[PHP] single sign on Solution php and .net
Hi, me and my fellow developer have built two applications that need to authenticate users using LDAP, we have successfully accomplished it, but the problem is his application is in .net and mine is in php, my php app needs to call secure pages of .net and vice versa, now when the user is logged onto let say my php app he is logged and his session is created and when I redirect him to .net app he again sees a login form because the session isnt created in .net app. I need some single sign on solution I found lots of APIs and libraries for java but have no idea what can I use for php and .net, kindly experience programmers guide me. Thankyou -- Murtaza Chang http://flickr.com/photos/blackstallion/
Re: [PHP] Re: how to detect type of image
On 4/28/07, Tim [EMAIL PROTECTED] wrote: On 21.04.2007 12:45, Alain Roger wrote: Hi, In my web application, end user is able to load images (png, jpeg, gif,..) into database. I would like to know how can i detect automatically the type of image (pnd, jpeg,...) ? i do not want to check the extension because this is easily faked... just by renaming it. Does it exist a technique for that ? thanks a lot, Hi, unfortunately mime_content_type() does not work for me. This functions does always return false, although the magic.mime is valid. Here is a function I wrote to determine the correct extension of an image file: function get_image_extension($filename) { if (function_exists('exif_imagetype')) { switch (exif_imagetype($filename)) { case 1: return 'gif'; case 2: return 'jpg'; case 3: return 'png'; case 4: return 'swf'; case 5: return 'psd'; case 6: return 'bmp'; case 7: return 'tiff'; case 8: return 'tiff'; case 9: return 'jpc'; case 10: return 'jp2'; case 11: return 'jpx'; case 12: return 'jb2'; case 13: return 'swc'; case 14: return 'iff'; case 15: return 'wbmp'; case 16: return 'xbm'; default: return false; } } else return false; } Best regards, Tim First of all, i don't see any reason why this works better then other functions, as it also relies on the magic bytes. Second, for your switch, you should use the constants (IMAGETYPE_GIF,IMAGETYPE_JPEG,...) instead of just using decimal values. Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Script feedback: insert string into another string
On 4/28/07, Micky Hulse [EMAIL PROTECTED] wrote: Hi, I pieced-together a script that will insert a string into another string at a set interval of words... See here: http://www.ambiguism.com/sandbox/truncate/truncate.php [Click the view source link to view source.] :D Basically, I need a setup a page where my client can paste an article, automate the insertion of a template tag (in this case: {page_break}) and then copy/paste into the blog/cms. My goal for this script was to make it easy for the CMS to create word-balanced pages. Long story short, I got what I think will be an acceptable script... but I would love to get feedback. What do you think? What can I improve? What am I doing wrong? The script does not need to be super-robust, but would love to hear what the PHP gurus have to say. ;) Many thanks in advance! Cheers, Micky Nice idea, but it seems that it isn't working correctly. I did this example: ?php for($x = 0; $x 100; $x++) { $string .= abc; } echo break_up($string, 10, ||); ? With your break_up function. It results this: abc abc abc abc abc abc abc abc abc abc ||abc abc abc abc abc abc abc abc abc ||abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc ||abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc ||abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc While i expected this: abc abc abc abc abc abc abc abc abc abc ||abc abc abc abc abc abc abc abc abc abc ||abc abc abc abc abc abc abc abc abc abc ||abc abc abc abc abc abc abc abc abc abc ||abc abc abc abc abc abc abc abc abc abc ||abc abc abc abc abc abc abc abc abc abc ||abc abc abc abc abc abc abc abc abc abc ||abc abc abc abc abc abc abc abc abc abc ||abc abc abc abc abc abc abc abc abc abc ||abc abc abc abc abc abc abc abc abc abc And i found where the problem is, it is this line: $num += $num; // Set next number flag to look for. This works only for one time, but after that, it doubles whole time, so in above example, $num would go like this: 10 20 40 80 So to fix, replace this part of the code: for($i=0; $i count($array); $i++) { # For every string in the array, we make one more test to assure it is a word. # We assume that are words only strings that contain at least a letter character (we will not count commas for example). # Checks for existence of letter characters, including the special characters and increments the number of words if found. if(eregi('[0-9A-Za-zÀ-ÖØ-öø-ÿ]', $array[$i])) { if($words == $num) { $hldr[$up++]; // $num flag met, add one to $hldr array. $num += $num; // Set next number flag to look for. } else { $hldr[$up] .= $array[$i].' '; // $num flag not met yet, insert a space. } $words++; } } with this: $look = $num for($i=0; $i count($array); $i++) { # For every string in the array, we make one more test to assure it is a word. # We assume that are words only strings that contain at least a letter character (we will not count commas for example). # Checks for existence of letter characters, including the special characters and increments the number of words if found. if(eregi('[0-9A-Za-zÀ-ÖØ-öø-ÿ]', $array[$i])) { if($words == $look) { $hldr[$up++]; // $num flag met, add one to $hldr array. $look += $num; // Set next number flag to look for. } else { $hldr[$up] .= $array[$i].' '; // $num flag not met yet, insert a space. } $words++; } } That's it. Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Script feedback: insert string into another string
Tijnema! Thanks for the quick reply! I really really really appreciate the help. :D Tijnema ! wrote: Nice idea, but it seems that it isn't working correctly. I did this example: ?php for($x = 0; $x 100; $x++) { $string .= abc; } echo break_up($string, 10, ||); ? With your break_up function. It results this: ...snip... While i expected this: .../snip... Ahh! Great way to test this! I thought I noticed a problem, but did not put two-and-two together due to the huge string I was using... The way you simplified things really made that error clear. Thanks for the help on this! :) And i found where the problem is, it is this line: $num += $num; // Set next number flag to look for. This works only for one time, but after that, it doubles whole time, so in above example, $num would go like this: 10 20 40 80 Doh! Great catch! I should have printed that var out... Hehe, I am such a noob! So to fix, replace this part of the code: ...snip... with this: ...snip... That's it. Woot! Looks good to me. I moved the script to a new location with a more fitting name: http://www.ambiguism.com/sandbox/insert/insert.php Your test code is at bottom of that page. ;) Nice, I am stoked! Thanks again for the help, I owe you one. :D Have a great day/night, Cheers, Micky -- Wishlists: http://snipurl.com/1gqpj Switch: http://browsehappy.com/ BCC?: http://snipurl.com/w6f8 My: http://del.icio.us/mhulse -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Script feedback: insert string into another string
Just FYI, I did some slight upgrades/updates to the code... Seems to be working pretty good now. :) http://www.ambiguism.com/sandbox/insert/insert.php Thanks again Tijnema! Cheers, Micky -- Wishlists: http://snipurl.com/1gqpj Switch: http://browsehappy.com/ BCC?: http://snipurl.com/w6f8 My: http://del.icio.us/mhulse -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Script feedback: insert string into another string
On 4/28/07, Micky Hulse [EMAIL PROTECTED] wrote: Just FYI, I did some slight upgrades/updates to the code... Seems to be working pretty good now. :) http://www.ambiguism.com/sandbox/insert/insert.php Thanks again Tijnema! Cheers, Micky I think i found another problem in your script, when i set the word count to 2, with your example test, at some point there is this: (separator = || ) ||Vestibulum urna. h6Test ||header/h6 Nam egestas ||rhoncus nisl. This occurs because you count a word starting with not as a word, but since there's no space between and Test, Test isn't recognized as a word either. So you should want to use strip_tags on every word, but only on inside the eregi function. So like this: if(eregi('[0-9A-Za-zÀ-ÖØ-öø-ÿ]', $array[$i])) { becomes: if(eregi('[0-9A-Za-zÀ-ÖØ-öø-ÿ]', strip_tags($array[$i]))) { That would fix it :) Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: how to detect type of image
At 2:10 AM +0200 4/28/07, Tim wrote: On 21.04.2007 12:45, Alain Roger wrote: Hi, In my web application, end user is able to load images (png, jpeg, gif,..) into database. I would like to know how can i detect automatically the type of image (pnd, jpeg,...) ? i do not want to check the extension because this is easily faked... just by renaming it. Does it exist a technique for that ? thanks a lot, Hi, unfortunately mime_content_type() does not work for me. Tim: It should, but instead try this: $image_size = getimagesize($filename); echo $image_size['mime']; Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: how to detect type of image
On 4/28/07, tedd [EMAIL PROTECTED] wrote: At 2:10 AM +0200 4/28/07, Tim wrote: On 21.04.2007 12:45, Alain Roger wrote: Hi, In my web application, end user is able to load images (png, jpeg, gif,..) into database. I would like to know how can i detect automatically the type of image (pnd, jpeg,...) ? i do not want to check the extension because this is easily faked... just by renaming it. Does it exist a technique for that ? thanks a lot, Hi, unfortunately mime_content_type() does not work for me. Tim: It should, but instead try this: $image_size = getimagesize($filename); echo $image_size['mime']; Cheers, tedd mime_content_type fails a lot, and so does getimagesize, i believe one relays on the other. Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Script feedback: insert string into another string
Tijnema! You rock! Another great catch. :) Tijnema ! wrote: ...snip... the eregi function. So like this: if(eregi('[0-9A-Za-zÀ-ÖØ-öø-ÿ]', $array[$i])) { becomes: if(eregi('[0-9A-Za-zÀ-ÖØ-öø-ÿ]', strip_tags($array[$i]))) { That would fix it :) Just updated the code. (Hehe, tis hard to catch those zzZZzz's when my mind is thinking in code.) http://www.ambiguism.com/sandbox/insert/insert.phps Has anyone told you that you are a very good beta tester! :D I hope I did it right... Looks like I may still be having the same problems (word count = 2, and separator = | |: | |Vestibulum urna. h6Test | |header/h6 Nam egestas | |rhoncus nisl. Hmmm, going to stare at this code for a bit... Many thanks again for your help -- it really helps having that second pair of eyes. I will post again if I significantly update the code. ;) Thanks Tijnema! I really appreciate your time, help, and expertise. Cheers, Micky -- Wishlists: http://snipurl.com/1gqpj Switch: http://browsehappy.com/ BCC?: http://snipurl.com/w6f8 My: http://del.icio.us/mhulse -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: how to detect type of image
On Apr 28, 2007, at 6:54 AM, tedd wrote: At 2:10 AM +0200 4/28/07, Tim wrote: On 21.04.2007 12:45, Alain Roger wrote: Hi, In my web application, end user is able to load images (png, jpeg, gif,..) into database. I would like to know how can i detect automatically the type of image (pnd, jpeg,...) ? i do not want to check the extension because this is easily faked... just by renaming it. Does it exist a technique for that ? thanks a lot, Hi, unfortunately mime_content_type() does not work for me. Tim: It should, but instead try this: $image_size = getimagesize($filename); echo $image_size['mime']; $image_size['mime'] ? Where did that come from? From the manual: Returns an array with 4 elements. Index 0 contains the width of the image in pixels. Index 1 contains the height. Index 2 is a flag indicating the type of the image: 1 = GIF, 2 = JPG, 3 = PNG, 4 = SWF, 5 = PSD, 6 = BMP, 7 = TIFF(intel byte order), 8 = TIFF(motorola byte order), 9 = JPC, 10 = JP2, 11 = JPX, 12 = JB2, 13 = SWC, 14 = IFF, 15 = WBMP, 16 = XBM. These values correspond to the IMAGETYPE constants that were added in PHP 4.3.0. Index 3 is a text string with the correct height=yyy width=xxx string that can be used directly in an IMG tag. So it should be $image_size[2], or has something changed that I don't know about? Ed -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] [ANNOUNCE] TODO parser
On Apr 27, 2007, at 8:24 PM, Daevid Vincent wrote: For a long time I've wanted a tool that would traverse my source code to find all those little forgotten TODO entries. [snip] Doesn't phpDocumentor (http://phpdocu.sourceforge.net/) do that already? Ed -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Script feedback: insert string into another string
On 4/28/07, Micky Hulse [EMAIL PROTECTED] wrote: Tijnema! You rock! Another great catch. :) Tijnema ! wrote: ...snip... the eregi function. So like this: if(eregi('[0-9A-Za-zÀ-ÖØ-öø-ÿ]', $array[$i])) { becomes: if(eregi('[0-9A-Za-zÀ-ÖØ-öø-ÿ]', strip_tags($array[$i]))) { That would fix it :) Just updated the code. (Hehe, tis hard to catch those zzZZzz's when my mind is thinking in code.) http://www.ambiguism.com/sandbox/insert/insert.phps Has anyone told you that you are a very good beta tester! :D I hope I did it right... Looks like I may still be having the same problems (word count = 2, and separator = | |: | |Vestibulum urna. h6Test | |header/h6 Nam egestas | |rhoncus nisl. Hmmm, going to stare at this code for a bit... Many thanks again for your help -- it really helps having that second pair of eyes. I will post again if I significantly update the code. ;) Thanks Tijnema! I really appreciate your time, help, and expertise. Cheers, Micky Well, i found another thing, it's not really a bug, but you're using eregi, which is a case insensitive function, and you're trying to find a match for A-Z (ABCD...XYZ) and a-z (abcd...xyz), but they are both the same, because you're using an case insensitive function. So you could simplify your code a little bit to remove the double things. Didn't find anymore bugs yet, maybe later... if i find one i'll let you know :) Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: how to detect type of image
On 4/28/07, Edward Vermillion [EMAIL PROTECTED] wrote: On Apr 28, 2007, at 6:54 AM, tedd wrote: At 2:10 AM +0200 4/28/07, Tim wrote: On 21.04.2007 12:45, Alain Roger wrote: Hi, In my web application, end user is able to load images (png, jpeg, gif,..) into database. I would like to know how can i detect automatically the type of image (pnd, jpeg,...) ? i do not want to check the extension because this is easily faked... just by renaming it. Does it exist a technique for that ? thanks a lot, Hi, unfortunately mime_content_type() does not work for me. Tim: It should, but instead try this: $image_size = getimagesize($filename); echo $image_size['mime']; $image_size['mime'] ? Where did that come from? From the manual: Returns an array with 4 elements. Index 0 contains the width of the image in pixels. Index 1 contains the height. Index 2 is a flag indicating the type of the image: 1 = GIF, 2 = JPG, 3 = PNG, 4 = SWF, 5 = PSD, 6 = BMP, 7 = TIFF(intel byte order), 8 = TIFF(motorola byte order), 9 = JPC, 10 = JP2, 11 = JPX, 12 = JB2, 13 = SWC, 14 = IFF, 15 = WBMP, 16 = XBM. These values correspond to the IMAGETYPE constants that were added in PHP 4.3.0. Index 3 is a text string with the correct height=yyy width=xxx string that can be used directly in an IMG tag. So it should be $image_size[2], or has something changed that I don't know about? Ed Did you read the line just above example 935? mime is the correspondant MIME type of the image. This information can be used to deliver images with correct the HTTP Content-type header: Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] phpbb / sessionid nightmare
On 4/28/07, Brad Sumrall [EMAIL PROTECTED] wrote: Users log into web site in a sudo phpbb login which works fine. Users are able to browse around phpbb and a sudo phpbb program called photopost. But when the goto a differen't part of the site which is not phpbb related, the sessionid does not carry over. The other pages are calling on the same isset variable??? This is blowing my mind for weeks now!!! Would some kind code help a frazzed brother out? Sincerely, Brad [EMAIL PROTECTED] snip Really cool that code, but do you think really that someone takes the time to read it all? You should only post the most important parts. And how are you're files organized? is that other part on a (another) subdomain? Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: how to detect type of image
At 9:22 AM -0500 4/28/07, Edward Vermillion wrote: It should, but instead try this: $image_size = getimagesize($filename); echo $image_size['mime']; $image_size['mime'] ? Where did that come from? I duno, maybe the manual. http://us2.php.net/getimagesize -- 5th or 6th example down. Also, try this: http://xn--nvg.com/image_data Cheers, tedd PS: If your browser chokes, get a better browser. -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: [ANNOUNCE] TODO parser
Daevid Vincent wrote: For a long time I've wanted a tool that would traverse my source code to find all those little forgotten TODO entries. It should handle most all kinds (as you'll see if you look at the example files). The only one I didn't bother with was: $foo = 1; //Todo: [dv] I meant todo this later. notice the 'todo' in there. it confuses my script. simple solution is just spell it out as 'to do', which is proper English anyways! I give you a fairly simple but useful tool that does just that. The output can be command line (preferred way) or CSV so you can easily parse it into a web page. I provided an example of how to do that. The web version of course could be made much more interesting, with hyperlinks to the files, color, etc, but I wanted to keep it simple for illustration purposes. http://daevid.com/examples/todo/ Having said that, you should download it and try it for yourself. ./todo.php --path ./example --parse_tree ./todo.php --help for more options It's all in a single todo.php file so it's easy to add to /usr/local/bin or whatever. The tgz is really only for the examples. ÐÆ5ÏÐ P.S. While you're there, I'll give a plug to my DHCP web tool. Perfect for seeing who's on your LAN. http://daevid.com/examples/dhcp/ It would be nice if you added a flag for parsing 'FIXME' entries too. Quite a lot of source I've read contains 'TODO' and 'FIXME', often with little variation between meanings. Just my $0.02. Alexander -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: how to detect type of image
On 28.04.2007 10:39, Tijnema ! wrote: First of all, i don't see any reason why this works better then other functions, as it also relies on the magic bytes. Second, for your switch, you should use the constants (IMAGETYPE_GIF,IMAGETYPE_JPEG,...) instead of just using decimal values. Tijnema Yes, I wrote this function because none of the others worked for me properly. I found functions which determined the file type by a given extension. Those file types can be easily faked by using an other extension. I wrote the function a long time ago and was using PHP 4. The IMAGETYPE constants are available since PHP 4.3.0. It should, but instead try this: $image_size = getimagesize($filename); echo $image_size['mime']; I needed a way to get the correct extension of an image file. It is possible to create an array with all MIME types and the matching extensions. Then you just have to search for $image_size['mime'] in it and you have correct extension. As I see there is a way, which is a lot easier: You can use $image_size[2] which is a flag indicating type of the image. 1 = GIF 2 = JPG 3 = PNG 4 = SWF, 5 = PSD 6 = BMP 7 = TIFF(intel byte order) 8 = TIFF(motorola byte order) 9 = JPC 10 = JP2 11 = JPX 12 = JB2 13 = SWC 14 = IFF 15 = WBMP 16 = XBM Since PHP 4.3.0 you can use constants. I reckon $type = exif_imagetype($filename); is the same as $image_size = getimagesize($filename); $type = $image_size[2]; exif_imagetype would have to be faster than getimagesize because it only gets the file type. getimagesize does also get the width/height, MIME type, etc. I think getimagesize depends on exif_imagetype and will work even if exif is disabled, but I am not sure. Tim -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] phpbb / sessionid nightmare
Hi there my friend, Thank you so much for answering me. The reason for me posting all of the code is because I am clueless as to which sessionid call on that crazy page is kicking out the original sessionid and asking for a new one. Sessionid is normally easy, that page is blowing my mind with all of the calls No sub domains, just a flat web site. Looks like this index.php/(has an include /commonlogin.php) (works fine for entire site) /phpbb/login.php(has an isset which is not normal with phpbb, but this login does not carry (kindof)) contest???.php (the problem page that I published) A packet scan reviles that session id carries too Contest.php/ and stays at contest-current.php/ but at /contest_stories.php?cid=8 it calls a new one. The posted one. So, that page is the culprit! It is calling on isset? I am lost in the sauce on this one. Something hidden is preventing it from looking for the cookie! Sincerely, Brad [EMAIL PROTECTED] -Original Message- From: Tijnema ! [mailto:[EMAIL PROTECTED] Sent: Saturday, April 28, 2007 12:11 PM To: Brad Sumrall Cc: php-general@lists.php.net Subject: Re: [PHP] phpbb / sessionid nightmare On 4/28/07, Brad Sumrall [EMAIL PROTECTED] wrote: Users log into web site in a sudo phpbb login which works fine. Users are able to browse around phpbb and a sudo phpbb program called photopost. But when the goto a differen't part of the site which is not phpbb related, the sessionid does not carry over. The other pages are calling on the same isset variable??? This is blowing my mind for weeks now!!! Would some kind code help a frazzed brother out? Sincerely, Brad [EMAIL PROTECTED] snip Really cool that code, but do you think really that someone takes the time to read it all? You should only post the most important parts. And how are you're files organized? is that other part on a (another) subdomain? Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Object-oriented $_REQUEST?
Hi. I'm looking for implementation of request object that represent a request that works like this. $r = new request(); if ($r-method == 'GET') $name = $r-GET-get('name'); $age = $r-GET-get('age'); else if (request.method == 'POST') $name = $r-POST-get('name'); $age = $r-POST-get('age'); ... Handling $_GET, $_POST directly is cumbersome for me so I tried to make one but I thought it's quite possible that some better programmer already make one like this. Thanks in advance. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Object-oriented $_REQUEST?
I feel that a 'request' class wouldn't be appropriate for the $_REQUEST array. The reason being, is that there isn't to that class other than the $_REQUEST array, and a bunch of 'get' methods. If this were to be expanded upon by adding filtering user input, then it *could* be more useful. IMO an entire class just to handle retrieving data an array (or 4 if you include GPC and request) would become unnecessary overhead. But then again, maybe I am missing the point of this 'request' class. -Logan -Original Message- From: js [mailto:[EMAIL PROTECTED] Sent: Saturday, April 28, 2007 2:56 PM To: php-general@lists.php.net Subject: [PHP] Object-oriented $_REQUEST? Hi. I'm looking for implementation of request object that represent a request that works like this. $r = new request(); if ($r-method == 'GET') $name = $r-GET-get('name'); $age = $r-GET-get('age'); else if (request.method == 'POST') $name = $r-POST-get('name'); $age = $r-POST-get('age'); ... Handling $_GET, $_POST directly is cumbersome for me so I tried to make one but I thought it's quite possible that some better programmer already make one like this. Thanks in advance. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] phpbb / sessionid nightmare
On Sat, April 28, 2007 11:03 am, Brad Sumrall wrote: Users log into web site in a sudo phpbb login which works fine. Users are able to browse around phpbb and a sudo phpbb program called photopost. But when the goto a differen't part of the site which is not phpbb related, the sessionid does not carry over. The other pages are calling on the same isset variable??? This is blowing my mind for weeks now!!! Would some kind code help a frazzed brother out? Check the parameters for the cookie. If they limit the cookie to, say: http://example.com/phpbb/ instead of the whole site: http://example.com/ then your cookie isn't there, and the session will get lost with it. Probably a set_cookie_params() call somewhere in your phpbb mess. if(isset($_GET[forum])) What is this? Is the whole rest of the site passing around a ?forum=1 parameter in all its URLs? Probably not. Only phpbb is doing that. So then you never even GET to the $_SESSION check. { if(!isset($_SESSION[userid])) { ?php if(!isset($_SESSION['userid']) $_SESSION['userid'] == ) This is daft. !isset($x) $x == If $x isn't even set, then why test it for being == to the empty string? ?php if($_POST['hiddensubmit']){ And here you're not using isset(), so are generating E_NOTICE messages, most likely. $get_count5 = mysql_query(SELECT * FROM `contest_stories` WHERE contest_id = '.$_POST['cid'].' AND year='2007' AND username ='.$_SESSION[userid].'); Splicing POST data directly into a query is a giant security SQL Injection attack hole. Stop coding NOW and start reading and re-reading here until you understand why: http://phpsec.org Unless you WANT your entire database wiped out or even stolen by a meanie. echo font color=\red\You can only submit 3 stories per contest./abr; And you might as well not bother to have a contest, as the meanie can rig it to win using the SQL injection above... Sorry to be the bearer of Bad News... -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] phpbb / sessionid nightmare
On Sat, April 28, 2007 12:47 pm, Brad Sumrall wrote: which sessionid call on that crazy page is kicking out the original sessionid and asking for a new one. That's when an experienced programmer KNOWS that it's time to re-factor and re-write the page. :-) I am lost in the sauce on this one. Something hidden is preventing it from looking for the cookie! Examine the cookie in FireFox browser or HTTP headers or whatever. What path is it using? Is it secure transmission only? -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Script feedback: insert string into another string
Without reading source, it sounds like you've just re-invented this: http://php.net/wordwrap :-) On Sat, April 28, 2007 12:32 am, Micky Hulse wrote: Hi, I pieced-together a script that will insert a string into another string at a set interval of words... See here: http://www.ambiguism.com/sandbox/truncate/truncate.php [Click the view source link to view source.] :D Basically, I need a setup a page where my client can paste an article, automate the insertion of a template tag (in this case: {page_break}) and then copy/paste into the blog/cms. My goal for this script was to make it easy for the CMS to create word-balanced pages. Long story short, I got what I think will be an acceptable script... but I would love to get feedback. What do you think? What can I improve? What am I doing wrong? The script does not need to be super-robust, but would love to hear what the PHP gurus have to say. ;) Many thanks in advance! Cheers, Micky -- Wishlists: http://snipurl.com/1gqpj Switch: http://browsehappy.com/ BCC?: http://snipurl.com/w6f8 My: http://del.icio.us/mhulse -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] [ANNOUNCE] TODO parser
Personally, I always spell it 'todo' and then a simple grep works pretty well... I suppose I sometimes find a bunch of stuff with 'todo' in a variable name, but not real often, so far... I also tend to keep a todo.txt file open and add to that instead of strewing things through my code... The only todo items in code are super super minor and so specific to that bit of code that I can't come up with a context-free way to express it in a sentence or less... Certainly any big-ticket items in a ToDo list deserve to be in an actual list rather than buried in source somewhere, no? On Fri, April 27, 2007 8:24 pm, Daevid Vincent wrote: For a long time I've wanted a tool that would traverse my source code to find all those little forgotten TODO entries. It should handle most all kinds (as you'll see if you look at the example files). The only one I didn't bother with was: $foo = 1; //Todo: [dv] I meant todo this later. notice the 'todo' in there. it confuses my script. simple solution is just spell it out as 'to do', which is proper English anyways! I give you a fairly simple but useful tool that does just that. The output can be command line (preferred way) or CSV so you can easily parse it into a web page. I provided an example of how to do that. The web version of course could be made much more interesting, with hyperlinks to the files, color, etc, but I wanted to keep it simple for illustration purposes. http://daevid.com/examples/todo/ Having said that, you should download it and try it for yourself. ./todo.php --path ./example --parse_tree ./todo.php --help for more options It's all in a single todo.php file so it's easy to add to /usr/local/bin or whatever. The tgz is really only for the examples. ÐÆ5ÏÐ P.S. While you're there, I'll give a plug to my DHCP web tool. Perfect for seeing who's on your LAN. http://daevid.com/examples/dhcp/ -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] problem with shared object file
On Fri, April 27, 2007 5:49 pm, Tijnema ! wrote: Also, I think dl() is going away in PHP 6, so you may want to re-think this from the get-go... Yes, if seen it is deprecated, but how could somebody include dynamic library without editing php.ini? I was a little bit shocked when i read i should use php.ini variable instead. I never used it, but when i wanted to, i would only to have it loaded in that script, and not all scripts. I also will miss 'dl' big-time, as I sometimes load in obscure libraries that my webhost does not provide, with their permission to do so, and with the understanding that if the libs cause problems, I have to be ready to live without them. There was a thread recently on Internals about possibly not killing this feature, but I don't think it had much support. The guys making the decisions don't use shared hosts, for the most part, and so few people need 'dl, so they don't feel any pressing need for 'dl' :-( Alas, it's something that has no user-land work-around, really... Though I guess you could use PHP to exec CLI PHP with a custom php.ini to then do whatever it is you wanted to do, passing all the data back and forth from web php to cli php... Ugh. -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Parsing CSV files
On Fri, April 27, 2007 5:25 pm, Fernando Cosso wrote: One word: explode :D Two Words: Quotes, Commas :-p CSV is a nasty nested mess of escapes for escapes from somebody who clearly did NOT understand how to write a parser/grammar. Oh, yeah, it came from Microsoft, I think. That explains everything! -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] [ANNOUNCE] TODO parser
Edward Vermillion wrote: On Apr 27, 2007, at 8:24 PM, Daevid Vincent wrote: For a long time I've wanted a tool that would traverse my source code to find all those little forgotten TODO entries. [snip] Doesn't phpDocumentor (http://phpdocu.sourceforge.net/) do that already? Hi, phpDocumentor processes @todo tags in a docblock, but not //TODO or other similar things. Greg -- Experience the revolution, buy the PEAR Installer Manifesto http://www.packtpub.com/book/PEAR-installer -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: how to detect type of image
If it's critical that you can detect the image type accurately, I'd suggest using ImageMagick's identify command. It will tell you about everything that you'd ever want to know about an image. http://www.imagemagick.org/script/index.php Post your question on their forum http://www.imagemagick.org/discourse-server/ Alain Roger wrote: Hi, In my web application, end user is able to load images (png, jpeg, gif,..) into database. I would like to know how can i detect automatically the type of image (pnd, jpeg,...) ? i do not want to check the extension because this is easily faked... just by renaming it. Does it exist a technique for that ? thanks a lot, -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Object-oriented $_REQUEST?
For me, PHP's issetting or emptying $_GET, $_POST or $_REQUEST is cumbersome. want it to be more easy and comfortable. I could say I want a JSP's HttpServletRequest for PHP. (http://java.sun.com/products/servlet/2.2/javadoc/javax/servlet/http/HttpServletRequest.html) I think you're 100% right that it would become slow but using this one is a 'option', not mandatory. so i think that's not a matter. thank you. On 4/29/07, Buesching, Logan J [EMAIL PROTECTED] wrote: I feel that a 'request' class wouldn't be appropriate for the $_REQUEST array. The reason being, is that there isn't to that class other than the $_REQUEST array, and a bunch of 'get' methods. If this were to be expanded upon by adding filtering user input, then it *could* be more useful. IMO an entire class just to handle retrieving data an array (or 4 if you include GPC and request) would become unnecessary overhead. But then again, maybe I am missing the point of this 'request' class. -Logan -Original Message- From: js [mailto:[EMAIL PROTECTED] Sent: Saturday, April 28, 2007 2:56 PM To: php-general@lists.php.net Subject: [PHP] Object-oriented $_REQUEST? Hi. I'm looking for implementation of request object that represent a request that works like this. $r = new request(); if ($r-method == 'GET') $name = $r-GET-get('name'); $age = $r-GET-get('age'); else if (request.method == 'POST') $name = $r-POST-get('name'); $age = $r-POST-get('age'); ... Handling $_GET, $_POST directly is cumbersome for me so I tried to make one but I thought it's quite possible that some better programmer already make one like this. Thanks in advance. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Object-oriented $_REQUEST?
Buesching, Logan J [EMAIL PROTECTED] schrieb im Newsbeitrag news:[EMAIL PROTECTED] I feel that a 'request' class wouldn't be appropriate for the $_REQUEST array. The reason being, is that there isn't to that class other than the $_REQUEST array, and a bunch of 'get' methods. If this were to be expanded upon by adding filtering user input, then it *could* be more useful. IMO an entire class just to handle retrieving data an array (or 4 if you include GPC and request) would become unnecessary overhead. But then again, maybe I am missing the point of this 'request' class. -Logan -Original Message- From: js [mailto:[EMAIL PROTECTED] Sent: Saturday, April 28, 2007 2:56 PM To: php-general@lists.php.net Subject: [PHP] Object-oriented $_REQUEST? Hi. I'm looking for implementation of request object that represent a request that works like this. $r = new request(); if ($r-method == 'GET') $name = $r-GET-get('name'); $age = $r-GET-get('age'); else if (request.method == 'POST') $name = $r-POST-get('name'); $age = $r-POST-get('age'); ... Handling $_GET, $_POST directly is cumbersome for me so I tried to make one but I thought it's quite possible that some better programmer already make one like this. Thanks in advance. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Object-oriented $_REQUEST?
?php class get { private $array; function __construct($array) { $this-array = $array; } public function get($key) { if (isset($this-array[$key])) return $this-array[$key]; return null; } } class request { private $types = array('COOKIE', 'REQUEST', 'GET', 'POST', 'SESSION'); function __construct() { foreach ($this-types as $type) { //do not link the result of eval into a variable because it is passed to __construct as reference $this-$type = new get(eval('return $_' . $type . ';')); } } } $request = new request(); var_dump($request-REQUEST-get('name')); ? js [EMAIL PROTECTED] schrieb im Newsbeitrag news:[EMAIL PROTECTED] Hi. I'm looking for implementation of request object that represent a request that works like this. $r = new request(); if ($r-method == 'GET') $name = $r-GET-get('name'); $age = $r-GET-get('age'); else if (request.method == 'POST') $name = $r-POST-get('name'); $age = $r-POST-get('age'); ... Handling $_GET, $_POST directly is cumbersome for me so I tried to make one but I thought it's quite possible that some better programmer already make one like this. Thanks in advance. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] phpbb / sessionid nightmare
The cookie it's self says PHPSESSID=26b7974a5d71c7d0bfebbf71750dac7b Path=/ Host=www.domain.com When I go to the jacked up page, I pickup this one PHPSESSID=a787e077dd18ed18cb824f664d38315d Path=/ Host=domain.com In the directory structure, I have gone from /phpbb/login.php to /contest_stories.php?cid=8 Is the Path or the fact that I am going to www.domain.com to domain.com have anything to do with it? If so, how do I address it? Brad -Original Message- From: Richard Lynch [mailto:[EMAIL PROTECTED] Sent: Saturday, April 28, 2007 3:43 PM To: Brad Sumrall Cc: php-general@lists.php.net Subject: Re: [PHP] phpbb / sessionid nightmare On Sat, April 28, 2007 11:03 am, Brad Sumrall wrote: Users log into web site in a sudo phpbb login which works fine. Users are able to browse around phpbb and a sudo phpbb program called photopost. But when the goto a differen't part of the site which is not phpbb related, the sessionid does not carry over. The other pages are calling on the same isset variable??? This is blowing my mind for weeks now!!! Would some kind code help a frazzed brother out? Check the parameters for the cookie. If they limit the cookie to, say: http://example.com/phpbb/ instead of the whole site: http://example.com/ then your cookie isn't there, and the session will get lost with it. Probably a set_cookie_params() call somewhere in your phpbb mess. if(isset($_GET[forum])) What is this? Is the whole rest of the site passing around a ?forum=1 parameter in all its URLs? Probably not. Only phpbb is doing that. So then you never even GET to the $_SESSION check. { if(!isset($_SESSION[userid])) { ?php if(!isset($_SESSION['userid']) $_SESSION['userid'] == ) This is daft. !isset($x) $x == If $x isn't even set, then why test it for being == to the empty string? ?php if($_POST['hiddensubmit']){ And here you're not using isset(), so are generating E_NOTICE messages, most likely. $get_count5 = mysql_query(SELECT * FROM `contest_stories` WHERE contest_id = '.$_POST['cid'].' AND year='2007' AND username ='.$_SESSION[userid].'); Splicing POST data directly into a query is a giant security SQL Injection attack hole. Stop coding NOW and start reading and re-reading here until you understand why: http://phpsec.org Unless you WANT your entire database wiped out or even stolen by a meanie. echo font color=\red\You can only submit 3 stories per contest./abr; And you might as well not bother to have a contest, as the meanie can rig it to win using the SQL injection above... Sorry to be the bearer of Bad News... -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: how to detect type of image
On Apr 28, 2007, at 12:21 PM, tedd wrote: At 9:22 AM -0500 4/28/07, Edward Vermillion wrote: It should, but instead try this: $image_size = getimagesize($filename); echo $image_size['mime']; $image_size['mime'] ? Where did that come from? I duno, maybe the manual. http://us2.php.net/getimagesize -- 5th or 6th example down. Ahhh... that's for sending a mime type to the browser. I'd always just used $image[2] since I usually check against the image constants in a switch... switch ($image[2]) { case IMAGETYPE_JPEG: // do something with a jpeg... blah...blah...blah... } But it's good to know that the 'mime' bit is there too. Ed -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] [ANNOUNCE] TODO parser
On Apr 28, 2007, at 3:02 PM, Gregory Beaver wrote: Edward Vermillion wrote: On Apr 27, 2007, at 8:24 PM, Daevid Vincent wrote: For a long time I've wanted a tool that would traverse my source code to find all those little forgotten TODO entries. [snip] Doesn't phpDocumentor (http://phpdocu.sourceforge.net/) do that already? Hi, phpDocumentor processes @todo tags in a docblock, but not //TODO or other similar things. I thought it got those too. Maybe I'm thinking of JSDoc or whatever it is, or maybe it's just because eclipse highlights those... who knows where I got the idea from. :P Ed -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Script feedback: insert string into another string
Tijnema ! wrote: Didn't find anymore bugs yet, maybe later... if i find one i'll let you know :) Thanks again Tijnema! I just read the not from Richard Looks like I might have wasted your time on this one. :( I just woke up... going to test wordwrap() You know, I saw that in the manual a day or so ago, and it sounded like what I needed, but all the examples talked about how it breaks long words -- not what I needed... But now I see that there is a way to easily turn that feature on/off! Shux. I have a feeling that, with the help of Tijnema, I just re-invented wheel. I will be back shortly with a test page. :D Thanks, Micky -- Wishlists: http://snipurl.com/1gqpj Switch: http://browsehappy.com/ BCC?: http://snipurl.com/w6f8 My: http://del.icio.us/mhulse -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Script feedback: insert string into another string
But! I am now noticing that the main page provides cookies called _utma _utmb _utmc _utmz Hmmm Brad -Original Message- From: Richard Lynch [mailto:[EMAIL PROTECTED] Sent: Saturday, April 28, 2007 3:48 PM To: [EMAIL PROTECTED] Cc: php php Subject: Re: [PHP] Script feedback: insert string into another string Without reading source, it sounds like you've just re-invented this: http://php.net/wordwrap :-) On Sat, April 28, 2007 12:32 am, Micky Hulse wrote: Hi, I pieced-together a script that will insert a string into another string at a set interval of words... See here: http://www.ambiguism.com/sandbox/truncate/truncate.php [Click the view source link to view source.] :D Basically, I need a setup a page where my client can paste an article, automate the insertion of a template tag (in this case: {page_break}) and then copy/paste into the blog/cms. My goal for this script was to make it easy for the CMS to create word-balanced pages. Long story short, I got what I think will be an acceptable script... but I would love to get feedback. What do you think? What can I improve? What am I doing wrong? The script does not need to be super-robust, but would love to hear what the PHP gurus have to say. ;) Many thanks in advance! Cheers, Micky -- Wishlists: http://snipurl.com/1gqpj Switch: http://browsehappy.com/ BCC?: http://snipurl.com/w6f8 My: http://del.icio.us/mhulse -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Object-oriented $_REQUEST?
On Sat, 2007-04-28 at 23:41 +0200, keviN wrote: ?php class get I'm sorry but your code indicates an extreme lack of experience using PHP in the real world. Your class should be named such that it will never collide with someone else's class name in the event you might need to use third party libraries. A better name for your class follows: ?php class get_Z398N24N894287YN043872348N734D83Y78N7D7834 { } $get = new get_Z398N24N894287YN043872348N734D83Y78N7D7834(); ? Cheers, Rob. -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Script feedback: insert string into another string
Micky Hulse wrote: Shux. I have a feeling that, with the help of Tijnema, I just re-invented wheel. Wait! wordwrap() default behaviour is to count characters, not words. wordwrap — Wraps a string to a given number of characters using a string break character I think that is why I initially avoided this function... but reading through the manual comments now. BBS. THanks, M -- Wishlists: http://snipurl.com/1gqpj Switch: http://browsehappy.com/ BCC?: http://snipurl.com/w6f8 My: http://del.icio.us/mhulse -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] phpbb / sessionid nightmare
Does anyone know what this _utma _utmb _utmc _utmz stuff is? Obviously it is not a php standard. Obviously it is what is actually controlling my sessions? Brad -Original Message- From: Richard Lynch [mailto:[EMAIL PROTECTED] Sent: Saturday, April 28, 2007 3:46 PM To: Brad Sumrall Cc: 'Tijnema !'; php-general@lists.php.net Subject: RE: [PHP] phpbb / sessionid nightmare On Sat, April 28, 2007 12:47 pm, Brad Sumrall wrote: which sessionid call on that crazy page is kicking out the original sessionid and asking for a new one. That's when an experienced programmer KNOWS that it's time to re-factor and re-write the page. :-) I am lost in the sauce on this one. Something hidden is preventing it from looking for the cookie! Examine the cookie in FireFox browser or HTTP headers or whatever. What path is it using? Is it secure transmission only? -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Script feedback: insert string into another string
Brad Sumrall wrote: But! I am now noticing that the main page provides cookies called _utma _utmb _utmc _utmz Hmmm Wha? Never thought of that. It looks like wordwrap() may not be what I am looking for (though, still researching)... Either way, I am curious to hear what you would do to make this script more secure? Allowing cookies sounds like a security hole... Any suggestions for beefing-up my security would be spectacular! :) Thanks, M -- Wishlists: http://snipurl.com/1gqpj Switch: http://browsehappy.com/ BCC?: http://snipurl.com/w6f8 My: http://del.icio.us/mhulse -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Script feedback: insert string into another string
Micky Hulse wrote: Allowing cookies sounds like a security hole... Any suggestions for beefing-up my security would be spectacular! :) Ahhh, would that have anything to do with XSS? http://www.php.net/manual/en/function.htmlentities.php I thought striptags() would take care of such problems... but it sounds like I need to filter my strings with htmlentities... no? Thanks again for the help Brad and all, I really appreciate everyones help and guidance... This is for a pro-bono job, so I am trying to use every opportunity to try an learn new things (pro-bono means more freedom.) Have a great day all! Cheers, Micky -- Wishlists: http://snipurl.com/1gqpj Switch: http://browsehappy.com/ BCC?: http://snipurl.com/w6f8 My: http://del.icio.us/mhulse -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] phpbb / sessionid nightmare
I understand where you are going with the mysql injection. It would appear as though the entire session is being dictated by this _utmX session which I have never seen before. It would appear as though the /index.php sets this java bases session variable and since phpbb does not use this, it never even tries to set or look at the java session. I guess the key question here is; 1 What is the _utmX session, I find little on google, other than it uses it? 2 How to teach phpbb to use it? Brad Check the parameters for the cookie. If they limit the cookie to, say: http://example.com/phpbb/ instead of the whole site: http://example.com/ then your cookie isn't there, and the session will get lost with it. if(isset($_GET[forum])) What is this? Is the whole rest of the site passing around a ?forum=1 parameter in all its URLs? Probably not. Only phpbb is doing that. So then you never even GET to the $_SESSION check. { if(!isset($_SESSION[userid])) { ?php if(!isset($_SESSION['userid']) $_SESSION['userid'] == ) This is daft. !isset($x) $x == If $x isn't even set, then why test it for being == to the empty string? ?php if($_POST['hiddensubmit']){ And here you're not using isset(), so are generating E_NOTICE messages, most likely. $get_count5 = mysql_query(SELECT * FROM `contest_stories` WHERE contest_id = '.$_POST['cid'].' AND year='2007' AND username ='.$_SESSION[userid].'); Splicing POST data directly into a query is a giant security SQL Injection attack hole. Stop coding NOW and start reading and re-reading here until you understand why: http://phpsec.org Unless you WANT your entire database wiped out or even stolen by a meanie. echo font color=\red\You can only submit 3 stories per contest./abr; And you might as well not bother to have a contest, as the meanie can rig it to win using the SQL injection above... Sorry to be the bearer of Bad News... -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] phpbb / sessionid nightmare
Oops! Maybe not. You were right! SFC = stupid flippn' coder = me! I see where you are going with this! if(isset($_SESSION['userid']) $_SESSION['userid']!=) Not set! Duhhh! The if(isset($_SESSION['userid']) $_SESSION['userid']!=) Was a silly attempt of mine earlier to force a session. Gone now, Let me follow your lead on your suggestions though for a few. I know just enough about php to be dangerous! I will definitely keep in mind the mysql inject problem. This could be an issue, but for now, just trying to get it to work! Thanks, Brad -Original Message- From: Richard Lynch [mailto:[EMAIL PROTECTED] Sent: Saturday, April 28, 2007 3:43 PM To: Brad Sumrall Cc: php-general@lists.php.net Subject: Re: [PHP] phpbb / sessionid nightmare On Sat, April 28, 2007 11:03 am, Brad Sumrall wrote: Users log into web site in a sudo phpbb login which works fine. Users are able to browse around phpbb and a sudo phpbb program called photopost. But when the goto a differen't part of the site which is not phpbb related, the sessionid does not carry over. The other pages are calling on the same isset variable??? This is blowing my mind for weeks now!!! Would some kind code help a frazzed brother out? Check the parameters for the cookie. If they limit the cookie to, say: http://example.com/phpbb/ instead of the whole site: http://example.com/ then your cookie isn't there, and the session will get lost with it. Probably a set_cookie_params() call somewhere in your phpbb mess. if(isset($_SESSION['userid']) $_SESSION['userid']!=) What is this? Is the whole rest of the site passing around a ?forum=1 parameter in all its URLs? Probably not. Only phpbb is doing that. So then you never even GET to the $_SESSION check. { if(!isset($_SESSION[userid])) { ?php if(!isset($_SESSION['userid']) $_SESSION['userid'] == ) This is daft. !isset($x) $x == If $x isn't even set, then why test it for being == to the empty string? ?php if($_POST['hiddensubmit']){ And here you're not using isset(), so are generating E_NOTICE messages, most likely. $get_count5 = mysql_query(SELECT * FROM `contest_stories` WHERE contest_id = '.$_POST['cid'].' AND year='2007' AND username ='.$_SESSION[userid].'); Splicing POST data directly into a query is a giant security SQL Injection attack hole. Stop coding NOW and start reading and re-reading here until you understand why: http://phpsec.org Unless you WANT your entire database wiped out or even stolen by a meanie. echo font color=\red\You can only submit 3 stories per contest./abr; And you might as well not bother to have a contest, as the meanie can rig it to win using the SQL injection above... Sorry to be the bearer of Bad News... -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] phpbb / sessionid nightmare
I mean, the get forum Brad -Original Message- From: Brad Sumrall [mailto:[EMAIL PROTECTED] Sent: Saturday, April 28, 2007 7:02 PM To: [EMAIL PROTECTED] Cc: php-general@lists.php.net Subject: RE: [PHP] phpbb / sessionid nightmare Oops! Maybe not. You were right! SFC = stupid flippn' coder = me! I see where you are going with this! if(isset($_SESSION['userid']) $_SESSION['userid']!=) Not set! Duhhh! The if(isset($_SESSION['userid']) $_SESSION['userid']!=) Was a silly attempt of mine earlier to force a session. Gone now, Let me follow your lead on your suggestions though for a few. I know just enough about php to be dangerous! I will definitely keep in mind the mysql inject problem. This could be an issue, but for now, just trying to get it to work! Thanks, Brad -Original Message- From: Richard Lynch [mailto:[EMAIL PROTECTED] Sent: Saturday, April 28, 2007 3:43 PM To: Brad Sumrall Cc: php-general@lists.php.net Subject: Re: [PHP] phpbb / sessionid nightmare On Sat, April 28, 2007 11:03 am, Brad Sumrall wrote: Users log into web site in a sudo phpbb login which works fine. Users are able to browse around phpbb and a sudo phpbb program called photopost. But when the goto a differen't part of the site which is not phpbb related, the sessionid does not carry over. The other pages are calling on the same isset variable??? This is blowing my mind for weeks now!!! Would some kind code help a frazzed brother out? Check the parameters for the cookie. If they limit the cookie to, say: http://example.com/phpbb/ instead of the whole site: http://example.com/ then your cookie isn't there, and the session will get lost with it. Probably a set_cookie_params() call somewhere in your phpbb mess. if(isset($_SESSION['userid']) $_SESSION['userid']!=) What is this? Is the whole rest of the site passing around a ?forum=1 parameter in all its URLs? Probably not. Only phpbb is doing that. So then you never even GET to the $_SESSION check. { if(!isset($_SESSION[userid])) { ?php if(!isset($_SESSION['userid']) $_SESSION['userid'] == ) This is daft. !isset($x) $x == If $x isn't even set, then why test it for being == to the empty string? ?php if($_POST['hiddensubmit']){ And here you're not using isset(), so are generating E_NOTICE messages, most likely. $get_count5 = mysql_query(SELECT * FROM `contest_stories` WHERE contest_id = '.$_POST['cid'].' AND year='2007' AND username ='.$_SESSION[userid].'); Splicing POST data directly into a query is a giant security SQL Injection attack hole. Stop coding NOW and start reading and re-reading here until you understand why: http://phpsec.org Unless you WANT your entire database wiped out or even stolen by a meanie. echo font color=\red\You can only submit 3 stories per contest./abr; And you might as well not bother to have a contest, as the meanie can rig it to win using the SQL injection above... Sorry to be the bearer of Bad News... -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] problem with shared object file
On 4/28/07, Richard Lynch [EMAIL PROTECTED] wrote: On Fri, April 27, 2007 5:49 pm, Tijnema ! wrote: Also, I think dl() is going away in PHP 6, so you may want to re-think this from the get-go... Yes, if seen it is deprecated, but how could somebody include dynamic library without editing php.ini? I was a little bit shocked when i read i should use php.ini variable instead. I never used it, but when i wanted to, i would only to have it loaded in that script, and not all scripts. I also will miss 'dl' big-time, as I sometimes load in obscure libraries that my webhost does not provide, with their permission to do so, and with the understanding that if the libs cause problems, I have to be ready to live without them. There was a thread recently on Internals about possibly not killing this feature, but I don't think it had much support. The guys making the decisions don't use shared hosts, for the most part, and so few people need 'dl, so they don't feel any pressing need for 'dl' :-( Alas, it's something that has no user-land work-around, really... Though I guess you could use PHP to exec CLI PHP with a custom php.ini to then do whatever it is you wanted to do, passing all the data back and forth from web php to cli php... Ugh. You have exactly the same problem as i have. My shared hosting has safe_mode off en dl on, so i could load them :) But i don't have access to write to the php.ini file. Maybe we should create such workaround as you provided? Some script that uses PHP CLI to load dynamic objects. That would be useful for people that use shared hosting, like you and me :) Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] [ANNOUNCE] TODO parser
-Original Message- From: Gregory Beaver [mailto:[EMAIL PROTECTED] Sent: Saturday, April 28, 2007 1:03 PM To: Edward Vermillion Cc: Daevid Vincent; 'PHP' Subject: Re: [PHP] [ANNOUNCE] TODO parser Edward Vermillion wrote: On Apr 27, 2007, at 8:24 PM, Daevid Vincent wrote: For a long time I've wanted a tool that would traverse my source code to find all those little forgotten TODO entries. [snip] Doesn't phpDocumentor (http://phpdocu.sourceforge.net/) do that already? Hi, phpDocumentor processes @todo tags in a docblock, but not //TODO or other similar things. Greg -- I believe you're right. Plus I didn't want to have to go through and install PHPDocumentor, and have to follow their PHPDoc conventions and all that crap just to get a 'TODO' list. Programmers are often lazy, so even if *I* were to follow those conventions (which I do actually), many people on my team don't. Also, PHPDocumentor is only good for documenting methods, functions, etc. It won't handle the case where you have: $foo = 1; //TODO: make this something useful later AFAIK, PHPDocumentor only looks in the comment block like this: /* This method does something interesting * * @param int $foo * @todo make this something useful later */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] [ANNOUNCE] TODO parser
My tool is case insensitive. It looks for all of these and more: //TODO # TODO @TODO With or without spaces and other extra characters It's smart enough to know the difference between $todo = 1; //TODO: it will match this text, but not the variable It won't match this: titleTODO list/title It knows if it's in a ?php ? block and only parses that. It does not handle multiple line todo items like this: //TODO: [dv] it really should handle multiple line to do items // well maybe in v2.0 I'll get to that. // most people say the important part in the first line anyways Trust me. I wouldn't have written the tool if I didn't think there was a need -- at least there is for me. It's free. Use it if you like, or don't. Just thought I'd share it... d -Original Message- From: Richard Lynch [mailto:[EMAIL PROTECTED] Sent: Saturday, April 28, 2007 12:52 PM To: Daevid Vincent Cc: 'PHP' Subject: Re: [PHP] [ANNOUNCE] TODO parser Personally, I always spell it 'todo' and then a simple grep works pretty well... I suppose I sometimes find a bunch of stuff with 'todo' in a variable name, but not real often, so far... I also tend to keep a todo.txt file open and add to that instead of strewing things through my code... The only todo items in code are super super minor and so specific to that bit of code that I can't come up with a context-free way to express it in a sentence or less... Certainly any big-ticket items in a ToDo list deserve to be in an actual list rather than buried in source somewhere, no? On Fri, April 27, 2007 8:24 pm, Daevid Vincent wrote: For a long time I've wanted a tool that would traverse my source code to find all those little forgotten TODO entries. It should handle most all kinds (as you'll see if you look at the example files). The only one I didn't bother with was: $foo = 1; //Todo: [dv] I meant todo this later. notice the 'todo' in there. it confuses my script. simple solution is just spell it out as 'to do', which is proper English anyways! I give you a fairly simple but useful tool that does just that. The output can be command line (preferred way) or CSV so you can easily parse it into a web page. I provided an example of how to do that. The web version of course could be made much more interesting, with hyperlinks to the files, color, etc, but I wanted to keep it simple for illustration purposes. http://daevid.com/examples/todo/ Having said that, you should download it and try it for yourself. ./todo.php --path ./example --parse_tree ./todo.php --help for more options It's all in a single todo.php file so it's easy to add to /usr/local/bin or whatever. The tgz is really only for the examples. ÐÆ5ÏÐ P.S. While you're there, I'll give a plug to my DHCP web tool. Perfect for seeing who's on your LAN. http://daevid.com/examples/dhcp/ -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: [ANNOUNCE] TODO parser
-Original Message- From: Alexander Elder [mailto:[EMAIL PROTECTED] Sent: Saturday, April 28, 2007 10:30 AM To: php-general@lists.php.net Subject: [PHP] Re: [ANNOUNCE] TODO parser Daevid Vincent wrote: For a long time I've wanted a tool that would traverse my source code to find all those little forgotten TODO entries. http://daevid.com/examples/todo/ It would be nice if you added a flag for parsing 'FIXME' entries too. Quite a lot of source I've read contains 'TODO' and 'FIXME', often with little variation between meanings. Just my $0.02. Thank you Alexander, that is an excellent suggestion! D. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: [ANNOUNCE] TODO parser
Daevid Vincent wrote: -Original Message- From: Alexander Elder [mailto:[EMAIL PROTECTED] Sent: Saturday, April 28, 2007 10:30 AM To: php-general@lists.php.net Subject: [PHP] Re: [ANNOUNCE] TODO parser Daevid Vincent wrote: For a long time I've wanted a tool that would traverse my source code to find all those little forgotten TODO entries. http://daevid.com/examples/todo/ It would be nice if you added a flag for parsing 'FIXME' entries too. Quite a lot of source I've read contains 'TODO' and 'FIXME', often with little variation between meanings. Just my $0.02. it would also be nice if you were able to exclude certain directories... maybe an array of disallowed directories so it doesn't check them. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Parse error on a basic call?
$SESSION = get_include_contents'/phpbb/login.php'; I pulled this tright out of the text book. I am trying to pull a phpbb session on an outside page. Any suggestions? Here is the error! Parse error: parse error, unexpected T_CONSTANT_ENCAPSED_STRING in /home/content/c/u/t/cuteirka/html/contest_stories.php on line 2 Brad
[PHP] Help me put this into phpinesse!
?php ob_start(); session_start(); header(Cache-control: private); require(includes/configure.php); $conn=mysql_connect(DB_SERVER,DB_SERVER_USERNAME,DB_SERVER_PASSWORD); mysql_select_db(DB_DATABASE) or die(mysql_error().: database not available); $show=no; isset($_SESSION['userid']); if $SESSION=NULL include './phpbb/login_global.php' $show=yes; ? What am I missing? Brad
Re: [PHP] Parse error on a basic call?
On Apr 28, 2007, at 9:08 PM, Brad Sumrall wrote: $SESSION = get_include_contents'/phpbb/login.php'; I pulled this tright out of the text book. I am trying to pull a phpbb session on an outside page. Any suggestions? Here is the error! Parse error: parse error, unexpected T_CONSTANT_ENCAPSED_STRING in /home/content/c/u/t/cuteirka/html/contest_stories.php on line 2 You've got an unexpected string on line 2 of contest_stories.php. I'm going to assume that get_include_contents is a function? It should probably be: get_include_contents('/phpbb/login.php'); Notice the parens... There is a *real* good reference to the language here: http://www.php.net/manual/en/ The parser tokens are listed at: http://www.php.net/manual/en/tokens.php You can also usually google for T_CONSTANT_ENCAPSED_STRING and php (or whatever the error is) and probably get some good info too. Ed -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Parsing CSV files
On Apr 28, 2007, at 2:59 PM, Richard Lynch wrote: On Fri, April 27, 2007 5:25 pm, Fernando Cosso wrote: One word: explode :D Two Words: Quotes, Commas :-p I think I wrote a parser a while back that properly handled commas in quotes for csv files. Probably did it the hard way but it worked for what I needed it to do, and it required less brain power on my part then trying to figure out a regex. Went through the file a character at a time and ran the strings into arrays, ala explode(). Something along the lines of: $out = array(); $line = 1; $i = 0; start of line add chars to $out[$line][$i] (+=) until you get to a comma ($i++), keep track of opening and closing quotes and ignore the commas in between those, then on to the next line ($line++, $i=0;). My files were fairly small, so I'm not sure if it would be appropriate for large files or busy servers. Ed -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php