[PHP] Help with sessions on Log in and Log out
I am having some problem working with my script on session stuffs. Well, i have a login page which authenticates users by using sql script then if login is successful i have PHP Code: $_SESSSION['logged in']=true; and $_SESSION[userid]=$userid and when login is true i have included the page based on the access level of users . Like if it is a regular user i have include "user.php" ; exit() and if admin i have included admin page. Also i have a log out script which unsets the sessions variable and distroy the session at last. Also when admin loggs in to admin page i have a small php script that checks for those session variables and if the are set and "is true" then the pages are displayed. My problem is when admin just comes out to the login page again without log out it allows to login to the main page but in main page if any < a href> link is clicked it goes back to login page. So then i will have to go back and log out first and then log in.. I am not sure why this strange things happens. Also is there any way i can have a feature like when the users click back button it wont allow to go back to that page unless he is using the back button provided by the web interface. I am new at the session stuffs, so i am not sure what i am doing is really a safe way to code a php page. are there any other things that i need to be aware of while using sessions. Any suggestions or thoughts would be highly appreciated. Thanks -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] $_FILES path on client's machine?
Hey all, I get the feeling from not finding an argument for the path on the client's machine for the complete path of a file in $_FILES that it might not be available for security reasons? The reason I am interested in this is to restore the value of a input type='file' field in a form if the user has to return to the form for validation reasons. I'd like to restore the full value so the user does not have to browse the file again. Is there a way to do this? I thought perhaps there might be a $_FILES['image']['path'] value or something. Thanks! -- Skip Evans Big Sky Penguin, LLC 61 W Broadway Butte, Montana 59701 406-782-2240 =-=-=-=-=-=-=-=-=-=-= Check out PHPenguin, a lightweight and versatile PHP/MySQL development framework. http://phpenguin.bigskypenguin.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP Startup: Unable to load dynamic library
Hi, I am running apache-2.2.4 and php5-5.2.1-2 and I am find some php related errors accumulating in /var/log/messages - look below. I've rebuilt php5 and apache2.2.4 and still the same issues. what else could be going on here. also 'apache restart' is fine but 'apache graceful' core dumps. any clues, Noah here they are: Feb 17 17:07:03 typhoon httpd: PHP Warning: PHP Startup: Unable to load dynamic library '/usr/local/lib/php/20060613-debug/ftp.so' - Cannot open "/usr/local/lib/php/20060613-debug/ftp.so" in Unknown on line 0 Feb 17 17:07:03 typhoon httpd: PHP Warning: PHP Startup: Unable to load dynamic library '/usr/local/lib/php/20060613-debug/ldap.so' - Cannot open "/usr/local/lib/php/20060613-debug/ldap.so" in Unknown on line 0 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] LOL, preg_match still not working.
Haha, This reminds me of a story about some IRC chat somewhere where someone was asking how to control a media player thru the command line. It ended up with him executing rm -rf / as root and then complaining that the machine was slow when he executed it, and then he disappeared from the IRC... I wonder why? :) Best regards, Peter Lauri www.dwsasia.com - company web site www.lauri.se - personal web site www.carbonfree.org.uk - become Carbon Free -Original Message- From: Vahan Yerkanian [mailto:[EMAIL PROTECTED] Sent: Saturday, February 17, 2007 7:02 PM To: php-general@lists.php.net Subject: Re: [PHP] LOL, preg_match still not working. Correcting myself before my reply damages someone's box: Vahan Yerkanian wrote: > rm -rf /usr/local/lib/* This indeed should be: rm -rf /usr/local/lib/php/* instead ;) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Catch STDERR
Hi, I am executing exec('some cool command', $stdout, $exitcode); That is fine. I get what I in the beginning wanted. However, now I need to catch the STDERR that the command is generating as well. Some of you might tell me to redirect STDERR to STDOUT, but that is not possible as I need to use the STDOUT as is to automate a process. I know I can do fwrite(STDERR, 'Output some error\n'); So could I fread(STDERR, SOMESIZE)? Is there anyone with experience of best way of doing this? Should I maybe use proc_open or something similar and then write it to a file, and then read that file? Hrm, doesnt make any sense to do that. Best regards, Peter Lauri www.dwsasia.com - company web site www.lauri.se - personal web site www.carbonfree.org.uk - become Carbon Free -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] counting hyperlink clicks in php
Denis L. Menezes wrote: Dear friends. I have a site where I have news headers. I wish to count the clicks on the news headers so that I can see how many times each of the the news has been viewed. This way I can show the "most viewed" news. Can one of you please advise hwo this can be done? add to each news item like &clicked=1 and in the page where you display the news item, checked if clicked exists, if does write it to a file or a db (obviously with the news item id), if your using mysql, the heap table type is quite useful, you will however need to move the info to a more permanent table every x amount of clicks. clive -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] LOL, preg_match still not working.
I am running PHP 4.4.4 on Slackware 10. > -Original Message- > From: Vahan Yerkanian [mailto:[EMAIL PROTECTED] > Sent: February 17, 2007 11:58 AM > To: php-general@lists.php.net > Subject: Re: [PHP] LOL, preg_match still not working. > > Are you running under FreeBSD 6.2 and/or upgraded recently > from 5.2.1 to > 5.2.2? > > I had the same problem on FreeBSD 6.2, with php5 installed from ports > collection after I portupgraded to 5.2.1. > > For me it appeared to be some kind weird misconfiguration > problem that > happened during the portupgrade... > > I had to: > > pkg_delete -rv "php5*" > rm -rf /var/db/ports/php5* > rm -rf /usr/local/lib/* > cd /usr/ports/lang/php5 > make install clean > cd /usr/ports/lang/php5-extensions > make install clean > > A bit harsh, but all of the preg_* errors disappeared since then. > > HTH, > Vahan > > > Steffen Ebermann wrote: > > Addendum: I encountered a problem when the string contains > linebreaks. Maybe > > adding \n\r into the brackets fixes your problem. > > > > > > On Sat, Feb 17, 2007 at 09:27:59AM -0500, Beauford wrote: > >> Hi, > >> > >> I previously had some issues with preg_match and many of > you tried to help, > >> but the same problem still exists. Here it is again, if > anyone can explain > >> to me how to get this to work it would be great - > otherwise I'll just remove > >> it as I just spent way to much time on this. > >> > >> Thanks > >> > >> Here's the code. > >> > >>if(empty($comment)) { $formerror['comment'] = nocomments; > >>} > >>elseif(!preg_match('|[EMAIL PROTECTED]&*();:_. /\t-]+$|', > >> $comment)) { > >>$formerror['comment'] = invalidchars; > >>} > >> > >> This produces an error, which I believe it should not. > >> > >> Testing 12345. This is a test of the emergency broadcast system. > >> > >> WAKE UP!! > >> > >> -- > >> PHP General Mailing List (http://www.php.net/) > >> To unsubscribe, visit: http://www.php.net/unsub.php > >> > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re[2]: [PHP] counting hyperlink clicks in php
Hello Brad, Saturday, February 17, 2007, 4:22:22 PM, you wrote: > Denis L. Menezes wrote: >> Dear friends. >> >> I have a site where I have news headers. I wish to count the clicks on the >> news headers so that I can see how many times each of the the news has been >> viewed. This way I can show the "most viewed" news. >> >> Can one of you please advise hwo this can be done? >> >> Thanks >> Denis >> >> > I think the best way to do this would be to set an onClick (Javascript) > event handler for each of the links, and then use AJAX style stuff to > send the information to PHP on the server side, then PHP can log the > link that was clicked, and keep track of the most clicked links. > -B Another way to do this is to take the user to a page that would identify the clicked link (by ID, for example), store the visits data to a database or a text file and then redirect to the corresponding news. So, such link might look like this: http://www.news.com/redirect.php?news_id=150";>read news Hope this helps. Ed -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] LOL, preg_match still not working.
It's 6.2 but PHP 4.4.4. Basically, I'm not getting any error. The expression just don't match. I don't know if it should or not. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: LOL, preg_match still not working.
Beauford wrote: > Hi, > > I previously had some issues with preg_match and many of you tried to help, > but the same problem still exists. Here it is again, if anyone can explain > to me how to get this to work it would be great - otherwise I'll just remove > it as I just spent way to much time on this. > > Thanks > > Here's the code. > > if(empty($comment)) { $formerror['comment'] = nocomments; > } > elseif(!preg_match('|[EMAIL PROTECTED]&*();:_. /\t-]+$|', > $comment)) { > $formerror['comment'] = invalidchars; > } > > This produces an error, which I believe it should not. > > Testing 12345. This is a test of the emergency broadcast system. > > WAKE UP!! Hi, Your sample text contains newlines. If you wish to allow newlines, instead of " \t" you should use the whitespace selector "\s" Try that code sample, and you'll see that it says "ok" What exactly are you trying to accomplish with this preg_match()? What exactly are you trying to filter out? I understand you want to eliminate "invalid characters" but why are they invalid? I ask because there may be a simpler way to solve the problem, if you can explain what the problem is. Thanks, Greg -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] LOL, preg_match still not working.
Correcting myself before my reply damages someone's box: Vahan Yerkanian wrote: rm -rf /usr/local/lib/* This indeed should be: rm -rf /usr/local/lib/php/* instead ;) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] LOL, preg_match still not working.
Are you running under FreeBSD 6.2 and/or upgraded recently from 5.2.1 to 5.2.2? I had the same problem on FreeBSD 6.2, with php5 installed from ports collection after I portupgraded to 5.2.1. For me it appeared to be some kind weird misconfiguration problem that happened during the portupgrade... I had to: pkg_delete -rv "php5*" rm -rf /var/db/ports/php5* rm -rf /usr/local/lib/* cd /usr/ports/lang/php5 make install clean cd /usr/ports/lang/php5-extensions make install clean A bit harsh, but all of the preg_* errors disappeared since then. HTH, Vahan Steffen Ebermann wrote: Addendum: I encountered a problem when the string contains linebreaks. Maybe adding \n\r into the brackets fixes your problem. On Sat, Feb 17, 2007 at 09:27:59AM -0500, Beauford wrote: Hi, I previously had some issues with preg_match and many of you tried to help, but the same problem still exists. Here it is again, if anyone can explain to me how to get this to work it would be great - otherwise I'll just remove it as I just spent way to much time on this. Thanks Here's the code. if(empty($comment)) { $formerror['comment'] = nocomments; } elseif(!preg_match('|[EMAIL PROTECTED]&*();:_. /\t-]+$|', $comment)) { $formerror['comment'] = invalidchars; } This produces an error, which I believe it should not. Testing 12345. This is a test of the emergency broadcast system. WAKE UP!! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] LOL, preg_match still not working.
Addendum: I encountered a problem when the string contains linebreaks. Maybe adding \n\r into the brackets fixes your problem. On Sat, Feb 17, 2007 at 09:27:59AM -0500, Beauford wrote: > Hi, > > I previously had some issues with preg_match and many of you tried to help, > but the same problem still exists. Here it is again, if anyone can explain > to me how to get this to work it would be great - otherwise I'll just remove > it as I just spent way to much time on this. > > Thanks > > Here's the code. > > if(empty($comment)) { $formerror['comment'] = nocomments; > } > elseif(!preg_match('|[EMAIL PROTECTED]&*();:_. /\t-]+$|', > $comment)) { > $formerror['comment'] = invalidchars; > } > > This produces an error, which I believe it should not. > > Testing 12345. This is a test of the emergency broadcast system. > > WAKE UP!! > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] LOL, preg_match still not working.
As far as I tested, the regular expression works how it is intended to work. Maybe this a touch easier to read line do it for you: elseif (preg_match('|[EMAIL PROTECTED]&*();:_. /\t-]|', $comment)) On Sat, Feb 17, 2007 at 09:27:59AM -0500, Beauford wrote: > Hi, > > I previously had some issues with preg_match and many of you tried to help, > but the same problem still exists. Here it is again, if anyone can explain > to me how to get this to work it would be great - otherwise I'll just remove > it as I just spent way to much time on this. > > Thanks > > Here's the code. > > if(empty($comment)) { $formerror['comment'] = nocomments; > } > elseif(!preg_match('|[EMAIL PROTECTED]&*();:_. /\t-]+$|', > $comment)) { > $formerror['comment'] = invalidchars; > } > > This produces an error, which I believe it should not. > > Testing 12345. This is a test of the emergency broadcast system. > > WAKE UP!! > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] LOL, preg_match still not working.
I've been over this a thousand times with various users on this list and escaping this and escaping that just doesn't matter. The error is that it thinks valid characters are invalid. In the case of the example I included, the ! and the period are invalid, which they should not be. The nocomments and invalidchars are constants. Thanks > -Original Message- > From: Ray Hauge [mailto:[EMAIL PROTECTED] > Sent: February 17, 2007 9:45 AM > To: Beauford > Cc: PHP > Subject: Re: [PHP] LOL, preg_match still not working. > > Maybe you just copied it wrong, but nocomments and > invalidchars are not > quoted, or they're constants. > > I don't think you have to, but you might need to escape some of the > characters (namely * and .) in your regex. It's been a while, so I'd > have to look it up. > > What's the error you are getting? > > Ray Hauge > Primate Applications > > > Beauford wrote: > > Hi, > > > > I previously had some issues with preg_match and many of > you tried to help, > > but the same problem still exists. Here it is again, if > anyone can explain > > to me how to get this to work it would be great - otherwise > I'll just remove > > it as I just spent way to much time on this. > > > > Thanks > > > > Here's the code. > > > > if(empty($comment)) { $formerror['comment'] = nocomments; > > } > > elseif(!preg_match('|[EMAIL PROTECTED]&*();:_. /\t-]+$|', > > $comment)) { > > $formerror['comment'] = invalidchars; > > } > > > > This produces an error, which I believe it should not. > > > > Testing 12345. This is a test of the emergency broadcast system. > > > > WAKE UP!! > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Quick organizational question...
Thanks very much Pete! Sound advice! Peter Lauri wrote: Hi, No matter the size of a project using includes and config files are always a good way to go. -- Mike Shanley ~you are almost there~ "A new eye opens on March 5." -Omniversalism.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] LOL, preg_match still not working.
Maybe you just copied it wrong, but nocomments and invalidchars are not quoted, or they're constants. I don't think you have to, but you might need to escape some of the characters (namely * and .) in your regex. It's been a while, so I'd have to look it up. What's the error you are getting? Ray Hauge Primate Applications Beauford wrote: Hi, I previously had some issues with preg_match and many of you tried to help, but the same problem still exists. Here it is again, if anyone can explain to me how to get this to work it would be great - otherwise I'll just remove it as I just spent way to much time on this. Thanks Here's the code. if(empty($comment)) { $formerror['comment'] = nocomments; } elseif(!preg_match('|[EMAIL PROTECTED]&*();:_. /\t-]+$|', $comment)) { $formerror['comment'] = invalidchars; } This produces an error, which I believe it should not. Testing 12345. This is a test of the emergency broadcast system. WAKE UP!! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] LOL, preg_match still not working.
Hi, I previously had some issues with preg_match and many of you tried to help, but the same problem still exists. Here it is again, if anyone can explain to me how to get this to work it would be great - otherwise I'll just remove it as I just spent way to much time on this. Thanks Here's the code. if(empty($comment)) { $formerror['comment'] = nocomments; } elseif(!preg_match('|[EMAIL PROTECTED]&*();:_. /\t-]+$|', $comment)) { $formerror['comment'] = invalidchars; } This produces an error, which I believe it should not. Testing 12345. This is a test of the emergency broadcast system. WAKE UP!! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] counting hyperlink clicks in php
Denis L. Menezes wrote: Dear friends. I have a site where I have news headers. I wish to count the clicks on the news headers so that I can see how many times each of the the news has been viewed. This way I can show the "most viewed" news. Can one of you please advise hwo this can be done? Thanks Denis I think the best way to do this would be to set an onClick (Javascript) event handler for each of the links, and then use AJAX style stuff to send the information to PHP on the server side, then PHP can log the link that was clicked, and keep track of the most clicked links. -B -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] counting hyperlink clicks in php
Dear friends. I have a site where I have news headers. I wish to count the clicks on the news headers so that I can see how many times each of the the news has been viewed. This way I can show the "most viewed" news. Can one of you please advise hwo this can be done? Thanks Denis -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Securing user table with sha function
Hello, Now moving on into other aspects of security :P I was thinking of a way to secure my login inputs the best way possible. Seeing how many different types of injection attacks their is and while observing different authentication systems I often notice the sha() function being used for passwords, which of course is the minimum requirements to saving passwords but.. Why manipulate this information in clear text wether it be email or username or pass fields, such as when you use sessions/cookies, or any other method of passing authentication information from page to page (an sha hash is x times less "geussable" then any other human term)... AND how to secure for injection attacks? Now this is where i thought hey, on every login page there is a user and pass input field and thus this is the only place one could "peak" into my user table, and I don't want someone injecting through their as the user table (three fields seperate from profile, username, email, pass) is the key to entry to the site.. SO, why not just encrypt all three fields? And store "copies" of email and username (not pass :P) in another database unecrypted or with a salt for further recovery.. This would ensure that ANY information entered into the user and passowrd will be run through sha() thus creating a 40 char length hash and covering any (?) injection possiblity through a forged input in one of those fields via my "select" routine.. Just wondering what other security conscious people think of this "plan" even though it may slow down logins a tad but the tight security in my opinion justifies this.. Does anyone see an ugly flaw in this scheme? Does it look viable? Thanks for any input, Regards, Tim -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php