php-general Digest 17 Aug 2007 08:42:05 -0000 Issue 4966
php-general Digest 17 Aug 2007 08:42:05 - Issue 4966 Topics (messages 260936 through 260943): Re: maintaining session information 260936 by: Vic Agnews 260937 by: Chris 260941 by: Vic Agnews Which CAPTCHA is the besta? 260938 by: Tony Di Croce 260940 by: Hamza Saglam Re: adding Back to Search results link 260939 by: Tom Rogers Re: Is it possible to disable eval()? 260942 by: hshh Re: php 5 and ms sql server express won't play nice ! 260943 by: Gregory Machin Administrivia: To subscribe to the digest, e-mail: [EMAIL PROTECTED] To unsubscribe from the digest, e-mail: [EMAIL PROTECTED] To post to the list, e-mail: [EMAIL PROTECTED] -- ---BeginMessage--- Thanks for the suggestions guys I appreciate the help! I guess I'll look into creating a custom session handler. Any good references? How my current setup works is, there's session information for sub-domain1.domain.com stored in a cookie and I want sub-domain2.domain.com(which currently does not have authentication/sessions) to be able to read that cookie and find out who the user is. I read somewhere that you could do this either by using an apache module or .htaccess files or configuring php.ini ... - Vic On 8/16/07, Chris [EMAIL PROTECTED] wrote: Vic Agnews wrote: is there a way we can maintain session information across two sub-domains (on two different servers though) ... kinda like how google does it? Might have to use a 3rd party cookie possibly a custom session handler. A cookie created on 'domain.com' cannot be read by any subdomains (including 'www.domain.com'). A 3rd party cookie (on 'www.domain2.com') can be used in both cases and it's independent so shouldn't have a problem being read. -- Postgresql php tutorials http://www.designmagick.com/ ---End Message--- ---BeginMessage--- Vic Agnews wrote: Thanks for the suggestions guys I appreciate the help! I guess I'll look into creating a custom session handler. Any good references? http://php.net/session_set_save_handler shows an example. How my current setup works is, there's session information for sub-domain1.domain.com http://sub-domain1.domain.com stored in a cookie and I want sub-domain2.domain.com http://sub-domain2.domain.com (which currently does not have authentication/sessions) to be able to read that cookie and find out who the user is. I read somewhere that you could do this either by using an apache module or .htaccess files or configuring php.ini ... AFAIK that's completely wrong. Your browser holds the cookie and it works out the security of which domain can read which cookie. -- Postgresql php tutorials http://www.designmagick.com/ ---End Message--- ---BeginMessage--- Thanks again for the reply ... i will look into session_set_save_handler. I also did some research on SSO and OpenID (phpMyID) ... sounds like an interesting concept! - Vic On 8/16/07, Chris [EMAIL PROTECTED] wrote: Vic Agnews wrote: Thanks for the suggestions guys I appreciate the help! I guess I'll look into creating a custom session handler. Any good references? http://php.net/session_set_save_handler shows an example. How my current setup works is, there's session information for sub-domain1.domain.com http://sub-domain1.domain.com stored in a cookie and I want sub-domain2.domain.com http://sub-domain2.domain.com (which currently does not have authentication/sessions) to be able to read that cookie and find out who the user is. I read somewhere that you could do this either by using an apache module or .htaccess files or configuring php.ini ... AFAIK that's completely wrong. Your browser holds the cookie and it works out the security of which domain can read which cookie. -- Postgresql php tutorials http://www.designmagick.com/ ---End Message--- ---BeginMessage--- I need a CAPTCHA script Which one is the best? (I dont mind if its somewhat difficult). ---End Message--- ---BeginMessage--- Not a script you can install/hack but why don't you have a look at: http://recaptcha.net/ ? Regards, Hamza. Tony Di Croce [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I need a CAPTCHA script Which one is the best? (I dont mind if its somewhat difficult). ---End Message--- ---BeginMessage--- Hi, Thursday, August 16, 2007, 6:44:46 AM, you wrote: D Jim and Brad. D Thanks for the feedback. I was thinking it was something simple like a back D button. But the problem that arises when I use this method is on Form 3. D If I go through the steps, and make a change to an item on Form 3. Then use D the a href=javascript:history.go(-2);Return to search D results/a.everything works fine. D But if I dont make any changes to Form 3. then this takes me all the way D back to the search page. D People in my group use this form to update database
Re: [PHP] Is it possible to disable eval()?
Thank you. It is already enough for me. It works. On 8/16/07, Steffen Ebermann [EMAIL PROTECTED] wrote: On Thu, Aug 16, 2007 at 09:50:30PM +0800, hshh wrote: I try to disable eval() function in php script, but failed. In php.ini disable_functions=eval is not work, but other functions. So, is it possible to disable eval()? Thanks. It don't work because eval() isn't a function. The Suhosin protection system would let you do so. If an option: http://www.hardened-php.net/suhosin/configuration.html#suhosin.executor.disable_eval -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php 5 and ms sql server express won't play nice !
with the suggested config i get the following Warning: mssql_connect() [function.mssql-connect]: Unable to connect to server: (local)\SQLEXPRESS in C:\wamp\www\test\test.php on line 8 Couldn't connect to SQL Server on (local)\SQLEXPRESS this is my connection script ?php $myServer = (local)\SQLEXPRESS; $myUser = sa; $myPass = [EMAIL PROTECTED]; $myDB = WEBCOLTECH; //connection to the database $dbhandle = mssql_connect($myServer, $myUser, $myPass) or die(Couldn't connect to SQL Server on $myServer); On 8/16/07, Kirk Friggstad [EMAIL PROTECTED] wrote: SQL Server Express defaults to installing as a named instance - assuming that you're running Apache/PHP on the same machine as SQL Server Express, I believe you'll want to use (local)\SQLEXPRESS as the host to connect to. If it's on a different machine, you'll want to use MACHINENAME\SQLEXPRESS (replace MACHINENAME with the actual name of the computer SQL Express is running on). DISCLAIMER: I haven't actually tried using SQL Server with PHP, so I can't guarantee this will work. However, I have spent a lot of time working with SQL Server and ASP in a previous life, so I'd like to think that I have half a clue when it comes to connecting to it. :-) Hope this helps. Kirk On 8/16/07, Gregory Machin [EMAIL PROTECTED] wrote: Hi I have tried most of the configuration options in the php manual / examples http://www.php.net/function.mssql-connect and I just can't get it to connect I'm running WAMP5 and have enables php_mssql.dll extentions etc .. sql server 2005 express has both named pipes and tcp/ip conections enabled, both are installed on the same machine (xp pro)... this it the error I keep getting Warning: mssql_connect() [function.mssql-connect]: Unable to connect to server: SQLEXPRESS in C:\wamp\www\test\test.php on line 8 Couldn't connect to SQL Server on SQLEXPRESS Many Thanks in advance -- Gregory Machin [EMAIL PROTECTED] www.linuxpro.co.za -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- _ Kirk Friggstad, Daft Viking Consulting email / msn / gtalk: [EMAIL PROTECTED] aim / skype: daftviking mobile / SMS: 306-867-0010 -- Gregory Machin [EMAIL PROTECTED] www.linuxpro.co.za -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php 5 and ms sql server express won't play nice !
On 8/16/07, Gregory Machin [EMAIL PROTECTED] wrote: Hi I have tried most of the configuration options in the php manual / examples http://www.php.net/function.mssql-connect and I just can't get it to connect I'm running WAMP5 and have enables php_mssql.dll extentions etc .. sql server 2005 express has both named pipes and tcp/ip conections enabled, both are installed on the same machine (xp pro)... this it the error I keep getting Warning: mssql_connect() [function.mssql-connect]: Unable to connect to server: SQLEXPRESS in C:\wamp\www\test\test.php on line 8 Couldn't connect to SQL Server on SQLEXPRESS Many Thanks in advance -- Gregory Machin [EMAIL PROTECTED] www.linuxpro.co.za If you take a look at the comments at the manual page for mssql_connect [1], you see that a lot of people have reported problems with, but there are also some solutions. I don't know if they work, because I never had any MS SQL server (MySQL rocks ;-)), but the second comment seems helpful. Tijnema [1] http://www.php.net/manual/en/function.mssql-connect.php -- If this is a mailing list: DO NOT TOP POST! why?: http://www.caliburn.nl/topposting.html Vote for PHP Color Coding in Gmail! - http://gpcc.tijnema.info -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] a DOM object in $_SESSION ?
Does anyone know if this works? I've been trying out a few things, and it doesn't seem to work. I.e. the object is there, but the contents aren't. thanks Per Jessen -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] a DOM object in $_SESSION ?
Does anyone know if this works? I've been trying out a few things, and it doesn't seem to work. I.e. the object is there, but the contents aren't. I don't think it is possible due to the way PHP handles the XML data [1]. This is from 2002 / PHP 4.3 but a comment [2] in the PHP manual for SimpleXML seems to suggest it is still the case. You could probably get around it by using a string representation in the session variable. [1] http://bugs.php.net/bug.php?id=20899edit=1 [2] http://uk2.php.net/manual/en/ref.simplexml.php#74192 Edward -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: a DOM object in $_SESSION ?
Per Jessen wrote: Does anyone know if this works? I've been trying out a few things, and it doesn't seem to work. I.e. the object is there, but the contents aren't. I think it wont directly but it should be solvable by creating an class which extends DomDocument but also implements __sleep/__wakeup calls to serialise itself correctly. This may add significant overhead and in practice you may be better just storing the XML itself in the session and create a DomDocument object only when you need it. YMMV. Col -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] a DOM object in $_SESSION ?
Edward Kay wrote: Does anyone know if this works? I've been trying out a few things, and it doesn't seem to work. I.e. the object is there, but the contents aren't. I don't think it is possible due to the way PHP handles the XML data [1]. This is from 2002 / PHP 4.3 but a comment [2] in the PHP manual for SimpleXML seems to suggest it is still the case. You could probably get around it by using a string representation in the session variable. [1] http://bugs.php.net/bug.php?id=20899edit=1 Thanks Edward - [1] makes perfect sense. I think I'll just store on it disk instead and reload when necessary. /Per -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Re: a DOM object in $_SESSION ?
Colin Guthrie wrote: Per Jessen wrote: Does anyone know if this works? I've been trying out a few things, and it doesn't seem to work. I.e. the object is there, but the contents aren't. I think it wont directly but it should be solvable by creating an class which extends DomDocument but also implements __sleep/__wakeup calls to serialise itself correctly. This may add significant overhead and in practice you may be better just storing the XML itself in the session and create a DomDocument object only when you need it. Hi Colin Someone else just suggested the same - I think I might just store the XML itself. /Per -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] isset($a-b) even if $a-b = null
how do i test if a property of a stdclass object is set, even if its value is null, similar to how array_key_exists() works for arrays. the following method fails: $a-b = null; if(isset($a-b)) echo yes; and property_exists() seems only to work for defined objects. hope someone can help. thanks! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] isset($a-b) even if $a-b = null
Olav Mørkrid schreef: how do i test if a property of a stdclass object is set, even if its value is null, similar to how array_key_exists() works for arrays. the following method fails: $a-b = null; if(isset($a-b)) echo yes; and property_exists() seems only to work for defined objects. hope someone can help. thanks! if (isset($a - b) $a - b != null) { echo yes; } -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: isset($a-b) even if $a-b = null
Olav Mørkrid wrote: how do i test if a property of a stdclass object is set, even if its value is null, similar to how array_key_exists() works for arrays. the following method fails: $a-b = null; if(isset($a-b)) echo yes; and property_exists() seems only to work for defined objects. hope someone can help. thanks! You can try: unset($a-b) Or change isset() to empty(). empty() catches more than isset() e.g. '' (empty string), false, 0 etc. are considered empty. Depending on your logic it can still be very useful. It is a language construct rather than a function so it's also efficient. Col -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] isset($a-b) even if $a-b = null
On 8/17/07, Olav Mørkrid [EMAIL PROTECTED] wrote: how do i test if a property of a stdclass object is set, even if its value is null, similar to how array_key_exists() works for arrays. the following method fails: $a-b = null; if(isset($a-b)) echo yes; and property_exists() seems only to work for defined objects. hope someone can help. thanks! Seems your asking for something similar to perl's exists() function.. Best I can come up with is... $a-b = null; if (is_null($a-b) || isset($a-b)) { print yes; } -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: isset($a-b) even if $a-b = null
the solution has been found. array_key_exists() can actually be used on objects, and yields the correct result. http://no.php.net/array_key_exists thanks to dordea cosmin for pointing this out. On 17/08/07, Olav Mørkrid [EMAIL PROTECTED] wrote: the test i need should give the following results: - FALSE when $a-b does not exist at all - TRUE when $a-b = null - TRUE when $a-b = any value empty() gives true for both $a-b = null and not setting any value, so that's no good. borokovs suggestion seems to miss the purpose. anyone else? On 17/08/07, Colin Guthrie [EMAIL PROTECTED] wrote: Olav Mørkrid wrote: how do i test if a property of a stdclass object is set, even if its value is null, similar to how array_key_exists() works for arrays. the following method fails: $a-b = null; if(isset($a-b)) echo yes; and property_exists() seems only to work for defined objects. hope someone can help. thanks! You can try: unset($a-b) Or change isset() to empty(). empty() catches more than isset() e.g. '' (empty string), false, 0 etc. are considered empty. Depending on your logic it can still be very useful. It is a language construct rather than a function so it's also efficient. Col -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: isset($a-b) even if $a-b = null
Found something. For class variables.. http://us.php.net/manual/en/function.property-exists.php class a { var $b; } if (property_exists('a','b')) { print yes\n; } On 8/17/07, Olav Mørkrid [EMAIL PROTECTED] wrote: the test i need should give the following results: - FALSE when $a-b does not exist at all - TRUE when $a-b = null - TRUE when $a-b = any value empty() gives true for both $a-b = null and not setting any value, so that's no good. borokovs suggestion seems to miss the purpose. anyone else? On 17/08/07, Colin Guthrie [EMAIL PROTECTED] wrote: Olav Mørkrid wrote: how do i test if a property of a stdclass object is set, even if its value is null, similar to how array_key_exists() works for arrays. the following method fails: $a-b = null; if(isset($a-b)) echo yes; and property_exists() seems only to work for defined objects. hope someone can help. thanks! You can try: unset($a-b) Or change isset() to empty(). empty() catches more than isset() e.g. '' (empty string), false, 0 etc. are considered empty. Depending on your logic it can still be very useful. It is a language construct rather than a function so it's also efficient. Col -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: isset($a-b) even if $a-b = null
yes, but that assumes you have a defined class. if $a comes from mysql_fetch_object() for instance you have just a stdobject, and this method will produce an error. On 17/08/07, Michael Preslar [EMAIL PROTECTED] wrote: Found something. For class variables.. http://us.php.net/manual/en/function.property-exists.php class a { var $b; } if (property_exists('a','b')) { print yes\n; } On 8/17/07, Olav Mørkrid [EMAIL PROTECTED] wrote: the test i need should give the following results: - FALSE when $a-b does not exist at all - TRUE when $a-b = null - TRUE when $a-b = any value empty() gives true for both $a-b = null and not setting any value, so that's no good. borokovs suggestion seems to miss the purpose. anyone else? On 17/08/07, Colin Guthrie [EMAIL PROTECTED] wrote: Olav Mørkrid wrote: how do i test if a property of a stdclass object is set, even if its value is null, similar to how array_key_exists() works for arrays. the following method fails: $a-b = null; if(isset($a-b)) echo yes; and property_exists() seems only to work for defined objects. hope someone can help. thanks! You can try: unset($a-b) Or change isset() to empty(). empty() catches more than isset() e.g. '' (empty string), false, 0 etc. are considered empty. Depending on your logic it can still be very useful. It is a language construct rather than a function so it's also efficient. Col -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Which CAPTCHA is the besta?
Here's a simple one you can hack to fit your needs. This a file for generating the captcha image. ?php /** * Makes graphical image of supplied number argument */ session_start(); $num_str= $_SESSION['scode_show']; if(isset($_GET['scode'])) $num_str= $_GET['scode']; header (Content-type: image/jpeg); // $width = 60; //Box size, adjust as required // $height = 34; // $font= 'gogobig.gdf'; //pick one $font= 'addlg10.gdf'; // $font= 'automatic.gdf'; // $font= 5; //default $font = imageloadfont($font); $height= imagefontheight($font) + 6; $width= imagefontwidth($font)*strlen($num_str)+6; $src = @imagecreate($width, $height) or die(Cannot Initialize new GD image stream); $background_color = imagecolorallocate($src, 200, 200, 200); $text_color = imagecolorallocate($src, 20, 20, 255); imagestring($src, $font, 3, 3, $num_str, $text_color); imagejpeg($src); imagedestroy($src); ? This is the code snippet for your client page: /** * This is a typical use of the catcha code * * */ // Security Code ***/ $sid= session_id(); //See if session handler exists if(empty($sid)) session_start(); //This also places a session cookie, if enabled by client's browser $scode= rand(100, 999); //pick the range as you like. 100 to 999 is probably sufficent $_SESSION['scode']; $prev_scode= $_SESSION['scode_show']; //This is the scode the user saw previously and was to enter $_SESSION['scode_show']= $scode; //Set an new scode; this is used by make_scode_img.php for the label graphic generation $scode_passed= (isset($_SESSION['scode_passed']))? TRUE:FALSE; //print_r($_SESSION); if(!$scode_passed isset($_POST['scode']) $_POST['scode']== $prev_scode) $scode_passed= TRUE; //If not set, see if passed $scode_txt= NULL; //So can be used without a if() test if(!$scode_passed){ $len= strlen($scode)+2; $scode_txt .= txt form enctype=multipart/form-data action={$_SESSION['PHP_SELF']} name=interview method=post pTo prevent SPAM, we need you to enter this security number in the box on the right and key Submit. img style=margin-right:2em; border:blue 2px solid src=make_scode_img.php alt=missing img file input style=margin-right:2em; font-size:10pt type=text maxlength= $len size=$len name=scode, value= input style=font-size:11pt type=submit name=scode_submit value=Submit /p /form /body /html txt; } /** * Note, put this code in the html where you want the log-in to be rendered. Notice, it has an exit; You don't need the if() you don't * need the exit. $code_txt is NULL unless the $scode_passed is TRUE. * ?php * if(!$scode_passed) { * echo p$scode_txt/p\n\n; * exit; //This ends the page * } * ? */ if($scode_passed){ Tony Di Croce wrote: I need a CAPTCHA script Which one is the best? (I dont mind if its somewhat difficult). -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: isset($a-b) even if $a-b = null
the test i need should give the following results: - FALSE when $a-b does not exist at all - TRUE when $a-b = null - TRUE when $a-b = any value empty() gives true for both $a-b = null and not setting any value, so that's no good. borokovs suggestion seems to miss the purpose. anyone else? On 17/08/07, Colin Guthrie [EMAIL PROTECTED] wrote: Olav Mørkrid wrote: how do i test if a property of a stdclass object is set, even if its value is null, similar to how array_key_exists() works for arrays. the following method fails: $a-b = null; if(isset($a-b)) echo yes; and property_exists() seems only to work for defined objects. hope someone can help. thanks! You can try: unset($a-b) Or change isset() to empty(). empty() catches more than isset() e.g. '' (empty string), false, 0 etc. are considered empty. Depending on your logic it can still be very useful. It is a language construct rather than a function so it's also efficient. Col -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: isset($a-b) even if $a-b = null
Maybe if you tell us exactly what you wish to achieve. Class variables that are not created at object creation is bad design. Olav Mørkrid schreef: yes, but that assumes you have a defined class. if $a comes from mysql_fetch_object() for instance you have just a stdobject, and this method will produce an error. On 17/08/07, Michael Preslar [EMAIL PROTECTED] wrote: Found something. For class variables.. http://us.php.net/manual/en/function.property-exists.php class a { var $b; } if (property_exists('a','b')) { print yes\n; } On 8/17/07, Olav Mørkrid [EMAIL PROTECTED] wrote: the test i need should give the following results: - FALSE when $a-b does not exist at all - TRUE when $a-b = null - TRUE when $a-b = any value empty() gives true for both $a-b = null and not setting any value, so that's no good. borokovs suggestion seems to miss the purpose. anyone else? On 17/08/07, Colin Guthrie [EMAIL PROTECTED] wrote: Olav Mørkrid wrote: how do i test if a property of a stdclass object is set, even if its value is null, similar to how array_key_exists() works for arrays. the following method fails: $a-b = null; if(isset($a-b)) echo yes; and property_exists() seems only to work for defined objects. hope someone can help. thanks! You can try: unset($a-b) Or change isset() to empty(). empty() catches more than isset() e.g. '' (empty string), false, 0 etc. are considered empty. Depending on your logic it can still be very useful. It is a language construct rather than a function so it's also efficient. Col -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] apache/php with sybase12.5
Hi, I am integrating httpd-2.0.59 with php-5.2.1 and Sybase 12.5 on a solaris 8 machine. I followed these steps: Install apache: ./configure --prefix=/usr/local/apache2 --enable-so make make install PHP configuration: I edited this file php-5.2.1/ext/sybase_ct/ php_sybase_ct.h and changed this line: #define CTLIB_VERSION CS_VERSION_100 ...to... #define CTLIB_VERSION CS_VERSION_125 Then: ./configure --with-apx2=/usr/local/apache2/bin/apxs --with-sybase-ct=/opt/sybase/oc12.5-EBF11486/OCS-12_5/ --enable-bcmath --enable-calendar --enable-ctype --enable-exif --enable-ftp --enable-trans-sid --enable-shmop --enable-sockets --enable-sysvsem --enable-sysvshm --enable-wddx make make install then added these 2 lines in httpd.conf: AddType application/x-httpd-php .php .phtml AddType application/x-httpd-php-source .phps When I access test.php, I am asked to download the file - meaning php is not working well. I also don't see libphp5.so under modules/ directory. test.php is locate under htdocs/ and has this content: ?phpinfo()? Could you please point to me why libphp5.so was not generated? Also why php is not working well with apache and sybase? *** This e-mail contains information for the intended recipient only. It may contain proprietary material or confidential information. If you are not the intended recipient you are not authorised to distribute, copy or use this e-mail or any attachment to it. Murex cannot guarantee that it is virus free and accepts no responsibility for any loss or damage arising from its use. If you have received this e-mail in error please notify immediately the sender and delete the original email received, any attachments and all copies from your system. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: STDIN Stream Query
Per Jessen wrote: Jason Freeman wrote: Hi All I am having a problem getting stream_set_blocking to work the way I expect on STDIN. Please could someone tell me why while blocking is set to false fread does not get anything. When a file descriptor (stdin) is non-blocking, any read() will not block and wait for data to become available, but will return right away with or without data. Set the fd to blocking to wait for data. /Per Jessen This is true which is why I put fread() into a loop. If you look at the output you will see that data is available even before the first iteration. PHP only seems to recognize this though when the enter key is pressed. If I press the enter key while blocking is off then it finds the data. Is there any way to get the PHP to recognize that data is available without pressing the enter key?
Re: [PHP] apache/php with sybase12.5
On Fri, 17 Aug 2007 16:00:35 +0300, ROUKOS Michel [EMAIL PROTECTED] wrote: Hi, I am integrating httpd-2.0.59 with php-5.2.1 and Sybase 12.5 on a solaris 8 machine. I followed these steps: Install apache: ./configure --prefix=/usr/local/apache2 --enable-so make make install PHP configuration: I edited this file php-5.2.1/ext/sybase_ct/ php_sybase_ct.h and changed this line: #define CTLIB_VERSION CS_VERSION_100 ...to... #define CTLIB_VERSION CS_VERSION_125 Then: ./configure --with-apx2=/usr/local/apache2/bin/apxs --with-sybase-ct=/opt/sybase/oc12.5-EBF11486/OCS-12_5/ --enable-bcmath --enable-calendar --enable-ctype --enable-exif --enable-ftp --enable-trans-sid --enable-shmop --enable-sockets --enable-sysvsem --enable-sysvshm --enable-wddx make make install then added these 2 lines in httpd.conf: AddType application/x-httpd-php .php .phtml AddType application/x-httpd-php-source .phps When I access test.php, I am asked to download the file - meaning php is not working well. I also don't see libphp5.so under modules/ directory. test.php is locate under htdocs/ and has this content: ?phpinfo()? Could you please point to me why libphp5.so was not generated? Also why php is not working well with apache and sybase? *** This e-mail contains information for the intended recipient only. It may contain proprietary material or confidential information. If you are not the intended recipient you are not authorised to distribute, copy or use this e-mail or any attachment to it. Murex cannot guarantee that it is virus free and accepts no responsibility for any loss or damage arising from its use. If you have received this e-mail in error please notify immediately the sender and delete the original email received, any attachments and all copies from your system. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Did you also place the following line in the apache config? LoadModule php5_module modules/libphp5.so If you sure there were no configure or compile errors when building PHP try and locate libphp5.so on the server. And copy it to the module dir. find / -name libphp5.so -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php 5 and ms sql server express won't play nice !
On 8/17/07, Gregory Machin [EMAIL PROTECTED] wrote: with the suggested config i get the following Warning: mssql_connect() [function.mssql-connect]: Unable to connect to server: (local)\SQLEXPRESS in C:\wamp\www\test\test.php on line 8 Couldn't connect to SQL Server on (local)\SQLEXPRESS That's about all I had for bright ideas on this one, sorry - like I said, I haven't actually used PHP with MSSQL myself. The link Tijnema posted looks promising, though. Best of luck to you. Kirk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] apache/php with sybase12.5
Hi, If I place the following line in httpd.conf LoadModule php5_module modules/libphp5.so I receive this error: Syntax error on line 232 of /usr/local/apache2/conf/httpd.conf: Cannot load /usr/local/apache2/modules/libphp5.so into server: ld.so.1: /usr/local/apache2/bin/httpd: fatal: /usr/local/apache2/modules/libphp5.so: open failed: No such file or directory During the configure, make and make install steps, I received no errors. find / -name libphp5.so returned nothing. I did the same steps with mysql, and the libphp5.so was created. Also please note that the sybase servers are remote. I have only the client directory on that server (/opt/sybase) Thanks. *** This e-mail contains information for the intended recipient only. It may contain proprietary material or confidential information. If you are not the intended recipient you are not authorised to distribute, copy or use this e-mail or any attachment to it. Murex cannot guarantee that it is virus free and accepts no responsibility for any loss or damage arising from its use. If you have received this e-mail in error please notify immediately the sender and delete the original email received, any attachments and all copies from your system. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: STDIN Stream Query
Jason Freeman wrote: Per Jessen wrote: When a file descriptor (stdin) is non-blocking, any read() will not block and wait for data to become available, but will return right away with or without data. Set the fd to blocking to wait for data. This is true which is why I put fread() into a loop. If you look at the output you will see that data is available even before the first iteration. PHP only seems to recognize this though when the enter key is pressed. If I press the enter key while blocking is off then it finds the data. Is there any way to get the PHP to recognize that data is available without pressing the enter key? So you want to read from stdin byte for byte? If so, I suspect your problem is in the normal stream buffering. I don't know if terminal IO is really feasible with PHP. Maybe you should check out the ncurses interface? /Per Jessen -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: XML editors
16 aug 2007 kl. 13.12 skrev Colin Guthrie: Frank Arensmeier wrote: Although I am not able to give you any helping advice, I would like to know if there are any PHP based XML online - editors out there (that would allow me to edit XML files online so to say). One thing that poped up in my mind was Tiny MCE. Sure, it could be possible to customise Tiny MCE, but I think one of the most important drawbacks with Tiny MCE is that it is not working with all browsers. Since my site is based on a XML/PHP template engine, it would be very convenient to be able to edit XML files online (instead of editing XML files locally and uploading them to the server). Any ideas? I'd be interested to know this too. There are a few places I can think of where it would be quite a nice addition. Col -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Maybe this could be a good idea for a project? I am sure that there are people who are interested in such an editor. //frank -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] for loop inside a switch
This will not work at all.. Instead of switch try with if condition as follows for ($i=0; $i 21; $i++) { if(faq$i == $q){ echo $faq1; break; } } Now it works.. You can write the code to display the result how you want.. but you cant write the code to write a code :) Cheers Warm Regards, Sanjeev http://www.sanchanworld.com http://webdirectory.sanchanworld.com - Submit your website URL http://webhosting.sanchanworld.com - Choose your best web hosting plan -Original Message- From: Hulf [mailto:[EMAIL PROTECTED] Sent: Thursday, August 16, 2007 3:11 PM To: php-general@lists.php.net Subject: [PHP] for loop inside a switch Hi, switch ($q) { for ($i=0; $i 21; $i++) { case 'faq$i': echo $faq1; break; } } I just want to loop out a big long list of cases. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Which CAPTCHA is the besta?
There are several PHP Captcha classes available as well. A few examples are: http://www.white-hat-web-design.co.uk/articles/php-captcha.php http://milki.erphesfurt.de/captcha/ http://nogajski.de/horst/php/captcha/
Re: [PHP] apache/php with sybase12.5
ROUKOS Michel wrote: Hi, I am integrating httpd-2.0.59 with php-5.2.1 and Sybase 12.5 on a solaris 8 machine. I followed these steps: Install apache: ./configure --prefix=/usr/local/apache2 --enable-so make make install PHP configuration: I edited this file php-5.2.1/ext/sybase_ct/ php_sybase_ct.h and changed this line: #define CTLIB_VERSION CS_VERSION_100 ...to... #define CTLIB_VERSION CS_VERSION_125 Then: ./configure --with-apx2=/usr/local/apache2/bin/apxs --with-sybase-ct=/opt/sybase/oc12.5-EBF11486/OCS-12_5/ --enable-bcmath --enable-calendar --enable-ctype --enable-exif --enable-ftp --enable-trans-sid --enable-shmop --enable-sockets --enable-sysvsem --enable-sysvshm --enable-wddx make make install then added these 2 lines in httpd.conf: AddType application/x-httpd-php .php .phtml AddType application/x-httpd-php-source .phps When I access test.php, I am asked to download the file - meaning php is not working well. I also don't see libphp5.so under modules/ directory. test.php is locate under htdocs/ and has this content: ?phpinfo()? Could you please point to me why libphp5.so was not generated? Also why php is not working well with apache and sybase? *** This e-mail contains information for the intended recipient only. It may contain proprietary material or confidential information. If you are not the intended recipient you are not authorised to distribute, copy or use this e-mail or any attachment to it. Murex cannot guarantee that it is virus free and accepts no responsibility for any loss or damage arising from its use. If you have received this e-mail in error please notify immediately the sender and delete the original email received, any attachments and all copies from your system. What version of libtool do you use? What happens if you just run ./configure --with-apx2=/usr/local/apache2/bin/apxs make make install -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Regular Expression just one step away from what I need....
Given the string 'foo''bar''glorp' (all quotes are single quotes)I had hoped to find a regular expression using preg_match that would return an array containing just those words without having to go through additional gyrations, like exploding a string to get an array. I have only had limited luck $theString = 'foo''bar''glorp'; preg_match( /\'(.*)\'/, $theString, $matches); print_r($matches); Array ( [0] = 'foo''bar''glorp' [1] = foo''bar''glorp ) Of course $matches[0] has the entire string and $matches[1] contains the returned string minus the leading and trailing single quote. I can explode $matches[1] to get what I want, but it is an extra step and I am sure that I have done this before but cannot locate the code in question. I would like the results to be Array ( [0] = 'foo''bar''glorp' [1] = foo [2] = bar [3] = glorp ) That way I can use the $matches array without having to create another array to hold the values. I feel as if I am really close on the regex to do this, but cannot seem to find (after much head scratching and teeth gnashing) the proper solution. Much thanks! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] cant get if logic correct..
Why don't you try to check for if it is integer. You will get the function to check the variable (is_integer not sure) in manual. Warm Regards, Sanjeev http://www.sanchanworld.com http://webdirectory.sanchanworld.com - Submit your website URL http://webhosting.sanchanworld.com - Choose your best web hosting plan -Original Message- From: Gregory Machin [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 15, 2007 7:01 PM To: php-general@lists.php.net Subject: [PHP] cant get if logic correct.. Hi i have a piece of code that gets info from a comma delimited file, then gets each value that is to be insterted into the database The variabls must only contain numbers and must not be null .. but the logic i have is iether not working or there are some hidden characters creeping in because it is processing the data ... how can i do this better ? for($i=2;$i$arrsize;$i++){ $parts=explode(,,$lines[$i]); $stnr=$parts[0]; $subj=$parts[1]; $mark=$parts[4]; if (($stnr) and ($subj) and ($mark)){ //do alot of something lol } } -- Gregory Machin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Regular Expression just one step away from what I need....
Jay Blanchard wrote: Given the string 'foo''bar''glorp' (all quotes are single quotes)I had hoped to find a regular expression using preg_match that would return an array containing just those words without having to go through additional gyrations, like exploding a string to get an array. I have only had limited luck $theString = 'foo''bar''glorp'; preg_match( /\'(.*)\'/, $theString, $matches); print_r($matches); Array ( [0] = 'foo''bar''glorp' [1] = foo''bar''glorp ) Of course $matches[0] has the entire string and $matches[1] contains the returned string minus the leading and trailing single quote. I can explode $matches[1] to get what I want, but it is an extra step and I am sure that I have done this before but cannot locate the code in question. I would like the results to be Array ( [0] = 'foo''bar''glorp' [1] = foo [2] = bar [3] = glorp ) That way I can use the $matches array without having to create another array to hold the values. I feel as if I am really close on the regex to do this, but cannot seem to find (after much head scratching and teeth gnashing) the proper solution. Much thanks! 2(-3) steps: 1. Make it _un_greedy (preg_* are greedy by default, so /'(.*)'/U will match foo''bar''glorp, making it ungreedy (/U modifier) would make it match just foo 2. Make it fetch _all_ matches, use preg_match_all (3. there's no need to escape single quotes in this string :)) The following works: preg_match_all(/'(.*)'/U, 'foo''bar''glorp', $matches); print_r($matches); -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Regular Expression just one step away from what I need....
On Fri, 2007-08-17 at 12:00 -0500, Jay Blanchard wrote: Given the string 'foo''bar''glorp' (all quotes are single quotes)I had hoped to find a regular expression using preg_match that would return an array containing just those words without having to go through additional gyrations, like exploding a string to get an array. I have only had limited luck $theString = 'foo''bar''glorp'; preg_match( /\'(.*)\'/, $theString, $matches); print_r($matches); You want to add the ungreedy modifier... preg_match( /\'(.*)\'/U, $theString, $matches); Cheers, Rob. -- ... SwarmBuy.com - http://www.swarmbuy.com Leveraging the buying power of the masses! ... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Regular Expression just one step away from what I need....
Jay Blanchard wrote: Given the string 'foo''bar''glorp' (all quotes are single quotes)I had hoped to find a regular expression using preg_match that would return an array containing just those words without having to go through additional gyrations, like exploding a string to get an array. I have only had limited luck $theString = 'foo''bar''glorp'; preg_match( /\'(.*)\'/, $theString, $matches); print_r($matches); Array ( [0] = 'foo''bar''glorp' [1] = foo''bar''glorp ) Of course $matches[0] has the entire string and $matches[1] contains the returned string minus the leading and trailing single quote. I can explode $matches[1] to get what I want, but it is an extra step and I am sure that I have done this before but cannot locate the code in question. I would like the results to be Array ( [0] = 'foo''bar''glorp' [1] = foo [2] = bar [3] = glorp ) That way I can use the $matches array without having to create another array to hold the values. I feel as if I am really close on the regex to do this, but cannot seem to find (after much head scratching and teeth gnashing) the proper solution. Much thanks! If it's only real words this will do: $theString = 'foo''bar''glorp'; preg_match_all( /'([a-z]+)'/Ui, $theString, $matches); -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Regular Expression just one step away from what I need....
[snip] I am no regex expert but wouldn't preg_match_all( /'([^']+)'/Ui, $theString, $matches); Be more flexible? [/snip] Thanks all, I completely forgot about greedy/ungreedy. That is what you get for being rusty! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Which CAPTCHA is the besta?
At 3:19 PM -0700 8/16/07, Tony Di Croce wrote: I need a CAPTCHA script Which one is the best? (I dont mind if its somewhat difficult). Tony: 1. No captcha works 100%. 2. All captchas prohibit someone -- the more difficult, the more exclusion. 3. So, if you need a captcha, don't make it difficult. A simple 1 + 1 = ? or What color is an orange? will do well. This advice is offered after going down that road, see here: http://sperling.com/examples/assorted-captcha/ Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Regular Expression just one step away from what I need....
I am no regex expert but wouldn't preg_match_all( /'([^']+)'/Ui, $theString, $matches); Be more flexible? On 8/17/07, Thijs Lensselink [EMAIL PROTECTED] wrote: If it's only real words this will do: $theString = 'foo''bar''glorp'; preg_match_all( /'([a-z]+)'/Ui, $theString, $matches); -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] cant get if logic correct..
is_integer probably wouldn't work, since you're dealing with strings here. Your best friend here would probably be 'is_numeric' which would return true on both the string '1' as the integer 1 true. As well as 1.1 and '1.1'. The only one solution I could think if would be: preg_match('/^\d+$/', $stnr); -- Ain't it always the small things like this that consume too much time? On 17/08/07, Sanjeev N [EMAIL PROTECTED] wrote: Why don't you try to check for if it is integer. You will get the function to check the variable (is_integer not sure) in manual. Warm Regards, Sanjeev http://www.sanchanworld.com http://webdirectory.sanchanworld.com - Submit your website URL http://webhosting.sanchanworld.com - Choose your best web hosting plan -Original Message- From: Gregory Machin [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 15, 2007 7:01 PM To: php-general@lists.php.net Subject: [PHP] cant get if logic correct.. Hi i have a piece of code that gets info from a comma delimited file, then gets each value that is to be insterted into the database The variabls must only contain numbers and must not be null .. but the logic i have is iether not working or there are some hidden characters creeping in because it is processing the data ... how can i do this better ? for($i=2;$i$arrsize;$i++){ $parts=explode(,,$lines[$i]); $stnr=$parts[0]; $subj=$parts[1]; $mark=$parts[4]; if (($stnr) and ($subj) and ($mark)){ //do alot of something lol } } -- Gregory Machin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Interpotential.com Phone: +31615397471
[PHP] About Session And Cookies
I am trying to setup a secure login system. I've heard that if I use just cookies for login, members without cookie turned out won't be able to see the member pages. Is using session recommended for e-commerce websites with shopping carts? Or, using both of them might be more effective in some way.
RE: [PHP] apache/php with sybase12.5
Hi, I installed libtool 1.5 and tried again. The libphp.so was not created as well. I tried also to run with ./configure --with-apx2=/usr/local/apache2/bin/apxs make make install same results: libphp5.so is not created under modules/ directory. Thanks and regards, Michel -Original Message- From: Lens Development [mailto:[EMAIL PROTECTED] Sent: Friday, August 17, 2007 7:57 PM To: ROUKOS Michel Cc: php-general@lists.php.net Subject: Re: [PHP] apache/php with sybase12.5 ROUKOS Michel wrote: Hi, I am integrating httpd-2.0.59 with php-5.2.1 and Sybase 12.5 on a solaris 8 machine. I followed these steps: Install apache: ./configure --prefix=/usr/local/apache2 --enable-so make make install PHP configuration: I edited this file php-5.2.1/ext/sybase_ct/ php_sybase_ct.h and changed this line: #define CTLIB_VERSION CS_VERSION_100 ...to... #define CTLIB_VERSION CS_VERSION_125 Then: ./configure --with-apx2=/usr/local/apache2/bin/apxs --with-sybase-ct=/opt/sybase/oc12.5-EBF11486/OCS-12_5/ --enable-bcmath --enable-calendar --enable-ctype --enable-exif --enable-ftp --enable-trans-sid --enable-shmop --enable-sockets --enable-sysvsem --enable-sysvshm --enable-wddx make make install then added these 2 lines in httpd.conf: AddType application/x-httpd-php .php .phtml AddType application/x-httpd-php-source .phps When I access test.php, I am asked to download the file - meaning php is not working well. I also don't see libphp5.so under modules/ directory. test.php is locate under htdocs/ and has this content: ?phpinfo()? Could you please point to me why libphp5.so was not generated? Also why php is not working well with apache and sybase? *** This e-mail contains information for the intended recipient only. It may contain proprietary material or confidential information. If you are not the intended recipient you are not authorised to distribute, copy or use this e-mail or any attachment to it. Murex cannot guarantee that it is virus free and accepts no responsibility for any loss or damage arising from its use. If you have received this e-mail in error please notify immediately the sender and delete the original email received, any attachments and all copies from your system. What version of libtool do you use? What happens if you just run ./configure --with-apx2=/usr/local/apache2/bin/apxs make make install *** This e-mail contains information for the intended recipient only. It may contain proprietary material or confidential information. If you are not the intended recipient you are not authorised to distribute, copy or use this e-mail or any attachment to it. Murex cannot guarantee that it is virus free and accepts no responsibility for any loss or damage arising from its use. If you have received this e-mail in error please notify immediately the sender and delete the original email received, any attachments and all copies from your system. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: www.soongy.com
What is this supposed to be exactly? I gather from looking at it quickly that uses can signup, then send messages to other signed up users right? So it's like email, but you can only send messages to other people that signup, and login through that specific webpage. Forgive me but I don't see the appeal, what is this for? - Dan Gevorg Harutyunyan [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hello, I am Gevorg. I just wanted to introduce you my new PHP based work here www.soongy.com http://www.soongy.com/ . It is working on PHP and MySQL and here is used DHTML, AJAX. Thank you very much. Waiting for your response Regards, Gevorg -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] About Session And Cookies
Kelvin, Sessions is just one of the items recommended for an e-commerce website. I seem to recall that if cookies were not enabled that there was a way of passing the session id in the URL as a Get parameter. Basically you will store the items to be purchased in a special table and a shopper ID or cart ID number will be assigned with the first selected item and needs to be retained to be able to recall the selected items when the shopper is ready to check out. A session variable is a good place to store this id, but it could also be passed in the form as a hidden field. A session is also a convenient way of providing a generic storage of the items to be purchased, separate table is possibly more common. You don't have to be too concerned about security up to the point where someone begins to check out when you begin gathering personal information from the buyer. Give it some thought, but I suspect in most cases that if someone were to capture a session at this point, the worse that could happen is they would both order and pay for the same items. When you gather personal information it becomes a different matter, and at this point I would first recomment you consider passing your order items to a resource like paypal and let them collect the personal information. If that is not possible you will want to switch to SSL communication with the browser before when you present your form for the personal information, and even in this mode I would recommend that if you detect errors on the forma and need to represent the form for the buyer to correct info, toss away the credit card info and have them reenter it. You do not want to store this in your session, or anywhere on your system without really secure incryption (I'm talking about the DB side here, not the SSL channel to the browser). Once you begin collecting personal information (and this is not limited to the obvious like social security numbers), you should make sure the session cannot be hijacked, to prevent identity theft, this is where cookies work so well. Anyone who doesn't allow cookies is forcing you into a situation where you must expose their session information in the URL or a hidden field on the form where it can be hijacked, in which case I would refuse to have them as a customer, it's not worth the risk. Hope this helps, Warren -Original Message- From: Kelvin Park [mailto:[EMAIL PROTECTED] Sent: Friday, August 17, 2007 3:02 PM To: php-general@lists.php.net Subject: [PHP] About Session And Cookies I am trying to setup a secure login system. I've heard that if I use just cookies for login, members without cookie turned out won't be able to see the member pages. Is using session recommended for e-commerce websites with shopping carts? Or, using both of them might be more effective in some way. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] About Session And Cookies
If cookies are not available, you can either hide the id in the hidden form field element or enable trans_sid to automatically pass the session id in the url bastien From: [EMAIL PROTECTED] To: [EMAIL PROTECTED]; php-general@lists.php.net Date: Fri, 17 Aug 2007 17:03:54 -0700 Subject: RE: [PHP] About Session And Cookies Kelvin, Sessions is just one of the items recommended for an e-commerce website. I seem to recall that if cookies were not enabled that there was a way of passing the session id in the URL as a Get parameter. Basically you will store the items to be purchased in a special table and a shopper ID or cart ID number will be assigned with the first selected item and needs to be retained to be able to recall the selected items when the shopper is ready to check out. A session variable is a good place to store this id, but it could also be passed in the form as a hidden field. A session is also a convenient way of providing a generic storage of the items to be purchased, separate table is possibly more common. You don't have to be too concerned about security up to the point where someone begins to check out when you begin gathering personal information from the buyer. Give it some thought, but I suspect in most cases that if someone were to capture a session at this point, the worse that could happen is they would both order and pay for the same items. When you gather personal information it becomes a different matter, and at this point I would first recomment you consider passing your order items to a resource like paypal and let them collect the personal information. If that is not possible you will want to switch to SSL communication with the browser before when you present your form for the personal information, and even in this mode I would recommend that if you detect errors on the forma and need to represent the form for the buyer to correct info, toss away the credit card info and have them reenter it. You do not want to store this in your session, or anywhere on your system without really secure incryption (I'm talking about the DB side here, not the SSL channel to the browser). Once you begin collecting personal information (and this is not limited to the obvious like social security numbers), you should make sure the session cannot be hijacked, to prevent identity theft, this is where cookies work so well. Anyone who doesn't allow cookies is forcing you into a situation where you must expose their session information in the URL or a hidden field on the form where it can be hijacked, in which case I would refuse to have them as a customer, it's not worth the risk. Hope this helps, Warren -Original Message- From: Kelvin Park [mailto:[EMAIL PROTECTED] Sent: Friday, August 17, 2007 3:02 PM To: php-general@lists.php.net Subject: [PHP] About Session And Cookies I am trying to setup a secure login system. I've heard that if I use just cookies for login, members without cookie turned out won't be able to see the member pages. Is using session recommended for e-commerce websites with shopping carts? Or, using both of them might be more effective in some way. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php _ Invite your mail contacts to join your friends list with Windows Live Spaces. It's easy! http://spaces.live.com/spacesapi.aspx?wx_action=createwx_url=/friends.aspxmkt=en-us