[PHP] NNTP
Does anyone know of any examples of using IMAP to connect to NNTP newsgroups, any feedback would be appreciated Cheers. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Anybody using PEAR Auth_HTTP?
Hello - I am having a lot of trouble with Auth_HTTP. I am using PostgreSQL and Auth works fine (after reading the source and figuring out that passwords need to be MD5 encrypted). I can't, however, make Auth_HTTP work at all. This is what I have. I have tried plaintext, md5, and crypt passwords all to no avail. I also can't find any further documentation other than what's on pear.php.net. Any ideas? I've e-mailed pear-general but no response so far. Thanks!! Tim ? require_once Auth_HTTP/Auth_HTTP.php; require_once DB.php; $params = array( dsn = pgsql://tim@localhost/auth, table = auth, usernamecol = username, passwordcol = password ); $a = new Auth_HTTP(DB, $params); $a-start(); ? # select * from auth; username | password --+--- scott| password tim | $apr1$fVALv...$EajPmS/Yib8BzQ4YcfIAy. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Problems with GD 2.0.1
Villie, Might seem a silly question, but do you have gd-2.0.1 installed in /usr/local/gd-2.0.1? Which version does phpinfo() say you're running? What does the libphp4.so file link to? Type ldd libphp4.so in your apache/libexec folder. Perhaps you need to put the path to libgd in /etc/ld.so.conf? I can confirm that RH7 with GD-1.8 RPM and custom built PHP+GD-2.0.1 does work. I normally install libgd in /usr/local and have /usr/local/lib as the first entry in /etc/ld.so.conf (From memory, I think I did this to get libgd working with PHP) Tim Ville Mattila wrote: Hello everyone, I should get GD 2.0.1 installed to my PHP 4.2.2 binary running as a module in the Apache 1.3. The box is RedHat 7.3. There is a previous version of GD (1.8.4) installed as a default and it seems that I can't even get ereased it due to depencies. Anyway, I'd need that GD 2.0.1 due to some functions previous versions of GD don't have at all. I explored the PHP manual and found this little help: http://www.php.net/~rasmus/gd.html. Wonderful, or not! I followed those items in the Rasmus' file step by step, but still without results. I tried to build PHP with make clean (that was only way when the configure changes really affected to the configure command on phpinfo() -function) and then all steps. But no... My PHP script is still shouting Warning: imagecreatetruecolor(): requires GD 2.0 or later. Grr... My current PHP build is configured with following string: './configure' '--with-mysql' '--with-apxs=/etc/httpd/bin/apxs' '--with-curl' '--with-gd=/usr/local/gd-2.0.1' '--with-xml' '--enable-ftp' '--enable-sockets' '--with-freetype-dir=/usr' '--enable-gd-native-ttf' '--enable-gd-imgstrttf' '--with-zlib' '--with-jpeg-dir=/usr' '--with-png-dir=/usr' Well. Any ideas? Ville -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] include XHTML document
On Mon, 2001-09-24 at 08:04, cweiske wrote: I wrote my new page in XHTML 1.0, split it and wanted to include the top part of the file with the include( page_top.htm). The problem is, that the valid XHTML document has to begin with ?xml version=1.0 encoding=iso-8859-1? The problem now is, that ? is interpreted as a begin of php commands. I for myself use ?php when starting commands, but the compiler also use ?. Look in the manual sections on php.ini and the short_tags feature. That option controls the interpretation of the ? tag. - Tim -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Flexible, Component-based and Large Application Systemsin PHP
On Thu, 2001-10-04 at 13:51, Lucas Persona wrote: I'd like to know if anyone has any material regarding the use of PHP on large projects that needs to be flexible and kind of 'component based' (like multiples modules) and what were the benefits and problems found during development/deployment/runtime. I think something like JavaBeans could make it but am not sure if PHP can hadle that too with great success and perhaps, faster than JavaBeans. PHP works quite nicely on large, modular projects. :) A key is using the correct infrastructure and doing your design/architecture work up-front, rather than just slogging out a lot of PHP code and HTML all mixed together. Where I work we've used an environment that's a synergy of pure HTML templates + a servlet/bean infrastructure (implemented in PHP though) with great success. I have a case-study document that I'm in the process of getting permission to publish. I'll post a link to it when I can. - Tim http://www.phptemplates.org -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Create a list of links
On Wed, 2001-10-17 at 16:00, Lauri Vain wrote: Hello all, I need a script that would find all the links (both -- web sites and mail addresses) on a given page with the link text. With the uttermost probability, somebody has written such a script. Can somebody help? There is a class floating around called Snoopy which does at least most of what you'd like...not sure about the link text. You could tweak it's regex and code to do that though. http://snoopy.sourceforge.com - Tim -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] PHP with XML
On Tue, 2001-10-23 at 15:17, Vinicius Tavares wrote: What I have to do to make the PHP4 run the DOM XML??? http://www.php.net/manual/en/ref.domxml.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] PHP4, Flash and tab characters
Change your output string to look like bAcquired=Y and you should be ok. You may find as you get further into this that you need a delay loop to make sure that flash has read all of your data, since it happens asychronously (at least in Flash 4 it did) so you'll want a sentinel value at the end: bAcquired=Yok=1 in the flash movie, set ok=0 and wait/loop until you see ok=1 and you'll know the data reading is complete. (This may have been fixed in Flash 5, but I haven't tested it). - Tim http://www.phptemplates.org The string getting returned looks like so (currently it's just the 1 variable): bAcquired=Y Flash's debugger seems to think that there is a tab character after the 'Y', so in the debugger, the variable bAcquired looks like so: Y\t -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Syntax
You need to do: if (isset(...)) { ... } else if (isset(...)) { ... } else if (isset(...)) { ... } ... On 02 Aug 2001 17:10:26 +0200, BRACK wrote: Hi, I'm in a process of doing site with MySQL database, and most of the code I plased in index.php3 (in one file) but I've got some problems with statements: I have: if (isset(...)) { ... } elseif (isset(...)) { ... } elseif (isset(...)) { ... } else { ... } IT DOESNT WORK! but when I do: if (isset(...)): ... elseif (isset(...)): ... elseif (isset(...)): ... else: ... endif; It works, please tell me what a difference? what do I do wrong that firs variant doesn't work? Yury -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] mail the contents of an array
You could use the implode() function to convert the arrays to strings and then pass the concatenated strings to the mail() function. - Tim On 03 Aug 2001 09:00:04 +, Geoffrey Makstutis wrote: I'm sure that I'm missing something obvious (probably sleep), but how can I take the contents of several arrays and send them via email? I'd like to take each value from the arrays and include them in the message portion of a mail() command. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] References: in front of functionnames
The function return value is by reference. http://www.php.net/manual/en/language.references.php - Tim Ex. in DB/standard.php; function db_fetchall($args=array()){ ... I've seen and used the pass by reference syntax on function parameters but not on functionnames. What effect does reference () have when used in front of the functionname?? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] web hosting
If you want the freedom to do anything you want to your very own server (i.e. not shared with a bunch of other people) then something like http://www.rackspace.com is an alternative (although it costs more :). - Tim On 04 Aug 2001 23:26:44 -0500, Damiano Ferrari wrote: Since I am tired of switching from one web host to another because of the limitations that are imposed... does anybody know of a host provider that supports PHP MySQL and that, differently from my current host, will also allow me to upload files and install the IMAP functions? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] 404's and requesting page
$HTTP_SERVER_VARS[REDIRECT_STATUS] will be 404 (or 403 if you trap those too). $HTTP_SERVER_VARS[REDIRECT_URL] will be the requested URL that caused the error. - Tim http://www.phptemplates.org On 05 Aug 2001 18:46:04 +0100, Tom Carter wrote: I'm using an apache directive to redirect 404's to one of my own pages, and i was wondering it is possible find out what the request was that caused 404. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] 404's and requesting page
Ah, yes. You are correct about the $REDIRECT_URL thing. I was looking at some old code I had to deal with this and mis-read it. :) I use ErrorDoument just as you describe. I just tried this, and on my system $HTTP_SERVER_VARS[REQUEST_URI] contains the URI that generated the error. If your 404 page just dumps phpinfo() you can see the list of variables available to your script. - Tim On 05 Aug 2001 21:16:29 +0100, Tom Carter wrote: Thanks for the advice Tim, however it didn't work. Neither of the statements in your mail were set ... I trued $REDIRECT_STATUS and that was set to 401 (even tho that doc wasn't capturing that error) and $REDIRECT_URL was set to the path of the file handling the errors. Is there some other apache config I need to make? The .htaccess line I have doing the redirect is ErrorDocument 404 path/to/file -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] age
I've been using this one, which is probably close enough for government work ;) It calculates to a one-month resolution. // Calculates elapsed years between fdate and tdate. // The default for to date is today. function elapsed_years($fdate, $tdate=0) { if ($tdate == 0) { $tdate = time(); } $fa = getdate($fdate); $ta = getdate($tdate); // convert dates to number of months since 1900: $fm = $fa[mon] + (($fa[year] - 1900) * 12); $tm = $ta[mon] + (($ta[year] - 1900) * 12); $em = $tm - $fm; return intval($em/12); } - Tim http://www.phptemplates.org On 06 Aug 2001 03:00:13 +0700, Jon Yaggie wrote: does any one know where i can get a script that will convert a birthdate in to an age. i have one half written however i have incounter difficulties with dealing with leap years. perhaps soem one would know the solution . .. or just a premade script is fine $test = strtotime (January 12, 1944); $test2 = strtotime (January 9, 1954); $oneyear = 3600 * 24 * 365; $diff = $test2 - $test; $ans = $diff/$oneyear; echo $ans; Thank You, Jon Yaggie www.design-monster.com And they were singing . . . '100 little bugs in the code 100 bugs in the code fix one bug, compile it again 101 little bugs in the code 101 little bugs in the code . . .' And it continued until they reached 0 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Problem with installing on Solaris 8
'ar' is a system utility. On my system it's in /usr/ccs/bin. - Tim On 06 Aug 2001 18:12:52 +0200, Peter Ostry wrote: We try to install PHP4 on a Sun Netra AC200 (T1) under Solaris 8. After we finally managed to 'configure', we get an error with 'make': bash-2.03# make Making all in Zend make[1]: Entering directory `/usr/share/src/php-4.0.6/Zend' /bin/sh ../libtool --silent --mode=link gcc -g -O2 -o libZend_c.la zend_language_scanner.lo zend_ini_scanner.lo ../libtool: ar: not found -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Display the weather on my site
WeatherUnderground.com and Weather.com both offer little weather boxes for your site. - Tim On 06 Aug 2001 14:44:55 -0400, pierre-yves wrote: Hello, I would like to display the wheather on a page depending on the city of my user. (or the capital of their province/state) Do you know a service/db/web site I could query in order to extract what I need ? py -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Uptime script
Nope, but I do something similar with weather data from my home weather station.:) The jpgraph library (http://freshmeat.net/projects/jpgraph/) is excellent and makes that kind of stuff a snap. A sample graph is attached. - Tim http://www.phptemplates.org On 06 Aug 2001 17:15:53 -0500, Craig Westerman wrote: Does anyone here have a script to run uptime every ten minutes or so, log output, then display daily output in a nice friendly chart? Thanks Craig [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] problem with querystring
Is it found in $HTTP_GET_VARS[par1]? - Tim On 07 Aug 2001 08:02:44 +0700, Ishak Anwar wrote: hai all, i have problem with QueryString. I use php 4.0.x with apache 1.3.x on win 2000 but can not get the querystring on browser. ex: http://localhost/m1.php?par1=value1 on m1.php, i write: ? echo(m1 = $par1 ); ? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] problem with querystring
See: http://www.php.net/manual/en/security.registerglobals.php - Tim On 07 Aug 2001 08:12:46 +0700, Ishak Anwar wrote: with $HTTP_GET_VARS[par1] i can get par1 value... but... why with $par1 variable i can not get it ? thanks -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Split array
See: http://www.php.net/implode - Tim http://www.phptemplates.org On 07 Aug 2001 14:02:04 +0200, Veniamin Goldin wrote: How do I split array so, that I'll get string variable with , delimeter of each array value ? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Alternate way of calling php scripts
It works pretty much as you described. :) Make a script like that and run phpinfo() from it and you'll see all the variations on $PHP_SELF and $HTTP_SERVER_VARS[] that allow you to retrieve the extra parameters from the URL. Note that if your page displays images, you'll need to include a base href=... tag to stop the browser from getting confused. I use this all over the place and it works great. There's also a variant with the Apache ForceType directive that allows you to just do stuff like www.mysite.com/myscript/foo/bar/123 where 'myscript' is really a php file. It's well-discussed in the archives and at phpbuilder. - Tim http://www.phptemplates.org On 08 Aug 2001 06:13:14 -0700, Evan Nemerson wrote: I seem to recall that you can call a PHP script with a slash after it then variables. For instance http://localhost/script.php/your=mom. I can't find it in the manual, and was wondering if anyone knows how it works. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Strange session problems. Please help.
Does anybody know of any issues in PHP 4.0B2 regarding to the handling of session variables on different networks? That little B2 in the version number almost guarantees that there will be problems of some sort. Does anyone have any suggestions (except for 'Upgrade PHP on the 4.0B2 server' or 'move to a different server'. That, unfortunately is beyond my control :( ) I suspect that's about all you can do. You can search the bug database at php.net to see if there is a specific problem and if there are any work-arounds. - Tim -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] RANDOM MOVIE?
Use file() to load in the names of the movies from your text file into an array. Use rand() to pick one of them from the array. - Tim On 08 Aug 2001 17:47:36 -0700, Kyle Smith wrote: Could somebody please show me, send me an example or redirect me to a page which shows how to show a random FLASH movie from a text file which contains different names of different movies so that when i go on the page it shows lets say, 1 of the 5 movies in the text document. Finally and almost hard question (probably not for you but for me AGGH) -lk6- http://www.StupeedStudios.f2s.com Home of the burning lego man! ICQ: 115852509 MSN: [EMAIL PROTECTED] AIM: legokiller666 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] newbie
http://www.phpbuilder.com is loaded with goodies that should be able to help you. - Tim On 08 Aug 2001 12:49:56 -0400, Jeremy Morano wrote: Can anyone give me some information or a link other than php.net PLEASEthank you. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Using fsockopen()
Is the timeout coming from fsockopen() or from the program using too much time? I've used @fsockopen() before without any issues (at least on Linux and Solaris), but if your script is running for a long time, you may need to tweak the execution time limit: http://www.php.net/manual/en/function.set-time-limit.php - Tim On 13 Aug 2001 11:40:04 +0100, David Ovens wrote: Thought I would repost, does anyone have a solution ? I am using php, apache on a windows system. - Original Message - From: David Ovens [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, August 13, 2001 1:26 AM Subject: [PHP] Using fsockopen() I am making a program, that uses the fsockopen command looking at various url's, but occasionally it stops with a timeout error, I have used the @ infront of the fsockopen command, but it still times out with the error, how do I make php ignore the error so that I can make it automatically retry or do something else ?? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Using fsockopen()
Try doing set_time_limit(0); at the start of your script and see if that makes a difference. - Tim On 13 Aug 2001 12:00:24 +0100, David Ovens wrote: this is my fsockopen satement it will check about 4/5 urls and then time out (exceed 30 second timeout error) on the 5/6 url, I have no idea, why my program wont continue checking all the urls in one go. $socket = @fsockopen($urlArray[host], $urlArray[port], $errnum, $errstr, 100); -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Site Stats/Server Logs
I'm rather fond of Webalizer. - Tim On 13 Jul 2001 23:07:46 +1000, ReDucTor wrote: what are some good things for analyising server logs?!? I currently have Wusage, is there any better?!? :D - James ReDucTor Mitchell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] new one is it ??
Boy that looks familiar...my (apache) logs are full of 'em. I wonder if we can make a PHP script called default.ida that sends back a big chunk of data and causes the worm to get a buffer overflow? :) :) - Tim (glad I don't run IIS :) On 13 Aug 2001 22:27:06 +0800, Mark Lo wrote: 208.251.146.123 - - [13/Aug/2001:22:24:27 +0800] GET /default.ida?NNN N%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3% u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u%u00=a HTTP/1.0 400 333 - - - -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] new one is it ??
That's pretty cool. Alas, the 'whois' part of the code doesn't work properly (at least on my system). - Tim On 13 Aug 2001 10:21:45 -0500, Mark Roedel wrote: I rather liked this approach that I saw posted in another list: http://www.klippan.seths.se/default.phps (Does some hostname/whois lookups on the infected server and attempts to email some people who might be able to do something about it.) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] session security issue
If you test $HTTP_SESSION_VARS[uid] instead, you'll know that it came from a session and not from a GET variable. - Tim On 14 Aug 2001 08:42:22 -0300, Christian Dechery wrote: I have pages that uses session for security that looks something like this: ?php session_start(); if( !isset($uid) ) { include(include/auth.inc.php); auth_user(); } more code... ? so $uid tells me if the user is logged on or not... but what if somebody calls the script directly from the address bar like this: http://server/script.php?uid=10 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] apache,php,mysql,flash
Do you have Macromedia Generator installed on your server? It's responsible for taking the .swt and generating the .swf output. - Tim On 15 Aug 2001 14:28:24 +0100, AJDIN BRANDIC wrote: Hi, I have RH6.2, php4, MySQL and want to generate graphs with flash. I have done a graph with Flash5 and Micromedia Generator. This creates a .swt file which takes info from a text file and, i guess, generates a .swf with the graph. I want to allow users to type graph details through an admin area and then generate the text file with PHP. Problem is my server doesn't recognise .swt file and it doesn't generate .swf. I have checked Red Hat site and couldn't find a solution. It has to be that I haven't installed something but eaven after checking the Micromedia site I didn't find a solution. Has anyone got it to work? Regards Ajdin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] apache,php,mysql,flash
You have to buy Generator from Macromedia. It's not free. (in fact, it's pretty expensive :) There are some open/free alternatives out there, but there weren't direct replacements last time I evaluated them. There's also the ming extension for PHP which lets you generate a whole SWF movie at runtime. - Tim On 15 Aug 2001 15:15:20 +0100, AJDIN BRANDIC wrote: Hi, NO this is what i am trying to find out. where can i download it from (for RD6.2 and Aache 1.3.12). I have tried RH site but no joy. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: SV: [PHP] Sending alots of mail
I have a system where we send periodic batches of 60,000 messages at a time, so it's definitely doable. It helps to put some throttling in there (i.e. a sleep() periodically) to be kind to your e-mail server. - Tim On 16 Aug 2001 18:34:11 +0200, Jimmy Bäckström wrote: Hmm I knew that =) I just wondered if it's such a good idea. 5000 mail is very much you know. /Jimmy - Original Message - From: Tyler Longren [EMAIL PROTECTED] To: Jimmy Bäckström [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Thursday, August 16, 2001 6:25 PM Subject: Re: [PHP] Sending alots of mail This was just discussed last week. Here's how: $connection = mysql_connect(host,user,pass); $db = mysql_select_db(db_name, $connection); $sql = mysql_query(SELECT * FROM table_name ORDER BY email ASC); while ($row = mysql_fetch_array($sql)) { $email = $row[email]; $name = $row[name]; // code to send email (use the mail() function) } Good luck, Tyler Longren Captain Jack Communications [EMAIL PROTECTED] www.captainjack.com On Thu, 16 Aug 2001 18:29:04 +0200 Jimmy Bäckström [EMAIL PROTECTED] wrote: Hi list! I'm about to write an application that takes about 5000 mailadresses from a database, and then sends a mail to each one of them. I haven't done this kind of apps before, so I don't know if it's a good idea. Does anyone have any suggestions? /Jimmy -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Dreamweaver templates
PHP already ignores those SGML comments. They're just there for the Dreamweaver editor to know where the editable regions are. - Tim On Mon, 2001-08-20 at 08:45, -:-Doigy-:- wrote: Hi Folks, Can't find an answer in the archives... Can php parse DW templates? ie. I want only a small amount of code to be editable with the ?php ? tag. Dreamweaver places the following code to identify editable regions: !-- #BeginEditable Name_of_region -- \\ editable code here !-- #EndEditable -- I don't think PHP will parse the tags and leave them as dw comments only. They appear to invoke server functions e.g. !-- #include file= -- Is there a way to configure PHP to ignore these tags? Kind regards Steve -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Print..
I'm not familiar with this module, which only works under Windows, but an undefined function usually means an extension is not loaded or available. I notice in php.ini-dist that there is a line extension=php_printer.dll so you'll want to check that your php.ini file has that and it's not commented out. - Tim On Tue, 2019-08-27 at 06:55, Daniel Antonio de Lima wrote: Fatal error: Call you undefined function:printer_open() -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] $HTTP_POST_VARS
while (list($k,$v) = each($HTTP_POST_VARS)) { echo br$k = $v; } On Mon, 2001-08-27 at 21:48, Andy Ladouceur wrote: Hello all, I am wondering if there is a command or function to get a list of all the current '$HTTP_POST_VARS[variable]' variables? Or, a user-created way... Any helps appreciated, thanks! -Andy L. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Re: Sorry, i need HTML help
Yeah, but isn't marquee the ancient Aztec word for tar and feather me, I'm a tastless HTML author who is mesmerised by blinking lights and horizonally scrolling text beyond my control?? Someething like that. - Tim ;) On Wed, 2001-08-29 at 11:35, Gary wrote: marquee/marquee will only work in Internet Explorier. If you want a marquee to work in all browsers you will have to use DHTML. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Quick TXT document stuff
change the first line to $fp = file(meh.txt); - Tim On Thu, 2001-08-30 at 16:31, Kyle Smith wrote: ok i have this code to do whats below, but its not working ?php $fp = fopen(meh.txt,r); for($i=0;$i2;$i++) { print $fp[$i]; } ? -lk6- http://www.StupeedStudios.f2s.com Home of the burning lego man! ICQ: 115852509 MSN: [EMAIL PROTECTED] AIM: legokiller666 - Original Message - From: Kyle Smith [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, August 30, 2001 1:15 PM Subject: [PHP] Quick TXT document stuff Ok im like in a realy hurry here, so can someone please tell me (or show) how i make a script read the first (top) 1 or 5 lines from a text document? Thanks! -lk6- http://www.StupeedStudios.f2s.com Home of the burning lego man! ICQ: 115852509 MSN: [EMAIL PROTECTED] AIM: legokiller666 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] php's future
Actually, an optimizing Java compiler would have detected it was a dead loop (i.e. didn't actually do anything) and just skipped it, meaning it took four seconds just to load the JSP page and invoke the bean. :) :) The only benchmarks that mean anything are your actual web applications running on your actual servers...anything else is only speculation. - Tim http://www.phptemplates.org On Sun, 2001-09-02 at 15:08, Mark Charette wrote: And, of course, the JSP was running 2 x 2 iterations, or 400,000,000 iterations, in a few seconds. Yeah, right. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Log file analysis
You can use the Apache CustomLog directive to send each virtual host's traffic to it's own logfile. http://httpd.apache.org/docs-2.0/logs.html#accesslog - Tim http://www.phptemplates.org On Thu, 2001-08-30 at 09:59, Mark Lo wrote: Hi, Is there any software or program exists that can show the site statistics for each virtual domain when individual client access statistics page from their browser. (Assume virtual domain is used, and all of the domain's log file is in one large file).I am using php 4 + Redhat Linux 6.2 + Apache. Any ideas ??? Thank you Mark -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Problems with Sessions?
When I first browse to a site on my LAN, I get links with URLs that look like this: chat/?PHPSESSID=f3d149f79f5196bd709fb3c256dbb3d8 after a refresh, the whoe PHPSESSID goes away. Wondered if there was some setting in php.ini that I've overlooked? I'm running PHP4 with Apache on an Unstable Debian box. Any help would be appreciated :-) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Apache redirection by PHP
Look in the Apache manual at the section on mod_rewrite. - Tim On Tue, 2001-09-11 at 05:58, Andrew Perevodchik wrote: I have the DNS alias on my server for * (which means any name). So that any requests for http://anyname.my.host are recieved by one virtual server. I need to make apache return /anyname/files/example.txt rather than /files/example.txt (which is actually requested). anyname depends on the user's request. I have tried to catch the requested name of server, and add it to $DOCUMENT_ROOT variable. It changed as I expected it to, but still /files/example.txt is returned. I've also tried to use setenv() -- the same result. Is there any way to do this kind of trick? -- Andrew Perevodchik [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] More thoughts about PHP: Taglibs
A good template library (and there's quite a few out there) will take care of this issue. You can have nearly pure HTML files and pure PHP files and maintenance and readability of your projects is much improved. - Tim http://www.phptemplates.org On Tue, 2001-09-11 at 01:04, Dr. Evil wrote: It seems to me that one of the problems with PHP is that you have to include code in your HTML pages. Even with the cleanest design, you end up with HTML that looks like this: ... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Protecting variables and functions? Like C#
This would certainly be a nice feature to have, especially if you've done any development with Java or C++ in the past. Many PHP class authors adopt a convention that variables or functions that start or end in an underscore (_) should be treated as private and used at your own risk, i.e. they may change in a future release of the class or not work properly/safely when accessed directly. - Tim http://www.phptemplates.org On Wed, 2001-09-19 at 09:00, Emile Bosch wrote: I am a huge fan of php but i am kinda scared by c# i really like it's ability to make functions and variable not accessible and therefore force the user to use a function instead of accessing it indirectly. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Protecting variables and functions? Like C#
Private methods and variables are necessary for any serious language that supports class libraries, IMHO. There are currently some manual methods (i.e. naming conventions) of accomplishing this, but for the best results it should be enforced by the compiler/interpreter. Some might also say that strong typing (or at least more formal typing) is a requirement, but I'm quite happy without all the related hoops that C++/Java makes you jump through...that alone is enough to give the average PHP developer a big boost in productivity vs. those languages. :) :) - Tim http://www.phptemplates.org On Wed, 2001-09-19 at 10:13, Jason Stechschulte wrote: On Wed, Sep 19, 2001 at 03:24:31PM +0200, Emile Bosch wrote: thanks tim, but do you know wheter they are gonna implement such a feature cuz that's somethgin that the language actually must have to become really professional or somethign. The language is already quite professional. Yes a feature like that would be nice in the eyes of many people, but saying it is a must and is needed to make the language professional is quite a joke. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] if statement
You need to use == instead of = in that situation. - Tim On Thu, 2001-09-20 at 09:46, Jeb Anderson Scarbrough wrote: This seems to be a simple questions, but it is baffling me for some reason. How do I create an if statement with multiple conditions. For example, I cannot get either of these to work correctly: if(isset($REMOTE_USER) $AUTH_TYPE='securid') { // do something } else { // do something else } -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Moving a PHP/MySQL web site ???
You can just use mysqldump to copy the contents of the database to a file, and it will be easy to re-create it on the new site. - Tim http://www.phptemplates.org I will be having to face the dubious task of moving my PHP/MySQL-based website to another server. Can anyone out there point me to some GOOD documentation on this? The .php files I'm not as concerned about. I've been using the $DOCUMENT_ROOT in all of my includes. I'm more concerned about getting the MySQL databases ( actual files ??? ) moved over correctly. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Excel not opened in browser when changing header
Hi I tried using the code below to send the output to an Excel sheet in my browser by changing the header to "Content-type: application/vnd.ms-excel". However I only see normal text in a browser. Excel is not launched. What is wrong?? -- ?php Header ("Content-type: application/ms-excel"); Header ("Content-type: application/vnd.ms-excel"); echo "htmlbody"; echo "table"; echo "thF1/ththF2/th"; echo "trtdHi/tdtdHi/td/tr"; echo "/table"; echo "/body/html"; ? -- Thanks Tim -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] file uploads Q?
Børge Holen wrote: On Monday 11 December 2006 20:48, Jochem Maas wrote: Richard Lynch wrote: On Sat, December 9, 2006 12:18 pm, William Stokes wrote: Is it possible to allow user pick several images and upload them all at once? (I need to pass the images to a function for the resize). Or do I need to give several browse buttons to allow multiple file uploads? Yes, you would need to have several INPUT TYPE=FILE browse buttons. Also I have seen a application (written with MS tools) that allows user to upload a zip file containing images and the zip is automatically uncompressed to a server disk. Can this be done with PHP also? Yes. http://php.net/zip the zip extension is only available in php5.2 (or installable via pecl). another option would to use the exec() function to make a call to gunzip in order to unpack the contents of the zip file. a truely poorman's alternative would be to offer multiple FILE input fields on the relevant page and check which one's are not empty when the submission occurs. there is no reason for checking each input. is that crack your smoking? Well considering you are using multiple FILE input fields, when you post the form all file info is stored in $_FILE array.. So weather or not the user added a file to the a certain field is irrelevant. For example: input name=userfile[] type=file size=10 --- filled input name=userfile[] type=file size=10 input name=userfile[] type=file size=10 --- filled You would then parse this with: for ($i=0; $icount($_FILES['userfile']['name']); $i++) { your code here } count($_FILES['userfile']['name']); would be two here if you want to make sure user has uploaded three files then just compare to the count() value.. otherwise just parse the content.. So no I don't think he's on crack mate :) Take a look at my earlier questions with the subject A general UL script and the replies with various ppl here 'bout the use of $_FILES. This way it will check anything listed in the file(s) input of form(s). er, whatever. whose next? Some people generate large amounts of irrelevant crap traffic for nothing imo :) Tim -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] file uploads Q?
-Message d'origine- De : Jochem Maas [mailto:[EMAIL PROTECTED] Envoyé : mardi 12 décembre 2006 14:10 À : Tim Cc : php-general@lists.php.net Objet : Re: [PHP] file uploads Q? Tim wrote: Børge Holen wrote: On Monday 11 December 2006 20:48, Jochem Maas wrote: Richard Lynch wrote: On Sat, December 9, 2006 12:18 pm, William Stokes wrote: Is it possible to allow user pick several images and upload them all at once? (I need to pass the images to a function for the resize). Or do I need to give several browse buttons to allow multiple file uploads? Yes, you would need to have several INPUT TYPE=FILE browse buttons. Also I have seen a application (written with MS tools) that allows user to upload a zip file containing images and the zip is automatically uncompressed to a server disk. Can this be done with PHP also? Yes. http://php.net/zip the zip extension is only available in php5.2 (or installable via pecl). another option would to use the exec() function to make a call to gunzip in order to unpack the contents of the zip file. a truely poorman's alternative would be to offer multiple FILE input fields on the relevant page and check which one's are not empty when the submission occurs. there is no reason for checking each input. is that crack your smoking? Well considering you are using multiple FILE input fields, when you post the form all file info is stored in $_FILE array.. So weather or not the user added a file to the a certain field is irrelevant. For example: input name=userfile[] type=file size=10 --- filled input name=userfile[] type=file size=10 input name=userfile[] type=file size=10 --- filled You would then parse this with: for ($i=0; $icount($_FILES['userfile']['name']); $i++) { your code here } nice, so basically what your saying is need to check each input. if you have three file inputs - regardless of what you call them (using the '[]' gives you a nice array structure to loop) you will have to check each one to see whether it 'contains' a *valid* *uploaded* file (or whether the user uploaded nothing in a given input, or whether an error occured with a particular file, etc). copy/pasting sombody else's file upload handler code doesn't constitute 'no reason to check each input' - it's simply handing off the input checking onto code written by someone else. Ermm ok, if you say so, thats a standard validation loop i made using info from php.net, so yes i did copy/paste.. MY code.. I never said you don't need to check each file.. Isn't it standard to validate each file against certain parameters? I validate each input as each file uploaded (images) are set to be displayed in a certain fashion on the main page based on weather it is number 0 (main image) number 0 are secondary images that require smaller thumbnails. Secondly my clients want the files displayed in a certain order rather then randomly getting files from a certain directory. I add the file position ($i) in the database for correct display order. All depends on the context of which you want to display the files later on.. Thats just my way of parsing it there are many others.. Mine works, its fast, and requires little code rather then bulking my site with costly java applets. So no I don't think he's on crack mate :) either way he's unlikely to be financing said crack habit with the proceeds of paid php development. I just made a remark on this, because i believe debate on a certain fashion of coding is valid on this list, comments like yours which have nothing to do with coding and are just a personal opinion maybe expressing your frustration with life are not what I look for on this list. Wasting my time opening a message with these types of remarks is not what I am looking for either. Furthermore these kinds of comments degrade the quality of these lists. And I don't think I am alone in believing this. Regards, Tim -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] php redirection..
Just a quick question regarding this issue. Considering bruce wants to be able to display the data and then change location after a given time, and as stut said you can't do this with a header() as it redirects before output, I would have imagined a dynamic meta tag in the header with a time variable and a location variable. But then I wonder what affect this has regards to html standards? Are dynamic meta tags depreciated? Regards, Tim -Message d'origine- De : Stut [mailto:[EMAIL PROTECTED] Envoyé : mardi 12 décembre 2006 19:52 À : [EMAIL PROTECTED] Cc : php Objet : Re: [PHP] php redirection.. bruce wrote: hey stut... Please don't reply to me directly, always include the mailing list. thanks for the reply... i did get some output... i also have a question as to why i couldn't get it to work when i used 'header (foo.php)' 1) The correct way to redirect using the header function is header('Location: http://domain.com/foo.php'); Note the absolute URL. 2) Using header will definitely not display any output from the page. i did a 'ob_end_flush()' at the start, followed by a 'header()' at the end, but the header didn't seem to function as i though it should. I suggest you read about the header function in the manual (http://php.net/header) - you clearly don't have any idea what it does. given that the ultimate information that i'm going to want to display will be dynamic. some times it might be 5 lines, others 100, others 50... i had hoped that i could somehow display the content, wait a few seconds, and then do an auto redirect... Like I said in my first reply, Google for the Javascript function settimeout - that's what you need. any thoughts/comments... I have lots of comments. Thoughts are less common but they do occasionally happen. -Stut -Original Message- From: Stut [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 12, 2006 9:21 AM To: [EMAIL PROTECTED] Cc: php-general@lists.php.net Subject: Re: [PHP] php redirection.. bruce wrote: i want to be able to display some text/content and to then redirect the user to another page. basically: cat.php -echo test contentbr -echo more test contentbr //redirect user echo script location.href='foo.php'; /script ; --- foo.php -echo i'm here should be pretty simple... however, in my test, without the script/location.href i display the content ok. when i add the script/location.href, i get redirected, but the content is never displayed... any thoughts/samples/pointers on what might be going on, and how this should really be accomplished.. to be honest, i'm embarrassed to even be raising this here!! And so you should be what with it being a Javascript question and this being a PHP list. Anyhoo, I don't get your confusion. The browser will run the script as it loads it from your site. Ergo, it redirects before it displays what you have output. I suggest you Google for examples of the settimeout Javscript function - that's what you need to delay the redirect. -Stut -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] php redirection..
Just a quick question regarding this issue. Considering bruce wants to be able to display the data and then change location after a given time, and as stut said you can't do this with a header() as it redirects before output, I would have imagined a dynamic meta tag in the header with a time variable and a location variable. But then I wonder what affect this has regards to html standards? Are dynamic meta tags depreciated? Regards, Tim -Message d'origine- De : Stut [mailto:[EMAIL PROTECTED] Envoyé : mardi 12 décembre 2006 19:52 À : [EMAIL PROTECTED] Cc : php Objet : Re: [PHP] php redirection.. bruce wrote: hey stut... Please don't reply to me directly, always include the mailing list. thanks for the reply... i did get some output... i also have a question as to why i couldn't get it to work when i used 'header (foo.php)' 1) The correct way to redirect using the header function is header('Location: http://domain.com/foo.php'); Note the absolute URL. 2) Using header will definitely not display any output from the page. i did a 'ob_end_flush()' at the start, followed by a 'header()' at the end, but the header didn't seem to function as i though it should. I suggest you read about the header function in the manual (http://php.net/header) - you clearly don't have any idea what it does. given that the ultimate information that i'm going to want to display will be dynamic. some times it might be 5 lines, others 100, others 50... i had hoped that i could somehow display the content, wait a few seconds, and then do an auto redirect... Like I said in my first reply, Google for the Javascript function settimeout - that's what you need. any thoughts/comments... I have lots of comments. Thoughts are less common but they do occasionally happen. -Stut -Original Message- From: Stut [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 12, 2006 9:21 AM To: [EMAIL PROTECTED] Cc: php-general@lists.php.net Subject: Re: [PHP] php redirection.. bruce wrote: i want to be able to display some text/content and to then redirect the user to another page. basically: cat.php -echo test contentbr -echo more test contentbr //redirect user echo script location.href='foo.php'; /script ; --- foo.php -echo i'm here should be pretty simple... however, in my test, without the script/location.href i display the content ok. when i add the script/location.href, i get redirected, but the content is never displayed... any thoughts/samples/pointers on what might be going on, and how this should really be accomplished.. to be honest, i'm embarrassed to even be raising this here!! And so you should be what with it being a Javascript question and this being a PHP list. Anyhoo, I don't get your confusion. The browser will run the script as it loads it from your site. Ergo, it redirects before it displays what you have output. I suggest you Google for examples of the settimeout Javscript function - that's what you need to delay the redirect. -Stut -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] php redirection..
-Message d'origine- De : Youri LACAN-BARTLEY [mailto:[EMAIL PROTECTED] Envoyé : mercredi 13 décembre 2006 09:09 Cc : 'php' Objet : Re: [PHP] php redirection.. Tim wrote: Just a quick question regarding this issue. Considering bruce wants to be able to display the data and then change location after a given time, and as stut said you can't do this with a header() as it redirects before output, I would have imagined a dynamic meta tag in the header with a time variable and a location variable. But then I wonder what affect this has regards to html standards? Are dynamic meta tags depreciated? What exactly do you have in mind when you mention dynamic meta tags? Do you just mean using a meta refresh tag? Yes I meant just using a meta refresh tag with php variables to make it more flexible: echo 'meta http-equiv=refresh content=' . $time . ';url=' . $url . ''; I modify meta title/content this way aswell. meta http-equiv=refresh content=2;url=http://www.example.com; I believe that would be the best solution to Bruce's problem. This meta tag can be used on the page with the information to be shown and automatically redirected to the URL specified in the tag after n seconds. In the above example, redirection to www.example.com will happen after 2 seconds. Good luck Bruce Regards, Tim -Message d'origine- De : Stut [mailto:[EMAIL PROTECTED] Envoyé : mardi 12 décembre 2006 19:52 À : [EMAIL PROTECTED] Cc : php Objet : Re: [PHP] php redirection.. bruce wrote: hey stut... Please don't reply to me directly, always include the mailing list. thanks for the reply... i did get some output... i also have a question as to why i couldn't get it to work when i used 'header (foo.php)' 1) The correct way to redirect using the header function is header('Location: http://domain.com/foo.php'); Note the absolute URL. 2) Using header will definitely not display any output from the page. i did a 'ob_end_flush()' at the start, followed by a 'header()' at the end, but the header didn't seem to function as i though it should. I suggest you read about the header function in the manual (http://php.net/header) - you clearly don't have any idea what it does. given that the ultimate information that i'm going to want to display will be dynamic. some times it might be 5 lines, others 100, others 50... i had hoped that i could somehow display the content, wait a few seconds, and then do an auto redirect... Like I said in my first reply, Google for the Javascript function settimeout - that's what you need. any thoughts/comments... I have lots of comments. Thoughts are less common but they do occasionally happen. -Stut -Original Message- From: Stut [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 12, 2006 9:21 AM To: [EMAIL PROTECTED] Cc: php-general@lists.php.net Subject: Re: [PHP] php redirection.. bruce wrote: i want to be able to display some text/content and to then redirect the user to another page. basically: cat.php -echo test contentbr -echo more test contentbr //redirect user echo script location.href='foo.php'; /script ; --- foo.php -echo i'm here should be pretty simple... however, in my test, without the script/location.href i display the content ok. when i add the script/location.href, i get redirected, but the content is never displayed... any thoughts/samples/pointers on what might be going on, and how this should really be accomplished.. to be honest, i'm embarrassed to even be raising this here!! And so you should be what with it being a Javascript question and this being a PHP list. Anyhoo, I don't get your confusion. The browser will run the script as it loads it from your site. Ergo, it redirects before it displays what you have output. I suggest you Google for examples of the settimeout Javscript function - that's what you need to delay the redirect. -Stut -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] preg_match problem
Not a big regex expert, but first off i would recommend not using / as a delimiter for your pattern if you are trying to catch forward slashes in your text. I would use a pattern like: #[a-zA-Z0-9/]{6,}# Regards, Tim -Message d'origine- De : Németh Zoltán [mailto:[EMAIL PROTECTED] Envoyé : vendredi 19 janvier 2007 15:26 À : php-general@lists.php.net Objet : [PHP] preg_match problem Hi all, I have a simple checking like if (preg_match(/[\w\x2F]{6,}/,$a)) as I would like to allow all word characters as mentioned at http://hu2.php.net/manual/hu/reference.pcre.pattern.syntax.php plus the '/' character, and at least 6 characters. But it throws Warning: preg_match(): Unknown modifier ']' and returns false for abc/de/ggg which string should be okay. If I omit the \x2F, everything works fine but / characters are not allowed. Anyone knows what I'm doing wrong? Maybe / characters can not be put in patterns like this? Thanks in advance, Zoltán Németh -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] multi line regular expression?
hi, i have a string that contains the following: $mystring=EOS (((TITLE))) *color* == this is where the content goes it can spreed many lines ... == EOS; i'm using this line of code to try and get the content between == and == preg_match_all(|==(.+)==|,$mystring,$contents,PREG_PATTERN_ORDER); now, if i do a print_r($contents); the thing is empty. but if i put the content of my original variable all on one line (== line 1 _ line 2 _ line 3 _==), it works fine. is there something to get around this one line limit? Thanks for your time and have a nice day Tim -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] What is wrong with this?
hi, i think there is an error in the html part: $drop_down_list .= optionvalue=$aviao$aviao/option; ^ should that not be?: $drop_down_list .= option value='$aviao'$aviao/option; HTH t. -Message d'origine- De : Miguel Brás [mailto:[EMAIL PROTECTED] Envoyé : lundi 24 février 2003 11:04 À : Ernest E Vogelsinger Cc : [EMAIL PROTECTED] Objet : Re: [PHP] What is wrong with this? Hi, yes in fact it worked...I also had the $numrows with wrong mysql command, it should be mysql_num_rows() instead of the mysql_fetch_rows(). Thx Ernest But now that this is working, i have another big problem...my $drop_down_list isn't assuming the value of the shown option...right here on the below part for ($i = 0; $i $num; $i++) { $aviao = mysql_result($resultaviao, $i, aviao); $sk = mysql_result($resultaviao, $i, sk); $drop_down_list .= optionvalue=$aviao$aviao/option; } ** So he isn't getting the data from DB. He displays all records on DB available at aviao field, but he is not making the correct mysql query... Anyone knows why? - Original Message - From: Ernest E Vogelsinger [EMAIL PROTECTED] To: Miguel Brás [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Monday, February 24, 2003 9:45 AM Subject: Re: [PHP] What is wrong with this? At 10:37 24.02.2003, Miguel Brás said: [snip] //logical request if ($nome) { $sql=aviao = '$nome' ; } if ($code) { $sql=code = '$code' ; } $query = SELECT * FROM ssr WHERE; $query .= $sql; [snip] Hi, I've copied only the relevant lines of your program. The issue here is that your string concatenation results in SELECT * FROM ssr WHEREaviao = 'Airbus' Note the missing space after WHERE. Your code should better read $query = SELECT * FROM ssr WHERE ; $query .= $sql; Have an eye on the added blank after WHERE. HTH, -- O Ernest E. Vogelsinger (\)ICQ #13394035 ^ http://www.vogelsinger.at/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] explode( , $pizza)
The following example illustrates the use of the split method. function SplitDemo(){ var s, ss; var s = The rain in Spain falls mainly in the plain.; // Split at each space character. ss = s.split( ); return(ss); } HTH t. -Message d'origine- De : John Taylor-Johnston [mailto:[EMAIL PROTECTED] Envoye : mardi 25 fevrier 2003 07:22 A : [EMAIL PROTECTED] Objet : [PHP] explode( , $pizza) Off topic :) ? Anyone know how to explode using javascript? $pieces = explode( , $pizza); John -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Fatal error: Call to undefined function: mysql_connect()
Setup: 2 servers, one with PHP 4.1.2 and no MySQL installed, the other has MySQL and PHP 4.1.2 Problem: I am attempting to connect to the MySQL server from the server without MySQL, but I get the error that shows in the subject. Fatal error: Call to undefined function: mysql_connect() in /folder/index.php on line 11 I was told that maybe the extension for MySQL was not setup in PHP. I thought that maybe it was just because MySQL wasnt installed on the system I am working on, but it makes sense that I am not trying to access a database on the system I am working from, but trying to access one on a different server all together. What do you think? Thanks, Tim -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] overloaded, overworked ereg statement?
This script worked on one server, but started choking after I moved it to a new server. Summary: I use the php_auto_prepend script to start output buffering, then use the php_auto_append script to extract the content between the title tags and between the body tags. When the size of the content between the body tags reaches around 11,500 characters, the ereg function stops working correctly. What governs the number of characters that ereg can process? I looked at the phpinfo from both servers but didn't find any clues... Thanks for the help :) FYI sample code: prepend-- ?php ob_start(); ? append-- ?php // load document into $file_text $file_text = ob_get_contents(); ob_end_clean(); // extract title unset($regs); // use preg_match because its supposed to be faster... //eregi(title(.*)/title,$file_text,$regs); preg_match(|title(.*)/title|i,$file_text,$regs); $document_title = $regs[1]; // extract body of document (need to add onload statement in body tag) unset($regs); // I don't have the foggiest why preg_match doesn't seem to work here... //preg_match(|\body(.*)/body$|i,$file_text,$regs); //preg_match(|(.*)|i,$regs[1],$temp); eregi(body(.*)/body,$file_text,$regs); ereg((.*),$regs[1],$temp); $template_body = $temp[1]; // stuff $document_title and $document_body into the official template /* snip */ ? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] overloaded, overworked ereg statement?
Travis Low wrote: Break it up a little. Try something like this: $title = preg_replace( /.*title/i, , $file_text ); $title = preg_replace( //title.*/i, , $title ); My title one worked, but I like your idea. I started to write that you were all flip-flopped on your title example, until I realized you were using preg_replace instead of preg_match. quoting Mr. Spock: An ancestor of mine maintained, that if you eliminate the impossible, whatever remains, however improbable, must be the truth. Ditto for body. now I have // strip everything above and including body... $body = preg_replace(/.*body.*/iU,'',$file_text); // strip everything after and including /body $body = preg_replace(/\/body.*/i,'',$body); Works lik a charm! Thanks :) Tim Since you're looking for certain tags, it stands to reason that you're primarily interested in characters after characters. So this might be faster: $chunks = split( , $file_text ); for( $i = 0; $i count( $chunks ); $i++ ) { if( 0 === strpos( $chunks[$i], title ) ) { # Title starts after the next , so get it. # If you're careful, you can modify $i here # as you gather up the title. } if( 0 == strpos( $chunks[$i], body ) ) { # Body starts after the next # Modify $i, but be vewwy caweful. } } The de-commenting is left to the reader. cheers, Travis Tim wrote: This script worked on one server, but started choking after I moved it to a new server. Summary: I use the php_auto_prepend script to start output buffering, then use the php_auto_append script to extract the content between the title tags and between the body tags. When the size of the content between the body tags reaches around 11,500 characters, the ereg function stops working correctly. What governs the number of characters that ereg can process? I looked at the phpinfo from both servers but didn't find any clues... Thanks for the help :) FYI sample code: prepend-- ?php ob_start(); ? append-- ?php // load document into $file_text $file_text = ob_get_contents(); ob_end_clean(); // extract title unset($regs); // use preg_match because its supposed to be faster... //eregi(title(.*)/title,$file_text,$regs); preg_match(|title(.*)/title|i,$file_text,$regs); $document_title = $regs[1]; // extract body of document (need to add onload statement in body tag) unset($regs); // I don't have the foggiest why preg_match doesn't seem to work here... //preg_match(|\body(.*)/body$|i,$file_text,$regs); //preg_match(|(.*)|i,$regs[1],$temp); eregi(body(.*)/body,$file_text,$regs); ereg((.*),$regs[1],$temp); $template_body = $temp[1]; // stuff $document_title and $document_body into the official template /* snip */ ? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Parsing mail file
-Message d'origine- De : Dotan Cohen [mailto:[EMAIL PROTECTED] Envoyé : mardi 30 janvier 2007 12:48 À : Pierre Pintaric Cc : php-general@lists.php.net Objet : Re: [PHP] Parsing mail file On 30/01/07, Pierre Pintaric [EMAIL PROTECTED] wrote: If somebody uses a great function and want to share, I will please him... :-) Er, could you please define I will please him? I think that you've scared off a few potential helpers He's french, i think he means he 'would be gratefull' hehe Cheers, Tim Sorry i hit reply instead of reply to all Dotan. Dotan Cohen http://lyricslist.com/lyrics/artist_albums/220/gin_blossoms.html http://rorot.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] TR: Manipulating categories in a php database
Hello all, This is more of a conceptional question rather then a technical one. I am developping an online catalog, the catalog is a standard categorie/subcat/subsubcat system using the following logic in my database: cat_id cat_name 10DVD 1010 DVD/Action 1020 DVD/Adventure 20CD 2010 CD/Reggae 2020 CD/Electro Up to now I enter the category id's manually from an administration console. I would like to be able to have my console automagically generate a cat_id when my users add categories (so they don't have to bother with that aspect of adding a category) and I would also like to be able to move a category up or down in the way it displays on the page, as of now I am sorting by cat_id I have been for a while trying to develop a logical scheme to be able to generate the id's and change their cat_id to reflect a new position in how it displays (displaying DVD/Action after DVD/Adventure for example I would need to change the cat_id from 1010 to something above 1020 say 1021). This is fine as I can test the previous elements cat_id and add or subtract 1 but I get stuck when I have a cat_id say 1010 that I would want to put between 1011 and 1012. I'm having trouble developing the algorithm that would allow this.. Would appreciate any ideas that may help me conclude this function in my module. Regards, Tim Earl
[PHP] Manipulating categories in a mysql database
Hello all, This is more of a conceptional question rather then a technical one. I am developping an online catalog, the catalog is a standard categorie/subcat/subsubcat system using the following logic in my database: cat_id cat_name 10DVD 1010 DVD/Action 1020 DVD/Adventure 20CD 2010 CD/Reggae 2020 CD/Electro Up to now I enter the category id's manually from an administration console. I would like to be able to have my console automagically generate a cat_id when my users add categories (so they don't have to bother with that aspect of adding a category) and I would also like to be able to move a category up or down in the way it displays on the page, as of now I am sorting by cat_id I have been for a while trying to develop a logical scheme to be able to generate the id's and change their cat_id to reflect a new position in how it displays (displaying DVD/Action after DVD/Adventure for example I would need to change the cat_id from 1010 to something above 1020 say 1021). This is fine as I can test the previous elements cat_id and add or subtract 1 but I get stuck when I have a cat_id say 1010 that I would want to put between 1011 and 1012. I'm having trouble developing the algorithm that would allow this.. Would appreciate any ideas that may help me conclude this function in my module. Regards, Tim Earl -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] TR: Manipulating categories in a php database
Ok great stuff, thank you, that has enlightened me on the method I need to develop :) Oh and about the double msg, sorry fighting with outlook here, not my usual client ;) Regards, Tim -Message d'origine- De : Robert Cummings [mailto:[EMAIL PROTECTED] Envoyé : mardi 30 janvier 2007 19:40 À : Tim Cc : php-general@lists.php.net Objet : Re: [PHP] TR: Manipulating categories in a php database On Tue, 2007-01-30 at 19:29 +0100, Tim wrote: Hello all, This is more of a conceptional question rather then a technical one. I am developping an online catalog, the catalog is a standard categorie/subcat/subsubcat system using the following logic in my database: cat_id cat_name 10DVD 1010 DVD/Action 1020 DVD/Adventure 20CD 2010 CD/Reggae 2020 CD/Electro Up to now I enter the category id's manually from an administration console. I would like to be able to have my console automagically generate a cat_id when my users add categories (so they don't have to bother with that aspect of adding a category) Either make the cat_id auto increment and let MySQL generate it for you, or lock the table, get the last ID, create the new row with ID = LastID = 1, and then unlock the table. and I would also like to be able to move a category up or down in the way it displays on the page, as of now I am sorting by cat_id Order the data in a linked list. Move the link in question up and down as necessary. I have been for a while trying to develop a logical scheme to be able to generate the id's and change their cat_id to reflect a new position in how it displays (displaying DVD/Action after DVD/Adventure for example I would need to change the cat_id from 1010 to something above 1020 say 1021). This is fine as I can test the previous elements cat_id and add or subtract 1 but I get stuck when I have a cat_id say 1010 that I would want to put between 1011 and 1012. I'm having trouble developing the algorithm that would allow this.. Use a new field called display_order or display_rank. When moving items around via linked list regenerate the display_order based on the position within the list. Save these values to the database. When selecting categories from the database order based on this field, and then any other field you want (in case of no ordering). For instance I usually order by display_order, title. And only set ordering information for specific fields I want positioned at the front or end of the list. This is slightly more complicated though since you need to preserve no ordering for naturally ordered items and when moving order items around they should be able to skip past or before all naturally ordered items. Cheers, Rob. -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Need desperate help with query
-Message d'origine- De : Skip Evans [mailto:[EMAIL PROTECTED] Envoyé : mercredi 31 janvier 2007 17:26 À : PHP-General Objet : [PHP] Need desperate help with query Okay, so SQL questions shouldn't come to the list, You are aware of that too eh? So why mail here? but I am in dire need of some assistance that uses a LEFT JOIN and must also get a count of records in the RIGHT table, plus group by that count and order by it. Not all PHP developpers use MySQL, am sure you would get a much better answer on a MySQL list? If anyone can help out with this and would be willing to email me off list to take a look at it the good karma and appreciation would rain down upon you in such multitudes as to... as to... as... to... Don't think most here do it for the praise... I've run out of hyperbole. Help! Indeed :P Regards, Tim -- Skip Evans Big Sky Penguin, LLC 61 W Broadway Butte, Montana 59701 406-782-2240 http://bigskypenguin.com =-=-=-=-=-=-=-=-=-= Check out PHPenguin, a lightweight and versatile PHP/MySQL development framework. http://phpenguin.bigskypenguin.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Manipulating categories in a mysql database
-Message d'origine- De : Richard Lynch [mailto:[EMAIL PROTECTED] Envoyé : jeudi 1 février 2007 02:35 À : Tim Cc : php-general@lists.php.net Objet : Re: [PHP] Manipulating categories in a mysql database On Tue, January 30, 2007 12:36 pm, Tim wrote: This is more of a conceptional question rather then a technical one. I am developping an online catalog, the catalog is a standard categorie/subcat/subsubcat system using the following logic in my database: cat_id cat_name 10DVD 1010 DVD/Action 1020 DVD/Adventure 20CD 2010 CD/Reggae 2020 CD/Electro Up to now I enter the category id's manually from an administration console. I would like to be able to have my console automagically generate a cat_id when my users add categories (so they don't have to bother with that aspect of adding a category) and I would also like to be able to move a category up or down in the way it displays on the page, as of now I am sorting by cat_id Rule of thumb for SQL: Never ever ever sort by *_id, because it will almost alway send up biting you in the butt sooner or later. Add a 'rank' column and maintain that in your web application. I have been for a while trying to develop a logical scheme to be able to generate the id's and change their cat_id to reflect a new position in how it displays (displaying DVD/Action after DVD/Adventure for example I would need to change the cat_id from 1010 to something above 1020 say 1021). This is fine as I can test the previous elements cat_id and add or subtract 1 but I get stuck when I have a cat_id say 1010 that I would want to put between 1011 and 1012. I'm having trouble developing the algorithm that would allow this.. Once you separate the cat_id and the 'rank' you will have no problems. Your cat_id can just be auto_increment and never displayed to the user. Your 'rank' can be a simple integer, and to re-order you'll just do like: ?php //Assume cat_id # 7 needs to move to the 42nd place in the list: $cat_id = 7; $new_rank = 42; $query = update catalog set rank = rank + 1 where rank = $new_rank; mysql_query($query) or error_log(mysql_error() . $query); $query = update catalog set rank = $new_rank where cat_id = $cat_id; mysql_query($query) or error_log(mysql_error() . $query); ? This may create a hole in the rank listing, if $cat_id 7 used to be LOWER than 42. A little bit more effort can solve this, however. AFTER the above queries, tack on: if ($old_rank $new_rank){ $query = update catalog set rank = rank - 1 where rank $old_rank; mysql_query($query) or error_log(mysql_error() . $query); } You could go even further and change the minimum number of ranks needed in any given change, to avoid thrashing the index on the rank. This would be crucial if your table was very large. Thanks a lot, that put me in the right direction, I am studying this option as I write this, I have drawn it up in a diagram and it looks quite simple now. I have also discovered a flaw in my database programming that made me realize how badly I use the MySQL engine by doing the sorting at the application-layer level rather then using the MySQL engine to sort the info prior to sending back to the application.. Have now discovered, indexing, foreign keys, and joins :D Great list, always opening new doors :) Thank you much for all your suggestions! Regards, Tim -- Some people have a gift link here. Know what I want? I want you to buy a CD from some starving artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] PHP book reviewers wanted
-Message d'origine- De : tedd [mailto:[EMAIL PROTECTED] Envoyé : lundi 5 février 2007 17:10 À : Manuel Lemos; php-general@lists.php.net Objet : Re: [PHP] PHP book reviewers wanted At 1:05 AM -0200 2/5/07, Manuel Lemos wrote: Demonstrating good English writing skills and having published good book reviews in the past gets me preference. gets me preference ??? Quote: good English writing skills :P Me get any money for this? tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] PHP4 to PHP5 issue
Hi, -Message d'origine- De : Skip Evans [mailto:[EMAIL PROTECTED] Envoyé : lundi 5 février 2007 19:31 Cc : PHP-General Objet : Re: [PHP] PHP4 to PHP5 issue Jochem Maas wrote: the problem is not with $q but with $db. $db is not an object, why that is so I don't know - more bug hunting for you I'm afraid. Woops! I sure read that one wrong. Thanks, I will dig deeper. Does anyone have any experience running dotProject under PHP5? Yes, our company used it for three months before dumping it regarding PHP5 incompatibility and some other mistakes.. I ended up having to fix/hack too many things (sessions doing weird things, broken forum, translations all messed up, user roles not working quite right, admin system funked) it wasn't worth my time, we developed a more specialized app for project management internally. Other then the fact that it is definitely NOT PHP5 compatible it seems to be a great project manager with many great features. I'd assume if you really want to use it, run it on a server with PHP4 you'll save yourself some time and headaches. Regards, Tim Skip Evans Big Sky Penguin, LLC 61 W Broadway Butte, Montana 59701 406-782-2240 http://bigskypenguin.com =-=-=-=-=-=-=-=-=-= Check out PHPenguin, a lightweight and versatile PHP/MySQL development framework. http://phpenguin.bigskypenguin.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] PHP4 to PHP5 issue
-Message d'origine- De : Jochem Maas [mailto:[EMAIL PROTECTED] Envoyé : lundi 5 février 2007 21:00 À : Skip Evans Cc : 'PHP-General' Objet : Re: [PHP] PHP4 to PHP5 issue Skip Evans wrote: Tim wrote: Yes, our company used it for three months before dumping it regarding PHP5 incompatibility and some other mistakes.. I ended up having to fix/hack too many things (sessions doing weird things, broken forum, translations all messed up, user roles not working quite right, admin system funked) it wasn't worth my time, we developed a more specialized app for project management internally. Well, I hate to use this kind of language on the list, but I feel I must say that sucks. But I want to thank you Tim for saving me all kinds of time trying to get dP going on PHP5. We still have the old server, of course, running right underneath the new rack jobbies, and I can use it for now to run dP for us. Unfortunately, we're quite wedded to it for project management, having modified and customized it extensively to suit our needs. Hate to use the box, though, just for dP since I had it slated to be converted to a pretty sweet workstation. you don't need to use the box - you can install a 2nd copy of apache and run php4 on it and use the apache ProxyPass directive to make the php4/apache setup available via the apache(2)/php5 [std] webserver. Cute, thanks :) search the archives for 'ProxyPass' Oh well, if life were perfect we'd... we'd... heck, we'd have a lot more fun. Thanks again, Tim. Any more experiences with dP and PHP5 are appreciated, although Tim seems to have pretty well nailed it. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] All-in-one PHP Classes
Hello folks, Have been reading posts daily for two months now on the list, and am very pleased at how informative these can be. I have noticed, many examples where one is pointed to using classes downloadable on the internet. Not a very big user of these classes my self (maybe a bit naïf in this sense, but i just can't have unnecessary code loaded on an include() i like to keep things clean and to a minimal)I decided to go through and look at how they are built and what kind of code load we are talking about. This is when i realized how often these classes that do everything are very BIG. Now I realize how many functions this type of class can have and how handy it can be for someone who does not want to code his own, and yes I hear all the reinventing the wheel comments comming forth as well as security etc, BUT (yes THE but) are general classes like this pushing to using bigger, more bloated web application which require more and more bandwidth/processor/ram, server-side? Here, it's the programmer who is confronted with loading huge files into memory to use just one perhaps two function in a 300+ functionality class.. At what moment does one decide to use an all-in-one bloated with out of context functionality, php class, knowing how powerfull only several functions in this class can be to him? Shouldn't these classes be perhaps broken down into usefull parts. Thanks for any input. Regards, Tim -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Boolean-cast and arrays
First thank you all for your input on all-in-one classes. Reading the php manual on boolean types and casts, and came accros the following: quote When converting to boolean, the following values are considered FALSE: ... an array with zero elements ... /quote So here I am sitting and wondering if after all this while doing: $arr = array(); If (count($arr) == 0) {} Shouldn't have been simply doing: $arr = array(); If (!arr) {} Is the latter problematic in any programming standards? Does it take longer to process? Is it using count()? Is Type-Juggling considered good practise? Regards, Tim -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Boolean-cast and arrays
sorry typo, make that: Shouldn't have been simply doing: $arr = array(); If (!$arr) {} -Message d'origine- De : Tim [mailto:[EMAIL PROTECTED] Envoyé : jeudi 8 février 2007 16:49 À : php-general@lists.php.net Objet : [PHP] Boolean-cast and arrays First thank you all for your input on all-in-one classes. Reading the php manual on boolean types and casts, and came accros the following: quote When converting to boolean, the following values are considered FALSE: ... an array with zero elements ... /quote So here I am sitting and wondering if after all this while doing: $arr = array(); If (count($arr) == 0) {} Shouldn't have been simply doing: $arr = array(); If (!arr) {} Is the latter problematic in any programming standards? Does it take longer to process? Is it using count()? Is Type-Juggling considered good practise? Regards, Tim -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Error compiling lib
-Message d'origine- De : Mário Gamito [mailto:[EMAIL PROTECTED] Envoyé : jeudi 8 février 2007 16:56 À : php-general@lists.php.net Objet : [PHP] Error compiling lib Hi, I want to compile PHP with IMAP support. I've downloaded imap2006e and run: # make slx but i got this error: make[2]: Entering directory `/usr/local/src/imap-2006e/mtest' `cat ../c-client/CCTYPE` -I../c-client `cat ../c-client/CFLAGS` -o mtest mtest.o ../c-client/c-client.a `cat ../c-client/LDFLAGS` .../c-client/c-client.a(osdep.o)(.text+0x87e4): In function `ssl_onceonlyinit': /usr/local/src/imap-2006e/c-client/osdep.c:301: warning: the use of `tmpnam' is dangerous, better use `mkstemp' mtest.o(.text+0x1680): In function `smtptest': /usr/local/src/imap-2006e/mtest/mtest.c:781: warning: the `gets' function is dan gerous and should not be used. /usr/local/ssl/lib/libcrypto.a(dso_dlfcn.o)(.text+0x38): In function `dlfcn_load ': : undefined reference to `dlopen' /usr/local/ssl/lib/libcrypto.a(dso_dlfcn.o)(.text+0xa0): In function `dlfcn_load ': : undefined reference to `dlclose' /usr/local/ssl/lib/libcrypto.a(dso_dlfcn.o)(.text+0xc9): In function `dlfcn_load ': : undefined reference to `dlerror' /usr/local/ssl/lib/libcrypto.a(dso_dlfcn.o)(.text+0x13e): In function `dlfcn_unl oad': : undefined reference to `dlclose' /usr/local/ssl/lib/libcrypto.a(dso_dlfcn.o)(.text+0x1f5): In function `dlfcn_bin d_var': : undefined reference to `dlsym' /usr/local/ssl/lib/libcrypto.a(dso_dlfcn.o)(.text+0x241): In function `dlfcn_bin d_var': : undefined reference to `dlerror' /usr/local/ssl/lib/libcrypto.a(dso_dlfcn.o)(.text+0x2d5): In function `dlfcn_bin d_func': : undefined reference to `dlsym' /usr/local/ssl/lib/libcrypto.a(dso_dlfcn.o)(.text+0x321): In function `dlfcn_bin d_func': : undefined reference to `dlerror' collect2: ld returned 1 exit status make[2]: *** [mtest] Error 1 make[2]: Leaving directory `/usr/local/src/imap-2006e/mtest' make[1]: *** [bundled] Error 2 make[1]: Leaving directory `/usr/local/src/imap-2006e' make: *** [slx] Error 2 Can someone help me out, please ? Think your missing some libs on your distrib i would first try installing glibc-debuginfo-common or glibc-devel. Regards, Tim Warm Regards, Mário Gamito -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Multi lingual pages
-Message d'origine- De : Frank Arensmeier [mailto:[EMAIL PROTECTED] Envoyé : vendredi 9 février 2007 14:51 À : Robert Cummings Cc : PHP List; Jochem Maas; Otto Wyss Objet : Re: [PHP] Multi lingual pages Thank you Robert. Actually, I am not so sure anymore if my idea of binding localized content to domains is the right path to go. After a litte research, I saw that many of the major sites out there are redirecting the user to subfolders. As a question or maybe a comment i'm not sure which yet, but aren't those major sites rewriting url's rather then redirecting the pages to different folders? It seems they are usually using the same layout and design and the content is essentially the same, so i thought it logical to concluded they are using the same framework, i can't imagine using several copies of the same framework to overcome language issues, which would be the case if they were using seperate directories for languages, IMO. Just a logical geuss, please correct me if I am mistaken ;) Regards, Tim Maybe this is the right thing to do. What would happen if a page is available in English and e.g. american English or when a certain domain is not available? Right now I am playing with mod_rewrite. Looks promising. //frank 9 feb 2007 kl. 13.23 skrev Robert Cummings: On Fri, 2007-02-09 at 09:03 +0100, Frank Arensmeier wrote: Anyone? If you use top level domains like that then if someone wants to swith between languages you won't be able to share session information without employing session propogation tricks. Cheers, Rob. //frank 8 feb 2007 kl. 11.24 skrev Frank Arensmeier: Hello. I would like to hook up on this issue a little bit more. I am wondering if anybody is willing to share some good advices regarding how to implement a good (normative) url structure so to say when it comes to multi lingual sites. Let me give you an example. IBM has many different domains including .se, .de, .com, .es and so on. But, all local domains are redirected to e.g. www.ibm.com/de or www.ibm.com/se and so on. Is this common practise? Right now, I am about to restructure my employers site. But, in contrast to for example the IBM site, I would like to bind the content to the corresponding domain - without redirecting the visitor. All english content for example will be under the .com domain, all swedish content will be under .se domain. Hope you see what I mean. I am not seeking advices about how to implement such a structure (I have done this already). I am more interested in pros and cons with either way. My hope is that the site will be more Google friendly. Am I making sense? I might also add that I read some articles from W3 org about localization / internationalization, but I couldn't find anything useful so far. What is your opinion? regards, //frank 27 jan 2007 kl. 01.12 skrev Jochem Maas: Otto Wyss wrote: Paul Novitski wrote: I formulated my question in general since I couldn't find an other message here about supporting multiple languages. http://www.w3.org/International/articles/ http://www.w3.org/TR/i18n-html-tech-lang/ http://php.net/setlocale Thanks a lot, these are good points for reading. 1) Switching language downloads a new version of the current page, generally with the same markup but new text. Example: http://partcon.ca/ I'll favor this way especially if several languages have to be provided. In both cases I store the text in database tables that contain a language field I can select on to match the user's request. I wonder if retrieving static texts from the database draws too much performance. I know from somebody who stores texts in large data arrays an uses shared memory, yet I haven't figured it out how. I consider storing static texts as defines and just load a different definition file when the user switches language. Is this practical? don't go down the define('LANG_KEY', 'lang string value'); route - defines are comparatively SLOW to create. IF you go down the road of loading in text from 'per lang' files I would suggest using an array as the storage mechanism: $Lang = array( 'LANG_KEY' = 'lang string value', // .. etc ); assoc array are much less heavy to create. also consider that there are, imho, 2 kinds of language specific data: 1. 'static' values - button texts, [error] messages - these are specified during site/application design. 2. 'dynamic' values - document titles, headers, content - these are specified by the owner/user during the lifetime of the site/application for the rest I'll just say 'ditto' to most of what the other list members replied :-) O. Wyss -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net
RE: [PHP] round to nearest 500?
-Message d'origine- De : Robert Cummings [mailto:[EMAIL PROTECTED] Envoyé : lundi 12 février 2007 18:00 À : blackwater dev Cc : php-general@lists.php.net Objet : Re: [PHP] round to nearest 500? On Mon, 2007-02-12 at 11:52 -0500, blackwater dev wrote: Is there an easy way in php to round to the nearest 500? So if I have 600, I 500 and if I have 800 I want 1000? This should work: ?php $rounded = round( $someValue / 500 ) * 500; ? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] round to nearest 500?
snip Supposedly this is an accounting trick that ultimatley works out in the end for proper rounding of money values. Yeah works out for who? Bet it doesn't for the guy paying :P -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Banner rotation with links
-Message d'origine- De : Chris Carter [mailto:[EMAIL PROTECTED] Envoyé : mercredi 14 février 2007 17:29 À : php-general@lists.php.net Objet : [PHP] Banner rotation with links How can I rotate a banner as well as the link in it within a page using PHP. This can be done as a include file php. Anybody please supply some code or a link for this. Thanks in advance. Hi depends on what moment you are changing the banner if you are doing it on a page change you can do this with PHP by querying a DB for a random banner (or non random thats up to you to decide) entry to display, each time you load the page. If you are wanting to do the banner change based on a time interval you would have to setup some javascript to do this for you, maybe generate it using php that formerly queried a database of banner entries. Google: banners +javascript first before posting, there's always an answer ;) Regards, Tim -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Banner rotation with links
-Message d'origine- De : Brad Fuller [mailto:[EMAIL PROTECTED] Envoyé : mercredi 14 février 2007 17:41 À : 'Németh Zoltán'; 'Chris Carter' Cc : php-general@lists.php.net Objet : RE: [PHP] Banner rotation with links -Original Message- From: Németh Zoltán [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 14, 2007 11:37 AM To: Chris Carter Cc: php-general@lists.php.net Subject: Re: [PHP] Banner rotation with links 2007. 02. 14, szerda keltezéssel 08.29-kor Chris Carter ezt írta: How can I rotate a banner as well as the link in it within a page using PHP. This can be done as a include file php. Anybody please supply some code or a link for this. please go STFW for banner rotation php script greets Zoltán Németh Even better, download this free open source application which does it all for you... http://www.phpadsnew.com/ -Brad Yeah, maybe their should be an alternate list for Where can i find the app for me to do this queries :D Regards, Tim -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Retrieve value of newly inserted row.
-Message d'origine- De : Dan Shirah [mailto:[EMAIL PROTECTED] Envoyé : mercredi 14 février 2007 19:20 À : php-general Objet : [PHP] Retrieve value of newly inserted row. Hello, I have a page the contains two insert statements. $insert1 = INSERT INTO table1 ( debit_card, card_type, card_number, exp_date, payment_amount, cvv_number, first_name, middle_name, last_name, address_1, address_2, city, zip_code, zip_4, phone_number, fax_number, email_address, receipt, comments, date_request_received, employee_received_call, research_phase_date, research_phase_user, submit_phase_date, submit_phase_user, status_code, state_code) VALUES ( '$debit_card', '$card_type', '$card_number', '$exp_date', '$amount', '$cvv', '$cc_first', '$cc_middle', '$cc_last', '$cc_address_1', '$cc_address_2', '$cc_city', '$cc_zip', '$cc_zip_4', '$cc_phone_number', '$cc_fax_number', '$cc_email_address', '$receipt', '$cc_comments', '$create_date', '$create_user', '$research_date', '$research_user', '$submit_date', '$submit_user', '$status_code', '$cc_state'); mssql_query($insert1) or die (Query failed: br /.mssql_get_last_message()); $insert2 = INSERT INTO table2 ( credit_card_id, case_number, comments) VALUES ( 'card_id', '$case', '$comments'); mssql_query($insert2) or die (Query failed: br /.mssql_get_last_message()); echo Insert complete; On my second insert statement, please note credit_card_id. This is an auto_increment column in table1. What I need to do is pull the value of credit_card_id from the newly inserted row from insert1 and put that value in a variable to assign it to credit_card_id in insert2. I hope that wasn't too confusing. http://cz2.php.net/manual/en/function.mysql-insert-id.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Retrieve value of newly inserted row.
-Message d'origine- De : Tim [mailto:[EMAIL PROTECTED] Envoyé : mercredi 14 février 2007 19:28 À : 'Dan Shirah'; 'php-general' Objet : RE: [PHP] Retrieve value of newly inserted row. -Message d'origine- De : Dan Shirah [mailto:[EMAIL PROTECTED] Envoyé : mercredi 14 février 2007 19:20 À : php-general Objet : [PHP] Retrieve value of newly inserted row. Hello, I have a page the contains two insert statements. $insert1 = INSERT INTO table1 ( debit_card, card_type, card_number, exp_date, payment_amount, cvv_number, first_name, middle_name, last_name, address_1, address_2, city, zip_code, zip_4, phone_number, fax_number, email_address, receipt, comments, date_request_received, employee_received_call, research_phase_date, research_phase_user, submit_phase_date, submit_phase_user, status_code, state_code) VALUES ( '$debit_card', '$card_type', '$card_number', '$exp_date', '$amount', '$cvv', '$cc_first', '$cc_middle', '$cc_last', '$cc_address_1', '$cc_address_2', '$cc_city', '$cc_zip', '$cc_zip_4', '$cc_phone_number', '$cc_fax_number', '$cc_email_address', '$receipt', '$cc_comments', '$create_date', '$create_user', '$research_date', '$research_user', '$submit_date', '$submit_user', '$status_code', '$cc_state'); mssql_query($insert1) or die (Query failed: br /.mssql_get_last_message()); $insert2 = INSERT INTO table2 ( credit_card_id, case_number, comments) VALUES ( 'card_id', '$case', '$comments'); mssql_query($insert2) or die (Query failed: br /.mssql_get_last_message()); echo Insert complete; On my second insert statement, please note credit_card_id. This is an auto_increment column in table1. What I need to do is pull the value of credit_card_id from the newly inserted row from insert1 and put that value in a variable to assign it to credit_card_id in insert2. I hope that wasn't too confusing. http://cz2.php.net/manual/en/function.mysql-insert-id.php Sorry my eyes played some tricks on me ragarding mysql/mssql refer to Robert's post on looking up last insert id. Regards, Tim -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Deny processing of non included files
OK here is the background: My app will: have an admin access at http://sitename/admin/ Obviously authenticated users only are allowed access.. Now my issues is this, i do all the processing from a single index.php in admin/ folder that includes files from all over the webapp directory structure for example modules/thismodule/admin/index.php folder for getting the admin page for the module or modules/thismodule/index.php for displaying the modules in the public part of the page etc.. You get the picture.. What i want is to restrict acces to all these included php files such that by typing http://sitename/modules/thismodule/admin/index.php, this file will only be processed by the browser if and only if it has been included by http://sitename/admin/index.php NO included php file should be able to be processed by itself or accessed even for files that do not output anything.. So essentially i think i may be doing somethings wrong.. 1. My included files assume the top file has initiated an instance of an certain object thus being able to use the resources of the instanced objects in the top file..(obviously i have the necessary checks to make sure the instance has been created before including the file) -Should i be initializing new instances of the object at the top of each included file to prevent errors from appearing incase someone access the file directly? Or should i believe it doesn't really matter as in a production environment display_errors is set to off so no error output will be shown... 2. what is the assesed security risk if someone access a file directly even if it does not output anything? 3. is their a way to check that a file has been included by such and such file or should i develop a hash system where the top page that includes files generates a hash, stores it in the db for the length of the script and in a variable, and have the included file check that the variable from the top file and the hash in the db correspond? Security is driving me insane i'm becoming totally psychotic at the possiblity of someone taking over my admin systems... Regards, Tim -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Deny processing of non included files
-Message d'origine- De : Jon Anderson [mailto:[EMAIL PROTECTED] Envoyé : jeudi 15 février 2007 17:11 À : Tim Cc : 'php-general' Objet : Re: [PHP] Deny processing of non included files Easy answer: deny access to them. Use your web server to prevent execution of the files. Generally, if you're using Apache, you can just do this: Directory /path/to/modules/ Order Allow,Deny Deny From All /Directory Great i'll go the .htaccess way i don't need any files accesible through the browser other then http://thissite/index.php and http://thissite/admin/index.php. You may also be able to do that from a .htaccess file. If you can't configure the server, just use a define at the top of your index script: define('__INDEX_PHP',TRUE); Then just check it with a one-liner at the top of each script that is for inclusion only. Tim wrote: 1. My included files assume the top file has initiated an instance of an certain object thus being able to use the resources of the instanced objects in the top file..(obviously i have the necessary checks to make sure the instance has been created before including the file) -Should i be initializing new instances of the object at the top of each included file to prevent errors from appearing incase someone access the file directly? Or should i believe it doesn't really matter as in a production environment display_errors is set to off so no error output will be shown... I don't think you ever want include files to be executed in the wrong context. Just deny access. Sure that's what i thought but couldn't get it to work you put me on the right track with the directory directive. If anything, just make an index.php page in each module dir that contains only Thanks for visiting this page, but the link you followed is probably mistyped. Try a href=\$document_root\this/a instead. Well i do have a blank index.html in ALL directories to stop directory listing.. 2. what is the assesed security risk if someone access a file directly even if it does not output anything? Depends on what the file contains. If it contains this: `sudo rm -r $directory/*`, then the results could be disastrous, but let's hope that it wouldn't contain code like that. :-) 3. is their a way to check that a file has been included by such and such file or should i develop a hash system where the top page that includes files generates a hash, stores it in the db for the length of the script and in a variable, and have the included file check that the variable from the top file and the hash in the db correspond? See above define(...) bit, which is really based on the old C header trick: #ifndef __SOME_FILE_H #define __SOME_FILE_H a bunch of stuff #endif Ok lets just deny access :) Thanks a bunch ;) Tim -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Deny processing of non included files
Ok i have actually discovered a great side-effect that i thought i'd share with any interested by using these .htaccess directives. As i only have two index.php files on the site and they are the only two files accesible through browser i have done this: Files *.* Order Deny,Allow Deny from All /Files Files index.php Order Deny,Allow Allow from All /Files Files *.css Order Deny,Allow Allow from All /Files Now the great side affect i told you about is that you cannot blind check the presence of *.php files in any directory any you file you look for regardless if it exists returns a 403 forbidden, so it is impossible to find the structure of the site... You can though test for directories. These directives along with a site that uses index.php as an engine to generate content via includes, are great for really restricing site access (of course this does not mean my includes don't have holes but thats another issue) on top of a regular authentication. And makes it easier for my own authentication system as i only have to authenticate through one file index.php thus not needing any authentication on any of the included files as suggested, and not needing to worry about that test.php file that got forgotten during dev or something, or even a user uploading a $.php file i dont want him to execute.. Thanks guys, Regards, Tim -Message d'origine- De : Jon Anderson [mailto:[EMAIL PROTECTED] Envoyé : jeudi 15 février 2007 17:11 À : Tim Cc : 'php-general' Objet : Re: [PHP] Deny processing of non included files Easy answer: deny access to them. Use your web server to prevent execution of the files. Generally, if you're using Apache, you can just do this: Directory /path/to/modules/ Order Allow,Deny Deny From All /Directory You may also be able to do that from a .htaccess file. If you can't configure the server, just use a define at the top of your index script: define('__INDEX_PHP',TRUE); Then just check it with a one-liner at the top of each script that is for inclusion only. Tim wrote: 1. My included files assume the top file has initiated an instance of an certain object thus being able to use the resources of the instanced objects in the top file..(obviously i have the necessary checks to make sure the instance has been created before including the file) -Should i be initializing new instances of the object at the top of each included file to prevent errors from appearing incase someone access the file directly? Or should i believe it doesn't really matter as in a production environment display_errors is set to off so no error output will be shown... I don't think you ever want include files to be executed in the wrong context. Just deny access. If anything, just make an index.php page in each module dir that contains only Thanks for visiting this page, but the link you followed is probably mistyped. Try a href=\$document_root\this/a instead. 2. what is the assesed security risk if someone access a file directly even if it does not output anything? Depends on what the file contains. If it contains this: `sudo rm -r $directory/*`, then the results could be disastrous, but let's hope that it wouldn't contain code like that. :-) 3. is their a way to check that a file has been included by such and such file or should i develop a hash system where the top page that includes files generates a hash, stores it in the db for the length of the script and in a variable, and have the included file check that the variable from the top file and the hash in the db correspond? See above define(...) bit, which is really based on the old C header trick: #ifndef __SOME_FILE_H #define __SOME_FILE_H a bunch of stuff #endif jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Securing user table with sha function
Hello, Now moving on into other aspects of security :P I was thinking of a way to secure my login inputs the best way possible. Seeing how many different types of injection attacks their is and while observing different authentication systems I often notice the sha() function being used for passwords, which of course is the minimum requirements to saving passwords but.. Why manipulate this information in clear text wether it be email or username or pass fields, such as when you use sessions/cookies, or any other method of passing authentication information from page to page (an sha hash is x times less geussable then any other human term)... AND how to secure for injection attacks? Now this is where i thought hey, on every login page there is a user and pass input field and thus this is the only place one could peak into my user table, and I don't want someone injecting through their as the user table (three fields seperate from profile, username, email, pass) is the key to entry to the site.. SO, why not just encrypt all three fields? And store copies of email and username (not pass :P) in another database unecrypted or with a salt for further recovery.. This would ensure that ANY information entered into the user and passowrd will be run through sha() thus creating a 40 char length hash and covering any (?) injection possiblity through a forged input in one of those fields via my select routine.. Just wondering what other security conscious people think of this plan even though it may slow down logins a tad but the tight security in my opinion justifies this.. Does anyone see an ugly flaw in this scheme? Does it look viable? Thanks for any input, Regards, Tim -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: Securing user table with sha function
-Message d'origine- De : Haydar Tuna [mailto:[EMAIL PROTECTED] Envoyé : lundi 19 février 2007 08:12 À : php-general@lists.php.net Objet : [PHP] Re: Securing user table with sha function Hello, 1) If you protect your site from SQL Injection, you must replace all quote and blank character in your form data. (with string functions) 2) After this step, you can compare your password (with SHA1) and database password field (with SHA1). 3) if comparing passwords are true, then you must use session variables for username 4) if user forget his or her password, you can send email to the user when the user answer password protected question. Yes i have read many tutorials with this classic method of authentication system. My vision is to tighten it even more by using only sha1() strings in my SELECT statements for both username and password field. Upon conversion to SHA regardless of the input you get a 40char string so no need for classic form input filtering using my method of storing username and pass as SHA hash's... Ie: $query = 'SELECT * FROM users WHERE username=\'' . Sha1($_POST['username']) . '\' and pass=\'' . Sha1($_POST['pass']) . '\''; Well was just an idea, i'll try it, doesn't seem to interest many people, that's ok keep using the classic method ;P Regards, Tim -- Haydar TUNA Republic Of Turkey - Ministry of National Education Education Technology Department Ankara / TURKEY Web: http://www.haydartuna.net Tim [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hello, Now moving on into other aspects of security :P I was thinking of a way to secure my login inputs the best way possible. Seeing how many different types of injection attacks their is and while observing different authentication systems I often notice the sha() function being used for passwords, which of course is the minimum requirements to saving passwords but.. Why manipulate this information in clear text wether it be email or username or pass fields, such as when you use sessions/cookies, or any other method of passing authentication information from page to page (an sha hash is x times less geussable then any other human term)... AND how to secure for injection attacks? Now this is where i thought hey, on every login page there is a user and pass input field and thus this is the only place one could peak into my user table, and I don't want someone injecting through their as the user table (three fields seperate from profile, username, email, pass) is the key to entry to the site.. SO, why not just encrypt all three fields? And store copies of email and username (not pass :P) in another database unecrypted or with a salt for further recovery.. This would ensure that ANY information entered into the user and passowrd will be run through sha() thus creating a 40 char length hash and covering any (?) injection possiblity through a forged input in one of those fields via my select routine.. Just wondering what other security conscious people think of this plan even though it may slow down logins a tad but the tight security in my opinion justifies this.. Does anyone see an ugly flaw in this scheme? Does it look viable? Thanks for any input, Regards, Tim -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: Securing user table with sha function
-Message d'origine- De : Haydar Tuna [mailto:[EMAIL PROTECTED] Envoyé : mardi 20 février 2007 10:34 À : php-general@lists.php.net Objet : [PHP] Re: Securing user table with sha function Hello again, if you crypt your usernames, it happened many problems. As you know, if you crypt any string to SHA1, you don't decrypt again. You cannot use username in your application. in my many application, I have crpyted password , I haven't cryrpt usernames. Becuase I used username for session authentication. for example if I want to action on the usernames or list of usernames , what can I do this? All of usernames are crypted. OK then what if i consider using PHP's Mcrypt extension with a key to crypt/decrypt data, this would give me the possiblity to use a username crypted hash in the session variable and decrypt it at any moment with the proper key? Haydar TUNA Republic Of Turkey - Ministry of National Education Education Technology Department Ankara / TURKEY Web: http://www.haydartuna.net Haydar Tuna [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hello, 1) If you protect your site from SQL Injection, you must replace all quote and blank character in your form data. (with string functions) 2) After this step, you can compare your password (with SHA1) and database password field (with SHA1). 3) if comparing passwords are true, then you must use session variables for username 4) if user forget his or her password, you can send email to the user when the user answer password protected question. -- Haydar TUNA Republic Of Turkey - Ministry of National Education Education Technology Department Ankara / TURKEY Web: http://www.haydartuna.net Tim [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hello, Now moving on into other aspects of security :P I was thinking of a way to secure my login inputs the best way possible. Seeing how many different types of injection attacks their is and while observing different authentication systems I often notice the sha() function being used for passwords, which of course is the minimum requirements to saving passwords but.. Why manipulate this information in clear text wether it be email or username or pass fields, such as when you use sessions/cookies, or any other method of passing authentication information from page to page (an sha hash is x times less geussable then any other human term)... AND how to secure for injection attacks? Now this is where i thought hey, on every login page there is a user and pass input field and thus this is the only place one could peak into my user table, and I don't want someone injecting through their as the user table (three fields seperate from profile, username, email, pass) is the key to entry to the site.. SO, why not just encrypt all three fields? And store copies of email and username (not pass :P) in another database unecrypted or with a salt for further recovery.. This would ensure that ANY information entered into the user and passowrd will be run through sha() thus creating a 40 char length hash and covering any (?) injection possiblity through a forged input in one of those fields via my select routine.. Just wondering what other security conscious people think of this plan even though it may slow down logins a tad but the tight security in my opinion justifies this.. Does anyone see an ugly flaw in this scheme? Does it look viable? Thanks for any input, Regards, Tim -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: Securing user table with sha function
-Message d'origine- De : Fergus Gibson [mailto:[EMAIL PROTECTED] Envoyé : lundi 19 février 2007 12:01 À : php-general@lists.php.net Objet : [PHP] Re: Securing user table with sha function Tim wrote: Now moving on into other aspects of security :P I was thinking of a way to secure my login inputs the best way possible. [...] Maybe I'm missing something, but why not simply inspect and clean input to ensure that it's always properly escaped and safe to send to your database? It seems to me that's the most sensible way to address SQL injection. Yes i agree partially, an error in the cleaning algo could easily open up to injection, their are so many workarounds to standard input filtering how to catch them all? Hashing the data in your database has drawbacks, and anyway, do you want them to see even hashed data? I sure don't. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: Securing user table with sha function
Oops, didn't mean to offend or start a fight. Thank you all for your input, its about the same as on the web: there is no right way.. Well i'll just have to mix and match all these methods and decide which works best for me. Just for info, yes its a dedicated server, and i am hosting the same application multiple times for multiple clients. No open hosting is allowed so no worrying about unauthed php-scripts.. My application is an modulable engine somewhat like a cms but much more complicated as it is doubled with a site generator for maximum flexibility depeding on the client enabling our small company to easly adapt to any needs a client could possibly want in the way of features by modulating each one. Which makes it quite complicated as its totally database driven weather it is for the theme, the placement of blocks, the userlevel of modules, admin user levels (client admin and our own admin extension) etc.. So i'm just mainly worried about my host server going down for whatever reason as i host all my clients on it :) But with an extensive backup system in place, which i hope never have to use to restore, i am fairly safe. I'll just have to adapt these security methods based on whats known to be one of the best ways. Once again thanks for your input, it's my call now :D Tim -Message d'origine- De : Haydar Tuna [mailto:[EMAIL PROTECTED] Envoyé : mercredi 21 février 2007 07:15 À : php-general@lists.php.net Objet : Re: [PHP] Re: Securing user table with sha function Hello, Yes you are right I have no idea what he is doing. I'm sorry. I write a book now about PHP and I want to help people anywhere in the world. I like helping people because I'm a linux user. I am membership of Linux Community in Turkey. As you know, linux users share their knowledges or experiences. Again I'm sorry if you see me the wise guy. I only like helping people:) Sincercely. Haydar TUNA Republic Of Turkey - Ministry of National Education Education Technology Department Ankara / TURKEY Web: http://www.haydartuna.net Richard Lynch [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] On Tue, February 20, 2007 4:08 am, Tim wrote: -Message d'origine- De : Haydar Tuna [mailto:[EMAIL PROTECTED] Envoyé : mardi 20 février 2007 10:34 À : php-general@lists.php.net Objet : [PHP] Re: Securing user table with sha function Hello again, if you crypt your usernames, it happened many problems. As you know, if you crypt any string to SHA1, you don't decrypt again. You cannot use username in your application. in my many application, I have crpyted password , I haven't cryrpt usernames. Becuase I used username for session authentication. for example if I want to action on the usernames or list of usernames , what can I do this? All of usernames are crypted. OK then what if i consider using PHP's Mcrypt extension with a key to crypt/decrypt data, this would give me the possiblity to use a username crypted hash in the session variable and decrypt it at any moment with the proper key? MySQL also has AES_CRYPT which will do this, so you needn't restrict yourself to PHP. You then have the tough question of whether it's more likely that your PHP source will be exposed and the key will leak out leaving you vulnerable to attack, or, perhaps, somebody on your server will manage to RUN your script that authenticates them in some way that gives them more access than they should, just because they can run the script with the key in it. On a shared server, for MOST webhosts, all the other users on that server can just read your PHP scripts using PHP because, duh, PHP has to be able to read your PHP script so PHP can readexecute your PHP script. [*] On a dedicated box where you, and only you, are the only user that has a valid login, it could help slow down an attack, or, perhaps, might open up a hole, if you code it wrong. There isn't a right answer because Security is not an off-the-rack suit. It's a custom-tailored suit to fit the application needs. Your online bank needs a lot different security than your local community forum. Applying bank level security measures to the local community forum adds user inconvenience with no real benefit. You should always consider Security in the context of the application with an eye to usability and smooth process flow on the business side, and not just ultimate security Nobody knows which is better for what you are doing, because we have NO IDEA what you are doing, and you can't really tell us in a post to PHP-General, even one as long as this. :-) * I am completely ignoring various commercial PHP-obfuscation tools other than this footnote to keep others from posting about them. They're out there, Google for them, use them if appropriate, coo coo ka choo. -- Some people have a gift link
RE: [PHP] ID problem
-Message d'origine- De : Delta Storm [mailto:[EMAIL PROTECTED] Envoyé : mercredi 28 février 2007 10:24 À : php-general@lists.php.net Objet : [PHP] ID problem Hi, I'm building an CMS system (for practice and experience :)). And of course like many times before I have encountered a problem. The problem is: I have a index.php that takes the news from the database and publishes them. And by the end of every news on index.php I have a link ('a href=showfullnews.php?id=$idShow full news/a') That leads to a page that has the full news. At the beginning of showfullnews i have a variable ( $id = $_GET['id']; ) And in index.php I have the following code: while ($row = mysql_fetch_array($result)) { $id= $row['id']; etc... } In the database I have two tables one for a short version of I'd suggest just using one table, and when you display the short version just display a certain number of characters from the full version say 50 first chars as a preview this is what i use: function debut_texte($texte, $nb_cars) { $nb_cars = intval($nb_cars); if (!$nb_cars || !$texte) return($texte); if (strlen ($texte) = $nb_cars) return($texte); $nouveau_texte = substr($texte, 0, $nb_cars-3); $nouveau_texte .= '...'; return ($nouveau_texte); } Sorry its in french, essentialy you pass it your text ($texte) and the number of characters ($nb_cars) of that text you want to and it returns the $nb_cars first characters and appends ... to the end of the text.. This will save you some confusion by using two tables for the same data... news for index.php and another for fullNews. In full news the query is: select title,newsFull from fullnews where id='$id'; In the database i'm 100% sure there is a id = 1 in both rows. I really dont know what is the problem. Erm me neither.. Need more code to see problem. Thank you very much! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] ID problem
-Message d'origine- De : tedd [mailto:[EMAIL PROTECTED] Envoyé : mercredi 28 février 2007 15:54 À : Delta Storm; php-general@lists.php.net Objet : Re: [PHP] ID problem At 10:24 AM +0100 2/28/07, Delta Storm wrote: The problem is: I have a index.php that takes the news from the database and publishes them. And by the end of every news on index.php I have a link ('a href=showfullnews.php?id=$idShow full news/a') Is this possibly a quote issue? echo 'a href=showfullnews.php?id=$idShow full news/a'; Will not evaluate $id Whereas echo 'a href=showfullnews.php?id=' . $id . 'Show full news/a'; Will evaluate $id.. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: how to display images stored in DB
I highly recommend a dark ale or two to bring down the core temperature :) Amen! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: Question on virus/worms
-Message d'origine- De : Stut [mailto:[EMAIL PROTECTED] Envoyé : vendredi 2 mars 2007 20:23 À : Seak, Teng-Fong Cc : php-windows@lists.php.net; php-general@lists.php.net Objet : Re: [PHP] Re: Question on virus/worms Seak, Teng-Fong wrote: But after I've spent some time reading the log files, I've finally found out how the hackers managed to achieve worm infiltration. Actually, they're using an URL like this: http://my-domain.com/index.php?page=http://hacker-domain.com/s ome-worm-file.txt? *smirk* And the some-worm-file.txt file contains some PHP code, while my index.php contains this instruction: include($page.php); This one line brings up two known php coding security issues, learn about them on http://phpsec.org This is enough to make infiltration possible! IMO, this instruction is supposed to be used like this, isn't it? NO it is not! See above.. So this is obviously a PHP security loophole YES! Learn about register_globals, allow_url_fopen, include() Infact go learn PHP before blindly running scripts in a production environment! Or if you really don't want too learn php at least subscribe to bugtraq mailing list and go through the archive to see if the script you want to run has a security history, see if they follow up on the issues or just ignore the issues, and keep informed to see if any new issues have been brought to hand. and I don't see how the poorly written scripts can help anything unless a totally rewrite! Not neccassarily a total rewrite, try implementing some functions to retrieve/filtre your $_GET $_POST data, turn off register_globals, replace all variables relying on register globals with your newly implemented functions.. Use regular expressions to find the data that needs to be changed in your scripts.. And there's no poor server security that I can see. I think its time for you to take a pause on installing these scripts you are downloading and read up on the php.ini configuration file, also do a search on php history and security. Follow the changes in different php versions aswell their are a lot of hints as to what default values have changed to improve chances of poorly written scripts not being vulnerable. BUT unless you understnad the issues involved these default values are a false excuse for thinking your scripts is secure. (ie upgrading to php5: you did it, it solved your problem, but you still don't know why because you don't know what value was changed in your php configuration) Those few steps will definately be able to give you an idea of what kind of security issues exist, eventually how they are circumvented, and ideas on how you can improve your existing scripts to avoid these issues. Once you are comfortable with this, before you use a script downloaded from the inet in a production environment, go through the code and make sure you don't see any backdoor code (unecessary fsockopen(), exec() etc.. That isn't related to the scripts original use). Also a good thing to look out for is scripts that run with register_globals = off in the php.ini this at least ensures forced good practice in coding (this does not mean one cannot code well with register_globals = on, it just releaves a potential security issue for the programmer and force him to call url passed variable in a proper manner ie: using PHP Super Globals, to be able to use them) I've installed PHP5 and the problem seems fixed. However, PHP writes out where the problem occurs! Indeed, the hacker could read a line like this: Warning: include() [function.include]: URL file-access is disabled in the server configuration in C:\Inetpub\wwwroot\index.php on line X I don't want them (the hackers) to be able to read this either. That gives too much information about my server's file system. How can I stop that? Once again learn about php.ini and how it works (re: Stut mentioned - error_reporting). By the way, I know there're still a lot of servers out there still using PHP4. Is this vulnerability a known bug? At least, I'm not aware of that before! It's not a bug. It will never be a bug. Yes PHP5 (I believe it's 5.2+) introduces the ability to turn off the ability to prevent this issue, but it's still badly written code. Stop blaming the tool, start blaming the mirror image and start learning how to code defensively. Can't agree more.. Don't think youre secure and live with it, someday it will bite you when you least expect it.. Make it a part of your everyday work to constantly reduce the risk of unwanted intrusions.. Regards, Tim -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: question regarding form filtering
-Message d'origine- De : Haydar Tuna [mailto:[EMAIL PROTECTED] Envoyé : mardi 13 mars 2007 14:53 À : php-general@lists.php.net Objet : [PHP] Re: question regarding form filtering Hello, You can write some basic functions such as checking length of variable, removing special character, checking number or string, trimming blank lines and so on. And then you can use this functions together and you can write new functions. For example, if you want to check number (such as digit count is 4), you can write like a checknumber($number,$digit). With this function, you can use like length of variable function, removing special character function, checking number or string function and trimming blank lines function together. :) Sure i hear you, have been their and done that in the past. Maybe the situation i am in will help describe why i am going for regular_expressions.. I have made a form generation/(soon to be)validation class with integrated contextual help via javascript info popups. I would like to offer the possibility of javascript validation for those that have it enabled, for obvious pratical reasons being less work load on server if each does his own validation on client-side, and of course server-side validation for security reasons.. Now my forms are made like this: // options array for new form $form_options = array( 'name' = 'parametres_site', 'aide' = 'Enregistrer les modifications apportés aux coordonées de l\'entreprise', 'bouton'= 'Mettre à jour les paramètres' ); // initialize form class and add new form $form = new formulaire($this-debug_mode,$form_options); // initialize inputs array $input_options = array(); // add an text input with various options based on its type (default values are not listed) $input_options[] = array( 'name' = 'nom', 'type' = 'text', 'maxlength' = '35', 'size' = '35', 'label' = 'Votre nom :', //label 'regexp'= '/^[a-zA-Z1-9_- ]{0,35}$/', //regexp for content filtering 'newline' = 0, //no new line (next input on same line) 'aide' = 'Le nom qui apparaîtra que votre site', //contextual help msg 'erreur'= 'Mauvais caractères dans le nom'//error msg in case bad input based on regexp ); $form-add_inputs($input_options,'parametres_site'); // generate form and if success assign html_form to $content if ($form-generer_formulaire('parametres_site')) { $content = $form-html_forms['parametres_site']; } // echo the form to the page Echo $content; Ok so my reason being for using regexp is that by defining a regexp my class can also use this regexp to generate the javascript needed to validate the each form on the page as opposed to writing the same functions in both php and javascript (class permits unlimited number of forms on one page). My process would be: 1. Display blank form (generate javascript necessary for client-side form validation using regexp) 2. Submit form to javascript filtering 3. If JS filter success then send to php filtering 4. Stock all temporary inputs in $formvars array 5. Match each $formvars against regexp 6. Do something with validated data My goal is to make this general and not have to write a function for each type of input, am happier writing a short regexp for each input than writing a new function for each typei could come across... NOW, my original question is why should I or should not use regexp?? Is their a performance hit or not? Why do i not see anyone just using regexp instead of going through htmlentities() stripslashes() striptags(), i mean, if the regexp doesnt validate it then its wrong.. Period.. User friendliness maybe? Try to make it easier for the person filling the form? Am stumped, can't seem to find the real reason... Regards, Tim -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: question regarding form filtering
-Message d'origine- De : Richard Lynch [mailto:[EMAIL PROTECTED] Envoyé : mercredi 14 mars 2007 09:48 À : Tim Cc : 'Haydar Tuna'; php-general@lists.php.net Objet : RE: [PHP] Re: question regarding form filtering I personally would not presume that PHP and JS regex patterns are 100% compatible... Store a separate pattern for each. Fair enough, beats writing a new function for each :) And, actually, the PHP check might be more involved than the JS check. For example, if the users is making up a password, and this password has access to something that's actually sensitive and worth protecting (money, medical records, private matters)... Not yet but maybe future clients ? ;) (archived) You should probably have JS and PHP to check that the password is long enough, has mixed alpha and digit, that the password and confirmation match, that neither password nor username contains the other as a substring, etc. But in PHP you'd probably *ALSO* want to check against a database of words (say the one in /usr/share/web2, Webster's 2nd Edition dictionary, now in the public domain) and make sure they did not choose a simple word. Good idea, sounds like plesk internals here.. I'll most definately keep this in mind when i implent the user management system in the framework.. You almost for sure do *NOT* want to attempt to send the entire Webster's 2nd Edition dictionary to the browser as JS data so that the JS can check. :-) Hehe, oh? Really? ;-) I suppose you could do a Web 2.0 Ajax-y thingie for that... Not a fan of forcing users to download/use active-x controls.. (accesibility, usability etc..) At any rate, the validation in JS may not always be exactly the same as in PHP, even if their PCRE patterns are 100% compatible, which I doubt. I'll do some experimenting with this.. For anything that really matters, your sanitation probably ought to be custom-tailored rather than off-the-rack anyway... Glad we share this opinion.. Plus, the easy ones are easy, and the framework probably won't handle the hard ones, so what's the point of the clutter of the framework? So I personally wouldn't even go down this road. Erm gonna have to explain to me what you mean... (easy ones are easy.. Etc.) Once again thanks Richard am well on my way now ;) Regards, Tim Programming is a race between people making better and faster programs and the universe making bigger and dumber people. So far the universe is winning -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] cannot load mysql extension - PHP Installation on Vista/Apache
-Message d'origine- De : Rahul Sitaram Johari [mailto:[EMAIL PROTECTED] Envoyé : mercredi 14 mars 2007 15:05 À : Richard Davey; PHP Objet : Re: [PHP] cannot load mysql extension - PHP Installation on Vista/Apache You kidding me? I didn't know anything about that! That could be the solution! I'm gonna give this a try and see if that makes a difference. I'm using native mySQL btw, not mysqli. Thanks! On 3/14/07 9:54 AM, Richard Davey [EMAIL PROTECTED] wrote: Rahul Sitaram Johari wrote: 'cannot load mysql extension, please check PHP Configuration'. I¹ve installed PHP on XP computers hundreds of times, so I¹m not exactly a newbie to this, but I¹m not sure if it¹s Vista causing the problem or I¹m doing something wrong. Which MySQL extension are you using? The native mysql or mysqli? I had to copy the libMySQL.dll file that is installed when you install MySQL 5 over the top of the one in the PHP 5 installation directory before it would work for me on Vista Home Premium. I.e. I copied this: C:\Program Files\MySQL\MySQL Server 5.0\bin\libmySQL.dll to here: C:\PHP\php-5.2.1-Win32 replacing the one that existed already. Cheers, (this is a bit off list, but i think it is important for developpers to understand even a part of how the systems they are using works..) I follow the thread and none of the explanation make any logical sens.. Ahem.. Win. Anyways, Put it this way guys, apache, php and mysql are native to *nix, *nix has strict standards on names (no spaces.. Above i see a line with spaces in the dir that doesn't work, and one without spaces that does work.. Hint hint?), a common place to access all configuration files (no copying this file here then there cus we don't know where to look to configure things correctly), strict standards on user permissions (nowadays hehe) AND you all mentioned vista's new 'security tightening', is this really a suprise?? For years have been setting up servers on *nix machines and always came to appreciate this 'tight security' as a strive from the developpers to have a good security base for the running daemons before even using them... Suggestion? Learn how to setup a server on a unix system, get out your old 386 or 486 (even made a router/firewall/ftp server with an old 286, great cus they have no fans on em so make no noise ;) and install a linux distrib to get a feel for permissions and security and you will appreciate the new security features in vista (to some extent lmao).. Second Suggestion.. Learn your OS, its security schema, user permissions etc.. Click and go is NOT a solution, it never will be and will almost always miss a case (especially when it comes to server daemons) where it should have worked.. You'll save yourself a lot of time this way rather then searching in the wrong places.. My productions servers are linux, my developpment server is linux, i wouldn't have it any other way.. It's almost treason to run an open source language on a proprietary OS! (laugh laugh, don't get upset its a joke).. Double quote: He who asks a question may be a fool for a few minutes He who does not ask may be a fool forever ... but he who takes the question ... who has the want to find out for himself ... the reasoning behind ... and not just the answer. Those are the sort of people that will learn ... (Rhino) - y'all know who he is ;) Regards, Tim -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Referring URL Authentication
-Message d'origine- De : Robert Cummings [mailto:[EMAIL PROTECTED] Envoyé : mercredi 14 mars 2007 16:13 À : Matthew Vickery Cc : php-general@lists.php.net Objet : Re: [PHP] Referring URL Authentication On Wed, 2007-03-14 at 14:50 +, Matthew Vickery wrote: The situation is as follows: I wish to protect the entire Website http://www.example.com from direct URL access. i.e. if someone enters http://www.example.com into their browser they get a message stating that they are not authorised to access the site. The only way to access http://www.example.com should be to log into a second site http://www.intranet.com and follow a link from within to http://www.example.com. Are you admin of these machines? If so use firewall rules to filter traffic allowing only your domain to acces it.. And then setup authentication on destination server. You'll save yourself some trouble.. If not, what kind of acces do you have on these servers regarding scripting/.htaccess and server config files? If you can get to apache config files, lookup the Apache directory directives, you should have some hints in their as to how to limit certain hosts, to certain domains.. Regards, Tim Programming is a race between people making better and faster programs and the universe making bigger and dumber people. So far the universe is winning -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] cannot load mysql extension - PHP Installation on Vista/Apache
-Message d'origine- De : Rahul Sitaram Johari [mailto:[EMAIL PROTECTED] Envoyé : mercredi 14 mars 2007 16:48 À : Tim; PHP Objet : Re: [PHP] cannot load mysql extension - PHP Installation on Vista/Apache Ave, Well good words there, I'm not gonna argue with you on that. And as much as I have heard general windows users crib about Vista's security features, I have heard same amount of praise by more 'developers' genre of users about its' security features. Your second suggestion of learning your OS is something I'm deeply dwelling into everyday since I installed Vista, and is one strong reason I'm not willing to go back to XP just because things work in XP. I'm finding the challenges in Vista intriguing and a learning experience. I know, geuss i shouldn't be so hard on vista users, its still a young os.. I'm not sure which drive names you were referring to, but coming from a Web Developing background, I certainly pay utmost attention to naming conventions. 10 years ago I've been there where simple HTML pages wouldn't pull up due to Case mismatch, spaces or special characters. I can assure you in my personal case with this Cannot load mySQL extension, folder/file names is not the issue. Security is a an issue I need to learn understand further in regards to Vista and may well be the cause of my problem. Have fun with the KB ;) i gave up ages ago.. But happy to hear you want to go further :) And while I don't find much logic in Richard's solution No this is not a solution, it is a fluke it just happened to work, but the world is still not aware of WHY! The eternal all so important question !! (I.e., copying the DLL), without trying, it would be too premature to label it logical or illogical - because if it does work, logic can be scrutinized. You right i miss-worded that (if you do search further the reason it works will most certainly BE logical), lets do this again: Copying a file over into a place that makes something work is not an answer, an answer is 'the .dll must be placed here for x reasons'. Which i bet will if you go further into the matter be because 'folder x doesnt have the same permissions as the original folder'. What i mean is: The more you search for the reasons, the more you will understand the workings, the less you will have to fix the problems ;) All in all, good post there mate, and appreciate you sharing your mind! Thanks, and I sincerely hope you get thing up and running like you need them, and don't forget to have fun getting their ;) Regards, Tim -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] $_POST array order
Hi, Quick question regarding $_POST array element order, first the situation: I am submitting a form with x first fields and the post value returns the last element as being the submit button name and value Is it safe to consider that the last element in the $_POST array will ALWAYS be the submit element (it is always last in form)? I would like to array_pop($_POST) to get rid of that last element for various reasons (validation scheme) later on.. Regards, Tim -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: question regarding form filtering
-Message d'origine- De : Richard Lynch [mailto:[EMAIL PROTECTED] Envoyé : mercredi 14 mars 2007 23:45 À : Tim Cc : 'Haydar Tuna'; php-general@lists.php.net Objet : RE: [PHP] Re: question regarding form filtering On Wed, March 14, 2007 9:07 am, Tim wrote: You almost for sure do *NOT* want to attempt to send the entire Webster's 2nd Edition dictionary to the browser as JS data so that the JS can check. :-) Hehe, oh? Really? ;-) I suppose you could do a Web 2.0 Ajax-y thingie for that... Not a fan of forcing users to download/use active-x controls.. (accesibility, usability etc..) No, I meant using an XmlHttpRequest to compare their password as they type it in the form with the webster's dictionary up on your server. Dunno if it would be fast enough to do it per keystroke, but perhaps upon leaving the password field. Ok more reading todo then.. For anything that really matters, your sanitation probably ought to be custom-tailored rather than off-the-rack anyway... Glad we share this opinion.. Plus, the easy ones are easy, and the framework probably won't handle the hard ones, so what's the point of the clutter of the framework? So I personally wouldn't even go down this road. Erm gonna have to explain to me what you mean... (easy ones are easy.. Etc.) What I mean is that trying to write Framework for your sanitization routines will lock you into that Framework. So while PCRE is *great* for most sanitization routines, it's not the Right Answer for all of them. But if your framework only does PCRE, you've given up on custom sanitization for an off-the-rack answer, and are using a hammer on a screw sooner or later. The easy ones, like username or email are a one-liner anyway, or a few lines of code at most. The really complex ones like password, probably won't fit into any generic Framework you can build. I think it's better to hand-craft this code on each, rather than trying to generalize it. Ok, i see what you are saying. I have left my class open to new features, its pretty flexible, so i can integrate these features in the near future (or maybe write a validation class that extends the form class for when i need these special validations). This opens up possibilities for both generic/hand-crafted validation. So far i have no public user system (nor the need) so verifying public passwords is not on the work list yet.. I WILL keep that in mind and will experiment with different systems that enable specific validation for certain types of input.. For the time being i am just either using forms to retrieve data from a database (all standard word chars) or putting information into the database from an admin console (again all standard word chars) so PCRE doesthe job just fine and saves me from coding twice php then javascript. If i had more time and less due-dates i would do it, maybe i'll think about it while on vacation? hehe Thanks again Regards, Tim -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php