php-general Digest 19 Aug 2010 09:03:49 -0000 Issue 6901
php-general Digest 19 Aug 2010 09:03:49 - Issue 6901 Topics (messages 307545 through 307556): Re: Can't read $_POST array 307545 by: Ashley Sheridan 307546 by: Marc Guay 307547 by: Brian Dunning 307548 by: Adam Richardson 307549 by: Adam Richardson 307550 by: Ashley Sheridan 307551 by: chris h 307552 by: Brian Dunning 307553 by: Daevid Vincent 307554 by: Andrew Mason required return on pecl install pam 307555 by: fakessh Re: How safe is a .htaccess file? 307556 by: Nathan Rixham Administrivia: To subscribe to the digest, e-mail: php-general-digest-subscr...@lists.php.net To unsubscribe from the digest, e-mail: php-general-digest-unsubscr...@lists.php.net To post to the list, e-mail: php-gene...@lists.php.net -- ---BeginMessage--- On Wed, 2010-08-18 at 13:45 -0700, Brian Dunning wrote: I'm trying to write a VERY simple script that does nothing but store all the submitted GET and POST vars in a string and echo it out. $response = print_r($_REQUEST, true); echo $response; The problem is it only shows GET vars. I've tried $POST instead of $_REQUEST and it always gives an empty array. I've got it on two different servers, and we have three guys trying various methods of submitting forms to it, trying to eliminate all potential problems, like the possibility that the request might not actually have any POST vars. I think we've safely eliminated these possibilities. Can anyone see a reason why the above should not see POST vars? Is there some security setting I don't know about? Is there any code before the print_r() call, i.e. code that might be setting it to an empty array? If not, then are you sure your form is definitely sending post variables? It sounds a stupid question, but a small typo could be sending the data as GET by accident. Firefox has a useful extension called Firebug which might be able to show you the data being sent to the browser. If you really need to bring out the big guns, then Wireshark will show all the network traffic, including that sent from your form to the server. Thanks, Ash http://www.ashleysheridan.co.uk ---End Message--- ---BeginMessage--- $response = print_r($_REQUEST, true); echo $response; I'm sorry I don't have any input on your actual question but tohuhgt I'd mention that this can be shortened to: print_r($_REQUEST); ... if I'm not mistaken. Marc ---End Message--- ---BeginMessage--- Sorry, my typo, $_POST is one of the options we tried, not $POST. It returns an empty array also. On Aug 18, 2010, at 1:50 PM, Joshua Kehn wrote: On Aug 18, 2010, at 4:45 PM, Brian Dunning wrote: I'm trying to write a VERY simple script that does nothing but store all the submitted GET and POST vars in a string and echo it out. $response = print_r($_REQUEST, true); echo $response; The problem is it only shows GET vars. I've tried $POST instead of $_REQUEST and it always gives an empty array. I've got it on two different servers, and we have three guys trying various methods of submitting forms to it, trying to eliminate all potential problems, like the possibility that the request might not actually have any POST vars. I think we've safely eliminated these possibilities. Can anyone see a reason why the above should not see POST vars? Is there some security setting I don't know about? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php You have to use $_POST for the post data. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com ---End Message--- ---BeginMessage--- On Wed, Aug 18, 2010 at 4:49 PM, Ashley Sheridan a...@ashleysheridan.co.ukwrote: On Wed, 2010-08-18 at 13:45 -0700, Brian Dunning wrote: I'm trying to write a VERY simple script that does nothing but store all the submitted GET and POST vars in a string and echo it out. $response = print_r($_REQUEST, true); echo $response; The problem is it only shows GET vars. I've tried $POST instead of $_REQUEST and it always gives an empty array. I've got it on two different servers, and we have three guys trying various methods of submitting forms to it, trying to eliminate all potential problems, like the possibility that the request might not actually have any POST vars. I think we've safely eliminated these possibilities. Can anyone see a reason why the above should not see POST vars? Is there some security setting I don't know about? Is there any code before the print_r() call, i.e. code that might be setting it to an empty array? If not, then are you sure your form is definitely sending post variables? It sounds a stupid question, but a small typo could be sending the data as GET by accident. Firefox has a useful
php-general Digest 19 Aug 2010 21:26:31 -0000 Issue 6902
that there is a fault with the way that mandriva builds the packages. ---End Message--- ---BeginMessage--- On Thu, 2010-08-19 at 15:35 +0100, e-letter wrote: On 19/08/2010, Ashley Sheridan a...@ashleysheridan.co.uk wrote: I think it's fairly clear that for whatever reason, PHP isn't properly configured with Apache. You've mentioned you're using Mandriva, which, coincidentally, is what i've just recently installed on my home machine. It has a very good graphical package manager that you can use to install PHP and Apache. I'm not at my home machine right now, so I don't recall the exact name, but it's found somewhere in the Computer Settings main menu dialogue. From here, you can install Apache and PHP, which will configure Apache as well to recognise PHP scripts and execute them. mcc (mandriva linux control centre) is the command (or more specifically, rpmdrake) To my knowledge, using this tool, all necessary files are installed. I suspect that there is a fault with the way that mandriva builds the packages. As Colin suggested on another email, check to see if apache-mod_php was installed too. It seems likely that it wasn't for some reason. Thanks, Ash http://www.ashleysheridan.co.uk ---End Message--- ---BeginMessage--- On 19/08/2010, Ashley Sheridan a...@ashleysheridan.co.uk wrote: As Colin suggested on another email, check to see if apache-mod_php was installed too. It seems likely that it wasn't for some reason. How to verify please? Also, the instruction to use task-lamp; it seems this is for mysql but the database to be used is postgresql? ---End Message--- ---BeginMessage--- On Thu, 2010-08-19 at 16:30 +0100, e-letter wrote: On 19/08/2010, Ashley Sheridan a...@ashleysheridan.co.uk wrote: As Colin suggested on another email, check to see if apache-mod_php was installed too. It seems likely that it wasn't for some reason. How to verify please? Also, the instruction to use task-lamp; it seems this is for mysql but the database to be used is postgresql? Use the package manager to check and see if that was installed. I'm not familiar with the command line for rpmi, having used Yum on Fedora mostly, but on that you would just do a 'yum list apache-mod*' to see what apache mods were installed and available, so I assume something similar exists for rpmi. The task-lamp will be using MySQL, as it is the 'm' of lamp (Linux, Apache, MySQL PHP) Thanks, Ash http://www.ashleysheridan.co.uk ---End Message--- ---BeginMessage--- -Original Message- From: Ashley Sheridan [mailto:a...@ashleysheridan.co.uk] Sent: Thursday, August 19, 2010 11:33 AM To: e-letter Cc: David McGlone; php-gene...@lists.php.net Subject: Re: [PHP] tutorial failure On Thu, 2010-08-19 at 16:30 +0100, e-letter wrote: On 19/08/2010, Ashley Sheridan a...@ashleysheridan.co.uk wrote: As Colin suggested on another email, check to see if apache-mod_php was installed too. It seems likely that it wasn't for some reason. How to verify please? Also, the instruction to use task-lamp; it seems this is for mysql but the database to be used is postgresql? Use the package manager to check and see if that was installed. I'm not familiar with the command line for rpmi, having used Yum on Fedora mostly, but on that you would just do a 'yum list apache-mod*' to see what apache mods were installed and available, so I assume something similar exists for rpmi. The task-lamp will be using MySQL, as it is the 'm' of lamp (Linux, Apache, MySQL PHP) Thanks, Ash http://www.ashleysheridan.co.uk I agree with the earlier take on this situation; you need to start at the beginning and learn the basics regarding the technologies BEFORE you try and manage them. You're trying to drive a car when you don't even know what or car is and how to operate one so you keep crashing. Here are some great sites to check out: http://wiki.mandriva.com/en/ http://www.pcstats.com/articleview.cfm?articleID=1868 http://www.wikivs.com/wiki/MySQL_vs_PostgreSQL http://www.w3schools.com/ There are some great books out there as well to help you learn and I recommend getting the reference guides as well. Since the gist of this thread seems to be focused on the LAPP set-up and mainly an Apache (?) configuration issue you might try the forums and mailing lists found there as well. I hope you find this helpful. Marc Hall HallMarc Websites Well, if all else fails; read the directions. - Dear old Dad, RIP __ Information from ESET Smart Security, version of virus signature database 5379 (20100819) __ The message was checked by ESET Smart Security. http://www.eset.com __ Information from ESET Smart Security, version of virus signature database 5379 (20100819) __ The message was checked by ESET Smart Security. http://www.eset.com ---End Message--- ---BeginMessage--- On 19/08/2010, HallMarc Websites sa...@hallmarcwebsites.com wrote: I agree with the earlier take on this situation; you need
[PHP] Re: How safe is a .htaccess file?
tedd wrote: Hi gang: The subject line says it all. How secure is a .htaccess file to store passwords and other sensitive stuff? Can a .htaccess file be viewed remotely? Semi-safe, .htaccess is prevented from being served by configuration options (which come as default), however these can be overwritten so best to check by doing a GET on the resource URI. This doesn't prevent them from being exposed via other processes though, for instance a poorly coded 'download.php?path=/path/to/.htaccess' could still expose the file. Typically, its obviously better to store only a hash of a password rather than the pass in plain text, choosing the strongest algorithm you can; password security is of course relative though, a sha-512 of 'password1' is far from secure. A good way to approach encryption for files is to openssl_seal them using a public key which is only available to your application - this doesn't negate insecure code, but it at least ensures the raw files are encrypted securely enough to negate any of these worries. (just keep your private key safe, preferably in a pkcs12 w/a strong 64char+ pass) Best, Nathan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: How safe is a .htaccess file?
Hello Nathan, Sorry, could you provide any links to read for a security noob?) Actually, I know that the md5 is decryptable (there are bases with words encrypted in md5), but I thought the SHA1 was secure... -- With best regards from Ukraine, Andre Skype: Francophile Twitter: http://twitter.com/m_elensule Facebook: http://facebook.com/menelion - Original message - From: Nathan Rixham nrix...@gmail.com To: tedd t...@sperling.com Date: Thursday, August 19, 2010, 12:03:12 PM Subject: [PHP] Re: How safe is a .htaccess file? tedd wrote: Hi gang: The subject line says it all. How secure is a .htaccess file to store passwords and other sensitive stuff? Can a .htaccess file be viewed remotely? Semi-safe, .htaccess is prevented from being served by configuration options (which come as default), however these can be overwritten so best to check by doing a GET on the resource URI. This doesn't prevent them from being exposed via other processes though, for instance a poorly coded 'download.php?path=/path/to/.htaccess' could still expose the file. Typically, its obviously better to store only a hash of a password rather than the pass in plain text, choosing the strongest algorithm you can; password security is of course relative though, a sha-512 of 'password1' is far from secure. A good way to approach encryption for files is to openssl_seal them using a public key which is only available to your application - this doesn't negate insecure code, but it at least ensures the raw files are encrypted securely enough to negate any of these worries. (just keep your private key safe, preferably in a pkcs12 w/a strong 64char+ pass) Best, Nathan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] tutorial failure
On 19/08/2010, David McGlone da...@dmcentral.net wrote: Yes it is. But your computer needs the correct software to view that php file in a web browser as if it was a web page. If you do not have this software installed, then the web browser will ask you if you want to download the file instead. The web browser views the php file as described previously; there is no prompt to download the file. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] tutorial failure
From: e-letter On 19/08/2010, David McGlone da...@dmcentral.net wrote: Yes it is. But your computer needs the correct software to view that php file in a web browser as if it was a web page. If you do not have this software installed, then the web browser will ask you if you want to download the file instead. The web browser views the php file as described previously; there is no prompt to download the file. David, If the server is set up correctly, it interprets the PHP code and only sends an HTML stream to the browser. The only way the browser would see PHP is if the server is misconfigured. The browser will simply display it as it would HTML. It doesn't know PHP from plain text. Actually, the browser could not process PHP, since most of the resources needed are still on the server. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] tutorial failure
On 19/08/2010, David McGlone da...@dmcentral.net wrote: On Wed, 2010-08-18 at 23:08 +0100, e-letter wrote: On 18/08/2010, David McGlone da...@dmcentral.net wrote: On Wed, 2010-08-18 at 21:54 +0100, e-letter wrote: On 18/08/2010, David McGlone da...@dmcentral.net wrote: Do you have php5 installed? Yes, but don't know how to confirm; I used urpmi to install. Use the command in a terminal: rpm -q php5 No package by this name in the repository; have libphp5_common5 installed. Ok let me ask you this, When you try to view a php file on your server does it ask you if you would like to download it? I don't understand: isn't the example I provided a php file? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: tutorial failure
'Twas brillig, and e-letter at 19/08/10 13:35 did gyre and gimble: On 19/08/2010, David McGlone da...@dmcentral.net wrote: Yes it is. But your computer needs the correct software to view that php file in a web browser as if it was a web page. If you do not have this software installed, then the web browser will ask you if you want to download the file instead. The web browser views the php file as described previously; there is no prompt to download the file. You are apparently using Mandriva as you mentioned urpmi in your original email. I strongly suggest you do: urpmi task-lamp as this will install all the revenant packages. I strongly suspect you have not installed the apache-mod_php package. I should stress that you should *not* have to edit *any* files to get your system up and running. If you do edit files (especially your apache configuration) then you really do need to sit down and learn how everything works and how things fit together. As you're presumably just starting out, I'd recommend sticking to the basics, install task-lamp and then go from there. HTHs Col -- Colin Guthrie gmane(at)colin.guthr.ie http://colin.guthr.ie/ Day Job: Tribalogic Limited [http://www.tribalogic.net/] Open Source: Mandriva Linux Contributor [http://www.mandriva.com/] PulseAudio Hacker [http://www.pulseaudio.org/] Trac Hacker [http://trac.edgewall.org/] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] tutorial failure
On Thu, 2010-08-19 at 09:41 +0100, e-letter wrote: On 19/08/2010, David McGlone da...@dmcentral.net wrote: On Wed, 2010-08-18 at 23:08 +0100, e-letter wrote: On 18/08/2010, David McGlone da...@dmcentral.net wrote: On Wed, 2010-08-18 at 21:54 +0100, e-letter wrote: On 18/08/2010, David McGlone da...@dmcentral.net wrote: Do you have php5 installed? Yes, but don't know how to confirm; I used urpmi to install. Use the command in a terminal: rpm -q php5 No package by this name in the repository; have libphp5_common5 installed. Ok let me ask you this, When you try to view a php file on your server does it ask you if you would like to download it? I don't understand: isn't the example I provided a php file? I think it's fairly clear that for whatever reason, PHP isn't properly configured with Apache. You've mentioned you're using Mandriva, which, coincidentally, is what i've just recently installed on my home machine. It has a very good graphical package manager that you can use to install PHP and Apache. I'm not at my home machine right now, so I don't recall the exact name, but it's found somewhere in the Computer Settings main menu dialogue. From here, you can install Apache and PHP, which will configure Apache as well to recognise PHP scripts and execute them. Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] tutorial failure
On 19/08/2010, Ashley Sheridan a...@ashleysheridan.co.uk wrote: I think it's fairly clear that for whatever reason, PHP isn't properly configured with Apache. You've mentioned you're using Mandriva, which, coincidentally, is what i've just recently installed on my home machine. It has a very good graphical package manager that you can use to install PHP and Apache. I'm not at my home machine right now, so I don't recall the exact name, but it's found somewhere in the Computer Settings main menu dialogue. From here, you can install Apache and PHP, which will configure Apache as well to recognise PHP scripts and execute them. mcc (mandriva linux control centre) is the command (or more specifically, rpmdrake) To my knowledge, using this tool, all necessary files are installed. I suspect that there is a fault with the way that mandriva builds the packages. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] tutorial failure
On Thu, 2010-08-19 at 15:35 +0100, e-letter wrote: On 19/08/2010, Ashley Sheridan a...@ashleysheridan.co.uk wrote: I think it's fairly clear that for whatever reason, PHP isn't properly configured with Apache. You've mentioned you're using Mandriva, which, coincidentally, is what i've just recently installed on my home machine. It has a very good graphical package manager that you can use to install PHP and Apache. I'm not at my home machine right now, so I don't recall the exact name, but it's found somewhere in the Computer Settings main menu dialogue. From here, you can install Apache and PHP, which will configure Apache as well to recognise PHP scripts and execute them. mcc (mandriva linux control centre) is the command (or more specifically, rpmdrake) To my knowledge, using this tool, all necessary files are installed. I suspect that there is a fault with the way that mandriva builds the packages. As Colin suggested on another email, check to see if apache-mod_php was installed too. It seems likely that it wasn't for some reason. Thanks, Ash http://www.ashleysheridan.co.uk
[PHP] possible issue with quotes (Magicquotes feature)?
Hello, I've got a php5 document and some items are showing up as question marks. For example, the word President's in the code it is President's however when displaying in the browser it's President?s the ' is not being displayed properly, this is occurring in several places and on several pages. The php version my hosting is using is 5.2.14, a check of phpinfo shows magic_quotes_gpc as on, magic_quotes_runtime and magic_quotes_sybase as off. Is this my issue? Thanks. Dave. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] possible issue with quotes (Magicquotes feature)?
From: David Mehler I've got a php5 document and some items are showing up as question marks. For example, the word President's in the code it is President's however when displaying in the browser it's President?s the ' is not being displayed properly, this is occurring in several places and on several pages. The php version my hosting is using is 5.2.14, a check of phpinfo shows magic_quotes_gpc as on, magic_quotes_runtime and magic_quotes_sybase as off. Is this my issue? Not likely, magic quotes escapes MySQL style, which doubles up any backslashes, not single quotes. The more likely issue is the character encoding on your system is incompatible with the version used on the server. If the server is using UTF and you only have an ASCII set, there may not be a display character available on your browser for the code used for that character on the server. I see this frequently when viewing pages translated from other languages into English, or pages generated by any number of Wikis and template packages. UTF is still a quagmire of incompatible font sets. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] possible issue with quotes (Magicquotes feature)?
I would chalk this up to that fancy, extra-curly, apostrophe that you get when copying and pasting text from Microsoft Word or similar. Marc -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] tutorial failure
On 19/08/2010, Ashley Sheridan a...@ashleysheridan.co.uk wrote: As Colin suggested on another email, check to see if apache-mod_php was installed too. It seems likely that it wasn't for some reason. How to verify please? Also, the instruction to use task-lamp; it seems this is for mysql but the database to be used is postgresql? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] possible issue with quotes (Magicquotes feature)?
On Thu, 2010-08-19 at 11:24 -0400, Marc Guay wrote: I would chalk this up to that fancy, extra-curly, apostrophe that you get when copying and pasting text from Microsoft Word or similar. Marc The characters Microsoft software introduces don't play nice with non-Microsoft software, and cause a lot of problems like this for web-based systems. If it helps, I wrote a small function to replace the 'bad' characters with the correct ones: http://ashleysheridan.co.uk/coding/php/Remove_Rubbish_Microsoft_Markup It can also remove the extra meta info stuff that seems to get thrown in when you copy large amounts of text into a rich-text editor, as this often breaks the display of content in non-MS browsers, although that is a little experimental at the moment, as I've not really had the time to test it exhaustively. Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] tutorial failure
On Thu, 2010-08-19 at 16:30 +0100, e-letter wrote: On 19/08/2010, Ashley Sheridan a...@ashleysheridan.co.uk wrote: As Colin suggested on another email, check to see if apache-mod_php was installed too. It seems likely that it wasn't for some reason. How to verify please? Also, the instruction to use task-lamp; it seems this is for mysql but the database to be used is postgresql? Use the package manager to check and see if that was installed. I'm not familiar with the command line for rpmi, having used Yum on Fedora mostly, but on that you would just do a 'yum list apache-mod*' to see what apache mods were installed and available, so I assume something similar exists for rpmi. The task-lamp will be using MySQL, as it is the 'm' of lamp (Linux, Apache, MySQL PHP) Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] possible issue with quotes (Magicquotes feature)?
Hello Everyone, Thanks. Ash, i'll try your function and see how that works. The original content came from word documents, but they were pasted in to a text editor in this case notetab light. In the meta of the site the character set is utf-8 I was told it was better to use that than iso8859-1 if this is wrong i'd definitely like to know about it. Any other suggestions let me know. Thanks a lot. Dave. On 8/19/10, Ashley Sheridan a...@ashleysheridan.co.uk wrote: On Thu, 2010-08-19 at 11:24 -0400, Marc Guay wrote: I would chalk this up to that fancy, extra-curly, apostrophe that you get when copying and pasting text from Microsoft Word or similar. Marc The characters Microsoft software introduces don't play nice with non-Microsoft software, and cause a lot of problems like this for web-based systems. If it helps, I wrote a small function to replace the 'bad' characters with the correct ones: http://ashleysheridan.co.uk/coding/php/Remove_Rubbish_Microsoft_Markup It can also remove the extra meta info stuff that seems to get thrown in when you copy large amounts of text into a rich-text editor, as this often breaks the display of content in non-MS browsers, although that is a little experimental at the moment, as I've not really had the time to test it exhaustively. Thanks, Ash http://www.ashleysheridan.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] openssl_pkey_new question
Hi gang: I'm trying to keep my questions simple. Does the function openssl_pkey_new use 40, 56, 128, 256, or what bit encryption? Cheers, tedd -- --- http://sperling.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] tutorial failure
-Original Message- From: Ashley Sheridan [mailto:a...@ashleysheridan.co.uk] Sent: Thursday, August 19, 2010 11:33 AM To: e-letter Cc: David McGlone; php-general@lists.php.net Subject: Re: [PHP] tutorial failure On Thu, 2010-08-19 at 16:30 +0100, e-letter wrote: On 19/08/2010, Ashley Sheridan a...@ashleysheridan.co.uk wrote: As Colin suggested on another email, check to see if apache-mod_php was installed too. It seems likely that it wasn't for some reason. How to verify please? Also, the instruction to use task-lamp; it seems this is for mysql but the database to be used is postgresql? Use the package manager to check and see if that was installed. I'm not familiar with the command line for rpmi, having used Yum on Fedora mostly, but on that you would just do a 'yum list apache-mod*' to see what apache mods were installed and available, so I assume something similar exists for rpmi. The task-lamp will be using MySQL, as it is the 'm' of lamp (Linux, Apache, MySQL PHP) Thanks, Ash http://www.ashleysheridan.co.uk I agree with the earlier take on this situation; you need to start at the beginning and learn the basics regarding the technologies BEFORE you try and manage them. You're trying to drive a car when you don't even know what or car is and how to operate one so you keep crashing. Here are some great sites to check out: http://wiki.mandriva.com/en/ http://www.pcstats.com/articleview.cfm?articleID=1868 http://www.wikivs.com/wiki/MySQL_vs_PostgreSQL http://www.w3schools.com/ There are some great books out there as well to help you learn and I recommend getting the reference guides as well. Since the gist of this thread seems to be focused on the LAPP set-up and mainly an Apache (?) configuration issue you might try the forums and mailing lists found there as well. I hope you find this helpful. Marc Hall HallMarc Websites Well, if all else fails; read the directions. - Dear old Dad, RIP __ Information from ESET Smart Security, version of virus signature database 5379 (20100819) __ The message was checked by ESET Smart Security. http://www.eset.com __ Information from ESET Smart Security, version of virus signature database 5379 (20100819) __ The message was checked by ESET Smart Security. http://www.eset.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: How safe is a .htaccess file?
tedd wrote: tedd wrote: Hi gang: The subject line says it all. How secure is a .htaccess file to store passwords and other sensitive stuff? Can a .htaccess file be viewed remotely? Semi-safe, .htaccess is prevented from being served by configuration options (which come as default), however these can be overwritten so best to check by doing a GET on the resource URI. This doesn't prevent them from being exposed via other processes though, for instance a poorly coded 'download.php?path=/path/to/.htaccess' could still expose the file. Typically, its obviously better to store only a hash of a password rather than the pass in plain text, choosing the strongest algorithm you can; password security is of course relative though, a sha-512 of 'password1' is far from secure. A good way to approach encryption for files is to openssl_seal them using a public key which is only available to your application - this doesn't negate insecure code, but it at least ensures the raw files are encrypted securely enough to negate any of these worries. (just keep your private key safe, preferably in a pkcs12 w/a strong 64char+ pass) Best, Nathan Nathan: I keep in running in circles because I keep getting differing recommendations as to how to keep data secure. If you read Chris Shiflett's book on Essential PHP Security -- he says to keep everything in a database. This means keeping both encrypted data AND the keys for decryption in the database. I contacted Chris specifically and told him of what I was doing (all the steps) and he approved. However, he said the main weakness in all security practices is how one protects access to the database. So that is my quest. How can I protect the username and password for the database? Keep in mind that my scripts must also be able to read and use them in accessing the database. So they must be accessible to scripts. I figure using SetEnv to set the user and password in a .htaccess file is about as secure as I can make it, but now you say even that could be exposed. So specifically, how would you hide the username and password for access to a database WITHOUT using an out of root solution? Please be specific. Hi Tedd, Firstly, advising to keep the keys to your car in the ignition at all times is pretty bad advise - I'll let you relate that to Chris's advice yourself :-) If your stuck in an environment where third parties have access to the files on the file system and you need to put your username/password (real keys to the data) on that filesystem, then I have to point out that no file extension is more secure than another, there's no difference between doing `cat .htaccess` and `cat config.php` you'll still see the output - there's is a measure of difference however between putting it in a web source-viewable file and non-source-viewable file, but again your only a config setting away from being exposed to the world. Given the aforementioned and that the data is sensitive, I'd strongly recommend moving to a different hosting environment: - which is secure filesystem wise and only you have access to your files - where the db server (or data tier) is on a private lan (preventing the db server from public web attacks) - where access to the db server (or data tier) is via a secured connection [1] (encrypting data across the wire to prevent man in the middle attacks and packet inspection) In addition to application specific security measures such as encrypting all sensitive data *before* sending to the database and storing the encryption keys in a secure lockbox far away from the db or at least in a pcks12 password protected file outside of the web root. Now, to answer your specific question, specifically :p If available I would use ioncube or suchlike to encrypt the source of my PHP files (with the username pass in a php file as standard), and if I still didn't feel like that was secure enough then I would: create an pcks12 wrapped x509 certificate for my application: http://pastebin.com/THW00RHt (fill in lines 34+36 stick on web server, view in browser cert will dl) Then I'd store the produced certificate.p12 on the file system (preferably outside of web root, or with access restricted by .htaccess config) I'd then create a crypto class which provided methods to seal and open (encrypt/decrypt) data using the keys from the x509 certificate, and which could read the .p12 wrapped x509, like this: http://pastebin.com/4FSx1XDa I'd then instantiate the crypto class in my application as such: $crypto = ApplicationCrypto::instantiate( file_get_contents('certificate.p12'), 'PASSWORD-FOR-PKCS-HERE' ); Then I'd load my database settings in to an object, serialize it, encrypt the serialization and save it to a file on the filesystem as such: $dbSettings = (object)array( 'username' = 'dbuser', 'password' = 'dbpass', 'host' = 'dbhost', 'database' = 'dbname' ); $sealed = $crypto-seal(
[PHP] Re: openssl_pkey_new question
tedd wrote: Hi gang: I'm trying to keep my questions simple. Does the function openssl_pkey_new use 40, 56, 128, 256, or what bit encryption? Higher, and configurable, typically 512,1024,2048,4096 example: $privkey = openssl_pkey_new( array('private_key_bits' = 2048 ) ); Best, Nathan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] tutorial failure
On 19/08/2010, HallMarc Websites sa...@hallmarcwebsites.com wrote: I agree with the earlier take on this situation; you need to start at the beginning and learn the basics regarding the technologies BEFORE you try and manage them. You're trying to drive a car when you don't even know what or car is and how to operate one so you keep crashing. Here are some great sites to check out: http://wiki.mandriva.com/en/ http://www.pcstats.com/articleview.cfm?articleID=1868 http://www.wikivs.com/wiki/MySQL_vs_PostgreSQL http://www.w3schools.com/ There are some great books out there as well to help you learn and I recommend getting the reference guides as well. Since the gist of this thread seems to be focused on the LAPP set-up and mainly an Apache (?) configuration issue you might try the forums and mailing lists found there as well. No response from apache forum. Looking at the web browser output from the processing of the php file, the partial success of processing the file suggests that the problem is with php; if it was due to apache, html code would be affected as well? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] cast changes value
I have values with 2 decimals that I multiple by 100 to make them integers, but to be sure I do a cast using (int). The thing is that (int) is changing the value of the integer. Here is a var_dump of the original value, the value * 100, and the value after casting to int. string(5) 34.80 float(3480) int(3479) Using floor() those the exact same thing. Why is this? -- Martín Marqués select 'martin.marques' || '@' || 'gmail.com' DBA, Programador, Administrador -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] cast changes value
On Thu, Aug 19, 2010 at 03:46:37PM -0300, Martín Marqués wrote: I have values with 2 decimals that I multiple by 100 to make them integers, but to be sure I do a cast using (int). The thing is that (int) is changing the value of the integer. Here is a var_dump of the original value, the value * 100, and the value after casting to int. string(5) 34.80 float(3480) int(3479) Using floor() those the exact same thing. Why is this? Need to see your code. In cases like this, it's almost always been my experience that the code is structured incorrectly to make it work the way you expect. Paul -- Paul M. Foster -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: cast changes value
Martín Marqués wrote: I have values with 2 decimals that I multiple by 100 to make them integers, but to be sure I do a cast using (int). The thing is that (int) is changing the value of the integer. Here is a var_dump of the original value, the value * 100, and the value after casting to int. string(5) 34.80 float(3480) int(3479) Using floor() those the exact same thing. Why is this? echo serialize(34.80 * 100); 3479.54525264911353588104248046875 int simply chops it, hence 3479 :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] cast changes value
http://www.php.net/manual/en/language.types.float.php *Warning* Floating point precision It is typical that simple decimal fractions like *0.1* or *0.7* cannot be converted into their internal binary counterparts without a small loss of precision. This can lead to confusing results: for example, * floor((0.1+0.7)*10)* will usually return *7* instead of the expected *8*, since the internal representation will be something like *7.9*. This is due to the fact that it is impossible to express some fractions in decimal notation with a finite number of digits. For instance, *1/3* in decimal form becomes *0.3*. So never trust floating number results to the last digit, and never compare floating point numbers for equality. If higher precision is necessary, thearbitrary precision math functions http://www.php.net/manual/en/ref.bc.php and gmphttp://www.php.net/manual/en/ref.gmp.php functions are available. http://www.php.net/manual/en/language.types.float.php - Cassiano Dal Pizzol cassi...@dalpizzol.com MSN: raziel...@hotmail.com Twitter: razielbr ICQ: 72941129 http://confraria-da-leitura.blogspot.com/ 2010/8/19 Nathan Rixham nrix...@gmail.com Martín Marqués wrote: I have values with 2 decimals that I multiple by 100 to make them integers, but to be sure I do a cast using (int). The thing is that (int) is changing the value of the integer. Here is a var_dump of the original value, the value * 100, and the value after casting to int. string(5) 34.80 float(3480) int(3479) Using floor() those the exact same thing. Why is this? echo serialize(34.80 * 100); 3479.54525264911353588104248046875 int simply chops it, hence 3479 :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] tutorial failure
On Thu, 2010-08-19 at 19:04 +0100, e-letter wrote: On 19/08/2010, HallMarc Websites sa...@hallmarcwebsites.com wrote: I agree with the earlier take on this situation; you need to start at the beginning and learn the basics regarding the technologies BEFORE you try and manage them. You're trying to drive a car when you don't even know what or car is and how to operate one so you keep crashing. Here are some great sites to check out: http://wiki.mandriva.com/en/ http://www.pcstats.com/articleview.cfm?articleID=1868 http://www.wikivs.com/wiki/MySQL_vs_PostgreSQL http://www.w3schools.com/ There are some great books out there as well to help you learn and I recommend getting the reference guides as well. Since the gist of this thread seems to be focused on the LAPP set-up and mainly an Apache (?) configuration issue you might try the forums and mailing lists found there as well. No response from apache forum. Looking at the web browser output from the processing of the php file, the partial success of processing the file suggests that the problem is with php; if it was due to apache, html code would be affected as well? No, because Apache doesn't need to process HTML in the same way it needs to process PHP. The tag ?php in your code is being sent down to your browser as HTML (view the source on the page you're browsing to) and interpreted as a tag by your browser, hence what appears to be partially processed output. It's fairly clear by now that Apache does not know about your PHP install (if there even is one) I've just set up and installed PHP and Apache on my Mandriva box since I've been at home, and it took all of 5 minutes from within the package manager. Trust me, it's far easier to go that route than install the packages one-by-one as you seem to be doing as, unless you know exactly what packages you need, it's all too easy to miss installing something. Are you able to install with the package manager, or is installing via the command line absolutely necessary? Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] imagettftext Angle Problem
If you're on 5.2 or 5.3, it may have to do with bug #51263. http://bugs.php.net/51263 Upgrade your php to the latest as fixes the problem. -bborie On 08/12/2010 10:08 AM, tedd wrote: Well, whatever the problem is it is definitely related only to my system. I tried your code and had the same results (https://adexfulfillment.com/adex/tests/test.php). I tried different fonts as well. The fonts I'm using were exported from FontBook on my Mac. I wonder if that might have something to do with it. Anyway you could pass along the arial font you're using so I can test that possibility? Thanks! Floyd Floyd: It's clearly a font problem. The arial.ttl font is easily found on the net, such as: http://www.fontemple.com/key-arial_ttl_download.html Cheers, tedd -- Bborie Park Programmer Center for Vectorborne Diseases UC Davis 530-752-8380 bkp...@ucdavis.edu -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] [OUTPUT BUFFER] - problems with redirects
So, I'm have this site where all this code was developed and the logic sits in different plugins throughout a template. So, html is output and then hits one of these plugins. Plugins do some processing and then hit a header(location...) redirect. So, problem is they developed code with these header redirects and now we there's too much html being output so we get the buffer errors Cannot modify header information - headers already sent by (output started at /home/carma/templates_c/carma^0^31^811^%%E2^E22^E22E607D%%carma%3Amenu.php:138) to fix we have to up the buffer ouput in the php to something really high. So, as far as I know this is not good coding practice and upping the output buffer is really masking the problem. Is there another way to work around this like another way to do redirects that won't cause these buffer probs? Thanks, T
Re: [PHP] tutorial failure
On Thu, 2010-08-19 at 22:24 +0100, Ashley Sheridan wrote: On Thu, 2010-08-19 at 19:04 +0100, e-letter wrote: On 19/08/2010, HallMarc Websites sa...@hallmarcwebsites.com wrote: I agree with the earlier take on this situation; you need to start at the beginning and learn the basics regarding the technologies BEFORE you try and manage them. You're trying to drive a car when you don't even know what or car is and how to operate one so you keep crashing. Here are some great sites to check out: http://wiki.mandriva.com/en/ http://www.pcstats.com/articleview.cfm?articleID=1868 http://www.wikivs.com/wiki/MySQL_vs_PostgreSQL http://www.w3schools.com/ There are some great books out there as well to help you learn and I recommend getting the reference guides as well. Since the gist of this thread seems to be focused on the LAPP set-up and mainly an Apache (?) configuration issue you might try the forums and mailing lists found there as well. No response from apache forum. Looking at the web browser output from the processing of the php file, the partial success of processing the file suggests that the problem is with php; if it was due to apache, html code would be affected as well? No, because Apache doesn't need to process HTML in the same way it needs to process PHP. The tag ?php in your code is being sent down to your browser as HTML (view the source on the page you're browsing to) and interpreted as a tag by your browser, hence what appears to be partially processed output. It's fairly clear by now that Apache does not know about your PHP install (if there even is one) This is my suspicion also. I've just set up and installed PHP and Apache on my Mandriva box since I've been at home, and it took all of 5 minutes What was the name of the PHP package you installed? I E-Mailed him offline and had him run the command rpm -q php5 to try and figure out if php was installed and he replied with this: quote No package by this name in the repository; have libphp5_common5 installed. /quote Well I don't know what the name of the php5 in mandrake, so I can't tell whether he's actually got php installed at all. -- Blessings, David M. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] [OUTPUT BUFFER] - problems with redirects
On Thu, Aug 19, 2010 at 6:01 PM, Tristan sunnrun...@gmail.com wrote: So, I'm have this site where all this code was developed and the logic sits in different plugins throughout a template. So, html is output and then hits one of these plugins. Plugins do some processing and then hit a header(location...) redirect. So, problem is they developed code with these header redirects and now we there's too much html being output so we get the buffer errors Cannot modify header information - headers already sent by (output started at /home/carma/templates_c/carma^0^31^811^%%E2^E22^E22E607D%%carma%3Amenu.php:138) to fix we have to up the buffer ouput in the php to something really high. So, as far as I know this is not good coding practice and upping the output buffer is really masking the problem. Is there another way to work around this like another way to do redirects that won't cause these buffer probs? Thanks, T I believe the error is informing you that some content has already been sent back to the client. Once any content has been sent back, the headers have already been set and you can't subsequently call header(). For an easy fix, you should be able to turn on output buffering for the request and all of the output will be held until the entire page is finished processing: http://php.net/manual/en/function.ob-start.php Alternatively, you can sift through you code looking for any output (even a single whitespace) that's present before the call to header in the menu.php file referenced in your error. Adam -- Nephtali: PHP web framework that functions beautifully http://nephtaliproject.com
Re: [PHP] tutorial failure
On Thu, 2010-08-19 at 18:09 -0400, David McGlone wrote: On Thu, 2010-08-19 at 22:24 +0100, Ashley Sheridan wrote: On Thu, 2010-08-19 at 19:04 +0100, e-letter wrote: On 19/08/2010, HallMarc Websites sa...@hallmarcwebsites.com wrote: I agree with the earlier take on this situation; you need to start at the beginning and learn the basics regarding the technologies BEFORE you try and manage them. You're trying to drive a car when you don't even know what or car is and how to operate one so you keep crashing. Here are some great sites to check out: http://wiki.mandriva.com/en/ http://www.pcstats.com/articleview.cfm?articleID=1868 http://www.wikivs.com/wiki/MySQL_vs_PostgreSQL http://www.w3schools.com/ There are some great books out there as well to help you learn and I recommend getting the reference guides as well. Since the gist of this thread seems to be focused on the LAPP set-up and mainly an Apache (?) configuration issue you might try the forums and mailing lists found there as well. No response from apache forum. Looking at the web browser output from the processing of the php file, the partial success of processing the file suggests that the problem is with php; if it was due to apache, html code would be affected as well? No, because Apache doesn't need to process HTML in the same way it needs to process PHP. The tag ?php in your code is being sent down to your browser as HTML (view the source on the page you're browsing to) and interpreted as a tag by your browser, hence what appears to be partially processed output. It's fairly clear by now that Apache does not know about your PHP install (if there even is one) This is my suspicion also. I've just set up and installed PHP and Apache on my Mandriva box since I've been at home, and it took all of 5 minutes What was the name of the PHP package you installed? I E-Mailed him offline and had him run the command rpm -q php5 to try and figure out if php was installed and he replied with this: quote No package by this name in the repository; have libphp5_common5 installed. /quote Well I don't know what the name of the php5 in mandrake, so I can't tell whether he's actually got php installed at all. -- Blessings, David M. I used the GUI: K-Menu-Configure your Computer-Install Remove Software Then searched for 'php', and the first package listed was apache-mod_php, which I installed along with the other php modules that I normally install (like GD, mcrypt, etc). The package manager sorts out dependencies very well. I'm not sure if installing over the command line with rpmi will deal with dependencies like this, and it certainly won't automatically install apache-mod_php if php is installed, as php doesn't necessarily *have* to run as a web server module, let alone as an Apache one specifically. Thanks, Ash http://www.ashleysheridan.co.uk
[PHP] Re: [OUTPUT BUFFER] - problems with redirects
Tristan wrote: So, I'm have this site where all this code was developed and the logic sits in different plugins throughout a template. So, html is output and then hits one of these plugins. Plugins do some processing and then hit a header(location...) redirect. So, problem is they developed code with these header redirects and now we there's too much html being output so we get the buffer errors Cannot modify header information - headers already sent by (output started at /home/carma/templates_c/carma^0^31^811^%%E2^E22^E22E607D%%carma%3Amenu.php:138) to fix we have to up the buffer ouput in the php to something really high. So, as far as I know this is not good coding practice and upping the output buffer is really masking the problem. Is there another way to work around this like another way to do redirects that won't cause these buffer probs? Hi Tristan, Really it's a nudge from your code that it needs refactored - however to answer your question.. - there is no way to do an HTTP redirect once headers are sent - you can use an html meta refresh, or javascript redirect - if the output is going to be HTML viewed in a browser. caveat, obviously robots and the like will still see the incorrect output - it's a hack not a fix. The other approach is to use ob_start() and related functions to capture all the code generated without any output being sent to the browser, this should allow you to send the header down when needed. Certainly wouldn't just knock output buffering right up high to work around it if I was you. Best, Nathan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] imagecreate inside an object
hello list, I'm trying to manage a image resouce inside a method, but unsuccessfully... In detail, that's some code snippets: the class and the method: class.php class canvas{ function makeImage($imageWidth = 850){ $im = imagecreate(110, 20) or die(Cannot Initialize new GD image stream); $background_color = imagecolorallocate($im, 0, 0, 0); $text_color = imagecolorallocate($im, 233, 14, 91); imagestring($im, 1, 5, 5, A Simple Text String, $text_color); return $im; } } ... than my test.php file: header(Content-type: image/png); include_once(class.php); $c = new canvas(); imagepng($c-makeImage()); the result in the browser isn't the image itself, but an error that sounds like: (I traslate the message from italian): Image can't be displayed because contains some errors but... if I comment out the header line, I get this: ‰PNG ��� IHDR���n������V,š���PLTE���é[an÷���fIDAT•c` `fxÄÀÃ`Ç ÀçÀä²41ƒ‚€˜Ë–Ý’À...@੤;{á0— œi ...sounds like a png image, isn't it? but It doesn't :-/ The code in the method is very simple, is the same of the php manual page of imagecreate function, and I think the resource is correctly managed, 'cause if I write this: $c = new palinsestoCanvas(3); imagepng(null); I get: Warning: imagepng(): supplied argument is not a valid Image resource .. so I think $c-makeImage()) returns successfully the resource.. but I still didnt see my image.. Any help is appreciated, thanks Lorenzo
Re: [PHP] imagecreate inside an object
On Fri, 2010-08-20 at 00:44 +0200, Lorenzo Marussi wrote: hello list, I'm trying to manage a image resouce inside a method, but unsuccessfully... In detail, that's some code snippets: the class and the method: class.php class canvas{ function makeImage($imageWidth = 850){ $im = imagecreate(110, 20) or die(Cannot Initialize new GD image stream); $background_color = imagecolorallocate($im, 0, 0, 0); $text_color = imagecolorallocate($im, 233, 14, 91); imagestring($im, 1, 5, 5, A Simple Text String, $text_color); return $im; } } ... than my test.php file: header(Content-type: image/png); include_once(class.php); $c = new canvas(); imagepng($c-makeImage()); the result in the browser isn't the image itself, but an error that sounds like: (I traslate the message from italian): Image can't be displayed because contains some errors but... if I comment out the header line, I get this: ‰PNG ��� IHDR���n������V,š���PLTE���é[an÷���fIDAT•c` `fxÄÀÃ`Ç ÀçÀä²41ƒ‚€˜Ë–Ý’À...@੤;{á0— œi ...sounds like a png image, isn't it? but It doesn't :-/ The code in the method is very simple, is the same of the php manual page of imagecreate function, and I think the resource is correctly managed, 'cause if I write this: $c = new palinsestoCanvas(3); imagepng(null); I get: Warning: imagepng(): supplied argument is not a valid Image resource .. so I think $c-makeImage()) returns successfully the resource.. but I still didnt see my image.. Any help is appreciated, thanks Lorenzo It looks like you might be outputting some extra content to the browser, such as newlines or other content. Use the second parameter of imagepng() to write the image to a file and compare the size of that with the bytes sent to the browser (you should be able to get this from the browsers properties dialogue) From the looks of what you've pasted, the extra content is appearing right after the image data, so perhaps an exit; call right after imagepng() and seeing if that solves the problem. Thanks, Ash http://www.ashleysheridan.co.uk
[PHP] Re: [OUTPUT BUFFER] - problems with redirects
A rewrite of the entire site would be needed in order to fix. So, I guess you are saying as best options for workaround are - use the ob_ functions to work around. - stick output buffer on or high so best case scenario using ob_ functions as a cleaner method aside from rewriting the code? seems silly btw that you can't output html and just have it redirect whenever you want it to at any point in the page. Thanks, T On Thu, Aug 19, 2010 at 4:22 PM, Nathan Rixham nrix...@gmail.com wrote: Tristan wrote: So, I'm have this site where all this code was developed and the logic sits in different plugins throughout a template. So, html is output and then hits one of these plugins. Plugins do some processing and then hit a header(location...) redirect. So, problem is they developed code with these header redirects and now we there's too much html being output so we get the buffer errors Cannot modify header information - headers already sent by (output started at /home/carma/templates_c/carma^0^31^811^%%E2^E22^E22E607D%%carma%3Amenu.php:138) to fix we have to up the buffer ouput in the php to something really high. So, as far as I know this is not good coding practice and upping the output buffer is really masking the problem. Is there another way to work around this like another way to do redirects that won't cause these buffer probs? Hi Tristan, Really it's a nudge from your code that it needs refactored - however to answer your question.. - there is no way to do an HTTP redirect once headers are sent - you can use an html meta refresh, or javascript redirect - if the output is going to be HTML viewed in a browser. caveat, obviously robots and the like will still see the incorrect output - it's a hack not a fix. The other approach is to use ob_start() and related functions to capture all the code generated without any output being sent to the browser, this should allow you to send the header down when needed. Certainly wouldn't just knock output buffering right up high to work around it if I was you. Best, Nathan
[PHP] Re: [OUTPUT BUFFER] - problems with redirects
you can if you use a javascript redirect or an html meta refresh ~ish. not really that silly tbh if you think about an HTTP message is like this: Headers ... MessageBody . the redirect is a header, so it get's sent through *before* the body, and the headers tell the client how to process the messagebody (or indeed whether to process it or just do something else). consider an html page the same as a gif or a zip, it's just a chunk of computer data that gets sent in one, you wouldn't expect to be able to redirect somebody whilst they're halfway through downloading a big zip would you? but yeah ob_** functions, this way you're catching the entire MessageBody (your html) before sending anything to the client, which then let's you send headers followed by body in your own time. Best, nathan Tristan wrote: A rewrite of the entire site would be needed in order to fix. So, I guess you are saying as best options for workaround are - use the ob_ functions to work around. - stick output buffer on or high so best case scenario using ob_ functions as a cleaner method aside from rewriting the code? seems silly btw that you can't output html and just have it redirect whenever you want it to at any point in the page. Thanks, T On Thu, Aug 19, 2010 at 4:22 PM, Nathan Rixham nrix...@gmail.com wrote: Tristan wrote: So, I'm have this site where all this code was developed and the logic sits in different plugins throughout a template. So, html is output and then hits one of these plugins. Plugins do some processing and then hit a header(location...) redirect. So, problem is they developed code with these header redirects and now we there's too much html being output so we get the buffer errors Cannot modify header information - headers already sent by (output started at /home/carma/templates_c/carma^0^31^811^%%E2^E22^E22E607D%%carma%3Amenu.php:138) to fix we have to up the buffer ouput in the php to something really high. So, as far as I know this is not good coding practice and upping the output buffer is really masking the problem. Is there another way to work around this like another way to do redirects that won't cause these buffer probs? Hi Tristan, Really it's a nudge from your code that it needs refactored - however to answer your question.. - there is no way to do an HTTP redirect once headers are sent - you can use an html meta refresh, or javascript redirect - if the output is going to be HTML viewed in a browser. caveat, obviously robots and the like will still see the incorrect output - it's a hack not a fix. The other approach is to use ob_start() and related functions to capture all the code generated without any output being sent to the browser, this should allow you to send the header down when needed. Certainly wouldn't just knock output buffering right up high to work around it if I was you. Best, Nathan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php