Re: [PHP] Re: sanitizing/security
--- Richard Lynch [EMAIL PROTECTED] wrote: What regular expression does one use when there really isn't a whole lot you can say about the text?... I mean, say for a guestbook or bulletin board or for a person's Bio or... You can limit it to a certain number of characters in length. You can mess with strip_tags and also do an ereg to rip out any kind of JavaScript on tags you want to *allow*. But then what? I mean, it seems like there's still an awful lot of wiggle room for mischief there, in an arbitrary string typed by the user. This type of data is certainly the most difficult to filter, especially if you try to adhere to very strict security principles. You start with the same question as with any other data - what exactly do I want to allow? This is much easier and less prone to error than asking what you want to reject. If someone is entering a bio, a whitelist is difficult to create, but not impossible. The best approach to take when valid data is an unknown is to create a system that learns. This can be as simple as enabling a whitelist approach, and logging all failures, but using some other method for interim protection (e.g., a whitelist failure is not considered a security breach). Manual inspection of failures can be used to enhance the whitelist, and once you feel it is capable, you can switch to this as the primary method of protection. I must admit that I often take the lazy way out (with the caveat that some situations demand a higher level of security and a more strict adherence to best practices). The lazy way to filter output is htmlentities(), a function that converts every character that has an equivalent HTML entity to that entity. Thus, any character that may have special meaning to a browser is converted to something that is only useful in displaying that character. If you want to allow some markup, convert those back (use a literal match when possible - pattern matching as a good last resort). When using something in an SQL query, there are some good escaping functions that can be used. I feel pretty comfortable using mysql_escape_string() on any data to eliminate the practicality of SQL injection. Of course, this shouldn't be a complete substitute for proper data filtering, so I'm still talking about the lazy (or least you can do) approach. So, while I agree that free-form text is very difficult to filter, there are some pretty simple steps you can take to mitigate the risks, or you can adhere to strict practices if you work at it. Hope that helps. Chris = Chris Shiflett - http://shiflett.org/ PHP Security - O'Reilly HTTP Developer's Handbook - Sams Coming Soon http://httphandbook.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Help wth coding
Karl James wrote: Team I am trying to teach myself php through a book I got at the store. Its kinda rough with limited programming experience. I was wondering if you could take a look at my code and tell me or write the code so it Will work and make comments in it so I know what I did wrong. Here is the links. http://pastebin.com/131817 no such item found http://www.theufl.com/php/wrox_php/movie_details10.php returns a parse error, yes... I'm trying to use the EOD; or EOT; html container with a few functions. Also here is what the concept is. Basically what we are trying to do is create a detail page for movies. For example bruce almighty is movie id#1 When you get the table you see the name linked. Then when you click link, you will get that movies page. On that page you will have details about movie in a separate html table, and also Another table with movie critics. They will be able to post the date of review, review title, reviewer name, movie review coments, And on the far right will be a 5-star rating with check mark image. The top part table is going to show. Movie title, year of release, movie director, movie lead actor, how long the movie is, and movie health.. Any help would greatly appreciated, could we meet online and talk about it? Either through AIM or MSN Messger services? With this address. Let me know if you guys cant view any info or need any more info. Karl James (TheSaint) [EMAIL PROTECTED] http://theufl.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Nameserver checking ?
Hi List, Is there a way of checking a list of say 10, 100, 1000 domain names to see if they actually point to our nameservers and report back which ones are not ? I would really appreciate any help you may give with this enquiry and I thank you fully in advance Dave C -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.296 / Virus Database: 265.6.2 - Release Date: 20/12/2004 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] External scripts in safe mode
Hello If this is an inappropriate place to seek help, many apologies, and where might I try? I have a PHP 4.1.2 script on Red Hat (Apache 1.3.27) which calls an external script (Tidy, from tidy.sourceforge.net). It is called via popen() so that I can pipe through some arguments and receive the output. This worked fine until my ISP turned on safe mode. Now, although the UID of both the calling PHP script and of Tidy are the same, and though Tidy is sitting in a directory specified in safe_mode_exec_dir, the script fails. Is there anything else I should be checking? Thanks Tom Chadwin This email and its attachments are intended for the addressee only and may be confidential or the subject of legal privilege. If this email and its attachments have come to you in error, you must take no action based on them, nor must you copy them, distribute them or show them to anyone. Please contact the sender to notify us of the error. Durham City Council accept no liability for, and shall not be legally bound by, the contents of this email. No assurances are given as to the authority of the sender to act on the Council's behalf and the views expressed within this email may not be official Council policy but instead the personal views of the distributor. This email and any attached files have been scanned for the presence of computer viruses however, you are advised that Durham City Council bears no liability for attachments and you therefore open any attachments at your own risk. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Writing new code vs. re-writing someone else's code
Hello, This question could be seen as a general programming question, but because PHP is what I know best, I'll ask it here. A good friend of mine is the person who got me more interested in programming as a career. She's a professional COBOL programmer, and works for a large bank. She once told me that 75% of her time was spent going over and rewriting/repairing old code that she didn't write, and only 25% writing new code. From what I know about COBOL, it seems that it might need more rewriting than other languages, because of all the built up old code. But as I look forward to the day when I can work as a full-time PHP coder, I wonder. The question is, how much of your time (you, the professional PHP coder reading this), is spent rewriting/repairing old code vs. writing new code. Although this is a PHP list, and my question is in regards to PHP, if you want to give me your opinion on this same question in regards to other languages you've programmed in, I wouldn't mind. thanks, William -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Writing new code vs. re-writing someone else's code
W Eakin wrote: Hello, This question could be seen as a general programming question, but because PHP is what I know best, I'll ask it here. A good friend of mine is the person who got me more interested in programming as a career. She's a professional COBOL programmer, and works for a large bank. She once told me that 75% of her time was spent going over and rewriting/repairing old code that she didn't write, and only 25% writing new code. From what I know about COBOL, it seems that it might need more rewriting than other languages, because of all the built up old code. But as I look forward to the day when I can work as a full-time PHP coder, I wonder. The question is, how much of your time (you, the professional PHP coder reading this), is spent rewriting/repairing old code vs. writing new code. Although this is a PHP list, and my question is in regards to PHP, if you want to give me your opinion on this same question in regards to other languages you've programmed in, I wouldn't mind. thanks, William not exactly professional, but involved in a couple of projects, I can say about 80% of my time does indeed go into rewriting old code, and only a very limited amount into new code (since old code usually lacks the internal support for new features, so that old code needs to be rewritten for the small chunk of new code to work correctly) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Writing new code vs. re-writing someone else's code
Good question. Personally, I think I tend to write more new code than reworking old code. However, I have taken on numerous projects where I've been required to port ASP to PHP and MSSQL dbs to Postgre or MySQL... but these projects also require a fair bit of new code. There are *so* many legacy COBOL applications though that, yeah, I think a COBOL programmer will very rarely get to write anything new. The people who I know who work with COBOL generally either patch problems or, if there's new functionality required, will code in Java or C. Ian On Tue, 2004-12-21 at 11:41 +0100, Eakin, W wrote: Hello, This question could be seen as a general programming question, but because PHP is what I know best, I'll ask it here. A good friend of mine is the person who got me more interested in programming as a career. She's a professional COBOL programmer, and works for a large bank. She once told me that 75% of her time was spent going over and rewriting/repairing old code that she didn't write, and only 25% writing new code. From what I know about COBOL, it seems that it might need more rewriting than other languages, because of all the built up old code. But as I look forward to the day when I can work as a full-time PHP coder, I wonder. The question is, how much of your time (you, the professional PHP coder reading this), is spent rewriting/repairing old code vs. writing new code. Although this is a PHP list, and my question is in regards to PHP, if you want to give me your opinion on this same question in regards to other languages you've programmed in, I wouldn't mind. thanks, William -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: An object oriented database in PHP?
Jason Barnett wrote: Symbulos Partners wrote: Has anybody implemented an object oriented database in PHP yet? Boy you are new ;) Check out the PEAR DB package for several OO implementations. Is PEAR DB not a OO DB API? Is there a OO DB embedded? -- symbulos partners -.- symbulos - ethical services for your organisation http://www.symbulos.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] An object oriented database in PHP?
Brandon Thompson wrote: We use Propel for all of our development. Where can we find more about it? -- symbulos partners -.- symbulos - ethical services for your organisation http://www.symbulos.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] couldnt backup database
Hello all, I've a table in my database with 1 lakh records using a disk space of around 50Mb. I wanted to download the records. I used phpmyadmin (coz my hosting provider doesnt allow remote access to my db) to export the database but its not working for larger databases. I thought that it might be a problem with the max execution time. So i thought i wud manually store the records in a text file so that i can download it. But when i tried that its not creating the file beyond 10Mb. I've tried these things out.. ini_set ( max_execution_time, 300); ini_set ( mssql.connect_timeout, 300); ini_set ( memory_limit, 500); but not working can anyone help me out with this problem.. Thanks, /sagar
[PHP] Using encrypted passwords (what we would like to achieve)
What we would like to achieve? If a malicious user finds a way of entering of accessing the docroot (rwx) of a website with CMS (PHP + MySQL), we would like to have further barrier to him accessing the Mysql database. We had some problem with one hacker using the database of a website with PhpBB launching an e-mail based DDoS (this is what they said at the provider hosting our server). We are trying to introduce as as many obstacles as possible. -- symbulos partners -.- symbulos - ethical services for your organisation http://www.symbulos.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: nntp://news.php.net -- read only?
Jason Barnett wrote: Jason Morehouse wrote: Sorry for the lame question... but I prefer to read and reply to messages via the news server. However, I can't seem to post to news.php.net. I'm using thunderbird, and have tried a few different outgoing servers, including news.php.net. Is the news server read only? I thought for sure I was able to reply on it some time ago Thanks, -J I am using thunderbird right now to post this message, so naturally I can help you ;) Tools - Account Settings Add Account Newsgroup account Your user info news.php.net Then when you have that set up you should see news.php.net in the left frame. Right-click on it and choose subscribe Then browse through the php folder and find which group you want to subscribe to (this group is php.general). I'm using Thunderbird 1.0 although it also worked for me in prior versions of Thunderbird (I was using the 0.6 tree for a while). I am just trying to see if I can do the same. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] An object oriented database in PHP?
symbulos partners wrote: Brandon Thompson wrote: We use Propel for all of our development. Where can we find more about it? Google is your friend. -- By-Tor.com ...it's all about the Rush http://www.by-tor.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Writing new code vs. re-writing someone else's code
On 21/12/2004, at 9:41 PM, Eakin, W wrote: The question is, how much of your time (you, the professional PHP coder reading this), is spent rewriting/repairing old code vs. writing new code. When I'm working on a new project, my time is generally spent hooking into my existing framework with new code and models. When I'm making changes to existing projects, I tend to be mainly repairing, modifying and updating code, plus adding a little new code. I'm highly addicted to cleaning and refining my old code, so if I see something messy and have a few spare minutes, I'll always clean up old code to make it better. I absolutely hate working with other people's code or inheriting a project unless it's really clean and well thought out, and well documented. --- Justin French, Indent.com.au [EMAIL PROTECTED] Web Application Development Graphic Design -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] can I compile php source
Bruce, that is the typical answer when someone has a God complex and feels is his duty to teach everyone to be like him... Don't worry just feel sorry for him. QT, take a look at these links http://www.zend.com/store/products/zend-safeguard-suite.php http://www.sourceguardian.com/ just some of the compilers out there. -pa - Original Message - From: John Nichel [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, December 20, 2004 10:53 PM Subject: Re: [PHP] can I compile php source Bruce Douglas wrote: and this response was helpful to the guy who asked the original question, how i mean, aside from showing that you know how to do a link, what did you show peace... Maybe you should read the link, then _maybe_ you'll understand. Would you feel better if I posted links to the archives and/or to Google to where numerous answers could be found to this question? Or maybe the OP could have just gone to the link I posted and seen those two suggestions in the 'Before You Ask' section. Then again, what was I thinking...people think for themselves? How silly of me. -Original Message- From: John Nichel [EMAIL PROTECTED] Sent: Dec 20, 2004 4:32 PM To: [EMAIL PROTECTED] Subject: Re: [PHP] can I compile php source QT wrote: hi, is there any way to compile php source to make binary file for protecting source code? best regards Yes. http://www.catb.org/~esr/faqs/smart-questions.html -- By-Tor.com ...it's all about the Rush http://www.by-tor.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: php terminal.
Hello First try to ask what permissions you have on your server. After that if you have permissions you can using system() command to emulate some functionality. Regards Bogomil Shopov http://purplerain.org Adwin Wijaya wrote: Hello all.. Since my webhosting didnt provide me with telnet access, I would like to have a small software that created by php to do some bash function such as lynx, ls etc ? thx a lot :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] can I compile php source
Bruce Douglas wrote: and this response was helpful to the guy who asked the original question, how i mean, aside from showing that you know how to do a link, what did you show peace... You have shown that you are a newby to mailing lists. -- Raditha Dissanayake. -- http://www.radinks.com/print/card-designer/ | Card Designer Applet http://www.radinks.com/upload/ | Drag and Drop Upload -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] can I compile php source
Paul Aviles wrote: Bruce, that is the typical answer when someone has a God complex and feels is his duty to teach everyone to be like him... Don't worry just feel sorry for him. Your sympathy is misplaced. -- Raditha Dissanayake. -- http://www.radinks.com/print/card-designer/ | Card Designer Applet http://www.radinks.com/upload/ | Drag and Drop Upload -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] can I compile php source
Paul Aviles wrote: Bruce, that is the typical answer when someone has a God complex and feels is his duty to teach everyone to be like him... Don't worry just feel sorry for him. QT, take a look at these links http://www.zend.com/store/products/zend-safeguard-suite.php http://www.sourceguardian.com/ just some of the compilers out there. -pa snip I'm an atheist...I don't believe in 'God' complexes. So I teach the OP to be self sufficient, and how to get a better response, and you hold his hand, answering the same question that has been answered numerous times over on this list. If you sleep better at night by 'helping' those too lazy to do any work on their own, more power to you...but I definitely don't need sorry from someone who's going to say I have a God complex while passing judgment on me. Flame away...this OT thread will die on my end. -- John C. Nichel ÜberGeek KegWorks.com 716.856.9675 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] can I compile php source OT
[snip] Bruce, that is the typical answer when someone has a God complex and feels is his duty to teach everyone to be like him... Don't worry just feel sorry for him. [/snip] So, if I teach everyone to be like me, which includes the following traits; a. I RTFM 2. I STFW and STFA III. I try to ask questions that will garner more than a yes or no answer when I am looking for more than a yes or no answer. that's a bad thing? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Liveticker problem
Her is the code (not mine) what I am trying to so is cut out all the header info that is included in the message as shown here http://supercool-74.com/sms/liveticker.php The message is supposed to be terminated by the xx string which is defined in config.php but it just continues and prints all the header info too. - ?php include (config.php); $mbox = imap_open ({.$pop3_server./pop3:110}INBOX,$mailbox,$password); $headers = imap_headers ($mbox); $max = count($headers); include (head.php); echo table border=\0\ cellspacing=\30\ cellpadding=\0\\n; for ($i = $max; $i 0; $i--) { $header = imap_header ($mbox,$i); $from = $header-from; $email = $from[0]-mailbox.@.$from[0]-host; $date = $header-date; $date = split( ,$date); $structure = imap_fetchstructure ($mbox,$i); $encoding = $structure-encoding; if ($endword) { $end = strpos(imap_body ($mbox,$i),$endword); } if ($startword) { $beginning = ereg($startword,imap_body ($mbox,$i)); $start = strpos(imap_body ($mbox,$i),$startword); if ($end) { $body = substr(imap_body ($mbox,$i),$start+strlen($startword),$end-$start-strlen($endword)); } else { $body = substr(imap_body ($mbox,$i),$start+strlen($startword)); } } else { $beginning = true; if ($end) { $body = substr(imap_body ($mbox,$i),0,$end); } else { $body = imap_body ($mbox,$i); } } if (in_array ($email,$allowed_senders) $beginning) { if ($date[1] == 1){$date[1]=01;} elseif ($date[1] == 2){$date[1]=02;} elseif ($date[1] == 3){$date[1]=03;} elseif ($date[1] == 4){$date[1]=04;} elseif ($date[1] == 5){$date[1]=05;} elseif ($date[1] == 6){$date[1]=06;} elseif ($date[1] == 7){$date[1]=07;} elseif ($date[1] == 8){$date[1]=08;} elseif ($date[1] == 9){$date[1]=09;} if ($date[2] == Jan){$date[2]=01;} elseif ($date[2] == Feb){$date[2]=02;} elseif ($date[2] == Mar){$date[2]=03;} elseif ($date[2] == Apr){$date[2]=04;} elseif ($date[2] == May){$date[2]=05;} elseif ($date[2] == Jun){$date[2]=06;} elseif ($date[2] == Jul){$date[2]=07;} elseif ($date[2] == Aug){$date[2]=08;} elseif ($date[2] == Sep){$date[2]=09;} elseif ($date[2] == Oct){$date[2]=10;} elseif ($date[2] == Nov){$date[2]=11;} elseif ($date[2] == Dec){$date[2]=12;} // Decode quoted printable and base64 encoding and coding HTML special charakters if ($encoding == 4) { $body = htmlentities(quoted_printable_decode($body), ENT_QUOTES); } elseif ($encoding == 3) { $body = htmlentities(base64_decode($body), ENT_QUOTES); } else { $body = htmlentities($body, ENT_QUOTES); } // Line breaks $body = eregi_replace(\*br,\nbr,$body); echo tr\n; echo td nowrap valign=\top\b.$date[0]. .$date[1]...$date[2]...$date[3].br\n.$date[4]./b/td\n; echo td valign=\top\+++ .$body. +++/td\n/tr\n; $beginning = false; } } echo /table\n; // Copyright reference must not be removed: ? table border=0 cellspacing=0 cellpadding=0 tr td width=50nbsp;/td tdnbsp;/td /tr /table ?php imap_close ($mbox); // Link to admin page echo pnbsp;/p; echo pa href=\admin.php\= Admin/a/p; include (foot.htm); -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] can I compile php source
when someone has a God complex I always thought that was a basic requirement for being a programmer.. *shrug* -- Greg Donald Zend Certified Engineer http://gdconsultants.com/ http://destiney.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] can I compile php source OT
the delivery is the problem not the thought process. people are trying to find answers not being lectured and reprimanded. Many people are getting into the field and are new and may not have the wisdom or experience other people have. Think about it How many times have you been dealing with a problem for a long time and the answer was right in front of you? - Original Message - From: Jay Blanchard [EMAIL PROTECTED] To: Paul Aviles [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Tuesday, December 21, 2004 9:46 AM Subject: RE: [PHP] can I compile php source OT [snip] Bruce, that is the typical answer when someone has a God complex and feels is his duty to teach everyone to be like him... Don't worry just feel sorry for him. [/snip] So, if I teach everyone to be like me, which includes the following traits; a. I RTFM 2. I STFW and STFA III. I try to ask questions that will garner more than a yes or no answer when I am looking for more than a yes or no answer. that's a bad thing? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] can I compile php source
no sympathy, reality. So, if someone asks how to past the max_upload size limit will you send them to google or maybe point them to your web site how-to? hmmm. be kind, is free, and people will respect you more. - Original Message - From: Raditha Dissanayake [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Tuesday, December 21, 2004 9:32 AM Subject: Re: [PHP] can I compile php source Paul Aviles wrote: Bruce, that is the typical answer when someone has a God complex and feels is his duty to teach everyone to be like him... Don't worry just feel sorry for him. Your sympathy is misplaced. -- Raditha Dissanayake. -- http://www.radinks.com/print/card-designer/ | Card Designer Applet http://www.radinks.com/upload/ | Drag and Drop Upload -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] This list is dying: was:can I compile php source OT
It's sad to see how the quality of the help you can get in this list has dropped of late. It's not because of the people who post off topic messages or don't bother to read the FAQ or RTFM before posting. It's because of the people who immidiately spring to the defence of the off topic posters. I see that many people who used to make valuable contributions in this list an year ago no longer make any posting. No doubt they are fed up. Others make fewer contributions than they used to. The way things are going pretty soon it will be a case of blind leading the blind. To mis-quote John Nichel Flame away responses will be deleted -- Raditha Dissanayake. -- http://www.radinks.com/print/card-designer/ | Card Designer Applet http://www.radinks.com/upload/ | Drag and Drop Upload -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] An object oriented database in PHP?
symbulos partners wrote: Brandon Thompson wrote: We use Propel for all of our development. Where can we find more about it? Google is your friend. http://propel.phpdb.org It requires PHP 5, plus it requires additional tools like Creole and Phing (similar to Ant). The howtos on the propel site are good...I had it up and running in just a couple hours. Brandon Thompson Ocean Street Consulting, Inc. http://www.oscfl.com -- By-Tor.com ...it's all about the Rush http://www.by-tor.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] can I compile php source OT
[snip] the delivery is the problem not the thought process. people are trying to find answers not being lectured and reprimanded. Many people are getting into the field and are new and may not have the wisdom or experience other people have. Think about it How many times have you been dealing with a problem for a long time and the answer was right in front of you? [/snip] Are you new here? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Compiling PHP Source guides
Hi, I am looking for a guide on compiling PHP 4. I am a complete newbie to compiling and have no idea where to start, so any links to guides and/or other useful info would be much appreciated. My reason is that I need MySQL 4 support, but I would like to get a general overview of compiling a program source in general. Thanks in advance. Donald Tyler -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] can I compile php source
[snip] no sympathy, reality. So, if someone asks how to past the max_upload size limit will you send them to google or maybe point them to your web site how-to? hmmm. be kind, is free, and people will respect you more. [/snip] Nope, because the question requires more than a yes or no answer. I would most likely say something like... RTFM... http://us2.php.net/manual/en/features.file-upload.php I am not on this list to earn respect. I am here to learn and where possible, teach. And if you want people to be more politically correct so no one gets insulted or gets their feelings hurt you have come to the wrong place. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] can I compile php source
some people will never get it. - Original Message - From: Jay Blanchard [EMAIL PROTECTED] To: Paul Aviles [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Tuesday, December 21, 2004 10:41 AM Subject: RE: [PHP] can I compile php source [snip] no sympathy, reality. So, if someone asks how to past the max_upload size limit will you send them to google or maybe point them to your web site how-to? hmmm. be kind, is free, and people will respect you more. [/snip] Nope, because the question requires more than a yes or no answer. I would most likely say something like... RTFM... http://us2.php.net/manual/en/features.file-upload.php I am not on this list to earn respect. I am here to learn and where possible, teach. And if you want people to be more politically correct so no one gets insulted or gets their feelings hurt you have come to the wrong place. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] This list is dying: was:can I compile php source OT
[snip] It's sad to see how the quality of the help you can get in this list has dropped of late. It's not because of the people who post off topic messages or don't bother to read the FAQ or RTFM before posting. It's because of the people who immidiately spring to the defence of the off topic posters. I see that many people who used to make valuable contributions in this list an year ago no longer make any posting. No doubt they are fed up. Others make fewer contributions than they used to. The way things are going pretty soon it will be a case of blind leading the blind. To mis-quote John Nichel Flame away responses will be deleted [/snip] I don't think that the list is dying, I just think that there are several here who are new and unfamiliar with newsgroup/list style posting. Who was off topic? And who sprung to their defense? I'll whip them senseless with a USB cable. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] This list is dying: was:can I compile php source OT
Raditha Dissanayake wrote: snip I see that many people who used to make valuable contributions in this list an year ago no longer make any posting. No doubt they are fed up. Others make fewer contributions than they used to. The way things are going pretty soon it will be a case of blind leading the blind. Yeah, I can think of two off the top of my head who used to be major contributors. I don't know their reasons for not posting here too much anymore (I know one is at least still very active on other mailing lists), but their presence is sorely missed. To mis-quote John Nichel Flame away responses will be deleted Semi-new thread, so I'll post to it. ;) -- John C. Nichel ÜberGeek KegWorks.com 716.856.9675 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] This list is dying: was:can I compile php source OT
On Tue, 2004-12-21 at 10:53, Jay Blanchard wrote: [snip] It's sad to see how the quality of the help you can get in this list has dropped of late. It's not because of the people who post off topic messages or don't bother to read the FAQ or RTFM before posting. It's because of the people who immidiately spring to the defence of the off topic posters. I see that many people who used to make valuable contributions in this list an year ago no longer make any posting. No doubt they are fed up. Others make fewer contributions than they used to. The way things are going pretty soon it will be a case of blind leading the blind. To mis-quote John Nichel Flame away responses will be deleted [/snip] There was a time when I posted a lot of responses, but when I became a father just over a year ago, my spare time was cut enormously so now I just answer the occasional one off since I don't have the time to delve into the bigger questions posted. Cheers, Rob. -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] can I compile php source
Paul Aviles wrote: some people will never get it. Yeah, I said I wasn't going to reply to this thread, but since you're not going to let it die... You said that I have a 'God' complex, yet you sit here and try to impose your political correctness on us; sitting up there on your high and mighty cloud, telling us how we're doing it wrong. And when long time, respected posters on this list don't agree with you, you fling your nose in the air, and claim that 'some people will never get it', in your holiest of holier than thou voices. WTF makes you think that *you* 'get it'? Don't like the way things work around here? Hit the unsubscribe button, but please stop crying about how wrong we are. Welcome to /dev/null -- John C. Nichel ÜberGeek KegWorks.com 716.856.9675 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Compiling PHP Source guides
Donald Tyler wrote: I am looking for a guide on compiling PHP 4. I am a complete newbie to compiling and have no idea where to start, so any links to guides and/or other useful info would be much appreciated. PHP is a scripting language, no need to compile it. If you're really new, 2 links from the PHP home page A simple tutorial http://www.php.net/tut.php PHP Documentation http://www.php.net/docs.php If you mean compiling php itself (not a php script written in PHP), then go read the PHP manual: II. Installation and Configuration http://www.php.net/manual/en/install.php My reason is that I need MySQL 4 support, Just check the manual. MySQL functions can be used within PHP, with the mysql or mysqli extensions (see links below). Under Linux, it comes in packages like mysql-server, php4, php4-mysql, etc and you can simply install these packages. LXX. MySQL Functions http://www.php.net/manual/en/ref.mysql.php In PHP 5, MySQL is no longer enabled by default, nor is the MySQL library bundled with PHP. Read this FAQ http://www.php.net/manual/en/faq.databases.php#faq.databases.mysql.php5 for details on why. LXXI. Improved MySQL Extension, PHP Manual http://www.php.net/manual/en/ref.mysqli.php The mysqli extension allows you to access the functionality provided by MySQL 4.1 and above but I would like to get a general overview of compiling a program source in general. On Unix/Linux like systems, it's something like $ tar xzf soft-1.0.tar.gz $ cd soft-1.0 $ ./configure $ make $ su - (to become root, if it's your box) # make install Christophe -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Compiling PHP Source guides
Donald Tyler wrote: Hi, I am looking for a guide on compiling PHP 4. I am a complete newbie to compiling and have no idea where to start, so any links to guides and/or other useful info would be much appreciated. My reason is that I need MySQL 4 support, but I would like to get a general overview of compiling a program source in general. Thanks in advance. Donald Tyler I'd say RTFM, but I don't want to offend anyone's sensibilities, so... http://us4.php.net/manual/en/install.unix.php MySQL up too 4.0... http://us4.php.net/manual/en/ref.mysql.php MySQL = 4.1 http://us4.php.net/manual/en/ref.mysqli.php -- John C. Nichel ÜberGeek KegWorks.com 716.856.9675 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] can I compile php source
after looking at the msgs on this list for this thread... i'm curious. if you see an email that you don't want to respond to, why can't you simply choose not to respond to it, and ignore the msg. peace.. -Original Message- From: Paul Aviles [EMAIL PROTECTED] Sent: Dec 21, 2004 7:48 AM To: [EMAIL PROTECTED] Subject: Re: [PHP] can I compile php source some people will never get it. - Original Message - From: Jay Blanchard [EMAIL PROTECTED] To: Paul Aviles [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Tuesday, December 21, 2004 10:41 AM Subject: RE: [PHP] can I compile php source [snip] no sympathy, reality. So, if someone asks how to past the max_upload size limit will you send them to google or maybe point them to your web site how-to? hmmm. be kind, is free, and people will respect you more. [/snip] Nope, because the question requires more than a yes or no answer. I would most likely say something like... RTFM... http://us2.php.net/manual/en/features.file-upload.php I am not on this list to earn respect. I am here to learn and where possible, teach. And if you want people to be more politically correct so no one gets insulted or gets their feelings hurt you have come to the wrong place. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] can I compile php source OT
[snip] some people will never get it. [/snip] Can we vote someone off of the island? He's a little too grouchy for being this close to Christmas. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] OT Re: [PHP] can I compile php source
I promised myself that I wouldn't get in the middle of any flame wars but I just had to say something about my experience. The day I stopped looking for free handouts and became self-sufficient in my ability to find the answers myself was the day someone told me to RTFM a few years ago. It was a friend of mine and it was a little hurtful. But he was right! The answer was right in the man page. Then I felt stupid for asking. Since then my skills at troubleshooting went through the roof. You can literally train yourself to be a walking encyclopedia not by knowing the answer but by knowing how to find the answer without anyones help. Sometimes it takes a mean push to get someone on the right track. You might not like it but you can't deny the results it can bring. -- --Matthew Sims --http://killermookie.org some people will never get it. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] String parsing issue in PHP 4.3.10?
I'm working on a script that will parse through a long string using regexs to pattern match a certain format. I'm having an issue with a '?' in a string being picked up as an end-of-code character, but only if the line before it is commented out. If the line before is NOT commented out, PHP processes the file as normal (errors out, but I can fix that). I'd appreciate it if someone else could run this script and see what happens. PHP Version: $ php --version PHP 4.3.10 (cli) (built: Dec 20 2004 10:45:58) Copyright (c) 1997-2004 The PHP Group Zend Engine v1.3.0, Copyright (c) 1998-2004 Zend Technologies PHP Config line: ./configure --with-mysql --with-apxs2=/pub/apache/bin/apxs --with-mcrypt=/usr/local/lib --with-curl=/usr/local --enable-ftp --with-imap=/usr/local/imap --with-jpeg --with-jpeg-dir=/usr/local/lib --with-png --with-png-dir=/usr/local/lib --with-zlib-dir=/usr/local/lib --with-gd --with-freetype --with-freetype-dir=/usr/local/lib --with-ttf Unexpected results: If line 16 (indicated below) is commented out, the '?' in the string on line 17 makes PHP stop parsing and the rest of the script is simply dumped to stdout. If line 16 is NOT commented out, the '?' is NOT picked up as being a PHP tag and it parses the script as PHP. Environment: Running in CLI on Redhat 9, current versions of all applicable software. The exact same behavior occurs when running as a webpage with Apache 2.0.52. == ? $notes = '14 Mar 2004 18:46 Jay Brown added item to shop14 Mar 2004 19:15 Jay Brown changed production status to Ready for Publishing14 Mar 2004 19:32 Published by Jay Brown15 Mar 2004 09:22 Published by bill Smith15 Mar 2004 09:57 Published by Bill Smith16 Jun 2004 14:28 Julie Johnson repriced all options. 16 Jun 2004 14:29 Julie Johnson repriced all options.6/16/2004 14:29 Julie Johnson committed pricing changes. 29 Jun 2004 09:21 Published by Bill Smith07 Jul 2004 11:42 Bill Smith changed production status to Ready for Publishing 07 Jul 2004 13:44 Published by Bill Smith20 Jul 2004 13:07 Bonie Jackson changed production status to Ready for Publishing 21 Jul 2004 08:36 Published by Bill Smith'; # Attempt to split the notes # echo $notes.\n; $time_exp = '/\d{1,2} \w{3} \d{4} \d{2}:\d{2}/'; $note_exp = '/\d{1,2} \w{3} \d{4} \d{2}:\d{2}\s? [!-~ ]+/'; // COMMENT OUT THIS LINE $note_exp = '/\d{1,2}\/\d{1,2}\/\d{2,4} \d{2}:\d{2}\s? [!-~]+/'; // PHP STOPS PARSING HERE // Attempt to split the notes... if (preg_match($note_exp, $notes) == 0) { echo No match found for .$record['ID'].!:\n; echo $notes.\n\n\n; continue; } $count = preg_match_all ($note_exp, $notes, $splits); $notes = $splits[0]; // Check for notes within notes... This can happen when there are a missing line break in a note... $temp = array(); foreach ($notes as $note) { while (preg_match($note_exp, $note) 0) { preg_match_all($note_exp, $note, $splits, PREG_OFFSET_CAPTURE, 5); // Find the next substring match... if (isset ($splits[0][0])) { $temp[] = substr($note, 0, $splits[0][0][1]); $note = $splits[0][0][0]; } else break; } $temp[] = $note; } $notes = $temp; // Remove any duplicate notes $unique_notes = array(); foreach ($notes as $note) { if (!in_array($note, $unique_notes)) $unique_notes[] = $note; } # Split the note into different fields for storing in the DB... $item_notes = array(); $count = 1; foreach ($unique_notes as $note) { // Find the timestamp... preg_match_all ($time_exp, $note, $splits); $timestamp = $splits[0][0]; // Convert it to a legitimate timestamp... $ansi_timestamp = date('Y-m-d H:i:s', strtotime($timestamp)); // Find the note itself... $note_divider = strpos($note, ''); $note_only = trim(substr($note, $note_divider+1)); $a = array(); $a['RecordID'] = $record['Target']; $a['Timestamp'] = $ansi_timestamp; $a['Log'] = addslashes($note_only); $all_notes[] = $a; $count++; } foreach ($all_notes as $data) { echo '{ Timestamp='.$data['Timestamp'].', RecordID = '.$data['RecordID'].', Log='.$data['Log'].' }'; } ? == -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: This list is dying: was:can I compile php source OT
Raditha Dissanayake wrote: It's sad to see how the quality of the help you can get in this list has dropped of late. It's not because of the people who post off topic It's probably just because it's the holiday season and/or people working feverishly to meet year-end deadlines. I know I don't like to be at work this time of year :( messages or don't bother to read the FAQ or RTFM before posting. It's because of the people who immidiately spring to the defence of the off topic posters. I see that many people who used to make valuable contributions in this list an year ago no longer make any posting. No doubt they are fed up. Others make fewer contributions than they used to. The way things are going pretty soon it will be a case of blind leading the blind. Calling the list dead is a bit premature I think... people pop in and out as their time permits. It's not like this is a paid support channel, after all ;) I'm just glad to see some familiar faces now that I'm back to contribute to the list. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] couldnt backup database
On Tuesday 21 December 2004 07:44, Sagar C Nannapaneni wrote: I've a table in my database with 1 lakh records using a disk space of around 50Mb. I wanted to download the records. I used phpmyadmin (coz my hosting provider doesnt allow remote access to my db) to export the database but its not working for larger databases. I thought that it might be a problem with the max execution time. So i thought i wud manually store the records in a text file so that i can download it. But when i tried that its not creating the file beyond 10Mb. And what error do you get? I've tried these things out.. ini_set ( max_execution_time, 300); The quotes go around the first parameter, the second parameter being an integer does not need quotes. ini_set ( mssql.connect_timeout, 300); mssql == M$ SQL Server !== MySQL ini_set ( memory_limit, 500); but not working can anyone help me out with this problem.. If you have access to the shell then using mysqldump would be a far quicker and more robust solution. Otherwise try breaking your backup into smaller chunks. -- Jason Wong - Gremlins Associates - www.gremlins.biz Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general -- /* With a rubber duck, one's never alone. -- The Hitchhiker's Guide to the Galaxy */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Compiling PHP Source guides
John Nichel wrote: Donald Tyler wrote: Hi, I am looking for a guide on compiling PHP 4. I am a complete newbie to compiling and have no idea where to start, so any links to guides and/or other useful info would be much appreciated. What OS are you using? I have found compiling on Windows to be a bit tricky actually... especially if you're using cygwin. The best help to start with is help from the command line during the build process, but if you get stuck feel free to post a question here. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Writing new code vs. re-writing someone else's code
Honestly, I think it does depend a lot on the language you are using. From my experience, most people who work in PHP tend to write more new code than those who use COBOL. [snip] There are *so* many legacy COBOL applications though that, yeah, I think a COBOL programmer will very rarely get to write anything new. [/snip] I agree. I was reading something that like 80% of the code out there (don't quote my numbers) is in COBOL and FORTRAN. Anyways, to answer your question, I spend about 30% of my time writing new code and about 70% of my time working on legacy code. Of course, often due to lacking comments most of the time spent with old code is just trying to figure out what they were doing. :) -Chris On Wed, 22 Dec 2004 01:13:58 +1100, Justin French [EMAIL PROTECTED] wrote: On 21/12/2004, at 9:41 PM, Eakin, W wrote: The question is, how much of your time (you, the professional PHP coder reading this), is spent rewriting/repairing old code vs. writing new code. When I'm working on a new project, my time is generally spent hooking into my existing framework with new code and models. When I'm making changes to existing projects, I tend to be mainly repairing, modifying and updating code, plus adding a little new code. I'm highly addicted to cleaning and refining my old code, so if I see something messy and have a few spare minutes, I'll always clean up old code to make it better. I absolutely hate working with other people's code or inheriting a project unless it's really clean and well thought out, and well documented. --- Justin French, Indent.com.au [EMAIL PROTECTED] Web Application Development Graphic Design -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: OT Re: [PHP] can I compile php source
The day I stopped looking for free handouts and became self-sufficient in my ability to find the answers myself was the day someone told me to RTFM a few years ago. It was a friend of mine and it was a little hurtful. But he was right! The answer was right in the man page. Then I felt stupid for asking. Since then my skills at troubleshooting went through the roof. You can literally train yourself to be a walking encyclopedia not by knowing the answer but by knowing how to find the answer without anyones help. Sometimes it takes a mean push to get someone on the right track. You might not like it but you can't deny the results it can bring. Agreed 100%. Heck I'm an accountant, not even a computer programmer, and even I can help people out now because of a RTFM comment I received a long time ago ;) People need to learn how to help themselves. When it's clear that a person just doesn't understand some concept yet has put effort into understanding their problem then I push them to the area of the manual that will explain it to them. The manual is there for a very good reason and it is an excellent reference tool. Teach a man to fish... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Using encrypted passwords (what we would like to achieve)
On Tuesday 21 December 2004 20:06, symbulos partners wrote: What we would like to achieve? If a malicious user finds a way of entering of accessing the docroot (rwx) of a website with CMS (PHP + MySQL), we would like to have further barrier to him accessing the Mysql database. Like I said, you're storing the means to decrypt on the same system, so once someone gets in no amount of encryption will help. So basically encryption (for this purpose) is a waste of time and adds no value. Your best defence is to prevent them from getting in in the first place. -- Jason Wong - Gremlins Associates - www.gremlins.biz Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general -- /* It's raisins that make Post Raisin Bran so raisiny ... */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] can I compile php source
On Wednesday 22 December 2004 01:00, Bruce Douglas wrote: after looking at the msgs on this list for this thread... i'm curious. if you see an email that you don't want to respond to, why can't you simply choose not to respond to it, and ignore the msg. It's probably because they *do* want to respond? -- Jason Wong - Gremlins Associates - www.gremlins.biz Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general -- /* In which level of metalanguage are you now speaking? */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] This list is dying: was:can I compile php source OT
Subject: [PHP] This list is dying: Wait.. has Netcraft confirmed it? FYI, I don't think the list is any different... ups and downs...it's always the same questions, flamers, newbies, etc. All that changes are the names. Whoever this John Nichel character is though should be banned... ;) ---John Holmes... UCCASS - PHP Survey System http://www.bigredspark.com/survey.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] can I compile php source
Guys, this is trivial. It takes the same effort to provide the answer to whoever this guy was, than to lecture him on how to think. this question has been answered before, use google and do a search for and follow this link before posting as it may help you in the future I am not trying to police anything and I am not for anyone to imitate or follow as example, but I think there are better ways to help. No need to reply, I am not trying to pick a fight nor insult anyone. - Original Message - From: John Nichel [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, December 21, 2004 11:39 AM Subject: Re: [PHP] can I compile php source Paul Aviles wrote: some people will never get it. Yeah, I said I wasn't going to reply to this thread, but since you're not going to let it die... You said that I have a 'God' complex, yet you sit here and try to impose your political correctness on us; sitting up there on your high and mighty cloud, telling us how we're doing it wrong. And when long time, respected posters on this list don't agree with you, you fling your nose in the air, and claim that 'some people will never get it', in your holiest of holier than thou voices. WTF makes you think that *you* 'get it'? Don't like the way things work around here? Hit the unsubscribe button, but please stop crying about how wrong we are. Welcome to /dev/null -- John C. Nichel ÜberGeek KegWorks.com 716.856.9675 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] disable_functions per vhost on apache
Hi folks, according to this old message [http://www.mail-archive.com/php-general@lists.php.net/msg87293.html] it's not possible to use php_value disable_functions on Apache's vhost. Since this message is two years old I would like to know if it's still being true. I have to allow system() for my control center script but I don't want my users to use it. How can I do it? -- Best regards, Eduardo M. Bragatto. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] can I compile php source OT
On Tuesday 21 December 2004 23:34, Jay Blanchard wrote: It seems either Paul responded directly (and only) to Jay or I missed this message (by Paul): the delivery is the problem not the thought process. people are trying to find answers not being lectured and reprimanded. Many people are getting into the field and are new and may not have the wisdom or experience other people have. Think about it How many times have you been dealing with a problem for a long time and the answer was right in front of you? Anyway, google compile php source, is it that hard? What wisdom does it require? What experience does it need? Don't tell me the OP hasn't heard of Google? Think about it ... -- Jason Wong - Gremlins Associates - www.gremlins.biz Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general -- /* Only fools leave witnesses. -- HASIMIR FENRING */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Liveticker problem
Ross Hulford wrote: Her is the code (not mine) what I am trying to so is cut out all the header info that is included in the message as shown here http://supercool-74.com/sms/liveticker.php Granted, it's 5 hours later, but I'm not seeing anything much at that URL... The message is supposed to be terminated by the xx string which is defined in config.php but it just continues and prints all the header info too. I'm confused by your placement of header info and rest of message... Since the headers come FIRST, I don't quite understand why you are having problems with it printing headers info *after* the content... So I'll comment on the parts of code that I *do* understand, and maybe push you in the right direction for something anyway. - ?php include (config.php); $mbox = imap_open ({.$pop3_server./pop3:110}INBOX,$mailbox,$password); You are usually better off using IMAP instead of POP when possible. $headers = imap_headers ($mbox); $max = count($headers); include (head.php); echo table border=\0\ cellspacing=\30\ cellpadding=\0\\n; for ($i = $max; $i 0; $i--) { $header = imap_header ($mbox,$i); $from = $header-from; $email = $from[0]-mailbox.@.$from[0]-host; Hmmm. I'm assuming this is correct, that $header-from is an array? And that's already all torn apart into -mailbox and -host elements? Seems to me you might be able to get this more clearly somehow from the $header structure, but maybe that's just the way it is $date = $header-date; $date = split( ,$date); Might as well use http://php.net/explode if you're not going to use the power of RegEx. $structure = imap_fetchstructure ($mbox,$i); $encoding = $structure-encoding; if ($endword) { $end = strpos(imap_body ($mbox,$i),$endword); } if ($startword) { $beginning = ereg($startword,imap_body ($mbox,$i)); $start = strpos(imap_body ($mbox,$i),$startword); if ($end) Here's your FIRST big problem that is probably actually related to what you are asking about. $end could *easily* have been 0 (the integer) if $endword appeared at the very *beginning* of the imap_body($mbox, $i) expression. Now maybe that never happens in the real world with your data, but it's really better to use if ($end !== FALSE) here to make sure you don't get in the Bad Habit of confusing 0 and FALSE results from strpos(). { $body = substr(imap_body ($mbox,$i),$start+strlen($startword),$end-$start-strlen($endword)); } else { $body = substr(imap_body ($mbox,$i),$start+strlen($startword)); } } You are calling image_body($mbox, $i) several times in here. It would probably be better to do $body = imap_body($mbox, $i) early on, and then just use $body. It may be more natural, if $end === FALSE, to set $end to strlen($body) at that point, and then just have one call to substr() to get the portion of the $body you want. else { $beginning = true; if ($end) { $body = substr(imap_body ($mbox,$i),0,$end); } else { $body = imap_body ($mbox,$i); } } So now I'm very confused about your beginning, end, start, body, and substr() calls, because I have NO IDEA what you are doing at this point... A cleaner structure, IMHO would be: $body = imap_body($mbox, $i); //Find the end of the section we want: $endpos = strlen($body); //Whole thing, by default if (strlen($endword)){ $endpos = strpos($body, $endword); if ($endpos === FALSE) $endpos = strlen($body); } //Find the beginning of the section we want: $startpos = 0; //Whole thing, by default: if (strlen($startword)){ $startpos = strpos($body, $startword); if ($startpos === FALSE) $startpos = 0; else{ $startpos += strlen($startword); //Don't include $startword in result } } //Now get the section defined by $startpos, $endpos: $body = substr($body, $startpos, $endpos); If you are *still* not getting what you think you should, use: echo HRPREOriginal: ', imap_body($mbox, $i), '\nStart: '$startword' $startpos\nEnd: '$endword' $endpos\nBody: '$body'/PREHR\n; here to figure out why. Pay close attention to what's inside the ''s in that output, such as newlines and spaces, which are the usual things to trip you up in this kind of work. if (in_array ($email,$allowed_senders) $beginning) { if ($date[1] == 1){$date[1]=01;} elseif ($date[1] == 2){$date[1]=02;} elseif ($date[1] == 3){$date[1]=03;} elseif ($date[1] == 4){$date[1]=04;} elseif ($date[1] == 5){$date[1]=05;} elseif ($date[1] == 6){$date[1]=06;} elseif ($date[1] == 7){$date[1]=07;} elseif ($date[1] == 8){$date[1]=08;} elseif ($date[1] == 9){$date[1]=09;} Is is just silly. Use something like: $date_1 = sprintf('%02s', $date[1]); if ($date[2] == Jan){$date[2]=01;} elseif ($date[2] == Feb){$date[2]=02;} elseif ($date[2] == Mar){$date[2]=03;} elseif ($date[2] == Apr){$date[2]=04;} elseif ($date[2] == May){$date[2]=05;} elseif
Re: [PHP] String parsing issue in PHP 4.3.10?
From: Steve Brown [EMAIL PROTECTED] Unexpected results: If line 16 (indicated below) is commented out, the '?' in the string on line 17 makes PHP stop parsing and the rest of the script is simply dumped to stdout. If line 16 is NOT commented out, the '?' is NOT picked up as being a PHP tag and it parses the script as PHP. Quote: The one-line comment styles actually only comment to the end of the line or the current block of PHP code, whichever comes first. This means that HTML code after // ? WILL be printed: ? skips out of the PHP mode and returns to HTML mode, and // cannot influence that. If asp_tags configuration directive is enabled, it behaves the same with // %. From: http://www.php.net/manual/en/language.basic-syntax.comments.php I remember running into this, also, so don't feel bad about not noticing it. ;) ---John Holmes... UCCASS - PHP Survey System http://www.bigredspark.com/survey.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] email form results
Is there a simple way to send the results of a form to an email address? I have created a form with multiple categories of radio boxes and I have created a response PHP file that will give the user a confirmation. I'm just not sure how to send the results through email. I've checked the documentation with no luck. Thanks.
Re: [PHP] Using encrypted passwords (what we would like to achieve)
symbulos partners wrote: What we would like to achieve? If a malicious user finds a way of entering of accessing the docroot (rwx) of a website with CMS (PHP + MySQL), we would like to have further barrier to him accessing the Mysql database. We had some problem with one hacker using the database of a website with PhpBB launching an e-mail based DDoS (this is what they said at the provider hosting our server). We are trying to introduce as as many obstacles as possible. Excellent! Encoding the password in that config file won't help you meet your goal in the least. If they can read it, they can read it, and they are reading the same thing PHP uses to access the database, so they can access the database. You can't make it something they can't use to access the database, but that PHP *can* use to access the database. Making it difficult for somebody to physically *read* that password will help, however. Alas, you can't make it *too* difficult, or PHP also can't read it, and then your site has no database access at all. Standard procedures include: Moving config files with passwords out of Apache's DocumentRoot and using PHP's include_path setting to make them readable by PHP. Some people recommend making the .inc and files be parsed by PHP or not served up by Apache by tweaking Apache settings, or tacking .php onto the end of all .inc files. The problem there is that you *still* have files that the Programmer never intended to be accessed as a web page, available for hackers to access as a web page. IE, they can surf directly to http://example.com/someBB.config.inc.php and they are executing PHP code in a context never really designed, considered, and certainly not tested by the majority of Programmers out there whose code you acquire. So, despite strong opposition on this list, I must continue to advise you to *MOVE* any PHP/.inc file that is not an actual page people are supposed to surf to, *out* of DocumentRoot, and use include_path to make PHP find them. But the goal here is to make it IMPOSSIBLE for the General Public to *surf* to your config.inc.php script, and read the password, or otherwise abuse the PHP source code within it to cause mayhem. You've narrowed your potential attackers down from The Planet (billions of users) to Shell Users (hundreds++, at most). That's a Big Difference, imho. Now, anybody with a shell account (or who breaks into a shell account) can still use PHP to read your PHP config.inc.php script, and still get ahold of the password -- Or run that PHP script out of context to cause problems. Your options for guarding against that include: +++ Traditional Answer: Guard shell access very carefully. Downside: Not real practical in a shared-host environment, with hundred++ users. Upside: You should be doing this anyway on a dedicated server, so the risk is minimal. In fact, if a user you don't want to have shell, has shell, then they MySQL password is probably *not* your most critical problem at that point. Way too many nasty things they can do with a shell account that supersede your MySQL password access. +++ Low-volume Server Possibility w/ Apache 1.x: Use PHP as a CGI, and suexec PHP-CGI to a specific user, and make the config.inc.php file readable only by that specific user. Downsides: suexec is a pain to get right, and if you get it wrong, you open up way more security holes than the MySQL passwword problem in the first place. CGI is slower than Module, and is missing a few (four?) features. CGI *might* not be *that* much slower if all your PHP scripts and PHP and Apache children can fit into RAM. It *might* also not really matter if CGI is slower for a low-volume server -- Only you can make the performance/security decision for your needs. MOST people seem to opt for PHP as Module performance over the security risks of a compromised shell account. But, hey, it's your server. You make the choice. One feature I can recall that CGI won't support: HTTP Authentication, as it would transmit HTTP password in the clear between processes (Apache and PHP CGI). If you NEED HTTP Authentication (in PHP, not in .htaccess or mod_auth_mysql or whatever) then you don't want PHP as CGI. There are a few other features, mostly minor features that I never wanted anyway, as I recall... You can probably read up on PHP CGI page to find the other features you'll be missing. +++ With Apache 2.x, I've been told that you can run PHP Module as a specific user, independent of the Apache user, for each site. This means that in a shared host environment, every host can run PHP as a Module under a *different* under-powered shell user, with only that ONE user able to read the PHP files. This protects your MySQL password from all other users on the system, which is not possible in 1.x, as I understand it, on shared servers using VirtualHost. One could run a different Apache 1.x process for each user, of course, but that's problematic from a limited resources
[PHP] Re: email form results
Ken Bolton wrote: Is there a simple way to send the results of a form to an email address? I have created a form with multiple categories of radio boxes and I have created a response PHP file that will give the user a confirmation. I'm just not sure how to send the results through email. I've checked the documentation with no luck. Thanks. http://www.php.net/manual/en/function.mail.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Writing new code vs. re-writing someone else's code
On Tue, 2004-12-21 at 11:41 +0100, Eakin, W wrote: Hello, This question could be seen as a general programming question, but because PHP is what I know best, I'll ask it here. A good friend of mine is the person who got me more interested in programming as a career. She's a professional COBOL programmer, and works for a large bank. She once told me that 75% of her time was spent going over and rewriting/repairing old code that she didn't write, and only 25% writing new code. From what I know about COBOL, it seems that it might need more rewriting than other languages, because of all the built up old code. But as I look forward to the day when I can work as a full-time PHP coder, I wonder. The question is, how much of your time (you, the professional PHP coder reading this), is spent rewriting/repairing old code vs. writing new code. Although this is a PHP list, and my question is in regards to PHP, if you want to give me your opinion on this same question in regards to other languages you've programmed in, I wouldn't mind. thanks, William All languages have this problem. It's going to happen regardless of which language that you work on. As you become a better programmer you can plan ahead better, but you should always expect to have to go back and rethink things and clean up existing code. (refactoring) If you do it effectively, the time it takes to go back and work on legacy code can be dropped: see: http://www.refactoring.com/ ..and a good book that someone recommended to me recently: http://www.amazon.com/exec/obidos/redirect? tag=gp04-20path=tg/detail/-/0201485672%3Fv%3Dglance Cheers, -Robby -- /*** * Robby Russell | Owner.Developer.Geek * PLANET ARGON | www.planetargon.com * Portland, OR | [EMAIL PROTECTED] * 503.351.4730 | blog.planetargon.com * PHP/PostgreSQL Hosting Development *--- Now supporting PHP5 --- / -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] couldnt backup database
Sagar C Nannapaneni wrote: I've a table in my database with 1 lakh records using a disk space of around 50Mb. I wanted to download the records. I used phpmyadmin (coz my hosting provider doesnt allow remote access to my db) to export the database but its not working for larger databases. I thought that it might be a problem with the max execution time. So i thought i wud manually store the records in a text file so that i can download it. But when i tried that its not creating the file beyond 10Mb. I've tried these things out.. ini_set ( max_execution_time, 300); ini_set ( mssql.connect_timeout, 300); ini_set ( memory_limit, 500); I'm not sure, but you may be prohibited by your provider from resetting some of those. It's also possible that you only have 10MB left on your server for free space and so when phpMyAdmin tries to make a temporary file for you to download, it fails. (Not sure that's how phpMyAdmin works, just that it *could* work that way.) You may want to just contact your provider and explain the problem. They can probably do a dump for you or work out a solution that fits in with their setup faster than we can figure out what's going on. If all else fails, you could write a custom PHP script to spit out N records at a time, and then another PHP script on another box to access that remotely, and concatenate the results to your final file. This would only work for data that's mostly static. If it's a high-volume transaction system, you'll end up with a big mess of only the records up to a certain point in time in each section of the data, and how that all fits together... Well, if you really understand your database and application, you could maybe still make it work without excessive locking of tables, but it would take some real work. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Writing new code vs. re-writing someone else's code
On Tue, 2004-12-21 at 12:26, Christopher Fulton wrote: Anyways, to answer your question, I spend about 30% of my time writing new code and about 70% of my time working on legacy code. Of course, often due to lacking comments most of the time spent with old code is just trying to figure out what they were doing. :) Hahah, that's so true. I hate committing to an E.T.A. when working on someone elses code since it entirely depends on what the heck they did and how fast I can figure it out... especially when their commenting style is complete lack thereof. Cheers, Rob. -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] imap_mail problems
May I suggest that you use PHP's mail() function and avoid the problem altogether. The format is much the same as the one you are using. Alberto Brea [EMAIL PROTECTED] -Original Message- From: Paul Aviles [EMAIL PROTECTED] To: [EMAIL PROTECTED] Date: Mon, 20 Dec 2004 20:00:22 -0500 Subject: [PHP] imap_mail problems Hello, I am having problems with this code below. The system is a FC1 server and it is supposed to send an email collecting some information of a computer. The problem I am having is with the and characters. When the $header variable is created, it does not work if you add the and characters. For some reason makes the whole string like null. Has anyone seen this behaviour? If I try manually to send an email it does work and php does have imap support on it. Thanks -pa snip $header = From: $fullNameField admin@ . trim(`/bin/hostname --fqdn`) . ; $registrationAddress = [EMAIL PROTECTED]; $subject = Registration ($productName); $message = Full name: $fullNameField Title: $titleField Company: $companyField ; // send email imap_mail($registrationAddress, $subject, $message, $header); snip -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] OT Re: [PHP] can I compile php source
While Yes may be a technically accurate answer to a question like Can I ... or Can anyone ..., a couple of points must be acknowledged: 1) Such an answer doesn't help the original poster. Period. And the purpose of a resource like this is to help, right? Even a RTFM or search Google at least gives the user __something__ to work with (and the lesson there being that if they read the manual or search Google, they'll quickly find answers). If your argument for answering Yes is that you're teaching the user to ask questions the smart way, then why not answer their intended question AND refer them to the smart questions page? Do you honestly think people are learning __anything__ when you reply with a Yes? Moreover... 2) It's commonplace in human discourse to attempt to address the *intent* of a person's question rather than the literal question itself. If you were helping a friend re-shingle a roof and they said Can you hand me that hammer?, hopefully you would actually hand them the hammer, not say Yes. They are many colloquialisms in languages--like when someone says What's up?--and it's just obstinate not to recognize them as such and respond accordingly. Finally, if you don't agree that Yes isn't helpful and that it's an inappropriate answer anyway, how about this: such emails are a waste of resources. It's a waste of the time (.1 nanoseconds or whatever) it took you to write. It's a waste of bandwidth (at a few bits a pop). It's a waste of everyone's time in reading and deleting such emails (another second). And it tends to start a sequence of even longer, off topic threads such as this one. So, seriously, if you don't feel like helping or you don't believe that a message should be posted here because it's off topic or you don't believe that a question was phrased properly, wouldn't it be better for everyone if you just didn't respond? It'd certainly be easier. Oy vay! Larry -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Writing new code vs. re-writing someone else's code
Eakin, W wrote: Hello, This question could be seen as a general programming question, but because PHP is what I know best, I'll ask it here. A good friend of mine is the person who got me more interested in programming as a career. She's a professional COBOL programmer, and works for a large bank. She once told me that 75% of her time was spent going over and rewriting/repairing old code that she didn't write, and only 25% writing new code. From what I know about COBOL, it seems that it might need more rewriting than other languages, because of all the built up old code. But as I look forward to the day when I can work as a full-time PHP coder, I wonder. The question is, how much of your time (you, the professional PHP coder reading this), is spent rewriting/repairing old code vs. writing new code. Although this is a PHP list, and my question is in regards to PHP, if you want to give me your opinion on this same question in regards to other languages you've programmed in, I wouldn't mind. I try to avoid the projects where I'll spend 80% of my time fixing somebody else's code, but that does seem to be the average :-) Of course, a lot of times, you're adding a new feature, or altering the behaviour in some small way. With well-written code, this hopefully turns out to be a relatively short time figuring out what the code does where/when, and a few minutes of writing the new bit. With Bad Code, it turns into a nightmare of figuring out how any of this [bleep] works and fits in with that other [bleep] and then days of trying things that should work, but don't, and then you throw up your hands and tell the boss it's really time to scrap that module and write it correctly from scratch in less time than you've already wasted trying to fix it. :-) Documentation, when it exists at all, rarely tells you the Big Picture things you need to know to figure out what's going on, and often is nothing more than an Englishified version of the source code, only out of date. Gee, thanks. :-( At any rate, yeah, I'd have to say 75% of time fixing old code is pretty standard. You can cut that down a lot with better Design up front, better requirements analysis up front, better coding up front... But you so seldom *get* that up front time, so we waste a lot of time fixing problems caused yesterday's deadline decisions. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] String parsing issue in PHP 4.3.10?
On Wednesday 22 December 2004 01:12, Steve Brown wrote: I'm working on a script that will parse through a long string using regexs to pattern match a certain format. I'm having an issue with a '?' in a string being picked up as an end-of-code character, but only if the line before it is commented out. If the line before is NOT commented out, PHP processes the file as normal (errors out, but I can fix that). That suggests to me you have some mismatched quotes somewhere. Get yourself an editor that does syntax highlighting then you can easily see where your quoted strings begin and end. -- Jason Wong - Gremlins Associates - www.gremlins.biz Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general -- /* Minnie Mouse is a slow maze learner. */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] can I compile php source OT
Wow I just wasted 10 minutes of my day reading half these post. This is one long thread. And man is it hard to follow. Dan. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] can I compile php source
On Wednesday 22 December 2004 01:37, Paul Aviles wrote: Guys, this is trivial. It takes the same effort to provide the answer to whoever this guy was, than to lecture him on how to think. Teach a person to fish ... -- Jason Wong - Gremlins Associates - www.gremlins.biz Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general -- /* It is very difficult to prophesy, especially when it pertains to the future. */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] This list is dying: was:can I compile php source OT
John Holmes wrote: snip Whoever this John Nichel character is though should be banned... ;) I've been banned from a barroom here and there...does that count? BTW, since you only post once in a blue moon these days, you've dropped back down to newbie status. ;) -- John C. Nichel ÜberGeek KegWorks.com 716.856.9675 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] External scripts in safe mode
Chadwin Tom wrote: If this is an inappropriate place to seek help, many apologies, and where might I try? I have a PHP 4.1.2 script on Red Hat (Apache 1.3.27) which calls an external script (Tidy, from tidy.sourceforge.net). It is called via popen() so that I can pipe through some arguments and receive the output. This worked fine until my ISP turned on safe mode. Now, although the UID of both the calling PHP script and of Tidy are the same, and though Tidy is sitting in a directory specified in safe_mode_exec_dir, the script fails. Is there anything else I should be checking? Sometimes, a host re-compiles PHP, and turns on safe mode inadvertantly. It should be noted that safe mode was designed to stop problems in PHP CGI (not Module). If they've turned it on for PHP as Module, they pretty much are just causing users problems, and not gaining anything much in the way of Security, as I understand it. So maybe they can just re-compile with Safe Mode OFF after confirming that it doesn't do squat in PHP as Module -- Apache is already running as the under-powered user that Safe Mode (sort of) emulates (in theory). You know there is a Tidy PHP Module, right? Maybe you could get your host to install that, so you don't need popen and all that to run Tidy from the shell. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Error with system() when running convert
with anything else. Has anyone run across error 127 from system, or have any idea what's going on? For future reference, find a convenient way to look up 127 error code number in your OS. man errno is sort of okay in most Un*xes, except then you have to count 127 lines down to get the right number. Some day, when I find the time, I'm gonna write that PHP source code function to return an error message from a number, just like C's errlist, so 'exec' and friends can actually be used by mere mortals... I've only been saying this since 1997, so don't worry if you feel like writing it yourself -- You'll beat me to it and gain all the oosphere glory for yourself. :-) -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] disable_functions per vhost on apache
On Wednesday 22 December 2004 02:42, Eduardo M. Bragatto wrote: according to this old message [http://www.mail-archive.com/php-general@lists.php.net/msg87293.html] it's not possible to use php_value disable_functions on Apache's vhost. Since this message is two years old I would like to know if it's still being true. I have to allow system() for my control center script but I don't want my users to use it. How can I do it? For what can be set and where, outside of php.ini, look at the manual entry for ini_set(). -- Jason Wong - Gremlins Associates - www.gremlins.biz Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general -- /* It's amazing how nice people are to you when they know you're going away. -- Michael Arlen */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Encryption
I have found some code and set up a test bed for it, but it fails to return the same value after the 26th item. I was hoping someone could take a look and maybe tell me why? There is very little help out there for encryption. If you know of a working example/tutorial, can you please reply with a link? Many thanks, Darren ? global $arrAlphaVals; global $intTot; 'global' makes NO SENSE outside the context of a function body. Get rid of these. $intTot = 5000; $arrAlphaVals = array(); function init() { global $arrAlphaVals; global $intTot; for ($i=0;$i$intTot;$i++) { $arrAlphaVals[$i] = sprintf(%016s, strtoupper(dechex($i))); } return $arrAlphaVals; } function main() { global $arrAlphaVals; global $intTot; init(); $arrError = array(); echo Encryption testbr\n; for ($i=0;$i$intTot;$i++) { if ($i%1000 == 0) { echo $i.br; flush(); } $strInit = $arrAlphaVals[$i]; $strEncVal = encryptIt($strInit); $strOut = decryptIt($strEncVal); //echo In: .$strInit., Enc: .$strEncVal., Out: .$strOut.br; if ($strOut != $strInit) { $strError .= Failed on: .$i.br\n; $arrError[$strInit] = $strOut; } } if (sizeof($arrError) 0) { // There were errors foreach ($arrError as $strKey = $strVal) { echo Input: '.$strKey.' failed with result '.$strVal.'br\n; } echo hr.$strError; } echo hrTested .$i. cases. Done.br\n; } function encryptIt($strIn) { $key = biteme; $strRet = _mencrypt($strIn, $key); return $strRet; } function decryptIt($strIn) { $key = biteme; $strRet = _mdecrypt($strIn, $key); return $strRet; } function _mencrypt($input,$key) { $input = str_replace(\n,,$input); $input = str_replace(\t,,$input); $input = str_replace(\r,,$input); $key = substr(md5($key),0,24); $td = mcrypt_module_open ('tripledes', '', 'ecb', ''); $iv = mcrypt_create_iv (mcrypt_enc_get_iv_size ($td), MCRYPT_RAND); Where did you call srand() as the manual says you should? http://php.net/mcrypt_create_iv mcrypt_generic_init ($td, $key, $iv); Why are you not checking your error codes here? This function alone has -3, -4, and unknown error codes you should be checking. *EVERY* function with a documented error code return mechanism needs you to write code to *CHECK* that return code. You'll find a *TON* of things out a lot faster if you write that extra few lines of code for each function call. $encrypted_data = mcrypt_generic ($td, $input); mcrypt_generic_deinit ($td); mcrypt_module_close ($td); return trim(chop(base64_encode($encrypted_data))); } //$input - stuff to decrypt //$key - the secret key to use function _mdecrypt($input,$key) { $input = str_replace(\n,,$input); $input = str_replace(\t,,$input); $input = str_replace(\r,,$input); $input = trim(chop(base64_decode($input))); $td = mcrypt_module_open ('tripledes', '', 'ecb', ''); $key = substr(md5($key),0,24); $iv = mcrypt_create_iv (mcrypt_enc_get_iv_size ($td), MCRYPT_RAND); mcrypt_generic_init ($td, $key, $iv); $decrypted_data = mdecrypt_generic ($td, $input); mcrypt_generic_deinit ($td); mcrypt_module_close ($td); return trim(chop($decrypted_data)); } main(); ? The original encryption and decryption code came from Jeremy Stansfield (http://www.weberdev.com/get_example-3752.html) -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] curl CUSTOMREQUEST
I saw a post at http://www.php.net/manual/en/ref.curl.php where it says: Using the customrequest for a complete post is wrong. Libcurl will add a partial url, the http version and the standard headers after the post data - while this works with a non-persistent connection and an apache web server, it may fail under different conditions Does anybody know a bit more on this?? (I sent an e-mail to the one who posted it, but the address does not longer exist) I tested the following code and didn't experience any problem: ? $url = http://www.mydomain.com;; $request = GET / HTTP/1.1\r\n. Host: www.mydomain.com\r\n\r\n; $ch = curl_init(); curl_setopt ($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_HEADER, 1); curl_setopt($ch, CURLOPT_TIMEOUT, 15); curl_setopt ($ch,CURLOPT_CUSTOMREQUEST , $request); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $reply = curl_exec($ch); curl_close ($ch); echo 'pre'; echo $reply; ? but using ngrep on a server of mine I can see this as the request: GET / HTTP/1.1. Host: www.mydomain.com. . / HTTP/1.1. Host: www.mydomain.com. Pragma: no-cache. Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*. may be this is what he's talking about when he says about the data libcurl will add? does anybody know under which circumstances may this fail?? thanks in advance, Juan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Help wth coding
http://www.theufl.com/php/wrox_php/movie_details10.php Copy movie_details10.php into movie_details10.phps (with an 's' on the end) and then we can surf to your source and tell you something useful. Or, copy and paste your soure up to the line with the error to the list. We sure can't help you just based on surfing to the URL. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] String parsing issue in PHP 4.3.10?
Quote: The one-line comment styles actually only comment to the end of the line or the current block of PHP code, whichever comes first. This means that HTML code after // ? WILL be printed: ? skips out of the PHP mode and returns to HTML mode, and // cannot influence that. If asp_tags configuration directive is enabled, it behaves the same with // %. I read that too, but my problem is with the fact that if the previous line is NOT commented out, the script works fine. You will notice that the previous line also contains a '?' sequence, so I'm confused as to why this would die on one line but not the other? Or is this some freak combination of comments and PHP tags? :-o At any rate, I managed to work around this issue by encapsulating the '\s?' partion of the expression in parentheses. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php terminal.
adwin wijaya wrote: Since my webhosting didnt provide me with telnet access, I would like to have a small software that created by php to do some bash function such as lynx, ls etc ? If a new host is not possible for political or other reasons, and if your host wasn't smart enough to turn it off in the first place... http://php.net/exec You'll want to use some kind of authentication to avoid people abusing your script. http://www.php.net/manual/en/features.http-auth.php In fact, do that FIRST, so you have a safe directory to work with. Honestly, though, if they were only smart enough to not give you shell, but not smart enough to turn off exec, then that's even more reason to run away screaming from that host. They clearly don't understand Security at all. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] imap_mail problems
Paul Aviles wrote: Hello, I am having problems with this code below. The system is a FC1 server and it is supposed to send an email collecting some information of a computer. The problem I am having is with the and characters. When the $header variable is created, it does not work if you add the and characters. For some reason makes the whole string like null. Has anyone seen this behaviour? If I try manually to send an email it does work and php does have imap support on it. Most likely, everything is working *FINE* but you are viewing your output in a BROWSER. So your BROWSER is interpreting and as an HTML tag and *not* showing you what's between them, because it's a tag the browser doesn't understand. Use View Source in your browser to verify this as a one-time solution. In the long run, you should use PRE tags and http://php.net/htmlentities to display debugging output. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Error with system() when running convert
There's a cool utility at: http://freespace.sourceforge.net/errno/index.html Of course, errno 127 is 'unknown error', so it wouldn't have been a huge help. On Tue, 21 Dec 2004 11:00:05 -0800 (PST), Richard Lynch [EMAIL PROTECTED] wrote: with anything else. Has anyone run across error 127 from system, or have any idea what's going on? For future reference, find a convenient way to look up 127 error code number in your OS. man errno is sort of okay in most Un*xes, except then you have to count 127 lines down to get the right number. Some day, when I find the time, I'm gonna write that PHP source code function to return an error message from a number, just like C's errlist, so 'exec' and friends can actually be used by mere mortals... I've only been saying this since 1997, so don't worry if you feel like writing it yourself -- You'll beat me to it and gain all the oosphere glory for yourself. :-) -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Setting or Getting Relative Path for PHP Includes
Anthony Baker wrote: I often use PHP includes in my files to pull in assets, but I hard code the relative path to the root html directory for the sites that I'm working on in each file. Example below: While I happen to think using include_path and $_SERVER is a better solution to setting up your environment, what you describe as what you want more closely fits php.ini's auto_prepend_file and nobody has suggested that yet. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] email form results
http://www.php.net/mail -phpninja -Original Message- From: Ken Bolton [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 21, 2004 10:11 AM To: [EMAIL PROTECTED] Subject: [PHP] email form results Is there a simple way to send the results of a form to an email address? I have created a form with multiple categories of radio boxes and I have created a response PHP file that will give the user a confirmation. I'm just not sure how to send the results through email. I've checked the documentation with no luck. Thanks. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] checking file type on upload
Sebastian wrote: i have an upload form which i would only like to allow compressed zip files and rar files to be uploaded. currently i use if ($_FILES['userfile']['type'] != 'application/x-zip-compressed') which only seems to work in IE, doesn't work in mozila (haven't tried others) what the best way to detect if its a rar or zip file which works in a better range of browsers? someone gave me a suggestion to check if the file ends in .rar or .zip but that isn't very secure since anyone would be able to append it to the filename regardless of the actual file type. The 'type' in $_FILES is just some made-up bull[bleep] from the browser manufacturer. In other words, like everything else made by the browser manufacturers, it's *NOT* standard, it's *NOT* reliable, and it has absolutely *NO* usefulness from a security stand-point :-) What you need to do is store the uploaded file somewhere as inaccessible as possible, so that only PHP can find/read it. Then, you need to authenticate that file as much as you possibly can, using every reasonable means at your fingertips. For your case, the zip file, this should include: Does it look like a zip file to the 'file' command in Linux? Can you unzip it without errors? Does it pass consistency checks of the zip program? Can gunzip, if that supports unzip with a different code-base/algorithm, also unzip it, and consistency check it. Does it have a reasonable size? If you have an expectation of specific kinds of files within the zip, you should also walk through each of those files and authenticate them, again, as much as you can. Can image files have http://php.net/getimagesize called on them successfully? Does it pass the Unix 'file' test? Does the mime-type from getimagesize match the extension? Can ImageMagik 'convert' the file without error? ImageMagik may have a consistency check option. Use it. For text files, does it pass the Unix 'file' test? Do the contents have a reasonable distribution of characters in English? :-) Are the about the right number of newlines for a file of that size? Is the size reasonable in the first place? You may not be able to implement all these tests -- But the more you can implement, and, more importantly, if you set it up to make it easy to ADD more tests later, the better off you are. Only files that pass your tests with flying colors then get moved to their ultimate destination. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] OT Re: [PHP] can I compile php source
Matthew Sims wrote: I promised myself that I wouldn't get in the middle of any flame wars but I just had to say something about my experience. The day I stopped looking for free handouts and became self-sufficient in my ability to find the answers myself was the day someone told me to RTFM a few years ago. It was a friend of mine and it was a little hurtful. But he was right! The answer was right in the man page. Then I felt stupid for asking. Since then my skills at troubleshooting went through the roof. You can literally train yourself to be a walking encyclopedia not by knowing the answer but by knowing how to find the answer without anyones help. Sometimes it takes a mean push to get someone on the right track. You might not like it but you can't deny the results it can bring. Your skills grow even more when you start answering questions you understand, or parroting the answers to questions you didn't understand, but recognize. :-) Plus you sort of get famous for it, sometimes. :-) :-) :-) On the downside, you can get flamed for being mean and unhelpful. I had a guy tell me how cruel I was for helping him with the ORACLE_SID/ORACLE_HOME problem, but not solving his other Oracle database problems. I'd never even *used* Oracle, but knew the answer after seeing it on this list, every week for about 2 years running. :-) Oh well. Win some, lose some. If somebody thinks I'm being too nice or answering many FAQs, give me grief about it OFF-LIST please! -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] email form results
Assemble all of your data into the message body (see $message below) and mail it to yourself. How you trigger this processing and the call to the mail() function depends on how you've constructed your logic. $message .= $name .\n; $message .= $phone . \n; $message .= $email; mail( [EMAIL PROTECTED], Free Trial Request, $message, From: $email ); One logic construct is for the form's ACTION to call itself, like so: IF $email is NOT set display the form and to record the information ELSEIF test for critical fields being empty displaying a message if they are and a reload button ELSE to the code above display Thanks we'll be in touch, or whatever. Regards - Miles Thompson At 02:10 PM 12/21/2004, Ken Bolton wrote: Is there a simple way to send the results of a form to an email address? I have created a form with multiple categories of radio boxes and I have created a response PHP file that will give the user a confirmation. I'm just not sure how to send the results through email. I've checked the documentation with no luck. Thanks. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] String parsing issue in PHP 4.3.10?
Steve Brown wrote: I'm working on a script that will parse through a long string using regexs to pattern match a certain format. I'm having an issue with a '?' in a string being picked up as an end-of-code character, but only No need to run it. ? can be caught by PHP as the end of PHP mode, no matter where you put it in a string or not. You can get around this by using something like: //$note_exp = '/\d{1,2} \w{3} \d{4} \d{2}:\d{2}\s? [!-~ ]+/'; // COMMENT OUT THIS LINE $note_exp = '/\d{1,2} \w{3} \d{4} \d{2}:\d{2}\s?' . ' [!-~]+/'; Other possible solutions: Use ?\ and PHP inside of and maybe PHP will interpret that as what you want. I'm also not a fan of a single \ inside of '' myself, even if the manual has finally said it's kosher. Maybe cuz I'm just old, and remember when that was not specifically allowed in the manual. :-) So I'd use \\ everywhere you have \ currently. Actually, you may be triggering a PHP bug in the string parsing engine, by using \ instead of \\. You do realize that \ *IS* one of the two special characters inside of ''s, the other being ' itself, right?... -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] How to set register_globals=off in the script?
I know that register_globals = on is not secure. But one program requires to use register_globals=on. So in php.ini register_globals is set to on. I have PHP 5.1, is it possible in the code set register_globals=off for specific scripts. So I want to keep PHP register_globals=on in php.ini, but in local files set to off? How I can do this? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] email form results
Ken Bolton wrote: Is there a simple way to send the results of a form to an email address? I have created a form with multiple categories of radio boxes and I have created a response PHP file that will give the user a confirmation. I'm just not sure how to send the results through email. I've checked the documentation with no luck. Thanks. http://php.net/mail should do the trick. If that's not enabled on your server, and can't be, but you have access to an SMTP server somewhere, http://phpclasses.org/ has several fine PHP mailing objects. Oh, and you may want to read the PHP FAQ, especially the part about using $_POST to snatch all the POST data in a few lines of code. Very handy. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] OT Re: [PHP] can I compile php source
Larry E. Ullman wrote: While Yes may be a technically accurate answer to a question like Can I ... or Can anyone ..., a couple of points must be acknowledged: 1) Such an answer doesn't help the original poster. Period. And the purpose of a resource like this is to help, right? Even a RTFM or search Google at least gives the user __something__ to work with (and the lesson there being that if they read the manual or search Google, they'll quickly find answers). If your argument for answering Yes is that you're teaching the user to ask questions the smart way, then why not answer their intended question AND refer them to the smart questions page? Do you honestly think people are learning __anything__ when you reply with a Yes? Moreover... I guess you didn't read the 'smart questions page'. It explains in great detail why the user was directed there. It explains what the user should do _before_ posting to a mailing list. It gives the user more than the little STFW 'something'. 2) It's commonplace in human discourse to attempt to address the *intent* of a person's question rather than the literal question itself. If you were helping a friend re-shingle a roof and they said Can you hand me that hammer?, hopefully you would actually hand them the hammer, not say Yes. They are many colloquialisms in languages--like when someone says What's up?--and it's just obstinate not to recognize them as such and respond accordingly. Finally, if you don't agree that Yes isn't helpful and that it's an inappropriate answer anyway, how about this: such emails are a waste of resources. It's a waste of the time (.1 nanoseconds or whatever) it took you to write. It's a waste of bandwidth (at a few bits a pop). It's a waste of everyone's time in reading and deleting such emails (another second). And it tends to start a sequence of even longer, off topic threads such as this one. Kind of like it's a waste of time to psycho analyze members of php mailing list...not that it's off topic or anything. So, seriously, if you don't feel like helping or you don't believe that a message should be posted here because it's off topic or you don't believe that a question was phrased properly, wouldn't it be better for everyone if you just didn't respond? It'd certainly be easier. Kind of like it would be better if others didn't fan the flames with posts on how the bad people shouldn't be mean. Oy vay! Indeed. Sorry Jay, guess I've lost Christmas points. ;) -- John C. Nichel ÜberGeek KegWorks.com 716.856.9675 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] OT Re: [PHP] can I compile php source
So, seriously, if you don't feel like helping or you don't believe that a message should be posted here because it's off topic or you don't believe that a question was phrased properly, wouldn't it be better for everyone if you just didn't respond? It'd certainly be easier. I can agree with you up until here. If someone is consistently posting off-topic then it would be in the group's interest to keep them from posting those things, e.g. $$$ MAKE MONEY FAST!!! $$$ or Cheep \/[EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] disable_functions per vhost on apache
Eduardo M. Bragatto wrote: Hi folks, according to this old message [http://www.mail-archive.com/php-general@lists.php.net/msg87293.html] it's not possible to use php_value disable_functions on Apache's vhost. Since this message is two years old I would like to know if it's still being true. Yes, it's still true, as this value can only be set in the php.ini file. http://us4.php.net/manual/en/features.safe-mode.php#ini.disable-functions I have to allow system() for my control center script but I don't want my users to use it. How can I do it? You'd have to run two instances of Apache, with a seperate php.ini for each version. One for the vhosts with the functions disabled, and the other for your control center. Unless someone knows of a way to use different ini's per vhost. Sucks, but it's about the best you could do. -- John C. Nichel ÜberGeek KegWorks.com 716.856.9675 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: How to set register_globals=off in the script?
Jerry Swanson wrote: I know that register_globals = on is not secure. But one program requires to use register_globals=on. So in php.ini register_globals is set to on. I have PHP 5.1, is it possible in the code set register_globals=off for specific scripts. So I want to keep PHP register_globals=on in php.ini, but in local files set to off? How I can do this? You can change this, and other php.ini directives, with the PHP function ini_set -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Sort by string length...
Any idea how to sort an array by string length? Russ Jones -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] can I compile php source
On Wednesday 22 December 2004 01:37, Paul Aviles wrote: Guys, this is trivial. It takes the same effort to provide the answer to whoever this guy was, than to lecture him on how to think. Teach a person to fish ... -- Jason Wong - Gremlins Associates - www.gremlins.biz You know, I bet that man is getting sick of eating fish all the time. Teach a man to shoot a cow... -- --Matthew Sims --http://killermookie.org -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] can I compile php source
Guys, this is trivial. It takes the same effort to provide the answer to whoever this guy was, than to lecture him on how to think. Teach a person to fish ... That's a good and true adage and certainly a philosophy to be put forth by this list. But, the question is, does an answer of Yes teach a person anything? I truly suspect not. Whereas Yes, here's how, and by the way you should read this page about how to ask smart questions. teaches a person quite a bit. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] help with coding #3
Team, Ok I will try the links again, sorry about the hassel, gee do I sound like a rookie coming up From the minor leagues or want. Anyway, Here are the links. Phps file http://www.theufl.com/movie_details.phps website http://www.theufl.com/php/wrox_php/movie_details.php on my connection the phps file looks all bunched up, I hope it looks good for you guys. Are you able to tshoot it and see whats going on? Im not able to get the code working. I am trying to build a movie database website for pratice. And I bought a wrox book beginning php.mysql, and phpmyadmin. However the code I used from book to my code on the file is not agreeing and I cant figure It out. Basically what it is if you click on a movie name link it suppose to take you to details and show You all the info for the movie and the reviews of the movie. Let me know if you cant view anyinfo, If you cant I will have to figure out another way for you to see my code, or maybe I can email you Directly the file instead of the php list. (TheSaint) Karl James [EMAIL PROTECTED] http://theufl.com/
Re: [PHP] How to set register_globals=off in the script?
Yes and no... Here's what the manual has to say about this...Basically, you can't do it using ini_set, but you can do it using an htaccess file. http://us2.php.net/manual/en/ini.sect.data-handling.php#ini.register-globals register_globals boolean Whether or not to register the EGPCS (Environment, GET, POST, Cookie, Server) variables as global variables. As of PHP 4.2.0, this directive defaults to off. Please read the security chapter on Using register_globals for related information. Please note that register_globals cannot be set at runtime (ini_set()). Although, you can use .htaccess if your host allows it as described above. An example .htaccess entry: php_flag register_globals off. Note: register_globals is affected by the variables_order directive. On Tue, 21 Dec 2004 14:56:03 -0500, Jerry Swanson [EMAIL PROTECTED] wrote: I know that register_globals = on is not secure. But one program requires to use register_globals=on. So in php.ini register_globals is set to on. I have PHP 5.1, is it possible in the code set register_globals=off for specific scripts. So I want to keep PHP register_globals=on in php.ini, but in local files set to off? How I can do this? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: Re: [PHP] OT Re: [PHP] can I compile php source
From: Larry E. Ullman [EMAIL PROTECTED] Do you honestly think people are learning __anything__ when you reply with a Yes? Yes. ---John Holmes... UCCASS - PHP Survey System http://www.bigredspark.com/survey.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How to set register_globals=off in the script?
On Tue, 21 Dec 2004 14:56:03 -0500, Jerry Swanson [EMAIL PROTECTED] wrote: I know that register_globals = on is not secure. But one program requires to use register_globals=on. So in php.ini register_globals is set to on. I have PHP 5.1, is it possible in the code set register_globals=off for specific scripts. I'm afraid the answer is no, as the vars are globally set before running the first line of your script, so this parameter cannot be changed by code. But you can use some specific configurations if using Apache as the webserver: So I want to keep PHP register_globals=on in php.ini, but in local files set to off? How I can do this? If your server is Apache, you can modify locally modify the settings for a virtual server adding a line in the virtual server section in your httpd.conf file (and have off in your php.ini) php_flag register_globals = 1 Don't forget to restart Apache after adding this line. Also, you can set this line in the .htaccess file at the root directory for any website, and it will modify the setting only for that virtual server. The httpd.conf option is best as it is parsed only when Apache start, the .htaccess file is parsed for each file processed by the server. Hope this helps, Jordi. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How to set register_globals=off in the script?
I know that register_globals = on is not secure. But one program requires to use register_globals=on. So in php.ini register_globals is set to on. I have PHP 5.1, is it possible in the code set register_globals=off for specific scripts. So I want to keep PHP register_globals=on in php.ini, but in local files set to off? you could use .htaccess or httpd.conf files to set it http://us2.php.net/ini_set -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How to set register_globals=off in the script?
if the script isn't that big you can probably use extract() in most cases.. is the script in its own directory? if so you can turn register globals on just for that one directory.. create an .htaccess file and add: php_value register_globals on then place the .htaccess in the directory where the script is located. - Original Message - From: Jerry Swanson [EMAIL PROTECTED] To: PHP List [EMAIL PROTECTED] Sent: Tuesday, December 21, 2004 2:56 PM Subject: [PHP] How to set register_globals=off in the script? I know that register_globals = on is not secure. But one program requires to use register_globals=on. So in php.ini register_globals is set to on. I have PHP 5.1, is it possible in the code set register_globals=off for specific scripts. So I want to keep PHP register_globals=on in php.ini, but in local files set to off? How I can do this? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How to set register_globals=off in the script?
From: Jerry Swanson [EMAIL PROTECTED] I know that register_globals = on is not secure. bah... you can write secure scripts with it on or off. having it off by default simply helps to lessen some of the security issues that new programmers may not be aware of. But one program requires to use register_globals=on. So in php.ini register_globals is set to on. I have PHP 5.1, is it possible in the code set register_globals=off for specific scripts. So I want to keep PHP register_globals=on in php.ini, but in local files set to off? How I can do this? You can use an .htaccess file to turn it on or off for directories. I don't think it works for individual scripts, though. ---John Holmes... UCCASS - PHP Survey System http://www.bigredspark.com/survey.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: How to set register_globals=off in the script?
From: Jason Barnett [EMAIL PROTECTED] Jerry Swanson wrote: I have PHP 5.1, is it possible in the code set register_globals=off for specific scripts. You can change this, and other php.ini directives, with the PHP function ini_set No, you can't. register_globals cannot be set with ini_set and must be set in php.ini or an .htaccess file. ---John Holmes... UCCASS - PHP Survey System http://www.bigredspark.com/survey.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: How to set register_globals=off in the script?
Jason Barnett wrote: So I want to keep PHP register_globals=on in php.ini, but in local files set to off? How I can do this? You can change this, and other php.ini directives, with the PHP function ini_set register_globals cannot be changed with ini_set(). It is of type PHP_INI_PERDIR meaning that it can only be changed in the php.ini, .htaccess, or httpd.conf. See: http://www.php.net/manual/en/function.ini-set.php Personally I prefer to set register_globals=off in php.ini, then use an .htaccess file to turn it on only for those applications that absolutely require it to function. That way new applications default to register_globals=off. IOW, I prefer to have to take specific action to open up potential security holes rather than having to take specific action to close them. YMMV... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php