There is a difference between the session file existing, and the user
still having a valid session.
If the timeout has occurred, and the file has not been deleted, when the
user accesses it, the session will not show up in $_SESS[]. Which for
all intents an purposes, means the session has been
Graham Cossey [EMAIL PROTECTED] wrote:
quote ---
[snip]
$lastmonth = date(YmdHis, mktime(date(H), date(i), date(s),
date(m)-1, date(d), date(Y)));
$countResult = db_query(SELECT count(*) AS msgCount FROM messages WHERE
uid = '. $userID .' AND
Hugh Beaumont [EMAIL PROTECTED] wrote:
quote
I've been working with
error_reporting(E_ALL)
set lately trying to write code that does not give notices or errors.
What is the proper way to set a variable so that it's
Would you mind sharing what it was so that it hits the archives and a few 'enquiring
minds'?
Pablo Gosse [EMAIL PROTECTED] wrote:
quote ---
[snip]
Look in your php.ini for max_upload_size or something like it.
[/snip]
'Twas an apache problem.
Or better yet, the mail list could be reconfigured to match every other
mail list on the web, so that sender to the list doesn't get these.
Nick Wilson wrote:
Anyone else getting these infuriating italian messages about some muppet
that doesnt exist?
'desintione non existente'?
I've written to
Just what the doctor ordered! Thanks Chris.
Chris Dowell wrote:
Try this:
http://uk.php.net/output_add_rewrite_var
Dennis Gearon wrote:
You make a good point, Marek. They CAN open a new window with
different results. Maybe it's up to each page to keep track of where
it is at, via form elements
At one time, I thought that I read about a problem with PHP4 sessions involving the
recognitioni of the session expiration in the session engine.
The problem was that the session variables were read into the scipt BEFORE the
expiration time was checked. Anyone remember this? So, I'm asking if
I'd like a value to be passed back from every page, if that page was
originally passed that value.
The two ways that I can think of it, are:
1/ Javascript with some sort of 'onSubmit()' function which causes a
minimal form to be submitted via POST or GET
2/ A hidden form value, and make every
How do sessions 'time out'? Especially if using and SID in the query
string (not a good idea, I know, but this bypasses cookie timeout and so
removes it from timeout methods for this discussion)
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit:
:
Dennis Gearon wrote:
I'd like a value to be passed back from every page, if that page was
originally passed that value.
The two ways that I can think of it, are:
1/ Javascript with some sort of 'onSubmit()' function which causes a
minimal form to be submitted via POST or GET
2/ A hidden form
It has to be in SOME file. Probably in your prepend file or one of the files that it
includes.
Dre [EMAIL PROTECTED] wrote:
quote -
believe me the FIRST line in the file is ?php session_start();
NOTHING AT ALL exists before it.
but I
Please CC me
-
I am designing my own 'usr' class that takes care of logins. I need
to know the following to finish it.
---
A/ Does anybody use sessions for users who are not logged into the site, and why?
B/ If a user goes
With get varaibles, it's possible to always have get variables on a
page, even without a form, by simply appending the Get variables to the
end of the URL.
Is there anyway to do the same with Post variables? For instance, a
javascript that onUnload submit, or something?
--
PHP General Mailing
or windows in a browser.
www.scotttrade.com does it somehow, and I see no GET variables on the URL.
John W. Holmes wrote:
Dennis Gearon wrote:
With get varaibles, it's possible to always have get variables on a
page, even without a form, by simply appending the Get variables to
the end of the URL
Can someone ask the internals list this question, since I can't seem to subscribe
right now, (or answer the question)
If a class is a base class, does each child make it's own copy of:
the whole base class
the class variables only
something else?
So if I have a bunch of
Make sure to remove tags via:
$var_that_will_be_displayed = strip_tags(
$var_from_user_input_via_POST_or_GET_or_COOKIE );
if you are going to display or mail it as part of a link(email or URL), you might do
this instead:
$var_that_will_be_part_of_a_link = strip_tags(
What he is really looking for is connection pooling. Do a google and see if you can
find 'mysql connection pooling php'. It is persistent connections across page
accesses, which PHP does not do natively AFAIK.
Jason Wong [EMAIL PROTECTED] wrote:
I think that having the list settings set up to email everybody who is on single
emails using the email address of the person writing this list is - WRONG. Most lists
I am on don't do that.
quote
Justin Patrin [EMAIL PROTECTED] wrote:
There is a book/CD by 'Stroup' called 'More effective c++'. VERY excellent book. It give someting like 54 specific technicques to employ that save LOTS of time for a C++programmer.
One of the ones from that book, applies here:
DON'T write if ( variable ==/= constant){;}
INSTEAD write if(
I have a function in a class that unsets the superglobal $_REQUEST;
Well, it's supposed to, it doesn't do it. I'm on version 4.2.3 of PHP. This page:
http://us2.php.net/manual/en/language.variables.predefined.php#language.variables.superglobals
says that $_REQUEST is a super global as of
assigning an unset variable to the global? IT
WORKS!
Change the line below:
unset( $_REQUEST );
*--to--*
$unset_variable;
$_REQUEST = $unset_variable;
VOILA! no more $_REQUEST super_global. Now, I need to see if it can still be assigned
to as if it's a super global.
Dennis
advise against that. Why exactly are you unsetting a superglobal?
On Thu, 15 Jul 2004 15:00:15 -0700, Dennis Gearon [EMAIL PROTECTED] wrote:
I have a function in a class that unsets the superglobal $_REQUEST;
Well, it's supposed to, it doesn't do it. I'm on version 4.2.3 of PHP. This page
I bet it would work, 'cause whenever $GLOBALS is 'print_r'd, Globals shows up and a
'recursion note' ends the execution of 'print_r'.
Justin Patrin wrote:
You *can* unset it, you just have to unset the place where it really
sits. When you have a global in a function, then unset it, you only
Isn't $_REQUEST the same as the old GPC variables in global namespace? A
way to get requested variables without paying attention to whether they
came in via cookies, post, or get?
That's been my understanding so I've been using $_GET, $_POST, $_COOKIE
instead, because that way I don't have to
When setting up a site, you should:
A/ write a page with only the function 'phpinfo()' on it.
B/ Call the page phpinfo.php, and put it in your document root.
C/ Now tell us the location of your site so we can all view all your
security information :-)
wink do only A above and see if you
please CC me, as I am on digest.
---
say I've got a class that stores the cookie/get/post vars.
I want to retrieve say one of them.
Say, that post vars come back from browser as:
POST[var1_arr][dim1][dim2]
they are stored in
I want to keep an entire library OUTSIDE of the document root. The library includes
some imgages. How can I have the browser include the imageges?
I've hard of BASE64'ing the images into the header and decoding them using javascript. Is this the best way? Where is code to do that?
--
PHP
I may do that, but the 'showimage.php' file then has to be in the
document root, and can be attacked a LOT.
I have found ways to do inline images, without javascript, I believe.
Curt Zirzow [EMAIL PROTECTED] wrote:
* Thus wrote Dennis Gearon:
I want to keep an entire library OUTSIDE
Anyone ever done that?
Does PHP actually wait until the include is actually needed before it does it? It
might wait to execute it, but does it wait to include it?
Trying to speed up the loading of pages.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit:
Please CC me.
When I connect to a database on the same machine as the apache server us running under, that's
server name localhost, right?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Just for the record, (and archives), This can be accomplished by:
dirname( __FILE__);
This allowes me to put the following into an application's config file,
to be included via the prepend, the following localized, global values:
(assuming the application's files are kept OUT of the document root
please CC me 'cause I am on digest
the scenario:
three files:
.htaccess
has line saying php_prepend
'true_filesystem_location_php_prepend_file'
prepend.php (aforementioned prepend file)
has line saying include file_a.php
file_a.php
has line
thank you very much.
Richard Davey wrote:
Hi,
Monday, June 7, 2004, 5:49:30 PM, you wrote:
DG Does anyone know if ini_get returns the values BEFORE or AFTER the
DG .htaccess modifies them? i.e., does it return the server or local
DG version?
BR Perhaps you're misunderstanding what ini_get() does?
CC me please.
Does anyone know if ini_get returns the values BEFORE or AFTER the
.htaccess modifies them? i.e., does it return the server or local version?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Please CC me, I am on digest.
Any one done that and can give me some pointers?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Please CC me as I am on digest.
Anyone using RIPEMD-160 for hashing in PHP? Is it part of Apache or the
underlying OS?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Andy B [EMAIL PROTECTED] wrote:
quote
one question though how can you tell if a class or package you are
writting or want to attempt to write has ever been created before??
99.9% of the time anything i ever thought of for classes/packages to
write are either too simple or the idea has
I am doing a site where some of the pages will show various hours of
some businesses.
To make life easier for searching for open businesses PER DAY, I have
pretty much decided to make an arbitrary dat-to-day boundary, instead of
the usual midnight boundary. Some businesses that this applies to
'Chris W. Parker' [EMAIL PROTECTED] elucidated:
Thanks guys but I have register globals ON so once the session variable is
defined I should be able to address it without specifying $_SESSION ?
WHERE do you have it on? Most sites now have it turned off for VERY valid security reasons. If you are
When I make a posting to this list, I get an email like below:
---
Subject: Thank you
From: Advance Credit Suisse Bank [EMAIL PROTECTED]
Date: Wed, 14 Apr 2004 12:03:35 -0700
To: Dennis Gearon [EMAIL PROTECTED]
ADVANCE CREDIT SUISSE BANK
Please CC me, I am on digest
--
If I have a directory like:
$HOME/www/ (document root)
It has a auth section in the .htaccess file
$HOME/www/.htaccess
another directory like:
$HOME/www/want_to_be_public/
How can I defeat the auth section in the
Please CC me, I am on digest
--
If I have a directory like:
$HOME/www/ (document root)
It has a auth section in the .htaccess file
$HOME/www/.htaccess
another directory like:
$HOME/www/want_to_be_public/
How can I defeat the auth section in the
Please CC me, I am on digest
--
If I have a directory like:
$HOME/www/ (document root)
It has a auth section in the .htaccess file
$HOME/www/.htaccess
another directory like:
$HOME/www/want_to_be_public/
How can I defeat the auth section in the
I need a wiki, VERY simple. BUT OTOH, it'd be nice if it had the ability
to display, or attache a picture to a topic.
Any good stuff known to exist?
MySQL background.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
I'm on digest, please CC me.
What output document format are people using for doing mailing labels
from databases?
I have thought about HTML, but it doesn't do multiple pages to the
printer well.
OperOffice Writer would be nice, can PHP do that?
Probably better would be PDF files, since it's
I'm trying to find a script archive I once used to go to. It was neck
and neck with hotscripts.com in usable scripts. It was for PHP only
scripts. I THOUGHT it was called phpscripts.com, but no such site exists.
anyone give a short list of PHP script archive sites?
--
PHP General Mailing List
Chris Shiflett wrote:
--- Dennis Gearon [EMAIL PROTECTED] wrote:
I'm trying to find a script archive I once used to go to. It was neck
and neck with hotscripts.com in usable scripts. It was for PHP only
scripts. I THOUGHT it was called phpscripts.com, but no such site
exists.
Perhaps
Chris Shiflett wrote:
--- Dennis Gearon [EMAIL PROTECTED] wrote:
I'm trying to find a script archive I once used to go to. It was neck
and neck with hotscripts.com in usable scripts. It was for PHP only
scripts. I THOUGHT it was called phpscripts.com, but no such site
exists.
Perhaps
I am looking at the 'tackle' library available at sourceforge. It's a
'Tiny ACL' (access control list). Seems pretty good, simple and to the
point.
AND, it is database neutral, using ADODB. I haven't figured out how
it does referential integrity in the database yet, but I suspect it's
Anyone have any sources of noun/verb/adjective lists for password
generation?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
It seems that HTML is LAME, LAME,LAME when it comes to determining local
directories.
I would like to somehow:
put image links relative to a base directory (if a relative URI is
given)
and have PAGE links relative to the current page (if a relative URI
is given)
What I seem to be able
Chris Shiflett wrote:
../ is the parent directory
./ is the current directory
/ is the root directory
I knew that ./ was the current directory on a *nix system, but a browser
will respect that also?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit:
Is there any settings that will silently disable the ability for a
.htaccess file to use the
php_value auto_prepend_value some file name
directive? Some safe mode thing, or an ini setting or something?
The people at the host I'm at just CAN'T seem to get it working on my
site. It's an
please cc me.
I'm on a host with ensim, and it **IS** reading the .htaccess file,
(I've tested it), but it isn't reading the directive:
php_value auto_prepend_file /path/file.name
For those with better shell experience, would this find all the
.htaccess files using that directive on a shared
please cc me
Anyone on a shared, name-based IP, ensim web appliance hosted website?
Can you tell me how to set the freekin':
php_value auto_prepend_file /some_freekin_unknown_real_directory_path_to_HOME/my_paths/prepend.php
value in my .htaccess file?
--
PHP General Mailing List
I received this email, with the PHP subject, at an address I haven't used in a long time on the PHP list. It contained a attached file called:
Marzia_MaterialeDaInternet.lnk.exe
A fairly large BASE 64 encoded attachment. I DID not open it.
This is a warning to others.
Lucas Persona wrote:
How many people are using native vs. phplib sessions, vs. their own/homegrown
sessions?
The archives show a LOT of problems with native sessions.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
If one of you are a guru and on the php-dev list, would you please
either look at the code or ask others on that list if it's possible to
use:
'requiressl=1'
in the connection string for pg_connect/pg_pconnect and it will actually
work in PHP ver = 4.2.2 ?
I am already on so many lists,
: der Ritter
Dennis Gearon wrote:
The usage of md5() in PHPLIB show TWO arguments, a seed and the
string. Nothing in the online manual shows 2 args. What's the dealio?
Line 111 from PHPLIB7.2c - session.inc:
$id = $this-that-ac_newid(md5(uniqid($this-magic)), $this-name);
--
PHP General
, if you *want* to seed/salt the MD5 with a key you can use:
http://www.php.net/manual/en/ref.mhash.php
--
Jason k Larson
aka: der Ritter
Dennis Gearon wrote:
The usage of md5() in PHPLIB show TWO arguments, a seed and the
string. Nothing in the online manual shows 2 args. What's the dealio?
Line 111
---(end of broadcast)---
TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]
END QUOTE
I'd suggest hopping onto the postgres list
Josh.
On March 19, 2003 01:25 am, Dennis Gearon wrote:
how do I connect securely to a postgres database on another server
key])
^ salt/seed/key -
whatever you want to call it
--
Jason k Larson
Dennis Gearon wrote:
I don't see anywhere on that page where it shows using a seed. It
shows **selecting a hash algorithm**, but no salt. Maybe that's the
second argument
Smarty is very wonderful. If both the coder and the designer work
together, layout and code logic can be completely separate.
I am doing a form for entering in about 25 fields. As long as the
template the designer comes up with has:
The required form variables,
and template
how do I connect securely to a postgres database on another server / DNS
name / IP?
Some way to do SSL/SSH easily from PHP?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
The usage of md5() in PHPLIB show TWO arguments, a seed and the string. Nothing in the
online manual shows 2 args. What's the dealio?
Line 111 from PHPLIB7.2c - session.inc:
$id = $this-that-ac_newid(md5(uniqid($this-magic)), $this-name);
--
PHP General Mailing List (http://www.php.net/)
To
Simple question, only related to this forum in that all of us use
libraries that are compressed.
I'm trying to use adodb, and I uploaded it's zipped archive to a linux
box and gunzip won't unzip it. Says 'multiple entries'. Anyone know how
to upload it, short of unzipping in on a windbloze
Turns out the adodb guy DOES have a *.tgz file to download. I got it,
(it's missnamed in the extension), and was able to extract it fine.
Thanks for your help!
Ernest E Vogelsinger wrote:
At 00:18 18.03.2003, Dennis Gearon said:
[snip]
Simple question
Anyone know where to find documentation on this? Who knows what it escapes?
please cc / bc me as I'm on digest
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
do the session vars get treated with magic quotes? The last comment at the bottom of:
http://www.php.net/manual/en/function.get-magic-quotes-gpc.php
Seems to think so. He's written good code, but I have my doubts as to whether it
should be applied
to session vars.
--
PHP General
I call this file 'clean_gpc.php'.
Will it:
// trim all control codes and spaces from ends of string
// standardize Window's CRLF in middle of string to \n
// standardize Apple's LF in middle of string to \n
// remove all control characters BELOW \n
// remove all
The below does not remove the control characters as the site examples show.
I was doing it to the $HTTP_POST_VARS, with a whole lot more functionality, but I
can't ANY thing
to modify the string below :-(
Anyone got any ideas why this does not print a string trimmed of all the
All i get out of:
str_replace
ereg_replace
preg_replace
is an empty string value.
Anybody know why?
?PHP
$bad_str = \t\t\t\\r\\\r\r\r\r\n\r\nFour
schore ...and seven\n\n\n\n\nr\r\r\rn\r years
ago, ,,,,,,our father
makes no difference ..
Joe Goff wrote
-
Put the arguments inside of double quotes instead of single quotes and
then
try it.
$bad_str = str_replace(\r,\n,$bad_str);
- Original Message -
From: Dennis Gearon [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, March 13
ooops, after many hours on this, I had deleted out the final echo
statement. I will play with this and see what I get now.
?PHP
$bad_str = \t\t\t\\r\\\r\r\r\r\n\r\nFour
schore ...and seven\n\n\n\n\nr\r\r\rn\r years
ago, ,,,,,,our father
I finally got something to do it, at least, in inline code.
I couldn't figure out how to remove NULLS, anybody know? A search on:
http://marc.theaimsgroup.com/?l=php-generalr=1w=2
didn't turn anything up.
//
// WORKING
Is there anyway for a page to save information on a user's computer which is
accessible via java or
javascript, but doesn't get sent with each HTML request the way a cookie is?
I had this idea, patterned after kerberos:
1/ A user logs into a site via a secure link.
2/ A hash salt is stored on
ids
instead of 32) and also limit the life of the session, you could write
logic to change the session ID every n minutes which would make brute
forcing the session id even harder.
Jason
On Wed, 2003-02-26 at 11:34, Dennis Gearon wrote:
Is there anyway for a page to save information
Anybody know of a good user registration system, using emailed web addresses for
verification of
email address?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
How can I get a prepend file to work out of my .htaccess file when the host provider
is running
safe-mode?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
they are alive
-
Sincerely, Dennis Gearon
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
), MySQL 3.23.43
PostgreSQL coming soon!
http://www.newmediaone.net
webmaster at newmediaone.net
(303)828-9882
- Original Message -
From: Dennis Gearon [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, February 03, 2003 8:31 PM
Subject: [PHP
Please B/CC me, thank you.
I am on a site that has all the files in both the /home/sitename/www/ directory and a
directory
we'll call /home/directory/includes/ with the following permisssions:
rwxr-x--r
The group I have in /etc/group does not have anyone in it, including me.
The server
Would this prevent other PHP users from including files in my include directory?
11/20/2002 1:45:08 PM, Ernest E Vogelsinger [EMAIL PROTECTED] wrote:
At 19:49 20.11.2002, Dennis Gearon said:
[snip]
Please B/CC me, thank you.
I am on a site that has all
Please CC me as I'm on digest:
--
Are there any libraries for data validation available? If one reads
papers like these:
http://www.nextgenss.com/papers/advanced_sql_injection.pdf
http://www.nextgenss.com/papers/more_advanced_sql_injection.pdf
It
Is it possible from the browser requests to tell if it is jscript
enabled so that an appropriate page can be sent for en/disabled
browsers?
--
If You want to buy computer parts, see the reviews at:
http://www.cnet.com/
**OR EVEN BETTER COMPILATIONS**!!
bunch of useful globals. As a matter of fact, try this
one out too:
print pre;
print_r($GLOBALS);
print /pre;
Jim Grill
Support
Web-1 Hosting
http://www.web-1hosting.net
- Original Message -
From: Bob Lockie [EMAIL PROTECTED]
To: Dennis Gearon [EMAIL PROTECTED]; Tech Support
,
for it holds the only things that are forever true.
-
Sincerely, Dennis Gearon (Kegley)
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
.
-
Look lovingly upon the present,
for it holds the only things that are forever true.
-
Sincerely, Dennis Gearon (Kegley)
--
PHP General Mailing List (http
I am the webperson for a couple of sites, new ones. I've set up several
addresses, some I get and respond to.
What I would like, for all the addresses on the box, is for someone to
be able to run their browser's mailere to be able to download the mail,
and also send mail from the server th3e
Can anyone tell me the rewrite instruction for apache-mod_rewrite for:
original - TangoClass.doc
final- TangoClass.htm
and it shows up in the browser window?
--
If You want to buy computer parts, see the reviews at:
http://www.cnet.com/
**OR EVEN BETTER COMPILATIONS**!!
Corones...my friend always.
-
Look lovingly upon the present,
for it holds the only things that are forever true.
-
Sincerely, Dennis Gearon
, the backticks, invoke php as
a one time interpreter, OR, have a page that I call that has the
appropriate version of PHPINFO in it, and call that page and process the
returned call, from with in the current script.
Dennis Gearon [EMAIL PROTECTED] wrote:
--
has anyone
I should have added: ... that worked before PHP4. But thanks, see my
previous post to this.
Philip Olson wrote:
if only there were, 'get_magic_quotes_sysbase();'
happy birthday ;)
function get_magic_quotes_sybase()
{
if (!ini_get('magic_quotes_sybase')) {
return 0;
.
-
Look lovingly upon the present,
for it holds the only things that are forever true.
-
Sincerely, Dennis Gearon (Kegley)
--
PHP General Mailing List (http
the present,
for it holds the only things that are forever true.
-
Sincerely, Dennis Gearon (Kegley)
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
if only there were, 'get_magic_quotes_sysbase();'
Jason Wong wrote:
On Thursday 23 May 2002 11:49, Dennis Gearon wrote:
Is there any way before PHP4 to read:
magic_quotes_xxx
settings so that I know what is happening to data escaping?
get_magic_quotes_gpc() get_magic_quotes_runtime
.
-
Sincerely, Dennis Gearon (Kegley)
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
I appreciate all the replies to my question before about this. And also
to the person who asked the question later in the day!
What I'm looking for is a database neutral, comprehensive way to do
escaping.
First of all, though, will a php string hold binary data with the value
of 0x00 at
always.
-
Look lovingly upon the present,
for it holds the only things that are forever true.
-
Sincerely, Dennis Gearon (Kegley)
--
PHP
I think I will try to standardize on the '' version, then. thank you.
Miguel Cruz wrote:
On Sat, 18 May 2002, Dennis Gearon wrote:
I appreciate all the good info on this subject, everybody.
In looking the archives, I am still confused on one issue. Do **ALL**
databases treat
1 - 100 of 194 matches
Mail list logo
