[PHP] Re: confirm subscribe to php-general@lists.php.net
-- Ivo Engelhardt engelha...@fastmail.fm Am Di, 30. Okt 2012, um 6:25, schrieb php-general-h...@lists.php.net: Hi! This is the ezmlm program. I'm managing the php-general@lists.php.net mailing list. I'm working for my owner, who can be reached at php-general-ow...@lists.php.net. To confirm that you would like engelha...@fastmail.fm added to the php-general mailing list, please send an empty reply to this address: php-general-sc.1351574730.pnaeclmgbekeljhbofol-engelhardt=fastmail...@lists.php.net Usually, this happens when you just hit the reply button. If this does not work, simply copy the address and paste it into the To: field of a new message. or click here: mailto:php-general-sc.1351574730.pnaeclmgbekeljhbofol-engelhardt=fastmail...@lists.php.net This confirmation serves two purposes. First, it verifies that I am able to get mail through to you. Second, it protects you in case someone forges a subscription request in your name. Some mail programs are broken and cannot handle long addresses. If you cannot reply to this request, instead send a message to php-general-requ...@lists.php.net and put the entire address listed above into the Subject: line. --- Administrative commands for the php-general list --- I can handle administrative requests automatically. Please do not send them to the list address! Instead, send your message to the correct command address: For help and a description of available commands, send a message to: php-general-h...@lists.php.net To subscribe to the list, send a message to: php-general-subscr...@lists.php.net To remove your address from the list, just send a message to the address in the ``List-Unsubscribe'' header of any list message. If you haven't changed addresses since subscribing, you can also send a message to: php-general-unsubscr...@lists.php.net or for the digest to: php-general-digest-unsubscr...@lists.php.net For addition or removal of addresses, I'll send a confirmation message to that address. When you receive it, simply reply to it to complete the transaction. If you need to get in touch with the human owner of this list, please send a message to: php-general-ow...@lists.php.net Please include a FORWARDED list message with ALL HEADERS intact to make it easier to help you. --- Enclosed is a copy of the request I received. Return-Path: nore...@php.net Received: (qmail 74938 invoked from network); 30 Oct 2012 05:25:30 - Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 30 Oct 2012 05:25:30 - Return-Path: nore...@php.net Authentication-Results: pb1.pair.com header.from=engelha...@fastmail.fm; sender-id=unknown Authentication-Results: pb1.pair.com smtp.mail=nore...@php.net; spf=unknown; sender-id=unknown Received-SPF: unknown (pb1.pair.com: domain php.net does not designate 140.211.15.143 as permitted sender) X-PHP-List-Original-Sender: nore...@php.net X-Host-Fingerprint: 140.211.15.143 osu1php.osuosl.org Linux 2.6 Received: from [140.211.15.143] ([140.211.15.143:46535] helo=osu1php.osuosl.org) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 91/F3-31721-7C46F805 for php-general-subscribe-engelhardt=fastmail...@lists.php.net; Tue, 30 Oct 2012 00:25:29 -0500 Authentication-Results: osu1php.osuosl.org smtp.mail=nore...@php.net; spf=neutral; sender-id=neutral Authentication-Results: osu1php.osuosl.org header.from=engelha...@fastmail.fm; sender-id=neutral Received-SPF: neutral (osu1php.osuosl.org: 127.0.0.1 is neither permitted nor denied by domain of php.net) Received: from [127.0.0.1] ([127.0.0.1:48671] helo=localhost) by osu1php.osuosl.org (envelope-from nore...@php.net) (ecelerity 3.3.2.44647 r(44647)) with ESMTP id BE/E1-04504-1C46F805; Tue, 30 Oct 2012 05:25:23 + Date: Tue, 30 Oct 2012 05:25:21 + Message-ID: be.e1.04504.1c46f...@osu1php.osuosl.org X-Authentication-Warning: osu1php.osuosl.org: nobody set sender to nore...@php.net using -f To: php-general-subscribe-engelhardt=fastmail...@lists.php.net Subject: PHP Mailing List Website Subscription X-PHP-Originating-Script: 0:subscribe.php From: engelha...@fastmail.fm This was a request generated from the form at http://www.php.net/mailing-lists.php by 217.86.189.244. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] When is gettimeofday() or microtime() unavailable?
Dear list, I've tried Google, php.net and the list's archives, but I can't find what I'm looking for. Maybe it's obvious, or maybe nobody wonders about this... For years, I've used microtime() to get the current time including the microseconds. However, somebody pointed me at a sentence in the manual page: This function is only available on operating systems that support the gettimeofday() system call. And PHP's gettimeofday() suggests the same situation: This is an interface to gettimeofday(2). But... what kind of systems then don't have this system call available? Some googling around provided lots of C programmers trying to get a gettimeofday() implementation in C on Windows, since it doesn't seem to include it. But PHP's microtime() and gettimeofday() seem to work just fine on Windows (at least the boxes I could get to). Also, I just can't seem to find PHP code anywhere on the web that seems to check the existence of either microtime() or gettimeofday() before they call it, and there have to be lots of PHP programmers out there working on Windows boxes so... Should I ignore the sentence in the manual and just trust that both functions are always available? Or is there another cross-platform way to get to the system time, including the microseconds, without using microtime() or gettimeofday()? Or will both functions just always exist, but just not give me microseconds if there is no gettimeofday() system call available? Any help is highly appreciated. Thanks, Ivo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Job opening in Leiden, Netherlands: PHP/MySQL developer
Dear all, We have an immediate job opening available to work in our team of bio-informaticians on extending the LOVD software (www.LOVD.nl). Even if you're still a beginner with PHP you're welcome to respond. Affinity to biology is a big plus. LOVD (Leiden Open Variation Database) is webbased software used by hospitals and clinics worldwide to store patient and DNA mutation information. For more information, see our website or these two PDF files: http://www.lovd.nl/Vac08_G2P_LSDBs.pdf http://www.lovd.nl/LUMC_E.08.GJ.16HG.pdf If you're interested, please let me know as soon as possible since we've already started selecting candidates. Ivo Fokkema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Suggestions of GPL plugin-system?
Thanks everyone for the useful input. I've looked around a bit using the various links and info that I got. The Gallery2 documentation on the modules is far from transparent to me, and the idea of having a general module class that needs to get extended by the module doesn't appeal to me either. I really like the Drupal system with it's hooks and I like the idea of having my project communicate with various modules through these hooks. The whole system with the API is kinda big though, and right now I don't plan to give modules control over my menu or anything. So I guess, inspired by the Drupal system, I'm going to create a much smaller system that I will implement myself... Thanks again! Ivo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Suggestions of GPL plugin-system?
Hi guys, I've been developing a GPL PHP/MySQL app for some time now and I would like to extend it with a module/plugin system. The idea would be that people could add a directory in a plugin path that would contain a bunch of PHP files extending the functionality of my application. This directory would then be read out, some config file parsed and whatnot, after which the module can be turned on by my application. Now, I could try and figure this out by myself, but that would be reinventing the wheel since I'm betting there is some good GPL modular software around (such as Joomla, PHP-Nuke, PHPbb, etc, etc.) that you have been working with as a coder. Could any of you suggest a certain GPL application that has a great module setup that I could take a look at? Thanks a lot for your time! Ivo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Newsgroup connect time has become very long
On Wed, 06 Dec 2006 10:49:52 +, Colin Guthrie wrote: Al wrote: Anyone having problems connecting the last few days? Or, is there something wrong on my end. Al other sites are working just fine. Newsgroup? I presume you are using Gmane (as I am). I'm using Pan and it's taking ages for me to connect. It just queues my tasks and then suddenly it connects and executes the tasks. Then after a minute or so of inactivity it closes the connection again. It gets really annoying and I seem to have lost a post of mine as well. Ivo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sending E-mail
Also, try to use a local email address first. Possibly it gets sent, but the remote server blocks the email as spam. You can check that by having the email sent to your local user, and check if it arrives there. HTH On Mon, 04 Dec 2006 16:53:19 +0100, Jochem Maas wrote: Janet Smith wrote: I wasn't really sure where to start looking, but I think I have enough information that I can go and look at how we have things set up. I will try to provide more information as I find it. chances are that the following function is being used. http://php.net/mail you should really make sure sending email from the cmdline works before digging deeper into php - it maybe your sendmail (or alternative tool) itself is borked (in which case php won't be able to use it to send any email!). smtp and smtp_port are ini settings that are only valid for windows, I have no idea if setting them in a *nix php installation will cause problems or not. Thanks Jochem Maas [EMAIL PROTECTED] 12/4/2006 10:42 AM Janet Smith wrote: We have an application using PHP. If users have forgotten their password, they click on the link 'Forgot Password' and enter this e-mail address. This is suppose to send their new password to the e-mail address provided. We can not get the e-mail to be sent. I have changed the php.ini file to include the SMTP, the sendmail_from and the sendmail_path. Does anyone have any suggestions as to what else I need to look at? what is the error? what is the code that tries to send the email? what are the relevant php.ini settings set to? what is your OS, php version, etc? do you have a net connection? can you send email from the cmdline? give us this info and maybe we can provide a solution. other than that I can only suggest looking at the moon - it won't solve the problem, and I don't think the moon has a 'look at me' requirement, but it is nice to do. Thanks Jan Smith Programmer Analyst Indiana State University Terre Haute, Indiana Phone: (812) 237-8593 Email: [EMAIL PROTECTED] *** This email, and any attachments, thereto, is intended only for use by the addressee(s) named herein and may contain privileged and/or confidential information. If you are not the intended recipient of this email, you are hereby notified that any dissemination, distribution or copying of this email, and any attachments thereto, is strictly prohibited. *** -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: FW: [PHP] Re: Please hack my app
Hi Jordan, Thank you for your offer. As you know, I've signed up a couple of days ago. I ran a scan yesterday and have gotten a big PDF file out of it. I've quickly scanned through the results and it appears there are a lot of times when I use one of my own functions (sometimes even without an argument) it finds a vulnerability. I will analyze the results more detailed later on. Would you appreciate comments on the service? Thanks again, Ivo On Tue, 28 Nov 2006 14:19:30 +0800, Jordan Forssman wrote: Hi, My name is Jordan Forssman, I am representing a company called Armorize Technologies. We have developed a source code analysis platform for PHP, called CodeSecure, which scans source code for SQL injection, cross site scripting, command injection, etc, vulnerability. The tool will tell you exactly which line the vulnerability is on, explain the propagation of the tainted variables, and assist you in fixing the bug. I believe this tool will help you verify the security of your application and will be able to do so very quickly. At the moment we are scanning around 20 000 lines in under 5 minutes, or 1M in about 2 minutes, depending on the application. Currently we are accepting applications for trial accounts, if you would like to use our tool to scan your code please log on to http://www.armorize.com/events/trialapplication and submit the form. We are just starting our sales and marketing effort so I hope you can use our product and give us some feedback. If you want to know more about our company and product you can find us at: www.armorize.com , download our datasheets and whitepapers at www.armorize.com/resources/download . The trial is free and can be accessed over the Web, we are using the trials as a test case for offering the product as a service and also to promote the product. Once I receive your application I will send you an e-mail with a quickstart guide and login details. If you have any questions, please feel free to contact me anytime. Best Regards, Jordan Forssman Sales Manager Armorize Technologies Tel. +886-2-6616-0100 ext. 201 Cell. +886-938-100-214 Fax. +886-2-6616-1100 Skype: jordan4z [EMAIL PROTECTED] [EMAIL PROTECTED] -Original Message- From: Ivo F.A.C. Fokkema [mailto:I.F.A.C. [EMAIL PROTECTED] Sent: Monday, November 27, 2006 6:01 PM To: php-general@lists.php.net Subject: [PHP] Re: Please hack my app On Wed, 22 Nov 2006 09:57:50 +0100, Ivo F.A.C. Fokkema wrote: Hi List, As this subject may start you wondering what the hell I'm thinking, let me clearify: I've been rewriting an GPL'ed PHP/MySQL app from scratch for the last 12 months or so. It facilitates storage of DNA mutations and the corresponding patient data. Because patient data is involved, privacy is very important. Now of course I read lots of pages on SQL injection and whatnot, and I strongly believe my application is protected from this kind of abuse. However, believing is not enough. I've had some comments in the past about security (previous version of the software) and although I didn't agree to the critic, I want to be able to say the new app went though various forms of attacks. This month, I want to release 2.0-alpha-01... *** THIS IS NOT ABOUT HACKING THE SERVER *** But about getting in the application when you're not allowed to! If you feel like helping me out, it's located at http://chromium.liacs.nl/LOVDv.2.0-dev/ 1) Please try to get in. There's one account in the system, a database administrator, capable of doing anything. If you get in, you can easily create a new user using the setup tab. This will be the prove of you breaking my security rules. 2) Can you manage to view unpublic data? Using the Variants tab, you can see there is currently one entry in the database (with two mutations). This entry has a hidden column, called 'Patient ID'. There is a text-string in that column. If you can tell me what that string is, you win :) 3) Feel free to register as a submitter to see if that gives you any rights that you shouldn't have. A submitter is only capable of adding new data to the database (Submit tab), but that data will not be published immediately. 4) After a while, I will release login details of a curator account. This user is allowed to see non-public data and handle the specific gene, but NOT create new users or the like. If you have any questions, please ask. Thank you in advance for using your expertise for the good cause :) In case anyone is interested; I've created a low-level user ('untrusted') in the system. Password is equal to username. Feel free to try and do stuff you're not supposed to, like creating a new user or creating a gene. Ivo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Please hack my app
On Wed, 22 Nov 2006 09:57:50 +0100, Ivo F.A.C. Fokkema wrote: Hi List, As this subject may start you wondering what the hell I'm thinking, let me clearify: I've been rewriting an GPL'ed PHP/MySQL app from scratch for the last 12 months or so. It facilitates storage of DNA mutations and the corresponding patient data. Because patient data is involved, privacy is very important. Now of course I read lots of pages on SQL injection and whatnot, and I strongly believe my application is protected from this kind of abuse. However, believing is not enough. I've had some comments in the past about security (previous version of the software) and although I didn't agree to the critic, I want to be able to say the new app went though various forms of attacks. This month, I want to release 2.0-alpha-01... *** THIS IS NOT ABOUT HACKING THE SERVER *** But about getting in the application when you're not allowed to! If you feel like helping me out, it's located at http://chromium.liacs.nl/LOVDv.2.0-dev/ 1) Please try to get in. There's one account in the system, a database administrator, capable of doing anything. If you get in, you can easily create a new user using the setup tab. This will be the prove of you breaking my security rules. 2) Can you manage to view unpublic data? Using the Variants tab, you can see there is currently one entry in the database (with two mutations). This entry has a hidden column, called 'Patient ID'. There is a text-string in that column. If you can tell me what that string is, you win :) 3) Feel free to register as a submitter to see if that gives you any rights that you shouldn't have. A submitter is only capable of adding new data to the database (Submit tab), but that data will not be published immediately. 4) After a while, I will release login details of a curator account. This user is allowed to see non-public data and handle the specific gene, but NOT create new users or the like. If you have any questions, please ask. Thank you in advance for using your expertise for the good cause :) In case anyone is interested; I've created a low-level user ('untrusted') in the system. Password is equal to username. Feel free to try and do stuff you're not supposed to, like creating a new user or creating a gene. Ivo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Please hack my app
Hi List, As this subject may start you wondering what the hell I'm thinking, let me clearify: I've been rewriting an GPL'ed PHP/MySQL app from scratch for the last 12 months or so. It facilitates storage of DNA mutations and the corresponding patient data. Because patient data is involved, privacy is very important. Now of course I read lots of pages on SQL injection and whatnot, and I strongly believe my application is protected from this kind of abuse. However, believing is not enough. I've had some comments in the past about security (previous version of the software) and although I didn't agree to the critic, I want to be able to say the new app went though various forms of attacks. This month, I want to release 2.0-alpha-01... *** THIS IS NOT ABOUT HACKING THE SERVER *** But about getting in the application when you're not allowed to! If you feel like helping me out, it's located at http://chromium.liacs.nl/LOVDv.2.0-dev/ 1) Please try to get in. There's one account in the system, a database administrator, capable of doing anything. If you get in, you can easily create a new user using the setup tab. This will be the prove of you breaking my security rules. 2) Can you manage to view unpublic data? Using the Variants tab, you can see there is currently one entry in the database (with two mutations). This entry has a hidden column, called 'Patient ID'. There is a text-string in that column. If you can tell me what that string is, you win :) 3) Feel free to register as a submitter to see if that gives you any rights that you shouldn't have. A submitter is only capable of adding new data to the database (Submit tab), but that data will not be published immediately. 4) After a while, I will release login details of a curator account. This user is allowed to see non-public data and handle the specific gene, but NOT create new users or the like. If you have any questions, please ask. Thank you in advance for using your expertise for the good cause :) Regards, Ivo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Please hack my app
On Wed, 22 Nov 2006 20:14:37 +1100, Kevin Waterson wrote: This one time, at band camp, Ivo F.A.C. Fokkema [EMAIL PROTECTED] wrote: *** THIS IS NOT ABOUT HACKING THE SERVER *** But about getting in the application when you're not allowed to! So, basically, you want _us_ to do _your_ bug checking?? Hell No. I've done that myself (duh). I'm just not arrogant enough to think I tried everything that someone can think of. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Please hack my app
On Wed, 22 Nov 2006 09:53:00 +, Stut wrote: Kevin Waterson wrote: This one time, at band camp, Ivo F.A.C. Fokkema [EMAIL PROTECTED] wrote: *** THIS IS NOT ABOUT HACKING THE SERVER *** But about getting in the application when you're not allowed to! So, basically, you want _us_ to do _your_ bug checking?? And just in case you do find some mug willing to work for you for nothing, if you're going to be releasing the source you need to do that before asking them to find holes. Having the source code makes it a lot easier. You're right. http://www.dmd.nl/LOVD/2.0/download.php?sent=true -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Please hack my app
On Wed, 22 Nov 2006 03:20:16 -0800, Ryan A wrote: Hey there, I dont mean to be a total pri*k about this, but unless you have created something that you are willing to share with others and others can use/modify for their requirements, and you grant them this privilege...I think the norm is you pay someone to do what you are asking. It's GPL. I mentioned that and the source is available (just follow the link and download). I asked *kindly* if anyone wanted to take their time and toss something at it. If no-one wanted to take a look at it, fine, sorry to bother you. If someone wants to, thanks a bunch for your time. I didn't expect anyone to dive deeply into the source code of my project and filter out my mistakes. Just trying a few well-known (possibly not by me) methods would do. I tried anything I could think of, and it didn't break. After my question someone already kindly pointed out I didn't check for HTML code (and thus allowed JS injection). Something to fix in the next release :) What you are asking for is pretty unfair, unless I am missing something? I didn't realize someone may see this as unfair. So my apologies if any interpretation of my question was not received positively. :) I meant no harm in any way. If on the other hand you have identified the part that troubling you, or getting unexpected results from a code segment... then post that as a new question/thread and from the kindness of someones heart, you might get an answer from them. :) I know how the list works, thanks :D There are no known problems at the time. Just wanted to check if anyone thought of something I hadn't thought of. Ivo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Please hack my app
On Wed, 22 Nov 2006 13:37:43 +, Edward Kay wrote: guys I think we need to relax a bit and not attack the guy so much! I agree. Ivo, have you tried Chorizo? http://chorizo-scanner.com/ Thanks Angelo Edward! Chorizo looks good, especially the Morcilla extension mentioned on the website... I will try the free version first, see if that finds anything. I'll check with my boss to see if he wants to spend 289 on a one-year license for the standard version... Thanks for the suggestion! Ivo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Encoding
On Wed, 22 Nov 2006 16:19:54 +0100, Jens Meyer wrote: Hi! Could you check the default encoding of your webserver (in httpd.conf)? I noticed that the charset-information in meta-information is ignored and the default-charset of the webserver is used. Kind regards, Jens Before outputting the HTML, try this: header('Content-Type: text/html; charset=ISO-8859-1'); Try if that works. HTH Ivo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] date() function
On Tue, 14 Nov 2006 15:11:56 -0500, Brad Fuller wrote: $prevminute = sprintf('%02s', date(i)-1); Or, $prevminute = str_pad(date(i)-1, 2, '0', STR_PAD_LEFT); It's a little more code - don't ask me about the speed :) Ivo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Call to undefined function
On Tue, 14 Nov 2006 09:36:52 +, Tom Chubb wrote: I have just encountered a fatal error using file_put_contents() on a PHP4 box. After a bit of research I found a simple function within the php.net user comments. I just wanted to know what happens if I then tried to run this script on a PHP 5 box, whereby I'd be defining a function that already exists. Should I be changing the name of the function just in case it moves to PHP5 in the future? Thanks, Hi Tom, if (!function_exists('file_put_contents')) { function file_put_contents (...) { // Do it your way! } } Ivo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How do you do the ? mark after a filename
On Sun, 12 Nov 2006 22:02:51 -0700, Thomas Bonham wrote: Thank you for that, it was a big help. Can I also call function that way? Again thank you for your help. Thomas Do you mean: /index.php?action=search ?php if (isset($_GET['action']) $_GET['action'] == 'search') { search_items(); } else { view_all_items(); } ? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Spam using email on website
On Tue, 07 Nov 2006 08:42:57 +0200, Pieter du Toit wrote: Hi guys I have a website that is being crawled or whatever and i have a submission form for an event. I keep on getting random mail from this form. I have even disabled the submit button on the form, but keep on getting it. What can i do? I usually find these bastards to enter lots of information in some fields. If I find too much info (or an \r\n) in a regular INPUT type=text field, I either stop processing or throw an error. Either way: no mail-sending. Ivo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] counting records in db
On Mon, 30 Oct 2006 12:28:29 +0100, Robin Vickery wrote: On 30/10/06, Ivo F.A.C. Fokkema [EMAIL PROTECTED] wrote: On Sun, 29 Oct 2006 23:40:47 -0600, Richard Lynch wrote: On Fri, October 27, 2006 4:53 pm, Børge Holen wrote: On Friday 27 October 2006 19:34, Richard Lynch wrote: And the header(Location: ...) requires a full URL. No it doesn't. but he's missing an ' at first glance Yes, it does: http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.30 Note the use of 'absolute' within that section. Although I always use a full URL as well, doesn't absolute just mean non-relative? As in: Location: /Protocols/rfc2616/rfc2616-sec14.html#sec14.30 (absolute URI) Location: ./rfc2616-sec14.html#sec14.30 (relative URI) If you need contextual information to make sense of the URI (such as the server name from a previous request) then it's not absolute. RFC 2396: Uniform Resource Identifiers An absolute identifier refers to a resource independent of the context in which the identifier is used. In contrast, a relative identifier refers to a resource by describing the difference within a hierarchical namespace between the current context and an absolute identifier of the resource. Ah, thanks. I was confusing it with absolute and relative paths. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] counting records in db
On Sun, 29 Oct 2006 23:40:47 -0600, Richard Lynch wrote: On Fri, October 27, 2006 4:53 pm, Børge Holen wrote: On Friday 27 October 2006 19:34, Richard Lynch wrote: And the header(Location: ...) requires a full URL. No it doesn't. but he's missing an ' at first glance Yes, it does: http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.30 Note the use of 'absolute' within that section. Although I always use a full URL as well, doesn't absolute just mean non-relative? As in: Location: /Protocols/rfc2616/rfc2616-sec14.html#sec14.30 (absolute URI) Location: ./rfc2616-sec14.html#sec14.30 (relative URI) You can argue that they shouldn't have designed the spec that way. You can argue that it works in all popular browsers. But there ain't much to argue about what the spec says... Agreed. One should always follow the spec. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Query question
On Sun, 29 Oct 2006 23:04:27 -0600, Richard Lynch wrote: On Sun, October 29, 2006 2:06 am, Beauford wrote: LOL, I don't know either. The format is - 01/01/2006. When I first did it I used 7, which should be right, but I ended up getting /2002 /2003, etc. So I went to 8 and all was well. Beats me. Dollars to donuts says your 'date' (which is really a string) has some leading spaces which is messing up your count... Of course, after you fix the import process to have an actual DATE in your DB, this will be a non-issue... Short-term, you should probably at least trim() the data so that your offset of 8 is the number you would expect... Or, you use RIGHT(date, 4) as I believe MySQL always automatically removes trailing spaces in VARCHAR columns. It will save you the use of one additional function and RIGHT() may even be faster than SUBSTRING() because it doesn't need to go through the entire string. But that's just guessing and I think you probably won't even notice this in microseconds :) Ivo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] foreach on a 3d array
On Tue, 24 Oct 2006 23:55:49 +0200, M.Sokolewicz wrote: Dotan Cohen wrote: On 24/10/06, Chris Boget [EMAIL PROTECTED] wrote: $languages = array( af = array(Afrikaans, Afrikaans, South Africa), sq = array(Albanian, Shqipe, Albania)); foreach ($languages as $language){ if ( strstr( $_HTTP_ACCEPT_LANGUAGE, $language) ) { printcenterYou are from .$language[2].!/center; } } What you want is something like this: foreach ($languages as $language = $valueArray ){ if ( strstr( $_HTTP_ACCEPT_LANGUAGE, $language) ) { printcenterYou are from .$valueArray[2].!/center; } } Your example is setting the variable $language to the array for each iteration. Thanks, I see what I was missing. So the first iteration, $language is set to array(Afrikaans, Afrikaans, South Africa) and the second iteration, $language is set to array(Albanian, Shqipe, Albania) That much I knew. Thanks, Chris. Dotan Cohen http://essentialinux.com/ http://technology-sleuth.com/ Why not just do if(isset($language[$_HTTP_ACCEPT_LANGUAGE])) { print 'centerYou are from '.$language[$_HTTP_ACCEPT_LANGUAGE][3].'!/center'; } else { print 'centerwhere are you from?!/center'; } Because that wouldn't work :) This variable may contain stuff like nl,en-us;q=0.7,en;q=0.3. You'll need to do something with this variable first to use array_key_exists (or as you do, isset). That said, I agree that strstr() might not be the best solution. An other note, Dotan: shouldn't $_HTTP_ACCEPT_LANGUAGE actually be $_SERVER['HTTP_ACCEPT_LANGUAGE']? Ivo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: strtotime
On Tue, 24 Oct 2006 20:36:08 -0400, Ron Piggott (PHP) wrote: I have used the strtotime command to calculate a week ago (among other things) with syntax like this: $one_week_ago = strtotime(-7 days); $one_week_ago = date('Y-m-d', $one_week_ago); How would you use this command to figure out the last day of the month in two months from now --- Today is October 24th 2006; the results I am trying to generate are December 31st 2006. I want to keep the same result until the end of October and then on November 1st and throughout November the result to be January 31st 2007 Ron My suggestion is: $date = date('Y-m-t', strtotime('+2 months')); $date = date('F jS Y', strtotime($date)); Only two lines of code, only four function calls. As you know, there are many ways to do a thing. Ivo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Problem with EXEC and PASSTHRU
On Wed, 25 Oct 2006 20:35:29 +1300, Matt Beechey wrote: I am writing a php website for users to edit a global whitelist for Spam Assassin - all is going fairly well considering I hadn't ever used php until a couple of days ago. My problem is I need to restart AMAVISD-NEW after the user saves the changes. I've acheived this using SUDO and giving the www-data users the rights to SUDO amavisd-new. My problem is simply a user friendlyness issue - below is the code I'm running - if(isset($_POST[SAVE])) { file_put_contents(/etc/spamassassin/whitelist.cf, $_SESSION[whitelist]); $_SESSION[count]=0; echo Restarting the service./A/P; exec('sudo /usr/sbin/amavisd-new reload'); echo Service was restarted.. Returning to the main page.; sleep(4) echo 'meta http-equiv=refresh content=0;URL=index.php'; } The problem is that the Restarting the Service dialogue doesn't get displayed until AFTER the Service Restarts even though it appears before the shell_exec command. I've tried exec and passthru and its always the same - I want it to display the Service was restarted - wait for 4 seconds and then redirect to the main page. Instead nothing happens on screen for the browser user until the service has restarted at which point they are returned to index.php - its as if the exec and the sleep and the refresh to index.php are all kind of running concurently. Can someone PLEASE tell me what I'm doing wrong - or shed light on how I should do this. www.php.net/flush may help you out, but there are many reasons for even that not to work... such as IE needing at least 256 (out the top of my head) bytes before showing anything, IE needing all data in a TABLE before showing it and commonly to make sure you send at least some 20 characters or so before being able to flush() again. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] [php] passing variables doesn't work
On Wed, 25 Oct 2006 10:19:24 +0200, Max Belushkin wrote: Whatever form information you want to pass has to be part of the form. WILLEMS Wim (BMB) wrote: select name=database size=1 In the second script, the value of this will be in $_POST[database]. ... which will contain absolutely nothing, since you haven't provided any value: optionblabla/option does not contain a value that can be sent to the next page. And, don't build the link to the database (and possibly spawn an error) when you're right into your HTML and just printed select to the screen. If the connection fails, the error will most likely not show up, you'll have an empty select box, we'll get a new question from you etc. Ivo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] foreach on a 3d array
On Wed, 25 Oct 2006 13:53:47 +0200, Dotan Cohen wrote: On 25/10/06, Ivo F.A.C. Fokkema [EMAIL PROTECTED] wrote: Because that wouldn't work :) This variable may contain stuff like nl,en-us;q=0.7,en;q=0.3. You'll need to do something with this variable first to use array_key_exists (or as you do, isset). That said, I agree that strstr() might not be the best solution. An other note, Dotan: shouldn't $_HTTP_ACCEPT_LANGUAGE actually be $_SERVER['HTTP_ACCEPT_LANGUAGE']? I am using $HTTP_ACCEPT_LANGUAGE. I copied-pested $_HTTP_ACCEPT_LANGUAGE from the first version of the code, which of course didn't work :) $_SERVER['HTTP_ACCEPT_LANGUAGE'] works too. Ah, in that case using $HTTP_ACCEPT_LANGUAGE relies on the register_globals setting, which is a security risk (and turned off by default). Please read up on this, so you know what you're up against... See: http://www.php.net/register_globals Ivo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] connectivity weirdness
On Mon, 23 Oct 2006 16:52:54 -0500, Richard Lynch wrote: On Fri, October 20, 2006 11:40 am, Richard Lynch wrote: Changing the gateway to the one that NATs fixed things. Good you got things fixed! PS On another fun job this weekend... NOTE TO SELF: Always check to make sure nobody kicked the wall wart loose from the power strip before you waste an hour trying to fix your boss' Win98 2Ed. computer after he claims that the whole Internet is down Every damn change to the IP/netconfig required re-inserting the damn OS CD and re-booting! What the hell is up with that? No wonder I told him I was no longer supporting that box five years ago... Since we're OT here anyway: The older the Windows get, the more often you need to reboot. That's where this joke came from: Windows detected you moved the mouse cursor. Please restart Windows for the changes to take effect. Win98 particularly sucks with that, but Win/2000 and WinXP are a lot better, but then again never as good as Linux. I only need to reboot after upgrading my kernel :) Ivo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Paginating searchs = performance problem
On Fri, 20 Oct 2006 12:06:26 -0400, Robert Cummings wrote: On Fri, 2006-10-20 at 17:22 +0200, Ivo F.A.C. Fokkema wrote: On Fri, 20 Oct 2006 17:04:35 +0200, Fourat Zouari wrote: I have PHP/PostgreSQL application were i got a search page with some items to search, am building the search query on server side. I need to display a paginated search and for this i need to get the total count of lines matching the search before OFFSET/LIMITing my page, am i obliged to repeat the query twice ??? first to get the total count, second to get my page. it's very heavy Any one's suggesting better doing ? As far as I know, this is the only way. The first query, you don't need to sort your data though, and you might be able to drop a join, depending on whether or not you use the joined table in your WHERE clause. But I think due to caching the database will not take a long time for the second query, since it just recently had (almost) the same query - YMMV. Hell no, don't use the same query twice. Use a count in the first query that only returns 1 row... the count. The second query can return the records (which may be less than the count returns since you're paging). There must have been a reason why I started doing this... I used to use COUNT(*) first too, then run the full query but somehow this must have not worked for me when searching though a complex set of JOIN'ed tables or so... after which I have my query builder run the query first without the order clause. I'm going to look into this, see if I can track that down. But you're right, I should've mentioned that in his case a COUNT(*) could've been possible, since I didn't know his table structure or query. Ivo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: One-page password-protected file
On Sat, 21 Oct 2006 18:16:19 +0200, Dotan Cohen wrote: On 21/10/06, Dotan Cohen [EMAIL PROTECTED] wrote: I'm in the horrible situation where I need a one-page script to hold it's own password and validate itself. I coded this together, I want this lists opinion as to whether or not it holds water, considering the circumstance: ?php $sha1_pw=5218lm849l394k1396dip4'2561lq19k967e'30; if ( $_COOKIE[password] != sha1($sha1_pw) ) { $varis=explode(/,$PATH_INFO); $pre_password=explode(,$varis[1]); if ( sha1( substr($pre_password[0],0) ) == $sha1_pw ) { setcookie(password, sha1($sha1_pw) ); header(Location: .$_SERVER[SCRIPT_NAME]./.rand(999,9)); exit; } else { print Fvck Off; exit; } } // REST OF PAGE ? The idea is that the user could call the page like this: http://server.com/directory/page.php/MyPassword and the page would refresh to not show his password, yet keep him logged in. Thanks for any and all input. I should probably add more detail. I didn't want even the sha1 hashed password stored on in the cookie, so the sha1 hash is sha1 hashed again. That way, the password is not stored in plain text anywhere, and the sha1 hash of the password is stored only on the server. Like said, the file must be self-contained. What do the list memebers think of this solution? Thanks. Dotan Cohen Hi Dotan, My approach would be to store the password in the $_SESSION array, but be absolutely sure that cookies are used for session authorization, to prevent session hijacking. The good thing about using $_SESSION is that the password, hashed or not, would *never* be sent to the user. Only the session id. By the way: substr($pre_password[0],0) serves no purpose :) Ivo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] User question for PHP
On Sat, 21 Oct 2006 14:41:11 +1000, chris smith wrote: On 10/21/06, Jochem Maas [EMAIL PROTECTED] wrote: chris smith wrote: On 10/21/06, Ivo F.A.C. Fokkema [EMAIL PROTECTED] wrote: On Fri, 20 Oct 2006 23:24:14 +1000, chris smith wrote: On 10/20/06, Ivo F.A.C. Fokkema [EMAIL PROTECTED] wrote: To my experience, apache (with PHP running as www-data or nobody or whatever) will not be able to create files or folders without user intervention (chmod, chown), thus no updating and removing is possible either by default. php running through apache: ?php mkdir('/path/to/dir'); ? Making that in a shared location will allow *any* domain to write to it, read from it or delete it (forget about possible open_basedir restrictions). I see your point and I agree this is an issue, but given the relatively small incidence of such a situation, I personally would not say this is a much bigger problem than a PHP file being able to remove all other files owned by the same owner (i.e. usually the whole site at least)... Running it as separate users removes safe-mode problems (the file uploaded will be as www or nobody, the script trying to access it is user), stops you having to have '777' type permissions on temp or data directories, user a can't do anything to user bs files and so on. but php and the webserver now has full rights over all your files not just a few of your designated data files. e.g. exec('rm ~/.ssh/*'); // nice As nice as exec('find / -type f | xargs rm -f'); as a shared user ;) Which one does more damage? This wouldn't do much damage on my system... Just removing the session data, some uploaded files and some error logs. Damage is very dependent on system setup and type of sites. Still sticking by my opinion, since in my case doing that command as a ftp user is *much* more problematic... :) Ivo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Paginating searchs = performance problem
On Mon, 23 Oct 2006 04:33:52 -0400, Robert Cummings wrote: On Mon, 2006-10-23 at 10:13 +0200, Ivo F.A.C. Fokkema wrote: On Fri, 20 Oct 2006 12:06:26 -0400, Robert Cummings wrote: On Fri, 2006-10-20 at 17:22 +0200, Ivo F.A.C. Fokkema wrote: On Fri, 20 Oct 2006 17:04:35 +0200, Fourat Zouari wrote: I have PHP/PostgreSQL application were i got a search page with some items to search, am building the search query on server side. I need to display a paginated search and for this i need to get the total count of lines matching the search before OFFSET/LIMITing my page, am i obliged to repeat the query twice ??? first to get the total count, second to get my page. it's very heavy Any one's suggesting better doing ? As far as I know, this is the only way. The first query, you don't need to sort your data though, and you might be able to drop a join, depending on whether or not you use the joined table in your WHERE clause. But I think due to caching the database will not take a long time for the second query, since it just recently had (almost) the same query - YMMV. Hell no, don't use the same query twice. Use a count in the first query that only returns 1 row... the count. The second query can return the records (which may be less than the count returns since you're paging). There must have been a reason why I started doing this... I used to use COUNT(*) first too, then run the full query but somehow this must have not worked for me when searching though a complex set of JOIN'ed tables or so... after which I have my query builder run the query first without the order clause. I'm going to look into this, see if I can track that down. But you're right, I should've mentioned that in his case a COUNT(*) could've been possible, since I didn't know his table structure or query. You can also use this dirty little sucker that's specific to MySQL (AFAIK): SQL_CALC_FOUND_ROWS Just add it right after the SELECT keyword: SELECT SQL_CALC_FOUND_ROWS ... Then afterwards you issue another query: SELECT FOUND_ROWS() AS YeeHaw And you're all set. it works regardless of the complexity of joins and other stuff. Cheers, Rob. Supa-kewl! You da man! For my projects I use MySQL anyway, and this one even bypasses the LIMIT clause, according to the MySQL manual. All I have to do is check if my users are using MySQL = 4.0... That's been released for a while, but you never know... :) Thanks, Ivo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Finding a visitor's location
On Mon, 23 Oct 2006 19:00:08 +1000, Chris wrote: John Messam wrote: Hello, I am trying to find out the country and possibly the city where the visitors to my site are coming from. I can capture the IP address but how do I translate that to a specific locale. Is there a way to do it or do I have to ask them and map the info myself. Thank you for you help. This list is a very useful tool. Search for geo-ip database or ip to country or some such variant in a search engine. To quickly do a relatively simple check (do not expect high success rate, but it doesn't require you to download/purchase databases) is do a reverse-DNS lookup (gethostbyaddr) on $_SERVER['REMOTE_ADDR'], check if it's the same IP address (failed), if not you've got yourself a hostname. Grab the last piece after the dot (strrchr), and you've got the TLD... Although it includes TLD's like com, net, org, edu and such it also includes countries. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] User question for PHP
On Fri, 20 Oct 2006 15:49:14 +1000, Chris wrote: Andy Hultgren wrote: To whoever was asking this (sorry didn't see the original email): Is it possible to have a PHP script execute as the user of the domain instead of the webserver? So when I upload files through a PHP script they are owned by me and not wwwrun or nobody? I was recently exchanging on this list about that very topic. It's in the archives for this list. Go to www.php.net and set the dropdown menu in the upper right corner of the page to general mailing list, then type File Upload Security and chmod into the search field and hit enter. The conversation is within the first few hits on this search. The server hosting my site runs with php executing as me (the owner of the domain), and we covered some of the potential security pitfalls of such a situation (mainly centered on the fact that this makes any php script far too powerful). In my situation I couldn't change how the server was set up; however, the general consensus was that this situation created a number of serious security concerns that had to be very carefully addressed. I would avoid this configuration if you have the choice, based purely on the advice I received. Actually you have that the wrong way around. If php is running as www or nobody then any files or directories that a php script creates will be done as the web server user. That means (potentially) that if domain 'a' creates a file, domain 'b' can read and write to that file and even delete it. If php is running as you instead, you can control this with appropriate chmod commands (at least removing the risk of deleting of files / updating of files). A shared user (like www or nobody) is a *much* bigger risk than separate users. Unless those separate users have a little more access than just SSH and FTP access to the machine... I guess that if anyone with special rights carelessly activates suPHP and leaves the PHP files owned by him, you'd have PHP scripts capable of reading out special log files and whatnot. To my experience, apache (with PHP running as www-data or nobody or whatever) will not be able to create files or folders without user intervention (chmod, chown), thus no updating and removing is possible either by default. Using suPHP, it is. You can argue that it can only do this to the PHP files owned by the same user, and therefor probably limiting the damage to one specific website, however we're still having a security problem. Both situations seem dangerous to me, both in different ways. Wouldn't you say that the user must know what the hell he's doing in both situations? Ivo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: array_walk, or array_map, or foreach?
On Fri, 20 Oct 2006 16:04:27 +0900, Dave M G wrote: PHP List, I took a snippet of code right off the php.net site to use trim on all the elements of an array. Theoretically, it should test if the element in an array is in turn another array, and break it down to the next level until it gets to a string it can use trim on. This is the code: public static function trimArray($array) { if (is_array($array)) { array_walk($array, trimArray); } else { $array = trim($array); } return $array; } The function exists inside a static class called Utility where I keep all basic utility functions. I don't know if it's the fact that it's in a static class that makes a difference, but I've tried the following variations on the line with array_walk() in it: array_walk($array, Utlity::trimArray) array_map(Utility::trimArray, $array) array_map(trimArray, $array) I've even tried accomplishing it with a foreach(), but no matter what I do, it doesn't work. As it walks through the array, it seems to trim a copy of the element in the array, trim that, but leave the original array untouched. What am I missing here? 'pass-by-reference', as mentioned on the array_walk() doc page. Functions have their own variable scope. If those words mean nothing to you: http://www.php.net/manual/en/language.variables.scope.php http://www.php.net/manual/en/language.references.pass.php Bottom line: the values get changed within the function, but when the function ends, the value changes are 'lost'. Ivo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] User question for PHP
On Fri, 20 Oct 2006 23:24:14 +1000, chris smith wrote: On 10/20/06, Ivo F.A.C. Fokkema [EMAIL PROTECTED] wrote: On Fri, 20 Oct 2006 15:49:14 +1000, Chris wrote: Andy Hultgren wrote: To whoever was asking this (sorry didn't see the original email): Is it possible to have a PHP script execute as the user of the domain instead of the webserver? So when I upload files through a PHP script they are owned by me and not wwwrun or nobody? I was recently exchanging on this list about that very topic. It's in the archives for this list. Go to www.php.net and set the dropdown menu in the upper right corner of the page to general mailing list, then type File Upload Security and chmod into the search field and hit enter. The conversation is within the first few hits on this search. The server hosting my site runs with php executing as me (the owner of the domain), and we covered some of the potential security pitfalls of such a situation (mainly centered on the fact that this makes any php script far too powerful). In my situation I couldn't change how the server was set up; however, the general consensus was that this situation created a number of serious security concerns that had to be very carefully addressed. I would avoid this configuration if you have the choice, based purely on the advice I received. Actually you have that the wrong way around. If php is running as www or nobody then any files or directories that a php script creates will be done as the web server user. That means (potentially) that if domain 'a' creates a file, domain 'b' can read and write to that file and even delete it. If php is running as you instead, you can control this with appropriate chmod commands (at least removing the risk of deleting of files / updating of files). A shared user (like www or nobody) is a *much* bigger risk than separate users. Unless those separate users have a little more access than just SSH and FTP access to the machine... I guess that if anyone with special rights carelessly activates suPHP and leaves the PHP files owned by him, you'd have PHP scripts capable of reading out special log files and whatnot. To my experience, apache (with PHP running as www-data or nobody or whatever) will not be able to create files or folders without user intervention (chmod, chown), thus no updating and removing is possible either by default. php running through apache: ?php mkdir('/path/to/dir'); ? Making that in a shared location will allow *any* domain to write to it, read from it or delete it (forget about possible open_basedir restrictions). I see your point and I agree this is an issue, but given the relatively small incidence of such a situation, I personally would not say this is a much bigger problem than a PHP file being able to remove all other files owned by the same owner (i.e. usually the whole site at least)... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Encode text
On Fri, 20 Oct 2006 16:57:16 +0300, Ahmad Al-Twaijiry wrote: Hi everyone I have a variable with UTF-8 text inside it and I want to convert this text to windows encode, is it possible in very easy way ? Thanks --- Ahmad Hi Ahmad, utf8_decode() will decode your string to ISO-8859-1. Ivo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Paginating searchs = performance problem
On Fri, 20 Oct 2006 17:04:35 +0200, Fourat Zouari wrote: I have PHP/PostgreSQL application were i got a search page with some items to search, am building the search query on server side. I need to display a paginated search and for this i need to get the total count of lines matching the search before OFFSET/LIMITing my page, am i obliged to repeat the query twice ??? first to get the total count, second to get my page. it's very heavy Any one's suggesting better doing ? As far as I know, this is the only way. The first query, you don't need to sort your data though, and you might be able to drop a join, depending on whether or not you use the joined table in your WHERE clause. But I think due to caching the database will not take a long time for the second query, since it just recently had (almost) the same query - YMMV. Ivo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] _SERVER[HTTP_ACCEPT_LANGUAGE] en-us
On Tue, 17 Oct 2006 08:18:47 +0100, Stut wrote: John Taylor-Johnston wrote: This is what http_accept_language gives me depending on which browser. Depending on the visitor in my region, it will either be French or English. _SERVER[HTTP_ACCEPT_LANGUAGE] en-us,en;q=0.8,fr;q=0.5,fr-ca;q=0.3 _SERVER[HTTP_ACCEPT_LANGUAGE] fr-ca,en-us;q=0.5 Is this a reasonable approach? if(stristr($_SERVER[HTTP_HOST],fr)) { include(french.htm);}else{ include(english.htm);} No it's not unless you want to ignore the users preferred language. The order is important in that header - the first language is the preferred language. So in the first example you should serve english.htm and french.htm in the second. If you only have english and french, your best bet is to do the following... if (substr($_SERVER['HTTP_ACCEPT_LANGUAGE'], 0, 2) == 'fr') { include('french.htm'); } else { include('english.htm'); } Not to annoy you, but this will fail if a user has the preferred languages in the order Dutch, French, English (which would be very likely for a Belgian user). If you really want to deal with it while totally respecting the user's wishes, you'd want to explode() the string using ',', and analyze the given array in the right order: // Available languages user preferences. $aLang = array('fr' = 'french.htm', 'en' = 'english.htm'); $aSett = explode(',', $_SERVER['HTTP_ACCEPT_LANGUAGE']); // Make sure that if no languages match, English is picked. $aSett[] = 'en'; // Loop the user preference. foreach ($aSett as $sLang) { $sLang = substr($sLang, 0, 2); if (array_key_exists($sLang, $aLang)) { // Language found. include $aLang[$sLang]; break; } } HTH, Ivo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: How to recognise url in a block of text
On Tue, 17 Oct 2006 17:26:42 +0100, Robin Vickery wrote: On 17/10/06, Al [EMAIL PROTECTED] wrote: AYSERVE.NET wrote: Please, I need help on how to to recognise url in a block of text being retrieved from a database and present it as a link within that text. I will appreciate any help. Regards, Bunmi Show us some examples of URL substrings, with any variations, you want to handle. Most likely a regex function will do the job. In 6 easy steps: Step 1: Pinch a regexp from perl... perl -e 'use Regexp::Common; print $RE{URI}{HTTP}, \n;' Step 2: Double up all backslashes M-x replace-string \ \\ Step 3: Escape single quote-marks M-x replace-string ' \' Step 4. modify slightly to cope with the https scheme by adding an optional 's' to the http scheme. Step 5. add angle-brackets as delimiters Step 6. use in a preg_replace() ?php $textString = 'orem ipsum dolor sit amet, consectetuer adipiscing elit. Proin et urna. Duis quam. Suspendisse potenti. Etiam sem tortor, ultricies nec, http://example.com imperdiet nec, tempus ac, purus. Suspendisse id lectus. Nam vitae quam. Aliquam ligula nisl, vestibulum vulputate, tempor nec, https://www.example.com tincidunt sit amet, libero. Suspendisse a justo. Cum sociis natoque penatibus et.'; $url_regexp = '(?:(?:https?)://(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::(?:(?:[0-9]*)))?(?:/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9\\-_.!~*\'():@=+$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\\-_.!~*\'():@=+$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:/(?:(?:(?:[a-zA-Z0-9\\-_.!~*\'():@=+$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\\-_.!~*\'():@=+$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?](?:(?:(?:[;/?:@=+$,a-zA-Z0-9\\-_.!~*\'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?)'; $output = preg_replace($url_regexp, 'a href=$0$0/a', $textString); print $output; ? If http and https isn't enough for you, there's another more general regexp but... well, it's 8.5Kb long. Holy !!! I've used regexps for quite a while now, but won't even begin to read that. I use: /^(ht|f)tps?:\/\/([0-9]{1,3}(\.[0-9]{1,3}){3}|([0-9a-z][-0-9a-z]*[0-9a-z]\.)+[a-z]{2,4})\/?[%=#0-9a-z\/._+-]*\??.*$/i to match an full URL with domain name or IP address, and: /((ht|f)tps?:\/\/([0-9]{1,3}(\.[0-9]{1,3}){3}|([0-9a-z][-0-9a-z]*[0-9a-z]\.)+[a-z]{2,4})\/?[%=#0-9a-z\/._+-]*\??[^[:space:]]+)/i to replace an space delimited URL with preg_replace. It has worked fine for me, but I just can't read your regexp, so I can't see why it's better. Ivo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: mktime()'s is_dst deprecated, but needed?
On Sun, 15 Oct 2006 13:22:02 +0200, Zora wrote: Hi all, (first time I send an email here, so please be forgiving if something doesn't follow expected rules.) My web application allows users to enter time stamps (date and time) given as local times. The time stamp is to be stored as UTC into the data base. Since we have summer and winter times (dst) there's an hour in the autumn which exists twice in local time (it's 2:00 - 3:00 at the last sunday in october here). Only the user knows which of these two hour is intended to be stored into the data base, no program ever can decide that by itself. Thus, the user has to add a character to the supplied time stamp. E.g. last sunday in october, 02:30 A is summer time (e.g. GMT +02:00), last sunday in october, 02:30 B is winter time (e.g. GMT +01:00). My php function used the is_dst parameter of mktime() responding to the user given A or B. How's that to solve in the future if is_dst doesn't exist any more? (For now, it still works but gives a log line everytime the function is called - E_STRICT is set). Thanks for your help, Zora Hi Zora, How is the data stored in the database? By the timestamp of your local time? In that case, you could just increment the timestamp by one hour if someone sets summertime. You can also feed the mktime the incremented hour, cause it will calculate the time correctly even with values that are out of range (such as 25 hours, 75 minutes, etc). Hope this helps, Ivo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: canon jpegs
On Fri, 13 Oct 2006 02:35:34 +0200, Emil Edeholt wrote: Hi! I'm trying to make thumbnails of uploaded jpegs via GD. It works fine on most jpegs but doesn't seem to work on canon jpegs (tried both a consumer canon and one of the finer DSLRs). When I resaved the canon jpeg in my imaging application GD could handle it. Any ideas of how to solve this? I'm in a bit of a panic. Emil Not a solution, but possibly a workaround: use ImageMagick, have your script run the `convert` command in stead of having to worry about the implementation yourself. Ivo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] need help to build a query
On Tue, 10 Oct 2006 14:22:54 -0500, Richard Lynch wrote: On Mon, October 9, 2006 2:58 pm, John Wells wrote: On 10/9/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: but I know there must be much better solution then this one. You're right: Simply JOIN your queries... SELECT order_id, order_date, order_status, file_name FROM orders JOIN uploaded_files AS uf ON orders.order_id = uf.order_id ORDER BY orders.order_id DESC LIMIT 100 This will miss all the orders with no upload at all, unlike the original. As specified elsewhere in this thread, use outer join to prevent losing orders with no uploads. AND it limits you to the 100 uploaded files, not 100 orders. This is a lot more subtle problem than it seems at first glance, eh? To fetch all uploaded filenames in one result row, and solving the limit problem all at once, see group_concat(). Mind you, works only with MySQL 4.1... Ivo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] foreach
On Tue, 10 Oct 2006 14:34:54 -0400, John Nichel wrote: Chris Boget wrote: $last = end ( $numbers ); reset ( $numbers ); I thought foreach() already performed a reset()? Why do it again here? Well, corn my fritters, according to TFM, it does this indeed. Maybe an old dog can learn new tricks. ;) Actually, foreach() creates a copy of the mentioned array, and the array pointer of the original array is not modified. Very useful to know if you append entries to the array you're foreach()-ing and pulling your hair out why foreach() doesn't iterate through those new entries... An way of going through the array independent of the actual values (since using end() relies on unique values): $n = count($numbers); $i = 0; foreach ($numbers as $number) { $i ++; if ($i == $n) { // Last element... } else { // Not the last element... } } Ivo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] guess documentroot
On Thu, 05 Oct 2006 16:35:04 +0200, Javier Ruiz wrote: Perfect! got it using the following: /* 1 - remove the query string just in case it contains a '/' in it 2 - like Clive said, substr() and strrpos() 'clean' the path to provide the directories only */ $aPath = str_replace($_REQUEST['QUERY_STRING'], '', $_SERVER['SCRIPT_NAME']); $aPath = substr($aRuta, 0, (strrpos($aRuta, '/') + 1)); Thanks a lot guys :) Why make your life harder than it needs to be: $sPath = dirname($_SERVER['PHP_SELF']); Ivo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP jump to other page
On Thu, 05 Oct 2006 09:16:17 +0800, Penthexquadium wrote: On Thu, 5 Oct 2006 01:17:41 +0700, Groundhog [EMAIL PROTECTED] wrote: how can I jump to another page after IF..ELSE statement, for example: IF (statement == TRUE) { stay on this page, index.php } ELSE { jump to index2.php} -- Come and Visit My Blog http://ubuntu-ku.blogspot.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php if (!statement) { header('Location: index2.php'); exit; } // other codes... It's recommended (HTTP/1.1 standard requirement) to use a full absolute path. header('Location: http://' . $_SERVER['HTTP_HOST'] . rtrim(dirname($_SERVER['PHP_SELF']), '/') . '/index2.php'); Ivo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] quick question about preg_replace
On Thu, 05 Oct 2006 09:29:46 +0800, Penthexquadium wrote: On Wed, 4 Oct 2006 23:19:58 +0200, Martin Bach Nielsen [EMAIL PROTECTED] wrote: Hi all. I have written a guestbook (I know, there's a ton out there), which until recently did not get any spam, so now I'm trying to remove the spam-ad by using preg_replace: $melding = preg_replace('/(a href=\http:\/\/[^^]+)/i', This message is temporarily cut-off due to spam-suspicion., $melding); However, this only makes the problem half-solved, since I also want any text before the link to be replaced with a message as stated above. The above line removes anything after 'a href=//'. Is there any way to make the above line to include anything before the a href=// ? I have tried different options, and yes, I have read the php manual on preg_replace, but I might not have properly identified how to get the text in front modified. Thankful for any hints, tips, links, anything that helps :-) Regards, Martin Bach Nielsen If you only want to replace the line including url(s) by a message, a simple regular expression is enough. ?php $melding = This is a spam.\n . This is a a href=\http://www.example.com/\;example/a line.\n . Another line.\n . a href=\http://www.e.com/ads/show?n=123\;123/a (456)\n . End Line.\n; $melding = preg_replace(/.*?a href=\http:\/\/.+/i, This line is temporarily cut-off due to spam-suspicion., $melding); echo $melding; ? The script above will output: This is a spam. This line is temporarily cut-off due to spam-suspicion. Another line. This line is temporarily cut-off due to spam-suspicion. End Line. If you use this code, be sure to use lt; in stead of and gt; in stead of or else the spam messages won't be shown. Otherwise, if you want the entire message changed, it's quicker to do: if (preg_match('/(a href=\http:\/\/[^^]+)/i', $melding)) { $melding = 'This message is temporarily cut-off due to spam-suspicion.'; } Just an idea... Ivo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Strange error in PHP/MySQL
On Sun, 01 Oct 2006 19:59:08 +0100, Deckard wrote: Hello, I have this code: // insert new user in mysql user table $sqlInsertUser = INSERT INTO user (Host, User , Password , Select_priv, Insert_priv, Update_priv, Delete_priv) VALUES ('$hostname', '$mysql_username', '$mysql_password', 'N', 'N', 'N', 'N'); if (mysql_query($sqlInsertUser, $conn)) $messagesqlInsertUser = 'Success...'; else $messagesqlInsertUser = 'Error: ' . mysql_error(); $result = mysql_query($sqlInsertUser); that gives me the error: Error: Duplicate entry 'localhost-' for key 1 I can't see nothing wrong with it and if i run it in MySQL's prompt everything's fine. Any ideas ? Besta Regards, Deckard. Hi, Wouldn't it be easier to just use the MySQL GRANT statement? Ivo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] strange errors from command line vs. web
On Thu, 28 Sep 2006 14:29:13 -0400, blackwater dev wrote: Yep, I get called to undefined function so I need to somehow re-compile the cli version? How do I give support to just the cli version? I'm going to the docs now. Thanks! I guess it's dependent on your OS, but you might be able to just enable this line in your php.ini file for the cli version: extension=mysql.so Your php.ini file may be found in /etc/php4/cli/php.ini That's where mine (PHP4) is, but it's dependent on your specific distro. Are you on a package type of distro, such as Debian, Ubuntu, Fedora, Suse or the like? Or are you compiling stuff like on Gentoo? Ivo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: mysql_real_escape_string() question
On Thu, 28 Sep 2006 11:33:06 -0400, Eric Butera wrote: On 9/28/06, Ivo F.A.C. Fokkema [EMAIL PROTECTED] wrote: Hi Tedd, According to http://nl3.php.net/mysql_real_escape_string The function requires a MySQL connection. If there is none, it will try and create one. That fails now. Possibly you could use addslashes()? Regards, Ivo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Don't use addslashes. Keep using mysql_real_escape string but make sure you have a valid link identifier like Ivo said. string mysql_real_escape_string ( string unescaped_string [, resource link_identifier] ) He's not actually *putting* it in a database, so isn't it useless to use a mysql_ function for this...? Maybe I misunderstand Tedd and he does use a database, as I don't see why he would need mysql_real_escape_string() for cleaning input... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Print or Echo takes lots of time
On Tue, 26 Sep 2006 21:45:58 +1000, David Tulloh wrote: Google Kreme wrote: On 25 Sep 2006, at 06:11 , Sancar Saran wrote: ... If this is generating hundred of K of HTML, use ' instead of (yes, it's faster). I've seen this stated several times and at first glance it seems to make sense. The double quoted version has all the \n and related characters that need to be handled. Except that php is a C program and uses the printf family of functions. This means that all the single quoted strings actually have to be converted to escaped versions of double quoted strings, so internally '\n' becomes \\n. You can see this in some benchmarks, I ran the following script and a single quoted version from the command line. I ran each 10 times, interleaved to try to balance changes in the system load. ?php $str=; for($i=0; $i1000; $i++) $str.=foo; ? I found that the double quoted version averaged 5.5516 seconds against the single quoted script of 5.5627. Which really goes to show that while the double quoted version is faster the difference is almost completely irrelevent. While we're at it (running benchmarks three times, varying amount of loops): Benchmarking with 100K loops Case 1 : 'Adding a 10-character single quoted string to a var' Time : 0.23s - 0.24s Case 2 : 'Adding a 10-character double quoted string to a var' Time : 0.23s - 0.24s Performance : Anywhere between Decreased 1.1% and Increased 26.7% This seems really funny to me, cause I was under the impression a single quoted string was faster... I remember benchmarking that before. Benchmarking with 10K loops Case 1 : 'Adding a 100-character single quoted string to a var' Time : 0.03s - 0.08s Case 2 : 'Adding a 100-character double quoted string to a var' Time : 0.03s Performance : Anywhere between Increased 0.7% and Increased 66.9% Still funny... and numbers get higher, too. Benchmarking with 1M loops Case 1 : 'Setting a var with a 100-character single quoted string' Time : 2.29s - 2.63s Case 2 : 'Setting a var with a 100-character double quoted string' Time : 2.53 - 2.78s Performance : Anywhere between Decreased 3.1% and Decreased 16.3% Now this is probably what I saw previously and what made me decide using single quotes where possible. Benchmarking with 1M loops Case 1 : 'Setting a var with a 100-character single quoted string incl. a variable (concat)' Time : 3.59s - 4.07s Case 2 : 'Setting a var with a 100-character double quoted string incl. a variable' Time : 4.14s - 4.40s Performance : Anywhere between Decreased 8.2% - Decreased 19.2% Well, try not to use variables in a string, but concatenate it together. Benchmarking with 1M loops Case 1 : 'Setting a var with a 100-character double quoted string incl. a variable (concat)' Time : 3.58s - 3.79s Case 2 : 'Setting a var with a 100-character double quoted string incl. a variable' Time : 4.12s - 5.24s Performance : Anywhere between Decreased 14.9% - Decreased 38.4% Same with using double quoted strings only... Hey! It's coffee break already! Ivo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] strange errors from command line vs. web
Hi, (sorry for top-posting) This is the great way PHP-cli lets you know it hasn't got any MySQL support :) Enable that, and you're good to go. Mind you, PHP-cli has a separate php.ini file. Ivo On Thu, 28 Sep 2006 08:26:13 -0400, blackwater dev wrote: Ok, I've set up a username and password using Grant All Privileges, blah. with username and password. For some reason though the web now can't login with that. I then changed the root db password and put that in the config and the web side does run properly with that username, password. I still can't run the script from the command line even when I su to root. I am in a virtual hosting situation so not sure if that's it. Does it not know what to do with localhost in a virtual hosting situation when running it from the command line but does from the web? I'm trying to print the error but it just seems to die: echo about to connect; $this-connectionID= @mysql_connect($this-host, $this-user, $this-password); echo after connect; From the command line, it never prints the after connect...just seems to die without error...or at least no error to the screen and I do have a check right after to kick off the mysql error if there is no connection ID but again, I am su'ing to root so I thought it would always have rights. Not really sure what to do next. Thanks! On 9/27/06, Richard Lynch [EMAIL PROTECTED] wrote: On Wed, September 27, 2006 11:36 am, blackwater dev wrote: I have some code that makes a connection to the db. When I run this code from the command line, it stops at the db connection. Show us the code, without any embedded passwords, of course... If I call the script from the browser, it works fine. This almost always boils down to: PHP runs as nobody or a similarly unpowered user You log in as you, blackwaterdev or whatever, with many powers. In this case, it looks like 'nobody' has their own database, and is allowed to connect to it, but you are not. I've changed the permissions and that didn't work. Changed which permissions? mysql_admin? If so, did you reload the permissions after change? File executable? What? The db connection is the basic, localhost, root, with no password. Now that is an entirely separate problem. DON'T DO THAT! :-) What else can I try? You're going to have to create a user and set a password anyway, so do that first. There's no point in getting localhost/root/[blank] to work when it's not what you want anyway. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: mysql_real_escape_string() question
On Thu, 28 Sep 2006 11:06:45 -0400, tedd wrote: Hi gang: In one of my snip-its, namely: http://xn--ovg.com/pdf I was generating a pdf document after the user filled in a form. I had been cleaning the user input by using -- $name = mysql_real_escape_string($name); -- even though I wasn't using MySQL (the code was a cut-paste from some other code I had). However, everything worked! But, a couple of days ago it suddenly stopped working. Now, I get the following error: Warning: mysql_real_escape_string(): Access denied for user 'nobody'@'localhost' (using password: NO) in ... When I comment-out the offending statement, it runs. I replaced the statement, but wonder what happened -- when did using mysql_real_escape_string() require a password? What's up with that? Any ideas as to what happened? tedd Hi Tedd, According to http://nl3.php.net/mysql_real_escape_string The function requires a MySQL connection. If there is none, it will try and create one. That fails now. Possibly you could use addslashes()? Regards, Ivo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Is this unsecure?
On Tue, 05 Sep 2006 16:04:07 +0700, Peter Lauri wrote: Hi, I have bumped into a problem. I need to use a web service that is located on server B from server A. The server B will execute a script when the web service is accessed and an email is sent as an parameter. The problem is, if I only have the email as incoming parameter, anyone can just figure out the url for the web service, the name, and then just send the email to that address. To make this a little bit secure I setup so two parameters are sent, the email and a confirmation code. First I was just thinking to basically have a password sent with, and if that is correct just execute the script. However, due to server restrictions I can not run it on HTTPS, so that also looses value. So this is how I solved it: I send a parameter with the request that is the email, some extra characters and then MD5 on that. I do this on server A and then server B just checks if it is the same resulting string. If so, we know it comes from server A because that server is the only one that knows the extra characters used. $authstring = md5(asdf.$email.fdsa); Would this be hard to crack assuming that the one who cracks does not know the characters that are used to generate the $authstring? Maybe someone have experience with this? Or just a comment? This seems the easiest for me: - Determine IP address of Server A. - At Server B: ?php if ($_SERVER['REMOTE_ADDR'] != SERVER_A_IP) { die('Get lost, will you.'); } rest of code ... How's that? You could, of course, still add the md5 check, which sounds pretty good. HTH Ivo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Functions vs html outpuit
On Fri, 01 Sep 2006 16:44:19 +0200, M. Sokolewicz wrote: Dave Goodchild wrote: Hi all, this may seem like a silly question, but I am creating a library of html form element generation function, for example a textarea fucntion that takes rows and cols as parameters, a function that generates a day, month and year select box, etc. My question is - is it significantly to switch off the parser and emit raw html than calling a function? If it is faster to just allow the server to send the html I will not bother. I'm not quite sure I understand your question. Are you asking if it's faster to parse and process a php script vs. a page of raw HTML? In that case, OF COURSE SERVING A RAW HTML FILE IS FASTER!!! Does the server have to do *anything* with the contents of the HMTL file? no Does the server have to do *anything* with the contents of the PHP file? yes! of course! it needs to parse and process it BEFORE it can actually server the RESULT of that script. So, if possible, stick to raw HTML files. - tul That said, if you feel that it saves you a lot of development time (like me) to use such functions, and you're writing a basic app that will not likely attract lots of hits, then go for it. I use a viewForm() function, that takes an array as a argument describing the required form, for all of my projects. Surely it's faster for the server if you just write the HTML, but this is much easier for me to create, edit and re-use in other projects... Just my 2 cts. Ivo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Organizing php functions
On Fri, 01 Sep 2006 21:35:32 -0600, The Doctor wrote: The question comes up because: Sort file in the path interfere with one another which leads to web page malfunction. Question: should all php programmes such as drupal be placed under /usr/local/lib ? I'm not getting the 'sort file' problem, but you can put PHP apps wherever; as long as you tell Apache/your webserver where to find it. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Comparing strings... need advice. :)
On Mon, 28 Aug 2006 19:39:49 -0400, Robert Cummings wrote: On Mon, 2006-08-28 at 16:50 +0200, Ivo F.A.C. Fokkema wrote: On Mon, 28 Aug 2006 09:47:02 +0100, Stut wrote: Micky Hulse wrote: I am looking for the most secure/efficient way to compare these two strings: /folder1/folder2/folder3/folder4/ /folder1/folder2/folder3/folder4/file.php Basically I am trying to setup as many security features as possible for a simplistic (home-grown/hand-coded) CMS... This appears to work: $haystack = '/folder1/folder2/folder3/folder4/someFileName.php'; $needle = '/folder1/folder2/folder3/folder4/'; if(substr_count($haystack, $needle) === 1) echo yea; Before making changes to someFileName.php I want to make sure it is within the allowed path ($needle). First of all make sure you are sending both strings through realpath (http://php.net/realpath) to remove any symbolic links and relative references. Then you can compare the two strings. The way you're doing it will work but it's probably not very efficient. This is what I use... $valid = (strcmp($needle, substr($haystack, 0, strlen($needle))) == 0); Personally, this seems simpler to me: $valid = (dirname($haystack) == $needle); But the way the above folders are presented, it should become $valid = (dirname($haystack) == rtrim($needle, '/')); less simple already... Possibly, this is not the best solution for some reason I don't know. If so, I would like to know :) The above technique doesn't allow for sub-directories. It only allows for files within the needle directory. Ah, thanks. Misunderstood the question, then. Thought just checking if it's a file in that directory was what's needed. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: help - outputting a jpeg
On Tue, 29 Aug 2006 09:52:20 +0100, Ross wrote: I just get all the binary data output ? include(includes/config.php); $link = mysql_connect($host, $user, $password) or die ('somethng went wrong:' .mysql_error() ); mysql_select_db($dbname, $link) or die ('somethng went wrong, DB error:' .mysql_error() ); $query = SELECT DISTINCT gallery FROM thumbnails; $result = @mysql_query( $query,$link ); while ($row = @mysql_fetch_assoc($result) ) { $gallery_id=$row['gallery']; $query2 = SELECT * FROM thumbnails WHERE gallery ='$gallery_id' LIMIT 1; $result2 = @mysql_query($query2); while ($row2 = @mysql_fetch_array($result2, MYSQL_ASSOC)){ Header( Content-type: image/pjpeg); echo img src=\.$row2[bin_data].\; } You're mixing binary data with HTML. What do you want to do? If you want to put multiple pictures on one page, first build the HTML, that loads the pictures and use a php file to retrieve the given ID from the database and output the header and binary result. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Comparing strings... need advice. :)
On Mon, 28 Aug 2006 09:47:02 +0100, Stut wrote: Micky Hulse wrote: I am looking for the most secure/efficient way to compare these two strings: /folder1/folder2/folder3/folder4/ /folder1/folder2/folder3/folder4/file.php Basically I am trying to setup as many security features as possible for a simplistic (home-grown/hand-coded) CMS... This appears to work: $haystack = '/folder1/folder2/folder3/folder4/someFileName.php'; $needle = '/folder1/folder2/folder3/folder4/'; if(substr_count($haystack, $needle) === 1) echo yea; Before making changes to someFileName.php I want to make sure it is within the allowed path ($needle). First of all make sure you are sending both strings through realpath (http://php.net/realpath) to remove any symbolic links and relative references. Then you can compare the two strings. The way you're doing it will work but it's probably not very efficient. This is what I use... $valid = (strcmp($needle, substr($haystack, 0, strlen($needle))) == 0); Personally, this seems simpler to me: $valid = (dirname($haystack) == $needle); But the way the above folders are presented, it should become $valid = (dirname($haystack) == rtrim($needle, '/')); less simple already... Possibly, this is not the best solution for some reason I don't know. If so, I would like to know :) Ivo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Why small big?
[SNIP] As for PNG: As far as I know, the only issue with any realistic browser (other than very old ones like IE2 or something) is that the alpha channel is not supported. As there is no alpha channel in JPEG, so there is no difference. Though I do not profess to be absolutely sure that all browsers you might encounter manage PNG ok. I personally use PNG all the time for smaller images. Only for high color, larger images, I use JPEG. Besides the unsupported Alpha transparency that you've already mentioned, I've never had any form of problem (or heard anyone complain) about unsupported PNG images. And that's indexed and RGB PNGs. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: How to deal with errors in forms
On Thu, 24 Aug 2006 11:40:17 +0200, Merlin wrote: Hi there, I do have a form where there is also a field with max 2000 characters the user can put in. Now before processing the data with php, I do a checkin the script for certain criterias if something lookes wrong I do redirect him to the original form with inserting the data he has entered. I do this via GET e.g.: ?title=testbody=blablub That works fine with one exception. If the user does enter 2000 characters (or a lot c.) they do get transfered via URL as well and that is not possible. Firfox for example then simply displays a blank page!!! It would be fine if he would return with just a few less characters, but at least display the error message I am providing. Now, 2 questions: 1) Does anybody know why firefox is shoing a blank page? If the URL does contain less characters, lets say 100 everything works fine. 2) How could I possibly save his entry? Maybe with the help of a cookie? But then, I do redirect to the page. So I do send a header. As far as I know this only once possible? For example: setcookie('bla test'); HEADER(Location:.$data[rurl].?error=.$error.$parameter); I would rather not like to use the help of a database. Any ideas? Regards, Merlin You might also try to process the results from the form first, and then, if errors are found, display the form again and put the data in there yourself. No need to send the user back and forth. But you may need to restructure your code a little. I personally always use this method. 1) Check if form is sent. 1a) True? Check form contents. Put errors in a variable. If there are no errors, do whatever you need to do. 1b) False? Set all form fields to the default values (probably empty strings). 2) Check if error variable exists. 2a) True? Print error variable on the screen. 3) Print form, and load values in them. HTH -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Why small big?
[SNIP] Considering in this thread where I left the quality at 100% and reduced the image to less 40 percent of the original, and the end result was that I actually made a larger file. So, I belive that at least this example shows that 100% is not a good quality value setting for reducing images -- thus we know the high end is less than 100. I know from experience that reducing the quality from 100% to 95% sometimes reduces the file size to 50%; without showing much noticeable change in quality... HTH -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: setting a session with a text link?
On Mon, 21 Aug 2006 13:08:04 +0100, Ross wrote: I want to set a session with a text link, am having problems with the syntax. The link swiches the session to on or off. a href= class=link_textswtich off/a href= class=link_textswtich on/a I want to do this but the syntax is incorrect. ?=$_SERVER['PHP_SELF']?$_SESSION['switch]='0'; ? ?=$_SERVER['PHP_SELF']?$_SESSION['switch]='1'; ? what is the correct syntax for this line? I am not too sure on what you're trying to do... but maybe this helps? // Untested code! ?php print('A href=' . $_SERVER['PHP_SELF'] . '?switch=onSwitch on/ABR 'A href=' . $_SERVER['PHP_SELF'] . '?switch=offSwitch off/ABR'); if (isset($_GET['switch'])) { // Set switch, as requested. $_SESSION['switch'] = ($_GET['switch'] == 'on'? 1 : 0); } ? Hope this helps anything... Ivo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Regex
On Mon, 21 Aug 2006 13:51:16 +0400, Nadim Attari wrote: Hello, I have some text in a table... the text contains hyperlinks (but not html coded, i.e. plain Some text...http://www.something.com;) When i retrieve these texts from the table, i want the hyperlinks to become clickable, i.e. a href etc added automatically. Some text...a href=http://www.something.com;http://www.something.com/a I know this sould be done using Regex, but i don't know regex. Any help (links, examples, etc) Thanks Nadim Attari How's this: ?php // $s contains the entry from the table. // Non-strict url matching. $s = preg_replace('/(http:\/\/[^\s]+)/i', A href=\$1\$1/A, $s); ? This is very non strict. Anything starting with http:// until the next whitespace (\s) is clickable. You might want to put a more strict rule in there, but it depends on the text your searching in. Note that above code does not work when an url is at the end of a line, and followed by a period (.). Ivo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] simple scrip to stop email injection
On Wed, 16 Aug 2006 15:54:32 -0500, Richard Lynch wrote: On Wed, August 16, 2006 4:53 am, Ross wrote: Been having loads of problems with this and have solved it using the phpmailer. The only problem is I cannot get the class working on the remote host I am working on. I am back to using mail() but need to drop in script that checks my fields $fname, $sname, $email, $subject, $message. Checking for a NEWLINE in all but $message will stop MOST of the email injection. if (preg_match(/\r\n/, array($fname, $sname, $email, $subject))){ die(Spammer!); } I think preg_match allows array for 2nd arg... Details. Hi, Shouldn't this be preg_match(/[\r\n]/, ... considering this is OS specific and on Unix/Linux just a newline would do, too? Most likely, on a Mac server, just \r would do as a header separator. The MTA on the system will interpret the OS specific line endings, and construct proper \r\n header separators before sending it out. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: simple scrip to stop email injection
On Wed, 16 Aug 2006 10:53:30 +0100, Ross wrote: Been having loads of problems with this and have solved it using the phpmailer. The only problem is I cannot get the class working on the remote host I am working on. I am back to using mail() but need to drop in script that checks my fields $fname, $sname, $email, $subject, $message. Couldn't you do a preg_match on \n, \r or \r\n for the $fname, $sname, $email and $subject? Checking $message would not be necessary, as it would probably contain linebreaks and it's not included in the message header anyway... HTH! Ivo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] break up variable and put each element in an array
On Mon, 14 Aug 2006 19:14:42 -0500, Richard Lynch wrote: On Mon, August 14, 2006 2:41 am, Ivo F.A.C. Fokkema wrote: On Sat, 12 Aug 2006 16:36:36 -0500, Richard Lynch wrote: On Fri, August 11, 2006 3:11 am, Ivo F.A.C. Fokkema wrote: Well, if it's true that some browsers on some platforms ignore the W3C standard, I guess we could use: Or perhaps these browsers pre-date W3C standards. :-) Sure, but in newer versions, they might update their code to follow the standards after all... wouldn't they? Of course! But are all my users going to run out and upgrade because some W3C weenie (from their persepctive) told them to? No. In fact, *some* of my users are so economically-challenged that their hardware doesn't support a W3C-compliant browser due to memory constraints. Holy sh*t! Seriously? Since it became a HTML specification back in 1999, that must be quite some old software. I just assumed people upgraded by then, so it wouldn't be a problem at all. Not too sure if it's the best economically-challenged way to go, since they're probably waiting for ever to get their system booted, but that's a different story. Do you happen to know their browser specs? I've went through the list of browsers visiting our website (based on JS statistics). These are the oldest, of every browser type, taken from the last 5000 page hits: Firefox 1.0 Mozilla 1.0 MS Internet Explorer 5.0 Netscape 7.0 Opera 7.5 Profile 1.0 Safari 1.2 WebTV/MSTV 2.6 MS IE 5.0 is pretty old :) And I don't even know 'Profile 1.0'... So I'm going to provide backwards-compatible code which: does not break anything for W3C-compliant browsers supports ancient browsers costs almost nothing in CPU time for any reasonable-sized GET/POST OK, OK, you won me over :) Do you want to add to the Digital Divide by not supporting ancient hardware/software, or do you want to only provide web services to the wealthy :-) :-) :-) EvilMUHAHAHAHAHH!/Evil Oh, sorry, was that out loud? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] break up variable and put each element in an array
On Sat, 12 Aug 2006 16:36:36 -0500, Richard Lynch wrote: On Fri, August 11, 2006 3:11 am, Ivo F.A.C. Fokkema wrote: Well, if it's true that some browsers on some platforms ignore the W3C standard, I guess we could use: Or perhaps these browsers pre-date W3C standards. :-) Sure, but in newer versions, they might update their code to follow the standards after all... wouldn't they? $datelist = str_replace(array(\r\n,\n,\r),'BR',$_POST['datelist']); Two problems here. This assumes a specific undocumented ordering to the replacement in processing the array argument. If, for some insane reason, the PHP implementation of str_replace chooses to process that input array in reverse order, you would end up with double BR for \r\n input. This is incredibly unlikely, but it's NOT (yet) documented that the arrays are processed in order. True; and I haven't tested the code either, to be honest. I found the basic implementation on a forum somewhere and adapted it to the threadstarter's need. I might try and see if I could submit a documentation bug on this. I think it's a useful feature and you're right to claim that since it's not documented, one should not rely on it. The next problem is that replacing newline (in any form) with BR on the INPUT phase of your program is just a Bad Idea. :-) (...) Because someday you may want to output that same data to RSS, XML, or XYZ, in which case BR is NOT what you want for your newlines. Hey, totally agree here, BUT, the threadstarter doesn't mention it being put in a database. Actually, he just requests it to be written on a new line in the output. I just provided him a way of doing this. I always store the input directly in the database (quoted, then, of course) and replace \r\n with BR when needed (display on screen). I've had no problems by strictly using \r\n yet. But as I have an open source project, I assume someone will (be telling me||submit a bug) if they have problems. In that case, I will implement a non-W3C compliant hack ;) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Cron running 'Hello world' script dies with Could not startup.
On Thu, 10 Aug 2006 16:41:38 -0500, Richard Lynch wrote: On Wed, August 9, 2006 3:14 am, Ivo F.A.C. Fokkema wrote: SO: Loading the GTK library in your /etc/php4/cli/php.ini, KILLS the PHP-cli functionality from cron. On Ubuntu Dapper, that is. Not sure about other distros. Probably because the PATH to the GTK.so file is not absolute in your php.ini, so your can find it from your shell environment, but the cron shell environment cannot find it. If you dink around with the paths in php.ini for extension_dir and the GTK.so, and if you set permissions up, you should be able to make it work, if you want it to. The GTK.so is in the same path all the other extensions are... Also, when logged in through X it works, when using SSH to my machine, it doesn't. I asked on the php.gtk.general list, and I was told this behaviour is expected; the module needs a X environment. It's not going to be fixed in GTK2 either. For now, I've got two php.ini files. One with the extension loaded, one without. I will just have to use the PHP-cli -c flag (specify .ini file)... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] break up variable and put each element in an array
On Thu, 10 Aug 2006 17:17:23 -0500, Richard Lynch wrote: On Tue, August 8, 2006 3:47 pm, Fokkema, I.F.A.C. \(HKG\) wrote: If the user separates the dates by an enter in the textarea, you need to explode on \r\n. To be able to handle both, you need to use split() or preg_split(). When I use $datelist=$_POST[datelist]; $string=explode('\r\n',$datelist); '\r\n' and \r\n are not anything alike... \r\n only have special meaning inside of , not ' If you want to cover all browser/OS combinations, you'd want to pre-treat the text area input like: $datelist = $_POST['datelist']; $datelist = str_replace(\r\n, \r, $datelist); $datelist = str_replace(\r, \n, $datelist); Now all the date are separated by \n and you can reliably use explode(\n, $datelist); on them. Actually, I know that both Windows and Linux send a linebreak in a textarea as \r\n, not \n. I assume it's all the same for all platforms, and that Mac would send \r\n, too. Actually, I know that it's browser/OS dependent, cuz I had a bunch of Mac users who sent only \r all the time. This may be true only of OS 9, and you may not care about them anymore, but there it is. I also would not be so quick to claim that Linux sends \r\n -- It could be dependent on the browser, the OS version, the OS distro, some OS settings, ... I've tested this on different distros and browsers, all had sent \r\n and in years I've not had any problems with not receiving \r\n. But I did some extensive searching, and I found this in the W3C specifications: Line breaks, as in multi-line text field values, are represented as CR LF pairs, i.e., `%0D%0A'. (http://www.w3.org/TR/WD-html40-970917/interact/forms.html) Better safe than sorry, and I *know* I ran into this with some Mac users. Plus I hate trying to edit the text chunks in vi with those icky \r thingies that turn into ^M :-) Well, if it's true that some browsers on some platforms ignore the W3C standard, I guess we could use: $datelist = str_replace(array(\r\n,\n,\r),'BR',$_POST['datelist']); Ivo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Cron running 'Hello world' script dies with Could not startup.
On Wed, 09 Aug 2006 11:14:11 +0100, Colin Guthrie wrote: Ivo F.A.C. Fokkema wrote: SO: Loading the GTK library in your /etc/php4/cli/php.ini, KILLS the PHP-cli functionality from cron. On Ubuntu Dapper, that is. Not sure about other distros. Thanks guys, for all of your suggestions! Ahh it probably *needs* an X Server to work properly. I'll bet if you logged into your machine via SSH or the console without beign logged into a graphical env. that it would also fail. Bingo! You're absolutely right. I copied my php.ini to one that includes the module again, and when using that ini I can still run a 'Hello world' script through the console, but NOT when logged in through ssh from another machine. Good thinking! Well found tho', this would seem like a bug in the GTK stuff tho'. I'll file a bug against this behaviour upstream :) Thanks! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] problem with quotes (single and double) in forms
In case anyone's interested, here's the function I use in the open source project LOVD to undo Magic Quoting on all GPC arrays: function lovd_magicUnquote ($var = '') { if (!$var) { if (count($_GET)) { lovd_magicUnquote( $_GET); } if (count($_POST)) { lovd_magicUnquote( $_POST); } if (count($_COOKIE)) { lovd_magicUnquote( $_COOKIE); } } else { if (is_array($var)) { foreach ($var as $key = $val) { if (is_array($val)) { lovd_magicUnquote( $var[$key]); } else { $var[$key] = stripslashes($val); } } } else { $var = stripslashes($var); } } } // You can then just run on all scripts, // for compatibility regardless of the settings: if (get_magic_quotes_gpc()) { lovd_magicUnquote(); } Typically, I make sure my values are quoted and unquote them when needed, but I guess that's a matter of preference. Ivo On Thu, 10 Aug 2006 13:08:21 +0800, J R wrote: here's an improvement jwith recursion: function stripMagicQuotes($var) { if (get_magic_quotes_gpc()) { if(!is_array($var)) { $var= stripslashes($var); } else { array_walk($var, stripMagicQuotes); } } return $var; } hth, john On 8/10/06, Chris [EMAIL PROTECTED] wrote: Chris wrote: Chris wrote: J R wrote: try to use this few lines of code. function stripMagicQuotes($var) { if (get_magic_quotes_gpc()) { $var= stripslashes($var); } return $var; } this way you don't really have to worry if magic quotes is on or off. Then he has to modify all the code to call that function ;) Hmm actually: $_POST = stripMagicQuotes($_POST); should do it I guess.. not exactly ideal but would work quickly. Argh, self-replying (*think before hitting send*) :( Of course that function would need a bit more modification but should be able to get it recursive without too many problems. -- Postgresql php tutorials http://www.designmagick.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Cron running 'Hello world' script dies with Could not startup.
On Tue, 08 Aug 2006 17:01:13 +0200, Arno Kuhl wrote: Is there anything in your error log that says why it failed? (whatever error_log points to in php.ini, or maybe what ErrorLog points to in httpd.conf) Arno Hi Arno, thanks for your reply. However, the PHP-cli binary doesn't use the Apache error logs to dump error information. I have tracked this problem down to the PHP-cli's php.ini (see other post). Thanks for thinking with me! Ivo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Cron running 'Hello world' script dies with Could not startup.
On Tue, 08 Aug 2006 17:07:29 +0200, Ivo F.A.C. Fokkema wrote: On Tue, 08 Aug 2006 10:01:41 -0500, Ray Hauge wrote: On Tuesday 08 August 2006 09:01, Ivo F.A.C. Fokkema wrote: On Tue, 08 Aug 2006 09:01:42 -0500, Ray Hauge wrote: On Tuesday 08 August 2006 08:47, Ivo F.A.C. Fokkema wrote: Does the user running the cron have permission to execute the php binary? Yes, the file's owner is me and it's my crontab. Also, I've made the file readable to all, just in case. All directories up the directory tree are readable/executable, as well. I think he's asking if the php program is executable to you, the user. It is possible that it would only have execute for owner and group, not other. Sorry, yes, The PHP binary is executable by all. Actually, I'm very sure the error message Could not startup. is generated by PHP-cli. When googling on that exact message, I found it in the PHP-cli source code (including the period at the end). However, I cannot determine from the PHP-cli source code what's up. It looks like when you run the script, then it works just fine, but it blows up when you run it through cron. Two things I would check: 1) Cron can read your *.php files. 2) Cron can run php to test #2, have cron do a php -i and see what happens. 1) was OK, but 2) didn't return anything, not even an error... this has started me thinking, and when using -ni it works...! -n makes PHP-cli ignore the .ini file. When looking at my .ini file, the modification date is July 31st, the day it all stopped working. I need to leave now, but will investigate tomorrow to see what's up with my .ini files, on both machines, and check if my scripts run with -n or after tweaking of the .ini. Thanks! OK guys... guess what? It was the php.ini file from PHP-cli. I had been messing around with PHP-GTK and had edited PHP-cli's php.ini to load the gtk.so library (on both machines). Apparently, this stops PHP-cli to function completely from cron. Even the 'Hello world' script didn't run. The suggestion to try php -i got me thinking. Since that didn't return anything, I thought about trying php -h (worked) and php -ni (ignore .ini file). Suddenly, it worked... SO: Loading the GTK library in your /etc/php4/cli/php.ini, KILLS the PHP-cli functionality from cron. On Ubuntu Dapper, that is. Not sure about other distros. Thanks guys, for all of your suggestions! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Cron running 'Hello world' script dies with Could not startup.
Hi guys, I'm really stuck with this error and since my backup scripts are no longer running automatically through cron, I really need to get this fixed soon :) Suddenly my backup scripts die with the error Could not startup.. Only through the cron, it runs fine through the console. I've tried all kinds of tests with other PHP scripts, tried a different PC, asked my distribution mailing list, tried Google and searching this list, nothing... Script: ?php echo Hello\n; ? This is the crontab line: * * * * * /usr/bin/php -f /home/ifokkema/test.php - Running the exact same command from the command line works perfectly. - Cron output is nothing more than Could not startup.. - Have not changed the PHP installation or a cron related package. - Distribution: Ubuntu Dapper, problems started July 31st. Possibly after an upgrade, can't remember. - Tried on different Ubuntu Dapper install, same result. - PHP version: 4.4.2-1build1 - Yes, I've verified that I'm using the PHP-cli executable. Thanks for any input! Ivo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Cron running 'Hello world' script dies with Could not startup.
On Tue, 08 Aug 2006 09:10:53 -0400, John Nichel wrote: Ivo F.A.C. Fokkema wrote: Suddenly my backup scripts die with the error Could not startup.. Only through the cron, it runs fine through the console. I've tried all kinds of tests with other PHP scripts, tried a different PC, asked my distribution mailing list, tried Google and searching this list, nothing... Script: ?php echo Hello\n; ? This is the crontab line: * * * * * /usr/bin/php -f /home/ifokkema/test.php - Running the exact same command from the command line works perfectly. - Cron output is nothing more than Could not startup.. - Have not changed the PHP installation or a cron related package. - Distribution: Ubuntu Dapper, problems started July 31st. Possibly after an upgrade, can't remember. - Tried on different Ubuntu Dapper install, same result. - PHP version: 4.4.2-1build1 - Yes, I've verified that I'm using the PHP-cli executable. Does the user running the cron have permission to execute the php binary? Yes, the file's owner is me and it's my crontab. Also, I've made the file readable to all, just in case. All directories up the directory tree are readable/executable, as well. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] break up variable and put each element in an array
On Tue, 08 Aug 2006 14:50:53 +0100, Dave Goodchild wrote: On 08/08/06, Reinhart Viane [EMAIL PROTECTED] wrote: A. I have a page on which people can supply dates in a text area. Dates are entered like this: 3/01/2005 29/12/2005 2/01/2006 20/02/2006 28/12/2006 1/01/2007 15/02/2007 B. Now I need this Post element to be broken into pieces (per date) and each of those pieces should be put into a text so the outcome (echo on screen) would be like this: Date=3/01/2005 Date=29/12/2005 Date=2/01/2006 Date=20/02/2006 Date=28/12/2006 Date=1/01/2007 Date=15/02/2007 The posted variable from A looks like this (when written on screen): 3/01/2005 29/12/2005 2/01/2006 20/02/2006 28/12/2006 1/01/2007 15/02/2007 So I need break this up and store any individual date into a key of an array Afterwards I need to loop through this array and use the value of each key to be printed after 'Date=' try this: $string = 3/01/2005 29/12/2005 2/01/2006 20/02/2006 28/12/2006 1/01/2007 15/02/2007; $array = explode(' ', $string); foreach ($array as $value) echo Date: $valuebr /; If the user separates the dates by an enter in the textarea, you need to explode on \r\n. To be able to handle both, you need to use split() or preg_split(). -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Incrementing a page link, refresh problem
On Tue, 08 Aug 2006 14:54:08 +0100, Ross wrote: I write a session to determine what module a user is on $_SESSION['module_no']==1; when they get to the end of the module I want to create a dynamic link to the next module $increment = $_SESSION['module_no']++; $link= ../module_$increment.php; The problem is every time the page is refreshed $increment is added to. Any ideas or ways around this. I do not want to create an 'end_of module.php' page for every module. R. Don't you mean to do: $increment = $_SESSION['module_no'] + 1; Your code increments $_SESSION['module_no'] on every refresh... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Cron running 'Hello world' script dies with Could not startup.
On Tue, 08 Aug 2006 09:01:42 -0500, Ray Hauge wrote: On Tuesday 08 August 2006 08:47, Ivo F.A.C. Fokkema wrote: Does the user running the cron have permission to execute the php binary? Yes, the file's owner is me and it's my crontab. Also, I've made the file readable to all, just in case. All directories up the directory tree are readable/executable, as well. I think he's asking if the php program is executable to you, the user. It is possible that it would only have execute for owner and group, not other. Sorry, yes, The PHP binary is executable by all. Actually, I'm very sure the error message Could not startup. is generated by PHP-cli. When googling on that exact message, I found it in the PHP-cli source code (including the period at the end). However, I cannot determine from the PHP-cli source code what's up. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] break up variable and put each element in an array
On Tue, 2006-08-08 at 16:06 +0200, Reinhart Viane wrote: try this: $string = 3/01/2005 29/12/2005 2/01/2006 20/02/2006 28/12/2006 1/01/2007 15/02/2007; $array = explode(' ', $string); foreach ($array as $value) echo Date: $valuebr /; If the user separates the dates by an enter in the textarea, you need to explode on \r\n. To be able to handle both, you need to use split() or preg_split(). When I use $datelist=$_POST[datelist]; $string=explode('\r\n',$datelist); echo $string; foreach ($string as $value) { echo Date: $valuebr\n; this is what I get: ArrayDate: 24/12/2018 26/12/2018 31/12/2018 14/02/2019 14/03/2019 20/06/2019 24/06/2019 26/06/2019 27/06/2019 27/06/2019 You'll need to use \r\n, with double quotes. Single quotes don't interpret the \r\n the same. This solved the issue, although I find it rather bizar: $datelist=$_POST[datelist]; $string=preg_split('/\r\n/', $datelist, -1, PREG_SPLIT_OFFSET_CAPTURE); echo $string; foreach ($string as $value) { echo Date: $valuebr\n; } Btw the input is a copy/paste from within a program Thx all You might also want to try: $string=preg_split('/\s+/', $datelist); which would split on any (one or more) whitespace character(s). -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Cron running 'Hello world' script dies with Could not startup.
On Tue, 08 Aug 2006 07:28:43 -0600, Jef Sullivan wrote: Here is the cron command that we use. I've modified the path to the file for security purposes. */5 * * 1-6 lynx -dump http://fully.qualified.path/cron_test.php -auth=usr:pwd Jef Thanks for the reply. However, your example is not PHP-cli at work, but the webserver module. Lynx is started up to start the script through the browser. I use PHP-cli because cron sends the output of your script in an email to you, so I can see the output of my backup script. If I would run the script through a web-browser, I lose that functionality. Also, I'd have to make directories readable/writable to the webserver user, which I rather not do... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Cron running 'Hello world' script dies with Could not startup.
On Tue, 08 Aug 2006 10:01:41 -0500, Ray Hauge wrote: On Tuesday 08 August 2006 09:01, Ivo F.A.C. Fokkema wrote: On Tue, 08 Aug 2006 09:01:42 -0500, Ray Hauge wrote: On Tuesday 08 August 2006 08:47, Ivo F.A.C. Fokkema wrote: Does the user running the cron have permission to execute the php binary? Yes, the file's owner is me and it's my crontab. Also, I've made the file readable to all, just in case. All directories up the directory tree are readable/executable, as well. I think he's asking if the php program is executable to you, the user. It is possible that it would only have execute for owner and group, not other. Sorry, yes, The PHP binary is executable by all. Actually, I'm very sure the error message Could not startup. is generated by PHP-cli. When googling on that exact message, I found it in the PHP-cli source code (including the period at the end). However, I cannot determine from the PHP-cli source code what's up. It looks like when you run the script, then it works just fine, but it blows up when you run it through cron. Two things I would check: 1) Cron can read your *.php files. 2) Cron can run php to test #2, have cron do a php -i and see what happens. 1) was OK, but 2) didn't return anything, not even an error... this has started me thinking, and when using -ni it works...! -n makes PHP-cli ignore the .ini file. When looking at my .ini file, the modification date is July 31st, the day it all stopped working. I need to leave now, but will investigate tomorrow to see what's up with my .ini files, on both machines, and check if my scripts run with -n or after tweaking of the .ini. Thanks! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Regular Expression
On Wed, 24 Nov 2004 13:17:48 -0500, Ankur Os wrote: Hi, This is quite simpal problem that i want to made regular expression which can read this kind of structure... a,b,c not like this 1. ,a,a,a 2. a,,,aa,, 3. a,a,a,,, means simpal structure with comma (a,b,c...) Hi, Try this (untested) : preg_match('/^([a-c],)*[a-c]$/', $input); this will match characters a-c separated by commas. Replace 'a-c' by any range of characters you like. HTH, Ivo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: File Handing Windows / Linux
On Sun, 14 Nov 2004 18:21:23 +0100, M. Sokolewicz wrote: Steve Vernon wrote: Hiya! I am trying to make some code which gets a handle to a directory, but has different code for my localhost (Windows) and for online (Linux server). Basically, I want either of the below lines. Say if the first fails, it must be on Linux and then it uses the line below. The two example lines are: @ $handle = opendir(c:/websites/mywebsite/extra/photos/.$_GET['page']./); @ $handle = opendir(/home/mywebsite/public_html/extra/photos/.$_GET['page']./); Had a search on google, but not really sure what to look for! Love, Steve XxX if(false === ($handle = opendir(c:/websites/mywebsite/extra/photos/.$_GET['page']./))) { $handle = opendir(/home/mywebsite/public_html/extra/photos/.$_GET['page']./); } IMHO, it would be better to check the constant PHP_OS for the current OS or check the current $_SERVER['HTTP_HOST'] to find out whether you are on your local windows server or the linux server. So (not tested) if (strtoupper(substr(PHP_OS, 0, 3)) == 'WIN') { @ $handle = opendir(c:/websites/mywebsite/extra/photos/.$_GET['page']./); } else { @ $handle = opendir(/home/mywebsite/public_html/extra/photos/.$_GET['page']./); } HTH, Ivo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Meta refresh best answer ??
Hi Michael, I always use header('Refresh: 2; url=' . $_SERVER['PHP_SELF']); to reload the current page every 2 seconds. You may want to pass $_GET variables, depending on your needs. Also make sure you call this function _before_ any other output has gone to the browser. HTH, Ivo On Mon, 08 Nov 2004 22:26:53 -0700, Michael Gale wrote: Hello, I really wanted to know if there was a better way to do this using PHP ? That is why I e-mailed the list. Michael. Michael Gale wrote: Hello, I am working on a site where people will be updating information in a database and should have up to date info. Now since HTTP is stateless the user will not know about any new information until they click on a link or hit a button on the page. My question is -- if I want to keep a user up to date about changes to any information they might want to know would it be best to create a hidden frame of some sort which does a mete-refresh to a page looking for updates, and if found display a java popup window with a small FYI ? If so would a meta-refresh of 3-5 seconds be to aggressive ? What about server load ? Is there a better way ? Hope I was clear, thanks. Michael. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] in_array not operating as 'expected'
Hi guys and gals, I'm not screaming Bug! Bug! but this _does_ look 'illogical' to me. I've searched the archives, but found no earlier conversation. Sorry if I missed it. Consider the following code: var_dump(in_array('test', array(0))); What does this return? I expect bool(false), but it returns bool(true). After some searching the web, I bumped into this: http://www.phpdiscuss.com/article.php?id=67763group=php.bugs Basically, it is said by derick [at] php.net that this behavior is expected. The following code : var_dump('test' == 0); also returns bool(true). But my logic tells me, that if 'test' == 0, then : if (0) { ... } should do the same as if ('test') { ... } but it doesn't! The first if-statement is _not_ executed, the latter is. In my opinion, this is not correct. Any thoughts on this? Am I not seeing the logic here? Thanks for your thoughts. Ivo Fokkema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: in_array not operating as 'expected'
Thanx both of you, I know the type-casting bit and have noticed the third parameter which 'fixes' the in_array issue. I just missed 'test' == 0 implied (int) 'test' == 0. Typecasting a string to integer indeed returned 0. Typecasting is of course not necessary within if statements, resulting in my confusion. Thanks again, Ivo On Tue, 09 Nov 2004 12:42:51 +0200, Bogdan Stancescu wrote: Apart from Marek's reply, you should probably check the in_array() documentation (look at the third, optional parameter) and search for type casting on php.net. Cheers, Bogdan Ing. Ivo F.A.C. Fokkema wrote: Hi guys and gals, I'm not screaming Bug! Bug! but this _does_ look 'illogical' to me. I've searched the archives, but found no earlier conversation. Sorry if I missed it. Consider the following code: var_dump(in_array('test', array(0))); What does this return? I expect bool(false), but it returns bool(true). After some searching the web, I bumped into this: http://www.phpdiscuss.com/article.php?id=67763group=php.bugs Basically, it is said by derick [at] php.net that this behavior is expected. The following code : var_dump('test' == 0); also returns bool(true). But my logic tells me, that if 'test' == 0, then : if (0) { ... } } should do the same as if ('test') { ... } } but it doesn't! The first if-statement is _not_ executed, the latter is. In my opinion, this is not correct. Any thoughts on this? Am I not seeing the logic here? Thanks for your thoughts. Ivo Fokkema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Download Script
I am wondering if this is my headers that are doing this, but I really dont know. I think its an IE or Windows behavior and what causes it is the multiple dots in the filename. I resorted to naming our downloads filename-v1_0_2_1.exe -Original Message- From: Aaron Todd [mailto:[EMAIL PROTECTED] Sent: Friday, August 27, 2004 11:35 AM To: [EMAIL PROTECTED] Subject: [PHP] Download Script I've created a download script that works quite nicely. The only issue with it is that when I download a file where the file name is like filename v1.0.2.1.exe there is some extra characters added into the name when it is downloaded. So that file will be filename v1[1].0.2.1.exe. I am wondering if this is my headers that are doing this, but I really dont know. Here is my code: ?php $file = $_GET['file']; $path = $_GET['type']; $rootpath = /home/virtual/site341/fst/var/www/downloads/; $filename = $rootpath$path/$file; if (file_exists($filename)) { header(Content-Description: File Transfer); header(Pragma: no-cache); header(Content-Type: application/force-download); header(Content-Disposition: attachment; filename=.basename($filename)); header(Content-Length: .filesize($filename)); $handle = fopen(($filename), r); print(fread($handle, filesize($filename))); flush(); fclose($handle); } else { header(HTTP/1.0 404 Not Found); } ? If anyone can let me know what is going on I'd appreciate it. Thanks, Aaron -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] view outputed headers?
I've been using mozilla firebird as a test browser with the 'Live HTTP Headers' extension. I've found it most useful. http://texturizer.net/firebird/extensions/#livehttpheaders -Original Message- From: Scott Taylor [mailto:[EMAIL PROTECTED] Sent: Sunday, January 11, 2004 9:34 PM Subject: [PHP] view outputed headers? What is the easiest way to view the headers that a PHP page has put out? I've seen the |var_dump(headers_list()); on php.net but this always gives me an error (such as: | bFatal error/b: Call to undefined function: headers_list() in /usr/local/psa/home/vhosts/a.com/httpdocs/my/page.php/b on line b79/bbr -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] if(NANC 0) - always evaluates TRUE...
...no matter what follows the NANC...seems like a bug. if(NA 0) { print(err 1\n); } if(NAN 0) { print(err 2\n); } if(NANC 0) { print(err 3\n); } if(NANCY 0) { print(err 4\n); } // output err 3 err 4 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] if(NANC 0) - always evaluates TRUE...
Hi, Never noticed it before...only after the linux box got updated to v4.3.4...running the script against my v4.2.3 also outputs err 3 err4...version 4.0.6 outputs nothing as it should. Odd...not sure where to start digging to figure this...in the meantime I'll work it around like this: $data = 'NANC'; if(is_numeric($data) $data 0) { die('Not OK'); } print('OK'); Where do I file this for developers with some time on their hands to look at? Thanks, Ivo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Strong typed or Weak typed? (was: if(NANC 0) - always evaluates TRUE...)
-Original Message- From: CPT John W. Holmes [mailto:[EMAIL PROTECTED] From: Kelly Hallman [EMAIL PROTECTED] On Tue, 6 Jan 2004, Ivo Pletikosic wrote: $data = 'NANC'; if(is_numeric($data) $data 0) { die('Not OK'); } Interesting problem, one of the first legit oddities I've seen since joining the list. Anyway, in addition to your workaround, casting the variable as an int also appears to result in the desired behavior: (int)NANC 0 == false This all kind of begs the question of why you'd check if a string was less than zero, anyhow, doesn't it??? ---John Holmes... I have a function that returns a string on success or a negative value on error. I was operating under the impression that php was weakly typed but the bug.php.net entry I just did was summarily closed with the comment never ever compare different types like that. So I am incorrect about what weakly typed means or something is off. In php I indicate strong-type comparisons with === and weak with == . When doing relative ( or ) comparisons tho then casting is necessary or the results are unexpected. C. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Verifying a url
It did not work for me but since I have only one http port and one https port on my server i use instead if( $_SERVER['SERVER_PORT'] == 80 ) echo 'http'; C. -Original Message- From: Richard Davey [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 06, 2004 6:56 PM To: Thomas Andersen Cc: [EMAIL PROTECTED] Subject: Re: [PHP] Verifying a url Hello Thomas, Wednesday, January 7, 2004, 2:49:48 AM, you wrote: TA My web site has two different ways to be accessed. One is through a SSL TA connection and the other not. TA Does anyone know how to check either the URL that is being used (https would TA give away the SSL) or if you can check if SSL is being used? I'm pretty sure the following would work: if ($_SERVER['SERVER_PROTOCOL'] == HTTP/1.1) { echo Normal site; } -- Best regards, Richardmailto:[EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] HTTP request contents
Hi everyone, I need to know, if there is a possibility to read full contents of HTTP request. I know, the response can be sent by header() function. But can I get the request of the client for server? Thank you, Ivo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Pictures stored in database and IE
Hi everyone, The pitfall I am trying to solve is confusing and to be honest I have not as much experience with http to solve it right now. My application is quite straightforward. Its purpouse is to load image off the MySQL and send it to client to render it. I have php script, which reads data together with file type off the table and sends it to client (of course after all necessary headers are sent). On the client then some five pictures are animated one after another (all beeing read from table as described above), so it looks like a simple animation. Under Mozilla this works fine, but under IE (6.0) the JavaScript OnLoad event on Body Tag just does not fire up. My suspicion is, that there is something in http protocol I missed/omitted/forgot to do, so IE still thinks that page is not finished loading and so the event handler does not gets executed. Is there something I have to send on the end after data are transmitted? Or, do I have to send just headers and data and nothing else. But anyway I think, problem is on PHP(?)/mine site, not on IEs side. Looking forward for your ideas, Ivo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Validating Subdomain E-mail Addresses Using Regular Expressions
Jami Moore [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I have been trying all weekend to get this right, and so far it does not validate an e-mail address with a subdomain. -- Code -- $empatt = ^[_a-z0-9-]+(\.[_a-z0-9-]+)[EMAIL PROTECTED](\.[a-z0-9-]+)*(\.[a-z]{2,3})$; if(eregi($empatt, $email)) { //do stuff } -- End Code -- Try this pattern (which I use): [EMAIL PROTECTED],4}$ HTH, Ivo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] -f function ???
[snip] Does this parameter have anything to do with the -f option of the Unix/Linux sendmail command? [/snip] I'm not a linux expert, but as far as I know, it's the same. It allows users to set the Return-Path header with the mail() function, but this is disallowed when your PHP is set to safe_mode. HTH, Ivo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Encrypt/Serialize Source Code for Sale
Hi, I've actually been looking for this kind of things for a while as well. However, I would not want my client to install something to uncode the scripts (probably causing the scripts to be unencoded easier). I found these: PHP OBFUSCATOR http://richard.fairthorne.is-a-geek.com/utils_obfuscate.php Phrozen http://sourceforge.net/projects/phrozen/ POBS http://pobs.mywalhalla.net/ Anyone have any recommendations or experience with any? -- Ivo Evan Nemerson [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Take a look at Turck MMCache (free) and Zend Encoder (not). http://www.turcksoft.com/en/e_mmc.htm http://www.zend.com/store/products/zend-encoder.php On Saturday 06 September 2003 01:59 pm, Charles Kline wrote: What methods are available (ups and downs) for encrypting and serializing php applications for sale? Thanks, Charles -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: accessing $GLOBALS values
Dennis Gearon [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] [snip] One thing I'm a little confused about is the usage of $GLOBALS array, in this manner: $GLOBALS[SOME_NAME]. I thought that it should be: $GLOBALS['SOME_NAME']. Hi, You should use quotes to tell PHP it's a string you're using as a key of $GLOBALS. However, when not using quotes PHP will first look for a constant with that name. If PHP can't find any, it will assume it's a string. So not using quotes might lead to problems when you use the name of a constant as a key. I hope this is clear, more info can be found at http://www.php.net/manual/en/language.types.array.php and scroll down to 'Array do's and don'ts' - 'Why is $foo[bar] wrong?' HTH, Ivo Fokkema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Interview questions
Gabriel Guzman [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] On Tue, 2003-08-26 at 10:00, CPT John W. Holmes wrote: PHP is server side, so it obviously cannot control light bulbs. Use javascript. maybe the lightbulbs are connected to the server :) as seems to be the case right here : http://www.drivemeinsane.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php