Re: [PHP] Sessions not destroyed
There is a difference between the session file existing, and the user still having a valid session. If the timeout has occurred, and the file has not been deleted, when the user accesses it, the session will not show up in $_SESS[]. Which for all intents an purposes, means the session has been deleted as far as the script is concerned.. Now whether it gets deleted by such a direct request, I wonder. It will get deleted by OTHER sessions be requested, if the gc probablity works at that moment. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] code not working...help?
Graham Cossey [EMAIL PROTECTED] wrote: quote --- [snip] $lastmonth = date(YmdHis, mktime(date(H), date(i), date(s), date(m)-1, date(d), date(Y))); $countResult = db_query(SELECT count(*) AS msgCount FROM messages WHERE uid = '. $userID .' AND fid = '. $fid .' AND post_date = '. $lastmonth .'); $countRow = db_fetch_array($countResult); im then using $countRow as my variable but it keeps returning a value of zero. [snikp] Secondly I find it easier (to read) to code my SQL statements thus: $countResult = db_query(SELECT count(*) AS msgCount FROM messages WHERE uid='$userID' AND fid='$fid' AND post_date='$lastmonth'); [snip] /quote --- I find queries even easier to read when they are written like this: $countResult = db_query(SELECT count(*) AS msgCount FROM messages WHERE uid='$userID' AND fid='$fid' AND post_date='$lastmonth' ); Neither PHP nor MySQL nor Postgres care about all the extra spaces. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] proper method to do the following...
Hugh Beaumont [EMAIL PROTECTED] wrote:
quote
I've been working with
error_reporting(E_ALL)
set lately trying to write code that does not give notices or errors.
What is the proper way to set a variable so that it's non-existance
will not generate
a notice?
Thanks all for the replies. I also noticed a small typo in the code I
posted which made it even
worse (used == instead of = when doing the assignment).
quote
There's a book called XX number of ways to improve your C++ code. Well, it works on
lots of languages. About equality statements? Put the constant on the left, then it's
not accidentally an assignement.
if( 15==$dudes_age ){ $action=Slap him if he looks at your daughter; }
vs
if( $daughters_age==(18*365 + 4 + 1) ){ $action=Give her a box of con***s and kick her
out; }
//18 years, plus 4 leap days plus one day.
If you accidentally mamke the '==' a '=' in the second statement, it will always be
true, and you will get arrested for kicking your 8 year old out into the street.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Upload problems
Would you mind sharing what it was so that it hits the archives and a few 'enquiring minds'? Pablo Gosse [EMAIL PROTECTED] wrote: quote --- [snip] Look in your php.ini for max_upload_size or something like it. [/snip] 'Twas an apache problem. Thanks the help. Cheers, Pablo /quote -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: iguanahost - anyone else being plagued?
Or better yet, the mail list could be reconfigured to match every other mail list on the web, so that sender to the list doesn't get these. Nick Wilson wrote: Anyone else getting these infuriating italian messages about some muppet that doesnt exist? 'desintione non existente'? I've written to [EMAIL PROTECTED] but no joy, everytime i post on the php list i get half a dozen of the damn things... Yup, guess some Italian 1337 h4x0r has some shit going on... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] something like an SID
Just what the doctor ordered! Thanks Chris. Chris Dowell wrote: Try this: http://uk.php.net/output_add_rewrite_var Dennis Gearon wrote: You make a good point, Marek. They CAN open a new window with different results. Maybe it's up to each page to keep track of where it is at, via form elements alone, instead of through session values. Hadn't thought of that, but it must be the only way. Adding and extra layer to that might end up being really confusing to programmers for my site. The values for previous forms could just be sent as hidden elements(and not kept in the session), until the whole thing is collected, then they are all qualified again. The only thing in the session would be the user's id. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Session theory
At one time, I thought that I read about a problem with PHP4 sessions involving the recognitioni of the session expiration in the session engine. The problem was that the session variables were read into the scipt BEFORE the expiration time was checked. Anyone remember this? So, I'm asking if there's anyone here with an AUTHORITATIVE answer I ( i.e. you've tested this, or you've written on the code for PHP sessions) to which order the following three task run when a script is requested? [A] read session file and load session vars if file and PHPSESSID both exist at request time [B] delete sesssion if expired [C] run garbage collection -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] something like an SID
I'd like a value to be passed back from every page, if that page was originally passed that value. The two ways that I can think of it, are: 1/ Javascript with some sort of 'onSubmit()' function which causes a minimal form to be submitted via POST or GET 2/ A hidden form value, and make every action on a page be a button, which submits a form as above. If no value was received, it would know it was a first access. NO, I don't think Sessions will do it - I will use this value IN PARALELL to Sessions. NO, I don't think Cookies will do it, since I want the value to be different for each browser instance and each 'TAB' in each browser instance. Someone tell me if I'm on the right track, and point me to a link that shows how to do: My idea 1, My idea 2, or your idea? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Session time out
How do sessions 'time out'? Especially if using and SID in the query string (not a good idea, I know, but this bypasses cookie timeout and so removes it from timeout methods for this discussion) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] something like an SID
You make a good point, Marek. They CAN open a new window with different results. Maybe it's up to each page to keep track of where it is at, via form elements alone, instead of through session values. Hadn't thought of that, but it must be the only way. Adding and extra layer to that might end up being really confusing to programmers for my site. The values for previous forms could just be sent as hidden elements(and not kept in the session), until the whole thing is collected, then they are all qualified again. The only thing in the session would be the user's id. Marek Kilimajer wrote: Dennis Gearon wrote: I'd like a value to be passed back from every page, if that page was originally passed that value. The two ways that I can think of it, are: 1/ Javascript with some sort of 'onSubmit()' function which causes a minimal form to be submitted via POST or GET 2/ A hidden form value, and make every action on a page be a button, which submits a form as above. 3. Define your SID value: $SID = isset($_REQUEST['var_name']) ? 'var_name=' . urlencode($_REQUEST['var_name']) : ''; Write every link as href=page.php??php echo $SID; ? Something similar for forms. If no value was received, it would know it was a first access. NO, I don't think Sessions will do it - I will use this value IN PARALELL to Sessions. NO, I don't think Cookies will do it, since I want the value to be different for each browser instance and each 'TAB' in each browser instance. You will fail. User can use right click to open any link in a new window and the value will stay the same. Someone tell me if I'm on the right track, and point me to a link that shows how to do: My idea 1, My idea 2, or your idea? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: !!Urgent .. Session Problem Solved ... But not completely
It has to be in SOME file. Probably in your prepend file or one of the files that it includes. Dre [EMAIL PROTECTED] wrote: quote - believe me the FIRST line in the file is ?php session_start(); NOTHING AT ALL exists before it. but I still have the same error M. Sokolewicz [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I think you didn't read all instructions we gave. One of them was to remove all spaces and/or newlines BEFORE the first ?php tag in your file, to save it and try again. anything before the ?php tag is considered HTML and thus output. Since headers are always sent before the output is, they will be sent the moment PHP notices the spaces and/or newlines. So, what happens is: PHP starts processing PHP encounters spaces and/or newlines PHP sends headers to the browser PHP sends those spaces and/or newlines to the browser PHP notices the ?php tag, and such swithed to parsing-mode PHP notices session_start(); and thus tries to send a cookie (a cookie is actually one of the headers) PHP notices that headers have already been sent! So it gives an error, because it can't get them back and send them after the cookie again. snip lots /quote -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Sessions and Logins
Please CC me - I am designing my own 'usr' class that takes care of logins. I need to know the following to finish it. --- A/ Does anybody use sessions for users who are not logged into the site, and why? B/ If a user goes from unlogged in, unidentified user to a logged in, identified user, is the first session canceled and new session started? C/ (The reverse), if a user goes from logged in, identified user to a unlogged in, unidentified user, is the first session canceled and new session started? D/ How is it possible, using PHP4+ sessions, to cancel a session a page is opened with, and starting a new session? thanks all of you. I **LOVE** using this PHP 'thang' :-) Dennis -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Using Post like Get
With get varaibles, it's possible to always have get variables on a page, even without a form, by simply appending the Get variables to the end of the URL. Is there anyway to do the same with Post variables? For instance, a javascript that onUnload submit, or something? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Using Post like Get
What I'm trying to achieve is to have the same cookie IDENTIFY a user on different (or same) applications (on the same server), but require them to log in for each application, and get a different session.. Basically, to keep separate 'user trails and in process variables' for different tabs or windows in a browser. www.scotttrade.com does it somehow, and I see no GET variables on the URL. John W. Holmes wrote: Dennis Gearon wrote: With get varaibles, it's possible to always have get variables on a page, even without a form, by simply appending the Get variables to the end of the URL. Is there anyway to do the same with Post variables? For instance, a javascript that onUnload submit, or something? You can't just include POST variables in a link, if that's what you're going for. Perhaps some clunky javascript submitting a hidden form on an onclick method would get you close, but why even bother? Maybe you should just say what you're actually trying to achieve and why, then we could offer better alternatives. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] classes being extended
Can someone ask the internals list this question, since I can't seem to subscribe right now, (or answer the question) If a class is a base class, does each child make it's own copy of: the whole base class the class variables only something else? So if I have a bunch of objects in a page inheriting from a common class, am I really saving any: memory loading time dereferencing time execution time? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] textarea/display question...
Make sure to remove tags via: $var_that_will_be_displayed = strip_tags( $var_from_user_input_via_POST_or_GET_or_COOKIE ); if you are going to display or mail it as part of a link(email or URL), you might do this instead: $var_that_will_be_part_of_a_link = strip_tags( rawurldecode( $var_from_user_input_via_POST_or_GET_or_COOKIE ) ); See this page: http://www.cgisecurity.com/articles/xss-faq.shtml -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session and mysql connection identifier
What he is really looking for is connection pooling. Do a google and see if you can
find 'mysql connection pooling php'. It is persistent connections across page
accesses, which PHP does not do natively AFAIK.
Jason Wong [EMAIL PROTECTED] wrote:
quote
On Wednesday 21 July 2004 13:47, mukta telang wrote:
I want to use mysql persistent connection to connect
to mysql and use the connection identifier or handle
in subsequent pages/scripts. So in script1.php I have
session_start();
session_register('conn');
HTTP_SESSION_VARS['conn']=mysql_pconnect(...);
and in script2.php I have,
echo $conn;
and I always get 1 as output and not Resource#.. as
expected..
You can't pass/use resource IDs across different pages/scripts. Please read
the manual Persistent Database Connections to clear up some misconceptions
about persistent connections. Also follow ups to this should be sent to the
php-db list.
/quote-
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] SpanCease 'crap'
I think that having the list settings set up to email everybody who is on single emails using the email address of the person writing this list is - WRONG. Most lists I am on don't do that. quote Justin Patrin [EMAIL PROTECTED] wrote: On Sun, 18 Jul 2004 21:32:15 +0100, Lester Caine [EMAIL PROTECTED] wrote: Jason Wong wrote: Are you saying that you sent some message to this list and got back a message asking you to click on a link to confirm that you're not a spammer? If so then I misunderstood your problem. I originally thought that you got this as a result of trying to subscribe to the list so I tried subscribing just now and got the usual *reply* to confirm message. Like Justin, I got an email in response to a previous post that indicated that php.general is now protected by SpamCease and requested I confirmed who I was if I wanted to continue posting. All I can say is !stop sending spam! If it happens every time and you're positive there's nothing in the contents of your mail that suggests spam then try sending your mail through a different mailserver. Being a moderator on several lists and running several remote websites, changing my mail facilities is not practical. The problem has been fixed by running crappy IE to confirm the various emails and then striping it off again - something which I have no wish to do again ! As I said, I could see it in FireFox just fine So *IS* php.general now being routed through SpamCease, or is something else going on - anybody? No no, php-general isn't geing run through this service. One of the subscribers is using it, so when an e-mail goes to them through the list it wants you to confirm that you're not a spammer. /quote -- -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Error: unexpected T_ELSE on line 14...?
There is a book/CD by 'Stroup' called 'More effective c++'. VERY excellent book. It give someting like 54 specific technicques to employ that save LOTS of time for a C++programmer.
One of the ones from that book, applies here:
DON'T write if ( variable ==/= constant){;}
INSTEAD write if( constant==/= variable){;}
Why, I was waiting for you to ask that question.
If you accidentally write the assignment operator '=' instead of '==/=', the first
case does an assignment, and if the constant is not 0 or unset, the statment will
always be true. In the second case, the interpreter/compiler will error out with the
fact that you can't assign to a constant.
So do this:
$var_to_test = FALSE;
if( TRUE = $var_to_test){;}
if($var_to_test = TRUE ){;}
if( TRUE == $var_to_test){;}
if($var_to_test == TRUE ){;}
and see what happens.
quote ---
Rodrigo Castro Hernandez [EMAIL PROTECTED] wrote:
Hi,
You have two problems in these line:
Harlequin said:
if ($_SESSION[Authorised]=Yes);
1. The obvious ; at the end of the line.
2. $_SESSION[Authorised]=Yes it's different to write:
$_SESSION[Authorised]==Yes
Cheers,
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] problem with super global '$_REQUEST'
I have a function in a class that unsets the superglobal $_REQUEST;
Well, it's supposed to, it doesn't do it. I'm on version 4.2.3 of PHP. This page:
http://us2.php.net/manual/en/language.variables.predefined.php#language.variables.superglobals
says that $_REQUEST is a super global as of version 4.1.0. Is there some bug I don't
know about or am I doing something wrong?
Here's the code:
?PHP
$_REQUEST[var1]=\scriptscript stuff/script;
$_REQUEST[var2]=a_string_of_course;
$_REQUEST[arr1][elem1]=scriptscript stuff2/script;
$_REQUEST[arr1][elem2]=another_string_of_course;
if( !defined('TEST_UNSET') ){
define('TEST_UNSET', TRUE);
class abstract_environment{
var $_REQUEST;
function abstract_environment(){
$this-_REQUEST=$_REQUEST;
unset( $_REQUEST );
echo(unset was done);
$this-_clean_all_vars();
}
function _clean_all_vars(){
//ADD OTHER PROCESSING AS NEEDED
$this-_strip_tags_arr( $this-_REQUEST );
}
function _strip_tags_arr( $arr_or_solo ){
if( isset($arr_or_solo) ){
if( !is_array($arr_or_solo) ){
$arr_or_solo= strip_tags($arr_or_solo);
} else {
reset ($arr_or_solo);
while (list($key, ) = each ($arr_or_solo)) {
if( isset($arr_or_solo[$key]) ){
if( is_array($arr_or_solo[$key]) ){
$this-_strip_tags_arr($arr_or_solo[$key]);
} else {
$arr_or_solo[$key] =
strip_tags($arr_or_solo[$key]);
}
}
}
}
}
}
}
}
$abs_env=new abstract_environment;
echo pre;
print_r($_REQUEST);
print_r( $abs_env );
echo /pre;
?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: problem with super global '$_REQUEST'
OK, after lots of reading, I find out it's not possible to unset something that has been 'globalized' in a function, nor ANY global value. However, some online manual pages documented that it's possible to assign NULL to the value. Well that's NOT unset.
But,that got me to thinking. What about assigning an unset variable to the global? IT
WORKS!
Change the line below:
unset( $_REQUEST );
*--to--*
$unset_variable;
$_REQUEST = $unset_variable;
VOILA! no more $_REQUEST super_global. Now, I need to see if it can still be assigned
to as if it's a super global.
Dennis Gearon wrote:
I have a function in a class that unsets the superglobal $_REQUEST;
Well, it's supposed to, it doesn't do it. I'm on version 4.2.3 of PHP.
This page:
http://us2.php.net/manual/en/language.variables.predefined.php#language.variables.superglobals
says that $_REQUEST is a super global as of version 4.1.0. Is there some
bug I don't know about or am I doing something wrong?
Here's the code:
?PHP
$_REQUEST[var1]=\scriptscript stuff/script;
$_REQUEST[var2]=a_string_of_course;
$_REQUEST[arr1][elem1]=scriptscript stuff2/script;
$_REQUEST[arr1][elem2]=another_string_of_course;
if( !defined('TEST_UNSET') ){
define('TEST_UNSET', TRUE);
class abstract_environment{
var $_REQUEST;
function abstract_environment(){
$this-_REQUEST=$_REQUEST;
unset( $_REQUEST );
echo(unset was done);
$this-_clean_all_vars();
}
function _clean_all_vars(){
//ADD OTHER PROCESSING AS NEEDED
$this-_strip_tags_arr( $this-_REQUEST );
}
function _strip_tags_arr( $arr_or_solo ){
if( isset($arr_or_solo) ){
if( !is_array($arr_or_solo) ){
$arr_or_solo= strip_tags($arr_or_solo);
} else {
reset ($arr_or_solo);
while (list($key, ) = each ($arr_or_solo)) {
if( isset($arr_or_solo[$key]) ){
if( is_array($arr_or_solo[$key]) ){
$this-_strip_tags_arr($arr_or_solo[$key]);
} else {
$arr_or_solo[$key] =
strip_tags($arr_or_solo[$key]);
}
}
}
}
}
}
}
}
$abs_env=new abstract_environment;
echo pre;
print_r($_REQUEST);
print_r( $abs_env );
echo /pre;
?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] problem with super global '$_REQUEST'
I found the answer, as my second post on this told.
Why unset the globals?
I plan on implementing filters on all User input to ALL scripts in the prepend file.
And if someone wants to get a variable that was supplied by a user, they have to
specifiy if it's going to be INT, STR(with options to remove run on spaces, validate
email addr, remove carriage returns to prevent embedded email directives) 'NUM' type
with formatting like in databases, and also, anti SQL injection escaping is possible.
The programmer will HAVE to choose which filtering, but strip tags is automatic. I'm
not going to have XSS holes or SQL injection on my site.
Justin Patrin wrote:
You can't unset $_REQUEST. All it does is unset the reference to it in
the current context. It still exists elsewhere. If you *really* want
to get rid of $_REQUEST, you should do it this way:
unset($GLOBALS['_REQUEST']);
But I would advise against that. Why exactly are you unsetting a superglobal?
On Thu, 15 Jul 2004 15:00:15 -0700, Dennis Gearon [EMAIL PROTECTED] wrote:
I have a function in a class that unsets the superglobal $_REQUEST;
Well, it's supposed to, it doesn't do it. I'm on version 4.2.3 of PHP. This page:
http://us2.php.net/manual/en/language.variables.predefined.php#language.variables.superglobals
says that $_REQUEST is a super global as of version 4.1.0. Is there some bug I don't
know about or am I doing something wrong?
Here's the code:
?PHP
$_REQUEST[var1]=\scriptscript stuff/script;
$_REQUEST[var2]=a_string_of_course;
$_REQUEST[arr1][elem1]=scriptscript stuff2/script;
$_REQUEST[arr1][elem2]=another_string_of_course;
if( !defined('TEST_UNSET') ){
define('TEST_UNSET', TRUE);
class abstract_environment{
var $_REQUEST;
function abstract_environment(){
$this-_REQUEST=$_REQUEST;
unset( $_REQUEST );
echo(unset was done);
$this-_clean_all_vars();
}
function _clean_all_vars(){
//ADD OTHER PROCESSING AS NEEDED
$this-_strip_tags_arr( $this-_REQUEST );
}
function _strip_tags_arr( $arr_or_solo ){
if( isset($arr_or_solo) ){
if( !is_array($arr_or_solo) ){
$arr_or_solo= strip_tags($arr_or_solo);
} else {
reset ($arr_or_solo);
while (list($key, ) = each ($arr_or_solo)) {
if( isset($arr_or_solo[$key]) ){
if( is_array($arr_or_solo[$key]) ){
$this-_strip_tags_arr($arr_or_solo[$key]);
} else {
$arr_or_solo[$key] =
strip_tags($arr_or_solo[$key]);
}
}
}
}
}
}
}
}
$abs_env=new abstract_environment;
echo pre;
print_r($_REQUEST);
print_r( $abs_env );
echo /pre;
?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
!DSPAM:40f6fde76071105215333!
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: problem with super global '$_REQUEST'
I bet it would work, 'cause whenever $GLOBALS is 'print_r'd, Globals shows up and a 'recursion note' ends the execution of 'print_r'. Justin Patrin wrote: You *can* unset it, you just have to unset the place where it really sits. When you have a global in a function, then unset it, you only disconnect the variable. unset doesn't destroy a variable, it just breaks the reference. As I said in my earlier e-mail, using this *will* work (I tested it): unset($GLOBALS['_REQUEST']); $GLOBALS is itself a superglobal.hmmm, wonder what would happen if you unset($GLOBALS['GLOBALS']) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] RE:$_Request from 4.3 to v5.x
Isn't $_REQUEST the same as the old GPC variables in global namespace? A way to get requested variables without paying attention to whether they came in via cookies, post, or get? That's been my understanding so I've been using $_GET, $_POST, $_COOKIE instead, because that way I don't have to worry about GPC order AND I can use GET and POST together at the same time. Michael Purdy [EMAIL PROTECTED] wrote :quote --- Folks I am currently using 4.3.7. I have a script which accepts three POSTed variables from a basic form. Under 4.3.7 the script runs fine and the variables are successfully passed to the script. I am testing 5.0 C3 and receive the following error PHP Notice: Undefined index: searchtype in c:\http\cgi\list7.php on line 13 script language='php' $searchtype = $_REQUEST['searchtype']; -- this is line 13 $searchterm = $_REQUEST['searchterm']; $matchtype = $_REQUEST['match']; Any suggestions on the best way to access data input into a FORM in version 5.x would be most appreciated. Mike /quote --- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] RE: using htmlentities with data in textarea
When setting up a site, you should:
A/ write a page with only the function 'phpinfo()' on it.
B/ Call the page phpinfo.php, and put it in your document root.
C/ Now tell us the location of your site so we can all view all your
security information :-)
wink do only A above and see if you have 'magic_quoutes_gpc' on, then
delete the page:
http://us4.php.net/manual/en/ref.info.php#ini.magic-quotes-gpc
or, you can just do a loop on your GET/POST/COOKIE variables after
testing if magic quotes is on using:
'get_magic_quotes_gpc()' to see if you need to strip them off.
if( get_magic_quotes_gpc() ){
reset $_GET;
| while (list($key, $value) = each ($_GET)) {
$_GET[$key]= stripslashes($value);
}
|reset $_POST;
| while (list($key, $value) = each ($_POST)) {
$_POST[$key]= stripslashes($value);
}
|reset $_COOKIE;
| while (list($key, $value) = each ($_COOKIE)) {
$_COOKIE[$key]= stripslashes($value);
}
||}|
Magic quotes is to prepare input for databases.
It **MAY** be possible to turn it off **BEFORE** the slashes get added
in your '.htaccess' file using:
php_value magic_quotes_gpc 0
php_value magic_quotes_sybase 0
Hull, Douglas D [EMAIL PROTECTED] wrote:
quote -
As John H told me (which is true) I should run my words through htmlentities. I have
a textarea in a form for individuals to type in a list of words. From there I place
these words in an array and then perform calculations and echo the words back out with
the resulting calculations. But if one enters:w' my word ends upw\' I
have tried using htmlentities in my array and other places (to take the slash out) but
to no avail. Here is what I tried when putting my words in my array:
$zchrpos = 0;
$tok = strtok($zwords, \r);
while ($tok !== FALSE) {
$toks[] = htmlentities(trim($tok));
$tok = strtok( \r);
$zchrpos++;
}
Any help would be appreciated,
Doug
/quote -
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] array indexes as arguments to a function
please CC me, as I am on digest.
---
say I've got a class that stores the cookie/get/post vars.
I want to retrieve say one of them.
Say, that post vars come back from browser as:
POST[var1_arr][dim1][dim2]
they are stored in
object-post_vars[var1_arr][dim1][dim2];
object-post_vars[singleton];
I have the function
class-get_post_var($index_arr){
return correct, processed post var;
}
How can I get the function to return an arbitrary depth into the post
vars array?
i.e. EITHER
return $this-class_user_input_processing_function(
$this-post_vars, $index_arr);
Where $index_arr contains either:
$index_arr = array(var1_arr,dim1_value, dim2_value);
-or-
$index_arr = array(singleton);
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] images outside of document root
I want to keep an entire library OUTSIDE of the document root. The library includes some imgages. How can I have the browser include the imageges? I've hard of BASE64'ing the images into the header and decoding them using javascript. Is this the best way? Where is code to do that? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] images outside of document root
I may do that, but the 'showimage.php' file then has to be in the
document root, and can be attacked a LOT.
I have found ways to do inline images, without javascript, I believe.
Curt Zirzow [EMAIL PROTECTED] wrote:
* Thus wrote Dennis Gearon:
I want to keep an entire library OUTSIDE of the document root. The library
includes some imgages. How can I have the browser include the imageges?
I've hard of BASE64'ing the images into the header and decoding them using
javascript. Is this the best way? Where is code to do that?
no, its probably the worst way.
To have the browser reference images outside the document root
you'll have to create a php wrapper function that decides on what
to do:
img src=/showimage.php?file=foobar.jpg
showimage.php:
?php
$file = $_GET['file'];
// authentication if needed...
// check for valid file, etc..
header('Content-Type: image/jpeg'); // send right content type
readfile($path_outside_docroot . $file);
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] conditional includes in class functions
Anyone ever done that? Does PHP actually wait until the include is actually needed before it does it? It might wait to execute it, but does it wait to include it? Trying to speed up the loading of pages. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] connection parameters to db's
Please CC me. When I connect to a database on the same machine as the apache server us running under, that's server name localhost, right? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] RE:[PHP] file knowing its own directory
Just for the record, (and archives), This can be accomplished by: dirname( __FILE__); This allowes me to put the following into an application's config file, to be included via the prepend, the following localized, global values: (assuming the application's files are kept OUT of the document root for security's sake) $APPLICAITON_NAME_VALUES[MAIN_DIR]= dirname(__FILE__)./; //on linux anyway. $APPLICAITON_NAME_VALUES[NEEDED_VALUE_1]= 'VALUE_1; $APPLICAITON_NAME_VALUES[NEEDED_VALUE_2]= 'VALUE_2; blah blah causing VERY little global name pollution. [EMAIL PROTECTED] wrote: please CC me 'cause I am on digest the scenario: three files: .htaccess has line saying php_prepend 'true_filesystem_location_php_prepend_file' prepend.php (aforementioned prepend file) has line saying include file_a.php file_a.php has line saying$my_true_file_system_location = I_NEED_A_FUNCTION_HERE; So, what do I replace I_NEED_A_FUNCTION_HERE with? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] file knowing its own directory
please CC me 'cause I am on digest the scenario: three files: .htaccess has line saying php_prepend 'true_filesystem_location_php_prepend_file' prepend.php (aforementioned prepend file) has line saying include file_a.php file_a.php has line saying$my_true_file_system_location = I_NEED_A_FUNCTION_HERE; So, what do I replace I_NEED_A_FUNCTION_HERE with? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: ini_get
thank you very much. Richard Davey wrote: Hi, Monday, June 7, 2004, 5:49:30 PM, you wrote: DG Does anyone know if ini_get returns the values BEFORE or AFTER the DG .htaccess modifies them? i.e., does it return the server or local DG version? BR Perhaps you're misunderstanding what ini_get() does? ini_get() only BR retrieves values from the php.ini file. I don't think you can modify BR those values from an .htaccess file. You can modify any PHP_PERDIR/ALL value from an .htaccess file. In answer to the original question: if you use an htaccess file to modify a PHP value, ini_get will use the LOCAL version of that value (as opposed to the master version). So yes, anything changed via htaccess would be reflected via ini_get. Best regards, Richard Davey -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] ini_get
CC me please. Does anyone know if ini_get returns the values BEFORE or AFTER the .htaccess modifies them? i.e., does it return the server or local version? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] *.pdf into postgres using php
Please CC me, I am on digest. Any one done that and can give me some pointers? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] hash with RIPEMD-160
Please CC me as I am on digest. Anyone using RIPEMD-160 for hashing in PHP? Is it part of Apache or the underlying OS? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Programming Innovation Award
Andy B [EMAIL PROTECTED] wrote: quote one question though how can you tell if a class or package you are writting or want to attempt to write has ever been created before?? 99.9% of the time anything i ever thought of for classes/packages to write are either too simple or the idea has already been created before... i.e. i want to make something different but dont know how to start with it i guess /quote The best projects come from somebody's personal need. Manual Lemos's for example. I will probably submit my site standardization class and some others after my site has been up for a year and I've gained some market enertia. Also, I've some good ideas for database design I had to figure out that I will include since it makes possible what I am doing. So, if you can't find what you want, start coding. If everthing you want is out there, supply some prizes for the contest winners :-) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] quickie survey
I am doing a site where some of the pages will show various hours of some businesses. To make life easier for searching for open businesses PER DAY, I have pretty much decided to make an arbitrary dat-to-day boundary, instead of the usual midnight boundary. Some businesses that this applies to are bars, restaurants, dances, and even the hours of regular blue collar jobs for factories that have 24/7 operation. My survey is, what hour would you pick if you were to do that? Examples might be any time after midnight (none before). I could make each listing have it's own variable day-to-day boundary, but I'd prefer to have one site wide boundary. 1AM through 6AM for examples. Even hours. Send me your vote, and I will summarize it and post it to the list. This might be useful information for design work by others on this site. I've heard a lot of other php coders working on similar projects. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Session confusion again :( - Thanks!
'Chris W. Parker' [EMAIL PROTECTED] elucidated: Thanks guys but I have register globals ON so once the session variable is defined I should be able to address it without specifying $_SESSION ? WHERE do you have it on? Most sites now have it turned off for VERY valid security reasons. If you are turning it on in your prepend file - Sorry, too late. The only two places to turn it back on, to my knowledge, is in your ini file for the site, or your .htaccess file as a directive. Only those two places are before the GPC processing. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] WIERD list behavior
When I make a posting to this list, I get an email like below: --- Subject: Thank you From: Advance Credit Suisse Bank [EMAIL PROTECTED] Date: Wed, 14 Apr 2004 12:03:35 -0700 To: Dennis Gearon [EMAIL PROTECTED] ADVANCE CREDIT SUISSE BANK Address: Brsenstrasse 15 P. O. Box CH - 8022 Zurich Tel: +41 76 5319587 Fax: + 41 795314-CSB Telegram: + 812 400 SNA DCS Thank you !! --- FULL VERSION w/ HEADERS --- From - Wed Apr 14 12:02:43 2004 X-UIDL: [EMAIL PROTECTED] X-Mozilla-Status: 0001 X-Mozilla-Status2: X-POP3-Rcpt: [EMAIL PROTECTED] Return-Path: [EMAIL PROTECTED] Received: from host79.ipowerweb.com (host79.ipowerweb.com [66.235.200.179]) by phaze.fireserve.net (8.12.10/linuxconf) with ESMTP id i3EJ3ccj003363 for [EMAIL PROTECTED]; Wed, 14 Apr 2004 12:03:38 -0700 Received: from advance- by host79.ipowerweb.com with local (Exim 4.20) id 1BDpfb-0004qD-JK for [EMAIL PROTECTED]; Wed, 14 Apr 2004 12:03:35 -0700 To: Dennis Gearon [EMAIL PROTECTED] X-Autorespond: RE: [PHP] Session confusion again :( - Thanks! X-Loop: Dennis Gearon [EMAIL PROTECTED] From: Advance Credit Suisse Bank [EMAIL PROTECTED] Content-type: text/plain; charset=us-ascii Subject: SPAM Thank you Message-Id: [EMAIL PROTECTED] Date: Wed, 14 Apr 2004 12:03:35 -0700 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - host79.ipowerweb.com X-AntiAbuse: Original Domain - fireserve.net X-AntiAbuse: Originator/Caller UID/GID - [34460 34460] / [47 12] X-AntiAbuse: Sender Address Domain - host79.ipowerweb.com X-MailScanner: Found to be clean X-MailScanner-SpamCheck: spam, SpamAssassin (score=7.4, required 6, BAYES_99, RCVD_IN_BNBL) X-MailScanner-SpamScore: sss ADVANCE CREDIT SUISSE BANK Address: Brsenstrasse 15 P. O. Box CH - 8022 Zurich Tel: +41 76 5319587 Fax: + 41 795314-CSB Telegram: + 812 400 SNA DCS Thank you !! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] basic auth question
Please CC me, I am on digest -- If I have a directory like: $HOME/www/ (document root) It has a auth section in the .htaccess file $HOME/www/.htaccess another directory like: $HOME/www/want_to_be_public/ How can I defeat the auth section in the $HOME/www/.htaccess file by commands in the: $HOME/www/want_to_be_public/.htaccess file? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] basic auth question
Please CC me, I am on digest -- If I have a directory like: $HOME/www/ (document root) It has a auth section in the .htaccess file $HOME/www/.htaccess another directory like: $HOME/www/want_to_be_public/ How can I defeat the auth section in the $HOME/www/.htaccess file by commands in the: $HOME/www/want_to_be_public/.htaccess file? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] basic auth question
Please CC me, I am on digest -- If I have a directory like: $HOME/www/ (document root) It has a auth section in the .htaccess file $HOME/www/.htaccess another directory like: $HOME/www/want_to_be_public/ How can I defeat the auth section in the $HOME/www/.htaccess file by commands in the: $HOME/www/want_to_be_public/.htaccess file? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] wiki
I need a wiki, VERY simple. BUT OTOH, it'd be nice if it had the ability to display, or attache a picture to a topic. Any good stuff known to exist? MySQL background. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] mailing labels from databases
I'm on digest, please CC me. What output document format are people using for doing mailing labels from databases? I have thought about HTML, but it doesn't do multiple pages to the printer well. OperOffice Writer would be nice, can PHP do that? Probably better would be PDF files, since it's really compressed Postcript, a printer langauge. Is it possible to set postions of characters, lines, tables, etc in PDF via: pixels page percentages absolute distances using PHP? -- You are behaving like a man, is an insult from some women, a compliment from an good woman. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] script archives
I'm trying to find a script archive I once used to go to. It was neck and neck with hotscripts.com in usable scripts. It was for PHP only scripts. I THOUGHT it was called phpscripts.com, but no such site exists. anyone give a short list of PHP script archive sites? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] script archives
Chris Shiflett wrote: --- Dennis Gearon [EMAIL PROTECTED] wrote: I'm trying to find a script archive I once used to go to. It was neck and neck with hotscripts.com in usable scripts. It was for PHP only scripts. I THOUGHT it was called phpscripts.com, but no such site exists. Perhaps you are thinking of David Sklar's PHP code exchange? http://px.sklar.com/ Hope that helps. Chris = Become a better Web developer with the HTTP Developer's Handbook http://httphandbook.org/ found it, didn't think to put a dash in it: http://www.php-scripts.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] script archives
Chris Shiflett wrote: --- Dennis Gearon [EMAIL PROTECTED] wrote: I'm trying to find a script archive I once used to go to. It was neck and neck with hotscripts.com in usable scripts. It was for PHP only scripts. I THOUGHT it was called phpscripts.com, but no such site exists. Perhaps you are thinking of David Sklar's PHP code exchange? http://px.sklar.com/ Hope that helps. Chris = Become a better Web developer with the HTTP Developer's Handbook http://httphandbook.org/ opps, guess not, it wasn't: http://www.php-scripts.com/ unles it's changed a lot and gone down hill as well. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] accessing $GLOBALS values
I am looking at the 'tackle' library available at sourceforge. It's a 'Tiny ACL' (access control list). Seems pretty good, simple and to the point. AND, it is database neutral, using ADODB. I haven't figured out how it does referential integrity in the database yet, but I suspect it's using table locking. One thing I'm a little confused about is the usage of $GLOBALS array, in this manner: $GLOBALS[SOME_NAME]. I thought that it should be: $GLOBALS['SOME_NAME']. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] password systems
Anyone have any sources of noun/verb/adjective lists for password generation? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] some html basics please
It seems that HTML is LAME, LAME,LAME when it comes to determining local directories. I would like to somehow: put image links relative to a base directory (if a relative URI is given) and have PAGE links relative to the current page (if a relative URI is given) What I seem to be able to do instead, is to: with NO base href=websitehost/~my_directory/ in the header hard code the location of the images use relative URI for pages -OR- with NO base href=websitehost/~my_directory/ in the header use relative location of the images hard code the URI for pages there seems no way to tell the browser to look below the base of the site for relative URI for images, but do local to the current file relative for other pages. And doing '/someURI makes the browser go off the site and not the base. GR. I can either get my images from a particular place on my site by hardcoding the exact UR -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] some html basics please
Chris Shiflett wrote: ../ is the parent directory ./ is the current directory / is the root directory I knew that ./ was the current directory on a *nix system, but a browser will respect that also? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] auto_prepend_file
Is there any settings that will silently disable the ability for a .htaccess file to use the php_value auto_prepend_value some file name directive? Some safe mode thing, or an ini setting or something? The people at the host I'm at just CAN'T seem to get it working on my site. It's an ensim site. I have errors turned on, and it doesn't even give an error. It's like the line doesn't exist. If I had a browning light with some sabotted tungsten carbide slugs, I'd fix the G*^(*^N server, after three days of messing with this. :-) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] ensim problems
please cc me. I'm on a host with ensim, and it **IS** reading the .htaccess file, (I've tested it), but it isn't reading the directive: php_value auto_prepend_file /path/file.name For those with better shell experience, would this find all the .htaccess files using that directive on a shared host? find / -follow -name '.htaccess' | grep -F -e auto_prepend Do I have to put quotes on the 'auto_prepend' pattern? Will this print the filename that contains the line so the sysop will know which file to look iin? I want the sysop to query a user on the system that is using the prepend file and ask how it is working and how it is done on his site. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] (^*$*(^*$% ensim web appliance
please cc me Anyone on a shared, name-based IP, ensim web appliance hosted website? Can you tell me how to set the freekin': php_value auto_prepend_file /some_freekin_unknown_real_directory_path_to_HOME/my_paths/prepend.php value in my .htaccess file? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Netscape 6, What a piece of s$#@ ,anyone else had problems
I received this email, with the PHP subject, at an address I haven't used in a long time on the PHP list. It contained a attached file called: Marzia_MaterialeDaInternet.lnk.exe A fairly large BASE 64 encoded attachment. I DID not open it. This is a warning to others. Lucas Persona wrote: Jason, I've Replyed also to the lsit, because someone could help us on this... Jason Lotito wrote: Lucas Persona wrote: I was used to think on that way... Some time ago I have problems with Netscape 6 and PHP. It was not a -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] native vs. phplib sessions
How many people are using native vs. phplib sessions, vs. their own/homegrown sessions? The archives show a LOT of problems with native sessions. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Favor from gurus
If one of you are a guru and on the php-dev list, would you please either look at the code or ask others on that list if it's possible to use: 'requiressl=1' in the connection string for pg_connect/pg_pconnect and it will actually work in PHP ver = 4.2.2 ? I am already on so many lists, I don't want to join another for one question. Please cc me because I'm on digest for php-general. Thank you in advance. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] md5() number of aruments
oops, miscounted a postion of the md5 parentheses :-0 Jason k Larson wrote: First of all, the example you gave is only using one argument to the MD5 function. Secondly, if you *want* to seed/salt the MD5 with a key you can use: http://www.php.net/manual/en/ref.mhash.php -- Jason k Larson aka: der Ritter Dennis Gearon wrote: The usage of md5() in PHPLIB show TWO arguments, a seed and the string. Nothing in the online manual shows 2 args. What's the dealio? Line 111 from PHPLIB7.2c - session.inc: $id = $this-that-ac_newid(md5(uniqid($this-magic)), $this-name); -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] md5() number of aruments
I don't see anywhere on that page where it shows using a seed. It shows **selecting a hash algorithm**, but no salt. Maybe that's the second argument that you're looking at. Jason k Larson wrote: First of all, the example you gave is only using one argument to the MD5 function. Secondly, if you *want* to seed/salt the MD5 with a key you can use: http://www.php.net/manual/en/ref.mhash.php -- Jason k Larson aka: der Ritter Dennis Gearon wrote: The usage of md5() in PHPLIB show TWO arguments, a seed and the string. Nothing in the online manual shows 2 args. What's the dealio? Line 111 from PHPLIB7.2c - session.inc: $id = $this-that-ac_newid(md5(uniqid($this-magic)), $this-name); -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] connecting securely to remote database
I saw that, Joshua,I am on that list. Amazing that it came up just after I posted to the PHP list. The reason I posted it here is that I still probably need someway to initiate an SSH/SSL connection from PHP, and I doubt it autoswitches when connecting to a database. Joshua Moore-Oliva [EMAIL PROTECTED] wrote: - You should put this on the postgres general list not here... I've heard a lot of talk about this lately, though I haven't gotten around to implementing it yet.. There is also a section in the online postgres docs on how to do this. And if you're fast someone just posted a question 2 minutes ago on the pgsql-general list that went like this... I'm using redhat 8.0 and postgresql 7.2.4 (rpm from postgresql.org). I want to enable ssl. START QUOTE I have edited postgresql.conf to ssl = true. I also follow the 7.3 manual (from postgresql.org) to create certificates and placed them in /var/lib/pgsql/data/. Then restart the server with /etc/init.d/postgresql restart. The result is [Failed]. What else should I do? Or procedure for 7.3 is different from 7.2.4? Or the rpm does not have ssl enabled when compile? -Jason ---(end of broadcast)--- TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED] END QUOTE I'd suggest hopping onto the postgres list Josh. On March 19, 2003 01:25 am, Dennis Gearon wrote: how do I connect securely to a postgres database on another server / DNS name / IP? Some way to do SSL/SSH easily from PHP? On March 19, 2003 01:25 am, Dennis Gearon wrote: how do I connect securely to a postgres database on another server / DNS name / IP? Some way to do SSL/SSH easily from PHP? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] md5() number of aruments
What page is that on? BTW, I figured out I could just prepend a long, complex string to whatever I am hashing and it will 'seed' it before it gets to my stuff. Jason k Larson wrote: mhash (PHP 3= 3.0.9, PHP 4 ) mhash -- Compute hash Description: string mhash ( int hash, string data [, string key]) ^ salt/seed/key - whatever you want to call it -- Jason k Larson Dennis Gearon wrote: I don't see anywhere on that page where it shows using a seed. It shows **selecting a hash algorithm**, but no salt. Maybe that's the second argument that you're looking at. Jason k Larson wrote: First of all, the example you gave is only using one argument to the MD5 function. Secondly, if you *want* to seed/salt the MD5 with a key you can use: http://www.php.net/manual/en/ref.mhash.php -- Jason k Larson aka: der Ritter Dennis Gearon wrote: The usage of md5() in PHPLIB show TWO arguments, a seed and the string. Nothing in the online manual shows 2 args. What's the dealio? Line 111 from PHPLIB7.2c - session.inc: $id = $this-that-ac_newid(md5(uniqid($this-magic)), $this-name); -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Anybody have any thoughts on Smarty?
Smarty is very wonderful. If both the coder and the designer work together, layout and code logic can be completely separate. I am doing a form for entering in about 25 fields. As long as the template the designer comes up with has: The required form variables, and template variables to put success/failure notices up, I don't have to know anything about colors, css, layout, fonts, mostly don't have to know about graphics,etc. It might get a little more involved in multi language sites, however. My form has two versions, a submit template, and a approve template. After sanitizing the input rigorously, the user may not like what I will be submitting. So I send all the values I've cleaned to him/her in a text layout (up to the designer) and a hidden form contains the same values. The template variables are just duplicated in both those places, so I get back what they see and approve. I've also added a md5 hash with a page local salt so that I can test if they have alterered what I've sent them to be approved. And I filter it again anyways before checking the hash. so when the form comes back, the submit button has a value of 'approve' and I check the hash, and store it in the database. I never have to know what it looks like. It's a little good to know what order the user is presented the fields, because they can fix the errors in order as I parse them. It's not necessary though, just good practice. My designer is awesome too. We both get to do what we want and we enjoy it a LOT. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] connecting securely to remote database
how do I connect securely to a postgres database on another server / DNS name / IP? Some way to do SSL/SSH easily from PHP? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] md5() number of aruments
The usage of md5() in PHPLIB show TWO arguments, a seed and the string. Nothing in the online manual shows 2 args. What's the dealio? Line 111 from PHPLIB7.2c - session.inc: $id = $this-that-ac_newid(md5(uniqid($this-magic)), $this-name); -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] help from experienced devr's
Simple question, only related to this forum in that all of us use libraries that are compressed. I'm trying to use adodb, and I uploaded it's zipped archive to a linux box and gunzip won't unzip it. Says 'multiple entries'. Anyone know how to upload it, short of unzipping in on a windbloze box, then ftping all files up? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] help from experienced devr's
Turns out the adodb guy DOES have a *.tgz file to download. I got it,
(it's missnamed in the extension), and was able to extract it fine.
Thanks for your help!
Ernest E Vogelsinger wrote:
At 00:18 18.03.2003, Dennis Gearon said:
[snip]
Simple question, only related to this forum in that all of us use
libraries that are compressed.
I'm trying to use adodb, and I uploaded it's zipped archive to a linux
box and gunzip won't unzip it. Says 'multiple entries'. Anyone know how
to upload it, short of unzipping in on a windbloze box, then ftping all
files up?
[snip]
on your linux box, cd to the directory containing the archive, then enter
tar -xzf {archivename}
In most cases (also for adodb) this will create a directory tree containing
the extracted distribution files in the correct layout. The directory name
is usually similar to the archive name (depends on the archive contents of
course, but in case of adodb it's adodb and a version number (I believe).
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] documentation on pg_escape_string()
Anyone know where to find documentation on this? Who knows what it escapes? please cc / bc me as I'm on digest -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] http_session_vars
do the session vars get treated with magic quotes? The last comment at the bottom of: http://www.php.net/manual/en/function.get-magic-quotes-gpc.php Seems to think so. He's written good code, but I have my doubts as to whether it should be applied to session vars. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Will this do what I think it will?
I call this file 'clean_gpc.php'.
Will it:
// trim all control codes and spaces from ends of string
// standardize Window's CRLF in middle of string to \n
// standardize Apple's LF in middle of string to \n
// remove all control characters BELOW \n
// remove all control characters ABOVE \n
// compresse run on spaces to a single space
// compresse run on carriage returns to a max of 2
?PHP
if( !defined( GPC_CLEANED ) ){
define( GPC_CLEANED, TRUE );
function clean_gpc( $x ) {
if (is_array($x)) {
while ( list( $key,$value ) = each( $x )) {
if ( $value ) clean_gpc( $x[$key] );
}
} else {
$x = trim($X,\x00..\x20);
// trims all control codes and spaces from ends of string
$x = preg_replace(\r\n, \n, $x );
// standardizes Window's CRLF in middle of string to \n
$x = preg_replace(\r, \n, $x );
// standardizes Apple's LF in middle of string to \n
$x = preg_replace(\x00..\x09, , $x );
// removes all control characters BELOW \n
$x = preg_replace(\x0A..\x1F, , $x );
// removes all control characters ABOVE \n
$x = preg_replace(' +', ' ', $x );
// compresses run on spaces to a single space
$x = preg_replace('\n+\n', '\n\n', $x );
// compresses run on carriage returns to a max of 2
}
}
clean_gpc($HTTP_GET_VARS);
clean_gpc($HTTP_POST_VARS);
clean_gpc($HTTP_COOKIES_VARS);
//clean_gpc($HTTP_SESSION_VARS);
}
?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] trim() not working according to php.net site examples
The below does not remove the control characters as the site examples show.
I was doing it to the $HTTP_POST_VARS, with a whole lot more functionality, but I
can't ANY thing
to modify the string below :-(
Anyone got any ideas why this does not print a string trimmed of all the \t,\r,\n
characters?
(And I haven't even begun to deal with the 'reference' issues)
?php
echo(pre\n);
function clean_gpc( $x ) {
echo(br\nIN
FUNCTION);
echo( trim($x,\x00..\x20) . br\n );
// supposedly trims all control codes and spaces from ends of string
echo(br\nOUT
FUNCTION);
}
$bad_str = \t\t\t\\r\\\r\r\r\r\n\r\nFour schore
...and seven
\n\n\n\n\nr\r\r\rn\r years ago, ,,,,,,our father created on tis planet
\t\t\t\\r\\\r
\r\r\r\n\r\nFour ;
echo(pre\n);
clean_gpc( $bad_str );
echo(/pre\n);
?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] can't get any string replacements to clean this
All i get out of: str_replace ereg_replace preg_replace is an empty string value. Anybody know why? ?PHP $bad_str = \t\t\t\\r\\\r\r\r\r\n\r\nFour schore ...and seven\n\n\n\n\nr\r\r\rn\r years ago, ,,,,,,our father created on tis planet \t\t\t\\r\\\r\r\r\r\n\r\nFour ; echo( br\nuncleaned string-br\n); echo($bad_str . br\nn ); echo( br\ncleaned br\n); //Nothing will clean on this line $bad_str = preg_replace( '\r', '\n', $bad_str ); echo(/pre\n); ? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] can't get any string replacements to clean this
makes no difference .. Joe Goff wrote - Put the arguments inside of double quotes instead of single quotes and then try it. $bad_str = str_replace(\r,\n,$bad_str); - Original Message - From: Dennis Gearon [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, March 13, 2003 11:51 PM Subject: [PHP] can't get any string replacements to clean this All i get out of: str_replace ereg_replace preg_replace is an empty string value. Anybody know why? ?PHP $bad_str = \t\t\t\\r\\\r\r\r\r\n\r\nFour schore ...and seven\n\n\n\n\nr\r\r\rn\r years ago, ,,,,,,our father created on tis planet \t\t\t\\r\\\r\r\r\r\n\r\nFour ; echo( br\nuncleaned string-br\n); echo($bad_str . br\nn ); echo( br\ncleaned br\n); //Nothing will clean on this line $bad_str = preg_replace( '\r', '\n', $bad_str ); echo(/pre\n); ? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] can't get any string replacements to clean this
ooops, after many hours on this, I had deleted out the final echo statement. I will play with this and see what I get now. ?PHP $bad_str = \t\t\t\\r\\\r\r\r\r\n\r\nFour schore ...and seven\n\n\n\n\nr\r\r\rn\r years ago, ,,,,,,our father created on tis planet \t\t\t\\r\\\r\r\r\r\n\r\nFour ; echo( br\nuncleaned string--br\n); echo($bad_str . br\nn ); echo( br\ncleaned string---br\n); $bad_str = str_replace( \r, \n, $bad_str ); echo( $bad_str ); echo(/pre\n); ? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] can't get any string replacements to clean this
I finally got something to do it, at least, in inline code. I couldn't figure out how to remove NULLS, anybody know? A search on: http://marc.theaimsgroup.com/?l=php-generalr=1w=2 didn't turn anything up. // // WORKING CODE FOR R-E-A-L-L-Y cleaning up a string, converting line ends // to *nix, allows two \n's in a row for paragraphs. // note, the perios in the echo statements show absence/presence of // ending white space // ?PHP $bad_str = \t\t\t\\r\\\r\r\r\r\n\r\nFour schore ...and seven\n\n\n\n\nr\r\r\rn\r years ago, ,,,,,,our father created on tis planet \t\t\t\\r\\\r\r\r\r\n\r\nFour ; echo( \nuncleaned string--\n); echo($bad_str ); echo( .\ncleaned string---\n); $bad_str = str_replace( \x0D\x0A, \x0A, $bad_str ); $bad_str = str_replace( \x0D, \x0A, $bad_str ); $bad_str = ereg_replace( \x0A\x0A+, \x0A\x0A , $bad_str ); // compresses run on line ends to double line ends $bad_str = ereg_replace( [\x01-\x09],, $bad_str ); $bad_str = ereg_replace( [\x0B-\x1F],, $bad_str ); $bad_str = ereg_replace( + , , $bad_str ); // compresses run on spaces to a single space $bad_str = trim( $bad_str ); echo( $bad_str ); echo(./pre\n); ? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] non transmitted cookie
Is there anyway for a page to save information on a user's computer which is accessible via java or javascript, but doesn't get sent with each HTML request the way a cookie is? I had this idea, patterned after kerberos: 1/ A user logs into a site via a secure link. 2/ A hash salt is stored on their computer and an initial hash is generated for the user as a Password to their session key. 3/ The user is redirected to the non secure part of the site and they have both the hash-pw plus session key in their document. 4/ Each time they access a page on our site, a javascript fires which generates the next sequence in the hash-pw. 5/ the server also generates the same new sequence and compares it. If the session key and the new password agree, then it is the user attached to the session. So, this salt needs to NOT be transmitted via the cookie so that it does not appear 'in the clear', which would invalidate it's use. Please CC me when you reply to the list, I am on digest. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] non transmitted cookie
Unless of course, you are listening into the network connection :-) Jason Sheets wrote: Not that I am aware of, it seems you would be better off using SSL, if you are concerned about someone hijacking the sessions you could generate your own session id (I generate random 80 character session ids instead of 32) and also limit the life of the session, you could write logic to change the session ID every n minutes which would make brute forcing the session id even harder. Jason On Wed, 2003-02-26 at 11:34, Dennis Gearon wrote: Is there anyway for a page to save information on a user's computer which is accessible via java or javascript, but doesn't get sent with each HTML request the way a cookie is? I had this idea, patterned after kerberos: 1/ A user logs into a site via a secure link. 2/ A hash salt is stored on their computer and an initial hash is generated for the user as a Password to their session key. 3/ The user is redirected to the non secure part of the site and they have both the hash-pw plus session key in their document. 4/ Each time they access a page on our site, a javascript fires which generates the next sequence in the hash-pw. 5/ the server also generates the same new sequence and compares it. If the session key and the new password agree, then it is the user attached to the session. So, this salt needs to NOT be transmitted via the cookie so that it does not appear 'in the clear', which would invalidate it's use. Please CC me when you reply to the list, I am on digest. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Carpe Dancem ;-) - Remember your friends while they are alive - Sincerely, Dennis Gearon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] user registration system
Anybody know of a good user registration system, using emailed web addresses for verification of email address? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] prepend file
How can I get a prepend file to work out of my .htaccess file when the host provider is running safe-mode? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Using 404 instead of mod_rewrite
When one writes a 404 document in PHP, how do I get access to all the POST, GET, COOKIE, URL, protocol, Languages, etc. that the originally requested document came in with? -- -- Carpe Dancem ;-) - Remember your friends while they are alive - Sincerely, Dennis Gearon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Using 404 instead of mod_rewrite
So '/error.php' is in the DOCUMENT ROOT, not the server root, correct? And I will get all the CGI environment available to the original requested document? Peter Janett wrote: Use a relative path in your ErrorDocument line, instead of a full url, and you'll get what you are looking for. ErrorDocument 404 /error.php instead of: ErrorDocument 404 http://www.yourdomain.com/error.php Note that even though error.php is in your root (or wherever it is), that it can be called from anywhere in your web tree, so paths like ../images/img.gif won't work if a 404 is thrown in /directory/subdirectory/nothersubdirectory HTH, Peter Janett New Media One Web Services New Upgrades Are Now Live!!! Windows 2000 accounts - Cold Fusion 5.0 and Imail 7.1 Sun Solaris (UNIX) accounts - PHP 4.1.2, mod_perl/1.25, Stronghold/3.0 (Apache/1.3.22), MySQL 3.23.43 PostgreSQL coming soon! http://www.newmediaone.net webmaster at newmediaone.net (303)828-9882 - Original Message - From: Dennis Gearon [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, February 03, 2003 8:31 PM Subject: [PHP] Using 404 instead of mod_rewrite When one writes a 404 document in PHP, how do I get access to all the POST, GET, COOKIE, URL, protocol, Languages, etc. that the originally requested document came in with? -- -- Carpe Dancem ;-) - Remember your friends while they are alive - Sincerely, Dennis Gearon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Carpe Dancem ;-) - Remember your friends while they are alive - Sincerely, Dennis Gearon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] web server and permissions
Please B/CC me, thank you. I am on a site that has all the files in both the /home/sitename/www/ directory and a directory we'll call /home/directory/includes/ with the following permisssions: rwxr-x--r The group I have in /etc/group does not have anyone in it, including me. The server reads everything fine and the php engine can include fine from the /home/sitename/includes/ directory. The problem is, everyone else on the site can read the includes directory as well, including my database password file which get's included. What I would like to set up is: [1] the apache/php engine can include from the includes directory, but not just spit it out. I think that is taken care of by the .htaccess file already. [2] the apache/php process is in my group, and everything I want to go out has the group permissions set to rwx--r--- (do php/html/inc files also have to be executable to be serverd?) [3] 'everyone' does not have the ability to read my files on myserver. Is this the way to do it? What is the normal way permission are set up for users/apache/groups/everyone? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] web server and permissions
Would this prevent other PHP users from including files in my include directory? 11/20/2002 1:45:08 PM, Ernest E Vogelsinger [EMAIL PROTECTED] wrote: At 19:49 20.11.2002, Dennis Gearon said: [snip] Please B/CC me, thank you. I am on a site that has all the files in both the /home/sitename/www/ directory and a directory we'll call /home/directory/includes/ with the following permisssions: rwxr-x--r The group I have in /etc/group does not have anyone in it, including me. The server reads everything fine and the php engine can include fine from the /home/sitename/includes/ directory. The problem is, everyone else on the site can read the includes directory as well, including my database password file which get's included. You should set the owner and group of the includes directory correctly, additional to the file permissions. If you want only apache (and PHP) to be able to read from the includes directory, and only you may add/modify, you should (assumed dgearon is your username): chown dgearon:apache /home/sitename/include/. chown -R dgearon:apache /home/sitename/include/* chmod 750 /home/sitename/include/. chmod -R 640 /home/sitename/include/* This will make your account the owner of the directory and all files, and the group apache the owning group. Only the owner may list and modify the directory and files, and only the owner and the owning group may read the directory and its files. All others are blocked access. What I would like to set up is: [1] the apache/php engine can include from the includes directory, but not just spit it out. I think that is taken care of by the .htaccess file already. See my comment above [2] the apache/php process is in my group, and everything I want to go out has the group permissions set to rwx--r--- (do php/html/inc files also have to be executable to be serverd?) no, they are read by the web server, not executed [3] 'everyone' does not have the ability to read my files on myserver. set the last permission number to zero (see above). The last number stands for world which means all others that are not owner or ownergroup. -- O Ernest E. Vogelsinger (\)ICQ #13394035 ^ http://www.vogelsinger.at/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] SQL Injection/Data Balidation
Please CC me as I'm on digest:
--
Are there any libraries for data validation available? If one reads
papers like these:
http://www.nextgenss.com/papers/advanced_sql_injection.pdf
http://www.nextgenss.com/papers/more_advanced_sql_injection.pdf
It becomes apparent that sites using databases are incredibly open to
attack because of the ingenuity of the attackers. I think there should
be a PHPGuardLib or something. After reading those articles, I plan on
filtering ALL input for semi-cololons and 'chr(' character strings. In
the cases where I want to accept apostrophes, I'm going to be very
careful.
Also, are there any attacks to email programs on linux that can be done
through input forms?
PS, for those who think escaping user input only on apostrophes, THINK
AGAIN! And read the aticles above.
--
If You want to buy computer parts, see the reviews at:
http://www.cnet.com/
**OR EVEN BETTER COMPILATIONS**!!
http://sysopt.earthweb.com/userreviews/products/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Browser Javascript capabilities
Is it possible from the browser requests to tell if it is jscript enabled so that an appropriate page can be sent for en/disabled browsers? -- If You want to buy computer parts, see the reviews at: http://www.cnet.com/ **OR EVEN BETTER COMPILATIONS**!! http://sysopt.earthweb.com/userreviews/products/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php 'mail()' security
No, but thanks, the other input is more towards what I was looking for.
I want to take in an email address, and various other fields. Then, send
an email using 'mail()' with the other fields as the 'body', and the
email address as the 'reply_to' address, to someone in my company. That
way, they can read the submitted information, and then just hit 'reply'
on their mail program when they want to comment on the material.
Tech Support [EMAIL PROTECTED] wrote:
I think you are looking for something different.
do this:
print pre;
print_r($_SERVER);
print /pre;
You will see a whole bunch of useful globals. As a matter of fact, try this
one out too:
print pre;
print_r($GLOBALS);
print /pre;
Jim Grill
Support
Web-1 Hosting
http://www.web-1hosting.net
- Original Message -
From: Bob Lockie [EMAIL PROTECTED]
To: Dennis Gearon [EMAIL PROTECTED]; Tech Support
[EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Sunday, July 28, 2002 1:19 PM
Subject: Re: [PHP] php 'mail()' security
There is no substitute for good data verification such as strip_tags() or
some regular expressions to limit valid input. I also would recomend
checking the referrer to be sure someone doesn't hijack you form and try
to
modify it and submit it from a remote location. Here is an example:
if (validReferrer() === false)
die(invalid referrer);
function validReferrer()
{
$_valid_referrers =
array(www.yoursite.com,www2.yoursite.com,yoursite.com);
$referer = str_replace('//', '/', $_SERVER['HTTP_REFERER']);
$ref = explode('/', $referer);
if ( in_array($ref[1], $_valid_referrers) )
return true;
else
return false;
}
That is a good idea.
$_SERVER['HTTP_REFERER'] is the web server identifier, right?
My web server is 10.0.0.5 from the internal LAN.
I am hesitant to allow HTTP_REFERERs from 10.0.0.5 because it seems to me
that it would be easy enough to configure a strange box
to imitate 10.0.0.5.
Can I somehow check that the HTTP_REFERER = localhost?
-
Joy is just a thing (to be).. raised on,
Love is just the way to Live and Die,
John Denver.
-
He lost a friend, but kept his Memory (also John Denver),
Thank you...John Corones...my friend always.
-
Look lovingly upon the present,
for it holds the only things that are forever true.
-
Sincerely, Dennis Gearon (Kegley)
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] php 'mail()' security
How can I make my form which entered by a user, then sent to a company employee, secure, not vulnerable attack? -- - Joy is just a thing (to be).. raised on, Love is just the way to Live and Die, John Denver. - He lost a friend, but kept his Memory (also John Denver), Thank you...John Corones...my friend always. - Look lovingly upon the present, for it holds the only things that are forever true. - Sincerely, Dennis Gearon (Kegley) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php 'mail()' security
What I meant was, how to sanitize the input on the forms so that malicious stuff cannot be put as commands, etc. in the email address, or body, or 'extra' field of the 'mail()' function in PHP. -- - Joy is just a thing (to be).. raised on, Love is just the way to Live and Die, John Denver. - He lost a friend, but kept his Memory (also John Denver), Thank you...John Corones...my friend always. - Look lovingly upon the present, for it holds the only things that are forever true. - Sincerely, Dennis Gearon (Kegley) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Mail routing/reply to woes
I am the webperson for a couple of sites, new ones. I've set up several addresses, some I get and respond to. What I would like, for all the addresses on the box, is for someone to be able to run their browser's mailere to be able to download the mail, and also send mail from the server th3e account is hosted on. This owuld cause the reply to address to be their account name, AND more importantly, have the sent from/routing to come from that box. These boxes are for 12 step anonymous organizations and I don't want their home email address being connected to the usage of the site. Can POP3 do this, or IMAP, or either? -- If You want to buy computer parts, see the reviews at: http://www.cnet.com/ **OR EVEN BETTER COMPILATIONS**!! http://sysopt.earthweb.com/userreviews/products/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] help with a rewrite directive
Can anyone tell me the rewrite instruction for apache-mod_rewrite for: original - TangoClass.doc final- TangoClass.htm and it shows up in the browser window? -- If You want to buy computer parts, see the reviews at: http://www.cnet.com/ **OR EVEN BETTER COMPILATIONS**!! http://sysopt.earthweb.com/userreviews/products/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] phpinfo
has anyone tried to eval() php info to prevent it from being displayed so it could be processed for config checking, instead? Since what version have the 'subsections' of phpinfo() been available, like phpinfo(INFO_CONFIGURATION); ? -- - Joy is just a thing (to be).. raised on, Love is just the way to Live and Die, John Denver. - He lost a friend, but kept his Memory (also John Denver), Thank you...John Corones...my friend always. - Look lovingly upon the present, for it holds the only things that are forever true. - Sincerely, Dennis Gearon (Kegley) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re:phpinfo
What I was trying to do was to find out how to get magic_quotes_sybase
config value. This will do it:
$test = addslashes(');
$this-sybase_magic = strcmp( $test, \\');
Also, I looked up eval(), it doesn't return the output of all fucntions
like I thought. I would have to use system, the backticks, invoke php as
a one time interpreter, OR, have a page that I call that has the
appropriate version of PHPINFO in it, and call that page and process the
returned call, from with in the current script.
Dennis Gearon [EMAIL PROTECTED] wrote:
--
has anyone tried to eval() php info to prevent it from being displayed
Lso it could be processed for config checking, instead?
Since what version have the 'subsections' of phpinfo() been available,
like
phpinfo(INFO_CONFIGURATION); ?
--
--
If You want to buy computer parts, see the reviews at:
http://www.cnet.com/
**OR EVEN BETTER COMPILATIONS**!!
http://sysopt.earthweb.com/userreviews/products/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] ini-options
I should have added: ... that worked before PHP4. But thanks, see my
previous post to this.
Philip Olson wrote:
if only there were, 'get_magic_quotes_sysbase();'
happy birthday ;)
function get_magic_quotes_sybase()
{
if (!ini_get('magic_quotes_sybase')) {
return 0;
} else {
return 1;
}
}
feature requests can be submitted at:
http://bugs.php.net/
regards,
Philip Olson
--
If You want to buy computer parts, see the reviews at:
http://www.cnet.com/
**OR EVEN BETTER COMPILATIONS**!!
http://sysopt.earthweb.com/userreviews/products/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] more database escaping
In setting up a new database, new pages, new site, on a shared server, these thoughts come to mind: 1/ Does anybody keep a table of config values in which the database was originally designed for? (and one in each database for a site, for that matter) Example CREATE TABLE site_name_design_cfg_vals( name VARCHAR(32), value VARCHAR(32), PRIMARY KEY name ) TYPE='MYIASM'; Some values I would store, for example, would be: 'single_quote_escape', ''' 'double_quote_escape', '\' Then, before insertions are made into the database, these values are checked, and only the right values are put in. This makes it easy to move between sites, or databases. -- - Joy is just a thing (to be).. raised on, Love is just the way to Live and Die, John Denver. - He lost a friend, but kept his Memory (also John Denver), Thank you...John Corones...my friend always. - Look lovingly upon the present, for it holds the only things that are forever true. - Sincerely, Dennis Gearon (Kegley) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] ini-options
Is there any way before PHP4 to read: magic_quotes_xxx settings so that I know what is happening to data escaping? -- - Joy is just a thing (to be).. raised on, Love is just the way to Live and Die, John Denver. - He lost a friend, but kept his Memory (also John Denver), Thank you...John Corones...my friend always. - Look lovingly upon the present, for it holds the only things that are forever true. - Sincerely, Dennis Gearon (Kegley) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] ini-options
if only there were, 'get_magic_quotes_sysbase();' Jason Wong wrote: On Thursday 23 May 2002 11:49, Dennis Gearon wrote: Is there any way before PHP4 to read: magic_quotes_xxx settings so that I know what is happening to data escaping? get_magic_quotes_gpc() get_magic_quotes_runtime() seems to run on most versions of php. -- Jason Wong - Gremlins Associates - www.gremlins.com.hk Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * -- - Joy is just a thing (to be).. raised on, Love is just the way to Live and Die, John Denver. - He lost a friend, but kept his Memory (also John Denver), Thank you...John Corones...my friend always. - Look lovingly upon the present, for it holds the only things that are forever true. - Sincerely, Dennis Gearon (Kegley) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] ini-options
What version was magic_quotes_sybase added? -- - Joy is just a thing (to be).. raised on, Love is just the way to Live and Die, John Denver. - He lost a friend, but kept his Memory (also John Denver), Thank you...John Corones...my friend always. - Look lovingly upon the present, for it holds the only things that are forever true. - Sincerely, Dennis Gearon (Kegley) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] More on escaping for SQL statements
I appreciate all the replies to my question before about this. And also to the person who asked the question later in the day! What I'm looking for is a database neutral, comprehensive way to do escaping. First of all, though, will a php string hold binary data with the value of 0x00 at multiple locations and NOT self terminate on the first occurrence of it? In short, are php strings null terminated, or count terminated like pascal and ada? 1/ If PHP strings are count terminated, as per above, then escaping 0x00 is necessary and functional. Probably a '\' character would be appropriate. 2/ obviously, the ' character should be escaped, but I want it escaped with another '. 3/ I'm not sure if a needs to be quoted in the data that goes into a database. Does it? How should it be escaped, '\'? 4/ The page on add_slashes() has some comment about escaping '_', '%' chars. I seem to remember that ANSI standard escape for the '%' is another one. What is the reason for escaping the '_' char and how is it done? -- If You want to buy computer parts, see the reviews at: http://www.cnet.com/ **OR EVEN BETTER COMPILATIONS**!! http://sysopt.earthweb.com/userreviews/products/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Confused about which function to use with forms/database
I appreciate all the good info on this subject, everybody. In looking the archives, I am still confused on one issue. Do **ALL** databases treat \' or \ as escaped? Isn't the SQL standard character to escape with a ' ? -- - Joy is just a thing (to be).. raised on, Love is just the way to Live and Die, John Denver. - He lost a friend, but kept his Memory (also John Denver), Thank you...John Corones...my friend always. - Look lovingly upon the present, for it holds the only things that are forever true. - Sincerely, Dennis Gearon (Kegley) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Confused about which function to use with forms/database
I think I will try to standardize on the '' version, then. thank you. Miguel Cruz wrote: On Sat, 18 May 2002, Dennis Gearon wrote: I appreciate all the good info on this subject, everybody. In looking the archives, I am still confused on one issue. Do **ALL** databases treat \' or \ as escaped? Isn't the SQL standard character to escape with a ' ? I know that Oracle (at least as of v8) doesn't treat \' as escaped; you need to use the option magic_quotes_sybase. And I know that MySQL is perfectly happy with either \' or ''. miguel -- - Joy is just a thing (to be).. raised on, Love is just the way to Live and Die, John Denver. - He lost a friend, but kept his Memory (also John Denver), Thank you...John Corones...my friend always. - Look lovingly upon the present, for it holds the only things that are forever true. - Sincerely, Dennis Gearon (Kegley) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
