Re: [PHP] basic captcha
Savetheinternet wrote: [snip] Securimage (phpcaptcha.org) looks relatively okay.[snip] ..a final follow up with my experience implementing securimage (in the case that others go searching). This turned out to be a good solution for my purposes. It fit nicely with my form checks that were already in place (the quick start guide leaves room for various schools of thought regarding input cleaning). My suggestion: be sure to first run their compatibility check script before spending time downloading the files / reading the quick start. Donovan -- D Brooke -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Race Condition In PHP Session Handler
php-5.3.3-3.el6_2.6.x86_64 2.6.32-220.4.2.el6.x86_64 After some testing we moved our production PHP intranet site from an old server to a new CentOS 6.2 instance running the mentioned versions. At first it worked well and then user's started to experience a hung site. Upon some digging it appears that the PHP module is getting stuck in a race condition regarding the sessions file - [root@yannigan-orange fd]# strace -p 22607 Process 22607 attached - interrupt to quit flock(53, LOCK_EX^C unfinished ... where file handle 53 is ... lr-x--. 1 root root 64 Feb 17 15:24 52 - /opt/informix/msg/en_us/0333/cli.iem lrwx--. 1 root root 64 Feb 17 15:24 53 - /var/lib/php/session/sess_ulgsl9joplobb9o4fue3n2e1k0 l-wx--. 1 root root 64 Feb 17 15:24 6 - pipe:[660246] The PHP session file. Originally I had a tmpfs mounted for the session files. I removed that and used the underlying filesystem. Same issue. I disabled APC. Same issue. Switching the the memcache session handler resolved the issue, although that may be less optimal. But this seems like a PHP bug. Tips, comments, pointers? Backtrace of a hung httpd - #0 0x7fa175af9be7 in flock () from /lib64/libc.so.6 #1 0x7fa16cb59dfc in ?? () from /etc/httpd/modules/libphp5.so #2 0x7fa16cb5a047 in ?? () from /etc/httpd/modules/libphp5.so #3 0x7fa16cb56e4c in php_session_start () from /etc/httpd/modules/libphp5.so #4 0x7fa16cb57559 in ?? () from /etc/httpd/modules/libphp5.so #5 0x7fa16cc9afe8 in ?? () from /etc/httpd/modules/libphp5.so #6 0x7fa16cc72320 in execute () from /etc/httpd/modules/libphp5.so #7 0x7fa16cc4ca5d in zend_execute_scripts () from /etc/httpd/modules/libphp5.so #8 0x7fa16cbfacf8 in php_execute_script () from /etc/httpd/modules/libphp5.so #9 0x7fa16ccd59a5 in ?? () from /etc/httpd/modules/libphp5.so #10 0x7fa17751da60 in ap_run_handler () #11 0x7fa17752131e in ap_invoke_handler () #12 0x7fa17752c990 in ap_process_request () #13 0x7fa177529858 in ?? () #14 0x7fa177525568 in ap_run_process_connection () #15 0x7fa177531767 in ?? () #16 0x7fa177531a7a in ?? () #17 0x7fa177531dab in ap_mpm_run () #18 0x7fa177509900 in main () -- System Network Administrator [ LPI NCLA ] http://www.whitemiceconsulting.com OpenGroupware Developer http://www.opengroupware.us Adam Tauno Williams -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Race Condition In PHP Session Handler
On Mon, Feb 20, 2012 at 7:21 PM, Adam Tauno Williams awill...@whitemice.org wrote: php-5.3.3-3.el6_2.6.x86_64 2.6.32-220.4.2.el6.x86_64 After some testing we moved our production PHP intranet site from an old server to a new CentOS 6.2 instance running the mentioned versions. At first it worked well and then user's started to experience a hung site. Upon some digging it appears that the PHP module is getting stuck in a race condition regarding the sessions file - [root@yannigan-orange fd]# strace -p 22607 Process 22607 attached - interrupt to quit flock(53, LOCK_EX^C unfinished ... where file handle 53 is ... lr-x--. 1 root root 64 Feb 17 15:24 52 - /opt/informix/msg/en_us/0333/cli.iem lrwx--. 1 root root 64 Feb 17 15:24 53 - /var/lib/php/session/sess_ulgsl9joplobb9o4fue3n2e1k0 l-wx--. 1 root root 64 Feb 17 15:24 6 - pipe:[660246] The PHP session file. Originally I had a tmpfs mounted for the session files. I removed that and used the underlying filesystem. Same issue. I disabled APC. Same issue. Switching the the memcache session handler resolved the issue, although that may be less optimal. But this seems like a PHP bug. Tips, comments, pointers? Backtrace of a hung httpd - #0 0x7fa175af9be7 in flock () from /lib64/libc.so.6 #1 0x7fa16cb59dfc in ?? () from /etc/httpd/modules/libphp5.so #2 0x7fa16cb5a047 in ?? () from /etc/httpd/modules/libphp5.so #3 0x7fa16cb56e4c in php_session_start () from /etc/httpd/modules/libphp5.so #4 0x7fa16cb57559 in ?? () from /etc/httpd/modules/libphp5.so #5 0x7fa16cc9afe8 in ?? () from /etc/httpd/modules/libphp5.so #6 0x7fa16cc72320 in execute () from /etc/httpd/modules/libphp5.so #7 0x7fa16cc4ca5d in zend_execute_scripts () from /etc/httpd/modules/libphp5.so #8 0x7fa16cbfacf8 in php_execute_script () from /etc/httpd/modules/libphp5.so #9 0x7fa16ccd59a5 in ?? () from /etc/httpd/modules/libphp5.so #10 0x7fa17751da60 in ap_run_handler () #11 0x7fa17752131e in ap_invoke_handler () #12 0x7fa17752c990 in ap_process_request () #13 0x7fa177529858 in ?? () #14 0x7fa177525568 in ap_run_process_connection () #15 0x7fa177531767 in ?? () #16 0x7fa177531a7a in ?? () #17 0x7fa177531dab in ap_mpm_run () #18 0x7fa177509900 in main () -- System Network Administrator [ LPI NCLA ] http://www.whitemiceconsulting.com OpenGroupware Developer http://www.opengroupware.us Adam Tauno Williams It sounds like a bug in memcache to me, but anyway, there's little chance you're getting any info from this mailing list. You should open a bug report at bugs.php.net for this. If you want to be even more helpful, provide a backtrace with debug symbols included. - Matijn -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Test
Does this work? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Test
On Mon, Feb 20, 2012 at 13:57, Jay Blanchard jay.blanch...@sigmaphinothing.org wrote: Does this work? It does now. Guessing your host fixed some routing issues when you contacted them. -- /Daniel P. Brown Network Infrastructure Manager http://www.php.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Test
meaning what? Jay Blanchard jay.blanch...@sigmaphinothing.org wrote in message news:4f4297a6.3000...@sigmaphinothing.org... Does this work? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Test
Does this work? No? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Test
Nope doesn't work, ;) On Feb 20, 2012, at 1:57 PM, Jay Blanchard jay.blanch...@sigmaphinothing.org wrote: Does this work? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Test
On Mon, Feb 20, 2012 at 8:57 PM, Jay Blanchard jay.blanch...@sigmaphinothing.org wrote: Does this work? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php it works
Re: [PHP] Test
Definitely doesn't work Bastien Koert On 2012-02-20, at 2:21 PM, Jason Pruim li...@pruimphotography.com wrote: Nope doesn't work, ;) On Feb 20, 2012, at 1:57 PM, Jay Blanchard jay.blanch...@sigmaphinothing.org wrote: Does this work? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Test
On Mon, Feb 20, 2012 at 14:40, Bastien phps...@gmail.com wrote: Definitely doesn't work The list works just fine, it's you goofs who need to work now! ;-P -- /Daniel P. Brown Network Infrastructure Manager http://www.php.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Test
I'll be darned - it finally works. What's up with that? On Feb 20, 2012, at 1:49 PM, Daniel Brown wrote: On Mon, Feb 20, 2012 at 14:40, Bastien phps...@gmail.com wrote: Definitely doesn't work The list works just fine, it's you goofs who need to work now! ;-P -- /Daniel P. Brown Network Infrastructure Manager http://www.php.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Test
Someone finally got off their butt and got some work done? ;) And I have today off for Washingtons birthday! On Feb 20, 2012, at 2:59 PM, Jay Blanchard jay.blanch...@sigmaphinothing.org wrote: I'll be darned - it finally works. What's up with that? On Feb 20, 2012, at 1:49 PM, Daniel Brown wrote: On Mon, Feb 20, 2012 at 14:40, Bastien phps...@gmail.com wrote: Definitely doesn't work The list works just fine, it's you goofs who need to work now! ;-P -- /Daniel P. Brown Network Infrastructure Manager http://www.php.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Test
It's alvvve!!! Sent from my iPhone 5 Beta [Confidential use only] On 20 feb. 2012, at 21:08, Jason Pruim li...@pruimphotography.com wrote: Someone finally got off their butt and got some work done? ;) And I have today off for Washingtons birthday! On Feb 20, 2012, at 2:59 PM, Jay Blanchard jay.blanch...@sigmaphinothing.org wrote: I'll be darned - it finally works. What's up with that? On Feb 20, 2012, at 1:49 PM, Daniel Brown wrote: On Mon, Feb 20, 2012 at 14:40, Bastien phps...@gmail.com wrote: Definitely doesn't work The list works just fine, it's you goofs who need to work now! ;-P -- /Daniel P. Brown Network Infrastructure Manager http://www.php.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Test
Nooo, It's DEAD! On Mon, Feb 20, 2012 at 9:45 PM, Camilo Sperberg unrea...@gmail.com wrote: It's alvvve!!! Sent from my iPhone 5 Beta [Confidential use only] On 20 feb. 2012, at 21:08, Jason Pruim li...@pruimphotography.com wrote: Someone finally got off their butt and got some work done? ;) And I have today off for Washingtons birthday! On Feb 20, 2012, at 2:59 PM, Jay Blanchard jay.blanch...@sigmaphinothing.org wrote: I'll be darned - it finally works. What's up with that? On Feb 20, 2012, at 1:49 PM, Daniel Brown wrote: On Mon, Feb 20, 2012 at 14:40, Bastien phps...@gmail.com wrote: Definitely doesn't work The list works just fine, it's you goofs who need to work now! ;-P -- /Daniel P. Brown Network Infrastructure Manager http://www.php.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Test
Doesn't appear to meet DMARC standards. On 2/20/2012 1:57 PM, Jay Blanchard wrote: Does this work? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Compiling the SQLite3 Package on Windows
I'm new to PHP and need some help with compiling packages . I'm trying to install the php-sqlite3 class file (php-sqlite3.php) using a source files from PECL. The instructions say 1. unzip untar the package 2. run phpize 3. run ./configure --with-sqlite3=c:\sqlite3 4. make make install 5. (optionally) copy DB/sqlite3.php to /path/to/php/lib/php/DB/sqlite3.php The PHP development environment is installed on Windows Vista. The sqlite3 sources reside under c:\php-sdk\php53dev\vc9\x86\php-5.3.10\ext\sqlite3-0.5 And I'm running the phpize, configure commands directly under sqlite3-.0.5. I'm getting the following error during step 3... configure -with Error: Must be run from the root of the extension source. I'm pretty sure that I'm getting this error because the sqlite3 package that I downloaded is missing the config.w32 file and I'm not sure why this file is missing from the package. Stephen Landry SAP Release Engineering 245 First Street 16th Floor Cambridge, Mass 02139 Phone: 617-715-7437 Cell: 603-247-8722
Re: [PHP] basic captcha
Just a few notes on the previous responses.
Delaying with JavaScript, like validating with JavaScript is a rather
pointless endeavor. Think about it, you are putting your limiting
mechanism, on the hackers' computer... You can still post to your
server as fast as you want.
With regards to using external APIs and slow-downs, in my experience
it's because the coders of the website have no idea how browsers work,
as a result they will throw in a blocking action at the top of their
list and then you have to wait for google to serve you content before
you get the rest of your page.
With regards to capchas, somewhere around 80% if capcha software are
easily bypassed by current OCR software, another maybe another 15%
would be in the works 70-80% of time category, leaving only about 5%
of capcha software that is hard to impossible to crack with current
freely-available OCR technology. I am of the idea that if it annoys
users, and still doesn't work, it's not the best of solutions.
Honeypots, they will help against some robots, as those become more
advanced, honeypots like extra fields will begin to fail, especially
if you put easily parsable comments to help me them :P. Also doesn't
do anything about people who actually read your page code.
Tokens, tokens are something that really hasn't been discussed here
yet, but they can act just as well as a honeypot, actually in part
just like a honeypot, and probably offer a better protection.
For example consider registrations (part pseudo code):
1. You send me a request
2. I send you back a page, with a 2-part token,
one in html input type=hidden class=token name=token
value=S0mETOk3n/
one in JS, $('.token').val( $('.token').val() + b64d(SOM3B64==))
perhaps even a temp cookie or something
3. You then fill in the form and press submit
3.5. Submit posts the data without refreshing the whole page
(increasing the level of complexity of a system needed to exploit
this)
4. I send you an email and a page asking to not close out your page,
and for you to go check your email
4.5 i send you another bit of a token with my response
5. You go and check your email and have a short bit of text to paste
back into the new input on the page
6. You paste the text and press finish
7. I take your html token part, 2 js parts and email part (6
alphanumeric characters will do fine), combine them and send them back
Why i prefer that to a typical honeypot?
One of the biggest reasons, is state, you would have to maintain state
through the process you get a bit of a token every time you do
something
Another one is that it uses multiple pieces that are typically
available in full-fledged browsers
For registration scenario, there is an inherent time out in email
delivery, meaning that you have a built-in limit to the amount of
requests anyone who has bypassed your honeypot, can make.
--
The trouble with programmers is that you can never tell what a
programmer is doing until it’s too late. ~Seymour Cray
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Race Condition In PHP Session Handler
On Mon, 2012-02-20 at 20:02 +0100, Matijn Woudt wrote: On Mon, Feb 20, 2012 at 7:21 PM, Adam Tauno Williams awill...@whitemice.org wrote: php-5.3.3-3.el6_2.6.x86_64 2.6.32-220.4.2.el6.x86_64 The PHP session file. Originally I had a tmpfs mounted for the session files. I removed that and used the underlying filesystem. Same issue. I disabled APC. Same issue. Switching the the memcache session handler resolved the issue, although that may be less optimal. But this seems like a PHP bug. Backtrace of a hung httpd - #0 0x7fa175af9be7 in flock () from /lib64/libc.so.6 #1 0x7fa16cb59dfc in ?? () from /etc/httpd/modules/libphp5.so #2 0x7fa16cb5a047 in ?? () from /etc/httpd/modules/libphp5.so #3 0x7fa16cb56e4c in php_session_start () from /etc/httpd/modules/libphp5.so #4 0x7fa16cb57559 in ?? () from /etc/httpd/modules/libphp5.so #5 0x7fa16cc9afe8 in ?? () from /etc/httpd/modules/libphp5.so #6 0x7fa16cc72320 in execute () from /etc/httpd/modules/libphp5.so It sounds like a bug in memcache to me, but anyway, there's little No, switching *to* memcache as the session handler worked around the issue. chance you're getting any info from this mailing list. Expected; just thought I might get lucky with somone who was using the same current packages. You should opena bug report at bugs.php.net for this. If you want to be even more helpful, provide a backtrace with debug symbols included. I'm working on getting a full stack trace, but the CentOS debuginfo packages are lagging behind. -- System Network Administrator [ LPI NCLA ] http://www.whitemiceconsulting.com OpenGroupware Developer http://www.opengroupware.us Adam Tauno Williams -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] one problem in php ext development
hi, I want to development an extension which can do something by using HTTP request header. So how can php extension get those HTTP request headers? Thanks! Best regards, Rui Hu State Key Laboratory of Networking Switching Technology Beijing University of Posts and Telecommunications(BUPT) MSN: tchrb...@gmail.com -
[PHP] SimpleXML and the Single String (SOLVED)
Howdy, My PHP chops are a little rough around the edges so I know that I am missing something. I am working with SimpleXML to retrieve values from an XML file like this - $xmlCompany = $xml-SignonRq-SignonTransport-CustId-SPName; If I echo $xmlCompany I get the proper information. If I use $xmlCompany as an array value though, I get this object - $arrayLead[0]-Company = $xmlCompany; // what I did [Company] = SimpleXMLElement Object // what I got ( [0] = Dadgummit ) I tried casting AND THEN AS I TYPED THIS I figured it out... $xmlCompany = array((string) $xml-SignonRq-SignonTransport-CustId-SPName); // becomes an array $arrayLead[0]-Company = $xmlCompany[0]; // gets the right bit of the array and the result is [Company] = Dadgummit Thanks for bearing with me!
