Re: [PHP] PHP Security

2001-09-13 Thread Sean C. McCarthy 

Hi,

I don't think there is any other way, at least so easy to extend. The
only improvement will be to combine the system with calls to NIS or a
Kerberos/RADIUS server. If you have such a server (or maybe LDAP ???)
you should combine it for administration easiness.

[EMAIL PROTECTED] wrote:
 
 This is a rehash of a post earlier today!
 
 I implement security with user hierarchies which I will describe here (and
 also a more flexible method, user groups, which I will outline later ).
 
 I use a procedure called ensure_logged_in ( $level ).  It is wrapped around
 all .PHP where security is required (as an 'if' which is the first line on
 the page with '}' as the last ), so
 
 ?
 if ( ensure_logged_in( 5 ) ) {
   ...
   do stuff
   
 }
 ?
 

A better way will be (I think):

?
if ( !ensure_logged_in( 5 ) ) {

header(Location: $NOT_AUTHENTICATED);
exit;

};
   ...
   do stuff
   
?


That way you could just put it in a file and include it at the header,
not needing to wrap the code around. He was talking about thousands of
pages!!!

 Levels are implemented as such.  Punter could be 0, Administrator 5 and
 Suppresser 9.  You could then pass this through to the function.  So
 ensure_logged_in(5) would return true if user was at least of level 5
 (allowing levels 5,6,7,8,9 access).  For pages for punters who must be
 logged in use ensure_logged_in(0).
 
 The ensure_logged_in function checks the level and if the user is not
 authorised displays an error and login form (the function returns false).
 This will then post to where you currently post for login processing (I
 actually include the form in and reuse it for both here and login.php ).
 
 Alternatively ensure_logged_in could just display an error message (and
 maybe email the administrator if the person was logged in and trying to
 access an unauthorised part of your system ).
 
 There is in fact another function ( is_logged_in ) which ensure_logged_in
 uses and also returns Boolean.  This function enables different
 functionality for different levels ( i.e. not including certain fields
 unless user is of a certain level ).
 
 User level is held in a session variable ( i.e. $SESSION[user][level] )
 and set when logged in.
 
 The alternative would be to define groups and say which .PHP modules have
 access to which groups.  You can then allocate users to a gropes (or a
 number of groups).  Each .PHP module is then wrapped with a function ( say
 chack_security() ) which works similar to ensure_logged_in. I have only
 done this sort of thing in oracle applications ( client/server non web )
 but the principle is the same.  You could also go further and define
 database access as well as module using something like  :-
 
 Table module_access
   module_name varchar( 100 )
   allow_update Boolean
   allow_insert Boolean
   allow_delete Boolean
 
 Don't see much point in allow_select ;-)
 
 Sure you could also define which fields users DO  NOT have access to on top
 of this with another table ( defining what fields users DO have access is
 crazy as this security is built on top of previous ).
 
 Please let me know what you think, at least I then know someone red it -:)
 
 Ben
 
 Regards,
 Ben
 
 Allen May [EMAIL PROTECTED] on 13/09/2001 13:40:06
 
 To:   [EMAIL PROTECTED]
 cc:
 Subject:  [PHP] PHP Security
 
 I have been using the .htpasswd/.htaccess convention to authenticate our
 3000 employees.
 I want to move away from the .htpasswd/.htaccess convention and use a PHP
 form to authenticate against the database.
 
 I can create the PHP authentication page, no problem, but how do I check
 authentication on the thousands of HTML pages I already have on the site?
 For several reasons I don't want to do cookies. Can I set a session
 variable
 in the PHP and conditionally check it with Javascript, if fail go to PHP
 authentication form?
 
 What is the javascript session variable function?
 
 Thanks
 
 -Allen
 
 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 To contact the list administrators, e-mail: [EMAIL PROTECTED]
 
   
 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 To contact the list administrators, e-mail: [EMAIL PROTECTED]

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP] Re: Uploading Photos to MySQL

2001-09-12 Thread Sean C. McCarthy 

Hi all,

If you mean http://www.webtechniques.com/archives/1998/02/lerdorf/ what
inserts in the DB is just the image's name, but not the file itself.

What is exactly the problem you are having with the class? Just a couple
days ago I had a problem uploading files into a MySQL DB because the
addslashes function. As I have seen in this code it also uses it. Your
problem is with getting corrupt data from the DB?

If it is this use base64_encode and base64_decode. This is a tip Chris
(only know his name) gave me as no solution for addslashes was given...
Thanks again Chris!!

Sean C. McCarthy
SCI, S.L. (www.sci-spain.com)


Richard Lynch wrote:
 
 Rasmus' classic Photo Album is still online with source code.
 
 Google:
 Rasmus Lerdorf and Photo Album
 
 --
 WARNING [EMAIL PROTECTED] address is an endangered species -- Use
 [EMAIL PROTECTED]
 Wanna help me out?  Like Music?  Buy a CD: http://l-i-e.com/artists.htm
 Volunteer a little time: http://chatmusic.com/volunteer.htm
 - Original Message -
 From: Mike Gifford [EMAIL PROTECTED]
 Newsgroups: php.general
 To: [EMAIL PROTECTED]
 Sent: Tuesday, September 11, 2001 2:45 PM
 Subject: Uploading Photos to MySQL
 
  Hello,
 
  Has anyone developed another class for uploading images to a MySQL
 database?
 
  I downlaoded upload_db.zip from:
  http://circle.ch/scripts/
 
  as it was a phplib based and it looks like it should do what is required.
  However it doesn't seem to be working.
 
  Does anyone else have any good pointers to scripts to store jpg/png files
 in
  MySQL using PHP?
 
  Thanks.
 
  Mike
  --
  Mike Gifford, OpenConcept Consulting, http://openconcept.ca
  Offering everything your organization needs for an effective web site.
  Abolish Nuclear Weapons Now!: http://pgs.ca/petition/
  In all things it is better to hope than to despair.Wolfgang von Goethe
 
 
 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 To contact the list administrators, e-mail: [EMAIL PROTECTED]

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP] Re: Uploading Photos to MySQL

2001-09-12 Thread Sean C. McCarthy 

Mike Gifford wrote:
 
 Hi Sean,
 
 Sean C. McCarthy wrote:
  If you mean http://www.webtechniques.com/archives/1998/02/lerdorf/ what
  inserts in the DB is just the image's name, but not the file itself.
 
 I had trouble opening up the upload.php3 file in list six, so I couldn't verify
 by looking at the code.  Not sure if it was the javascript or what, but I
 couldn't open it.

I'll send you the code at a separate message, but just look at the
tables definitions. There are no blob columns. 

 
  What is exactly the problem you are having with the class? Just a couple
  days ago I had a problem uploading files into a MySQL DB because the
  addslashes function. As I have seen in this code it also uses it. Your
  problem is with getting corrupt data from the DB?
 
 Add slashes are included as the file is added to the array:
 $this-daten[image] = addslashes(fread(fopen($userfile, r),
 filesize($userfile)));
 
 Some content almost gets inserted.  However it only gets as far as:
 Content-Type: image/jpeg ÿØÿà
 
 The image filed is just a blob
 

Correct! I tried the same but with PDF files. The problem I had was that
stripslashes and stripcslashes were not working as the manual said. When
I had one \ addslashes() gave me \\ (comfirmed at the DB) but
stripslashes() gave me a big nothing striping everything.

  If it is this use base64_encode and base64_decode. This is a tip Chris
  (only know his name) gave me as no solution for addslashes was given...
  Thanks again Chris!!
 
 Ok..  This is getting better..
 
 http://php.net/manual/en/function.base64-encode.php
 $this-daten[image] = addslashes(base64_encode(fread(fopen($userfile, r), 
filesize($userfile;

Just 

$this-daten[image] = 
base64_encode(fread(fopen($userfile, r), filesize($userfile)));


The special chars in RFC2045 are from
http://www.ietf.org/rfc/rfc2045.txt?number=2045 :

 tspecials :=  ( / ) /  /  / @ /
   , / ; / : / \ / 
   / / [ / ] / ? / =
   ; Must be in quoted-string,
   ; to use within parameter values

Ok _ is not there... but anyway you are not going to make searches
with  ... like 'something_' 

 
 gives me quite a lot more information.  Even looks like when I upload different
 images, that it is different information (unlike previous attempts)
 
 Unfortunately, it still isn't producing the graphic that I'm looking for...
 Hmm..
 
 I get raw code easily enough:
 http://pgs.ca/WLP/profiles/getimage-simple.php3?imageID=16
 http://pgs.ca/WLP/profiles/getimage-simple.php3?imageID=17
 http://pgs.ca/WLP/profiles/getimage-simple.php3?imageID=18
 
 Which is generated by:
 mysql_connect($DBHOST, $DBUSER, $DBPASS);
 mysql_select_db($DATABASE);
 $resultset = mysql_query($query);
 $query = SELECT image FROM ztpv_images WHERE imageID = $imageID;
 $resultset = mysql_query($query);
 print(stripslashes(base64_decode(mysql_result($resultset, 0, Image;
 
 So I couldn't either view the file here..  or within a SRC=.  See:
 http://pgs.ca/WLP/profiles/test.html
 
 Also thanks for providing the direct URL for :Rasmus' classic Photo Album is still 
online with source code.
 Google:
 Rasmus Lerdorf and Photo Album

Have you forgot to add:

header (Content-Type: image/jpeg);

just before the print? If you have the type will be text/plain (or
text/html or something). Add it just before anything gets outputed.

doing a wget -s I got the replies from your scripts like:

Content-Type: text/html
Content-Type: image/jpeg



No idea about this...

Sean C. McCarthy
SCI, S.L. (www.sci-spain.com)

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP] Accessing pdf file thru php

2001-09-12 Thread Sean C. McCarthy 

Hi,

I have the same problem going on. I have tried IE on Windows 98, 2000
and Netscape on Linux, 98 without any difference. I can't check it
because using https and sessions, but can anyone try to use wget with
the -s option to see what is going on the headers? Also might be useful
to see what PHP are u running. 

Mine PHP4.0.3pl1 on Linux+Apache

Sean C. McCarthy
SCI, S.L. (www.sci-spain.com)

PS: I know I should upgrade when having funny problems, but actually we
are almost finishing a project a we cant stop to recompile and
reinstall.


Matthew Loff wrote:
 
 Are you using Internet Explorer?  I've found that broken installations
 of Acrobat will cause that... Try reinstalling acrobat on your computer,
 and also try using Netscape... See if they work.
 
 --Matt
 
 -Original Message-
 From: George Pitcher [mailto:[EMAIL PROTECTED]]
 Sent: Wednesday, September 12, 2001 10:01 AM
 To: Brad S. Jackson
 Cc: [EMAIL PROTECTED]
 Subject: Re: [PHP] Accessing pdf file thru php
 
 Brad,
 
 Thanks for that pointer.
 
 However, with that implemented, all I get is the PDF coding dumped onto
 the screen - no pdf file downloaded!
 
 Any further suggestions. I feel as though I'm getting there . . .
 slowly.
 
 George
 
 - Original Message -
 From: Brad S. Jackson [EMAIL PROTECTED]
 To: George Pitcher [EMAIL PROTECTED]
 Sent: Wednesday, September 12, 2001 2:52 PM
 Subject: Re: [PHP] Accessing pdf file thru php
 
 
 
  You should call header() for each header line.  And you should only
  send
 one
  content type header.
 
  header(Content-type: application/pdf);
  header(Content-Disposition: inline;
 filename=D:\\Pdf\\0226138097(57-77).pdf);
  header(Content-Length: $len);
 
 
  George Pitcher [EMAIL PROTECTED] wrote:
  Hi all,
 
  I'm trying to build php into an existing solution which uses Lasso.
 
  I have tested the passing of data from Lasso to php and that works
  fine.
 
  I want Lasso to pass the filename over to a php page and for that page
 
  to grab the file from a folder outside of the webroot and push it out
  to the user, at the same time as presenting them with a confirmation
  form so that downloading can be confirmed.
 
  I have tried the following code without any good results:
 
  ?php
  $filename=D:\\Pdf\\0226138097(57-77).pdf;
  $len = filesize($filename);
  $header=
  Content-type: application/pdf
  Content-type: application/x-octet-stream
  Content-Disposition: inline; filename=D:\\Pdf\\0226138097(57-77).pdf
  Content-Length: $len;
  header=($header);
  readfile($filename);
  ?
 
  I get a parse error on the line that calls the header.
 
  Can anyone help me with this please?
 
  Regards
 
  George Pitcher
 
  Technical Manager
  HERON Project
  Napier University
  Edinburgh EH10 5DT
 
  [EMAIL PROTECTED]
  [EMAIL PROTECTED]
  [EMAIL PROTECTED]
 
  http://www.heron.ac.uk
  
 programmer -  A device for transmuting caffeine into code.
  
 
 
 _
 Do You Yahoo!?
 Get your free @yahoo.com address at http://mail.yahoo.com
 
 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED] To
 contact the list administrators, e-mail: [EMAIL PROTECTED]
 
 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 To contact the list administrators, e-mail: [EMAIL PROTECTED]

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP] World Trade Centre Hit By terrorists, also pentagon

2001-09-11 Thread Sean C. McCarthy 

Dear All,

Please I beg you not to start a discussion over this. It is a very sad
moment, and I think everybody agrees with me. I send my condolences to
all the people who has family in these tragic terrorism acts.

Sean C. McCarthy


Clint Tredway wrote:
 
 I am sorry, but the problem is the exact opposite. If people would turn back to God 
and seek his face and live according to His will, the World would benefit greatly.
 
 My 2 cents.
 
 -- Original Message --
 From: Alexander Skwar [EMAIL PROTECTED]
 Date: Tue, 11 Sep 2001 18:26:46 +0200
 
 So sprach »[EMAIL PROTECTED]« am 2001-09-11 um 08:55:49 -0600 :
 
  We need the receive the help from Got, I believe He is the only one who can
  help us on this situation 
 
 Well, you know: *EXACTLY* this is the problem!  Your so called god.
 If it weren't for this superstition, the world would be a *MUCH* safer
 place.  I'm sure of that.
 
 But if it makes you feel better: Go on, believe in that.
 
 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 To contact the list administrators, e-mail: [EMAIL PROTECTED]
 
 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 To contact the list administrators, e-mail: [EMAIL PROTECTED]

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

[PHP] Stripslashes question.

2001-09-10 Thread Sean C. McCarthy 

Hi all,

What will be the way to convert binary information into a string which
will get into an SQL query for MySQL? I tried stripcslashes but I got
stucked with it. Any help?

Thanks in advance.

Sean C. McCarthy
SCI, S.L. (www.sci-spain.com)

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP] Stripslashes question.

2001-09-10 Thread Sean C. McCarthy 

Hi,

Didn't help. I tried it before that is why I tried with addcslashes. 

What I have done so far is :

I have cmp'ed the file before adding slashes and after and it seems that
it is eating up the \. Like Pñ\#as renders as Pñ#as after
stripingslashes but in the DB is Pñ\\#as. As far as I know it should
have converted back from \\ to a single \. By the way I am running
4.0.3pl1 Linux

Thanks.

Sean C. McCarthy
SCI, S.L. (www.sci-spain.com)

Jason Bell wrote:
 
 try addslashes instead.  You might have better luck.
 
 - Original Message -
 From: Sean C. McCarthy [EMAIL PROTECTED]
 To: PHP General List [EMAIL PROTECTED]
 Sent: Monday, September 10, 2001 2:42 PM
 Subject: [PHP] Stripslashes question.
 
  Hi all,
 
  What will be the way to convert binary information into a string which
  will get into an SQL query for MySQL? I tried stripcslashes but I got
  stucked with it. Any help?
 
  Thanks in advance.
 
  Sean C. McCarthy
  SCI, S.L. (www.sci-spain.com)
 
  --
  PHP General Mailing List (http://www.php.net/)
  To unsubscribe, e-mail: [EMAIL PROTECTED]
  For additional commands, e-mail: [EMAIL PROTECTED]
  To contact the list administrators, e-mail: [EMAIL PROTECTED]
 
 
 
 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 To contact the list administrators, e-mail: [EMAIL PROTECTED]

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP] The future of PHP

2001-09-06 Thread Sean C. McCarthy 

B. van Ouwerkerk wrote:
 
 I can tell you that in general, companies in Europe appears to be more
 open to open-source solutions much more than ones in the US.  Of course,
 Europe is comprised of lots of different countries, and each country has
 lots of different companies, so your mileage may vary.
 
 In The Netherlands many people believe M$ creates great products.. I
 stopped fighting, upgrading and patching NT pays the rent :-)
 
 One of the reasons open source might be considered an alternative is the
 fact that M$ products cost 
 In Europe M$ products are more expensive then in the US.
 
 I talked with one of my customers about using Linux instead of Novell or
 NT.. he said Linux is to big to be used in a small company.. I don't
 understand him and I even stopped trying to understand.
 
 Just my 0,02
 
 Bye,
 
 B.
Hi,

My experience is the same. Here in Spain everybody uses Microsoft
products. W95, W98, NT everywhere, and now 2000. There a lot of MCSE
around and very little Linux/PHP experts. Yes there are a lot of  people
that say I'm an expert on this or that... but once you get to work
with them, you notice that their knoledge is not the one that they say.
Also saying I know Linux means absolutly nothing...

The Universities and companies I have been working at or with they all
use in 90% of the tasks MS products. And for critical tasks they use
Solaris or another Unix.

Now a few companies we are dealing with are moving to Linux/PHP, but
sometimes they fall back to Microsoft because they cannot afford hiring
another programmer/technician that deals with this special software
written in another language and another operating system. Too bad.

Where did you get that thing about EU being more open source that the
US??? Is it your personal experience or what??? It is not my own
experience... maybe what you mean is that the US is more in the bussines
of making money with the open source than the EU, but that is something
else.

Sean C. McCarthy
SCI, S.L. (www.sci-spain.com)

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP] adding functions to a class

2001-09-04 Thread Sean C. McCarthy 

Hi,

What you are looking for is the OOP class extension. Look for extends.

Sean C. McCarthy
SCI, S.L. (www.sci-spain.com)


Jeroen Olthof wrote:
 
 hi,
 
 picture I have a class with some variable holding the information of this
 class. Now there are some functions to manipulate the vars. well, you nou
 what classes are about. but now I want to add functions that are located in
 a different php file. but this functions need to use the the var of the
 class.
 
 bassicly what a want is extends the original class with more functionalities
 like. you could see it as adding plug-ins in a program. So I don't want to
 just copy past the functions in the original class file.
 
 class a {
 
 var VAR1
 var VAR2
 var VAR3
 
 require(morefunctions.php);
 
 function a($param) {
 ..
 }
 
 function test2($param) {
 ..
 }
 }
 
 the require(morefunctions.php); will ofcource not work but bassicly this is
 what I want. en all the functions added should be able to use VAR1 VAR2 VAR3
 (and the other functions that are allready in the class)
 
 is there a why to do this ??
 
 kind regards
 Jeroen Olthof
 
 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 To contact the list administrators, e-mail: [EMAIL PROTECTED]

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP] Re: EDI with PHP?

2001-09-03 Thread Sean C. McCarthy 

Hi,

You can also try to use Java (the list is going to run over me with this
comment). Xerces parser is quite good and amazinly fast, and opensource.
We are validating XML document of 3Mb with it, and it is done in three
seconds (creating a DOM object). It is just another idea if you haven't
look at it.

Also you can keep the logic more organized with the object structure.

Sean C. McCarthy
SCI, S.L. (www.sci-spain.com)

Jon Farmer wrote:
 
 No, we would have to spend around £24,000 sterling to get the modules. We
 already have modules that allow importing of order, etc from txt files. I
 could write a PHP XML parser to interface into this.
 
 What I am not sure is how acceptable it will be to our customers
 --
 --
 Jon Farmer
 Systems Programmer, Entanet www.enta.net
 Tel 01952 428969 Mob 07968 524175
 PGP Key available, send blank email to [EMAIL PROTECTED]
 
 
 http://www.computerworld.com/cwi/story/0,1199,NAV47-68-85-1552_STO55904,00.h
  tml
  http://www.xml.com/search/index.ncsp?sp-q=EDI
 
  PHP should be quite capable of handling this,
  but you will end up creating a lot of the business
  logic from scratch.  If your company already uses
  integrated management software like SAP, it may
 
 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 To contact the list administrators, e-mail: [EMAIL PROTECTED]

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP] generate random ascii string

2001-09-01 Thread Sean C. McCarthy 

Hi, 

If you have random string including symbols just take them of with
regexp. Look at the manual for regular expresion functions. Hope it
helps.

Sean C. McCarthy
SCI, s.L. (www.sci-spain.com)


bill wrote:
 
 How can a random string of only letters and numbers be generated?
 
 I'm stumped so far on how to avoid including symbols.
 
 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 To contact the list administrators, e-mail: [EMAIL PROTECTED]

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP] PHP to fax

2001-08-31 Thread Sean C. McCarthy 

Hi Ari,

If you are using Linux (if not you should! really) You can use lprfax
which will let you use 'lpr -Pfax -Jnumber or name', mgetty-fax, efax
or something like that. If you use one of those programs dump the
information to file and use exec() from PHP.

Sean C. McCarthy
SCI, S.L. (www.sci-spain.com)


Ari Nepon wrote:
 
 Does anyone know of a way to go directly from a PHP/MySQL application to
 having a fax sent out??? I am trying to set up my application so that when a
 transaction is completed. Both parties receive a fax. Anyone done anything
 like this?
 
 Thanks,
 
 Ari Nepon
 
 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 To contact the list administrators, e-mail: [EMAIL PROTECTED]

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP] The future of PHP

2001-08-24 Thread Sean C. McCarthy 

Manuel Lemos wrote:
 
 Do you really believe that? As far as I can recall, this recession
 started when a mean judge convicted Microsoft for anti-trust
 practices. That caused NASDAQ crash that scared people away from
 investing in tech company stocks. Many Internet companies dried and
 without cash from the investors many went bankrupt. That affected all
 the small or big corporations that have grown and were dependent on the
 networking market. I don't think this affected much non-technological
 companies, big or small. So I don't think  your anti-big corporations
 speech has much to do with this.
 
 Regards,
 Manuel Lemos
 

No, recesion on the new economy started as the fact that the .com (or
dotcommers) companies did not develop with their market spectations.
Shareholders then started to not give any more credit to bussines
expectations and speculation stopped. Quarter after quarter with cash
looses, and even worse return on investement expectations, made the
shareholders move the money out of those companies and their confidence.
It is the way the dotcommers made bussines and SE speculation what
caused this problem.

Just as a point travelprice.com just announced that this is the first
quarter without losses before taxes. It just happened that they have
applied normal bussines strategies and bussines models.

Also the effect that this downturn is going through all the chain, from
transportation to food and goods. And BTW most companies that caused
this were startups not really big companies. Much more information on
this can be found on the Wall Street Journal.

Sean C. McCarthy
SCI, S.L. (www.sci-spain.com)

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP] The future of PHP

2001-08-23 Thread Sean C. McCarthy 

Hi,

Well you are not well informed then. Java is the most popular solution
to big web sites with the need to have something fault tolerant and
stable. If you look a lot of banks have not JSP or servlets but EJB
which are transactional, persistant through connections, multithreaded
and have all the power of Java Language (safety, security, sandboxing,
etc). Containers like Weblogic are making good money out of this. 

If you want to know if somebody is using Java, just visit
www.javasoft.com or ask people like the group in charge of Tomcat (of
the Apache group), XERCES or so at java.apache.org on the Jakarta
project. Also Motorola and other companies are working hard to integrate
Java into small devices set-top boxes and devices like that.

I guess that there are places to use PHP and others to use Java, you
decide what will suit better your needs.

Sean C. McCarthy
SCI, S.L.

Kai Schaetzl wrote:
 
  JSP is the wave of the future
 
 
 As was said two years ago about Java. Does anybody still know about
 Java? ;-)
 
 Kai
 
 --
 
 Kai Schätzl, Berlin, Germany
 Get your web at Conactive Internet Services: http://www.conactive.com
 IE-Center: http://ie5.de  http://msie.winware.org
 ClubWin - Help for Windows Users: http://www.clubwin.com
 
 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 To contact the list administrators, e-mail: [EMAIL PROTECTED]

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP] Re: register_globals odd behaviour?

2001-08-22 Thread Sean C. McCarthy 

Hi,

Internally I use variables but I use the array to update the value since
I have problems with the scope inside classes. So I update the value on
the array just at the end of the script by registering an update
function with register_shutdown_function().

What is the reason that I should not use the array? Is there any problem
doing it that way?

Thanks in advance.

Sean C. McCarthy
SCI, S.L. (www.sci-spain.com)

PS: By the way I couldn't find this bug in the bug database.

Richard Lynch wrote:
 
 I think you should still use $count++
 
 The array is just there for you to *READ* data, not to alter it.
 
 --
 WARNING [EMAIL PROTECTED] address is an endangered species -- Use
 [EMAIL PROTECTED]
 Wanna help me out?  Like Music?  Buy a CD: http://l-i-e.com/artists.htm
 Volunteer a little time: http://chatmusic.com/volunteer.htm
 - Original Message -
 From: Sean C. McCarthy [EMAIL PROTECTED]
 Newsgroups: php.general
 To: PHP General List [EMAIL PROTECTED]
 Sent: Tuesday, August 21, 2001 1:00 AM
 Subject: register_globals odd behaviour?
 
  Hi All,
 
  I just come across and odd behaviour with the register_globals and
  session handling. The problem is that when I set the register globals to
  on I cannot access the session_variables through the associative array
  HTTP_SESSION_VARS. The manual says explicitly that with track_vars and
  register_globals both on the array and the vars will point to the same.
 
  It just doesn't happen the vars are not written at the end of the
  script. I mean with register_globals ON:
 
  ?
  session_register(count);
  $HTTP_SESSION_VARS[count]++;
  ?
 
  this does not work. My php is PHP Version 4.0.3pl1 running on Linux
  2.2.18 and Apache1.3.9 . Does this bogus behaviour happen with higher
  versions too?
 
  Thanks in advance.
 
  Sean C. McCarthy
  SCI, S.L. (www.sci-spain.com)
 
 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 To contact the list administrators, e-mail: [EMAIL PROTECTED]

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

[PHP] register_globals odd behaviour?

2001-08-20 Thread Sean C. McCarthy 

Hi All,

I just come across and odd behaviour with the register_globals and
session handling. The problem is that when I set the register globals to
on I cannot access the session_variables through the associative array
HTTP_SESSION_VARS. The manual says explicitly that with track_vars and
register_globals both on the array and the vars will point to the same. 

It just doesn't happen the vars are not written at the end of the
script. I mean with register_globals ON:

?
session_register(count);
$HTTP_SESSION_VARS[count]++;
?

this does not work. My php is PHP Version 4.0.3pl1 running on Linux
2.2.18 and Apache1.3.9 . Does this bogus behaviour happen with higher
versions too?

Thanks in advance.

Sean C. McCarthy
SCI, S.L. (www.sci-spain.com)

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

[PHP] Object members dynamic access?

2001-08-15 Thread Sean C. McCarthy 

Hi All,

I was wondering if it is possible to access dinamically to the members
of a class. I mean to access like:

--
class foo {
var $bar;
var $barbar;
}

...
...

$foo_instance = new foo;
$somevar = $foo-$anothervar;
-

I now this doesn't work, and have searched the manual and haven't found
anything on it. I doubt it since this is more or less the work of the
Arrays and not the way a class should behave. Anyway any ideas? thanks
in advance.

Sean C. McCarthy
SCI, S.L. (www.sci-spain.com)

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP] Re: Object members dynamic access?

2001-08-15 Thread Sean C. McCarthy 

Hi,

The code below is actually code to access an object's member. That's
fine as long as you give the name of the member at the time you write
the code. What I am interested is to know if the members name might be a
variable, I mean not hardcoded but a variable useful for loops, etc.

Thanks.

Sean C. McCarthy
SCI, S.L. (www.sci-spain.com)


Cerel wrote:
 
 Try this :
 
 class foo {
 var $var1=hello;
 var $var2=world;
 }
 ...
 ...
 $fooinstance = new foo;
 $vartest=$fooinstance-var1;
 echo ($vartest); // should be 'hello'
 
 This should work, but i had no time to test this code.
 
 See you later
 
 Sean C. McCarthy [EMAIL PROTECTED] a écrit dans le message :
 [EMAIL PROTECTED]
  Hi All,
 
  I was wondering if it is possible to access dinamically to the members
  of a class. I mean to access like:
 
  --
  class foo {
  var $bar;
  var $barbar;
  }
 
  ..
  ..
 
  $foo_instance = new foo;
  $somevar = $foo-$anothervar;
  -
 
  I now this doesn't work, and have searched the manual and haven't found
  anything on it. I doubt it since this is more or less the work of the
  Arrays and not the way a class should behave. Anyway any ideas? thanks
  in advance.
 
  Sean C. McCarthy
  SCI, S.L. (www.sci-spain.com)
 
 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 To contact the list administrators, e-mail: [EMAIL PROTECTED]

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP] Re: Storing Credit Card Numbers, etc.

2001-08-14 Thread Sean C. McCarthy 

Hi,

I agree completly with him. You should go through another entity for
payment. You should go through some company that ensures you reliability
and security. Here in Europe there are a lot of histories about company
databases being hacked and loosing up to 15.000 cc numbers. By no way
you could get the security these companies can offer you.

Try these ones (I do not endorse to any of these companies or have no
information about them) ccbill.com or americanbank.com. I recomend you
browsing through the net for more.

Also for the private information you should use SSL in the trasactions.
Hope this helps

Sean C. McCarthy
SCI, S.L. (www.sci-spain.com)

Richard Lynch wrote:
 
  I'm new to PHP and to e-commerce. Needless to say, I've done a lot of
  studying over the last few weeks and I'm ready to dive in head first!
 
 Actually, you're not...  Sorry.  The fact that you want to store data in
 flat files, and that you want to store CREDIT CARD INFO the way you describe
 tells me that you haven't read enough.
 
  I'll be building an e-commerce site and I'll be using PHP. I'd like
  customers to have the option of saving their information so that they
 don't
  have to enter it each time they purchase -- much like Buy.com does or like
  Amazon.com's One-Click feature.
 
 Those are nice features, *IF* the information is stored and accessed
 properly.
 
  This means that the customer will be storing information like one or more
  credit cards, shipping addresses, billing addresses, etc.
 
  I'm planing on storing all information in flat files so that I don't have
  the additional expense of using MySQL (My ISP is charging 24.95/month
 extra
  for MySQL service).
 
 Consider moving to a different server.  $24.95/month should get you
 everything you need including MySQL *UNLESS* you're a high-volume site with
 10,000+ hits/day or heavy bandwidth like audio/video.
 
  So the question is: How can I store each customer's information safely?
 Can
  I use .htaccess and .htpasswd to help me out? Or don't they even apply?
 
 .htaccess and htpasswd would be okay for AUTHENTICATION of a few people, but
 if your server is running PHP as a Module, you're better off using PHP to do
 the HTTP Authentication.  See the PHP manual online for sample code.
 http://php.net/
 
 Authenticating a user as a specific customer is COMPLETELY SEPARATE from
 safely storing their credit card information.
 
  My intention is to store the user's password encoded with md5 or something
  and also to develop my own cipher for disguising the credit card numbers
 as
  well.
 
  Any suggestions?
 
 Don't.
 
 md5 is useless for this, and developing your own cipher is out-and-out silly
 unless you are a cryptography expert.
 
 When Amazon et al store a credit card number, they have a very specific
 custom setup for that, involving:
 
 A separate dedicated computer *NOT* directly connected to the Internet to
 store the cc info.  These machines are:
   accessible via a SECOND Ethernet card in the web-servers
   invisible to the outside world
   only accept connections to the Database server -- no other software
 installed
   only accept data from that one Ethernet cable
   physically accessible only to trusted few
 
 Further, even their web-servers are DEDICATED machines, not shared-access at
 an ISP.  These machines will have an extremely limited number of users able
 to directly access them.  Yours has several hundred untrusted users.
 
 In short, if you are balking at $24.95 a month for MySQL, your budget is
 *NOWHERE* *NEAR* within reach of the hardware/software/facilities required
 to safely STORE credit card numbers.
 
 By all means, feel free to hook up with a third-party firm to process your
 credit cards in real-time.
 
 But you'll have to forego the STORAGE of credit card info feature for now.
 
 --
 WARNING [EMAIL PROTECTED] address is an endangered species -- Use
 [EMAIL PROTECTED]
 Wanna help me out?  Like Music?  Buy a CD: http://l-i-e.com/artists.htm
 Volunteer a little time: http://chatmusic.com/volunteer.htm
 
 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 To contact the list administrators, e-mail: [EMAIL PROTECTED]

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP] session security issue

2001-08-14 Thread Sean C. McCarthy 

Hi,

For security use SSL and get the SSLSession ID instead. This cannot be
fooled since it is based in PK handshake and with simetric encryption.

Sean C. McCarthy
SCI, S.L. (www.sci-spain.com)

Christian Dechery wrote:
 
 I have pages that uses session for security that looks something like this:
 
 ?php
 session_start();
 
 if( !isset($uid) )
 {
 include(include/auth.inc.php);
 auth_user();
 }
 
 more code...
 ?
 
 so $uid tells me if the user is logged on or not...
 
 but what if somebody calls the script directly from the address bar like
 this: http://server/script.php?uid=10
 
 wouldn't this be a security problem?
 
 . Christian Dechery (lemming)
 . http://www.tanamesa.com.br
 . Gaita-L Owner / Web Developer
 
 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 To contact the list administrators, e-mail: [EMAIL PROTECTED]

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP] Determining browser encryption strength

2001-08-10 Thread Sean C. McCarthy 

Hi Bolivar,

Ciphering is something done at the network level when the connection is
done. It is done exactly at the negotiation of the SSL session and it is
done by the Server (Apache, IIS, ...). So you can use the information
provided by the CGI Environment Variables of Apache (if it happens that
you are using Apache) to determine the actual SSL enc method.

More precisely you can use the HTTPS_CIPHER, HTTPS_KEYSIZE and
HTTPS_SECRETKEYSIZE to determine the different aspects of the actual
encryption method used by the client. If you want 128bits that means
Triple-DES for simetric encryption. If you do not have a strong know-how
at SSL I recommend you these two links:

Intro to SSL
http://developer.netscape.com/docs/manuals/security/sslin/index.htm

Apache-SSL doc
http://www.apache-ssl.org/docs.html

Hope this helps you.

Sean C. McCarthy
SCI, S.L. (www.sci-spain.com)

Bolivar Shagnasty wrote:
 
 My web site it going to be the starting point with a link to an application
 that only works with browser at 128bit strength.  What I would like to do is
 automatically determine if the user doesn't have a compatible browser and
 then direct them where to get the correct browser.  Does anyone know how I
 might go about doing this?
 
 tia,
 bol
 
 _
 Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
 
 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 To contact the list administrators, e-mail: [EMAIL PROTECTED]

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP] MySQL connection

2001-08-09 Thread Sean C. McCarthy 

Hi All,

Also a good advice is to restrict the access to the files where you
include your login/pass. Give permissions to only the PHP user, I mean
the user that runs the php process (in unix/linux make a ps axu and look
at the user column). Then change the file permissions to just that user
(unix chown and chmod, more info 'man chmod' and 'man chown'). If you
are using W9x/ME you're out of luck.

Hope this helps.

Sean C. McCarthy
SCI, S.L. (www.sci-spain.com)

BRACK wrote:
 
 I have tested again what I said yesterday and found that if I have
 problems in PHP support in Apache then all my information
 (username and password) are seing simly on the screen, so it's not
 about dead SQL server but PHP.
 
 However, I went through all docs that I have on this topic and found
 that the only solution of this is to put included connect.php/inc
 outside of htdocs directory and configure your php.ini such a way
 that one outsider directory would be accepted and only by php call.
 
 Hope I didn't mess up this time so you are able to understand what
 I mean... =))
 
 Thank you for the help anyway,  just be aware of this PHP prob
 when you pick up provider.
 
 Youri
 On 8 Aug 2001, at 19:33, Attila Strauss wrote:
 
  hi,
 
  there are 2 ways.
 
  1. you hardcore the user/password in the php.ini file.
  2. u do a simply error checking like :
 
  ?php
  $connect = mysql_connect($host, $user, $pass);
  if(!$connect)
  {
  print connection failed;
  }
 
  ?
 
  of course you could also do like kindaheader(Location: http://host;);  
instead of print connection failed.
 
  i hope i could help you.
 
  best regards
  attila strauss
 
 
 
 
   Hey Jouri,
  
  
   I don't agree with this one. I tested it out on my
   localhost and got the two error messages I told you I
   was going to get:
  
   Warning: Unknown MySQL Server Host...
   Warning: MySQL Connection Failed...
  
   No usernames/passwords. I have to say however that I
   always include my connect.php file. Maybe that's a
   secure way to connect without anyone seeing your
   password in case of sqlserver problems.
  
  
   Greetz,
   Bjorn Van Simaeys
   www.bvsenterprises.com
  
  
  
  
   --- BRACK [EMAIL PROTECTED] wrote:
If you have Apache and MySQL servers make this
experiment -
start Apache but forget to start SQL and go to
your site
http://localhost/... you will see yourself all the
information on the
screen.
   
Youri
   
On 7 Aug 2001, at 12:53, Ryan Christensen wrote:
   
 I'm curious as to how the hacker would see all
this information (the
 username.. password, etc..) just by going to a
site where the SQL backend
 was down?

 Ryan

  -Original Message-
  From: BRACK [mailto:[EMAIL PROTECTED]]
  Sent: Tuesday, August 07, 2001 12:36 PM
  To: [EMAIL PROTECTED]
  Subject: [PHP] MySQL connection
 
 
  I just wanned to bring the issue of security of
MySQL connection:
 
  Let us imagine that SQL server was down for some
hours (of
  course without us knowing it) and at the same
hours our SQL site
  was visited by some kind of hacker, he can s
  ee
on his screen all
  our SQL connection info like username,
password, and database
  name. You may hide this information in different
file than the file
  that your users open then the hacker will see
something like
  include(connect.inc); or
require(connect.inc); (of course IF
  server is down). So you may only imagine the
consequences of
  this visit of the hacker. What can we do to
protect our sensitive
  information if SQL server is down?
 
  Youri
 
  --
  PHP General Mailing List (http://www.php.net/)
  To unsubscribe, e-mail:
[EMAIL PROTECTED]
  For additional commands, e-mail:
[EMAIL PROTECTED]
  To contact the list administrators, e-mail:
[EMAIL PROTECTED]
 
 

   
   
   
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]
To contact the list administrators, e-mail:
[EMAIL PROTECTED]
   
  
  
   __
   Do You Yahoo!?
   Make international calls for as low as $.04/minute with Yahoo! Messenger
   http://phonecard.yahoo.com/
  
   --
   PHP General Mailing List (http://www.php.net/)
   To unsubscribe, e-mail: [EMAIL PROTECTED]
   For additional commands, e-mail: [EMAIL PROTECTED]
   To contact the list administrators, e-mail: [EMAIL PROTECTED]
  
 
 
 
 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 To contact the list administrators, e-mail: [EMAIL PROTECTED]

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e

Re: [PHP] PHP in corporate settings?

2001-08-09 Thread Sean C. McCarthy 

Jeff Lewis wrote:
 
 I still rarely ever see PHP mentioned in job listings and the like.  Especially here 
in Canada I find it very hard to find any kinds of contacts for companies using PHP.  
My previous employer that I was with for 3+ years insisted on Micro$oft products and 
wanted to go with ASP.
 
 My current employer, a HUGE media/newspaper in Ontario goes with strictly Java.
 
 Is it that people still are hesitant to go wth open source based technology?
 
 Jeff Lewis

Hi All,

Just one point Java is actually open source, because you can get the
source code for the JVM. It is not GPL what means that if you want to
make money with it you have to pay for it (but after all Sun is a
bussiness, and bussiness are for making money).

One question how many programmers, technicians, support companies there
aree for Microsoft Products? and now how many of them there are for PHP,
open source, GPL? and I mean BIG companies. Beleive it or not
certification is important. People fear to get stuck with something that
anybody knows how to use.

Maybe not all the time they choose it for this same reason.

You might want to check this out
http://www2.linuxjournal.com/lj-issues/issue85/index.html


Sean C. McCarthy
SCI, S.L. (www.sci-spain.com)

BTW: I use Linux for work and home, and I like things like PHP ;-)

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP] PHP in corporate settings?

2001-08-09 Thread Sean C. McCarthy 

Rasmus Lerdorf wrote:
 
  Just one point Java is actually open source, because you can get the
  source code for the JVM. It is not GPL what means that if you want to
  make money with it you have to pay for it (but after all Sun is a
  bussiness, and bussiness are for making money).
 
 Access to source code has very little to do with being Open Source.
 Access to source code is 1 out of 9 requirements for something to be open
 source.  Please see http://www.opensource.org/docs/definition.html
 
 -Rasmus

Ok sorry about that. I read open source and not Open Source as OSD ;-)

Sean C. McCarthy
SCI, S.L. (www.sci-spain.com)

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP] SSL encryption type in PHP?

2001-08-08 Thread Sean C. McCarthy 

Hi,

Use getenv() since it is a CGI variable. Look at the manual.

Sean C. McCarthy
SCI, S.L. (www.sci-spain.com)


Dr. Evil wrote:
 
  You can tell it using the variables from the server. Using Apache you
  can access the variables specs at:
 
  http://www.apache-ssl.org/docs.html
 
  With Apache SSL is SSL_CIPHER returns the variable about SSL/TLS
  ciphersuite.
 
 Do you know how I would access that variable from PHP?  Is that
 possible?  I know how to configure apache to reject conections based
 on encryption settings, but instead of rejecting them, I would like to
 accept them but warn the user: You should upgrade your browser.  Is
 this possible?
 
 Thanks
 
 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 To contact the list administrators, e-mail: [EMAIL PROTECTED]

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP] session problems when calling within a class.

2001-08-08 Thread Sean C. McCarthy 

Hi,

I got the same problem but i left it (had no more time to fumble around
with it). But try this, because it was what I was going to try:

function ccsession($userid = '1', $groupid = '1', $authid = '1',
$username = 'guest', $first_name = 'Guest', $last_name = 'Account')
{
global $HTTP_SESSION_VARS;

// Change all session variables below to
// $this-_cm_user_id = $HTTP_SESSION_VARS[userid]
// and so on..

$this-ss();// I guess this is not important for sessions
$this-_cm_user_id = $userid;
$this-_cm_group_id = $groupid;
$this-_cm_auth_id = $authid;
$this-_username = $username;
$this-_first_name = $first_name;
$this-_last_name = $last_name;
$this-_session_id = $this-set_si();

}


// Once you started the session you might be able to set it
// the way you are doing here, in the following code as long 
// as you don't send anything before this. If you do it you 
// know you will have already sent the old ID to the user.

function set_si()
{
//if (0) {
//$c_session_id = $this-get_si();
print ==.session_id().br;
if (session_id()) {
$this-_session_id = $c_session_id;
} else {
srand((double)microtime()*1132590); // make 'rand' function
truly random
$this-_session_id = md5(rand(0,999));
}
$this-is_set_si = 1;
session_id($this-_session_id);
print --.session_id().br;
return $this-_session_id;
//}
}
}



By doing this you should be able (and I say SHOULD, I haven't tested it)
to get the value from the session, but you will still have to start the
session outside the class.

Also don't forget to change the $HTTP_SESSION_VARS with the new session
information if you change it.

From my point of view the problem is with variable scope. Even with
register_globals and track_vars the code didn't work for me. If you find
out something please post it (or at least send me a message with your
findings) because actually I was doing that stuff with just functions
and not a class.

Hope it's useful for you.

Sean C. McCarthy
SCI, S.L. (www.sci-spain.com)

Mark Garcia wrote:
 
 Greetings,
 
 I'm having a puzzling time trying to figure out how to work around the issue
 of the session_id not existing after making calls to session_start and
 session_id to generate an session.  It seems that by set_si() calling
 session_id and seeing if there is a value, doesn't not work.  Hence, a new
 session_id is created but is not persistant.  If I reload the page
 sessions.test.php3 it generates a new session_id and can not detect the
 previous one set.
 
 For example, ...


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP] SSL encryption type in PHP?

2001-08-07 Thread Sean C. McCarthy 

Hi,

You can tell it using the variables from the server. Using Apache you
can access the variables specs at:

http://www.apache-ssl.org/docs.html

With Apache SSL is SSL_CIPHER returns the variable about SSL/TLS
ciphersuite.

Sean C. McCarthy
SCI, SL (www.sci-spain.com)


Dr. Evil wrote:
 
 Is there a function in PHP which can tell me the encryption strength
 being used by the browser?  I want to be able to put a little message
 on the page saying, You are using strong encryption or Warning: you
 should upgrade your browser to one which supports 128bit crypto.
 
 Thanks
 
 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 To contact the list administrators, e-mail: [EMAIL PROTECTED]

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP] Am I being Hacked ???

2001-08-07 Thread Sean C. McCarthy 

Hi Mark,

408 is an HTTP status code meaning Request Timeout. The excerpt from the
RFC2616 is:


408 Request Timeout
The client did not produce a request within the time that the server was
prepared to wait. The client MAY repeat the request without
modifications at
any later time.

Do you have lots of this? If just a few I wouldn't say its an attack but
a problem from the person making the request.

Sean C. McCarthy
SCI, SL (www.sci-spain.com)

Mark Lo wrote:
 
 Hi,
 
 My apache log files contains the following log info sending from my
 desktop to my server which hosted at remote data center, I am wondering, am
 I being hacked ??  Is there something wrong in my apache server ??
 
 203.218.49.24 - - [07/Aug/2001:22:04:52 +0800] - 408 - - - -
 203.218.49.24 - - [07/Aug/2001:22:04:55 +0800] - 408 - - - -
 203.218.49.24 - - [07/Aug/2001:22:04:56 +0800] - 408 - - - -
 203.218.49.24 - - [07/Aug/2001:22:04:56 +0800] - 408 - - - -
 
 Thanks
 
 Mark
 
 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 To contact the list administrators, e-mail: [EMAIL PROTECTED]

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP] ICMP Ping

2001-08-07 Thread Sean C. McCarthy 

Hi All,

You meant: http://www.PHPClasses.UpperDesign.com/ 

didn't you? 

Sean C. McCarthy
SCI, SL (www.sci-spain.com)


hassan el forkani wrote:
 
 look for icmp at
 http://phpclasses.upperdesigns.com i beilive there is a class that does
 just that
 
 regards
 
 At 18:11 07/08/01, you wrote:
 Hi,
  I'm trying to write a port scanner similar to
 http://scan.sygatetech.com to expose security holes in a PC or server.
 However, I can't figure out how to perform an ICMP ping. Does anyone
 know how?
 
 Regards,
 
 - James
 
 Editor, VB Web
 ==
 Web   - http://www.vbweb.co.uk
 Email - [EMAIL PROTECTED]
 ICQ#  - 60612011
 Fax   - +44(0)8707052859
 ==
 
 
 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 To contact the list administrators, e-mail: [EMAIL PROTECTED]
 
 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 To contact the list administrators, e-mail: [EMAIL PROTECTED]

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

[PHP] Session problems..

2001-08-06 Thread Sean C. McCarthy 

Hi All,

I am in trouble with the session handling of PHP. It works fine as long
as the session_start is not inside a function or a class. My idea was to
create a session class with a constructor calling session_start(). The
variables inside the session class would hide the session vars. Proper
methods for accessing and updating them were available. At the end I
will call my class session update method just before the script ended to
sync them with the PHP sessions.

I have tried changing track_vars and globals, but problem seems to not
be there, since calling session_start() from outside the class works. 

Is it a scope problem? Any help will be appreciated. Thanx.

Sean C. McCarthy

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]