Re: [PHP] retrieve POST body?
Myron Turner wrote: I'm not sure I follow here, because the Perl script would be saving the posted file to disk. It would then send back a redirect with the name of the file in the query string of the url, which would point to a php script that would then read the file from the disk. So the file shouldn't be sent more than once. In any event, I do think that at least a few of use are agreed that somehow the whole post should be made available in PHP. Good luck with your solution, Myron Yes, you're right. :-) Somehow I thought the whole request just goes twice. I think I've been staring at a computer too long today. My head hurts. *L* -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Find MAC Address in PHP
This may help you (find .tgz file at the page bottom): http://daevid.com/examples/dhcp/ This is a little web tool I use to see who is on my LAN D.Vin -Original Message- From: Nathaniel Hall [mailto:[EMAIL PROTECTED] Sent: Friday, April 20, 2007 1:00 PM To: php-general@lists.php.net Subject: [PHP] Find MAC Address in PHP Hi all, I am attempting to find the MAC address of systems visiting my page from the local LAN. I have tried several things, but it appears it will not let me run system commands. For example, running ?php $MAC = system(arp 192.168.200.254); echo $MAC; ? does not give me any output. I have copied arp to a place that the apache user can execute from and ensured arp is executable. This is on a Fedora Core 6 box running PHP 5.1.6-3.4 and Apache 2.2.3-5. Any help is appreciated. -- Nathaniel Hall -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Standard Address Book?
You might look into vCards -- most mail clients load/import them. http://en.wikipedia.org/wiki/VCard -Original Message- From: Jim Lucas [mailto:[EMAIL PROTECTED] Sent: Monday, April 23, 2007 8:48 AM To: [EMAIL PROTECTED] Cc: php-general@lists.php.net Subject: Re: [PHP] Standard Address Book? Timothy Murphy wrote: Is there any kind of standard for a PHP/SQL/XML addressbook? Are you asking if there is any type of standard for building an address book in general? That you are using PHP/SQL/XML is your preference. With a few clicks from Google, I found these: http://groupware.openoffice.org/ab_schema/index.html http://developer.apple.com/documentation/AppleApplications/Ref erence/SyncServicesSchemaRef/Articles/Contacts.html Hope this helps -- Enjoy, Jim Lucas Different eyes see different things. Different hearts beat on different strings. But there are times for you and me when all such things agree. - Rush -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] filetype() and exec() issues
On 4/24/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: This question is a two parter a) anyone else noticing filetype() failing on ISO image files? Warning: filetype(): Lstat failed for /var/lib/samba/some/file.iso Nope, didn't fail for me. But what exactly do you want to know about the file? filetype only check wheter the the argument given is a fifo, char, dir, block, link, file, or unknown. What you're doing below with the file command is getting the content type, there you could use the function mime_content_type, but it is deprecated, and seems not to work always. The manual forwards you to the fileinfo functions: http://www.php.net/manual/en/function.finfo-file.php example 592 does what you're doing with the file command below. b) I have a script that during processing will eventually call exec('/usr/bin/file -bi '.$file) over 1000 times, I've added a counter and when it dies on this line it's always after 1020 exec calls, regardless of the file name I'm feeding to `file`. I've reproduced this with both exec, shell_exec, system and the backticks. What am I missing here? Why does it die? Is it because te max execution time reached? then you should extend the max executon time: http://www.php.net/set_time_limit Tijnema snip -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] What determines the relative directory, and can I control it?
On 4/24/07, Dave M G [EMAIL PROTECTED] wrote: PHP Users, I am developing a content management system, and one of the goals is to separate out the design entirely from the PHP scripting and content. All the PHP scripts which contain the logic that drives the site are all in the web site's root directory, where the main index.php is located. The site uses an .htaccess file that creates user friendly URLs, so basically every time a user does anything on the site, it goes through /index.php. The intention is for the designer of the site to only have access to a subdirectory of the site called layout. If the designer wants, he or she can have multiple styles, which would each be in their own subdirectories. So, for example, there might be a /layout/styleOne directory, and a /layout/styleTwo directory. The way a designer builds a style is with a file called layout.php. This file contains blocks of HTML code that the designer can manipulate in order to customize the layout of the site. For example, that file would be located at /layout/styleOne/layout.php. Right now, if the designer of the site wants to make a call to an external CSS style sheet within layout.php, the designer has to write in the whole path, relative to the index.php file. For example: style type=text/css @import /layout/styleOne/style.css; /style But I'd like to make it so that the designer doesn't need to ever think about paths, and can state the path to the CSS file relative to layout.php, and not relative to index.php. Like so: style type=text/css @import style.css; /style What happens is that index.php includes a file called include.php. That file in turn includes all the PHP scripts on the site. That file includes another file called Page.php which has a way of including layout.php depending on what style the page needs. For example, styleOne or styleTwo. That's a long linear string of includes, but bottom line is, if I'm correct, that the index.php ultimately includes layout.php, and layout.php therefor acts as if it were in the same directory as index.php. I hope I have described the situation adequately. My question is, as implied above: Can I somehow manipulate any of the PHP scripts involved so that the HTML within layout.php will look first in it's own directory for inclusion of files, such as CSS and javascript and anything else? Thank you for your time and assistance. -- Dave M G Ubuntu 7.04 Feisty Fawn Kernel 2.6.20-15-generic Pentium D Dual Core Processor This is a client side problem. After your whole PHP processing has been done, 1 final HTML page is executed. In that page you have set : style type=text/css @import style.css; /style Then the browser will create a NEW request, to get the style.css file. And he will request that file in the same directory the index.php file is in. So what you want is impossible, unless you're gonna create a silly browser ;) what you can do, and what i see a lot is that they let PHP open the CSS file, and display the CSS inline. Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] What determines the relative directory, and can I control it?
[snip] Can I somehow manipulate any of the PHP scripts involved so that the HTML within layout.php will look first in it's own directory for inclusion of files, such as CSS and javascript and anything else? [/snip] If a user accesses http://site.com/index.php, then the HTML that is spit back out from requesting index.php better have CSS import statements that point to where the CSS files really are. Example: Requesting http://site.com/index.php returns script type=text/css @import a.css /script Then there better be the following: http://site.com/a.css There is no way around that (AFAIK), because that is how the web browsers find such CSS sheets. In a simplified explanation, they look for the path of the import, append it to where the request was filed, and download whatever they get. You can make it easier on the designer though, in by telling them they must do something like: script type=text/css @import $path.'a.css' /script Then YOUR php files can determine whatever $path needs to be before it includes the file. So when they request http://site.com/index.php, it will spit out: script type=text/css @import styles/site1/a.css /script I hope this makes sense. -Logan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] filetype() and exec() issues
You may also want to check and make sure that your ISO isn't more than 4GB. IIRC, I had some troubles with extremely large files and using filetype() on them. But then again, it may have just been something on my own end. -Logan -Original Message- From: Tijnema ! [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 24, 2007 2:18 AM To: [EMAIL PROTECTED] Cc: php-general@lists.php.net Subject: Re: [PHP] filetype() and exec() issues On 4/24/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: This question is a two parter a) anyone else noticing filetype() failing on ISO image files? Warning: filetype(): Lstat failed for /var/lib/samba/some/file.iso Nope, didn't fail for me. But what exactly do you want to know about the file? filetype only check wheter the the argument given is a fifo, char, dir, block, link, file, or unknown. What you're doing below with the file command is getting the content type, there you could use the function mime_content_type, but it is deprecated, and seems not to work always. The manual forwards you to the fileinfo functions: http://www.php.net/manual/en/function.finfo-file.php example 592 does what you're doing with the file command below. b) I have a script that during processing will eventually call exec('/usr/bin/file -bi '.$file) over 1000 times, I've added a counter and when it dies on this line it's always after 1020 exec calls, regardless of the file name I'm feeding to `file`. I've reproduced this with both exec, shell_exec, system and the backticks. What am I missing here? Why does it die? Is it because te max execution time reached? then you should extend the max executon time: http://www.php.net/set_time_limit Tijnema snip -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] help needed to write an installation script for my php application
On 4/23/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hi There, Could you please help me to write an installation script to install a php based application in Windows. 1. I have WAMP5.0 running my my IBM T43 laptop. 2. I have created a php application. 3. I would like to know how to create an installation Wizard for my application. What it should accomplish is that: Once the CD containing my application is loaded to CD drive, it should automatically ask me the standard windows installation questions to install my application in the path specified by me. Your help will be highly appreciated. Thanks, G. Guruswamy (VV, QCG) +91-93412-74717 Have a look at this page: http://www.softpedia.com/get/Authoring-tools/Setup-creators/ It contains (nearly) all installer software, softpedia has a rating system, so search for one with a high rating, and if you don't like it, pick the second :) Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] What determines the relative directory, and can I control it?
Greetings. On Tuesday 24 April 2007 09:22, Tijnema ! wrote: Right now, if the designer of the site wants to make a call to an external CSS style sheet within layout.php, the designer has to write in the whole path, relative to the index.php file. For example: style type=text/css @import /layout/styleOne/style.css; /style But I'd like to make it so that the designer doesn't need to ever think about paths, and can state the path to the CSS file relative to layout.php, and not relative to index.php. Like so: style type=text/css @import style.css; /style What happens is that index.php includes a file called include.php. That file in turn includes all the PHP scripts on the site. That file includes another file called Page.php which has a way of including layout.php depending on what style the page needs. For example, styleOne or styleTwo. That's a long linear string of includes, but bottom line is, if I'm correct, that the index.php ultimately includes layout.php, and layout.php therefor acts as if it were in the same directory as index.php. I hope I have described the situation adequately. My question is, as implied above: Can I somehow manipulate any of the PHP scripts involved so that the HTML within layout.php will look first in it's own directory for inclusion of files, such as CSS and javascript and anything else? Thank you for your time and assistance. Dave M G Ubuntu 7.04 Feisty Fawn Kernel 2.6.20-15-generic Pentium D Dual Core Processor function getCss($styleName) { $strReturn = style type='text/css'@import '/layout/._MY_LAYOUT_DIR_./.styleName.';/style return $strReturn; } layout.php ?php define(_MY_LAYOUT_DIR_,styleOne); // when css file need use getCss('style.css') ? And if you ask me for options. Kick designers until the they get learn someting about directory This kind of auto magic operations bloats scripts, increases CPU costs and increases security threads (because you assume lots of things and because of murph law your assumptations have to false) Also you cannot satisfy designers until generate some kind of mind reader device/software to automaticly convert their dreams into perfect html/php code. Even you invent that thing they will still complaing about no body understand their ability of art. So kick them hard as possible... Regards Sancar -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: advice for blob tables?
This one time, at band camp, [EMAIL PROTECTED] wrote: I've been using this one: http://www.dreamwerx.net/phpforum/?id=1 I developed it in 2001 and it's had implementations into the hundreds of gb's so far. I have a ftp interface to it that runs at wire speed (100FDX). I initially did it the 1 row way, and ran into issues, so I implemented this one. Thats fine, but this is normalization for no real purpose. You have defined two tables, one for the image and another for the metadata but the relationship is one-to-one which makes it rather redundant except if you wish to store different amounts of metadata per image. You also state How about NFS/SMB network shares? That's not a bad idea either but not without it's problems Whilst I am an advocate of binary storage, there is no real issue I see with NFS/SMB particularly NFSv4 (supports file locking which I like) or GFS2. Cluster file system works quite well.. but I digress. I find all sorts of injection issues surrounding statements such as $SQL = select * from file where id = . $_GET[id] in the tutorial you mention, not that this is a production ready script, it just makes me nervouse when newbies replicate this. Kind regards kevin -- Democracy is two wolves and a lamb voting on what to have for lunch. Liberty is a well-armed lamb contesting the vote. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] performance down
Hello everyone, recently we tested upgrading our systems from: apache 2.0.55 php 5.1.6 eacclerator 0.9.5 to: apache 2.2.3 php 5.2.0 eaccelerator 0.9.5 but we always get worse performance than before. So maybe it is the newer apache version which slows us down or changes in php 5.2.0. Has anyone come across a similar phenomenon? Dominic Letz -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] performance down
On 4/24/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hello everyone, recently we tested upgrading our systems from: apache 2.0.55 php 5.1.6 eacclerator 0.9.5 to: apache 2.2.3 php 5.2.0 eaccelerator 0.9.5 but we always get worse performance than before. So maybe it is the newer apache version which slows us down or changes in php 5.2.0. Has anyone come across a similar phenomenon? Dominic Letz What platform are you using? Windows or Linux? Never had any slow PHP versions on my Linux server. Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] voucher manipulation
Alo, I have a client looking to do the following; There is a standard voucher design, in the format of JPG ... now ... they wish to create a voucher system where if you reach so many points etc you can claim a voucher (using the design) with a expiry date ... current + 30days and a unique voucher number. Now, I have looked at ImageCreateFromjpeg etc ... but ... cant figure out how to place the text on it within the specified areas. It will then be emailed to the user. Does anyone know of an idea out there already I can take a look at ... or some advice? Kind regards, Steven Macintyre -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] voucher manipulation
On 4/24/07, Steven Macintyre [EMAIL PROTECTED] wrote: Alo, I have a client looking to do the following; There is a standard voucher design, in the format of JPG ... now ... they wish to create a voucher system where if you reach so many points etc you can claim a voucher (using the design) with a expiry date ... current + 30days and a unique voucher number. Now, I have looked at ImageCreateFromjpeg etc ... but ... cant figure out how to place the text on it within the specified areas. It will then be emailed to the user. Does anyone know of an idea out there already I can take a look at ... or some advice? Kind regards, Steven Macintyre You're at the right start, you should create a image stream with ImageCreateFromJpeg, and then you should write text to it with one of the following functions: ImageTtfText ImagePsText ImageFtText and then save it, or output it. (ImageJpeg for example) Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] voucher manipulation
Alo, I have a client looking to do the following; There is a standard voucher design, in the format of JPG ... now ... they wish to create a voucher system where if you reach so many points etc you can claim a voucher (using the design) with a expiry date ... current + 30days and a unique voucher number. Now, I have looked at ImageCreateFromjpeg etc ... but ... cant figure out how to place the text on it within the specified areas. It will then be emailed to the user. Does anyone know of an idea out there already I can take a look at ... or some advice? Steven, Have a look at http://php.net/imagettftext . Also, here is a code snippet from something I did a long time ago to brand uploaded images. Maybe you can modify it for your needs or get an idea of how to proceed. It contains two slightly offset imagettftext() calls because I wanted a drop shadow effect to the brand. -[code]--- $fontpath =$_SERVER['DOCUMENT_ROOT']./PAPYRUS.TTF; function brand_image($big_pic){ // Draw border and brand big_pic $ims=getimagesize($big_pic); $img = ImageCreateTrueColor($ims[0],$ims[1]); $black = imagecolorallocate ($img, 0, 0, 0); $white = imagecolorallocate ($img, 255, 255, 255); imagecopy($img,$org_img, 0, 0, 0, 0, $ims[0], $ims[1]); for($x=0;$x$tnborderwidth;$x++){imagerectangle($img,$x,$x,$ims[0]-(1+$x),$i ms[1]-(1+$x), $black);} imagettftext($img,20, 0, $ims[0]-260, $ims[1]-20, $black, $fontpath, $brandtext); imagettftext($img,20, 0, $ims[0]-262, $ims[1]-22, $white, $fontpath, $brandtext); imagejpeg($img,$big_pic,90); imagedestroy($img); } //function brand_image --[/code]--- JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Problems installing php with pdflib
On 4/17/07, Richard Lynch [EMAIL PROTECTED] wrote: On Sat, April 14, 2007 3:55 am, Merlin wrote: I am moving to a new box and want to install php with pdflib again. After configure I get an error saying: pdflib.h not found! Check the path passed to --with-pdflib The path is just fine: '--with-pdflib=/usr/local/lib' configure needs to find TWO things: #1 the lib file which is libpdf.so in /usr/local/lib #2 the header file which is libpdf.h in /usr/local/include If you tell configure to look inside of /usr/local/lib, it can't *find* the libpdf.h file, because it's not inside that directory, it's inside a directory parallel to that. If you tell configure to look in /usr/local, it knows to check in /usr/local/lib for the .so file, and in /usr/local/include for the .h file, and it finds everything it needs. It won't, because his headers are in /usr/local/lib, and not in /usr/include/header I don't know if the following will work, but you could try adding the an include dir to CFLAGS: export CFLAGS=-I /usr/local/lib *note that this will destroy currently set CFLAGS. And then try configuring with --with-pdflib=/usr/local Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] performance down
Tijnema ! wrote: On 4/24/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hello everyone, recently we tested upgrading our systems from: apache 2.0.55 php 5.1.6 eacclerator 0.9.5 to: apache 2.2.3 php 5.2.0 eaccelerator 0.9.5 but we always get worse performance than before. So maybe it is the newer apache version which slows us down or changes in php 5.2.0. Has anyone come across a similar phenomenon? Dominic Letz What platform are you using? Windows or Linux? Never had any slow PHP versions on my Linux server. **SLOWER** it's a comparative not an absolute. know the difference. either go back to comparing print echo or realise that (for example) a spaceshuttle is fast and an F1 racecar is fast but one if *faster* than the other. the OP asked about comparative performance degradation. sorry OP I can't comment on the degradation your seeing, but I'm interested if anyone can - in the mean time you might consider downgrading apache and measuring the difference and subsequently upgrading apache whilst downgrading php and measuring the difference also - it might give you a clue as to which beast is causing the problem. you might also consider that it's not the upgrade as such but the server configuration (for apache mostly) that is sub optimal. Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Find MAC Address in PHP
On 4/23/07, Davi [EMAIL PROTECTED] wrote: Em Domingo 22 Abril 2007 03:12, Richard Lynch escreveu: On Fri, April 20, 2007 3:00 pm, Nathaniel Hall wrote: ?php $MAC = system(arp 192.168.200.254); echo $MAC; ? does not give me any output. I have copied arp to a place that the apache user can execute from and ensured arp is executable. Use exec and the extra args to get error codes. ARP is a root-command... =] Ok, maybe it's because i've builded my own Linux, and didn't wanted to have any security, but /sbin/arp has chmod value 755 on my system, and so, i can execute it with any user. Can you run 'arp' and get what you want from command line? As web-user? No. i can :) Can you 'su' to PHP user and *then* run it and get what you want? Hum... Not at all... You need to enter the root password... How can you do that? sudo sounds a little better... But... How about security? Hmm, that would mean that you have to store your root password in your PHP script ... I don't prefer that, maybe you could use it on a development server, but don't use it on production server ;) If not, you can't do that. And with a shell-script outputting the MAC to a .txt temp file, reading it from the PHP script? BTW, have a look at suPHP [1]... =] [1] - http://www.howtoforge.com/suphp_debian_etch_ispconfig That's really a big job to install :( Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] posting variables to parent frame
On 4/17/07, Hans [EMAIL PROTECTED] wrote: Hi there, I'm trying to post variables to a parent frame, I'm working from a page that is in an iFrame. However, I don't know how to accomplish this. I tried target='top' to include in the form tag (form action=?=$formurl? target=top) but this didn't succeed. Can you please help me? Thanks in advance! Hans Always have a look at w3schools first :) Then you would have noticed that it is _top instead of top http://www.w3schools.com/tags/tag_form.asp Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Find MAC Address in PHP
Em Terça 24 Abril 2007 10:07, Tijnema ! escreveu: On 4/23/07, Davi [EMAIL PROTECTED] wrote: Em Domingo 22 Abril 2007 03:12, Richard Lynch escreveu: On Fri, April 20, 2007 3:00 pm, Nathaniel Hall wrote: ?php $MAC = system(arp 192.168.200.254); echo $MAC; ? does not give me any output. I have copied arp to a place that the apache user can execute from and ensured arp is executable. Use exec and the extra args to get error codes. ARP is a root-command... =] Ok, maybe it's because i've builded my own Linux, and didn't wanted to have any security, but /sbin/arp has chmod value 755 on my system, and so, i can execute it with any user. cheatter... =P Can you run 'arp' and get what you want from command line? As web-user? No. i can :) cheatter... =P Can you 'su' to PHP user and *then* run it and get what you want? Hum... Not at all... You need to enter the root password... How can you do that? sudo sounds a little better... But... How about security? Hmm, that would mean that you have to store your root password in your PHP script ... I don't prefer that, maybe you could use it on a development server, but don't use it on production server ;) Yes... You store your root pwd in your script then: ?php $root_pwd=123456; echo system(su - -c arp); ? $ su - -c arp Password: How you'll type your root pwd? =P If not, you can't do that. And with a shell-script outputting the MAC to a .txt temp file, reading it from the PHP script? #!/bin/bash if [ ! $# -eq 1 ]; then echo Usage: $0 target_ip; exit; fi; MAC_ADDR=`sudo arp | grep $1 | cut -d -f18` echo ${MAC_ADDR} /your/html/pub/dir/mac_temp.txt ?php $mac=file(mac_temp.txt); foreach($mac_addr as $mac){ echo $mac_addr; } ? BTW, have a look at suPHP [1]... =] [1] - http://www.howtoforge.com/suphp_debian_etch_ispconfig That's really a big job to install :( Yeah!! =P -- Davi Vidal [EMAIL PROTECTED] [EMAIL PROTECTED] -- Religion, ideology, resources, land, spite, love or just because... No matter how pathetic the reason, it's enough to start a war. pgpwZwDXPVazK.pgp Description: PGP signature
[PHP] Shell used by system()
Hi *, is it possible to change the shell used by system() , exec() and similar PHP funtions? I'm running mod_php in apache on Linux. Apache shell is set to /sbin/nologin but PHP insists to call /bin/sh... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: posting variables to parent frame
iFrames are obsolete and only IE handles them. I don't even know if IE7 does. Use css div tags instead. Hans wrote: Hi there, I'm trying to post variables to a parent frame, I'm working from a page that is in an iFrame. However, I don't know how to accomplish this. I tried target='top' to include in the form tag (form action=?=$formurl? target=top) but this didn't succeed. Can you please help me? Thanks in advance! Hans -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: performance down
Jochem Maas wrote: sorry OP I can't comment on the degradation your seeing, but I'm interested if anyone can - in the mean time you might consider downgrading apache and measuring the difference and subsequently upgrading apache whilst downgrading php and measuring the difference also - it might give you a clue as to which beast is causing the problem. you might also consider that it's not the upgrade as such but the server configuration (for apache mostly) that is sub optimal. You may also want to try PHP 5.2.1 and see if it's faster? If you are upgrading, I'd imagine you'd want the most recent version after all. Col. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Find MAC Address in PHP
On 4/24/07, Davi [EMAIL PROTECTED] wrote: Em Terça 24 Abril 2007 10:07, Tijnema ! escreveu: On 4/23/07, Davi [EMAIL PROTECTED] wrote: Em Domingo 22 Abril 2007 03:12, Richard Lynch escreveu: On Fri, April 20, 2007 3:00 pm, Nathaniel Hall wrote: ?php $MAC = system(arp 192.168.200.254); echo $MAC; ? does not give me any output. I have copied arp to a place that the apache user can execute from and ensured arp is executable. Use exec and the extra args to get error codes. ARP is a root-command... =] Ok, maybe it's because i've builded my own Linux, and didn't wanted to have any security, but /sbin/arp has chmod value 755 on my system, and so, i can execute it with any user. cheatter... =P I hate security ;) Also, i have Apache running as root, so i can execute everything i want :) Can you run 'arp' and get what you want from command line? As web-user? No. i can :) cheatter... =P Can you 'su' to PHP user and *then* run it and get what you want? Hum... Not at all... You need to enter the root password... How can you do that? sudo sounds a little better... But... How about security? Hmm, that would mean that you have to store your root password in your PHP script ... I don't prefer that, maybe you could use it on a development server, but don't use it on production server ;) Yes... You store your root pwd in your script then: ?php $root_pwd=123456; echo system(su - -c arp); ? $ su - -c arp Password: How you'll type your root pwd? =P Something with the proc_* functions as you need bi-directional streams (input/output). Something like this: (not tested, partly copied form example 1926) ?php $root_pwd=123456; $descriptorspec = array( 0 = array(pipe, r), // stdin is a pipe that the child will read from 1 = array(pipe, w), // stdout is a pipe that the child will write to 2 = array(file, /tmp/error-output.txt, a) // stderr is a file to write to ); $process = proc_open('su - -c arp', $descriptorspec, $pipes); if (is_resource($process)) { fwrite($pipes[0], $root_pwd.\r\n); fclose($pipes[0]); echo stream_get_contents($pipes[1]); fclose($pipes[1]); proc_close($process); } ? If not, you can't do that. And with a shell-script outputting the MAC to a .txt temp file, reading it from the PHP script? #!/bin/bash if [ ! $# -eq 1 ]; then echo Usage: $0 target_ip; exit; fi; MAC_ADDR=`sudo arp | grep $1 | cut -d -f18` echo ${MAC_ADDR} /your/html/pub/dir/mac_temp.txt Where's the root password? I guess you need it too when using sudo? ?php $mac=file(mac_temp.txt); foreach($mac_addr as $mac){ echo $mac_addr; } ? Uhm, this is really weird code, i guess you meant this: ?php $mac=file(mac_temp.txt); foreach($mac as $mac_addr){ echo $mac_addr; } ? But well, when you have root access to the server, it might be better to just cheat like i did, and make arp available to the PHP user :) Tijnema BTW, have a look at suPHP [1]... =] [1] - http://www.howtoforge.com/suphp_debian_etch_ispconfig That's really a big job to install :( Yeah!! =P -- Davi Vidal [EMAIL PROTECTED] [EMAIL PROTECTED] -- Religion, ideology, resources, land, spite, love or just because... No matter how pathetic the reason, it's enough to start a war. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Shell used by system()
On 4/24/07, Marco Michelino [EMAIL PROTECTED] wrote: Hi *, is it possible to change the shell used by system() , exec() and similar PHP funtions? I'm running mod_php in apache on Linux. Apache shell is set to /sbin/nologin but PHP insists to call /bin/sh... First, I guess this isn't the fault of PHP, but the very first line in your shell script. It contains something like #!/bin/sh And yes, it will execute /bin/sh. You might want to force execution with another shell by adding that to the system/exec command: system(/bin/anothersh /path/to/myscript.sh); Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Find MAC Address in PHP
Em Terça 24 Abril 2007 10:49, Tijnema ! escreveu: On 4/24/07, Davi [EMAIL PROTECTED] wrote: How you'll type your root pwd? =P Something with the proc_* functions as you need bi-directional streams (input/output). Something like this: (not tested, partly copied form example 1926) ?php $root_pwd=123456; $descriptorspec = array( 0 = array(pipe, r), // stdin is a pipe that the child will read from 1 = array(pipe, w), // stdout is a pipe that the child will write to 2 = array(file, /tmp/error-output.txt, a) // stderr is a file to write to ); $process = proc_open('su - -c arp', $descriptorspec, $pipes); if (is_resource($process)) { fwrite($pipes[0], $root_pwd.\r\n); fclose($pipes[0]); echo stream_get_contents($pipes[1]); fclose($pipes[1]); proc_close($process); } ? sounds cool... =] I'll search for it... If not, you can't do that. And with a shell-script outputting the MAC to a .txt temp file, reading it from the PHP script? #!/bin/bash if [ ! $# -eq 1 ]; then echo Usage: $0 target_ip; exit; fi; MAC_ADDR=`sudo arp | grep $1 | cut -d -f18` echo ${MAC_ADDR} /your/html/pub/dir/mac_temp.txt Where's the root password? I guess you need it too when using sudo? trick... =P correctly configured, sudo doesn't need pwd for some commands... see Ubuntu... ;) ?php $mac=file(mac_temp.txt); foreach($mac_addr as $mac){ echo $mac_addr; } ? Uhm, this is really weird code, i guess you meant this: ?php $mac=file(mac_temp.txt); foreach($mac as $mac_addr){ echo $mac_addr; } ? Yes... Sorry! =] But well, when you have root access to the server, it might be better to just cheat like i did, and make arp available to the PHP user :) I'm some paranoic... =X I wouldn't do it... =P -- Davi Vidal [EMAIL PROTECTED] [EMAIL PROTECTED] -- Religion, ideology, resources, land, spite, love or just because... No matter how pathetic the reason, it's enough to start a war. pgp9WHLICjbd1.pgp Description: PGP signature
[PHP] transparent gifs with matte?
Hi, I am looking to create a transparent text gif that allows me to set a colour for the matte. I have it working as a PNG but this is no good in IE. Does anyone have an exampe of this? This is my code so far. ?php header(Content-type: image/gif); $im = imagecreate (800, 30); $black = ImageColorAllocate ($im, 255, 255, 255); $blue = ImageColorAllocate ($im, 75, 104, 177); ImageTTFText ($im, 20, 0, 10, 20, $blue, Font - TrueType - Square 721 BT.ttf, HELLO); ImageGif ($im); ImageDestroy ($im); ? R. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Find MAC Address in PHP
On 4/24/07, Tijnema ! [EMAIL PROTECTED] wrote: On 4/24/07, Davi [EMAIL PROTECTED] wrote: Em Terça 24 Abril 2007 10:07, Tijnema ! escreveu: On 4/23/07, Davi [EMAIL PROTECTED] wrote: Em Domingo 22 Abril 2007 03:12, Richard Lynch escreveu: On Fri, April 20, 2007 3:00 pm, Nathaniel Hall wrote: ?php $MAC = system(arp 192.168.200.254); echo $MAC; ? does not give me any output. I have copied arp to a place that the apache user can execute from and ensured arp is executable. Use exec and the extra args to get error codes. ARP is a root-command... =] Ok, maybe it's because i've builded my own Linux, and didn't wanted to have any security, but /sbin/arp has chmod value 755 on my system, and so, i can execute it with any user. cheatter... =P I hate security ;) Also, i have Apache running as root, so i can execute everything i want :) I hope you never make your server public then or try to become a server-administrator.. Wow. -- Postgresql php tutorials http://www.designmagick.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Re: Suggestions for Web based FileServer/Mailaccess
Am 2007-04-19 16:55:10, schrieb Richard Lynch: Where do the Files come from in the first place? Attachments? External source? External. If they were attachments, maybe you'd be better off just leaving them in the Maildir... Right! I suppose you could build a parallel File System to your Maildirs, then within each of those, make a directory by Message-id: header, then put any attachments with the cid: name as the file name. One question: Is the cid: special to crate? I have seen this stuff in W$ Systems and SPAM coming from such systems but have no experience with it... That should make everything unique... Greetings Michelle Konzack Systemadministrator Tamay Dogan Network Debian GNU/Linux Consultant -- Linux-User #280138 with the Linux Counter, http://counter.li.org/ # Debian GNU/Linux Consultant # Michelle Konzack Apt. 917 ICQ #328449886 50, rue de Soultz MSN LinuxMichi 0033/6/6192519367100 Strasbourg/France IRC #Debian (irc.icq.com) signature.pgp Description: Digital signature
[PHP] Re: Re: auto page generation
Am 2007-04-20 10:26:29, schrieb Chris: Michelle Konzack wrote: Do you know an equivalent book for php5 and PostgreSQL 8.1/8.2? Beginning PHP and PostgreSQL 8: From Novice to Professional (Paperback) might have something you need. (I would send an amazon link but it's about 200 characters :P). Where is the problem? I use Linux 8(=) I think, the ISBN should be enough... Greetings Michelle Konzack Systemadministrator Tamay Dogan Network Debian GNU/Linux Consultant -- Linux-User #280138 with the Linux Counter, http://counter.li.org/ # Debian GNU/Linux Consultant # Michelle Konzack Apt. 917 ICQ #328449886 50, rue de Soultz MSN LinuxMichi 0033/6/6192519367100 Strasbourg/France IRC #Debian (irc.icq.com) signature.pgp Description: Digital signature
[PHP] Re: Re: auto page generation
Am 2007-04-20 08:51:43, schrieb Roman Neuhauser: # [EMAIL PROTECTED] / 2007-04-20 10:26:29 +1000: Michelle Konzack wrote: Do you know an equivalent book for php5 and PostgreSQL 8.1/8.2? Beginning PHP and PostgreSQL 8: From Novice to Professional (Paperback) might have something you need. (I would send an amazon link but it's about 200 characters :P). http://www.amazon.com/dp/1590595475/ Is this the hash? ;-) Greetings Michelle Konzack Systemadministrator Tamay Dogan Network Debian GNU/Linux Consultant -- Linux-User #280138 with the Linux Counter, http://counter.li.org/ # Debian GNU/Linux Consultant # Michelle Konzack Apt. 917 ICQ #328449886 50, rue de Soultz MSN LinuxMichi 0033/6/6192519367100 Strasbourg/France IRC #Debian (irc.icq.com) signature.pgp Description: Digital signature
[PHP] secure alternative to HTTP_REFERER
Im looking for info about a secure alternative to the use of $_server['http_refere'] to check in a script from where are arriving $_post vars. any suggestion? Thans a lot. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: posting variables to parent frame
Al wrote: iFrames are obsolete and only IE handles them. I don't even know if IE7 does. Well that's just a complete load of rubbish. The iframe tag is not obsolete, and I don't know where you got the idea that they are. Several legitimate uses for iframes exist, and they're unlikely to go away any time soon. Use css div tags instead. They don't do the same thing, not by a long shot. -Stut Hans wrote: Hi there, I'm trying to post variables to a parent frame, I'm working from a page that is in an iFrame. However, I don't know how to accomplish this. I tried target='top' to include in the form tag (form action=?=$formurl? target=top) but this didn't succeed. Can you please help me? Thanks in advance! Hans -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Find MAC Address in PHP
Richard Lynch wrote: On Fri, April 20, 2007 3:00 pm, Nathaniel Hall wrote: I am attempting to find the MAC address of systems visiting my page from the local LAN. I have tried several things, but it appears it will not let me run system commands. For example, running ?php $MAC = system(arp 192.168.200.254); echo $MAC; ? does not give me any output. I have copied arp to a place that the apache user can execute from and ensured arp is executable. Use exec and the extra args to get error codes. Can you run 'arp' and get what you want from command line? Can you 'su' to PHP user and *then* run it and get what you want? If not, you can't do that. I dunno what 'arp' is gonna give you, but I wouldn't think you'd in general have access to the MAC address of a visitor hardware... Nor should you, actually... But if you've got your boxes configured to let any ol' person run this 'arp' thing and reply with their MAC addresses, I guess it oughta work... Thanks for the help. I believe I have narrowed it down to SELinux keeping Apache from executing commands. Anybody had the same problem and know a fix? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: PHP Text Messaging
Am 2007-04-19 09:27:56, schrieb Philip Thompson: Hi. I have attempted to look at the archives for this, but keep getting redirected back to the main PHP site when I click on the archive link. With that said, does anyone know of any good resources for sending text messages using PHP? I have Googled this topic and found a few, but find it hard to judge which ones are good. I have also looked at the SAM package, but wasn't sure how much that is being used by the community. I use gsmtools (Linux version but exist for Windows too) to send SMS. The Telephone is directly attached to my Server via serial cable. It works since ages... smstools is a daemon which can send and receive SMS from a simpel spool directory... Greetings Michelle Konzack Systemadministrator Tamay Dogan Network Debian GNU/Linux Consultant -- Linux-User #280138 with the Linux Counter, http://counter.li.org/ # Debian GNU/Linux Consultant # Michelle Konzack Apt. 917 ICQ #328449886 50, rue de Soultz MSN LinuxMichi 0033/6/6192519367100 Strasbourg/France IRC #Debian (irc.icq.com) signature.pgp Description: Digital signature
[PHP] Re: PHP Text Messaging
Am 2007-04-20 17:58:20, schrieb Stut: Daniel Brown wrote: The option that you're discussing is what I've been using for the last several years. All of the ones you sent look correct, from memory, but I'd have to check my scripts to see for sure. When I'm sending a message, I just send it to all of the providers, because one phone number can only exist on one carrier at any given time, so the bounces just go to /dev/null. Speaking on behalf of ISPs around the world, please don't do that. Take the time to figure it out and do it properly. Don't pollute the internet with more pointless emails. Sorry, but since Mobil-Telephone numbers are not more bound to GSM- Providers you will run into trouble... But right, sending ONE message to 100 mail2sms gateways at once is discouraged. You should spool the message, send it to the first GSM-Provicer and wait for bounces before sending it to the next one... I would accept sending the message to 3-5 GSM-Providers @once but creating a database of successfull send messages and bounces... and use it the next time someone send a message. Greetings Michelle Konzack Systemadministrator Tamay Dogan Network Debian GNU/Linux Consultant -- Linux-User #280138 with the Linux Counter, http://counter.li.org/ # Debian GNU/Linux Consultant # Michelle Konzack Apt. 917 ICQ #328449886 50, rue de Soultz MSN LinuxMichi 0033/6/6192519367100 Strasbourg/France IRC #Debian (irc.icq.com) signature.pgp Description: Digital signature
[PHP] Re: PHP Text Messaging
Am 2007-04-20 13:05:16, schrieb Daniel Brown: I don't really like to, because I run the risk of getting my IP or even netblock blacklisted, but I can't think of any other way to do it if the user doesn't know what carrier the number belongs to. Any ideas on this subject, I'm absolutely more than willing to listen. The way I did it is a hack, no question and an ugly one at that. It works, but not at all the way I want it to. And even if it's only about 0.3K per message sent, it adds up over time. Do you realy want to use the FREE SMS-Services? I buy from several European GSM-Providers bigger contingents of SMS's and have per SM-Provider 4-16 SIM-Cards... (My Server has 64 Siemens S40 attached) I pay per SMS 0.024 to 0.042 Euro and sell it for 0.06 to 0.18 Euro. The clients do Pre-Pay which mean I have no risk... I send per month around 2 million messages. Which mean, I earn effectiv nearly 0.01 Euro per message. and this is done only with a very OLD HP Vectra XA5/200MMT (P1/200 with 192 MByte of memory). Note: The 64 S40 are consuming over 20 times more electricity as the Computer and it works over an ADSL with 1MBit/128 kBit. Greetings Michelle Konzack Systemadministrator Tamay Dogan Network Debian GNU/Linux Consultant -- Linux-User #280138 with the Linux Counter, http://counter.li.org/ # Debian GNU/Linux Consultant # Michelle Konzack Apt. 917 ICQ #328449886 50, rue de Soultz MSN LinuxMichi 0033/6/6192519367100 Strasbourg/France IRC #Debian (irc.icq.com) signature.pgp Description: Digital signature
[PHP] Re: PHP Text Messaging
Am 2007-04-20 12:36:47, schrieb Edward Vermillion: How does Yahoo do it? You can send text messages through YMessenger and all you need is the number. You can probably do that with others but that's the only one I've ever used. Sending SMS international is expensive... e.g.: France - Morocco 0.30 Euro/SMS You must Do it like me and Yahoo... Install in each country (Me: FR, DE, MA, AZ, TN, TR, IL, SY, IR) a small Computer which is working rock solid... I use USED HP Vectra XA5/200MMT (P1/200 with 192 MByte of memory) and one or more cellphones. Prefered one for each (big) national GSM-provider. e.g.: France: 1) Bougues Telecom 2) SFR 3) Orange Germany: 1) Vodaphone 2) T-Mobil Morocco: 1) Maroc Mobil Turkey: 1) Turkcell Now wou must install a Central Web-Server where the customes connect and send the messages the server will send the message with ANY protocol you like to the right COUNTRY server and then the smstools right configured choose the right GSM-Provider to send the message. Are phone numbers assigned like ip addresses? Is there an arin.net for phones? I would think there is some way they keep track of all that. I have 8 private SIM-Cards with my OWN Telephone numbers... If I change the GSM-Provider I take my Telephone number with me. This make GSM-Routing quiet difficult, since the Database is NOT PUBLIC accessible. ONLY the GSM-Provider know it. But the telephone number is marked as portable without leting you know from which Network. AFAIK will this be changed in the next time... Greetings Michelle Konzack Systemadministrator Tamay Dogan Network Debian GNU/Linux Consultant -- Linux-User #280138 with the Linux Counter, http://counter.li.org/ # Debian GNU/Linux Consultant # Michelle Konzack Apt. 917 ICQ #328449886 50, rue de Soultz MSN LinuxMichi 0033/6/6192519367100 Strasbourg/France IRC #Debian (irc.icq.com) signature.pgp Description: Digital signature
Re: [PHP] secure alternative to HTTP_REFERER
AraDaen wrote: Im looking for info about a secure alternative to the use of $_server['http_refere'] to check in a script from where are arriving $_post vars. You could put a hash value into a hidden field on the form, and also store it in the session. When the form is submitted only accept it if the hashes match. However, this is very easy to get around, so I suggest you consider why you think you need this level of checking. Assuming you're properly validating and escaping all input coming from outside the app, IMHO this type of security should not be needed. -Stut -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] secure alternative to HTTP_REFERER
Stut wrote: You could put a hash value into a hidden field on the form, and also store it in the session. When the form is submitted only accept it if the hashes match. However, this is very easy to get around, so I suggest you consider why you think you need this level of checking. Assuming you're properly validating and escaping all input coming from outside the app, IMHO this type of security should not be needed. It can useful when you want to verify intent, which is an important consideration these days: http://shiflett.org/articles/cross-site-request-forgeries (I have an update that I need to publish, but this should be enough to explain the potential problems this technique can help prevent.) Chris -- Chris Shiflett http://shiflett.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: posting variables to parent frame
Provide an example of an iFrame that will work on all modern browsers and that can't be done with DIVs or OBJECTS Stut wrote: Al wrote: iFrames are obsolete and only IE handles them. I don't even know if IE7 does. Well that's just a complete load of rubbish. The iframe tag is not obsolete, and I don't know where you got the idea that they are. Several legitimate uses for iframes exist, and they're unlikely to go away any time soon. Use css div tags instead. They don't do the same thing, not by a long shot. -Stut Hans wrote: Hi there, I'm trying to post variables to a parent frame, I'm working from a page that is in an iFrame. However, I don't know how to accomplish this. I tried target='top' to include in the form tag (form action=?=$formurl? target=top) but this didn't succeed. Can you please help me? Thanks in advance! Hans -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Find MAC Address in PHP
Davi wrote: Em Domingo 22 Abril 2007 03:12, Richard Lynch escreveu: On Fri, April 20, 2007 3:00 pm, Nathaniel Hall wrote: ?php $MAC = system(arp 192.168.200.254); echo $MAC; ? does not give me any output. I have copied arp to a place that the apache user can execute from and ensured arp is executable. Use exec and the extra args to get error codes. ARP is a root-command... =] Can you run 'arp' and get what you want from command line? As web-user? No. Can you 'su' to PHP user and *then* run it and get what you want? Hum... Not at all... You need to enter the root password... How can you do that? sudo sounds a little better... But... How about security? I know it can be done because I have a Fedora Core 4 system doing it right now. I didn't have to do anything special for it to work. The system I am working on now is a Fedora Core 6 box. In /var/log/messages I receive: Apr 24 09:33:51 STUAUTH kernel: audit(1177425231.020:114): avc: denied { execute } for pid=31786 comm=httpd name=bash dev=dm-0 ino=916642 scontext=root:system_r:httpd_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: posting variables to parent frame
Al wrote: Provide an example of an iFrame that will work on all modern browsers and that can't be done with DIVs or OBJECTS I didn't say it couldn't be done, I said it was different. Take Google Ads for example. These are currently served in an iframe. To do it in a div is possible but leads to other problems. But to get back to the point, the iframe tag will not be obsolete until the HTML spec says so, and at the time of writing it does not. -Stut Stut wrote: Al wrote: iFrames are obsolete and only IE handles them. I don't even know if IE7 does. Well that's just a complete load of rubbish. The iframe tag is not obsolete, and I don't know where you got the idea that they are. Several legitimate uses for iframes exist, and they're unlikely to go away any time soon. Use css div tags instead. They don't do the same thing, not by a long shot. -Stut Hans wrote: Hi there, I'm trying to post variables to a parent frame, I'm working from a page that is in an iFrame. However, I don't know how to accomplish this. I tried target='top' to include in the form tag (form action=?=$formurl? target=top) but this didn't succeed. Can you please help me? Thanks in advance! Hans -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: posting variables to parent frame
On Tue, 2007-04-24 at 11:12 -0400, Al wrote: Provide an example of an iFrame that will work on all modern browsers and that can't be done with DIVs or OBJECTS That doesn't imply obsoletion, rather it implies lack of implementation or improper implementation. Cheers, Rob. -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: posting variables to parent frame
check out FCKeditor for example. http://www.fckeditor.net/demo I included it in various CMS systems and I find it a great tool. And it uses iframe greets Zoltán Németh 2007. 04. 24, kedd keltezéssel 11.12-kor Al ezt írta: Provide an example of an iFrame that will work on all modern browsers and that can't be done with DIVs or OBJECTS Stut wrote: Al wrote: iFrames are obsolete and only IE handles them. I don't even know if IE7 does. Well that's just a complete load of rubbish. The iframe tag is not obsolete, and I don't know where you got the idea that they are. Several legitimate uses for iframes exist, and they're unlikely to go away any time soon. Use css div tags instead. They don't do the same thing, not by a long shot. -Stut Hans wrote: Hi there, I'm trying to post variables to a parent frame, I'm working from a page that is in an iFrame. However, I don't know how to accomplish this. I tried target='top' to include in the form tag (form action=?=$formurl? target=top) but this didn't succeed. Can you please help me? Thanks in advance! Hans -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: posting variables to parent frame
FYI: Every time I reply to you I get a bounce back saying your email address ([EMAIL PROTECTED]) does not exist. It's starting to get annoying. -Stut Stut wrote: Al wrote: Provide an example of an iFrame that will work on all modern browsers and that can't be done with DIVs or OBJECTS I didn't say it couldn't be done, I said it was different. Take Google Ads for example. These are currently served in an iframe. To do it in a div is possible but leads to other problems. But to get back to the point, the iframe tag will not be obsolete until the HTML spec says so, and at the time of writing it does not. -Stut Stut wrote: Al wrote: iFrames are obsolete and only IE handles them. I don't even know if IE7 does. Well that's just a complete load of rubbish. The iframe tag is not obsolete, and I don't know where you got the idea that they are. Several legitimate uses for iframes exist, and they're unlikely to go away any time soon. Use css div tags instead. They don't do the same thing, not by a long shot. -Stut Hans wrote: Hi there, I'm trying to post variables to a parent frame, I'm working from a page that is in an iFrame. However, I don't know how to accomplish this. I tried target='top' to include in the form tag (form action=?=$formurl? target=top) but this didn't succeed. Can you please help me? Thanks in advance! Hans -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: posting variables to parent frame
2007. 04. 24, kedd keltezéssel 16.25-kor Stut ezt írta: FYI: Every time I reply to you I get a bounce back saying your email address ([EMAIL PROTECTED]) does not exist. It's starting to get annoying. Al, that also happens for me. I just didn't mention it yet, because I thought if it happens only for me than it might be a problem with my mail server or something... greets Zoltán Németh -Stut Stut wrote: Al wrote: Provide an example of an iFrame that will work on all modern browsers and that can't be done with DIVs or OBJECTS I didn't say it couldn't be done, I said it was different. Take Google Ads for example. These are currently served in an iframe. To do it in a div is possible but leads to other problems. But to get back to the point, the iframe tag will not be obsolete until the HTML spec says so, and at the time of writing it does not. -Stut Stut wrote: Al wrote: iFrames are obsolete and only IE handles them. I don't even know if IE7 does. Well that's just a complete load of rubbish. The iframe tag is not obsolete, and I don't know where you got the idea that they are. Several legitimate uses for iframes exist, and they're unlikely to go away any time soon. Use css div tags instead. They don't do the same thing, not by a long shot. -Stut Hans wrote: Hi there, I'm trying to post variables to a parent frame, I'm working from a page that is in an iFrame. However, I don't know how to accomplish this. I tried target='top' to include in the form tag (form action=?=$formurl? target=top) but this didn't succeed. Can you please help me? Thanks in advance! Hans -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Find MAC Address in PHP
Hi. Sorry for my bad english. :( Maybe you could write a simple deamon program in C or even in PHP to be run as root. The function of this deamon program is to listen to a port (eg. 1) and you could fsockopen it and send the IP address of the client computer and the deamon returns the MAC address of that computer. I used this kind a scheme for another problem so I guess this works. 2007. április 20. 22.00 dátummal Nathaniel Hall ezt írta: Hi all, I am attempting to find the MAC address of systems visiting my page from the local LAN. I have tried several things, but it appears it will not let me run system commands. For example, running ?php $MAC = system(arp 192.168.200.254); echo $MAC; ? does not give me any output. I have copied arp to a place that the apache user can execute from and ensured arp is executable. This is on a Fedora Core 6 box running PHP 5.1.6-3.4 and Apache 2.2.3-5. Any help is appreciated. -- Nathaniel Hall -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: advice for blob tables?
Ok.. you need to re-read the article, this is not a 1:1, if I store a file such as a 700MB ISO image in that format it results in: - 1 row in metadata table - approximately 11,200 rows in the data table (700MB / 64k) That's far from 1:1. Sure there's issues with with NFS - security number 1 - SMB - hell nobody likes windows, and you have similar issues to filesystems. Also both do the worst of all exposing all the mounted filesystems on the webserver for a hacker to simply download. Mysql binary storage doesn't have any of those. I am certain the code posted could have some security issues, it's not production, it's from 7 years ago, it's designed to be more of a implemenation guide than a code copy. You are right that there are some entry level developers who just copy and paste code, but also there are people who use the idea (such as symfony's sfPropelFileStoragePlugin).. I have since updated the implementation to DB_Dataobject for my own, but not the article. I do see you use PDO, I'm not yet a fan of PDO, I think Wez should have followed some other impementations for more direction. I would be interested in seeing the article code updated to PHP5 PDO. If your interested I could post an updated PHP5 version of the article. On Tue, 24 Apr 2007, Kevin Waterson wrote: This one time, at band camp, [EMAIL PROTECTED] wrote: I've been using this one: http://www.dreamwerx.net/phpforum/?id=1 I developed it in 2001 and it's had implementations into the hundreds of gb's so far. I have a ftp interface to it that runs at wire speed (100FDX). I initially did it the 1 row way, and ran into issues, so I implemented this one. Thats fine, but this is normalization for no real purpose. You have defined two tables, one for the image and another for the metadata but the relationship is one-to-one which makes it rather redundant except if you wish to store different amounts of metadata per image. You also state How about NFS/SMB network shares? That's not a bad idea either but not without it's problems Whilst I am an advocate of binary storage, there is no real issue I see with NFS/SMB particularly NFSv4 (supports file locking which I like) or GFS2. Cluster file system works quite well.. but I digress. I find all sorts of injection issues surrounding statements such as $SQL = select * from file where id = . $_GET[id] in the tutorial you mention, not that this is a production ready script, it just makes me nervouse when newbies replicate this. Kind regards kevin -- Democracy is two wolves and a lamb voting on what to have for lunch. Liberty is a well-armed lamb contesting the vote. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] List
Does anyone else have this problem with the list. It seems that every time I check my email there is one or more messages from the list that royally screws up Outlook. I usually have to delete all list messages from the actual server and reboot. It only happens with emails from [EMAIL PROTECTED] Just trying to narrow down the problem. Not sure if this is spam that's sneaking into the list messing things up or what. Thanks -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] make a gif
Try searching for image gd text at http://www.php-code-search.com/ There are lots of examples -Original Message- From: John Taylor-Johnston [mailto:[EMAIL PROTECTED] Sent: Monday, April 23, 2007 7:02 PM To: PHP-General Subject: [PHP] make a gif I want to print [EMAIL PROTECTED] into a gif or png. How do I do this? Thanks. It seems too simple to ask. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] List
Beauford wrote: Does anyone else have this problem with the list. It seems that every time I check my email there is one or more messages from the list that royally screws up Outlook. I usually have to delete all list messages from the actual server and reboot. It only happens with emails from [EMAIL PROTECTED] Just trying to narrow down the problem. Not sure if this is spam that's sneaking into the list messing things up or what. Thanks No problems here. -- Enjoy, Jim Lucas Different eyes see different things. Different hearts beat on different strings. But there are times for you and me when all such things agree. - Rush -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: List
Beauford wrote: Does anyone else have this problem with the list. It seems that every time I check my email there is one or more messages from the list that royally screws up Outlook. I usually have to delete all list messages from the actual server and reboot. It only happens with emails from [EMAIL PROTECTED] Just trying to narrow down the problem. Not sure if this is spam that's sneaking into the list messing things up or what. Thanks I read the list via a news (nntp) reader (thunderbird in this case) via news.gmane.org and it always works perfectly for me ('cept when gmane.org borks which is not all that often but it does happen). Col -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] List
On 4/24/07, Beauford [EMAIL PROTECTED] wrote: Does anyone else have this problem with the list. It seems that every time I check my email there is one or more messages from the list that royally screws up Outlook. I usually have to delete all list messages from the actual server and reboot. It only happens with emails from [EMAIL PROTECTED] Just trying to narrow down the problem. Not sure if this is spam that's sneaking into the list messing things up or what. Thanks I'm using Gmail (Webmail) and it's fine, but i think it is a problem because you get a lot of messages from the PHP list, you might want to get the emails in a daily digest, instead of every single email. Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] secure alternative to HTTP_REFERER
Thanks guys now i know what must i do :) Chris Shiflett escribió: Stut wrote: You could put a hash value into a hidden field on the form, and also store it in the session. When the form is submitted only accept it if the hashes match. However, this is very easy to get around, so I suggest you consider why you think you need this level of checking. Assuming you're properly validating and escaping all input coming from outside the app, IMHO this type of security should not be needed. It can useful when you want to verify intent, which is an important consideration these days: http://shiflett.org/articles/cross-site-request-forgeries (I have an update that I need to publish, but this should be enough to explain the potential problems this technique can help prevent.) Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: transparent gifs with matte?
Ross escreveu: Hi, I am looking to create a transparent text gif that allows me to set a colour for the matte. I have it working as a PNG but this is no good in IE. Does anyone have an exampe of this? This is my code so far. ?php header(Content-type: image/gif); $im = imagecreate (800, 30); $black = ImageColorAllocate ($im, 255, 255, 255); $blue = ImageColorAllocate ($im, 75, 104, 177); ImageTTFText ($im, 20, 0, 10, 20, $blue, Font - TrueType - Square 721 BT.ttf, HELLO); ImageGif ($im); ImageDestroy ($im); ? R. - See an example of imagefttext(). (in portuguese, but the code is simple to understand) http://www.educar.pro.br/a/gdlib/index.php?pn=81tr=97 -- zerof http://www.educar.pro.br/ Apache - PHP - MySQL - Boolean Logics - Project Management -- Você deve, sempre, consultar uma segunda opinião! -- Deixe todos saberem se esta informação foi-lhe útil. -- You must hear, always, one second opinion! In all cases. -- Let the people know if this info was useful for you! -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] transparent gifs with matte?
At 3:08 PM +0100 4/24/07, Ross wrote: Hi, I am looking to create a transparent text gif that allows me to set a colour for the matte. I have it working as a PNG but this is no good in IE. Look to javascript for a solution to the PNG/IE problem. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: posting variables to parent frame
I'll jump in on this one, because I've dealt with the div/object/iframe frustration before. And I would not be very happy if the W3C decided to deprecate iFrames right now, at least with the current state of the world's browsers. I found that with object I didn't have very much control over the border frame (some browsers just refused to make it go away!), others had problems with sizing, positioning, and margin control. Some browsers even flat out refused to load the object data, but worked just fine with iFrame. From my own testing experience, my iFrames worked on IE 3, 4, 5, 6, and 7, all Mozilla-based browsers (Firefox, SeaMonkey, etc.) right from the start of the Mozilla foundation up to the latest version of Sea Monkey, and Opera versions 6 and 9. As for div, isn't that just for defining blocks of content in the current document? That's a whole different thing than object and iframe, which are used for embedding an entirely new document into the current one. You're comparing apples to oranges here. Al wrote: Provide an example of an iFrame that will work on all modern browsers and that can't be done with DIVs or OBJECTS Stut wrote: Al wrote: iFrames are obsolete and only IE handles them. I don't even know if IE7 does. Well that's just a complete load of rubbish. The iframe tag is not obsolete, and I don't know where you got the idea that they are. Several legitimate uses for iframes exist, and they're unlikely to go away any time soon. Use css div tags instead. They don't do the same thing, not by a long shot. -Stut -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] List
Welcome to Windows Tijnema ! wrote: On 4/24/07, Beauford [EMAIL PROTECTED] wrote: Does anyone else have this problem with the list. It seems that every time I check my email there is one or more messages from the list that royally screws up Outlook. I usually have to delete all list messages from the actual server and reboot. It only happens with emails from [EMAIL PROTECTED] Just trying to narrow down the problem. Not sure if this is spam that's sneaking into the list messing things up or what. Thanks I'm using Gmail (Webmail) and it's fine, but i think it is a problem because you get a lot of messages from the PHP list, you might want to get the emails in a daily digest, instead of every single email. Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] List
2007. 04. 24, kedd keltezéssel 11.11-kor Jim Lucas ezt írta: Beauford wrote: Does anyone else have this problem with the list. It seems that every time I check my email there is one or more messages from the list that royally screws up Outlook. I usually have to delete all list messages from the actual server and reboot. It only happens with emails from [EMAIL PROTECTED] Just trying to narrow down the problem. Not sure if this is spam that's sneaking into the list messing things up or what. Thanks No problems here. No problems here too (linux/evolution) greets Zoltán Németh -- Enjoy, Jim Lucas Different eyes see different things. Different hearts beat on different strings. But there are times for you and me when all such things agree. - Rush -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Find MAC Address in PHP
Nathaniel Hall wrote: Davi wrote: I know it can be done because I have a Fedora Core 4 system doing it right now. I didn't have to do anything special for it to work. The system I am working on now is a Fedora Core 6 box. In /var/log/messages I receive: Apr 24 09:33:51 STUAUTH kernel: audit(1177425231.020:114): avc: denied { execute } for pid=31786 comm=httpd name=bash dev=dm-0 ino=916642 scontext=root:system_r:httpd_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file The avc: message means its SELinux, as you suspected. You need to temporary disable the firewall by setting it to permissive, then use audit2allow to find out what the settings need to be to set up the permissions properly. Look up audit2allow in the man page - they describe the process in there. Lori -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] List
Beauford wrote: Does anyone else have this problem with the list. It seems that every time I check my email there is one or more messages from the list that royally screws up Outlook. I usually have to delete all list messages from the actual server and reboot. It only happens with emails from [EMAIL PROTECTED] Just trying to narrow down the problem. Not sure if this is spam that's sneaking into the list messing things up or what. Thanks Try Thunderbird ?? -- Enjoy, Jim Lucas Different eyes see different things. Different hearts beat on different strings. But there are times for you and me when all such things agree. - Rush -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] List
I use Outlook 2003 on Vista, no problem at all, non-digest mode. -Original Message- From: Wolf [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 24, 2007 3:18 PM To: Tijnema ! Cc: Beauford; PHP Subject: Re: [PHP] List Welcome to Windows Tijnema ! wrote: On 4/24/07, Beauford [EMAIL PROTECTED] wrote: Does anyone else have this problem with the list. It seems that every time I check my email there is one or more messages from the list that royally screws up Outlook. I usually have to delete all list messages from the actual server and reboot. It only happens with emails from [EMAIL PROTECTED] Just trying to narrow down the problem. Not sure if this is spam that's sneaking into the list messing things up or what. Thanks I'm using Gmail (Webmail) and it's fine, but i think it is a problem because you get a lot of messages from the PHP list, you might want to get the emails in a daily digest, instead of every single email. Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Find MAC Address in PHP
On 4/24/07, chris smith [EMAIL PROTECTED] wrote: On 4/24/07, Tijnema ! [EMAIL PROTECTED] wrote: On 4/24/07, Davi [EMAIL PROTECTED] wrote: Em Terça 24 Abril 2007 10:07, Tijnema ! escreveu: On 4/23/07, Davi [EMAIL PROTECTED] wrote: Em Domingo 22 Abril 2007 03:12, Richard Lynch escreveu: On Fri, April 20, 2007 3:00 pm, Nathaniel Hall wrote: ?php $MAC = system(arp 192.168.200.254); echo $MAC; ? does not give me any output. I have copied arp to a place that the apache user can execute from and ensured arp is executable. Use exec and the extra args to get error codes. ARP is a root-command... =] Ok, maybe it's because i've builded my own Linux, and didn't wanted to have any security, but /sbin/arp has chmod value 755 on my system, and so, i can execute it with any user. cheatter... =P I hate security ;) Also, i have Apache running as root, so i can execute everything i want :) I hope you never make your server public then or try to become a server-administrator.. Wow. It's my development server :) It's LAN only, that's why i don't need security... I AM a server administrator, and yes, i do care about security there ;) Tijnema -- Postgresql php tutorials http://www.designmagick.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Preventing SQL Injection/ Cross Site Scripting
Just my two cents worth... Magic quotes are the work of the devil. It's a shame that so many PHP installations have them enabled, and a huge disappointment that PHP is actually distributed with this stuff enabled! The mere fact that a script can't change this setting creates a real hassle and is my major gripe about the whole situation. I've *always* followed the programming practice of work with your data unencoded, then encode it appropriately only at the last final output stage. That way you always know exactly what you're working with, no surprises, where each character is always 1 byte, regardless of what character it is. Here's a typical block of code which I include in the start of nearly all my PHP scripts: ?php //Do not delete this function! (unless you don't mind data corruption with PHP's default settings) function stripslashes_deep($value) { return is_array($value) ? array_map('stripslashes_deep', $value) : stripslashes($value); } //Get rid of those stupid damn annoying asanine magic quotes which just garble up your data. if (get_magic_quotes_gpc()) { /* (unfortunately in PHP these are enabled by default. AHH! Which idiot thought this was a good idea to turn them on by default? Good programming practise is to manually encode only the data that requires encoding just just before dumping it to places which need it (ie. databases), not automatically screwing up the entire collection of the system's variables! AHH!) */ $GLOBALS['HTTP_POST_VARS'] = stripslashes_deep($GLOBALS['HTTP_POST_VARS']); $GLOBALS['_POST'] = stripslashes_deep($GLOBALS['_POST']); $GLOBALS['HTTP_GET_VARS'] = stripslashes_deep($GLOBALS['HTTP_GET_VARS']); $GLOBALS['_GET'] = stripslashes_deep($GLOBALS['_GET']); $GLOBALS['HTTP_COOKIE_VARS'] = stripslashes_deep($GLOBALS['HTTP_COOKIE_VARS']); $GLOBALS['_COOKIE'] = stripslashes_deep($GLOBALS['_COOKIE']); $GLOBALS['HTTP_SERVER_VARS'] = stripslashes_deep($GLOBALS['HTTP_SERVER_VARS']); $GLOBALS['_SERVER'] = stripslashes_deep($GLOBALS['_SERVER']); $GLOBALS['HTTP_ENV_VARS'] = stripslashes_deep($GLOBALS['HTTP_ENV_VARS']); $GLOBALS['_ENV'] = stripslashes_deep($GLOBALS['_ENV']); $GLOBALS['HTTP_POST_FILES'] = stripslashes_deep($GLOBALS['HTTP_POST_FILES']); $GLOBALS['_FILES'] = stripslashes_deep($GLOBALS['_FILES']); $GLOBALS['_REQUEST'] = stripslashes_deep($GLOBALS['_REQUEST']); } set_magic_quotes_runtime (0); //Fortunately these can be killed with a single statement, unlike magic_quotes_gpc ? Eh, don't mind the comments. Sometimes PHP programming can become quite frustrating. ;-) On to the next stage... encoding data for output to an HTML document. Personally, I prefer using htmlspecialchars() over htmlentities(), because it only converts those characters that *must* be converted for HTML ( ). There's no use in turning your other 1-byte characters into 5, 6, or 7-byte strings, if you already provided the correct character set in the Content-Type HTTP header (as you should!). Actually, if you want to get really picky, I usually use the following conversions: For most tag parameters: htmlspecialchars($tagdata) For display text: nl2br(htmlspecialchars($displaytext)) (This keeps newline sequences in effect.) For text which may contain a few control characters, special characters, or other binary data (sometimes useful in hidden form fields, or for special accented characters and non-english languages): preg_replace('/([\\x00-\\x1F\\x7F-\\xFF])/e','#.ord(substr($1,-1)).;',htmlspecialchars($binarytext)) (This encodes the data in a mostly still human-readable form, entirely with 7-bit ASCII characters only.) For binary data (sometimes useful in hidden form fields): strtr(base64_encode($binarydata),'+/=','-_.'); (All the advantages of Base64 encoding, without incurring any overhead from URL encoding when the form is submitted.) Anyhow, back on track to the original topic of this thread. For anything that gets written to a database or used for a query, I suggest escaping the data using a function specifically designed for that database. (And there are many different functions for the many different popular databases.) This should have *nothing* to do with blocking XSS, turning into lt;, etc. Preparing for the database query string is no place to do the data conversion which will be necessary for the final output. The last topic... blocking XSS attacks. If you use the encoding routines I listed above for outputting to HTML documents, you're already safe. And you're not outlawing any characters either... if someone wants to type and , or show semi-colons or whatever, they can, knowing with certainty that what they type is exactly what others will see. If you need to let users enter some mark-up, do what message boards and web log sites have been doing for years: BBcode. Then you can write your own routines to provide only the features you need, using a code format that's much
[PHP] Separating words based on capital letter
I have some categories named in the database as such: OpenSource HomeNetwork I'd like to add a space before each capital letter, ideally not including the first but I can always trim later if need be. As I'm array_walking the database, I have each value at the moment I need it in a string $item. Other than pregging for A-Z how can I accomplish this? I haven't been able to get it down to less than 54 lines of code, which in my opinion means that I'm doing something wrong. Thanks in advance for any ideas. Dotan Cohen http://dotancohen.com/howto/root_email.php http://lyricslist.com/lyrics/lyrics/112/19/adams_bryan/waking_up_the_neighbours.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Preventing SQL Injection/ Cross Site Scripting
On 24/04/07, Justin Frim [EMAIL PROTECTED] wrote: Just my two cents worth... Magic quotes are the work of the devil. It's a shame that so many PHP installations have them enabled, and a huge disappointment that PHP is actually distributed with this stuff enabled! The mere fact that a script can't change this setting creates a real hassle and is my major gripe about the whole situation. I've *always* followed the programming practice of work with your data unencoded, then encode it appropriately only at the last final output stage. That way you always know exactly what you're working with, no surprises, where each character is always 1 byte, regardless of what character it is. Here's a typical block of code which I include in the start of nearly all my PHP scripts: ?php //Do not delete this function! (unless you don't mind data corruption with PHP's default settings) function stripslashes_deep($value) { return is_array($value) ? array_map('stripslashes_deep', $value) : stripslashes($value); } //Get rid of those stupid damn annoying asanine magic quotes which just garble up your data. if (get_magic_quotes_gpc()) { /* (unfortunately in PHP these are enabled by default. AHH! Which idiot thought this was a good idea to turn them on by default? Good programming practise is to manually encode only the data that requires encoding just You've got a typo in practice. just before dumping it to places which need it (ie. databases), not automatically screwing up the entire collection of the system's variables! AHH!) */ $GLOBALS['HTTP_POST_VARS'] = stripslashes_deep($GLOBALS['HTTP_POST_VARS']); $GLOBALS['_POST'] = stripslashes_deep($GLOBALS['_POST']); $GLOBALS['HTTP_GET_VARS'] = stripslashes_deep($GLOBALS['HTTP_GET_VARS']); $GLOBALS['_GET'] = stripslashes_deep($GLOBALS['_GET']); $GLOBALS['HTTP_COOKIE_VARS'] = stripslashes_deep($GLOBALS['HTTP_COOKIE_VARS']); $GLOBALS['_COOKIE'] = stripslashes_deep($GLOBALS['_COOKIE']); $GLOBALS['HTTP_SERVER_VARS'] = stripslashes_deep($GLOBALS['HTTP_SERVER_VARS']); $GLOBALS['_SERVER'] = stripslashes_deep($GLOBALS['_SERVER']); $GLOBALS['HTTP_ENV_VARS'] = stripslashes_deep($GLOBALS['HTTP_ENV_VARS']); $GLOBALS['_ENV'] = stripslashes_deep($GLOBALS['_ENV']); $GLOBALS['HTTP_POST_FILES'] = stripslashes_deep($GLOBALS['HTTP_POST_FILES']); $GLOBALS['_FILES'] = stripslashes_deep($GLOBALS['_FILES']); $GLOBALS['_REQUEST'] = stripslashes_deep($GLOBALS['_REQUEST']); } set_magic_quotes_runtime (0); //Fortunately these can be killed with a single statement, unlike magic_quotes_gpc ? That's bad. For a function that was meant to make life easier, magic quotes sure has caused a bit of problems. I believe that it will be not available in php6. Eh, don't mind the comments. Sometimes PHP programming can become quite frustrating. ;-) On to the next stage... encoding data for output to an HTML document. Personally, I prefer using htmlspecialchars() over htmlentities(), because it only converts those characters that *must* be converted for HTML ( ). There's no use in turning your other 1-byte characters into 5, 6, or 7-byte strings, if you already provided the correct character set in the Content-Type HTTP header (as you should!). Actually, if you want to get really picky, I usually use the following conversions: For most tag parameters: htmlspecialchars($tagdata) For display text: nl2br(htmlspecialchars($displaytext)) (This keeps newline sequences in effect.) For text which may contain a few control characters, special characters, or other binary data (sometimes useful in hidden form fields, or for special accented characters and non-english languages): preg_replace('/([\\x00-\\x1F\\x7F-\\xFF])/e','#.ord(substr($1,-1)).;',htmlspecialchars($binarytext)) (This encodes the data in a mostly still human-readable form, entirely with 7-bit ASCII characters only.) For binary data (sometimes useful in hidden form fields): strtr(base64_encode($binarydata),'+/=','-_.'); (All the advantages of Base64 encoding, without incurring any overhead from URL encoding when the form is submitted.) Anyhow, back on track to the original topic of this thread. For anything that gets written to a database or used for a query, I suggest escaping the data using a function specifically designed for that database. (And there are many different functions for the many different popular databases.) This should have *nothing* to do with blocking XSS, turning into lt;, etc. Preparing for the database query string is no place to do the data conversion which will be necessary for the final output. I took chris's advice and filter for XSS after the info is retrieved from the database, before sending it to the browser. The last topic... blocking XSS attacks. If you use the encoding routines I listed above for outputting to HTML documents, you're already safe. And you're not outlawing any characters either... if someone wants to type and , or show semi-colons
Re: [PHP] Separating words based on capital letter
On 4/24/07, Dotan Cohen [EMAIL PROTECTED] wrote: I have some categories named in the database as such: OpenSource HomeNetwork I'd like to add a space before each capital letter, ideally not including the first but I can always trim later if need be. As I'm array_walking the database, I have each value at the moment I need it in a string $item. Other than pregging for A-Z how can I accomplish this? I haven't been able to get it down to less than 54 lines of code, which in my opinion means that I'm doing something wrong. Thanks in advance for any ideas. Dotan Cohen http://dotancohen.com/howto/root_email.php http://lyricslist.com/lyrics/lyrics/112/19/adams_bryan/waking_up_the_neighbours.html Maybe you could post your current code here? That way, we can improve your code instead of wasting our time to completly rewrite a script. Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Separating words based on capital letter
Dotan Cohen wrote: I have some categories named in the database as such: OpenSource HomeNetwork I'd like to add a space before each capital letter, ideally not including the first but I can always trim later if need be. As I'm array_walking the database, I have each value at the moment I need it in a string $item. Other than pregging for A-Z how can I accomplish this? I haven't been able to get it down to less than 54 lines of code, which in my opinion means that I'm doing something wrong. You could do this with one regular expression, but if you really want to avoid them here is a 'pure PHP' way: ?php $test = 'HomeNetworkTestThing'; $az = range('A','Z'); $output = $test[0]; for ($i = 1; $i strlen($test); $i++) { if (in_array($test[$i], $az)) { $output .= {$test[$i]}; } else { $output .= $test[$i]; } } echo $output; ? Cheers, Rich -- Zend Certified Engineer http://www.corephp.co.uk Never trust a computer you can't throw out of a window -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Separating words based on capital letter
# [EMAIL PROTECTED] / 2007-04-25 00:16:40 +0300: I have some categories named in the database as such: OpenSource HomeNetwork I'd like to add a space before each capital letter, ideally not including the first but I can always trim later if need be. As I'm array_walking the database, I have each value at the moment I need it in a string $item. Other than pregging for A-Z how can I accomplish this? I haven't been able to get it down to less than 54 lines of code, which in my opinion means that I'm doing something wrong. implode(' ', preg_split('~(?=[[:upper:]])~', 'FooBarBaz', -1, PREG_SPLIT_NO_EMPTY)); -- How many Vietnam vets does it take to screw in a light bulb? You don't know, man. You don't KNOW. Cause you weren't THERE. http://bash.org/?255991 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Preventing SQL Injection/ Cross Site Scripting
On 4/24/07, Dotan Cohen [EMAIL PROTECTED] wrote: Thanks. Most of that has already been done now, but I'll certainly keep your functions handy. I'll likely need them at some point. One thing you might want to keep in mind is that this little fix is going to get executed on each request if you just throw it in an include. I ran stripslashes_deep() against my 5.2.1 release and here are the results: Version: 2.0.0RC3 TRACE START [2007-04-24 21:37:47] 1 0 0 0.00441572400 {main} 1 /Users/eric/Sites/meh.php 0 2 1 0 0.00453874328 get_magic_quotes_gpc 0 /Users/eric/Sites/meh.php 8 2 1 1 0.00458674328 2 2 0 0.00462274328 stripslashes_deep 1 /Users/eric/Sites/meh.php 18 snip 2 251 0 0.02169386560 set_magic_quotes_runtime0 /Users/eric/Sites/meh.php 35 2 251 1 0.02195086560 1 0 1 0.02201384632 0.0223 33416 TRACE END [2007-04-24 21:37:47] That means lots function calls happened before you could even say hello world. You might want to add wrapper functions accessor functions around $_GET and $_POST so that you're only stripping when really necessary. You might also consider reading this http://ez.no/community/articles/dangers_of_csrf_and_xss by Ilia Alshanetsky. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Separating words based on capital letter
Roman Neuhauser wrote: implode(' ', preg_split('~(?=[[:upper:]])~', 'FooBarBaz', -1, PREG_SPLIT_NO_EMPTY)); Or just.. preg_replace('/\B[A-Z]/', ' $0', 'FooBarBaz') Arpad -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] It works ok on local host but buggy on remote host!
H.T wrote: Hi coders, I wrote this piece of code to use for Google searching using daterange directive. it works ok on local host running IIS and PHP 5.1.2 but when i test it on my host running php 4.4.4 on linux, $julian_days_from and don't develop php4 code on php5, it's like trying to juggle in the dark. create a development env that matches your production system. jmho. $julian_days_to variables don't get assigned any values and therefor they remain empty! php4 is compiled with the --enable-calendar configure option? what is actual the value of $_POST['form'], $form, $julian_days_from, etc? [hint: use var_dump()] does the following code snippet work on the php4 box?: $jd = gregoriantojd(10, 11, 1970); $gr = jdtogregorian($jd); var_dump($jd,$gr); (It worked on both php4.3.10 and php5.1.2 on a linux box for me) What is wrong with this code? the perennial question ;-) Here is the code: ... nobody is interesting in trying to decypher stuff like what's below: switch($_POST['search_in']){ case ('web'): $query='http://www.google.com/search?hl='.$_POST['language'].'q='.$search_term.'+'.'daterange:'.$julian_days_from.'-'.$julian_days_to.'lr=lang_'.$_POST['language'];break;case ('images'): $query='http://images.google.com/images?hl='.$_POST['language'].'q='.$search_term.'+'.'daterange:'.$julian_days_from.'-'.$julian_days_to.'lr=lang_'.$_POST['language'];break;case ('video'): $query='http://video.google.com/videosearch?hl='.$_POST['language'].'q='.$search_term.'+'.'daterange:'.$julian_days_from.'-'.$julian_days_to.'lr=lang_'.$_POST['language'];break;case ('book'): $query='http://books.google.com/books?hl='.$_POST['language'].'q='.$search_term.'+'.'daterange:'.$julian_days_from.'-'.$julian_days_to.'lr=lang_'.$_POST['language'];break;default:} //header(Location:.$query);}}?htmlheadmeta http-equiv=Content-Language content=en-ustitleGoogle Assistance - Date Rage Search/titlemeta http-equiv=Content-Type content=text/html; charset=utf-8meta name=ke ywo rds content=google,assistance,search,daterange,seo,linkchecker,meta tag generator,online metric converter,mail search,weblogsearch, search in weblogs,google page rank,pagerank,google hack,google sitemap,site map generator,online tools,seo tools,webmastersmeta name=description content=This website helps you use Google betterand faster. It even provids some SEO tools such as Meta Maker and LinkChecker...meta name=author content=Hamed Takmil /script language=javascript src=date_picker.js/scriptscript type=text/javascriptfunction squery(){ window.location.assign(index.php?action=save);}?phpif ($_POST count($error)==0){ echo window.open('.$query.');\n;}?/script/headbody bgcolor=#ff topmargin=0form action=index.php method=POSTname=simplediv align=centertable border=0 cellpadding=0 cellspacing=0 width=1024 tr tdimg src=shim.gif width=26 height=1 border=0 alt=/td tdimg src=shim.gi f width=37 height=1 border=0 alt=/td tdimg src=shim.gif width=122 height=1 border=0 alt=/td tdimg src=shim.gif width=4 height=1 border=0 alt=/td tdimg src=shim.gif width=76 height=1 border=0 alt=/td tdimg src=shim.gif width=35 height=1 border=0 alt=/td tdimg src=shim.gif width=48 height=1 border=0 alt=/td tdimg src=shim.gif width=82 height=1 border=0 alt=/td tdimg src=shim.gif width=82 height=1 border=0 alt=/td tdimg src=shim.gif width=82 height=1 border=0 alt=/td tdimg src=shim.gif width=81 height=1 border=0 alt=/td tdimg src=shim.gif width=44 height=1 border=0 alt=/td tdimg src=shim.gif width=17 height=1 border=0 alt=/td tdimg src=shim.gif width=21 height=1 border=0 alt=/td tdimg src=shim.gif width=82 height=1 border=0 alt=/td tdimg src=sh im. gif width=156 height=1 border=0 alt=/td tdimg src=shim.gif width=14 height=1 border=0 alt=/td tdimg src=shim.gif width=15 height=1 border=0 alt=/td tdimg src=shim.gif width=1 height=1 border=0 alt=/td /tr tr td valign=top align=left colspan=17 height=12/td td valign=top align=left rowspan=8 width=15nbsp;/td td width=1 height=12img src=shim.gif width=1 height=12border=0 alt=/td /tr tr td valign=top align=left rowspan=2 width=26nbsp;/td td valign=top align=left colspan=3 height=78img name=index_C2_R2 src=images/index_C2_R2.jpg width=163height=78 border=0 alt=Helps you find things better/td td valign=top align=left colspan=13 height=78table border=0 width=100% id=table5 height=100%cellspacing=1trtdnbsp;/td /tr/table/td td width=1 height=78 i mg src=shim.gif width=1 height=78border=0 alt=/td /tr tr td valign=top align=left colspan=16 height=9/td td width=1 height=9img src=shim.gif width=1 height=9border=0 alt=/td /tr tr td valign=top align=left rowspan=5 width=26nbsp;/td td valign=top align=left colspan=2 height=32imgname=index_C2_R4 src=images/index_C2_R4.jpg width=159 height=32border=0 alt=/td td valign=top align=left
Re: [PHP] Separating words based on capital letter
Thanks, all for the suggestions. Richard, that code is a masterpeice. I have no problems with regexs, though, only with the regex that I wasn't doing properly. Roman, I'm still picking your code apart and trying to understand everything. I see I'll be learning quite a bit from that. Arpad, I'll try your code soon. As it seems to be the shortest, it would suggest that it is most maintainable as well and I'd like to use it. Thanks, everybody. Dotan Cohen http://what-is-what.com/what_is/xhtml.html http://lyricslist.com/lyrics/lyrics/69/64/beatles/sgt_pepper_s_lonely_hearts_club_band.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] breakthrough: get record, insert on different table works
it ain't pretty, but it's like a sugar rush! Finally, able to enter data on forms which I can create :) [EMAIL PROTECTED] ~]# [EMAIL PROTECTED] ~]# cat /var/www/html/contacts.php -n 1 html 2 headtitlecontacts/title/head 3 body 4 ?php 5 $user=feeds; 6 $host=localhost; 7 $password=password; 8 $database = feeds; 9 10 $connection = mysql_connect($host,$user,$password) 11 or die (couldn't connect to server); 12 $db = mysql_select_db($database,$connection) 13 or die (Couldn't select database); 14 15 $query = SELECT id, link, title, content FROM px_items WHERE feed_id=1 ORDER BY id; 16 $result = mysql_query($query) 17 or die (Couldn't execute query.); 18 ? 19 20 form action=process.php method=post 21 select name=id 22 23 ?php 24 while($nt=mysql_fetch_array($result)) 25 echo 'option value='.$nt['id'].''.$nt['id'].'/option'; 26 ? 27 28 /select 29 input type=submit value=SEND/ 30 /form 31 32 /body 33 /html [EMAIL PROTECTED] ~]# [EMAIL PROTECTED] ~]# cat /var/www/html/process.php -n 1 html 2 headtitlecontacts/title/head 3 body 4 ?php 5 6 error_reporting(E_ALL); 7 8 $user=feeds; 9 $host=localhost; 10 $password=password; 11 $database = feeds; 12 $connection = mysql_connect($host,$user,$password) 13 or die (couldn't connect to server); 14 $db = mysql_select_db($database,$connection) 15 or die (Couldn't select database); 16 17 foreach ($_POST as $key = $value) 18 { 19 // echo $key, $value brbr; 20 $record=$value; 21 }//foreach 22 23 24 // echo br get record ; 25 // echo $record; 26 // echo brbr; 27 28 $query = SELECT id, link, title, content FROM px_items WHERE id='$record' ORDER BY id; 29 $result = mysql_query($query) 30 or die (Couldn't execute query.); 31 32 $result = mysql_query($query); if (!$result) { echo $query.'br'.mysql_error(); exit(1); } 33 34 35 // print_r($result); 36 37 38 while ($row = mysql_fetch_array($result)) 39 { 40 extract ($row); 41 echo $id; 42 echo brbr; 43 echo $title; 44 }//while 45 46 47 echo form action='insertContacts.php' method='post'; 48 echo input type='text'name='contacts'; 49 echo input type='hidden' name='recordID' value=$record; 50 echo input type='submit' value='SEND'; 51 echo /form\n; 52 53 ? 54 /body /html [EMAIL PROTECTED] ~]# [EMAIL PROTECTED] ~]# cat /var/www/html/insertContacts.php -n 1 html 2 headtitleinsert contacts/title/head 3 body 4 ?php 5 6 $user=feeds; 7 $host=localhost; 8 $password=password; 9 $database = feeds; 10 $connection = mysql_connect($host,$user,$password) 11 or die (couldn't connect to server); 12 $db = mysql_select_db($database,$connection) 13 or die (Couldn't select database); 14 15 foreach ($_POST as $key = $value) 16 { 17 echo $key, $value brbr; 18 $record=$value; 19 $contactData=$key; 20 }//foreach 21 22 23 echo recordID ; 24 echo $_POST[recordID]; 25 echo br contacts; 26 echo $_POST[contacts]; 27 echo br; 28 29 $query = INSERT INTO contacts (id , notes) VALUES ('$_POST[recordID]' , '$_POST[contacts]'); 30 $result = mysql_query($query) 31 or die (Couldn't execute query.); 32 33 ? 34 /body /html [EMAIL PROTECTED] ~]# [EMAIL PROTECTED] ~]# date Wed Apr 25 00:06:59 BST 2007 [EMAIL PROTECTED] ~]# [EMAIL PROTECTED] ~]# Any thoughts/suggestions/advice as a next step? I need to add a timestamp when the data's entered, but that's a small thing. This is adding notes onto craigslist rss feeds database using http://code.google.com/p/feed-on-feeds/, which is an amazing app. -Thufir -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Separating words based on capital letter
On Tue, April 24, 2007 4:16 pm, Dotan Cohen wrote: I have some categories named in the database as such: OpenSource HomeNetwork I'd like to add a space before each capital letter, ideally not including the first but I can always trim later if need be. As I'm array_walking the database, I have each value at the moment I need it in a string $item. Other than pregging for A-Z how can I accomplish this? I haven't been able to get it down to less than 54 lines of code, which in my opinion means that I'm doing something wrong. Why rule out PCRE, which is probably the best weapon for the job? $string = ltrim(preg_replace('([A-Z])', ' \\1', $string)); You can wrap that in a function or even use create_function for something that simple, in your array_walk. -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] It works ok on local host but buggy on remote host!
On Tue, April 24, 2007 3:40 pm, H.T wrote: I wrote this piece of code to use for Google searching using daterange directive. it works ok on local host running IIS and PHP 5.1.2 but when i test it on my host running php 4.4.4 on linux, $julian_days_from and $julian_days_to variables don't get assigned any values and therefor they remain empty! Wild Guess: You don't have the JD/Gregorian functions installed, and your error_reporting is such that you don't even see the error message about the functions not existing. What is wrong with this code? Here is the code: ?php if ($_POST){ This seems like an odd test to me... $_POST is an array. When will an array return true? I dunno... Hopefully it's a documented feature that hasn't changed, and even if the very first element of $_POST is: $_POST[0] = 0; this test will do what you expect... I just wouldn't bet the bank on it, personally... if (empty($_POST['from'])){ $error[]='Please enter From date.'; } else{ $from=explode('-',$_POST['from']); Okay, you're ASSUMING that POST is valid date format, and not some whack XSS thingie. First Big Mistake. It's particularly egregious, since you almost for sure have a very specific date format here of -MM-DD or whatever. Test for that format, and kick out an invalid From date with $error[] if it's not kosher input. $julian_days_from = gregoriantojd($from[1],$from[0],$from[2]); } if (empty($_POST['to'])){ $error[]='Please enter To date.'; } else { $to=explode('-',$_POST['to']); $julian_days_to = gregoriantojd($to[1],$to[0],$to[2]); } if ($julian_days_from$julian_days_to){ $error[]='From date can not be greater than To date!'; } if (empty($_POST['search'])){ $error[]='Please enter your search term.'; } if (!isset($error)){ $search_ready=explode(' ',$_POST['search']); foreach($search_ready as $search_ready_val){ $search_term=$search_term.'+'.$search_ready_val; } switch($_POST['search_in']){ case ('web'): The parens here are kinda silly, at best... case 'web': $query='http://www.google.com/search?hl='.$_POST['language'].'q='.$search_term.'+'.'daterange:'.$julian_days_from.'-'.$julian_days_to.'lr=lang_'.$_POST['language'];break;case ('images'): Here you are pretty much allowing a XSS attack on not only your own computer, but also blindly shoving potentially ikcy stuff Google's way... Not the best way to make friends with Google folks. $_POST['language'] is probably supposed to be one of 100 possible inputs. Check that it *IS* one of those inputs. $query='http://images.google.com/images?hl='.$_POST['language'].'q='.$search_term.'+'.'daterange:'.$julian_days_from.'-'.$julian_days_to.'lr=lang_'.$_POST['language'];break;case ('video'): $query='http://video.google.com/videosearch?hl='.$_POST['language'].'q='.$search_term.'+'.'daterange:'.$julian_days_from.'-'.$julian_days_to.'lr=lang_'.$_POST['language'];break;case ('book'): $query='http://books.google.com/books?hl='.$_POST['language'].'q='.$search_term.'+'.'daterange:'.$julian_days_from.'-'.$julian_days_to.'lr=lang_'.$_POST['language'];break;default:} //header(Location:.$query);}}?htmlheadmeta Hopefully this HTML came from a nicer-formatted source and is automatically crammed in here like this... If not, it's pretty icky, imho, to just have it that badly-formatted... -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] List
On Tue, April 24, 2007 12:53 pm, Beauford wrote: Does anyone else have this problem with the list. It seems that every time I check my email there is one or more messages from the list that royally screws up Outlook. I usually have to delete all list messages from the actual server and reboot. It only happens with emails from [EMAIL PROTECTED] Just trying to narrow down the problem. Not sure if this is spam that's sneaking into the list messing things up or what. If Outlook is choking, perhaps try using something else to figure out which messages it doesn't like, by reading for a while and trying Outlook again, after you've deleted a good chunk. If you can find a pattern, you can write a filter to get rid of the problem messages. I do not have any problems, but I'm not using Outlook, and never will. -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] secure alternative to HTTP_REFERER
On Tue, April 24, 2007 9:35 am, AraDaen wrote: Im looking for info about a secure alternative to the use of $_server['http_refere'] to check in a script from where are arriving $_post vars. any suggestion? HTTP_REFERER is not even reliably sent on all browser, much less useful as a security device... So you're kind of like asking for a valid replacement of a bicycle chain used as an ice cream cone to start with... If you want to be certain that a user has come from a previous page, and you control the output of that page, it's pretty easy, really... You can generate a unique id (http://php.net/uniqid) and embed that in any FORM or A tags (or JS code) as well as in your DB, and then compare the token they send with what you have. It's no guarantee that somebody else didn't sniff the HTTP exchange and is spoofing that they are the original recipient, however... If you have no control over the previous' page HTML, there's nothing you can do at all, and HTTP_REFERER is pretty un-reliable. -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Separating words based on capital letter
Richard Lynch wrote: Why rule out PCRE, which is probably the best weapon for the job? $string = ltrim(preg_replace('([A-Z])', ' \\1', $string)); Don't mean to be pedantic, but you left out the '/. . ./': $string = $string = ltrim(preg_replace('/([A-D])/', \\1, $string)); _ Myron Turner http://www.room535.org http://www.bstatzero.org http://www.mturner.org/XML_PullParser/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Re: Suggestions for Web based FileServer/Mailaccess
On Tue, April 24, 2007 9:29 am, Michelle Konzack wrote: I suppose you could build a parallel File System to your Maildirs, then within each of those, make a directory by Message-id: header, then put any attachments with the cid: name as the file name. One question: Is the cid: special to crate? A cid: is just a unique identifier of another chunk of the MIME message, so that the client can match up an A tag with the right image content. I forget what rules there are on a cid: but it's easy enough to find in Google, or was some years ago... But it's only unique to THAT MESSAGE. So you'd want to store it as a sub-directory of the email Message_id: header or something of that nature, to avoid collisions between duplicate cid: in 2 messages. PS imho, HTML enhanced email should be #1 on the Worst Idea Of The Century list... -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] transparent gifs with matte?
On Tue, April 24, 2007 9:08 am, Ross wrote: I am looking to create a transparent text gif that allows me to set a colour for the matte. I have it working as a PNG but this is no good in IE. Does anyone have an exampe of this? This is my code so far. ?php header(Content-type: image/gif); $im = imagecreate (800, 30); $black = ImageColorAllocate ($im, 255, 255, 255); $blue = ImageColorAllocate ($im, 75, 104, 177); ImageTTFText ($im, 20, 0, 10, 20, $blue, Font - TrueType - Square 721 BT.ttf, HELLO); ImageGif ($im); ImageDestroy ($im); ? I dunno what you mean by matte, but if you want the GIF to have a transparent color, you'll need to use a PHP function you can find on php.net that starts with 'image' and has 'transparent' in it... -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Shell used by system()
On Tue, April 24, 2007 8:39 am, Marco Michelino wrote: Hi *, is it possible to change the shell used by system() , exec() and similar PHP funtions? I'm running mod_php in apache on Linux. Apache shell is set to /sbin/nologin but PHP insists to call /bin/sh... I suspect you cannot change that without changing PHP source. You can, however, have PHP exec() scripts that start with: #!/sbin/nologin or whatever shell you want... -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Problems installing php with pdflib
On Tue, April 24, 2007 7:39 am, Tijnema ! wrote: On 4/17/07, Richard Lynch [EMAIL PROTECTED] wrote: On Sat, April 14, 2007 3:55 am, Merlin wrote: I am moving to a new box and want to install php with pdflib again. After configure I get an error saying: pdflib.h not found! Check the path passed to --with-pdflib The path is just fine: '--with-pdflib=/usr/local/lib' configure needs to find TWO things: #1 the lib file which is libpdf.so in /usr/local/lib #2 the header file which is libpdf.h in /usr/local/include If you tell configure to look inside of /usr/local/lib, it can't *find* the libpdf.h file, because it's not inside that directory, it's inside a directory parallel to that. If you tell configure to look in /usr/local, it knows to check in /usr/local/lib for the .so file, and in /usr/local/include for the .h file, and it finds everything it needs. It won't, because his headers are in /usr/local/lib, and not in /usr/include/header If his headers are in /usr/local/lib, I'll be very very very surprised... They shouldn't be there. Move them. -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] voucher manipulation
On Tue, April 24, 2007 6:55 am, Steven Macintyre wrote: they wish to create a voucher system where if you reach so many points etc you can claim a voucher (using the design) with a expiry date ... current + 30days and a unique voucher number. Now, I have looked at ImageCreateFromjpeg etc ... but ... cant figure out how to place the text on it within the specified areas. It will then be emailed to the user. Does anyone know of an idea out there already I can take a look at ... or some advice? http://php.net/imagestring -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] What determines the relative directory, and can I control it?
On Tue, April 24, 2007 12:54 am, Dave M G wrote: I am developing a content management system, and one of the goals is to separate out the design entirely from the PHP scripting and content. Go study all the existing big CMS systems out there. And all the Templating engines. Then get back to us. :-) Can I somehow manipulate any of the PHP scripts involved so that the HTML within layout.php will look first in it's own directory for inclusion of files, such as CSS and javascript and anything else? There's some kind of BASE_HREF tag for that, I guess, that you could put some combination of $_SERVER['scriptname'] and/or $PHP_SELF or even __FILE__ munged into it... I kind of lost track of where your CSS is going and where your PHP is going, but if you are using a CMS, it seems to me like you ought to be able to let them upload the CSS and you can put it wherever you want... Or maybe the designers are not using the CMS but are tossing in the files manually? -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] using ImageTTFText in a page
On Mon, April 23, 2007 12:50 pm, Ross wrote: This script work on it's own but fails when emeded in another php file. Embedding it in another file how?... All I want to do is create a function and call it passing a text parameter. Also is it possbile to output the image to a file insert the url into a img You could dump the image out to a file, yes. And, yes, if you use that as the SRC instead of the PHP script, then it will work, and the image will be the static image you dumped out. -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] make a gif
On Mon, April 23, 2007 12:01 pm, John Taylor-Johnston wrote: I want to print [EMAIL PROTECTED] into a gif or png. How do I do this? Thanks. It seems too simple to ask. -- file: foo.php - ?php $image = imagecreatetruecolor(400, 20); $white = imagecolorallocate($image, 255, 255, 255); $black = imagecolorallocate($image, 0, 0, 0); imagefilledrectangle($image, 0, 0, 400, 20, $white); imagestring($image, 5, 4, 4, '[EMAIL PROTECTED]', $black); header(Content-type: image/png); imagepng($image); ? img src=foo.php / -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: posting variables to parent frame
Maybe he's thinking FRAMESET??? On Tue, April 24, 2007 9:39 am, Stut wrote: Al wrote: iFrames are obsolete and only IE handles them. I don't even know if IE7 does. Well that's just a complete load of rubbish. The iframe tag is not obsolete, and I don't know where you got the idea that they are. Several legitimate uses for iframes exist, and they're unlikely to go away any time soon. Use css div tags instead. They don't do the same thing, not by a long shot. -Stut Hans wrote: Hi there, I'm trying to post variables to a parent frame, I'm working from a page that is in an iFrame. However, I don't know how to accomplish this. I tried target='top' to include in the form tag (form action=?=$formurl? target=top) but this didn't succeed. Can you please help me? Thanks in advance! Hans -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] help needed to write an installation script for my php application
On Mon, April 23, 2007 7:36 am, [EMAIL PROTECTED] wrote: Could you please help me to write an installation script to install a php based application in Windows. 1. I have WAMP5.0 running my my IBM T43 laptop. 2. I have created a php application. 3. I would like to know how to create an installation Wizard for my application. What it should accomplish is that: Once the CD containing my application is loaded to CD drive, it should automatically ask me the standard windows installation questions to install my application in the path specified by me. Your help will be highly appreciated. Get WISE or that other installer program everybody uses. There's no PHP involved in writing a Windows installer application. -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Separating words based on capital letter
On 25/04/07, Richard Lynch [EMAIL PROTECTED] wrote: On Tue, April 24, 2007 4:16 pm, Dotan Cohen wrote: I have some categories named in the database as such: OpenSource HomeNetwork I'd like to add a space before each capital letter, ideally not including the first but I can always trim later if need be. As I'm array_walking the database, I have each value at the moment I need it in a string $item. Other than pregging for A-Z how can I accomplish this? I haven't been able to get it down to less than 54 lines of code, which in my opinion means that I'm doing something wrong. Why rule out PCRE, which is probably the best weapon for the job? $string = ltrim(preg_replace('([A-Z])', ' \\1', $string)); You can wrap that in a function or even use create_function for something that simple, in your array_walk. I wasn't tuling it out, I meant that _my_ regex wasn't getting me very far. Sorry for the confusion. Dotan Cohen http://dotancohen.com/howto/command_line.php http://lyricslist.com/lyrics/artist_albums/616/yukmouth.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] should I be looking to eliminate all notices?
On Mon, April 23, 2007 2:56 pm, Justin Frim wrote: Now that's a stupid example, but, you get the idea. Well, we agree that it's a stupid example... :-) :-) :-) ?php $formfield = isset($_GET['formfield']) ? $_GET['formfield'] : ''; // VALIDATE $formfield here!!! // be as strict as you can possibly be!! $funcresults = myfunction($formfield); function myfunction($formfield){ global $myarray; //ugh! echo foo; if (isset($myarray[$formfield])) return $myarray[$formfield]; return false; } function yourfunction($formfield){ global $yourarray; //ugh! echo bar; $sub = subfunction($formfield); if (isset($yourarray[$sub])) return $yourarray[$formfield]; return false; } //I dunno what you expect subfunction to be, as you never defined it... I think I got all your code in, though it's hard to tell with the mish-mash you made of it with comments... And I don't really understand at all what you thought was going on, but your comments and the code you wrote didn't seem to match up to me... -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Preventing SQL Injection/ Cross Site Scripting
On Mon, April 23, 2007 9:48 am, WeberSites LTD wrote: I'm trying to understand from the examples why anyone that has get_magic_quotes_gpc() returning true would need to use stripslashes() and then mysql_real_escape_string(). wouldn't that just add slashes to the same places? If you were 100% sure that everybody on the planet spoke only English, and only used the ASCII codeset, sure, it's the same thing... Oh, wait. Earth has more than one language, doesn't it? :-) mysql_real_escape_string() takes into account the charset[s] being used. addslashes assumes ASCII charset. Don't do that. YOU may not be expecting the Spanish Inquisition, but somebody will be trying to send it to you. -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Preventing SQL Injection/ Cross Site Scripting
On Tue, April 24, 2007 3:33 pm, Justin Frim wrote: (unfortunately in PHP these are enabled by default. AHH! Which idiot thought this was a good idea to turn them on by default? Rasmus thought it was a Good Idea because it was very convenient for his needs at the time, which as simple form processing, cramming it into the DB, in an era where SQL injection and XSS attacks had about the same contextual relevance as AIDS had in the the Summer of Love... (I.e., none) Then we were trying to avoid breaking BC in a big way, which may have been a mistake, but there it is. I think maybe I recall reading that PHP 6 won't even have Magic Quotes, much less have them on by default... But maybe that was just a dream... You can Google for Derick Rethan's (sp?) Paris PHP Meeting Notes of a PHP 6 roadmap and find out for sure, or check Lukas' PHP ToDo Wiki to be even more current/certain. PS It's sure a lot easier when you have some control over the environment and can just turn the dang things off in .htacess :-) -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Why do i get this error message?
On Sun, April 22, 2007 5:47 pm, H.T wrote: I get this error message when i try to check my site on localhost running IIS and PHP 5.1.2 : Fatal error: Allowed memory size of 8388608 bytes exhausted (tried to allocate 24576 bytes) in ... and it points to the line which is pure html code! What could be the cause of this problem? PHP ate up 8388600 bytes in your script. Now you have this HTML: html head . . . In the 8th byte, PHP has run out of room to store your HTML so it can dump it out to the browser. The real problem is whatever you did to chew up 8M of RAM before you got to the HTML. A quick-hack solution is to try changing 8M to 16M in php.ini, especially as there are some templating/cms thingies out there that apparently chew up well over 8M RAM in PHP 5 before you can even say Hello World... Sheesh. -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: how to detect type of image
On Sun, April 22, 2007 10:35 am, Jonathan wrote: Alain Roger wrote: Hi, In my web application, end user is able to load images (png, jpeg, gif,..) into database. I would like to know how can i detect automatically the type of image (pnd, jpeg,...) ? i do not want to check the extension because this is easily faked... just by renaming it. Does it exist a technique for that ? thanks a lot, Is there anything wrong with just using $_FILES['upload_name']['type']? Yes. The first thing wrong, is that the idiot browser-makers can't even agree on what to cram into that when a user uploads a simple JPEG, much less some more esoteric document. So, right there, what you have in there under normal circumstances is pretty much garbage. The second thing wrong is that the Bad Guys can cram any dang thing they want in there, regardless of what they are uploading. So they can upload a nice .exe binary file and cram image/jpeg into the type. If your script is equally insecure throughout, then you could easily end up having an executable file up on your server that the Bad Guy wrote, and all they have to do is surf to it for it to run. That would be bad, just in case it's not terribly obvious. :-) Other than that, though, it's fine and dandy to use it... :-) -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: how to detect type of image
On Sun, April 22, 2007 12:14 pm, Tijnema ! wrote: Yeah right, a time bomb with an image header :P It should have an ELF header :) But then it would be detected by the mime_content_type i guess. mime_content_type would not detect, say, a PHP script embedded into the comments section of a JPEG (or GIF or PNG) and it's not unreasonable to think that maybe that's bad to allow on the server, in some circumstances, depending on all your other security processes. Security is not a simple off/on switch, nor even a do this and you'll be safe type of thing. It's an ongoing effort from end to end of the entire process to really think about what *COULD* be exploited, and how to prevent that, ideally with at least two independent checks/blocks, in case one of the checks doesn't do what you think it does, or gets bypassed, or some idiot rips it out one day, not remembering why it's there, or it gets lost in a server move, or... -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] echo date('Y-m-d', $mydata-timestamp);
Use the MySQL function that converts timestamp into Unixtime. Or, better yet, use the MySQL function that outputs exactly the date format you want, without dinking around with Unix timestamp in the middle. http://dev.mysql.com/ Search for date_format() I do believe. It's gonna be a whole lot like PHP 'date' function, only with % signs, as I recall. On Sun, April 22, 2007 1:33 am, John Taylor-Johnston wrote: It is actually a generated timestamp in MySQL. timestamp(14) Now what? I was hoping to avoid: |echo substr(|$mydata-timestamp|, 0, 8); John |Richard Lynch wrote: On Sun, April 22, 2007 1:05 am, John Taylor-Johnston wrote: $mydata-timestamp = 20070419162123; echo date('Y-m-d', $mydata-timestamp); result: 2038-01-18 ?? What is wrong?? Should be 2007-04-19? date() takes a Unix timestamp as its input. Unix timestamps are measured as number of seconds from Jan 1, 1970, midnight, GMT, the birth of Disco. [that last was a joke...] You are handing it a pre-formatted date-stamp in MMDDHHIISS format... You could do something like: $t = '20070419162123'; $year = substr($t, 0, 4); $month = substr($t, 4, 2); $day = substr($t, 6, 2); $hour = substr($t, 8, 2); $minutes = substr($t, 10, 2); $seconds = substr($t, 12, 2); echo date(mktime($month, $day, $year, $hour, $minutes, $seconds)); I suspect strtotime() *might* handle your input and give you a Unix timestamp... I also suspect whatever you needed a Unix timestamp for in the first place could have been achieved easier before you got painted into this corner... -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php seems to be inconsistent in its handling of backslashes ... maybe?
On Mon, April 23, 2007 8:36 am, Philip Thompson wrote: On Apr 22, 2007, at 1:29 AM, Richard Lynch wrote: On Sun, April 22, 2007 12:54 am, [EMAIL PROTECTED] wrote: -- or maybe it's just the PCRE extension -- or quite likely I have got something wrong Hello members, I'm hoping you could enlighten me. Using error_reporting = E_ALL | E_STRICT, I tested the following statements: PHP interprets \\ inside of '' to turn \\ into \ It also tries to be halfway smart about mistakes with \ followed by some other non-special character, by just pretending you knew what you were doing and had \\ there to get just one \, even though you didn't. Not that I can deny Richard's infinite knowledge of PHP (and it *eating* code), but is it PHP's responsibility to determine what the user has typed is (in)correct AND try to *fix* it? Shouldn't PHP just assume the programmer is not a complete idiot? If there's an error/ warning/etc, throw it but don't correct it. The actual documented feature is that \ followed by anything other than the characters defined to be special (another \, n, t, r various hex and octal codes) just turns into a plain old \ To *ME* that means you *SHOULD* have had \\ there, since \ is the escape character you use to get a \ inside of a string. I've seen too many people go from: This is \best to This ia a \test and they do NOT understand why the heck \b and \t didn't work the same... I'd be ecstatic if PHP gave a syntax error for a stray \ inside a string, personally, but apparently I'm in the minority. \\ is one of my regular rants, so you'll be hearing this again :-) -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] What determines the relative directory, and can I control it?
Sancar, Tijnema, Logan, Richard, Thank you all for your replies. I kind of suspected that this was a client side issue. But I thought it was worth fishing for ideas since there are many on this list who are a lot smarter about PHP than I am. I might adopt something similar to Logan's $path solution, if it ends up looking more friendly than a full path name. That will be dependent on a few other settings in the code. Sancar, I appreciate where you are coming from in that designers shouldn't be afraid of having to write a simple path. However, I'm not so much trying to protect them from knowing stuff. It's more that I want to be able for a web site administrator to be able to open a directory for FTP access to a designer so that the designer won't have access to the rest of the site's files. For security's sake. In such an instance, the designer won't know where his directory is, and ideally wouldn't have to know. Richard, I've looked into Joomla, Wikipedia, and Wordpress, and actually I think templates are a terrible idea. My system is going to avoid templates as a design solution. Who knows, maybe one day people will like my approach better. Or maybe not. In any case, I think I've got an approach that may suit the needs of some better than the other systems. At the very least, I like it (insert emoticon here). -- Dave M G Ubuntu 7.04 Feisty Fawn Kernel 2.6.20-15-generic Pentium D Dual Core Processor -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php