Re: [PHP] Session Authentication
On 4/9/07, Stut <[EMAIL PROTECTED]> wrote: Peter Lauri wrote: >> Cookies are old, so in the time they were introduced, today it is >> possible to create and modify cookies with some good tools. These >> tools are illegal, but every cracker is 99% illegal right? But that >> means i can't give you these tools to proof it, but it is possible. >> >> Tijnema > > [Peter Lauri - DWS Asia] > > Having these tools is probably not illegal. But using them illegally is > illegal :) Could you send me some more info "off-list" about this. Knowing > how to use these tools will probably help me making my sites more secure, am > I not right? :) Cookies are HTTP headers, nothing more, nothing less. The minimum "tool" you need is telnet. If you're writing web applications and don't know that, please take the time to read the HTTP spec, and then the cookie spec. Google for them. -Stut Encrypted stuff maybe? Faking cookies can be done without any tools, but were talking about editing here... Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session Authentication
On 4/9/07, Peter Lauri <[EMAIL PROTECTED]> wrote: > -Original Message- > From: Tijnema ! [mailto:[EMAIL PROTECTED] > Sent: Monday, April 09, 2007 5:38 PM > To: Martin Marques > Cc: Ólafur Waage; php-general@lists.php.net > Subject: Re: [PHP] Session Authentication > > On 4/9/07, Martin Marques wrote: > > Tijnema ! escribió: > > > On 4/9/07, Martin Marques wrote: > > >> > > >> Yes: > > >> > > >> Don't use transparent session id, or even better, save the > > >> authentication in a cookie on the client (seperated from the session > > >> array). > > > > > > And then the user would crack the cookie > > > I know they are encrypted, but trust me, cookies can be edited. > > > > So what? The user authenticated himself, so what is he gonna crack? > Yes, but i guess you're not only storing if the user has > authenticated, also storing a username? > > And if that's not the case, then you could authenticate by creating a > cookie where it says authenticated = yes, and you're authenticated... > > Tijnema > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php [Peter Lauri - DWS Asia] If cookies were that unsecured so you could create your own cookies that easily, then would cookies exist? Best regards, Peter Lauri Cookies are old, so in the time they were introduced, today it is possible to create and modify cookies with some good tools. These tools are illegal, but every cracker is 99% illegal right? But that means i can't give you these tools to proof it, but it is possible. Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session Authentication
On 4/9/07, Martin Marques wrote: Tijnema ! escribió: > On 4/9/07, Martin Marques wrote: >> >> Yes: >> >> Don't use transparent session id, or even better, save the >> authentication in a cookie on the client (seperated from the session >> array). > > And then the user would crack the cookie > I know they are encrypted, but trust me, cookies can be edited. So what? The user authenticated himself, so what is he gonna crack? Yes, but i guess you're not only storing if the user has authenticated, also storing a username? And if that's not the case, then you could authenticate by creating a cookie where it says authenticated = yes, and you're authenticated... Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] MD5 & bot Question
On 4/9/07, Stut <[EMAIL PROTECTED]> wrote: Tijnema ! wrote: > On 4/9/07, Robert Cummings <[EMAIL PROTECTED]> wrote: >> On Mon, 2007-04-09 at 16:39 +0200, Tijnema ! wrote: >> > On 4/9/07, Robert Cummings <[EMAIL PROTECTED]> wrote: >> > > On Mon, 2007-04-09 at 16:27 +0200, Tijnema ! wrote: >> > > > >> > > > I think that we can conclude that a non-crackable CAPTCHA doesn't >> > > > exist, but also that there doesn't exist a real "hard to crack" >> > > > CAPTCHA. All current CAPTCHAs can be broken quite easy. MD5 can >> help >> > > > in some cases, but only if the CAPTCHA uses static >> > > > images/audio/video/etc. Just about your Audio CAPTCHA, you could >> use >> > > > MD5 to crack it, as the number has the same MD5 sum each time. >> > > >> > > Similar methods could be applied to sound as to images to distort the >> > > sound enough to make it difficult for speech recognition software to >> > > understand, but not so much that real humans couldn't understand >> it. At >> > > any rate, it could be enough to prevent md5 indexing... but then >> again, >> > > that would require the audio be mutated on each request, and enough >> > > audio be mutated to prevent md5 indexing based on partial >> signatures -- >> > > similar to how viruses are detected - this is especially important if >> > > using dictionary words since the sample space is so small (could >> always >> > > use sentences though) :) >> > > >> > > Cheers, >> > > Rob. >> > >> > But well, you can't have a audio only CAPTCHA on your site, a lot >> > people don't have speakers on there PC. And some people can't >> > recognize english numbers... >> > So then you have an "write the key" CAPTHCA or smiliar on your site, >> > and the cracker would use that :) >> >> Yep, like I said to Tedd before... kinda need multiple forms of captcha >> tailored to particular special needs audiences. Visual is good for >> pretty much all but the blind. Blind people can use audio captcha. >> Beyond that... is it worth the cost to target diminishing audiences? >> >> Cheers, >> Rob. > > Uhm, blind people can't even view your page :P > I think you mean visual impaired people :) Yes they can... http://www.webaim.org/articles/visual/blind.php -Stut Interesting... Didn't know that... :) Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] MD5 & bot Question
On 4/9/07, Robert Cummings <[EMAIL PROTECTED]> wrote: On Mon, 2007-04-09 at 16:39 +0200, Tijnema ! wrote: > On 4/9/07, Robert Cummings <[EMAIL PROTECTED]> wrote: > > On Mon, 2007-04-09 at 16:27 +0200, Tijnema ! wrote: > > > > > > I think that we can conclude that a non-crackable CAPTCHA doesn't > > > exist, but also that there doesn't exist a real "hard to crack" > > > CAPTCHA. All current CAPTCHAs can be broken quite easy. MD5 can help > > > in some cases, but only if the CAPTCHA uses static > > > images/audio/video/etc. Just about your Audio CAPTCHA, you could use > > > MD5 to crack it, as the number has the same MD5 sum each time. > > > > Similar methods could be applied to sound as to images to distort the > > sound enough to make it difficult for speech recognition software to > > understand, but not so much that real humans couldn't understand it. At > > any rate, it could be enough to prevent md5 indexing... but then again, > > that would require the audio be mutated on each request, and enough > > audio be mutated to prevent md5 indexing based on partial signatures -- > > similar to how viruses are detected - this is especially important if > > using dictionary words since the sample space is so small (could always > > use sentences though) :) > > > > Cheers, > > Rob. > > But well, you can't have a audio only CAPTCHA on your site, a lot > people don't have speakers on there PC. And some people can't > recognize english numbers... > So then you have an "write the key" CAPTHCA or smiliar on your site, > and the cracker would use that :) Yep, like I said to Tedd before... kinda need multiple forms of captcha tailored to particular special needs audiences. Visual is good for pretty much all but the blind. Blind people can use audio captcha. Beyond that... is it worth the cost to target diminishing audiences? Cheers, Rob. Uhm, blind people can't even view your page :P I think you mean visual impaired people :) Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session Authentication
On 4/9/07, Martin Marques wrote: Ólafur Waage escribió: > Lets say i have a login system. This system authenticates the user via > mysql, when the user is authenticated, i set a session variable to let the > system know the user is authenticated. ie. $_SESSION["authenticated"] = > true; > > Lets also say i know that's how the system works, that a session variable > within my browser is set to true. Could i do this if i knew all this info > and "authenticate" myself by setting the variable from the client side? The only way I know is, if you use transid (transparent session id), the cracker could hijack your session id and the system would think that it's you (suppose that it's your session that got hijacked) > If it is possible, what can i do to prevent this or increase security? Yes: Don't use transparent session id, or even better, save the authentication in a cookie on the client (seperated from the session array). And then the user would crack the cookie .... I know they are encrypted, but trust me, cookies can be edited. Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] MD5 & bot Question
On 4/9/07, Robert Cummings <[EMAIL PROTECTED]> wrote: On Mon, 2007-04-09 at 16:27 +0200, Tijnema ! wrote: > > I think that we can conclude that a non-crackable CAPTCHA doesn't > exist, but also that there doesn't exist a real "hard to crack" > CAPTCHA. All current CAPTCHAs can be broken quite easy. MD5 can help > in some cases, but only if the CAPTCHA uses static > images/audio/video/etc. Just about your Audio CAPTCHA, you could use > MD5 to crack it, as the number has the same MD5 sum each time. Similar methods could be applied to sound as to images to distort the sound enough to make it difficult for speech recognition software to understand, but not so much that real humans couldn't understand it. At any rate, it could be enough to prevent md5 indexing... but then again, that would require the audio be mutated on each request, and enough audio be mutated to prevent md5 indexing based on partial signatures -- similar to how viruses are detected - this is especially important if using dictionary words since the sample space is so small (could always use sentences though) :) Cheers, Rob. But well, you can't have a audio only CAPTCHA on your site, a lot people don't have speakers on there PC. And some people can't recognize english numbers... So then you have an "write the key" CAPTHCA or smiliar on your site, and the cracker would use that :) Tijnema -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] redirect http to https
On 4/9/07, Ben Liu <[EMAIL PROTECTED]> wrote: What's the prescribed method for redirecting a user forcibly to from the non-SSL secured version of a page to the SSL-secured version? Is this handled at the web server level or at the script level. I found this by googling: https://".$_SERVER['SERVER_NAME'].$_SERVER ['SCRIPT_NAME']);exit;} ?> What do people think about this solution? Thanks, - Ben Apache mod_rewrite maybe? Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] MD5 & bot Question
On 4/9/07, Robert Cummings <[EMAIL PROTECTED]> wrote: On Mon, 2007-04-09 at 09:45 -0400, tedd wrote: > At 8:49 AM -0400 4/9/07, Robert Cummings wrote: > >On Mon, 2007-04-09 at 08:46 -0400, tedd wrote: > >> At 1:21 AM -0700 4/9/07, Micky Hulse wrote: > >> >Maybe use flash for this... harder to crack? (Of course, Flash will > >> >open door to other problems.) > >> > > >> >Sorry, coming in on this late. Good work Tedd! Very interesting. > >> > >> > >> M: > >> > >> Tijnema showed how MD5 could be used to identify an image file and > >> crack my arrow captcha. That's really what this thread was about. I > >> finally came up with enough variations to make it impractical. > >> > >> However, this did make me wonder about the images that M$ and others > >> are using for captchas -- like find the kitty in a set of pictures. > >> The MD5 application could be used to identify as many pictures as any > >> spammer would need. So, I think MD5 method, as described in this > >> thread, would work very well to crack those type of captchas. > > > >I doubt Microsoft is using a static image repository for captchas. > > > >Cheers, > >Rob. > > I doubt that their image repository infinite. > > Plus, I envision a method where a bot could: > > 1. Scan the site, gather the images and key phrase. > > 2 MD5 the images. > > 3. Place all the MD5's with the associate key phrase in a dB. > > 4. Refresh and repeat. > > With repeated refreshes (not attempts at trying to enter), the key > phrases associated with the MD5's will build and the bot will learn. > > It works like this -- the phrase "find the kitty" or key word "kitty" > will always be associated with the picture of the kitty WHEN "kitty" > is the solution. All other key phrases/words associated with the > kitty picture will eventually "stack out" as just be background noise > as data is gathered. > > As such, a bot could have a foundation at making an intelligent > guess. Also, every guess (successful or not) provides even more data > to be considered. The more data gathered, the better the guess. Hi Tedd, Put down the crack pipe please... captcha images are usually generated on the fly. Their image repository is 0. Their image universe is all of the permutations of an image containing all of the range of serial codes embedded in the images according to their morphing routine. I highly doubt the US Government could afford the space required to store all of the permutations. Considering the number of bytes available to a dynamically generated image, it is highly likely that the images would be capable of exhausting the entire md5 universe. Cheers, Rob. And then not to mention that md5 has a limitation, and that there probably would be 2 different images, with the same MD5... Using MD5 on the normal "write the key" CAPTCHAs isn't gonna work, they are mostly generated on the fly, and even if they weren't, then there probably a lot solutions, and not just 8 that i had with your arrow captcha. Those "write the key" CAPTCHAs are the best crackable with an OCR reader. But that's why they are so transformed these days. So that requires extra steps to make it readable. I think that we can conclude that a non-crackable CAPTCHA doesn't exist, but also that there doesn't exist a real "hard to crack" CAPTCHA. All current CAPTCHAs can be broken quite easy. MD5 can help in some cases, but only if the CAPTCHA uses static images/audio/video/etc. Just about your Audio CAPTCHA, you could use MD5 to crack it, as the number has the same MD5 sum each time. Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] DOM and XSLTProcessor
On 4/9/07, Buesching, Logan J <[EMAIL PROTECTED]> wrote: Greetings, I apologize if this is a little long, but I am trying to put as much information as I have done in this first post. I am running PHP 5 and attempting to use DOM to create data to show on a webpage and using XSLTProcessor with an XSLT sheet to output it into XHTML. Everything is pretty fine an dandy until I wish to print raw text, such as xdebug and var_dump. My knowledge of DOM and XSLTProcessor is about a 5/10, such that I know most basics, but not the more advanced things. Whenever I try to add data using createTextNode, it is always escaped, such that if I do something, when shown to the screen, it shows <strong> etc... Here is the general outline: createElement("root"); $wantedCode=$doc->createTextNode("Something"); $root->appendChild($wantedCode); $doc->appendChild($root); $proc=new XSLTProcessor; $proc->importStylesheet(DOMDocument::load("test.xslt")); echo $proc->transformToXML($doc); ?> SomeSheet is something like: The expected output that I would like to get is: Something (This would just bold my text, not literally see the tags). The actual output is: <strong>Something</strong> (This outputs the tags to the end user, which is what I do not want). I checked the manual at: http://us3.php.net/manual/en/function.dom-domdocument-createtextnode.php . A user comment suggested to use CDATA nodes, so I attempted to change my code to the following: createElement("root"); //note the change right here $wantedCode=$doc->createCDATASection("Something"); $root->appendChild($wantedCode); $doc->appendChild($root); $proc=new XSLTProcessor; $proc->importStylesheet(DOMDocument::load("test.xslt")); echo $proc->transformToXML($doc); ?> But this was of no success; it just had the same output. Is there anyone that is able to help me out here? Thanks, Logan Try using htmlspecialchars_decode before outputting your data: http://www.php.net/manual/en/function.htmlspecialchars-decode.php Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] MD5 & bot Question
On 4/9/07, tedd <[EMAIL PROTECTED]> wrote: At 4:38 AM -0700 4/8/07, benifactor wrote: >hmm, why don't you md5 more then once.. I read somewhere that MD5'ing anything more than once, does not increase security. Cheers, tedd Not in this case, as it doesn't goes about decrypting the key here, that's impossible with MD5, you can only bruteforce. But that's totally not of interest, a cracker doesn't want to implement a MD5 bruteforcer in his bot that brute forces the MD5 key each time (which can take up to several years to complete on regular PCs). Tijnema -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] MD5 & bot Question
On 4/8/07, tedd <[EMAIL PROTECTED]> wrote: At 9:42 AM +0200 4/8/07, Tijnema ! wrote: >You can't stop me :) > >http://86.86.80.41/dev/debug/tedd.php > >It's cracked again :) > >and of course i show you the code: > >http://86.86.80.41/dev/debug/tedd.txt > >Waiting for your next try :P > Tijnema: I might not be able to stop you, but I am sure I can wear you out. Here's my latest: http://sperling.com/a/arrows/ But before you spend too much time tying to figure it out, which with a HEX editor you should be able to easily discover -- this is what I did. 1. All my arrow GIF files range in size from about 500 bytes to 1.1 KB (it's not important to the solution, just a matter of range); 2. Between DEC 64 (HEX 40) to DEC 109 (HEX 6C) in the header exist all zeros. They don't provide any information regarding this image; 3. I simply used this area to store a single HEX number ranging from 0 to 255 DEC (HEX 0-255); 4. This gave me 11,475 different combinations for each GIF by changing a single bye in the header. If I used two bytes in the header, then the combinations would square. If I used all available space, then the possible combinations would be 11,475 to the 255 power (if my math is right) for each GIF. True, you could: 1. Record every MD5 of every combination for every GIF (8 x 11,475^255 different combinations) and then use those to crack this; 2. OR, simply zero out the area from DEC 64 to DEC 109 and use that. Either case would break my code. Since you're already telling how to break, i'm not gonna break it anymore :) Btw, also you should be able to convert it to JPEG/PNG/BMP/TIFF and then convert it back to GIF. That should clean up the header :) However, I am positive if I generated the image "on the fly" OR merged the image with a single randomized placement pixel I could generate an image that would be easily recognized by a human but not resolved by a MD5 solution. Remember, I could also use a jpeg file and have millions of colors to chose from. Unless, there is something here that I don't understand (which very well could be), I can't see how anyone, without massive computer resources, could break that. Am I wrong? Maybe... What about OCR programs? they can read letters from images, if you could transfrom that to an program that could read arrows instead of characters. then you probably could crack it, also if you store random pixels in it. And that doesn't use massive computer resources :) That's why i wanted to go for movies, because they are a lot harder to process, but still they are processable by a bot, and so it could be cracked I don't think any of us will ever find a code that's not crackable, but the amount of time needed to crack needs to be as high as possible, so that crackers will stay away because it takes way too much time, and maybe also too much computer resources. But while doing this, it should never disturb the normal user from using your site. Cheers, tedd PS: I love these types of discussions Me too :) -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: spl DirectoryIterator
On 4/8/07, itoctopus <[EMAIL PROTECTED]> wrote: After some testing and reading, I think this function is still experimental. Anyone else has some thoughts on this? I agree with you, this function seems not working correctly. From what i see of my testing is that this makes an array, with some iterators inside it. But all these iterators are the same iterator i started with. Meaning i get an array of all duplicate iterators. This is not what it should do i think, but there's no documentation on the fuction, so i can't compare with the "expected output". Tijnema -- itoctopus - http://www.itoctopus.com "Matthew Dellar" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > I have a problem, > > I need to turn an iterator into an array, but when I do, some methods I > need to use stop working. > > Take a look at the following example: > > $dir = 'c:/'; > $files = new DirectoryIterator($dir); > //$files = iterator_to_array($files); > foreach ($files as $file) { > echo "{$file->getFileName()}";//works > echo "{$file->getPath()}";//works > } > > It works as expected. However, when the iterator is turned into an array: > > $dir = 'c:/'; > $files = new DirectoryIterator($dir); > $files = iterator_to_array($files); > foreach ($files as $file) { > echo "{$file->getFileName()}"; //does not work > echo "{$file->getPath()}";//works > } > > It stops working. Can someone please help me, as a have tried and failed > to find the cause of the problem. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] MD5 & bot Question
On 4/8/07, Tijnema ! <[EMAIL PROTECTED]> wrote: On 4/8/07, tedd <[EMAIL PROTECTED]> wrote: > >>Well, I cracked it for you :) > >> > >>http://86.86.80.41/dev/debug/tedd.php > >> > >>At the bottom it shows you the MD5 code of your arrow image, and it > >>shows you which way it points to :) > >> > >>If you're interested in the code: > >> > >>http://86.86.80.41/dev/debug/tedd.txt > >> > >>Tijnema > > Tijnema: > > Okay, I think I figured out a fix -- try it again. :-) > > http://sperling.com/a/arrows/ > > A little knowledge is a dangerous thing. > > Cheers, > > tedd Looks interesting. It generates a different MD5 each time I'll take a deeper look at it today, and hope to find a way to crack it :) Tijnema You can't stop me :) http://86.86.80.41/dev/debug/tedd.php It's cracked again :) and of course i show you the code: http://86.86.80.41/dev/debug/tedd.txt Waiting for your next try :P Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] MD5 & bot Question
On 4/8/07, tedd <[EMAIL PROTECTED]> wrote: >>Well, I cracked it for you :) >> >>http://86.86.80.41/dev/debug/tedd.php >> >>At the bottom it shows you the MD5 code of your arrow image, and it >>shows you which way it points to :) >> >>If you're interested in the code: >> >>http://86.86.80.41/dev/debug/tedd.txt >> >>Tijnema Tijnema: Okay, I think I figured out a fix -- try it again. :-) http://sperling.com/a/arrows/ A little knowledge is a dangerous thing. Cheers, tedd Looks interesting. It generates a different MD5 each time I'll take a deeper look at it today, and hope to find a way to crack it :) Tijnema -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Bind IP with fsockopen
On 4/7/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: Hi is it possible to socket_bind with fsockopen? im using this with all my scripts... $fs = fsockopen('example.com', 2043, $errno, $errstr, 60); if (!$fs) { fclose($fs); and I need the remote conection to see me as one of my other IP's Ive read through socket_bind http://uk.php.net/manual/en/function.socket-bind.php but cant see how to use it with my above code Thanks I'm not sure if it's possible, it depends on the setup of switches etc. You're remote connection is outside your LAN right? If so, then your IP address is assigned by your ISP, this is assigned for each connection. I guess you have more then one connection from your ISP, then you have more then one IP. So if you have more then one connection, you have more then one modem/router. So if you want to use the IP of another connection, you should connect through another router/modem. But this depends on your setup, and has nothing to do with PHP. Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] MD5 & bot Question
On 4/7/07, tedd <[EMAIL PROTECTED]> wrote: At 11:56 PM +0100 4/6/07, Tijnema ! wrote: >On 4/6/07, tedd <[EMAIL PROTECTED]> wrote: >>At 2:55 PM +0100 4/6/07, Tijnema ! wrote: >>>I know, but animated gifs are still quite easy to read with a bot. >> >>Really? >> >>What if I a created a box surrounded by letters, like so: >> >>A B C >>D E F >>G H I >> >>However, where "E" is located I have a gif (animated or not) pointing >>to a letter, which would be the key. How would a bot read that? >> >>Cheers, >> >>tedd > >Assuming you're using the same arrow the whole time, you could use md5 >check for example. Save MD5 for all directions of the arrow and >compare :) Tijnema: Okay, here's an example: http://sperling.com/a/arrows/ How would someone MD5 that? Furthermore, how would a bot decipher anything different from that? From my perspective, no matter which way the arrow is pointing, the code remains the same. The only thing that changes is the arrow and a screen reader would have to be programmed to recognize the change -- am I wrong? Cheers, tedd Well, I cracked it for you :) http://86.86.80.41/dev/debug/tedd.php At the bottom it shows you the MD5 code of your arrow image, and it shows you which way it points to :) If you're interested in the code: http://86.86.80.41/dev/debug/tedd.txt Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: link counting
On 4/7/07, itoctopus <[EMAIL PROTECTED]> wrote: Use the function is_url (note that I haven't written it) instead to check if the link is a URL. Not only your method may count some links twice, but it will count wrong URLs also. External is not a URL that will take someone externally. Below is the function is_url function is_url($url) { return preg_match('#^http\\:\\/\\/[a-z0-9\-]+\.([a-z0-9\-]+\.)?[a-z]+#i', $url);} taken from this link: http://plurged.com/code.php?id=26 Hmm, it does only take http links, not https,ftp, etc. Tijnema -- itoctopus - http://www.itoctopus.com "Sebe" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > i thought of an idea of counting the number of links to reduce comment spam. > > unfortunately my methods is not reliable, i haven't tested it yet > though.. anyone have maybe a better solution using some regexp? > > $links = array('http://', 'https://', 'www.'); > > $total_links = 0; > foreach($links as $link) > { > $total_links = substr_count($string, $link); > } > > if($total_links > X) > { > . > } -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP has encountered an Access Violation at 01F13157?!?!?!?
On 4/7/07, Tijnema ! <[EMAIL PROTECTED]> wrote: On 4/7/07, Afan Pasalic <[EMAIL PROTECTED]> wrote: > hi, > I just installed php 5.2.1-win32-installer on win box (XP). use IIS. > created index.html file and localhost/index.html is ok. > created phpinfo.php (with only phpinfo()) and was ok. > then installed Zend 5.5.0 (try) and suddenly, IE is giving me blank screen. > installed firefox 2 and got the error message from subject line. > > according google and php.net, it's bug?!? > > any idea? > > thanks for any help. > > -afan So, what are the error messages in your firefox? and do you have any error messages in your apache error log? Tijnema I'm sorry, i didn't read your title, so i didn't know what your error was, but it is a bug. Take a look here: http://bugs.php.net/bug.php?id=40662 There hasn't been a solution posted, because there were no backtraces provided. If you could provide them, it might solve the bug. Also, this bug appeared in PHP5RC3 too, there was a fix, but link is dead, and the fix they tell is "Use CVS snapshot.", and of course that would worked then, but that's not relevant anymore, as the thead is from jun 2004, anyway if you want to read it: http://bugs.php.net/bug.php?id=29127 Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP has encountered an Access Violation at 01F13157?!?!?!?
On 4/7/07, Afan Pasalic <[EMAIL PROTECTED]> wrote: hi, I just installed php 5.2.1-win32-installer on win box (XP). use IIS. created index.html file and localhost/index.html is ok. created phpinfo.php (with only phpinfo()) and was ok. then installed Zend 5.5.0 (try) and suddenly, IE is giving me blank screen. installed firefox 2 and got the error message from subject line. according google and php.net, it's bug?!? any idea? thanks for any help. -afan So, what are the error messages in your firefox? and do you have any error messages in your apache error log? Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Submitting as POST. Why?
On 4/7/07, Paul Novitski <[EMAIL PROTECTED]> wrote: >barophobia wrote: >>I only know of one reason to submit a form as POST and that is because >>you can submit more data in one shot. At 4/6/2007 05:44 PM, Mike Shanley wrote: >When you submit via GET, all the info shows up in the URL, so people >can tamper with it however they like. Also, people can bookmark it as well. In fact that very tamperability is one of the advantages of GET. For certain types of service it can be a boon to the user to be able to tweak the querystring. It enables even mildly technically-oriented people to roll their own queries for search engines, map engines, online resource guides, catalogs, etc. When I deliberately expose the communication channel between a form and a lookup engine like that, I try to choose querystring parameter names that are simple and easy to remember such as isbn, author, and title. Obviously you have to make sure someone can't hack your system through the querystring, but you should already be doing this anyway whether you're using POST or GET. Regards, Paul Good point, It's nice if search machine's are using GET, as you could make a script to search in their search machine by just going to an url like http://www.google.com/search?q=, instead of making a form. Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Audio CAPTCHA review request
On 4/6/07, tedd <[EMAIL PROTECTED]> wrote: At 2:55 PM +0100 4/6/07, Tijnema ! wrote: >I know, but animated gifs are still quite easy to read with a bot. Really? What if I a created a box surrounded by letters, like so: A B C D E F G H I However, where "E" is located I have a gif (animated or not) pointing to a letter, which would be the key. How would a bot read that? Cheers, tedd Assuming you're using the same arrow the whole time, you could use md5 check for example. Save MD5 for all directions of the arrow and compare :) Tijnema -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Audio CAPTCHA review request
On 4/6/07, tedd <[EMAIL PROTECTED]> wrote: At 7:54 PM +0200 4/5/07, Tijnema ! wrote: >About your dot-captcha program tedd, it's another trick, it hasn't >been used yet, so somebody needs to look at it to crack. Like Jochem >said, if someone really wants to break it, he will do it. Making a >real though CAPTCHA isn't that hard, it's hard to create a CAPTCHA >that's easy to the user, but very hard to bots. I realize that no captcha will be 100 percent successful in keeping spammy out for if it was then spammy would hire cheap human help to defeat them. However, that's more expensive than a bots and I like making spammy's job harder and more expensive. Side note -- I've actually had spammy single me out and do all sorts of nasty stuff, so my efforts are not going unnoticed. >I was thinking about animation, very simple like a moving dot. "Did it >move from left to right, right to left, top to bottom or bottom to >top?" What about the dyslexic? I had a similar idea in that I would present a string like "A7F3" where I would ask "Please enter the second character from the left." Unfortunately, those who are dyslexic would have problems with that. Nah, maybe clarify it with images, then nobody would have trouble seeing what it does,atleast everyone that still can see :) >As animated images/flash/movies are really though items to parse for a >bot. So just creating an AVI made up from a few simple frames. >Everyone can see if which side the dot moves. But yet, there's no >movie support in PHP, i discussed this on the internals list, but >nobody seems interested, and this is the case i need it again :). For animated images, I use gifs (like a spinning wait gif). Your idea could be done with that, but again asking someone which way the dot moves is not accessible -- it even narrows the numbers for the sighted group. I know, but animated gifs are still quite easy to read with a bot. >I was thinking about creating random frames from PHP(also a random >number, with different frame rates) and then creating an movie from >that frames. I prefer no compression then, because that would require >the user to install decoders. I think these days every user has a >browser supporting inline movies right? >I know, this wouldn't stop the semi-automatic bots, but i think these >are very hard to stop. (Unstoppable maybe?) Php animation could be done via ajax. You need to have something on the user's side to communicate when to run each php frame. This is similar to trying to write a php progress bar for up/down-loading -- it's a question of communication and timing. Cheers, tedd Also using this solution, it probably will work, but it will be easy to crack Tijnema -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] link counting
On 4/6/07, Sebe <[EMAIL PROTECTED]> wrote: i thought of an idea of counting the number of links to reduce comment spam. unfortunately my methods is not reliable, i haven't tested it yet though.. anyone have maybe a better solution using some regexp? $links = array('http://', 'https://', 'www.'); $total_links = 0; foreach($links as $link) { $total_links = substr_count($string, $link); } if($total_links > X) { . } I don't have a better way, but links starting with http://www. or https://www. are counted twice in your script... Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How to disable the "Daylight saving time" in PHP 5?
On 4/6/07, SED <[EMAIL PROTECTED]> wrote: I need to disable the "Daylight saving time" in PHP 5. My servers (Windows, both XP and Vista) have correct local time but PHP 5 adds an extra hour when I use date("H") or other time functions. Instead of getting 9 AM, I get 10 AM. If I run date("I"), I get 1, which confirms that PHP 5 is using "Daylight saving time". If I change the system date to January I get correct hour. I have tried google.com and I ran through the php.net manual but I didn't find a solution. I cannot add time-fix on every php-page, they are to many. Regards, Summi Netfang [EMAIL PROTECTED] Heimasíða http://www.sed.is I don't know a way to disable DST, but you can change your timezone in the php.ini, so that you set it an hour back again :) manual about date.timezone: http://www.php.net/manual/en/ref.datetime.php#ini.date.timezone Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] HELP with mail()
On 4/6/07, Zhimmy Kanata <[EMAIL PROTECTED]> wrote: I created the following email program from a email function that I know works in another program. When I create a simple form page listed below and submit it. It echos the $email and the $username and it writes it to the page. So it is finding the variables within the transfering url in the form of a post. It doesn't give me an error message but I don't get an email? Should the Linux server not be executing the mail() function? What the beep!??? Again thanks in advance for any help. Zhimmy "; $mailSubject = "Your registration confirmation..."; $mailBody = "Dear $name,\n\nYour details have been added to my email list.\n\n To unsubscribe click on the link below\nhttp://www.sitename.com/mail.php?action=unsubscribe&email=$email";; mail($email, "Registration Confirmation", $mailBody, "From: \r\n" ."Reply-To: \r\n" ."X-Mailer: PHP/" . phpversion()); } ?> Try hardcoding the email, i've seen this problem more on this list.Try the code below and see if it solves your problem. Tijnema "; $mailSubject = "Your registration confirmation..."; $mailBody = "Dear $name,\n\nYour details have been added to my email list.\n\n To unsubscribe click on the link below\nhttp://www.sitename.com/mail.php?action=unsubscribe&email=$email";; mail("[EMAIL PROTECTED]", "Registration Confirmation", $mailBody, "From: \r\n" ."Reply-To: \r\n" ."X-Mailer: PHP/" . phpversion()); } ?> -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] DOMDocument::schemaValidate() -> libxml_get_errors()
On 4/5/07, Sébastien WENSKE <[EMAIL PROTECTED]> wrote: Yes it's exactly the error, see the output : DOMDocument::schemaValidate() Generated Errors! Error 1871: Element 'EcheanceRMC': This element is not expected. in file:///D%3A/wamp/www/XML%20Validator/xml/Edit4.xml on line 33326 <- that's right Error 1871: Element 'EcheanceRMC': This element is not expected. in file:///D%3A/wamp/www/XML%20Validator/xml/Edit4.xml on line 65535 <- that's wrong the real line number is upper Error 1871: Element 'EcheanceRMC': This element is not expected. in file:///D%3A/wamp/www/XML%20Validator/xml/Edit4.xml on line 65535 <- that's wrong the real line number is upper Error 1871: Element 'EcheanceRMC': This element is not expected. in file:///D%3A/wamp/www/XML%20Validator/xml/Edit4.xml on line 65535 <- that's wrong the real line number is upper Error 1871: Element 'EcheanceRMC': This element is not expected. in file:///D%3A/wamp/www/XML%20Validator/xml/Edit4.xml on line 65535 <- that's wrong the real line number is upper Error 1871: Element 'EcheanceRMC': This element is not expected. in file:///D%3A/wamp/www/XML%20Validator/xml/Edit4.xml on line 65535 <- that's wrong the real line number is upper Error 1871: Element 'EcheanceRMC': This element is not expected. in file:///D%3A/wamp/www/XML%20Validator/xml/Edit4.xml on line 65535 <- that's wrong the real line number is upper Error 1871: Element 'EcheanceRMC': This element is not expected. in file:///D%3A/wamp/www/XML%20Validator/xml/Edit4.xml on line 65535 <- that's wrong the real line number is upper Error 1871: Element 'EcheanceRMC': This element is not expected. in file:///D%3A/wamp/www/XML%20Validator/xml/Edit4.xml on line 65535 <- that's wrong the real line number is upper [...] is it du to the integer ?? (16bits ??) I don't think it has to do with integer, unless you're running in 16bit mode.. (PHP can't even run under 16bit i guess..). An integer could a lot more. I think there are 2 options that make this error: 1) The libxml library itself doesn't support it. 2) The PHP bindings with the libxml don't support it. In the first case you would need to contact the libxml authors, in the second case, you might want to write a patch that fixes it :) Tijnema - Original Message - From: "JM Guillermin" <[EMAIL PROTECTED]> To: "Tijnema !" <[EMAIL PROTECTED]>; "Sébastien WENSKE" <[EMAIL PROTECTED]> Cc: Sent: Thursday, April 05, 2007 4:23 PM Subject: Re: [PHP] DOMDocument::schemaValidate() -> libxml_get_errors() > If the error occure after the line 65535, libxml_get_errors() returns 65535. > > Maybe this can help you Sébastien : > > Class: LibXMLError >Properties (Read-Only): >(int) level >(int) code >(int) column >(string) message >(string) file >(int) line > > > jm > > - Original Message - > From: "Tijnema !" <[EMAIL PROTECTED]> > To: "Sébastien WENSKE" <[EMAIL PROTECTED]> > Cc: > Sent: Thursday, April 05, 2007 3:56 PM > Subject: Re: [PHP] DOMDocument::schemaValidate() -> libxml_get_errors() > > > On 4/5/07, Sébastien WENSKE <[EMAIL PROTECTED]> wrote: >> Hello all, (sorry for my bad english) >> >> I've this script, it checks an XML file with an XSD file. >> it reports errors in the XML with line number, but i've large XML file (up >> to 560MB) and the line number >> doesn't exceed 65535. for upper lines he return always 65535. >> >> An idea ? >> >> Thx in advance. >> > > I don't really understand what you're saying, but i might be able to > help you if you post the output of the script you posted, and then > tell what the expected output is. > > Tijnema > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP textbook suggestions?
On 4/5/07, Zoltán Németh <[EMAIL PROTECTED]> wrote: 2007. 04. 5, csütörtök keltezéssel 12.52-kor Chris Lott ezt írta: > Looking for suggestions for a PHP textbook for an "Intro to Web > Programming" class that will be using PHP5 and MySQL. This is a > first-semester course, so no programming experience required. > > It would be nice to have a text that adhered to (what I see as) good > practice using quotation marks... i.e. > > print 'The cost is ' . $cost; > NOT > print "The cost is $cost"; > AND CERTAINLY NOT > print ("The cost is $cost"); > > echo substr('abcdef', 1); > NOT > echo substr("abcdef", 1); there is no difference between the above two echo statements. I'm almost sure that there is absolutely zero difference between the two kind of quotes when there are no variables involved greets Zoltán Németh I prefer using double quotes (" ") around strings, because i don't have to escape single quotes (' ') in words like I'm, don't, etc. Tijnema > > > I will be teaching, so a book that a student can-- before the class-- > work through and understand is good-- doesn't have to be a traditional > textbook! But it shouldn't be a reference manual either. > > c > -- > Chris Lott > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PDF: error
On 4/5/07, Stut <[EMAIL PROTECTED]> wrote: Mário Gamito wrote: > $data = readfile($full); The readfile function does not return the contents of the file. I suggest you RTFM: http://php.net/readfile -Stut I wanted to say that :P. it outputs the file directly to the browser, and returns the number of bytes written :) Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PDF: error
On 4/5/07, Mário Gamito <[EMAIL PROTECTED]> wrote: Hi, I've managed to make the PDF download system work. But when it opens in acrobat reader, i get the error you can see in: http://www.gamito.org/fucked-pdf-2.jpg The code follows my signature. Any help would be appreciated. Warm Regards -- :wq! Mário Gamito -- Where did you get the $data variable? as filesize($data) would return false here, and that's not a good value for the Content-Length header :) Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Audio CAPTCHA review request
What can you do to make audio captcha's harder? Add more voice! This is exactly what google has done on their updated audio captcha. This really helps, you need a much more fine grained and larger voice model to trancribe that. I still think it is doable, but the amount of training work that is involved scares at least me away from actually doing it. This is the same for the latest image captchas, trying to segment them is hard (matching the broken segments to determine the charachter with a statistical model is relatively easy). tedd wrote: > > Perhaps I'm underestimating the capabilities of bots and > overestimating the abilities of humans. I suspect that the > distribution of both camps have an overlap and therein lies the > problem. The problem may not have a solution. > > But to bring this back to my intent -- my intent here is to provide a > simple audio CAPTCHA that could be used by anyone to provide some > degree of protection for their personal use THAT would also be > accessible to screen readers. It's not foolproof, but it appears to > work in that regard. > I think any captcha that is different from a standard library one will help, you should just know that if someone is really convinced to break it, he/she can. So think of a captcha and implement it quietly (no bragging how good it is, that will draw the wrong attention). Standard bots will not be able to parse it and only if you have a high profile site it will be economally viable for spammers to break it. What about semi-automatic bots? They load page and fill in all the details in the form, and they pass the captcha *shit* to you, you type over the code and the bot can start spamming right? About your dot-captcha program tedd, it's another trick, it hasn't been used yet, so somebody needs to look at it to crack. Like Jochem said, if someone really wants to break it, he will do it. Making a real though CAPTCHA isn't that hard, it's hard to create a CAPTCHA that's easy to the user, but very hard to bots. I was thinking about animation, very simple like a moving dot. "Did it move from left to right, right to left, top to bottom or bottom to top?" As animated images/flash/movies are really though items to parse for a bot. So just creating an AVI made up from a few simple frames. Everyone can see if which side the dot moves. But yet, there's no movie support in PHP, i discussed this on the internals list, but nobody seems interested, and this is the case i need it again :). I was thinking about creating random frames from PHP(also a random number, with different frame rates) and then creating an movie from that frames. I prefer no compression then, because that would require the user to install decoders. I think these days every user has a browser supporting inline movies right? I know, this wouldn't stop the semi-automatic bots, but i think these are very hard to stop. (Unstoppable maybe?) Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Audio CAPTCHA review request
On 4/5/07, tedd <[EMAIL PROTECTED]> wrote: At 10:25 AM -0400 4/5/07, Robert Cummings wrote: > > However, I like my dot captcha (been fixed for IE 5 & IE 6) , see: >> >> http://sperling.com/examples/dot-captcha/index.php >> >> As you can "see", it's only for sighted users. > >My mouse is broken and I couldn't navigate to it using my keyboard! :B > >Cheers, >Rob. Rob: How do you do that? Is there a php or javascript solution? I'm open to suggestion. Cheers, tedd If you're gonna do this, you probably need to remove a little piece in your security, which isn't wanted of course :) Tijnema -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] DOMDocument::schemaValidate() -> libxml_get_errors()
On 4/5/07, Sébastien WENSKE <[EMAIL PROTECTED]> wrote: Hello all, (sorry for my bad english) I've this script, it checks an XML file with an XSD file. it reports errors in the XML with line number, but i've large XML file (up to 560MB) and the line number doesn't exceed 65535. for upper lines he return always 65535. An idea ? Thx in advance. I don't really understand what you're saying, but i might be able to help you if you post the output of the script you posted, and then tell what the expected output is. Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Audio CAPTCHA review request
I often wondered why simple CAPTCHA's like "Type the number seven four three", or "What is the sum of two plus three?", or "Spell cat", or "Spell two" wouldn't work? Certainly, one can create a routine coupled a dB to randomly produce thousands of different combinations of simple questions. Likewise, a sound file could be produced the same way. This could get hard for people, not everybody does understand a lot of English. So if you're asking a question, it does also get harder for some humans and that's not what we are looking for. Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Why do some pages repeat a previous page's action(s) after redirect?
On 4/3/07, Chris W. Parker <[EMAIL PROTECTED]> wrote: Hello, I have a form page and a processing page. After submitting the form the processing page does whatever it needs to do (insert a record, send back validation errors, etc.) After determing what to do it always redirects somewhere with header('Location: URL'); But sometimes when I'm back at the form page (after the redirect) and I refresh the page it does the previous page's actions again. And again and again. Why would it do that? Shouldn't a refresh just resubmit whatever is in the address bar and not go through a certain path? The only way I've found to make it stop redoing the previous page's actions is to put my cursor in the address bar and press enter. I don't remember seeing this behavior in the past so I wonder if it has something to do with Apache's or PHP's configuration. Thanks, Chris. This is the only behavior i know of, a refresh action does the same action he did for loading the current page again. If you submit data to that page, it will resubmit the data. If you're using the Location:URL header entry, the browser doesn't "saves" this action as an action did by the browser itself, and so it will submit the data to the page where you redirect. If you want to bypass this, you should use the javascript window.location method instead. Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Google-Yahoo venture and PHP
On 4/3/07, Chris <[EMAIL PROTECTED]> wrote: Matt Kay wrote: > I really dont see what all the fuss is about. If MS is going to have us all > running > on thin clients, and Google/Yahoo want to beat them to the punch, is this > really > going to matter who we pay? The article on digg.com > http://digg.com/tech_news/Google_Yahoo_Merger_Redefines_Access > simply means we will be getting our desktop as a service, and MS have the > same > goal. PHP will only be a small part of this if Zend decide to throw thier > lot in also. Did you look at the date? ;) Digg shows us that it is posted on 3/31/07, is there something wrong with? Tijnema -- Postgresql & php tutorials http://www.designmagick.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about form submitting
On 4/3/07, Dave Goodchild <[EMAIL PROTECTED]> wrote: Not true. You can submit the form back to itself as many times as required by making the form action $_SERVER['PHP_SELF'] and checking for various sequences and outputting different html in each case. You're then leaving the page and reloading it Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about form submitting
On 4/3/07, Mário Gamito <[EMAIL PROTECTED]> wrote: Hi, Sorry for the lame question, but i didn't find a satisfactory answer in the web. I have this subscribe form (subscribe.php) and on submit i have to check for errors: a) password and password confirmation mismatch; b) missing filled fields c) check e-mail validity d) etc. My question is how do i make all these possibilities show a different error message without leaving subscribe.php ? I know that the for action must be subscribe.php, from there i'm blind as a bat. Any help would be appreciated. Warm Regards -- :wq! Mário Gamito This can only be done with Javascript if you don't want to leave the page. And so, you're on the wrong list, search for a javascript list :) Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Get free broadband internet from google!
On 4/1/07, TheOldFellow <[EMAIL PROTECTED]> wrote: On Sun, 1 Apr 2007 15:54:33 +0200 "Tijnema !" <[EMAIL PROTECTED]> wrote: > I'm testing if it works now, I already put the cable down into my > toilet and waiting for google to connect me :) I hope they work on > sunday too :) I'll bet the service is crap. R. Yes the service is very crap. But that was because I didn't read that it was only in the USA. Not in the Netherlands... Well, I took the cable out of my toilet, and contacted my regular ISP again and told them NOT to disconnect me.. :) Tijnema -- http://linuxfromscratch.org/mailman/listinfo/blfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Best opensource XML parser for PHP ?
On 4/2/07, Don Don <[EMAIL PROTECTED]> wrote: Hi all whats the best open source (free) xml parser for php (4 >) ? I've come across a few but am looking the best as adjudged by the industry. Cheers There's already an XML parser build into PHP. I don't see any reasong using an external. www.php.net/xml Tijnema - Food fight? Enjoy some healthy debate in the Yahoo! Answers Food & Drink Q&A. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Get free broadband internet from google!
Hi, It's true, free broadband internet from google :) Have a look at this page: http://www.google.com/tisp Start now with installing: http://www.google.com/tisp/install.html Tijnema ps. 1 April is cool huh? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Security Best Practice: typecast?
On 4/1/07, Richard Lynch <[EMAIL PROTECTED]> wrote: So, after a recent thread on data filtering, I'm wondering... Is this "good enough" in ALL possible Unicode/charset situations: $foo_id = (int) $_POST['foo_id']; $query = "insert into whatever(foo_id) values($foo_id)"; Or is it possible, even theoretically possible, for a sequence of: [-]?[0-9]+ to somehow run afoul of ANY charset? Perhaps more interesting, how about this: $foo = (float) $_POST['foo']; Is there any way for any PHP output from (float), even with decimal overflow/underflow in various databases, for that to "go wrong"? Should one be ultra-conservative and just do: $foo_sql = mysql_real_escape_string($connection); or is that just being silly? This oen is better i believe, but you probably don't want to unescape the connection :) use this instead: $foo_sql = mysql_real_escape_string($foo_sql,$connection); Tijnema -- Some people have a "gift" link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PDO and buffered queries
On 4/1/07, Larry Garfield <[EMAIL PROTECTED]> wrote: So there's no PDO experts out there, eh? :-( No, not really a PDO expert ;) On Wednesday 28 March 2007 11:14 pm, Larry Garfield wrote: > HI all. The PHP.net manual is somewhat unclear on this point, so I thought > I'd ask here. Does PDO automatically buffer queries the way that the > mysql_* extension does, in order to allow multiple result sets open at the > same time? Or is that something that has to be set on the connection, and > if so, is that available for all drivers? > > I ask because I am running into a problem with a query segfaulting on me, > but only under PHP 5.1 with PDO from pecl. It ran fine in PHP 5.2.0. The > only mention in the manual on this subject is: > > http://us2.php.net/manual/en/ref.pdo-mysql.php > > "If this attribute is set to TRUE on a PDOStatement, the MySQL driver will > use the buffered versions of the MySQL API. If you're writing portable > code, you should use PDOStatement::fetchAll() instead." > > The sample code there suggests that nothing does buffered queries except > the MySQL driver. I find no mention of that anywhere else, though, one way > or another. Of course, using fetchAll(), as it suggests, means that I only > get arrays, not objects. (Unless I'm misreading those docs, too.) > > Any PDO experts out there able to shed some light on the situation? I'm > thoroughly confused at this point, and the manual is quite unclear on all > of the important details I care about. :-) > > -- > Larry GarfieldAIM: LOLG42 > [EMAIL PROTECTED]ICQ: 6817012 The manual isn't very clear at this part, but from what i understand of you is that you want to get objects from PDO using fetchAll(). Normally you would used fetch()? If so, it shouldn't be too hard i think as fetchAll() accepts the same constants as fetch() does. You should pass PDO::FETCH_OBJ: as first parameter for the fetchAll() function. If this wasn't what you were looking for, then sorry for wasting your time, as I'm no PDO expert. But I thought lets give it a shot :) Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: 0x9f54
On 4/1/07, Man-wai Chang <[EMAIL PROTECTED]> wrote: >> MySQL? MSSQL? PgSQL? >> Tijnema > It seems he wanted to insert a Chinese character with that hex value. Yes... I tried the insert with PHP, including the use of mysql_real_escape_string(), but MySQL still gave me a blank only. Well, show us a part of your code. Do var_dump($value) before you enter it into the database, and see if it still says 0x9f54. Tijnema -- .~. Might, Courage, Vision, SINCERITY. http://www.linux-sxs.org / v \ Simplicity is Beauty! May the Force and Farce be with you! /( _ )\ (Ubuntu 6.10) Linux 2.6.20.4 ^ ^ 13:34:01 up 8 days 46 min 0 users load average: 1.04 1.01 1.00 news://news.3home.net news://news.hkpcug.org news://news.newsgroup.com.hk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Alternative/Addition to using a CAPTCHA
On 3/31/07, tedd <[EMAIL PROTECTED]> wrote: At 3:33 PM -0400 3/30/07, <[EMAIL PROTECTED]> wrote: >Ah ok.. that makes a bit more sense. Even still.. anyone who's >going out of their way to program a bot to defeat your specific >CAPTCHA mechanism will probably notice the failure in testing. > >Unless you made a failure behave similar to a success but put them >in a situation where ultimately they still can't post messages or >access anything useful. > >I remember reading about either 3D Studio or Maya (one of the 3D >modeling programs) and their copy protection method. They, at one >point, made I guess an obvious segment of code for the software >pirates to 'crack' that appeared to have totally deprotected the >program. It turns out that it only sort of de-protected it. They >put in multiple mechanisms that were more subtle. The one I'm >thinking of apparently made it so that after 250 right mouse clicks, >it would render everything in lower and lower qualities of >rendering. Or not render at all. OR menus stopped working or >something. But it was something that wasn't obvious at all until >people really started using the pirated copy for a while. > >Tricky bastards. I love it. hah > >-TG Yeah, me too! In one of my applications, I put in a self-check for size. If anyone change a single byte, the program crashed. This kind of protection is still used these days. A cracker could atleast use programs like SoftICE to temporaly change bytes. And then he only needs to find where that protection exists and break that too :) In the old Apple days, I knew one developer who wrote a program that when it thought is was being altered initialized it's floppy -- it bit harsh I think. :-) I wrote one that when altered would continue working, but gave the wrong results. I was amused when people would contact me and complain about their pirated copy not working properly. That's a good one :) I wrote one, didn't mass release it, but if it detected alteration, it would send me an email telling me where it was and other specifics about the user. I thought that was kind of neat, but it violated privacy issues I wasn't comfortable with. However, I could have init their hard-drive if I had wanted. I wonder what affect that technique would have on pirating software. Oh well, enough off-topic chatter. Thanks for all the review and comments. Cheers, tedd Yeah, privacy issues They suck.. LOL. You can only try to create programs that are unbreakable, not that send you information about the cracker. The nicest thing to do is just making applications that format ur HDD when changing a byte :) If a hacker just does a first try, then clean up the HDD :) Tijnema -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Alternative/Addition to using a CAPTCHA
On 3/31/07, tedd <[EMAIL PROTECTED]> wrote: At 4:04 PM -0400 3/30/07, Jake McHenry wrote: > > Tijnema & John: >> >> The above link I've already done a long time ago. But check out my >> dot CAPTCHA here: >> > > http://sperling.com/examples/p-captcha > > > >Maybe I'm going blind.. But I don't see a circle on that page anywhere? >Everywhere I click it fails.. >Jake Jake: As I stated, not all browsers support alpha channel images. Unfortunately, IE 5.5 and IE 6 fails while everything else (including IE 5.2 and IE 7) passes -- just another example of why people should use a different browser than IE 5.5 and IE 6. In fact, just consider using *anything* but IE (IMO). See below screen-shots: http://www.browsercam.com/public.aspx?proj_id=336219 Everything that has a blue dot works AND everything except for IE 5.5 and IE 6 has a blue dot. Cheers, tedd I remember that from the Invison Board version 2.1.0 and above. They also use Alpha PNG images. But they have some kind of javascript function that fixes that, atleast that's what the comments say. I don't know how it works but you might want to take a look at it. AFAIK it is only using Javascript, so you would be able to see full source code :) Tijnema -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] newbie question about debuging
On 3/31/07, buFka <[EMAIL PROTECTED]> wrote: The Database exists: [EMAIL PROTECTED]:~$ sqlplus SYSTEM/[EMAIL PROTECTED] SQL*Plus: Release 10.2.0.1.0 - Production on Sa Mrz 31 15:44:09 2007 Copyright (c) 1982, 2005, Oracle. All rights reserved. Verbunden mit: Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production With the Partitioning, OLAP and Data Mining options SQL> Hmm, in your image i see Database 'testdb' not found. Followed by a link. What happens if you click on that link? I don't know anything about Oracle/pOWL, but it looks like the script can't connect to your Oracle database. Did you check if the database settings are correct? Like I said i don't know anything about Oracly, i use MySQL, but it requires a host, username, password too i think, so you should check if these are correct. Tijnema -- View this message in context: http://www.nabble.com/newbie-question-about-debuging-tf3496894.html#a9767365 Sent from the PHP - General mailing list archive at Nabble.com. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] newbie question about debuging
On 3/31/07, buFka <[EMAIL PROTECTED]> wrote: Hello, I would like to install pOWL (http://aksw.informatik.uni-leipzig.de/Projects/Powl) with ORACLE. I obey the installation steps. I log in: http://www.picvalley.net/u/26/25123_331.PNG and then then i get this error message http://www.picvalley.net/u/26/25124_335.PNG How can I find out what causes the mistake? There are several php files, however, I am not so fit in php and cannot find the error. If I use pOWL with MySQL instead of ORACLE, everything works perfectly. I think, i must change something here: http://www.nabble.com/file/7585/include.php include.php . Thanks in advance! Something went wrong with installation i think. You should check that the database testdb exists. Tijnema -- View this message in context: http://www.nabble.com/newbie-question-about-debuging-tf3496894.html#a9767223 Sent from the PHP - General mailing list archive at Nabble.com. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Saving css state in javascript and passing to php via form submit
On 3/31/07, Tijnema ! <[EMAIL PROTECTED]> wrote: On 3/31/07, Jochem Maas <[EMAIL PROTECTED]> wrote: > Tijnema ! wrote: > > On 3/30/07, Jochem Maas <[EMAIL PROTECTED]> wrote: > >> Tim wrote: > >> > > > > > > > > ... > > >> personally I prefer JSON formatted data, for which there are even a > >> couple of > >> functions available in newer versions of php (otherwise you can find > >> code on the net > >> easily enough to handle JSON data creation/parsing): > >> > >> http://php.net/json > > > > I prefer not to do a lot of processing in Javascript, what i usually > > do is send plain HTML and directly output it inside a > > 'processing' JSON formatted data is a matter of running a single eval() > line in javascript!?! > > just outputting HTML directly into a div is useful in many simple > situations but it doesn't leave a whole lot of room for any real client > sided application logic ... All that "client side application logic" can also be done in PHP. Where's the sense in learning to work with JSON, if it can be done in PHP too? PHP is a lot faster then javascript right? Tijnema I've did a few test on this PC(AMD64 3200+), it's running EasyPHP (Apache+PHP+MySQL), and it shows me that PHP is about twice as fast then Javascript.(Tested using IE6, FF wasn't working because script took too long to execute, which generates messages on firefox, and which didn't let me finish the script) Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Saving css state in javascript and passing to php via form submit
On 3/31/07, Jochem Maas <[EMAIL PROTECTED]> wrote: Tijnema ! wrote: > On 3/30/07, Jochem Maas <[EMAIL PROTECTED]> wrote: >> Tim wrote: >> > > > > > > ... >> personally I prefer JSON formatted data, for which there are even a >> couple of >> functions available in newer versions of php (otherwise you can find >> code on the net >> easily enough to handle JSON data creation/parsing): >> >> http://php.net/json > > I prefer not to do a lot of processing in Javascript, what i usually > do is send plain HTML and directly output it inside a 'processing' JSON formatted data is a matter of running a single eval() line in javascript!?! just outputting HTML directly into a div is useful in many simple situations but it doesn't leave a whole lot of room for any real client sided application logic ... All that "client side application logic" can also be done in PHP. Where's the sense in learning to work with JSON, if it can be done in PHP too? PHP is a lot faster then javascript right? Tijnema > > Tijnema >> >> > >> > Regards, >> > >> > Tim >> > >> >> > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Parse error help.., thanks..
On 3/30/07, Ian <[EMAIL PROTECTED]> wrote: Hi everyone, i am new to PHP, but not a programmer.., i got this php code to workout on something on my blog, but it seems that it gives me the following error: Parse error: syntax error, unexpected ';' in /hxxx/x/domains/x.com/public_html/blog/labels.php on line 15 http://.x.com/labels'); define('SEARCH_DIR','//x/domains/x.com/public_html/blog/labels'); define('THIS_FILE', 'cloud.php'); if(file_exists(SEARCH_DIR.'_cloud_include_cache.html') && filemtime(SEARCH_DIR.'_cloud_include_cache.html')>(time()-(60*60))) echo file_get_contents(SEARCH_DIR.'_cloud_include_cache.html'); else { $output = ''; $files = array(); $dir = opendir(SEARCH_DIR); while($file = readdir($dir)) if($file != '.' && $file != '..' && $file != THIS_FILE &amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;& How can above string be ever correct $file != CACHE_FILE) { $files[] = $file; } Anyhelp on this will ve be very much appreciated, thanks.. Ian Try this code: http://.x.com/labels'); define('SEARCH_DIR','//x/domains/x.com/public_html/blog/labels'); define('THIS_FILE', 'cloud.php'); if(file_exists(SEARCH_DIR.'_cloud_include_cache.html') && filemtime(SEARCH_DIR.'_cloud_include_cache.html')>(time()-(60*60))) echo file_get_contents(SEARCH_DIR.'_cloud_include_cache.html'); else { $output = ''; $files = array(); $dir = opendir(SEARCH_DIR); while($file = readdir($dir)) if($file != '.' && $file != '..' && $file != THIS_FILE && $file != CACHE_FILE) { $files[] = $file; } It should work, if not, come back here :) Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP sample code for XMLHttprequest with jQuery
On 3/30/07, Otto Wyss <[EMAIL PROTECTED]> wrote: I'm currently evaluating jQuery as a Javascript library for my web site but first would like to see a working sample with PHP doing XMLHttprequest. Is anyone else using jQuery and has some sample code to look at? O. Wyss This is nearly 100% PHP unrelated. jQuery and XMLHttpRequest (AJAX) are both Javascript. Maybe you should look here: http://docs.jquery.com/Discussion#Mailing_Lists There you can find people using jQuery ;) Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Ide help needed
On 3/30/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: I am a beginer with php and i need to know which IDE is best suited under windows and linux both i have seen dreamweaver working and have heard about GoLive too but don't know whichone to go for can you please help me decide and also tell me some other IDE's if possible Kdevelop is also nice if you have KDE installed :) It has support for tidy :) Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Saving css state in javascript and passing to php via form submit
On 3/30/07, Jochem Maas <[EMAIL PROTECTED]> wrote: Tim wrote: > > > > > > >>>>>> I think you want to use sessions for this :) >>>>> Ok, i can put the data in the session variable, but i can >>>> only get the >>>>> "current" state through javascript >>>>> >>>>> ie:onsubmit="getstate()"; which would get the id's of the >>>> blocks that >>>>> are set to display:block; >>>>> >>>>> But in getstate() how do i pass that to php to set that >>>> session variable? >>>> >>>> You could use AJAX to get things from/to PHP, but why should you? >>>> You can use session within javascript too i believe. >>> Hmm javascript setting server-side session data?? >>> Sounds weird, but i'll look into it.. >> server-side session data? i never heard of server-side sessions... >> AFAIK they are send in the HTTP headers from and to the server. >> Cookies are nearly the same as sessions, i found this article (with >> examples) that goes about parsing cookies from javascript. So >> you could also do it with cookies. >> http://www.javascriptkit.com/javatutors/cookie2.shtml > Ermmm... > Isn't $_SESSION a superglobal available only during script execution? > Yes it sets a session_id in a cookie to which is sent to the server to > identifie the client, but to my knowledge $_SESSION['my_var'] = 'some_data'; > is stored server side and set only through a server side script... > > Now storing data in cookies is client-side, that i agree.. > Am i confused or are you confusing me? :P > >>>>>> Tijnema >>>>>> >>>>>> ps. Maybe you could also use AJAX instead of submitting forms >>>>>> the whole time. >>>>> In the next version of my framework i would like to, i still >>>>> havent quite understood the whole concept, not enough research >>>> yet, but yes >>>>> i'll be doing that next ;) (you know deadlines, can't sit >>>> and read docs all day etc.. >>>>> Although i'd rather!) >>>>> >>>>> ;) >>>>> >>>>> Regards, >>>>> >>>>> Tim >>>> Really, it's not that hard to use AJAX. You might want to look at >>>> www.tizag.com, there it is really easy explained. >>>> It's nothing more then making new request to scripts inside >>>> javascript. >>> Nice tutorial thanks for that, i'll look it up, maybe >> intergrate it >>> right away, would really make my day if i could :)) >>> >>> Regards, >>> >>> Tim >> It's not too hard, but if you already did a lot of work on >> the form processing, you prefer not to write it all over >> again i think ;) > > Wrote a class to do the form validation, so i could always make a .php that > runs the form data through the validator and sends back the response.. In > xml i think it has to be? the response doesn't have to be in any particular form ... ofcourse the X in AJAX refers to XML but it's not obligatory in the end your just spitting out a big long string and your clientside code can do with it whatever it wants. personally I prefer JSON formatted data, for which there are even a couple of functions available in newer versions of php (otherwise you can find code on the net easily enough to handle JSON data creation/parsing): http://php.net/json I prefer not to do a lot of processing in Javascript, what i usually do is send plain HTML and directly output it inside a Tijnema > > Regards, > > Tim > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Alternative/Addition to using a CAPTCHA
On 3/31/07, Tijnema ! <[EMAIL PROTECTED]> wrote: On 3/30/07, Jake McHenry <[EMAIL PROTECTED]> wrote: > > > > -Original Message- > > From: tedd [mailto:[EMAIL PROTECTED] > > Sent: Friday, March 30, 2007 3:06 PM > > To: Tijnema !; John Comerford > > Cc: php-general@lists.php.net > > Subject: Re: [PHP] Alternative/Addition to using a CAPTCHA > > > > At 3:37 PM +0200 3/30/07, Tijnema ! wrote: > > >On 3/30/07, John Comerford <[EMAIL PROTECTED]> wrote: > > >>I was reading the current tread on CAPTCHA and possible cracks and I > > >>thought maybe I'd throw this out to the group to see what you think. > > >>Recently I saw a forum where in order to post you first had > > to click on > > >>a div that was placed at a random location on the page, it read > > >>something like, "Click here if you are human". I was thinking that > > >>maybe you could put together a system that looks something > > like this: > > >> > > >>http://people.aapt.net.au/JComerford/ClickMe.htm > > >> > > >>I was thinking you could use it in a couple of ways: > > >> > > >>1) As a replacement to a CAPTCHA image > > >>2) When you click the image a CAPTCHA image is loaded into > > the 'Click > > >>Me' container > > >> > > >>The main problem is how to tell the server that the div has been > > >>clicked, in a way that can't be simulated. I am not an expect with > > >>either JS or PHP, but maybe some of the bigger brains out > > there could > > >>throw in their 2 cents.. > > >> > > >>JC > > > > > >This looks maybe hard to crack, but actually it isn't very hard. All > > >the clicking does is calling a javascript function. You still could > > >submit the page without clicking the box. > > > > > >Tijnema > > > > Tijnema & John: > > > > The above link I've already done a long time ago. But check out my > > dot CAPTCHA here: > > > > http://sperling.com/examples/p-captcha > > > > > Maybe I'm going blind.. But I don't see a circle on that page anywhere? > Everywhere I click it fails.. > Jake Hmm, just wanted to say that Jake, is it because i have my resolution @ 1600x1200? Tijnema Actually, it just doesn't work with IE6, it works with FireFox. :) Tijnema > > > > > This does not use javascript, but does use sessions. > > > > As you can see, the blue dot can be placed anywhere on the entrance > > page. Granted this presents problem for the visually impaired, so I'm > > not recommending it. But, it's just a proof of concept at this point. > > Plus, I have not checked this on all browsers. I suspect that some > > browsers may have problems with alpha channel images -- so your > > mileage may differ. > > > > In any event, I think this may be a bit more difficult to crack than > > something that replies upon javascript -- what do you think? > > > > Cheers, > > > > tedd > > > > -- > > --- > > http://sperling.com http://ancientstones.com http://earthstones.com > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > -- > > No virus found in this incoming message. > > Checked by AVG Free Edition. > > Version: 7.5.446 / Virus Database: 268.18.23/740 - Release > > Date: 3/30/2007 1:15 PM > > > > > > -- > No virus found in this outgoing message. > Checked by AVG Free Edition. > Version: 7.5.446 / Virus Database: 268.18.23/740 - Release Date: 3/30/2007 > 1:15 PM > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Alternative/Addition to using a CAPTCHA
On 3/30/07, Jake McHenry <[EMAIL PROTECTED]> wrote: > -Original Message- > From: tedd [mailto:[EMAIL PROTECTED] > Sent: Friday, March 30, 2007 3:06 PM > To: Tijnema !; John Comerford > Cc: php-general@lists.php.net > Subject: Re: [PHP] Alternative/Addition to using a CAPTCHA > > At 3:37 PM +0200 3/30/07, Tijnema ! wrote: > >On 3/30/07, John Comerford <[EMAIL PROTECTED]> wrote: > >>I was reading the current tread on CAPTCHA and possible cracks and I > >>thought maybe I'd throw this out to the group to see what you think. > >>Recently I saw a forum where in order to post you first had > to click on > >>a div that was placed at a random location on the page, it read > >>something like, "Click here if you are human". I was thinking that > >>maybe you could put together a system that looks something > like this: > >> > >>http://people.aapt.net.au/JComerford/ClickMe.htm > >> > >>I was thinking you could use it in a couple of ways: > >> > >>1) As a replacement to a CAPTCHA image > >>2) When you click the image a CAPTCHA image is loaded into > the 'Click > >>Me' container > >> > >>The main problem is how to tell the server that the div has been > >>clicked, in a way that can't be simulated. I am not an expect with > >>either JS or PHP, but maybe some of the bigger brains out > there could > >>throw in their 2 cents.. > >> > >>JC > > > >This looks maybe hard to crack, but actually it isn't very hard. All > >the clicking does is calling a javascript function. You still could > >submit the page without clicking the box. > > > >Tijnema > > Tijnema & John: > > The above link I've already done a long time ago. But check out my > dot CAPTCHA here: > > http://sperling.com/examples/p-captcha > Maybe I'm going blind.. But I don't see a circle on that page anywhere? Everywhere I click it fails.. Jake Hmm, just wanted to say that Jake, is it because i have my resolution @ 1600x1200? Tijnema > This does not use javascript, but does use sessions. > > As you can see, the blue dot can be placed anywhere on the entrance > page. Granted this presents problem for the visually impaired, so I'm > not recommending it. But, it's just a proof of concept at this point. > Plus, I have not checked this on all browsers. I suspect that some > browsers may have problems with alpha channel images -- so your > mileage may differ. > > In any event, I think this may be a bit more difficult to crack than > something that replies upon javascript -- what do you think? > > Cheers, > > tedd > > -- > --- > http://sperling.com http://ancientstones.com http://earthstones.com > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- > No virus found in this incoming message. > Checked by AVG Free Edition. > Version: 7.5.446 / Virus Database: 268.18.23/740 - Release > Date: 3/30/2007 1:15 PM > > -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.446 / Virus Database: 268.18.23/740 - Release Date: 3/30/2007 1:15 PM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Saving css state in javascript and passing to php via form submit
On 3/30/07, Tim <[EMAIL PROTECTED]> wrote: > -Message d'origine- > De : Tijnema ! [mailto:[EMAIL PROTECTED] > Envoyé : vendredi 30 mars 2007 17:06 > À : Tim > Cc : php-general@lists.php.net > Objet : Re: [PHP] Saving css state in javascript and passing > to php via form submit > > On 3/30/07, Tim <[EMAIL PROTECTED]> wrote: > > > > > > > -Message d'origine- > > > De : Tijnema ! [mailto:[EMAIL PROTECTED] Envoyé : > vendredi 30 mars > > > 2007 16:56 À : Tim Cc : php-general@lists.php.net Objet : > Re: [PHP] > > > Saving css state in javascript and passing to php via form submit > > > > > > On 3/30/07, Tim <[EMAIL PROTECTED]> wrote: > > > > Hello all, > > > > > > > > I have a little dilemna here: > > > > > > > > I am using php/css/mysql to generate a hierarchical table of > > > > categories and sub-categories and sub-sub.. Etc.. > > > > > > > > A screenshot can be found here: > > > > > > > > http://www.internet46.fr/mehim/screenshot.jpg > > > > > > > > Now i'm also using javascript to hide show blocks of divs > > > to hide/show > > > > sub categories.. Typical.. > > > > > > > > My issue is on page reload, i have a form on the same > page, when a > > > > category is clicked, the categorie info displays and you can > > > > update the info through this form (table and form on > same page). > > > > My issue comes when i post the data, the page comes back and my > > > category tree > > > > folds up which is normal because all divs are set to > > > "display:none;". > > > > > > > > I have managed to pass a post/get called lastclicked > that gets the > > > > nodepath of that element and combined with php to generate > > > javascript > > > > that will unfold the tree and highlight the last > clicked element... > > > > > > > > I would like to go one step further and save the entire > > > state of the > > > > tree, say several parent categories are unfolded and i click a > > > > subcategorie to display my form, i want that entire "state" un > > > > unfolded categories to be displayed not just the clicked > > > category, of > > > > course i can get this state and save it in a javascript > > > array, but my > > > > issue is when i post my form how do i pass that state data > > > generated > > > > by javascript back to the page, to be able to unfold the > > > tree in the state it was previously? > > > > > > > > What are the technologies IF there are any and what should > > > i look up > > > > to find docs that cover this type of datatransfer ie: > > > javascript->php. > > > > > > > > Regards, > > > > > > > > Tim > > > > > > I think you want to use sessions for this :) > > > > Ok, i can put the data in the session variable, but i can > only get the > > "current" state through javascript > > > > ie:onsubmit="getstate()"; which would get the id's of the > blocks that > > are set to display:block; > > > > But in getstate() how do i pass that to php to set that > session variable? > > You could use AJAX to get things from/to PHP, but why should > you? You can use session within javascript too i believe. Hmm javascript setting server-side session data?? Sounds weird, but i'll look into it.. server-side session data? i never heard of server-side sessions... AFAIK they are send in the HTTP headers from and to the server. Cookies are nearly the same as sessions, i found this article (with examples) that goes about parsing cookies from javascript. So you could also do it with cookies. http://www.javascriptkit.com/javatutors/cookie2.shtml > > > > > Tijnema > > > > > > ps. Maybe you could also use AJAX instead of submitting forms the > > > whole time. > > > > In the next version of my framework i would like to, i still havent > > quite understood the whole concept, not enough research > yet, but yes > > i'll be doing that next ;) (you know deadlines, can't sit > and read docs all day etc.. > > Although i'd rather!) > > > > ;) > > > > Regards, > > > > Tim > > Really, it's not that hard to use AJAX. You might want to > look at www.tizag.com, there it is really easy explained. > It's nothing more then making new request to scripts inside > javascript. Nice tutorial thanks for that, i'll look it up, maybe intergrate it right away, would really make my day if i could :)) Regards, Tim It's not too hard, but if you already did a lot of work on the form processing, you prefer not to write it all over again i think ;) Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Saving css state in javascript and passing to php via form submit
On 3/30/07, Tim <[EMAIL PROTECTED]> wrote: > -Message d'origine- > De : Tijnema ! [mailto:[EMAIL PROTECTED] > Envoyé : vendredi 30 mars 2007 16:56 > À : Tim > Cc : php-general@lists.php.net > Objet : Re: [PHP] Saving css state in javascript and passing > to php via form submit > > On 3/30/07, Tim <[EMAIL PROTECTED]> wrote: > > Hello all, > > > > I have a little dilemna here: > > > > I am using php/css/mysql to generate a hierarchical table of > > categories and sub-categories and sub-sub.. Etc.. > > > > A screenshot can be found here: > > > > http://www.internet46.fr/mehim/screenshot.jpg > > > > Now i'm also using javascript to hide show blocks of divs > to hide/show > > sub categories.. Typical.. > > > > My issue is on page reload, i have a form on the same page, when a > > category is clicked, the categorie info displays and you can update > > the info through this form (table and form on same page). My issue > > comes when i post the data, the page comes back and my > category tree > > folds up which is normal because all divs are set to > "display:none;". > > > > I have managed to pass a post/get called lastclicked that gets the > > nodepath of that element and combined with php to generate > javascript > > that will unfold the tree and highlight the last clicked element... > > > > I would like to go one step further and save the entire > state of the > > tree, say several parent categories are unfolded and i click a > > subcategorie to display my form, i want that entire "state" un > > unfolded categories to be displayed not just the clicked > category, of > > course i can get this state and save it in a javascript > array, but my > > issue is when i post my form how do i pass that state data > generated > > by javascript back to the page, to be able to unfold the > tree in the state it was previously? > > > > What are the technologies IF there are any and what should > i look up > > to find docs that cover this type of datatransfer ie: > javascript->php. > > > > Regards, > > > > Tim > > I think you want to use sessions for this :) Ok, i can put the data in the session variable, but i can only get the "current" state through javascript ie:onsubmit="getstate()"; which would get the id's of the blocks that are set to display:block; But in getstate() how do i pass that to php to set that session variable? You could use AJAX to get things from/to PHP, but why should you? You can use session within javascript too i believe. > Tijnema > > ps. Maybe you could also use AJAX instead of submitting forms > the whole time. In the next version of my framework i would like to, i still havent quite understood the whole concept, not enough research yet, but yes i'll be doing that next ;) (you know deadlines, can't sit and read docs all day etc.. Although i'd rather!) ;) Regards, Tim Really, it's not that hard to use AJAX. You might want to look at www.tizag.com, there it is really easy explained. It's nothing more then making new request to scripts inside javascript. Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Saving css state in javascript and passing to php via form submit
On 3/30/07, Tim <[EMAIL PROTECTED]> wrote: Hello all, I have a little dilemna here: I am using php/css/mysql to generate a hierarchical table of categories and sub-categories and sub-sub.. Etc.. A screenshot can be found here: http://www.internet46.fr/mehim/screenshot.jpg Now i'm also using javascript to hide show blocks of divs to hide/show sub categories.. Typical.. My issue is on page reload, i have a form on the same page, when a category is clicked, the categorie info displays and you can update the info through this form (table and form on same page). My issue comes when i post the data, the page comes back and my category tree folds up which is normal because all divs are set to "display:none;". I have managed to pass a post/get called lastclicked that gets the nodepath of that element and combined with php to generate javascript that will unfold the tree and highlight the last clicked element... I would like to go one step further and save the entire state of the tree, say several parent categories are unfolded and i click a subcategorie to display my form, i want that entire "state" un unfolded categories to be displayed not just the clicked category, of course i can get this state and save it in a javascript array, but my issue is when i post my form how do i pass that state data generated by javascript back to the page, to be able to unfold the tree in the state it was previously? What are the technologies IF there are any and what should i look up to find docs that cover this type of datatransfer ie: javascript->php. Regards, Tim I think you want to use sessions for this :) Tijnema ps. Maybe you could also use AJAX instead of submitting forms the whole time. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Show filenames using Wildcards -- The glob() Solution!
On 3/30/07, Rahul Sitaram Johari <[EMAIL PROTECTED]> wrote: Ave, You will probably find this code pretty inefficient, although it works flawlessly, but I ran into a problem with Internet Explorer 7, which instead of giving the "Save as" dialog box, tried opening the file within the Internet Explorer 7 window and displayed millions of bizarre characters on the screen. In order to bypass that, I used a force-download method. And I can tell you it's probably a crappy version of it. So I'm definitely interested in and anxious on getting improvement suggestions on the code. Here's the code (and please don't kill me): You are using this only :| Now go to: takekey_download.php?F=index.php That would output the source of the index.php file. This is really unsecure. even displaying the real URL to the user would be more secure :) I can't provide a real secure solution atm, but you should check for the directory set to vox atleast, or only get files from the vox dir. Tijnema ~~~ Rahul Sitaram Johari CEO, Twenty Four Seventy Nine Inc. W: http://www.rahulsjohari.com E: [EMAIL PROTECTED] ³I morti non sono piu soli ... The dead are no longer lonely² On 3/30/07 10:31 AM, "Jochem Maas" <[EMAIL PROTECTED]> wrote: > Rahul Sitaram Johari wrote: >> Ave, >> > > ... > >> VALUE='takekey_download.php?F=vox/".basename($value)."'>".basename($value)." > > show us the code for takekey_download.php, we may be able to save you > on a major security issue with regard to the way you use the F get parameter. > >> "; >> } >> ?> >> >> >> >> Thanks! >> >> ~~~ >> Rahul Sitaram Johari >> CEO, Twenty Four Seventy Nine Inc. >> >> W: http://www.rahulsjohari.com >> E: [EMAIL PROTECTED] >> >> ³I morti non sono piu soli ... The dead are no longer lonely² >> -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Show filenames using Wildcards -- The glob() Solution!
On 3/30/07, Rahul Sitaram Johari <[EMAIL PROTECTED]> wrote: Ave, This Works!!! ".basename($value)." "; } ?> Dug up glob() in the manual, followed examples and details works like a charm! Full code: function openVox(form) { var newIndex = form.voxSelect.selectedIndex; if (newIndex == 0) { //alert( "Please select a file to download!" ); } else { dlvox = form.voxSelect.options[newIndex].value; window.location.assign(dlvox); } } ... Choose Recording ... ".basename($value)." "; } ?> Thanks! I see you're using glob now, but I found this comment in your other thread: "Yes, and while I dig up on glob(), to be quite honest, the exec is working very effectively and fast for my searches & download application - so can't complain about it one bit." I didn't test both myself, but you might want to see the difference in performance. Tijnema ~~~ Rahul Sitaram Johari CEO, Twenty Four Seventy Nine Inc. W: http://www.rahulsjohari.com E: [EMAIL PROTECTED] ³I morti non sono piu soli ... The dead are no longer lonely² -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Environment variables in php.ini
On 3/30/07, Abdullah Ramazanoglu <[EMAIL PROTECTED]> wrote: Hello, I have a Linux shared hosting environment with PHP running over CGI. With CGI I can't use httpd.conf or .htaccess files for PHP related parameters, so all the parameters should be given in one central php.ini file, AFAIK. So how can I give parameters, in effect, like the ones below? error_log = $HOME/php_error.log session.referer_check = $DOMAIN_NAME open_basedir = "$HOME:/usr/lib/php:/usr/local/lib/php:/tmp" session.save_path = $HOME/sessions With PHP module SAPI I would have overridden them in httpd.conf VirtualHost directive with hard coded values. There, I don't have to use variables as every vhost has its own VirtualHost section. But I don't know how to do it (or if it is possible at all) in CGI mode. Actually I did find a raw solution: Put a custom php.ini in each virtual host's Doc_Root. But I don't really want to allow virtual hosts each having a custom php.ini in their home directories, as that solution has several serious drawbacks, like: - No server/security policies can be enforced, - An intruder can change the local php.ini and remove all the security measures, - Hundreds of php.ini files strewn around can easily lead to chaos, - etc. Is it possible at all to use environment variables in php.ini, or is there any other solution to the problem above? Thank you. -- Abdullah Ramazanoglu aramazan ÄT myrealbox D0T cöm It probably is possible, but you could just use a php.ini in each userdir, but give it only access to the user PHP is running on. Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Alternative/Addition to using a CAPTCHA
On 3/30/07, John Comerford <[EMAIL PROTECTED]> wrote: I was reading the current tread on CAPTCHA and possible cracks and I thought maybe I'd throw this out to the group to see what you think. Recently I saw a forum where in order to post you first had to click on a div that was placed at a random location on the page, it read something like, "Click here if you are human". I was thinking that maybe you could put together a system that looks something like this: http://people.aapt.net.au/JComerford/ClickMe.htm I was thinking you could use it in a couple of ways: 1) As a replacement to a CAPTCHA image 2) When you click the image a CAPTCHA image is loaded into the 'Click Me' container The main problem is how to tell the server that the div has been clicked, in a way that can't be simulated. I am not an expect with either JS or PHP, but maybe some of the bigger brains out there could throw in their 2 cents.. JC This looks maybe hard to crack, but actually it isn't very hard. All the clicking does is calling a javascript function. You still could submit the page without clicking the box. Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Link to download files on another part of system
On 3/30/07, Jochem Maas <[EMAIL PROTECTED]> wrote: Rahul Sitaram Johari wrote: > Ave, > > This is actually a continuation of my previous ³Show files using Wildcards² > thread, but a different problem. > > Code: > > exec("find /Users/rjohari/Documents/XFER/espi -type f -name > ".$row['PHONE']."*.vox", $files); > foreach ($files as $value) { > echo " href='/Users/rjohari/Documents/XFER/osm/ESPI/".basename($value)."'>".basenam > e($value).""; > } > ?> why are you using exec() to run 'find'??? what is wrong with glob()? He asked a way to do what he wanted in the thread "Show files using Wildcards", There somebody came up with the idea using find. Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Audio CAPTCHA review request
I would like to give a few comments on your script: 1) it looks like that http://www.sperling.com/examples/captcha/tmp/access.mp3, without a code, always returns the same value :) 284 2) About the timeout, you should set it at least less then 24 hrs, i should do about 6 hrs, that's enough for somebody to enter the code, but a hacker doesn't want to update his code every 6 hrs. 3) Then about the cracking of audio, if you keep the audio files the same, it shouldn't be too hard to crack once you can read the audio frames. Store each few audio frames for each number, and compare them once you want to crack it. A very simple way to avoid this is that you generate audio on different bit rates. and use VBR/CBR randomly. Speech recognition isn't working very well, and i don't think it would be able to get these numbers from the audio, but I have too less experience with speech recognition. 4) You couldn't only depend on this audio thing inside a script. I know this has been said before, but when you are using images here, it probably makes your script more insecure. But it's surely nice done :) Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Gnome and MIME types
On 3/29/07, Nathan Ziarek <[EMAIL PROTECTED]> wrote: /etc/php5/apache2/php.ini has the uncommented line "safe_mode = Off" Assuming there isn't another file that can override that setting, my safe mode is off. Thanks, Nate better check this using phpinfo: Tijnema On 3/29/07, Peter Lauri <[EMAIL PROTECTED]> wrote: > Is php safe mode on or off? > > Best regards, > Peter Lauri > > www.dwsasia.com - company web site > www.lauri.se - personal web site > www.carbonfree.org.uk - become Carbon Free > > > > -Original Message- > > From: Nathan Ziarek [mailto:[EMAIL PROTECTED] > > Sent: Thursday, March 29, 2007 9:30 PM > > To: php-general@lists.php.net > > Subject: [PHP] Gnome and MIME types > > > > I'm having a hard time getting solid MIME Types of various files. > > > > On my Ubuntu/Apache2/PHP5 system, I first attempted to install > > fileInfo. That didn't go so well (on Safari even running "$finfo = > > finfo_open(FILEINFO_MIME);" causes it to complain that it lost the > > network connection; Firefox prompts me to download the file_ and > > seeing as it is not really ready for release, I thought I should stay > > away from that. > > > > I then tried running "system("file -i -m /usr/share/docs/mim file")" > > which worked, but file doens't provide very good mime types -- all > > Microsoft Office Documents returned nothing, for example. > > > > I then stumbled upon gnomevfs-info that provided the information I > > wanted. I don't know what mime database it is using (couldn't find it) > > but it sure seemed more complete than anything else I had used. > > > > Problem is, I can't seem to run it from within a PHP script (system, > > exec, etc). I used the full path (/usr/bin/gnamevfs-info) so I don't > > believe that to be the problem, and the page has no errors (I am using > > error_reporting(E_ALL)). > > > > Any tips or suggestions? > > > > Thanks! > > > > Nate > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Link to download files on another part of system
On 3/29/07, Rahul Sitaram Johari <[EMAIL PROTECTED]> wrote: Ave, This is actually a continuation of my previous ³Show files using Wildcards² thread, but a different problem. Code: ".basenam e($value).""; } ?> The files I¹m linking to, in order to let the User download them, reside on a mounted share on my system. They are on in the Apache Web Server htdocs folder where my website resides. How do I make these files available to download if they are not in my webserver folder? Thanks! A very simple way is to link the Users/rjohari/Documents/XFER/osm/ESPI/ to some folder inside your www directory :) Didn't test it, but it should work though. Else you need to create some download script. (header, file_get_contents,echo) Tijnema ~~~ Rahul Sitaram Johari CEO, Twenty Four Seventy Nine Inc. W: http://www.rahulsjohari.com E: [EMAIL PROTECTED] ³I morti non sono piu soli ... The dead are no longer lonely² -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Audio CAPTCHA review request
On 3/29/07, Zoltán Németh <[EMAIL PROTECTED]> wrote: 2007. 03. 29, csütörtök keltezéssel 21.52-kor Tijnema ! ezt írta: > On 3/29/07, Zoltán Németh <[EMAIL PROTECTED]> wrote: > > works fine on XP/IE7 > > but still tells me to install some unknown plugin on ubuntu/firefox > > > > greets > > Zoltán Németh > > That unknown plugin would probably some audio player. yes I was sure it is some kind of audio plugin :) can you tell me exactly what to install? greets Zoltán Németh I have actually no idea, but this might help you: http://www.boutell.com/newfaq/browser/reinstallquicktime.html Tijnema > > Tijnema > > > > 2007. 03. 29, csütörtök keltezéssel 12.41-kor tedd ezt írta: > > > Hi gang: > > > > > > If you people would be so kind as to review this: > > > > > > http://sperling.com/examples/captcha/ > > > > > > and tell me what you think (ease of use, if it works, security, > > > etc.), I would appreciate it. > > > > > > The point is to be able to get to the "Congratulations" page by > > > hearing and entering the key. If you can get there some other way or > > > defeat the process, I sure would like to know about it. > > > > > > I've tested this with a couple of dozen blind users and they find no > > > problems with it. Now, I'll like to test it for the sighted. > > > > > > It's mixture of a several languages, but there is php in it, so I > > > guess it's on topic. > > > > > > Cheers, > > > > > > tedd > > > > > > -- > > > --- > > > http://sperling.com http://ancientstones.com http://earthstones.com > > > > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Show Filename using Wildcards
On 3/29/07, Rahul Sitaram Johari <[EMAIL PROTECTED]> wrote: Ave, This Works!! "; } ?> THANKS! I recommend using basename($value) instead of substr($value,35) If the directory changes, the basename would still return valid values, while substr wouldn't Tijnema ~~~ Rahul Sitaram Johari CEO, Twenty Four Seventy Nine Inc. W: http://www.rahulsjohari.com E: [EMAIL PROTECTED] ³I morti non sono piu soli ... The dead are no longer lonely² On 3/29/07 4:31 PM, "Peter Lauri" <[EMAIL PROTECTED]> wrote: > [Peter Lauri - DWS Asia] > > Hi, > > Assuming you are on a linux you could try: > > exec("find /the/path/to/the/place/where/you/should/start/searching -type f > -name 515515515*.ext", $files); > > Then the $files will be an array with the found files matching the search. > > Best regards, > Peter Lauri > > www.dwsasia.com - company web site > www.lauri.se - personal web site > www.carbonfree.org.uk - become Carbon Free > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Audio CAPTCHA review request
On 3/29/07, Zoltán Németh <[EMAIL PROTECTED]> wrote: works fine on XP/IE7 but still tells me to install some unknown plugin on ubuntu/firefox greets Zoltán Németh That unknown plugin would probably some audio player. Tijnema 2007. 03. 29, csütörtök keltezéssel 12.41-kor tedd ezt írta: > Hi gang: > > If you people would be so kind as to review this: > > http://sperling.com/examples/captcha/ > > and tell me what you think (ease of use, if it works, security, > etc.), I would appreciate it. > > The point is to be able to get to the "Congratulations" page by > hearing and entering the key. If you can get there some other way or > defeat the process, I sure would like to know about it. > > I've tested this with a couple of dozen blind users and they find no > problems with it. Now, I'll like to test it for the sighted. > > It's mixture of a several languages, but there is php in it, so I > guess it's on topic. > > Cheers, > > tedd > > -- > --- > http://sperling.com http://ancientstones.com http://earthstones.com > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Audio CAPTCHA review request
On 3/29/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: Not bad. Seems to work nicely. No "OMGWTF!" obvious slips like naming the MP3 with the digits the user needs to enter. Worked fine in Firefox 1.5 too. Sometimes when audio is embedded in a page, it tries to load Windows Media Player or something which doesn't always work well in Firefox without some tweaking. But your implementation worked fine without any weirdness. Now.. on to the criticism. Keeping in mind, you're welcome to use whatever you want to use and exercises like this are always good for the practice and experience if anything else. Also, some of this is my opinion which you're welcome to ignore. 1. My biggest fear when relying on an audio CAPTCHA system is if the users doesn't have sound. No speakers, or can't play stuff at the office or something like that. I keep my system muted at work unless I'm playing music because some websites have dumb little flash things that make sounds and I don't feel like explaining what I'm surfing to my coworkers constantly. And just out of a general courtesy to them not to create undue distractions in the office. 2. What you've created is a relatively simplistic audio captcha that HAS to be really succeptible to speech recognition. Spammers have gotten used to visual CAPTHCA so maybe they're not going to focus too much on detecting and breaking audio CAPTCHA, but that still comes down to "security through obscurity" which isn't a good practice. Here's some open source Linux-based speech recognition software that could be used to turn your audio into the proper digits: http://freespeech.sourceforge.net/ http://cmusphinx.sourceforge.net/html/cmusphinx.php Once they had the software set up. Then they just have to fake the "Speak Key" submit and grab the "tmp/access.mp3?##" out of phone.php (submitting proper cookie/session data) and that's it. In the couple minutes I took to search for some examples, I found some interesting links: PWNtcha - http://sam.zoy.org/pwntcha/ - CAPTCHA defeating project. Focused on image captcha, but they give examples of different systems and which ones are hard and which ones are easy to break. WARNING: One of the images used is NSFW, but it's kind of subtle. I didn't notice it at first. So make sure nobody's looking over your shoulder first lookover. It's more than 1/2way down the page and I think the rest of the data on the page is worth the risk. W3C's recommendations for alternatives to visual CAPTCHA/turing tests: http://www.w3.org/TR/turingtest/ And because you can't do anything on the internet without bumping into adult material. Don't worry, this is safe... no pics or bad words, just an article about using porn sites to break visual CAPTCHA. The spambots would take your visual CAPTCHA images and post it to their site which offers users free porn if they pass the CAPTCHA. And there's no lack of people wanting free porn so sounds like it was fairly effective: http://www.boingboing.net/2004/01/27/solving_and_creating.html It's definitely an interesting field. I think using the common sense techniques you (tedd) have used combined with a better CAPTCHA method, you could actually create something fairly user friendly and secure. My vote is still for asking a person to identify images. A bot is going to have a hard time identifying a pig that's photo'd from an odd angle and maybe colored blue instead of a standard pig-color. Oh wait.. someone's working on breaking that kind of CAPTCHA too. Again using regular humans. Apparently The ESP Game is based on the concept of breaking this kind of CAPTCHA. Post the images and have people fill in key words that help classify the image. So that blue pig might end up in a database labeled as "blue" and "pig" and "farm" or something anyway. http://www.espgame.org/ There's no winning. hah -TG You're maybe on the right path, adding images as the background makes it really hard to read the code from the image. You could for example use random images as background. But i have to say that breaking something isn't needed always, re-using a human passed protection is a way to break through a lot of things. For example, i would go to the page and save the number that the CAPTCHA passed to my session. Then i would write down the code that i need to enter. So, next time i need to pass, i set the session value to the one i got first time, and i enter same code. Works for most CAPTCHA programs :) Didn't test it out on your audio CAPTCHA yet, but you really should care about a timeout for the session variable used. We didn't see your script yet, so i don't know what extra security you added. But it's good to have these things in min
Re: [PHP] Audio CAPTCHA review request
It worked for you, Tij? My guess, then, since it's timing out, is it must be our corporate firewall blocking MP3s on my end. In which case, disregard my reponses with extreme prejudice. Yes it worked for me, it probably is a firewall, because it works for Jake too. On 3/29/07, Jake McHenry <[EMAIL PROTECTED]> wrote: Looks good to me... Had to use my laptop since none of my office sets have speakers, tested it, tried bunch of stuff and it only let me in when I typed in the code... So seems good :) Jake Yes, it's nice made, i see you didn't stored anything in sessions except PHPSESSID, which you probably use to verify the code entered. Atleast, that's what i think, i hope you didn't use IP ;) But, this is crackable. To crack this, the cracker should get the audio file from the server, and parse it. Since you use the same audio piece for each number, you should get the voice part of each number, and then parse the downloaded file and check which number it matches :) It won't be easy, and probably not everyone is able to crack this. But it is possible :) If you don't believe me, i am able to prove it, but that takes some time :) Tijnema > -Original Message- > From: tedd [mailto:[EMAIL PROTECTED] > Sent: Thursday, March 29, 2007 12:41 PM > To: php-general@lists.php.net > Subject: [PHP] Audio CAPTCHA review request > > Hi gang: > > If you people would be so kind as to review this: > > http://sperling.com/examples/captcha/ > > and tell me what you think (ease of use, if it works, security, > etc.), I would appreciate it. > > The point is to be able to get to the "Congratulations" page by > hearing and entering the key. If you can get there some other way or > defeat the process, I sure would like to know about it. > > I've tested this with a couple of dozen blind users and they find no > problems with it. Now, I'll like to test it for the sighted. > > It's mixture of a several languages, but there is php in it, so I > guess it's on topic. > > Cheers, > > tedd > > -- > --- > http://sperling.com http://ancientstones.com http://earthstones.com > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- > No virus found in this incoming message. > Checked by AVG Free Edition. > Version: 7.5.446 / Virus Database: 268.18.20/737 - Release > Date: 3/28/2007 4:23 PM > > -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.446 / Virus Database: 268.18.20/737 - Release Date: 3/28/2007 4:23 PM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] CURL questions
On 3/29/07, Angelo Zanetti <[EMAIL PROTECTED]> wrote: Hi all. I have a script on a server that does some processing, now I want to execute that script using cURL. This is a basic scenario and I assume its possible but its not working. The script is as follows: $url = "http://www/test.php";; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 0); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);// allow redirects curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); // return into a variable curl_setopt($ch, CURLOPT_TIMEOUT, 100); $data = curl_exec($ch); curl_close($ch); echo "DATA: " . $data; Now the $url I have taken out the path for obvious reasons. I get a 500 Internal server error, not sure why as this page being called just inserts a word into a database. Could the cause be something else network related? What else can I troubleshoot? or is my code incorrect? TIA Kind regards I don't think it makes any difference, but you are defining CURLOPT_RETURNTRANSFER twice, once with 0 and once with 1. Better remove one of these :) Tijnema -- Angelo Zanetti Systems developer *Telephone:* +27 (021) 469 1052 *Mobile:* +27 (0) 72 441 3355 *Fax:*+27 (0) 86 681 5885 * Web:* http://www.zlogic.co.za *E-Mail:* [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Audio CAPTCHA review request
On 3/29/07, tedd <[EMAIL PROTECTED]> wrote: Hi gang: If you people would be so kind as to review this: http://sperling.com/examples/captcha/ and tell me what you think (ease of use, if it works, security, etc.), I would appreciate it. The point is to be able to get to the "Congratulations" page by hearing and entering the key. If you can get there some other way or defeat the process, I sure would like to know about it. I've tested this with a couple of dozen blind users and they find no problems with it. Now, I'll like to test it for the sighted. It's mixture of a several languages, but there is php in it, so I guess it's on topic. Cheers, tedd Let me take a deep look at it, i'm not a real cracker, but i'm very good at logic things so i will see if i can find a simple hole to bypass this CAPTCHA :) Tijnema -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Form Handler Script Security Discussion
On 3/29/07, cajbecu <[EMAIL PROTECTED]> wrote: > > if($_POST && eregi(getenv("SERVER_NAME"),getenv("HTTP_REFERER"))) { >// This is a safe POST >} elseif(!eregi(getenv("SERVER_NAME"),getenv("HTTP_REFERER"))) { >die("Illegal access. Your IP has been logged.\n"); >} > ?> > it is not safe. i can use curl (www.php.net/curl) and modify the referer of my script to pass this security check. i advise you to add image code to the form and check that in your script. that will stop the attackers insert lot of data in your database. You need a really good code to make it really secure :) I've discussed the problems with using image code (CAPTCHA) in another post on this list. So then you would create a script of 100+ lines to do it :) And even then, some smart programmers are probably going to find a way to read your image code :) Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] What is wrong with this INSERT?
On 3/29/07, Rahul Sitaram Johari <[EMAIL PROTECTED]> wrote: BY THOR! That worked! "WHEN" Is a reserved word and that is what was causing the problem. Changed it to "THETIME" and query went through fine!! Can't thank you enough! This was driving me crazy! Look how many mistakes I made in just making this post in this mailing list! Honorable *bow* Thanks! You're welcome :) Sometimes this list isn't just that organized, and because mail servers aren't always returning email directly, some people are replying on old mails, while others are replying on new mails. (like i'm doing now, you send another email already :) ) Tijnema ~~~ Rahul Sitaram Johari CEO, Twenty Four Seventy Nine Inc. W: http://www.rahulsjohari.com E: [EMAIL PROTECTED] ³I morti non sono piu soli ... The dead are no longer lonely² On 3/29/07 10:30 AM, "Tijnema !" <[EMAIL PROTECTED]> wrote: > On 3/29/07, Rahul Sitaram Johari <[EMAIL PROTECTED]> wrote: >> >> My Apologies Everyone! I gave you all the wrong code Twice!! A pox on me - I >> tell you! >> >> This is the ACTUAL code that I'm working with - and it's not working: >> >>>//Add Record Function >>if($_POST['Submit']) { >>$db = mysql_connect("localhost","usr","pwd"); >>mysql_select_db("thedb",$db) or die("Critical Error :".mysql_error()); >>$WHEN = date(mdyHi); >>$WHAT = $_POST['WHAT']; >>$WHO = $_POST['WHO']; >>echo "$WHEN, $WHAT, $WHO"; >> >>$sql = "INSERT INTO tbl (WHEN, WHAT, WHO) VALUES >> ('$WHEN','$WHAT','$WHO')"; >>$result = mysql_query($sql) or die("Fatal Error :".mysql_error()); >>echo "~: message sent >> :~"; >>} >>?> >> >> Please disregard the previous code I sent. Thank you! > > If you checked the MySQL Manual you would see that WHEN is a reserved > word. I think that gives problem, so you could change the WHEN key > into another key, or use some quotes around it. I recommend the first > option :) > > Tijnema > > ps. List of reserved words for MySQL: > http://dev.mysql.com/doc/refman/5.0/en/reserved-words.html >> >> > >> >> -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] 0x9f54
On 3/29/07, Man-wai Chang <[EMAIL PROTECTED]> wrote: Anyone knew how to insert this value into a char(2) column? Ok, what are you trying to do? you post a message with a single line, and we need to help you? I don't even think this is PHP related. You are trying to insert it into a database? MySQL? MSSQL? PgSQL? Give us more information, and we might help you :) Tijnema -- .~. Might, Courage, Vision, SINCERITY. http://www.linux-sxs.org / v \ Simplicity is Beauty! May the Force and Farce be with you! /( _ )\ (Ubuntu 6.10) Linux 2.6.20.4 ^ ^ 22:19:01 up 5 days 9:31 0 users load average: 1.04 1.19 1.16 news://news.3home.net news://news.hkpcug.org news://news.newsgroup.com.hk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] What is wrong with this INSERT?
On 3/29/07, Rahul Sitaram Johari <[EMAIL PROTECTED]> wrote: Ave, For total clarity, I¹m starting this post again. I messed up big time with my posts. So here¹s my actual code: $WHEN, $WHAT, $WHO"; $sql = "INSERT INTO tbl (WHEN, WHAT, WHO) VALUES ('$WHEN','$WHAT','$WHO')"; $result = mysql_query($sql) or die("Fatal Error :".mysql_error()); echo "~: message sent :~"; } ?> Now, this part is working absolutely fine and printing out echo values: if($_POST['Submit']) { $db = mysql_connect("localhost","usr","pwd"); mysql_select_db("thedb",$db) or die("Critical Error :".mysql_error()); $WHEN = date(mdyHi); $WHAT = $_POST['WHAT']; $WHO = $_POST['WHO']; echo "$WHEN, $WHAT, $WHO"; But this part is not working and not giving any errors: $sql = "INSERT INTO tbl (WHEN, WHAT, WHO) VALUES ('$WHEN','$WHAT','$WHO')"; $result = mysql_query($sql) or die("Fatal Error :".mysql_error()); echo "~: message sent :~"; } Thanks! Well, let me post my reply another time :) If you checked the MySQL Manual you would see that WHEN is a reserved word. I think that gives problem, so you could change the WHEN key into another key, or use some quotes around it. I recommend the first option :) Tijnema ps. List of reserved words for MySQL: http://dev.mysql.com/doc/refman/5.0/en/reserved-words.html ~~~ Rahul Sitaram Johari CEO, Twenty Four Seventy Nine Inc. W: http://www.rahulsjohari.com E: [EMAIL PROTECTED] ³I morti non sono piu soli ... The dead are no longer lonely² -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] What is wrong with this INSERT?
On 3/29/07, Rahul Sitaram Johari <[EMAIL PROTECTED]> wrote: My Apologies Everyone! I gave you all the wrong code Twice!! A pox on me - I tell you! This is the ACTUAL code that I'm working with - and it's not working: $WHEN, $WHAT, $WHO"; $sql = "INSERT INTO tbl (WHEN, WHAT, WHO) VALUES ('$WHEN','$WHAT','$WHO')"; $result = mysql_query($sql) or die("Fatal Error :".mysql_error()); echo "~: message sent :~"; } ?> Please disregard the previous code I sent. Thank you! If you checked the MySQL Manual you would see that WHEN is a reserved word. I think that gives problem, so you could change the WHEN key into another key, or use some quotes around it. I recommend the first option :) Tijnema ps. List of reserved words for MySQL: http://dev.mysql.com/doc/refman/5.0/en/reserved-words.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Upgrade: 5 or 6
On 3/28/07, Travis Doherty <[EMAIL PROTECTED]> wrote: Tijnema ! wrote: > On 3/28/07, Davi <[EMAIL PROTECTED]> wrote: > >> >> Hi all. >> >> I've reading on some sites [1,2] that PHP 6 is comming soon... >> >> What should I do? >> Migrate my server and apps to PHP 5 now and, later to PHP 6, or wait >> some more >> time and migrate all to PHP 6? >> >> TIA > > > I think you should migrate to PHP5 now, as i think it will take some > time before a real PHP6 release is coming. I don't know where you > useit for. Is it development or productional? For development you > could work with a CVS Snapshot, but that's not recommended for > productional. > But of course if you don't have any problems with the PHP you are > currently using (I guess PHP 4.x), then it's not really needed to > upgrade. I agree and disagree - I agree with "you should migrate to PHP5 *NOW*" (my emphasis added) and I disagree with "then it's not really needed to upgrade." (unless you don't care about security.) Ilia Alshanetsky gave a great talk on this topic recently, http://ilia.ws/talks/ scroll to the bottom to "(PDF) Migrating to PHP 5.2.1". Travis Doherty I said if you don't have any problems, so also no problems with security :) Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Firefox Extension (Firefox 2.x.x.x)
On 3/28/07, Daniel Brown <[EMAIL PROTECTED]> wrote: If you're like me, you spend your fair share of time going to the PHP website to check specs, changes, or even to refresh your brain with PHP's functions. So today I threw together a simple plugin for Firefox 2 that will let you type in the name of the function and be brought right to the function page. Or, if you mistype it, it will provide suggestions. How does it work so awesome? Because it uses the PHP search engine and Mozilla's OSD. All I did was whip it together as a plugin. Download and installation instructions: http://isawit.com/php_search.php Hope it saves everyone a microsecond or two. We now return you to your regularly-scheduled, SPAM-filled inbox. Hmm, i just keep using my regular way, going to www.php.net/ misspelled items are corrected, suggestions are provided :) Tijnema -- Daniel P. Brown [office] (570-) 587-7080 Ext. 272 [mobile] (570-) 766-8107 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Upgrade: 5 or 6
On 3/28/07, Davi <[EMAIL PROTECTED]> wrote: Hi all. I've reading on some sites [1,2] that PHP 6 is comming soon... What should I do? Migrate my server and apps to PHP 5 now and, later to PHP 6, or wait some more time and migrate all to PHP 6? TIA I think you should migrate to PHP5 now, as i think it will take some time before a real PHP6 release is coming. I don't know where you useit for. Is it development or productional? For development you could work with a CVS Snapshot, but that's not recommended for productional. But of course if you don't have any problems with the PHP you are currently using (I guess PHP 4.x), then it's not really needed to upgrade. Tijnema -- Davi Vidal [EMAIL PROTECTED] [EMAIL PROTECTED] -- Agora com fortune: "The main thing is the play itself. I swear that greed for money has nothing to do with it, although heaven knows I am sorely in need of money. - Feodor Dostoyevsky" -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] logging erros and user access to logs
On 3/28/07, Juergen Wind <[EMAIL PROTECTED]> wrote: Jason Joines-3 wrote: > > Richard Lynch wrote: >> On Thu, March 15, 2007 8:25 am, Jason Joines wrote: >>> Richard Lynch wrote: >>>> Get the errors OFF the web page (display_errors OFF) and into the >>> >> error_reporting(E_PARSE); >>> ini_set('display_errors','On'); >>> ini_set('display_startup_errors','On'); >>> include('mypage.php'); >>> ?> >>> Then when debugging was done, just delete the debug script. >>> >>> I moved it to a test server and could get it to work but only if >>> display_errors was set to on in the global php.ini file. I can't do >>> that on the production server. The manual says display_errors can be >>> overridden in a script. I used ini_get() to see if the value was >>> actually being changed, it was. However, it still doesn't print the >>> errors unless the global ini is set. >>> >>> Any ideas as to why it's not working? >> >> Put into the mypage.php and see if its "Master" and >> "Local" values are different for display_errors. >> >> If they are, then it worked, and you SHOULD see the errors. >> > > > > Well they weren't different so I guess it didn't work. Seems odd to > me that get_ini would show it has having been changed but phpinfo doesn't. > > > Jason > === > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > > phpinfo() only reflects values set in php.ini (globally), http.conf (f.e. per vhost) or .htaccess (per folder and below) and only if phpinfo is called from inside that folder/vhost. ini_set is only in the scope of your script. so you can't test the effects of your ini_set values using phpinfo() at all. you have to test the behaviour of the script or put a corresponding echo ini_get('...') after your ini_set. You can simply put the phpinfo() at the end of your script. It will show the ini_set items. If you don't believe me, try this script: Under local value it will show you Off, and on master value it will show On (Atleast that's how i configured it :) ) Tijnema -- View this message in context: http://www.nabble.com/logging-erros-and-user-access-to-logs-tf3403238.html#a9718409 Sent from the PHP - General mailing list archive at Nabble.com. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Problem with XSLT importStyleSheet
On 3/28/07, Timothy Murphy <[EMAIL PROTECTED]> wrote: I've been trying to use PHP/XSLT on my desktop, running Fedora-6 Linux (with all current updates). The function importStyleSheet() seems to cause a Segmentation Violation, as eg in the following script from http://ie2.php.net/manual/en/function.xsl-xsltprocessor-construct.php // Example 2520. Creating an XSLTProcessor load($xsl_filename); $xsl->importStyleSheet($doc); $doc->load($xml_filename); echo $xsl->transformToXML($doc); ?> [EMAIL PROTECTED] Test]# php ex2520.php // Example 2520. Creating an XSLTProcessor Segmentation fault Or this script from http://www.phpbuilder.com/manual/en/function.xsl-xsltprocessor-transform-to-xml.php loadXML('collection.xml'); $xsl->loadXML('collection.xsl'); $xsl->documentURI = 'collection.xsl'; $xslProc = new XSLTProcessor(); $xslProc->importStyleSheet($xsl); ?> [EMAIL PROTECTED] Test]# php test29.php Segmentation fault I'd be very grateful if someone could check if these scripts work for you, so I can see if it is a problem with Fedora PHP, or with PHP itself, (or if I am doing something silly, which is quite probable). I have no problem with testing, i'm running home-made linux system with PHP5 & PHP6 (Apache). Also running PHP5 under windows (Apache). Just need an example XSL/XML file to test:) Could you send one? (Off-list maybe because attachments are giving trouble sometimes on this list) Tijnema -- Timothy Murphy e-mail (<80k only): tim /at/ birdsnest.maths.tcd.ie tel: +353-86-2336090, +353-1-2842366 s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Timezone offset
On 3/28/07, Seak, Teng-Fong <[EMAIL PROTECTED]> wrote: Satyam wrote: > - Original Message - From: "Chris Boget" <[EMAIL PROTECTED]> >> My server's timezone is set to "(GMT) Greenwish Mean Time : Dublin, >> Edinburgh, Lisbon, London". > > There you have why, you set it to GreenwiSh, which is kind of > Greenwich but not quite. > > I think that being on the western end of Europe, those countries > decided to adopt a more pan-European time zone, even if that does not > match precisely their astronomical hour. That makes cross border > businesses easier by having common working hours. UK's timezone is GMT (+) while most other western European countries like Spain, France, Germany, etc are in GMT +1000. > It might also have to do with whether it is Savings Time or not. This year, we all changed to DST last Sunday morning. You're right... I said saturday, but it was acutally sunday:) Saturday after midnight :) I live in the netherlands, and in winter time my time zone is CET (UTC/GMT + 1), now in summer time, my time zone is CEST (UTC/GMT + 2) I think that makes all difference in the problem. Tijnema -- * Zoner PhotoStudio 8 - Your Photos perfect, shared, organised! www.zoner.com/zps You can download your free version. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Displaying files from database
On 3/28/07, Philip Thompson <[EMAIL PROTECTED]> wrote: Hi. I'm storing an uploaded file into a MySQL database. I want the file to then be downloaded and viewed. Uploading looks like: if (is_uploaded_file($file) && $filename) { $handle = fopen ($file, 'r'); $resume["data"] = base64_encode (fread ($handle, filesize ($file))); fclose($handle); $resume["type"] = $_FILES['resume']['type']; $resume["size"] = $_FILES['resume']['size']; } It loads into the database fine. If it's a word document, it merely spits out plain text. If it's a PDF, it says it can't open it. Downloading looks like: $app = applications ($_GET["id"]); header ("Status: 200 OK"); header ("Cache-Control: must-revalidate, post-check=0, pre-check=0"); header ("Content-Length: ".$app["size"][0]); header ("Content-Type: ".$app["type"][0]); header ("Content-Disposition: attachment; filename=Resume-".$app ["full"][0]); echo $app["resume"][0]; exit; What am I doing wrong?!! =D Thanks in advance. ~Philip You base64_encode your file when reading, you should also base64_decode i think. so: echo base64_decode($app["resume"][0]); And you get $app from $_GET, and later use it as an array. I hope you did some database actions between :) Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Timezone offset
On 3/28/07, Chris Boget <[EMAIL PROTECTED]> wrote: > On 3/28/07, Chris Boget <[EMAIL PROTECTED]> wrote: >> My server's timezone is set to "(GMT) Greenwish Mean Time : Dublin, >> Edinburgh, Lisbon, London". But when I echo out date( 'O' ), it's >> returning >> the offset as +0100 and not +. Why? I would think that it should >> return +. Am I wrong? > What about DST? Hmm, I didn't think the UK observed DST already. When did that happen? thnx, Chris DST is +1 since last saturday :) Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Timezone offset
On 3/28/07, Chris Boget <[EMAIL PROTECTED]> wrote: My server's timezone is set to "(GMT) Greenwish Mean Time : Dublin, Edinburgh, Lisbon, London". But when I echo out date( 'O' ), it's returning the offset as +0100 and not +. Why? I would think that it should return +. Am I wrong? thnx, Chris What about DST? Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Language detection with PHP
On 3/28/07, Robin Vickery <[EMAIL PROTECTED]> wrote: On 28/03/07, Satyam <[EMAIL PROTECTED]> wrote: > > if you find accented letters, it is a sure sign that it is not English That's a rather naïve approach. Written accents in English may be rather passé, but they do exist. -robin What about names? if somebody writes Zoltán Németh, then you have your accents, but it still might be english :) Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Language detection with PHP
On 3/27/07, Zoltán Németh <[EMAIL PROTECTED]> wrote: 2007. 03. 27, kedd keltezéssel 15.06-kor William Lovaton ezt írta: > Hi there, > > I am trying to implement language detection with PHP for a web site I am > trying to build. The idea is to take a piece of text and try to guess > the language it is written in. > > I have two options but I'd like to know if you guys have a better idea. > > 1) I implemented a detector using spell checking, so if I run the text > through many spell checkers the one with less errors is probably the > right language for that text. It works quite well and I am pleased with > it. The only thing I don't like is that loading many spell checkers is > a bit of a waste, it may require a lot of CPU and a lot of memory > depending on the dictionary and the number of dictionaries you load. > Besides, it adds one extra module dependency (pspell). > > 2) The other option is implemented in PEAR and it's called > Text_LanguageDetect: > [] http://pear.php.net/package/Text_LanguageDetect > > It seems to use a very different technique called N-Gram-Based Text > Categorization, I haven't tested it yet but I will very soon and see how > good it works, it says it's in alpha state but I guess it doesn't > requiere pspell, doesn't consume a lot of memory and it should be fast. > The only thing I am worried about is how accurate is it... I'll check > soon and post my comments later. > > 3) > > I'd really like to hear what different alternatives all of you have for > this problem. > I've definitely no experience with this problem, just guessing ;) what if you build some arrays of language specific stuff and check for that. I mean you could store stuff like "if it contains 's, 've, 'm many times it's probably english"... I don't really know how to store those rules, and I'm not sure they are good enough (or are there good enough rules) to tell several languages apart... greets Zoltán Németh In formal english, it's not allowed to use 've 'm etc, I'm should be written as I am. So that's not gonna work i think. But words like and are really english i think :) Keep in mind that this is quite a hard way i think, but i don't have a better solution. Just for example, Dutch and Afrikaans are not very different, so it's really hard to see which of the 2 the text is written in. Tijnema ps. If you can't get the difference between Dutch and Afrikaans, guess for Dutch :) It's a lot more used then Afrikaans. > Thanks a lot, > > > -William > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] POST + QUERY
On 3/27/07, Davi <[EMAIL PROTECTED]> wrote: Em Terça 27 Março 2007 17:02, Dave Goodchild escreveu: > use: $_POST['max_id'] == > > or even better: > > if (empty($_POST['max_id'])) Why not: if (!(isset($_POST["max_id"))) ? If form is left empty, it is set, but it's stil empty. So if you submit a form the normal way, then it should pass this, even if you leave it empty :) Tijnema -- Davi Vidal [EMAIL PROTECTED] [EMAIL PROTECTED] -- Agora com fortune: "Around computers it is difficult to find the correct unit of time to measure progress. Some cathedrals took a century to complete. Can you imagine the grandeur and scope of a program that would take as long? -- Epigrams in Programming, ACM SIGPLAN Sept. 1982" -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] POST + QUERY
On 3/27/07, Dan Shirah <[EMAIL PROTECTED]> wrote: Okay, I thought this was VERY simple, but I cannot wrap my mind around what I am doing wrong. echo $_POST['max_id']; *The echo returns the correct result *if($_POST['max_id'] ='') { *This is suppose to run the below query if $_POST['max_id'] is not blank* $max_id = $_POST['max_id']; *Sets my POST value to a variable* $info = "SELECT * FROM payment_request WHERE id = '$max_id'"; *Selects record from my database by the matching ID's* $result_info = mssql_query($info) or die(mssql_error()); *Puts the query results into a variable* $row_info = ifx_fetch_row($result_info); *Makes a row in an array for all the returned fields from my query* $my_info = $row_info['my_value']; *However, this box returns no data.* I should be using if($_POST['max_id'] ='') { and notif($_POST['max_id'] !=='') { correct? Since it is a comparative function just the = should be correct You're wrong, = means you want to give the variable on the left the value on the right. This if you're using now will always return true (atleast if you don't have very buggy server). And your $_POST['max_id'] will; have the value '' Use != :) Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] preview string with strlen PHP (help)
> > > > > If a US company wants to use > > [EMAIL PROTECTED], then as we all > > know, management is always right -- so let's all > > change to that. Except for the companies that do > > it the other way -- ah, there I go being confused > > again. There's just no getting around it. Why > > can't we all just agree? > > > > Fortunately, I have other things to worry about. :-) > > > > Cheers, > > > > tedd > > What's against using a codename? My real name isn't tijnema, i use it > as a codename. It's only a forename. So it's just nearly impossible to > call me wrong :) > > tijnema actually I have one... I use the code name "Syntax Error" ;) I also write a blog in Hungarian at http://www.syntaxerror.hu/ and thus I have an e-mail address [EMAIL PROTECTED] but I thought it would be funny to talk about real syntax errors with a code name Syntax Error :D that's why I use my real name e-mail address here, which is the e-mail address I use also for work, business, everything... greets Zoltán Németh Well... Hi Syntax, Sounds little bit strange I also think we need to stop this thread now, because this is totally NOT related to PHP ;) It's way offtopic :P Best regards, Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] preview string with strlen PHP (help)
>> >> As us USA types are told, we all have to adapt to global conventions. >> :-) > >... which presumably explains why the (US-owned) >company my wife works for has email addresses in >the form [EMAIL PROTECTED] >Would you be equally confused by these? I'm easily confused anyway. If people want to call me sperling instead of tedd (it's better than other things I've been called) it doesn't make any difference to me and I wasn't the one complaining anyway. If a US company wants to use [EMAIL PROTECTED], then as we all know, management is always right -- so let's all change to that. Except for the companies that do it the other way -- ah, there I go being confused again. There's just no getting around it. Why can't we all just agree? Fortunately, I have other things to worry about. :-) Cheers, tedd What's against using a codename? My real name isn't tijnema, i use it as a codename. It's only a forename. So it's just nearly impossible to call me wrong :) tijnema -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Anyone TrackPro 2 or Something Similar?
On 3/27/07, Rahul Sitaram Johari <[EMAIL PROTECTED]> wrote: Ave, I was looking to incorporate a PHP based web traffic analysis script for one of my website. Nothing too fancy or exceptional, but something like TrackPro from Curve2.com ... I use their scripts before and I liked them. Unfortunately they have a ³temporarily closed² on their website for download trackpro. I was wondering if someone has a the trackpro script from before they closed it down. If not ... Anything similar would do. Thanks. With the use of google, i found this: http://freescripts.filehungry.com/product/php/web_traffic_analysis/andy_s_site_stats It does exactly the same as TrackPro as far as i'm aware. Tijnema ~~~ Rahul Sitaram Johari CEO, Twenty Four Seventy Nine Inc. W: http://www.rahulsjohari.com E: [EMAIL PROTECTED] ³I morti non sono piu soli ... The dead are no longer lonely² -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] short open tags not working even if enabled - lighttpd + fastcgi
On 3/27/07, Matt Arnilo S. Baluyos (Mailing Lists) <[EMAIL PROTECTED]> wrote: Hello everyone, I have a working lighttpd + fastcgi + PHP + eaccelerator installation. I have also enabled short tags on the /usr/local/lib/php.ini but I'm having problems with PHP not escaping the short tags. To better illustrate, my phpinfo() file can be accessed at http://202.171.164.70/phpinfo.php - if you notice short_open_tag is set to "On". But when you access a PHP page at http://202.171.164.70/admin/login.php and try to view the source, the short open tag is not escaped. Any reason why this isn't working as expected? Regards, Matt You also use XML in your page, and thereby i would NOT recommend using short tags. as xml tags also start with -- Stand before it and there is no beginning. Follow it and there is no end. Stay with the ancient Tao, Move with the present. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Performance: While or For loop
On 3/27/07, Travis Doherty <[EMAIL PROTECTED]> wrote: Jake Gardner wrote: > He said if you run the /script/ itself 1000 times, not a loop with 1000 > iterations. This is quite possible; I am fairly certain there are > websites > out there that get accessed well over 1000 times a minute, yes? > > So every minute, that website is saving a total of 2.6 seconds to do... > whatever it is websites do in their free time. > > In reality, scripts rarely get executed once and then are deleted; > they are > used repetitively, and the more a script is used, the more significant > the > gain. Claiming to look practically on a small gain /within one > execution of > a script/ is impractical in itself. I still wouldn't go around telling people to re-write all of their code to use for loops instead of while loops (or whatever was faster for whatever architecture.) While loops came out faster :) Keep in mind that .000xx seconds in performance improvement certainly does make a difference on a site that is accessed millions of times a day, however, one bug caused by writing code that reads poorly instead of writing clean code can cost a *lot* more in the end. - Use what reads easier when deciding if a for/while loop is best. - Profile your code and find the right places to optimize. Optimizing code that takes .0001 seconds to run down to .1 seconds is great, 10x improvement! Who cares. Find the chunk that takes 0.5 seconds to run and optimize that to 0.05 seconds. 10x improvement still, except that this time it actually makes a practical difference. Travis Doherty I'm not telling people to rewrite the code, but if you need to choose, and both are good for the job, choose while :) Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] gethostbyname () uses old DNS server
On 3/26/07, Richard Lynch <[EMAIL PROTECTED]> wrote: On Mon, March 26, 2007 4:21 am, Kent Tong wrote: > We have moved our DNS server from one IP to another. But on a Linux > server, the PHP programs keep using the old DNS server IP. For > example, for a simple php file: > > > > When it is run, it tries to lookup smtp.cpttm using the old DNS > server (I know it using tcpdump). The new DNS server is specified in > /etc/resolv.conf. If I issue "ping smtp.cpttm" in a command prompt, > then tcpdump shows that it is accessing the new DNS server. > > Any idea? Thanks. Check /etc/hosts Try doing the same thing from the command line. And did you re-start apache so PHP could "forget" any DNS entries in any cache it might have? There may be something akin to clearstatcache for DNS in PHP as well. This problem is also solved already Richard... Tijnema -- Some people have a "gift" link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Rewriting urls
On 3/26/07, Richard Lynch <[EMAIL PROTECTED]> wrote: On Mon, March 26, 2007 12:14 pm, [EMAIL PROTECTED] wrote: > I am having some problems getting my mod_rewrite to work on my > development > server. On my > production server (linux) this works fine. But on my development > server it > woun't work. > > I have a file basicpage.php that is located in the webroot. I then > have > a .htaccess file > with the following content: > > > #DirectoryIndex index.php index.html > #Options +FollowSymLinks > #RewriteBase /relative/web/path/ > > > RewriteEngine On > RewriteRule ^article/([0-9]+)/[-a-zA-Z]+$ /basicpage.php?id=$1 > > > > The rewrite works as expected on the production server, but on the > development > server it > don't want to work. I also tried it on a windows machine but it don't > want to > work there > either. > > Any suggestions/insights? Two Suggestions: Check AllowOverride in httpd.conf Ask on an Apache list, since there is zero PHP here. OMG, this problem is already solved, and you're telling him he has to go to the apache list :P Tijnema -- Some people have a "gift" link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] converting video formats
On 3/26/07, Bruce Gilbert <[EMAIL PROTECTED]> wrote: Can someoune point me in the right direction as to how (if possible) to convert a video format uploaded to a server to a flash format (.flv) no matter what the orginal format is? thanks -- ::Bruce:: We had a discussion about having video support in PHP lately on the PHP internals, but this is yet not directly implemented in PHP. You should use an external program, and then execute it witth the exec() function for example. I can't give you the name of a program, because you don't even tell if you're using windows/linux. But i think you can find one yourself :) Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php