[PHP] Webpage Persistence Load balancing
I'm having a webpage Persistence problem, it is intermittent. I suspect it is caused by load-balancing. Specifically: Users are connected to a webpage form to complete. Generally, everything is OK if they take a minute or even more to complete the form. However, sometimes they report to me, and I've seen it myself, the connection has been dropped by the server in a short time. They enter the data and Submit it to the server, and the page just reloads and their data is lost. I have the PHP ignore_user_abort(true); etc. Is there anything I can do to fix this or is it a server issue that you must fix? Thanks, Al. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Header Keep-Alive
I'm trying to increase the connection timeout; but can't get it to work. Note: Keep-Alive gets repeated. I'm using: header(Connection: Keep-Alive); header(Keep-Alive: timeout=9, max=100); I get: (Status-Line) HTTP/1.1 200 OK DateMon, 27 May 2013 20:19:54 GMT Server Apache Connection Keep-Alive, Keep-Alive Keep-Alive timeout=5, max=100 Expires Thu, 19 Nov 1981 08:52:00 GMT Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma no-cache Content-Encodinggzip VaryAccept-Encoding,User-Agent Set-Cookie Coach::VermontCamp2013_setupMode=58d7e534bec4ec57634c78caa59d8db2; expires=Sat, 23-Nov-2013 20:19:55 GMT; path=/Coach/; domain=.ridersite.org Transfer-Encoding chunked Content-Typetext/html; charset=utf-8 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] htaccess question
I know it's not a php question, but I can't readily find the answer elsewhere. I want to make this directive universal. Put htaccess file on any host in any folder. This works RewriteEngine On RewriteCond %{SERVER_PORT} !=443 RewriteRule ^(.*)$ https://www.foo.org/bar/$1 [R=301,L] #Here the foo.org and /bar must be specified I want what is in effect RewriteRule ^(.*)$ https://{host_name}/{directory}/$1 [R=301,L] I can easily do this with php regex capturing the (host and dir) and then rewriting the text string; but the Apache directives are not obvious. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Undefined Variables
On 2/14/2013 1:54 PM, Stuart Dallas wrote: Sorry for the top post! I don't know numbers, but my gut instinct is that the cycles wasted raising the notice (it gets raised even if it goes nowhere so turning display and log doesn't remove the hit completely) are better spent executing defensive code. There is no reason, ever, that production code should raise notices about which you don't care. If PHP is telling you something might be wrong, something might be wrong! And if you're investigating the code already, figure out what's happening and deal with it properly. Only lazy and/or developers ignore notices. If you're one of them and this statement offends you, you probably know it's right! -Stuart I agree with Stuart. To minimize the overhead of testing every possible undefined variable with isset(), I assign them at the top of the page which uses them. e.g., $userInstrHtmlSizeWarning = false; $currentUserRecArray = array(); if(!isset($_SESSION['pwPassed']))$_SESSION['pwPassed'] = false; I also have this snippet at the top of my app config file. if(true){ // TRUE for debug only ini_set(display_errors, on); //use off if users will see them error_reporting(E_ALL) $error_reporting = 'span style=color:redError display and logging on/span '; } else $error_reporting=null; I put this at a convenient place on the page so I don't forget to turn off the error reporting when the code goes live. if($error_reporting) echo $error_reporting; -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Need to have form protection techniques
On 8/17/2012 10:42 AM, Robert Cummings wrote: On 12-08-17 10:15 AM, Tedd Sperling wrote: On Aug 17, 2012, at 10:09 AM, Daniel Brown danbr...@php.net wrote: On Fri, Aug 17, 2012 at 12:05 AM, Ansry User 01 yrsna.res...@gmail.com wrote: I need to know the forms validity techniques for Php. This will probably take a while to absorb, so you may need to revisit this page several times: http://oidk.net/php/know-the-forms-validity-techniques-for.php No tedd, I'm sorry but the info in the link above is pretty much perfect. Cheers, Rob. Looks to me as if it's been hacked. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Too many open files
On 8/10/2012 12:02 PM, Daniel Brown wrote: On Fri, Aug 10, 2012 at 10:22 AM, Robert Cummings rob...@interjinn.com wrote: On 12-08-09 08:01 PM, Al wrote: I can't find a way to see what files could be open or what the limit is. Site is on a shared server, cPanel. ^ THIS is probably your problem. Too many open files indicates that either the user OR the OS has reached its limit of allowed open file handles. Open files are those used by the OS and every user on the shared server. The setting can be changed but you'll need an administrator to increase the number of allowed open files. I suspect it's at the OS level if indeed you only have 100 files open (though you likely have more due to files opened for you by the OS or whatnot. Rob is exactly right. This is managed via the kernel and ulimit, to prevent excessive resource usage. Often it's a temporary problem, but if it consistently occurs, your host may either be improperly configured or, more likely, overselling resources. I've checked carefully and my code does not have any open files, I obviously can't check the OS, etc. I'm using Pear Mail_mime()to batch send emails. The problem is created when my batch exceeds about 36 sends. I have several mail functions which all iterate this function for each recipient. emailPearSend($mime, $headers, $bodyText, $attachedFile = null, $imgFile = null) I did have the $mime = new Mail_mime(\r\n); in emailPearSend(), which meant it was called for every recipient. I tried moving it out of the calling function so it would only be called one time for each batch, and I send the $mime as a function arg. Didn't help. I'm off to get the host to check and fix the open files limit. Off the subject a bit. What does PHP do with repeated new classes, e.g. $mime = new Mail_mime Are they simply ignored or are additional new instances created. PHP won't let you duplicate function names. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Too many open files
Getting Too many open files error when processing an email batch process. The batch size is actually rather small and the email text is small likewise. I've looked extensively and can't find more than about 100 files that could be open. All my fetching is with get_file_contents(); I can't find a way to see what files could be open or what the limit is. Site is on a shared server, cPanel. I've googled extensively but can't find much to help analyze the problem. Only solutions I can find involve having the host tech people up the file limit. I don't generally like this for a solution because my application is designed to run shared hosts. Opinion... Would using a cache for my main file possibly help the problem. It gets called about 30 times per php page executed. Thanks -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Regex
On 7/27/2012 1:07 PM, Ethan Rosenberg wrote: Dear list - I've tried everything and am still stuck. A regex that will accept numbers, letters, comma, period and no other characters Thanks. Ethan Rosenberg %[\w\d,.]% -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Regex
On 7/27/2012 2:56 PM, David Harkness wrote: On Fri, Jul 27, 2012 at 11:43 AM, Al n...@ridersite.org wrote: %[\w\d,.]% \w will match digits so \d isn't necessary, but it will also match underscores which isn't desired. David You're correct, I forgot about the darn _ and \w includes digits So, how's about this. %(?!_)[\w,.]% -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Reverse DNS testing
I want to do a rDNS check on a admin entered host name to insure in-coming mail servers don't reject mail, sent by my app, because the rDNS doesn't exist or doesn't match. Here is the fundamental code: $host = $_SERVER['SERVER_NAME']; //site name shared or not $ip = gethostbyname($host); $hostName = gethostbyaddr($ip); //May be different on a shared host $ip2 = gethostbyname($hostName); The $ip works fine. However, one of the shared hosts I'm working with returns this instead of the original $host gethostbyaddr($ip)= 93.247.128.148-static.foo.com [foo is subs for actual] gethostbyname($hostName)= 93.247.128.148-static.foo.com It appears gethostbyname() is just returning $hostName because it is not legit. Using just the foo.com in gethostbyname() returns the host's server IP. Thus, the typical rDNS check fails for this site. Several online checks also report rDNS fails. Any suggestions how I can handle this? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Reverse DNS testing
On 7/12/2012 3:09 PM, Jim Lucas wrote: On 07/12/2012 11:17 AM, Al wrote: I want to do a rDNS check on a admin entered host name to insure in-coming mail servers don't reject mail, sent by my app, because the rDNS doesn't exist or doesn't match. Here is the fundamental code: $host = $_SERVER['SERVER_NAME']; //site name shared or not $ip = gethostbyname($host); $hostName = gethostbyaddr($ip); //May be different on a shared host $ip2 = gethostbyname($hostName); Throw in a filter_var() check with the FILTER_VALIDATE_IP flag? if ( filter_var($hostName, FILTER_VALIDATE_IP) === TRUE ) { # This is an IP # do something } Or do a conditional check if ( $hostName === $ip2 ) { # no change... # handle no resolution issue. } The $ip works fine. However, one of the shared hosts I'm working with returns this instead of the original $host gethostbyaddr($ip)= 93.247.128.148-static.foo.com [foo is subs for actual] gethostbyname($hostName)= 93.247.128.148-static.foo.com It appears gethostbyname() is just returning $hostName because it is not legit. Using just the foo.com in gethostbyname() returns the host's server IP. Thus, the typical rDNS check fails for this site. Several online checks also report rDNS fails. Any suggestions how I can handle this? I have some additional tests already. Left them out of this dialog to just focus on the essential problem. I check the syntax and stuff before it gets to this code -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Reverse DNS testing
On 7/12/2012 3:58 PM, David OBrien wrote: On Jul 12, 2012, at 2:17 PM, Al wrote: I want to do a rDNS check on a admin entered host name to insure in-coming mail servers don't reject mail, sent by my app, because the rDNS doesn't exist or doesn't match. Here is the fundamental code: $host = $_SERVER['SERVER_NAME']; //site name shared or not $ip = gethostbyname($host); $hostName = gethostbyaddr($ip); //May be different on a shared host $ip2 = gethostbyname($hostName); The $ip works fine. However, one of the shared hosts I'm working with returns this instead of the original $host gethostbyaddr($ip)= 93.247.128.148-static.foo.com [foo is subs for actual] gethostbyname($hostName)= 93.247.128.148-static.foo.com It appears gethostbyname() is just returning $hostName because it is not legit. Using just the foo.com in gethostbyname() returns the host's server IP. Thus, the typical rDNS check fails for this site. Several online checks also report rDNS fails. Any suggestions how I can handle this? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php It appears the RDNS for that ip has not been mapped to the server name do you have control of the DNS servers? can you check the dns config? Unfortunately, the website is on a typical shared, low cost host. So, I can't get to the DNS record and the outfit's tech support won't help. So, I'm trying to do a reasonable work around in case I run into this issue again on another shared host. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] What's happened to our newsgroup?
No postings for days. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: php form action breaks script
On 6/14/2012 7:28 PM, Tim Dunphy wrote: Hello list, I was just wondering if I could get some opinions on a snippet of code which breaks a php web page. First the working code which is basically an html form being echoed by php: if ($output_form) { echo 'br /br /form action=sendemail.php method=post label for=subjectSubject of email:/labelbr / input id=subject name=subject type=text size=30 /br / label for=elvismailBody of email:/labelbr / textarea id=elvismail name=elvismail rows=8 cols=40/textareabr / input type=submit name=Submit value=Submit / /form'; } However if I change the form action to this, it breaks the page resulting in a white screen of death: if ($output_form) { echo 'br /br /form action=?php echo $_SERVER['PHP_SELF']; ? method=post label for=subjectSubject of email:/labelbr / input id=subject name=subject type=text size=30 /br / label for=elvismailBody of email:/labelbr / textarea id=elvismail name=elvismail rows=8 cols=40/textareabr / input type=submit name=Submit value=Submit / /form'; } Reverting the one line to this: echo 'br /br /form action=sendemail.php method=post gets it working again. Now I don't know if it's an unbalanced quote mark or what's going on. But I'd appreciate any advice you may have. Best, tim heredoc is best for this if ($output_form){ $report = sty br /br / form action=sendemail.php method=post label for=subjectSubject of email:/label br / input id=subject name=subject type=text size=30 / br / label for=elvismailBody of email:/label br / textarea id=elvismail name=elvismail rows=8cols=40/textarea br / input type=submit name=Submit value=Submit / /form sty; } -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: php form action breaks script
It is a small price to pay for large block, especially if the text has any quotes. Personally, I can't keep them straight and delimit them, etc. Heredoc saves all that such stuff. $insert= MY_DEFINED; echo hdc This is my $insert hdc; On 6/15/2012 12:39 PM, Jim Lucas wrote: On 06/15/2012 06:35 AM, Jim Giner wrote: Hear, Hear for heredocs. The only way to code up your html. Took me a few months to discover it and haven't looked back since. The only problem I have with HEREDOC is I cannot use constants within them. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] global array
On 6/14/2012 12:49 PM, Jim Giner wrote: Yes - PHP is very picky. Hence I never capitalize anything! I use underscores to make varnames more understandable, as in $inv_req There is another nice custom e.g. $invReg it's easy to read and it doesn't conflict with PHP syntax for some functions e.g., in_aray(). and defines DOCUMENT_ROOT -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re:
On 6/3/2012 8:26 PM, Chris Purves wrote: Hello, I am trying to use preg_match to match something from an html file. Within the html file is some text that looks like: spanSomething, something end/span I know that the text ends 'end', but I don't know what the Something, something is. I am using preg_match as follows: preg_match('/[^]*end/',$curl_response,$matches); I want to match 'end' and everything before it that is not ''. The problem appears to be with the ''. I have tried escaping (\), but it didn't make a difference. The php script hangs when it tries to run this function. You didn't say the phrase is always enclosed in span tags; but I assume it is not. This will handle any tags. Try this pattern %[^]+(.+)\s+end\s*/%i Note the % instead of / because you need it in the pattern. Also, the \s are in case there are extra spaces. Use print_r on your $matches. If you expect more than one, then use preg_match_all() -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] disabled cookies
Disabled cookies use to be a problem years ago. What's your experience these days. I need it for my session ID. As I read the docs, the old method of appending it to the URL is a security issue. I can obviously save the ID in a temp file which can be read by all the pages needing it. Al -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Best practice question regarding set_include_path()
For my applications, I've been using includes and other file addressing by using the doc root as the base dir. e.g. require_once $_SERVER['DOCUMENT_ROOT'] . '/miniRegDB/includes/miniRegDBconfig.php'; Recently, I ran into a problem with a new installation on a shared host where the doc root was assigned in an unusual manner. I rather not require setting a custom base dir [instead of $_SERVER['DOCUMENT_ROOT']'] for my applications. So, I was wondering if it would be good practice to use the set_include_path() and add the base dir for my applications. I've used this for dealing with Pear function files on shared servers and had no problems. Need some guidance regarding this subject. Thanks -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: foreach
On 4/5/2012 4:15 PM, Ethan Rosenberg wrote: Dear Lists - I know I am missing something fundamental - but I have no idea where to start to look. Here are code snippets: I have truncated the allowed_fields to make it easier to debug. $allowed_fields = array( 'Site' ='POST[Site]', 'MedRec' = '$_POST[MedRec]', 'Fname' = '$_POST[Fname]' ); echo post #1\n; print_r($_POST); RESPONSE: post #1 Array ( [Site] = AA [MedRec] = 10002 [Fname] = [Lname] = [Phone] = [Height] = [welcome_already_seen] = already_seen [next_step] = step10 ) // $allowed_fields = array(Site, MedRec, Fname, Lname, // previous statement of $allowed_fields // Phone, Sex, Height); Key Site, Value POST[Site] Key MedRec, Value $_POST[MedRec] Key Fname, Value $_POST[Fname] foreach ($allowed_fields as $key = $val) { print Key $key, Value $val\n; } if(isset($_Request['Sex']) trim($_POST['Sex']) != '' ) { if ($_REQUEST['Sex'] === 0) { $sex = 'Male'; } else { $sex = 'Female'; } } } echo Post#2; print_r($_POST); if(empty($allowed_fields)) //RESPONSE Post#2Array ( [Site] = AA [MedRec] = 10002 [Fname] = [Lname] = [Phone] = [Height] = [welcome_already_seen] = already_seen [next_step] = step10 ) { echo ouch; } foreach ( $allowed_fields as $key = $val ) //This is line 198 { if ( ! empty( $_POST['val'] ) ) { print Key $key, Value $val\n; $cxn = mysqli_connect($host,$user,$password,$db); $value = mysql_real_escape_string( $_POST[$fld] ); $query .= AND $fld = '$_POST[value]' ; echo #1 $query; //never echos the query } } These are the messages I receive on execution of the script: Notice: Undefined variable: allowed_fields in /var/www/srchrhsptl5.php on line 198 Warning: Invalid argument supplied for foreach() in /var/www/srchrhsptl5.php on line 198 Advice and help, please. Thank you. Ethan Rosenberg Break down you code into workable segments and test each one individually. If you have a problem with a small segment, ask for help about it specifically. Folks don't have time to digest and critique your whole code. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] foreach weirdness
On 3/23/2012 10:11 PM, Robert Cummings wrote: On 12-03-23 06:30 PM, Simon Schick wrote: 2012/3/23 Robert Cummingsrob...@interjinn.com On 12-03-23 11:16 AM, Arno Kuhl wrote: it still does not produce the correct result: 0 1 3 6 10 15 21 0 1 3 6 10 15 15 This looks like a bug... the last row should be the same. What version of PHP are you using? Have you checked the online bug reports? Hi, Robert Does not seem like a bug to me ... http://schlueters.de/blog/archives/141-References-and-foreach.html What you should do to get the expected result: Unset the variable after you don't need this reference any longer. Ah yes... that clued me in. I disagree with the article's generalization with respect to references since references accomplish some things that cannot be accomplished otherwise, but even I missed the fact that the second loop was using a variable that was a reference to the last element of the array as created in the first loop *lol*. The user's very act of checking their results was confounding the result... I love it :) Cheers, Rob. Re, your ...that cannot be accomplished otherwise,... Can you provide some examples? The only ones I've found are when using create_function() and the arguments for callback functions. I can't even remember or find in my code an example of my foreach()loops needed it. Seems, I recall earlier versions of PHP [4? ]required references for variables. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: $POST and $_SESSION
On 3/15/2012 11:04 AM, Tedd Sperling wrote: $first_name = $_SESSION['first_name'] ? $_SESSION['first_name'] : null; $first_name = isset($_POST['first_name']) ? $_POST['first_name'] : $first_name; $_SESSION['first_name'] = $first_name; $_SESSION['first_name'] = (isset($_POST['first_name']))? $_POST['first_name']:(isset($_SESSION['first_name']))? $_SESSION['first_name']:null; -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: $POST and $_SESSION
On 3/17/2012 12:52 PM, Al wrote: On 3/15/2012 11:04 AM, Tedd Sperling wrote: $first_name = $_SESSION['first_name'] ? $_SESSION['first_name'] : null; $first_name = isset($_POST['first_name']) ? $_POST['first_name'] : $first_name; $_SESSION['first_name'] = $first_name; $_SESSION['first_name'] = (isset($_POST['first_name']))? $_POST['first_name']:(isset($_SESSION['first_name']))? $_SESSION['first_name']:null; Another benefit is that the variable, $_SESSION['first_name'], doesn't need to be assigned before hand. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Test
Doesn't appear to meet DMARC standards. On 2/20/2012 1:57 PM, Jay Blanchard wrote: Does this work? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Continued Problems Accessing *.php.net?
On 1/23/2012 6:22 PM, Daniel Brown wrote: ALL: As you may have noticed, early this morning we got bored and decided to delete php.net from the Internet. After getting an estimated sixteen-point-four trillion complaints, we became overwhelmed and aggravated by your incessant need to RTFM that we pressed CTRL+Z and brought it back. You're welcome. In earnest, a catastrophic failure on one of our systems coincided with a migration effort being headed by some very talented folks. This led to a domino effect of issues that resulted in a temporary - but widespread - impact on the online version of the documentation and downloads. Things are nearly back to normal now across the network --- or so it seems. If you come across any issues on your favorite *.php.net mirror, please let us know at https://bugs.php.net/ or via a reply to this thread and we'll check it out. As a result, a list of the top ten reasons PHP had an outage today: 10.) We installed an experimental PECL module named Invisible Ink. 9.) We learned our indoor solar panels don't work when the lights get turned off. 8.) We had our mobile bandwidth slowed to a crawl because we exceeded 2GB for the month. 7.) A Groupon swarm for two free downloads for the price of one killed our network. 6.) We whited out this time to protest another Patriots/Giants Superbowl, while the BC Lions never even got a phone call. 5.) Our build of mod_expires runs on the Mayan calendar, and attempting to do a 60-day expire segfaulted. 4.) The $25.90 check we wrote to cover the server's AOL dial-up bounced. 3.) It's Chinese New Year, but it was too cold to set off the fireworks outside today, so sorry. 2.) As it turned out, all our base truly were belong to them. 1.) We needed 7,500,001 signatures on the petition against SOPA/PIPA. Thanks to all for your patience and such. And, of course, apologies to all. Now, how about having the some very talented folks fix the severely restricted access to the NNTP server. Rarely can I download more than about 10 topics without a time out. Per your request several times over at least 2 years, I've filed bug reports. The problem still exists. Though until about a week ago, it was a little better. Al -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Question regarding passwords/security
On 12/22/2011 10:05 AM, Paul M Foster wrote: Not sure how to ask this question... I've always eschewed consulting a database on page loads to determine if a user is logged in, primarily because of latency issues. For example, you could store a nonce like the session ID in a table for a user when they log in. Then each time they arrive at a page which needs certain permissions to access, you'd check the table for the nonce and compare it to the actual session ID or whatever to determine that they're properly logged in. This seems reasonable but suffers from the lag on the database link's query-and-response lag time. So I've always preferred some solution where something is dragged along in a session cookie instead. Maybe something like the hash of user login, email and user name, which wouldn't be there unless you'd put it there on login. But this latter scheme just seems inherently less secure than consulting the table. Is there any concensus or overwhelming argument one way or the other? Paul Why not just use Sessions, that's what the function is for. http://php.net/manual/en/features.sessions.php There is a good example on this page. I'm also big on using the session buffer to maintain the current states for visitors. e.g., one I'm working on now. Obviously, most are binary switches. Makes condition logic simple. [confirmedRestrictedUser] = [idPassed] = [loggedIn] = [newRegRecordMode] = [pendingRestrictedUser] = [recordToken] = [regModeLoggedIn] = [regUserEditMode] = [restrictedMode] = 1 [secrCodePassed] = [securityPassed] = [sessionStart] = Thu, 22 Dec 2011 12:49:54 -0500 [userType] = restricted -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Question regarding passwords/security
On 12/22/2011 2:54 PM, Stuart Dallas wrote: On 22 Dec 2011, at 19:34, Paul M Foster wrote: I have concerns that the items in a session buffer can be copied and used to spoof legitimate logins. This is harder to do when the info is held in a database. Storing stuff in a database is no more secure, it simply requires one single extra step... finding the DB credentials in the source code. Given that the only way a user could read session data (assuming you're using the default session handler, i.e. file-based) is if they have access to those files. If they do have access to those files they almost certainly also have access to your source code (since the web user must be able to read both), especially if you're using a shared host. If you're using a dedicated server then you should address the reason you're worried about people having access to session files first. -Stuart Sessions are faster, one step to read the session array. Encode a token e.g., MD5 the timestamp, and save it in the session buffer. Gets pretty secure. If you're on a shared host with poor security, bad folks can do anything on your site. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Preferred Syntax
On 12/14/2011 7:59 AM, Rick Dwyer wrote: Hello all. Can someone tell me which of the following is preferred and why? echo a style='text-align:left;size:14;font-weight:bold' href='/mypage.php/$page_id'$page_name/abr; echo a style='text-align:left;size:14;font-weight:bold' href='/mypage.php/.$page_id.'.$page_name./abr; When I come across the above code in line 1, I have been changing it to what you see in line 2 for no other reason than it delineates out better in BBEdit. Is this just a preference choice or is one method better than the other? --Rick This not a PHP subject and should not be here. However, styles should be in the style block or better in the styles CSS file. Spend some time learning about CSS3 and modern techniques. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: How to use a variable variable in an array walk?
On 12/13/2011 5:43 PM, Nils Leideck wrote: Anyone?:-( is my description too unclear? On 11.12.2011, at 11:25, Nils Leideck wrote: this is my first post to the PHP general list. I have an issue with a variable variable (http://php.net/manual/en/language.variables.variable.php) My use case: I have an array called $myArray. The structure is as following: array(1) { [user_interface]= array(1) { [design]= array(1) { [“my_colors]= array(5) { [item_number_one]= string(6) red [item_number_two]= string(40) '[user_interface][design][my_colors][item_number_one]' } } } } As you can see, the item_number_one has no direct color value assigned but the structure of the path to item_number_one in the $myArray variable. I tried with array_wal_resursive. During this step (the array building is completed) I want to find these values (I use a static value in my example, in the real code I will use regular expressions) and assign the value of the virtually related item to the considered item. So in my example above, I want to have the following values after the process is done: $myArray[user_interface][design][my_colors][item_mumber_one] = red; // this is item number 1 $myArray[user_interface][design][my_colors][item_mumber_two] = red; // this should be item number 2 The second issue here is, how do I evaluate at which point the process is exactly, because the value and the key that is transferred to the function by array_walk_recursive has only the value itself but not array path to the current item. Any idea how get this done? Or am I too complicated maybe? I tried several combinations of ${$var}, $myArray{$var}, {$myArray}{$var} ... and many more. Any help is much much appreciated! Cheers, Nils I'm short of time to conjure this in detail; but, on the surface it seems like nested foreach()s would do the trick. foreach($myArray as $key1 = $userArray) { foreach($userArray as $key2 = $designArray) { foreach($designArray as $key3 = $colorsArray) { foreach($colorsArray as $key4=$itemsArray){ //do stuff here. All keys are available } } } } } -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Common way to store db-password of open session?
On 11/29/2011 7:40 AM, Nilesh Govindarajan wrote: On Tue 29 Nov 2011 01:34:08 PM IST, Andreas wrote: Hi, is threre a most advisble way to store db-passwords of an open user-session? As far as I get it, a common login strategy is to let the user login by namepassword, check it, store a login=TRUE as php-session variable and later use a common dbuser+pw to query data provided login is TRUE. This way one wouldn't have to store the users pw or actually the user wouldn't have a real db-account but rather an application account. Is this really better or equal than using real db-accounts? Should I rather store the db-credentials in a session or cookies? Session is vulnerable as any host-user could look into /tmp. This would generally be a trusted few though. On the other hand cookies could be manipulated by the user or at least be spied upon on the way between user and web-host everytime the credentials are needed for a query. What exactly do you mean by db-account? I didn't understand your question, but this is what I do in my applications- When the user submits the login form, validate POST data (for mischevious stuff) and check if username password query works out successfully. If it does, store a session variable login=true and let the user work on the private parts of the site. The cookie essentially, contains just the session id. I never use cookies to store data, only sessions. I also add ip and user-agent filtering to my auth systems. Sounds like $_SESSION buffer is what you need. I use the buffer extensively in most of my designs. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Parsing the From field
On 11/19/2011 11:29 AM, Alain Williams wrote: On Sat, Nov 19, 2011 at 11:23:59AM -0500, Ron Piggott wrote: I am unsure of how to parse first name, last name and e-mail address from the 'From:' field of an e-mail. What I am struggling with is if the name has more than two words - Such as the last name being multiple words - A name a business or department is given instead of a personal name - If the person has included their middle name, middle initial or degrees (“Dr.�) - If last name has multiple words Also the formatting of the from field changes in various e-mail programs: From: Ron Piggottron.pigg...@actsministries.org From: Ron Piggottron.pigg...@actsministries.org From: ron.pigg...@actsministries.org From:ron.pigg...@actsministries.org If there is more than 2 words for the name I would like them to be assigned to the last name. You can make no such assumption, different people/companies/... do it in different ways. If you really want to have fun look at the different 'norms' from different countries. Perhaps, Ron's email are constrained so there is a finite syntax. e.g., only to actsministries.org Ron: I'd suggest your best approach is to use preg_match() There are several examples on the net, try Google php preg_match email address -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: newline and return issues in string
On 10/11/2011 7:58 AM, ad...@buskirkgraphics.com wrote: I have come across an issue with my string that I would like to find a faster way to resolve. It seems there are new lines and returns at different positions of the string. First I exploded on the new line explode(“\n”, $ string) This gave me a nice array but when I try to implode I get the new lines again. There is not a consistent position and there seems to be some hidden returns in the array as well. Is there a way, or has someone written a filter that would allow me to remove all the newlines and returns from the array or string. Understand I have resolved this issue but I think I have to be going about this the hard way because it is just too complex . FYI $filter = array(\r\n, \n, \r); str_replace($filter,’’,$string) ß this is useless in this situation I have tried and it does not change the string at all. Understand the newlines and returns do not display in the string as literals. Meaning you do not see /n or /r it is hidden. Try this: $strippedStr= preg_replace(%(\n|\r)%, #, $string); The # will let your see what's happening. Change it to simply . for the final version. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: newline and return issues in string
On 10/11/2011 10:44 AM, ad...@buskirkgraphics.com wrote: Richard L. Buskirk Senior Software Engineer/Systems Administrator You can’t grow your business with systems that are on life support... -Original Message- From: Al [mailto:n...@ridersite.org] Sent: Tuesday, October 11, 2011 10:17 AM To: php-general@lists.php.net Subject: [PHP] Re: newline and return issues in string On 10/11/2011 7:58 AM, ad...@buskirkgraphics.com wrote: I have come across an issue with my string that I would like to find a faster way to resolve. It seems there are new lines and returns at different positions of the string. First I exploded on the new line explode(“\n”, $ string) This gave me a nice array but when I try to implode I get the new lines again. There is not a consistent position and there seems to be some hidden returns in the array as well. Is there a way, or has someone written a filter that would allow me to remove all the newlines and returns from the array or string. Understand I have resolved this issue but I think I have to be going about this the hard way because it is just too complex . FYI $filter = array(\r\n, \n, \r); str_replace($filter,’’,$string) ß this is useless in this situation I have tried and it does not change the string at all. Understand the newlines and returns do not display in the string as literals. Meaning you do not see /n or /r it is hidden. Try this: $strippedStr= preg_replace(%(\n|\r)%, #, $string); The # will let your see what's happening. Change it to simply . for the final version. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php PERFECT Thank you so much for that I don't know why so many go to awful extremes to avoid using the preg functions. Rarely, does their overhead have a measurable affect on overall execution times. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: filter_input and $_POST deep array
On 9/23/2011 5:51 AM, jean-baptiste verrey wrote: Hi, I have using a form that gives me something like $_POST=array( 'login'=array( 'email'='he...@myphp.net', 'password'='123456' ) ) is there a way to use filter_input function to filter the values? I tried filter_input(INPUT_POST,'login[email]') but it does not work! Regards, Jean-Baptiste Verrey foreach() in the manual -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Stop PHP execution on client connection closed
See http://us2.php.net/manual/en/function.connection-aborted.php On 9/12/2011 10:40 AM, Marco Lanzotti wrote: Hi all, I'm new in the list and I already have a question for you. I'm running an heavy query on my DB in a PHP script called by AJAX. Because client often abort AJAX connection to ask a new query, I need to stop query because DB will be too loaded. When AJAX connection is aborted, PHP script doesn't stop until it send some output to client, so I need to wait query execution to know client aborted connection. How can I abort query (or script) when AJAX connection is aborted? Thank you, Marco -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: testing
On 8/2/2011 5:18 PM, Jim Giner wrote: Don't seem to be getting any feeds thru the newsgroup mirror(?). This newsgroup has been a mess for almost a year now. One big problem is that the server only accepts a small number of connections, for just some mail clients, eg Thunderbird; but works for others. My Thunderbird works flawlessly for numerous other newsgroups. I've posted 2 or 3 bug reports, no response! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: testing
On 8/3/2011 9:16 AM, Ashley Sheridan wrote: Aln...@ridersite.org wrote: On 8/2/2011 5:18 PM, Jim Giner wrote: Don't seem to be getting any feeds thru the newsgroup mirror(?). This newsgroup has been a mess for almost a year now. One big problem is that the server only accepts a small number of connections, for just some mail clients, eg Thunderbird; but works for others. My Thunderbird works flawlessly for numerous other newsgroups. I've posted 2 or 3 bug reports, no response! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php This newsgroup is actually a mailing list. Thanks, Ash http://www.ashleysheridan.co.uk Oh, I thought news.php.net was a NNTP news server. And, news://news.php.net:119/php.general was a newsgroup on the server. My mistake. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: this newsgroup and OE
I've reported the issue Bugzilla two times, and others have also. On 6/22/2011 11:27 AM, Shawn McKenzie wrote: On 06/22/2011 09:45 AM, Jim Giner wrote: Perhaps someone can tell me the secret to getting problem-free access to the php newsgroups using OE. I have two other newsgroup servers configured in OE which do not give me any difficulties at all. My setup for news.php.net however gives me nothing but problems. Inability to connect to messages, long delays during normal polling for new items that hangs up my normal mail traffic, etc. Right now, OE indicates two new messages in the php.general list, but I cannot download them at this time because OE says it cannot connect (oops - just went to get the text of the message and now OE has been able to connect). Some of the details of my config: server name: php.new.net port #: 119 timeouts: 30 secs. nothing else in particular set up - same as my other working newsgroup accounts. Thanks in advance. No secret. This has been happening to me every day for years using Thunderbird. It's a news server issue that has never been corrected. I've reported the issue Bugzilla two times, and others have also. No response. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] htaccess question
How can I prevent access to all files in a directory except one with an htaccess file. I've tried several approaches found with Googling; but, none seem to work. e.g., FilesMatch ^(makeScodeImg.php) Order Allow,Deny Deny from all /FilesMatch This seems to me as it should deny to all except makeScodeImg.php Thanks -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Script ID?
On 5/21/2011 10:11 AM, tedd wrote: Hi gang: Okay, so,what's the best (i.e., most secure) way for your script to identify itself *IF* you plan on using that information later, such as the value in an action attribute in a form? For example, I was using: $self = basename($_SERVER['SCRIPT_NAME']); form name=my_form action=?php echo($self); ? method=post However, that was susceptible to XSS. http://www.mc2design.com/blog/php_self-safe-alternatives says a simple action=# would work. But is there a better way? What would do you do solve this? Cheers, tedd Consider saving a hash for your script file in a session buffer. Then compare the hash value for the new file. Or, just save the file's create date as a session value and compare it with the new one. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Newsgroup status
Is this group off the air or just no topics being posted? I've not seen it so quiet in years. Al. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: htaccess question
On 4/26/2011 5:54 AM, David Robley wrote: Al wrote: I want to restrict access to all files except one on my site and in parent dir. Thought this should work; but it doesn't. Files * Order Deny,Allow Deny from all Allow from xx.36.2.215 /Files xx.36.2.215 is actual value IP This file makes a captcha image and is called with img src=makeScodeImg.php alt=missing img file / in file /dir/control.php makeScodeImg.php is= /dir/includes/makeScodeImg.php Works fine if allow all just for testing Thanks Seems like more of a question for an apache group than a php group. Or you might check the apache docs at: http://httpd.apache.org/docs/2.2/howto/htaccess.html http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#allow Cheers You're correct, thanks -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] htaccess question
I want to restrict access to all files except one on my site and in parent dir. Thought this should work; but it doesn't. Files * Order Deny,Allow Deny from all Allow from xx.36.2.215 /Files xx.36.2.215 is actual value IP This file makes a captcha image and is called with img src=makeScodeImg.php alt=missing img file / in file /dir/control.php makeScodeImg.php is= /dir/includes/makeScodeImg.php Works fine if allow all just for testing Thanks -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: htaccess question
On 4/24/2011 5:48 PM, Al wrote: I want to restrict access to all files except one on my site and in parent dir. Thought this should work; but it doesn't. Files * Order Deny,Allow Deny from all Allow from xx.36.2.215 /Files xx.36.2.215 is actual value IP This file makes a captcha image and is called with img src=makeScodeImg.php alt=missing img file / in file /dir/control.php makeScodeImg.php is= /dir/includes/makeScodeImg.php Works fine if allow all just for testing Thanks Whoops. I meant to say I want to restrict access to all files in a directory [/includes] except allow access to makeScodeImg.php from one in the parent dir/control.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Please help with glob
Hi Louis, Yes, I have read that glob is only available for PHP 4.3 and I am using version 5.2.1.7 # /usr/local/bin/php -v PHP 5.2.17 (cli) (built: Feb 16 2011 15:41:35) Copyright (c) 1997-2010 The PHP Group Zend Engine v2.2.0, Copyright (c) 1998-2010 Zend Technologies with Zend Optimizer v3.3.9, Copyright (c) 1998-2009, by Zend Technologies # /usr/local/bin/php globtest.php Fatal error: Call to undefined function glob() in /usr/local/apache2/htdocs/hrms/globtest.php on line 2 I have read somewhere that it could be connected to glibc, not I have no idea how to fix that. Anyone ? -- al On Tue, Apr 5, 2011 at 2:25 PM, Louis Huppenbauer louis.huppenba...@gmail.com wrote: Hi there Since glob is actually a part of the core - Are you absolutely sure that you're running PHP 4.3 2011/4/5 Al Mangkok almang...@gmail.com: Hi everyone, I am very new to PHP and trying to learn the glob() function. I copied the example on php.net : ?php foreach (glob(*.txt) as $filename) { echo $filename size . filesize($filename) . \n; } ? When I ran the script, I got this error message: Fatal error: Call to undefined function glob() in /usr/local/apache2/htdocs/hrms/globtest.php on line 2 I am running PHP 5.2.17 on CentOS 4.8 . How do I compile PHP to get the glob function in ? Please help. -- al -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Please help with glob
Yesterday I yum installed these: glibc-common.i386 2.3.4-2.54 glibc.i686 2.3.4-2.54 glibc-headers.i386 2.3.4-2.54 glibc-devel.i386 2.3.4-2.54 And about ten minutes ago I recompiled PHP with identical configure options as before. And this time the glob function is inside PHP. Phew. Hopefully someone else will benefit from this post. -- al On Tue, Apr 5, 2011 at 2:49 PM, Al Mangkok almang...@gmail.com wrote: Hi Louis, Yes, I have read that glob is only available for PHP 4.3 and I am using version 5.2.1.7 # /usr/local/bin/php -v PHP 5.2.17 (cli) (built: Feb 16 2011 15:41:35) Copyright (c) 1997-2010 The PHP Group Zend Engine v2.2.0, Copyright (c) 1998-2010 Zend Technologies with Zend Optimizer v3.3.9, Copyright (c) 1998-2009, by Zend Technologies # /usr/local/bin/php globtest.php Fatal error: Call to undefined function glob() in /usr/local/apache2/htdocs/hrms/globtest.php on line 2 I have read somewhere that it could be connected to glibc, not I have no idea how to fix that. Anyone ? -- al On Tue, Apr 5, 2011 at 2:25 PM, Louis Huppenbauer louis.huppenba...@gmail.com wrote: Hi there Since glob is actually a part of the core - Are you absolutely sure that you're running PHP 4.3 2011/4/5 Al Mangkok almang...@gmail.com: Hi everyone, I am very new to PHP and trying to learn the glob() function. I copied the example on php.net : ?php foreach (glob(*.txt) as $filename) { echo $filename size . filesize($filename) . \n; } ? When I ran the script, I got this error message: Fatal error: Call to undefined function glob() in /usr/local/apache2/htdocs/hrms/globtest.php on line 2 I am running PHP 5.2.17 on CentOS 4.8 . How do I compile PHP to get the glob function in ? Please help. -- al -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Please help with glob
Hi everyone, I am very new to PHP and trying to learn the glob() function. I copied the example on php.net : ?php foreach (glob(*.txt) as $filename) { echo $filename size . filesize($filename) . \n; } ? When I ran the script, I got this error message: Fatal error: Call to undefined function glob() in /usr/local/apache2/htdocs/hrms/globtest.php on line 2 I am running PHP 5.2.17 on CentOS 4.8 . How do I compile PHP to get the glob function in ? Please help. -- al -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: If Statements Array and Notice Undefined Index
On 3/31/2011 10:45 AM, Nicholas Cooper wrote: Good day, I have three arrays A, B and C. Anyone of them might not have the 'id' key set which will give the Notice Undefined index: id. I just wanted to know what the correct approach to this problem would be; without making the code overly complicated to read by introducing a number of if isset statements. if ($arrayA['id'] == $arrayB['id'] || $arrayC['id'] == $arrayB['id']) { } I have notices switched off, but I want to know the right way to do this. There's probably a number of different right ways to solve this, how would you do it? Best Regards, Nicholas Check out array_intersect_assoc() or one of the similar functions. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Path question
On 3/28/2011 9:18 PM, Jack wrote: Hello All, Is there a smarter way to do includes by setting up a path or something where I don't have to include /home/domain.com/includes/include_file.php Apparently my path is as shown above, but I would prefer to just put in /includes/include_file.php Thanks! Jack Here's how I do it. For every application, I have a config file with all my common assignments, including common paths, e.g., define('EDITPAGE_ROOT_DIR', $_SERVER['DOCUMENT_ROOT'] . '/editPageSR/'); define('EDITPAGE_IMAGES_DIR', EDITPAGE_ROOT_DIR . 'images/'); define('EDITPAGE_DATA_DIR', PAGE_ROOT_DIR . '/editPageFiles/'); So, in your case, I'd have define('INCLUDE_FILE', $_SERVER['DOCUMENT_ROOT'] . /includes /include_file.php); So all I need is to use INCLUDE_FILE -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Permission Denied - Help Requested
On 3/29/2011 3:06 PM, Ethan Rosenberg wrote: At 01:40 PM 3/29/2011, Adam Richardson wrote: On Mon, Mar 28, 2011 at 11:43 PM, Ethan Rosenberg eth...@earthlink.netwrote: At 11:14 PM 3/28/2011, Adam Richardson wrote: On Mon, Mar 28, 2011 at 11:03 PM, Ethan Rosenberg mailto: eth...@earthlink.neteth...@earthlink.net wrote: At 01:32 AM 3/28/2011, Hans �hlin wrote: Do you have SELinux installed? 2011/3/28 Ethan Rosenberg mailto:eth...@earthlink.net eth...@earthlink.net: Dear List - Thanks for all your help in the past.  Here is another one... I am getting a Permission Denied message when I try to run a PHP script.  I just changed the mode on the directory and the files to 777.  This problem arose when I changed the permissions.  I thought I was solving a problem, because I could not open a file for writing.  I was not receiving error messages, but no file was created. Help and advice, please. Ethan Rosenberg **  Hans �hlin   Tel: +46761488019   icq: 275232967   http://www.kronan-net.com/http://www.kronan-net.com/   irc://http://irc.freenode.net:6667irc.freenode.net:6667 - TheCoin ** Hans - Sorry, I did not include my signature, which includes all the requested information. Here it is Ethan == MySQL 5.1 PHP 5.3.3-6 Linux [Debian (sid)] The problem persists. I cannot write to a file from PHP. Any more suggestions? Thanks. Ethan Hi Ethan, Are you using suPHP or suExec? I believe the server chokes on 777 permissions in those cases. Have you checked the permissions in the command line (sorry for the basic question, but just making sure I know what you've already done?) Also, can we see some of the code you're using to handle the file processing? Thanks, Adam -- Nephtali: A simple, flexible, fast, and security-focused PHP framework http://nephtaliproject.comhttp://nephtaliproject.com + Adam - Thanks. 1] Pardon my ignorance but I do not understand this - Are you using suPHP or suExec? suPHP and suExec are two modules that allow PHP to run with the permissions of the user, making it easy to write files to disk. However, suPHP (and I believe suExec, but I can't remember for sure) does not like 777 permissions. 2] I changed the permissions to 755 and the Permission Denied message went away. Check! 3] Have you checked the permissions in the command line? Yes Check! 4] Here are some code snippets: $fptr1 = fopen(chessboard, r+); //this works $fptr2 = fopen('chessboard', 'w'); //this deletes the file, as it should for($i = 0; $i 8; $i++) { for ($j = 0; $j 8; $j++) fprinf($fptr2, %s , $results[$i][$j]); fprinf($fptr2, \n); } //this never writes, so I am left with an empty file Can you try a simplified form that checks for success along the way? How about something like the code below to see how far it gets (I haven't tested, but it should be close): ?php // let's make sure you see the E_WARNING errors if present for file functions error_reporting(-1); // set var for later $cost = 120.89; if (!($fp = fopen(test.txt, 'w'))) { echo Can't open or create file!; } else if (!($len = fprintf($fp, In the year 3000, a Coke will cost %01.2f, with tax., $cost))) { echo Can't write to file!; } else if (!(fclose($fp))) { echo Can't properly close file!; } ? What do you see if you run this? Adam -- Nephtali: A simple, flexible, fast, and security-focused PHP framework http://nephtaliproject.com +++ Thanks. What do you see if you run this? Can't open or create file! Ethan Run this. Make certain this script and test.txt are in the same dir. If not, use full path to your file. clearstatcache(); $array= stat(test.txt); print_r($array);//This will tell you what's going on. Incidentally, consider using file_get_contents() and file_put_contents() Much easier to use and faster. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: putting variables in a variable
On 3/25/2011 10:01 PM, David Robley wrote: Hulf wrote: Hi, I am making and HTML email. I have 3 images to put in. Currently I have $body .= table tr tdimg src=\image1.jpg\/td /tr tr td/td /tr /table ; ideally I would like to have $myimage1 = image1.jpg; $myimage2 = image2.jpg; $myimage3 = image3.jpg; and put them into the HTML body variable. I have tried escaping them in every way i can think of, dots and slashes and the rest. Any ideas? Ross Did you try $body .=; table tr tdimg src=\$myimage1\/td /tr tr td/td /tr /table ; It helps us help you if you can give examples of what you have tried and how it didn't work as you expected. Cheers I'd use: $imgArray= array(image1.jpg,image2.jpg,image3.jpg); $body.= table\n; foreach($imgArray as $image){ $body .= trtdimg src=\$myimage1\ //td/tr\n; } $body .= /table\n\n; Watch the img src=\$myimage1\ /. img is an open tag; so end it with / and it'll be XHTML ready. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: putting variables in a variable
On 3/26/2011 11:57 AM, Daniel Brown wrote: On Sat, Mar 26, 2011 at 11:46, Aln...@ridersite.org wrote: You guys know this thread will be three years old on Monday, right? Interestingly enough, it looks like Ross ('Hulf') had his client, OS, or mailserver improperly configured, because it shows that the message to which we've all replied won't even exist until Monday evening. Hey, Daniel... You know the old saying: Better late than never. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: echo?
On 3/22/2011 6:22 PM, Jim Giner wrote: Kinda new to this, but I've been puttering/writing for about 3 weeks now and have some good working screens up. Ran into something new while I was debuggina script today. Tried to echo the $i value within a for loop as part of the list of items I was building Something like for ($i=0;$i$rows;$i++) echo $i.' '.$row['itemname']; I expected to see : 1 item1 2 item2 ... ... but instead I got 1 item1 f item2 Yes - an 'f' and not a 2. Tried it some more with this: for ($i=1;$i10;$i++) echo $i. item.'br'; and got c item d item e item f item g item and so on. It seems that I can only output the value of $i if I output a string in front of it echo ' '.$i; works fine but echo $i; does not. Any ideas? If off your subject a bit; but, I suggest using $i=0; foreach($row as $value) { echo $i $valuebr /\n; $i++; } -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Question about directory permissions
I understand dir perms pretty well; but, have a question I can't readily find the answer to. Under a Linux system, scripts can't write, copy, etc. to other dirs unless the perms are set for writable for the script e.g., nobody. But, is there a way a script can write or copy within its own dir? Thanks... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: First PHP site - thanks - euca_phpmysql function library
On 2/8/2011 4:58 PM, Donovan Brooke wrote: Hello, Just wanted to say thanks to those that helped me get through my first PHP project (over the last month). As is with much of the work we server-side language people do, the back-end (non-public) side of this site is perhaps the more interesting. However, here is the link to the site: http://www.impactseven.org/ They have full control over the content in the admin pages, and much of this content will soon change as I simply copy/pasted some of their old site's content to the database fields. btw, I7 is a great source for working capitol if you are in the need, and if you are in Wisconsin, USA. ;-) Also, for good karma ;-), here is a link to a small function library containing just a few (mostly MySQL) functions that I created for this site: http://www.euca.us/downloads/euca_phpmysql.zip (4KB) (if used, please keep the 'www.euca.us' credit in place) It has 4 functions: dbconnect global_id list_formvars list_vars You can read all about them in the file, but here is the basic rundown. dbconnect - basic connection/error reporting for MySQL global_id - If you've ever run into data relations changing between related tables, you may want to look into this one. ;-) list_formvars - list all request vars (for testing) with the option to display only certain matched vars. list_vars - list all set vars (for testing) with option to display only certain matched vars. The later two I usually post either at the end of the page, or at the end of page within !-- -- for testing/development purposes. Lastly, I'm sure I will add to this library as time goes by, but if you find that you've used it and made changes, drop me the file so I can learn as well. Thanks again!, Donovan Suggestion: Design for XHTML 1.1. It really doesn't require any significant additional effort and you'll already be current when it becomes the W3C standard. I like it because it forces me to create better, cleaner html code. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: nl2br problem
On 2/1/2011 2:42 PM, Donovan Brooke wrote: Hello, I have CMS form that allows HTML for the body of a site. To keep the form somewhat WYSIWYG, I am using the nl2br() function for displaying: nl2br($t_body) This works great for normal stuff.. but for pages with tables etc.. it creates a lot of extra br /'s :-). I thought about doing an if statement.. if $t_body contains table then don't use nl2br().. but I'm thinking there has got to be a better way... because pages that use both WYSIWYG returns in the form AND tables would then not display well. Any thoughts? Thanks, Donovan You have an example of a page you'd like to control that we can see? On the surface, it appears you may be able to control the rendering with advanced CSS2/3 selectors. Thus, the browsers will do the work for you. Al.. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] News Server Time Outs
The newsgroup server seems to have a repeated-visit throttle, or whatever. For the last two weeks at least, I can only open 2 or 3 messages and them I get repeated time-outs. It acts like the DoS or flood prevention is kidding in to aggressively. Al.. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP]: permission problem www-data
On 1/18/2011 4:44 AM, Moses wrote: Hi Everyone, I am creating a file in PHP script which takes a value from a form and writes it to a file. However, i don't have the mode permission for the file instead it is owned by www-data.What can i do to ensure that the file is owned by me. drwxr-xr-x 2 www-data www-data 4096 2011-01-17 22:01 18757170111.0 -rw-r--r-- 1 www-data www-data 40 2011-01-17 23:39 32238.hydro Thanks. Either have a PHP script create the directory, OR Using FTP access, set the dir perms to 757, or 777. The xx7 makes the dir world writable. For protection, put a .htaccess file in the dir like: # Prevent Direct Access to Files from outside world Files * Order Deny,Allow Deny from all /Files Or put your dir above the webspace, [DOCUMENT_ROOT} -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Server Response
Newsgroup server response is terrible and has a strange behavior. Response for first posting or two is fast, then it acts like it doesn't want to give me any additional postings. You fixed it about about 2 or 3 weeks ago; but issue has returned, Al.. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Help: Validate Domain Name by Regular Express
On 1/8/2011 3:55 AM, WalkinRaven wrote: PHP 5.3 PCRE Regular Express to match domain names format according to RFC 1034 - DOMAIN NAMES - CONCEPTS AND FACILITIES /^ ( [a-z] | [a-z] (?:[a-z]|[0-9]) | [a-z] (?:[a-z]|[0-9]|\-){1,61} (?:[a-z]|[0-9]) ) # One label (?:\.(?1))*+ # More labels \.? # Root domain name $/iDx This rule matches only label and label. but not label.label... I don't know what wrong with it. Thank you. Look at filter_var() Validates value as URL (according to » http://www.faqs.org/rfcs/rfc2396), -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: session_id() is not passed to the next page
On 1/3/2011 11:46 PM, Michelle Konzack wrote: Hello, I am rewriting currently a login script and I encountered a problem with sessions. While reading the two pages http://php.net/manual/de/function.session-start.php http://bugs.php.net/bug.php?id=14636 I have not found a solution for my problem: 8-- function fncLogin($user, $pass, $redirect, $type='pam') { if ($user != '' and $pass != '') { $TEXT = FONT size=\+2\ color=\red\BError/B/FONTbr /\n; $TEXT .= HR size=\3\ noshade=\noshade\\n; $TEXT .= The username does not exist or the password is wrong.p /\n; $TEXT .= p /\n; $TEXT .= Please goa href=\ . $_SERVER['HTTP_REFERER'] . \back/a and try it again.\n; if ($type == 'pam') { if (pam_auth($user, $pass,$PAM_ERR) === FALSE) { fncError('2', $TEXT, $errpage='false'); exit(); } } elseif ($type == 'shadow') { $shadow_file = DIR_HOST . /.shadow; if (is_file($shadow_file)) { $SHADOW = exec(grep \^ . $user . :\ . DIR_HOST . /.shadow |cut -d: -f2); if (empty($SHADOW)) { } $SALT=exec(grep \^$user:\ . DIR_HOST . /.shadow |cut -d: -f2 |cut -d$ -f1-3); $ENCRYPTED=crypt($pass, $SALT); if ($SHADOW != $ENCRYPTED) { fncError('2', $TEXT, $errpage='false'); exit(); } } else { $TEXT = FONT size=\+2\ color=\red\BError/B/FONTbr /\n; $TEXT .= HR size=\3\ noshade=\noshade\\n; $TEXT .= This is a system error. I can not authenticate du to a missing config.\n; $TEXT .= p /\n; $TEXT .= Please inform thea href=\ . SYSAMIN . \sysadmin/a and try it later again.\n; fncError('1', $TEXT, $errpage='false'); exit(); } } session_register('sess_user'); session_register('sess_timeout'); $sess_user= $user; $sess_timeout = time() + 900; session_write_close(); header(Location: . $redirect); } exit(); } 8-- which call the following page correctly, but the two vars $sess_user and $sess_timeout are empty. Can someone please tell me how to do this? Thanks, Greetings and nice Day/Evening Michelle Konzack Firefox has a great add-on that lets you see the server/client handshaking headers httpFox e.g., Cookie: PHPSESSID=fc310ca5f2c708988bf456f691cc58c2 Thus you can easily see if PHPSESSID is set and returned to the server. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Regex for ... genealogical names
On 1/1/2011 4:46 AM, Lester Caine wrote: JohnDoeSMITH' or 'John Doe SMITH' Try this. not tested. First, which adds spaces as needed. e.g. JohnDoeSMITH 'John Doe SMITH' $newName=preg_replace(%(?=[a-z])([A-Z]), $1, $name);//Cap following low case, add space before it Next, alphas following a cap, lower case them function lowCase($matches){return strtolower($matches[1]);} $newName= preg_replace_callback(%(?=[A-Z])([A-Z])%, lowCase', $newName); Sorry don't have time today to test; but, this should get you started. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Regex for telephone numbers
On 12/29/2010 7:12 PM, Ethan Rosenberg wrote: Dear List - Thank you for all your help in the past. Here is another one I would like to have a regex which would validate that a telephone number is in the format xxx-xxx-. Thanks. Ethan MySQL 5.1 PHP 5 Linux [Debian (sid)] Regex is over-kill. $phoneNum = preg_replace(%\D%, '', $phoneNum);//Remove everything except digits $phoneNum = ltrim($phoneNum,'1');//Remove leading 1s if(strlen($phoneValue) != 10) { throw new Exception(Phone number must be 10 digits, without leading a 1. Check your entry carefull); } -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Regex for telephone numbers
On 12/31/2010 11:10 AM, a...@ashleysheridan.co.uk wrote: Erm, you say regex is overkill, then use one in your example! Thanks, Ash http://www.ashleysheridan.co.uk - Reply message - From: Aln...@ridersite.org Date: Fri, Dec 31, 2010 15:53 Subject: [PHP] Re: Regex for telephone numbers To:php...@lists.php.net,php-general@lists.php.net On 12/29/2010 7:12 PM, Ethan Rosenberg wrote: Dear List - Thank you for all your help in the past. Here is another one I would like to have a regex which would validate that a telephone number is in the format xxx-xxx-. Thanks. Ethan MySQL 5.1 PHP 5 Linux [Debian (sid)] Regex is over-kill. $phoneNum = preg_replace(%\D%, '', $phoneNum);//Remove everything except digits $phoneNum = ltrim($phoneNum,'1');//Remove leading 1s if(strlen($phoneValue) != 10) { throw new Exception(Phone number must be 10 digits, without leading a 1. Check your entry carefull); } Save and use the resultant $phoneNum; It is all that needs to be saved and used. Dashes, spaces and () are superfluous. Only the 10 digits are required for his application. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Server response very poor again
It was fixed about 3 or 4 weeks ago; but, has reverted to poor again. Many times outs etc. Took me 4 tries to post this. Al... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Server response very poor again
On 12/22/2010 12:17 PM, Nicholas Kell wrote: On Dec 22, 2010, at 10:09 AM, Steve Staples wrote: On Wed, 2010-12-22 at 10:19 -0500, Al wrote: It was fixed about 3 or 4 weeks ago; but, has reverted to poor again. Many times outs etc. Took me 4 tries to post this. Al... Not trying to sound rude or prickish... but is it your ISP or connection to the intertubes? Or could it be an issue with your computer? I've never had any problems posting, or retrieving mail from this list, so I can't say/speak to a related issue. Steve I am with Steve. Well, what I mean is, on this topic I am in agreement with Steve. My connection, etc. seems to be quite responsive. I should have been more explicit. I meant to say the newsgroup access. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: PHPInfo disabled due to security
Personally, I would have changed ISPs long ago. On 12/15/2010 9:57 AM, Paul S wrote: Warning: phpinfo() has been disabled for security reasons in /home/.../php/phpinfo.php on line 2 My ISP has disabled phpinfo and has not answered my tech requests on this for over a month. They seem to never have a thing to do but play games with silly security issues. In a day some phone calls are going to be made. I need some help. What brief arguments should I be giving to get this changed? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Poor newsgroup server performance
Recently the response on our php.general php.pear.general have become horribly slow. At first I thought the problem was a time-of-day overload; but, it seems to be happening at all times. All other websites I visit are normal. Just getting to post this message took 2 timeouts. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Poor newsgroup server performance
On 11/29/2010 11:03 AM, Daniel P. Brown wrote: On Mon, Nov 29, 2010 at 09:14, Aln...@ridersite.org wrote: Recently the response on our php.general php.pear.general have become horribly slow. At first I thought the problem was a time-of-day overload; but, it seems to be happening at all times. All other websites I visit are normal. Just getting to post this message took 2 timeouts. Via what news server(s), Al? news.php.net -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] php running as module or cgi?
Briefly, what are the trade offs on a typical shared host? I've done a little research and can't seem to find anything outstanding either way. Seems like as an Apache module is faster. This argument makes sense. CGI is more secure, this argument doesn't seem too persuasive to me. Maybe I'm missing something. Thanks -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: SEO Experts?
On 9/26/2010 8:09 AM, David Mehler wrote: Hello, Do we have any SEO experts on this list? I'm not one, learning only, reading a book and a few articles/tutorials from webmasters, and I'm wanting to optimize an existing site to get the best search rank possible. Some techniques, dos and don'ts would be appreciated. Thanks. Dave. Google Webmasters is a very good resource. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Handling multiple form fields
On 9/10/2010 6:55 AM, Abah Joseph wrote: Please i want to seek your opinion on how to handle large form fields, i have a table that contain 30 fields and i`m wondering if there is a better way to automatically create the html form and validate it. By asking such a basic question, it sounds like you are a newbie. I suggest http://pear.php.net/package/HTML_QuickForm2 would be your best approach. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: HTML in emails
On 7/4/2010 11:43 AM, Al wrote: I know this is a bit off-topic; but close enough. I'm starting to update the email feature of one of my DB applications and noticed that it appears most of the fancy emails I receive are using just plain old, simple html pages, with a note about not being able to see, go here with a link. It use to be that we specified content-type text/html, etc. and sent both the plain ASCII and the html with boundaries and so forth. Seems like, from my preliminary Google searching, I should not waste time with the standard's way and just go straight to sending simple html pages since all modern browsers handle it well. And, it appears to be the way web is going. What are you folks doing? Al.. Thanks everyone. That's a big help. I'm going to set the application up so simple html code can be sent; but not a complete page with body, etc. There are two main deficiencies I want to address, links [like rendered in an html page] and attachments. I have a little trouble with some folks who can't seem to deal with Go here... www.foo.com/bar/xyz.php. They are so accustomed to having html rendered links and attached docs and images. Al. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] HTML in emails
I know this is a bit off-topic; but close enough. I'm starting to update the email feature of one of my DB applications and noticed that it appears most of the fancy emails I receive are using just plain old, simple html pages, with a note about not being able to see, go here with a link. It use to be that we specified content-type text/html, etc. and sent both the plain ASCII and the html with boundaries and so forth. Seems like, from my preliminary Google searching, I should not waste time with the standard's way and just go straight to sending simple html pages since all modern browsers handle it well. And, it appears to be the way web is going. What are you folks doing? Al.. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] stripping first comma off and everything after
On 6/19/2010 3:08 AM, Adam Richardson wrote: $before_needle = true Requires 5.3 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Select Values Didn't Get Passed in From Two DifferentForms
On 5/26/2010 3:50 PM, Alice Wei wrote: Date: Wed, 26 May 2010 15:36:18 -0400 To: php-general@lists.php.net; aj...@alumni.iu.edu From: tedd.sperl...@gmail.com Subject: RE: [PHP] Select Values Didn't Get Passed in From Two Different Forms Alice: You provide: ul form action= method=post liSelect the type of your starting point of interest:br/ div id=start_menuform action=test_getrss.php name=form1 method=post spaninput type=radio value=Apartment name=start onclick=check(document.form1.start)/ Apartment/span spaninput type=radio value=Grocery name=start onclick=check(document.form1.start)/ Grocery /span /form/div/li /ul form action=process.php method=post input type=hidden name=form1 value=?php echo $start?/ input type=submit value=Submit name=submit/ input type=reset value=Reset name=reset/ /form /body /html My bad, I cannot imagine I sent that stuff. To answer your question, here it is, form action= method=post pSelect the type of your starting point of interest:br/ input type=text name=start size=20 maxlength=50/ input type=submit value=submit name=submit/p /form This is what is working now if I do it this way, but again, then I got to make sure everything is typed up properly before the form is submitted. Does this answer your questions by any chance? Thanks for your help. Alice You also state: I hope this helps in understanding what my problem may be. It's very apparent that your problem is multifold and to solve it we need to take the solution in steps. First, the above HTML code is just plain horrible -- and that's just html part or the problem -- let alone the more complicated php/mysql/javascript coding. If that is the best html code you can write, then I suggest that you go back to learn html before learning anything else. So, your assignment (if you want me to continue to help) is to create a simple form to collect the data you want. Nothing fancy, just a simple form -- can you do that? The assignment is in your court. If you can show you can do that, then we'll proceed to the next step. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com _ The New Busy is not the too busy. Combine all your e-mail accounts with Hotmail. http://www.windowslive.com/campaign/thenewbusy?tile=multiaccountocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_4 Alice: First, always make certain your html code is perfect. Use W3C's validator. http://validator.w3.org/ I recommend html 1.1 It's really not much extra effort and helps greatly to insure compatibility with all modern browsers. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Remove blank lines from a file
On 5/22/2010 1:02 PM, Robert Cummings wrote: tedd wrote: At 4:27 PM +0200 5/21/10, Anton Heuschen wrote: So in the file it would look like (from the original file the user uploads that is) 1 2 3 4 5 6 but when the file is saved to the server it must look like 1 2 3 4 5 6 If that is all (i.e., removing double linefeeds), then this will do it: $text_array = array(); $text_array = explode(\n\n, $input_text); $output_text = implode(\n,$text_array); Sorry tedd, this is broken. It doesn't solve problems with runs of greater than 2 newlines which is even in the example :) I would use the following instead which is also line break agnostic with final output in the style for your system: ?php $data = preg_replace( #[\r\n]+#, PHP_EOL, $input ); ? Cheers, Rob. Rob: Your solution doesn't remove the blank lines [\r\n]+ use instead [\r\n]{2,} So 2 or more becomes only 1. In general, problem is trickier when the following are considered. # means any number. 0, 1. some textEOL #spacesEOL more text some text#spacesEOL #spacesEOL any number of these #spacesEOL more text some textEOL EOL ...any number of these EOL some text The white space before the EOLs can also be tabs Look at the solution I posted earlier. The trim() removes all the white spaces -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Remove blank lines from a file
On 5/22/2010 4:34 PM, Robert Cummings wrote: Al wrote: On 5/22/2010 1:02 PM, Robert Cummings wrote: tedd wrote: At 4:27 PM +0200 5/21/10, Anton Heuschen wrote: So in the file it would look like (from the original file the user uploads that is) 1 2 3 4 5 6 but when the file is saved to the server it must look like 1 2 3 4 5 6 If that is all (i.e., removing double linefeeds), then this will do it: $text_array = array(); $text_array = explode(\n\n, $input_text); $output_text = implode(\n,$text_array); Sorry tedd, this is broken. It doesn't solve problems with runs of greater than 2 newlines which is even in the example :) I would use the following instead which is also line break agnostic with final output in the style for your system: ?php $data = preg_replace( #[\r\n]+#, PHP_EOL, $input ); ? Cheers, Rob. Rob: Your solution doesn't remove the blank lines [\r\n]+ use instead [\r\n]{2,} So 2 or more becomes only 1. In general, problem is trickier when the following are considered. # means any number. 0, 1. some textEOL #spacesEOL more text some text#spacesEOL #spacesEOL any number of these #spacesEOL more text some textEOL EOL ...any number of these EOL some text The white space before the EOLs can also be tabs Look at the solution I posted earlier. The trim() removes all the white spaces My solution worked well where spaces were not an issue. Your solution breaks my more general solution. Although I did realize I should have trimmed the final output since any empty lead lines will not be removed. Please review and see why you're comment to use [\r\n]{2,} does not work properly. Correcting for lead blank lines and handling spaces in a blank line is also quite simple without having to use the heavy solution of foreach: ?php $data = preg_replace( #[\r\n]+[[:space:]]+[\r\n]+#, \n, $input ); $data = preg_replace( #[\r\n]+#, PHP_EOL, $input ); $data = trim( $input ); ? Without benchmarking, I'm willing to bet this is faster and less memory intensive than your foreach solution :) Cheers, Rob. Ignoring the space and tabs, you're right, the + does it. One or more always reduces to one only. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Remove blank lines from a file
On 5/21/2010 8:03 AM, Anton Heuschen wrote: Hi Im trying do something like this, have a function which uploads my file and returns file pointer ... but at same time ... I want to remove all Blank lines in a file and update it before it goes to the final location ... What I tried was to do a write of file and use some regexp replace to remove a blank ... either I am not doing the replace correct or my understanding of the file buffer and what I can do with it between the browser and saving is not correct, Anyway my code looks something like this : $uploadfile = $this-uploaddir; $mtran = mt_rand(999,99); $NewName= date(Ymd_Gis).$mtran..csv; $uploadfile = $uploadfile.$NewName; try{ if (move_uploaded_file($_FILES['attachfile']['tmp_name'], $uploadfile)) { $handle = fopen($uploadfile, r+); $lines = file($uploadfile, FILE_SKIP_EMPTY_LINES); //FILE_IGNORE_NEW_LINES | foreach ($lines as $line_num = $line) { $line = preg_replace(/(^[\r\n]*|[\r\n]+)[\s\t]*[\r\n]+/, , $line); if(strlen($line) 0) $line=trim($line); $line=$line.\n; fwrite($handle, $line); } fclose($handle); Suggest using file() which does must of the work for you. Then use foreach() to scan for empty lines. Recreate the array Here is a quickie, not tested. Don't know what is the end of line on empties. So you need to adjust as needed. $orgArray= file(path); foreach($org as $line){ $tl=trim($line); if(empty($tl)) continue; $newArray[]=$line; } file_put_contents($filename, $newArray); -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: how to update array keys and keep element order ?
On 5/21/2010 5:56 AM, cr.vege...@gmail.com wrote: How do I update an array key without disturbing the element order ? Suppose an existing array(FR, values ...) where I want to change 0 = FR to country = FR and keep the original element order. TIA, Cor I short on time; but, it seems array_combine() or array_fill_keys() would do it for you. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about a security function
On 5/21/2010 9:24 AM, David Otton wrote: On 20 May 2010 16:51, Aln...@ridersite.org wrote: I'm not being clear. First pass is thru the blacklist, which effectually tells hacker to not bother and totally deletes the entry. If the raw entry gets past the blacklist, it must then only contain my whitelist tags. e.g., the two examples you cited were caught by the whitelist parser. Ah, gotcha. That seems like a much better approach to me. But if the whitelist's going to stop the submission, then why bother with a blacklist at all? Like I said above, First pass is thru the blacklist, which effectually tells hackers to not bother and totally deletes the entry. Also, it's possible that one of my non-techie users can unwittingly enter hack code. I want to make a big deal of it. My error messages says in red Illegal code entered. It was not saved. Reenter your text without it. Remember, I show them the error segment so they know exactly what the problem is. There is also another msg which says to contact tech support with a link. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about a security function
On 5/21/2010 9:21 AM, Ashley Sheridan wrote: On Fri, 2010-05-21 at 14:24 +0100, David Otton wrote: On 20 May 2010 16:51, Aln...@ridersite.org wrote: I'm not being clear. First pass is thru the blacklist, which effectually tells hacker to not bother and totally deletes the entry. If the raw entry gets past the blacklist, it must then only contain my whitelist tags. e.g., the two examples you cited were caught by the whitelist parser. Ah, gotcha. That seems like a much better approach to me. But if the whitelist's going to stop the submission, then why bother with a blacklist at all? I still think you might be better off using BBCode, which is used on websites just for this very purpose. When any input comes back, you can remove all the HTML completely and replace the BBCode tags that you allow. This should guarantee that the only HTML in the text is what you put there. That way, the only chance someone has to enter malicious code is to manipulate your replacement algorithm. Thanks, Ash http://www.ashleysheridan.co.uk I've used BBcode several times in the pass for this reason. But, found I was forever having to add new ones for special situations that could easily be handled with plain old HTML elements. Some of my users have a rudimentary knowledge of html so they can use it. Most just use my proxy tags e.g., a partial list:; Text Emphasis = bluefoo/blue, boldfoo/bold, greenfoo/green,... Titles and Headers = blue-titlefoo/blue-title, blue-subtitle.. Containers = container location; width; borderany content/container Lists = list*foo...*foo/list Horiz and Blank Lines, etc. = black-line, blue-line, blank-line, URL and email Links = url www.foo.comLabel/url; [w/wo http:], Images = image position width% relPathcaption/image; -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about a security function
On 5/21/2010 10:36 AM, Jim Lucas wrote: Al wrote: On 5/21/2010 9:24 AM, David Otton wrote: On 20 May 2010 16:51, Aln...@ridersite.org wrote: I'm not being clear. First pass is thru the blacklist, which effectually tells hacker to not bother and totally deletes the entry. If the raw entry gets past the blacklist, it must then only contain my whitelist tags. e.g., the two examples you cited were caught by the whitelist parser. Ah, gotcha. That seems like a much better approach to me. But if the whitelist's going to stop the submission, then why bother with a blacklist at all? Like I said above, First pass is thru the blacklist, which effectually tells hackers to not bother and totally deletes the entry. Also, it's possible that one of my non-techie users can unwittingly enter hack code. I want to make a big deal of it. My error messages says in red Illegal code entered. It was not saved. Reenter your text without it. Remember, I show them the error segment so they know exactly what the problem is. There is also another msg which says to contact tech support with a link. Do you actually show them the error. That would give away your mystical powers of detection... :) Keep in mind that my users are authenticated before being allowed access. So, I'm covering the situations where my user's PW has been stolen or the hacker got past the auth. Fact is, I mainly want to prevent malicious scripts from being placed on my pages rendered as HTML. I just spent some time helping a website I designed some years ago, but have not been involved for two years, investigate a hacking. The folks maintaining the site ignored all of my recommendations for good security practices. Bottom line: 920 html and php files that generate html have a script that sends every visitor's IP and the page's URL to a website in RU. I don't know why they want this info, the site belongs to a running club. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Question about a security function
I have a password-protected, user, on-line editor that I'm hardening against hackers just in case a user's pw is stolen or local PC is infected. The user can enter html tags; but, I restrict the acceptable tags to benign ones. e.g., p, b, table, etc. e.g., no embed... script... etc. Just to be extra safe, I've added a function that parses for executables in the raw, entered text. If found, I post and nasty error message and ignore the entry altogether. Here are my regex patterns. I tried finding a complete list of browser executables; but was unsuccessful, probably because I didn't use the right key words. Anyone have suggestions for additional patterns? $securityPatternsArray=array( \script\x20, \embed\x20, \object\x20, 'language=javascript', 'type=text/javascript', 'language=vbscript\', 'type=text/vbscript', 'language=vbscript', 'type=text/tcl', error_reporting\(0\),//Most hacks I've seen make certain they turn of error reporting \?php,//Here for the heck of it. ); -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about a security function
On 5/20/2010 10:07 AM, Ashley Sheridan wrote: On Thu, 2010-05-20 at 14:27 +0100, David Otton wrote: On 20 May 2010 13:53, Aln...@ridersite.org wrote: I have a password-protected, user, on-line editor that I'm hardening against hackers just in case a user's pw is stolen or local PC is infected. The user can enter html tags; but, I restrict the acceptable tags to benign ones. e.g.,p,b,table, etc. e.g., noembed...script... etc. Just to be extra safe, I've added a function that parses for executables in the raw, entered text. If found, I post and nasty error message and ignore the entry altogether. That's not really going to work. See: http://ha.ckers.org/xss.html Blacklisting is a fundamentally flawed approach. I suggest using http://htmlpurifier.org/ instead. I agree wth Peter and David, it's not generally a good idea to roll your own in this case, as the repercussions can be quite large if things go wrong! If you absolutely must though, don't allow any HTML at all, and use BBCode instead, which you can replace afterwards. Before entering the data into a database run it through mysql_real_escape_string(), and if you are displaying any user-entered data, run that through htmlentities() or something similar. Thanks, Ash http://www.ashleysheridan.co.uk I agree blacklisting is a flawed approach in general. My approach is to strictly confine entry text to a whitelist of benign, acceptable tags. The blacklist is sort of a backup and won't even save the entry. The user's entry has no ability to affect anything outside of the stuff within the body tags, including the css file. Thanks for the heads up about htmlpurifier. I'll take a more detailed look. I briefly looked at it earlier; but, found it was gross overkill for my needs. My objective is to not let bad stuff into my server to start with, and not to parse existing html and css files. The ha.hackers site is most interesting. I plan to work with it in detail. Al.. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about a security function
On 5/20/2010 11:23 AM, David Otton wrote: On 20 May 2010 15:52, Aln...@ridersite.org wrote: I agree blacklisting is a flawed approach in general. My approach is to strictly confine entry text to a whitelist of benign, acceptable tags. The But that's not what you've done. You've blacklisted the following patterns: \script\x20, \embed\x20, \object\x20, 'language=javascript', 'type=text/javascript', 'language=vbscript\', 'type=text/vbscript', 'language=vbscript', 'type=text/tcl', error_reporting\(0\),//Most hacks I've seen make certain they turn of error reporting \?php,//Here for the heck of it. and allowed everything else. A couple of examples: You haven't blacklistediframe IMG SRC=javascript:alert('XSS'); would sail straight through that list. I can't tell from that list alone, but are your checks case-insensitive? BecauseScRipT would pass through a case-sensitive check. We can go on like this all day, and at the end of it you still won't be sure you've blacklisted everything. The first answer at http://stackoverflow.com/questions/1732348/regex-match-open-tags-except-xhtml-self-contained-tags is related, also. I'm not being clear. First pass is thru the blacklist, which effectually tells hacker to not bother and totally deletes the entry. If the raw entry gets past the blacklist, it must then only contain my whitelist tags. e.g., the two examples you cited were caught by the whitelist parser. And yes, I'm using preg_match() with the i arg. Note, my blacklist is not looking for tags per se, just the start of a bad tag. My users are only suppose to be entering plain text with some nice highlighting and lists, etc. The editor will not post anything else. Al... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about a security function
On 5/20/2010 12:02 PM, Jim Lucas wrote: Al wrote: On 5/20/2010 11:23 AM, David Otton wrote: On 20 May 2010 15:52, Aln...@ridersite.org wrote: I agree blacklisting is a flawed approach in general. My approach is to strictly confine entry text to a whitelist of benign, acceptable tags. The But that's not what you've done. You've blacklisted the following patterns: \script\x20, \embed\x20, \object\x20, 'language=javascript', 'type=text/javascript', 'language=vbscript\', 'type=text/vbscript', 'language=vbscript', 'type=text/tcl', error_reporting\(0\),//Most hacks I've seen make certain they turn of error reporting \?php,//Here for the heck of it. and allowed everything else. A couple of examples: You haven't blacklistediframe IMG SRC=javascript:alert('XSS'); would sail straight through that list. I can't tell from that list alone, but are your checks case-insensitive? BecauseScRipT would pass through a case-sensitive check. We can go on like this all day, and at the end of it you still won't be sure you've blacklisted everything. The first answer at http://stackoverflow.com/questions/1732348/regex-match-open-tags-except-xhtml-self-contained-tags is related, also. I'm not being clear. First pass is thru the blacklist, which effectually tells hacker to not bother and totally deletes the entry. If the raw entry gets past the blacklist, it must then only contain my whitelist tags. e.g., the two examples you cited were caught by the whitelist parser. What exactly does your whitelist parser do? It posts an error message that shows the user what the error is [e.g., iframe is an invalid tag. Your text cannot posted until all errors are corrected. Only when the submitted raw text passes the blacklist and whitelist, will the raw text be saved and be available for on-the-fly conversion to html. And yes, I'm using preg_match() with the i arg. Note, my blacklist is not looking for tags per se, just the start of a bad tag. My users are only suppose to be entering plain text with some nice highlighting and lists, etc. The editor will not post anything else. But who say I have to use your editor? No one says you must by my editor. Al... I'm methodically going thru ha.ckers tests and so far my filters have caught everything. I greatly appreciate everyone's help. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about a security function
On 5/20/2010 12:43 PM, Ashley Sheridan wrote: On Thu, 2010-05-20 at 12:40 -0400, Al wrote: On 5/20/2010 12:02 PM, Jim Lucas wrote: Al wrote: On 5/20/2010 11:23 AM, David Otton wrote: On 20 May 2010 15:52, Aln...@ridersite.orgwrote: I agree blacklisting is a flawed approach in general. My approach is to strictly confine entry text to a whitelist of benign, acceptable tags. The But that's not what you've done. You've blacklisted the following patterns: \script\x20, \embed\x20, \object\x20, 'language=javascript', 'type=text/javascript', 'language=vbscript\', 'type=text/vbscript', 'language=vbscript', 'type=text/tcl', error_reporting\(0\),//Most hacks I've seen make certain they turn of error reporting \?php,//Here for the heck of it. and allowed everything else. A couple of examples: You haven't blacklistediframe IMG SRC=javascript:alert('XSS');would sail straight through that list. I can't tell from that list alone, but are your checks case-insensitive? BecauseScRipTwould pass through a case-sensitive check. We can go on like this all day, and at the end of it you still won't be sure you've blacklisted everything. The first answer at http://stackoverflow.com/questions/1732348/regex-match-open-tags-except-xhtml-self-contained-tags is related, also. I'm not being clear. First pass is thru the blacklist, which effectually tells hacker to not bother and totally deletes the entry. If the raw entry gets past the blacklist, it must then only contain my whitelist tags. e.g., the two examples you cited were caught by the whitelist parser. What exactly does your whitelist parser do? It posts an error message that shows the user what the error is [e.g., iframe is an invalid tag. Your text cannot posted until all errors are corrected. Only when the submitted raw text passes the blacklist and whitelist, will the raw text be saved and be available for on-the-fly conversion to html. And yes, I'm using preg_match() with the i arg. Note, my blacklist is not looking for tags per se, just the start of a bad tag. My users are only suppose to be entering plain text with some nice highlighting and lists, etc. The editor will not post anything else. But who say I have to use your editor? No one says you must by my editor. Al... I'm methodically going thru ha.ckers tests and so far my filters have caught everything. I greatly appreciate everyone's help. I think Jim meant how is your whitelist operating, not what it does to the user. Posting a message saying thatiframe tags are not allowed sounds more like a blacklist type of behaviour. A whitelist should consider the data sent from the user as bad, and only allow it through if it meets certain criteria. By checking specifically for aniframe tag and being able to warn the user specifically, you're just using a blacklist not a whitelist. Thanks, Ash http://www.ashleysheridan.co.uk No, no, it's truly a whitelist. Every tag that is not in the list is designated as not allowed. If anyone is interested here is my whitelist. I also use these for html validity and nesting checking, etc. Note, they are listed by html type. img and a use are very constrained. img can only point to an image file on the server and a is checked for syntax and even that it points to a valid URL. //region Usable XHTML elements for user entered raw text [Only these XHTML tags can be used] $inlineHtmlTagsArray = array('a', 'b', 'img', 'em', 'option', 'select', 'span', 'strong',); //Note img is both empty and inline $blockHtmlTagsArray = array('div', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'p', 'pre',); $emptyHtmlTagsArray = array('br', 'hr', 'img',); $listHtmlTagsArray = array('li', 'ol', 'ul'); $tableHtmlTagsArray = array('col', 'table', 'tbody', 'td', 'th', 'thead', 'tr',); //endregion -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] A simple question, however it's urgent
On 5/17/2010 8:53 AM, Andre Polykanine wrote: Ash, Magic quotes are disabled: http://gviragon.org/study/php.php Any ideas? Thanks a lot! Your code should work for something as simple as this, almost regardless of the php setup. Change your $what=array(\r\n, \n, \r); $with=array(br); To this, so you can see exactly what's happening. $what=array(\r\n, \n, \r); $with=array([*rn*], [*n*], [*r*]); Echo the string. There is an error in your $what. You have not included \n\r which is the most likely case. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Displaying errors
On 5/16/2010 7:39 AM, Malka Cymbalista wrote: Hi all, we are running Apache 2.2.6 and PHP 5.2.6 on a Linux machine. If someone gets an error when displaying a php web page, he does not get any error message on the screen. The arror is written into the apache error log file, but most users don't have access to the apache error logand i would like the user to see the error on the screen. Is there anything I can do? thanks for any help. Malka Cymbalista Webmaster, Weizmann Institute of Science malki.cymbali...@weizmann.ac.il 08-934-3036 if(true) // TRUE for debug only { ini_set(display_errors, on); //use off if users will see them error_reporting(E_ALL); $error_reporting = 'span style=color:redError display and logging on/span'; } I echo $error_reporting in the body of of my html page to remind me it is on. This also creates an error log in the working dir. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Displaying errors
On 5/16/2010 1:10 PM, Ashley Sheridan wrote: On Sun, 2010-05-16 at 12:57 -0400, Al wrote: On 5/16/2010 7:39 AM, Malka Cymbalista wrote: Hi all, we are running Apache 2.2.6 and PHP 5.2.6 on a Linux machine. If someone gets an error when displaying a php web page, he does not get any error message on the screen. The arror is written into the apache error log file, but most users don't have access to the apache error logand i would like the user to see the error on the screen. Is there anything I can do? thanks for any help. Malka Cymbalista Webmaster, Weizmann Institute of Science malki.cymbali...@weizmann.ac.il 08-934-3036 if(true) // TRUE for debug only { ini_set(display_errors, on); //use off if users will see them error_reporting(E_ALL); $error_reporting = 'span style=color:redError display and logging on/span'; } I echo $error_reporting in the body of of my html page to remind me it is on. This also creates an error log in the working dir. This won't work if the error is so severe as to prevent PHP from correctly running. It's always best to set things in the php.ini file, which should always be accessible on a local development machine. Thanks, Ash http://www.ashleysheridan.co.uk True. But then you usually get a server 500 error anyhow. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: regexp questions
Get a copy of http://www.weitz.de/regex-coach/ and contribute. Use the pattern on your string, one section at a time. On 5/10/2010 7:53 PM, Spud. Ivan. wrote: Hi, I've recently changed from php 5.1 to 5.3.2 and I'm havong problems with preg_match, because the same regular expressions used in php 5.1 are not matching anything in 5.3.2. There are any significant changes that I should know? I've been searching but I haven't found anything. Thanks. I.Lopez. _ Recibe en tu HOTMAIL los emails de TODAS tus CUENTAS. + info http://www.vivelive.com/hotmail-la-gente-de-hoy/index.html?multiaccount -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: dynamically generating and retrieving page data using flat files
On 5/8/2010 9:41 PM, David Mehler wrote: Hello, I've got a project that i have to reference information stored on one page from another. This page I won't be visiting first, and at the moment i'd prefer to use flat php files, but should that prove to hard i'll transition to a mysql database. I'm looking for simplicity and maintainability. I've got a page of individuals, their names, positions, and a brief summary of them. On the main page I want to put their names and positions in an ordered list, pulling that information from the second page. The idea is whenever the second page is updated the main page will automatically update. Suggestions welcome. Thanks. Dave. Consider using arrays. Give each individual a unique ID and use for your keys Serialize() the array and put_file_contents() file_get_contents and unserialize() -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Finding similar results with php from mysql
On 5/7/2010 7:37 PM, Merlin Morgenstern wrote: Hi there, I am searching for a way to show the user similar records from the mysql database. A functionality like this could also be of interest to you. Does anybody know if this is there is a standard functionality to do this, or a good way on retrieving this with the help of PHP? Kind regards, Merlin Biggest problem is defining similar Even Google hasn't mastered it yet. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Connection error expected but ...
Code below from the manual. I changed $ldaphost to some fictitious name. When I ran the script, I always get the message Connection was successful ! Why didn't the script bomb and give the could not connect message? ?php // LDAP variables $ldaphost = ldap.noname.com; // your ldap servers $ldapport = 389; // your ldap server's port number // Connecting to LDAP $ldapconn = ldap_connect($ldaphost, $ldapport) or die(Could not connect to $ldaphost); print Connection was successful !; ? TIA. -- al
[PHP] Re: Malware Question
On 4/28/2010 7:50 PM, Ashley Sheridan wrote: Hi all, This isn't exactly a PHP question, but I don't know anyone else with the collected smarts of this list. Basically, a site I built and am managing has been identified by Google as a source of malware. Now, I've been over the source code with a fine-toothed comb and found nothing, I've gone over the HTML output for anything suspicious, checked ever single Javascript file out, looked to see the server headers are correct and aren't malformed, checked the .htaccess is as expected and have run the site against the unmask parasites website which found no problems except the 'suspicious' listing which Google has given it. The Google webmaster tools tell me nothing more than 'Of the 2 pages we tested on the site over the past 90 days, 2 page(s) resulted in malicious software being downloaded and installed without user consent.' It won't tell me what pages, although it tells me that the malicious software is hosted on one domain and tells me what it is. Needless to say I can't find that domain string anywhere in the code. I can't find any hidden iframe tags or hidden Javascript eval() statements. Basically now, although this is totally beyond my control, the owner of the site is expecting me to get this sorted asap. I want to, and have spent the entire day today looking at it, but have really come to the point where I'm coming unstuck. I can find nothing wrong with the site at all. Does anyone have any helpful advice for this sort of thing? Tools that I can use to check out the site with, or any bit of information that I can use to fix this? I can give the URL of the site to anyone off-list if they wish to check it out. Thanks, Ash http://www.ashleysheridan.co.uk Ross had a good suggest about planted links to external malicious sites. One of the sites I worked on a couple of years ago had this happen. They ask me to look into it. There were about 90 htaccess files that redirected the user to a malicious site whenever there was an error, 404 etc. About 400 html files had a javascript appended on the end that sent the visitor's IP and the file's complete URL to a website in Russia. About 300 php files had some php code that generated html code had likewise sent the visitor's IP and the file's complete URL to a website in Russia. About 75 implanted php stand-alone files that were very sophisticated file manipulators. I would have taken me days to figure out exactly what it was doing. A couple of years ago I was involved in cleansing a site and wrote a script for searching it. It uses regex search patterns. Wild cards *, covering all directories and leading text, are assumed before the filename. However, you must include an extension or append * to your filename. Can use *.htaccess It list all the files meeting the criteria e.g., Sel File Size[bytes] File Time DirPerms Del DirOwner Dir Time 1 /.htaccess 9428Aug09 14:33:060750 * system 17Apr10 20:38:56 You can select a file and view its source including an htmlentities() version And select one or a batch to delete. Has a convenient notepad to record your result stats and add a note. e.g. 1Apr09 21 files; *.htaccess = \* Addition htaccess files added, OK 19Jul08 6 files; *.htaccess = \* Has good PW protection,. etc. Easy to install, one file, instructions at the top. I'll send you a zip if you reply and send me addr. Al... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Two color rows in table inside while iteration
On 4/28/2010 7:29 AM, Juan Rodriguez Monti wrote: Hello Guys, I would like to implement a two color row table for some queries that I'm doing. I use PHP to query a DB, then I use while to print all its results. I have a code pretty similar to this one : $results = Here the QUERY; echo html; echo head; echo 'link rel=stylesheet type=text/css href=style.css /'; echo /head; echo body; echo 'div id=container'; echo centerh2Results/h2/centerbr /; echo (table border='1'); echo tdstrongAt1/strong/td tdstrongAt2/strong/td tdstrongAt3/strong/td $ while ($row = while condition )) { echo (tr); echo td$row[0]/tdtd$row[1]/td td$row[2]/td td$row[3]/tdtd$row[4]/td ; echo /div; echo /body; echo /html; I just want to show you how I write the table. What I would like to know is what do you suggest to do a two color row format. Thanks!, Juan $str= table; $alt = 'even'; foreach(...){ $alt = ($alt == 'odd')?'even':'odd'; $str .= tr class=\$alt\tdfoo/td/tr; // Populate each row; } $str .= /table\n; echo $str; -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Malware Question
On 4/29/2010 1:35 PM, Gary . wrote: On 4/29/10, Al wrote: Ross had a good suggest about planted links to external malicious sites. One of the sites I worked on a couple of years ago had this happen. They ask me to look into it. There were about 90 htaccess files that redirected the user to a malicious site whenever there was an error, 404 etc. About 400 html files had a javascript appended on the end that sent the visitor's IP and the file's complete URL to a website in Russia. About 300 php files had some php code that generated html code had likewise sent the visitor's IP and the file's complete URL to a website in Russia. [snip remainder of horror story] How do people get their sites into this state? Is it just me, or wouldn't a regular comparison of MD5s of the site contents with SCM contents stop most of that kind of thing (after the event, but still, better that than continue in that state). You are correct in theory; but, in practice maybe somewhat limited for CMS which have DB contents and raw text files changed almost hourly. When I departed the site I was working on a couple of years ago, I left a strong recommendation that someone run my FileSniffer program weekly and check out any suspect changes. They didn't and now have the above situation. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Recommendation for online PHP editor please....
On 4/25/2010 4:01 AM, Angus Mann wrote: HI all. I'm looking for a recommendation for an online PHP editor. Here's what I mean I mean a PHP program I can install on my web-server, then log in and use it to browse and edit other PHP files on the server. The idea is that I could make changes and bugfixes to a web app while I'm away from home/office. Ideally it would be more than just a text editor, but also have syntax highlighting and formatting for PHP built in. Any recommendations would be much appreciated. Thanks, Angus Windows 7 RemoteApp and Desktop Connections feature may do it for you. I think it will let you run a good editor on one PC from any other one. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Directory permissions question
I'm working on a hosted website that was hacked and found something I don't fully understand. Thought someone here may know the answer. The site has 4 php malicious files in directories owned by system [php created dirs on the site are named nobody] and permissions 755. Is there any way the files could have been written other than by ftp access or at the host root level? Clearly a php script couldn't. Thanks, Al.. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php