[PHP] What would you want in a PHP web host?
I have been developing PHP for a while now, and I am wondering how other developers find their PHP hosting company. So far this has not been an issue for me because I am always in full control of my servers (well, as much control as possible with any web server :), but recently we have begun to host other PHP sites. We want to make sure that we are providing appropriate support to our PHP developers. I see too many hosting companies saying that they support PHP, but not having anyone familiar with PHP on hand. We want to have actual support, a developer to call when you have a PHP issue. What do you think a medium sized hosting company could do to give you (the developer) better service and support? Is access to professional PHP developers useful when an issue arises? Are hosting companies reluctant to give you more access rights? Are they willing to re-compile their PHP build to add other options? How long do requested changes to the server take? What other suggestions do you have for improving the relationship between the server administrator and the PHP developer? I spent some time going through the PHP site looking at the list of hosts supporting PHP, but I didn't find any real discussion about what people want in a host (although I did find plenty of things they don't want :). I just figured that I would ask the PHP community exactly what they wanted. Thank you for any insight that you can give me. --derek Derek Del Conte [EMAIL PROTECTED] Gambit Design Internet Services 610.444.2443 610.368.9845 cellular 110 East State Street, Suite 18, Kennett Square, PA 19348 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Hmmm?
Whenever i get a php script off a website why is it that most of the main parts in the script have a space from the left border. eg ?php echospazzz; ? -lk6- http://www.StupeedStudios.f2s.com Home of the burning lego man! ICQ: 115852509 MSN: [EMAIL PROTECTED] AIM: legokiller666
[PHP] Re: What would you want in a PHP web host?
Derek Del Conte [EMAIL PROTECTED] wrote a lot that I snipped :-) Dear Derek To give you some input I can tell you about some recently experienced things in my php world... I: My homepage is running on a server which host a lot of other domains. Therefor I contacted the company to know if they had any plans about the security issues that arise when many php developers can steal anything they want from other sites on the same server. The response was that there they knew the security wasn't ok but nobody could access sensitive information (?!). a) They dont know better/Dont have a person that actually know php. Or b) They lie hopeing that I won't notice They also told me that they would not do a thing about it What I wanted was: a) An honest answer b) A promise to look into it, report back and maybe fix the problem or warn about the risk. Not just look the other way pretending that there's no problem. II: As a developer I want access to several databases - not just one. The company that hosts my site refuse to create more than one database because of the ressources (human and technical) it takes. I hope you could this. Regards Soeren Nielsen -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Re: Trying to avoid code exploits..
On Wednesday 01 August 2001 02:02, Yasuo Ohgaki wrote:
Meir Kriheli [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Hi,
I need another pair of eyes to see if I've overlooked something.
SNIP
so
'{pass1}=={pass2}'
is converted to
'$GLOBALS['pass1']==$GLOBALS['pass2']'
When to form is validated I'm running eval() to evaluate the
expression. I'm
concerned that there's an exploit somewhere, maybe a user entering
some
malicious data (I don't like using eval that often). But I'm not
using eval()
directly on user entered data, and I can't see where it is possible.
Where pass1,pass2,etc came from? I guess from user and you set
They come from the form.
register_globals=on in your php.ini. If this is the case, your script
is exploitable probably.
register_globals=off in your php.ini and use $HTTP_*_VARS.
If you want to protect values set by PHP also, I've posted sample
function at zend.com recently.
http://www.zend.com/codex.php?id=626single=1
(Protect values (GET/POST/COOKIE) set by PHP)
Regards,
--
Yasuo Ohgaki
I don't think this is much of a problem. I unset() all the global session
variables before I use them so this should be no problem.
Even if an attacker tries to set some value for a script variable, this var
will be unset() and then read from the session, so no harm is done.
On the other hand there should be no probelem to change GLOBALS to
HTTP_XXX_VARS.
But as i've said this isn't a problem. Can you see some way to exploit the
eval() function ?
Thank you
--
Kriheli Meir
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] warnings in php4
I have a lot of php scripts developed with php3. I've installed php4 and I get some warnings when I evaluate variables there are not set (are empty). In php3 there was no problem (no warning). If I modify the code by using empty($var) or isset($var) it's ok, but there are lots of such issues. How could I manage this without major changes? __ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] Counting Multidimensional Arrays
I assume that
$m = 07;
$y = 2001;
$d = 31;
echo count($this-arrEvents[$y][$m][$d]);
is in a method of the class that $someclass is a method of, something like:
class fred
{
function dispcount()
{ $m = 07;
$y = 2001;
$d = 31;
echo count($this-arrEvents[$y][$m][$d]);
}
}
$Events[2001][07][31][0] = 12;
$Events[2001][07][31][1] = 13;
$Events[2001][07][31][2] = 45;
$Events[2001][08][01][0] = 35;
$someclass = new fred();
$someclass-arrEvents = $Events;
$someclass-dispcount();
this works, is your code working differently to this?
Tim
--
From: Johnny Nguyen [SMTP:[EMAIL PROTECTED]]
Sent: 31 July 2001 23:58
To: [EMAIL PROTECTED]
Subject: [PHP] Counting Multidimensional Arrays
Given
//
$Events[2001][07][31][0] = new ZEvent(Some Event 0, Some
Description 0,
07-31-2001);
$Events[2001][07][31][1] = new ZEvent(Some Event 1, Some
Description 1,
07-31-2001);
$Events[2001][07][31][2] = new ZEvent(Some Event 2, Some
Description 2,
07-31-2001);
$Events[2001][08][01][0] = new ZEvent(Some Event 0, Some
Description 0,
08-01-2001);
if I set.
$someclass-arrEvents = $Events;
and then inside of some class i say.
$m = 07;
$y = 2001;
$d = 31;
echo count($this-arrEvents[$y][$m][$d]);
Shouldn't I get 3 as my output? For some reason I am getting 0.
However, if I do:
foreach ($someclass-arrEvents[2001][07][31] as $someevent) {
echo $someevent-getName();
}
I get the correct output:
Some Event 0Some Event 1Some Event 2
Any ideas on how to get the correct count within someclass?
Regards,
Johnny Nguyen
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Re: storing array in mysql
Well, you have to treat all the user's input as a string actually. So
basically only one data type.
Now as for splitting and joining, you can make up a splitting character
let's say: |*^| and see if the user entered this in some of his input.
It's really rare to have such weird combination of characters to be inputed
by users.
Use javascript to validate before submitting.
well yes, The size of string produced by serialize is huge, why not trying
to compress it before storining it? bzcompress()
Warren Vail [EMAIL PROTECTED] wrote in message
001a01c119ce$88a8b640$b5887ed8@nicker">news:001a01c119ce$88a8b640$b5887ed8@nicker...
I never seem to be lucky enough to be sure of the type of data stored in a
php array, since php handles mixtures of types so forgivingly, and because
most of my data comes from forms, with users key in what they like,
including double and single quotes, parentheses (and especially commas,
how
do you prevent breaking up your array and putting it back together with a
different row count because someone keyed in a comma?), etc. I would
think
you would have to go to a lot of trouble to make sure that an array
contains
only numeric data, or only strings that did not contain problem causing
characters.
You are right about more space being required for serialize, I often have
to
resort to TEXT data types to provide enough space in the column for data
(65k runs out fast), and that is a bit slower as well.
Warren
-Original Message-
From: elias [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 31, 2001 8:09 AM
To: [EMAIL PROTECTED]
Subject: Re: [PHP] Re: storing array in mysql
Yes true, you can use serialize.
But since you know the format of your $array variable (which is simply
holding one data type) you can safely use split() and join()
better and smaller when stored in that field because they are comma
seperated.
Warren Vail [EMAIL PROTECTED] wrote in message
001701c119c8$562b0ca0$b5887ed8@nicker">news:001701c119c8$562b0ca0$b5887ed8@nicker...
What I have used to store an array in mysql is;
$value = addslashes(serialize($array));
$query = INSERT INTO table (column) VALUES (\$value\)
and upon retrieval
$query = SELECT column FROM table;
.
while($row = mysql_fetch_array($result)) {
$value = unserialize(stripslashes($row[column]));
}
Note: serialize allows me to store the array in a single column and
addslashes makes the data mysql safe (i.e. allows me to store quotes in
the
column, just in case they are in the array).
Warren Vail
-Original Message-
From: elias [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 31, 2001 4:05 AM
To: [EMAIL PROTECTED]
Subject: [PHP] Re: storing array in mysql
when you submit this form, PHP will give a array variable called $name
you can store in in MySql as:
?
// will make the $name as a comma seperated string
$str = join(,, $name);
insert into tablename(id, value) VALUES(null, '$str');
?
now to reget the array, you can select it back from MySql and split it
as:
?
$name = split(,, $str);
?
//elias
Matthew Delmarter [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Hi all,
I want to store the results of a multiple select input box in a mysql
db. The box looks like this:
select name='name[]' size='5' multiple
option value='id'name/option
/select
I cannot seem to store the array in a database and then output the
result using foreach. Any tips?
Regards,
Matthew Delmarter
Web Developer
AdplusOnline.com Ltd
www.adplusonline.com
Phone: 06 8357684
Cell: 025 2303630
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] warnings in php4
Just set warnings to off in your php.ini - it's on by default Chris Melania Popescu wrote: I have a lot of php scripts developed with php3. I've installed php4 and I get some warnings when I evaluate variables there are not set (are empty). In php3 there was no problem (no warning). If I modify the code by using empty($var) or isset($var) it's ok, but there are lots of such issues. How could I manage this without major changes? __ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- Chris Fry Quillsoft Pty Ltd Specialists in Secure Internet Services and E-Commerce Solutions 10 Gray Street Kogarah NSW 2217 Australia Phone: +61 2 9553 1691 Fax: +61 2 9553 1692 Mobile: 0419 414 323 eMail: [EMAIL PROTECTED] http://www.quillsoft.com.au You can download our Public CA Certificate from:- https://ca.secureanywhere.com/htdocs/cacert.crt ** This information contains confidential information intended only for the use of the authorised recipient. If you are not an authorised recipient of this e-mail, please contact Quillsoft Pty Ltd by return e-mail. In this case, you should not read, print, re-transmit, store or act in reliance on this e-mail or any attachments, and should destroy all copies of them. This e-mail and any attachments may also contain copyright material belonging to Quillsoft Pty Ltd. The views expressed in this e-mail or attachments are the views of the author and not the views of Quillsoft Pty Ltd. You should only deal with the material contained in this e-mail if you are authorised to do so. This notice should not be removed. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] Hmmm?
I presume you mean code layout
Its there to make code easier to read.
eg some silly code
for ($x=1;$x100;$x++) {
while ($i50) {
print $i;
}
}
This is more legible than
for ($x=1;$x100;$x++) {
while ($i50) {
print $i;
}
}
Indentation makes it easier to spot where your code constructs - if ,switch,
while etc start and end.
Hope that explains it a little. Do a search for code layout in google, and
read up on it, and check out a few examples. There are a number of coding
styles, find one that you like, and be consistent. Remember to also comment
your code, as well as making it presentable. If you look back at old code
in a few years time you'll be grateful you did.
Cheers,
Lawrence.
-Original Message-
From: Kyle Smith [mailto:[EMAIL PROTECTED]]
Sent: August 1, 2001 11:42 PM
To: [EMAIL PROTECTED]
Subject: [PHP] Hmmm?
Whenever i get a php script off a website why is it that most of the main
parts in the script have a space from the left border. eg
?php
echospazzz;
?
-lk6-
http://www.StupeedStudios.f2s.com
Home of the burning lego man!
ICQ: 115852509
MSN: [EMAIL PROTECTED]
AIM: legokiller666
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Re: warnings in php4
check php.ini and the key error_reporting Melania Popescu [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I have a lot of php scripts developed with php3. I've installed php4 and I get some warnings when I evaluate variables there are not set (are empty). In php3 there was no problem (no warning). If I modify the code by using empty($var) or isset($var) it's ok, but there are lots of such issues. How could I manage this without major changes? __ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Re: Hmmm?
It's called identing. It's just there to make the script more readable. That's common to almost all programming languages. Some programmers doesn't ident they code anyhow. Basically you increase the ident whenever you enter in a deeper code block. Kyle Smith [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Whenever i get a php script off a website why is it that most of the main parts in the script have a space from the left border. eg ?php echospazzz; ? -lk6- http://www.StupeedStudios.f2s.com Home of the burning lego man! ICQ: 115852509 MSN: [EMAIL PROTECTED] AIM: legokiller666 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Re: exec problem
Hi I'm trying to create a script which my cron will run once a day to
backup
my MySQL database, but the exec command doesn't want to work no matter
what I
try...
Uh.
cron + PHP is cool, but using cron to run PHP to run mysqldump is kinda
silly... :-)
Just put the mysqldump line in your cron job, or create a shell script to
do what you need.
Basically, a shell script:
1. Starts with
#!/usr/bin/sh
(You can use any shell [bash, csh, ash, smrsh] instead of sh that feels
good.]
2. Has stuff you would normally type on the command line, like:
mysqldump -h localhost -u user -p pass --opt DataBase BACKUPS/backup.mysql
3. Has permission to be run by one or more users:
chmod 700 backup.sh
You can then use /path/to/backup.sh as a command, or use that in a cron job.
exec(mysqldump -h localhost -u user -p pass --opt DataBase
BACKUPS/backup.mysql) or die(Problem);
I have tried adding the full path to mysqldump,
You need that.
I have tried using my root
access,
machine root, or MySQL root? The former is a BAD IDEA... The latter ain't
so hot either. Certainly don't be putting a script with database passwords
in your web-tree.
I have tried using a different dir to store the files, changed
permissions all sorts and nothing works. It always returns Problem and
if I
take out the or die then it just returns a blank screen.
You can add more args to exec() to get more info about what went
wrong/right:
exec(..., $results, $errorcode);
while (list(,$line) = each($results)){
echo $line, BR\n;
}
if ($errorcode){
echo OS Error: $errorcode. Usually paths/permissions. Use 'man errno'
to look it up.BR\n;
}
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Re: php3 - php4
Liviu Popescu [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I have a lot of php scripts developed with php3. I've installed php4 and I get some warnings when I evaluate variables there are not set (are empty). In php3 there was no problem (no warning). If I modify the code by using empty($var) or isset($var) it's ok, but there are lots of such issues. How could I manage this without major changes? Edit your PHP.ini file and change the error_reporting to: error_reporting=E_COMPILE_ERROR|E_ERROR|E_CORE_ERROR ; show only errors Yes, do this for now. But long-term, start using isset() and turn on E_NOTICE script by script until all your code is clean. Every one of those un-initialized variables you use is a potential hole for a hacker to feed in some value your script isn't expecting. It also means your programming algorithm is probably not really as organized as it could be. -- WARNING [EMAIL PROTECTED] address is an endangered species -- Use [EMAIL PROTECTED] Wanna help me out? Like Music? Buy a CD: http://l-i-e.com/artists.htm Volunteer a little time: http://chatmusic.com/volunteer.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Re: Pear
Is it worth the while to read up on PEAR? I have seen much of it but I don't know much about it. I am not a complete newbie anymore and I have developed quite a few DB driven sites. Any good readings that you know of? The basic idea behind PEAR is a sort of souped-up code archive of working libraries of scripts you can just steal^H^H^H^H^H use instead of scoring the 'Net and having to re-write/tweak user-contributed scripts. If this sounds like a good idea to you, start reading. If not, don't :-) PEAR is still pretty early in the development cycle, so now is your chance to speak up and have a big impact on what makes good quality library code that you'll probably have to use 6 months from now to keep up with the Joneses. :-) Disclosure: I ain't found time to read up on it either :-( PEAR Wish List: Some schema for keeping the number of packages implementing feature X to a reasonable number... -- WARNING [EMAIL PROTECTED] address is an endangered species -- Use [EMAIL PROTECTED] Wanna help me out? Like Music? Buy a CD: http://l-i-e.com/artists.htm Volunteer a little time: http://chatmusic.com/volunteer.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Re: Trying to avoid code exploits..
But I'm not using eval() directly on user entered data, and I can't see where it is possible. Yes, you are. pass1 is coming from the user, is it not? You are using eval() to decide if pass1 and pass2 are equal, are you not? You are therefore directly eval-ing user code. register_globals=off in your php.ini and use $HTTP_*_VARS. Sigh. This does *NOT* provide *ANY* protection *WHATSOEVER*. The user can *STILL* POST malicious data, and you are *STILL* going to eval() it. I dunno *WHY* so many people are running around saying register_globals Off and HTTP_xxx_VARS makes your data safe. IT DOESN'T. It *ONLY* keeps a hacker from using GET URL's to over-write POST data, which they can edit in a text editor and send any damn thing they want anyway. (And vice versa.) Ditto for COOKIE data. It does *NOT* stop a hacker from using GET/POST to initialize variables that were never set. Turn on E_NOTICE, damnit. I REPEAT: register_globals off and HTTP_xxx_VARS being more secure is a gross exaggeration. It will only trip the dumbest of the dumb trying to crack your site -- We're talking lower than script-kiddies. Think Joe Sixpack and Betsy Buick here. Normal users who have noticed those funky things in URLs and decided to play around with them on FORMs to see what they can do. A *REAL* script-kiddie (did I just say that?) would take your HTML FORM, edit it in NotePad, and then POST their malicious data and your HTTP_POST_VARS have *bad* things in it. -- WARNING [EMAIL PROTECTED] address is an endangered species -- Use [EMAIL PROTECTED] Wanna help me out? Like Music? Buy a CD: http://l-i-e.com/artists.htm Volunteer a little time: http://chatmusic.com/volunteer.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Re: Good Tutorial
I have done a few tutorials, but they aren't very long, and have only covered a small amount of what i need to know. Dunno how long it is, but the webmonkey tutorial used to get good reviews here... I've been out of the loop for awhile though. Can anyone recommend any good comprehensive tutorials out thier, and/or any good books that would be worth purchasing. Uh. A truly comprehensive tutorial on PHP would be the size of an encyclopaedia... I mean, there's like 107 different PHP-extensions to cover, each of which probably needs a book-length format to explain. The nice thing is, you can safely ignore 100 of those extensions until you need one of them :-) -- WARNING [EMAIL PROTECTED] address is an endangered species -- Use [EMAIL PROTECTED] Wanna help me out? Like Music? Buy a CD: http://l-i-e.com/artists.htm Volunteer a little time: http://chatmusic.com/volunteer.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Worldpay module an Exchange Project e-commerce site
I recently just started using PHP. I searched this list's archives first, but couldn't find an answer to my question: Whenever I get a syntax error it's always reported on line 1, even when it's obviously not on line 1. I *never* get an error reported on any other line #. Your file is Mac or PC format, and it's all one line as far as Unix is concerned. Save As... Unix format in your editor -- WARNING [EMAIL PROTECTED] address is an endangered species -- Use [EMAIL PROTECTED] Wanna help me out? Like Music? Buy a CD: http://l-i-e.com/artists.htm Volunteer a little time: http://chatmusic.com/volunteer.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Re: emailing the contents of a form in PDF format
1) Prompt the user for a target e-mail address. 2) Create a PDF document from the form fields on the current page (I wish to specify the design of the form) and e-mail it to the e-mail address gathered form (1). I'm hoping there's either a module or two that can accomplish this or perhaps, someone has already gone through the hassle and would be willing to share. Otherwise, some pointers to head me in the correct direction would be appreciated. You want the fDF Dev Toolkit from http://adobe.com and the --with-pdf configuration flag. For attachments, you can roll your own and lose lots of hair or snag something like Manuel Lemos' UpperDesign.com (.org?) mail class that will do it for you. You now know as much about how to do it as I do, since I'm just repeating answers from previous threads... May want to search the archives for more detail. -- WARNING [EMAIL PROTECTED] address is an endangered species -- Use [EMAIL PROTECTED] Wanna help me out? Like Music? Buy a CD: http://l-i-e.com/artists.htm Volunteer a little time: http://chatmusic.com/volunteer.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Re: issues with __sleep() and __wakeup()
class Scott {
var $svar = array(); // free-form hash for whatever data
function Scott( )
{
return $this;
Like, I don't think you're supposed to return $this from your constructor...
}
function __sleep()
{
According to the manual, this is supposed to return an array of the variable
names you want serialized.
return(array('svar'));
in this case, I think, would be what you want...
}
function __wakeup()
{
$this-svar['sleep'] = I am waking up;
}
}// end class
Once you get it working, post your sample to the User Contributed notes
please :-)
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Re: Execute mixed php code from mysql?
echo $row[code]; You want eval, but since your code starts off with HTML, and eval expects to be doing PHP, you need to do more like: $html = $row['code'] eval(?$html?php); In essence, you are sorta doing the opposite of how include automatically switches back to HTML mode, and you break out of PHP to eval your HTML... WARNING: This $html isn't coming from untrusted web-surfers, is it?... [shudder] That would be *really* dangerous, as you're giving them complete access to installing any PHP scripts they like on your server... -- WARNING [EMAIL PROTECTED] address is an endangered species -- Use [EMAIL PROTECTED] Wanna help me out? Like Music? Buy a CD: http://l-i-e.com/artists.htm Volunteer a little time: http://chatmusic.com/volunteer.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Re: whats wrong?
FORM METHOD=post ACTION=userinfolistbycompany2.php INPUT TYPE=hidden name=uid value=? echo $uid; ? You are using the short open tag of ? instead of ?php is the only thing really wrong I can see... That won't work in PHP4 --with-xml, or if php.ini has short tags off etc. The $uid is silly, but not wrong per se. It's also possible you mis-spelled that file name in the ACTION, or that you have a *REALLY* lame OS that won't let you use a file name that long. It's even remotely possible that you don't have PHP enabled, or that the file in which the above code appears is not a .php file... Could you give us more of a clue what's happening?... -- WARNING [EMAIL PROTECTED] address is an endangered species -- Use [EMAIL PROTECTED] Wanna help me out? Like Music? Buy a CD: http://l-i-e.com/artists.htm Volunteer a little time: http://chatmusic.com/volunteer.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Re: Visual Login
How can i go about doing a visual login on a web page... instead of the pop up window i have at the min like with .htaccess ?? I apologize if this is in the manual, but i couldn't see it If you use HTTP Authentication, you get that popup. Period. If you don't, you don't. Period. So, ditch the HTTP Authentication and roll up a database with username/password and a FORM to login. -- WARNING [EMAIL PROTECTED] address is an endangered species -- Use [EMAIL PROTECTED] Wanna help me out? Like Music? Buy a CD: http://l-i-e.com/artists.htm Volunteer a little time: http://chatmusic.com/volunteer.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Re: Another simple question (dont hurt me)
In php, oh wait well this is really 2 questions.. 1 in a form how do i make it email a file to someone, and the second how do i make it get recieved as an attatchement...? You want to read the file upload feature page on http://php.net And you want to snag Manuel Lemos' UpperDesign.com mail class to send the attachment. While you're on php.net, read the through all the Feature pages, and the top page of the various extensions. (EG, not every function the MySQL section, just the first page.) You'll then know where 90% of what you need lives without waiting for the mailing list to respond. :-) Oh yeah. Read the FAQ again, while you're at it :-) :-) :-) -- WARNING [EMAIL PROTECTED] address is an endangered species -- Use [EMAIL PROTECTED] Wanna help me out? Like Music? Buy a CD: http://l-i-e.com/artists.htm Volunteer a little time: http://chatmusic.com/volunteer.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Re: PHP Execute as User ???
I have php files which run on various VirtualHost's and there is suexec on those VirtualHosts, however, when I look at the user/group which PHP runs under it always seems to be the main web user (nobody, www, or whatever we set it to). Is there any way for PHP to be able to execute as the User/Group of the VirtualHost? Please forgive me if this subject has been explained elsewhere, I did a search and it revealed nothing. Only if you execute PHP as a CGI with suExec. PHP as a Module is a part of Apache, and has its same User/Group. Apache 2.0 will (allegedly) allow mod_php to run as different user in different hosts. Not sure how to set up suExec, but suExec + PHP-CGI *can* be made to work and run PHP as any user you choose. My ISP did it to me. -- WARNING [EMAIL PROTECTED] address is an endangered species -- Use [EMAIL PROTECTED] Wanna help me out? Like Music? Buy a CD: http://l-i-e.com/artists.htm Volunteer a little time: http://chatmusic.com/volunteer.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Re: MAgic Quotes
How do you turn on/off magic quotes through .htaccess? Is it this posible? php_value magic_quotes off -- WARNING [EMAIL PROTECTED] address is an endangered species -- Use [EMAIL PROTECTED] Wanna help me out? Like Music? Buy a CD: http://l-i-e.com/artists.htm Volunteer a little time: http://chatmusic.com/volunteer.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Re: path_info
I am running win2k sp1. The following code works with php 4.0.3 installed however fails with versions php 4.0.5 and 4.0.6. Any assistance would be appreciated ?php echo $PATH_INFO; echo br; echo $HTTP_SERVER_VARS[PATH_INFO]; ? Define fails... What are your php.ini settings for register_globals and track_vars? -- WARNING [EMAIL PROTECTED] address is an endangered species -- Use [EMAIL PROTECTED] Wanna help me out? Like Music? Buy a CD: http://l-i-e.com/artists.htm Volunteer a little time: http://chatmusic.com/volunteer.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Re: Sort by bigger count(*)
I made a query that uses count(*) now how can i get the results sorted following the biggest count(*) result? select count(*) as score from foo group by y order by score desc may do the trick... I often have trouble with aggregates not being allowed where I want them or not being able to aggregate on all records, but only display a subset (or vice versa). -- WARNING [EMAIL PROTECTED] address is an endangered species -- Use [EMAIL PROTECTED] Wanna help me out? Like Music? Buy a CD: http://l-i-e.com/artists.htm Volunteer a little time: http://chatmusic.com/volunteer.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Re: Trying to avoid code exploits..
On Wednesday 01 August 2001 10:20, Richard Lynch wrote:
But I'm not
using eval()
directly on user entered data, and I can't see where it is possible.
Yes, you are.
pass1 is coming from the user, is it not?
You are using eval() to decide if pass1 and pass2 are equal, are you not?
You are therefore directly eval-ing user code.
register_globals=off in your php.ini and use $HTTP_*_VARS.
Sigh. This does *NOT* provide *ANY* protection *WHATSOEVER*.
The user can *STILL* POST malicious data, and you are *STILL* going to
eval() it.
Aactually the eval()ed string would be:
eval('$a = $GLOBALS[pass1]==$GLOBALS[pass2]')
So there is no direct eval on the user data. I'm also using single quotes so
no special meaning chars would be expanded.
I REPEAT:
register_globals off and HTTP_xxx_VARS being more secure is a gross
exaggeration.
It will only trip the dumbest of the dumb trying to crack your site --
We're talking lower than script-kiddies. Think Joe Sixpack and Betsy Buick
here. Normal users who have noticed those funky things in URLs and decided
to play around with them on FORMs to see what they can do.
A *REAL* script-kiddie (did I just say that?) would take your HTML FORM,
edit it in NotePad, and then POST their malicious data and your
HTTP_POST_VARS have *bad* things in it.
Yes and I agree with you (see the answer to Yauso). The only concern is GPC
vars overwriting script vars, and as mentioned I unset those var before
assigning them a value or before using session register to get their values.
--
Kriheli Meir
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Example high-profile PHP sites
In article [EMAIL PROTECTED], [EMAIL PROTECTED] (Ralph Guzman) wrote: Incase you still need it. Here is a big one I forgot to mention: http://www.dialpad.com/ Not sure how much of their site is PHP, but their user registration and member backend is PHP driven. Entertainment site thewb.com uses PHP for the interactive areas (mesage boards, polls, etc.). -- CC -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Sorry... but a good PHP editor for Linux/Unix
Try vim instead of vi. -Stathis. Ben Bleything wrote: I can't speak for terminal usage... I use pico and or vi... pico on console, vi over ssh. When working locally, I use nedit (www.nedit.org) on *nix (with custom PHP syntax highlighting) and EditPlus on windows. Good luck, Ben -Original Message- From: Augusto Cesar Castoldi [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 31, 2001 7:07 PM To: [EMAIL PROTECTED] Subject: [PHP] Sorry... but a good PHP editor for Linux/Unix Sorry about talking about this subject, but a really wanna know if any one nows a good editor for linux/unix. Sometimes I need to work by SSH and I have to use the program pico. I can't use vi, to use it, i'll need to see the manual!! thanks, Augusto -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] PHP and MySQL Insert ID
Hello everyone ! Question: I'm building an online membership registration system, for a 'membership section' of a website. As it stands, I have a registration form that insert the data into MySQL, then generate a confirmation page--with member ID number, username, and password. I want to use PHP's mysql_insert_id to capture the last ID that was entered...and that's where my question lies. In an environment where it's possible to have multiple users register at the same time (relatively speaking), how can I be sure that the 'last ID' is indeed the 'intended' last user's ID? Ex. Say that user A submit a registration form at 00:00:01, but mysql_inserted_id is not called (for user A) until 00:00:03. If user B submits a registration for at 00:00:02, then would the call to mysql_insert_id (for user A---called at 00:00:03) return the ID for user B? Technically, it sounds like it would, unless mysql_insert_id implements some type of session and/or state recognition. Is that how it works? --How can I be sure that it returns the ID for user A and not B? --Does mysql_insert_id implement some internal session function, or something to that effect? How does it account for that? Please help. Thanks in advance. -John __John Monfort_ _+---+_ P E P I E D E S I G N S www.pepiedesigns.com The world is waiting, are you ready? -+___+- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] PHP and MySQL Insert ID
Hello John, Wednesday, August 01, 2001, 11:06:06 AM, you wrote: JM In an environment where it's possible to have multiple JM users register at the same time (relatively speaking), how can I be sure JM that the 'last ID' is indeed the 'intended' last user's ID? JM Ex. JMSay that user A submit a registration form at 00:00:01, but JMmysql_inserted_id is not called (for user A) until 00:00:03. JMIf user B submits a registration for at 00:00:02, then would JMthe call to mysql_insert_id (for user A---called at 00:00:03) return JMthe ID for user B? JMTechnically, it sounds like it would, unless mysql_insert_id implements JMsome type of session and/or state recognition. JMIs that how it works? JM--How can I be sure that it returns the ID for user A and not B? You can be 100% sure, 'cause mysql_insert_id() returning last inserted id in current connection to database. User A has another connection ID as user B. I hope it helps -- Best regards, Danielmailto:[EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] How can i make it so....
Hi,
I have modified an authentication script to my own liking, but being new, don't know
how to go about my next stage.
Once the user has inserted the UN, and PW, it is campared against the MySQL database,
nowm what i want to do is get rid of the login form which still appears, and is very
annoying. I can't seem to see anything on this particular subject, but if their is
any, can u point me in the right direction.
It can be viewed at: http://www.stevewrightonline.co.uk/auth/auth.php
UN: guest
PW: guest
Here's the code:
P
FORM ACTION=? echo $PHP_SELF; ? METHOD=POST
PUserName:br
input type=text name=PHP_AUTH_USER size=15
/p
PPassword:br
input type=password name=PHP_AUTH_PW size=15
/p
input type=submit value=Log In
/form
/P
?php
$auth = false; // user is not authenticated yet
if (isset( $PHP_AUTH_USER ) isset($PHP_AUTH_PW)) {
// Connect the MySQL Database
mysql_connect( **.net', '**', '***' )
or die ( 'Unable to connect to server.' );
// Select database on MySQL server
mysql_select_db( 'Demonstration' )
or die ( 'Unable to select database.' );
// the query
$sql = SELECT * FROM users WHERE UserName = '$PHP_AUTH_USER' AND Password =
'$PHP_AUTH_PW';
// Execute query and put results in $result
$result = mysql_query( $sql )
or die ( 'Unable to execute query.' );
// Get number of rows in $result.
$num = mysql_numrows( $result );
if ( $num != 0 ) {
// matching row was found - user authenticated.
$auth = true;
}
}
if ( ! $auth ) {
echo 'Sign In Required.';
exit;
} else {
echo 'pYou are Signed In!/p';
}
?
Re: [PHP] Can't write to file via php, just via ftp...Cananyonehelp?
How is it, if I would create the file itself from the php-script itself? To do *that* you need world-writable permissions on the DIRECTORY to create files inside of it. That means any other user on your computer can *also* create any files they like in that directory. Would I be able to read the file next time it is called from the website? If that directory is in your web tree, yes, the file would then be available... Along with any other files your co-users have decided to throw into your web-site! This is probably worse than having a single world-writable file. :-( Constructive Suggestions: Move the file[s] *OUT* of the web tree. If you want them visible to the outside world, write a PHP script to display the non-web files. As each file is created, record it in your DB, and only allow the display of files in your DB. Now a hacker needs to create a file in that direcotry *AND* hack your DB to mess up your web-site. Check the contents of the files before you display them. Odds are pretty good that there are all sorts of things you can check to be sure the files you have look like they should. Page yourself with a 911 if a suspicious file shows up. Give the files (and their containing directory) the *MINIMUM* permissions required to make it all work. No eXecute. No user-readable/writable. *ONLY* the world readable/writable. Or, if you control the server, change that around and make the files owned by nobody and *ONLY* user readable/writable. Run a cron job to chmod 006 * (or whatever you chose above) on that directory every few minutes, so if a hacker manages to force a bad file in there, you'll make it less usable. Run a cron job every once in a while to check that every file in the DB has a file in the directory and vice-versa. Page yourself if files appear mysteriously. So no file can get added in either place alone without setting off an alarm. Actually, you'll need to be careful that no false alarms happen in the midst of files being added... So, do the INSERT into your DB before the copy(), timestamp the insertion, and don't alarm for any file added to the DB but not the directory in the past minute or two. This is hardly rock-solid, and any reasonably intelligent malicious user sharing your machine will eventually be able to figure out how to mess you up, but is closer to acceptable risk than world-writable files laying around in your web tree. Hopefully, though, your pro-active measures will have you catching them in the act of trying to figure out how to break in, rather than them catching you with your pants down. The idea is to keep a very, very close eye on what goes in there, and be sure it's what is *supposed* to be there. All this won't stop a determined, smart hacker. But it will catch the script-kiddies and wannabes. Disclaimer: I'm no security expert... -- WARNING [EMAIL PROTECTED] address is an endangered species -- Use [EMAIL PROTECTED] Wanna help me out? Like Music? Buy a CD: http://l-i-e.com/artists.htm Volunteer a little time: http://chatmusic.com/volunteer.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] ADV. Natural penis enlargement -without surgery-!
Removal Information = This message is sent in compliance of the new email bill section 301. Per Section 301, Paragraph (a)(2)(C) of S. 1618, further transmissions to you by the sender of this email will be stopped at no cost to you. This message is not intended for residents in the State of WA, NV, CA VA. Screening of addresses has been done to the best of our technical ability. If you are a Washington, Virginia,or California resident please remove yourself. We respect all removal requests. To Be Removed: mailto:[EMAIL PROTECTED]?subject=remove. If you DID NOT opt-in, meaning -at some time- signed up to receive health and/or sexual health related information, please send removal request. = This is for adult men only !!! ** If you did not 'opt-in', please delete now! *** ** IF YOU ARE NOT AN ADULT, DELETE NOW !! We are a serious company, offering a program that will enhance your sex life, and enlarge your penis in a totally natural way. We realize many men -and their women- are unhappy with their penis size. The truth is that size matters, not only it affects many men's performance, but their self-esteem as well. Penis enlargement is POSSIBLE; just as you can exercise almost any part of your body, you CAN exercise your penis. Our program is totally PROVEN and GUARANTEED !!! Our company has the techniques! Totally NATURAL techniques; no gadgets, no pumps, no surgery! If you want more information, please send an email with 'more info'in the subject to: [EMAIL PROTECTED] -mailto:[EMAIL PROTECTED]?subject=moreinfo-.. This is an automated answer, for removal use [EMAIL PROTECTED] If the above link has been removed, just reply to this message with 'more info' on the subject line. This IS NOT UNSOLICITED; you appear in an opt-in list, if in error, please remove yourself. Please let those who suffer from erectile dysfunction, similar problems or small penis size receive this information! === DISPONIBLE TAMBIEN EN ESPAÑOL === -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] How can i make it so....
Steve,
If you move your validation code to the top of the script you can use the
header (Location: loggedin.php);
exit;
to go to the next page if the user is validated
Chris
Steve Wright wrote:
Hi,
I have modified an authentication script to my own liking, but being new, don't know
how to go about my next stage.
Once the user has inserted the UN, and PW, it is campared against the MySQL
database, nowm what i want to do is get rid of the login form which still appears,
and is very annoying. I can't seem to see anything on this particular subject, but if
their is any, can u point me in the right direction.
It can be viewed at: http://www.stevewrightonline.co.uk/auth/auth.php
UN: guest
PW: guest
Here's the code:
P
FORM ACTION=? echo $PHP_SELF; ? METHOD=POST
PUserName:br
input type=text name=PHP_AUTH_USER size=15
/p
PPassword:br
input type=password name=PHP_AUTH_PW size=15
/p
input type=submit value=Log In
/form
/P
?php
$auth = false; // user is not authenticated yet
if (isset( $PHP_AUTH_USER ) isset($PHP_AUTH_PW)) {
// Connect the MySQL Database
mysql_connect( **.net', '**', '***' )
or die ( 'Unable to connect to server.' );
// Select database on MySQL server
mysql_select_db( 'Demonstration' )
or die ( 'Unable to select database.' );
// the query
$sql = SELECT * FROM users WHERE UserName = '$PHP_AUTH_USER' AND Password =
'$PHP_AUTH_PW';
// Execute query and put results in $result
$result = mysql_query( $sql )
or die ( 'Unable to execute query.' );
// Get number of rows in $result.
$num = mysql_numrows( $result );
if ( $num != 0 ) {
// matching row was found - user authenticated.
$auth = true;
}
}
if ( ! $auth ) {
echo 'Sign In Required.';
exit;
} else {
echo 'pYou are Signed In!/p';
}
?
--
Chris Fry
Quillsoft Pty Ltd
Specialists in Secure Internet Services and E-Commerce Solutions
10 Gray Street
Kogarah
NSW 2217
Australia
Phone: +61 2 9553 1691
Fax: +61 2 9553 1692
Mobile: 0419 414 323
eMail: [EMAIL PROTECTED]
http://www.quillsoft.com.au
You can download our Public CA Certificate from:-
https://ca.secureanywhere.com/htdocs/cacert.crt
**
This information contains confidential information intended only for
the use of the authorised recipient. If you are not an authorised
recipient of this e-mail, please contact Quillsoft Pty Ltd by return
e-mail.
In this case, you should not read, print, re-transmit, store or act
in reliance on this e-mail or any attachments, and should destroy all
copies of them.
This e-mail and any attachments may also contain copyright material
belonging to Quillsoft Pty Ltd.
The views expressed in this e-mail or attachments are the views of
the author and not the views of Quillsoft Pty Ltd.
You should only deal with the material contained in this e-mail if
you are authorised to do so.
This notice should not be removed.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] how can i send SMS from Php Scripts ?
Sorry for my english but i'm french -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Re: How can i make it so....
Once the user has inserted the UN, and PW, it is campared against the MySQL database, nowm what i want to do is get rid of the login form which still appears, and is very annoying. I can't seem to see anything on this particular subject, but if their is any, can u point me in the right direction. Re-arrange your code so you *CHECK* their username/password *before* you start showing the FORM. If they've entered username/password, and it's valid, don't show the form, do something else. Also, the variables $PHP_AUTH_USER and PHP_AUTH_PW are going to be set by the browser as part of HTTP Authentication, even though you're not using HTTP Authentication, so you can't use those variables with your form. Pick different variable names. -- WARNING [EMAIL PROTECTED] address is an endangered species -- Use [EMAIL PROTECTED] Wanna help me out? Like Music? Buy a CD: http://l-i-e.com/artists.htm Volunteer a little time: http://chatmusic.com/volunteer.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Re: Trying to avoid code exploits..
It does *NOT* stop a hacker from using GET/POST to initialize variables that were never set. Turn on E_NOTICE, damnit. Whoops. That part of my rant was patently false. I was on a roll, though :-) If register_globals is off, of course POST 'i' can't over-ride your uninitialized $i variable. You *still* oughta have E_NOTICE on and test every line of code anyway, though :-) And I still think sanitizing user-input, which you have to do anyway, and initializing every non-user-input variable, which you ought to do, is the Right Way to go instead of cluttering up your code with HTTP_xxx_VARS and making life difficult for newbies. YMMV. Sorry for the multiple posts. -- WARNING [EMAIL PROTECTED] address is an endangered species -- Use [EMAIL PROTECTED] Wanna help me out? Like Music? Buy a CD: http://l-i-e.com/artists.htm Volunteer a little time: http://chatmusic.com/volunteer.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] How can i make it so.
Steve,
The following should work:-
?php
$auth = false; // user is not authenticated yet
if (isset( $PHP_AUTH_USER ) isset($PHP_AUTH_PW)) {
// Connect the MySQL Database
mysql_connect( **.net', '**', '***' )
or die ( 'Unable to connect to server.' );
// Select database on MySQL server
mysql_select_db( 'Demonstration' )
or die ( 'Unable to select database.' );
// the query
$sql = SELECT * FROM users WHERE UserName = '$PHP_AUTH_USER' AND
Password = '$PHP_AUTH_PW';
// Execute query and put results in $result
$result = mysql_query( $sql )
or die ( 'Unable to execute query.' );
// Get number of rows in $result.
$num = mysql_numrows( $result );
if ( $num != 0 ) {
// matching row was found - user authenticated.
$auth = true;
}
}
if ( ! $auth ) {
echo 'Sign In Required.';
} else {
// you may need to pass the user id password here if you need it
later on
header (Location: loggedin.php);
exit;
}
?
P
FORM ACTION=? echo $PHP_SELF; ? METHOD=POST
PUserName:br
input type=text name=PHP_AUTH_USER size=15
/p
PPassword:br
input type=password name=PHP_AUTH_PW size=15
/p
input type=submit value=Log In
/form
/P
Regards
Chris
--
Chris Fry
Quillsoft Pty Ltd
Specialists in Secure Internet Services and E-Commerce Solutions
10 Gray Street
Kogarah
NSW 2217
Australia
Phone: +61 2 9553 1691
Fax: +61 2 9553 1692
Mobile: 0419 414 323
eMail: [EMAIL PROTECTED]
http://www.quillsoft.com.au
You can download our Public CA Certificate from:-
https://ca.secureanywhere.com/htdocs/cacert.crt
**
This information contains confidential information intended only for
the use of the authorised recipient. If you are not an authorised
recipient of this e-mail, please contact Quillsoft Pty Ltd by return
e-mail.
In this case, you should not read, print, re-transmit, store or act
in reliance on this e-mail or any attachments, and should destroy all
copies of them.
This e-mail and any attachments may also contain copyright material
belonging to Quillsoft Pty Ltd.
The views expressed in this e-mail or attachments are the views of
the author and not the views of Quillsoft Pty Ltd.
You should only deal with the material contained in this e-mail if
you are authorised to do so.
This notice should not be removed.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] PHP and Apache 1.3.12
Hi, I am using RedHat Linux 6.2. I just got my PHP installed but my Apache 1.3.12 server does not seem to recognize the PHP files and PHP scripting. I have already uncommented the lines in my httpd.conf file which read: AddType application/x-httpd-php .php AddType application/x-httpd-php-source .phps when I type httpd -l, I notice the following: [root@test bin]# ./httpd -l Compiled-in modules: http_core.c mod_env.c mod_log_config.c mod_mime.c mod_negotiation.c mod_status.c mod_include.c mod_autoindex.c mod_dir.c mod_cgi.c mod_asis.c mod_imap.c mod_actions.c mod_userdir.c mod_alias.c mod_access.c mod_auth.c mod_setenvif.c suexec: enabled; valid wrapper /usr/local/apache/bin/suexec I am not sure why my Apache still does not recognize php files. When I try to access a php file on the server through a web browser, it will ask me if I want to download. It's almost as though it did not recognize the PHP extension. I was reading through some of README files that came with the PHP source files and it mentioned that I need to have the mod_so active. Well as you can see mod_so was not on my list when I typed httpd -l. I have read the Apache documentation, but I am lost in terms of how to install this mod_so module. I was wondering has anybody out there had a similar experience. If so can anyone offer any suggestions. thanks.
Re: [PHP] ADV. Natural penis enlargement -without surgery-!
At 09:00 PM 7/31/2001, Guaranteed ! wrote: We are a serious company, offering a program that will enhance your sex life, and enlarge your penis in a totally natural way. I think they got the ASP mailinglist mixed up with the PHP one.. -j -- [EMAIL PROTECTED] - 0xF50BB9D7 A21A FD82 8C30 EC77 545D A0B3 F501 F50B B9D7 ICQ: 14295546-AIM: kw34hd1 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Newbie: Site search, more than one directory
At 04:11 PM 8/30/2001, Steve Wright wrote: Hey, I have just developed a simple site search.. .and am after learning how to get it to search all directories... at present, it only searches the one it is in!! snip $cmdstr = grep -i $searchstr *; man grep on my linux box shows: -r, --recursive Read all files under each directory, recursively; this is equivalent to the -d recurse option. change it to: $cmdstr = grep -r -i $searchstr *; In all honesty though, you might want to use an ereg_replace() on $searchstr before doing that, so that special shell characters can't get through. Interesting take on searching... -j -- [EMAIL PROTECTED] - 0xF50BB9D7 A21A FD82 8C30 EC77 545D A0B3 F501 F50B B9D7 ICQ: 14295546-AIM: kw34hd1 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Re: Trying to avoid code exploits..
Hi Richard, I guess you miss my point. I always suggest to check all user inputs (GET/POST/COOKIE), they are all unsafe unless they are checked. Anyone can spoof these variables easily with little knowledge and attackers do not have to be experienced to attack PHP scripts. Elementally school kids can attack effectively poorly written codes :) Take a look at my tip at zend.com that is posted months ago http://www.zend.com/tips/tips.php?id=195single=1 (There are many reasons why PHP user should set register_globals=off, enable_track_vars=on default from PHP4.0.3, error_reporting=E_ALL. With these settings, writing secure code is a lot easier. In addition, register_globals=off would be default for PHP4.1 or PHP5.0. ) and Recent discussion in php-dev list. There is long thread regarding register_globals and others. This is one of them. The thread is really long So I didn't bother to find the first one. http://marc.theaimsgroup.com/?l=php-devm=99631966717767w=2 will see what I mean. It needs too many typing to explain fully... Regards, -- Yasuo Ohgaki -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] PHP and MySQL Insert ID
Many thanks, Daniel! I trully appreciate it. -john __John Monfort_ _+---+_ P E P I E D E S I G N S www.pepiedesigns.com The world is waiting, are you ready? -+___+- On Wed, 1 Aug 2001, Daniel Rezny wrote: Hello John, Wednesday, August 01, 2001, 11:06:06 AM, you wrote: JM In an environment where it's possible to have multiple JM users register at the same time (relatively speaking), how can I be sure JM that the 'last ID' is indeed the 'intended' last user's ID? JM Ex. JMSay that user A submit a registration form at 00:00:01, but JMmysql_inserted_id is not called (for user A) until 00:00:03. JMIf user B submits a registration for at 00:00:02, then would JMthe call to mysql_insert_id (for user A---called at 00:00:03) return JMthe ID for user B? JMTechnically, it sounds like it would, unless mysql_insert_id implements JMsome type of session and/or state recognition. JMIs that how it works? JM--How can I be sure that it returns the ID for user A and not B? You can be 100% sure, 'cause mysql_insert_id() returning last inserted id in current connection to database. User A has another connection ID as user B. I hope it helps -- Best regards, Danielmailto:[EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Fw: [PHP] Sorry... but a good PHP editor for Linux/Unix
Joe has always been my favorite linux text editor. - Original Message - From: Augusto Cesar Castoldi [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, July 31, 2001 7:07 PM Subject: [PHP] Sorry... but a good PHP editor for Linux/Unix Sorry about talking about this subject, but a really wanna know if any one nows a good editor for linux/unix. Sometimes I need to work by SSH and I have to use the program pico. I can't use vi, to use it, i'll need to see the manual!! thanks, Augusto -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Re: Trying to avoid code exploits..
I don't think this is much of a problem. I unset() all the global session variables before I use them so this should be no problem. All inputs (GET/POST/COOKIE) from users must be checked if you worriy about security. You might done already. Even if an attacker tries to set some value for a script variable, this var will be unset() and then read from the session, so no harm is done. On the other hand there should be no probelem to change GLOBALS to HTTP_XXX_VARS. The reason why I recommend to set register_globals=off, is it's a lot easier to write secure code with register_globals=off. I also recommend you use error_reporting=E_ALL, since it seems you care about security. Scripts that I write will catch all error/warning/notice as fatal error and displays a page telling There is critical error. Details are sent to system administrator. They catch most of errors including malformed user inputs, system errors like cannot open connections, etc and display appropriate error page. They never raise any PHP error/warning/notice unless there is something really wrong. By the way, my codes posted at zend.com will not catch all errors. I didn't put complete sources there. It will be too long for an example :) But as i've said this isn't a problem. Can you see some way to exploit the eval() function ? I cannot tell if your script is exploitable or not. Just too little info to tell that. Refer to another my reply, I guess you'll get my point. Regards, -- Yasuo Ohgaki -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] wish list
does anybody know how to submit a feature request? I can't do it via the bug reporting mechanism. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] PHP EDITOR 4 WINDOWS?
Does it really exist? If so could someone post some URLs for me? -lk6- http://www.StupeedStudios.f2s.com Home of the burning lego man! ICQ: 115852509 MSN: [EMAIL PROTECTED] AIM: legokiller666
[PHP] FAQ
Can someone make a FAQ for this list? Every month there are questions about php editors, books... They don't even bother to search the arhives before asking. -- Marius Andreiana -- You don't have to go to jail for helping your neighbour http://www.gnu.org/philosophy/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] PHP EDITOR 4 WINDOWS?
Well, any text editor will do. Here are some links: file://c:\windows\notepad.exe http://www.editplus.com http://www.ultraedit.com Enjoy HTH Jon -Original Message- From: Kyle Smith [mailto:[EMAIL PROTECTED]] Sent: 01 August 2001 20:09 To: [EMAIL PROTECTED] Subject: [PHP] PHP EDITOR 4 WINDOWS? Does it really exist? If so could someone post some URLs for me? -lk6- http://www.StupeedStudios.f2s.com Home of the burning lego man! ICQ: 115852509 MSN: [EMAIL PROTECTED] AIM: legokiller666 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Re: Trying to avoid code exploits..
On Wednesday 01 August 2001 10:20, Richard Lynch wrote:
But I'm not
using eval()
directly on user entered data, and I can't see where it is possible.
Yes, you are.
pass1 is coming from the user, is it not?
You are using eval() to decide if pass1 and pass2 are equal, are you not?
You are therefore directly eval-ing user code.
register_globals=off in your php.ini and use $HTTP_*_VARS.
Sigh. This does *NOT* provide *ANY* protection *WHATSOEVER*.
The user can *STILL* POST malicious data, and you are *STILL* going to
eval() it.
Aactually the eval()ed string would be:
eval('$a = $GLOBALS[pass1]==$GLOBALS[pass2]')
So there is no direct eval on the user data. I'm also using single quotes so
no special meaning chars would be expanded.
I REPEAT:
register_globals off and HTTP_xxx_VARS being more secure is a gross
exaggeration.
It will only trip the dumbest of the dumb trying to crack your site --
We're talking lower than script-kiddies. Think Joe Sixpack and Betsy Buick
here. Normal users who have noticed those funky things in URLs and decided
to play around with them on FORMs to see what they can do.
A *REAL* script-kiddie (did I just say that?) would take your HTML FORM,
edit it in NotePad, and then POST their malicious data and your
HTTP_POST_VARS have *bad* things in it.
Yes and I agree with you (see the answer to Yauso). The only concern is GPC
vars overwriting script vars, and as mentioned I unset those var before
assigning them a value or before using session register to get their values.
--
Kriheli Meir
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Re: PHP EDITOR 4 WINDOWS?
[EMAIL PROTECTED] (Kyle Smith) wrote: Does it really exist? If so could someone post some URLs for me? http://alt-php-faq.org/links.html - look under editors, there are maybe more... -- Henrik Hansen -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Web site counter
Is it possible to make a website counter with a PHP script and a text document? If so can somebody email me a script (unlikely) or send me to a page with a script (yay) -lk6- http://www.StupeedStudios.f2s.com Home of the burning lego man! ICQ: 115852509 MSN: [EMAIL PROTECTED] AIM: legokiller666
[PHP] Re: FAQ
[EMAIL PROTECTED] (Marius Andreiana) wrote: Can someone make a FAQ for this list? Every month there are questions about php editors, books... They don't even bother to search the arhives before asking. I know of 3 php faqs (I know there are tons), maybe we should make a faq on how to find faqs? :) http://alt-php-faq.org/ http://www.php.net/manual/en/faq.php http://php.faqts.com -- Henrik Hansen -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Re: Web site counter
[EMAIL PROTECTED] (Kyle Smith) wrote: Is it possible to make a website counter with a PHP script and a text document? If so can somebody email me a script (unlikely) or send me to a page with a script (yay) check hotscripts.com -- Henrik Hansen -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] warnings in php4
On Wednesday 01 August 2001 09:21, Chris Fry wrote: Just set warnings to off in your php.ini - it's on by default NO NO NO! On your development machine, set your warning levels to E_ALL in php.ini, and then fix your code! Every warning message you get represents an opportunity for a malicious user to find a secutiry hole in your code. As a general and safe rul, any code which reports warnings when error reporting is set to E_ALL is just not good enough! This may mean a lot of work, but it will probably be less than the work involved in fixing up your system after it has been compromised. Cheers -- Phil Driscoll -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] writing while reading
hi all,
i'm writing a web chat, the frame that presents the text, has a very fast
refresh (has to) it's about from 2 in 2 seconds, my problem is writing to the
file (chat is file based), when the refresh read the file, it doesn't let php
write. i made comething like this.
Function chat2file($filename, $str) {
$fp = fopen(chats/$filename, a);
fputs($fp, $str);
close($fp);
}
Function file2chat($filename) {
if(file_exists(chats/$filename)) {
$fd = fopen(chats/$filename, r);
flock($fd, LOCK_UN);
$content = fread($fd, filesize(chats/$filename));
fclose($fd);
return $content;
} else {
return ;
}
}
i put the non blocking option in flock while reading but still blocks and
doesn't write, my question is it possible to write to a file while reading?!,
if so how?
thx.
--
Rui Barreiros
Software Developer
WEBSOLUT - Soluções Internet
Emailto: [EMAIL PROTECTED]
Personal Info: http://websolut.net/people/rui.html
As informações contidas neste email são confidenciais
e destinam-se apenas à(s) pessoa(s) a quem foi enviado:
http://websolut.net/confidencialidade-responsabilidade.html
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Web site counter
It is easy, but you need to have write privileges on that file
(or rather httpd needs that) - so you may include a test that
this file only holds a number as a minimal protection.
$filename = $GLOBALS[DOCUMENT_ROOT]/your_counter.txt;
$fp = fopen($filename,a+);
$cnt = fread( $fp, filesize($filename));
fclose($fp);
if ($cnt == ) {
$cnt = 0;
}
$cnt++;
$fp = fopen($filename,w);
$res = fwrite($fp, (string)$cnt);
fclose($fp);
Kyle Smith schrieb am Mittwoch, 1. August 2001, 22:12:35:
Is it possible to make a website counter with a PHP script and a text document? If
so can somebody email me a script (unlikely) or send me to a page with a script (yay)
-lk6-
http://www.StupeedStudios.f2s.com
Home of the burning lego man!
ICQ: 115852509
MSN: [EMAIL PROTECTED]
AIM: legokiller666
--
Herzlich
Werner Stuerenburg
_
ISIS Verlag, Teut 3, D-32683 Barntrup-Alverdissen
Tel 0(049) 5224-997 407 · Fax 0(049) 5224-997 409
http://pferdezeitung.de
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] warnings in php4
On Wednesday 01 August 2001 13:29, Phil Driscoll wrote: Every warning message you get represents an opportunity for a malicious user to find a secutiry hole in your code. Oops - I meant to say 'security hole' - I wish both my hands would type at the same speed :) -- Phil Driscoll -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Re: Trying to avoid code exploits..
On Wednesday 01 August 2001 13:54, Yasuo Ohgaki wrote:
I don't think this is much of a problem. I unset() all the global
session
variables before I use them so this should be no problem.
All inputs (GET/POST/COOKIE) from users must be checked if you worriy
about security. You might done already.
Even if an attacker tries to set some value for a script variable,
this var
will be unset() and then read from the session, so no harm is done.
On the other hand there should be no probelem to change GLOBALS to
HTTP_XXX_VARS.
The reason why I recommend to set register_globals=off, is it's a lot
easier to write secure code with register_globals=off.
Yes I know, but if those scripts are going to be used on different servers,
with differnet type of php coders, you can't be sure what is the value of
register_globals (actually, some scripts need it to be on). So it is a little
work, but you can be sure that your script will work everywhere.
Basically it is a good idea not to write scripts that depent on php's
settings to make sure that they'll work everywhere.
Take for example the value of magic_quote_gpc. To be sure that your script
will work correctly, don't assume that it is alywas on (or off). So
you can write
if (!get_magic_qoute_gpc()) addslashes($var);
or write a function myaddslashes that does the same thing.
I also recommend you use error_reporting=E_ALL, since it seems you
care about security. Scripts that I write will catch all
error/warning/notice as fatal error and displays a page telling There
is critical error. Details are sent to system administrator. They
catch most of errors including malformed user inputs, system errors
like cannot open connections, etc and display appropriate error page.
They never raise any PHP error/warning/notice unless there is
something really wrong.
Thanks of this tip :-)
By the way, my codes posted at zend.com will not catch all errors. I
didn't put complete sources there. It will be too long for an example
:)
:
But as i've said this isn't a problem. Can you see some way to
exploit the
eval() function ?
I cannot tell if your script is exploitable or not.
Just too little info to tell that.
Is this staement safe ?
eval('$a = $GLOBALS[pass1]==$GLOBALS[pass2]');
I've tried different kind of inputs to execute arbitrary php code, but found
no such exploit. Maybe you can see something that I can't.
Refer to another my reply, I guess you'll get my point.
Regards,
--
Yasuo Ohgaki
Thanks
--
Kriheli Meir
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Re: Trying to avoid code exploits..
Is this staement safe ?
eval('$a = $GLOBALS[pass1]==$GLOBALS[pass2]');
Maybe I'm missing the point, but why not just go:
$a = $GLOBALS[pass1]==$GLOBALS[pass2];
--
Phil Driscoll
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Re: Trying to avoid code exploits..
On Wednesday 01 August 2001 15:46, Phil Driscoll wrote:
Is this staement safe ?
eval('$a = $GLOBALS[pass1]==$GLOBALS[pass2]');
Maybe I'm missing the point, but why not just go:
$a = $GLOBALS[pass1]==$GLOBALS[pass2];
I'm writing a form class which can also validate the form and I want to
define the rules for validating the forms, so when defining the form I can add
$form-AddRule('{pass1}=={pass2}','The 2 passowrd must be equal');
And this rule will be expanded to
$a = $GLOBALS[pass1]==$GLOBALS[pass2]
and validated through eval.
When I call the
$form-validate();
The class iterates through the rules array and in case of unmet condition
(!$a) will return the error string associate with the rule.
This method gives a great flexibility, ans as a result I can define any rule
as long as it is a valid php code.
Hope you get the idea
--
Kriheli Meir
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Re: Trying to avoid code exploits..
On Wednesday 01 August 2001 13:51, Meir Kriheli wrote: I'm writing a form class which can also validate the form and I want to define the rules for validating the forms, so when defining the form I can add... Sorry - I should have read your earlier post :) I suspect that you are probably safe in this instance, however I always play safe on this kind of thing and sacrifice functionality for security. I'm sure you can devise rules which will be be obviously unsafe, but you may also be able to devise rules which look safe on the surface, but may be exploitable after careful study. If it was my project, I think I would devise a system which avoided the use of eval - even if it meant losing some performance and versatility. Cheers -- Phil Driscoll -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Re: Trying to avoid code exploits..
Take for example the value of magic_quote_gpc. To be sure that your
script
will work correctly, don't assume that it is alywas on (or off). So
you can write
if (!get_magic_qoute_gpc()) addslashes($var);
or write a function myaddslashes that does the same thing.
Right. I don't like magic qoute at all. I think this feature is
encoraging to write insecure code for PHP users. I mean magic quote
feature hides a little security issue, but it seems the feature makes
difficult to understand why and how unquoted strings can be dangarous
in scripts for many PHP users. It's confusing for new users. It also
slows things down a little, since I need to check if the feature is
turned on or off, do stripslashes() when escape is not needed if it is
on. I wish this feature is going to disapper in next major release, at
least default to off.
Is this staement safe ?
eval('$a = $GLOBALS[pass1]==$GLOBALS[pass2]');
I've tried different kind of inputs to execute arbitrary php code,
but found
no such exploit. Maybe you can see something that I can't.
If you are sure one of them is actually loaded from DB or else and if
your code checks null values for system's value, it's safe.
BTW, are you using CHAP like method for password? If your code
doesn't, I suggest to use it.
Regards,
--
Yasuo Ohgaki
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Make associative array from two arrays
Hello!
I have two arrays:
$keys = array(a, b, c, d);
$vals = array(1, 2, 3, 4);
I would like to get an associative array holding this:
$aarray = array(a =1, b=2, c=3, d=4);
I know I can do it with a while loop...but I wonder if there is any
builtin PHP function that can do that.
Or a better method other than sort of this:
$aarray = array();
for ($i=0;$icount($keys);$i++)
{
$aarray[$keys[$i]] = $vals[$i];
}
thanks!
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Re: how can i send SMS from Php Scripts ?
hehe:) but what have you wrote already? 3 words? :) Damien Camus [EMAIL PROTECTED] wrote in message sb67ed5f.072@senlis_gwia">news:sb67ed5f.072@senlis_gwia... Sorry for my english but i'm french -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Re: Trying to avoid code exploits..
Sorry difficult to understand why and how unquoted strings can be dangarous This line should be difficult to understand why and how unescaped strings can be dangerous Regards, -- Yasuo Ohgaki -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] Trouble creating a list on months
-Original Message-
From: Mario A. Salinas [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 31, 2001 7:33 PM
To: [EMAIL PROTECTED]
Subject: [PHP] Trouble creating a list on months
The actual function is as follows:
function month_select($default=1) {
$offset = date(n)-1; // value used to be 'm'
echo (select name=month
style=\font-family:Verdana,Helvetica;font-size:8pt;\);
for($x=1;$x=12;$x++) {
$month = $x + $offset;
if($month12) $month -= 12;
echo(option value=$month);
if($month==$default) echo( selected);
echo(.date(F,mktime(0,0,0,$month))./option);
Try changing this to
echo .date(F,mktime(0,0,0,$month,1))./option);
}
echo (/select);
}
Any Ideas what could be causing the problem? I'm new to this
and have been staring at it for a while. Your help is greatly
appreciated.
Actually, I'd expect that if you try your code again today, it works
just like you'd expect.
Mktime() uses the current (local date/time) value for any parameters
that you leave out. Since you were running this on July 31st, that
means your mktime call was trying to build timestamps for February 31st
(which is actually in March), April 31st (actually in May), and so on.
---
Mark Roedel ([EMAIL PROTECTED]) || There cannot be a crisis next week.
Systems Programmer / WebMaster || My schedule is already full.
LeTourneau University ||-- Henry Kissinger
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] CGI installation
Hello: We have hosted one php project where PHP Installed as CGI binary. Since the PHP parser binary put somewhere outside of the web tree of files, we have to include #!/usr/local/bin/php as the first line of each file containing php tags. This line will display on each page at the time of browsing. Any idea to avoid the display of this line? Many Thanks Sheni R Meledath [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] SetLocal() problem
Hello, I've got a little problem with the setLocal function. In many
tutorials they give this syntax:
setlocale('LC_TIME','fr_FR'); // for france
I tried this but the fr_FR keyword does not seem to work. If I try
french instead it works.
I've got the same problem with all other countries keywords (C for finland,
pt_BR for portugal ...etc).
If i do not put the name of a country, it does not work.
Please help!
Thnx
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] how can i send SMS from Php Scripts ?
There is an open source WAP/SMS gateway, Kannel.. altho the project has gone thru some problems of late (the company who all the main developers worked for has gone bankrupt :-( ) Bear in mind tho you can't send for free, you will need to install a modem of sorts into the computer and have a contract with SMSC (service centre) for it. in england I pay about 2 pence a msg (much less than a normal phone) HTH, Tom - Original Message - From: Damien CAMUS [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, August 01, 2001 10:51 AM Subject: [PHP] how can i send SMS from Php Scripts ? Sorry for my english but i'm french -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Web site counter
Is it possible to make a website counter with a PHP script and a text document? If so can somebody email me a script (unlikely) or send me to a page with a script (yay) freshmeat.net and sourceforge.net are great sources for scripts.. Be carefull not to use anything you see.. check the code for strange things.. like email addresses in strange places.. Bye, B. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Re: PHP EDITOR 4 WINDOWS?
Does it really exist? If so could someone post some URLs for me? I edit my PHP scripts with FmView (www.wincorner.com) and Notepad. :-) -- Owen Rudge http://www.owenrudge.co.uk/ http://www.gamearchive.uk.tt/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] What would you want in a PHP web host?
I am not shure a php developer would need help from another php developer at the hosting company. What we need is: -Sys Admin that understand php. -Sys Admin that knows how to secure the server and be able to tell the developer what to follow in order to built secure code. If system command are disable, developers should kwnow. The developpers should know exactly their options and access rights. Then they have the choice to built around that or host elsewhere. -Time, we need fast, fast and very fast response. (2 days to create a databases is 47 hours too much!) -The ability to put some stuff out of the web server tree. (like file with passwords or secret hash string) -Honesty! I got a lot of we will look into that... or no our server was never spammed or attacked... with some company that where pure lies. py - Original Message - From: Derek Del Conte [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, August 01, 2001 3:06 AM Subject: [PHP] What would you want in a PHP web host? I have been developing PHP for a while now, and I am wondering how other developers find their PHP hosting company. So far this has not been an issue for me because I am always in full control of my servers (well, as much control as possible with any web server :), but recently we have begun to host other PHP sites. We want to make sure that we are providing appropriate support to our PHP developers. I see too many hosting companies saying that they support PHP, but not having anyone familiar with PHP on hand. We want to have actual support, a developer to call when you have a PHP issue. What do you think a medium sized hosting company could do to give you (the developer) better service and support? Is access to professional PHP developers useful when an issue arises? Are hosting companies reluctant to give you more access rights? Are they willing to re-compile their PHP build to add other options? How long do requested changes to the server take? What other suggestions do you have for improving the relationship between the server administrator and the PHP developer? I spent some time going through the PHP site looking at the list of hosts supporting PHP, but I didn't find any real discussion about what people want in a host (although I did find plenty of things they don't want :). I just figured that I would ask the PHP community exactly what they wanted. Thank you for any insight that you can give me. --derek Derek Del Conte [EMAIL PROTECTED] Gambit Design Internet Services 610.444.2443 610.368.9845 cellular 110 East State Street, Suite 18, Kennett Square, PA 19348 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] issues with __sleep() and __wakeup()
On Tue, Jul 31, 2001 at 02:48:48PM -0600, mike cullerton wrote:
on 7/31/01 1:48 PM, scott [gts] at [EMAIL PROTECTED] wrote:
I am having a problem with __sleep();
there mere existance of it is causing my object
to not get serialized at all. __wakeup() works fine.
i am using PHP v4.0.6 / apache / win2k.
If i keep __sleep() in the object, it will not serialize,
but if i remove it, it serialized fine. Does anyone
know why this happens?
i asked this about a month ago and didn't hear anything. i too have never
been able to get __sleep to work. i think it's because i couldn't figure out
what needed to be returned (or how to return it :)
at http://www.php.net/manual/en/language.oop.magic-functions.php it says
that __sleep is supposed to return an array with the names of all variables
of that object that should be serialized, but there are no examples of
this.
in a current project, i have an object that is registed as a session
variable. it contains three objects and an array. one of the objects is a
PEAR db object, and i don't need to serialize it. i do want to maintain the
other two objects and the array.
i tried a number of ideas inside __sleep, to no avail. without __sleep, it
works. with __sleep, i break it.
i do use __wakeup to reinitialize my db object, but i just use
$db-disconnect(); at the end of my index file to disconnect .
does anyone know the proper way to clean up the object in __sleep and how
to return the variables that should be serialized? can this even be used
when one (or more) of the variables is an object itself?
see sample - it should be self-explaining.
tc
?
error_reporting(-1);
class test {
var $filename;
var $mode;
var $fd;
function test($filename=NULL,$mode=NULL) {
echo --constructor called\n;
$this-filename = $filename;
$this-mode = $mode;
// we could call $this-_wakeup() instead!
if ($this-filename $this-mode) {
$this-fd = fopen($this-filename,$this-mode);
}
}
function _sleep() {
echo --sleep\n;
// return list of instance-variables to be serialized
return array(filename,mode);
}
function _wakeup() {
echo --wakeup\n;
// all serialized instance variables are set now, inititalize the
non-serializeable ones
if ($this-filename $this-mode) {
$this-fd = fopen($this-filename,$this-mode);
}
}
}
$a = new test(/tmp/thies.tcsh,r);
echo $a;
var_dump($a);
$b = serialize($a);
var_dump($b);
$a = unserialize($b);
var_dump($a);
$b = wddx_serialize_value($a);
var_dump($b);
$a = wddx_deserialize($b);
var_dump($a);
?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] Re: issues with __sleep() and __wakeup()
-Original Message-
From: Richard Lynch [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, August 01, 2001 3:52 AM
To: [EMAIL PROTECTED]
Subject: [PHP] Re: issues with __sleep() and __wakeup()
class Scott {
var $svar = array(); // free-form hash for whatever data
function Scott( )
{
return $this;
Like, I don't think you're supposed to return $this from your constructor...
thanks for letting me know, it's an outdated habit from perl...
}
function __sleep()
{
According to the manual, this is supposed to return an array of the variable
names you want serialized.
return(array('svar'));
so it seems that there's no way to specify *all* my
variables without naming them explicitly in __sleep() ?
in this case, I think, would be what you want...
}
function __wakeup()
{
$this-svar['sleep'] = I am waking up;
}
}// end class
Once you get it working, post your sample to the User Contributed notes
please :-)
i definately will.
thanks for the suggestions everyone.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] PHP, C++, and LAN
Hello, I'm writing some PHP scripts that will only be used over our local Windows NT/2000 network. I've written a directory browser in PHP, but that only sees the server's local directories/files whereas I would also like to be able to see shared network directories. Since the PHP directory functions don't allow network connections (i.e. //harp/graphics/) I decided that a good workaround would be to write a C++ program that listed the directories and files (like dir or ls if you're on Unix, and I can't get dir to work through a PHP exec command), and then I would parse the output in PHP. I've since written two different C++ programs to do this, one using findfirst and findnext, and other using opendir and readdir. They both work by specifying the directory to be listed after the program (i.e. listFiles.exe d:/ or listFiles.exe //harp/graphics/). Both of these programs work just as expected from the command prompt, working with both directories local to the server and those on a shared network drive. However, both of these programs fail using any PHP system command (exec, passthru, system) when specifying a network drive as the arguement, although both work when a server's local directory is given. For some reason it can no longer read the network drive when run through PHP. I've double and triple checked the arguements passed, and they command issused is exactly that given at the command prompt. I've even tried changing the current working directory in the C++ program and to no avail. Does anybody have any insight, or perhaps another route down which to travel? I will happily provide PHP and/or C++ code for what I'm doing. Thank you, Keith Jeffery [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] Attitude of B van Ouwerkerk
so now it's shifted from his attitude to your seeming inability to cope with words related to sexual intercourse? we all need to calm down and relax. -Original Message- From: Alexander Wagner [mailto:[EMAIL PROTECTED]] Subject: Re: [PHP] Attitude of B van Ouwerkerk B. van Ouwerkerk wrote: Ask yourself.. who has an attitude problem here.. Someone who didn't read the manual.. or someone (/me) who wrote to RTFM. You didn't even RTFM him. I found it to be more like RTM, the more gentle version (the one without words connected to sexual intercourse). Your answer was short, but not harsh. I thought so, anyway. regards Wagner -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Re: PHP EDITOR 4 WINDOWS?
http://www.soysal.com/PHPEd/ Although, after using it for a while I've decided that I simply like Ultra Edit better. www.ultraedit.com Keith Jeffery [EMAIL PROTECTED] Kyle Smith [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Does it really exist? If so could someone post some URLs for me? -lk6- http://www.StupeedStudios.f2s.com Home of the burning lego man! ICQ: 115852509 MSN: [EMAIL PROTECTED] AIM: legokiller666 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] Visual Login
if you go this route, you would, however, have to check for valid-login users on every page that you want to have security on. -Original Message- From: Ben Bleything [mailto:[EMAIL PROTECTED]] Subject: RE: [PHP] Visual Login One way would be to use a database (of any type) to store username/password data, present the user with a form to fill out, authenticate against the database, set session variable if they are valid, and let them use the application.. if they fail, do whatever. = EXTREMELY brief. Can give more detail if you like = Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] fopen(fd, w) doesn't work?
Dear all, I'm newbie with PHP, but it so nice for me. I tried to create file by fopen(fd, w) function, but it didn't work. Permission Denied, server said. I tried with fopen(ftp://user@pass:ftp.server.com/test.txt;, w) the address I changed according to my server host, but once again server said: Permission Denied. It host at a free web hosting, with PHP3. Can you help me to make it work. Thank you all. Ibrahim _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Re: Hmmm?
Simply indent formatting for readability. I personally don't indent after the ? tag, but to each his/her own. Kyle Smith [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Whenever i get a php script off a website why is it that most of the main parts in the script have a space from the left border. eg ?php echospazzz; ? -lk6- http://www.StupeedStudios.f2s.com Home of the burning lego man! ICQ: 115852509 MSN: [EMAIL PROTECTED] AIM: legokiller666 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Attitude of B van Ouwerkerk
scott [gts] wrote: so now it's shifted from his attitude to your seeming inability to cope with words related to sexual intercourse? we all need to calm down and relax. Hey, all I said was that he did not RTFM, but RTM, the version without fucking. regards Wagner -- Madness takes its toll. Please have exact change. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Re: fopen(fd, w) doesn't work?
for the first part, make sure that you have write permission to the directory specified, and for the second, you can't open a file for writing from a remote location. Keith Jeffery [EMAIL PROTECTED] Ibrahim Noor [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Dear all, I'm newbie with PHP, but it so nice for me. I tried to create file by fopen(fd, w) function, but it didn't work. Permission Denied, server said. I tried with fopen(ftp://user@pass:ftp.server.com/test.txt;, w) the address I changed according to my server host, but once again server said: Permission Denied. It host at a free web hosting, with PHP3. Can you help me to make it work. Thank you all. Ibrahim _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] Example high-profile PHP sites
www.audiogalaxy.com is almost entirely PHP -Original Message- From: CC Zona [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 01, 2001 4:57 AM To: [EMAIL PROTECTED] Subject: Re: [PHP] Example high-profile PHP sites In article [EMAIL PROTECTED], [EMAIL PROTECTED] (Ralph Guzman) wrote: Incase you still need it. Here is a big one I forgot to mention: http://www.dialpad.com/ Not sure how much of their site is PHP, but their user registration and member backend is PHP driven. Entertainment site thewb.com uses PHP for the interactive areas (mesage boards, polls, etc.). -- CC -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Sorry... but a good PHP editor for Linux/Unix
I think EMACS is the best choice for any language you like. Just install de php suport for EMACS. Bye On Tue, Jul 31, 2001 at 11:07:14PM -0300, Augusto Cesar Castoldi wrote: Sorry about talking about this subject, but a really wanna know if any one nows a good editor for linux/unix. Sometimes I need to work by SSH and I have to use the program pico. I can't use vi, to use it, i'll need to see the manual!! thanks, Augusto -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- Mauricio Téllez Jiménez Seguimiento Técnico EDUMEXICO [EMAIL PROTECTED] [EMAIL PROTECTED] Zamora No. 25, Col Centro C.P. 91000, Xalapa, Ver. Tel. 52(28)17-86-87, 17-73-80 Fax. 52(28)18-64-13 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] writing while reading
try only locking the file on a write, *not* on a read.
you are going to have many times more reads than writes,
even on the busiest day
what you need to have is a blocking-lock your writes
and not bother with locks for reading.
the way you have it setup now, there's no locking
for writes, so you could definately have two instances
of PHP trying to write to the same file simultaneously
and corrupt your data.
besides, if you lock only for writing, and not for
reading, you can read the file while it's being written -
but you can never write twice.
-Original Message-
From: Rui Barreiros [mailto:[EMAIL PROTECTED]]
Subject: [PHP] writing while reading
hi all,
i'm writing a web chat, the frame that presents the text, has a very fast
refresh (has to) it's about from 2 in 2 seconds, my problem is writing to the
file (chat is file based), when the refresh read the file, it doesn't let php
write. i made comething like this.
Function chat2file($filename, $str) {
$fp = fopen(chats/$filename, a);
fputs($fp, $str);
close($fp);
}
Function file2chat($filename) {
if(file_exists(chats/$filename)) {
$fd = fopen(chats/$filename, r);
flock($fd, LOCK_UN);
$content = fread($fd, filesize(chats/$filename));
fclose($fd);
return $content;
} else {
return ;
}
}
i put the non blocking option in flock while reading but still blocks and
doesn't write, my question is it possible to write to a file while reading?!,
if so how?
thx.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] OT!!: Attitude of B van Ouwerkerk
People, with all respect I think this thread has become way offtopic to be on this list. Do you mind not cc'ing the list while replying to each other? -Oorspronkelijk bericht- Van: Alexander Wagner [mailto:[EMAIL PROTECTED]] Verzonden: Wednesday, August 01, 2001 4:39 PM Aan: scott [gts]; php Onderwerp: Re: [PHP] Attitude of B van Ouwerkerk scott [gts] wrote: so now it's shifted from his attitude to your seeming inability to cope with words related to sexual intercourse? we all need to calm down and relax. Hey, all I said was that he did not RTFM, but RTM, the version without fucking. regards Wagner -- Madness takes its toll. Please have exact change. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] PHP EDITOR 4 WINDOWS?
Kyle, This has been covered exhaustively and every time it appears it burns up bandwidth. You can check the archives at www.php.net, I believe through the support link. Some has also set up a page which describes the various editors that people use; I didn't bookmark it, but you will find it in the archives. Remember PHP's a scripting language, so you won't get much visual assistance other than syntax highlighting; so editors may have a code completion feature. Miles At 12:08 PM 8/1/01 -0700, Kyle Smith wrote: Does it really exist? If so could someone post some URLs for me? -lk6- http://www.StupeedStudios.f2s.com Home of the burning lego man! ICQ: 115852509 MSN: [EMAIL PROTECTED] AIM: legokiller666 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] PHP and push buttons
Hi, How do I make a Push Button call a PHP script? This is not a POST operation per say as I already have Submit and Reset buttons. What I'd like is to have my third button call a PHP script and process all the form data in an alternative manner to what the Submit does. As a FORM tag can only have one POST operation, I'm in a quandary here. Thanks, Don -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Attitude of B van Ouwerkerk
What!!? I always thought it was the fine manual. Gosh, I'm so naive. Blushing in Nova Scotia - Miles At 04:39 PM 8/1/01 +0200, Alexander Wagner wrote: scott [gts] wrote: so now it's shifted from his attitude to your seeming inability to cope with words related to sexual intercourse? we all need to calm down and relax. Hey, all I said was that he did not RTFM, but RTM, the version without fucking. regards Wagner -- Madness takes its toll. Please have exact change. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Sorry... but a good PHP editor for Linux/Unix
If you are working by SSH I would suggest going ahead and taking the time to read the manual and use vim. There is more documentation on vim then you will probably ever need here http://www.vim.org/docs.html Sheridan Saint-Michel Website Administrator FoxJet, an ITW Company www.foxjet.com - Original Message - From: Augusto Cesar Castoldi [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, July 31, 2001 9:07 PM Subject: [PHP] Sorry... but a good PHP editor for Linux/Unix Sorry about talking about this subject, but a really wanna know if any one nows a good editor for linux/unix. Sometimes I need to work by SSH and I have to use the program pico. I can't use vi, to use it, i'll need to see the manual!! thanks, Augusto -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] function that will print the url for embedded links
I'm looking for a way to have a url for a link explode into the actual url address. So for example, on a dynamically created webpage, I have a link called: Contact. When someone chooses to view the printer friendly version of this page, I want the link on the the printer-friendly page to change to the following: Contact (http://www.web.com/contact.html). Any ideas of how to automate this process? Thank you, Shawna -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] RE: Make associative array from two arrays
How about ...
foreach ($keys as $key=$value) $new_array[$value] = $vals[$key];
Tim
--
From: elias [SMTP:[EMAIL PROTECTED]]
Sent: 01 August 2001 15:16
To: [EMAIL PROTECTED]
Subject: Make associative array from two arrays
Hello!
I have two arrays:
$keys = array(a, b, c, d);
$vals = array(1, 2, 3, 4);
I would like to get an associative array holding this:
$aarray = array(a =1, b=2, c=3, d=4);
I know I can do it with a while loop...but I wonder if there is
any
builtin PHP function that can do that.
Or a better method other than sort of this:
$aarray = array();
for ($i=0;$icount($keys);$i++)
{
$aarray[$keys[$i]] = $vals[$i];
}
thanks!
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] Re: FAQ
I know of 3 php faqs (I know there are tons), maybe we should make a faq on how to find faqs? :) http://alt-php-faq.org/ http://www.php.net/manual/en/faq.php http://php.faqts.com Rasmus, do you think there would be any value in adding these 3 links to the PHP General Mailing List trailer that is added to each post? Just a thought. Kirk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Strange behaviour while adding a line at the BOF
Hi folks: I'm going nuts trying to add a line of data in the beginning of a text file. The text file looks like: 02_01 03_01 04_01 and so on. When I try to add a line so the text file becomes this: 01_01 02_01 03_01 04_01 I get the following result: _01 03_01 04_01 Here's how I'm attepmting to do it: $foofile = /usr/local/.../list.txt; $open_foo = fopen($foofile, r+); fputs($foofile,$temp\n); fclose($foofile); As a matter of fact the application I'm building is a little more complex than this, but since I'm positive that the error is in the add-a-line routine... Please I'm really confused about this. Logically this should work, shouldn't? HELP! Thanks in advance, Er Galvão Abbott Webdeveloper [EMAIL PROTECTED] - To send me an e-mail just remove the CAPITAL TEXT. - -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] Re: issues with __sleep() and __wakeup()
i added a (hopefully helpfull) addition to the
online notes regarding magic-functions:
http://www.php.net/manual/en/language.oop.magic-functions.php
Here's what i posted, if anyone's interested:
Here is a sample class and some test statements to
demonstrate how __sleep() is used.
If you do not return anything from __sleep(), your
object will *not* be serialized. You must return
something from __sleep() to tell serialize what
to serialize.
?
// to test the class
$x = new Scott();
print_r($x);
$y = serialize($x);
$z = unserialize($y);
print_r($z);
// Simple class to test __sleep()
class Scott {
// class variables
var $error;
var $svar = array();
// constructor
function Scott() {
$this-svar['Hello'] = World;
}
function __sleep() {
$this-svar['Hello'] = Yawn;
// return list of instance-variables to be serialized
return array('error', 'svar');
}
function __wakeup() {
$this-svar['test'] = I'm here!;
}
}// end class
?
-Original Message-
From: Richard Lynch [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, August 01, 2001 3:52 AM
To: [EMAIL PROTECTED]
Subject: [PHP] Re: issues with __sleep() and __wakeup()
class Scott {
var $svar = array(); // free-form hash for whatever data
function Scott( )
{
return $this;
Like, I don't think you're supposed to return $this from your constructor...
}
function __sleep()
{
According to the manual, this is supposed to return an array of the variable
names you want serialized.
return(array('svar'));
in this case, I think, would be what you want...
}
function __wakeup()
{
$this-svar['sleep'] = I am waking up;
}
}// end class
Once you get it working, post your sample to the User Contributed notes
please :-)
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] Re: FAQ
and adding a little explanation of the http://php.net/function syntax for searching the php.net site would be a big help too. -Original Message- From: Johnson, Kirk [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 01, 2001 11:32 AM To: [EMAIL PROTECTED] Subject: RE: [PHP] Re: FAQ I know of 3 php faqs (I know there are tons), maybe we should make a faq on how to find faqs? :) http://alt-php-faq.org/ http://www.php.net/manual/en/faq.php http://php.faqts.com Rasmus, do you think there would be any value in adding these 3 links to the PHP General Mailing List trailer that is added to each post? Just a thought. Kirk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] How can i make it so....
The odd thing about PHP is sometimes you have to code backwards,
That is your code is in a different order than the pages it produces.
This is one of those times. You need to have the Successful login page
first, and the login form second in an if statement.
ie...
?php
$auth = false;
if (isset( $PHP_AUTH_USER ) isset($PHP_AUTH_PW))
/* Do MySQL Stuff */
$num = mysql_numrows( $result );
if ( $num != 0 )
echo 'pYou are Signed In!/p';
$auth = true;
} else {
echo 'Sign In Required.';
}
}
if ( ! $auth )
?
FORM ACTION=? echo $PHP_SELF; ? METHOD=POST
!-- Rest of Form --
?php
}
?
Hope that helps.
Sheridan Saint-Michel
Website Administrator
FoxJet, an ITW Company
www.foxjet.com
- Original Message -
From: Steve Wright [EMAIL PROTECTED]
To: PHP List [EMAIL PROTECTED]
Sent: Wednesday, August 01, 2001 4:37 AM
Subject: [PHP] How can i make it so
Hi,
I have modified an authentication script to my own liking, but being new,
don't know how to go about my next stage.
Once the user has inserted the UN, and PW, it is campared against the MySQL
database, nowm what i want to do is get rid of the login form which still
appears, and is very annoying. I can't seem to see anything on this
particular subject, but if their is any, can u point me in the right
direction.
It can be viewed at: http://www.stevewrightonline.co.uk/auth/auth.php
UN: guest
PW: guest
Here's the code:
P
FORM ACTION=? echo $PHP_SELF; ? METHOD=POST
PUserName:br
input type=text name=PHP_AUTH_USER size=15
/p
PPassword:br
input type=password name=PHP_AUTH_PW size=15
/p
input type=submit value=Log In
/form
/P
?php
$auth = false; // user is not authenticated yet
if (isset( $PHP_AUTH_USER ) isset($PHP_AUTH_PW))
// Connect the MySQL Database
mysql_connect( **.net', '**', '***' )
or die ( 'Unable to connect to server.' );
// Select database on MySQL server
mysql_select_db( 'Demonstration' )
or die ( 'Unable to select database.' );
// the query
$sql = SELECT * FROM users WHERE UserName = '$PHP_AUTH_USER' AND
Password = '$PHP_AUTH_PW';
// Execute query and put results in $result
$result = mysql_query( $sql )
or die ( 'Unable to execute query.' );
// Get number of rows in $result.
$num = mysql_numrows( $result );
if ( $num != 0 )
// matching row was found - user authenticated.
$auth = true;
}
}
if ( ! $auth )
echo 'Sign In Required.';
exit;
} else
echo 'pYou are Signed In!/p';
}
?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
