[PHP] Security in virtual host server
Hi I have a server with multiple users, each with user space that may contain a public_html directory. The main site also has a web page, but I'm having trouble configuring PHP securely. Anyone with access to PHP can write a script to find and print out any file in the main page, and one of these files may contain secure information, like passwords etc. It seems that the only way to get around this is to use php in cgi-bin mode. What I want to do is make this transparent to users, so that they don't need to make their files executable and put the #!/usr/bin/php4 -q on the top of each php file. If I can make it so they don't even realise that they're using cgi-bin php, then that's perfect. Is there any way I can do this? I'm using php 4.2.x with apache 1.3.x on top of Debian GNU/Linux potato/stable. Thanks --jaa -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] nl2br returns BR /? normality or a bug?
On Saturday 06 Apr 2002 07:56, Miguel Cruz wrote: On Sat, 6 Apr 2002, Justin French wrote: on 06/04/02 11:05 AM, Maxim Maletsky ([EMAIL PROTECTED]) wrote: It DOES NOT work fine in every browser. I'd love to give you a prov, but because I am lazy I will just tell you this formula: Again. I was only stating MY experience. Every browser I can get my hands on. I do extensive testing, and have never seen a BR or BR/ or BR / misbehave. If you have seen it perform unexpectedly, I'm keen to hear about. For what it's worth, I just tried on the following browsers (all I have at my disposal at home) and it works fine: links 0.96 lynx 2.8.3 Opera 5.0.498 (Mac) IE 5.1.3 (Mac) Mozilla 0.9.9 (Mac) Netscape 6.1 (Mac) Add Konqueror on Linux to this list. Also note that links 0.84 (the latest version on Debian Stable) does _not_ parse XHTML tags correctly. --jaa -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Forum with PHP, without using mySQL..
On Monday 01 Apr 2002 12:44, MiXmAsTeR wrote: Hi, I run a Sports site. And need a forum, in php, that dosen't use mySQL. Anyone know any good, without any advertice, exept some from the one who made it ? PHPBB v2.x and OpenBB can run on top of PostgreSQL 7.x --jaa -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Problem with CGI mode
Hi I need to run some pages on my site in CGI mode for security reasons. I've put #!/usr/local/bin/php at the top of the script in question, and given it the .cgi extension so that apache treats it as a CGI. The script works, but the first thing it does is print out #!/usr/local/bin/php, because that's the first line of the script. If I remove that line, I get an internal server error, because apache doesn't know where php is located. Does anyone have any ideas? --jaa -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Has anyone looked at phpinfo today?
? phpinfo(); ? Notice anything different? --jaa -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] building a control panel in php
On Wednesday 20 Mar 2002 02:42, Thalis A. Kalfigopoulos wrote: -Original Message- From: Miguel Cruz [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 19, 2002 5:49 PM To: Paul ... Cc: [EMAIL PROTECTED] Subject: Re: [PHP] building a control panel in php On Wed, 20 Mar 2002, Paul ... wrote: just thinking about making a small control panel for my server so i can do the web hosting related things from the web... would php be a good language to do this in and if so why?.. what would be the ups and downs? The fastest way would be to download Webmin from here (http://www.webmin.com/), then change all the comments so it says you wrote it. Seriously, you might want to look into that because a lot of people have already put a lot of work into making something fairly comprehensive. miguel Yes, but how safe can one feel having all this power-functionality over a webpage? (I presume lots of stuff is SETUID;Correct?) Webmin is modular. You only install the modules you want to control over the web. You can also retrict access to port 1 (on which it lives by default) in the normal way. I imagine you can set it to do HTTPS connections as well, but I've not tried that because I only use it locally. --jaa -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] HTMLnetscape issue
On Wednesday 20 Mar 2002 18:11, Vlad Kulchitski wrote: Hi, Sorry for repeating myself, but am lost and still can't find a solution to the following problem, I need to specify a background image for td like the code below: tr td background=images/bottomcell_bg.gif/td /tr This code works EVERYWHERE (in all browsers) but Netscape Navigator 4.xx versions. Yes, Netscape 4.x doesn't do table backgrounds according to HTML spec. There is no solution for it, and you'll have to work your way around it, either by changing the design for your page, or by giving an alternative layout which is displayed when netscape users pay a visit. The second way I mentioned is really surprisingly easy using CSS. --jaa -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Problem with posting
I'm writing a voting script, but I have a problem with it. Voters cast their vote by submitting a form. When this form is received it is added to the database, and a session variable is set saying that they've voted. The problem is that once someone's voted they can just press reload on their browser and it sends another vote. This happens in Netscape 4.x. All other browsers either do not submit form data or recognise that the session variable is set. Any ideas on how to fix this? Thanks. --jaa -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Problem with posting
On Wednesday 20 Mar 2002 19:40, Rick Emery wrote: What do you mean All other browsers either do not submit form data? I mean when the user hits 'reload' the POST data is not resubmitted. Some browsers do not resubmit form data, some do, and some prompt. What kind of user authentication are you using? If none, they'll vote and vote often. A session variable is used to store who has voted and who has not. Netscape and Mozilla seem to eschew this somehow. Not sure how. In IE it works fine, even when you choose to resubmit the form data. Hit http://wired.st-and.ac.uk/ to see what happens. --jaa -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] HTMLnetscape issue
On Wednesday 20 Mar 2002 19:43, Nathan Cassano wrote: Yes here is a solution to this problem and I am surprised no one on this list pointed it out. Simply put a transparent dot within a cell table that you wish to have the background image display. Netscape 4 in retarded in the fact that it will not display a cell background image unless it has cell content. tr td background=images/bottomcell_bg.gifimg src=images/transparent_1x1_dot.gif/td /tr Not only that, but it doesn't inherit the background image from its parent properly. For example, table background=myimage.gif trtdSome text/tdtdMore text/td/tr tr colspan=2tdEven more text/td/tr /table You'll find that the background is repeated in each cell, not that the cells are transparent and the table area has a background. This is mightily annoying. --jaa -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Success Using PEAR?
On Saturday 16 Mar 2002 20:32, Bryan Henry wrote: anyone had success using PEAR? I have read the documentation and been trying to use the PEAR files that came with PHP 4.1.2 , PEAR cvs and PHP4/PEAR cvs with no success. I wish there was some updated documentation, and more explanation on which files to use for stable development. Every answer I get from people developing PEAR is vague and contradictory. What part of PEAR? I use the DB,DB-pager and RSS functions from PEAR. They seem to work well. --jaa -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Sessions and multiple domains
Hi I have this problem is that the website I am designing can be accessed using multiple addresses: wired.st-and.ac.uk, wired.st-andrews.ac.uk, wiredsoc.st-and.ac.uk or wired (internally). The trouble is that the cookie is locked to one address. For instance, if I initialise it in wired.st-and.ac.uk then the session variables I register will not be used in wired.st-andrews.ac.uk or wired. Does anyone have a way around this? --jaa -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Netscape vs. IE/Mozilla
On Friday 08 Mar 2002 15:44, Vlad Kulchitski wrote: Hi guys, I know it's a wrong place to ask about this, but I am sure someone here faced the same problem. I am trying to get the site to look consistent in Netscape Navigator and it's giving me hard times. Yes, this is a bug in Netscape 4.x. You just have to make your site so that it doesn't look too bad without the table backgrounds. Either tables or/and cell background doesn't show up or spacing between two tables is not what it is supposed to be. Netscape doen't do table backgrounds properly. I suppose you could test to see if the client browser is Netscape6 and adjust accordingly..? --jaa -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Userfriendly
On Thursday 07 Mar 2002 16:22, Josiah Wallingford wrote: Hello, Does anybody know of a php script that will email the daily userfriendly.org comic? Not sure about this -- Userfriendly.org is maintained by advertising, so unless you want to pay them a royalty for every page you view they might not appreciate it. Josiah Wallingford Email = [EMAIL PROTECTED] Mailing lists: PHP General - [EMAIL PROTECTED] BBEdit Talk - [EMAIL PROTECTED] BBEdit Web Authoring - [EMAIL PROTECTED] ICRadius - [EMAIL PROTECTED] Linux Newbie - [EMAIL PROTECTED] MySql - [EMAIL PROTECTED] Messenger Services: (MSN Instant Messenger = josiahlizzard) (ICQ # 150522268) (Yahoo Instant Messenger = josiahwallingford) (AIM American Online Instant Messenger = JosiahWalling) Web Pages: www.josiahw.com www.pooponwindows.com www.mymysql.com www.bigbirdlinux.com www.sofast.net www.darwinduck.com Nice sig. --jaa -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Parsing Content
On Tuesday 05 Mar 2002 15:07, Erik Price wrote: On Monday, March 4, 2002, at 06:10 PM, Jonathan Duncan wrote: I want to make a web site that displays news headlines from my favorite news sites. PEAR has an RSS headline class that's dead easy to use and works for RDF files. Incidentally, does anyone know any good sites with RDF headlines? I've already got slashdot, newsforge and theregister. I'm looking for a few more good sites. Cheers, --jaa -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] MacOS-style pager
Hi Does anyone know of any MacOS-style pager applets? Something that would sit in the panel and display the current app, and give me a drop down list of running apps. GNOME has a very good one, and I miss it having switched to KDE. --jaa -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] MacOS-style pager
Sorry -- that was supposed to go to the KDE list :) On Monday 25 Feb 2002 20:12, James Arthur wrote: Hi Does anyone know of any MacOS-style pager applets? Something that would sit in the panel and display the current app, and give me a drop down list of running apps. GNOME has a very good one, and I miss it having switched to KDE. --jaa -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Secure User Auth
Hi I have a web site that needs a secure login system. Users of the system can SSH in to the server, and POP, IMAP, Postgres and other services are provided, and I'd like the users to be able to log in to the site - obviously as securely as possible. Maybe using SSL + sessions? I have not used SSL or HTTPS before, and certainly not with PHP. Can anyone give me any suggestions? Thanks --jaa -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Convert PostgreSQL timestamp to nicer format
Hi How can I convert the PostgreSQL timestamp to several strings? This sort of thing: array($hour,$minute,$second,$day,$month,$year) = convert($timestamp) Thanks --jaa -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: [PHP-DB] PHP + Postgresql + Linux = Frustration
Is there an easy way to do this sort of stuff on Linux or is it better to just buy off the shelf products that work? Hi I hate to do the my distro is better than yours thing, but typing apt-get install postgresql postgresql-client apache php4 php4-pgsql at the command line on a Debian system will download and install it all automatically for you. Just configure the postgres settings to how you want them, edit the php.ini and httpd.conf files and that's it. I run a debian-based system at home with postgresql, apache and PHP4, and I've also set up web servers with this configuration on Debian boxes. If you're looking for ease-of-maintainence of a Linux server, then Debian is really the one you want to look at. --jaa -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] POSTing HTML into a database
On Monday 07 January 2002 01:59, Richard S. Crawford wrote: I've used a combination of addslashes() and stripslashes() along with htmlspecialchars() to perform just that sort of thing, though I used MySQL instead of PostreSQL. Can you help me along a bit further? I can't seem to get them in the right order. Thanks. --jaa -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] POSTing HTML into a database
Hi I need a user to be able to enter submit HTML code (also perhaps containing PHP code) via a web form, which will then be entered into a database. The data is typed in to a textarea, which is then posted to my script. I notice that some special characters come out of this process escaped, but the escaping sequence does not appear to be entirely compatible with the SQL query I'm using to insert it into a table. Can anyone tell me the correct way to convert the output from the form into a format that PostgreSQL will accept, and then how to convert it back so that it's identical to what the user entered before being escaped by post (so that I can just use print to print it out)? Thanks. --jaa -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Most secure way to send a password
Hi The most insecure part of entering a password in a web form is when you click submit and your password is sent in plain text form to your next PHP script. Is there any way around this without using JavaScript? How secure is it to use HTTP_AUTH? Cheers --jaa __ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
