[PHP] basic authentication and redirection
Hi there, In certain circumstances controlled by my users, I'd like to redirect my users to another site, a third party whom we have contracted with. The second site uses basic authentication with a simple username and password. Can I write my PHP code so my users do not have to login (or even know the username/password) on the remote site? This isn't intended to stop serious hackers, just enough security to stop casual passers-by. Thanks, Bill -- Bill Rausch We first make our habits and then our habits make us. --John Dryden -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] ZVAL reference counter code execution
Hi all, Do I have to worry about the ZVAL overflow vulnerability if I don't use unserialize() in my code? Or is it used behind the scenes whether I call it directly or not? I have a web server running PHP 4.4.4 with only one custom application running on it. The server is dedicated to this one application. Thanks, Bill -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] socket_bind function
I see reading the online docs that I'm supposed to go: socket_create... socket_bind... socket_connect... I've never used the bind function and it hasn't seemed to make any difference? I've always just done socket_create() and then socket_connect(). What benefit is there to putting a socket_bind in between? Bill -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Fedora-Apache2-PHP exec() failure
Hi all, I'm having the same problem as Jim Poserina. Richard pointed out some things to try. Here's my story. We installed Fedora 3 on a new box. Then we installed Apache 2 and PHP 4.3.9 from the RPMs that came on the CDs. Pretty much everything works as expected, except the exec() functions do not work in the web server. There is no error message displayed in the browser or in the error_log of apache. Here's the script: ?php $x = exec(/bin/pwd, $y, $z); echo brx is ; var_dump( $x ); echo bry is ; var_dump( $y ); echo brz is ; var_dump( $z ); ? Here is the output: x is string(0) y is array(0) { } z is int(127) If I run the php interpreter from the command line, exec() does work ok. I can turn safe mode on and define a safe_mode_exec_dir and copy /bin/pwd to it and then run that and the command line interpreter honors that setting ok. The web page result doesn't change though. No error message, no output. Just the 127 (-1?) So, what do I have to change in my setup to get the exec functions to work in the web server? Thanks, Bill Rausch -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Fedora-Apache2-PHP exec() failure
At 13:22 -0800 3/23/05, Rasmus Lerdorf wrote: Bill Rausch wrote: Hi all, I'm having the same problem as Jim Poserina. Richard pointed out some things to try. Here's my story. We installed Fedora 3 on a new box. Then we installed Apache 2 and PHP 4.3.9 from the RPMs that came on the CDs. Pretty much everything works as expected, except the exec() functions do not work in the web server. There is no error message displayed in the browser or in the error_log of apache. So, what do I have to change in my setup to get the exec functions to work in ... My guess it that it is an selinux issue. That stuff is such a mess in Fedora. Try playing with that. -Rasmus Bingo. I'd told my staff NOT to install the Selinux stuff so I never bothered looking for it because I knew it wasn't there. :( Thank you very much. Bill -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Delivering NAMED pdf files
George, Rasmus' suggestion is correct, but he was terse as usual :) and you might not have understood what he was saying. My solution is to present a list of the filenames available as LINKS (to non-existent files). Then the script does what you've already got. The problem is that some browsers cheat and ignore the filename that you send in the headers because they think they know better because of the URL that is currently active. So you fool them by making a fake URL. In my case I have links that look like: a href=/dl.php/file.pdffile.pdf/a and my dl.php script looks something like: ... $uri = urldecode(substr($REQUEST_URI,8)); # skip over the /dl.php/ $x = strpos( $uri, ? ); # get rid of trailing SID, etc. if( $x 0 ) $uri = substr($uri,0,$x); header( ... header( ... readfile( $realfileloc/$uri ); ... Bill -- Bill Rausch, Software Development, Unix, Mac, Windows Numerical Applications, Inc. 509-943-0861 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Re: printf scientific notation?
Thank Richard. So far, I just punted. My site runs on a dedicated box and doesn't have to service a lot of users so I just wrote a one line C program to print a single value using a specified format (default is %.4e) and use exec() to call it. printe [format] value Here's how I encapsulated it: function printe( $x ) { $lines = array(); exec( /usr/local/bin/printe \.$x.\, $lines ); return $lines[0]; } and an example of how I call the function: fputs( $fp, sprintf( %8.2f %s %s\n, $this-O_a_time[$i], printe($this-O_a_height[$i]), printe($this-O_a_cooling[$i]) ) ); It works well enough for now. Eventually I hope to have time to play and then I'll come back and figure out a real patch for PHP's printf to support %e directly. Bill At 12:09 AM -0500 10/5/01, Richard Lynch wrote: You could roll your own... % and (int) / and round() are all you need. - Original Message - From: Bill Rausch [EMAIL PROTECTED] Subject: printf scientific notation? Can PHP print floating point numbers using scientific notation? (like 1.32e+5) sscanf reads them ok using %f, but I'd like to print them with %e or %g and the printf documentation doesn't mention them. I've tried %e anyway and it fails to print the exponent part. -- Bill Rausch, Software Development, Unix, Mac, Windows Numerical Applications, Inc. 509-943-0861 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] printf scientific notation?
I'll try this again, with a new topic and a better description. Can PHP print floating point numbers using scientific notation? (like 1.32e+5) sscanf reads them ok using %f, but I'd like to print them with %e or %g and the printf documentation doesn't mention them. I've tried %e anyway and it fails to print the exponent part. I've looked at the source code to PHP a little but with the IFDEFs I'm not sure which routine is actually being used. I sort of have the impression it is just calling the C routines directly so the %e and %g should work? Linux (RH 7.1), Apache (1.3.20), PHP (4.0.6) Thanks. -- Bill Rausch, Software Development, Unix, Mac, Windows Numerical Applications, Inc. 509-943-0861 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] floating point format
I've notice that I can read floating point format like: 1.932E+12 Is there any way to output such a number. The %f format string in printf just prints 19320.00. Then I tried %e and got very strange results. The 1.932 was printed with nothing after it. -- Bill Rausch, Software Development, Unix, Mac, Windows Numerical Applications, Inc. 509-943-0861 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] fprintf
There doesn't appear to be an fprintf function. I'm using: fputs( $fp, sprintf( $format, ... ) ); Is this the recommended workaround? I was wondering why fprintf was left out since so many other standard C library routines are present? -- Bill Rausch, Software Development, Unix, Mac, Windows Numerical Applications, Inc. 509-943-0861 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] nimda, etc.
My web sites, which generally have only a couple of real visitors a day to run a specific applications, have just been getting hammered by this stupid nimda and code red stuff. I'm running Linux/Apache/PHP and have firewalls that filter everything except port 80 so I'm not worried about any local effects. What I've done as a public service is to run a /missing.php script that looks like: ?php if( strpos( $HTTP_SERVER_VARS[REDIRECT_URL], .exe ) 0 ) sleep( 300 ); if( strpos( $HTTP_SERVER_VARS[REDIRECT_URL], default.ida ) 0 ) sleep( 300 ); header( HTTP/1.0 404 Not Found ); echo 404 File Not Found: ; echo $HTTP_SERVER_VARS[REDIRECT_URL]; ? I felt that if nothing else I could slow the worm down a little by wasting its time before it races off to the next potential target. Does what I'm doing make any sense or am I all confused? -- Bill Rausch, Software Development, Unix, Mac, Windows Numerical Applications, Inc. 509-943-0861 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] hacks we should know about
Richard Lynch replied: ... - Kills file upload completely I *think* safe_mode can be on and files can be uploaded if the ISP works at it... But they have to want it bad enough to do some configuration. Most ISPs want to just install stuff as-is and not take the time to find out how to really configure it for optimum safety/functionality. ... Just curious about all of this. How many of these various security issues go away if you are hosting your own site and there are no user logins on the box other than your own and no services running except the web server? -- Bill Rausch, Software Development, Unix, Mac, Windows Numerical Applications, Inc. 509-943-0861 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] re: IE double download
I read that IE first read the headers fully ( including the file ) and then ask it again for opening while Netscape read the file only once. This description matches what I've seen. Here's what I've come up with that seems to work for IE and Netscape on Windows and Mac. //$y is the full pathname of the file ... $x = stat( $y ); header( Accept-Ranges: bytes ); header( Content-Length: . $x[7] ); header( Connection: close ); $a = basename( $y ); if( strpos($a,':') ) $a = substr( $a,0,strpos($a,':') ); if( strpos($y,'.') ) $z = substr( $y,strrpos($y,'.') ); // get suffix else $z = 0; if( $z ) { if( strpos($z,':') ) $z = substr( $z,1,strpos($z,':')-1 ); else $z = substr( $z,1 ); header( Content-Type: . FindMime($z) ); // FindMime is my function } else { header( Content-Type: application/octet-stream ); } readfile( $y ); exit; -- Bill Rausch, Software Development, Unix, Mac, Windows Numerical Applications, Inc. 509-943-0861 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] session problem
When I open 1.php a 1K file is created on the server and the contents (my_session_variable|s:10:some value;). When I open 2.php afterwards a 0K file is created on the server which is empty. This is the problem. For some reason, the 2nd page is creating a new session when it shouldn't. Now the question becomes one of: what is causing the new session to be created? in php.ini is session.use_cookies = 1 If not, try setting that then restarting apache. Else is using trans_sid, you need to make a link in 1.php that takes you to 2.php in order for the magic to occur where ?PHP_SESSID=... gets added to the URL automatically. If you just type in 1.php and then type in 2.php the session variable is not automatically sent along. -- Bill Rausch, Software Development, Unix, Mac, Windows Numerical Applications, Inc. 509-943-0861 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] re: File Download IE behavior
Warren Vail [EMAIL PROTECTED] said: When generating a download file from PHP to IE (Netscape is not used by my client base) the browser prompts with an option to download the file or open the file where it is. Opening the file fails and I am forced to download the file to my local drive before receiving another prompt to open the file where the second Open works just fine. Is there a way to allow this first open to work, or cause the open option on the first download window to be removed? I've spent time fiddled with this stuff a few months ago and came up with the following. The basic sequence of commands that I use is that I use look like: $x = array(); $x = stat( simple.pdf ); header( Content-Length: . $x[7] ); ^ header( Accept-Ranges: bytes ); header( Connection: close ); header( Content-Type: application/pdf ); readfile( simple.pdf ); Also, a php.ini setting of interest is: session.cache_limiter = Depending on SSL, cookies, and other things you might need to set this to either nothing at all or to public. -- Bill Rausch, Software Development, Unix, Mac, Windows Numerical Applications, Inc. 509-943-0861 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Stopping stolen / spoofed / linked sessions
Rasmus, et.al., OK, I'm still confused. What does SSL have to do with any of this? If I'm running a site using SSL, all that does is encrypt the transmitted info right? It doesn't have anything to do directly with the sessions though? The problem I'm wrestling with is: Person A logs in to my SSL website and provides a username/password which I verify. I then start a session for them. I have a ten minute timeout period which gets reset with every page they visit during this session. I pass the session id using either a cookie that expires at the end of the session or a URL. Using the cookie seems quite secure. Using the session ID as part of the URL seems less secure because... If person B happens to look over person A's shoulder and records the URL (it is long and obscure with the session id but for sake of argument) and then goes and visits the same web site he's in right? And using SSL doesn't affect this at all unless I'm totally confused (quite possible). If A and B are both behind the same firewall their IPs might not be distinguishable. The HTTP_REFERER stuff doesn't do anything for me because they are already within my site? Is this just an insoluble problem using the URL approach and the only thing to do is require cookies be enabled? Bill -- Bill Rausch, Software Development, Unix, Mac, Windows Numerical Applications, Inc. 509-943-0861 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
AW: [PHP] Stopping stolen / spoofed / linked sessions
Sebastian Stadtlich said: there is an option in php ini : session.referer_check = which should fit your needs not sure how to use it, but probably one of the php-developers on this list can assist... I looked at this thing and can't figure out that it does very much. If someone makes a web page that contains a link to my site that contains the PHPSESSID=... then that session id will be invalid. However, if they just type the same string into their browser by hand, it is accepted? It seems that there is no stopping session spoofing if using the URL method. The only work around is to expire sessions quickly or to require that cookies be used? -- Bill Rausch, Software Development, Unix, Mac, Windows Numerical Applications, Inc. 509-943-0861 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Apache/PHP4/SSL, downloads fail with IE 5.5 only when usingsessions
Hi all, A customer has a problem. They've installed Merlin from Abriasoft. It is a pre-built Apache/PHP/SSL/MySQL/... package. Their problem is that they can't download files from my PHP application (which uses sessions) using IE 5.5 in Windows. Netscape works from all clients, IE 4 works, Mac clients work. Here's a sample php script that fails: ?php // simple download test but starts a session session_start(); session_register('rausch'); $rausch=testing; $x = array(); $x = stat( simple.pdf ); header( Content-Length: . $x[7] ); header( Accept-Ranges: bytes ); header( Connection: close ); header( Content-Type: application/pdf ); readfile( simple.pdf ); ? If I take out the session lines of code, it works fine. The symptom when it fails is that the dialog box for open or save comes up but no matter which choice you make nothing ever happens. If I comment out the session stuff in the .php script, IE just launches Acrobat and downloads and displays the file like it should. What am I doing wrong or what can I do to work around this problem? The portions of their php.ini file that deal with sessions: [Session] session.save_handler = files ; handler used to store/retrieve data session.save_path = /tmp; argument passed to save_handler ; in the case of files, this is the ; path where data files are stored session.use_cookies = 1 ; whether to use cookies session.name = PHPSESSID ; name of the session ; is used as cookie name session.auto_start= 0 ; initialize session on request startup session.cookie_lifetime = 0 ; lifetime in seconds of cookie ; or if 0, until browser is restarted session.cookie_path = / ; the path the cookie is valid for session.cookie_domain = ; the domain the cookie is valid for session.serialize_handler = php ; handler used to serialize data ; php is the standard serializer of PHP session.gc_probability= 1 ; percentual probability that the ; 'garbage collection' process is started ; on every session initialization session.gc_maxlifetime= 1440; after this number of seconds, stored ; data will be seen as 'garbage' and ; cleaned up by the gc process session.referer_check = ; check HTTP Referer to invalidate ; externally stored URLs containing ids session.entropy_length= 0 ; how many bytes to read from the file session.entropy_file = ; specified here to create the session id ; session.entropy_length= 16 ; session.entropy_file = /dev/urandom session.cache_limiter = nocache ; set to {nocache,private,public} to ; determine HTTP caching aspects session.cache_expire = 180 ; document expires after n minutes Thanks, Bill --- Bill Rausch, Software Development, Unix, Mac, Windows Numerical Applications, Inc. 509-943-0861 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Apache/PHP4/SSL, downloads fail with IE 5.5 only whenusing sessions
At 9:11 AM -0700 5/4/01, Martín Marqués wrote: On Sáb 05 May 2001 00:56, Bill Rausch wrote: Hi all, A customer has a problem. They've installed Merlin from Abriasoft. It is a pre-built Apache/PHP/SSL/MySQL/... package. Their problem is that they can't download files from my PHP application (which uses sessions) using IE 5.5 in Windows. Netscape works from all clients, IE 4 works, Mac clients work. Here's a sample php script that fails: ?php // simple download test but starts a session session_start(); session_register('rausch'); This may have nothing to do, but I would write this last line like this: session_register(rausch); Good catch. It didn't matter this time but I do usually use double quotes on strings. And I have to say that IE 5 sucks so much Really can't believe some may Because their bosses told them too!? I like the Mac version but the Windows version sucks. Thanks, Bill --- Bill Rausch, Software Development, Unix, Mac, Windows Numerical Applications, Inc. 509-943-0861 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] forms and RETURN key
I've observed a difference between how IE and NS interact with even simple forms. With IE, hitting the RETURN or ENTER key usually but not always triggers the submit button, but almost never with NS. Is this behavior controllable by my scripts? For example: headtitletest form/title/head body ?php if( $ok ) { echo name1 is $name1\n; echo name2 is $name2\n; } else { echo form action='$PHP_SELF' method=POST\n; echo Name1:input type='TEXT' name='name1'\n; #echo Name2:input type='TEXT' name='name2'\n; echo input type='SUBMIT' name='ok' value='ok'\n; echo /form\n; } ? /body If I run this form using IE, hitting the Return/Enter key submits the form but the 'ok' variable is not set; it just redraws the form. If however, I uncomment the third echo line (the one for Name2), then hitting the Return/Enter key does have the desired effect in IE. In NS, the first version acts just like IE; the form redraws and that is all. But using the second variant with both text fields, hitting the Return key in NS does nothing at all. Is this just the way it is? :-( Or is this behavior controllable somehow? :-) --- Bill Rausch, Software Development, Unix, Mac, Windows Numerical Applications, Inc. 509-943-0861 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] are sessions single threaded?
At 4:04 PM -0800 3/6/01, Ernest E Vogelsinger wrote: At 00:56 07.03.2001, Bill Rausch said: [snip] What I mean is, if a user is connected to a php page that uses sessions and that is involved in a time consuming operation (say 20 seconds or more) before returning an answer, and the user also opens a second window in the same browser to connect to another page in the same site that uses sessions the second window will hang till the first operation is complete. While testing, I was able to show that if I don't use sessions this doesn't happen. I need to use sessions and would like to allow users to have multiple windows connected to my site (it is an intranet application). [snip] try not to use cookies - use session keys via URL/hidden form fields. This way multiple browser connects can have multiple session keys, and you won't "hang" Thanks for the answer. Help me to understand please. Is this a limitation of PHP somehow or is it a limitation of the browsers. Why does not using cookies make a difference? Where would I go to find more information on this issue? --- Bill Rausch, Software Development, Unix, Mac, Windows Numerical Applications, Inc. 509-943-0861 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] are sessions single threaded?
What I mean is, if a user is connected to a php page that uses sessions and that is involved in a time consuming operation (say 20 seconds or more) before returning an answer, and the user also opens a second window in the same browser to connect to another page in the same site that uses sessions the second window will hang till the first operation is complete. While testing, I was able to show that if I don't use sessions this doesn't happen. I need to use sessions and would like to allow users to have multiple windows connected to my site (it is an intranet application). Apache 1.3.12 with PHP 4.0RC2 (it's just a test site at the moment) --- Bill Rausch, Software Development, Unix, Mac, Windows Numerical Applications, Inc. 509-943-0861 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Re: PHP as Scripting Language
"#!/usr/local/bin/php -q" doesn't quite do it for me. Here's what I get before and after adding the -q. $ cat xxx.php #!/usr/local/bin/php ?php echo "hello world\n"; ? $ xxx.php X-Powered-By: PHP/4.0RC2 Set-Cookie: PHPSESSID=d74e5e80abcf1d2898588b595dc751d5 Expires: Thu, 8 Feb 2001 17:39:17 GMT Cache-Control: public, max-age=60 Last-Modified: Thu, 8 Feb 2001 17:38:13 GMT Content-type: text/html hello world $ cat xxx.php #!/usr/local/bin/php -q ?php echo "hello world\n"; ? $ xxx.php br bWarning/b: Cannot send session cookie - headers already sent in bUnknown/b on line b0/bbr br bWarning/b: Cannot send session cache limiter - headers already sent in bUnknown/b on line b0/bbr hello world Any ideas on what I've got configured wrong? Thanks. --- Bill Rausch, Software Development, Unix, Mac, Windows Numerical Applications, Inc. 509-943-0861 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]