[PHP] After a PHP script timeout, Apache logs the error but may not cleanly exit the script
Hi. I'm wondering if anyone can help with this. We're using PHP and Apache, hosted on a dedicated server running Debian Linux. The specific versions in each case are mostly immaterial, as this problem has been around since Debian 6, and is still present in Debian 7; in the meantime we've been using the latest versions of all packages. We're having problems with PHP script timeouts, which although rare, are behaving erratically and causing severe problems when they do occur. The timeouts are always recorded in the Apache log, and sometimes the script and everything else may execute/terminate correctly, but often, various failures may be observed, such as: * timeouts not registered back to PHP - the script may not terminate as expected (the function registered with register_shutdown_function() - see code example below - may not be called); * after a timeout, Apache may run in the background indefinitely, using up CPU resources in one core; * Apache may fail altogether - no further requests serviced - Apache must be restarted. The exact cause of the fault has not been found. It is reproducible on all servers we deploy to. Example PHP script: //... function _on_shutdown() { if (connection_status() CONNECTION_TIMEOUT) { echo 'ERROR: TIMEOUT!'; //Do something else... } exit; } register_shutdown_function('_on_shutdown'); //...more code here... //(various potentially long running scripts which may timeout) The above was also posted here: http://serverfault.com/questions/542045/after-a-php-script-timeout-apache-logs-the-error-but-may-not-cleanly-exit-the-s Ric. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Script
Hi please the script am using is an auto generated script: simple machine function, and its having problems. So please I'l like to ask if anyone can give me a cool music site script like music212.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Images can execute php script?
Today I seen a hack into php that has rocked me to my foundation. I seen a picture uploaded onto a server using php and when php displayed the image, phpinfo() was executed and displayed. Does this problem exist in PHP 5.2.17 +? How do you stop it? Sorry, I have never known of this before today. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Images can execute php script?
Bastien Koert On 2012-09-23, at 11:57 AM, admin ad...@buskirkgraphics.com wrote: Today I seen a hack into php that has rocked me to my foundation. I seen a picture uploaded onto a server using php and when php displayed the image, phpinfo() was executed and displayed. Does this problem exist in PHP 5.2.17 +? How do you stop it? Sorry, I have never known of this before today. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Jpgs can hold other data rather than image data One thing to try is to run strip_tags($image) to remove any php code http://stackoverflow.com/questions/3499173/my-php-site-was-hacked-by-codes-uploaded-as-image http://josephkeeler.com/2009/04/php-upload-security-the-1x1-jpeg-hack/ Bastien
Re: [PHP] Images can execute php script?
On Sun, Sep 23, 2012 at 9:57 PM, admin ad...@buskirkgraphics.com wrote: Today I seen a hack into php that has rocked me to my foundation. I seen a picture uploaded onto a server using php and when php displayed the image, phpinfo() was executed and displayed. Does this problem exist in PHP 5.2.17 +? How do you stop it? Sorry, I have never known of this before today. How PHP is displaying the image? If it includes then its certainly possible? -- Shiplu.Mokadd.im ImgSign.com | A dynamic signature machine Innovation distinguishes between follower and leader
RE: [PHP] Images can execute php script?
Jpgs can hold other data rather than image data One thing to try is to run strip_tags($image) to remove any php code http://stackoverflow.com/questions/3499173/my-php-site-was-hacked-by-codes-u ploaded-as-image http://josephkeeler.com/2009/04/php-upload-security-the-1x1-jpeg-hack/ Bastien I understand the principle behind include('pages/' . $_GET['page'] . '.php'); http://www.mysite.com/index.php?page=../upload/image.jpg?cmd=somecode%00 Which I find ridiculous if anyone did that. I am not sure how he was calling the image to be sure. I watched him upload the image and then Do what looked like a normal echo UPLOADED_IMAGES.$_FILE[name]; You seen phpinfo() called but it was not in the script rather in the image. He opened the test.jpg in a text editor and sure enough there was ?php phpinfo(); ? in the code of the jpeg. This bothers me because I am not sure what all he did. He was proving PHP is not a safe language in front of a rather large group or people in the meeting. I could only look on in disbelief that it just happened in front of me. Everything inside of me wants to say he was doing something outside of what I consider normal circumstances. My question is this: If someone uploads a image through a form or whatever and they have embedded a code in can that code inside the image be executed by viewing the file? $image = 'uploaded.jpg'; Echo IMG SRC='.$image.'; Read this: http://php.webtutor.pl/en/2011/05/13/php-code-injection-a-simple-virus-writt en-in-php-and-carried-in-a-jpeg-image/ That was written a couple months ago. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Images can execute php script?
On 23-09-2012 21:30, admin wrote: Jpgs can hold other data rather than image data One thing to try is to run strip_tags($image) to remove any php code http://stackoverflow.com/questions/3499173/my-php-site-was-hacked-by-codes-u ploaded-as-image http://josephkeeler.com/2009/04/php-upload-security-the-1x1-jpeg-hack/ Bastien I understand the principle behind include('pages/' . $_GET['page'] . '.php'); http://www.mysite.com/index.php?page=../upload/image.jpg?cmd=somecode%00 Which I find ridiculous if anyone did that. I am not sure how he was calling the image to be sure. I watched him upload the image and then Do what looked like a normal echo UPLOADED_IMAGES.$_FILE[name]; You seen phpinfo() called but it was not in the script rather in the image. He opened the test.jpg in a text editor and sure enough there was ?php phpinfo(); ? in the code of the jpeg. This bothers me because I am not sure what all he did. He was proving PHP is not a safe language in front of a rather large group or people in the meeting. I could only look on in disbelief that it just happened in front of me. Everything inside of me wants to say he was doing something outside of what I consider normal circumstances. My question is this: If someone uploads a image through a form or whatever and they have embedded a code in can that code inside the image be executed by viewing the file? The answer to this is both yes and no. It all depends on: a) what you do with the file b) how your webserver is set up / configured PHP scripts are executed using the PHP interpreter. This means, that for a PHP script to be executed, the server needs to: 1. assume the requested file is a PHP script 2. run the PHP interpreter, and provide it the requested file 3. return the output from the PHP interpreter Most sane servers, when they get a request for a .jpg file, do not assume it's a PHP script, and simply return the raw image, which might include PHP script, but which will never be run by any sane person. Some servers however, are configured to run everything through the PHP interpreter, before returning its output. In this case: yes, bad stuff will happen. Alternatively, it's possible to run code in files from within other files. An example of this was given above, where you showed that including a file containing PHP code will execute that code. Regardless of what the file is exactly. In practice I must admit I have very rarely seen this exploit in action, since most proper servers and scripts are configured / coded by sane enough people for this not to be possible. Unfortunately, if you come across a novice coder, (s)he might use the include 'someImage.jpg' technique to return images, instead of echo file_get_contents('someImage.jpg'), which under these circumstances is a much safer way of doing the same thing. - Tul -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: php script can't self reference
On 20-06-2012 15:55, Tim Dunphy wrote: Hello list, I just wanted to bounce a slight issue that I'm having off you regarding self referencing a php script. Moving from the 'sendemail.htm' page where a form is used to the 'sendemail.php' page that is in the form action works fine! But if you reload the page, the php part of the equation loses track of it's $_POST[] variables, and you see the following errors in the output of the php page: Notice: Undefined index: subject in /Library/WebServer/Documents/examples/ch03/final/makemeelvis/sendemail.php on line 19 Notice: Undefined index: elvismail in /Library/WebServer/Documents/examples/ch03/final/makemeelvis/sendemail.php This is the original form from the sendemail.html page: form method=post action=sendemail.php label for=subjectSubject of email:/labelbr / input id=subject name=subject type=text size=30 /br / label for=elvismailBody of email:/labelbr / textarea id=elvismail name=elvismail rows=8 cols=40/textareabr / input type=submit name=Submit value=Submit / /form The reason you're seeing this behaviour is actually quite simple. POST data is only available when a POST action has been performed. Most actions are not post, but usually GETs. Due to you specifying 'method=post'in your HTML form, pressing the submit button sends a POST request to your PHP script. When you refresh the page, your browser sends a GET request, without any data whatsoever (because it doesn't submit the form in any way). Some browsers are smart and actually ask you if you want to resubmit the page, but you shouldn't count on it. So... how to resolve your problem? Well, you can prefill a form with the data submitted. That way, the user can resubmit the form without having to fully refill it him (or her)self. This is done by passing the data for each element in the value-attribute (for input), a selected-attribute (for select) or as the content (for textarea): input type=text name=a / will just give an empty input element. But input type=text name=a value=?php echo (isset($_POST['a']) ? $a : '');? / will show the value of the previously posted request, if any. Otherwise, it will just be empty. input name=something type=whatever value=data select name=something option value=something selected=selected option value=something not selected /select textarea name=somethingdata goes here/textarea Hope this helps. - Tul -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] long running php script won't complete :(
On Mon, Jun 4, 2012 at 6:52 PM, Matijn Woudt tijn...@gmail.com wrote: On Mon, Jun 4, 2012 at 5:57 PM, rene7705 rene7...@gmail.com wrote: Hi. I've got a piece of code that builds up a multi-meg test array for my opensourced http://mediabeez.ws/products/htmlMicroscope var_dump() improvement, and when I run it for longer than about 20 minutes, the browser just calls it quits.. :( Firefox, and chrome. I'd like to do this with a browser call, if all else fails I suppose I can run the generation of the test array from the commandline, but I prefer calling from the browser.. So, I'm doing ob_start(), then start the main loop which does echo '.'; ob_flush(); flush();. I've got my KeepAliveTime set to 25 seconds, as per http://www.pctools.com/guides/registry/detail/891/ And I'm calling this from my browser to the domain name that points back to the machine I run the browser on, latest wampserver on windows 7. Calling via localhost doesn't work somehow. Is there anything obvious I've missed? Just to be sure, have you checked the Apache error logs for anything obvious? (eg. out of memory?) In case the browser closes the connection, you could use ignore_user_abort [1] to be sure the script continues, though the browser won't receive the result. - Matijn [1] www.php.net/manual/en/function.ignore-user-abort.php ignore_user_abort(true) together with set_time_limit(0) is doing the job nicely atm. thanks! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] long running php script won't complete :(
Hi. I've got a piece of code that builds up a multi-meg test array for my opensourced http://mediabeez.ws/products/htmlMicroscope var_dump() improvement, and when I run it for longer than about 20 minutes, the browser just calls it quits.. :( Firefox, and chrome. I'd like to do this with a browser call, if all else fails I suppose I can run the generation of the test array from the commandline, but I prefer calling from the browser.. So, I'm doing ob_start(), then start the main loop which does echo '.'; ob_flush(); flush();. I've got my KeepAliveTime set to 25 seconds, as per http://www.pctools.com/guides/registry/detail/891/ And I'm calling this from my browser to the domain name that points back to the machine I run the browser on, latest wampserver on windows 7. Calling via localhost doesn't work somehow. Is there anything obvious I've missed? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] long running php script won't complete :(
On Mon, Jun 4, 2012 at 5:57 PM, rene7705 rene7...@gmail.com wrote: Hi. I've got a piece of code that builds up a multi-meg test array for my opensourced http://mediabeez.ws/products/htmlMicroscope var_dump() improvement, and when I run it for longer than about 20 minutes, the browser just calls it quits.. :( Firefox, and chrome. I'd like to do this with a browser call, if all else fails I suppose I can run the generation of the test array from the commandline, but I prefer calling from the browser.. So, I'm doing ob_start(), then start the main loop which does echo '.'; ob_flush(); flush();. I've got my KeepAliveTime set to 25 seconds, as per http://www.pctools.com/guides/registry/detail/891/ And I'm calling this from my browser to the domain name that points back to the machine I run the browser on, latest wampserver on windows 7. Calling via localhost doesn't work somehow. Is there anything obvious I've missed? Just to be sure, have you checked the Apache error logs for anything obvious? (eg. out of memory?) In case the browser closes the connection, you could use ignore_user_abort [1] to be sure the script continues, though the browser won't receive the result. - Matijn [1] www.php.net/manual/en/function.ignore-user-abort.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] howto get pgUp, pgDn, delete, home and end keycodes in CLI PHP script
I am trying to code a CLI PHP script that will give me the keycodes for these (and other) keyboard keys. I want to basically block until the user presses a single key, then I want to process that event without the user having to press the Enter key after pressing a single key. I have tried several approaches but with no success. Using fopen() to open stdin, and fgetc() will give me the regular keys but requires the user to press the Enter key after the initial key is pressed. When I press the the PgDw key for example, those routines return a single character string even though the stty echos a 5 character string (using PgDw echos ^[[6~) I have tried other approaches using bash read commands to get a single character but will little success also. Anybody here know how to do this? Thanks, -Andres | | -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] howto get pgUp, pgDn, delete, home and end keycodes in CLI PHP script
On Fri, May 4, 2012 at 10:48 AM, Andres Gonzalez and...@packetstorm.comwrote: I am trying to code a CLI PHP script that will give me the keycodes for these (and other) keyboard keys. I want to basically block until the user presses a single key, then I want to process that event without the user having to press the Enter key after pressing a single key. I have tried several approaches but with no success. Using fopen() to open stdin, and fgetc() will give me the regular keys but requires the user to press the Enter key after the initial key is pressed. When I press the the PgDw key for example, those routines return a single character string even though the stty echos a 5 character string (using PgDw echos ^[[6~) I have tried other approaches using bash read commands to get a single character but will little success also. Anybody here know how to do this? Thanks, -Andres | | -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php I think something like this would work $running = true; $fp = fopen(php://stdin,r);//open direct input stream for reading stream_set_blocking($fp,0);//set non-blocking mode while ($running) { while (($buf = fgets($fp, 4096)) != false) { $buffer .= $buf; } if ($buffer != ) { switch ($buffer) { case : {//exit on space key exit; } default: { //space not pressed } } $buffer = ; //empty buffer }
Re: [PHP] howto get pgUp, pgDn, delete, home and end keycodes in CLI PHP script
David, Thank you for your response. The code does not run on my box. I get an undefined variable error on the: if ($buffer != ) { line. Also, I need the code to block until the user presses a single key. Plus, the fgets() routine does not return extended codes for pgUp, pgDn, etc, only codes for regular keys. -Andres David OBrien wrote: ? On Fri, May 4, 2012 at 10:48 AM, Andres Gonzalez and...@packetstorm.com mailto:and...@packetstorm.com wrote: I am trying to code a CLI PHP script that will give me the keycodes for these (and other) keyboard keys. I want to basically block until the user presses a single key, then I want to process that event without the user having to press the Enter key after pressing a single key. I have tried several approaches but with no success. Using fopen() to open stdin, and fgetc() will give me the regular keys but requires the user to press the Enter key after the initial key is pressed. When I press the the PgDw key for example, those routines return a single character string even though the stty echos a 5 character string (using PgDw echos ^[[6~) I have tried other approaches using bash read commands to get a single character but will little success also. Anybody here know how to do this? Thanks, -Andres | | -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php I think something like this would work $running = true; $fp = fopen(php://stdin,r); //open direct input stream for reading stream_set_blocking($fp,0); //set non-blocking mode while ($running) { while (($buf = fgets($fp, 4096)) != false) { $buffer .= $buf; } if ($buffer != ) { switch ($buffer) { case : { //exit on space key exit; } default: { //space not pressed } } $buffer = ; //empty buffer } -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] howto get pgUp, pgDn, delete, home and end keycodes in CLI PHP script
On 4 May 2012, at 15:48, Andres Gonzalez wrote: I am trying to code a CLI PHP script that will give me the keycodes for these (and other) keyboard keys. I want to basically block until the user presses a single key, then I want to process that event without the user having to press the Enter key after pressing a single key. I have tried several approaches but with no success. Using fopen() to open stdin, and fgetc() will give me the regular keys but requires the user to press the Enter key after the initial key is pressed. When I press the the PgDw key for example, those routines return a single character string even though the stty echos a 5 character string (using PgDw echos ^[[6~) I have tried other approaches using bash read commands to get a single character but will little success also. Anybody here know how to do this? As far as I know you can't do this through any of the built-in functions. However, the ncurses extension may give you what you need: http://php.net/ncurses -Stuart -- Stuart Dallas 3ft9 Ltd http://3ft9.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] howto get pgUp, pgDn, delete, home and end keycodes in CLI PHP script
Thank you for your reply Stuart, I will look at ncurses extensions. -Andres Stuart Dallas wrote: On 4 May 2012, at 15:48, Andres Gonzalez wrote: I am trying to code a CLI PHP script that will give me the keycodes for these (and other) keyboard keys. I want to basically block until the user presses a single key, then I want to process that event without the user having to press the Enter key after pressing a single key. I have tried several approaches but with no success. Using fopen() to open stdin, and fgetc() will give me the regular keys but requires the user to press the Enter key after the initial key is pressed. When I press the the PgDw key for example, those routines return a single character string even though the stty echos a 5 character string (using PgDw echos ^[[6~) I have tried other approaches using bash read commands to get a single character but will little success also. Anybody here know how to do this? As far as I know you can't do this through any of the built-in functions. However, the ncurses extension may give you what you need: http://php.net/ncurses -Stuart -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Script failing on extension_dir
All, I am tying to install php that will talk to the database I us (QM, a pick type database). As I am new to pdp don’t have much experience in figuring out what the qm_ext_build script is failing. Thanks for you help in advance. george I am trying to run following: root@dell350:/usr/qmsys/qmphp# ./qm_ext_build It is failing here with the message after the script. echo --- echo get the directory where PHP extension are stored echo --- EXTDIR=`php -i 2 /dev/null | grep -i extension_dir | cut -d -f3` if [ ! -d $EXTDIR ]; then echo -n -e \n echo echo You need to create the php extensions directory: echo $EXTDIR echo echo -n -e \n exit fi Error message follows, what does the no mean ? get the directory where PHP extension are stored You need to create the php extensions directory: /usr/lib/php5/20090626+lfs no There is a directory which contains (I think) the compiled extensions. I am unsure where to go from here. Do I create a extension_dir and if so where do I put it and do I have to copy the file currently in 20090626+lfs to it. Also would have to, I believe, add the extension_dir to the php.ini file. Help would be appreciated. root@dell350:/usr/lib/php5/20090626+lfs# ls -la total 1688 drwxr-xr-x 2 root root 4096 Apr 9 08:33 . drwxr-xr-x 5 root root 4096 Apr 8 08:20 .. -rw-r--r-- 1 root root 62936 Feb 10 08:31 curl.so -rw-r--r-- 1 root root 95596 Feb 10 08:31 gd.so -rw-r--r-- 1 root root 20024 Feb 27 2010 idn.so -rw-r--r-- 1 root root 335288 Jun 1 2010 imagick.so
[PHP] Script execution after window close
Hello, I need to run a few commands when a user close the browser tab. That is, I have a php page ( index.php ) and it will create a temporary file to track some stuffs. That temporary file should be removed, when the user close the browser tab. Is there any way to achieve this? Thank you, -- Regards Nibin. http://TechsWare.in
Re: [PHP] Script execution after window close
On Sun, 2012-03-04 at 20:49 +0530, Nibin V M wrote: Hello, I need to run a few commands when a user close the browser tab. That is, I have a php page ( index.php ) and it will create a temporary file to track some stuffs. That temporary file should be removed, when the user close the browser tab. Is there any way to achieve this? Thank you, Not reliably. There are events in Javascript that you can use to trigger an Ajax call (such as onbeforeunload and onunload) but these work slightly differently from browser to browser and may not allow you to execute anything on the browser if the user is navigating away from the site or closing the tab/window. Why can't you use the session for this, and allow the session to expire after a certain period of inactivity, which would be better than reinventing what sounds like session behaviour. -- Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] Script execution after window close
in factI really need to remove the file ( which will be created for every access - making a copy from another location ). I can't leave that file alone for ever in the user disk space! :( On Sun, Mar 4, 2012 at 9:01 PM, Ashley Sheridan a...@ashleysheridan.co.ukwrote: ** On Sun, 2012-03-04 at 20:49 +0530, Nibin V M wrote: Hello, I need to run a few commands when a user close the browser tab. That is, I have a php page ( index.php ) and it will create a temporary file to track some stuffs. That temporary file should be removed, when the user close the browser tab. Is there any way to achieve this? Thank you, Not reliably. There are events in Javascript that you can use to trigger an Ajax call (such as onbeforeunload and onunload) but these work slightly differently from browser to browser and may not allow you to execute anything on the browser if the user is navigating away from the site or closing the tab/window. Why can't you use the session for this, and allow the session to expire after a certain period of inactivity, which would be better than reinventing what sounds like session behaviour. -- Thanks, Ash http://www.ashleysheridan.co.uk -- Regards Nibin. http://TechsWare.in
Re: [PHP] Script execution after window close
in factI really need to remove the file ( which will be created for every access - making a copy from another location ). I can't leave that file alone for ever in the user disk space! :( Fine, so delete it after a period of inactivity -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Script execution after window close
On 4 Mar 2012, at 15:31, Nibin V M wrote: in factI really need to remove the file ( which will be created for every access - making a copy from another location ). I can't leave that file alone for ever in the user disk space! :( Ash is right in that this is exactly what sessions are used for, so unless the data you are storing for the user is fairly large you'd be better off using them: http://php.net/session Why do you need to copy the file? Might be an idea to describe what you're actually doing rather than focus on this particular part. Do you make changes to the file after you've copied it? If not, why not use the original copy? If you do modify is, how and why? I'll bet there's a better way to do what you're doing. If you absolutely need to make these copies, your best bet is to have a script executed by cron periodically to clean up files with a last modified timestamp older than n seconds, and make sure each page request calls the touch function for that user's file to updated the file's timestamp. -Stuart -- Stuart Dallas 3ft9 Ltd http://3ft9.com/ On Sun, Mar 4, 2012 at 9:01 PM, Ashley Sheridan a...@ashleysheridan.co.ukwrote: ** On Sun, 2012-03-04 at 20:49 +0530, Nibin V M wrote: Hello, I need to run a few commands when a user close the browser tab. That is, I have a php page ( index.php ) and it will create a temporary file to track some stuffs. That temporary file should be removed, when the user close the browser tab. Is there any way to achieve this? Thank you, Not reliably. There are events in Javascript that you can use to trigger an Ajax call (such as onbeforeunload and onunload) but these work slightly differently from browser to browser and may not allow you to execute anything on the browser if the user is navigating away from the site or closing the tab/window. Why can't you use the session for this, and allow the session to expire after a certain period of inactivity, which would be better than reinventing what sounds like session behaviour. -- Thanks, Ash http://www.ashleysheridan.co.uk -- Regards Nibin. http://TechsWare.in -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Script execution after window close
ok..I have script which will run based on some values in user's homedir. In fact I have tried to run the script from a various locations; but it didn't work as expected like it run from each users homedir. So, when the user access the page, it will copy the actual script to the user's homedir and executes it. I don't want to leave it there for ever; so I have to remove it from there when the user close the browser ( or after a period of in activity ). But I don't know how to code it :( On Sun, Mar 4, 2012 at 9:08 PM, Govinda govinda.webdnat...@gmail.comwrote: in factI really need to remove the file ( which will be created for every access - making a copy from another location ). I can't leave that file alone for ever in the user disk space! :( Fine, so delete it after a period of inactivity -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Regards Nibin. http://TechsWare.in
Re: [PHP] Script execution after window close
in factI really need to remove the file ( which will be created for every access - making a copy from another location ). I can't leave that file alone for ever in the user disk space! :( Fine, so delete it after a period of inactivity ok..I have script which will run based on some values in user's homedir. In fact I have tried to run the script from a various locations; but it didn't work as expected like it run from each users homedir. So, when the user access the page, it will copy the actual script to the user's homedir and executes it. I don't want to leave it there for ever; so I have to remove it from there when the user close the browser ( or after a period of in activity ). But I don't know how to code it :( My suggestion is to sort out the real issue, rather than try to fix it with the workaround of copying that file to each user's homedir. It sounds like you are just adding unnecessary complexity to your work. Maybe make a new post/thread where you describe THAT issue very carefully.. and what you have tried that is not working the way you thought it should. So far it is not clear enough to me anyway - to help. But that could be because of my shortcomings more than your post's shortcoming; I am not expert on many topics covered on this list, especially in the area of managing your webserver. -Govinda -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Script execution after window close
On Sun, 2012-03-04 at 11:29 -0500, Govinda wrote: in factI really need to remove the file ( which will be created for every access - making a copy from another location ). I can't leave that file alone for ever in the user disk space! :( Fine, so delete it after a period of inactivity ok..I have script which will run based on some values in user's homedir. In fact I have tried to run the script from a various locations; but it didn't work as expected like it run from each users homedir. So, when the user access the page, it will copy the actual script to the user's homedir and executes it. I don't want to leave it there for ever; so I have to remove it from there when the user close the browser ( or after a period of in activity ). But I don't know how to code it :( My suggestion is to sort out the real issue, rather than try to fix it with the workaround of copying that file to each user's homedir. It sounds like you are just adding unnecessary complexity to your work. Maybe make a new post/thread where you describe THAT issue very carefully.. and what you have tried that is not working the way you thought it should. So far it is not clear enough to me anyway - to help. But that could be because of my shortcomings more than your post's shortcoming; I am not expert on many topics covered on this list, especially in the area of managing your webserver. -Govinda To add to what Govinda said, the real problem does indeed seem to be that you're using this hack in order to make your code work, and sorting that would be far more beneficial to you in the long run. On first thoughts, it sounds like a path issue somewhere. If the script isn't run as the user but is just run as the same user from different users directories, then it's probably not a problem with the PATH environment variable (assuming your secondary script is some kind of Bash script). Let's see what you're doing with that and see if we can help. -- Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] Script execution after window close
ok..thanks guys...I will check further then. thanks for your inputs :) On Sun, Mar 4, 2012 at 9:59 PM, Govinda govinda.webdnat...@gmail.comwrote: in factI really need to remove the file ( which will be created for every access - making a copy from another location ). I can't leave that file alone for ever in the user disk space! :( Fine, so delete it after a period of inactivity ok..I have script which will run based on some values in user's homedir. In fact I have tried to run the script from a various locations; but it didn't work as expected like it run from each users homedir. So, when the user access the page, it will copy the actual script to the user's homedir and executes it. I don't want to leave it there for ever; so I have to remove it from there when the user close the browser ( or after a period of in activity ). But I don't know how to code it :( My suggestion is to sort out the real issue, rather than try to fix it with the workaround of copying that file to each user's homedir. It sounds like you are just adding unnecessary complexity to your work. Maybe make a new post/thread where you describe THAT issue very carefully.. and what you have tried that is not working the way you thought it should. So far it is not clear enough to me anyway - to help. But that could be because of my shortcomings more than your post's shortcoming; I am not expert on many topics covered on this list, especially in the area of managing your webserver. -Govinda -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Regards Nibin. http://TechsWare.in
Re: RE: RE: [PHP] passing variables to php script
On 13 Jan 2012 at 15:05, David Savage dsav...@cytelcom.com wrote: I open the html file up from a windows explorer window (Q:\asterisk\), and so IE opens it up, but the problem lies in the fact that I cannot find apache service running in the background...haven't figured out why yet. The test configuration start menu option (under configure apache server) just displays a console window for a brief moment, then immediately disappears. The icon I see near my time says Running none of 1 Apache servicesSo I have to get that straightened out first...I believe that's been my problem all along. Well, that's going to be part of it, but it's never going to work if you open it via Explorer. If you do that, apache won't be involved whether it's running or not. This will only work if you have IE (or other browser) open and put http://localhost/your-webpage.html into the browser's address bar. Further, both the webpage and PHP file need to be in your document-root. Look in your apache config file for that). -- Cheers -- Tim -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: RE: RE: [PHP] passing variables to php script
Make sure IIS is not running. That'll cause all kinds of trouble. Tim Streater wrote: On 13 Jan 2012 at 15:05, David Savage dsav...@cytelcom.com wrote: I open the html file up from a windows explorer window (Q:\asterisk\), and so IE opens it up, but the problem lies in the fact that I cannot find apache service running in the background...haven't figured out why yet. The test configuration start menu option (under configure apache server) just displays a console window for a brief moment, then immediately disappears. The icon I see near my time says Running none of 1 Apache servicesSo I have to get that straightened out first...I believe that's been my problem all along. Well, that's going to be part of it, but it's never going to work if you open it via Explorer. If you do that, apache won't be involved whether it's running or not. This will only work if you have IE (or other browser) open and put http://localhost/your-webpage.html into the browser's address bar. Further, both the webpage and PHP file need to be in your document-root. Look in your apache config file for that). -- Cheers -- Tim -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: RE: RE: [PHP] passing variables to php script
Tim Streater wrote: On 13 Jan 2012 at 15:05, David Savage dsav...@cytelcom.com wrote: I open the html file up from a windows explorer window (Q:\asterisk\), and so IE opens it up, but the problem lies in the fact that I cannot find apache service running in the background...haven't figured out why yet. The test configuration start menu option (under configure apache server) just displays a console window for a brief moment, then immediately disappears. The icon I see near my time says Running none of 1 Apache servicesSo I have to get that straightened out first...I believe that's been my problem all along. Well, that's going to be part of it, but it's never going to work if you open it via Explorer. If you do that, apache won't be involved whether it's running or not. This will only work if you have IE (or other browser) open and put http://localhost/your-webpage.html into the browser's address bar. Further, both the webpage and PHP file need to be in your document-root. Look in your apache config file for that). Sorry for the top post. Make sure IIS is not running. It'll cause all kinds of trouble.
RE: RE: RE: [PHP] passing variables to php script
thanks for your assistance. From: Tim Streater [mailto:t...@clothears.org.uk] Sent: Fri 1/13/2012 9:37 AM To: David Savage Cc: PHP General List Subject: Re: RE: RE: [PHP] passing variables to php script On 13 Jan 2012 at 15:05, David Savage dsav...@cytelcom.com wrote: I open the html file up from a windows explorer window (Q:\asterisk\), and so IE opens it up, but the problem lies in the fact that I cannot find apache service running in the background...haven't figured out why yet. The test configuration start menu option (under configure apache server) just displays a console window for a brief moment, then immediately disappears. The icon I see near my time says Running none of 1 Apache servicesSo I have to get that straightened out first...I believe that's been my problem all along. Well, that's going to be part of it, but it's never going to work if you open it via Explorer. If you do that, apache won't be involved whether it's running or not. This will only work if you have IE (or other browser) open and put http://localhost/your-webpage.html into the browser's address bar. Further, both the webpage and PHP file need to be in your document-root. Look in your apache config file for that). -- Cheers -- Tim
RE: [PHP] passing variables to php script
Installed apache onto a win2K server, and have the html file php file in the same folder (Q:\ASTERISK\) on the Q: drive (which is just another drive in this same server). I opened the html file using IE 6.0. What I'm thinking is there may be an issue with some setting on the web server. The php statements I posted were the first few statements in the script, so apparently the script didn't see the variables, so I'll have to review the httpd.conf and php.ini files to find whatever settings is preventing the acctnum, year, and month from being passed to the php script. Thanks to all of you who posted comments for this problem ! I believe it will eventually come together. David From: Ellis Antaya [mailto:ellis.ant...@gmail.com] Sent: Tue 1/10/2012 4:46 PM To: Marco Behnke Cc: php-general@lists.php.net Subject: Re: [PHP] passing variables to php script it can't work as long as long as there is Q:\ ins his form action +1 David, which web server are you running (apache, iis, ...)? What is your document_root? And last question, where are your html file and your php file(the full file path)? --- Ellis (Sent from my iPod) On 2012-01-10, at 16:25, Marco Behnke ma...@behnke.biz wrote: Am 10.01.12 21:57, schrieb Ashley Sheridan: o simply callrecs.php and see if that works. Q: would be referencing a filesystem path, rather a web address interpreted by a PHP processor. Make sure your .php target is within a PHP supported web space. If a default application is set within windows for php, the script submitting to Q will be executed. But wouldn't Windows attempt to execute the PHP script as if it were a CLI script, not as if it were within a web server context? That would make posting a form pretty pointless. Indeed. But isn't that the point? We are trying to figure out why his posting the form does not work. I say, it can't work as long as long as there is Q:\ ins his form action, no way it will do, because you leave your webserver context anyways. He must change it to a valid web url. -- Marco Behnke Dipl. Informatiker (FH), SAE Audio Engineer Diploma Zend Certified Engineer PHP 5.3 Tel.: 0174 / 9722336 e-Mail: ma...@behnke.biz Softwaretechnik Behnke Heinrich-Heine-Str. 7D 21218 Seevetal http://www.behnke.biz http://www.behnke.biz/
Re: [PHP] passing variables to php script
On Thu, Jan 12, 2012 at 7:51 PM, David Savage dsav...@cytelcom.com wrote: Installed apache onto a win2K server, and have the html file php file in the same folder (Q:\ASTERISK\) on the Q: drive (which is just another drive in this same server). I opened the html file using IE 6.0. What I'm thinking is there may be an issue with some setting on the web server. The php statements I posted were the first few statements in the script, so apparently the script didn't see the variables, so I'll have to review the httpd.conf and php.ini files to find whatever settings is preventing the acctnum, year, and month from being passed to the php script. No, Don't open the html file from the drive! If you have installed apache, you can open IE and go to http://localhost, this will show your web site running. If you put the files from Q:\ASTERISK in the folder where the website is, or you set this correctly in httpd.conf then it will show up fine. Now, if you update the form, and replace Q:\ASTERISK\callrecs.php with /callrecs.php, then it'll probably work fine. Matijn -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: RE: [PHP] passing variables to php script
On 12 Jan 2012 at 18:51, David Savage dsav...@cytelcom.com wrote: Installed apache onto a win2K server, and have the html file php file in the same folder (Q:\ASTERISK\) on the Q: drive (which is just another drive in this same server). I opened the html file using IE 6.0. What I'm thinking is there may be an issue with some setting on the web server. The php statements I posted were the first few statements in the script, so apparently the script didn't see the variables, so I'll have to review the httpd.conf and php.ini files to find whatever settings is preventing the acctnum, year, and month from being passed to the php script. You say: I opened the html file using IE 6.0 I don't like the sound of that. Do you mean you double-clicked the file and it opened in IE or do you mean you put Q:\... into the IE address bar or what? What you should be doing is putting http://localhost/your-file.html in the IE address bar. What is your document-root? Is the Q:\thingy part of it? -- Cheers -- Tim -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] passing variables to php script
David Savage wrote: OK...I admit I'm new at thisI have this html file: html head titleGenerate pdf file of LD, Toll Free, and Directory Assistance calls/titl /head body form action=Q:\ASTERISK\callrecs.php method=post pAccount Number:input type=text name=acctnum/p pYear (4 digit):input type=text name=billyear/p pMonth (2 digit):input type=text name=billmonth/p pinput type=submit //p /form /body /html to which I would input an account number, 4 digit year, then 2 digit month. Then click Submit. What I see in the error log is: [06-Jan-2012 11:42:21] PHP Notice: Undefined index: acctnum [06-Jan-2012 11:42:21] PHP Notice: Undefined index: billyear [06-Jan-2012 11:42:21] PHP Notice: Undefined index: billmonth where line numbers point othe the following php lines: $who=$_POST[acctnum]; $year_to_process=$_POST[billyear]; ; $month_to_process= $_POST[billmonth]; WHAT AM I DOING WRONG ? David I think the error indicates that there is no acctnum,etc. set in your POST array.. but your syntax looks O.K... so, assuming the php code is in callrecs.php, I'm guessing you either have a redirect in there, or are not hitting the callrecs.php with the form data. I'd suggest to post your callrecs.php file. Donovan -- D Brooke -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] passing variables to php script
Am 10.01.12 21:07, schrieb Donovan Brooke: David Savage wrote: OK...I admit I'm new at thisI have this html file: html head titleGenerate pdf file of LD, Toll Free, and Directory Assistance calls/titl /head body form action=Q:\ASTERISK\callrecs.php method=post Stupid question . where have you copied your script? Is it lying on a webserver? Then I would guess that you are submitting the form on your webserver which hits the PHP script on your Desktop PC which in tunr invokes the PHP command line interpreter who has no idea what you mean by $_POST. Try changing the form action to simply callrecs.php and see if that works. -- Marco Behnke Dipl. Informatiker (FH), SAE Audio Engineer Diploma Zend Certified Engineer PHP 5.3 Tel.: 0174 / 9722336 e-Mail: ma...@behnke.biz Softwaretechnik Behnke Heinrich-Heine-Str. 7D 21218 Seevetal http://www.behnke.biz smime.p7s Description: S/MIME Kryptografische Unterschrift
Re: [PHP] passing variables to php script
On Jan 10, 2012, at 15:12, Marco Behnke ma...@behnke.biz wrote: Am 10.01.12 21:07, schrieb Donovan Brooke: David Savage wrote: OK...I admit I'm new at thisI have this html file: html head titleGenerate pdf file of LD, Toll Free, and Directory Assistance calls/titl /head body form action=Q:\ASTERISK\callrecs.php method=post Stupid question . where have you copied your script? Is it lying on a webserver? Then I would guess that you are submitting the form on your webserver which hits the PHP script on your Desktop PC which in tunr invokes the PHP command line interpreter who has no idea what you mean by $_POST. Try changing the form action to simply callrecs.php and see if that works. -- Marco Behnke Dipl. Informatiker (FH), SAE Audio Engineer Diploma Zend Certified Engineer PHP 5.3 Tel.: 0174 / 9722336 e-Mail: ma...@behnke.biz Softwaretechnik Behnke Heinrich-Heine-Str. 7D 21218 Seevetal http://www.behnke.biz Q: would be referencing a filesystem path, rather a web address interpreted by a PHP processor. Make sure your .php target is within a PHP supported web space. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] passing variables to php script
Am 10.01.12 21:28, schrieb Mike Mackintosh: On Jan 10, 2012, at 15:12, Marco Behnke ma...@behnke.biz wrote: Am 10.01.12 21:07, schrieb Donovan Brooke: David Savage wrote: OK...I admit I'm new at thisI have this html file: html head titleGenerate pdf file of LD, Toll Free, and Directory Assistance calls/titl /head body form action=Q:\ASTERISK\callrecs.php method=post Stupid question . where have you copied your script? Is it lying on a webserver? Then I would guess that you are submitting the form on your webserver which hits the PHP script on your Desktop PC which in tunr invokes the PHP command line interpreter who has no idea what you mean by $_POST. Try changing the form action to simply callrecs.php and see if that works. Q: would be referencing a filesystem path, rather a web address interpreted by a PHP processor. Make sure your .php target is within a PHP supported web space. If a default application is set within windows for php, the script submitting to Q will be executed. -- Marco Behnke Dipl. Informatiker (FH), SAE Audio Engineer Diploma Zend Certified Engineer PHP 5.3 Tel.: 0174 / 9722336 e-Mail: ma...@behnke.biz Softwaretechnik Behnke Heinrich-Heine-Str. 7D 21218 Seevetal http://www.behnke.biz smime.p7s Description: S/MIME Kryptografische Unterschrift
Re: [PHP] passing variables to php script
On Tue, 2012-01-10 at 21:43 +0100, Marco Behnke wrote: Am 10.01.12 21:28, schrieb Mike Mackintosh: On Jan 10, 2012, at 15:12, Marco Behnke ma...@behnke.biz wrote: Am 10.01.12 21:07, schrieb Donovan Brooke: David Savage wrote: OK...I admit I'm new at thisI have this html file: html head titleGenerate pdf file of LD, Toll Free, and Directory Assistance calls/titl /head body form action=Q:\ASTERISK\callrecs.php method=post Stupid question . where have you copied your script? Is it lying on a webserver? Then I would guess that you are submitting the form on your webserver which hits the PHP script on your Desktop PC which in tunr invokes the PHP command line interpreter who has no idea what you mean by $_POST. Try changing the form action to simply callrecs.php and see if that works. Q: would be referencing a filesystem path, rather a web address interpreted by a PHP processor. Make sure your .php target is within a PHP supported web space. If a default application is set within windows for php, the script submitting to Q will be executed. But wouldn't Windows attempt to execute the PHP script as if it were a CLI script, not as if it were within a web server context? That would make posting a form pretty pointless. -- Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] passing variables to php script
On Tue, Jan 10, 2012 at 9:57 PM, Ashley Sheridan a...@ashleysheridan.co.uk wrote: On Tue, 2012-01-10 at 21:43 +0100, Marco Behnke wrote: Am 10.01.12 21:28, schrieb Mike Mackintosh: On Jan 10, 2012, at 15:12, Marco Behnke ma...@behnke.biz wrote: Am 10.01.12 21:07, schrieb Donovan Brooke: David Savage wrote: OK...I admit I'm new at thisI have this html file: html head titleGenerate pdf file of LD, Toll Free, and Directory Assistance calls/titl /head body form action=Q:\ASTERISK\callrecs.php method=post Stupid question . where have you copied your script? Is it lying on a webserver? Then I would guess that you are submitting the form on your webserver which hits the PHP script on your Desktop PC which in tunr invokes the PHP command line interpreter who has no idea what you mean by $_POST. Try changing the form action to simply callrecs.php and see if that works. Q: would be referencing a filesystem path, rather a web address interpreted by a PHP processor. Make sure your .php target is within a PHP supported web space. If a default application is set within windows for php, the script submitting to Q will be executed. But wouldn't Windows attempt to execute the PHP script as if it were a CLI script, not as if it were within a web server context? That would make posting a form pretty pointless. This all depends on the browser used. IE will probably start it with any program registered to PHP files (most likely an text editor). Firefox and Chrome will probably show the PHP source code in the browser. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] passing variables to php script
Am 10.01.12 21:57, schrieb Ashley Sheridan: o simply callrecs.php and see if that works. Q: would be referencing a filesystem path, rather a web address interpreted by a PHP processor. Make sure your .php target is within a PHP supported web space. If a default application is set within windows for php, the script submitting to Q will be executed. But wouldn't Windows attempt to execute the PHP script as if it were a CLI script, not as if it were within a web server context? That would make posting a form pretty pointless. Indeed. But isn't that the point? We are trying to figure out why his posting the form does not work. I say, it can't work as long as long as there is Q:\ ins his form action, no way it will do, because you leave your webserver context anyways. He must change it to a valid web url. -- Marco Behnke Dipl. Informatiker (FH), SAE Audio Engineer Diploma Zend Certified Engineer PHP 5.3 Tel.: 0174 / 9722336 e-Mail: ma...@behnke.biz Softwaretechnik Behnke Heinrich-Heine-Str. 7D 21218 Seevetal http://www.behnke.biz smime.p7s Description: S/MIME Kryptografische Unterschrift
Re: [PHP] passing variables to php script
On Tue, 2012-01-10 at 22:25 +0100, Marco Behnke wrote: Am 10.01.12 21:57, schrieb Ashley Sheridan: o simply callrecs.php and see if that works. Q: would be referencing a filesystem path, rather a web address interpreted by a PHP processor. Make sure your .php target is within a PHP supported web space. If a default application is set within windows for php, the script submitting to Q will be executed. But wouldn't Windows attempt to execute the PHP script as if it were a CLI script, not as if it were within a web server context? That would make posting a form pretty pointless. Indeed. But isn't that the point? We are trying to figure out why his posting the form does not work. I say, it can't work as long as long as there is Q:\ ins his form action, no way it will do, because you leave your webserver context anyways. He must change it to a valid web url. -- Marco Behnke Dipl. Informatiker (FH), SAE Audio Engineer Diploma Zend Certified Engineer PHP 5.3 Tel.: 0174 / 9722336 e-Mail: ma...@behnke.biz Softwaretechnik Behnke Heinrich-Heine-Str. 7D 21218 Seevetal http://www.behnke.biz All of which I mentioned last Friday when David first asked the question. -- Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] passing variables to php script
it can't work as long as long as there is Q:\ ins his form action +1 David, which web server are you running (apache, iis, ...)? What is your document_root? And last question, where are your html file and your php file(the full file path)? --- Ellis (Sent from my iPod) On 2012-01-10, at 16:25, Marco Behnke ma...@behnke.biz wrote: Am 10.01.12 21:57, schrieb Ashley Sheridan: o simply callrecs.php and see if that works. Q: would be referencing a filesystem path, rather a web address interpreted by a PHP processor. Make sure your .php target is within a PHP supported web space. If a default application is set within windows for php, the script submitting to Q will be executed. But wouldn't Windows attempt to execute the PHP script as if it were a CLI script, not as if it were within a web server context? That would make posting a form pretty pointless. Indeed. But isn't that the point? We are trying to figure out why his posting the form does not work. I say, it can't work as long as long as there is Q:\ ins his form action, no way it will do, because you leave your webserver context anyways. He must change it to a valid web url. -- Marco Behnke Dipl. Informatiker (FH), SAE Audio Engineer Diploma Zend Certified Engineer PHP 5.3 Tel.: 0174 / 9722336 e-Mail: ma...@behnke.biz Softwaretechnik Behnke Heinrich-Heine-Str. 7D 21218 Seevetal http://www.behnke.biz
[PHP] passing variables to php script
OK...I admit I'm new at thisI have this html file: html head titleGenerate pdf file of LD, Toll Free, and Directory Assistance calls/titl /head body form action=Q:\ASTERISK\callrecs.php method=post pAccount Number: input type=text name=acctnum /p pYear (4 digit): input type=text name=billyear /p pMonth (2 digit): input type=text name=billmonth /p pinput type=submit //p /form /body /html to which I would input an account number, 4 digit year, then 2 digit month. Then click Submit. What I see in the error log is: [06-Jan-2012 11:42:21] PHP Notice: Undefined index: acctnum [06-Jan-2012 11:42:21] PHP Notice: Undefined index: billyear [06-Jan-2012 11:42:21] PHP Notice: Undefined index: billmonth where line numbers point othe the following php lines: $who=$_POST[acctnum]; $year_to_process=$_POST[billyear]; ; $month_to_process= $_POST[billmonth]; WHAT AM I DOING WRONG ? David
Re: [PHP] passing variables to php script
On Fri, 2012-01-06 at 11:53 -0600, David Savage wrote: OK...I admit I'm new at thisI have this html file: html head titleGenerate pdf file of LD, Toll Free, and Directory Assistance calls/titl /head body form action=Q:\ASTERISK\callrecs.php method=post pAccount Number: input type=text name=acctnum /p pYear (4 digit): input type=text name=billyear /p pMonth (2 digit): input type=text name=billmonth /p pinput type=submit //p /form /body /html to which I would input an account number, 4 digit year, then 2 digit month. Then click Submit. What I see in the error log is: [06-Jan-2012 11:42:21] PHP Notice: Undefined index: acctnum [06-Jan-2012 11:42:21] PHP Notice: Undefined index: billyear [06-Jan-2012 11:42:21] PHP Notice: Undefined index: billmonth where line numbers point othe the following php lines: $who=$_POST[acctnum]; $year_to_process=$_POST[billyear]; ; $month_to_process= $_POST[billmonth]; WHAT AM I DOING WRONG ? David PHP must be run on a server, it looks like you're attempting to run it on your local drive without one. Try installing either Xampp or EasyPHP, which will install the Apache server with PHP for you, and then you can run your scripts over http://localhost or http://127.0.0.1 -- Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] PHP script won't run in the background
On 29/11/2011 17:16, Daniel Brown wrote: On Sat, Nov 19, 2011 at 09:33, richard grayr...@richgray.com wrote: This happens because PHP is writing to STDOUT, of course, and then the command line redirection grabs that information and puts it into the file. Unfortunately, by itself, this won't work in the background, which is why you're getting the SIGTTOU (SIGnal TTy OUput). If you need to redirect the output and have it run in the background (where something like file_put_contents() or fwrite() isn't a practical option), give it a NOHUP (NO Hang-UP): nohup php test.php test.log This will automatically redirect STDERR to STDOUT, save for the message telling you the same. Thanks for your reply Daniel unfortunately nohup makes no difference the script still stops with no output being logged -- and also on a different machine (Ubuntu) php -f test.php test.log 21 -- works perfectly - seems to be an issue with OSX Lion and the version of PHP that came with the machine -- I cannot compile my own build of PHP because of this problem - https://bugs.php.net/bug.php?id=60268 -- so I am completely stuck :( -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP script won't run in the background
On 23/11/2011 18:49, Alain Williams wrote: On Wed, Nov 23, 2011 at 06:14:07PM +0100, richard gray wrote: Reading symbols for shared libraries + done 0x000101d057ee in __ioctl () Any clues? To me it looks like PHP cli is trying to do some I/O but I'm just a dumb developer... :) ioctl on a tty is typically used to set it into single character at a time mode (remove stty's icanon). It could have decided that since it is a tty then that should be set. You need a bit more info, get a backtrace with 'where'. Thanks for the response Alain - below is the output:- [rich@LeMans] (/Web/scripts) gdb --pid=3294 GNU gdb 6.3.50-20050815 (Apple version gdb-1708) (Mon Aug 8 20:32:45 UTC 2011) Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type show copying to see the conditions. There is absolutely no warranty for GDB. Type show warranty for details. This GDB was configured as x86_64-apple-darwin. /Web/scripts/3294: No such file or directory Attaching to process 3294. Reading symbols for shared libraries . done Reading symbols for shared libraries done Reading symbols for shared libraries + done 0x7fff8f8ac7ee in __ioctl () (gdb) where #0 0x7fff8f8ac7ee in __ioctl () #1 0x7fff8f8ac1fe in ioctl () #2 0x7fff910a6b1c in tcsetattr () #3 0x00010ab05df7 in tty_end () #4 0x00010ab05c39 in tty_init () #5 0x00010aaf7261 in el_init () #6 0x00010aafeb8e in rl_initialize () #7 0x00010a3ef39a in zm_startup_readline () #8 0x00010a37a1c8 in zend_startup_module_ex () #9 0x00010a38166b in zend_hash_apply () #10 0x00010a37d3dd in zend_startup_modules () #11 0x00010a3287bf in php_module_startup () #12 0x00010a3ef637 in php_cli_startup () #13 0x00010a3efff8 in main () -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP script won't run in the background
On Wed, Nov 30, 2011 at 12:58:26PM +0100, richard gray wrote: On 29/11/2011 17:16, Daniel Brown wrote: On Sat, Nov 19, 2011 at 09:33, richard grayr...@richgray.com wrote: This happens because PHP is writing to STDOUT, of course, and then the command line redirection grabs that information and puts it into the file. Unfortunately, by itself, this won't work in the background, which is why you're getting the SIGTTOU (SIGnal TTy OUput). If you need to redirect the output and have it run in the background (where something like file_put_contents() or fwrite() isn't a practical option), give it a NOHUP (NO Hang-UP): nohup php test.php test.log This will automatically redirect STDERR to STDOUT, save for the message telling you the same. Thanks for your reply Daniel unfortunately nohup makes no difference the script still stops with no output being logged -- and also on a different machine (Ubuntu) php -f test.php test.log 21 -- works perfectly - seems to be an issue with OSX Lion and the version of PHP that came with the machine -- I cannot compile my own build of PHP because of this problem - https://bugs.php.net/bug.php?id=60268 -- so I am completely stuck :( The point is that you need to completely disassociate the process from the tty. Install the daemonize program, then use it to run your PHP script. See: http://software.clapper.org/daemonize/ It claims to run under OSx (which is just BSD Unix). -- Alain Williams Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer. +44 (0) 787 668 0256 http://www.phcomp.co.uk/ Parliament Hill Computers Ltd. Registration Information: http://www.phcomp.co.uk/contact.php #include std_disclaimer.h -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP script won't run in the background
On Wed, Nov 30, 2011 at 01:01:48PM +0100, richard gray wrote: You need a bit more info, get a backtrace with 'where'. Thanks for the response Alain - below is the output:- Ah, much more useful . [rich@LeMans] (/Web/scripts) gdb --pid=3294 GNU gdb 6.3.50-20050815 (Apple version gdb-1708) (Mon Aug 8 20:32:45 UTC 2011) Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type show copying to see the conditions. There is absolutely no warranty for GDB. Type show warranty for details. This GDB was configured as x86_64-apple-darwin. /Web/scripts/3294: No such file or directory Attaching to process 3294. Reading symbols for shared libraries . done Reading symbols for shared libraries done Reading symbols for shared libraries + done 0x7fff8f8ac7ee in __ioctl () (gdb) where #0 0x7fff8f8ac7ee in __ioctl () #1 0x7fff8f8ac1fe in ioctl () #2 0x7fff910a6b1c in tcsetattr () OK - it is setting tty modes as I suspected. #3 0x00010ab05df7 in tty_end () #4 0x00010ab05c39 in tty_init () #5 0x00010aaf7261 in el_init () #6 0x00010aafeb8e in rl_initialize () #7 0x00010a3ef39a in zm_startup_readline () This is the readline routine ... probably setting the tty to raw mode, thus the tcsetattr() above. Look at the link below, it is how your CLI version of PHP is compiled: http://www.php.net/manual/en/readline.installation.php readline is mentioned as part of CLI: http://www.php.net/manual/en/features.commandline.usage.php #8 0x00010a37a1c8 in zend_startup_module_ex () #9 0x00010a38166b in zend_hash_apply () #10 0x00010a37d3dd in zend_startup_modules () #11 0x00010a3287bf in php_module_startup () #12 0x00010a3ef637 in php_cli_startup () This is done BEFORE your script starts - so nothing that you can do to stop it. #13 0x00010a3efff8 in main () Try the daemonize that I wrote about a few minutes ago. -- Alain Williams Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer. +44 (0) 787 668 0256 http://www.phcomp.co.uk/ Parliament Hill Computers Ltd. Registration Information: http://www.phcomp.co.uk/contact.php #include std_disclaimer.h -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP script won't run in the background
Hi: I mean, do you built your php with readline support, or do you load readline.so into PHP? if so, remove it, then try again. and you also can use: gdb --pid={the pid of the stopped php} then you will find where the php hangs. thanks On Wed, Nov 23, 2011 at 1:04 AM, richard gray r...@richgray.com wrote: On 22/11/2011 05:51, Laruence wrote: did you run php with readline? try run the script without php-readline. thanks No - the script was just a basic string echo - no readline was involved. -- Laruence Xinchen Hui http://www.laruence.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP script won't run in the background
On 23/11/2011 11:05, Laruence wrote: Hi: I mean, do you built your php with readline support, or do you load readline.so into PHP? if so, remove it, then try again. and you also can use: gdb --pid={the pid of the stopped php} then you will find where the php hangs. thanks I didn't build PHP as it fails to make -- see https://bugs.php.net/bug.php?id=60268 so I am stuck with the PHP build provided by Apple... :( Here's what gdb says [rich@LeMans] (/web/scripts) php -f test.php test.log 21 [1] 3513 [rich@LeMans] (/web/scripts) [1]+ Stopped php -f test.php test.log 21 [rich@LeMans] (/web/scripts) gdb --pid 3513 GNU gdb 6.3.50-20050815 (Apple version gdb-1708) (Mon Aug 8 20:32:45 UTC 2011) Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type show copying to see the conditions. There is absolutely no warranty for GDB. Type show warranty for details. This GDB was configured as x86_64-apple-darwin. /Web/scripts/3513: No such file or directory Attaching to process 3513. Reading symbols for shared libraries . done Reading symbols for shared libraries done Reading symbols for shared libraries + done 0x000101d057ee in __ioctl () Any clues? To me it looks like PHP cli is trying to do some I/O but I'm just a dumb developer... :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP script won't run in the background
On Wed, Nov 23, 2011 at 06:14:07PM +0100, richard gray wrote: Reading symbols for shared libraries + done 0x000101d057ee in __ioctl () Any clues? To me it looks like PHP cli is trying to do some I/O but I'm just a dumb developer... :) ioctl on a tty is typically used to set it into single character at a time mode (remove stty's icanon). It could have decided that since it is a tty then that should be set. You need a bit more info, get a backtrace with 'where'. -- Alain Williams Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer. +44 (0) 787 668 0256 http://www.phcomp.co.uk/ Parliament Hill Computers Ltd. Registration Information: http://www.phcomp.co.uk/contact.php #include std_disclaimer.h -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP script won't run in the background
On 22/11/2011 05:51, Laruence wrote: did you run php with readline? try run the script without php-readline. thanks No - the script was just a basic string echo - no readline was involved. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP script won't run in the background
On 19 November 2011 14:33, richard gray r...@richgray.com wrote: Hi all Hope someone can help me with a weird issue I have... I am trying to run a php CLI script in the background and it just won't run - it has a status of Stopped SIGTOU (Trying to write output) - Here are the details OS Mac OS X Lion 10.7.2 PHP PHP 5.3.6 with Suhosin-Patch (cli) (built: Sep 8 2011 19:34:00) Copyright (c) 1997-2011 The PHP Group Zend Engine v2.3.0, Copyright (c) 1998-2011 Zend Technologies I created a basic script test.php ?php echo 'Hello world'.PHP_EOL; ? Here are the results of various tests:- Test 1) php -f test.php (Hello world gets displayed) Test 2) php -f test.php test.log 21 (Hello world gets put into test.log) Test 3) php -f test.php test.log 21 --- I get [1]+ Stopped(SIGTTOU) php -f test.php test.log 21 -- and the job just sits there doing nothing nothing gets logged however lsof shows the log file is open It is something to do with php because a similar shell script gets executed no problems in the background... This has me stumped ... any ideas? TIA Rich -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php I've seen this ... php script.php 1nul 2nul Not sure how effective it is. But the code is tagged as a fire and forget mechanism. -- Richard Quadling Twitter : EE : Zend : PHPDoc : Fantasy Shopper @RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY : bit.ly/lFnVea : fan.sh/6/370 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP script won't run in the background
On Sat, Nov 19, 2011 at 11:27 PM, richard gray r...@richgray.com wrote: Laruence, while that may be a helpful answer to a few people in the know, I think a clue is better, leave some space for the people to dance. :) just replying back with a single line like that isn't really going to help the people who are having this problem. At least explain why you suggested that, or what it does for those on the list that don't know, especially as it's not a PHP thing, it's a Unix command thing. Richard, some more info on the command Laruence mentioned can be found at http://docstore.mik.ua/orelly/unix/upt/ch12_07.htm which explains it in more detail. not sure this is relevant as my script is not trying to write to the terminal the test.log 21 is sending stdout and stderr to the log file not the tty... did you run php with readline? try run the script without php-readline. thanks -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Laruence Xinchen Hui http://www.laruence.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP script won't run in the background
$ stty -tostop thanks On Sat, Nov 19, 2011 at 10:33 PM, richard gray r...@richgray.com wrote: Hi all Hope someone can help me with a weird issue I have... I am trying to run a php CLI script in the background and it just won't run - it has a status of Stopped SIGTOU (Trying to write output) - Here are the details OS Mac OS X Lion 10.7.2 PHP PHP 5.3.6 with Suhosin-Patch (cli) (built: Sep 8 2011 19:34:00) Copyright (c) 1997-2011 The PHP Group Zend Engine v2.3.0, Copyright (c) 1998-2011 Zend Technologies I created a basic script test.php ?php echo 'Hello world'.PHP_EOL; ? Here are the results of various tests:- Test 1) php -f test.php (Hello world gets displayed) Test 2) php -f test.php test.log 21 (Hello world gets put into test.log) Test 3) php -f test.php test.log 21 --- I get [1]+ Stopped(SIGTTOU) php -f test.php test.log 21 -- and the job just sits there doing nothing nothing gets logged however lsof shows the log file is open It is something to do with php because a similar shell script gets executed no problems in the background... This has me stumped ... any ideas? TIA Rich -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Laruence Xinchen Hui http://www.laruence.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP script won't run in the background
Hi all Hope someone can help me with a weird issue I have... I am trying to run a php CLI script in the background and it just won't run - it has a status of Stopped SIGTOU (Trying to write output) - Here are the details OS Mac OS X Lion 10.7.2 PHP PHP 5.3.6 with Suhosin-Patch (cli) (built: Sep 8 2011 19:34:00) Copyright (c) 1997-2011 The PHP Group Zend Engine v2.3.0, Copyright (c) 1998-2011 Zend Technologies I created a basic script test.php ?php echo 'Hello world'.PHP_EOL; ? Here are the results of various tests:- Test 1) php -f test.php (Hello world gets displayed) Test 2) php -f test.php test.log 21 (Hello world gets put into test.log) Test 3) php -f test.php test.log 21 --- I get [1]+ Stopped(SIGTTOU)php -f test.php test.log 21 -- and the job just sits there doing nothing nothing gets logged however lsof shows the log file is open It is something to do with php because a similar shell script gets executed no problems in the background... This has me stumped ... any ideas? TIA Rich -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP script won't run in the background
On Sat, 2011-11-19 at 23:09 +0800, Laruence wrote: $ stty -tostop thanks On Sat, Nov 19, 2011 at 10:33 PM, richard gray r...@richgray.com wrote: Hi all Hope someone can help me with a weird issue I have... I am trying to run a php CLI script in the background and it just won't run - it has a status of Stopped SIGTOU (Trying to write output) - Here are the details OS Mac OS X Lion 10.7.2 PHP PHP 5.3.6 with Suhosin-Patch (cli) (built: Sep 8 2011 19:34:00) Copyright (c) 1997-2011 The PHP Group Zend Engine v2.3.0, Copyright (c) 1998-2011 Zend Technologies I created a basic script test.php ?php echo 'Hello world'.PHP_EOL; ? Here are the results of various tests:- Test 1) php -f test.php (Hello world gets displayed) Test 2) php -f test.php test.log 21 (Hello world gets put into test.log) Test 3) php -f test.php test.log 21 --- I get [1]+ Stopped(SIGTTOU) php -f test.php test.log 21 -- and the job just sits there doing nothing nothing gets logged however lsof shows the log file is open It is something to do with php because a similar shell script gets executed no problems in the background... This has me stumped ... any ideas? TIA Rich -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Laruence Xinchen Hui http://www.laruence.com/ Laruence, while that may be a helpful answer to a few people in the know, just replying back with a single line like that isn't really going to help the people who are having this problem. At least explain why you suggested that, or what it does for those on the list that don't know, especially as it's not a PHP thing, it's a Unix command thing. Richard, some more info on the command Laruence mentioned can be found at http://docstore.mik.ua/orelly/unix/upt/ch12_07.htm which explains it in more detail. -- Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] PHP script won't run in the background
On 19/11/2011 16:09, Laruence wrote: $ stty -tostop makes no difference # stty -tostop # php -f test.php test.log 21 # jobs # [1]+ Stopped(SIGTTOU)php -f test.php test.log 21 Any other ideas? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP script won't run in the background
Laruence, while that may be a helpful answer to a few people in the know, just replying back with a single line like that isn't really going to help the people who are having this problem. At least explain why you suggested that, or what it does for those on the list that don't know, especially as it's not a PHP thing, it's a Unix command thing. Richard, some more info on the command Laruence mentioned can be found at http://docstore.mik.ua/orelly/unix/upt/ch12_07.htm which explains it in more detail. not sure this is relevant as my script is not trying to write to the terminal the test.log 21 is sending stdout and stderr to the log file not the tty... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Script ID?
At 1:47 PM -0400 5/21/11, Adam Richardson wrote: On Sat, May 21, 2011 at 10:11 AM, tedd mailto:t...@sperling.comt...@sperling.com wrote: Hi gang: Okay, so,what's the best (i.e., most secure) way for your script to identify itself *IF* you plan on using that information later, such as the value in an action attribute in a form? For example, I was using: $self = basename($_SERVER['SCRIPT_NAME']); form name=my_form action=?php echo($self); ? method=post However, that was susceptible to XSS. http://www.mc2design.com/blog/php_self-safe-alternativeshttp://www.mc2design.com/blog/php_self-safe-alternatives says a simple action=# would work. But is there a better way? What would do you do solve this? Cheers, tedd Tedd, I'm sorry for the confusion. When I referenced that article, I was speaking to Alex as to why it wouldn't be prudent for you to use PHP_SELF (as he had suggested to avoid an additional function call) as opposed to what you were currently using, basename($_SERVER['SCRIPT_FILENAME']). My point, and the point of the article, was that PHP_SELF requires special precautions. However, script_filename is not susceptible to this type of attack, as it does not include data from the user: http://php.about.com/od/learnphp/qt/_SERVER_PHP.htmhttp://php.about.com/od/learnphp/qt/_SERVER_PHP.htm In fact, basename($_SERVER['SCRIPT_FILENAME']), and basename(__FILE__) were two of the mitigation methods mentioned in the closing of the article. http://php.about.com/od/learnphp/qt/_SERVER_PHP.htmTry it out on your server: h1PHP_SELF (dangerous)/h1 p?php echo $_SERVER['PHP_SELF']; ?/p h1$_SERVER['SCRIPT_FILENAME']/h1 p?php echo $_SERVER['SCRIPT_FILENAME']; ?/p h1$_SERVER['REQUEST_URI'] (dangerous)/h1 p?php echo $_SERVER['REQUEST_URI']; ?/p h1__FILE__/h1 p?php echo __FILE__; ?/p h1basename(__FILE__)/h1 p?php echo basename(__FILE__); ?/p h1basename($_SERVER['SCRIPT_NAME'])/h1 p?php echo basename($_SERVER['SCRIPT_NAME']); ?/p Try to enter the attack vector and you'll see PHP_SELF could be terrible, but the basename option for script_filename and __FILE__ are immune. Again, sorry for the confusion. Adam Adam: Very interesting. As I understand things, to remove a XSS threat from the method, you have to get the script name from something other than a SuperGlobal because SuperGlobals are subject to XXS attacks, right? As such, using a predefined constant should be safe. I don't know how, nor where, PHP gets the value, but I'm assuming it's not from something that can be altered by someone outside the server. So, is that the reason why you say that using __FILE__ is better at getting the running script's name than using $_SERVER['PHP_SELF']? Cheers, tedd -- --- http://sperling.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Script ID?
Hi gang: Okay, so,what's the best (i.e., most secure) way for your script to identify itself *IF* you plan on using that information later, such as the value in an action attribute in a form? For example, I was using: $self = basename($_SERVER['SCRIPT_NAME']); form name=my_form action=?php echo($self); ? method=post However, that was susceptible to XSS. http://www.mc2design.com/blog/php_self-safe-alternatives says a simple action=# would work. But is there a better way? What would do you do solve this? Cheers, tedd -- --- http://sperling.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Script ID?
On Sat, May 21, 2011 at 3:11 PM, tedd t...@sperling.com wrote: Hi gang: Okay, so,what's the best (i.e., most secure) way for your script to identify itself *IF* you plan on using that information later, such as the value in an action attribute in a form? For example, I was using: $self = basename($_SERVER['SCRIPT_NAME']); form name=my_form action=?php echo($self); ? method=post However, that was susceptible to XSS. http://www.mc2design.com/blog/php_self-safe-alternatives says a simple action=# would work. But is there a better way? What would do you do solve this? If you want the form to submit to the same URL that generated the form, I'd recommend using $_SERVER['REQUEST_URI']. You can also omit the action attribute entirely which, in my experience, will cause the browser to submit to the current URL. I have no idea whether that's part of the HTML spec, but that's the behaviour I've always observed. Alternatively, by my reckoning, you could make your use of PHP_SELF safe by applying rawurlencode to $self when you put it in the action, but that's only after 30 seconds of thinking about it. -Stuart -- Stuart Dallas 3ft9 Ltd http://3ft9.com/
RE: [PHP] Script ID?
I use define('page1, 1); Richard L. Buskirk -Original Message- From: tedd [mailto:t...@sperling.com] Sent: Saturday, May 21, 2011 10:11 AM To: PHP General Subject: [PHP] Script ID? Hi gang: Okay, so,what's the best (i.e., most secure) way for your script to identify itself *IF* you plan on using that information later, such as the value in an action attribute in a form? For example, I was using: $self = basename($_SERVER['SCRIPT_NAME']); form name=my_form action=?php echo($self); ? method=post However, that was susceptible to XSS. http://www.mc2design.com/blog/php_self-safe-alternatives says a simple action=# would work. But is there a better way? What would do you do solve this? Cheers, tedd -- --- http://sperling.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Script ID?
On Sat, 2011-05-21 at 10:11 -0400, tedd wrote: Hi gang: Okay, so,what's the best (i.e., most secure) way for your script to identify itself *IF* you plan on using that information later, such as the value in an action attribute in a form? For example, I was using: $self = basename($_SERVER['SCRIPT_NAME']); form name=my_form action=?php echo($self); ? method=post However, that was susceptible to XSS. http://www.mc2design.com/blog/php_self-safe-alternatives says a simple action=# would work. But is there a better way? What would do you do solve this? Cheers, tedd -- --- http://sperling.com/ I never use the action attribute if the form is posting to itself, as the default action I've seen in any browser since the days of IE3 has been for forms to post to themselves if no other action has been specified. Having read that link you posted, I realise that missing the action attribute out altogether would too be affected by the base element. However, looking at the output of $_SERVER again, couldn't you just subtract the value of PATH_INFO from the value of PHP_SELF, or only use the portion of PHP self that didn't include PATH_INFO? ?php if(isset($_SERVER['PATH_INFO']) { $safe_self = substr($_SERVER['PHP_SELF'], 0, strpos($_SERVER['PHP_SELF'], $_SERVER['PATH_INFO'])); } else { $safe_self = $_SERVER['PHP_SELF']; } echo $safe_self; ? I've just tested this here and it seems to do the trick -- Thanks, Ash http://www.ashleysheridan.co.uk
RE: [PHP] Script ID?
So sorry Tedd, I was typing away with the rest of that and after hitting send I notice all I sent was the define. define('PAGE_1', 1); I use define because sometimes I want o know what script included another and if that script does not have a defined value I do not allow it to run. Just be careful I noticed with integers it will fail to hold the value if it has a leading zero. Richard L. Buskirk -Original Message- From: tedd [mailto:t...@sperling.com] Sent: Saturday, May 21, 2011 10:11 AM To: PHP General Subject: [PHP] Script ID? Hi gang: Okay, so,what's the best (i.e., most secure) way for your script to identify itself *IF* you plan on using that information later, such as the value in an action attribute in a form? For example, I was using: $self = basename($_SERVER['SCRIPT_NAME']); form name=my_form action=?php echo($self); ? method=post However, that was susceptible to XSS. http://www.mc2design.com/blog/php_self-safe-alternatives says a simple action=# would work. But is there a better way? What would do you do solve this? Cheers, tedd -- --- http://sperling.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Script ID?
On 21 May 2011 16:18, Stuart Dallas stu...@3ft9.com wrote: On Sat, May 21, 2011 at 3:11 PM, tedd t...@sperling.com wrote: Hi gang: Okay, so,what's the best (i.e., most secure) way for your script to identify itself *IF* you plan on using that information later, such as the value in an action attribute in a form? For example, I was using: $self = basename($_SERVER['SCRIPT_NAME']); form name=my_form action=?php echo($self); ? method=post However, that was susceptible to XSS. http://www.mc2design.com/blog/php_self-safe-alternatives says a simple action=# would work. But is there a better way? What would do you do solve this? If you want the form to submit to the same URL that generated the form, I'd recommend using $_SERVER['REQUEST_URI']. You can also omit the action attribute entirely which, in my experience, will cause the browser to submit to the current URL. I have no idea whether that's part of the HTML spec, but that's the behaviour I've always observed. REQUEST_URI is as susceptible to XSS as the others. Omitting url entirely (in case of posting a form, say) works in most browsers but is known to fail in others (atm I can't recall which but Google should know). Both '?' and '#' will generally work, but are prone to problems with the base element. Alternatively, by my reckoning, you could make your use of PHP_SELF safe by applying rawurlencode to $self when you put it in the action, but that's only after 30 seconds of thinking about it. rawurlencode encodes forward slashes (and many other things). Not what you're looking for. Apart from that, there is no single solution to the issue: if you're doing url rewrites, then you could use your route-to-url function instead of relying on any server variables. If your script is called directly instead, then use the part of the request uri up till and including the match for __FILE__. Regards Peter -- hype WWW: plphp.dk / plind.dk LinkedIn: plind BeWelcome/Couchsurfing: Fake51 Twitter: kafe15 /hype -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Script ID?
On Sat, May 21, 2011 at 3:35 PM, Peter Lind peter.e.l...@gmail.com wrote: On 21 May 2011 16:18, Stuart Dallas stu...@3ft9.com wrote: On Sat, May 21, 2011 at 3:11 PM, tedd t...@sperling.com wrote: Hi gang: Okay, so,what's the best (i.e., most secure) way for your script to identify itself *IF* you plan on using that information later, such as the value in an action attribute in a form? For example, I was using: $self = basename($_SERVER['SCRIPT_NAME']); form name=my_form action=?php echo($self); ? method=post However, that was susceptible to XSS. http://www.mc2design.com/blog/php_self-safe-alternatives says a simple action=# would work. But is there a better way? What would do you do solve this? If you want the form to submit to the same URL that generated the form, I'd recommend using $_SERVER['REQUEST_URI']. You can also omit the action attribute entirely which, in my experience, will cause the browser to submit to the current URL. I have no idea whether that's part of the HTML spec, but that's the behaviour I've always observed. REQUEST_URI is as susceptible to XSS as the others. Omitting url entirely (in case of posting a form, say) works in most browsers but is known to fail in others (atm I can't recall which but Google should know). Both '?' and '#' will generally work, but are prone to problems with the base element. Yup, should have said that anything you use should be escaped. Alternatively, by my reckoning, you could make your use of PHP_SELF safe by applying rawurlencode to $self when you put it in the action, but that's only after 30 seconds of thinking about it. rawurlencode encodes forward slashes (and many other things). Not what you're looking for. Note that I said your use, and tedd is running basename on the PHP_SELF variable before using it so the escaping of forward slashes is not an issue here hence why I didn't mention it. Apart from that, there is no single solution to the issue: if you're doing url rewrites, then you could use your route-to-url function instead of relying on any server variables. If your script is called directly instead, then use the part of the request uri up till and including the match for __FILE__. There is a single solution... know what URL you should be using at any given point without making it depend on user(/browser)-supplied data. If you don't know what URL you should be using at any given point, your architecture is fundamentally flawed, whether than means passing it into shared code from elsewhere, or using a single block of code to generate your URLs. In my opinion you should never be generating URLs based on the URL that was used to request the page. If you must generate it using that source, rawurlencode is still the way to go. To get around the forward slash issue, replace all / with ~~~ (or similar text that won't be modified by rawurlencode), run rawurlencode then replace ~~~ with /. Wrap that up in a nice little function, and apply liberally. -Stuart -- Stuart Dallas 3ft9 Ltd http://3ft9.com/
Re: [PHP] Script ID?
On 21 May 2011 17:01, Stuart Dallas stu...@3ft9.com wrote: On Sat, May 21, 2011 at 3:35 PM, Peter Lind peter.e.l...@gmail.com wrote: On 21 May 2011 16:18, Stuart Dallas stu...@3ft9.com wrote: On Sat, May 21, 2011 at 3:11 PM, tedd t...@sperling.com wrote: Hi gang: Okay, so,what's the best (i.e., most secure) way for your script to identify itself *IF* you plan on using that information later, such as the value in an action attribute in a form? For example, I was using: $self = basename($_SERVER['SCRIPT_NAME']); form name=my_form action=?php echo($self); ? method=post However, that was susceptible to XSS. http://www.mc2design.com/blog/php_self-safe-alternatives says a simple action=# would work. But is there a better way? What would do you do solve this? If you want the form to submit to the same URL that generated the form, I'd recommend using $_SERVER['REQUEST_URI']. You can also omit the action attribute entirely which, in my experience, will cause the browser to submit to the current URL. I have no idea whether that's part of the HTML spec, but that's the behaviour I've always observed. REQUEST_URI is as susceptible to XSS as the others. Omitting url entirely (in case of posting a form, say) works in most browsers but is known to fail in others (atm I can't recall which but Google should know). Both '?' and '#' will generally work, but are prone to problems with the base element. Yup, should have said that anything you use should be escaped. Alternatively, by my reckoning, you could make your use of PHP_SELF safe by applying rawurlencode to $self when you put it in the action, but that's only after 30 seconds of thinking about it. rawurlencode encodes forward slashes (and many other things). Not what you're looking for. Note that I said your use, and tedd is running basename on the PHP_SELF variable before using it so the escaping of forward slashes is not an issue here hence why I didn't mention it. Apart from that, there is no single solution to the issue: if you're doing url rewrites, then you could use your route-to-url function instead of relying on any server variables. If your script is called directly instead, then use the part of the request uri up till and including the match for __FILE__. There is a single solution... know what URL you should be using at any given point without making it depend on user(/browser)-supplied data. If you don't know what URL you should be using at any given point, your architecture is fundamentally flawed, whether than means passing it into shared code from elsewhere, or using a single block of code to generate your URLs. In my opinion you should never be generating URLs based on the URL that was used to request the page. That is not a single solution - that is a general approach, for which the solution will look different based on whether or not you use url rewriting, actual script filenames, etc. etc. The point wasn't that there are no solutions, just that the solution to Tedd's problem depends upon how he's doing PHP in general. If you must generate it using that source, rawurlencode is still the way to go. To get around the forward slash issue, replace all / with ~~~ (or similar text that won't be modified by rawurlencode), run rawurlencode then replace ~~~ with /. Wrap that up in a nice little function, and apply liberally. Again, this depends upon what your url scheme looks like - and without knowing that, there's simple no clue as to whether or not this is a good solution to the problem (though it might be a good solution to A problem). Regards Peter -- hype WWW: plphp.dk / plind.dk LinkedIn: plind BeWelcome/Couchsurfing: Fake51 Twitter: kafe15 /hype -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Script ID?
On Sat, May 21, 2011 at 4:07 PM, Peter Lind peter.e.l...@gmail.com wrote: On 21 May 2011 17:01, Stuart Dallas stu...@3ft9.com wrote: On Sat, May 21, 2011 at 3:35 PM, Peter Lind peter.e.l...@gmail.com wrote: On 21 May 2011 16:18, Stuart Dallas stu...@3ft9.com wrote: On Sat, May 21, 2011 at 3:11 PM, tedd t...@sperling.com wrote: Hi gang: Okay, so,what's the best (i.e., most secure) way for your script to identify itself *IF* you plan on using that information later, such as the value in an action attribute in a form? For example, I was using: $self = basename($_SERVER['SCRIPT_NAME']); form name=my_form action=?php echo($self); ? method=post However, that was susceptible to XSS. http://www.mc2design.com/blog/php_self-safe-alternatives says a simple action=# would work. But is there a better way? What would do you do solve this? If you want the form to submit to the same URL that generated the form, I'd recommend using $_SERVER['REQUEST_URI']. You can also omit the action attribute entirely which, in my experience, will cause the browser to submit to the current URL. I have no idea whether that's part of the HTML spec, but that's the behaviour I've always observed. REQUEST_URI is as susceptible to XSS as the others. Omitting url entirely (in case of posting a form, say) works in most browsers but is known to fail in others (atm I can't recall which but Google should know). Both '?' and '#' will generally work, but are prone to problems with the base element. Yup, should have said that anything you use should be escaped. Alternatively, by my reckoning, you could make your use of PHP_SELF safe by applying rawurlencode to $self when you put it in the action, but that's only after 30 seconds of thinking about it. rawurlencode encodes forward slashes (and many other things). Not what you're looking for. Note that I said your use, and tedd is running basename on the PHP_SELF variable before using it so the escaping of forward slashes is not an issue here hence why I didn't mention it. Apart from that, there is no single solution to the issue: if you're doing url rewrites, then you could use your route-to-url function instead of relying on any server variables. If your script is called directly instead, then use the part of the request uri up till and including the match for __FILE__. There is a single solution... know what URL you should be using at any given point without making it depend on user(/browser)-supplied data. If you don't know what URL you should be using at any given point, your architecture is fundamentally flawed, whether than means passing it into shared code from elsewhere, or using a single block of code to generate your URLs. In my opinion you should never be generating URLs based on the URL that was used to request the page. That is not a single solution - that is a general approach, for which the solution will look different based on whether or not you use url rewriting, actual script filenames, etc. etc. The point wasn't that there are no solutions, just that the solution to Tedd's problem depends upon how he's doing PHP in general. I disagree, but I think it's more semantics than substance. By taking the general approach of knowing what URLs you should be using everywhere in your site without needing to take hints from the current URL, the problem goes away... ergo it's a solution. The way you know what URLs you need at any given point may look slightly different (whether you hard-code them or use a central function to generate them), but the general approach is a solution to the problem of XSS coming from the use of derived URLs. If you must generate it using that source, rawurlencode is still the way to go. To get around the forward slash issue, replace all / with ~~~ (or similar text that won't be modified by rawurlencode), run rawurlencode then replace ~~~ with /. Wrap that up in a nice little function, and apply liberally. Again, this depends upon what your url scheme looks like - and without knowing that, there's simple no clue as to whether or not this is a good solution to the problem (though it might be a good solution to A problem). Again, I disagree. If you have an example of a URL structure where this would not work I'd love to hear it. -Stuart -- Stuart Dallas 3ft9 Ltd http://3ft9.com/
Re: [PHP] Script ID?
On 21 May 2011 17:18, Stuart Dallas stu...@3ft9.com wrote: *snip* Again, this depends upon what your url scheme looks like - and without knowing that, there's simple no clue as to whether or not this is a good solution to the problem (though it might be a good solution to A problem). Again, I disagree. If you have an example of a URL structure where this would not work I'd love to hear it. -Stuart Having to replace several times just in order to figure out the path to your script is pointless if you know the name of the script (which you always do - it's __FILE__ ) and you're using a one-to-one request-to-script scheme. Then just grab the part of the url up to and including your scriptname. Note I used the word good - doing several str_replace() and other calls is not what I consider a good solution if there's something simpler available with as good a result. Regards Peter -- hype WWW: plphp.dk / plind.dk LinkedIn: plind BeWelcome/Couchsurfing: Fake51 Twitter: kafe15 /hype -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Script ID?
On Sat, May 21, 2011 at 4:24 PM, Peter Lind peter.e.l...@gmail.com wrote: On 21 May 2011 17:18, Stuart Dallas stu...@3ft9.com wrote: *snip* Again, this depends upon what your url scheme looks like - and without knowing that, there's simple no clue as to whether or not this is a good solution to the problem (though it might be a good solution to A problem). Again, I disagree. If you have an example of a URL structure where this would not work I'd love to hear it. -Stuart Having to replace several times just in order to figure out the path to your script is pointless if you know the name of the script (which you always do - it's __FILE__ ) and you're using a one-to-one request-to-script scheme. Then just grab the part of the url up to and including your scriptname. Well, it would be basename(__FILE__), but that's beside the point. In this particular case, where the PHP filename is the last part of the URL, that will indeed work. However, as you have pointed out several times that's not always the case and I tend to write generic, defensive code rather than make assumptions. Note I used the word good - doing several str_replace() and other calls is not what I consider a good solution if there's something simpler available with as good a result. Obviously that's your choice to make, but these days I very rarely work on projects where there is a one-to-one mapping, and even if I did I would not rely on that always being the case. I've worked on a number of projects where the URL structure has been massively changed (a couple from one-to-one to controller-based) where it would have taking an excessive amount of time to undo that assumption. Using rawurlencode on $_SERVER['REQUEST_URI'] is flexible, largely future-proof and takes no more effort than the manipulation you are doing on __FILE__ to get the same result. Given the choice I'll always go for 10% extra work now to save 90% extra work later, even if it's only potential work later. -Stuart -- Stuart Dallas 3ft9 Ltd http://3ft9.com/
Re: [PHP] Script ID?
On Sat, 2011-05-21 at 16:34 +0100, Stuart Dallas wrote: On Sat, May 21, 2011 at 4:24 PM, Peter Lind peter.e.l...@gmail.com wrote: On 21 May 2011 17:18, Stuart Dallas stu...@3ft9.com wrote: *snip* Again, this depends upon what your url scheme looks like - and without knowing that, there's simple no clue as to whether or not this is a good solution to the problem (though it might be a good solution to A problem). Again, I disagree. If you have an example of a URL structure where this would not work I'd love to hear it. -Stuart Having to replace several times just in order to figure out the path to your script is pointless if you know the name of the script (which you always do - it's __FILE__ ) and you're using a one-to-one request-to-script scheme. Then just grab the part of the url up to and including your scriptname. Well, it would be basename(__FILE__), but that's beside the point. In this particular case, where the PHP filename is the last part of the URL, that will indeed work. However, as you have pointed out several times that's not always the case and I tend to write generic, defensive code rather than make assumptions. Note I used the word good - doing several str_replace() and other calls is not what I consider a good solution if there's something simpler available with as good a result. Obviously that's your choice to make, but these days I very rarely work on projects where there is a one-to-one mapping, and even if I did I would not rely on that always being the case. I've worked on a number of projects where the URL structure has been massively changed (a couple from one-to-one to controller-based) where it would have taking an excessive amount of time to undo that assumption. Using rawurlencode on $_SERVER['REQUEST_URI'] is flexible, largely future-proof and takes no more effort than the manipulation you are doing on __FILE__ to get the same result. Given the choice I'll always go for 10% extra work now to save 90% extra work later, even if it's only potential work later. -Stuart I'm not sure if anyone had the chance to look over my code suggestion, but afaict it does the job, although I've only given it very rudimentary testing. It doesn't require you to know the page the form is on in advance, it strips out the correct info from the supplied URL, and is simple enough that you could even run it all on one line if you didn't mind nested tertiary conditionals. -- Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] Script ID?
On Sat, May 21, 2011 at 4:48 PM, Ashley Sheridan a...@ashleysheridan.co.ukwrote: On Sat, 2011-05-21 at 16:47 +0100, Stuart Dallas wrote: On Sat, May 21, 2011 at 4:42 PM, Ashley Sheridan a...@ashleysheridan.co.ukwrote: On Sat, 2011-05-21 at 16:34 +0100, Stuart Dallas wrote: On Sat, May 21, 2011 at 4:24 PM, Peter Lind peter.e.l...@gmail.com wrote: On 21 May 2011 17:18, Stuart Dallas stu...@3ft9.com wrote: *snip* Again, this depends upon what your url scheme looks like - and without knowing that, there's simple no clue as to whether or not this is a good solution to the problem (though it might be a good solution to A problem). Again, I disagree. If you have an example of a URL structure where this would not work I'd love to hear it. -Stuart Having to replace several times just in order to figure out the path to your script is pointless if you know the name of the script (which you always do - it's __FILE__ ) and you're using a one-to-one request-to-script scheme. Then just grab the part of the url up to and including your scriptname. Well, it would be basename(__FILE__), but that's beside the point. In this particular case, where the PHP filename is the last part of the URL, that will indeed work. However, as you have pointed out several times that's not always the case and I tend to write generic, defensive code rather than make assumptions. Note I used the word good - doing several str_replace() and other calls is not what I consider a good solution if there's something simpler available with as good a result. Obviously that's your choice to make, but these days I very rarely work on projects where there is a one-to-one mapping, and even if I did I would not rely on that always being the case. I've worked on a number of projects where the URL structure has been massively changed (a couple from one-to-one to controller-based) where it would have taking an excessive amount of time to undo that assumption. Using rawurlencode on $_SERVER['REQUEST_URI'] is flexible, largely future-proof and takes no more effort than the manipulation you are doing on __FILE__ to get the same result. Given the choice I'll always go for 10% extra work now to save 90% extra work later, even if it's only potential work later. -Stuart I'm not sure if anyone had the chance to look over my code suggestion, but afaict it does the job, although I've only given it very rudimentary testing. It doesn't require you to know the page the form is on in advance, it strips out the correct info from the supplied URL, and is simple enough that you could even run it all on one line if you didn't mind nested tertiary conditionals. If 404 responses show a custom page containing a form that uses your code then it's still an XSS risk, but other than that it looks safe. However, based on that single risk (and there may be others) I'd never use it because you never know when someone will change the server config. -Stuart What would the risk on the 404 page be? I must admit, I don't know a huge amount about XSS attacks, so this one is new to me. A similar URL to the one in the URL tedd posted ( http://www.mc2design.com/blog/php_self-safe-alternatives). Something like this... http://www.server.com/%22%3E%3Cscript%3Ealert('xss attack')%3C/script%3E That script code will not be seen as PATH_INFO, it will simply be part of the URL. -Stuart -- Stuart Dallas 3ft9 Ltd http://3ft9.com/
Re: [PHP] Script ID?
On Sat, 2011-05-21 at 16:53 +0100, Stuart Dallas wrote: On Sat, May 21, 2011 at 4:48 PM, Ashley Sheridan a...@ashleysheridan.co.ukwrote: On Sat, 2011-05-21 at 16:47 +0100, Stuart Dallas wrote: On Sat, May 21, 2011 at 4:42 PM, Ashley Sheridan a...@ashleysheridan.co.ukwrote: On Sat, 2011-05-21 at 16:34 +0100, Stuart Dallas wrote: On Sat, May 21, 2011 at 4:24 PM, Peter Lind peter.e.l...@gmail.com wrote: On 21 May 2011 17:18, Stuart Dallas stu...@3ft9.com wrote: *snip* Again, this depends upon what your url scheme looks like - and without knowing that, there's simple no clue as to whether or not this is a good solution to the problem (though it might be a good solution to A problem). Again, I disagree. If you have an example of a URL structure where this would not work I'd love to hear it. -Stuart Having to replace several times just in order to figure out the path to your script is pointless if you know the name of the script (which you always do - it's __FILE__ ) and you're using a one-to-one request-to-script scheme. Then just grab the part of the url up to and including your scriptname. Well, it would be basename(__FILE__), but that's beside the point. In this particular case, where the PHP filename is the last part of the URL, that will indeed work. However, as you have pointed out several times that's not always the case and I tend to write generic, defensive code rather than make assumptions. Note I used the word good - doing several str_replace() and other calls is not what I consider a good solution if there's something simpler available with as good a result. Obviously that's your choice to make, but these days I very rarely work on projects where there is a one-to-one mapping, and even if I did I would not rely on that always being the case. I've worked on a number of projects where the URL structure has been massively changed (a couple from one-to-one to controller-based) where it would have taking an excessive amount of time to undo that assumption. Using rawurlencode on $_SERVER['REQUEST_URI'] is flexible, largely future-proof and takes no more effort than the manipulation you are doing on __FILE__ to get the same result. Given the choice I'll always go for 10% extra work now to save 90% extra work later, even if it's only potential work later. -Stuart I'm not sure if anyone had the chance to look over my code suggestion, but afaict it does the job, although I've only given it very rudimentary testing. It doesn't require you to know the page the form is on in advance, it strips out the correct info from the supplied URL, and is simple enough that you could even run it all on one line if you didn't mind nested tertiary conditionals. If 404 responses show a custom page containing a form that uses your code then it's still an XSS risk, but other than that it looks safe. However, based on that single risk (and there may be others) I'd never use it because you never know when someone will change the server config. -Stuart What would the risk on the 404 page be? I must admit, I don't know a huge amount about XSS attacks, so this one is new to me. A similar URL to the one in the URL tedd posted ( http://www.mc2design.com/blog/php_self-safe-alternatives). Something like this... http://www.server.com/%22%3E%3Cscript%3Ealert('xss attack')%3C/script%3E That script code will not be seen as PATH_INFO, it will simply be part of the URL. -Stuart Ah, I see, but it shouldn't be too difficult to use some other variable in the $_SERVER array. Anyway, if you are displaying a form on a 404 error page, you won't want it to post to itself, as where is the processing going to be done? If you have a system that can process it, then it should be capable of ensuring the form posts back to a safe area, such as the home area of the site. -- Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] Script ID?
On Sat, May 21, 2011 at 4:57 PM, Peter Lind peter.e.l...@gmail.com wrote: On 21 May 2011 17:34, Stuart Dallas stu...@3ft9.com wrote: On Sat, May 21, 2011 at 4:24 PM, Peter Lind peter.e.l...@gmail.com wrote: On 21 May 2011 17:18, Stuart Dallas stu...@3ft9.com wrote: *snip* Again, this depends upon what your url scheme looks like - and without knowing that, there's simple no clue as to whether or not this is a good solution to the problem (though it might be a good solution to A problem). Again, I disagree. If you have an example of a URL structure where this would not work I'd love to hear it. -Stuart Having to replace several times just in order to figure out the path to your script is pointless if you know the name of the script (which you always do - it's __FILE__ ) and you're using a one-to-one request-to-script scheme. Then just grab the part of the url up to and including your scriptname. Well, it would be basename(__FILE__), but that's beside the point. In this particular case, where the PHP filename is the last part of the URL, that will indeed work. However, as you have pointed out several times that's not always the case and I tend to write generic, defensive code rather than make assumptions. Not a bad habit. I would personally go with let's either find out or make a decision instead of wasting time on coding for situations that will crop up. Assumptions cost money, and if you haven't discovered that yet then you've either not been in the software development game very long or you've been lucky so far. Hold on to that feeling, cos you can't get it back when it's gone! -Stuart -- Stuart Dallas 3ft9 Ltd http://3ft9.com/
Re: [PHP] Script ID?
On Sat, May 21, 2011 at 5:02 PM, Ashley Sheridan a...@ashleysheridan.co.ukwrote: On Sat, 2011-05-21 at 16:53 +0100, Stuart Dallas wrote: On Sat, May 21, 2011 at 4:48 PM, Ashley Sheridan a...@ashleysheridan.co.ukwrote: On Sat, 2011-05-21 at 16:47 +0100, Stuart Dallas wrote: On Sat, May 21, 2011 at 4:42 PM, Ashley Sheridan a...@ashleysheridan.co.ukwrote: On Sat, 2011-05-21 at 16:34 +0100, Stuart Dallas wrote: On Sat, May 21, 2011 at 4:24 PM, Peter Lind peter.e.l...@gmail.com wrote: On 21 May 2011 17:18, Stuart Dallas stu...@3ft9.com wrote: *snip* Again, this depends upon what your url scheme looks like - and without knowing that, there's simple no clue as to whether or not this is a good solution to the problem (though it might be a good solution to A problem). Again, I disagree. If you have an example of a URL structure where this would not work I'd love to hear it. -Stuart Having to replace several times just in order to figure out the path to your script is pointless if you know the name of the script (which you always do - it's __FILE__ ) and you're using a one-to-one request-to-script scheme. Then just grab the part of the url up to and including your scriptname. Well, it would be basename(__FILE__), but that's beside the point. In this particular case, where the PHP filename is the last part of the URL, that will indeed work. However, as you have pointed out several times that's not always the case and I tend to write generic, defensive code rather than make assumptions. Note I used the word good - doing several str_replace() and other calls is not what I consider a good solution if there's something simpler available with as good a result. Obviously that's your choice to make, but these days I very rarely work on projects where there is a one-to-one mapping, and even if I did I would not rely on that always being the case. I've worked on a number of projects where the URL structure has been massively changed (a couple from one-to-one to controller-based) where it would have taking an excessive amount of time to undo that assumption. Using rawurlencode on $_SERVER['REQUEST_URI'] is flexible, largely future-proof and takes no more effort than the manipulation you are doing on __FILE__ to get the same result. Given the choice I'll always go for 10% extra work now to save 90% extra work later, even if it's only potential work later. -Stuart I'm not sure if anyone had the chance to look over my code suggestion, but afaict it does the job, although I've only given it very rudimentary testing. It doesn't require you to know the page the form is on in advance, it strips out the correct info from the supplied URL, and is simple enough that you could even run it all on one line if you didn't mind nested tertiary conditionals. If 404 responses show a custom page containing a form that uses your code then it's still an XSS risk, but other than that it looks safe. However, based on that single risk (and there may be others) I'd never use it because you never know when someone will change the server config. -Stuart What would the risk on the 404 page be? I must admit, I don't know a huge amount about XSS attacks, so this one is new to me. A similar URL to the one in the URL tedd posted (http://www.mc2design.com/blog/php_self-safe-alternatives). Something like this... http://www.server.com/%22%3E%3Cscript%3Ealert('xss attack')%3C/script%3E That script code will not be seen as PATH_INFO, it will simply be part of the URL. -Stuart Ah, I see, but it shouldn't be too difficult to use some other variable in the $_SERVER array. Anyway, if you are displaying a form on a 404 error page, you won't want it to post to itself, as where is the processing going to be done? If you have a system that can process it, then it should be capable of ensuring the form posts back to a safe area, such as the home area of the site. Any variable in the $_SERVER array that contains the current URL in some form will likely suffer from the same issue. The example I gave there was very simple. Imagine a site with a very dynamic and complex URL structure and you can imagine a situation where this vulnerability might crop up. -Stuart -- Stuart Dallas 3ft9 Ltd http://3ft9.com/
Re: [PHP] Script ID?
On 21 May 2011 18:05, Stuart Dallas stu...@3ft9.com wrote: On Sat, May 21, 2011 at 4:57 PM, Peter Lind peter.e.l...@gmail.com wrote: On 21 May 2011 17:34, Stuart Dallas stu...@3ft9.com wrote: On Sat, May 21, 2011 at 4:24 PM, Peter Lind peter.e.l...@gmail.com wrote: On 21 May 2011 17:18, Stuart Dallas stu...@3ft9.com wrote: *snip* Again, this depends upon what your url scheme looks like - and without knowing that, there's simple no clue as to whether or not this is a good solution to the problem (though it might be a good solution to A problem). Again, I disagree. If you have an example of a URL structure where this would not work I'd love to hear it. -Stuart Having to replace several times just in order to figure out the path to your script is pointless if you know the name of the script (which you always do - it's __FILE__ ) and you're using a one-to-one request-to-script scheme. Then just grab the part of the url up to and including your scriptname. Well, it would be basename(__FILE__), but that's beside the point. In this particular case, where the PHP filename is the last part of the URL, that will indeed work. However, as you have pointed out several times that's not always the case and I tend to write generic, defensive code rather than make assumptions. Not a bad habit. I would personally go with let's either find out or make a decision instead of wasting time on coding for situations that will crop up. Assumptions cost money, and if you haven't discovered that yet then you've either not been in the software development game very long or you've been lucky so far. Hold on to that feeling, cos you can't get it back when it's gone! Assumptions and knowledge are two different things. If you haven't discovered that yet then you've either not been in the software development game very long or you've been doing things wrong so far. I suggest spending some time checking up on the difference. Regards Peter -- hype WWW: plphp.dk / plind.dk LinkedIn: plind BeWelcome/Couchsurfing: Fake51 Twitter: kafe15 /hype -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Script ID?
On Sat, May 21, 2011 at 5:14 PM, Peter Lind peter.e.l...@gmail.com wrote: On 21 May 2011 18:05, Stuart Dallas stu...@3ft9.com wrote: On Sat, May 21, 2011 at 4:57 PM, Peter Lind peter.e.l...@gmail.com wrote: On 21 May 2011 17:34, Stuart Dallas stu...@3ft9.com wrote: On Sat, May 21, 2011 at 4:24 PM, Peter Lind peter.e.l...@gmail.com wrote: On 21 May 2011 17:18, Stuart Dallas stu...@3ft9.com wrote: *snip* Again, this depends upon what your url scheme looks like - and without knowing that, there's simple no clue as to whether or not this is a good solution to the problem (though it might be a good solution to A problem). Again, I disagree. If you have an example of a URL structure where this would not work I'd love to hear it. -Stuart Having to replace several times just in order to figure out the path to your script is pointless if you know the name of the script (which you always do - it's __FILE__ ) and you're using a one-to-one request-to-script scheme. Then just grab the part of the url up to and including your scriptname. Well, it would be basename(__FILE__), but that's beside the point. In this particular case, where the PHP filename is the last part of the URL, that will indeed work. However, as you have pointed out several times that's not always the case and I tend to write generic, defensive code rather than make assumptions. Not a bad habit. I would personally go with let's either find out or make a decision instead of wasting time on coding for situations that will crop up. Assumptions cost money, and if you haven't discovered that yet then you've either not been in the software development game very long or you've been lucky so far. Hold on to that feeling, cos you can't get it back when it's gone! Assumptions and knowledge are two different things. If you haven't discovered that yet then you've either not been in the software development game very long or you've been doing things wrong so far. I suggest spending some time checking up on the difference. You can't know everything, and anything you do know is only true as of right now. You can't control the future and all predictions you make are based on assumptions, and if/when your assumptions turn out to be wrong it will cost money. Trust me on that. http://en.wikipedia.org/wiki/Defensive_programming You do things your way and I'll do things my way. Best of luck to you. -Stuart -- Stuart Dallas 3ft9 Ltd http://3ft9.com/
Re: [PHP] Script ID?
On 21 May 2011 18:26, Stuart Dallas stu...@3ft9.com wrote: *snip* http://en.wikipedia.org/wiki/Defensive_programming You do things your way and I'll do things my way. Best of luck to you. Thank you for your condescending tone. Best of luck to you too. Regards Peter -- hype WWW: plphp.dk / plind.dk LinkedIn: plind BeWelcome/Couchsurfing: Fake51 Twitter: kafe15 /hype -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Script ID?
On 21 May 2011 18:42, Stuart Dallas stu...@3ft9.com wrote: On Sat, May 21, 2011 at 5:33 PM, Peter Lind peter.e.l...@gmail.com wrote: On 21 May 2011 18:26, Stuart Dallas stu...@3ft9.com wrote: *snip* http://en.wikipedia.org/wiki/Defensive_programming You do things your way and I'll do things my way. Best of luck to you. Thank you for your condescending tone. Best of luck to you too. It is regrettable if you took offence, but I stand by my tone. I've cleaned up too many messes over the years that were caused by careless (and in some cases incompetent) assumptions that I have little time for anyone who doesn't see the value in expecting the unexpected. Yet you assume that I have no experience, have never cleaned up messes after others, and generally have no clue what I'm talking about. At no point did I state that I see no value in expecting the unexpected or that I disagree with defensive programming. What I did state is that I prefer clearing up any unclear areas and remove assumptions - if I end up spending most of my time doing defensive programming because I haven't cleared up the specifications with the client, then I have done a very poor job. Anyway, I doubt there's much point in continuing the conversation - you seem to have a set worldview and it appears that my role in it is the same regardless of what I state from here on out. So: best of luck to you. Regards Peter -- hype WWW: plphp.dk / plind.dk LinkedIn: plind BeWelcome/Couchsurfing: Fake51 Twitter: kafe15 /hype -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Script ID?
On Sat, May 21, 2011 at 5:33 PM, Peter Lind peter.e.l...@gmail.com wrote: On 21 May 2011 18:26, Stuart Dallas stu...@3ft9.com wrote: *snip* http://en.wikipedia.org/wiki/Defensive_programming You do things your way and I'll do things my way. Best of luck to you. Thank you for your condescending tone. Best of luck to you too. It is regrettable if you took offence, but I stand by my tone. I've cleaned up too many messes over the years that were caused by careless (and in some cases incompetent) assumptions that I have little time for anyone who doesn't see the value in expecting the unexpected. -Stuart -- Stuart Dallas 3ft9 Ltd http://3ft9.com/
Re: [PHP] Script ID?
On May 21, 2011, at 9:11 AM, tedd wrote: Hi gang: Okay, so,what's the best (i.e., most secure) way for your script to identify itself *IF* you plan on using that information later, such as the value in an action attribute in a form? For example, I was using: $self = basename($_SERVER['SCRIPT_NAME']); form name=my_form action=?php echo($self); ? method=post However, that was susceptible to XSS. http://www.mc2design.com/blog/php_self-safe-alternatives says a simple action=# would work. But is there a better way? What would do you do solve this? Cheers, tedd -- --- http://sperling.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Hi, everyone. I've been following this thread, and as I am not that familiar with XSS attacks, I went searching for information about them. I did find this: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet which may help others like me begin to understand the issue. That said, I really don't understand how using something like $self=basename($_SERVER['SCRIPT_NAME']); becomes vulnerable to an XSS attack. Can someone explain to me how this works? Then I might be able to understand how to prevent it. Thanks. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Script ID?
On Sat, May 21, 2011 at 6:00 PM, Peter Lind peter.e.l...@gmail.com wrote: On 21 May 2011 18:42, Stuart Dallas stu...@3ft9.com wrote: On Sat, May 21, 2011 at 5:33 PM, Peter Lind peter.e.l...@gmail.com wrote: On 21 May 2011 18:26, Stuart Dallas stu...@3ft9.com wrote: *snip* http://en.wikipedia.org/wiki/Defensive_programming You do things your way and I'll do things my way. Best of luck to you. Thank you for your condescending tone. Best of luck to you too. It is regrettable if you took offence, but I stand by my tone. I've cleaned up too many messes over the years that were caused by careless (and in some cases incompetent) assumptions that I have little time for anyone who doesn't see the value in expecting the unexpected. Yet you assume that I have no experience, have never cleaned up messes after others, and generally have no clue what I'm talking about. At no point did I state that I see no value in expecting the unexpected or that I disagree with defensive programming. What I did state is that I prefer clearing up any unclear areas and remove assumptions - if I end up spending most of my time doing defensive programming because I haven't cleared up the specifications with the client, then I have done a very poor job. Any assumptions I made regarding your level of experience came from this comment.. [I would personally go with let's either find out or make a decision instead of wasting time on coding for situations that will crop up.] Aside from the presumably erroneous use of will instead of may, this suggests to me that you are the type of developer who writes code in the quickest way possible without any concern for its quality or its use beyond your involvement. Maybe I'm wrong, but I can only go by the evidence that's presented. My primary point was that you have not removed assumptions. You may think you have by putting restrictions on the environment in which your code runs, but as I said earlier, the larger a project becomes the less likely it will be that those conditions are going to remain in place. So, those restrictions are essentially assumptions. No piece of software would ever get finished without assumptions being made or various restrictions being in place, but it's always a compromise between cost of mitigation now against the cost of dealing with changes in the future (the 10%/90% I mentioned earlier). On that basis I see huge value in normalising and centralising the generation of URLs for any project that consists of more than a few simple PHP pages. Anyway, I doubt there's much point in continuing the conversation - you seem to have a set worldview and it appears that my role in it is the same regardless of what I state from here on out. Your role in my world is simply that if your responses in this thread reflect how you approach your software development, unless you say or do something that changes my view of that approach I would probably avoid ever working with you, or on any software with which you've been involved. This was fun... we should do it again sometime! ;) -Stuart -- Stuart Dallas 3ft9 Ltd http://3ft9.com/
Re: [PHP] Script ID?
On Sat, May 21, 2011 at 10:11 AM, tedd t...@sperling.com wrote: Hi gang: Okay, so,what's the best (i.e., most secure) way for your script to identify itself *IF* you plan on using that information later, such as the value in an action attribute in a form? For example, I was using: $self = basename($_SERVER['SCRIPT_NAME']); form name=my_form action=?php echo($self); ? method=post However, that was susceptible to XSS. http://www.mc2design.com/blog/php_self-safe-alternatives says a simple action=# would work. But is there a better way? What would do you do solve this? Cheers, tedd Tedd, I'm sorry for the confusion. When I referenced that article, I was speaking to Alex as to why it wouldn't be prudent for you to use PHP_SELF (as he had suggested to avoid an additional function call) as opposed to what you were currently using, basename($_SERVER['SCRIPT_FILENAME']). My point, and the point of the article, was that PHP_SELF requires special precautions. However, script_filename is not susceptible to this type of attack, as it does not include data from the user: http://php.about.com/od/learnphp/qt/_SERVER_PHP.htm In fact, basename($_SERVER['SCRIPT_FILENAME']), and basename(__FILE__) were two of the mitigation methods mentioned in the closing of the article. http://php.about.com/od/learnphp/qt/_SERVER_PHP.htmTry it out on your server: h1PHP_SELF (dangerous)/h1 p?php echo $_SERVER['PHP_SELF']; ?/p h1$_SERVER['SCRIPT_FILENAME']/h1 p?php echo $_SERVER['SCRIPT_FILENAME']; ?/p h1$_SERVER['REQUEST_URI'] (dangerous)/h1 p?php echo $_SERVER['REQUEST_URI']; ?/p h1__FILE__/h1 p?php echo __FILE__; ?/p h1basename(__FILE__)/h1 p?php echo basename(__FILE__); ?/p h1basename($_SERVER['SCRIPT_NAME'])/h1 p?php echo basename($_SERVER['SCRIPT_NAME']); ?/p Try to enter the attack vector and you'll see PHP_SELF could be terrible, but the basename option for script_filename and __FILE__ are immune. Again, sorry for the confusion. Adam -- Nephtali: A simple, flexible, fast, and security-focused PHP framework http://nephtaliproject.com
Re: [PHP] Script ID?
At 6:29 PM +0100 5/21/11, Stuart Dallas wrote: On Sat, May 21, 2011 at 6:00 PM, Peter Lind mailto:peter.e.l...@gmail.competer.e.l...@gmail.com wrote: -snip- This was fun... we should do it again sometime! ;) No, this wasn't fun. As I said before, is email is a bad way to communicate. But I think we are better than the medium. What say you guys? xxxoooxxx Cheers, tedd -- --- http://sperling.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] opening a new window from php script
I would still like to offer in my CMS to be able to choose in which browser I want to display the current page. Is this possible or I in program can open only default browser? Can I at least choose wheter to open a new tab or a new window? Thanks in advance, -- When the sun rises I receive and when it sets I forgive - http://moj.skavt.net/gleskovs/ Always in Heart, Grega Leskovšek 2011/3/27 Richard Quadling rquadl...@gmail.com: On 26 March 2011 10:22, Ashley Sheridan a...@ashleysheridan.co.uk wrote: On Fri, 2011-03-25 at 18:05 -0700, Tommy Pham wrote: On Fri, Mar 25, 2011 at 2:59 PM, Grega Leskovšek legr...@gmail.com wrote: I am working on CMS designed to those who are unfamiliar with a computer world and I want to offer a task where on a push of a button it will save current working page in textarea/s and open this page in a new tab or in a new window. PHP is server side. push of a button is client side. Google javascript+onClick. I googled some, but am still not sure how can I do it. Do I have to use target=_new - I can not do this - I am working this for my University seminar and it has to be valid HTML5. Please help me improve my plan 1. I check wheter the user is using windows, linux, mac and then show appropriate possibility of all browsers for the targeted platform (WIN:IE,SA,FF,CH,OP, LINUX:FF.CHROMIUM and I need help for the mac also besides SA and FF what does it have among browsers?) Have you tried to google for browser versions and platform? While searching for the same thing long time ago, I found a site that lists them. Also, note that since you'll be using onClick for push of a button, beware of Javascript version difference among the browsers. IIRC, IE is supports 1.3 and FF supports 1.9. Haven't tested the others so couldn't tell you. 2. When the browser clicks button with the image of browsers inside anchor I target _new and location of the current file ?1 How can I offer option to open a new window not a new tab? ?2 How can I avoid the target attribute? ?3 How can I make a click on an image to produce action - or what do You suggest me to use - I would prefer img element not button with an image - how can I do this? Once I will finish it I will offer here software to everybody so I will be able to get some response and improve it and this is one of the major problems otherwise it is already functional. Please help me, thanks in advance - or ? You think I could do this better in JS? -- When the sun rises I receive and when it sets I forgive - http://moj.skavt.net/gleskovs/ Always in Heart, Grega Leskovšek I don't know if you have Flash in your tool belt but have you considering using it? It may simply your life with various browsers and their versions across different platforms. Note: Flash does tend to be sluggish in terms of loading time and how much of what you need the Flash to do. Regards, Tommy I'd avoid trying to guess the browser entirely. There are always loads of fringe browsers that are in use, and things like Wine that allows people to run IE on Linux, as well as other Windows-based browsers too. As soon as you're trying to write a script that detects a specific browser and does something then you're already doing it wrong. Don't test for the browser, test for the feature that you're using. Javascript has a useful function called hasFeature which may help here. The main reason why it's bad to try and detect a browser and act on it is because you can get many browsers that work across a wide variety of operating systems such as Fx Opera, which vary from version to version and OS to OS. Thanks, Ash http://www.ashleysheridan.co.uk A common approach to web dev is to start with a dumb page - just HTML and then add CSS and JS. This is known as progressive enhancement. Another approach which I've read about recently is called regressive enhancement. Essentially, you start at the cutting edge, using the functionality that you want (canvas for example), and then add in the missing features. As more of the browsers that support the newer features become the popular ones, you end up with less code providing support for older browsers. So, when every browser supports canvas, you don't need to install any code to emulate the canvas. Modenizr and YepNope are the tools I read about for this. -- Richard Quadling Twitter : EE : Zend @RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] opening a new window from php script
On Mon, 2011-03-28 at 17:44 +0200, Grega Leskovšek wrote: I would still like to offer in my CMS to be able to choose in which browser I want to display the current page. Is this possible or I in program can open only default browser? Can I at least choose wheter to open a new tab or a new window? Thanks in advance, -- When the sun rises I receive and when it sets I forgive - http://moj.skavt.net/gleskovs/ Always in Heart, Grega Leskovšek 2011/3/27 Richard Quadling rquadl...@gmail.com: On 26 March 2011 10:22, Ashley Sheridan a...@ashleysheridan.co.uk wrote: On Fri, 2011-03-25 at 18:05 -0700, Tommy Pham wrote: On Fri, Mar 25, 2011 at 2:59 PM, Grega Leskovšek legr...@gmail.com wrote: I am working on CMS designed to those who are unfamiliar with a computer world and I want to offer a task where on a push of a button it will save current working page in textarea/s and open this page in a new tab or in a new window. PHP is server side. push of a button is client side. Google javascript+onClick. I googled some, but am still not sure how can I do it. Do I have to use target=_new - I can not do this - I am working this for my University seminar and it has to be valid HTML5. Please help me improve my plan 1. I check wheter the user is using windows, linux, mac and then show appropriate possibility of all browsers for the targeted platform (WIN:IE,SA,FF,CH,OP, LINUX:FF.CHROMIUM and I need help for the mac also besides SA and FF what does it have among browsers?) Have you tried to google for browser versions and platform? While searching for the same thing long time ago, I found a site that lists them. Also, note that since you'll be using onClick for push of a button, beware of Javascript version difference among the browsers. IIRC, IE is supports 1.3 and FF supports 1.9. Haven't tested the others so couldn't tell you. 2. When the browser clicks button with the image of browsers inside anchor I target _new and location of the current file ?1 How can I offer option to open a new window not a new tab? ?2 How can I avoid the target attribute? ?3 How can I make a click on an image to produce action - or what do You suggest me to use - I would prefer img element not button with an image - how can I do this? Once I will finish it I will offer here software to everybody so I will be able to get some response and improve it and this is one of the major problems otherwise it is already functional. Please help me, thanks in advance - or ? You think I could do this better in JS? -- When the sun rises I receive and when it sets I forgive - http://moj.skavt.net/gleskovs/ Always in Heart, Grega Leskovšek I don't know if you have Flash in your tool belt but have you considering using it? It may simply your life with various browsers and their versions across different platforms. Note: Flash does tend to be sluggish in terms of loading time and how much of what you need the Flash to do. Regards, Tommy I'd avoid trying to guess the browser entirely. There are always loads of fringe browsers that are in use, and things like Wine that allows people to run IE on Linux, as well as other Windows-based browsers too. As soon as you're trying to write a script that detects a specific browser and does something then you're already doing it wrong. Don't test for the browser, test for the feature that you're using. Javascript has a useful function called hasFeature which may help here. The main reason why it's bad to try and detect a browser and act on it is because you can get many browsers that work across a wide variety of operating systems such as Fx Opera, which vary from version to version and OS to OS. Thanks, Ash http://www.ashleysheridan.co.uk A common approach to web dev is to start with a dumb page - just HTML and then add CSS and JS. This is known as progressive enhancement. Another approach which I've read about recently is called regressive enhancement. Essentially, you start at the cutting edge, using the functionality that you want (canvas for example), and then add in the missing features. As more of the browsers that support the newer features become the popular ones, you end up with less code providing support for older browsers. So, when every browser supports canvas, you don't need to install any code to emulate the canvas. Modenizr and YepNope are the tools I read about for this. -- Richard Quadling Twitter : EE : Zend @RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY Firstly, this isn't something that can be done in PHP, as PHP is a server-side language, so things like opening new tabs/windows isn't possible. You can open new windows with Javascript, but you can't determine what browser they open in, or if indeed that a given browser is even installed on
Re: [PHP] opening a new window from php script
On 26 March 2011 10:22, Ashley Sheridan a...@ashleysheridan.co.uk wrote: On Fri, 2011-03-25 at 18:05 -0700, Tommy Pham wrote: On Fri, Mar 25, 2011 at 2:59 PM, Grega Leskovšek legr...@gmail.com wrote: I am working on CMS designed to those who are unfamiliar with a computer world and I want to offer a task where on a push of a button it will save current working page in textarea/s and open this page in a new tab or in a new window. PHP is server side. push of a button is client side. Google javascript+onClick. I googled some, but am still not sure how can I do it. Do I have to use target=_new - I can not do this - I am working this for my University seminar and it has to be valid HTML5. Please help me improve my plan 1. I check wheter the user is using windows, linux, mac and then show appropriate possibility of all browsers for the targeted platform (WIN:IE,SA,FF,CH,OP, LINUX:FF.CHROMIUM and I need help for the mac also besides SA and FF what does it have among browsers?) Have you tried to google for browser versions and platform? While searching for the same thing long time ago, I found a site that lists them. Also, note that since you'll be using onClick for push of a button, beware of Javascript version difference among the browsers. IIRC, IE is supports 1.3 and FF supports 1.9. Haven't tested the others so couldn't tell you. 2. When the browser clicks button with the image of browsers inside anchor I target _new and location of the current file ?1 How can I offer option to open a new window not a new tab? ?2 How can I avoid the target attribute? ?3 How can I make a click on an image to produce action - or what do You suggest me to use - I would prefer img element not button with an image - how can I do this? Once I will finish it I will offer here software to everybody so I will be able to get some response and improve it and this is one of the major problems otherwise it is already functional. Please help me, thanks in advance - or ? You think I could do this better in JS? -- When the sun rises I receive and when it sets I forgive - http://moj.skavt.net/gleskovs/ Always in Heart, Grega Leskovšek I don't know if you have Flash in your tool belt but have you considering using it? It may simply your life with various browsers and their versions across different platforms. Note: Flash does tend to be sluggish in terms of loading time and how much of what you need the Flash to do. Regards, Tommy I'd avoid trying to guess the browser entirely. There are always loads of fringe browsers that are in use, and things like Wine that allows people to run IE on Linux, as well as other Windows-based browsers too. As soon as you're trying to write a script that detects a specific browser and does something then you're already doing it wrong. Don't test for the browser, test for the feature that you're using. Javascript has a useful function called hasFeature which may help here. The main reason why it's bad to try and detect a browser and act on it is because you can get many browsers that work across a wide variety of operating systems such as Fx Opera, which vary from version to version and OS to OS. Thanks, Ash http://www.ashleysheridan.co.uk A common approach to web dev is to start with a dumb page - just HTML and then add CSS and JS. This is known as progressive enhancement. Another approach which I've read about recently is called regressive enhancement. Essentially, you start at the cutting edge, using the functionality that you want (canvas for example), and then add in the missing features. As more of the browsers that support the newer features become the popular ones, you end up with less code providing support for older browsers. So, when every browser supports canvas, you don't need to install any code to emulate the canvas. Modenizr and YepNope are the tools I read about for this. -- Richard Quadling Twitter : EE : Zend @RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] opening a new window from php script
On Fri, 2011-03-25 at 18:05 -0700, Tommy Pham wrote: On Fri, Mar 25, 2011 at 2:59 PM, Grega Leskovšek legr...@gmail.com wrote: I am working on CMS designed to those who are unfamiliar with a computer world and I want to offer a task where on a push of a button it will save current working page in textarea/s and open this page in a new tab or in a new window. PHP is server side. push of a button is client side. Google javascript+onClick. I googled some, but am still not sure how can I do it. Do I have to use target=_new - I can not do this - I am working this for my University seminar and it has to be valid HTML5. Please help me improve my plan 1. I check wheter the user is using windows, linux, mac and then show appropriate possibility of all browsers for the targeted platform (WIN:IE,SA,FF,CH,OP, LINUX:FF.CHROMIUM and I need help for the mac also besides SA and FF what does it have among browsers?) Have you tried to google for browser versions and platform? While searching for the same thing long time ago, I found a site that lists them. Also, note that since you'll be using onClick for push of a button, beware of Javascript version difference among the browsers. IIRC, IE is supports 1.3 and FF supports 1.9. Haven't tested the others so couldn't tell you. 2. When the browser clicks button with the image of browsers inside anchor I target _new and location of the current file ?1 How can I offer option to open a new window not a new tab? ?2 How can I avoid the target attribute? ?3 How can I make a click on an image to produce action - or what do You suggest me to use - I would prefer img element not button with an image - how can I do this? Once I will finish it I will offer here software to everybody so I will be able to get some response and improve it and this is one of the major problems otherwise it is already functional. Please help me, thanks in advance - or ? You think I could do this better in JS? -- When the sun rises I receive and when it sets I forgive - http://moj.skavt.net/gleskovs/ Always in Heart, Grega Leskovšek I don't know if you have Flash in your tool belt but have you considering using it? It may simply your life with various browsers and their versions across different platforms. Note: Flash does tend to be sluggish in terms of loading time and how much of what you need the Flash to do. Regards, Tommy I'd avoid trying to guess the browser entirely. There are always loads of fringe browsers that are in use, and things like Wine that allows people to run IE on Linux, as well as other Windows-based browsers too. As soon as you're trying to write a script that detects a specific browser and does something then you're already doing it wrong. Don't test for the browser, test for the feature that you're using. Javascript has a useful function called hasFeature which may help here. The main reason why it's bad to try and detect a browser and act on it is because you can get many browsers that work across a wide variety of operating systems such as Fx Opera, which vary from version to version and OS to OS. Thanks, Ash http://www.ashleysheridan.co.uk
[PHP] opening a new window from php script
I am working on CMS designed to those who are unfamiliar with a computer world and I want to offer a task where on a push of a button it will save current working page in textarea/s and open this page in a new tab or in a new window. I googled some, but am still not sure how can I do it. Do I have to use target=_new - I can not do this - I am working this for my University seminar and it has to be valid HTML5. Please help me improve my plan 1. I check wheter the user is using windows, linux, mac and then show appropriate possibility of all browsers for the targeted platform (WIN:IE,SA,FF,CH,OP, LINUX:FF.CHROMIUM and I need help for the mac also besides SA and FF what does it have among browsers?) 2. When the browser clicks button with the image of browsers inside anchor I target _new and location of the current file ?1 How can I offer option to open a new window not a new tab? ?2 How can I avoid the target attribute? ?3 How can I make a click on an image to produce action - or what do You suggest me to use - I would prefer img element not button with an image - how can I do this? Once I will finish it I will offer here software to everybody so I will be able to get some response and improve it and this is one of the major problems otherwise it is already functional. Please help me, thanks in advance - or ? You think I could do this better in JS? -- When the sun rises I receive and when it sets I forgive - http://moj.skavt.net/gleskovs/ Always in Heart, Grega Leskovšek -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] opening a new window from php script
On Fri, Mar 25, 2011 at 2:59 PM, Grega Leskovšek legr...@gmail.com wrote: I am working on CMS designed to those who are unfamiliar with a computer world and I want to offer a task where on a push of a button it will save current working page in textarea/s and open this page in a new tab or in a new window. PHP is server side. push of a button is client side. Google javascript+onClick. I googled some, but am still not sure how can I do it. Do I have to use target=_new - I can not do this - I am working this for my University seminar and it has to be valid HTML5. Please help me improve my plan 1. I check wheter the user is using windows, linux, mac and then show appropriate possibility of all browsers for the targeted platform (WIN:IE,SA,FF,CH,OP, LINUX:FF.CHROMIUM and I need help for the mac also besides SA and FF what does it have among browsers?) Have you tried to google for browser versions and platform? While searching for the same thing long time ago, I found a site that lists them. Also, note that since you'll be using onClick for push of a button, beware of Javascript version difference among the browsers. IIRC, IE is supports 1.3 and FF supports 1.9. Haven't tested the others so couldn't tell you. 2. When the browser clicks button with the image of browsers inside anchor I target _new and location of the current file ?1 How can I offer option to open a new window not a new tab? ?2 How can I avoid the target attribute? ?3 How can I make a click on an image to produce action - or what do You suggest me to use - I would prefer img element not button with an image - how can I do this? Once I will finish it I will offer here software to everybody so I will be able to get some response and improve it and this is one of the major problems otherwise it is already functional. Please help me, thanks in advance - or ? You think I could do this better in JS? -- When the sun rises I receive and when it sets I forgive - http://moj.skavt.net/gleskovs/ Always in Heart, Grega Leskovšek I don't know if you have Flash in your tool belt but have you considering using it? It may simply your life with various browsers and their versions across different platforms. Note: Flash does tend to be sluggish in terms of loading time and how much of what you need the Flash to do. Regards, Tommy -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: opening a new window from php script
On Friday, March 25, 2011, Grega Leskovek wrote: Do I have to use target=_new - I can not do this - I am working this for my University seminar and it has to be valid HTML5. I guess that this is an HTML issue rather than PHP. However: Despite what the W3C validator might claim, I understand that the target attribute of the anchor tag is still valid in HTML5. In any case, HTML5 is a draft standard AFAICT, and so I have to question a university's insistence on adhering to a 'moving target'. http://www.w3.org/TR/2011/WD-html5-20110113/links.html#attr-hyperlink-target should give you some ammunition to demonstrate to your tutor that a href=somewhere.html target=_blank is valid. Quoting from that W3C document: The target attribute, if present, must be a valid browsing context name or keyword. It gives the name of the browsing context that will be used. User agents use this name when following hyperlinks. They also say: A valid browsing context name or keyword is any string that is either a valid browsing context name or that is an ASCII case-insensitive match for one of: _blank, _self, _parent, or _top. FWIW, the 'target' attribute has been removed from 'link' elements, which many have apparently wrongly taken to mean it's been removed from hyperlinks (i.e. anchor tags). However, link and a are not the same thing! An example of each: link rel=stylesheet type=text/css href=styles.css / a href=someplace.html target=_blankclick here/a HTH, -- Geoff -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Delaying $(document).ready() in jQuery until php script finish
On Fri, Mar 11, 2011 at 11:39 PM, David Hutto smokefl...@gmail.com wrote: On Sat, Mar 12, 2011 at 2:34 AM, Tommy Pham tommy...@gmail.com wrote: On Fri, Mar 11, 2011 at 11:26 PM, David Hutto smokefl...@gmail.com wrote: On Sat, Mar 12, 2011 at 2:22 AM, Tommy Pham tommy...@gmail.com wrote: On Fri, Mar 11, 2011 at 10:34 PM, David Hutto smokefl...@gmail.com wrote: Although, right now, if I were going to be using all of those languages in unison(and I am), then I'd go with C, and spit them out to the browser for lower level control, as well as, to remain familiar with some of the main languages being used currently. But then how portable is your app? I'd have to refer to your reply: This would depend on the original application design code. If the original app is meant for specific hardware, and a specific company, then portability is null point. If that's the case why even bother with PHP? Why not just do it in C for pure speed? Speed wasn't the point- Multiple technology usage was the point. And if you're going to poise a browser for multiple intercepts(in terms of languages), then C *seems* to be the best was to move toward the displayment of it's descendants. If it's going to be a multi-language project, then it needs to be addressed with a multilanguage source to stem from, and C would seem like the optimum epicenter for propagation of this. I thought one of the major points of PHP is 'develop anywhere and deploy anywhere'. In the OP's case, where would C fit in when you have HTML, JS, and PHP - PHP would produce the resultant text in addtion to JS HTML. What would be the 'specific need' to do work in C where PHP, its many extensions and library (PECL PEAR), and lots of the other PHP code based libraries/frameworks out there already to do the job? The way I look at it, if too many languages are involved then most likely the application design is over complicated. SQL = back end data storage PHP = processing input/output, including back end data HTML/XML = document layout for nice hierarchical format JS/Flash = client side effects and processing to offload some server load Each already designed and made to do the the specific function and are nicely coupled together. From the above, I've yet to see the need to write C code for the PHP based application - with the exception of threads, and let's not get into it again... lol. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Delaying $(document).ready() in jQuery until php script finish
Optimization also becomes a more manipulative, due to the stem point of your further language utilization. If you divide your languages, and disperse them through a C framework, you can utilize the languages in their refined form, and if any portion of an individual language gives optimization problems, you move that particular segment toward a more optimized C implementation. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Delaying $(document).ready() in jQuery until php script finish
On Fri, Mar 11, 2011 at 11:59 PM, David Hutto smokefl...@gmail.com wrote: Optimization also becomes a more manipulative, due to the stem point of your further language utilization. If you divide your languages, and disperse them through a C framework, you can utilize the languages in their refined form, and if any portion of an individual language gives optimization problems, you move that particular segment toward a more optimized C implementation. Seems to me you're going in circle. Portability is null. Multi-language support and yet 'toward a more optimized C implementation'? Going back to my previous question then, 'what's the point of PHP' in all of this when you're trying to achieve an optimized C application? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Delaying $(document).ready() in jQuery until php script finish
On Sat, Mar 12, 2011 at 2:59 AM, Tommy Pham tommy...@gmail.com wrote: On Fri, Mar 11, 2011 at 11:39 PM, David Hutto smokefl...@gmail.com wrote: On Sat, Mar 12, 2011 at 2:34 AM, Tommy Pham tommy...@gmail.com wrote: On Fri, Mar 11, 2011 at 11:26 PM, David Hutto smokefl...@gmail.com wrote: On Sat, Mar 12, 2011 at 2:22 AM, Tommy Pham tommy...@gmail.com wrote: On Fri, Mar 11, 2011 at 10:34 PM, David Hutto smokefl...@gmail.com wrote: Although, right now, if I were going to be using all of those languages in unison(and I am), then I'd go with C, and spit them out to the browser for lower level control, as well as, to remain familiar with some of the main languages being used currently. But then how portable is your app? I'd have to refer to your reply: This would depend on the original application design code. If the original app is meant for specific hardware, and a specific company, then portability is null point. If that's the case why even bother with PHP? Why not just do it in C for pure speed? Speed wasn't the point- Multiple technology usage was the point. And if you're going to poise a browser for multiple intercepts(in terms of languages), then C *seems* to be the best was to move toward the displayment of it's descendants. If it's going to be a multi-language project, then it needs to be addressed with a multilanguage source to stem from, and C would seem like the optimum epicenter for propagation of this. I thought one of the major points of PHP is 'develop anywhere and deploy anywhere'. In the OP's case, where would C fit in when you have HTML, JS, and PHP - PHP would produce the resultant text in addtion to JS HTML. What would be the 'specific need' to do work in C where PHP, its many extensions and library (PECL PEAR), and lots of the other PHP code based libraries/frameworks out there already to do the job? The way I look at it, if too many languages are involved then most likely the application design is over complicated. Because you've been taught that C is over complicated in an optimization standpoint. Just to spit out the above in html/php/js/css in a C framework is simpler than you think. A little printf. And you speak of optimization, but lack the prethought for implementation for these optimizations. How can you move toward a lower level if you don't start on one. You seem stuck on the PHP portion of this, rather than the whole outlook of using multiple languages and technologies through a centralized means to accomplish a specific end, which can be easily optimized. SQL = back end data storage PHP = processing input/output, including back end data HTML/XML = document layout for nice hierarchical format JS/Flash = client side effects and processing to offload some server load Each already designed and made to do the the specific function and are nicely coupled together. From the above, I've yet to see the need to write C code for the PHP based application - with the exception of threads, and let's not get into it again... lol. It's not a 'hard coded' C, it's just a print to the page with C as the conveyor for each. You can then utilize C to partition each language for refinement in the overall. -- According to theoretical physics, the division of spatial intervals as the universe evolves gives rise to the fact that in another timeline, your interdimensional counterpart received helpful advice from me...so be eternally pleased for them. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Delaying $(document).ready() in jQuery until php script finish
On Sat, Mar 12, 2011 at 3:03 AM, Tommy Pham tommy...@gmail.com wrote: On Fri, Mar 11, 2011 at 11:59 PM, David Hutto smokefl...@gmail.com wrote: Optimization also becomes a more manipulative, due to the stem point of your further language utilization. If you divide your languages, and disperse them through a C framework, you can utilize the languages in their refined form, and if any portion of an individual language gives optimization problems, you move that particular segment toward a more optimized C implementation. Seems to me you're going in circle. Portability is null. Are you still stuck in developing for the masses? Because jobs are limited there. Development for corps requires development for specific hardware not a mass of consumers. Multi-language support and yet 'toward a more optimized C implementation'? Did you forget the term epicenter of an app/site? Going back to my previous question then, 'what's the point of PHP' in all of this when you're trying to achieve an optimized C application? PHP is just a portion of the ripple from C, which can got to php(e.g. echo html), and then js in the html, and css in the html, but either can be used in the html with interpolation of strings. Thhe C acts as the pivot point, intertwining the languages above. You can use each one individually. You could do this from a php standpoint/python/html/etc. C becomes the root and the others just branches and leaves woven together with %whatever. -- According to theoretical physics, the division of spatial intervals as the universe evolves gives rise to the fact that in another timeline, your interdimensional counterpart received helpful advice from me...so be eternally pleased for them. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Delaying $(document).ready() in jQuery until php script finish
On Sat, Mar 12, 2011 at 12:06 AM, David Hutto smokefl...@gmail.com wrote: On Sat, Mar 12, 2011 at 2:59 AM, Tommy Pham tommy...@gmail.com wrote: On Fri, Mar 11, 2011 at 11:39 PM, David Hutto smokefl...@gmail.com wrote: On Sat, Mar 12, 2011 at 2:34 AM, Tommy Pham tommy...@gmail.com wrote: On Fri, Mar 11, 2011 at 11:26 PM, David Hutto smokefl...@gmail.com wrote: On Sat, Mar 12, 2011 at 2:22 AM, Tommy Pham tommy...@gmail.com wrote: On Fri, Mar 11, 2011 at 10:34 PM, David Hutto smokefl...@gmail.com wrote: Although, right now, if I were going to be using all of those languages in unison(and I am), then I'd go with C, and spit them out to the browser for lower level control, as well as, to remain familiar with some of the main languages being used currently. But then how portable is your app? I'd have to refer to your reply: This would depend on the original application design code. If the original app is meant for specific hardware, and a specific company, then portability is null point. If that's the case why even bother with PHP? Why not just do it in C for pure speed? Speed wasn't the point- Multiple technology usage was the point. And if you're going to poise a browser for multiple intercepts(in terms of languages), then C *seems* to be the best was to move toward the displayment of it's descendants. If it's going to be a multi-language project, then it needs to be addressed with a multilanguage source to stem from, and C would seem like the optimum epicenter for propagation of this. I thought one of the major points of PHP is 'develop anywhere and deploy anywhere'. In the OP's case, where would C fit in when you have HTML, JS, and PHP - PHP would produce the resultant text in addtion to JS HTML. What would be the 'specific need' to do work in C where PHP, its many extensions and library (PECL PEAR), and lots of the other PHP code based libraries/frameworks out there already to do the job? The way I look at it, if too many languages are involved then most likely the application design is over complicated. Because you've been taught that C is over complicated in an optimization standpoint. Just to spit out the above in html/php/js/css in a C framework is simpler than you think. A little printf. And you speak of optimization, but lack the prethought for implementation for these optimizations. How can you move toward a lower level if you don't start on one. You seem stuck on the PHP portion of this, rather than the whole outlook of using multiple languages and technologies through a centralized means to accomplish a specific end, which can be easily optimized. I thought the whole objective of higher level language is to provide an easier application design and coding, in addition to shorter development maintenance time. Why go back to lower level, isn't that defeating the purpose? Just a case scenario. If C is included to 'to spit out the above in html/php/js/css' and should you happen to be out town/country on vacation, the other developer(s) doesn't know C and the application requires some minor bug fix or minor addition. The problem is now that modification required is in C. Do you want your vacation disturbed? Except in the case of an emergency, I don't. :) Not to mention if where you're vacationing at have a fast internet connection, or even an internet connection at all. While this approach may mean job stability in this situation, I could see it opposite as it causes more down time for the business as being unable to adapt quickly to the ever changing needs required by the economy and/or customers/clients. In the end, if the business can't stay in business, you're out of a job. In one of my recent job experience, I was in a 3 person IT team. We have a DBA, developer (also the manager), and I'm the system/network/telecom admin. We all have cross discipline experience and train ourselves in areas we lack for basic support. Every one of us don't have a problem taking a month vacation out of the country when the other 2 to provide 24/7 support for the facility. Folks at other sites worries even if they try to take 2 weeks vacation and that's not even leaving country. How fast and well do you someone can be cross trained to learn C? Even if just basic support? As for printf, PHP has that and print. Regarding learning and using C, I had only 1 quarter of it in college and that was back in the early '90s. I don't remember C as an 'over complicated in an optimization standpoint', IIRC, I just had problems with memory optimization, but that's another issue. But I haven't used it since other than scanning the some source code for compilations W(A/I)MP x64 stack. About optimization, isn't it more in terms of modular design then including more languages than is necessary? If PHP is sluggish, wouldn't be best to bring it up to the PHP developers? SQL = back end data storage PHP = processing input/output, including back
Re: [PHP] Re: Delaying $(document).ready() in jQuery until php script finish
We're going way off-topic. Perhaps start a new thread? :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Delaying $(document).ready() in jQuery until php script finish
On Sat, Mar 12, 2011 at 4:10 AM, Tommy Pham tommy...@gmail.com wrote: On Sat, Mar 12, 2011 at 12:06 AM, David Hutto smokefl...@gmail.com wrote: On Sat, Mar 12, 2011 at 2:59 AM, Tommy Pham tommy...@gmail.com wrote: On Fri, Mar 11, 2011 at 11:39 PM, David Hutto smokefl...@gmail.com wrote: On Sat, Mar 12, 2011 at 2:34 AM, Tommy Pham tommy...@gmail.com wrote: On Fri, Mar 11, 2011 at 11:26 PM, David Hutto smokefl...@gmail.com wrote: On Sat, Mar 12, 2011 at 2:22 AM, Tommy Pham tommy...@gmail.com wrote: On Fri, Mar 11, 2011 at 10:34 PM, David Hutto smokefl...@gmail.com wrote: Although, right now, if I were going to be using all of those languages in unison(and I am), then I'd go with C, and spit them out to the browser for lower level control, as well as, to remain familiar with some of the main languages being used currently. But then how portable is your app? I'd have to refer to your reply: This would depend on the original application design code. If the original app is meant for specific hardware, and a specific company, then portability is null point. If that's the case why even bother with PHP? Why not just do it in C for pure speed? Speed wasn't the point- Multiple technology usage was the point. And if you're going to poise a browser for multiple intercepts(in terms of languages), then C *seems* to be the best was to move toward the displayment of it's descendants. If it's going to be a multi-language project, then it needs to be addressed with a multilanguage source to stem from, and C would seem like the optimum epicenter for propagation of this. I thought one of the major points of PHP is 'develop anywhere and deploy anywhere'. In the OP's case, where would C fit in when you have HTML, JS, and PHP - PHP would produce the resultant text in addtion to JS HTML. What would be the 'specific need' to do work in C where PHP, its many extensions and library (PECL PEAR), and lots of the other PHP code based libraries/frameworks out there already to do the job? The way I look at it, if too many languages are involved then most likely the application design is over complicated. Because you've been taught that C is over complicated in an optimization standpoint. Just to spit out the above in html/php/js/css in a C framework is simpler than you think. A little printf. And you speak of optimization, but lack the prethought for implementation for these optimizations. How can you move toward a lower level if you don't start on one. You seem stuck on the PHP portion of this, rather than the whole outlook of using multiple languages and technologies through a centralized means to accomplish a specific end, which can be easily optimized. I thought the whole objective of higher level language is to provide an easier application design and coding, in addition to shorter development maintenance time. Why go back to lower level, isn't that defeating the purpose? That was the point of the term 'prototyping'. A language used to prototype, but built on a framework of optimization, in which the prototype language can be eliminated for the lower level performance bottlenecks. Just a case scenario. If C is included to 'to spit out the above in html/php/js/css' and should you happen to be out town/country on vacation, the other developer(s) doesn't know C and the application requires some minor bug fix or minor addition. The problem is now that modification required is in C. No, the problem lies in the error message, which lies in the underlying language. And familiarity with work is in properly commented and documented code. If the company isn't willing to maintain that throughout the course of development, then your misunderstanding is money out of their pocket. Do you want your vacation disturbed? For money, I comment and document, but disturbed isn't a problem, as long as it's a guaranteed under the contract. Except in the case of an emergency, I don't. :) But does the contract end at consumer misuse, or your discretion, and do they decide, or you? And then when does that end, when you're too important to respond, or had a better offer? Not to mention if where you're vacationing at have a fast internet connection, or even an internet connection at all. While this approach may mean job stability in this situation, I could see it opposite as it causes more down time for the business as being unable to adapt quickly to the ever changing needs required by the economy and/or customers/clients. In the end, if the business can't stay in business, you're out of a job. In one of my recent job experience, I was in a 3 person IT team. d You mean you and a few guys/gals got together, and threw together an app? We have a DBA, developer (also the manager), and I'm the system/network/telecom admin. You probably got a thesaurus, and small business guide to success too. We all have cross discipline experience and train