[PHP] Security question
Hi list I've got a concern for a user add/edit form. Right now when the user is logged in, I put its id in the session. Then when the user edits his details I put the id in the form and when it comes back I verify if the id matches the one in the session. Is it possible for someone who does not have access to the server to edit arbitary accounts? With kind regards Andy -- Now listening to Top! Radio Live www.topradio.be/stream on amaroK Geek code: www.vlaamse-kern.com/geek Registered Linux User No 379093 If life was for sale, what would be its price? www.vlaamse-kern.com/sas/ for free php utilities -- pgpWGI97TkKdb.pgp Description: PGP signature
Re: [PHP] Why don't webhosts upgrade to PHP5 ?
On Wednesday 07 December 2005 08:37, Pugi! wrote: My webhost doesn't want to upgrade to PHP5 because of security reasons and some scripts that will mallfunction. I find it hard to believe. Current conf of webhost is PHP 4.3.11, Apache 1.3.33 and MySQL 3.23.49. What real reasons could there be not to upgrade ? How could I convince them to upgrade to PHP5 ? (Less important for me : but why not upgrade to Apache 2.x and at least MySQL 4.x ?) 1. If it ain't broken, don't fix it. 2. PHP 4 has proven its worth. Now that PHP 5 came out, there will be tons of bugs that aren't found yet. 3. PHP 5 *WILL* break some scripts, and most big suits like forums and shops and stuff will need a serious amount of work to convert to php 5 Same applies for Apache and MySQL. Consider this, NASA still uses 386 cpu's in their space equipment because they are a lot more stable and mission secure then newer chipsets. HTH Andy -- Now listening to Top! Radio Live www.topradio.be/stream on amaroK Geek code: www.vlaamse-kern.com/geek Registered Linux User No 379093 If life was for sale, what would be its price? www.vlaamse-kern.com/sas/ for free php utilities -- pgpJOPHFo2w1x.pgp Description: PGP signature
Re: [PHP] Security question
On Wednesday 07 December 2005 08:57, Łukasz Hejnak wrote: The best way to know is to try and keep up with places like the bugtraq@securityfocus.com list, or other security websites/mailing lists and such. It isn't a forum, it is software I write myself. -- Now listening to Top! Radio Live www.topradio.be/stream on amaroK Geek code: www.vlaamse-kern.com/geek Registered Linux User No 379093 If life was for sale, what would be its price? www.vlaamse-kern.com/sas/ for free php utilities -- pgpkC5xo4fmtq.pgp Description: PGP signature
[PHP] Forum
Hi list Does anyone of you know of a good forum that is easy to customize and supports sticky notes, user registration, bb code and stuff like that? With kind regards Andy -- Now listening to Top! Radio Live www.topradio.be/stream on amaroK Geek code: www.vlaamse-kern.com/geek Registered Linux User No 379093 If life was for sale, what would be its price? www.vlaamse-kern.com/sas/ for free php utilities -- pgpxJ7TaB8xxl.pgp Description: PGP signature
Re: [PHP] Forum
On Tuesday 06 December 2005 16:16, John Nichel wrote: Andy Pieters wrote: Hi list Does anyone of you know of a good forum that is easy to customize and supports sticky notes, user registration, bb code and stuff like that? I'm sure Google knows. The difference with google and humans is that google doesn't know about experience and stuff like that. I did look at google but I wanted HUMAN opinions. With kind regards Andy -- Now listening to Top! Radio Live www.topradio.be/stream on amaroK Geek code: www.vlaamse-kern.com/geek Registered Linux User No 379093 If life was for sale, what would be its price? www.vlaamse-kern.com/sas/ for free php utilities -- pgpNgOhpmZ3y0.pgp Description: PGP signature
Re: [PHP] Assigns True but not false?
On Tuesday 06 December 2005 17:38, Gabe wrote: $this-m_arrQuesInfo[$this-m_itemID]['blnVacPromo'] = ( ( !empty($_POST['vac_promo']) ) ( $_POST['vac_promo'] == 'on' ) ) ? TRUE : FALSE; I have a habit of casting true or false to boolean so that I'm sure they're not interpreted as 1 or 0. Try this $this-m_arrQuesInfo[$this-m_itemID]['blnVacPromo'] = ( ( !empty($_POST['vac_promo']) ) ( $_POST['vac_promo'] == 'on' ) ) ? (bool) true:(bool) false; HTH Andy -- Now listening to Whigfield - Saturday Night on amaroK Geek code: www.vlaamse-kern.com/geek Registered Linux User No 379093 If life was for sale, what would be its price? www.vlaamse-kern.com/sas/ for free php utilities -- pgpIcUbBe2Pum.pgp Description: PGP signature
[PHP] Ubiquitous quoted printable encode
Hi list I know of the imap_8bit function that *can* be compiled into php. However I would like an encoder written in php that only uses standard extensions and functions and that therefore can work on all php 4+ installations. Does anyone know of such a beast? With kind regards Andy -- Now listening to Top! Radio Live www.topradio.be/stream on amaroK Geek code: www.vlaamse-kern.com/geek Registered Linux User No 379093 If life was for sale, what would be its price? www.vlaamse-kern.com/sas/ for free php utilities -- pgp2t7XrAPpjm.pgp Description: PGP signature
Re: [PHP] Passing objects between pages
On Friday 25 November 2005 20:44, Matt Monaco wrote: What is the best way to pass an object between pages? Currently I am first serializing, then doing a base64_encode, this doesn't seem entirely efficient. (Especially the encode). I am however using the encode because I have the serialized object as the value of a hidden form element. I can only have alphanumerics here. You can instead of using a hidden form element, use sessions. $_SESSION['obj_state']=serialize(objectinstance) On other pages you can check if obj_state is set, and use it to reinitialize your class (object). HTH Andy -- Now listening to Top! Radio Live www.topradio.be/stream on amaroK Geek code: www.vlaamse-kern.com/geek Registered Linux User No 379093 If life was for sale, what would be its price? www.vlaamse-kern.com/sas/ for free php utilities -- pgp51u0CQsumW.pgp Description: PGP signature
Re: [PHP] Re: $_GET and $_POST arrays not working
On Saturday 26 November 2005 02:45, John Nichel wrote: If you have a form like this one one page... form action=page2.php method=post input type=hidden name=foo value=bar / input type=submit / /form [snip] Dear John Please go all the way when providing an example. To prevent errors and unpredictable behaviour, ALWAYS add encoding to the form tag. form action=page2.php method=post enctype=multipart/form-data name=form1 Systematically adding names on all your forms may save you many hours of hair plucking as well ;) With kind regards Andy -- Now listening to Top! Radio Live www.topradio.be/stream on amaroK Geek code: www.vlaamse-kern.com/geek Registered Linux User No 379093 If life was for sale, what would be its price? www.vlaamse-kern.com/sas/ for free php utilities -- pgp5OYyt4uFSA.pgp Description: PGP signature
Re: [PHP] Is there an alternative for $_FILES['guildimage']['type'] == image/jpeg
On Wednesday 23 November 2005 03:15, twistednetadmin wrote: I use this line in a script for uploading pictures to a website: $_FILES['guildimage']['type'] == image/jpeg [snip] Please understand that the type is set by the browser and is never to be trusted. Especially with file uploads, extreme cautions apply. If all you want to upload are images, then ONLY rely on the php builtin getimagesize Example if($result=(@ getimagesize($_FILES['guildimage']['tmp_name'])) ===false) die('Invalid picture'); list($width,$height,$type)=$result; swith($type) {case 1: #gif; break; case 2: #jpeg; break; case 3: #png; break; case ... see php getimagesize documentation } And always use the move_uploaded_file function so you are sure you really are moving an uploaded file and not one that is already on the server Example move_uploaded_file($_FILES['guildimage']['tmp_name'],$publicdir); This function will fail if called with a file that was not uploaded. HTH Andy -- Now listening to Top! Radio Live www.topradio.be/stream on amaroK Geek code: www.vlaamse-kern.com/geek Registered Linux User No 379093 If life was for sale, what would be its price? www.vlaamse-kern.com/sas/ for free php utilities -- pgpXBjAnHW99i.pgp Description: PGP signature
Re: [PHP] Wanna Join me for an open source PHP Project?
Hmmm.. Outlook is notorious for blatantly violating the standards and being a security nightmare. Instead I suggest you make an application that has the same look feel as outlook but has a core that is much smarter, safer, and better. Also, work from the ground up to generate standards compliant html (or xhtml) documents so that FireFox, and KHTML based browsers will render it ok. You can later add hacks to support non-standard compliant browsers (such as ie) Not starting a flame war, just providing some common sense. Good luck with your project With kind regards Andy -- Now listening to Top! Radio Live www.topradio.be/stream on amaroK Geek code: www.vlaamse-kern.com/geek Registered Linux User No 379093 If life was for sale, what would be its price? www.vlaamse-kern.com/sas/ for free php utilities -- pgpq68ma2JLvZ.pgp Description: PGP signature
[PHP] Regexp trouble
Hi list I still fail to understand why regular expressions are causing me such a hard time. I used and tested my regexp in kregexpeditor (comes with Quanta [kdewebdev]) but when I put it in the php script it fails. ereg('^([\w]{3,3})[\s]([\d]{2,2})[\s]([\d]{2,2})[:]([\d]{2,2})[:]([\d]{2,2})' Does not match my query string. Which is Nov 22 06:51:36 Any ideas why? I mean Line start, followed by 3 word chars, followed by a space, followed by 2 digits, followed by a space, followed by two digits, folowed by a colon followed by 2 digits and followed by a colon, should match that date? With kind regards Andy -- Currently not listening to amaroK Geek code: www.vlaamse-kern.com/geek Registered Linux User No 379093 If life was for sale, what would be its price? www.vlaamse-kern.com/sas/ for free php utilities -- pgpB6BsWHneC5.pgp Description: PGP signature
Re: [PHP] Regexp trouble
Thanks all for your contributions. Seems like the missing link was the delimiter. On Thursday 24 November 2005 18:23, Frank Armitage wrote: And why do you use all those character classes? Err.. why NOT use character classes? What is easier [0-9] or \d or maybe [a-zA-Z] or [\w], ... ? With kind regards Andy -- Now listening to Top! Radio Live www.topradio.be/stream on amaroK Geek code: www.vlaamse-kern.com/geek Registered Linux User No 379093 If life was for sale, what would be its price? www.vlaamse-kern.com/sas/ for free php utilities -- pgposVVooZ7Uo.pgp Description: PGP signature
[PHP] imagecopyresized just copies
Hi all I wanted to make a simple script to make a resized image from an uploaded one. I used the example found on the php.net website list($width,$height,$type)=getimagesize($newfile); $newwidth=350; $newheight=50; $thumb=imagecreatetruecolor($newwidth,$newheight); $thumbname=str_replace(.$filedetails[extension], _thumb.$filedetails[extension],$newfile); $main=null; switch($type) {case 1: $main=imagecreatefromgif($newfile); #gif break; case 2: $main=imagecreatefromjpeg($newfile); #jpeg break; case 3: $main=imagecreatefrompng($newfile); #png break; } if(!(is_null($main))) {imagecopyresized($thumb,$main,0,0,0,0,$newwidth,$newheight,$width, $height); switch($type) {case 1: imagegif($main,$thumbname); break; case 2: imagejpeg($main,$thumbname); break; case 3: imagepng($main,$thumbname); chmod($thumbname,0600); #readwrite for apache only } imagedestroy($main); imagedestroy($thumb); When I examine the two files, the are binary different but size and width are equal. Anybody know why? With kind regards Andy -- Currently not listening to amaroK Geek code: www.vlaamse-kern.com/geek Registered Linux User No 379093 If life was for sale, what would be its price? www.vlaamse-kern.com/sas/ for free php utilities -- pgp4XeKFLyhs9.pgp Description: PGP signature
Re: [PHP] imagecopyresized just copies
On Sunday 20 November 2005 17:14, Andy Pieters wrote: {case 1: imagegif($main,$thumbname); break; case 2: imagejpeg($main,$thumbname); break; case 3: imagepng($main,$thumbname); chmod($thumbname,0600); #readwrite for apache only } imagedestroy($main); imagedestroy($thumb); When I examine the two files, the are binary different but size and width are equal. Never mind, after a long day, I overlooked the fact that instead of imagegif($thumb,$thumbname) I was doing imagegif($main,$thumbname)... Andy -- Now listening to Top! Radio Live www.topradio.be/stream on amaroK Geek code: www.vlaamse-kern.com/geek Registered Linux User No 379093 If life was for sale, what would be its price? www.vlaamse-kern.com/sas/ for free php utilities -- pgpI1Al5nJPGD.pgp Description: PGP signature
[PHP] Deployment and maintenance of php software
Hi all I am a php developer and develop huge packages. Those packages are then installed by my clients or clients of my resellers on a score of webservers. As with all applications, bugfixes, and updates are issued on an almost weekly bases. I developed an application that runs on the php cli and connects to a list of ftp sites and is capable of performing *some* updates but all of this is shady at most. What I really would like is to have an rpm style system. So that I can have for instance package dbfunctions-1.0-1-noarch.rpm (provides dbfunctions) package dbadmin-1.0-1-noarch (provides dbadmin, requires dbfunctions) I read up on the rpm command and find that it is very suitable for this kind of functionality. It support scripts that are run when a package is installed or removed, as well as triggers that can execute scripts. For instance if package dbadmin is updated, it can trigger a script in package dbfunctions to for example, update a configuration script. The downside of it all is that it requires shell access which most clients do not have. Furthermore, not all clients are running linux, some are running Mac (Unix based, but...?), or windows. Even though rpm exists for virtually all platforms. Three more requirements are not met: 1. The location of where the files in the package are installed is fixed in the rpm 2. Many packages require updates to the database, which means that a php cli with mysql support must be available on the system. 3. In case of a first install, information needs to be collected about the environment and user/password stuff. Is there anyone that can provide a solution to this or suggest another approach to the problem? With kind regards x_terminat_or_3 -- Now listening to Top! Radio Live www.topradio.be/stream on amaroK Geek code: www.vlaamse-kern.com/geek Registered Linux User No 379093 If life was for sale, what would be its price? www.vlaamse-kern.com/sas/ for free php utilities -- pgpHUSFeSKHs2.pgp Description: PGP signature
[PHP] preg for unicode strings?
Hi List I am doing some data validation and the following regexp fails [\W] When using characters like £ or € Obviously because they are technically more then one character, even though they are only displayed as one. The script is encoded in UTF-8 Anybody know a fix for this? With kind regards Andy -- Now listening to The Prophet - I Can't Stand It on amaroK Geek code: www.vlaamse-kern.com/geek Registered Linux User No 379093 If life was for sale, what would be its price? www.vlaamse-kern.com/sas/ for free php utilities -- pgpgretkqqhNR.pgp Description: PGP signature
Re: [PHP] preg for unicode strings?
Hi Thank you for your reply. My regexp was /^([a-zA-Z]{3,}|[\W])/ Meaning match any string that is either 3 letters or 1 word character I'd like to change this to 3 letters or 1 currency character So I changed the regexp accordingly /^([a-zA-Z]{3,}|[\p{Sc}])/u And I tested with £ but it fails. Any ideas? With kind regards Andy On Sunday 06 November 2005 02:11, Niels Ganser wrote: Andy, you might want to check out http://www.regular-expressions.info/unicode.html Please note two things while using the described syntax: 1. You have to additionally use the u modificator. 2. While \p{Ll} for instance works in PHP, \p{Lowercase_Letter} doesn't. Regards, Niels Hi List I am doing some data validation and the following regexp fails [\W] When using characters like £ or € Obviously because they are technically more then one character, even though they are only displayed as one. The script is encoded in UTF-8 Anybody know a fix for this? With kind regards Andy -- Now listening to Top! Radio Live www.topradio.be/stream on amaroK Geek code: www.vlaamse-kern.com/geek Registered Linux User No 379093 If life was for sale, what would be its price? www.vlaamse-kern.com/sas/ for free php utilities -- pgpT8ldDDW3eO.pgp Description: PGP signature
[PHP] Simple CopyOf XSLT translation
Hi list I made an entire site in xhtml for a client but now complaints are comming from the m$ explorer front. Broken layouts, long loading times etc. Would it be possible for php to do the xslt translation? All that is currently in my xslt is stylesheet template match=/ copy-of select=. / /template /stylesheet And serve those pages as html 4.01 instead of xhtml on internet explorer? With kind regards Andy -- Now listening to Top! Radio Live www.topradio.be/stream on amaroK Geek code: www.vlaamse-kern.com/geek Registered Linux User No 379093 If life was for sale, what would be its price? www.vlaamse-kern.com/sas/ for free php utilities -- pgpnhq6q8XcqY.pgp Description: PGP signature
Re: [PHP] Login is not working. Please help....
You do know your code is open for sql injection attacks. php.net search for sql injection and session spoofing HTH Andy On Friday 14 October 2005 09:25, Jochem Maas wrote: try some code indentation to make it more readable. someone else pointed you to the 'user' 'name' mismatch already I see. twistednetadmin wrote: ... session_start(); switch (@$_GET['action']) // Gets set by the form action { case login: $sql = SELECT name FROM DB WHERE name='$_POST[user]'; $result = mysql_query($sql) or die(Couldn't execute query.); $num = mysql_num_rows($result); if ($num ==1) // loginname found { $sql = SELECT name FROM DB WHERE name='$_POST[user]' AND pass=password('$_POST[pass]'); $result2 = mysql_query($sql) or die(Couldn't execute query 2.); $num2 = mysql_num_rows($result2); if ($num2 0) // password is correct { $_SESSION['auth']=yes; $logname=$_POST['user']; $_SESSION['logname'] = $logname; header(Location: page1.php); } else // password is not correct { unset($action); header(Location: loginerror.php); } } elseif ($num == 0) // Wrong name. Name not in db { unset($action); header(Location: loginerror.php); } } ... -- Now listening to on amaroK Geek code: www.vlaamse-kern.com/geek Registered Linux User No 379093 If life was for sale, what would be its price? www.vlaamse-kern.com/sas/ for free php utilities -- pgpwq1LTh5cxi.pgp Description: PGP signature
Re: [PHP] PHP and files Upload
Hi As a security precaution, all uploaded files are automatically deleted when the script goes out of scope. Use the move_uploaded_file function to move the file somewhere else before your script ends. There are various other security precautions you have to consider. And by all means don't expect the browser to adhere to the limitations you set in the form, like mime type and max sizes, also know that it is fairly easy for someone to directly connect to the socket and upload a file, bypassing the browser altogheter. The php documentation site covers file uploads in depth (www.php.net) HTH With kind regards Andy On Wednesday 19 October 2005 00:36, feiticeir0 wrote: hello all. I've managed to create files uploads pages in the past (dont remember if alredy with php 5). till now, i havent need for testing or using. today, i've tried to test an upload page (a very simple one) with php 5.0.5 and i was unable to do it. the script always says it was sucessful to upload the file, but the destination directory was always empty... even when checking the $_FILES global $_FILES['var_name']['tmp_name'] and $_FILES['var_name']['name'] and $_FILES['var_name']['size'], the vars alwyas return empty values... is there any issue with php5 about files uploads ? in php.ini i set the temp directory to /tmp and still nothing works... Cheers, Bruno Santos -- Open WebMail Project (http://openwebmail.org) -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- Now listening to Top! Radio Live www.topradio.be/stream on amaroK Geek code: www.vlaamse-kern.com/geek Registered Linux User No 379093 If life was for sale, what would be its price? www.vlaamse-kern.com/sas/ for free php utilities -- pgp2zJjHn44KV.pgp Description: PGP signature
Re: [PHP] How can I count the usage of mail function in scripts?
Hi While it *is* possible to do what you ask for, it would be worthless. I can write from scratch a php script that * looks up the mx record for a given email address * connects to the mail server looked up * send the message. Since the SMTP protocol is fairly simple, I am sure many others can and will use this to circumvent your limitations. With kind regards Andy On Tuesday 18 October 2005 11:45, Cristea Adrian wrote: Hello peoples! short question: How can I count the usage of mail function in scripts? long description :D I have a webserver, and I want to limit the usage of mail function for each host I have there.. Notice that i have a couple of hundrest of virtual hosts (domains and subdomains) there, and i want to limit them, let`s say.. 100 mails per day.. there is any solution to do that? (i know there is, i saw that in a nwebhosting company) .. can you guide me find this solution? thanks in advance! cheers, cajbecu -- Now listening to Top! Radio Live www.topradio.be/stream on amaroK Geek code: www.vlaamse-kern.com/geek Registered Linux User No 379093 If life was for sale, what would be its price? www.vlaamse-kern.com/sas/ for free php utilities -- pgpCA6RiR5PNi.pgp Description: PGP signature
[PHP] Designing a complicated multipage form with sessions
Hi List I am quite experienced in PHP. I have been asked to design a complicated form in php that spans multiple pages and has many subitems. For instance if they select one checkbox, more details are required in the form of a dropdown list or radio buttons. It would allow browsing the different pages randomly, and final validation is only to be performed on the last page. In case of errors, it would load the page where the first error is found and display a message and highlight the faults. I currently made a list of all vars in an xml file, and associated a page number for each. Now when the page loads it looks up the vars used on that page and loads them from post (if present and stores them in session right away) or loads them from session if no post is present. Any ideas for improvements, common pitfalls, etc are highly appreciated. With kind regards Andy -- Now listening to Top! Radio Live www.topradio.be/stream on amaroK Geek code: www.vlaamse-kern.com/geek Registered Linux User No 379093 If life was for sale, what would be its price? www.vlaamse-kern.com/sas/ for free php utilities -- pgphaUbaWF5A3.pgp Description: PGP signature
Re: [PHP] Re: OOP Newbie - why does this not work?
While the use of () or not doesn't impede the function of his code, I consider it good programming habit to always add () to the class creator. Since it is considered a function, you wouldn't call a function like x=function but rather x=function(). It is more consistent that way. On Friday 21 October 2005 16:31, Jochem Maas wrote: Nathan Tobik wrote: You have to show us the definition for your class, also your syntax for new is wrong. It should be: $liveclass = new Test(); it can also be (if you have nothing to pass to the constructor function): $liveclass = new Test; Nate Tobik (412)661-5700 x206 VigilantMinds -Original Message- From: John Taylor-Johnston [mailto:[EMAIL PROTECTED] Sent: Friday, October 21, 2005 7:57 AM To: php-general@lists.php.net Subject: [PHP] Re: OOP Newbie - why does this not work? Here,s my guess: var $liveclass; $liveclass = new(Test); echo $liveclass-get() ; echo BR ; echo This is in the php code block ; -- Now listening to on amaroK Geek code: www.vlaamse-kern.com/geek Registered Linux User No 379093 If life was for sale, what would be its price? www.vlaamse-kern.com/sas/ for free php utilities -- pgpd6AH5Ivt4b.pgp Description: PGP signature
Re: [PHP] Error with DOMDocument-saveXML()
Hi bFatal error/b: Method Document::__toString() must return a string value in b/srv/www/localhost/htdocs/db/index.php/b on line b140/bbr / That's just what it says, check your program flow. You overrided the tostring function and somewhere in that new function you jump out of it because of a flag that is set, and thus not returning anything, which is equal to return null. I've not checked my E_NOTICE's yet.. actually not quite sure how to turn One way would be to use .htaccess files, but I have included in all my programs (read sites) a mechanism for this. Have one file where you keep all the varialbes that you need accross the different pages (scripts), and then on all your files, put this on the top: if(!(defined('GLOBALS_LOADED'))) require_once 'scripts/globals.php'; #be sure to set relative path to globals if(defined('DEBUG_LVL')) error_reporting(DEBUG_LVL); else error_reporting(0); Then in your file globals.php you need to have at least this: ?php define('GLOBALS_LOADED',true); define('DEBUG_LVL',E_ALL); ? Once you go to production, all you need to do is change the E_ALL to 0 and all the pages follow suit... HTH Andy -- Registered Linux User Number 379093 Now listening to Radio Stream amaroK::the Coolest Media Player in the known Universe! Cockroaches and socialites are the only things that can stay up all night and eat anything. Herb Caen -- -- --BEGIN GEEK CODE BLOCK- Version: 3.1 GAT/O/E$ d-(---)+ s:(+): a--(-)? C$(+++) UL$ P-(+)++ L+++$ E---(-)@ W++$ !N@ o? !K? W--(---) !O !M- V-- PS++(+++) PE--(-) Y+ PGP++(+++) t+(++) 5-- X++ R*(+)@ !tv b-() DI(+) D+(+++) G(+) e$@ h++(*) r--++ y--() -- ---END GEEK CODE BLOCK-- -- Check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- pgpH2F3Wp9agY.pgp Description: PGP signature
Re: [PHP] Functions Returning large strings
Hi I have a series of nested functions which return a large string (as apposed to working on global string) , is this inefficient? Or is PHP clever enough to just pass a pointer? $large_string=fn_one(fn_two(fn_three(; PHP is by no means cleaver enough to read your mind as to what you want it to do. If you want to pass pointers instead of strings then do as this function one($buffer) { #processing, return true/false based on success, put result in buffer } function two($buffer) { #processing,... } Then do like this: $variable='input value'; if(one($variable)) if(two($variable)) echo Result: $variable; HTH Andy -- Registered Linux User Number 379093 Now listening to [silence] amaroK::the Coolest Media Player in the known Universe! Cockroaches and socialites are the only things that can stay up all night and eat anything. Herb Caen -- -- --BEGIN GEEK CODE BLOCK- Version: 3.1 GAT/O/E$ d-(---)+ s:(+): a--(-)? C$(+++) UL$ P-(+)++ L+++$ E---(-)@ W++$ !N@ o? !K? W--(---) !O !M- V-- PS++(+++) PE--(-) Y+ PGP++(+++) t+(++) 5-- X++ R*(+)@ !tv b-() DI(+) D+(+++) G(+) e$@ h++(*) r--++ y--() -- ---END GEEK CODE BLOCK-- -- Check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- pgphHcBjoE1mU.pgp Description: PGP signature
[PHP] Binary file upload with ftp
Hi all Is there someone with expierence on how to upload a binary file in php? I am using php 5 cli engine and the scripts keeps trowing errors, but only if the file is a binary. Text files upload without problem. It keeps telling me 'STOR' not understood. I tried putting in passiv mode and I verified to use the FTP_BINARY constant directly on the command... like this $result=ftp_put($handle,$localfile,$remotefile,FTP_BINARY); But to no aval! Somebody know what to do? With kind regards Andy -- Registered Linux User Number 379093 Now listening to Radio Stream amaroK::the Coolest Media Player in the known Universe! Cockroaches and socialites are the only things that can stay up all night and eat anything. Herb Caen -- -- --BEGIN GEEK CODE BLOCK- Version: 3.1 GAT/O/E$ d-(---)+ s:(+): a--(-)? C$(+++) UL$ P-(+)++ L+++$ E---(-)@ W++$ !N@ o? !K? W--(---) !O !M- V-- PS++(+++) PE--(-) Y+ PGP++(+++) t+(++) 5-- X++ R*(+)@ !tv b-() DI(+) D+(+++) G(+) e$@ h++(*) r--++ y--() -- ---END GEEK CODE BLOCK-- -- Check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- pgpx79OExSmmZ.pgp Description: PGP signature
Re: [PHP] Two MySQL connections in one script not working as expected
Hi Without you actually showing us these class files we can only guess but a common mistake is this: mysql_open(connection details) mysql_query(query) In those cases the last opened handle is used. To prevent this, use this syntax $db1=mysql_open(connection for db1); $db2=mysql_open(connection for db2); mysql_query($db1,$query_db_1); mysql_query($db2,$query_db_2); If you have used this syntax then check your class if it is using a global variable to hold the database handle and if it does make it a class variable instead Instead of $db=null class db {function db() {$GLOBALS['db']=mysql_open(... do instead class db {var $db=null; function db() {$this-db=mysql_open That way you can instanciate as many instances of the class as you like and each will have its own database handle. HTH Andy On Tuesday 27 September 2005 20:25, Charles Kline wrote: Hi all, I have a script that needs to update data in two databases. My db connections are both in class files that I created to execute the various connections and queries. What is happening is that the second database connection does not seem to work. The error I get is that it seems the second query is being executed against the first database connection - does that make sense? So I get an error that the database_name.table_name does not exist, which is true, but the query is getting executed against the wrong database name. Any ideas? Thanks, Charles -- Registered Linux User Number 379093 Now listening to Radio Stream amaroK::the Coolest Media Player in the known Universe! Cockroaches and socialites are the only things that can stay up all night and eat anything. Herb Caen -- -- --BEGIN GEEK CODE BLOCK- Version: 3.1 GAT/O/E$ d-(---)+ s:(+): a--(-)? C$(+++) UL$ P-(+)++ L+++$ E---(-)@ W++$ !N@ o? !K? W--(---) !O !M- V-- PS++(+++) PE--(-) Y+ PGP++(+++) t+(++) 5-- X++ R*(+)@ !tv b-() DI(+) D+(+++) G(+) e$@ h++(*) r--++ y--() -- ---END GEEK CODE BLOCK-- -- Check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- pgph3H1sUsSCY.pgp Description: PGP signature
Re: [PHP]PHP Syntax Notation
Hi As a complement to the answers you have had here I wish to ammend the following. The Run in the example is a function, and because this function is inside a Class object, it is called a method. A class is a set of variables (properties) and functions (methods) that you can create instances of. I suggest you consult the complete php documentation with user comments and examples at php.net. Available in many languages. This manual is used by many -including me- on a daily basis. Hope this helps With kind regards Andy On Tuesday 27 September 2005 22:29, Lowell Herbert wrote: On Sep 27, 2005, at 4:19 PM, Jasper Bryant-Greene wrote: Lowell Herbert wrote: Thanks for all the responses. I understand that $site is an instance of the class CSite, and that Run() is a function in that class. I do not understand what the operater - means, and what meaning the result of the function Run() has to $site. Clarification anyone? The operator - in this context ( $site-Run() ) sort of means the function Run() inside the object $site. The result of the function (if there is one) is thrown away, because you don't assign it to anything. If you did this then it would be assigned to something: $result = $site-Run(); Thank you for your clear explanation!!! Lowell -- Registered Linux User Number 379093 Now listening to [silence] amaroK::the Coolest Media Player in the known Universe! Cockroaches and socialites are the only things that can stay up all night and eat anything. Herb Caen -- -- --BEGIN GEEK CODE BLOCK- Version: 3.1 GAT/O/E$ d-(---)+ s:(+): a--(-)? C$(+++) UL$ P-(+)++ L+++$ E---(-)@ W++$ !N@ o? !K? W--(---) !O !M- V-- PS++(+++) PE--(-) Y+ PGP++(+++) t+(++) 5-- X++ R*(+)@ !tv b-() DI(+) D+(+++) G(+) e$@ h++(*) r--++ y--() -- ---END GEEK CODE BLOCK-- -- Check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- pgpfMLvuAfYVj.pgp Description: PGP signature
[PHP] New ocurrance of old problem. (FTP_PUT: 'STOR' not understood)
Hi all Having looked at the archives, they mention that the cause for this problem might be that the FTP_BINARY constant isn't transmitted to the the FTP module. I therefore adjusted my code to this: return ftp_put($this-ftphandle, $localfile, $remotefile,FTP_BINARY); Seeing as this fails also, I prepended this with a pasv command, and even went as far as doing this ftp_raw($this-ftphandle,'quote pasv'); //put ftp in passive mode ftp_raw($this-ftphandle,'quote type i'); //put ftp in binary mode return ftp_put($this-ftphandle, $localfile, $remotefile,FTP_BINARY); Alas, to no avail! The server keeps telling me STOR not understood, so I connected manually to the server, and quote stor 500 'STOR' not understood But I can upload files with PUT nonetheless. So is there a way to tell PHP to use the PUT command instead of the STORE command? With kind regards Andy -- Registered Linux User Number 379093 Now listening to [silence] amaroK::the Coolest Media Player in the known Universe! Cockroaches and socialites are the only things that can stay up all night and eat anything. Herb Caen -- -- --BEGIN GEEK CODE BLOCK- Version: 3.1 GAT/O/E$ d-(---)+ s:(+): a--(-)? C$(+++) UL$ P-(+)++ L+++$ E---(-)@ W++$ !N@ o? !K? W--(---) !O !M- V-- PS++(+++) PE--(-) Y+ PGP++(+++) t+(++) 5-- X++ R*(+)@ !tv b-() DI(+) D+(+++) G(+) e$@ h++(*) r--++ y--() -- ---END GEEK CODE BLOCK-- -- Check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- pgpvHfRu8vCcO.pgp Description: PGP signature
[PHP] Bytecode
Hi all I came across some text that sais PHP compiles the script to bytecode prior to running it. Is this true, and is it possible to instead of .php source files, use those bytecodes files in distribution? With kind regards Andy -- Registered Linux User Number 379093 Now listening to Radio Stream amaroK::the Coolest Media Player in the known Universe! Cockroaches and socialites are the only things that can stay up all night and eat anything. Herb Caen -- -- --BEGIN GEEK CODE BLOCK- Version: 3.1 GAT/O/E$ d-(---)+ s:(+): a--(-)? C$(+++) UL$ P-(+)++ L+++$ E---(-)@ W++$ !N@ o? !K? W--(---) !O !M- V-- PS++(+++) PE--(-) Y+ PGP++(+++) t+(++) 5-- X++ R*(+)@ !tv b-() DI(+) D+(+++) G(+) e$@ h++(*) r--++ y--() -- ---END GEEK CODE BLOCK-- -- Check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- pgpLmbnKwqjkp.pgp Description: PGP signature
Re: [PHP] Issue with generating asx playlist with php
On Monday 29 August 2005 16:09, Dan Rossi wrote: ? I logged two different sess id's being created. Hi I have seen this behaviour as well, although in another context. The solution was to have the session_start instruction be one of the very first. In fact, in my software, the session_start is the second instruction on ALL pages. ?php require_once 'globals.inc.php'; /* rest of script*/ ? And globals.inc.php is like ?php session_start(); define(yadaydayda ? Hope this helps With kind regards Andy -- Registered Linux User Number 379093 Now listening to Blank and Jones and Friends (2005 week 34) - guest DJ Jochen Miller amaroK::the Coolest Media Player in the known Universe! Cockroaches and socialites are the only things that can stay up all night and eat anything. Herb Caen -- -- --BEGIN GEEK CODE BLOCK- Version: 3.1 GAT/O/E$ d-(---)+ s:(+): a--(-)? C$(+++) UL$ P-(+)++ L+++$ E---(-)@ W++$ !N@ o? !K? W--(---) !O !M- V-- PS++(+++) PE--(-) Y+ PGP++(+++) t+(++) 5-- X++ R*(+)@ !tv b-() DI(+) D+(+++) G(+) e$@ h++(*) r--++ y--() -- ---END GEEK CODE BLOCK-- -- Check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- pgpkh2ZIq86nl.pgp Description: PGP signature
Re: [PHP] kein Betreff
On Sunday 28 August 2005 19:26, Jan Broermann wrote: _ Mit der Gruppen-SMS von WEB.DE FreeMail können Sie eine SMS an alle Freunde gleichzeitig schicken: http://freemail.web.de/features/?mc=021179 Lauffen sie scheissen! Was mache Sie dar? -- Registered Linux User Number 379093 Now listening to Blank and Jones and Friends (2005 week 34) - guest DJ Jochen Miller amaroK::the Coolest Media Player in the known Universe! Cockroaches and socialites are the only things that can stay up all night and eat anything. Herb Caen -- -- --BEGIN GEEK CODE BLOCK- Version: 3.1 GAT/O/E$ d-(---)+ s:(+): a--(-)? C$(+++) UL$ P-(+)++ L+++$ E---(-)@ W++$ !N@ o? !K? W--(---) !O !M- V-- PS++(+++) PE--(-) Y+ PGP++(+++) t+(++) 5-- X++ R*(+)@ !tv b-() DI(+) D+(+++) G(+) e$@ h++(*) r--++ y--() -- ---END GEEK CODE BLOCK-- -- Check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- pgp7SQZQAeIbT.pgp Description: PGP signature
[PHP] execution time of ';'
Hi all We develop our software with built-in debug handlers that are very talkative. Each class registers itself to a central debug handler. When a conditional define NODEBUG is set, that debughandler just does a return null but obviously it takes time to perform that call. We are thinking of doing a search/replace on the source to replace all $this-debug('...'); with a ; because if I would replace it with a # it would generate errors in cases like this: if(conditions ) $this-debug('something...'); So here is the question: Are there any reasons against doing this kind of replace, or is anyone aware of a better solution? With kind regards Andy -- Registered Linux User Number 379093 Now listening to Virtual Zone - Virtual Zone amaroK::the Coolest Media Player in the known Universe! Cockroaches and socialites are the only things that can stay up all night and eat anything. Herb Caen -- -- --BEGIN GEEK CODE BLOCK- Version: 3.1 GAT/O/E$ d-(---)+ s:(+): a--(-)? C$(+++) UL$ P-(+)++ L+++$ E---(-)@ W++$ !N@ o? !K? W--(---) !O !M- V-- PS++(+++) PE--(-) Y+ PGP++(+++) t+(++) 5-- X++ R*(+)@ !tv b-() DI(+) D+(+++) G(+) e$@ h++(*) r--++ y--() -- ---END GEEK CODE BLOCK-- -- Check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- pgpb1XjyVb78d.pgp Description: PGP signature
[PHP] snapshot
Hi all We just bought ourselfs a very basic windows station so that we can test our php and html applications on windows as well. For the html applications, a simple screen shot of how it looks in internet explorer is sufficient. I know how to handle http authentication, file uploads, streaming files back to the browser and all that, but would like some advise on how I can control internet explorer from php. The scheme: a coworker logs on on the page, enters a local network url, the scripts launches internetxplorer with that url, takes a screen shot picture and streams that back to the browser. Any ideas anyone? With kind regards Andy -- Registered Linux User Number 379093 Now listening to Highlander - Last Forever amaroK::the Coolest Media Player in the known Universe! Cockroaches and socialites are the only things that can stay up all night and eat anything. Herb Caen -- -- --BEGIN GEEK CODE BLOCK- Version: 3.1 GAT/O/E$ d-(---)+ s:(+): a--(-)? C$(+++) UL$ P-(+)++ L+++$ E---(-)@ W++$ !N@ o? !K? W--(---) !O !M- V-- PS++(+++) PE--(-) Y+ PGP++(+++) t+(++) 5-- X++ R*(+)@ !tv b-() DI(+) D+(+++) G(+) e$@ h++(*) r--++ y--() -- ---END GEEK CODE BLOCK-- -- Check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- pgpjIcGQZuQHe.pgp Description: PGP signature
Re: [PHP] Ok, why is this happening...
Hi I admit not gone trough all of your code, but mostly this happens when mixing the string concatenation operator (.) with the addition (+) or substraction (-) operator. HTH With kind regards Andy On Tuesday 19 July 2005 19:26, John Nichel wrote: Chris Boget wrote: Chris Boget wrote: snip echo if( $originalNet != $calculatedNet ) = . ( (int)$originalNet !== (int)$calculatedNet ) . br\n; /snip Change this to echo out what you're comparing... echo if( . (int)$originalNet . != . (int)$calculatedNet . ) = . ( (int)$originalNet !== (int)$calculatedNet ) . br\n; That'll show what numbers is actually trying to match. Ok, then that begs the following questions: If I don't cast any of the values, why do they display as being identicle? Additionally, why does every IF check fail in that case? There's some freaky math going on there or something. I added a couple of other echos in to see and for some reason it seems to be losing single digit value (subtracting, rounding down, I don't know). $calculatedGross = $originalNet + ( $originalNet * $commissionPct * 0.01 ); echo ( Gross : . (int)$calculatedGross . = . $originalNet . + ( . $originalNet . * . $commissionPct . *.01 )br /\n ); $calculatedNet= $calculatedGross / ( 1 + ( $commissionPct * 0.01 )); echo ( Net : . (int)$calculatedNet. = . (int)$calculatedGross . / ( 1 + ( . $commissionPct . * .01 ) )br /\n ); -- John C. Nichel ÜberGeek KegWorks.com 716.856.9675 [EMAIL PROTECTED] -- Registered Linux User Number 379093 Cockroaches and socialites are the only things that can stay up all night and eat anything. Herb Caen -- -- --BEGIN GEEK CODE BLOCK- Version: 3.1 GAT/O/E$ d-(---)+ s:(+): a--(-)? C$(+++) UL$ P-(+)++ L+++$ E---(-)@ W++$ !N@ o? !K? W--(---) !O !M- V-- PS++(+++) PE--(-) Y+ PGP++(+++) t+(++) 5-- X++ R*(+)@ !tv b-() DI(+) D+(+++) G(+) e$@ h++(*) r--++ y--() -- ---END GEEK CODE BLOCK-- -- Check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- -- pgptzLlv5o2r7.pgp Description: PGP signature
[PHP] Session has new id on 'some' pages.
Hi all We have a extensive software that uses php session to store some very basic session information. ALL, and I do mean ALL files (except for globals.php) start like this: ?php require_once ../scripts/globals.php; ... ? And the file globals.php starts with ?php session_start(); We have hit a bug that we do not understand. On our test servers (php 4.3.11, php 4.3.10, and php 4.2.0) everything works as intended. Putting someting in the session variables is remembered on every other page. We actually deployed the product on a php 4.3.8 server and there we get the complaint that session data is only remembered on 'some' pages. After verification, it seems that on the pages that do not reproduce the session data, a second session is used. page 1: session id L43403470384, session data: OK click link to page 2: session id DG5475232780, session data: null click link back to page 1: session id L43403470384, session data: OK click link to page 3: session id DG5475232780, session data: null click link to page 4: session id L43403470384, session data: OK Has anyone seen this behaviour before, or has any clues what is the problem? With kind regards Andy -- Registered Linux User Number 379093 -- --BEGIN GEEK CODE BLOCK- Version: 3.1 GAT/O/E$ d-(---)+ s:(+): a--(-)? C$(+++) UL$ P-(+)++ L+++$ E---(-)@ W++$ !N@ o? !K? W--(---) !O !M- V-- PS++(+++) PE--(-) Y+ PGP++(+++) t+(++) 5-- X++ R*(+)@ !tv b-() DI(+) D+(+++) G(+) e$@ h++(*) r--++ y--() -- ---END GEEK CODE BLOCK-- -- Check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- -- pgpRUwcXMAViM.pgp Description: PGP signature
Re: [PHP] Session has new id on 'some' pages.
Ok found the solution, seems like one page is on http://server.org.uk and the other on www.server.org.uk even though its the same server it generates a different session id! -- Registered Linux User Number 379093 -- --BEGIN GEEK CODE BLOCK- Version: 3.1 GAT/O/E$ d-(---)+ s:(+): a--(-)? C$(+++) UL$ P-(+)++ L+++$ E---(-)@ W++$ !N@ o? !K? W--(---) !O !M- V-- PS++(+++) PE--(-) Y+ PGP++(+++) t+(++) 5-- X++ R*(+)@ !tv b-() DI(+) D+(+++) G(+) e$@ h++(*) r--++ y--() -- ---END GEEK CODE BLOCK-- -- Check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- -- pgpiSQvK5Tugo.pgp Description: PGP signature
Re: [PHP] Re: Tracking a mobile phone
Hi I did hear of a gps feature that's been tested here. Basically you subscribe to a service by your provider and then you choose where to forward the data. I've seen it in use in some company that tracks it's least selling representatives (with their approval, off course). With kind regards Andy On Monday 18 July 2005 21:41, Ethilien wrote: I think that would require tapping the cellphone network, which I doubt they would let you do since it be a major violation of privacy, because you could track the general location of anyone on their network. Thomas wrote: Hi there, I was wondering if anybody has attempted to track a mobile phone through a country. I know that this is usually more a case for the FBI . a friend of mine is going on a 4 month bike tour and I would like to 'track' him for locations. I thought of an sms receiving system, but if could do any other way would be great. Any ideas? Thomas -- Registered Linux User Number 379093 -- --BEGIN GEEK CODE BLOCK- Version: 3.1 GAT/O/E$ d-(---)+ s:(+): a--(-)? C$(+++) UL$ P-(+)++ L+++$ E---(-)@ W++$ !N@ o? !K? W--(---) !O !M- V-- PS++(+++) PE--(-) Y+ PGP++(+++) t+(++) 5-- X++ R*(+)@ !tv b-() DI(+) D+(+++) G(+) e$@ h++(*) r--++ y--() -- ---END GEEK CODE BLOCK-- -- Check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- -- pgpbkJhEVedGr.pgp Description: PGP signature
[PHP] msdos date/time encoding in php?
Hi all I am trying to set the last modified date/time of individual files in a zip file. According to the specification (http://www.pkware.com/appnote.txt), date/time are two bytes each, and use standard msdos date/time encoding. Does anybody have a clue to this? With kind regards Andy -- Registered Linux User Number 379093 -- --BEGIN GEEK CODE BLOCK- Version: 3.1 GAT/O/E$ d-(---)+ s:(+): a--(-)? C$(+++) UL$ P-(+)++ L+++$ E---(-)@ W++$ !N@ o? !K? W--(---) !O !M- V-- PS++(+++) PE--(-) Y+ PGP++(+++) t+(++) 5-- X++ R*(+)@ !tv b-() DI(+) D+(+++) G(+) e$@ h++(*) r--++ y--() -- ---END GEEK CODE BLOCK-- -- Check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- -- pgpF5Cmdvi8Qr.pgp Description: PGP signature
[PHP] mail:: very weird behaviour!
Hi all So I constructed the mail message with attachements and all, and when I echo the contents to the screen, I get the entire message as intended. But when the message is actually sent, it is NOT received the same! In one test, the base64 part contains different text from what I actually put in. However, if I put that same data inside the body (so I can compare), that data is transfered correctly. In another test, the behaviour explained above, is extended by some other text dissapearing (namely some boundary) The error log doesn't say a-thing! my mail command is: mail($toname $to,$subject,$body,$header); If I do echo $headerbr$body; right before the mail command, and copy and paste that into kmail, it is a valid email message with all the parts I made. So where does it go wrong... please speake quickly before I have no more hair! With kind regards Andy -- Registered Linux User Number 379093 -- --BEGIN GEEK CODE BLOCK- Version: 3.1 GAT/O/E$ d-(---)+ s:(+): a--(-)? C$(+++) UL$ P-(+)++ L+++$ E---(-)@ W++$ !N@ o? !K? W--(---) !O !M- V-- PS++(+++) PE--(-) Y+ PGP++(+++) t+(++) 5-- X++ R*(+)@ !tv b-() DI(+) D+(+++) G(+) e$@ h++(*) r--++ y--() -- ---END GEEK CODE BLOCK-- -- Check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- -- pgpD3vno6k7mO.pgp Description: PGP signature
Re: [PHP] mail:: very weird behaviour!
Ok, found out what was happening. It seems that if the message contains MIME syntax errors, actual behaviour of sendmail (or its php wrapper) is unspecified. Anyway, I forgot a semicolomn here and a linebreak there and whoosh! almost all of my hair pulled out! Thanks Andy -- Registered Linux User Number 379093 -- --BEGIN GEEK CODE BLOCK- Version: 3.1 GAT/O/E$ d-(---)+ s:(+): a--(-)? C$(+++) UL$ P-(+)++ L+++$ E---(-)@ W++$ !N@ o? !K? W--(---) !O !M- V-- PS++(+++) PE--(-) Y+ PGP++(+++) t+(++) 5-- X++ R*(+)@ !tv b-() DI(+) D+(+++) G(+) e$@ h++(*) r--++ y--() -- ---END GEEK CODE BLOCK-- -- Check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- -- pgprMwYeqahvh.pgp Description: PGP signature
[PHP] mail()===false but msg is sent!
Hi all I have this situation where mail() returns a false status but the message is actually accepted AND reaches destination! The PHP Version is 4.3.10, the OS Linux So what I do is ( $header=header for multipart mime message; $body=body with multipart mime message; $result=mail(Name Firstname $address,Subject,$message,$header); echo ($result?ok:bogus); So anyone got any ideas? With kind regards Andy -- Registered Linux User Number 379093 -- --BEGIN GEEK CODE BLOCK- Version: 3.1 GAT/O/E$ d-(---)+ s:(+): a--(-)? C$(+++) UL$ P-(+)++ L+++$ E---(-)@ W++$ !N@ o? !K? W--(---) !O !M- V-- PS++(+++) PE--(-) Y+ PGP++(+++) t+(++) 5-- X++ R*(+)@ !tv b-() DI(+) D+(+++) G(+) e$@ h++(*) r--++ y--() -- ---END GEEK CODE BLOCK-- -- Check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- -- pgpnle9RVmE8t.pgp Description: PGP signature
Re: [PHP] Question about HTTP 301 permanent redirects
Hi Actually you can get away with this: header(Location: $url,301); This will let php generate the proper headers Also, and I stress this point (again and again), the http specification clearly states that location headers need to have a *fully qualified url* not a site-specific one. Failure to do so puts the proper working of your site in the hands of the end user's browser who may very well fail to redirect because he doesn't find http://yourpage.php. (some browser do handle this correctly, but that's besides the point). HTH Andy -- Registered Linux User Number 379093 -- --BEGIN GEEK CODE BLOCK- Version: 3.1 GAT/O/E$ d-(---)+ s:(+): a--(-)? C$(+++) UL$ P-(+)++ L+++$ E---(-)@ W++$ !N@ o? !K? W--(---) !O !M- V-- PS++(+++) PE--(-) Y+ PGP++(+++) t+(++) 5-- X++ R*(+)@ !tv b-() DI(+) D+(+++) G(+) e$@ h++(*) r--++ y--() -- ---END GEEK CODE BLOCK-- -- Check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- -- pgpQ96QzDJCW7.pgp Description: PGP signature
Re: [PHP] Question about HTTP 301 permanent redirects
On Wednesday 29 June 2005 00:31, Andy Pieters wrote: Hi Actually you can get away with this: header(Location: $url,301); Well it looks like we all make typos Header(Location: $url,true,301); is more like it This will let php generate the proper headers Also, and I stress this point (again and again), the http specification clearly states that location headers need to have a *fully qualified url* not a site-specific one. Failure to do so puts the proper working of your site in the hands of the end user's browser who may very well fail to redirect because he doesn't find http://yourpage.php. (some browser do handle this correctly, but that's besides the point). HTH Andy -- Registered Linux User Number 379093 -- --BEGIN GEEK CODE BLOCK- Version: 3.1 GAT/O/E$ d-(---)+ s:(+): a--(-)? C$(+++) UL$ P-(+)++ L+++$ E---(-)@ W++$ !N@ o? !K? W--(---) !O !M- V-- PS++(+++) PE--(-) Y+ PGP++(+++) t+(++) 5-- X++ R*(+)@ !tv b-() DI(+) D+(+++) G(+) e$@ h++(*) r--++ y--() -- ---END GEEK CODE BLOCK-- -- Check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- -- pgpr00gTfHMlK.pgp Description: PGP signature
[PHP] Permission argh!
Hi all I am in the process of creating an installer for my php application. During the test proces, it does this: isdir(root)?create dir root ok?chmod 0777 isdir(root/child)?create dir root/child ok?chmod 0777 isdir(root/child/grandchild)?create dir root/child/grandchild ok?chmod 0777 The script fails on the grandchild part: stat failed for /root/child/grandchild (errno=13 - Permission denied) when I try to force the hand and create it anyway: mkdir() failed (Permission denied) The files/directories are owned by the 'nobody' user... the same as the apachephp user. Anybody know how to remedy this problem? With kind regards Andy -- Registered Linux User Number 379093 -- --BEGIN GEEK CODE BLOCK- Version: 3.1 GAT/O/E$ d-(---)+ s:(+): a--(-)? C$(+++) UL$ P-(+)++ L+++$ E---(-)@ W++$ !N@ o? !K? W--(---) !O !M- V-- PS++(+++) PE--(-) Y+ PGP++(+++) t+(++) 5-- X++ R*(+)@ !tv b-() DI(+) D+(+++) G(+) e$@ h++(*) r--++ y--() -- ---END GEEK CODE BLOCK-- -- Check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- -- pgpvD1FTIdKct.pgp Description: PGP signature
[PHP] Complinging 4.2.0 on FC4 Test 3
Hi All I am trying to compile php 4.2 on Fedora Core 4 Test 3 The compilation throws this: make[1]: Entering directory `/home/kdedev/php-4.2.0' /bin/sh /home/kdedev/php-4.2.0/libtool --silent --mode=link gcc -I. -I/home/kdedev/php-4.2.0/ -I/home/kdedev/php-4.2.0/main -I/home/kdedev/php-4.2.0 -I/usr/local/apache/include -I/home/kdedev/php-4.2.0/Zend -I/home/kdedev/php-4.2.0/ext/mysql/libmysql -I/home/kdedev/php-4.2.0/ext/xml/expat -DLINUX=22 -DHAVE_SET_DUMPABLE -DUSE_HSREGEX -I/home/kdedev/php-4.2.0/TSRM -g -O2 -prefer-pic -o libphp4.la -rpath /home/kdedev/php-4.2.0/libs -avoid-version stub.lo Zend/libZend.la sapi/apache/libsapi.la main/libmain.la regex/libregex.la /home/kdedev/php-4.2.0/ext/ctype/libctype.la /home/kdedev/php-4.2.0/ext/mysql/libmysql.la /home/kdedev/php-4.2.0/ext/pcre/libpcre.la /home/kdedev/php-4.2.0/ext/posix/libposix.la /home/kdedev/php-4.2.0/ext/session/libsession.la /home/kdedev/php-4.2.0/ext/standard/libstandard.la /home/kdedev/php-4.2.0/ext/xml/libxml.la TSRM/libtsrm.la -lpam -lcrypt -lresolv -lm -ldl -lnsl -lresolv -lcrypt -ldl /usr/bin/ld: errno: TLS definition in /lib/libc.so.6 section .tbss mismatches non-TLS reference in /home/kdedev/php-4.2.0/ext/mysql/.libs/libmysql.al(my_error.lo) /lib/libc.so.6: could not read symbols: Bad value collect2: ld returned 1 exit status distcc[17817] ERROR: compile (null) on localhost failed make[1]: *** [libphp4.la] Error 1 make[1]: Leaving directory `/home/kdedev/php-4.2.0' make: *** [all-recursive] Error 1 Anybody know how to fix this? Ps: I know that PHP 5 is out, but I need this to port my program to 4.2+ 5.0 With kind regards Andy -- Registered Linux User Number 379093 -- --BEGIN GEEK CODE BLOCK- Version: 3.1 GAT/O/E$ d-(---)+ s:(+): a--(-)? C$(+++) UL$ P-(+)++ L+++$ E---(-)@ W++$ !N@ o? !K? W--(---) !O !M- V-- PS++(+++) PE--(-) Y+ PGP++(+++) t+(++) 5-- X++ R*(+)@ !tv b-() DI(+) D+(+++) G(+) e$@ h++(*) r--++ y--() -- ---END GEEK CODE BLOCK-- -- Check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- -- pgp17UiKbgt8g.pgp Description: PGP signature
[PHP] Howto implement atomical actions
Hi all I am developing a web interface to patch a program. The user uploads the patch and after uncompressing and verification of signature, the update should take place. However I do not want users to be able to start an update and then abort the process by stopping to load the page. I imagine that by calling a program externally from php that it would be possible but there are limitations because of the distribution. The systems are installed on php+mysql+apache servers but no shell access is granted. I greatly appreciate help in this matter. With kind regards Andy -- Registered Linux User Number 379093 -- --BEGIN GEEK CODE BLOCK- Version: 3.1 GAT/O/E$ d-(---)+ s:(+): a--(-)? C$(+++) UL$ P-(+)++ L+++$ E---(-)@ W++$ !N@ o? !K? W--(---) !O !M- V-- PS++(+++) PE--(-) Y+ PGP++(+++) t+(++) 5-- X++ R*(+)@ !tv b-() DI(+) D+(+++) G(+) e$@ h++(*) r--++ y--() -- ---END GEEK CODE BLOCK-- -- Check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- -- pgp3YPb0noml1.pgp Description: PGP signature
Re: [PHP] linux php editor... Quanta +... The best!
On Monday 06 June 2005 21:41, Clive Zagno wrote: what php GUI editors do you recommend. Ive used bluefish before, any other recommendations, thanks Hi I have been using Quanta + ever since I discovered it. Try it you'll like it too. Features include (but not limited to) code completion, code insight, color coding, debug support, spell checking It also has a very good project management system which can upload your project with one keypress. It is part of the kdewebdev package. You'll find more information on this page http://kdewebdev.org/ Hopoe this helps Kind regards Andy -- Registered Linux User Number 379093 -- --BEGIN GEEK CODE BLOCK- Version: 3.1 GAT/O/E$ d-(---)+ s:(+): a--(-)? C$(+++) UL$ P-(+)++ L+++$ E---(-)@ W++$ !N@ o? !K? W--(---) !O !M- V-- PS++(+++) PE--(-) Y+ PGP++(+++) t+(++) 5-- X++ R*(+)@ !tv b-() DI(+) D+(+++) G(+) e$@ h++(*) r--++ y--() -- ---END GEEK CODE BLOCK-- -- Check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] linux php editor... Quanta +... The best!
On Monday 06 June 2005 23:05, Rory Browne wrote: Is there a particular reason why you changed the subject? It screws up threads on some clients - including mine. Well I wanted it to stand out. Didn't realize it would break the threads though. I thought K-Mail put in additional headers to not be dependant on subjects... Apparently I was wrong. My mistake Andy -- Registered Linux User Number 379093 -- --BEGIN GEEK CODE BLOCK- Version: 3.1 GAT/O/E$ d-(---)+ s:(+): a--(-)? C$(+++) UL$ P-(+)++ L+++$ E---(-)@ W++$ !N@ o? !K? W--(---) !O !M- V-- PS++(+++) PE--(-) Y+ PGP++(+++) t+(++) 5-- X++ R*(+)@ !tv b-() DI(+) D+(+++) G(+) e$@ h++(*) r--++ y--() -- ---END GEEK CODE BLOCK-- -- Check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] What is faster?
Hi all Of these two expressions, which one is faster? if(!(is_null($customMenu)) (is_array($customMenu))) $menu=$customMenu; else $menu=array('Documentation','Settings'); OR $menu=(!(is_null($customMenu)) (is_array($customMenu))?$customMenu:$menu); Anybody have any documentation on this? Kind regards Andy -- Registered Linux User Number 379093 -- --BEGIN GEEK CODE BLOCK- Version: 3.1 GAT/O/E$ d-(---)+ s:(+): a--(-)? C$(+++) UL$ P-(+)++ L+++$ E---(-)@ W++$ !N@ o? !K? W--(---) !O !M- V-- PS++(+++) PE--(-) Y+ PGP++(+++) t+(++) 5-- X++ R*(+)@ !tv b-() DI(+) D+(+++) G(+) e$@ h++(*) r--++ y--() -- ---END GEEK CODE BLOCK-- -- Check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] str_replace weird output
On Thursday 02 June 2005 09:52, [EMAIL PROTECTED] wrote: But if I do that : ?php $texte = 'cd' ; $original = array('a', 'b', 'c', 'd', 'e', 'f', 'g'); $modif = array ('c', 'd', 'e', 'f', 'g', 'h', 'i'); $texte = str_replace($original, $modif, $texte) ; echo $texte, ' br /' ; ? The result is : ih Why ? You should know that, unless you tell php to limit the number of replaces, it will keep on replacing until it doesn't find a match anymore. Here is what happens: ?php $texte = 'cd' ; $original = array('a', 'b', 'c', 'd', 'e', 'f', 'g'); $modif = array ('c', 'd', 'e', 'f', 'g', 'h', 'i'); $texte = str_replace($original, $modif, $texte) ; #after first replacement $texte='ef' #after 2nd replacement $texte='gh' #after third replacement $texte='ih'; If you want to prevent this, tell the function that you only want 2 replacements. Like this: $limite=2; $texte=str_replace($original,$modif,$texte,$limite); Hope this helps With kind regards ps: the php documentation is also available in French. Check out: http://fr2.php.net/manual/fr/function.str-replace.php for more info on str_replace Andy -- Registered Linux User Number 379093 -- --BEGIN GEEK CODE BLOCK- Version: 3.1 GAT/O/E$ d-(---)+ s:(+): a--(-)? C$(+++) UL$ P-(+)++ L+++$ E---(-)@ W++$ !N@ o? !K? W--(---) !O !M- V-- PS++(+++) PE--(-) Y+ PGP++(+++) t+(++) 5-- X++ R*(+)@ !tv b-() DI(+) D+(+++) G(+) e$@ h++(*) r--++ y--() -- ---END GEEK CODE BLOCK-- -- Check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Security check
Hi all I just got the ok from the client pertaining the disclosure of parts of the code. Basically I made admin and a user must be loged in in order to access any file in that directory. (except index.php) Here is the file index.php ?php require_once ../scripts/globals.php; require_once ../scripts/database.php; if(defined('DEBUG_LVL')) error_reporting(DEBUG_LVL); else error_reporting(0); function getShopDest($dest,$data) {if( (array_key_exists('action',$data)) ($data['action']=='post_process')) {if(array_key_exists('authorize',$data)) $dest=PAGE_ORDERMAN.?order=$data[authorize]action=authorise; elseif(array_key_exists('expedite',$data)) $dest=PAGE_ORDERMAN.?order=$data[expedite]action=ship; elseif(array_key_exists('deny',$data)) $dest=PAGE_ORDERMAN.?order=$data[deny]action=deny; elseif(array_key_exists('view',$data)) $dest=PAGE_ORDERMAN.?order=$data[view]; } return $dest; } $myDb=new verify(DB_HOST,DB_USER,DB_PASS,DB_DB); if($myDb-LogedIn()) {$dest=PAGE_LOGIN_SUCCESS; $dest=getShopDest($dest,$_GET); header(Location: $dest); die();} $thispage=PAGE_LOGIN; $message=''; $hiddens=\n\t; $admin=ADMIN_STYLE;; $old_name=''; if(array_key_exists('name',$_POST)) $old_name=htmlspecialchars($_POST['name']); $valid=array('from','authorize','order'); #copy GET to POST if(count($_GET)0) {foreach($_GET as $key=$value) if(in_array($key,$valid)) {$key=htmlspecialchars($key); $value=htmlspecialchars($value); $hiddens.=___hid input type=hidden name=$key value=$value\n\t ___hid; } } elseif(count($_POST)0) foreach($_POST as $key=$value) if( ($key!=='login') ($key!=='name') ($key!=='pass') ) $hiddens.=_hid_ input type=hidden name=$key value=$value\n\t _hid_; if( (array_key_exists('savereferer',$_GET)) ($_GET['savereferer']=='yes')) {safeReferer($ref,$chksum); $hiddens.=_ref_ input type=hidden name=referer value=$ref\t \tinput type=hidden name=checksum value=$chksum _ref_; } if(!empty($_POST['login'])) {#process request if(isset($_POST['login'])) if($_POST['login']=='Login') [EMAIL PROTECTED]'name']; [EMAIL PROTECTED]'pass']; #encode password $pass=sha1(crc32(md5($pass))); if($myDb-login($name,$pass,'users',$id)) {$dest=($id==777?PAGE_ROOT_LOGIN_SUCCESS:PAGE_LOGIN_SUCCESS); #added new destinations for the store $dest=GetShopDest($dest,$_POST); if( (array_key_exists('savereferer',$_POST)) ($_POST['savereferer']=='yes')) $dest=safeReferer($nothing,$empty,$dest); header(Location: $dest); die();} else {$message=Invalid login;}}} elseif(!empty($_POST['cancel'])) {if(isset($_POST['cancel'])) if($_POST['cancel']=='Cancel') {echo PAGE_PAGESTORE; header(Location: .PAGE_PAGESTORE); exit();}} echo _EMPTY_FORM !DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.01 Transitional//EN http://www.w3.org/TR/html4/loose.dtd; !-- Orignal flavor by Straight-A-Software [EMAIL PROTECTED] -- html head link rel=stylesheet href=$admin titleAdmin Login page/title /head body class=newstore div id=banner Admin Login /div form id=form1 action=$thispage enctype=multipart/form-data method=POST $hiddens fieldset id=thefield legendLogin/legend label for=login_nameName/labelbr input type=text id=login_name name=name value=$old_name plabel for=login_passPassword/labelbr input type=password id=login_pass name=pass value=/p input name=login type=submit value=Login input type=submit name=cancel value=Cancel _EMPTY_FORM; if(!empty($message)) echo _ERROR_FOUND div id=anerror clear=all$message/div _ERROR_FOUND; echo _EMPTY_FORM /fieldset /form diva href=javascript:history.back(-1)Back to the previous page/a/div /body /html _EMPTY_FORM; ? And in every file in the directory /admin, I require the file login.php Here is the file login.php ?php /* Original Flavor by Straight-A-Software [EMAIL PROTECTED] */ /* Purpose of this file login check module Specifics: to be required on each page that requires login This script likes PHP 4 */ #Version: 0.0a require_once globals.php; require_once database.php; if(defined('DEBUG_LVL')) error_reporting(DEBUG_LVL); else error_reporting(0); $login_verify=new verify(DB_HOST,DB_USER,DB_PASS,DB_DB); $verify=$login_verify-LogedIn(); if($verify===false)
Re: [PHP] Copy to network share
On Wednesday 01 June 2005 14:42, Jeff McKeon wrote: $dirhandle = opendir(server\\share); Readdir($dirhandle); Chdir(server//share); Chdir(server\\share); Warning: chdir(): No such file or directory (errno 2) Is what I'm trying to do possible and if so, how? You should put the dirname in quotes Like $dirhandle=opendir(Server\\Share); Regards Andy -- Registered Linux User Number 379093 -- --BEGIN GEEK CODE BLOCK- Version: 3.1 GAT/O/E$ d-(---)+ s:(+): a--(-)? C$(+++) UL$ P-(+)++ L+++$ E---(-)@ W++$ !N@ o? !K? W--(---) !O !M- V-- PS++(+++) PE--(-) Y+ PGP++(+++) t+(++) 5-- X++ R*(+)@ !tv b-() DI(+) D+(+++) G(+) e$@ h++(*) r--++ y--() -- ---END GEEK CODE BLOCK-- -- Check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Security check
On Wednesday 01 June 2005 22:33, you wrote: elseif(count($_POST)0) foreach($_POST as $key=$value) if( ($key!=='login') ($key!=='name') ($key!=='pass') ) $hiddens.=_hid_ input type=hidden name=$key value=$value\n\t _hid_; But what happened here? Why do you assume POST data is safe? You're right it isn't. Thanks! if( (array_key_exists('savereferer',$_GET)) ($_GET['savereferer']=='yes')) {safeReferer($ref,$chksum); $hiddens.=_ref_ input type=hidden name=referer value=$ref\t \tinput type=hidden name=checksum value=$chksum _ref_; } I don't see where $ref comes from. I am assuming it somehow trickles down from HTTP_REFERER? If so, did you clean it? Here is the function safeReferer function safeReferer($referer,$checksum,$default=PAGE_PAGESTORE) {#small piece of code to safely include referers in html code #+ get referer, save it in the form with a digest code with some noise #+ on request, verify the by adding the noise to the referer and calculating the digest code. #+ if it does not match, use standard page as referer $referer=htmlspecialchars(urlencode( @ $_SERVER['HTTP_REFERER'])); if($referer=='') $referer=$default; $checksum=makeCheckSum($referer); $req_ref=$req_chk=null; if( (!(empty($_POST['referer']))) (!(empty($_POST['checksum']))) ) {$req_ref=$_POST['referer']; $req_chk=$_POST['checksum'];} elseif( (!(empty($_GET['referer']))) (!(empty($_GET['checksum']))) ) {$req_ref=urlencode($_GET['referer']); #parameters passed urlencoded are automatically decoded by php! $req_chk=$_GET['checksum'];} else makeCheckSum($referer); if(!(is_null($req_ref))) {if(makeCheckSum($req_ref)==$req_chk) {$referer=$req_ref; $checksum=$req_chk;} else {$referer=urlencode($default); $checksum=makeCheckSum($referer);} } return urldecode($referer); } function makeCheckSum($input) {$noise=+++some'(-546%noise#*; $checksum=sha1(md5($input$noise)); return $checksum; } Thank you With kind regards Andy -- Registered Linux User Number 379093 -- --BEGIN GEEK CODE BLOCK- Version: 3.1 GAT/O/E$ d-(---)+ s:(+): a--(-)? C$(+++) UL$ P-(+)++ L+++$ E---(-)@ W++$ !N@ o? !K? W--(---) !O !M- V-- PS++(+++) PE--(-) Y+ PGP++(+++) t+(++) 5-- X++ R*(+)@ !tv b-() DI(+) D+(+++) G(+) e$@ h++(*) r--++ y--() -- ---END GEEK CODE BLOCK-- -- Check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Free penetration test: my 2
Hi all I would like to thank everybody for helping me. Quite honestly, I didn't even remark the referal id. I guess that's because if your looking at links all day long, you kinda block certain things. Like seeing only the hostname part of urls. Secondly, as far as I am concerned, no harm's done since I specifically asked for free (as in price), I wasn't planning signing up for any paid service at all. So like someone said 35% of nothing is still nothing right? Except, some sites give a (small) buck on referals regardless of signing up. Thirdly, despite what I said previously, which was said after a very long day, and where I was very tired and confusing heads for tails, I do find that anyone who gives a link, and adds a referal id to it, should add a disclaimer to the message stating their affiliation. Being shy for money myself, I can understand that someone will take any and all oportunity to make an extra buck, but doing it this way is not very honest. Show your professionalism, add that disclaimer, people will respect you more for it. Thank you all for your help and thank you PHP! Keep up the good work With kind regards Andy Pieters Straight-A-Software -- Registered Linux User Number 379093 -- --BEGIN GEEK CODE BLOCK- Version: 3.1 GAT/O/E$ d-(---)+ s:(+): a--(-)? C$(+++) UL$ P-(+)++ L+++$ E---(-)@ W++$ !N@ o? !K? W--(---) !O !M- V-- PS++(+++) PE--(-) Y+ PGP++(+++) t+(++) 5-- X++ R*(+)@ !tv b-() DI(+) D+(+++) G(+) e$@ h++(*) r--++ y--() -- ---END GEEK CODE BLOCK-- -- Check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] CLI: unable to exec shell commands
Hi all I have several scripts that stoped working. All those scripts have in common that they call shell commands. To find out what was going on, I did a little test cat ? | php ?php echo exec test\n; exec(dir,$output,$errs); ? exec test sh: /usr/local/php/bin/dir: No such file or directory As you can see it is trying to call sh with a weird path. It should use /usr/bin/dir instead Also when I try it with 'type' (which is an internal command) it has the same result. I recently switched from FC3 to FC4 for my development. The PHP binary I'm using was compiled from sources with the following charasteristics: PHP Version = 4.3.10 Configure Command = './configure' '--prefix=/usr/local/bin' '--bindir=/usr/bin' '--with-mysql' '--with-config-file-path=/etc' '--enable-mbstring' '--enable-mbregex' '--with-gd' '--enable-gd-native-ttf' '--with-ttf-dir=/usr/bin' '--with-freetype-dir=/usr/lib' '--with-png-dir=/usr/lib' '--with-xpm-dir=/usr/X11R6' '--enable-ftp' '--enable-memory-limit' '--enable-safe-mode' '--enable-bcmath' '--enable-calendar' '--enable-ctype' '--enable-inline-optimization' '--with-bz2' '--with-iconv' '--with-zlib-dir=/usr/lib' '--disable-cgi' '--with-cli' Server API = Command Line Interface Any ideas? With kind regards Andy -- Registered Linux User Number 379093 -- --BEGIN GEEK CODE BLOCK- Version: 3.1 GAT/O/E$ d-(---)+ s:(+): a--(-)? C$(+++) UL$ P-(+)++ L+++$ E---(-)@ W++$ !N@ o? !K? W--(---) !O !M- V-- PS++(+++) PE--(-) Y+ PGP++(+++) t+(++) 5-- X++ R*(+)@ !tv b-() DI(+) D+(+++) G(+) e$@ h++(*) r--++ y--() -- ---END GEEK CODE BLOCK-- -- Check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] xml
Hi all I recently decided to switch to xml for the configuration of our programs. I am now looking for a good way to handle that xml data. Basically, what I am looking for is a functionality where I say Get tag x with attribute1=y, attribute2=z,..., read its contents and put it in an associative array. It should put it in an array like this: output[0]['tagname']=... output[0]['arg1']=... output[0]['arg2']=... etc Example xml someheader name=x content attrib1=y attrib2=z / content attrib1=x / /someheader /xml getxmldata(someheader,name,x) would result in data[0]['type']=content data[0]['attrib1']=y data[0]['attrib2']=z data[1]['type']=content data[1]['attrib1']=x Anybody got any ideas? With kind regards Andy -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Free penetration test
On Friday 27 May 2005 19:11, Rasmus Lerdorf wrote: You have all sorts of problems at that URL. To start with, here is a cross-site scripting hack: http://www.vlaamse-kern.com/yourstore-0.0.2-beta1/admin/?%22%3E%3Cscript%09 src%3D%22http://3423329163/v Hi Thank you! I just saw the potential for tricking users but tell me dear boy. How can I prevent this? And you are not doing any input validation either. I fixed that. It was only in the part that echoes out the last inputed name if login fails tough because the database abstraction layer I wrote for this application escapes all data it receives. Thank you again With kind regards Andy -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Free penetration test
On Saturday 28 May 2005 01:05, Chris W. Parker wrote: Rasmus Lerdorf mailto:[EMAIL PROTECTED] on Friday, May 27, 2005 11:58 AM said: You have all sorts of problems at that URL. To start with, here is a cross-site scripting hack: http://www.vlaamse-kern.com/yourstore-0.0.2-beta1/admin/?%22%3E%3Cscript %09 src%3D%22http://3423329163/v First of all, excellent example. Don't display arbitrary key names in hidden fields the way you are. What do you mean by arbitrary key names? In this example, what was going on was that I captured the parameters passed on the url, and included them as hiddens in a form. Since it was not properly escaped, the attack succeeds by inserting a variable with value script type=text/javascript src=somewhere/script But then url encoded: %22%3E+%3Cscript+type%3D%09ext%2Fjavascript+src%3D%22somewhere%22%3E%3C%2Fscript%3E Which translates in the html document to: form... input type=hidden name=script type=text/javascript src=somewhere/script ... -- Registered Linux User Number 379093 -- --BEGIN GEEK CODE BLOCK- Version: 3.1 GAT/O/E$ d-(---)+ s:(+): a--(-)? C$(+++) UL$ P-(+)++ L+++$ E---(-)@ W++$ !N@ o? !K? W--(---) !O !M- V-- PS++(+++) PE--(-) Y+ PGP++(+++) t+(++) 5-- X++ R*(+)@ !tv b-() DI(+) D+(+++) G(+) e$@ h++(*) r--++ y--() -- ---END GEEK CODE BLOCK-- -- Check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Very long delay posting to php-general (might be OT)
Hi all I was wondering if it is normal that when posting to the php-general list there is always a very long delay before messages are shown. It's not like with snail mail. Sending mail messages is instant so where is the delay? With kind regards Andy -- Registered Linux User Number 379093 -- --BEGIN GEEK CODE BLOCK- Version: 3.1 GAT/O/E$ d-(---)+ s:(+): a--(-)? C$(+++) UL$ P-(+)++ L+++$ E---(-)@ W++$ !N@ o? !K? W--(---) !O !M- V-- PS++(+++) PE--(-) Y+ PGP++(+++) t+(++) 5-- X++ R*(+)@ !tv b-() DI(+) D+(+++) G(+) e$@ h++(*) r--++ y--() -- ---END GEEK CODE BLOCK-- -- Check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Free penetration test
Hi all I am looking at where I can get my system tested for penetration. In case someone here would like to have a go This is the url http://www.vlaamse-kern.com/yourstore-0.0.2-beta1/admin/ It is actually a kind of CMS system so if someone gets in, create a page with the cms as proof. Kind regards Andy -- Registered Linux User Number 379093 -- --BEGIN GEEK CODE BLOCK- Version: 3.1 GAT/O/E$ d-(---)+ s:(+): a--(-)? C$(+++) UL$ P-(+)++ L+++$ E---(-)@ W++$ !N@ o? !K? W--(---) !O !M- V-- PS++(+++) PE--(-) Y+ PGP++(+++) t+(++) 5-- X++ R*(+)@ !tv b-() DI(+) D+(+++) G(+) e$@ h++(*) r--++ y--() -- ---END GEEK CODE BLOCK-- -- Check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Can I prevent Server variables from being spoofed ?
On Friday 20 May 2005 20:46, Graham Anderson wrote: Can the server variable 'user agent' be modified/spoofed by the user? I whish people would stop implementing these kinds of things! Question: do you deny access to your home because the person ringing the bell is African? Or maybe because he is Muslim? Or because he/she doesn't speak English? There are laws against discrimination and you shouldn't create applications that deny access based on where the user comes from, what browser they use, or what language they speak. Just because someone is using a browser doesn't mean they can't play QuickTime movies. In fact, It is something that has been bothering me endlessly. I am usually forced to hack around the site to find the url of the movie, then do a wget on that url and xine the resulting file. All that for a lousy 30 sec movie! Can you at least think of only one valid reason to do the stuff you ask to do? I don't think so. Andy -- Registered Linux User Number 379093 -- --BEGIN GEEK CODE BLOCK- Version: 3.1 GAT/O/E$ d-(---)+ s:(+): a--(-)? C$(+++) UL$ P-(+)++ L+++$ E---(-)@ W++$ !N@ o? !K? W--(---) !O !M- V-- PS++(+++) PE--(-) Y+ PGP++(+++) t+(++) 5-- X++ R*(+)@ !tv b-() DI(+) D+(+++) G(+) e$@ h++(*) r--++ y--() -- ---END GEEK CODE BLOCK-- -- Check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP and PayPal
Hi Robert I am just in implementing PayPal as one of the Payment providers on an order. I realize the PayPal documention is a bit too exhausive and is easy to lose track of what is important. I will introduce two items to you: IPN (Instant Payment Notification) You should have a script that handles callbacks from PayPal. The PayPal system itself calls the script whenever something important happened. The security is that you get all the data PayPal sent, send it back to a POST and retrieve the reply VERIFIED or FAILED. This script should create the keys and send emails to the customer with these keys. PDT (Payment Data Transfer) PDT is used by PayPal when the payment is completed and the PayPal system forwards the user back to your page. Use the PDT to look up in your database if you already received an IPN from PayPal regarding this order. PayPal alows you to check your system by the use of a Sandbox. They also have a forum where you can ask specific questions. With kind regards Andy Pieters Straight-A-Software -- Registered Linux User Number 379093 -- --BEGIN GEEK CODE BLOCK- Version: 3.1 GAT/O/E$ d-(---)+ s:(+): a--(-)? C$(+++) UL$ P-(+)++ L+++$ E---(-)@ W++$ !N@ o? !K? W--(---) !O !M- V-- PS++(+++) PE--(-) Y+ PGP++(+++) t+(++) 5-- X++ R*(+)@ !tv b-() DI(+) D+(+++) G(+) e$@ h++(*) r--++ y--() -- ---END GEEK CODE BLOCK-- -- Check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] debugger for CLI PHP scripts...?
On Thursday 12 May 2005 17:35, Christopher J. Bottaro wrote: Is there such a thing? Hi Christopher Spoken as someone who actively uses PHP both in webpages, and for scripts on CLI, the only debugger I am aware of is Gubed (but that's only for PHP Webbpages) Personally, I use the following setup (pseudo code, I could give you the actuall source code, but this is better because it will actually enhance your knowledge) This does not have breakpoints, but if you want them, you can write a function function breakpoint($info) {debug($info); die();} After that if you want conditional breakpoints, use an assert like function function assert($var,$value,$msg) {if($var==$value) breakpoint($msg); } Do you see the light yet? If you implement it properly, you don't even need to change your source code when debugging is done. example flow: Register_shutdownfunction(debug,dump); then everywhere in the script, function dosomething($param) {debug(domsomething($param)); ... } function debug() {static $data=''; get parameter list if first param=dump {if preferences=dumtofile writetofile $data else writetoconsole $data } else data[]=$parameters } } Can you see the use of this? Kind regards Andy -- Registered Linux User Number 379093 -- --BEGIN GEEK CODE BLOCK- Version: 3.1 GAT/O/E$ d-(---)+ s:(+): a--(-)? C$(+++) UL$ P-(+)++ L+++$ E---(-)@ W++$ !N@ o? !K? W--(---) !O !M- V-- PS++(+++) PE--(-) Y+ PGP++(+++) t+(++) 5-- X++ R*(+)@ !tv b-() DI(+) D+(+++) G(+) e$@ h++(*) r--++ y--() -- ---END GEEK CODE BLOCK-- -- Check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Password encryption and password retrieval
Hi You are doing the right thing storing passwords encrypted! You may use any of the one way digest like secure hash 1 (sha1) or md5 or a combination to generate a hash. In case your user forgets his password, there is no way to reconstruct it. You need to provide an interface where the user can enter their email and the script sends a message to the user with a token. Afterwards, this token is used as one time password to login and change the password. Regards Andy -- Registered Linux User Number 379093 -- --BEGIN GEEK CODE BLOCK- Version: 3.1 GAT/O/E$ d-(---)+ s:(+): a--(-)? C$(+++) UL$ P-(+)++ L+++$ E---(-)@ W++$ !N@ o? !K? W--(---) !O !M- V-- PS++(+++) PE--(-) Y+ PGP++(+++) t+(++) 5-- X++ R*(+)@ !tv b-() DI(+) D+(+++) G(+) e$@ h++(*) r--++ y--() -- ---END GEEK CODE BLOCK-- -- Check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] text with $
On Monday 09 May 2005 14:23, Martín Marqués wrote: I have a text variable that contains $ symbols, that when I pass it out PHP thinks that the $ mean that a variable name comes right after. To include the string symbol in a variable, use the single quotes. $myvar='this is $$$ test'; Andy -- Registered Linux User Number 379093 -- --BEGIN GEEK CODE BLOCK- Version: 3.1 GAT/O/E$ d-(---)+ s:(+): a--(-)? C$(+++) UL$ P-(+)++ L+++$ E---(-)@ W++$ !N@ o? !K? W--(---) !O !M- V-- PS++(+++) PE--(-) Y+ PGP++(+++) t+(++) 5-- X++ R*(+)@ !tv b-() DI(+) D+(+++) G(+) e$@ h++(*) r--++ y--() -- ---END GEEK CODE BLOCK-- -- Check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Between Query (0T)
On Sunday 08 May 2005 15:20, Ryan A wrote: Hi, Sorry I know this is OT but I'm hoping someone will still help...it should be quite simple :-) I have a field in the database called age which is a DATE field. I also have a webform where the user can select between which ages he wants the records shown... eg: if he types 23,25 then I should get all results where age =23 and age =25 SELECT * FROM `table` WHERE `age` BETWEEN 25 AND 26; You might want to sanitize your input first. Like using intval() on your input or mysql_escape_string Regards Andy Thanks, Ryan -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.308 / Virus Database: 266.11.6 - Release Date: 5/6/2005 -- Registered Linux User Number 379093 -- --BEGIN GEEK CODE BLOCK- Version: 3.1 GAT/O/E$ d-(---)+ s:(+): a--(-)? C$(+++) UL$ P-(+)++ L+++$ E---(-)@ W++$ !N@ o? !K? W--(---) !O !M- V-- PS++(+++) PE--(-) Y+ PGP++(+++) t+(++) 5-- X++ R*(+)@ !tv b-() DI(+) D+(+++) G(+) e$@ h++(*) r--++ y--() -- ---END GEEK CODE BLOCK-- -- Check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] I'm having a blond moment with a while loop???
On Sunday 08 May 2005 12:55, George Pitcher wrote: Hi guys, I'm doing something dumb but I can't see it. Actually you are doing many dumb things ;-) Please post your real code instead of pseudo. Then we'll have a look. And if possible append a describe table so we can see how your table looks like. Andy -- Registered Linux User Number 379093 -- --BEGIN GEEK CODE BLOCK- Version: 3.1 GAT/O/E$ d-(---)+ s:(+): a--(-)? C$(+++) UL$ P-(+)++ L+++$ E---(-)@ W++$ !N@ o? !K? W--(---) !O !M- V-- PS++(+++) PE--(-) Y+ PGP++(+++) t+(++) 5-- X++ R*(+)@ !tv b-() DI(+) D+(+++) G(+) e$@ h++(*) r--++ y--() -- ---END GEEK CODE BLOCK-- -- Check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Reducing size of htm output
On Friday 06 May 2005 19:59, Kirsten wrote: I need to reduce the size of the HTM generated by a PHP script for faster transmission. I'm actually using ob_start(ob_gzhandler) but I also need some function to reduce the size of javascript blocks, deletion of unnecesary blanks, etc. Hi Kirsten, You know, PHP can be used to create all kinds of files on the fly. It is not limited to html files. I would suggest you rewrite your javascript into a seperate file. ?php header(Content-Type: text/javascript); $action=@ intval($_GET['function']); switch ($action) {case 0: echo _firstpart function first(e) {blablaabla } _firstpart; break; } ? When you need to call javascript functions, include them like this: script type=text/javascript src=myscript.js.php?function=0/script With this scheme, the browser can cache the different bits of the script, and you don't need to send all of the script on each page hit. Kind regards Andy -- Registered Linux User Number 379093 -- --BEGIN GEEK CODE BLOCK- Version: 3.1 GAT/O/E$ d-(---)+ s:(+): a--(-)? C$(+++) UL$ P-(+)++ L+++$ E---(-)@ W++$ !N@ o? !K? W--(---) !O !M- V-- PS++(+++) PE--(-) Y+ PGP++(+++) t+(++) 5-- X++ R*(+)@ !tv b-() DI(+) D+(+++) G(+) e$@ h++(*) r--++ y--() -- ---END GEEK CODE BLOCK-- -- Check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Bug, erreurs ou non =?iso-8859-1?q?document=E9?=
On Wednesday 04 May 2005 22:47, Amir Mohammad Saied wrote: Bonjour Amir C'est liste est en Anglais. Cependant, la réponse: Il est necessaire de 'eschapper' le character '\' Au lieux d'ecrire '\', il faut ecrire '\\' Donc si le chemin est \\srvdfs00\partages\0-50\M7\05_APValidation\Forfait_Entreprise Il faut le changer en srvdfs00\\partages\\0-50\\M7\\05_APValidation\\Forfait_Entreprise Svp, repondéz en ANGLAIS [EMAIL PROTECTED] wrote: Bonjour, J'utilise php en profondeur depuis peu. Je viens d'utiliser les fonctions sur les fichier tel que is_file(), is_dir() ou encore file_exists(). J'obtiens des résultat qui ne correspondent pas à la documentation. Apparement la longueur de chaîne influe sur le résultat obtenu. En effet voici le test simple que j'ai effectuer : $file = \\\srvdfs00\\partages\\0-50\\M7\\05_APValidation\\Forfait_Entreprise _Chaîne_de_Valeur; echo len : . strlen($file) .br; echo file : . $file . br; if (is_dir($file)) { echo false; } else { echo true; } echo br; $file = \\\srvdfs00\\partages\\0-50\\M7\\05_APValidation\\Forfait_Entreprise _Chaîne_de_Valeur\\Entreprise; echo len : . strlen($file) .br; echo file : . $file . br; if (is_dir($file)) { echo false; } else { echo true; } echo br; Voici le résultat : len : 83 file : \\srvdfs00\partages\0-50\M7\05_APValidation\Forfait_Entreprise_Chaîne _de_Valeur false len : 94 file : \\srvdfs00\partages\0-50\M7\05_APValidation\Forfait_Entreprise_Chaîne _de_Valeur\Entreprise true Il est evident que j'ai tester les 2 repertoires dans un explorateur windows et que les chemins sont les bons. Je suis sous NT et le partage réseau doit surement être sous windows Merci de votre réponse. Jérémy Hennegrave (Pour Bouygues Telecom) Here is an english newsgroup, please ask your question in english, or go to your language sections -- Registered Linux User Number 379093 -- --BEGIN GEEK CODE BLOCK- Version: 3.1 GAT/O/E$ d-(---)+ s:(+): a--(-)? C$(+++) UL$ P-(+)++ L+++$ E---(-)@ W++$ !N@ o? !K? W--(---) !O !M- V-- PS++(+++) PE--(-) Y+ PGP++(+++) t+(++) 5-- X++ R*(+)@ !tv b-() DI(+) D+(+++) G(+) e$@ h++(*) r--++ y--() -- ---END GEEK CODE BLOCK-- -- Check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] select statement
On Thursday 05 May 2005 10:10, Anasta wrote: Why doesnt this work, it shows the username but not the balance of the users money.here is the mysql table: ?php session_start(); include(connect.php); $uname=$_SESSION['username']; $user_balance=mysql_query($sql); $sql = Select FROM users ,user_balance WHERE user_id =$uname; $result = mysql_query(); ? ?php echo $uname;?br ?php echo $user_balance;? Hi Anasta In your code, when you issue the mysql_query command the first time, the variable $sql is still empty. You should rewrite your script like this: ?php session_start(); require('connect.php'); $uname=mysql_escape_string($_SESSION['username']; $sql= SELECT * FROM `users`, `user_balance` WHERE `user_id`='$uname';; $result=mysql_query($sql) or die('Database Error'); if(is_resource($result)) if(mysql_num_rows($result0)) { $data=mysql_fetch_assoc($result); mysql_free_result($result); $user_balance=$data['user_balance']; $found=true; } if(!(isset($found)) echo Sorry, I could not find a record for user id $uname; else { echo User: $unamebr Balance: $user_balancebr; } ? Notes: * just because it comes from SESSION doesn't mean that it cannot be spoofed. That's why you should escape uname before including it in a query. * in mysql commands, it is better to explicitally specify the resource link identifier you obtained when you opened the connection ($link=mysql_connect(...)) * if you include a critical script, better use 'require' because it will cause php to stop parsing the page if it cannot find the script. With kind regards Andy -- Registered Linux User Number 379093 -- --BEGIN GEEK CODE BLOCK- Version: 3.1 GAT/O/E$ d-(---)+ s:(+): a--(-)? C$(+++) UL$ P-(+)++ L+++$ E---(-)@ W++$ !N@ o? !K? W--(---) !O !M- V-- PS++(+++) PE--(-) Y+ PGP++(+++) t+(++) 5-- X++ R*(+)@ !tv b-() DI(+) D+(+++) G(+) e$@ h++(*) r--++ y--() -- ---END GEEK CODE BLOCK-- -- Check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sending htm as it's being generated
On Sunday 08 May 2005 22:17, Kirsten wrote: I think you need to use ob_start first, then ob_flush on each update Haven't tested it, but I think it's like this: Note: I recommend using ?php ? instead of % % (this is because not every php server will recognize the asp style tags. html head titleXXX/title /head body ?php ob_start(); $i = 0; while (true){ echo p . $i++ . /p; ob_flush(); sleep(1); } ? /body /html Kind regards Andy -- Registered Linux User Number 379093 -- --BEGIN GEEK CODE BLOCK- Version: 3.1 GAT/O/E$ d-(---)+ s:(+): a--(-)? C$(+++) UL$ P-(+)++ L+++$ E---(-)@ W++$ !N@ o? !K? W--(---) !O !M- V-- PS++(+++) PE--(-) Y+ PGP++(+++) t+(++) 5-- X++ R*(+)@ !tv b-() DI(+) D+(+++) G(+) e$@ h++(*) r--++ y--() -- ---END GEEK CODE BLOCK-- -- Check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] formatting logic
Hi First, execute your query unset($fail); $res=mysql_query($sql,$dbhandle) or $fail=true; if( (isset($fail)) || (!(is_resource($res)) ) echo There was a problem with the execution of the query; if(mysql_num_rows($res)==0) echo The query resulted in ZERO records; #now that's out of the way, start processing the records. Since you ordered them by category already, just do like this $oldcat=''; while($rec=mysql_fetch_assoc($res) {if(!($oldcat==$rec['category'])) {echo Your category header here; $oldcat=$rec['category'];} echo picture data here;} if(is_resource($res)) mysql_free_result($res); What am I missing? The way to the php.net website. http://www.php.net/ -- Registered Linux User Number 379093 -- --BEGIN GEEK CODE BLOCK- Version: 3.1 GAT/O/E$ d-(---)+ s:(+): a--(-)? C$(+++) UL$ P-(+)++ L+++$ E---(-)@ W++$ !N@ o? !K? W--(---) !O !M- V-- PS++(+++) PE--(-) Y+ PGP++(+++) t+(++) 5-- X++ R*(+)@ !tv b-() DI(+) D+(+++) G(+) e$@ h++(*) r--++ y--() -- ---END GEEK CODE BLOCK-- -- Check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PEAR Packages
On Thursday 21 April 2005 17:04, [EMAIL PROTECTED] wrote: Hmm... another project to add to my list of projects that I'll never finish. haha Glad to know I'm not the only one. ;-) Andy -- Registered Linux User Number 379093 -- --BEGIN GEEK CODE BLOCK- Version: 3.1 GAT/O/E$ d-(---)+ s:(+): a--(-)? C$(+++) UL$ P-(+)++ L+++$ E---(-)@ W++$ !N@ o? !K? W--(---) !O !M- V-- PS++(+++) PE--(-) Y+ PGP++(+++) t+(++) 5-- X++ R*(+)@ !tv b-() DI(+) D+(+++) G(+) e$@ h++(*) r--++ y--() -- ---END GEEK CODE BLOCK-- -- Check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Abstract Legacy question
Hi group This is kinda hard to say in words, so I'll give a little example Class A function x calls function guid function y function z function guid Class B extends A function y calls function x function guid So what I'm wondering is when class B calls its function Y, it will in its turn call function X (which is not overloaded in class B) and function X calls the function GUID from which class? Class A or Class B? Kind regards Andy -- Registered Linux User Number 379093 -- --BEGIN GEEK CODE BLOCK- Version: 3.1 GAT/O/E$ d-(---)+ s:(+): a--(-)? C$(+++) UL$ P-(+)++ L+++$ E---(-)@ W++$ !N@ o? !K? W--(---) !O !M- V-- PS++(+++) PE--(-) Y+ PGP++(+++) t+(++) 5-- X++ R*(+)@ !tv b-() DI(+) D+(+++) G(+) e$@ h++(*) r--++ y--() -- ---END GEEK CODE BLOCK-- -- Check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Abstract Legacy question [SOLVED]
On Wednesday 20 April 2005 23:36, Matthew Weier O'Phinney wrote: Since Class B overrides method guid, function x will call the method from Class B. Thank you. Andy -- Registered Linux User Number 379093 -- --BEGIN GEEK CODE BLOCK- Version: 3.1 GAT/O/E$ d-(---)+ s:(+): a--(-)? C$(+++) UL$ P-(+)++ L+++$ E---(-)@ W++$ !N@ o? !K? W--(---) !O !M- V-- PS++(+++) PE--(-) Y+ PGP++(+++) t+(++) 5-- X++ R*(+)@ !tv b-() DI(+) D+(+++) G(+) e$@ h++(*) r--++ y--() -- ---END GEEK CODE BLOCK-- -- Check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] converting word document to plain text file
On Wednesday 20 April 2005 23:14, Cima wrote: them. is there a way to these types of files in php or some other way? The easiest way is to tell your users you expect file format to be text only. You can test for mime type by using built-in php functions (and should do so!). The hard way means that you need a parser for pdf, rtf, and doc files. PDF is open format so there will no doubt be some PEAR module for it. Rtf is quit ieasy to parse yourself, and doc is m$ propriety so that will be a lot more difficult to implement. Or better, you might find a commandline tool that can do the job for you, and call that from within php. Before doing so, please take at least one day to study security. Since you provide your users with a way to transfer files to your server. And you process those files then possibly users can hack your server. When you got it working, report back here and ask us to analyze your code for pointers on how to make it more secure. Good luck! Andy ps: Google is your friend! http://www.google.com/search?num=100q=%22read+pdf%22+%2BphpbtnG=Search Also search on PEAR http://pear.php.net -- Registered Linux User Number 379093 -- --BEGIN GEEK CODE BLOCK- Version: 3.1 GAT/O/E$ d-(---)+ s:(+): a--(-)? C$(+++) UL$ P-(+)++ L+++$ E---(-)@ W++$ !N@ o? !K? W--(---) !O !M- V-- PS++(+++) PE--(-) Y+ PGP++(+++) t+(++) 5-- X++ R*(+)@ !tv b-() DI(+) D+(+++) G(+) e$@ h++(*) r--++ y--() -- ---END GEEK CODE BLOCK-- -- Check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Mysql insert problems
Hi Whilst you are searching the net, you might also want to search for 'sql injection'. This is no joke! Please use the mysql_escape_string on each variable you get from the user side. In your example $Email = mysql_escape_string($_POST['Email']); $Phonenumber = mysql_escape_string($_POST['Phonenumber']); etc There are some issues when magic quotes are turned on but you can implement a hack that corrects any consuequences of that (stripslashes) Andy -- Registered Linux User Number 379093 -- --BEGIN GEEK CODE BLOCK- Version: 3.1 GAT/O/E$ d-(---)+ s:(+): a--(-)? C$(+++) UL$ P-(+)++ L+++$ E---(-)@ W++$ !N@ o? !K? W--(---) !O !M- V-- PS++(+++) PE--(-) Y+ PGP++(+++) t+(++) 5-- X++ R*(+)@ !tv b-() DI(+) D+(+++) G(+) e$@ h++(*) r--++ y--() -- ---END GEEK CODE BLOCK-- -- Check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php and linux shell script
On Friday 15 April 2005 08:52, Balwant Singh wrote: 2) i am also exploring possibilities of using linux dialog boxes (used in shell scripting) with PHP. has anybody tried it, may please advise me how to call dialog boxes through PHP in CLI. also please share with me if u have information on how to use PHP with Shell Scripting. Hi I like to think of PHP as a stream programming language. You can use it to generate a stream of html documents, images, sound files, text files, etc etc etc. So why shouldn't you use it to make your own dialogs in it as well? Make an include file that contains the classes, then just declare your class and use it. Like $mydialog=new clsDialog; $mydialog-type=DIALOGTYPE_INPUTBOX; $mydialog-title=Provide some information; $mydialog-regexp=$xxx^; $result=$mydialog-showDialog(); unset($mydialog); Off course the limitations are second to none! I have released some PHP CLI scripts under the terms of GPL2 and they all use the same basic simple engine for argument processing. It may not suit your needs, but you're welcome to study it to get you started. With kind regards Andy -- Registered Linux User Number 379093 -- --BEGIN GEEK CODE BLOCK- Version: 3.1 GAT/O/E$ d-(---)+ s:(+): a--(-)? C$(+++) UL$ P-(+)++ L+++$ E---(-)@ W++$ !N@ o? !K? W--(---) !O !M- V-- PS++(+++) PE--(-) Y+ PGP++(+++) t+(++) 5-- X++ R*(+)@ !tv b-() DI(+) D+(+++) G(+) e$@ h++(*) r--++ y--() -- ---END GEEK CODE BLOCK-- -- Check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- -- sas_php_script.php Description: application/php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Installation problem of PhP5.0.4 on Fedora 2
On Tuesday 12 April 2005 00:28, Richard Lynch wrote: If your httpd.conf has a line loading PHP4 in it, comment that out. Actually it might be inside a conf file in the conf.d subdirectory cd /etc/httpd/conf.d for a in *.conf; do echo File $a; grep php $a; done Will point you in the right direction. Andy -- Registered Linux User Number 379093 -- ---BEGIN GEEK CODE BLOCK- Version: 3.12 GAT/O/CM d- s:+ a- C UL P+ L+++ E--- W+++ N++ o+ K w--- O+++ M- V PS+ PE++ Y+ PGP+++ t+ 5-- X R !tv b DI+++ D++ G e-- h+ r--- y+ -- ---END GEEK CODE BLOCK-- Check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Bulletproof POST remove
Hi all I noticed some sites are able to remove POST data 100% of the time. Even if the user presses the back button there is no more POST data pressent. I would like to achieve the same thing and currently I use a location header to transfer the user to the same page. Like check post do action header('Location: $thispage'); die(); But then when the user presses the back button they can still retransmit the action. I tried playing with the MUST-REVALIDATE, pragma-nocache header and stuff but it doesn't seem to work. Also I notice that on some sites, when I press the back button, there is a white page that sais Your session has expired. It should be noticed that I do not use sessions. It should be like POST-once, after that there should be no more remnants of it. With kind regards Andy -- Registered Linux User Number 379093 -- ---BEGIN GEEK CODE BLOCK- Version: 3.12 GAT/O/CM d- s:+ a- C UL P+ L+++ E--- W+++ N++ o+ K w--- O+++ M- V PS+ PE++ Y+ PGP+++ t+ 5-- X R !tv b DI+++ D++ G e-- h+ r--- y+ -- ---END GEEK CODE BLOCK-- Check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] sessions not being stored : DAY 2
On Saturday 09 April 2005 13:13, Burhan Khalid wrote: Yuri Huitrón Alvarado wrote: running whoami in php returns : root You know you are crazy as hell running php as root don't you. I guess you use your root account all the time. It kinda defeats its purpose. You should add a user account for yourself and use that in every day work. Whenever you need to install something they willl either ask for the root password or you go su -c 'make install' Your php should run as a normal user as well. Don't be surprised if tomorrow you find your harddisk wiped out by an intruder. You're asking for it. Try running 'last' and see if your system hasn't been compromised already Andy -- Registered Linux User Number 379093 -- ---BEGIN GEEK CODE BLOCK- Version: 3.12 GAT/O/CM d- s:+ a- C UL P+ L+++ E--- W+++ N++ o+ K w--- O+++ M- V PS+ PE++ Y+ PGP+++ t+ 5-- X R !tv b DI+++ D++ G e-- h+ r--- y+ -- ---END GEEK CODE BLOCK-- Check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Installation Warning?
On Friday 08 April 2005 20:27, [EMAIL PROTECTED] wrote: Anyone have any ideas on why it is suggesting NOT to use php and Apache 2.0.x in a production environment? I'm planning on developing several large apps for my company and expect 300-400 people to be hitting it throughout the business day. Off course I know of tons and tons of sites out there that have Linux + Apache2 + MySql + Php 4 And the're running just fine, day after day after day. It is a calculated risk we made and haven't regreted it since. Andy -- Registered Linux User Number 379093 -- ---BEGIN GEEK CODE BLOCK- Version: 3.12 GAT/O/CM d- s:+ a- C UL P+ L+++ E--- W+++ N++ o+ K w--- O+++ M- V PS+ PE++ Y+ PGP+++ t+ 5-- X R !tv b DI+++ D++ G e-- h+ r--- y+ -- ---END GEEK CODE BLOCK-- Check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Extern Executions (Perl)
HI Suggestion 1: configure apache to parse files with php extension thru php binary Suggestion 2: place a shebang on the start of the php file like #! /usr/bin/php Suggestion 3: rewrite your script and have the php script call the perl ;-) Tada Andy On Friday 08 April 2005 07:05, Eli wrote: with some parameters. When running the perl program throu unix shell, then perl executes the PHP program as expected, and returns its output. When running the perl program throu Apache (using cgi-bin on a browser), then perl opens the PHP file for reading and doesn't execute the PHP script, and returns the PHP code of the script. The Perl line trying to execute the PHP script is: open (PIPE,./my_prog.php $arg1 $arg2 |); while (PIPE) $res=$res.$_; print got:\n,$res; Does anyone have any clue why Perl behaves differently on different enviorments? OR: does anyone have a suggestion for a stable solution? -thanks, Eli -- Registered Linux User Number 379093 -- Feel free to check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Installation Warning?
Here is that faq url http://www.php.net/manual/en/faq.installation.php#faq.installation.apache2 Cheers Andy -- Registered Linux User Number 379093 -- Feel free to check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Storing password in cookie
On Saturday 09 April 2005 02:18, Computer Programmer wrote: What is a better way to store password in a cookie? md5()? base64_encode()? mhash()? mcrypt_generic()? crypt()? It doesn't matter how you encrypt it. DO NOT STORE PASSWORDS ON USERS COMPUTER I hope that's clear enough. What you can do, and in fact I do for production sites is when the user logs on, you create an unique identifier and make a hash from it using your favorite encryption method. (sha1, md5, crc32). I like sha1. Save that hash in a temporary table and link it to the user's ID. Set an exipry date and extend that on each subsequencial request. Additionally you can save the IP number there as well. But that can lead to issues if they are connected trough a firewall, router, or proxy. Think of it as assigning a temporary password, only it is transparent to the user. Structure Login Password Validated Create unique id save in connections table set cookie with unique id and userid Page Request Check for cookie lookup unique id in connections table id expired? No - User still loged in No Cookie Do Login This way, you automatically log out users that are logging in on another computer. Kind regards Andy -- Registered Linux User Number 379093 -- Feel free to check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] if question
On Wednesday 06 April 2005 10:47, William Stokes wrote: Hello, I need to test if a variable value is 3 or 6 or 9 or 12 or 15 or 18 ... goes on like this. How this can be done? Thanks -Will switch($yourvar) {case 3: somestuff; break; case 6: somestuff; break; etc default: somestuff; break; } You can find answers to these and many other questions on www.php.net Look at the documentation section Andy -- Registered Linux User Number 379093 -- Feel free to check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] To session or not to session [SOLVED]
Thank you all for your input. Andy -- Registered Linux User Number 379093 -- Feel free to check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Command-line php in debian/woody
Hi You might want to download the php source and compile the cli binary yourself (Command Line Interface) It takes only little time compared to compiling it as an apache module Once you got thing setup, you can drop the php extension and just put a shebang like this #! /usr/bin/php At the start of the file. Andy On Wednesday 06 April 2005 12:07, Robert S wrote: I am running a Woody server. I'd like to run php scripts from the command line, but I note that the php/php4 executable is not in my PATH. I have php4, version 4.1.2-7.0.1 installed. Is the command-line option available with this version, or do I need to install another package? I understand that the command-line option was not available with earlier versions of php4 I don't want to mix my system up with Sarge - it usually screws everything up when I have tried to do that. I note that php isn't available in the backports. Is there any sort of workaround (short of upgrading the whole system to sarge, which I don't want to do)? -- Registered Linux User Number 379093 -- Feel free to check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] dynamic image will not print properly
To test, cstl.php?dk=somethinghere and try to print that? Maybe your browser is configured to NOT print images (or bakckground) ? Maybe your printer is textonly (just kidding) Tada Andy On Tuesday 05 April 2005 23:26, DuSTiN KRySaK wrote: Hi there - I had my first crack at creating a dynamic image. The thing is - the image is displayed fine in the browser, but when you go to print it, the image is either missing, or part of it is missing. Is there something special needed to print a dynamic image? Here is a code snippet used to create the image header(Content-type: image/jpg); $image = imagecreatefromjpeg(template_cpn.jpg); $red = imagecolorallocate( $image, 255,0,0 ); imagestring($image, 2, 306, 200, $couponcode, $red); imagestring($image, 2, 306, 235, $exp, $red); imagestring($image, 2, 175, 338, $myname, $red); imagestring($image, 2, 175, 360, $myemail, $red); imagejpeg($image); imagedestroy($image); Now the way I have it set up, is that there is a PHP file that generates the image (the above code). Then I have a parent PHP page that calls that page like so: $theurl = cstl.php?dk=soemthinghere echo img src=\$theurl\; See any issues in my code or setup? Any ideas? d -- Registered Linux User Number 379093 -- Feel free to check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP 4.3/MySQL phpinfo()
On Tuesday 05 April 2005 23:35, Todd Cary wrote: Does something have to be specially done with the FC 3 install? I kindly redirect you to google for LAMP which is short for Linux Apache MySQL PHP I have also learned to setup this kind of system on Fedora Core 3. While you CAN rely on the rpms, you're better of compiling each yourself (exluding Linux). For example, the precompiled rpms from Fedora (read Red Hat) do not include GD on php. Required items: An internet connection A good deal of time Much more patience Much commitment. Some reading glasses Andy -- Registered Linux User Number 379093 -- Feel free to check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] To session or not to session
I forgot to mention some context related stuff. 1. This is for distribution, so wether or not session will actually be avaiable is something I cannot know. Right now I am giving a trust factor of 80% to POST and 0% on GET. What trust factor should I apply to SESSION 2. These trust factors are applied AFTER login verification. (The login is verified with a cookie that holds a unique id I sent when the user loged on. This is validated against a database. The unique id's live span is extended after each request) Thank you for your input already Andy -- Registered Linux User Number 379093 -- Feel free to check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Anybody getting these also?
-- Forwarded Message -- Subject: Date: Wednesday 06 April 2005 07:30 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Thank you for contacting ActiveWire Inc! This is an automated response. Due to the enormous amount of SPAM (200+) emails per day, we have blocked this email address. As such, we have not seen your email. Please send your email again to [EMAIL PROTECTED] You can use this new address to contact us directly. From time to time, we will change the contact email addresses. If you have the original email, please forward it. This makes it easier and quicker to help you. If you do not have the original email, it is OK (as long as you email us within one week of your original email). We delete the original email along with all of the SPAM after one week. We appreciate your business. We hope you understand and will take this extra step to contact us. Very truly yours, The ActiveWire team. --- -- Registered Linux User Number 379093 -- Feel free to check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- pgps4wPIbB4yS.pgp Description: PGP signature
Re: [PHP] MySQL empty row
Hi Neo Just some observations and hints. I see you use the contents of a user variable ($_POST,$_GET,$_REQUEST, $_SESSION) without check. Possibly you checked them on another page but you shouldn't rely on that. You should take NOTHING for granted. You should escape the input by using a function like mysql_escape_string Google for mysql injection will give you ample information on the why of this precaution. 2ndly you include a line die($res-getMessage()) which would expose security sensitive information about your server, and database. You do not want this! Instead you can redirect to a page that explains to the user that an error ocured. For yourself, you can write the error to a file on the server that you can peruse to debug. Just scream if you want an example of this. How about trying this: unset($res); $res=@$db-query($query); if($res) if(DB::isError($res)) ...rest of your code The HTTP specification is also that a Location header should provide the absolute address, not the relative. You might also consider rewriting your logic a bit: Instead of depending on a connect and a disconnect file, make one include file like this: function connect() {#details of your connect if(connection_ok) register_shutdown_function(disconnect); } function disconnect() {#your stuff here } Including (or require ing) the file at the start of the page will provide you with all functionality and will automatically close the database connection when the script finishes. (Don't use this with persistent connections though) Also when you use functions that rewrite the header, you can either use ob_start, ob_end and stuff to buffer the output, or make sure you send nothing to the browser until after the headers are sent. One common pitfall is having characters before the ?php or charcaters after the ? After the ? must be NO character, not even a CR or LF Best way to check this is to put your cursor right next to the and press the left key. If you r cursor moves then press left followed by del. Keep pressing the del key until all the charcters after the are gone. With kind regards Andy Pieters Straight-A-Software On Monday 04 April 2005 16:57, Neo Theone wrote: Until some time I could make a new empty line in mysql with this query: INSERT INTO `.$_SESSION['type'].`() VALUES () where $_SESSION['type'] was the table I wanted to use but now I get an error and since I use DB I just get this error INSERT INTO `authors`() VALUES () *Warning*: Cannot modify header information - headers already sent by (output started at /usr/local/ftp/faps/public_html/pubDB/edit/newline.php:9) in */usr/local/ftp/faps/public_html/pubDB/edit/newline.php* on line *19 *This is the file ?php include ./checkuser.php; include ../modules/connect.php; array_pop($_REQUEST); $query = INSERT INTO `.$_SESSION['type'].`() VALUES (); $res = $db-query($query); //Always check that result is not an error if (DB::isError($res)) { die($res-getMessage()); } include ../modules/disconnect.php; header (Location: ./edit.php?.$_SESSION['stayurl']); ? Howcome does line nine: $res = $db-query($query); write anything?? -- Registered Linux User Number 379093 -- Feel free to check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] MySQL empty row
On Monday 04 April 2005 18:45, Andy Pieters wrote: After the ? must be NO character, not even a CR or LF Best way to check this is to put your cursor right next to the and press the left key. If you r cursor moves then press left followed by del. Keep pressing the del key until all the charcters after the are gone. Should be and press the right key off course. -- Registered Linux User Number 379093 -- Feel free to check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Broken connection
Hi everybody I am new on this list. I want you to know that I would like to use this list to get help and to provide assistance to others as well. I picked up php in octobre last and have become quite good with it. Didn't touch php 5 yet though. So to start with a problem of mine. I made a cms as per client request. And designed it with PHP 4.3+ in mind. The cms works perfectly only my client has run in some servers that are running PHP 4.1 and do not (can not, won't) upgrade. So I am working on a backport for PHP 4.1 I am almost there and most of the system's already running. I added sha1 calculation from a script I found about because sha1 is not yet implemented in php 4.1. I also let go of using stream_set_timeout as it is not essential. I got stuck and banged my head quite some time on this. When I try to open a page, I get broken connection error in konquerour. (Firefox just shows me a null page) I have tried many things already to get some usable debugging info on this but it seems that shutdown functions aren't executed either. Strangly enough googling to know what the 'broken connection' error's about in this context proved unsuccessfull I thank you for your time and bid you good day With kind regards Andy Pieters Straight-A-Software A young idealistic programmer -- Registered Linux User Number 379093 -- Feel free to check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php