php-general Digest 7 Jul 2009 09:21:04 -0000 Issue 6216
php-general Digest 7 Jul 2009 09:21:04 - Issue 6216 Topics (messages 294974 through 294990): Re: Simple login form with cookies 294974 by: Jason Carson Re: How to authnticate and use contents from ${HOME} 294975 by: Isaac Dover Re: best way to properly build an include path *regardless* from where I am calling the include? 294976 by: Govinda 294977 by: Kim N. Lesmer 294978 by: Daniel Brown 294979 by: Govinda 294980 by: Paul M Foster 294984 by: Clancy 294985 by: Govinda 294988 by: Michael A. Peters Re: Advise on starting a web store site 294981 by: Paul M Foster Re: porting C code to php 294982 by: Paul M Foster Re: How to stop E_DEPRECATED messages in the PHP log? 294983 by: Paul M Foster 294986 by: Jeff Weinberger Re: What is this called? 294987 by: Michael A. Peters Re: Call to object function, want to PHP interpret returned string 294989 by: John Allsopp PHP Manual in PDF format 294990 by: Angus Mann Administrivia: To subscribe to the digest, e-mail: php-general-digest-subscr...@lists.php.net To unsubscribe from the digest, e-mail: php-general-digest-unsubscr...@lists.php.net To post to the list, e-mail: php-gene...@lists.php.net -- ---BeginMessage--- Jason Carson wrote: On Mon, Jul 6, 2009 at 02:19, Jason Carsonja...@jasoncarson.ca wrote: ok, I have two sets of scripts here. One uses setcookie() for logging into the admin panel and the other uses session_start(). Both are working fine, is one more secure than the other? $_COOKIE data is written to a file that is readable/writeable and stored on the user's side of things. $_SESSION data is written to the server, with a cookie stored on the user's side containing just the PHPSESSID (session ID) string to identify the session file on the server. So determining which is better and/or more secure is really a matter of the data held there and how it's handled. If storing things like usernames or you absolutely want to store personal data in an active session, do so in $_SESSION. If you're storing a password or credit card number in the active session, you may as well do it in $_COOKIE, because you're already using an insecure model. ;-P -- /Daniel P. Brown daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ Check out our great hosting and dedicated server deals at http://twitter.com/pilotpig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Well I'm a newbie when it comes to PHP and programming. I guess I need to read up on login security. Do you know of, or recommend, any websites that will show me how to secure my login model (Using cookies or sessions). Hi Jason, I'm probably not any wiser than you, but I have just (today) discovered an interesting site that seems to have some really clear explanations and tutorials re php, MySsql et al. It's worth looking at (I'm trying to implement something like what you are, as well): http://www.brainbell.com/tutors/php/php_mysql/Authorizing_User_Access.html HTH, PJ -- Hervé Kempf: Pour sauver la planète, sortez du capitalisme. - Phil Jourdan --- p...@ptahhotep.com http://www.ptahhotep.com http://www.chiccantine.com/andypantry.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php I'll check it out this evening when I have some time. Thanks for the link. ---End Message--- ---BeginMessage--- Hi Chantale, as Bastien mentioned, a preconfigured package might be the best way to go. Wikipedia has more information: http://en.wikipedia.org/wiki/List_of_LAMP_Packages What are you wanting to build in your interface? - Isaac On Mon, Jul 6, 2009 at 9:14 AM, Bastien Koert phps...@gmail.com wrote: Try xamp or one of the preconfigured packages bastien On Sunday, July 5, 2009, schneider.chant...@freenet.de wrote: Hello, My name ich Chantale, I am 15years old and in a german Lycee. I like to study Informatic in two years and now try to code my first applications. I am new to php and like to code my own Intranet Web-Interface which should run on my FileServer at home. I have installed suPHP, but it seems to be not the thing I need, because it works only on a VHost. What I need is, that a ${USER} can login and work on her/his ${HOME}. How can I archive this? Thank you Chantale #adBox3 {display:none;} -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Bastien Cat, the other other white meat -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit:
Re: [PHP] What is this called?
and throw your favorite Linux distro on it (I'm not touching that holy war with a 10' eth0 cord) I'll touch it. It shouldn't be Fedora - Fedora has too short of a lifetime before major version update is necessary to get patches. The main advantages of Fedora are how new and shiny the desktop is, but a box just for SQL isn't going to care about new and shiny gnome with the pretty widgets. Use RHEL/CentOS for this if you like RPM. Just replace the archaic php 5.1.x and yer good to go ;) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] best way to properly build an include path *regardless* from where I am calling the include?
Govinda wrote: I want something that will work for calling an include from any file that lives n levels deep. That's where you have to define a variable (or constant) that tells the system where the web root is located, and then use that to determine where you are in relation to that. For example: ?php function relate_path($me,$root = '/home/pilotpig/public_html') { if(preg_match('/\/.*\.[a-z0-9]{2,5}$/Ui',$me)) { // If a file with extension 2-5 alphanum chars $me = dirname($me); // Strip the filename // Then loop through the correct number of times. for($i=0;$i(substr_count($me,'/') - substr_count($root,'/'));$i++) { $me = dirname($me); } return $me; // Returns the resulting path. } return false; // If we were unable to get the path. } /* Then use it as follows, presuming this file is named /home/user/public_html/web/home.php */ if(($path = relate_path(__FILE__)) !== false) { include($path.'/include/config.php'); } else { // Handle the error for the incorrect inclusion attempt. } ? Voila! Also, what is the difference between a path that starts with /, versus the same path but that does not have that leading /, or that same path but prefixed with ./? I.e., this: /somepath/includes/file.php is a true (absolute) path. versus this: somepath/includes/file.php is a relative path from wherever the file is called. versus this: ./somepath/includes/file.php is a relative path from the CWD/PWD (Current Working Directory/Present Working Directory). P.S. - The function is untested, just rattled off from my brain while I cook dinner, so if it doesn't work, at least you should get the gist of where I'm going but try it anyway. ;-P Dan I love to see smart hacks in action! ..and I believe I get what you are doing. I am just amazed that there is not a SIMPLE (one-liner) reliable way of just saying document root without a complex function like that. $documentRoot = '/srv/website/www' Unless you change your site configuration option, that is both concise and easy to understand when you (or someone else) reads the code 5 months from now. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Call to object function, want to PHP interpret returned string
Stuart wrote: 2009/7/6 John Allsopp j...@johnallsopp.co.uk: David Robley wrote: John Allsopp wrote: Hi At the top of a webpage I have: ?php include_once(furniture.php); $myFurniture = new furniture(); echo $myFurniture-getTop(my company title); ? to deliver the first lines of HTML, everything in HEAD and the first bits of page furniture (menu, etc). In the furniture object in getTop(), I want to return a string that includes the CSS file that I call with an include_once. But the include_once isn't interpreted by PHP, it's just outputted. So from: $toReturn = !DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' ?php include_once('styles3.txt'); ? ...; return $toReturn; I get ?php include_once('styles3.txt'); ? in my code. Do I really have to break up my echo $myFurniture-getTop(my company title); call to getTopTop, then include my CSS, then call getTopBottom, or can I get PHP to interpret that text that came back? PS. I may be stupid, this may be obvious .. I don't program PHP every day Thanks in advance for your help :-) Cheers J First guess is that your page doing the including doesn't have a filename with a .php extension, and your server is set to only parse php in files with a .php extension. Cheers Ah, thanks. It's a PHP object returning a string, I guess the PHP interpreter won't see that. So, maybe my object has to write a file that my calling file then includes after the object function call. Doesn't sound too elegant, but is that how it's gotta be? You appear to be looking for the eval function: http://php.net/eval However, in 99.99% of cases using eval is not the right solution. In your case there are two ways to solve it. The first way, assuming the thing you're trying to include is a stylesheet, is to use an external link to a CSS file. That would be the normal way to include a stylesheet in an HTML page and is far more efficient that including it inline. If it's not just a stylesheet that you're including then you'll want to load the file in the getTop method. For example... $toReturn = !DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' ; $toReturn.= file_get_contents('styles3.txt'); $toReturn.= '..'; Simple as that. -Stuart Thanks guys. Yes, actually file_get_contents didn't work for me, and yes you're right, of course I should be including my CSS like LINK rel='stylesheet' type='text/css' media='screen' href='style3.css' title='style1' in the header. The style3.txt file I was trying to PHP include was there so I could include more than one stylesheet and make just one amendment. One for printing and I'm guessing one for mobile. All that file contained was the LINK... line above. That was legacy code. Now I have a furniture object, of course, I can put my stylesheet code in one place there just as part of the header, and have no need for style3.txt. Thanks for all your help. J -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP Manual in PDF format
Hi all. I realize this question has been asked before and I've found responses in the archive, but none of the links work now, or the files they point to are old or unsuitable. I'd like to print the most recent PHP manual to paper, so I need it in a format that's suitable. I've downloaded it from php.net in chm and HTML format but neither of them can easily be printed with proper attention to page numbering and order. Any idea where to find a PDF or similar version of the manual? Thanks, Angus
Re: [PHP] How to stop E_DEPRECATED messages in the PHP log?
On 7/7/09 1:23 AM, Jeff Weinberger j...@jeffweinberger.com wrote: On Jul 6, 2009, at 7:47 PM, Paul M Foster wrote: On Mon, Jul 06, 2009 at 02:16:09PM -0700, Jeff Weinberger wrote: Hi: I am hoping someone can help me figure this out I've just upgraded my PHP installation to 5.3.0. Now I am receiving thousands of log messages of the form PHP Deprecated: I know I have a number of scripts that use now-deprecated functions, etc. and I now know what those are, thanks to all the messages. However, this is now growing to (literally) gigabytes of log entries, so I'd like to stop the messages until I have the time to re-write all the offending scripts. I have tried the following error.reporting lines in php.ini: error_reporting = E_ALL ~E_DEPRECATED E_ERROR E_WARNING E_PARSE E_NOTICE E_CORE_ERROR E_USER_ERROR E_USER_WARNING E_USER_NOTICE E_COMPILE_ERROR E_COMPILE_WARNING error_reporting = ~E_DEPRECATED E_ALL E_ERROR E_WARNING E_PARSE E_NOTICE E_CORE_ERROR E_USER_ERROR E_USER_WARNING E_USER_NOTICE E_COMPILE_ERROR E_COMPILE_WARNING error_reporting = E_ALL E_ERROR E_WARNING E_PARSE E_NOTICE E_CORE_ERROR E_USER_ERROR E_USER_WARNING E_USER_NOTICE E_COMPILE_ERROR E_COMPILE_WARNING ~E_DEPRECATED error_reporting = E_ERROR E_CORE_ERROR E_USER_ERROR E_COMPILE_ERROR E_COMPILE_WARNING ~E_DEPRECATED error_reporting = ~E_DEPRECATED E_ERROR E_CORE_ERROR E_USER_ERROR E_COMPILE_ERROR E_COMPILE_WARNING (as you can tell, I prefer verbose logs, but not that verbose...). None of these combinations have stopped the PHP Deprecated: ... messages. System info: Mac OS/X 10.5.7 Client version, PHP 5.3.0 running as a CGI under Apache 2.2.11 and as a CLI. Please let me know if there's any other info that might help. php_info() reports error.reporting as 0 Any help or guidance is appreciated!! Try error_reporting(E_ALL ^ E_DEPRECATED); See http://us2.php.net/manual/en/function.error-reporting.php for more info and examples. Paul -- Paul M. Foster -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Paul: Thanks for your suggestion - it would work nicely, except that that is a runtime function that is called within a script. I am trying to get the php.ini setting correct to avoid the Deprecated messages. I tried error_reporting=E_ALL ~E_DEPRECATED (which I think is the php.ini analogy to your suggestion) to no avail - it failed also. leaving me still confused how about running this to find the int value to put into php.ini: ?php error_reporting(E_ALL ^ E_DEPRECATED); echo error_reporting(); ? i don't have 5.3 so i haven't tried. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How to stop E_DEPRECATED messages in the PHP log?
2009/7/6 Jeff Weinberger j...@jeffweinberger.com: Hi: I am hoping someone can help me figure this out I've just upgraded my PHP installation to 5.3.0. Now I am receiving thousands of log messages of the form PHP Deprecated: I know I have a number of scripts that use now-deprecated functions, etc. and I now know what those are, thanks to all the messages. However, this is now growing to (literally) gigabytes of log entries, so I'd like to stop the messages until I have the time to re-write all the offending scripts. I have tried the following error.reporting lines in php.ini: error_reporting = E_ALL ~E_DEPRECATED E_ERROR E_WARNING E_PARSE E_NOTICE E_CORE_ERROR E_USER_ERROR E_USER_WARNING E_USER_NOTICE E_COMPILE_ERROR E_COMPILE_WARNING error_reporting = ~E_DEPRECATED E_ALL E_ERROR E_WARNING E_PARSE E_NOTICE E_CORE_ERROR E_USER_ERROR E_USER_WARNING E_USER_NOTICE E_COMPILE_ERROR E_COMPILE_WARNING error_reporting = E_ALL E_ERROR E_WARNING E_PARSE E_NOTICE E_CORE_ERROR E_USER_ERROR E_USER_WARNING E_USER_NOTICE E_COMPILE_ERROR E_COMPILE_WARNING ~E_DEPRECATED error_reporting = E_ERROR E_CORE_ERROR E_USER_ERROR E_COMPILE_ERROR E_COMPILE_WARNING ~E_DEPRECATED error_reporting = ~E_DEPRECATED E_ERROR E_CORE_ERROR E_USER_ERROR E_COMPILE_ERROR E_COMPILE_WARNING (as you can tell, I prefer verbose logs, but not that verbose...). None of these combinations have stopped the PHP Deprecated: ... messages. System info: Mac OS/X 10.5.7 Client version, PHP 5.3.0 running as a CGI under Apache 2.2.11 and as a CLI. Please let me know if there's any other info that might help. php_info() reports error.reporting as 0 Any help or guidance is appreciated!! Thanks, --Jeff No one ever achieved greatness by playing it safe. -Harry Gray -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Try ... error_reporting = 22527 -- - Richard Quadling Zend Certified Engineer : http://zend.com/zce.php?c=ZEND002498r=213474731 Standing on the shoulders of some very clever giants! I need a car : http://snipurl.com/l4pih ZOPA : http://uk.zopa.com/member/RQuadling -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Manual in PDF format
2009/7/7 Angus Mann angusm...@pobox.com: Hi all. I realize this question has been asked before and I've found responses in the archive, but none of the links work now, or the files they point to are old or unsuitable. I'd like to print the most recent PHP manual to paper, so I need it in a format that's suitable. I've downloaded it from php.net in chm and HTML format but neither of them can easily be printed with proper attention to page numbering and order. Any idea where to find a PDF or similar version of the manual? Thanks, Angus $ pecl install haru $ pear channel-discover doc.php.net $ pear install doc.php.net/phd-beta $ cvs -d:pserver:cvsr...@cvs.php.net/repository login (the password is phpfi) $ cvs -d:pserver:cvsr...@cvs.php.net/repository co phpdoc $ cd phpdoc $ php configure.php $ phd -f pdf -t phppdf -d .manual.xml Now open the newly created pdf folder :) If you'd like a big fat one PDF file then use phpbigpdf rather then phppdf The PDF version will be available soon. Ish. Maybe. Hopefully. -- - Richard Quadling Zend Certified Engineer : http://zend.com/zce.php?c=ZEND002498r=213474731 Standing on the shoulders of some very clever giants! I need a car : http://snipurl.com/l4pih ZOPA : http://uk.zopa.com/member/RQuadling -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Advise on starting a web store site
At 1:15 PM +0100 7/6/09, Matthew Croud wrote: Hi, I'm going to start my first e commerce website for a small web shoe store. I think I know enough PHP to keep my head above water, I'm using an add on shopping cart package to deal with the transactions. My question is, what's the best way to design a site where each product appears to have its own page. Is there a way to create the site *without* having each product have a physical separate page ? Is there a method of web design which makes creating new pages simple if they all follow the same pattern. i.e thumbnail, description etc. Thanks guys, Matt. Mat: Certainly, here's an example: http://ancientstones.com/ Each item is pulled from a database and the catalog is assembled as the user instructs. When the user clicks on an item, then an individual page is assemble to show that item. There are no static pages, but rather templates where the contents are pulled from a database to fill the templates (catalog page and item page) as the user shows interest. I also have a back-end script that allow the owner to upload pictures of his product and add content (i.e., title, description, price). Additionally, the shopping cart I use here is provided by PayPal and NOT something I installed. Believe me, dealing with credit card transactions is not without concern and liability. I recommend with a small web store, it is worth considering passing all that responsibility off to a company that deals with it routinely. It's a simple process to use PayPal. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How to stop E_DEPRECATED messages in the PHP log?
On Jul 7, 2009, at 5:50 AM, Richard Quadling wrote: 2009/7/6 Jeff Weinberger j...@jeffweinberger.com: Hi: I am hoping someone can help me figure this out I've just upgraded my PHP installation to 5.3.0. Now I am receiving thousands of log messages of the form PHP Deprecated: I know I have a number of scripts that use now-deprecated functions, etc. and I now know what those are, thanks to all the messages. However, this is now growing to (literally) gigabytes of log entries, so I'd like to stop the messages until I have the time to re-write all the offending scripts. I have tried the following error.reporting lines in php.ini: error_reporting = E_ALL ~E_DEPRECATED E_ERROR E_WARNING E_PARSE E_NOTICE E_CORE_ERROR E_USER_ERROR E_USER_WARNING E_USER_NOTICE E_COMPILE_ERROR E_COMPILE_WARNING error_reporting = ~E_DEPRECATED E_ALL E_ERROR E_WARNING E_PARSE E_NOTICE E_CORE_ERROR E_USER_ERROR E_USER_WARNING E_USER_NOTICE E_COMPILE_ERROR E_COMPILE_WARNING error_reporting = E_ALL E_ERROR E_WARNING E_PARSE E_NOTICE E_CORE_ERROR E_USER_ERROR E_USER_WARNING E_USER_NOTICE E_COMPILE_ERROR E_COMPILE_WARNING ~E_DEPRECATED error_reporting = E_ERROR E_CORE_ERROR E_USER_ERROR E_COMPILE_ERROR E_COMPILE_WARNING ~E_DEPRECATED error_reporting = ~E_DEPRECATED E_ERROR E_CORE_ERROR E_USER_ERROR E_COMPILE_ERROR E_COMPILE_WARNING (as you can tell, I prefer verbose logs, but not that verbose...). None of these combinations have stopped the PHP Deprecated: ... messages. System info: Mac OS/X 10.5.7 Client version, PHP 5.3.0 running as a CGI under Apache 2.2.11 and as a CLI. Please let me know if there's any other info that might help. php_info() reports error.reporting as 0 Any help or guidance is appreciated!! Thanks, --Jeff No one ever achieved greatness by playing it safe. -Harry Gray -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Try ... error_reporting = 22527 -- - Richard Quadling Zend Certified Engineer : http://zend.com/zce.php?c=ZEND002498r=213474731 Standing on the shoulders of some very clever giants! I need a car : http://snipurl.com/l4pih ZOPA : http://uk.zopa.com/member/RQuadling Richard (and Tom): This seemed like it would be the perfect solution...but alas it did not work. 22527 seems right, but after changing php.ini to that and restarting php and apache, I am still getting Deprecated... messages. :( I'll keep trying...and any other suggestions are much appreciated! Thanks! A wise man will make more opportunities than he finds. -Francis Bacon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Simple login form with cookies
PJ wrote: Jason Carson wrote: On Mon, Jul 6, 2009 at 02:19, Jason Carsonja...@jasoncarson.ca wrote: ok, I have two sets of scripts here. One uses setcookie() for logging into the admin panel and the other uses session_start(). Both are working fine, is one more secure than the other? $_COOKIE data is written to a file that is readable/writeable and stored on the user's side of things. $_SESSION data is written to the server, with a cookie stored on the user's side containing just the PHPSESSID (session ID) string to identify the session file on the server. So determining which is better and/or more secure is really a matter of the data held there and how it's handled. If storing things like usernames or you absolutely want to store personal data in an active session, do so in $_SESSION. If you're storing a password or credit card number in the active session, you may as well do it in $_COOKIE, because you're already using an insecure model. ;-P -- /Daniel P. Brown daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ Check out our great hosting and dedicated server deals at http://twitter.com/pilotpig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Well I'm a newbie when it comes to PHP and programming. I guess I need to read up on login security. Do you know of, or recommend, any websites that will show me how to secure my login model (Using cookies or sessions). Hi Jason, I'm probably not any wiser than you, but I have just (today) discovered an interesting site that seems to have some really clear explanations and tutorials re php, MySsql et al. It's worth looking at (I'm trying to implement something like what you are, as well): http://www.brainbell.com/tutors/php/php_mysql/Authorizing_User_Access.html HTH, PJ I just found another site which is easier to deal with (chapter references) and seems to be the original source of the brainbell site: http://home.bolink.org/ebooks/webP/webdb/index.htm -- Hervé Kempf: Pour sauver la planète, sortez du capitalisme. - Phil Jourdan --- p...@ptahhotep.com http://www.ptahhotep.com http://www.chiccantine.com/andypantry.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How to stop E_DEPRECATED messages in the PHP log?
On Tue, Jul 7, 2009 at 11:03, Jeff Weinbergerj...@jeffweinberger.com wrote: This seemed like it would be the perfect solution...but alas it did not work. 22527 seems right, but after changing php.ini to that and restarting php and apache, I am still getting Deprecated... messages. Dumb question, Jeff: are you sure you're editing the correct php.ini file? -- /Daniel P. Brown daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ Check out our great hosting and dedicated server deals at http://twitter.com/pilotpig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How to stop E_DEPRECATED messages in the PHP log?
On Jul 7, 2009, at 8:38 AM, Daniel Brown wrote: On Tue, Jul 7, 2009 at 11:03, Jeff Weinbergerj...@jeffweinberger.com wrote: This seemed like it would be the perfect solution...but alas it did not work. 22527 seems right, but after changing php.ini to that and restarting php and apache, I am still getting Deprecated... messages. Dumb question, Jeff: are you sure you're editing the correct php.ini file? -- /Daniel P. Brown daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ Check out our great hosting and dedicated server deals at http://twitter.com/pilotpig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Daniel: Not a dumb question at all! I check every time (php_info()) to make sure the loaded configuration file is the one I'm editing. So, as far as I can tell, yes. Should I be looking at something else to be sure? Thanks! --Jeff UNIX is the Klingon of cyberspace. -from The Cluetrain Manifesto -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Browser Alert
2009/7/4 tedd t...@sperling.com So, if you're having problems with Safari 4.0 on Mac OSX uploading files, you're not alone. s/uploading files// ;) To make this posting useful: The thing might be related to this Bug http://www.webmasterworld.com/macintosh_webmaster/3300569.htm But, since you did post only a few details, no one can know for sure.
Re: [PHP] How to stop E_DEPRECATED messages in the PHP log?
On 7/7/09 11:38 AM, Daniel Brown danbr...@php.net wrote: On Tue, Jul 7, 2009 at 11:03, Jeff Weinbergerj...@jeffweinberger.com wrote: This seemed like it would be the perfect solution...but alas it did not work. 22527 seems right, but after changing php.ini to that and restarting php and apache, I am still getting Deprecated... messages. Dumb question, Jeff: are you sure you're editing the correct php.ini file? i was about to ask the same. phpinfo() will tell you the path to the in-effect config file. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How to authnticate and use contents from ${HOME}
2009/7/6 Isaac Dover isaacdo...@gmail.com Hi Chantale, as Bastien mentioned, a preconfigured package might be the best way to go. Wikipedia has more information: http://en.wikipedia.org/wiki/List_of_LAMP_Packages What are you wanting to build in your interface? - Isaac On Mon, Jul 6, 2009 at 9:14 AM, Bastien Koert phps...@gmail.com wrote: Try xamp or one of the preconfigured packages bastien On Sunday, July 5, 2009, schneider.chant...@freenet.de wrote: Hello, My name ich Chantale, I am 15years old and in a german Lycee. I like to study Informatic in two years and now try to code my first applications. I am new to php and like to code my own Intranet Web-Interface which should run on my FileServer at home. I have installed suPHP, but it seems to be not the thing I need, because it works only on a VHost. What I need is, that a ${USER} can login and work on her/his ${HOME}. How can I archive this? Thank you Chantale Installing LAMP is not a good idea for productive servers. Always stick with the Packages of your distribution to get all upgrades. Activating a module isn't hard at all, so... there's not really a need for packages like LAMP on a unix-like OS. The point in not using such Packages like LAMP on a system which isn't productive is learning to set up a productive server. You decide. mod_auth_pam might be a way fo accomplish what you want. Just my two cent.
Re: [PHP] How to stop E_DEPRECATED messages in the PHP log?
On 7/7/09 12:17 PM, Jeff Weinberger j...@jeffweinberger.com wrote: On Jul 7, 2009, at 8:38 AM, Daniel Brown wrote: On Tue, Jul 7, 2009 at 11:03, Jeff Weinbergerj...@jeffweinberger.com wrote: This seemed like it would be the perfect solution...but alas it did not work. 22527 seems right, but after changing php.ini to that and restarting php and apache, I am still getting Deprecated... messages. Dumb question, Jeff: are you sure you're editing the correct php.ini file? -- /Daniel P. Brown daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ Check out our great hosting and dedicated server deals at http://twitter.com/pilotpig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Daniel: Not a dumb question at all! I check every time (php_info()) to make sure the loaded configuration file is the one I'm editing. So, as far as I can tell, yes. Should I be looking at something else to be sure? i've now had a look at http://www.php.net/manual/en/errorfunc.constants.php in your shoes i'd try out 2047 (with is everything up to and including E_USER_NOTICE) and possibly 6143 (=2047+4096) if you have your own error handler. if still no luck i can't think of anything else to suggest but work backwards: check the value returned by error_reporting() is the value you set in php.ini. binary decode it to double check. if it sill makes no sense, check the php bugs db. and if nothing, maybe report it. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Manual in PDF format
Richard Quadling wrote: $ pecl install haru [...] $ phd -f pdf -t phppdf -d .manual.xml I installed haru, yet when I try the phd command, I get a class 'HaruDoc' not found error :( Has this happened to anyone else? James -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How to stop E_DEPRECATED messages in the PHP log?
On Jul 7, 2009, at 12:30 PM, Tom Worster wrote: On 7/7/09 12:17 PM, Jeff Weinberger j...@jeffweinberger.com wrote: On Jul 7, 2009, at 8:38 AM, Daniel Brown wrote: On Tue, Jul 7, 2009 at 11:03, Jeff Weinbergerj...@jeffweinberger.com wrote: This seemed like it would be the perfect solution...but alas it did not work. 22527 seems right, but after changing php.ini to that and restarting php and apache, I am still getting Deprecated... messages. Dumb question, Jeff: are you sure you're editing the correct php.ini file? -- /Daniel P. Brown daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ Check out our great hosting and dedicated server deals at http://twitter.com/pilotpig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Daniel: Not a dumb question at all! I check every time (php_info()) to make sure the loaded configuration file is the one I'm editing. So, as far as I can tell, yes. Should I be looking at something else to be sure? i've now had a look at http://www.php.net/manual/en/errorfunc.constants.php in your shoes i'd try out 2047 (with is everything up to and including E_USER_NOTICE) and possibly 6143 (=2047+4096) if you have your own error handler. if still no luck i can't think of anything else to suggest but work backwards: check the value returned by error_reporting() is the value you set in php.ini. binary decode it to double check. if it sill makes no sense, check the php bugs db. and if nothing, maybe report it. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Tom: thanks - I'll try those and report back, and will keep playing with various combinations until I get it to work or prove it doesn't :) One question - that I for some reason have not found - is there a list of the numerical values of the E_* constants somewhere? Thanks for your help! --Jeff Real love is a pilgrimage. It happens when there is no strategy, but it is very rare because most people are strategists. -Anita Brookner -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How to stop E_DEPRECATED messages in the PHP log?
On Tue, Jul 7, 2009 at 17:46, Jeff Weinbergerj...@jeffweinberger.com wrote: One question - that I for some reason have not found - is there a list of the numerical values of the E_* constants somewhere? You bet: http://php.net/manual/en/errorfunc.constants.php -- /Daniel P. Brown daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ Check out our great hosting and dedicated server deals at http://twitter.com/pilotpig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: Re: [PHP] How to authnticate and use contents from ${HOME}
PHP may not be the thing to do this.. because it sounds like you want the users to chroot to ${HOME} which php especially on a vhost does not do. If you want users to access an nfs or ftp I would use either samba or vsftp or some other scp/ftp software. Jan G.B. wrote: 2009/7/6 Isaac Dover isaacdo...@gmail.com Hi Chantale, as Bastien mentioned, a preconfigured package might be the best way to go. Wikipedia has more information: http://en.wikipedia.org/wiki/List_of_LAMP_Packages What are you wanting to build in your interface? - Isaac On Mon, Jul 6, 2009 at 9:14 AM, Bastien Koert phps...@gmail.com wrote: Try xamp or one of the preconfigured packages bastien On Sunday, July 5, 2009, schneider.chant...@freenet.de wrote: Hello, My name ich Chantale, I am 15years old and in a german Lycee. I like to study Informatic in two years and now try to code my first applications. I am new to php and like to code my own Intranet Web-Interface which should run on my FileServer at home. I have installed suPHP, but it seems to be not the thing I need, because it works only on a VHost. What I need is, that a ${USER} can login and work on her/his ${HOME}. How can I archive this? Thank you Chantale Installing LAMP is not a good idea for productive servers. Always stick with the Packages of your distribution to get all upgrades. Activating a module isn't hard at all, so... there's not really a need for packages like LAMP on a unix-like OS. The point in not using such Packages like LAMP on a system which isn't productive is learning to set up a productive server. You decide. mod_auth_pam might be a way fo accomplish what you want. Just my two cent. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: Re: [PHP] Simple login form with cookies
The basic model for password authentication is to use one way crypt routines. MySql has several, PHP also has them. The basic algorithm would be like this: 1) read the password from the form. 2) read the password from you datastore that matches the user name or session 3) encrypt the password on the form. 4) do a string comparison between the database data and the encrypted password from the form. This is of course assumes that you have been encrypting your password when you store them (always good practice) so I think this translates to php as (forgive me if this is bogus, it's been a while since I've done any php) ? $salt = 'someglobalsaltstring'; # the salt should be the same salt used when storing passwords to your database otherwise it won't work $passwd = crypt($_GET['passwd'], $salt); if ($passwd == $userObject-getPassword) { return 1} else {return 0} ? So I've not tested this obviously but you would have to have a $userObject which is your interface between your software and your user data. Hope it helps, Carl. PJ wrote: PJ wrote: Jason Carson wrote: On Mon, Jul 6, 2009 at 02:19, Jason Carsonja...@jasoncarson.ca wrote: ok, I have two sets of scripts here. One uses setcookie() for logging into the admin panel and the other uses session_start(). Both are working fine, is one more secure than the other? $_COOKIE data is written to a file that is readable/writeable and stored on the user's side of things. $_SESSION data is written to the server, with a cookie stored on the user's side containing just the PHPSESSID (session ID) string to identify the session file on the server. So determining which is better and/or more secure is really a matter of the data held there and how it's handled. If storing things like usernames or you absolutely want to store personal data in an active session, do so in $_SESSION. If you're storing a password or credit card number in the active session, you may as well do it in $_COOKIE, because you're already using an insecure model. ;-P -- /Daniel P. Brown daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ Check out our great hosting and dedicated server deals at http://twitter.com/pilotpig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Well I'm a newbie when it comes to PHP and programming. I guess I need to read up on login security. Do you know of, or recommend, any websites that will show me how to secure my login model (Using cookies or sessions). Hi Jason, I'm probably not any wiser than you, but I have just (today) discovered an interesting site that seems to have some really clear explanations and tutorials re php, MySsql et al. It's worth looking at (I'm trying to implement something like what you are, as well): http://www.brainbell.com/tutors/php/php_mysql/Authorizing_User_Access.html HTH, PJ I just found another site which is easier to deal with (chapter references) and seems to be the original source of the brainbell site: http://home.bolink.org/ebooks/webP/webdb/index.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Simple login form with cookies
Carl Furst wrote: The basic model for password authentication is to use one way crypt routines. MySql has several, PHP also has them. The basic algorithm would be like this: 1) read the password from the form. 2) read the password from you datastore that matches the user name or session 3) encrypt the password on the form. 4) do a string comparison between the database data and the encrypted password from the form. Read the password on the form. Encrypt the password on the form using same salt and algorythm you use to generate the hash. Then - $sql = SELECT id FROM userdb WHERE user='$user' AND pass='$pass'; If your query returns a result, you now have a user id to store in the session. Otherwise, the login fails. No need to read from the database and do a string compare. Of course you need to watch out for injection when doing it that way, but that's what prepared statements are for. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Simple login form with cookies
These are great ideas. Another option would be to have the user choose a pin number and use either the literal pin or the encrypted pin as part of the salt. This way only when you change the pin do you need to change the password, which is probably what you would want anyway. Michael A. Peters wrote: Carl Furst wrote: ? $salt = 'someglobalsaltstring'; # the salt should be the same salt used when storing passwords to your database otherwise it won't work $passwd = crypt($_GET['passwd'], $salt); I personally use the username and the salt. That way two users with identical passwords have different hashes. With large databases, many users will have the same password, there are some that are just commonly used. The hackers know what they are, and if they get your hash dump, they try their list of commonly used passwords against the user names that have the common hashes. By using the username as part of the salt, you avoid that issue because identical passwords will have different hashes. It does mean the password has to be reset if you allow them to change their login name. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Simple login form with cookies
Carl Furst wrote: ? $salt = 'someglobalsaltstring'; # the salt should be the same salt used when storing passwords to your database otherwise it won't work $passwd = crypt($_GET['passwd'], $salt); I personally use the username and the salt. That way two users with identical passwords have different hashes. With large databases, many users will have the same password, there are some that are just commonly used. The hackers know what they are, and if they get your hash dump, they try their list of commonly used passwords against the user names that have the common hashes. By using the username as part of the salt, you avoid that issue because identical passwords will have different hashes. It does mean the password has to be reset if you allow them to change their login name. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php