Re: [PHP] security/deployment issue
Rsync should work fine, but personally I like to see exactly which changes are being deployed especially when deploying to production. While I realise this recommendation is not Open Source software, I have found it to be an excellent piece of software for this task. I use Beyond Compare which has the ability to connect over SFTP or SCP as well as regular FTP. It allows you to 'diff' the files as you go and view exact changes and you can transfer only the changes you want or whole files if you choose to. I would not be surprised if an Open Source equivalent exists. What about SVN? you can do a svn export. Or you can have a working copy for production too. Just dont forget to deny access to .svn in your webserver. Here are directives for Apache: Directory ~ ^(.*/)?\.svn/? Order allow,deny Deny from all /Directory I do exactly this, its handy to be able to check out the latest version of a website, make some changes and commit it again, while having acsess to the complete revision history, from absolutely anywhere. SVN works over HTTPS, so can go straight through most firewalls without anyone noticing and it also does data transmissions (like RSync) which can be a LOT faster than re uploading the whole file with SFTP etc. There are some security issues in a shared hosting environment though, if you use a commit hook to update the web root on commit using a file:/// URL anyone on the server could check out / commit files from the repository. As of right now the only work around that I can think of for this would be to run two apches at the same time, one for SVN, and one for the main HTTP server which is chrooted to block access to the SVN repos and have the non chrooted server revere proxy connections to the chrooted one. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] security/deployment issue
Humm.. thanks for the replies. But i have another problem about rsync again. When i deploy a project using the rsync the permissions of all home directory is changed. i tried to use the parameter -p -o -g (preserve permissions, owner and group): I dont know but the rsync doesnt preserve the permissions and group/owner. Then always after a deploy i need to execute the cmd chmod 755 user:group /home/project . Have someone this problem? Thanks Augusto Morais That would sugest that you are running PHP as the same user as Apache, instead running it as the user which owns the files (the same user you are using with rsync) would solve this problem. This can be done by running php as a fastcgi application with suexec or using mpm-itk. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Wrighting to $_POST array
I have some code which will loop over the whole $_POST array, runs it through mysql_real_escape_string and then writes it all back to the array again, which seams to work. Are there any incompatibility problems or such like with writing into the $_POST or $_GET array? function clean_post() { $npost = array(); while ($value = current($_POST)) { $key = key($_POST); $npost += array($key = mysql_real_escape_string($value)); next($_POST); } $_POST = $npost; } -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Embedding foreach loops
Do *NOT* get into the habit of outputting your HTML using echo or print statements, it becomes unmaintainable very quickly, use a templating language, ether with a framework(recomended) or standalone. You should learn the basics of HTML and CSS, go and read http://htmldog.com/, btw to add a newline you need to use br /. I am using the print function to display my html. I cannot get the line return ( \n ) character to actually push the html onto the next line, it just gets displayed instead. Should I be using echo? Allen, you off and running again? echo blah.. \n; //-- this will print the literal 'blah.. ' and then a newline into your HTML *source code* echo 'blah.. \n'; //-- this will print the literal 'blah.. \n' into your HTML *source code* IIRC print is the same as echo. That is not your apparent issue. Say if you are stuck again, and on what exactly. -John -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Embedding foreach loops
On Aug 11, 2009, at 12:13 AM, hessi...@hessiess.com wrote: Do *NOT* get into the habit of outputting your HTML using echo or print statements, it becomes unmaintainable very quickly, use a templating language, ether with a framework(recomended) or standalone. This sounds interesting. Could you expound on this a little more and perhaps list a couple of the templates you mention? Thanks, Frank There are a number of options for templating in PHP such as smarty, Dwoo and PHP itself, though the syntax can be rather messy. Personally I just use a simple find and replace macro system to expand custom short-hand code into the more verbose PHP, then run it through exec and capture the result to a variable with output buffering, the class folows: ?php class view { var $str; /*++ * Load in template file and expand macros into PHP ++*/ function __CONSTRUCT($tplname) { $fh = fopen($tplname, 'r'); $this-str = fread($fh, filesize($tplname)); fclose($fh); $this-expand_macros(); } /*++ * Run the template and return a variable ++*/ public function parse_to_variable($array = array()) { extract($array); ob_start(); eval($this-str); $result = ob_get_contents(); ob_end_clean(); return $result; } /*++ * Expand macros into PHP ++*/ private function expand_macros() { // Expand if macro $this-str = str_replace(if, ?php if, $this-str); $this-str = str_replace(eif~, ?php endif;?, $this-str); // Expand loop macro $this-str = str_replace(loop, ?php foreach, $this-str); $this-str = str_replace(eloop~, ?php endforeach;?, $this-str); // Expand display macro $this-str = str_replace(dsp, ?php echo, $this-str); // Expand end tag macro $this-str = str_replace(~, ?, $this-str); // Add PHP close tag to exit PHP mode $this-str = ? . $this-str; } } This loads template files like the folowing: form enctype=multipart/form-data action=dsp $upload_url ~ method=post pinput type=hidden name=MAX_FILE_SIZE value=900 //p pUpload new file, max size dsp $max ~:/p p input name=uploaded_file type=file / input type=submit value=Send File / /p /form table tr th width=180pxFilename/th th width=60pxLink/th th width=90pxSize (KB)/th th width=50pxDelete/th tr loop ($files as $file): ~ tr tddsp $file['Name'] ~/td tda href=dsp $file['Path'] ~Link/a/td tddsp $file['Size'] / 1000 ~/td tda href=dsp $file['d_url'] ~X/a/td tr eloop~ /table --- And it can be used like this $dialogue = new view(template/file_display.tpl); $dialogue = $dialogue - parse_to_variable(array( 'upload_url' = $upload_url, 'max' = $max_size, 'files' = $files)); the $dialogue var now contains the compiled template, ready for displaying or integrating into another template. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Converting MP3 to FLV On-The-Fly
Hi Lista I'm trying to figure how I can turn MP3 files into FLV files on the fly using PHP. I'm having a server and I can install 3rd party software in order to accomplish this conversion. I have never dealt before with music file comression or anything similar so I don't know what I should look after or where I should look. Any idea would be very appreciated! Thanks! Nitsan You may want to use some sort of caching, converting media formats is very computationally demanding. You could use FFMPEG to do the conversion. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] how to manage permissions for file uploader
But, if I move the directory a level up, not accessable from outside - how can read the image since it's not accessable fro outside? I can't inlcude() the image? You need to do something simmaler to reading files stored in a database, which is described here: http://www.php-mysql-tutorial.com/wikis/mysql-tutorials/uploading-files-to-mysql-database.aspx bit instead of reading the data from the DB, read if from the file using fopen() and fread(). you may need to read the file in chunks to prevent running out of RAM, depending on how big the spasific file is. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Why does PHP have such a pain in the a$$ configuration file?
Something that seriously annoys me about PHP is the fact that it has a configuration file which can *completely* change the behaviour of the language. Take the following for example: -- function parse_to_variable($tplname, $array = array()) { $fh = fopen($tplname, 'r'); $str = fread($fh, filesize($tplname)); fclose($fh); extract($array); ob_start(); eval($str); $result = ob_get_contents(); ob_end_clean(); return $result; } -- Which would take a template file like this (DTD etc left out): -- pList:/p ul ?php foreach($array as $item): ? liphp echo($item); ?/li ?php endforeach; ? /ul -- The above code loads in the template file, eval()'s it and then saves the result into a variable, so that it may be intergraed into anouther element of a dynamic website, which is a hell of a lot cleaner than the: -- echo (something . $some_variable . something_else ...); -- mess that you find in a lot of PHP code. Not only is it hard to read, but it also produces awfully indented HTML, unlike the template method which outputs properly indented code and is much easier to read. This works perfectly so long as output buffering is enabled, however for some reason my web host has decided to disable output buffering in the config file, rendering the above elegant solution completely useless(*). So, why does PHP have to have such a pain in the a$$ configuration file. It makes developing platform and even install independent code a nightmare, I am seriously considering moving to a different language because of this. (*) This could be implemented by saving the variables as XML, making a POST request to another script, which would then convert the XML back into an array, eval() the template and send the result back to the first script `as if' it was sending to a browser. The first script would then capture the result as a variable. While this would also work, it would be unnecessary complicated and very slow in comparison, It is *still* dependent on the settings in the config file. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] problem with PHP simplexml and doxygen generated XML
On Apr 3, 2009, at 17:52, hessi...@hessiess.com wrote: I have bean trying to right a PHP script to generate XHTML code from the class documentation xml files created by Doxygen(the HTML it outputs is invalid, messy and virtually imposable to integrate into another web page). One thing has bean causing problems, the tags which start with `@', for example: Code: SimpleXMLElement Object ( [...@attributes] = Array ( [kind] = function [id] = classhello_1f06929bd13d07b414a8be07c6db88074 [prot] = private [static] = no [const] = no [explicit] = no [inline] = yes [virt] = non-virtual ) ... I cannot seam to find a way to access these with simplexml, the following code generates a syntax error for example. Code: print_r($xml-compounddef-sectiondef-memberdef[1]-@attributes); Any advice would be gratily appreciated. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php What about first stripping out the @ characters with str_replace and then attempting to load the XML? Maybe run it thru a few to do the best possible clean up? Bastien Found out what I was doing wrong, the problem has nothing to do with the XML code, tag attributes are put into the @attributes section, which must be accsessed with the attributes() function. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] problem with PHP simplexml and doxygen generated XML
I HAVE THE SAME PROBLEM, PLEASE HOW HAVE YOU DONE IT On Sun, Apr 5, 2009 at 4:08 PM, hessi...@hessiess.com wrote: On Apr 3, 2009, at 17:52, hessi...@hessiess.com wrote: I have bean trying to right a PHP script to generate XHTML code from the class documentation xml files created by Doxygen(the HTML it outputs is invalid, messy and virtually imposable to integrate into another web page). One thing has bean causing problems, the tags which start with `@', for example: Code: SimpleXMLElement Object ( [...@attributes] = Array ( [kind] = function [id] = classhello_1f06929bd13d07b414a8be07c6db88074 [prot] = private [static] = no [const] = no [explicit] = no [inline] = yes [virt] = non-virtual ) ... I cannot seam to find a way to access these with simplexml, the following code generates a syntax error for example. Code: print_r($xml-compounddef-sectiondef-memberdef[1]-@attributes); Any advice would be gratily appreciated. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php What about first stripping out the @ characters with str_replace and then attempting to load the XML? Maybe run it thru a few to do the best possible clean up? Bastien Found out what I was doing wrong, the problem has nothing to do with the XML code, tag attributes are put into the @attributes section, which must be accsessed with the attributes() function. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Best Wishes Andrew Williams Just use the attributes() function, for example: $xml-compounddef-sectiondef-memberdef[0]-attributes()-kind Also, no need to shout ;) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] problem with PHP simplexml and doxygen generated XML
I have bean trying to right a PHP script to generate XHTML code from the class documentation xml files created by Doxygen(the HTML it outputs is invalid, messy and virtually imposable to integrate into another web page). One thing has bean causing problems, the tags which start with `@', for example: Code: SimpleXMLElement Object ( [...@attributes] = Array ( [kind] = function [id] = classhello_1f06929bd13d07b414a8be07c6db88074 [prot] = private [static] = no [const] = no [explicit] = no [inline] = yes [virt] = non-virtual ) ... I cannot seam to find a way to access these with simplexml, the following code generates a syntax error for example. Code: print_r($xml-compounddef-sectiondef-memberdef[1]-@attributes); Any advice would be gratily appreciated. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php