php-general Digest 17 Aug 2006 14:02:44 -0000 Issue 4298
Topics (messages 240792 through 240801):
Re: PHPSESSID used sporatically
240792 by: Chris
240793 by: Chris
240794 by: Michael B Allen
240798 by: Michael B Allen
pear constants
240795 by: JRuiz
240796 by: Chris
Re: simple scrip to stop email injection
240797 by: Ivo F.A.C. Fokkema
active directory and PHP
240799 by: Alain Roger
240800 by: Chris
select colum in array.
240801 by: João Cândido de Souza Neto
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
php-general@lists.php.net
----------------------------------------------------------------------
--- Begin Message ---
Michael B Allen wrote:
Searching through the logs and browsing my site (see sig) I sometimes see
PHPSESSID is used as opposed to cookies. I know it's not simply that the
client doesn't support cookies because I can see the same IP transition
to and from using PHPSESSID. Can someone explain why this is happening?
Is session.use_trans_sid switched on?
(Check a phpinfo page).
--
Postgresql & php tutorials
http://www.designmagick.com/
--- End Message ---
--- Begin Message ---
Michael B Allen wrote:
On Thu, 17 Aug 2006 12:06:08 +1000
Chris <[EMAIL PROTECTED]> wrote:
Michael B Allen wrote:
Searching through the logs and browsing my site (see sig) I sometimes see
PHPSESSID is used as opposed to cookies. I know it's not simply that the
client doesn't support cookies because I can see the same IP transition
to and from using PHPSESSID. Can someone explain why this is happening?
Is session.use_trans_sid switched on?
Yes. It is. After reading about it I can't quite see what benifit it
provides. Should I just turn it off?
It depends on your site.
If you do something like this for a search:
<?php
...
if (!isset($_SESSION['SearchResults']) ||
empty($_SESSION['SearchResults'])) {
..
$result = $db->query($search_query);
$search_results = array();
while($row = $db->fetch($result)) {
$search_results[] = $row;
}
$_SESSION['SearchResults'] = $search_results;
}
foreach($_SESSION['SearchResults'] as $k => $details) {
....
}
I could send someone a url with the sessionid on the end of it, and it
won't have to do the bit in the middle, it will be able to jump right to
the end (the foreach loop).
If you don't do something like that, then you probably don't need the
trans_sid on.
so it depends on your site and your code.
--
Postgresql & php tutorials
http://www.designmagick.com/
--- End Message ---
--- Begin Message ---
On Thu, 17 Aug 2006 14:26:17 +1000
Chris <[EMAIL PROTECTED]> wrote:
> Michael B Allen wrote:
> > On Thu, 17 Aug 2006 12:06:08 +1000
> > Chris <[EMAIL PROTECTED]> wrote:
> >
> >> Michael B Allen wrote:
> >>> Searching through the logs and browsing my site (see sig) I sometimes see
> >>> PHPSESSID is used as opposed to cookies. I know it's not simply that the
> >>> client doesn't support cookies because I can see the same IP transition
> >>> to and from using PHPSESSID. Can someone explain why this is happening?
> >> Is session.use_trans_sid switched on?
> >
> > Yes. It is. After reading about it I can't quite see what benifit it
> > provides. Should I just turn it off?
>
> It depends on your site.
>
> If you do something like this for a search:
>
<snip>
>
> I could send someone a url with the sessionid on the end of it, and it
> won't have to do the bit in the middle, it will be able to jump right to
> the end (the foreach loop).
I'm not doing anything like that. Sessions are only used to prevent
duplicate form invokations. But my boilerplate code calls session_start
for all .php pages. I suppose I should be more selective to make things
a little more efficient.
But I'm still confuse.
Why aren't cookies alone sufficient to satisfy the session code?
Is PHPSESSID used because of some kind of transition from a PHP page
that calls session_start to a page that does not?
Does session.use_trans_sid simply enable the PHPSESSID in URLs or does
it have a deeper semantic?
The URLs for the tabs my site are not dynamically generated and yet
they're being rewritten. Is that PHP or Apache doing that?
Mike
--
Michael B Allen
PHP Active Directory SSO
http://www.ioplex.com/
--- End Message ---
--- Begin Message ---
On Thu, 17 Aug 2006 12:06:08 +1000
Chris <[EMAIL PROTECTED]> wrote:
> Michael B Allen wrote:
> > Searching through the logs and browsing my site (see sig) I sometimes see
> > PHPSESSID is used as opposed to cookies. I know it's not simply that the
> > client doesn't support cookies because I can see the same IP transition
> > to and from using PHPSESSID. Can someone explain why this is happening?
>
> Is session.use_trans_sid switched on?
Yes. It is. After reading about it I can't quite see what benifit it
provides. Should I just turn it off?
Mike
--
Michael B Allen
PHP Active Directory SSO
http://www.ioplex.com/
--- End Message ---
--- Begin Message ---
Hi All,
I have a problem with some pear constants. I made a new installation of
php + pear + propel (http://propel.phpdb.org) and now in my scripts the
constant PEAR_INSTALL_DIR is not defined when in my previous
installation it used to be...
Other constants like the error ones (PEAR_ERROR_DIE,
PEAR_ERROR_RETURN ...) are defined correctly
Am I missing anything in the new installation?
Thanks a lot!
--- End Message ---
--- Begin Message ---
JRuiz wrote:
Hi All,
I have a problem with some pear constants.
The pear lists live here: http://pear.php.net/support/lists.php
--
Postgresql & php tutorials
http://www.designmagick.com/
--- End Message ---
--- Begin Message ---
On Wed, 16 Aug 2006 15:54:32 -0500, Richard Lynch wrote:
> On Wed, August 16, 2006 4:53 am, Ross wrote:
>>
>> Been having loads of problems with this and have solved it using the
>> phpmailer. The only problem is I cannot get the class working on the
>> remote
>> host I am working on. I am back to using mail() but need to drop in
>> script
>> that checks my fields $fname, $sname, $email, $subject, $message.
>
> Checking for a NEWLINE in all but $message will stop MOST of the email
> injection.
>
> if (preg_match("/\r\n/", array($fname, $sname, $email, $subject))){
> die("Spammer!");
> }
>
> I think preg_match allows array for 2nd arg...
>
> Details.
Hi,
Shouldn't this be
preg_match("/[\r\n]/", ...
considering this is OS specific and on Unix/Linux just a newline would do,
too? Most likely, on a Mac server, just \r would do as a header separator.
The MTA on the system will interpret the OS specific line endings,
and construct proper \r\n header separators before sending it out.
--- End Message ---
--- Begin Message ---
Hi,
I'm new to PHP, so sorry if my question looks like stupid.
I have a web application which use authorization and authentication process
to log-in.
I would like to know if it exists a way to synchronize the authentication
with our Active Directory domain ?
Something like a single side-on.
In fact, i want from my web application users to make them remember only
their login/pwd from Active directory to use my application.
thanks a lot,
Alain
--- End Message ---
--- Begin Message ---
On 8/17/06, Alain Roger <[EMAIL PROTECTED]> wrote:
Hi,
I'm new to PHP, so sorry if my question looks like stupid.
I have a web application which use authorization and authentication process
to log-in.
I would like to know if it exists a way to synchronize the authentication
with our Active Directory domain ?
You sure can.
Check out http://www.php.net/ldap
Even though they are ldap functions they can connect/talk to active
directory servers.
--
Postgresql & php tutorials
http://www.designmagick.com/
--- End Message ---
--- Begin Message ---
Hi everyone,
I´m not sure if it´s the right place to get such answer, but if someone
know, please, help me.
In a select id,name,picture1,picture2,picture3 from product where id="10" i
get an array with each colum in each element like this $result ("id" =>
"10", "name" => "name of product", "picture1" => "pic1.gif", "picture2" =>
"pic2.gif", "picture3" => "pic3.gif").
Is there any way in select to get something like this:
$result ("id" => "10", "name" => "name of product", "pictures" => array(
"pic1" => "pic1.gif", "pic2" => "pic2.gif", "pic3" => "pic3.gif") ).
--
João Cândido de Souza Neto
Curitiba Online
[EMAIL PROTECTED]
(41) 3324-2294 (41) 9985-6894
http://www.curitibaonline.com.br
--- End Message ---