Re: [PHP] Re: Free penetration test
Okay: 1: Calm down. You're sensationalism and paranoia make you look like a nutcase.(no offence) 2: That would be irrelevant because nothing changes for the anybody that follows the link with or without the aff code. The service is still free Obviously we don't consider it irrelevent. That's all we were trying to say. We're not trying to paint you as some sort of monster. I appreciate your posting of that Link. I've used it. I would also have liked to know that you were affiliated with the site. 3: Relax. This is going away out of proportion. 4: as you get 35% (minimum, for upto a year) if he signs up...not that anybodys bothered if you make money That is false. If he signs up and tries the free penetration test service that he asked and I suggested, I do not gain anything. Stop deceiving people! Last time I checked 35% of free, was still free. I therefore put it to you that even if he doesn't sign up and make any payment, you still get 35% of that payment(consisting of $0/Eur0/£0) he didn't make. 5: what would you say about the PHP group that lists a pile of books in Amazon linked with their affiliate id but they do not mention that fact anywhere in their pages? http://www.php.net/books.php Quote from aforementioned website: If you buy the book using the links on this page, you are helping to support PHP development! . Any intellegent user would be able to decipher from that, that the php group obtains some soft of referal fee, or benifit somehow in your purchase of said books from the php website. 6: I was selling security auditing services, when in fact the only person that doing that in this thread was Chris Shiflet. I know that, you know that, the majority of the people on this list know that. Chris told us that. Personally I'd be pretty pissed off, if Chris posted some website he'd found without mentioning that it was his website. The reason I'm _not_ pissed off with you, is because it wasn't actually your website. I was simply asking you that in future would you mention your _potential_ bias, even if such bias doesn't exist. On 5/28/05, Manuel Lemos [EMAIL PROTECTED] wrote: Hello, on 05/27/2005 06:46 PM Ryan A said the following: - I have requested the free test several times and it was very useful because it brought my attention to aspects that I was not considering, some related to PHP in specific and other related to Internet in general. - fair enough, you could have given him the link the the page directly _without_ your affiliate add on code, but since you did tack your aff code on, I think you should have mentioned it That would be irrelevant because nothing changes for the anybody that follows the link with or without the aff code. The service is still free and the service is the same. as you get 35% (minimum, for upto a year) if he signs up...not that anybodys bothered if you make money That is false. If he signs up and tries the free penetration test service that he asked and I suggested, I do not gain anything. Stop deceiving people! -- If I ever gain anything with the referral, he would not be paying more for whatever services he would order. -- Never said he would be paying extra, but the point is you would be making money off him (not a bad thing again) without his knowledge (bad thing)...if he finds the link really useful I think to show his appreciation he would _make sure_ your affiliate link is tacked there..I would. Stop distorting the facts. You are implying that I acting with malice by stating that I will make money by hiding facts when a) Andy never asked explicitly for a service that the referer would not gain anything b) I am not hiding anything as the affiliate id is quite visible in the URL c) I never denied that the URL contains my affiliate id. If I am acting with malice as you suggest just because I did not mention that the URL contained my affiliate id, what would you say about the PHP group that lists a pile of books in Amazon linked with their affiliate id but they do not mention that fact anywhere in their pages? http://www.php.net/books.php Maybe I am Darth Vader and the PHP Group is the whole dark side of the force. Get real, you are being ridiculous! Another example, I am an affilate of interland, if someone asks about dedicated hosting I could send them there they would join, not pay a cent extra, but i get a commision *without their knowledge* (10% recurring)... am I helping them or myself? Yeah, right, you are fighting the dark side of the force to be the good guy that just lives from the air that you breath and nobody else should be allowed to gain anything from referrals unless you warn users that you refer that you are keeping a commission, despite the price is always the same!?! - So, I do not see your point in bugging me for this. If you feel that I am not helping Andy, I would
Re: [PHP] Getting parameters from the URL
Richard Davey wrote: Hello Mário, Friday, May 20, 2005, 4:48:07 PM, you wrote: MG http://www.bar.com/[EMAIL PROTECTED]code=vu782 MG for testing, but it does print nothing. So, i'm not getting the MG parameters from the URL. I have register_globals=Off in php.ini Jumping in a bit late here, but avoid passing the email address in the confirm key. Instead -- just pass the key, and then optionally you can ask for the email address or display it. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] using require
If your php is using a permanant connection then it will be the same connection otherwise it will be a new connection as the connection will be droped at the end of the thread. As I understand it anyway!! Hope this helps! Mike Cima wrote: hi all, i have my web site working something like this: in every php script i have require(auth.php). this auth.php has my connection to my postgresql server and database along with some other stuff i need for the user to be authenticated to my web site. when i log on, this auth.php connects to the dbserver and checks if my username and password are stored and then i go to a home page. my connection is stored in $dbh. what happens when i start moving through all these web pages (php scripts), each requires auth.php, with respect to the connection? is a new connection established for every web page i go into that uses my $dbh for querying purposes or is it the same connection i originally made when i first logged into the web site? any info will be highly appreciated!! thanx. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] MESSAGE COULD NOT BE DELIVERED
Message could not be delivered -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] how to convert char into number
Jeremy Reynolds wrote: What function do I use to convert an ASCII character into it's equivalent number? http://php.net/ord -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Compiling Phpcap
On 5/28/05, Gary C. New [EMAIL PROTECTED] wrote: I am trying to compile phpcap-0.2e with php-4.2.3 and get the following configure error: Is there a *really* good reason why you're still running 4.2.3? It's over two years out of date and a lot of bugs and security holes have been fixed since then. Paul -- Rogue Tory http://www.roguetory.org.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Copy sent mail in a mailbox folder
Hi list, I'm sending mails with PEAR::Mail / PEAR::Mail_Mime or with PHPMailer (http://phpmailer.sf.net). The final solution will implemented depending on which implementation better fits my needs. Anyway, and that is the problem, after sending the mail I want to save a copy of the mail in an IMAP folder called Sent. I would be pleased if someone could send me a hint or a link how to achive this. Either with PEAR or with PHPMailer generated mails. My first thought was to walk through the mail object and extracting all necessary attributes and generating a new message and save this to the mailfolder... Thanks in advance reto -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Returned mail: see transcript for details
ALERT! This e-mail, in its original form, contained one or more attached files that were infected with a virus, worm, or other type of security threat. This e-mail was sent from a Road Runner IP address. As part of our continuing initiative to stop the spread of malicious viruses, Road Runner scans all outbound e-mail attachments. If a virus, worm, or other security threat is found, Road Runner cleans or deletes the infected attachments as necessary, but continues to send the original message content to the recipient. Further information on this initiative can be found at http://help.rr.com/faqs/e_mgsp.html. Please be advised that Road Runner does not contact the original sender of the e-mail as part of the scanning process. Road Runner recommends that if the sender is known to you, you contact them directly and advise them of their issue. If you do not know the sender, we advise you to forward this message in its entirety (including full headers) to the Road Runner Abuse Department, at [EMAIL PROTECTED] Ò²}Á¸TzNÐNz'úëäèD×Î å]èÜ}4O¼³·z^µ«àë?bì8^í*¼]Jµ·K¼JTl/®1ü0ý¦A^èP[Q|C'¸$MÒ-GMÎm_5ñú Ýeå {ph®Ëðô!Qfí5óNâ7jX¨8Ûr#^ÙÊòÌîºî0G õ£Óõ¼ß˼°T¿O?8z¨¡Ûè ÌGJRrG¦ù£ÒÂX÷côYPNºÓ3 â JýKXè¹V¶¢õ|0ÀFé0V äOyCSáMÔÇ{A9lÒYA1¨ùìÔõ$2âÍ£eæøî$-#1_6î¿öγ´v3 uO:ÌjÄ )·Ú¨£¶§øðîÍ»M÷ùµDíãJh6§.9¾`uõjçU´ 4JÕDÌTKåd¬àvó´äb¿àI7¬Sìe/ðYB¥Üm½Óñý¨uA7T2éPÞûàòR²À®Hǹ»ù°×*mª®ã-Þa³Ç¶mC¾G m8Ñ/üNC%é®l'_·) `úp¸4/pB¶ãçÍY file attachment: document.zip This e-mail in its original form contained one or more attached files that were infected with the [EMAIL PROTECTED] virus or worm. They have been removed. For more information on Road Runner's virus filtering initiative, visit our Help Member Services pages at http://help.rr.com, or the virus filtering information page directly at http://help.rr.com/faqs/e_mgsp.html. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Copy sent mail in a mailbox folder PS
Hi again, Anyway, and that is the problem, after sending the mail I want to save a copy of the mail in an IMAP folder called Sent. Just found the imap_append() which will solve the problem. If someone has experience with mail_append() in conjunction with PEAR Mail_Mime I would be please if sharing with me... cu reto -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Free penetration test
Hi, Is it bad to give field names the same name as their database counterpart? i.e. In a database the first name column might be known as 'fname'. Should a form field called 'fname' NOT be created? I actually had the same question a little while ago and after doing some reading it left me even more confused... As long as you recognize that you need to filter things appropriately it doesn't really matter. Kind of came to that conclusion after a little while and started to use the ADODB class to filter all user input that goes to the DB... I would appreciate it if you tell me if you have used the class and if you have any warnings/notes/suggestions about how even after using that class I can screw up. If you have written something and you'd like me to take a quick look for any obvious exploits, feel free to mail me privately. If your site requires a login, you can send me a test login if you want so I can dig a bit deeper, otherwise I will still prod it from the outside. I'm not going to hack into your server in any way, just prod your web app That is extremly generious of you as I didnt really think you would have the time considering the amount of projects,books etc you are involved with (yep, I read your CV on your site :-D ), but I would like to take you up on your offer as I am sure to learn something from it...only problem is, the site I have just made is mostly in Swedish...I can give you a star account (Star accounts are the paid accounts) for you to login and test the site, but do you think you could still test it since its mostly in Swedish? Thanks, Ryan -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.322 / Virus Database: 267.2.0 - Release Date: 5/27/2005 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Free penetration test
Ryan A wrote: That is extremly generious of you as I didnt really think you would have the time considering the amount of projects,books etc you are involved with (yep, I read your CV on your site :-D ), but I would like to take you up on your offer as I am sure to learn something from it...only problem is, the site I have just made is mostly in Swedish...I can give you a star account (Star accounts are the paid accounts) for you to login and test the site, but do you think you could still test it since its mostly in Swedish? Ja, jeg tror jeg kan klare det. Sproget er ret ligegyldigt, jeg checker bare for XSS problemer med et automatisk tool jeg har skrevet. Så det er heller ikke så meget arbejde. -Rasmus -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Free penetration test
mostly in Swedish...I can give you a star account (Star accounts are the paid accounts) for you to login and test the site, but do you think you could still test it since its mostly in Swedish? Ja, jeg tror jeg kan klare det. Sproget er ret ligegyldigt, jeg checker bare for XSS problemer med et automatisk tool jeg har skrevet. Så det er heller ikke så meget arbejde. Hehehe...its not Swedish but I understand 95+ % of it..and the balance I could guess, Is it Danish? Right now the site is on my local machine, I will be uploading it middle of the coming week after which I'll send you the site details including the login. Thanks again for you time. Regards, Ryan -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.322 / Virus Database: 267.2.0 - Release Date: 5/27/2005 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] webmaster@jnsolutions.co.uk
Everytime I write to the list or reply to the list I get an email from this #%#¤! saying: --- We are currently away on holiday, until 16th June. I will respond with your email on my return. Thanks James Nunnerley --- Can someone unsub him please? Its reay starting to tick me off. The autoresponder seems to be firing from this addres: [EMAIL PROTECTED] Cheers, Ryan -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.322 / Virus Database: 267.2.0 - Release Date: 5/27/2005 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] cybercash as a shared object
Bill Shupp wrote: I need to install the cybercash module on a Debian Sarge system. I really want to keep Debian's PHP packages, and just build this as a shared module. At least one post in the archives indicates that this is possible, as does one changelog entry. However, no specifics were offered. Here's what I've tried: I can build the module fine statically. I can build the shared module cybercash.so by modifying the ext/cybercash/config.m4 and Makefile files, modeling them after the mcrypt.so entries. While modules/cybercash.so does get built, I get this error when trying to load it: PHP Warning: Unknown(): Invalid library (maybe not a PHP library) 'cybercash.so' in Unknown on line 0 I'm building with PHP 4.3.10, and the latest cybercash from PECL. I've also tried the cybercash module from 4.2.3, as suggested in one of the online manual comments. Any guidance would be greatly appreciated! Regards, Bill Shupp I was able to get it compiled by re-writing the config.m4 file, modeling it after the pfpro config.m4 file. Here's what I posted on the online manual comments, just so that it makes it to the mail archives as well: ## Here's how to install cybercash dynamically into PHP 1. Make sure you have the php dev tools installed, like pear and phpize. 2. Download the cybercash module: pear download cybercash 3. Untar the module: tar -xzf cybercash-version.tgz 4. Download and install my updated config.m4 file, the current one (as of version 1.18p1) doesn't work: wget http://shupp.org/patches/cybercash.config.m4 cd cybercash-version mv ../cybercash.config.m4 config.m4 5. Setup/compile module phpize ./configure --with-cybercash=/path/to/cybercash-mck-library-source/c-api make 6. Install module. For Debian Sarge, the modules directory is /usr/lib/php4/20020429/: cp modules/cybercash.so /usr/lib/php4/20020429/ (make install may work also) 7. Enable the module in php.ini, restart apache. ## Incidentally, when I tried to compile the pfpro module from within the PHP source using buildconf, I got setting mismatch errors when trying to load it into Debian's PHP binaries. However, by moving the extension out of the PHP source, and using phpize to setup it up, it loaded perfectly. Hope this helps someone else save some time! Regards, Bill Shupp -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Questionary Development
I have a form that contains 100 questions. To make it easier on the user, I will divide it into 5 sections (20 questions per section), then all the information will be written to a db. What is the best way to carry along through the pages the information that has already been submitted? Cookies? Writing to a DB after each section? Session Variables? I read that writing to a database as i go along could be too much of a hazzle for the db, specially if I have multiple people filling out the form at the same time. TIA -- ...helmut helmutgranda.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Questionary Development
I have a form that contains 100 questions. To make it easier on the user, I will divide it into 5 sections (20 questions per section), then all the information will be written to a db. What is the best way to carry along through the pages the information that has already been submitted? Cookies? Writing to a DB after each section? Session Variables? I read that writing to a database as i go along could be too much of a hazzle for the db, specially if I have multiple people filling out the form at the same time. TIA -- helmut helmutgranda.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Sorting Objects in an array by object properties
Hello list, I have an array which holds some objects. Each object represent elements from an email header in a given mailbox. Each object has properties like from, sendtime, subject etc. I want to sort the order of the objects in the array by their attribute sendtime in order to get a list of email header sorted by their arrival time. Has anyone an idea how to solve this? I tried various of the array sorting functions but without success. http://php.net/usort function compare($h1, $h2) { return strcmp($h1-sendtime, $h2-sendtime); } usort($array, 'compare'); Jared -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Questionary Development
I have a form that contains 100 questions. To make it easier on the user, I will divide it into 5 sections (20 questions per section), then all the information will be written to a db. What is the best way to carry along through the pages the information that has already been submitted? Cookies? Writing to a DB after each section? Session Variables? I read that writing to a database as i go along could be too much of a hazzle for the db, specially if I have multiple people filling out the form at the same time. TIA -- helmut helmutgranda.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] DOM: browse childnodes but not recursively
-Original Message- From: Victor Spång Arthursson [mailto:[EMAIL PROTECTED] Sent: 27 May 2005 17:25 To: php-general@lists.php.net Subject: [PHP] DOM: browse childnodes but not recursively Ciao! I really hope someone can help me on this, since I have been putting in to much time in it now, and I have to show off some results ;) The problem is that I can't browse nodelists in only one dimension, that is, whitout getting the sub-nodes of the nodes. My XML reads: element id=5 element id=51Still got the blues/element element id=52Gary Moore/element element id=53 element id=9 element id=531Maggie May/element element id=532Rod Stewart/element element id=533UK/element element id=534Pickwick/element element id=5358.50/element element id=5361990/element /element /element element id=54Virgin records/element element id=5510.20/element element id=561990/element /element I get this as a DOMNodeList in the variable $elements. I will write some examples, to describe my problem. echo $elements-length; // outputs 1 var_dump($elements); // outputs object(DOMNodeList)#5 (0) { } var_dump($elements-item(0)); // contents of element with id=5 // outputs object(DOMElement)#4 (0) { } Here I come to the problem. What I want is to get a list of the 6 elements inside element id=5, but not with child-childs. echo $elements-item(0)-childNodes-length; // Outputs 13! childNodes contains the textnodes too, in this case the whitespace between each of element. So, to put it in short words; how do I do to browse the content of the element id=5 withuot doing it recursively? I want to receive a list when I call childNodes (or equivalent) that gives me the elements with id 51-56, and a length of 6. for($child = $elements-item(0)-firstChild; $child; $child = $child-nextSibling) if ($child-nodeType == XML_ELEMENT_NODE) echo $child-getAttribute('id'), \n; Jared -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Questionary Development
I have a form that contains 100 questions. To make it easier on the user, I will divide it into 5 sections (20 questions per section), then all the information will be written to a db. What is the best way to carry along through the pages the information that has already been submitted? Cookies? Writing to a DB after each section? Session Variables? I read that writing to a database as i go along could be too much of a hazzle for the db, specially if I have multiple people filling out the form at the same time. TIA -- helmut helmutgranda.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] CLI: unable to exec shell commands
Hi all I have several scripts that stoped working. All those scripts have in common that they call shell commands. To find out what was going on, I did a little test cat ? | php ?php echo exec test\n; exec(dir,$output,$errs); ? exec test sh: /usr/local/php/bin/dir: No such file or directory As you can see it is trying to call sh with a weird path. It should use /usr/bin/dir instead Also when I try it with 'type' (which is an internal command) it has the same result. I recently switched from FC3 to FC4 for my development. The PHP binary I'm using was compiled from sources with the following charasteristics: PHP Version = 4.3.10 Configure Command = './configure' '--prefix=/usr/local/bin' '--bindir=/usr/bin' '--with-mysql' '--with-config-file-path=/etc' '--enable-mbstring' '--enable-mbregex' '--with-gd' '--enable-gd-native-ttf' '--with-ttf-dir=/usr/bin' '--with-freetype-dir=/usr/lib' '--with-png-dir=/usr/lib' '--with-xpm-dir=/usr/X11R6' '--enable-ftp' '--enable-memory-limit' '--enable-safe-mode' '--enable-bcmath' '--enable-calendar' '--enable-ctype' '--enable-inline-optimization' '--with-bz2' '--with-iconv' '--with-zlib-dir=/usr/lib' '--disable-cgi' '--with-cli' Server API = Command Line Interface Any ideas? With kind regards Andy -- Registered Linux User Number 379093 -- --BEGIN GEEK CODE BLOCK- Version: 3.1 GAT/O/E$ d-(---)+ s:(+): a--(-)? C$(+++) UL$ P-(+)++ L+++$ E---(-)@ W++$ !N@ o? !K? W--(---) !O !M- V-- PS++(+++) PE--(-) Y+ PGP++(+++) t+(++) 5-- X++ R*(+)@ !tv b-() DI(+) D+(+++) G(+) e$@ h++(*) r--++ y--() -- ---END GEEK CODE BLOCK-- -- Check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Regex question: replacing incidences of character when not enclosed within HTML tags?
Hi All, I have content that contains several lengthy hyphenated sentences, such as: This-is-a-sentence-in-which-all-the-words-are-hyphenated. I've noticed that some (maybe all?) browsers, particularly Firefox, will not wrap long strings of hyphenated words when they are contained in a DIV tag -- instead, the sentence simply runs out across the right border of the DIV and overlaps any content to the right. After some experimentation, I discovered that a hack that seems to behave well in Firefox, Opera, and IE6 is to replace all incidences of the hyphen (-) character with -span style='font-size:0px;' /span. This effectively creates a zero-width space character after each hyphen and allows the sentence to wrap as desired. My dilemma is that while I want to replace any hyphens with the above hack when and where they appear within normal sentences, I don't want to replace them when and where they appear within HTML tags. So, imagine I have a string that contains: div style='text-decoration: none; font-size:11px;'This-is-a-sentence-that-contains-hyphenation. This is a sentence that doesn't contain hyphenation. This is a a href='http://www.nowhere.com/-4484784/index.html'link/a that will take you span style='font-weight: bold;'nowhere/span./div I managed to build a replacement regular expression that would ignore any hyphenated strings that were terminated by a colon (:) character (which effectively leaves inline style attributes in DIV and SPAN blocks untouched). ? $thingy = preg_replace(/(-)(?![\w-]+?:)/i, \$1span style='font-size:0px;' /span, $whatever); ? This seemed to work well in most circumstances, however, in testing I discovered several incidences of a href= urls that also contain hyphens (in particular, some that lead to Amazon.com). So, thinking about it a little more, I decided what I was looking for was a regular expression that would allow me to replace any incidences of hyphens when not contained within tags (i.e., when not contained between and ). And this is where things have ground to a halt. I'm wondering if anyone can give me some help with this? I've tried to find a solution via google, but most regex examples dealing with HTML tags are concerned with finding tags and their contents, not with finding specific instances of characters not contained within tags. Any help appreciated! Much warmth, Murray -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php