Re: [PHP] how catch a warning by file_put_contents() ?

[Adam Richardson]

On Sat, Aug 20, 2011 at 1:23 AM, Simon J Welsh  wrote:

> On 20/08/2011, at 4:51 PM, Andreas wrote:
>
> > Hi,
> > I wrote stuff with file_put_contents() in a try{} catch{} and it worked.
> >
> > Then I'd like to check what happens when some error occurs so I
> writeprotected the targetfile.
> > Instead of getting my own message by the catch{} block I got a standard
> warning in the browser.
> >
> > Can't I catch those warnings, too?
> > And why does this function rise a warning when it can't acomplish it's
> task?
> >
> >
> > Samplecode:
> >try {
> >$msg = date ("d.m.Y H:i:s") . 'This should be stored in the
> file.';
> >file_put_contents( '/tmp/exceptions.txt', $msg . "\n",
> FILE_APPEND);
> >}
> >catch ( Exception $e ) {
> >$msg = "Exception " . $e->getCode() . " / " . $e->getMessage();
> >echo "$msg";
> >}
>
> file_put_contents() doesn't throw exceptions. As the note on the exception
> documentation says: "Internal PHP functions mainly use Error reporting, only
> modern Object oriented extensions use exceptions."
>
> If you look at the documentation for its return value (
> http://php.net/file_put_contents), you'll see that false is returned on
> failure.
>
> In this case, a warning makes more sense than throwing an exception anyway.
> A warning can be ignored, either by changing the error_reporting level or
> using the error control operator, whereas an exception must be dealt with or
> execution halts.
> ---
> Simon Welsh
> Admin of http://simon.geek.nz/
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
Simon explains the rationale and heritage well.

If, however, you still wish to catch errors as exceptions, you can do so
with code like that below:

function error_handler($errno, $errstr, $errfile, $errline)
{
// must take into account error suppressor (@) and not do anything with them
(they equal 0)
// http://framework.zend.com/issues/browse/ZF-3829
// check against current error_reporting bitmasks
if (!(\error_reporting() & $errno)) {
return true;
} else {
$error_msg = "Error Type (see
http://www.php.net/manual/en/errorfunc.constants.php):$errnoError
Message:$errstrFile:$errfileLine:$errline";
throw new \Exception($error_msg);
}
}

set_error_handler('error_handler');

I just pulled some quick code from my web framework.

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

Re: [PHP] how catch a warning by file_put_contents() ?

[Simon J Welsh]

On 20/08/2011, at 4:51 PM, Andreas wrote:

> Hi,
> I wrote stuff with file_put_contents() in a try{} catch{} and it worked.
> 
> Then I'd like to check what happens when some error occurs so I 
> writeprotected the targetfile.
> Instead of getting my own message by the catch{} block I got a standard 
> warning in the browser.
> 
> Can't I catch those warnings, too?
> And why does this function rise a warning when it can't acomplish it's task?
> 
> 
> Samplecode:
>try {
>$msg = date ("d.m.Y H:i:s") . 'This should be stored in the file.';
>file_put_contents( '/tmp/exceptions.txt', $msg . "\n", FILE_APPEND);
>}
>catch ( Exception $e ) {
>$msg = "Exception " . $e->getCode() . " / " . $e->getMessage();
>echo "$msg";
>}

file_put_contents() doesn't throw exceptions. As the note on the exception 
documentation says: "Internal PHP functions mainly use Error reporting, only 
modern Object oriented extensions use exceptions."

If you look at the documentation for its return value 
(http://php.net/file_put_contents), you'll see that false is returned on 
failure.

In this case, a warning makes more sense than throwing an exception anyway. A 
warning can be ignored, either by changing the error_reporting level or using 
the error control operator, whereas an exception must be dealt with or 
execution halts.
---
Simon Welsh
Admin of http://simon.geek.nz/


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] how catch a warning by file_put_contents() ?

[Andreas]

Hi,
I wrote stuff with file_put_contents() in a try{} catch{} and it worked.

Then I'd like to check what happens when some error occurs so I 
writeprotected the targetfile.
Instead of getting my own message by the catch{} block I got a standard 
warning in the browser.


Can't I catch those warnings, too?
And why does this function rise a warning when it can't acomplish it's task?


Samplecode:
try {
$msg = date ("d.m.Y H:i:s") . 'This should be stored in the file.';
file_put_contents( '/tmp/exceptions.txt', $msg . "\n", 
FILE_APPEND);

}
catch ( Exception $e ) {
$msg = "Exception " . $e->getCode() . " / " . $e->getMessage();
echo "$msg";
}

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Newbie security database connection question

[Tamara Temple]

On Aug 19, 2011, at 7:52 PM, DealTek wrote:


Hello,

NEWBIE: I have a security question:

When working with PHP and MySQL, it seems that a one method is to  
create a connection.php page to the database that will store the  
connection parameters such as username, password and URL ip in clear  
text and include this on various pages.


Since hackers seem to be getting better and better every day:

-  Is this common practice to store this security data in the clear  
on the PHP webpage?


- Wouldn't it be possible for a hacker to SNIFF around and pick up  
this sensitive "clear text" security data?


- Is there some better, more secure way to communicate from the  
website to the MySQL data source that is somehow sending encrypted  
information rather than clear text back and forth?


Thanks in advance for your help.


If your web server and MySQL server are running on the same host, make  
sure your db user only has access via localhost.


If your web server running php is on a different host from your MySQL  
server, set the host access for that db user to only allow access from  
the web server host. If you are running MySQL 5, you can secure the  
connection using SSL to ensure that a sniffer will have a much more  
difficult time stealing your credentials. Another way is to set up an  
SSH tunnel.



A couple other things:

* generally, it is considered a good practice to store access  
credentials used by a php application *outside* the web server's  
visibility.


* include the php script in whatever other main scripts your  
application has, and make it readable only to the web server user/group.


* if anything else, make sure the file has the extension .php and the  
credentials are inside the php code space so it can't be downloaded  
directly by a web user.











--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Newbie security database connection question

[Midhun Girish]

On Sat, Aug 20, 2011 at 6:22 AM, DealTek  wrote:

> Hello,
>
> NEWBIE: I have a security question:
>
> When working with PHP and MySQL, it seems that a one method is to create a
> connection.php page to the database that will store the connection
> parameters such as username, password and URL ip in clear text and include
> this on various pages.
>
> Since hackers seem to be getting better and better every day:
>
> -  Is this common practice to store this security data in the clear on the
> PHP webpage?
>
> - Wouldn't it be possible for a hacker to SNIFF around and pick up this
> sensitive "clear text" security data?
>
> - Is there some better, more secure way to communicate from the website to
> the MySQL data source that is somehow sending encrypted information rather
> than clear text back and forth?
>
> Thanks in advance for your help.
>
>
You can encrypt the access credentails using some public key encryption
technique like RSA and then decode it inside php before connecting to db...
But still you have to store the private key in plain text somewere...

OR may be you can use 'hard to guess substitution ciphers' [i dunno if tht
exists] or create an encryption logic of your own and then use it to encrypt
the  dataabse uname and pass.

Regards
Midhun Girish

[PHP] Newbie security database connection question

[DealTek]

Hello,

NEWBIE: I have a security question:

When working with PHP and MySQL, it seems that a one method is to create a 
connection.php page to the database that will store the connection parameters 
such as username, password and URL ip in clear text and include this on various 
pages.

Since hackers seem to be getting better and better every day:

-  Is this common practice to store this security data in the clear on the PHP 
webpage?

- Wouldn't it be possible for a hacker to SNIFF around and pick up this 
sensitive "clear text" security data?

- Is there some better, more secure way to communicate from the website to the 
MySQL data source that is somehow sending encrypted information rather than 
clear text back and forth?

Thanks in advance for your help.


--
Thanks,
Dave - DealTek
deal...@gmail.com
[db-11]




--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Login with Remember me Feature

[Alekto Antarctica]

Thank you for all the helpful input so far!

I have now tried to implement the changes you suggested, but I unfortunately
keep getting an error in line 114, in {-bracket in the switch statement. I
know it is not very desirable to send all the code in a mail, but I think
this is the best solution to find where the error(s) are located.

Also when it comes to implementing the loggedin-function as Geoff Shang so
kindly suggested for the config.php. I keep getting an error message that
says that there is an error in the * "return true;" - line

*

*function loggedin()
{*

*if (isset($_SESSIONS['username']) || isset($_COOKIE['username']))
return true;
else
return false;*

*}*


So for now this code-block is the same as it used to be, because this done
not generate any errors.

When it comes to the function loggedin() inside the connexions.php, I am not
sure where to call the function. Should this be just before the comparing of
the password?

..or before the switch statement?


*connextion.php*

**

*
*

*http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
http://www.w3.org/1999/xhtml";>*

*
 

Connexion
  

  *

*   *

*  *

**

*You have successfuly been loged out.
Home

 should be placed her??*

**

*//We compare the submited password and the real one, and we
check if the user exists  *

*   if($dn['password']==$password and mysql_num_rows($req)>0)
{*

*//If the password is ok, we set the $loginok var to
true
$loginok = true;*

*//If the password is good, we dont show the form
$form = false;
*

*  // If the user is alredy logged in
  if ($loginok)
  {
   if ($remember=="on")

   setcookie("username", $username,
time()+3600*48);*

*  else*

*
//We save the user name in the session
username and the user Id in the session userid*

* $_SESSION['username'] =
$username;
 $_SESSION['userid'] =
$dn['id'];
 $_SESSION['usr_level'] =
$dn['usr_level'];
   *

*   //  if (loggedin()){ --> should be placed her??
 *

*   switch ($usr_level)  *

* {
 case admin:
   $access_name = "admin";
   $page_suffix = "admin";
   break;*

*   case newbie:
  $access_name = "newbie";
  $page_suffix = "newbe";
   break;*

*case advanced:
   $access_name = "advanced";
   $page_suffix = "advanced";
   break
   } //close the switch-looop*

*   }  // close the if-logged in - loop  *

*  ?>*

*
Redirecting...

">*

**

*You have successfully been logged in. You can
now access the  area.*

* *

*'.$message.'';
} // close the display-block*

*   //We display the form, redirect back to login-page
   header("Location: header_login.php");

} // close the display message if-loop*

*
*

*?>*

*   *

* *

[PHP] Anyone has mcrypt working with Zend Community Edition and Mac OS X Lion?

[robert mena]

Hi,

After I've upgraded it stopped working and even if I reinstall the Zend CE
package it complains.

Regards.

Re: [PHP] SOAP-ERROR: Parsing Schema: unresolved element 'ref' attribute

[Richard Quadling]

Ah! The joy to mail readers.

If you can supply a valid URL, I can take a look and see what it is doing.

2011/8/19 Ignacio Marín Hernández :
> mmm, i think i understand you now!
>
> But the url it's ok, it's only
> $web_service="http://url_of_the_webservice.asmx?WSDL";;
>
> The second part between "<  >"
> ($web_service="http://url_of_the_webservice.asmx?WSDL")
> was Gmail who wrote it  (not me) when I forward the email.
>
> LoL
>
> By the way, Thanx fro the answer!
>
> El 19 de agosto de 2011 12:18, Richard Quadling 
> escribió:
>>
>> 2011/8/19 Ignacio Marín Hernández :
>> > Dear Richard Surely (hehe):
>> >
>> > I don´t understand what do you want to say with "that should be
>> > $web_service="http://url_of_the_webservice.asmx?WSDL";";
>> >
>> > Obviusly, "url_of_the_web_sevice" it's just an example. With the real
>> > url I
>> > can read without any problems the especifications of the WSDL. But i
>> > recived
>> > that error when I trie to connect doing
>> > new SoapClient($web_service, array('soap_version'   => SOAP_1_1,
>> >                                              'encoding'=>'utf-8',
>> >                                              'trace' => TRUE,
>> >                                              'STYLE' => SOAP_DOCUMENT,
>> >           'use'   => SOAP_LITERAL
>> >
>> >                                             )
>> >                         );
>> >
>> > Thanks!
>> >
>> >
>> >
>> >
>> > El 19 de agosto de 2011 11:26, Richard Quadling 
>> > escribió:
>> >>
>> >> 2011/8/19 Ignacio Marín Hernández :
>> >> >
>> >> >
>> >> > $web_service="http://url_of_the_webservice.asmx?WSDL
>> >> > ";
>> >>
>> >> Surely, that should be ...
>> >>
>> >> $web_service="http://url_of_the_webservice.asmx?WSDL";;
>> >>
>> >> And sorry for calling you Surely.
>> >>
>> >> Richard.
>> >> --
>> >> Richard Quadling
>> >> Twitter : EE : Zend : PHPDoc
>> >> @RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY : bit.ly/lFnVea
>> >
>> >
>>
>> Your url was ...
>>
>> http://www.site.com/service?wsdl
>>
>> Rather than ...
>>
>> http://www.site.com/service?wsdl
>>
>> Can you provide the URL?
>> --
>> Richard Quadling
>> Twitter : EE : Zend : PHPDoc
>> @RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY : bit.ly/lFnVea
>
>



-- 
Richard Quadling
Twitter : EE : Zend : PHPDoc
@RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY : bit.ly/lFnVea

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] SOAP-ERROR: Parsing Schema: unresolved element 'ref' attribute

[Ignacio Marín Hernández]

mmm, i think i understand you now!

But the url it's ok, it's only
$web_service="http://url_of_the_webservice.asmx?WSDL";;

The second part between "<  >"  ($web_service="
http://url_of_the_webservice.asmx?WSDL<
http://url_of_the_webservice.asmx/?WSDL>") was Gmail who wrote it  (not me)
when I forward the email.

LoL

By the way, Thanx fro the answer!

El 19 de agosto de 2011 12:18, Richard Quadling escribió:

> 2011/8/19 Ignacio Marín Hernández :
> > Dear Richard Surely (hehe):
> >
> > I don´t understand what do you want to say with "that should be
> > $web_service="http://url_of_the_webservice.asmx?WSDL";";
> >
> > Obviusly, "url_of_the_web_sevice" it's just an example. With the real url
> I
> > can read without any problems the especifications of the WSDL. But i
> recived
> > that error when I trie to connect doing
> > new SoapClient($web_service, array('soap_version'   => SOAP_1_1,
> >  'encoding'=>'utf-8',
> >  'trace' => TRUE,
> >  'STYLE' => SOAP_DOCUMENT,
> >   'use'   => SOAP_LITERAL
> >
> > )
> > );
> >
> > Thanks!
> >
> >
> >
> >
> > El 19 de agosto de 2011 11:26, Richard Quadling 
> > escribió:
> >>
> >> 2011/8/19 Ignacio Marín Hernández :
> >> >
> >> > $web_service="http://url_of_the_webservice.asmx?WSDL<
> http://url_of_the_webservice.asmx/?WSDL>
> >> > ";
> >>
> >> Surely, that should be ...
> >>
> >> $web_service="http://url_of_the_webservice.asmx?WSDL";;
> >>
> >> And sorry for calling you Surely.
> >>
> >> Richard.
> >> --
> >> Richard Quadling
> >> Twitter : EE : Zend : PHPDoc
> >> @RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY : bit.ly/lFnVea
> >
> >
>
> Your url was ...
>
> http://www.site.com/service?wsdl
>
> Rather than ...
>
> http://www.site.com/service?wsdl
>
> Can you provide the URL?
> --
> Richard Quadling
> Twitter : EE : Zend : PHPDoc
> @RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY : bit.ly/lFnVea
>

Fwd: [PHP] SOAP-ERROR: Parsing Schema: unresolved element 'ref' attribute

[Ignacio Marín Hernández]

Dear Richard Surely (hehe):

I don´t understand what do you want to say with "that should be
$web_service="http://url_of_the_webservice.asmx?WSDL
";"

Obviusly, "url_of_the_web_sevice" it's just an example. With the real url I
can read without any problems the especifications of the WSDL. But i recived
that error when I trie to connect doing
new SoapClient($web_service, array('soap_version'   => SOAP_1_1,
 'encoding'=>'utf-8',
 'trace' => TRUE,
 'STYLE' => SOAP_DOCUMENT,
  'use'   => SOAP_LITERAL

)
);

Thanks!




El 19 de agosto de 2011 11:26, Richard Quadling escribió:

2011/8/19 Ignacio Marín Hernández :
> > $web_service="http://url_of_the_webservice.asmx?WSDL<
> http://url_of_the_webservice.asmx/?WSDL>
> > ";
>
> Surely, that should be ...
>
> $web_service="http://url_of_the_webservice.asmx?WSDL";;
>
> And sorry for calling you Surely.
>
> Richard.
> --
> Richard Quadling
> Twitter : EE : Zend : PHPDoc
> @RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY : bit.ly/lFnVea
>

Re: [PHP] SOAP-ERROR: Parsing Schema: unresolved element 'ref' attribute

[Richard Quadling]

2011/8/19 Ignacio Marín Hernández :
> $web_service="http://url_of_the_webservice.asmx?WSDL
> ";

Surely, that should be ...

$web_service="http://url_of_the_webservice.asmx?WSDL";;

And sorry for calling you Surely.

Richard.
-- 
Richard Quadling
Twitter : EE : Zend : PHPDoc
@RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY : bit.ly/lFnVea

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] SOAP-ERROR: Parsing Schema: unresolved element 'ref' attribute

[Ignacio Marín Hernández]

Hi everybody!

I've got some troubles trying to connect with a WS.

I'd tried that with natives functions:

$web_service="http://url_of_the_webservice.asmx?WSDL
";

try {
$client = new SoapClient($web_service, array('soap_version'   => SOAP_1_1,
 'encoding'=>'utf-8',
 'trace' => TRUE,
 'STYLE' => SOAP_DOCUMENT,

'use'   => SOAP_LITERAL

)
);


}
catch (SoapFault $exception) {
//ERROR!!!
echo "A exception has ocurred:  ";
echo $exception;

}


and i recived this error:

A exception has ocurred:
SoapFault exception: [WSDL] SOAP-ERROR: Parsing Schema: unresolved element
'ref' attribute in /var/www/sites/version_2/SOAPdingus.php:20 Stack trace:
#0 /var/www/sites/version_2/
SOAPexample.php(20): SoapClient->__construct('http://services...', Array) #1
{main}



We are working with PHP 5.1.6 (but we tried too in a server with PHP 5.3.4
with the same error). You must know that we connect with others WS without
any kind of problems.

Re: [PHP] New version : EasyPHP (Wamp Server) 5.3.7.0 with PHP 5.3.7

[Sharl.Jimh.Tsin]

在 2011-08-19五的 15:16 +0800，EasyPHP写道：
> Hi
> 
> EasyPHP (Wamp Server) 5.3.7.0 is out and includes PHP 5.3.7
> 
> PHP 5.3.7 VC9 | Apache 2.2.19 VC9 | MySQL 5.5.15 | PhpMyAdmin 3.4.3.2
> | Xdebug 2.1.2
> 
> * Features *
> - avalaible server port automatically detected (no more port conflict)
> - administration page :
>  > apache configuration manager (timezone, port)
>  > php configuration manager (max execution time, error reporting, upload
>max filesize)
>  > create/delete alias
>  > add/list modules (wordpress, drupal, joomla, prestashop, spip, webgrind,
>xdebug manager...)
>  > phpinfo
>  > extensions
>  > mysql manager : phpmyadmin
> 
> * Install *
> - For administrators, EasyPHP is installed in "Program Files"
> - For non-elevated users, EasyPHP is "My Documents"
> - Or, on an USB key, external drive, memory stick…
> 
> * Apache Conf. *
> - Since 5.3.4.0, "localhost" is not used anymore. "127.0.0.1" is used
>  instead (Windows Vista/Seven hosts file permission problem)
> 
> Enjoy!
> 
> Website : www.easyphp.org
> Screenshots : www.easyphp.org/screenshots.php
> Facebook page : www.facebook.com/easywamp
> Twitter : www.twitter.com/easyphp
> 

so fast,Great Job!

-- 
Best regards,
Sharl.Jimh.Tsin (From China **Obviously Taiwan INCLUDED**)

Using Gmail? Please read this important notice:
http://www.fsf.org/campaigns/jstrap/gmail?10073.


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] New version : EasyPHP (Wamp Server) 5.3.7.0 with PHP 5.3.7

[EasyPHP]

Hi

EasyPHP (Wamp Server) 5.3.7.0 is out and includes PHP 5.3.7

PHP 5.3.7 VC9 | Apache 2.2.19 VC9 | MySQL 5.5.15 | PhpMyAdmin 3.4.3.2
| Xdebug 2.1.2

* Features *
- avalaible server port automatically detected (no more port conflict)
- administration page :
 > apache configuration manager (timezone, port)
 > php configuration manager (max execution time, error reporting, upload
   max filesize)
 > create/delete alias
 > add/list modules (wordpress, drupal, joomla, prestashop, spip, webgrind,
   xdebug manager...)
 > phpinfo
 > extensions
 > mysql manager : phpmyadmin

* Install *
- For administrators, EasyPHP is installed in "Program Files"
- For non-elevated users, EasyPHP is "My Documents"
- Or, on an USB key, external drive, memory stick…

* Apache Conf. *
- Since 5.3.4.0, "localhost" is not used anymore. "127.0.0.1" is used
 instead (Windows Vista/Seven hosts file permission problem)

Enjoy!

Website : www.easyphp.org
Screenshots : www.easyphp.org/screenshots.php
Facebook page : www.facebook.com/easywamp
Twitter : www.twitter.com/easyphp

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php