php-general Digest 7 Jul 2009 09:21:04 -0000 Issue 6216
php-general Digest 7 Jul 2009 09:21:04 - Issue 6216
Topics (messages 294974 through 294990):
Re: Simple login form with cookies
294974 by: Jason Carson
Re: How to authnticate and use contents from ${HOME}
294975 by: Isaac Dover
Re: best way to properly build an include path *regardless* from where I am
calling the include?
294976 by: Govinda
294977 by: Kim N. Lesmer
294978 by: Daniel Brown
294979 by: Govinda
294980 by: Paul M Foster
294984 by: Clancy
294985 by: Govinda
294988 by: Michael A. Peters
Re: Advise on starting a web store site
294981 by: Paul M Foster
Re: porting C code to php
294982 by: Paul M Foster
Re: How to stop E_DEPRECATED messages in the PHP log?
294983 by: Paul M Foster
294986 by: Jeff Weinberger
Re: What is this called?
294987 by: Michael A. Peters
Re: Call to object function, want to PHP interpret returned string
294989 by: John Allsopp
PHP Manual in PDF format
294990 by: Angus Mann
Administrivia:
To subscribe to the digest, e-mail:
php-general-digest-subscr...@lists.php.net
To unsubscribe from the digest, e-mail:
php-general-digest-unsubscr...@lists.php.net
To post to the list, e-mail:
php-gene...@lists.php.net
--
---BeginMessage---
Jason Carson wrote:
On Mon, Jul 6, 2009 at 02:19, Jason Carsonja...@jasoncarson.ca wrote:
ok, I have two sets of scripts here. One uses setcookie() for logging
into
the admin panel and the other uses session_start(). Both are working
fine,
is one more secure than the other?
$_COOKIE data is written to a file that is readable/writeable and
stored on the user's side of things. $_SESSION data is written to the
server, with a cookie stored on the user's side containing just the
PHPSESSID (session ID) string to identify the session file on the
server.
So determining which is better and/or more secure is really a
matter of the data held there and how it's handled. If storing things
like usernames or you absolutely want to store personal data in an
active session, do so in $_SESSION. If you're storing a password or
credit card number in the active session, you may as well do it in
$_COOKIE, because you're already using an insecure model. ;-P
--
/Daniel P. Brown
daniel.br...@parasane.net || danbr...@php.net
http://www.parasane.net/ || http://www.pilotpig.net/
Check out our great hosting and dedicated server deals at
http://twitter.com/pilotpig
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Well I'm a newbie when it comes to PHP and programming. I guess I need
to
read up on login security. Do you know of, or recommend, any websites
that
will show me how to secure my login model (Using cookies or sessions).
Hi Jason,
I'm probably not any wiser than you, but I have just (today) discovered
an interesting site that seems to have some really clear explanations
and tutorials re php, MySsql et al.
It's worth looking at (I'm trying to implement something like what you
are, as well):
http://www.brainbell.com/tutors/php/php_mysql/Authorizing_User_Access.html
HTH,
PJ
--
Hervé Kempf: Pour sauver la planète, sortez du capitalisme.
-
Phil Jourdan --- p...@ptahhotep.com
http://www.ptahhotep.com
http://www.chiccantine.com/andypantry.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
I'll check it out this evening when I have some time. Thanks for the link.
---End Message---
---BeginMessage---
Hi Chantale, as Bastien mentioned, a preconfigured package might be the best
way to go. Wikipedia has more information:
http://en.wikipedia.org/wiki/List_of_LAMP_Packages
What are you wanting to build in your interface?
- Isaac
On Mon, Jul 6, 2009 at 9:14 AM, Bastien Koert phps...@gmail.com wrote:
Try xamp or one of the preconfigured packages
bastien
On Sunday, July 5, 2009, schneider.chant...@freenet.de wrote:
Hello,
My name ich Chantale, I am 15years old and in a german Lycee. I like to
study Informatic in two years and now try to code my first applications. I
am new to php and like to code my own Intranet Web-Interface which should
run on my FileServer at home.
I have installed suPHP, but it seems to be not the thing I need, because
it works only on a VHost.
What I need is, that a ${USER} can login and work on her/his ${HOME}.
How can I archive this?
Thank you
Chantale
#adBox3 {display:none;}
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
Bastien
Cat, the other other white meat
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit:
Re: [PHP] What is this called?
and throw your favorite Linux distro on it (I'm not touching that holy war with a 10' eth0 cord) I'll touch it. It shouldn't be Fedora - Fedora has too short of a lifetime before major version update is necessary to get patches. The main advantages of Fedora are how new and shiny the desktop is, but a box just for SQL isn't going to care about new and shiny gnome with the pretty widgets. Use RHEL/CentOS for this if you like RPM. Just replace the archaic php 5.1.x and yer good to go ;) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] best way to properly build an include path *regardless* from where I am calling the include?
Govinda wrote:
I want something that will work for calling an include from any file
that
lives n levels deep.
That's where you have to define a variable (or constant) that
tells the system where the web root is located, and then use that to
determine where you are in relation to that. For example:
?php
function relate_path($me,$root = '/home/pilotpig/public_html') {
if(preg_match('/\/.*\.[a-z0-9]{2,5}$/Ui',$me)) { // If a file with
extension 2-5 alphanum chars
$me = dirname($me); // Strip the filename
// Then loop through the correct number of times.
for($i=0;$i(substr_count($me,'/') -
substr_count($root,'/'));$i++) {
$me = dirname($me);
}
return $me; // Returns the resulting path.
}
return false; // If we were unable to get the path.
}
/*
Then use it as follows, presuming this file is
named /home/user/public_html/web/home.php
*/
if(($path = relate_path(__FILE__)) !== false) {
include($path.'/include/config.php');
} else {
// Handle the error for the incorrect inclusion attempt.
}
?
Voila!
Also, what is the difference between a path that starts with /,
versus the
same path but that does not have that leading /, or that same path but
prefixed with ./?
I.e., this:
/somepath/includes/file.php
is a true (absolute) path.
versus this:
somepath/includes/file.php
is a relative path from wherever the file is called.
versus this:
./somepath/includes/file.php
is a relative path from the CWD/PWD (Current Working
Directory/Present Working Directory).
P.S. - The function is untested, just rattled off from my brain
while I cook dinner, so if it doesn't work, at least you should get
the gist of where I'm going but try it anyway. ;-P
Dan I love to see smart hacks in action! ..and I believe I get what you
are doing.
I am just amazed that there is not a SIMPLE (one-liner) reliable way of
just saying document root without a complex function like that.
$documentRoot = '/srv/website/www'
Unless you change your site configuration option, that is both concise
and easy to understand when you (or someone else) reads the code 5
months from now.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Call to object function, want to PHP interpret returned string
Stuart wrote:
2009/7/6 John Allsopp j...@johnallsopp.co.uk:
David Robley wrote:
John Allsopp wrote:
Hi
At the top of a webpage I have:
?php
include_once(furniture.php);
$myFurniture = new furniture();
echo $myFurniture-getTop(my company title);
?
to deliver the first lines of HTML, everything in HEAD and the first
bits of page furniture (menu, etc).
In the furniture object in getTop(), I want to return a string that
includes the CSS file that I call with an include_once. But the
include_once isn't interpreted by PHP, it's just outputted. So from:
$toReturn = !DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0
Transitional//EN'
?php
include_once('styles3.txt');
?
...;
return $toReturn;
I get
?php
include_once('styles3.txt');
?
in my code.
Do I really have to break up my echo $myFurniture-getTop(my company
title); call to getTopTop, then include my CSS, then call getTopBottom,
or can I get PHP to interpret that text that came back?
PS. I may be stupid, this may be obvious .. I don't program PHP every day
Thanks in advance for your help :-)
Cheers
J
First guess is that your page doing the including doesn't have a filename
with a .php extension, and your server is set to only parse php in files
with a .php extension.
Cheers
Ah, thanks. It's a PHP object returning a string, I guess the PHP
interpreter won't see that.
So, maybe my object has to write a file that my calling file then includes
after the object function call. Doesn't sound too elegant, but is that how
it's gotta be?
You appear to be looking for the eval function: http://php.net/eval
However, in 99.99% of cases using eval is not the right solution. In
your case there are two ways to solve it.
The first way, assuming the thing you're trying to include is a
stylesheet, is to use an external link to a CSS file. That would be
the normal way to include a stylesheet in an HTML page and is far
more efficient that including it inline.
If it's not just a stylesheet that you're including then you'll want
to load the file in the getTop method. For example...
$toReturn = !DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0
Transitional//EN' ;
$toReturn.= file_get_contents('styles3.txt');
$toReturn.= '..';
Simple as that.
-Stuart
Thanks guys. Yes, actually file_get_contents didn't work for me, and yes
you're right, of course I should be including my CSS like LINK
rel='stylesheet' type='text/css' media='screen' href='style3.css'
title='style1' in the header.
The style3.txt file I was trying to PHP include was there so I could
include more than one stylesheet and make just one amendment. One for
printing and I'm guessing one for mobile. All that file contained was
the LINK... line above.
That was legacy code. Now I have a furniture object, of course, I can
put my stylesheet code in one place there just as part of the header,
and have no need for style3.txt.
Thanks for all your help.
J
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP Manual in PDF format
Hi all. I realize this question has been asked before and I've found responses in the archive, but none of the links work now, or the files they point to are old or unsuitable. I'd like to print the most recent PHP manual to paper, so I need it in a format that's suitable. I've downloaded it from php.net in chm and HTML format but neither of them can easily be printed with proper attention to page numbering and order. Any idea where to find a PDF or similar version of the manual? Thanks, Angus
Re: [PHP] How to stop E_DEPRECATED messages in the PHP log?
On 7/7/09 1:23 AM, Jeff Weinberger j...@jeffweinberger.com wrote: On Jul 6, 2009, at 7:47 PM, Paul M Foster wrote: On Mon, Jul 06, 2009 at 02:16:09PM -0700, Jeff Weinberger wrote: Hi: I am hoping someone can help me figure this out I've just upgraded my PHP installation to 5.3.0. Now I am receiving thousands of log messages of the form PHP Deprecated: I know I have a number of scripts that use now-deprecated functions, etc. and I now know what those are, thanks to all the messages. However, this is now growing to (literally) gigabytes of log entries, so I'd like to stop the messages until I have the time to re-write all the offending scripts. I have tried the following error.reporting lines in php.ini: error_reporting = E_ALL ~E_DEPRECATED E_ERROR E_WARNING E_PARSE E_NOTICE E_CORE_ERROR E_USER_ERROR E_USER_WARNING E_USER_NOTICE E_COMPILE_ERROR E_COMPILE_WARNING error_reporting = ~E_DEPRECATED E_ALL E_ERROR E_WARNING E_PARSE E_NOTICE E_CORE_ERROR E_USER_ERROR E_USER_WARNING E_USER_NOTICE E_COMPILE_ERROR E_COMPILE_WARNING error_reporting = E_ALL E_ERROR E_WARNING E_PARSE E_NOTICE E_CORE_ERROR E_USER_ERROR E_USER_WARNING E_USER_NOTICE E_COMPILE_ERROR E_COMPILE_WARNING ~E_DEPRECATED error_reporting = E_ERROR E_CORE_ERROR E_USER_ERROR E_COMPILE_ERROR E_COMPILE_WARNING ~E_DEPRECATED error_reporting = ~E_DEPRECATED E_ERROR E_CORE_ERROR E_USER_ERROR E_COMPILE_ERROR E_COMPILE_WARNING (as you can tell, I prefer verbose logs, but not that verbose...). None of these combinations have stopped the PHP Deprecated: ... messages. System info: Mac OS/X 10.5.7 Client version, PHP 5.3.0 running as a CGI under Apache 2.2.11 and as a CLI. Please let me know if there's any other info that might help. php_info() reports error.reporting as 0 Any help or guidance is appreciated!! Try error_reporting(E_ALL ^ E_DEPRECATED); See http://us2.php.net/manual/en/function.error-reporting.php for more info and examples. Paul -- Paul M. Foster -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Paul: Thanks for your suggestion - it would work nicely, except that that is a runtime function that is called within a script. I am trying to get the php.ini setting correct to avoid the Deprecated messages. I tried error_reporting=E_ALL ~E_DEPRECATED (which I think is the php.ini analogy to your suggestion) to no avail - it failed also. leaving me still confused how about running this to find the int value to put into php.ini: ?php error_reporting(E_ALL ^ E_DEPRECATED); echo error_reporting(); ? i don't have 5.3 so i haven't tried. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How to stop E_DEPRECATED messages in the PHP log?
2009/7/6 Jeff Weinberger j...@jeffweinberger.com: Hi: I am hoping someone can help me figure this out I've just upgraded my PHP installation to 5.3.0. Now I am receiving thousands of log messages of the form PHP Deprecated: I know I have a number of scripts that use now-deprecated functions, etc. and I now know what those are, thanks to all the messages. However, this is now growing to (literally) gigabytes of log entries, so I'd like to stop the messages until I have the time to re-write all the offending scripts. I have tried the following error.reporting lines in php.ini: error_reporting = E_ALL ~E_DEPRECATED E_ERROR E_WARNING E_PARSE E_NOTICE E_CORE_ERROR E_USER_ERROR E_USER_WARNING E_USER_NOTICE E_COMPILE_ERROR E_COMPILE_WARNING error_reporting = ~E_DEPRECATED E_ALL E_ERROR E_WARNING E_PARSE E_NOTICE E_CORE_ERROR E_USER_ERROR E_USER_WARNING E_USER_NOTICE E_COMPILE_ERROR E_COMPILE_WARNING error_reporting = E_ALL E_ERROR E_WARNING E_PARSE E_NOTICE E_CORE_ERROR E_USER_ERROR E_USER_WARNING E_USER_NOTICE E_COMPILE_ERROR E_COMPILE_WARNING ~E_DEPRECATED error_reporting = E_ERROR E_CORE_ERROR E_USER_ERROR E_COMPILE_ERROR E_COMPILE_WARNING ~E_DEPRECATED error_reporting = ~E_DEPRECATED E_ERROR E_CORE_ERROR E_USER_ERROR E_COMPILE_ERROR E_COMPILE_WARNING (as you can tell, I prefer verbose logs, but not that verbose...). None of these combinations have stopped the PHP Deprecated: ... messages. System info: Mac OS/X 10.5.7 Client version, PHP 5.3.0 running as a CGI under Apache 2.2.11 and as a CLI. Please let me know if there's any other info that might help. php_info() reports error.reporting as 0 Any help or guidance is appreciated!! Thanks, --Jeff No one ever achieved greatness by playing it safe. -Harry Gray -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Try ... error_reporting = 22527 -- - Richard Quadling Zend Certified Engineer : http://zend.com/zce.php?c=ZEND002498r=213474731 Standing on the shoulders of some very clever giants! I need a car : http://snipurl.com/l4pih ZOPA : http://uk.zopa.com/member/RQuadling -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Manual in PDF format
2009/7/7 Angus Mann angusm...@pobox.com: Hi all. I realize this question has been asked before and I've found responses in the archive, but none of the links work now, or the files they point to are old or unsuitable. I'd like to print the most recent PHP manual to paper, so I need it in a format that's suitable. I've downloaded it from php.net in chm and HTML format but neither of them can easily be printed with proper attention to page numbering and order. Any idea where to find a PDF or similar version of the manual? Thanks, Angus $ pecl install haru $ pear channel-discover doc.php.net $ pear install doc.php.net/phd-beta $ cvs -d:pserver:cvsr...@cvs.php.net/repository login (the password is phpfi) $ cvs -d:pserver:cvsr...@cvs.php.net/repository co phpdoc $ cd phpdoc $ php configure.php $ phd -f pdf -t phppdf -d .manual.xml Now open the newly created pdf folder :) If you'd like a big fat one PDF file then use phpbigpdf rather then phppdf The PDF version will be available soon. Ish. Maybe. Hopefully. -- - Richard Quadling Zend Certified Engineer : http://zend.com/zce.php?c=ZEND002498r=213474731 Standing on the shoulders of some very clever giants! I need a car : http://snipurl.com/l4pih ZOPA : http://uk.zopa.com/member/RQuadling -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Advise on starting a web store site
At 1:15 PM +0100 7/6/09, Matthew Croud wrote: Hi, I'm going to start my first e commerce website for a small web shoe store. I think I know enough PHP to keep my head above water, I'm using an add on shopping cart package to deal with the transactions. My question is, what's the best way to design a site where each product appears to have its own page. Is there a way to create the site *without* having each product have a physical separate page ? Is there a method of web design which makes creating new pages simple if they all follow the same pattern. i.e thumbnail, description etc. Thanks guys, Matt. Mat: Certainly, here's an example: http://ancientstones.com/ Each item is pulled from a database and the catalog is assembled as the user instructs. When the user clicks on an item, then an individual page is assemble to show that item. There are no static pages, but rather templates where the contents are pulled from a database to fill the templates (catalog page and item page) as the user shows interest. I also have a back-end script that allow the owner to upload pictures of his product and add content (i.e., title, description, price). Additionally, the shopping cart I use here is provided by PayPal and NOT something I installed. Believe me, dealing with credit card transactions is not without concern and liability. I recommend with a small web store, it is worth considering passing all that responsibility off to a company that deals with it routinely. It's a simple process to use PayPal. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How to stop E_DEPRECATED messages in the PHP log?
On Jul 7, 2009, at 5:50 AM, Richard Quadling wrote: 2009/7/6 Jeff Weinberger j...@jeffweinberger.com: Hi: I am hoping someone can help me figure this out I've just upgraded my PHP installation to 5.3.0. Now I am receiving thousands of log messages of the form PHP Deprecated: I know I have a number of scripts that use now-deprecated functions, etc. and I now know what those are, thanks to all the messages. However, this is now growing to (literally) gigabytes of log entries, so I'd like to stop the messages until I have the time to re-write all the offending scripts. I have tried the following error.reporting lines in php.ini: error_reporting = E_ALL ~E_DEPRECATED E_ERROR E_WARNING E_PARSE E_NOTICE E_CORE_ERROR E_USER_ERROR E_USER_WARNING E_USER_NOTICE E_COMPILE_ERROR E_COMPILE_WARNING error_reporting = ~E_DEPRECATED E_ALL E_ERROR E_WARNING E_PARSE E_NOTICE E_CORE_ERROR E_USER_ERROR E_USER_WARNING E_USER_NOTICE E_COMPILE_ERROR E_COMPILE_WARNING error_reporting = E_ALL E_ERROR E_WARNING E_PARSE E_NOTICE E_CORE_ERROR E_USER_ERROR E_USER_WARNING E_USER_NOTICE E_COMPILE_ERROR E_COMPILE_WARNING ~E_DEPRECATED error_reporting = E_ERROR E_CORE_ERROR E_USER_ERROR E_COMPILE_ERROR E_COMPILE_WARNING ~E_DEPRECATED error_reporting = ~E_DEPRECATED E_ERROR E_CORE_ERROR E_USER_ERROR E_COMPILE_ERROR E_COMPILE_WARNING (as you can tell, I prefer verbose logs, but not that verbose...). None of these combinations have stopped the PHP Deprecated: ... messages. System info: Mac OS/X 10.5.7 Client version, PHP 5.3.0 running as a CGI under Apache 2.2.11 and as a CLI. Please let me know if there's any other info that might help. php_info() reports error.reporting as 0 Any help or guidance is appreciated!! Thanks, --Jeff No one ever achieved greatness by playing it safe. -Harry Gray -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Try ... error_reporting = 22527 -- - Richard Quadling Zend Certified Engineer : http://zend.com/zce.php?c=ZEND002498r=213474731 Standing on the shoulders of some very clever giants! I need a car : http://snipurl.com/l4pih ZOPA : http://uk.zopa.com/member/RQuadling Richard (and Tom): This seemed like it would be the perfect solution...but alas it did not work. 22527 seems right, but after changing php.ini to that and restarting php and apache, I am still getting Deprecated... messages. :( I'll keep trying...and any other suggestions are much appreciated! Thanks! A wise man will make more opportunities than he finds. -Francis Bacon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Simple login form with cookies
PJ wrote: Jason Carson wrote: On Mon, Jul 6, 2009 at 02:19, Jason Carsonja...@jasoncarson.ca wrote: ok, I have two sets of scripts here. One uses setcookie() for logging into the admin panel and the other uses session_start(). Both are working fine, is one more secure than the other? $_COOKIE data is written to a file that is readable/writeable and stored on the user's side of things. $_SESSION data is written to the server, with a cookie stored on the user's side containing just the PHPSESSID (session ID) string to identify the session file on the server. So determining which is better and/or more secure is really a matter of the data held there and how it's handled. If storing things like usernames or you absolutely want to store personal data in an active session, do so in $_SESSION. If you're storing a password or credit card number in the active session, you may as well do it in $_COOKIE, because you're already using an insecure model. ;-P -- /Daniel P. Brown daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ Check out our great hosting and dedicated server deals at http://twitter.com/pilotpig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Well I'm a newbie when it comes to PHP and programming. I guess I need to read up on login security. Do you know of, or recommend, any websites that will show me how to secure my login model (Using cookies or sessions). Hi Jason, I'm probably not any wiser than you, but I have just (today) discovered an interesting site that seems to have some really clear explanations and tutorials re php, MySsql et al. It's worth looking at (I'm trying to implement something like what you are, as well): http://www.brainbell.com/tutors/php/php_mysql/Authorizing_User_Access.html HTH, PJ I just found another site which is easier to deal with (chapter references) and seems to be the original source of the brainbell site: http://home.bolink.org/ebooks/webP/webdb/index.htm -- Hervé Kempf: Pour sauver la planète, sortez du capitalisme. - Phil Jourdan --- p...@ptahhotep.com http://www.ptahhotep.com http://www.chiccantine.com/andypantry.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How to stop E_DEPRECATED messages in the PHP log?
On Tue, Jul 7, 2009 at 11:03, Jeff Weinbergerj...@jeffweinberger.com wrote: This seemed like it would be the perfect solution...but alas it did not work. 22527 seems right, but after changing php.ini to that and restarting php and apache, I am still getting Deprecated... messages. Dumb question, Jeff: are you sure you're editing the correct php.ini file? -- /Daniel P. Brown daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ Check out our great hosting and dedicated server deals at http://twitter.com/pilotpig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How to stop E_DEPRECATED messages in the PHP log?
On Jul 7, 2009, at 8:38 AM, Daniel Brown wrote: On Tue, Jul 7, 2009 at 11:03, Jeff Weinbergerj...@jeffweinberger.com wrote: This seemed like it would be the perfect solution...but alas it did not work. 22527 seems right, but after changing php.ini to that and restarting php and apache, I am still getting Deprecated... messages. Dumb question, Jeff: are you sure you're editing the correct php.ini file? -- /Daniel P. Brown daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ Check out our great hosting and dedicated server deals at http://twitter.com/pilotpig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Daniel: Not a dumb question at all! I check every time (php_info()) to make sure the loaded configuration file is the one I'm editing. So, as far as I can tell, yes. Should I be looking at something else to be sure? Thanks! --Jeff UNIX is the Klingon of cyberspace. -from The Cluetrain Manifesto -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Browser Alert
2009/7/4 tedd t...@sperling.com So, if you're having problems with Safari 4.0 on Mac OSX uploading files, you're not alone. s/uploading files// ;) To make this posting useful: The thing might be related to this Bug http://www.webmasterworld.com/macintosh_webmaster/3300569.htm But, since you did post only a few details, no one can know for sure.
Re: [PHP] How to stop E_DEPRECATED messages in the PHP log?
On 7/7/09 11:38 AM, Daniel Brown danbr...@php.net wrote: On Tue, Jul 7, 2009 at 11:03, Jeff Weinbergerj...@jeffweinberger.com wrote: This seemed like it would be the perfect solution...but alas it did not work. 22527 seems right, but after changing php.ini to that and restarting php and apache, I am still getting Deprecated... messages. Dumb question, Jeff: are you sure you're editing the correct php.ini file? i was about to ask the same. phpinfo() will tell you the path to the in-effect config file. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How to authnticate and use contents from ${HOME}
2009/7/6 Isaac Dover isaacdo...@gmail.com
Hi Chantale, as Bastien mentioned, a preconfigured package might be the
best
way to go. Wikipedia has more information:
http://en.wikipedia.org/wiki/List_of_LAMP_Packages
What are you wanting to build in your interface?
- Isaac
On Mon, Jul 6, 2009 at 9:14 AM, Bastien Koert phps...@gmail.com wrote:
Try xamp or one of the preconfigured packages
bastien
On Sunday, July 5, 2009, schneider.chant...@freenet.de wrote:
Hello,
My name ich Chantale, I am 15years old and in a german Lycee. I like to
study Informatic in two years and now try to code my first applications.
I
am new to php and like to code my own Intranet Web-Interface which should
run on my FileServer at home.
I have installed suPHP, but it seems to be not the thing I need,
because
it works only on a VHost.
What I need is, that a ${USER} can login and work on her/his ${HOME}.
How can I archive this?
Thank you
Chantale
Installing LAMP is not a good idea for productive servers. Always stick with
the Packages of your distribution to get all upgrades.
Activating a module isn't hard at all, so... there's not really a need for
packages like LAMP on a unix-like OS.
The point in not using such Packages like LAMP on a system which isn't
productive is learning to set up a productive server. You decide.
mod_auth_pam might be a way fo accomplish what you want.
Just my two cent.
Re: [PHP] How to stop E_DEPRECATED messages in the PHP log?
On 7/7/09 12:17 PM, Jeff Weinberger j...@jeffweinberger.com wrote: On Jul 7, 2009, at 8:38 AM, Daniel Brown wrote: On Tue, Jul 7, 2009 at 11:03, Jeff Weinbergerj...@jeffweinberger.com wrote: This seemed like it would be the perfect solution...but alas it did not work. 22527 seems right, but after changing php.ini to that and restarting php and apache, I am still getting Deprecated... messages. Dumb question, Jeff: are you sure you're editing the correct php.ini file? -- /Daniel P. Brown daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ Check out our great hosting and dedicated server deals at http://twitter.com/pilotpig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Daniel: Not a dumb question at all! I check every time (php_info()) to make sure the loaded configuration file is the one I'm editing. So, as far as I can tell, yes. Should I be looking at something else to be sure? i've now had a look at http://www.php.net/manual/en/errorfunc.constants.php in your shoes i'd try out 2047 (with is everything up to and including E_USER_NOTICE) and possibly 6143 (=2047+4096) if you have your own error handler. if still no luck i can't think of anything else to suggest but work backwards: check the value returned by error_reporting() is the value you set in php.ini. binary decode it to double check. if it sill makes no sense, check the php bugs db. and if nothing, maybe report it. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Manual in PDF format
Richard Quadling wrote: $ pecl install haru [...] $ phd -f pdf -t phppdf -d .manual.xml I installed haru, yet when I try the phd command, I get a class 'HaruDoc' not found error :( Has this happened to anyone else? James -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How to stop E_DEPRECATED messages in the PHP log?
On Jul 7, 2009, at 12:30 PM, Tom Worster wrote: On 7/7/09 12:17 PM, Jeff Weinberger j...@jeffweinberger.com wrote: On Jul 7, 2009, at 8:38 AM, Daniel Brown wrote: On Tue, Jul 7, 2009 at 11:03, Jeff Weinbergerj...@jeffweinberger.com wrote: This seemed like it would be the perfect solution...but alas it did not work. 22527 seems right, but after changing php.ini to that and restarting php and apache, I am still getting Deprecated... messages. Dumb question, Jeff: are you sure you're editing the correct php.ini file? -- /Daniel P. Brown daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ Check out our great hosting and dedicated server deals at http://twitter.com/pilotpig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Daniel: Not a dumb question at all! I check every time (php_info()) to make sure the loaded configuration file is the one I'm editing. So, as far as I can tell, yes. Should I be looking at something else to be sure? i've now had a look at http://www.php.net/manual/en/errorfunc.constants.php in your shoes i'd try out 2047 (with is everything up to and including E_USER_NOTICE) and possibly 6143 (=2047+4096) if you have your own error handler. if still no luck i can't think of anything else to suggest but work backwards: check the value returned by error_reporting() is the value you set in php.ini. binary decode it to double check. if it sill makes no sense, check the php bugs db. and if nothing, maybe report it. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Tom: thanks - I'll try those and report back, and will keep playing with various combinations until I get it to work or prove it doesn't :) One question - that I for some reason have not found - is there a list of the numerical values of the E_* constants somewhere? Thanks for your help! --Jeff Real love is a pilgrimage. It happens when there is no strategy, but it is very rare because most people are strategists. -Anita Brookner -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How to stop E_DEPRECATED messages in the PHP log?
On Tue, Jul 7, 2009 at 17:46, Jeff Weinbergerj...@jeffweinberger.com wrote: One question - that I for some reason have not found - is there a list of the numerical values of the E_* constants somewhere? You bet: http://php.net/manual/en/errorfunc.constants.php -- /Daniel P. Brown daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ Check out our great hosting and dedicated server deals at http://twitter.com/pilotpig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: Re: [PHP] How to authnticate and use contents from ${HOME}
PHP may not be the thing to do this.. because it sounds like you want
the users to chroot to ${HOME} which php especially on a vhost does not do.
If you want users to access an nfs or ftp I would use either samba or
vsftp or some other scp/ftp software.
Jan G.B. wrote:
2009/7/6 Isaac Dover isaacdo...@gmail.com
Hi Chantale, as Bastien mentioned, a preconfigured package might be the
best
way to go. Wikipedia has more information:
http://en.wikipedia.org/wiki/List_of_LAMP_Packages
What are you wanting to build in your interface?
- Isaac
On Mon, Jul 6, 2009 at 9:14 AM, Bastien Koert phps...@gmail.com wrote:
Try xamp or one of the preconfigured packages
bastien
On Sunday, July 5, 2009, schneider.chant...@freenet.de wrote:
Hello,
My name ich Chantale, I am 15years old and in a german Lycee. I like to
study Informatic in two years and now try to code my first applications.
I
am new to php and like to code my own Intranet Web-Interface which should
run on my FileServer at home.
I have installed suPHP, but it seems to be not the thing I need,
because
it works only on a VHost.
What I need is, that a ${USER} can login and work on her/his ${HOME}.
How can I archive this?
Thank you
Chantale
Installing LAMP is not a good idea for productive servers. Always stick with
the Packages of your distribution to get all upgrades.
Activating a module isn't hard at all, so... there's not really a need for
packages like LAMP on a unix-like OS.
The point in not using such Packages like LAMP on a system which isn't
productive is learning to set up a productive server. You decide.
mod_auth_pam might be a way fo accomplish what you want.
Just my two cent.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: Re: [PHP] Simple login form with cookies
The basic model for password authentication is to use one way crypt
routines. MySql has several, PHP also has them. The basic algorithm
would be like this:
1) read the password from the form.
2) read the password from you datastore that matches the user name or
session
3) encrypt the password on the form.
4) do a string comparison between the database data and the encrypted
password from the form.
This is of course assumes that you have been encrypting your password
when you store them (always good practice) so I think this translates to
php as (forgive me if this is bogus, it's been a while since I've done
any php)
?
$salt = 'someglobalsaltstring'; # the salt should be the same salt used
when storing passwords to your database otherwise it won't work
$passwd = crypt($_GET['passwd'], $salt);
if ($passwd == $userObject-getPassword) { return 1} else {return 0}
?
So I've not tested this obviously but you would have to have a
$userObject which is your interface between your software and your user
data.
Hope it helps,
Carl.
PJ wrote:
PJ wrote:
Jason Carson wrote:
On Mon, Jul 6, 2009 at 02:19, Jason Carsonja...@jasoncarson.ca wrote:
ok, I have two sets of scripts here. One uses setcookie() for logging
into
the admin panel and the other uses session_start(). Both are working
fine,
is one more secure than the other?
$_COOKIE data is written to a file that is readable/writeable and
stored on the user's side of things. $_SESSION data is written to the
server, with a cookie stored on the user's side containing just the
PHPSESSID (session ID) string to identify the session file on the
server.
So determining which is better and/or more secure is really a
matter of the data held there and how it's handled. If storing things
like usernames or you absolutely want to store personal data in an
active session, do so in $_SESSION. If you're storing a password or
credit card number in the active session, you may as well do it in
$_COOKIE, because you're already using an insecure model. ;-P
--
/Daniel P. Brown
daniel.br...@parasane.net || danbr...@php.net
http://www.parasane.net/ || http://www.pilotpig.net/
Check out our great hosting and dedicated server deals at
http://twitter.com/pilotpig
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Well I'm a newbie when it comes to PHP and programming. I guess I need to
read up on login security. Do you know of, or recommend, any websites that
will show me how to secure my login model (Using cookies or sessions).
Hi Jason,
I'm probably not any wiser than you, but I have just (today) discovered
an interesting site that seems to have some really clear explanations
and tutorials re php, MySsql et al.
It's worth looking at (I'm trying to implement something like what you
are, as well):
http://www.brainbell.com/tutors/php/php_mysql/Authorizing_User_Access.html
HTH,
PJ
I just found another site which is easier to deal with (chapter
references) and seems to be the original source of the brainbell site:
http://home.bolink.org/ebooks/webP/webdb/index.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Simple login form with cookies
Carl Furst wrote: The basic model for password authentication is to use one way crypt routines. MySql has several, PHP also has them. The basic algorithm would be like this: 1) read the password from the form. 2) read the password from you datastore that matches the user name or session 3) encrypt the password on the form. 4) do a string comparison between the database data and the encrypted password from the form. Read the password on the form. Encrypt the password on the form using same salt and algorythm you use to generate the hash. Then - $sql = SELECT id FROM userdb WHERE user='$user' AND pass='$pass'; If your query returns a result, you now have a user id to store in the session. Otherwise, the login fails. No need to read from the database and do a string compare. Of course you need to watch out for injection when doing it that way, but that's what prepared statements are for. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Simple login form with cookies
These are great ideas. Another option would be to have the user choose a pin number and use either the literal pin or the encrypted pin as part of the salt. This way only when you change the pin do you need to change the password, which is probably what you would want anyway. Michael A. Peters wrote: Carl Furst wrote: ? $salt = 'someglobalsaltstring'; # the salt should be the same salt used when storing passwords to your database otherwise it won't work $passwd = crypt($_GET['passwd'], $salt); I personally use the username and the salt. That way two users with identical passwords have different hashes. With large databases, many users will have the same password, there are some that are just commonly used. The hackers know what they are, and if they get your hash dump, they try their list of commonly used passwords against the user names that have the common hashes. By using the username as part of the salt, you avoid that issue because identical passwords will have different hashes. It does mean the password has to be reset if you allow them to change their login name. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Simple login form with cookies
Carl Furst wrote: ? $salt = 'someglobalsaltstring'; # the salt should be the same salt used when storing passwords to your database otherwise it won't work $passwd = crypt($_GET['passwd'], $salt); I personally use the username and the salt. That way two users with identical passwords have different hashes. With large databases, many users will have the same password, there are some that are just commonly used. The hackers know what they are, and if they get your hash dump, they try their list of commonly used passwords against the user names that have the common hashes. By using the username as part of the salt, you avoid that issue because identical passwords will have different hashes. It does mean the password has to be reset if you allow them to change their login name. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
