminAddress);
exit();
}
else if ($accesslevel == user){
$_SESSION[userid] = login($_POST);
header(Location: $userAddress);
exit();
}
}
else {
$errorMessage = '$error';
header(Location: $samePage);
exit();
}
?
Any Help would be highly aprriciated.
Thanks a lot
--
Enjoy,
Jim Lucas
Different eyes see different things. Different hearts beat on different
strings. But there are times for you and me when all such things agree.
- Rush
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] mysql_affected_rows inaccurate?
On Thu, February 15, 2007 10:06 am, altendew wrote: Hi a long time ago I stopped using mysql_affected_rows because I believed it was giving me an inaccurate number. Now I was not very knowledged then so it could of been my own fault. Is this function safe and functional? Could it possibly give me the row result of a previous query I did and not the latest? Works for me. It only counts rows that ACTUALLY CHANGED and not the number of rows that fit your WHERE clause. This can be confusing at first, but is quite useful, particularly for marking records dirty when you want to re-publish a record only if it really really changed in a large database - static publishing setup. http://php.net/mysql_affected_rows -- Some people have a gift link here. Know what I want? I want you to buy a CD from some starving artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Deny processing of non included files
On Thu, February 15, 2007 9:44 am, Tim wrote: typing http://sitename/modules/thismodule/admin/index.php, this file will only be processed by the browser if and only if it has been included by http://sitename/admin/index.php One simple way to be sure it's not access directly by the browser is to just MOVE it out of the web tree and set up your include_path to include the new location. Then it can't be surfed to AT ALL, much less executed as PHP code. file directly? Or should i believe it doesn't really matter as in a production environment display_errors is set to off so no error output will be shown... Hmmm. Random bits of code being executed completely out of sequence in ways you've never even imaginged, much less tested. I don't think that's something you want to ignore, personally... 2. what is the assesed security risk if someone access a file directly even if it does not output anything? What does the file contain? exec(rm -rf /); mysql_query($_GET['query']); include $file; Hopefully you have nothing that blatantly wrong in your PHP. Unfortunately, you probably DO have something much more subtle somewhere in your PHP code, for any large project. I'd say the risk is fairly low, but the CONSEQUENCES are immeasurable. Given that it's trivial to move the files and set up include_path, I'd recommend you just fix it. 3. is their a way to check that a file has been included by such and such file or should i develop a hash system where the top page that includes files generates a hash, stores it in the db for the length of the script and in a variable, and have the included file check that the variable from the top file and the hash in the db correspond? You could do all that as well... Or, possibly, simply write robust code that errors out if more normal things are out of whack, like the DB object you expected to be created at the beginning. For that matter, your script should error out gracefully if, in the MIDDLE of your script, the DB process DIES. It's amazing how many PHP scripts don't have even rudimentary checking on their result, and just assume the DB is still there, just because mysql_connect( )succeeded at the beginning. Bad News: The DB could easily go down AFTER mysql_connect() but before you actually do anything useful. Your PHP code should handle that. Security is driving me insane i'm becoming totally psychotic at the possiblity of someone taking over my admin systems... But are you paranoid enough? :-) You are now in a normal state of security-conciousness. Learn to accept it, embrace it even. MUST READ: http://phpsec.org/ -- Some people have a gift link here. Know what I want? I want you to buy a CD from some starving artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Deny processing of non included files
On Thu, February 15, 2007 10:11 am, Jon Anderson wrote: Easy answer: deny access to them. Use your web server to prevent execution of the files. Generally, if you're using Apache, you can just do this: Directory /path/to/modules/ Order Allow,Deny Deny From All /Directory You may also be able to do that from a .htaccess file. It's easy to get bit by this if you move your application over, and forget to include the .htaccess file in your tarball, as: tar -cvf export.tar * does NOT include .htaccess file :-( I've had it happen. I was lucky enough that the whole thing didn't work, as there were other .htaccess settings that made it immediately apparent things were not right. But if all you have in .htaccess is the blockage of the PHP scripts you don't want exposed, you could all too easily mess this up in a server move. There is no real reason for the include files to be in the web tree at all. They are NOT web documents, there should never be a URL that resolves to them, for anybody. Just move them out from the web tree completely, and breathe easier is my advice. -- Some people have a gift link here. Know what I want? I want you to buy a CD from some starving artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Problem with Redirect
[Didn't I see this thread before?...]
On Thu, February 15, 2007 7:39 pm, Ashish Rizal wrote:
Hi friends, I am having problem with following code.
I have actually made the whole code on same page (login.php) and
the functions that i used in
this code are in functions.php. Now this time it is showing the
warning :
Warning: Cannot modify header information - headers already sent
by (output started at C:\Program
Files\xampp\htdocs\fselection\login.php:1) in C:\Program
Files\xampp\htdocs\fselection\login.php on line 19
The line 19 is header(Location: http://$host$uri/$extra;);
Below is the list of code for login.php.
The Server i am using is SunOS 5.10.
?php
session_start();
require_once 'functions.php';
$UserName = $_POST['UserName'];
$Password = $_POST['Password'];
$host = $_SERVER['HTTP_HOST'];
$uri = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');
$extra = 'adminlogin.php';
$loc = \http://$host$uri/$extra\;;
if ($_POST){
$error = login_check($_POST);
if (trim ($error)==)
{
$accesslevel = accessLevel($UserName);
?
?php
//At a minimum, you need to do this here:
session_write_close();
if ($accesslevel == admin){
$_SESSION[userid] = login($_POST);
header(Location: http://$host$uri/$extra;);
exit();
}
else if ($accesslevel == user) {
//echo this is user;
$_SESSION[userid] = login($_POST);
header('Location: userlogin.php');
exit();
}
}
else {
print Error :$error;
}
You could also consider not doing a redirect at all, and just suck in
the appropriate files with 'include' instead of wasting HTTP
connections and bouncing the user like a basketball just to give them
what they want...
PS
exit is not a function and should not have ()
PPS
Blindly cramming all of $_POST into a session variable is a
particularly Bad Idea from a security standpoint, and you need to
study everything on this site before proceeeding:
http://phpsec.org/
--
Some people have a gift link here.
Know what I want?
I want you to buy a CD from some starving artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] array_pop() with key-value pair ???
Hi,
Why isn't there a function that acts like array_pop() returns a pair of
key-value rather than the value only ?
Reason is, that in order to pop the key-value pair, you do:
?php
$arr = array('a'=1,'b'=2,'c'=3,'d'=4);
$arr_keys = array_keys($arr);
$key = array_pop($arr_keys);
$value = $arr[$key];
?
I benchmarked array_keys() function and it is very slow on big arrays
since PHP has to build the array. While array_pop() can be acceleraed by
the guts of PHP engine.
-thanks
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: array_pop() with key-value pair ???
More over.. PHP seems to be quiet slow when dealing with array_shift()
array_unshift(), but it is much faster with array_pop() array_push(). I
am not familiar with the PHP internals, but why not add a pointer to the
start and end of the array?
Good word can be said on PHP that accelerated at least count() function..
Maybe I require too much.. PHP is a rapid development scripting
language.. not a massive optimized programming language.. :-/
Eli wrote:
Hi,
Why isn't there a function that acts like array_pop() returns a pair of
key-value rather than the value only ?
Reason is, that in order to pop the key-value pair, you do:
?php
$arr = array('a'=1,'b'=2,'c'=3,'d'=4);
$arr_keys = array_keys($arr);
$key = array_pop($arr_keys);
$value = $arr[$key];
?
I benchmarked array_keys() function and it is very slow on big arrays
since PHP has to build the array. While array_pop() can be acceleraed by
the guts of PHP engine.
-thanks
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Text Editor for Windows?
[snip] I am finding that notepad is lacking when correcting syntax errors in my php code. No line numbers. What can people recommend for use under Windows? [/snip] Zend Studio :-) ...but it's not for free. Check out the trial version. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
