[PHP] RE: Deleting a string from a text file
?
$textFileName = 'filename.txt';
$strToDel = the_string;
$s = implode('', file($textFileName));
$p = strpos($s, $strToDel);
$len = strlen($strToDel);
if($p) {
$s = substr($s, 0, $p) . substr($s, $p+$len);
rename($textFileName, $textFileName . '~');
$f = fopen($textFileName, w);
fwrite($f, $s);
fclose($f);
}
?
-Original Message-
From: Stevenson, Christopher
[mailto:[EMAIL PROTECTED]]
Sent: 3 iulie 2001 11:35
To: '[EMAIL PROTECTED]'
Subject: Deleting a string from a text file
Hello, folks. I'm relatively new to this.
Would anyone be willing to give me some code that will delete
the first
occurrence of a string from a text file?
Thanks,
Chris.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] RE: Processing checkboxes in Dynamic tables
Variables that are not checked are not send by default.
Try the code below and see what variables are posted.
form method=get action=chkbox.html
?for($i = 0; $i 10; $i++):?
input type=checkbox name=p?=$i? value=1p?=$i?br
?endfor?
input type=submit
/form
To process variables you may use $HTTP_GET_VARS (or $HTTP_POST_VARS if
you preffer).
adu
PS: If you want the checkboxes to be checked by default you must use
CHECKED, not SELECT :)
-Original Message-
From: Michael Benbow [mailto:[EMAIL PROTECTED]]
Sent: 3 iulie 2001 12:08
To: [EMAIL PROTECTED]
Subject: Fw: Processing checkboxes in Dynamic tables
My apologies,
I was playing with the code and changed something before sending...
Where it reads INPUT TYPE=\CHECKBOX\ SELECT
NAME=\$p[$trade]\ the array should actually read p$trade
Peace,
Michael
- Original Message -
From: Michael Benbow
To: [EMAIL PROTECTED]
Sent: Tuesday, July 03, 2001 7:02 PM
Subject: Processing checkboxes in Dynamic tables
I have a solution to my problem already, but I am looking for
a far more economical way of doing this.
Currently my first page is four seperate tables with about 25
or so entries in each. I have gone through and automatically
allocated the name p101 through p125 to the checkboxes for
the first table, p201 through p225 to the checkboxes for the
second table, etc.
The user makes selections from each table, but seldomly
selects the majority. They choose which lines they want
processed then continue.
My problem is that with the above solution there are
automatically 200 variables being passed from page to page,
regardless of how many boxes are checked. The average amount
of boxes may be 10-15, and rarely is it more than 20.
Currently my code looks like the following...
$trade=101;
$result = mysql_query(SELECT * FROM $table_name WHERE ..);
if ($row = mysql_fetch_array($result)) {
do {
echo tr bgcolor=\#CBCFFF\\n;
echo td valign=\top\ nowrapfont size=\-2\;
echo INPUT TYPE=\CHECKBOX\ SELECT
NAME=\$p[$trade]\ OPTION VALUE=\$row[playerid]\;
echo $trade;
echo /td\n;
.
$trade=$trade+1;
.
} while.
etc.
Could someone please help me so only the variables which are
checked before the submit button is pressed are parsed, eg
p102, p107, p117, rather than every input variable which is
initialised on the site?
Thank you heaps in advace,
Michael.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] loading data into mysql from txt file from php
On 03-Jul-01 Clif Wieden wrote: I have a project where the admin uploads a new data file and it needs to be loaded into a mysql database. What's the best way to do this? The data file is tab-delimted but could be reformatted. Right now the file is uploaded and after copy($new_file, $file_loc) would like to refresh the db. LOAD DATA INFILE 'filename' into da_table ... the MySQL manual has the details. Regards, -- Don Read [EMAIL PROTECTED] -- It's always darkest before the dawn. So if you are going to steal the neighbor's newspaper, that's the time to do it. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] PHP for NetWare?
Actually, Netware isn't specifically a direct competitor of Microsloth. Netware is strictly a NOS (network operating System), where as Windows is a network, server and client OS. Now, this certainly isn't meant to make it look as if I like M$, but I used to work on my company's General Motors account, and GM has (literally) the world's largest NDS Tree/Novell Network. Frankly, it's not all that great. Whether Wind-woes 2000 and AD will be better has yet to be seen, but NW isn't too great either. At any rate, no, there is currently no (supported/official) port of PHP to Netware, and frankly I doubt there's much, if any, work being done on such a project. At the rate NW is losing it's customer base, there may be more client's with OS/2 then servers with NW soon. Jesse Williams -Original Message- From: Tony Gettig [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 03, 2001 1:10 PM To: [EMAIL PROTECTED] Subject: Re: [PHP] PHP for NetWare? Actually, NetWare is a very different operating system than Windows. It's a direct competitor to M$. Way more stable than windows. If PHP is available for NetWare, someone must have ported to the platform to run either as an NLM or with the JVM. There's a queston: is there perhaps a java executable version of PHP? If so, it could feasibly run on NetWare. The Netscape Enterprise server for NetWare supports ASP, which is not preferable to PHP. I'd really like to stick with PHP. Tony Gettig Network Administrator Kalamazoo Public Schools Chris Anderson [EMAIL PROTECTED] 07/03/01 12:44PM Ugh Netware. I believe that is Windows oriented/based so try the windows distrobutions - Original Message - From: Tony Gettig [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, July 03, 2001 7:49 AM Subject: [PHP] PHP for NetWare? Hi there, Is PHP available for NetWare? I've looked high and low and find no reference to such a beast. I prefer PHP on my Linux box, but I need to explore being able to put it on a NetWare server running Netscape Enterprise. TIA for any pointers in the right direction. Tony Gettig Network Administrator Kalamazoo Public Schools -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] PHP as external script and Apache : configuring 404 errors
Hello, I have : - Apache 1.3.x - PHP 4.0.5 (not a module, but a separate script) - the directive ErrorDocument is configurated : ErrorDocument 404 /404.html My problem : - http://server/filenotpresent gives a 404 error, and open 404.html. It's OK. - http://server/filenotpresent.php4 calls php before verifying if filenotpresent.php4 exists. So, instead of opening /404.html, we got an internal error because /usr/.../bin/php filenotpresent.php4 returns no data. My question : Is there is a way : - to tell php to generate an HTML page containing a redirect to /404.html, if the given file doesn't exists or - configure Apache to force it to check if the file exists before calling php ? Thanks for your help. Laurent. PS : I sent this email to php-install yesterday, but I didn't have any answer. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] How to prevent people from downloading images
Well- The best form of protection against this that I have seen is on Microsoft's satellite imaging server (can't remember the name off hand, if someone else can, post it please!) Basically it uses Java to display a satellite snapshot and it's broken in pieces (so it's easy to navigate west or north or whatever). At any rate, you cannot screencapture it or print screen it and even higher-end screen capture software does not seem to be able to grab the images (also, if anyone can FIND software that will, post it here too?!). The server is TerraSearch or something... can't recall off the top of my head. Jesse Williams Systems Administrator DowNET VoIP Team Electronic Data Systems, Inc. (EDS) -Original Message- From: rodrigo [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 03, 2001 8:37 PM To: php php Subject: [PHP] How to prevent people from downloading images This is probably more of a client side programming issue rather than something that has to do with PHP. But I figure that some of you might have something meaningful to comment. I need a way to prevent the download of some images in a web page. I also require that these images be presented within the web page. That is, I don' want them to be displayed in another window. They should remain embedded in the web page along with the rest of the page elements. Thanks in advance. -- Ivan R. Quintero E.* (507)228-3477 Aptdo 1263 * (507)228-9105 Balboa, Ancon * 612-1103 Republic of Panama * -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] php-general subscription test
Hi all, This is only a test. Sorry for any inconvenience. adu -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] uploading directory contents with one click possible?
Hello all For example: I have files(html files plus images) in my local machine and I want to upload all these files and the files in the subdirectory below it with one click. Is that possible in php? Has anyone done anything like that? Thanks muhudin raageh _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] PHP as external script and Apache : configuring 404 errors
If you make PHP a module this will work just fine. As a CGI I'd have to have a look at the code. There may or may not be a way to solve this, but it would require code changes. -Rasmus On Wed, 4 Jul 2001, Laurent INFOS wrote: Hello, I have : - Apache 1.3.x - PHP 4.0.5 (not a module, but a separate script) - the directive ErrorDocument is configurated : ErrorDocument 404 /404.html My problem : - http://server/filenotpresent gives a 404 error, and open 404.html. It's OK. - http://server/filenotpresent.php4 calls php before verifying if filenotpresent.php4 exists. So, instead of opening /404.html, we got an internal error because /usr/.../bin/php filenotpresent.php4 returns no data. My question : Is there is a way : - to tell php to generate an HTML page containing a redirect to /404.html, if the given file doesn't exists or - configure Apache to force it to check if the file exists before calling php ? Thanks for your help. Laurent. PS : I sent this email to php-install yesterday, but I didn't have any answer. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Protecting from session hijacking
hijacking? I thought of checking IP address on subsequent requests, but apparently this cannot be relied on because of HTTP proxies etc. but isn't better than nothing ? I think a session should be from the same IP all it's life, and this should be build into php. Internal networks will be seen as the same ip, so session can be stolen by somebody else in the same internal net, but not from outside of it. Now tell me what's wrong with my opinion, b/c it's too simple to work :) -- Marius Andreiana -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] Protecting from session hijacking
I think a session should be from the same IP all it's life, and this should be build into php. Internal networks will be seen as the same ip, so session can be stolen by somebody else in the same internal net, but not from outside of it. Now tell me what's wrong with my opinion, b/c it's too simple to work :) Four words: Load Balancing Proxy Servers. Jason -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] Protecting from session hijacking
On 04 Jul 2001 19:34:03 +1000, Jason Murray wrote: Now tell me what's wrong with my opinion, b/c it's too simple to work :) Four words: Load Balancing Proxy Servers. I knew it! :) So if someone on the net sees the URL and it has session id in it, that session can be stolen? -- Marius Andreiana -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] multiple entries in the same field
Hi, In a MySQL database I have one field that holds several entries seperated by a comma (e.g. item1,item2,item3). What I want to do is to get these items from the db from a PHP script and display each item on it's own line (e.g. item1britem2britem3). Is there anyway of doing this easily by simply changing each comma to a 'br' in the script? Thanks. Jamie Saunders [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] flush() PHP4 Again
Hello, Really nobody knows if it is a bug in PHP4 or not ?? (see my previous mail with flush() in the subject) Maybe I should open a ticket on php database ?? (my provider can't figure out the problem). Is there any possibility that this problem is due to browser configuration ?? (but so why when we exit() the script nothing is dumped on the browser ??) Regards, DidierT ___ Do You Yahoo!? -- Pour faire vos courses sur le Net, Yahoo! Shopping : http://fr.shopping.yahoo.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] multiple entries in the same field
Hi Jamie, use explode() or split(), these will split up your string eand return the resulting elements as an array. Generally speaking its not reaally good practice to store multiple entries as a comma sepparated string in one db field, since it takes down the data integrity of your database. Better would be to just store them in three sepperate columns in your table. If the number of items is not always the same, you should store these as individual entries in a sepperate table with the primary key of your original table. This way you can use the full potential of your database. My humble opinion though, Wieger Jamie Saunders wrote: Hi, In a MySQL database I have one field that holds several entries seperated by a comma (e.g. item1,item2,item3). What I want to do is to get these items from the db from a PHP script and display each item on it's own line (e.g. item1britem2britem3). Is there anyway of doing this easily by simply changing each comma to a 'br' in the script? Thanks. Jamie Saunders [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- Wieger Uffink tel: +31 20 428 6868 fax: +31 20 470 6905 web: http://www.usmedia.nl -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] fread from /dev/ttyS0 without EOF
Hi,
I have a GSM modem connected to /dev/ttyS0 and would like to use php
to communicate with the modem. Writing works perfectly like this:
$fp=fopen(/dev/ttyS0,r+);
fwrite($fp,AT+CMGL\r);
but reading is a little problem because if the modem for example answers
to the AT+CMGL message I sent to it with the command above it does NOT
put an EOF at the end of the stream. For example the following code
while (!feof($fp)) {
print=fgetc($fp);
}
blocks after it read the last char and waits for the next char that will
never come. I tried to use filesize() and
fseek ($fp,0,SEEK_END);
print ftell($fp);
to find out the length of the answer of the modem but it didn't work.
Anybody knows a solution? For example a timeout parameter of fread, fgetc?
Or whatever ...
Thanks
Tobias
--
Sign the Petition for a Software Patent Free Europe:
http://petition.eurolinux.org/
Tobias Fritz
[EMAIL PROTECTED]
http://tobias.fritz.net/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] mail problem...
Hi!
It seems to be a php-specific problem. Check your php config file (in php4
it is php.ini). There you should find a line related to the smtp server.
Fill it with its correct content.
Balazs
On Wed, 4 Jul 2001, php wrote:
hai...
I have install php and i want to create email direct
but when i run my php...but i get error message
Warning: Failed to Connect in e:/learn/php/mail.php on line 24
email failed
or i need to add object mail in php
anyone help me with this...
my code like this...
=
html
head
titleUpdate User/title
/head
body
?php
$applicant = Hendra;
$company = PT. Sistem Intergra Indonesia;
$phone = 324592;
$to= [EMAIL PROTECTED];
$subjek = Testing php script;
$header =\nForm: hrd.co.id\n;
$body = \nName : .quotemeta($application).
\nCompany : .quotemeta($company).
\phone : .quotemeta($phone);
$success = mail($to, $subjek, $body, $header);
if ($success)
{
echo(email has been send);
}else
{
echo(email failed);
}
?
/body
/html
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] capatalising letters
http://php.net/manual/en/function.ucwords.php -Original Message- From: Jamie Saunders [mailto:[EMAIL PROTECTED]] Sent: 4 iulie 2001 14:57 To: [EMAIL PROTECTED] Subject: [PHP] capatalising letters Hi, I've got a list of strings in the following format: item one item two item three What I'd like to do now is to capitalise the first letter of each word so the list becomes: Item One Item Two Item Three Can anyone tell me how to do this? Thanks. Jamie Saunders [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] preg_match
Hy,
i've got a string which looks like [EMAIL PROTECTED]. Now i wanted
to check it with preg_match like this:
if ( preg_match(
'/[\][a-z]([-a-z0-9_.])*@([-a-z0-9_]*\.)+[a-z]{2, }[\]/i', $value ) ) {
print Valid mail address;
} else {
print Invalid mail address;
}
Unfortunatly this doesn't work. I think, i have to use a different syntax
for the and braces. Can somebody give me a hint?
Thx,
Daniel
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] Sina.com
lol you're right :) - Tim Taubert | [EMAIL PROTECTED] | http://www.shogunat.com/rg/ - -Original Message- From: Don Read [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 04, 2001 8:47 AM To: Tim Taubert Subject: RE: [PHP] Sina.com On 03-Jul-01 Tim Taubert wrote: i'm getting this like you... only unreadable messages.. Probably readable if you had big-5 font and understood Chinese. -- Don Read [EMAIL PROTECTED] -- It's always darkest before the dawn. So if you are going to steal the neighbor's newspaper, that's the time to do it. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] preg_match
try
ereg('^([a-z,A-Z,0-9]|_|-|\.)+@([a-z,A-Z,0-9]|_|-|\.)+\.([a-z,A-Z,0-9]|_
|-|\.){2,3}$', $email)
-Original Message-
From: Daniel Reichenbach [mailto:[EMAIL PROTECTED]]
Sent: 4 iulie 2001 15:05
To: Php-General
Subject: [PHP] preg_match
Hy,
i've got a string which looks like [EMAIL PROTECTED].
Now i wanted
to check it with preg_match like this:
if ( preg_match(
'/[\][a-z]([-a-z0-9_.])*@([-a-z0-9_]*\.)+[a-z]{2, }[\]/i',
$value ) ) {
print Valid mail address;
} else {
print Invalid mail address;
}
Unfortunatly this doesn't work. I think, i have to use a
different syntax
for the and braces. Can somebody give me a hint?
Thx,
Daniel
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail:
[EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Document File Types/Formats
Hey, Just wonder if some one has any documents/guides on different file types, i saw one a while ago on WRI(Mircosoft Word) files, Currently i only have normal text, I know can do HTML so don't sent me documents on converting HTML to Text, just other file typesplease...WRI is one of the main ones i want, also PDF if any one has details on it... - James ReDucTor Mitchell
[PHP] Security of PHP code
Is it possible for others to view the php code for pages I have written? I thought I heard someone say before that they could write a simple script to accomplish this. If anyone knows of any tacticts people might use to attack my code please post them hee. : David A. Dickson : [EMAIL PROTECTED] Get 250 color business cards for FREE! http://businesscards.lycos.com/vp/fastpath/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] Security of PHP code
i think that you can't attack php code because it's a server side scripting language... just with *echo*(and others) you send some code to the browser... i guess it's secure ;) Tim Taubert - Tim Taubert | [EMAIL PROTECTED] | http://www.shogunat.com/rg/ - -Original Message- From: David A Dickson [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 04, 2001 3:43 PM To: php-general Subject: [PHP] Security of PHP code Is it possible for others to view the php code for pages I have written? I thought I heard someone say before that they could write a simple script to accomplish this. If anyone knows of any tacticts people might use to attack my code please post them hee. : David A. Dickson : [EMAIL PROTECTED] Get 250 color business cards for FREE! http://businesscards.lycos.com/vp/fastpath/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] Security of PHP code
Here is something that happend to me: I forgot to tell Apache that .inc files must be parsed by PHP. All works fine if you include a .inc file, but if somebody guess .inc file name, he can see the content of that file! -Original Message- From: David A Dickson [mailto:[EMAIL PROTECTED]] Sent: 4 iulie 2001 16:43 To: php-general Subject: [PHP] Security of PHP code Is it possible for others to view the php code for pages I have written? I thought I heard someone say before that they could write a simple script to accomplish this. If anyone knows of any tacticts people might use to attack my code please post them hee. : David A. Dickson : [EMAIL PROTECTED] Get 250 color business cards for FREE! http://businesscards.lycos.com/vp/fastpath/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] Security of PHP code
yes i had this problem too... it's easier to rename your .inc files to .inc.php3 ... so nobody can see your code but the output maybe null or some crazy code... but it's not your php code... Tim Taubert - Tim Taubert | [EMAIL PROTECTED] | http://www.shogunat.com/rg/ - -Original Message- From: Adrian Ciutureanu [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 04, 2001 3:46 PM To: [EMAIL PROTECTED] Cc: php-general Subject: RE: [PHP] Security of PHP code Here is something that happend to me: I forgot to tell Apache that .inc files must be parsed by PHP. All works fine if you include a .inc file, but if somebody guess .inc file name, he can see the content of that file! -Original Message- From: David A Dickson [mailto:[EMAIL PROTECTED]] Sent: 4 iulie 2001 16:43 To: php-general Subject: [PHP] Security of PHP code Is it possible for others to view the php code for pages I have written? I thought I heard someone say before that they could write a simple script to accomplish this. If anyone knows of any tacticts people might use to attack my code please post them hee. : David A. Dickson : [EMAIL PROTECTED] Get 250 color business cards for FREE! http://businesscards.lycos.com/vp/fastpath/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] Security of PHP code
The right way to fix this is to add a rule to your Apache configuration that looks like this: Files ~ \.inc$ Order allow,deny Deny from all /Files That will simply prevent any direct access at all to your .inc files. Making the .inc files simply be parsed by PHP could still be a problem as they could be called out of context. -Rasmus On Wed, 4 Jul 2001, Adrian Ciutureanu wrote: Here is something that happend to me: I forgot to tell Apache that .inc files must be parsed by PHP. All works fine if you include a .inc file, but if somebody guess .inc file name, he can see the content of that file! -Original Message- From: David A Dickson [mailto:[EMAIL PROTECTED]] Sent: 4 iulie 2001 16:43 To: php-general Subject: [PHP] Security of PHP code Is it possible for others to view the php code for pages I have written? I thought I heard someone say before that they could write a simple script to accomplish this. If anyone knows of any tacticts people might use to attack my code please post them hee. : David A. Dickson : [EMAIL PROTECTED] Get 250 color business cards for FREE! http://businesscards.lycos.com/vp/fastpath/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] Security of PHP code
SECURE, SECURE. It is not how secure PHP is, it is how well YOU protect it. For example = make this line show_source($file); then go to your page like file.php?file=/etc/passwd and you're freaked! There is a whole bunch of way to hack your pages if not protected well enough, but PHP itself has no vital security problems. Try to search the archives for this topic and see what people think/suggest. You will find there thousands of tips on what to do to have a bullet-proof website. (always of the server is yours). Sincerely, Maxim Maletsky Founder, Chief Developer PHPBeginner.com (Where PHP Begins) [EMAIL PROTECTED] www.phpbeginner.com -Original Message- From: David A Dickson [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 04, 2001 10:43 PM To: php-general Subject: [PHP] Security of PHP code Is it possible for others to view the php code for pages I have written? I thought I heard someone say before that they could write a simple script to accomplish this. If anyone knows of any tacticts people might use to attack my code please post them hee. : David A. Dickson : [EMAIL PROTECTED] Get 250 color business cards for FREE! http://businesscards.lycos.com/vp/fastpath/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Security of PHP code
http://sourceforge.net/source.php?page_url=/source.php look at that... - Original Message - From: PHPBeginner.com [EMAIL PROTECTED] To: [EMAIL PROTECTED]; php-general [EMAIL PROTECTED] Sent: Thursday, July 05, 2001 12:08 AM Subject: RE: [PHP] Security of PHP code SECURE, SECURE. It is not how secure PHP is, it is how well YOU protect it. For example = make this line show_source($file); then go to your page like file.php?file=/etc/passwd and you're freaked! There is a whole bunch of way to hack your pages if not protected well enough, but PHP itself has no vital security problems. Try to search the archives for this topic and see what people think/suggest. You will find there thousands of tips on what to do to have a bullet-proof website. (always of the server is yours). Sincerely, Maxim Maletsky Founder, Chief Developer PHPBeginner.com (Where PHP Begins) [EMAIL PROTECTED] www.phpbeginner.com -Original Message- From: David A Dickson [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 04, 2001 10:43 PM To: php-general Subject: [PHP] Security of PHP code Is it possible for others to view the php code for pages I have written? I thought I heard someone say before that they could write a simple script to accomplish this. If anyone knows of any tacticts people might use to attack my code please post them hee. : David A. Dickson : [EMAIL PROTECTED] Get 250 color business cards for FREE! http://businesscards.lycos.com/vp/fastpath/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Ghostscript and PHP
Can Ghostscript be used with PHP? Todd -- Todd Cary Ariste Software [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] How to prevent people from downloading images
On Wed, 04 Jul 2001, ..s.c.o.t.t.. wrote: there are two answers to this: 1) it cannot be done. as long as that image is on the person's computer screen, it is physically impossible to prevent that person from saving the image and using it. (a simple tap of the print screen will take a screenshot on windows machines, as someone else mentioned) Agreed, but how about only showing a very small image. Large enough for them to know what it is, but not large enough that saving it would do them much good. -- John Meyer [EMAIL PROTECTED] Programmer Those who sacrifice liberty for security deserve neither -- Ben Franklin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Troubleshooting syntax ?
That domain name doesn't appear to be valid. Perhaps you meant: http://validator.w3.org ? --kurt - Original Message - From: Christian Reiniger [EMAIL PROTECTED] To: Jack Sasportas [EMAIL PROTECTED]; php [EMAIL PROTECTED] Sent: Wednesday, July 04, 2001 3:19 AM Subject: Re: [PHP] Troubleshooting syntax ? On Tuesday 03 July 2001 22:17, Jack Sasportas wrote: Can anyone suggest a tool / web site etc, that helps you check the html code for the missing / wrong syntax so that it is spotted quickly like making it red or something, instead of reading through hundreds of lines of code, hopefully catching the problem? http://validator.w3c.org/ -- Christian Reiniger LGDC Webmaster (http://lgdc.sunsite.dk/) The use of COBOL cripples the mind; its teaching should, therefore, be regarded as a criminal offence. - Edsger W. Dijkstra -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] ereg_replace
Hi, short question: i want to use ereg_replace to replace something with an array-element, this is my code and its not working: ereg_replace(\\$([0-9]), \$parmarray[\\1], $string); parmarray is of course an array with some elements, Here are the facts: $parmarray = array (, value1, value2); $string = foo $1 bar $2; output: foo $parmarray[1] bar $parmarray[2] i want of course: output: foo value1 bar value2 any ideas? thx in advance --- Marc Logemann Morelogs GmbH Co. KG Chief Software Architect --- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] How to prevent people from downloading images
At http://www.floatographs.com , I reduce the resolution and put a watermark in the JPEG. Not very clever, but it works. Todd P.S. The site is using PHP and Interbase plus a lot of help from all of you folks!! Many thanks -- Todd Cary Ariste Software [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] Security of PHP code
you're totally right.. look at this http://www.ssw.uni-linz.ac.at/Teaching/Lectures/Sem/2000/Alexander/source.ph p3?url=/etc/passwd *no comment* and not my site... Tim Taubert - Tim Taubert | [EMAIL PROTECTED] | http://www.shogunat.com/rg/ - .o] -Original Message- .o] From: PHPBeginner.com [mailto:[EMAIL PROTECTED]] .o] Sent: Wednesday, July 04, 2001 4:09 PM .o] To: [EMAIL PROTECTED]; php-general .o] Subject: RE: [PHP] Security of PHP code .o] .o] .o] SECURE, SECURE. .o] .o] It is not how secure PHP is, it is how well YOU protect it. .o] For example = make this line show_source($file); then go to .o] your page like .o] file.php?file=/etc/passwd and you're freaked! .o] .o] There is a whole bunch of way to hack your pages if not protected well .o] enough, but PHP itself has no vital security problems. .o] .o] Try to search the archives for this topic and see what people .o] think/suggest. .o] You will find there thousands of tips on what to do to have a .o] bullet-proof .o] website. (always of the server is yours). .o] .o] .o] Sincerely, .o] .o] Maxim Maletsky .o] Founder, Chief Developer .o] .o] PHPBeginner.com (Where PHP Begins) .o] [EMAIL PROTECTED] .o] www.phpbeginner.com .o] .o] .o] .o] .o] -Original Message- .o] From: David A Dickson [mailto:[EMAIL PROTECTED]] .o] Sent: Wednesday, July 04, 2001 10:43 PM .o] To: php-general .o] Subject: [PHP] Security of PHP code .o] .o] .o] Is it possible for others to view the php code for pages I have .o] written? I .o] thought I heard someone say before that they could write a .o] simple script to .o] accomplish this. If anyone knows of any tacticts people might .o] use to attack .o] my code please post them hee. .o] .o] : David A. Dickson .o] : [EMAIL PROTECTED] .o] .o] .o] .o] .o] Get 250 color business cards for FREE! .o] http://businesscards.lycos.com/vp/fastpath/ .o] .o] -- .o] PHP General Mailing List (http://www.php.net/) .o] To unsubscribe, e-mail: [EMAIL PROTECTED] .o] For additional commands, e-mail: [EMAIL PROTECTED] .o] To contact the list administrators, e-mail: [EMAIL PROTECTED] .o] .o] .o] .o] -- .o] PHP General Mailing List (http://www.php.net/) .o] To unsubscribe, e-mail: [EMAIL PROTECTED] .o] For additional commands, e-mail: [EMAIL PROTECTED] .o] To contact the list administrators, e-mail: [EMAIL PROTECTED] .o] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] Security of PHP code
mh =) contacted the admin to fix this problem ;) Tim Taubert - Tim Taubert | [EMAIL PROTECTED] | http://www.shogunat.com/rg/ - .o] -Original Message- .o] From: Tim Taubert [mailto:[EMAIL PROTECTED]] .o] Sent: Wednesday, July 04, 2001 4:58 PM .o] To: PHP Mailingliste .o] Subject: RE: [PHP] Security of PHP code .o] .o] .o] you're totally right.. look at this .o] .o] http://www.ssw.uni-linz.ac.at/Teaching/Lectures/Sem/2000/Alexander/source.ph .o] p3?url=/etc/passwd .o] .o] *no comment* and not my site... .o] .o] Tim Taubert .o] .o] - .o]Tim Taubert | [EMAIL PROTECTED] | http://www.shogunat.com/rg/ .o] - .o] .o] .o] -Original Message- .o] .o] From: PHPBeginner.com [mailto:[EMAIL PROTECTED]] .o] .o] Sent: Wednesday, July 04, 2001 4:09 PM .o] .o] To: [EMAIL PROTECTED]; php-general .o] .o] Subject: RE: [PHP] Security of PHP code .o] .o] .o] .o] .o] .o] SECURE, SECURE. .o] .o] .o] .o] It is not how secure PHP is, it is how well YOU protect it. .o] .o] For example = make this line show_source($file); then go to .o] .o] your page like .o] .o] file.php?file=/etc/passwd and you're freaked! .o] .o] .o] .o] There is a whole bunch of way to hack your pages if not protected well .o] .o] enough, but PHP itself has no vital security problems. .o] .o] .o] .o] Try to search the archives for this topic and see what people .o] .o] think/suggest. .o] .o] You will find there thousands of tips on what to do to have a .o] .o] bullet-proof .o] .o] website. (always of the server is yours). .o] .o] .o] .o] .o] .o] Sincerely, .o] .o] .o] .o] Maxim Maletsky .o] .o] Founder, Chief Developer .o] .o] .o] .o] PHPBeginner.com (Where PHP Begins) .o] .o] [EMAIL PROTECTED] .o] .o] www.phpbeginner.com .o] .o] .o] .o] .o] .o] .o] .o] .o] .o] -Original Message- .o] .o] From: David A Dickson [mailto:[EMAIL PROTECTED]] .o] .o] Sent: Wednesday, July 04, 2001 10:43 PM .o] .o] To: php-general .o] .o] Subject: [PHP] Security of PHP code .o] .o] .o] .o] .o] .o] Is it possible for others to view the php code for pages I have .o] .o] written? I .o] .o] thought I heard someone say before that they could write a .o] .o] simple script to .o] .o] accomplish this. If anyone knows of any tacticts people might .o] .o] use to attack .o] .o] my code please post them hee. .o] .o] .o] .o] : David A. Dickson .o] .o] : [EMAIL PROTECTED] .o] .o] .o] .o] .o] .o] .o] .o] .o] .o] Get 250 color business cards for FREE! .o] .o] http://businesscards.lycos.com/vp/fastpath/ .o] .o] .o] .o] -- .o] .o] PHP General Mailing List (http://www.php.net/) .o] .o] To unsubscribe, e-mail: [EMAIL PROTECTED] .o] .o] For additional commands, e-mail: [EMAIL PROTECTED] .o] .o] To contact the list administrators, e-mail: [EMAIL PROTECTED] .o] .o] .o] .o] .o] .o] .o] .o] -- .o] .o] PHP General Mailing List (http://www.php.net/) .o] .o] To unsubscribe, e-mail: [EMAIL PROTECTED] .o] .o] For additional commands, e-mail: [EMAIL PROTECTED] .o] .o] To contact the list administrators, e-mail: [EMAIL PROTECTED] .o] .o] .o] .o] .o] -- .o] PHP General Mailing List (http://www.php.net/) .o] To unsubscribe, e-mail: [EMAIL PROTECTED] .o] For additional commands, e-mail: [EMAIL PROTECTED] .o] To contact the list administrators, e-mail: [EMAIL PROTECTED] .o] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] Security of PHP code
Yup, I believe you - that's not your site. That is what I meant: It is no PHP, it is how you use PHP. DISCLAIMER: No one's fault (except the programmer) that there was THAT BIG security hole on the site. -maxim maletsky -Original Message- From: Tim Taubert [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 04, 2001 11:58 PM To: PHP Mailingliste Subject: RE: [PHP] Security of PHP code you're totally right.. look at this http://www.ssw.uni-linz.ac.at/Teaching/Lectures/Sem/2000/Alexander/source.ph p3?url=/etc/passwd *no comment* and not my site... Tim Taubert - Tim Taubert | [EMAIL PROTECTED] | http://www.shogunat.com/rg/ - .o] -Original Message- .o] From: PHPBeginner.com [mailto:[EMAIL PROTECTED]] .o] Sent: Wednesday, July 04, 2001 4:09 PM .o] To: [EMAIL PROTECTED]; php-general .o] Subject: RE: [PHP] Security of PHP code .o] .o] .o] SECURE, SECURE. .o] .o] It is not how secure PHP is, it is how well YOU protect it. .o] For example = make this line show_source($file); then go to .o] your page like .o] file.php?file=/etc/passwd and you're freaked! .o] .o] There is a whole bunch of way to hack your pages if not protected well .o] enough, but PHP itself has no vital security problems. .o] .o] Try to search the archives for this topic and see what people .o] think/suggest. .o] You will find there thousands of tips on what to do to have a .o] bullet-proof .o] website. (always of the server is yours). .o] .o] .o] Sincerely, .o] .o] Maxim Maletsky .o] Founder, Chief Developer .o] .o] PHPBeginner.com (Where PHP Begins) .o] [EMAIL PROTECTED] .o] www.phpbeginner.com .o] .o] .o] .o] .o] -Original Message- .o] From: David A Dickson [mailto:[EMAIL PROTECTED]] .o] Sent: Wednesday, July 04, 2001 10:43 PM .o] To: php-general .o] Subject: [PHP] Security of PHP code .o] .o] .o] Is it possible for others to view the php code for pages I have .o] written? I .o] thought I heard someone say before that they could write a .o] simple script to .o] accomplish this. If anyone knows of any tacticts people might .o] use to attack .o] my code please post them hee. .o] .o] : David A. Dickson .o] : [EMAIL PROTECTED] .o] .o] .o] .o] .o] Get 250 color business cards for FREE! .o] http://businesscards.lycos.com/vp/fastpath/ .o] .o] -- .o] PHP General Mailing List (http://www.php.net/) .o] To unsubscribe, e-mail: [EMAIL PROTECTED] .o] For additional commands, e-mail: [EMAIL PROTECTED] .o] To contact the list administrators, e-mail: [EMAIL PROTECTED] .o] .o] .o] .o] -- .o] PHP General Mailing List (http://www.php.net/) .o] To unsubscribe, e-mail: [EMAIL PROTECTED] .o] For additional commands, e-mail: [EMAIL PROTECTED] .o] To contact the list administrators, e-mail: [EMAIL PROTECTED] .o] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] Security of PHP code
oh thanks for the disclaimer ;) forgot it.. richard: didn't think about it.. but should have done it.. first and last time i did it *promised* :) Tim Taubert - Tim Taubert | [EMAIL PROTECTED] | http://www.shogunat.com/rg/ - .o] -Original Message- .o] From: PHPBeginner.com [mailto:[EMAIL PROTECTED]] .o] Sent: Wednesday, July 04, 2001 5:09 PM .o] To: [EMAIL PROTECTED]; PHP Mailingliste .o] Subject: RE: [PHP] Security of PHP code .o] .o] .o] Yup, I believe you - that's not your site. .o] .o] That is what I meant: It is no PHP, it is how you use PHP. .o] .o] DISCLAIMER: .o] No one's fault (except the programmer) that there was THAT BIG security hole .o] on the site. .o] .o] -maxim maletsky .o] .o] .o] .o] .o] -Original Message- .o] From: Tim Taubert [mailto:[EMAIL PROTECTED]] .o] Sent: Wednesday, July 04, 2001 11:58 PM .o] To: PHP Mailingliste .o] Subject: RE: [PHP] Security of PHP code .o] .o] .o] you're totally right.. look at this .o] .o] http://www.ssw.uni-linz.ac.at/Teaching/Lectures/Sem/2000/Alexander/source.ph .o] p3?url=/etc/passwd .o] .o] *no comment* and not my site... .o] .o] Tim Taubert .o] .o] - .o]Tim Taubert | [EMAIL PROTECTED] | http://www.shogunat.com/rg/ .o] - .o] .o] .o] -Original Message- .o] .o] From: PHPBeginner.com [mailto:[EMAIL PROTECTED]] .o] .o] Sent: Wednesday, July 04, 2001 4:09 PM .o] .o] To: [EMAIL PROTECTED]; php-general .o] .o] Subject: RE: [PHP] Security of PHP code .o] .o] .o] .o] .o] .o] SECURE, SECURE. .o] .o] .o] .o] It is not how secure PHP is, it is how well YOU protect it. .o] .o] For example = make this line show_source($file); then go to .o] .o] your page like .o] .o] file.php?file=/etc/passwd and you're freaked! .o] .o] .o] .o] There is a whole bunch of way to hack your pages if not protected well .o] .o] enough, but PHP itself has no vital security problems. .o] .o] .o] .o] Try to search the archives for this topic and see what people .o] .o] think/suggest. .o] .o] You will find there thousands of tips on what to do to have a .o] .o] bullet-proof .o] .o] website. (always of the server is yours). .o] .o] .o] .o] .o] .o] Sincerely, .o] .o] .o] .o] Maxim Maletsky .o] .o] Founder, Chief Developer .o] .o] .o] .o] PHPBeginner.com (Where PHP Begins) .o] .o] [EMAIL PROTECTED] .o] .o] www.phpbeginner.com .o] .o] .o] .o] .o] .o] .o] .o] .o] .o] -Original Message- .o] .o] From: David A Dickson [mailto:[EMAIL PROTECTED]] .o] .o] Sent: Wednesday, July 04, 2001 10:43 PM .o] .o] To: php-general .o] .o] Subject: [PHP] Security of PHP code .o] .o] .o] .o] .o] .o] Is it possible for others to view the php code for pages I have .o] .o] written? I .o] .o] thought I heard someone say before that they could write a .o] .o] simple script to .o] .o] accomplish this. If anyone knows of any tacticts people might .o] .o] use to attack .o] .o] my code please post them hee. .o] .o] .o] .o] : David A. Dickson .o] .o] : [EMAIL PROTECTED] .o] .o] .o] .o] .o] .o] .o] .o] .o] .o] Get 250 color business cards for FREE! .o] .o] http://businesscards.lycos.com/vp/fastpath/ .o] .o] .o] .o] -- .o] .o] PHP General Mailing List (http://www.php.net/) .o] .o] To unsubscribe, e-mail: [EMAIL PROTECTED] .o] .o] For additional commands, e-mail: [EMAIL PROTECTED] .o] .o] To contact the list administrators, e-mail: [EMAIL PROTECTED] .o] .o] .o] .o] .o] .o] .o] .o] -- .o] .o] PHP General Mailing List (http://www.php.net/) .o] .o] To unsubscribe, e-mail: [EMAIL PROTECTED] .o] .o] For additional commands, e-mail: [EMAIL PROTECTED] .o] .o] To contact the list administrators, e-mail: [EMAIL PROTECTED] .o] .o] .o] .o] .o] -- .o] PHP General Mailing List (http://www.php.net/) .o] To unsubscribe, e-mail: [EMAIL PROTECTED] .o] For additional commands, e-mail: [EMAIL PROTECTED] .o] To contact the list administrators, e-mail: [EMAIL PROTECTED] .o] .o] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] Security of PHP code
Just for the respect of the community, Tim, you shouldn't have posted that. Poor them, they are under the risks, of course the things will be probably fixed, but if someone cares he might be already in the machine just for the sake of it. -maxim maletsky -Original Message- From: Tim Taubert [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 05, 2001 12:09 AM To: PHP Mailingliste Subject: RE: [PHP] Security of PHP code oh thanks for the disclaimer ;) forgot it.. richard: didn't think about it.. but should have done it.. first and last time i did it *promised* :) Tim Taubert - Tim Taubert | [EMAIL PROTECTED] | http://www.shogunat.com/rg/ - .o] -Original Message- .o] From: PHPBeginner.com [mailto:[EMAIL PROTECTED]] .o] Sent: Wednesday, July 04, 2001 5:09 PM .o] To: [EMAIL PROTECTED]; PHP Mailingliste .o] Subject: RE: [PHP] Security of PHP code .o] .o] .o] Yup, I believe you - that's not your site. .o] .o] That is what I meant: It is no PHP, it is how you use PHP. .o] .o] DISCLAIMER: .o] No one's fault (except the programmer) that there was THAT BIG security hole .o] on the site. .o] .o] -maxim maletsky .o] .o] .o] .o] .o] -Original Message- .o] From: Tim Taubert [mailto:[EMAIL PROTECTED]] .o] Sent: Wednesday, July 04, 2001 11:58 PM .o] To: PHP Mailingliste .o] Subject: RE: [PHP] Security of PHP code .o] .o] .o] you're totally right.. look at this .o] .o] http://www.ssw.uni-linz.ac.at/Teaching/Lectures/Sem/2000/Alexander/source.ph .o] p3?url=/etc/passwd .o] .o] *no comment* and not my site... .o] .o] Tim Taubert .o] .o] - .o]Tim Taubert | [EMAIL PROTECTED] | http://www.shogunat.com/rg/ .o] - .o] .o] .o] -Original Message- .o] .o] From: PHPBeginner.com [mailto:[EMAIL PROTECTED]] .o] .o] Sent: Wednesday, July 04, 2001 4:09 PM .o] .o] To: [EMAIL PROTECTED]; php-general .o] .o] Subject: RE: [PHP] Security of PHP code .o] .o] .o] .o] .o] .o] SECURE, SECURE. .o] .o] .o] .o] It is not how secure PHP is, it is how well YOU protect it. .o] .o] For example = make this line show_source($file); then go to .o] .o] your page like .o] .o] file.php?file=/etc/passwd and you're freaked! .o] .o] .o] .o] There is a whole bunch of way to hack your pages if not protected well .o] .o] enough, but PHP itself has no vital security problems. .o] .o] .o] .o] Try to search the archives for this topic and see what people .o] .o] think/suggest. .o] .o] You will find there thousands of tips on what to do to have a .o] .o] bullet-proof .o] .o] website. (always of the server is yours). .o] .o] .o] .o] .o] .o] Sincerely, .o] .o] .o] .o] Maxim Maletsky .o] .o] Founder, Chief Developer .o] .o] .o] .o] PHPBeginner.com (Where PHP Begins) .o] .o] [EMAIL PROTECTED] .o] .o] www.phpbeginner.com .o] .o] .o] .o] .o] .o] .o] .o] .o] .o] -Original Message- .o] .o] From: David A Dickson [mailto:[EMAIL PROTECTED]] .o] .o] Sent: Wednesday, July 04, 2001 10:43 PM .o] .o] To: php-general .o] .o] Subject: [PHP] Security of PHP code .o] .o] .o] .o] .o] .o] Is it possible for others to view the php code for pages I have .o] .o] written? I .o] .o] thought I heard someone say before that they could write a .o] .o] simple script to .o] .o] accomplish this. If anyone knows of any tacticts people might .o] .o] use to attack .o] .o] my code please post them hee. .o] .o] .o] .o] : David A. Dickson .o] .o] : [EMAIL PROTECTED] .o] .o] .o] .o] .o] .o] .o] .o] .o] .o] Get 250 color business cards for FREE! .o] .o] http://businesscards.lycos.com/vp/fastpath/ .o] .o] .o] .o] -- .o] .o] PHP General Mailing List (http://www.php.net/) .o] .o] To unsubscribe, e-mail: [EMAIL PROTECTED] .o] .o] For additional commands, e-mail: [EMAIL PROTECTED] .o] .o] To contact the list administrators, e-mail: [EMAIL PROTECTED] .o] .o] .o] .o] .o] .o] .o] .o] -- .o] .o] PHP General Mailing List (http://www.php.net/) .o] .o] To unsubscribe, e-mail: [EMAIL PROTECTED] .o] .o] For additional commands, e-mail: [EMAIL PROTECTED] .o] .o] To contact the list administrators, e-mail: [EMAIL PROTECTED] .o] .o] .o] .o] .o] -- .o] PHP General Mailing List (http://www.php.net/) .o] To unsubscribe, e-mail: [EMAIL PROTECTED] .o] For additional commands, e-mail: [EMAIL PROTECTED] .o] To contact the list administrators, e-mail: [EMAIL PROTECTED] .o] .o] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Undefined variables
To PHP-general group,
I have configured PHP to report all errors warnings (error_reporting
= E_ALL on php.ini file), but since then I get tons of warning
messages for Undefined variables. For example, referring $HTTP_HOST
directly leads a message like Undefined variable: HTTP_HOST in ... on
line I tried to use $HTTP_SERVER_VARS['HTTP_HOST'] instead, but
then I get the message Undefined index: HTTP_HOST in ... on line
How do I get rid of these messages? I also get these messages for
internal variables, cookie variables (globals) etc.
I am also interested in testing whether the user typed the URL properly,
including upper/lower case. I'm using this code to check it in the
beginning of the page:
?php
if (strcmp($HTTP_SERVER_VARS['HTTP_HOST'], 'dating.speedy.co.il') != 0)
{
header('Location: http://dating.speedy.co.il/');
exit;
}
?
But, if the user enters http://DATING.SPEEDY.CO.IL/, this has no
effect. Is there any way to get a case sensitive version of HTTP_HOST?
(I noticed HTTP_HOST has changed since the previous version of PHP
apache).
Thanks,
Uri Even-Chen
Speedy Software
Raanana, Israel.
Welcome to Speedy Net (In Hebrew):
http://www.speedy.co.il/
Speedy Dating (In Hebrew):
http://dating.speedy.co.il/
Speedy Composer (In English):
http://www.speedy.co.il/composer/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] Security of PHP code
mh i know it was the wrong decision. didn't think about it. already said that. feeling guilty now *argh* Tim Taubert - Tim Taubert | [EMAIL PROTECTED] | http://www.shogunat.com/rg/ - .o] -Original Message- .o] From: PHPBeginner.com [mailto:[EMAIL PROTECTED]] .o] Sent: Wednesday, July 04, 2001 5:17 PM .o] To: [EMAIL PROTECTED]; PHP Mailingliste .o] Subject: RE: [PHP] Security of PHP code .o] .o] .o] Just for the respect of the community, Tim, you shouldn't have posted that. .o] Poor them, they are under the risks, of course the things will be probably .o] fixed, but if someone cares he might be already in the machine just for the .o] sake of it. .o] .o] -maxim maletsky .o] .o] .o] -Original Message- .o] From: Tim Taubert [mailto:[EMAIL PROTECTED]] .o] Sent: Thursday, July 05, 2001 12:09 AM .o] To: PHP Mailingliste .o] Subject: RE: [PHP] Security of PHP code .o] .o] .o] oh thanks for the disclaimer ;) forgot it.. .o] .o] richard: didn't think about it.. but should have done it.. first and last .o] time i did it *promised* .o] :) .o] .o] Tim Taubert .o] .o] - .o]Tim Taubert | [EMAIL PROTECTED] | http://www.shogunat.com/rg/ .o] - .o] .o] .o] -Original Message- .o] .o] From: PHPBeginner.com [mailto:[EMAIL PROTECTED]] .o] .o] Sent: Wednesday, July 04, 2001 5:09 PM .o] .o] To: [EMAIL PROTECTED]; PHP Mailingliste .o] .o] Subject: RE: [PHP] Security of PHP code .o] .o] .o] .o] .o] .o] Yup, I believe you - that's not your site. .o] .o] .o] .o] That is what I meant: It is no PHP, it is how you use PHP. .o] .o] .o] .o] DISCLAIMER: .o] .o] No one's fault (except the programmer) that there was THAT BIG security .o] hole .o] .o] on the site. .o] .o] .o] .o] -maxim maletsky .o] .o] .o] .o] .o] .o] .o] .o] .o] .o] -Original Message- .o] .o] From: Tim Taubert [mailto:[EMAIL PROTECTED]] .o] .o] Sent: Wednesday, July 04, 2001 11:58 PM .o] .o] To: PHP Mailingliste .o] .o] Subject: RE: [PHP] Security of PHP code .o] .o] .o] .o] .o] .o] you're totally right.. look at this .o] .o] .o] .o] .o] http://www.ssw.uni-linz.ac.at/Teaching/Lectures/Sem/2000/Alexander/source.ph .o] .o] p3?url=/etc/passwd .o] .o] .o] .o] *no comment* and not my site... .o] .o] .o] .o] Tim Taubert .o] .o] .o] .o] - .o] .o]Tim Taubert | [EMAIL PROTECTED] | http://www.shogunat.com/rg/ .o] .o] - .o] .o] .o] .o] .o] -Original Message- .o] .o] .o] From: PHPBeginner.com [mailto:[EMAIL PROTECTED]] .o] .o] .o] Sent: Wednesday, July 04, 2001 4:09 PM .o] .o] .o] To: [EMAIL PROTECTED]; php-general .o] .o] .o] Subject: RE: [PHP] Security of PHP code .o] .o] .o] .o] .o] .o] .o] .o] .o] SECURE, SECURE. .o] .o] .o] .o] .o] .o] It is not how secure PHP is, it is how well YOU protect it. .o] .o] .o] For example = make this line show_source($file); then go to .o] .o] .o] your page like .o] .o] .o] file.php?file=/etc/passwd and you're freaked! .o] .o] .o] .o] .o] .o] There is a whole bunch of way to hack your pages if not protected .o] well .o] .o] .o] enough, but PHP itself has no vital security problems. .o] .o] .o] .o] .o] .o] Try to search the archives for this topic and see what people .o] .o] .o] think/suggest. .o] .o] .o] You will find there thousands of tips on what to do to have a .o] .o] .o] bullet-proof .o] .o] .o] website. (always of the server is yours). .o] .o] .o] .o] .o] .o] .o] .o] .o] Sincerely, .o] .o] .o] .o] .o] .o] Maxim Maletsky .o] .o] .o] Founder, Chief Developer .o] .o] .o] .o] .o] .o] PHPBeginner.com (Where PHP Begins) .o] .o] .o] [EMAIL PROTECTED] .o] .o] .o] www.phpbeginner.com .o] .o] .o] .o] .o] .o] .o] .o] .o] .o] .o] .o] .o] .o] .o] -Original Message- .o] .o] .o] From: David A Dickson [mailto:[EMAIL PROTECTED]] .o] .o] .o] Sent: Wednesday, July 04, 2001 10:43 PM .o] .o] .o] To: php-general .o] .o] .o] Subject: [PHP] Security of PHP code .o] .o] .o] .o] .o] .o] .o] .o] .o] Is it possible for others to view the php code for pages I have .o] .o] .o] written? I .o] .o] .o] thought I heard someone say before that they could write a .o] .o] .o] simple script to .o] .o] .o] accomplish this. If anyone knows of any tacticts people might .o] .o] .o] use to attack .o] .o] .o] my code please post them hee. .o] .o] .o] .o] .o] .o] : David A. Dickson .o] .o] .o] : [EMAIL PROTECTED] .o] .o] .o] .o] .o] .o] .o] .o] .o] .o] .o] .o] .o] .o] .o] Get 250 color business cards for FREE! .o] .o] .o] http://businesscards.lycos.com/vp/fastpath/ .o] .o] .o] .o] .o] .o] -- .o] .o] .o] PHP General Mailing List (http://www.php.net/) .o] .o] .o] To unsubscribe, e-mail: [EMAIL PROTECTED] .o] .o] .o] For
RE: [PHP] Security of PHP code
found 2 other servers having the same problem... mailed to the webmasters and admins instead of posting it.. now i feel a little bit better :) Tim Taubert - Tim Taubert | [EMAIL PROTECTED] | http://www.shogunat.com/rg/ - .o] -Original Message- .o] From: Tim Taubert [mailto:[EMAIL PROTECTED]] .o] Sent: Wednesday, July 04, 2001 5:16 PM .o] To: PHP Mailingliste .o] Subject: RE: [PHP] Security of PHP code .o] .o] .o] mh i know it was the wrong decision. didn't think about it. already said that. feeling .o] guilty now .o] *argh* .o] .o] Tim Taubert .o] .o] - .o]Tim Taubert | [EMAIL PROTECTED] | http://www.shogunat.com/rg/ .o] - .o] .o] .o] -Original Message- .o] .o] From: PHPBeginner.com [mailto:[EMAIL PROTECTED]] .o] .o] Sent: Wednesday, July 04, 2001 5:17 PM .o] .o] To: [EMAIL PROTECTED]; PHP Mailingliste .o] .o] Subject: RE: [PHP] Security of PHP code .o] .o] .o] .o] .o] .o] Just for the respect of the community, Tim, you shouldn't have posted that. .o] .o] Poor them, they are under the risks, of course the things will be probably .o] .o] fixed, but if someone cares he might be already in the machine just for the .o] .o] sake of it. .o] .o] .o] .o] -maxim maletsky .o] .o] .o] .o] .o] .o] -Original Message- .o] .o] From: Tim Taubert [mailto:[EMAIL PROTECTED]] .o] .o] Sent: Thursday, July 05, 2001 12:09 AM .o] .o] To: PHP Mailingliste .o] .o] Subject: RE: [PHP] Security of PHP code .o] .o] .o] .o] .o] .o] oh thanks for the disclaimer ;) forgot it.. .o] .o] .o] .o] richard: didn't think about it.. but should have done it.. first and last .o] .o] time i did it *promised* .o] .o] :) .o] .o] .o] .o] Tim Taubert .o] .o] .o] .o] - .o] .o]Tim Taubert | [EMAIL PROTECTED] | http://www.shogunat.com/rg/ .o] .o] - .o] .o] .o] .o] .o] -Original Message- .o] .o] .o] From: PHPBeginner.com [mailto:[EMAIL PROTECTED]] .o] .o] .o] Sent: Wednesday, July 04, 2001 5:09 PM .o] .o] .o] To: [EMAIL PROTECTED]; PHP Mailingliste .o] .o] .o] Subject: RE: [PHP] Security of PHP code .o] .o] .o] .o] .o] .o] .o] .o] .o] Yup, I believe you - that's not your site. .o] .o] .o] .o] .o] .o] That is what I meant: It is no PHP, it is how you use PHP. .o] .o] .o] .o] .o] .o] DISCLAIMER: .o] .o] .o] No one's fault (except the programmer) that there was THAT BIG security .o] .o] hole .o] .o] .o] on the site. .o] .o] .o] .o] .o] .o] -maxim maletsky .o] .o] .o] .o] .o] .o] .o] .o] .o] .o] .o] .o] .o] .o] .o] -Original Message- .o] .o] .o] From: Tim Taubert [mailto:[EMAIL PROTECTED]] .o] .o] .o] Sent: Wednesday, July 04, 2001 11:58 PM .o] .o] .o] To: PHP Mailingliste .o] .o] .o] Subject: RE: [PHP] Security of PHP code .o] .o] .o] .o] .o] .o] .o] .o] .o] you're totally right.. look at this .o] .o] .o] .o] .o] .o] .o] .o] censored** .o] .o] .o] .o] .o] .o] *no comment* and not my site... .o] .o] .o] .o] .o] .o] Tim Taubert .o] .o] .o] .o] .o] .o] - .o] .o] .o]Tim Taubert | [EMAIL PROTECTED] | http://www.shogunat.com/rg/ .o] .o] .o] - .o] .o] .o] .o] .o] .o] .o] -Original Message- .o] .o] .o] .o] From: PHPBeginner.com [mailto:[EMAIL PROTECTED]] .o] .o] .o] .o] Sent: Wednesday, July 04, 2001 4:09 PM .o] .o] .o] .o] To: [EMAIL PROTECTED]; php-general .o] .o] .o] .o] Subject: RE: [PHP] Security of PHP code .o] .o] .o] .o] .o] .o] .o] .o] .o] .o] .o] .o] SECURE, SECURE. .o] .o] .o] .o] .o] .o] .o] .o] It is not how secure PHP is, it is how well YOU protect it. .o] .o] .o] .o] For example = make this line show_source($file); then go to .o] .o] .o] .o] your page like .o] .o] .o] .o] file.php?file=/etc/passwd and you're freaked! .o] .o] .o] .o] .o] .o] .o] .o] There is a whole bunch of way to hack your pages if not protected .o] .o] well .o] .o] .o] .o] enough, but PHP itself has no vital security problems. .o] .o] .o] .o] .o] .o] .o] .o] Try to search the archives for this topic and see what people .o] .o] .o] .o] think/suggest. .o] .o] .o] .o] You will find there thousands of tips on what to do to have a .o] .o] .o] .o] bullet-proof .o] .o] .o] .o] website. (always of the server is yours). .o] .o] .o] .o] .o] .o] .o] .o] .o] .o] .o] .o] Sincerely, .o] .o] .o] .o] .o] .o] .o] .o] Maxim Maletsky .o] .o] .o] .o] Founder, Chief Developer .o] .o] .o] .o] .o] .o] .o] .o] PHPBeginner.com (Where PHP Begins) .o] .o] .o] .o] [EMAIL PROTECTED] .o] .o] .o] .o] www.phpbeginner.com .o] .o] .o] .o] .o] .o] .o] .o]
Re: [PHP] Security of PHP code
would be really silly if http://www.php.net/source.php?url=/index.php - Original Message - From: Tim Taubert [EMAIL PROTECTED] To: PHP Mailingliste [EMAIL PROTECTED] Sent: Wednesday, July 04, 2001 5:27 PM Subject: RE: [PHP] Security of PHP code found 2 other servers having the same problem... mailed to the webmasters and admins instead of posting it.. now i feel a little bit better :) Tim Taubert - Tim Taubert | [EMAIL PROTECTED] | http://www.shogunat.com/rg/ - .o] -Original Message- .o] From: Tim Taubert [mailto:[EMAIL PROTECTED]] .o] Sent: Wednesday, July 04, 2001 5:16 PM .o] To: PHP Mailingliste .o] Subject: RE: [PHP] Security of PHP code .o] .o] .o] mh i know it was the wrong decision. didn't think about it. already said that. feeling .o] guilty now .o] *argh* .o] .o] Tim Taubert .o] .o] - .o]Tim Taubert | [EMAIL PROTECTED] | http://www.shogunat.com/rg/ .o] - .o] .o] .o] -Original Message- .o] .o] From: PHPBeginner.com [mailto:[EMAIL PROTECTED]] .o] .o] Sent: Wednesday, July 04, 2001 5:17 PM .o] .o] To: [EMAIL PROTECTED]; PHP Mailingliste .o] .o] Subject: RE: [PHP] Security of PHP code .o] .o] .o] .o] .o] .o] Just for the respect of the community, Tim, you shouldn't have posted that. .o] .o] Poor them, they are under the risks, of course the things will be probably .o] .o] fixed, but if someone cares he might be already in the machine just for the .o] .o] sake of it. .o] .o] .o] .o] -maxim maletsky .o] .o] .o] .o] .o] .o] -Original Message- .o] .o] From: Tim Taubert [mailto:[EMAIL PROTECTED]] .o] .o] Sent: Thursday, July 05, 2001 12:09 AM .o] .o] To: PHP Mailingliste .o] .o] Subject: RE: [PHP] Security of PHP code .o] .o] .o] .o] .o] .o] oh thanks for the disclaimer ;) forgot it.. .o] .o] .o] .o] richard: didn't think about it.. but should have done it.. first and last .o] .o] time i did it *promised* .o] .o] :) .o] .o] .o] .o] Tim Taubert .o] .o] .o] .o] - .o] .o]Tim Taubert | [EMAIL PROTECTED] | http://www.shogunat.com/rg/ .o] .o] - .o] .o] .o] .o] .o] -Original Message- .o] .o] .o] From: PHPBeginner.com [mailto:[EMAIL PROTECTED]] .o] .o] .o] Sent: Wednesday, July 04, 2001 5:09 PM .o] .o] .o] To: [EMAIL PROTECTED]; PHP Mailingliste .o] .o] .o] Subject: RE: [PHP] Security of PHP code .o] .o] .o] .o] .o] .o] .o] .o] .o] Yup, I believe you - that's not your site. .o] .o] .o] .o] .o] .o] That is what I meant: It is no PHP, it is how you use PHP. .o] .o] .o] .o] .o] .o] DISCLAIMER: .o] .o] .o] No one's fault (except the programmer) that there was THAT BIG security .o] .o] hole .o] .o] .o] on the site. .o] .o] .o] .o] .o] .o] -maxim maletsky .o] .o] .o] .o] .o] .o] .o] .o] .o] .o] .o] .o] .o] .o] .o] -Original Message- .o] .o] .o] From: Tim Taubert [mailto:[EMAIL PROTECTED]] .o] .o] .o] Sent: Wednesday, July 04, 2001 11:58 PM .o] .o] .o] To: PHP Mailingliste .o] .o] .o] Subject: RE: [PHP] Security of PHP code .o] .o] .o] .o] .o] .o] .o] .o] .o] you're totally right.. look at this .o] .o] .o] .o] .o] .o] .o] .o] censored** .o] .o] .o] .o] .o] .o] *no comment* and not my site... .o] .o] .o] .o] .o] .o] Tim Taubert .o] .o] .o] .o] .o] .o] - .o] .o] .o]Tim Taubert | [EMAIL PROTECTED] | http://www.shogunat.com/rg/ .o] .o] .o] - .o] .o] .o] .o] .o] .o] .o] -Original Message- .o] .o] .o] .o] From: PHPBeginner.com [mailto:[EMAIL PROTECTED]] .o] .o] .o] .o] Sent: Wednesday, July 04, 2001 4:09 PM .o] .o] .o] .o] To: [EMAIL PROTECTED]; php-general .o] .o] .o] .o] Subject: RE: [PHP] Security of PHP code .o] .o] .o] .o] .o] .o] .o] .o] .o] .o] .o] .o] SECURE, SECURE. .o] .o] .o] .o] .o] .o] .o] .o] It is not how secure PHP is, it is how well YOU protect it. .o] .o] .o] .o] For example = make this line show_source($file); then go to .o] .o] .o] .o] your page like .o] .o] .o] .o] file.php?file=/etc/passwd and you're freaked! .o] .o] .o] .o] .o] .o] .o] .o] There is a whole bunch of way to hack your pages if not protected .o] .o] well .o] .o] .o] .o] enough, but PHP itself has no vital security problems. .o] .o] .o] .o] .o] .o] .o] .o] Try to search the archives for this topic and see what people .o] .o] .o] .o] think/suggest. .o] .o] .o] .o] You will find there thousands of tips on what to do to have a .o] .o] .o] .o]
RE: [PHP] Security of PHP code
OK, I'm pretty new to PHP, and have been reading this thread, and am just a little freaked. If I understand this right, the only way reason we can view the source code of those pages is that the web server on which the page resides essentially has a PHP page somewhere on their site that has some variation of: ?show_source($file);? as it's content, right? While I can see the utility of that for some situations (teaching...examples, etc.), it seems like a huge potential for security breaches. Is it possible to have such a function on your site w/o giving access to ALL of your documents... Chip -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Security of PHP code
maybe one could be
?
$allowed_path = /www/sites/mysite/teaching;
if (substr($file, 0, str_len($allowed_path)) $allowed_path )
{
die(not allowed!);
}
else
{
show_source($file);
}
?
- Original Message -
From: Hankley, Chip [EMAIL PROTECTED]
To: PHP Mailingliste [EMAIL PROTECTED]
Sent: Wednesday, July 04, 2001 5:45 PM
Subject: RE: [PHP] Security of PHP code
OK,
I'm pretty new to PHP, and have been reading this thread, and am just a
little freaked.
If I understand this right, the only way reason we can view the source
code
of those pages is that the web server on which the page resides
essentially
has a PHP page somewhere on their site that has some variation of:
?show_source($file);?
as it's content, right?
While I can see the utility of that for some situations
(teaching...examples, etc.), it seems like a huge potential for security
breaches.
Is it possible to have such a function on your site w/o giving access to
ALL
of your documents...
Chip
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] Security of PHP code
Yes, I would have thought this would do it:
if (strstr($file, /usr/local/apache/htdocs/) {
show_source($file);
} else {
echo File must be in /usr/local/apache/htdocs!;
}
Modify as appropriate.
Have I missed anything, or will this do the trick?
Cheers
Jon
-Original Message-
From: Hankley, Chip [mailto:[EMAIL PROTECTED]]
Sent: 04 July 2001 16:46
To: PHP Mailingliste
Subject: RE: [PHP] Security of PHP code
OK,
I'm pretty new to PHP, and have been reading this thread, and am just a
little freaked.
If I understand this right, the only way reason we can view the source code
of those pages is that the web server on which the page resides essentially
has a PHP page somewhere on their site that has some variation of:
?show_source($file);?
as it's content, right?
While I can see the utility of that for some situations
(teaching...examples, etc.), it seems like a huge potential for security
breaches.
Is it possible to have such a function on your site w/o giving access to ALL
of your documents...
Chip
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] Security of PHP code
Adrian Ciutureanu pressed the little lettered thingies in this order... Here is something that happend to me: I forgot to tell Apache that .inc files must be parsed by PHP. All works fine if you include a .inc file, but if somebody guess .inc file name, he can see the content of that file! If this is a concern, either name your include files with a valid PHP extension (i.e. .php) or add the following line to an .htaccess file: AddType application/x-httpd-php .inc This will make the web server treat your .inc files as though they were PHP files and the source would be parsed rather than shown when accessed through a web browser. -Original Message- From: David A Dickson [mailto:[EMAIL PROTECTED]] Sent: 4 iulie 2001 16:43 To: php-general Subject: [PHP] Security of PHP code Is it possible for others to view the php code for pages I have written? I thought I heard someone say before that they could write a simple script to accomplish this. If anyone knows of any tacticts people might use to attack my code please post them hee. : David A. Dickson : [EMAIL PROTECTED] Anyone who has access to the server on which your server is hosted can view the source of your site by using the show_source() or highlight_file() functions unless your hosting provider disables those commands. It doesn't really take a simple script, just a simple function: ? show_source(/path/to/your/file.php); ? To make matters worse, most hosting providers fail to chroot jail logins (a chroot jailed login cannot traverse the directory structure UP from its own home directory). This common, but poor policy allows anyone with access to the same server as yours to view your files through the shell or even download them by FTP. They may not overwrite your files, but they CAN view them. There are two solutions if this is an important issue to you: 1) Get a dedicated server. This is kind of spendy, but accomplishes the goal. 2) Only do business with providers that will (even if you have to request it) disable these commands AND chroot jail all logins. Have fun... Christopher Ostmo a.k.a. [EMAIL PROTECTED] AppIdeas.com Meeting cutting edge dynamic web site needs For a good time, http://www.AppIdeas.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Security of PHP code
I use something that accomplishes the same (displays the source of a file), but doesn't accept the file name as a parameter. The script is also in a directory with a password and is restricted by ip. Not perfect, but alot better. - Original Message - From: Hankley, Chip [EMAIL PROTECTED] To: PHP Mailingliste [EMAIL PROTECTED] Sent: Wednesday, July 04, 2001 8:45 AM Subject: RE: [PHP] Security of PHP code OK, I'm pretty new to PHP, and have been reading this thread, and am just a little freaked. If I understand this right, the only way reason we can view the source code of those pages is that the web server on which the page resides essentially has a PHP page somewhere on their site that has some variation of: ?show_source($file);? as it's content, right? While I can see the utility of that for some situations (teaching...examples, etc.), it seems like a huge potential for security breaches. Is it possible to have such a function on your site w/o giving access to ALL of your documents... Chip -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Security of PHP code
?
$allowed_path = /www/sites/mysite/teaching;
if (substr($file, 0, str_len($allowed_path)) $allowed_path )
{
die(not allowed!);
}
else
{
show_source($file);
}
?
I've missed part of the discussion, but if my understanding of the issue
is correct (accepting a filename and path from a visitor to the site to
display through a PHP script), then this solution is probably
inadequate...
If the user passes in a string like
/www/sites/mysite/teaching/../../../../etc/passwd, the first part of the
string will pass your validity test, but the user may still be able to
ascend to a place where files you don't wish to share are stored.
A better solution may be to pass the filename through some filter and then
concatenate that to your path. For example:
if(preg_match(/[^A-Za-z0-9]/, $file)) {
die(Invalid filename.);
}
else {
show_source($path . $file);
}
That's an awefully strict way to do it, but that's my personal preference.
If you must accept information that contains a path, perhaps just check
for '..' in the user input.
Anyways, like I say I could be way off base as far as what the discussion
is actually about, and I haven't had near enough coffee this morning, so
forgive me if I'm just talking nonsense =)
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Security of PHP code
Jon Haworth [EMAIL PROTECTED] wrote:
Yes, I would have thought this would do it:
if (strstr($file, /usr/local/apache/htdocs/) {
show_source($file);
} else {
echo File must be in /usr/local/apache/htdocs!;
}
Modify as appropriate.
Have I missed anything, or will this do the trick?
Something along those lines will work. Without some kind of limitations
built in, the page will be able to load any file that's world-readable so
it's a good idea to limit access to certain directories or hardcode the
directory you want to give access to.
--
Steve Werby
President, Befriend Internet Services LLC
http://www.befriend.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Security of PHP code
On Wed, 4 Jul 2001, Steve Werby wrote:
Jon Haworth [EMAIL PROTECTED] wrote:
Yes, I would have thought this would do it:
if (strstr($file, /usr/local/apache/htdocs/) {
show_source($file);
[..]
Something along those lines will work. Without some kind of limitations
built in, the page will be able to load any file that's world-readable so
it's a good idea to limit access to certain directories or hardcode the
directory you want to give access to.
Imagine someone passing in
/usr/local/apache/htdocs/../../../../etc/passwd as path..
- Sascha Experience IRCG
http://schumann.cx/http://schumann.cx/ircg
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Security of PHP code
Yes, I supposed there could be that eventuality...
I supposed or hoped that wasn't a valid path.
/usr/local/apache/htdocs/../../../../etc/passwd as path..
I'm not very practice of paths... actually
On Wed, 4 Jul 2001, Steve Werby wrote:
Jon Haworth [EMAIL PROTECTED] wrote:
Yes, I would have thought this would do it:
if (strstr($file, /usr/local/apache/htdocs/) {
show_source($file);
[..]
Something along those lines will work. Without some kind of limitations
built in, the page will be able to load any file that's world-readable
so
it's a good idea to limit access to certain directories or hardcode the
directory you want to give access to.
Imagine someone passing in
/usr/local/apache/htdocs/../../../../etc/passwd as path..
- Sascha Experience IRCG
http://schumann.cx/http://schumann.cx/ircg
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Security of PHP code
Surely the lesson here is to NEVER NEVER NEVER write PHP code which accepts a filename of any kind as one of its arguments. Yes, it will make some of your code a bit less versatile and more long winded, but you can bet your bottom dollar that someone can find a crafty way around whatever syntax checking you do. Cheers -- Phil Driscoll -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Security of PHP code
Delbono pressed the little lettered thingies in this order...
maybe one could be
?
$allowed_path = /www/sites/mysite/teaching;
if (substr($file, 0, str_len($allowed_path)) $allowed_path )
{
die(not allowed!);
}
else
{
show_source($file);
}
?
The only foolproof method for restricting access is to strip forward
slashes. In the above example, I can change the file to:
/www/sites/mysite/teaching/../../../../etc/passwd
And it will be allowed
If you were to do this, however:
$allowed_path = /www/sites/mysite/teaching;
$file = ereg_replace(/,,$file);
show_source($allowed_path./.$file);
That would block any attempt to trick the server into going into another
directory.
You would have to create separate show_source() calls or separate
scripts for each directory that you wish to allow, but nobody will ever get
your /etc/passwd file.
Christopher Ostmo
a.k.a. [EMAIL PROTECTED]
AppIdeas.com
Meeting cutting edge dynamic
web site needs
For a good time,
http://www.AppIdeas.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] RE: Protecting from session hijacking
Ian Bagley pressed the little lettered thingies in this order... One thing which would prevent hijacks from simply guessing SIDS would be to add an md5 hash to the end of a url e.g. If a page was:- doit.php?item=4SID=237478 then append the url with the md5 of the url PLUS a secret key generated at the begining of each session:- i.e. add MD5(doit.php?item=4SID=237478.R4WED4TTE3) results in the new url like doit.php?item=4SID=237478EXTRA=GTW4YGSE52FD234WERW634DG5WE653WEF ...then the browsed to page could easily verify if ANY details of the query string have been changed! This also pretects other info being changed such at in this example 'item'. If a user changed the SID to anything else, even a perfectly valid active session it would result in the EXTRA key no longer being valid! and as they don't have access to the secret key they wouldn't be able to generate a new one! :) Obviously if someone copied the entire url including the extra bit then they would have access! but this solution does have the added benefit of preventing the valid owner of a valid session from changing other bits of the query string! Ian This thread isn't about guessing a session ID, it's about stealing a session ID. The same asnwer applies to your response as to the original question. There was a thread about this just a few days ago, but the answer for *most* applications is an astounding, NO. Unless you are running the entire transaction through SSL, any packet sniffer on the network can view, steal and use ANYTHING you send over the netowrk (including the value of a session ID that is being sent as a cookie value, the username and password for a telnet session, the username and password for an FTP session, etc). Packet sniffers are incredibly easy to find, get and use (even for script kiddies). If your session data is *that* vital, you should consider using SSL. This is likely to be true as long as HTTP transmissions are stateless. Christopher Ostmo a.k.a. [EMAIL PROTECTED] AppIdeas.com Meeting cutting edge dynamic web site needs For a good time, http://www.AppIdeas.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] writing a query that returns similar numbers
I have a database with numbers in one of the tables I'd like to ask mysql to renturn all numbers with say 10 of mynumber Sort of like this: $sql = SELECT rowid FROM numbers WHERE (mynumer is within 10 of number); but I've gotten stuck do I have to do this: $sql = SELECT rowid FROM numbers WHERE (((mynumer+10) number) AND (mynumer-10) number) ); it seems kinda wordy ... Susan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] newbie has include path error new problem
Mike, I do believe you are right. Here are my apache logs for today, after I attempted to connect to localhost: [Wed Jul 4 09:43:33 2001] [crit] (98)Address already in use: make_sock: could not bind to port 80 [Wed Jul 4 09:43:37 2001] [crit] (98)Address already in use: make_sock: could not bind to port 80 [Wed Jul 4 09:44:05 2001] [crit] (98)Address already in use: make_sock: could not bind to port 80 Thanks again for taking the time to help me chase down this problem. daniel -Original Message- From: mike cullerton [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 03, 2001 9:55 PM To: [EMAIL PROTECTED] Subject: Re: [PHP] newbie has include path error new problem hey daniel, i think we're chasing a red herring here, and i'm not sure i remember the original problem... ;) so, you can't load http://localhost or http://127.0.0.1 correct? what do your apache error logs say? i'm beginning to think your networking is fine. mike on 7/3/01 12:17 PM, Daniel Goldin at [EMAIL PROTECTED] wrote: Here what I get: Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 199.34.58.0 * 255.255.255.0 U 0 00 eth0 127.0.0.0 * 255.0.0.0 U 0 00 lo default 199.34.58.7 0.0.0.0 UG0 00 eth0 If thids doesn't work I will hit the manuals a secomnd time, although I admit my first time browsing through the extensive documentation on ethernet devices and network administration had made me a bit flummoxed. Anyway, thank you so much for your time. You and others on this list have been fantastic dealing what has turned into an off-topic problem. Best to all, daniel -- mike cullerton -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Formular problem
hi i have a problem with variables received from a formular.. imagine this is the important part of the form: select multiple name=extras optionCheese/option optionTomatoes/option optionOnions/option /select and now.. what does the variable $extras look like? is it an array? don't have any imaginations... please help Tim Taubert - Tim Taubert | [EMAIL PROTECTED] | http://www.shogunat.com/rg/ - -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] writing a query that returns similar numbers
Try the LIKE wording in your statement. That should workI think - Original Message - From: [EMAIL PROTECTED] To: PHP Mailingliste [EMAIL PROTECTED] Sent: Wednesday, July 04, 1979 12:48 PM Subject: [PHP] writing a query that returns similar numbers I have a database with numbers in one of the tables I'd like to ask mysql to renturn all numbers with say 10 of mynumber Sort of like this: $sql = SELECT rowid FROM numbers WHERE (mynumer is within 10 of number); but I've gotten stuck do I have to do this: $sql = SELECT rowid FROM numbers WHERE (((mynumer+10) number) AND (mynumer-10) number) ); it seems kinda wordy ... Susan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Execing a command in safe mode
Hi, I need to execute a command on my web host's machine. However they have safe mode enabled. PHP Version 4.0.3pl1 runs as a module on Apache. From php.ini ; Safe Mode safe_mode = On safe_mode_exec_dir = /etc/php4/execdir Will a symlink located in safe_mode_exec_dir that points to the actual program be enough, or should the actual program I want to run itself be installed there? I need to confirm this before I make an admin request. Any other ideas for running a program in safe mode? I only need to return the results of a process execution. I don't need to write to it. As in printing say the output of `ls -al`. The return code of exec(), system() etc., is 126 with safe mode on. Is 126 a PHP status code or is it returned by Linux? Where can I find a list of error code to error code meaning mapping? -Srini -- http://www.sriniram.com http://symonds.net/~sriniram -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] Formular problem
Thanks a lot Alex! Tim Taubert - Tim Taubert | [EMAIL PROTECTED] | http://www.shogunat.com/rg/ - .o] -Original Message- .o] From: Alex Piaz [mailto:[EMAIL PROTECTED]] .o] Sent: Wednesday, July 04, 2001 8:01 PM .o] To: [EMAIL PROTECTED] .o] Subject: Re: [PHP] Formular problem .o] .o] .o] At 19:19 4/7/2001 +0200, you wrote: .o] hi .o] i have a problem with variables received from a formular.. .o] imagine this is the important part of the form: .o] .o] select multiple name=extras .o]optionCheese/option .o]optionTomatoes/option .o]optionOnions/option .o] /select .o] .o] and now.. what does the variable $extras look like? is it an array? don't .o] have any imaginations... .o] .o] Hi Tim! .o] .o] If you want to perform a multiple select on a form like yours, you should .o] name it as extras[]. It turns the variable into an array, so you can acess .o] them just calling $extras[0] and so. .o] .o] If you call the form simply extras, the variable will be a string, not an .o] array. The brackets [] are the point on this subject. .o] .o] Regards .o] .o] .o] Alex Piaz .o] Webmaster .o] Global Map Internet Marketing .o] http://www.globalmap.com .o] Be cool or be cast out .o] .o] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Division Problems
Hey, I made this little script, quiet useful on windows and unix machines, but i have
a problem, division isn't returning a float, it just returns 0, would i need to do
something like convert $totalsize into a float?
html
body?php
$SecondsToTimeout = 120;
ini_alter(max_execution_time, $SecondsToTimeout);
function convert($bytes)
{
$kbytes = $bytes / 1024;
$mbytes = $kbytes / 1024;
$gbytes = $mbytes / 1024;
$tbytes = $gbytes / 1024;
return $mbyte;
}
function showdir($dir)
{
echo blockquote;
$handle = opendir($dir);
while (false!==($file = readdir($handle)))
{
if ($file != . $file != ..)
{
if(is_file($dir./.$file)){
// Commented out for fixing this error
// echo $file. (i.filesize($dir./.$file).
Bytes/i)(i.filetype($dir./.$file)./i)(i.fileperms($dir./.$file)./i)br\n;
}
if(is_dir($dir./.$file)){
$dirhandle = opendir($dir./.$file);
while(false!==($filetocheck=readdir($dirhandle))){
if(!isset($totalsize))
$totalsize = filesize($dir./.$file./.$filetocheck);
else
$totalsize = $totalsize + filesize($dir./.$file./.$filetocheck);
}
echo $file. (i.convert($totalsize)./i)br\n;
showdir($dir...$file); // Put / on unix, and c:/ on windows
}
}
}
echo /blockquote;
}
showdir(/);
ini_restore(max_execution_time);
?/body/html
Re: [PHP] Division Problems
Found it, I had it returning mbyte not mbytesarrrg
- Original Message -
From: ReDucTor [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, July 05, 2001 3:43 AM
Subject: [PHP] Division Problems
Hey, I made this little script, quiet useful on windows and unix machines,
but i have a problem, division isn't returning a float, it just returns 0,
would i need to do something like convert $totalsize into a float?
html
body?php
$SecondsToTimeout = 120;
ini_alter(max_execution_time, $SecondsToTimeout);
function convert($bytes)
{
$kbytes = $bytes / 1024;
$mbytes = $kbytes / 1024;
$gbytes = $mbytes / 1024;
$tbytes = $gbytes / 1024;
return $mbyte;
}
function showdir($dir)
{
echo blockquote;
$handle = opendir($dir);
while (false!==($file = readdir($handle)))
if ($file != . $file != ..)
if(is_file($dir./.$file)){
// Commented out for fixing this error
// echo $file. (i.filesize($dir./.$file).
Bytes/i)(i.filetype($dir./.$file)./i)(i.fileperms($dir./.$fil
e)./i)br\n;
}
if(is_dir($dir./.$file)){
$dirhandle = opendir($dir./.$file);
while(false!==($filetocheck=readdir($dirhandle))){
if(!isset($totalsize))
$totalsize = filesize($dir./.$file./.$filetocheck);
else
$totalsize = $totalsize + filesize($dir./.$file./.$filetocheck);
}
echo $file. (i.convert($totalsize)./i)br\n;
showdir($dir...$file); // Put / on unix, and c:/ on windows
}
}
}
echo /blockquote;
}
showdir(/);
ini_restore(max_execution_time);
?/body/html
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] php3 and php-4.0.5
I had some sites that uses php3 but i did a upgrade to php-4.0.5, after that my web server doesn´t works with files .php3, how can i make to recognize .php3 please i need your help. thanks. Saludos fraternos, *** Ramón Alvarez Rayo Contacto Tecnico - Telematix Telefono: (505) 2785523 Fax: (505) 2784012 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] writing a query that returns similar numbers
select rowid from numbers where number between mynumber-10 and mynumber+10; on 7/4/79 10:48 AM, [EMAIL PROTECTED] at [EMAIL PROTECTED] wrote: I have a database with numbers in one of the tables I'd like to ask mysql to renturn all numbers with say 10 of mynumber Sort of like this: $sql = SELECT rowid FROM numbers WHERE (mynumer is within 10 of number); but I've gotten stuck do I have to do this: $sql = SELECT rowid FROM numbers WHERE (((mynumer+10) number) AND (mynumer-10) number) ); it seems kinda wordy ... Susan -- mike cullerton -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] php3 and php-4.0.5
Depends of course of which server you use. Which one is it? Brave Cobra - Original Message - From: Ramón Alvarez Rayo [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, July 04, 2001 8:01 PM Subject: [PHP] php3 and php-4.0.5 I had some sites that uses php3 but i did a upgrade to php-4.0.5, after that my web server doesn´t works with files .php3, how can i make to recognize .php3 please i need your help. thanks. Saludos fraternos, *** Ramón Alvarez Rayo Contacto Tecnico - Telematix Telefono: (505) 2785523 Fax: (505) 2784012 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Removing Invalid Users
Howdy folks, How can I write code that will search the database and check the validity of an email address, and if it's bad, to remove that entry from the database? Here's a dump one of the tables: INSERT INTO users VALUES (1,'','username','[EMAIL PROTECTED]','','','001.gif','Jul 04, 2001','','title','location','text','',0,0,'','','','field',10,'',0,0,0,'',0, '','Default',4096,0); ie: if the email field is bad (test using sendmail?) remove that entry from the database. How can I do this? TIA! Clayton Dukes CCNA, CCDA, CCDP, CCNP Download Free Essays, Term Papers and Cisco Training from http://www.gdd.net -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Removing Invalid Users
You can check that the *format* of the address is valid by using regular expressions.. look at the regular expression pages on php.net (especially the users comments.. they do exactly that!) As for checking whether it is a real email or not.. you can't test this without actually sending them an email (and even then you can't be sure)... if you could check then it would be too nice for spammers! What you can do in addition is to check that the domain is a valid domain (ping?) HTH,Tom - Original Message - From: Clayton Dukes [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, July 04, 2001 7:16 PM Subject: [PHP] Removing Invalid Users Howdy folks, How can I write code that will search the database and check the validity of an email address, and if it's bad, to remove that entry from the database? Here's a dump one of the tables: INSERT INTO users VALUES (1,'','username','[EMAIL PROTECTED]','','','001.gif','Jul 04, 2001','','title','location','text','',0,0,'','','','field',10,'',0,0,0,'',0, '','Default',4096,0); ie: if the email field is bad (test using sendmail?) remove that entry from the database. How can I do this? TIA! Clayton Dukes CCNA, CCDA, CCDP, CCNP Download Free Essays, Term Papers and Cisco Training from http://www.gdd.net -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Want to know what people think of my little script(Great for Personal and Pro Use)
Hey,
First off grab the Developer Timer from
http://newbienetwork.net/phpcodems.php?as=viewcodeid=7 thats a great little class,
then make a .php file and paste the following in
html
body?php
include(class.timer.php);
$timer = new timer(viewfiles);
$timer-start_timing();
$SecondsToTimeout = 120;
$foldertoview = .;
ini_alter(max_execution_time, $SecondsToTimeout);
function convert($bytes, $conversion)
{
$kbytes = $bytes / 1024;
$mbytes = $kbytes / 1024;
$gbytes = $mbytes / 1024;
$tbytes = $gbytes / 1024;
if($conversion == bytes)
return round($bytes,4). Bytes;
if($conversion == kbytes)
return round($kbytes,3). Kb;
if($conversion == mbytes)
return round($mbytes,2). Mb;
if($conversion == gbytes)
return round($gbytes,2). Gb;
if($conversion == tbytes)
return round($tbytes,3). Tb;
}
function showdir($dir, $mode)
{
echo blockquote;
$handle = opendir($dir);
while (false!==($file = readdir($handle)))
{
if ($file != . $file != ..)
{
if($mode == 1){
if(is_file($dir./.$file)){
// Commented out for fixing this error
echo $file.
(i.convert(filesize($dir./.$file),mbytes)./i)(i.filetype($dir./.$file)./i)(i.fileperms($dir./.$file)./i)br\n;
}
}
if(is_dir($dir./.$file)){
$dirhandle = opendir($dir./.$file);
while(false!==($filetocheck=readdir($dirhandle))){
if(!isset($totalsize))
$totalsize = filesize($dir./.$file./.$filetocheck);
else
$totalsize = $totalsize + filesize($dir./.$file./.$filetocheck);
}
if($mode == 1){
echo a name=\.realpath($dir./.$file).\b\\.$file./b/a
(i.convert($totalsize,mbytes)./i)br\n;
showdir($dir./.$file, 1);
}
if($mode == 0){
echo a href=\#.realpath($dir./.$file).\b\\.$file./b/a
(i.convert($totalsize,mbytes)./i)br\n;
showdir($dir./.$file, 0);
}
}
}
}
echo /blockquote;
}
showdir($foldertoview, 0);
?brbrbrbrbr?php
showdir($foldertoview, 1);
ini_restore(max_execution_time);
$timer-stop_timing();
$timer-print_runtime();
?/body/html
Now change the $foldertoview to any folder, if you want to know the total of your
system, put it as / that should work in unix and windows, hell i tested that on win98
systemits great, every place that wants to know where its space is going should
have it, even a little person computer should have it to see whats going where...hehe
Tell me what you think...
- James ReDucTor Mitchell
Re: [PHP] Troubleshooting syntax ?
On Wednesday 04 July 2001 16:58, Kurt Lieber wrote: That domain name doesn't appear to be valid. Perhaps you meant: http://validator.w3.org ? Um, yes. Why can't the w3c simply have w3c as domain name? *sigh* http://validator.w3c.org/ -- Christian Reiniger LGDC Webmaster (http://lgdc.sunsite.dk/) Pretty cool, the kind of power information technology puts in our hands these days. - Securityfocus on probing 3600 hosts for known problems in 3 weeks -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Security of PHP code
On Wednesday 04 July 2001 16:12, ReDucTor wrote: http://sourceforge.net/source.php?page_url=/source.php look at that... No problem. Have a look at what is done before the show_source () call. That script *is* safe :) It is not how secure PHP is, it is how well YOU protect it. For example = make this line show_source($file); then go to your page like file.php?file=/etc/passwd and you're freaked! -- Christian Reiniger LGDC Webmaster (http://lgdc.sunsite.dk/) Pretty cool, the kind of power information technology puts in our hands these days. - Securityfocus on probing 3600 hosts for known problems in 3 weeks -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] split() function
I have a comma separated spreadsheet with one field that contains two dates. the dates
are formatted as dd/mm/yy and separated by either '' or '//' ex:3/12/9228/1/93 or
3/12/92//28/1/93
Problem: I need to split the field at the '' or '//' separator but if I do
split('[//]', $field);
it splits on the '/' not the '//'.
Can I do this in one function call to split() or will I have to do it twice?
---
: David A. Dickson
: Web Designer for the offices of Principal and Provost
: McGill University
: Tel 514-398-2624 | Fax 514-389-8983
: [EMAIL PROTECTED]
Get 250 color business cards for FREE!
http://businesscards.lycos.com/vp/fastpath/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] mssql returnin type date all wrong
In a script I have a query that gets the time of a desired track. It is in SQL Server table with the smalldatetime type, whihc returns me something that looks like '2001-07-04 12:04:12', but PHP is giving me 'Jul 04 2001 12:04AM'. Why does this happen? I want the seconds, where are they??? . [ Christian Dechery ] . Webdeveloper @ Tá Na Mesa! . Listmaster @ Gaita-L . http://www.tanamesa.com.br -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Getting Information from a CGI POST
On 03-Jul-01 Brad Hubbard wrote:
On Tue, 3 Jul 2001 02:51, Don Read wrote:
$pstr='FltNum=2972page=fiselectDay=July+02';
$fp=openpost('dps2.usairways.com', '/cgi-bin/fi', $pstr);
// i'm not so sure about that selectDay, javascript ain't my thing.
This is implementation dependant (it's using an array they've created
(monthNames should be defined futher up the page within a script tag) so
it
could be anything)
Understood.
there doesn't appear to be a + in there though so it's
more likely selectDay=July02 or selectDay=0702 or selectDay=702.
The OP :
script
todayMonth = monthNames[today.getMonth() + 1];
document.write( 'option value=\' + todayMonth + '
' + today.getDate() + '\today/option');
I expected the todayMonth+ ' ' +
Cheers,
Brad
--
Don Read [EMAIL PROTECTED]
-- It's always darkest before the dawn. So if you are going to
steal the neighbor's newspaper, that's the time to do it.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] split() function
Thanks for replying ReDucTor but that didn't work either. I tried
$line = explode([(|//)], $field); and
$line = explode([(|)], $field); and
$line = explode([(|\/\/)], $field);
with no success. Any other ideas?
On Thu, 5 Jul 2001 04:50:29
ReDucTor wrote:
$line = explode([(|//)],$field); should work, or you might have to put
but thats not \ so you shouldn't need to comment out the slash...
- Original Message -
From: David A Dickson [EMAIL PROTECTED]
To: php-general [EMAIL PROTECTED]
Sent: Thursday, July 05, 2001 4:37 AM
Subject: [PHP] split() function
I have a comma separated spreadsheet with one field that contains two
dates. the dates are formatted as dd/mm/yy and separated by either '' or
'//' ex:3/12/9228/1/93 or 3/12/92//28/1/93
Problem: I need to split the field at the '' or '//' separator but if I
do
split('[//]', $field);
it splits on the '/' not the '//'.
Can I do this in one function call to split() or will I have to do it
twice?
Get 250 color business cards for FREE!
http://businesscards.lycos.com/vp/fastpath/
- End Forwarded Message -
Get 250 color business cards for FREE!
http://businesscards.lycos.com/vp/fastpath/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] split() function
Thanks that helped, this is what I used:
if (ereg(, $field)) $line = explode(, $field);
else $line = explode(//, $field);
On Thu, 5 Jul 2001 05:29:11
ReDucTor wrote:
?php
$line2 = explode(, $field);
for($i = 0; $i sizeof($line2); $i++){
if($line2[$i] == )
$useand = 1;
else if($line[$i + 1] == /){
if($line[$i] == /){
$useslash = 1;
}
}
}
if($useand == 1)
$line = explode(, $field);
if($useslash == 1)
$line = explode(//, $field);
?
Get 250 color business cards for FREE!
http://businesscards.lycos.com/vp/fastpath/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] split() function
You don't need a character class here (signified by [] brackets); you can use
$line = split('|//', $field);
As you can see, this is identical to ReDucTor's solution, except that
the brackets are omitted. Character classes only work for single
characters, not multiple character strings like '//'.
- steve
At 3:21 PM -0400 7/4/01, David A Dickson wrote:
Thanks for replying ReDucTor but that didn't work either. I tried
$line = explode([(|//)], $field); and
$line = explode([(|)], $field); and
$line = explode([(|\/\/)], $field);
with no success. Any other ideas?
On Thu, 5 Jul 2001 04:50:29
ReDucTor wrote:
$line = explode([(|//)],$field); should work, or you might have to put
but thats not \ so you shouldn't need to comment out the slash...
- Original Message -
From: David A Dickson [EMAIL PROTECTED]
To: php-general [EMAIL PROTECTED]
Sent: Thursday, July 05, 2001 4:37 AM
Subject: [PHP] split() function
I have a comma separated spreadsheet with one field that contains two
dates. the dates are formatted as dd/mm/yy and separated by either '' or
'//' ex:3/12/9228/1/93 or 3/12/92//28/1/93
Problem: I need to split the field at the '' or '//' separator but if I
do
split('[//]', $field);
it splits on the '/' not the '//'.
Can I do this in one function call to split() or will I have to do it
twice?
Get 250 color business cards for FREE!
http://businesscards.lycos.com/vp/fastpath/
- End Forwarded Message -
--
+-- Factoid: Of the 100 largest economies in the world, 51 are --+
| Steve Edberg University of California, Davis |
| [EMAIL PROTECTED] Computer Consultant |
| http://aesric.ucdavis.edu/ http://pgfsun.ucdavis.edu/ |
+--- corporations -- http://www.ips-dc.org/reports/top200text.htm ---+
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] writing a query that returns similar numbers
This should work too: $sql = SELECT rowid FROM numbers WHERE ABS(number - mynumber) = 10; -Original Message- From: Chris Anderson [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 04, 2001 1:24 PM To: [EMAIL PROTECTED]; PHP Mailingliste Subject: Re: [PHP] writing a query that returns similar numbers Try the LIKE wording in your statement. That should workI think - Original Message - From: [EMAIL PROTECTED] To: PHP Mailingliste [EMAIL PROTECTED] Sent: Wednesday, July 04, 1979 12:48 PM Subject: [PHP] writing a query that returns similar numbers I have a database with numbers in one of the tables I'd like to ask mysql to renturn all numbers with say 10 of mynumber Sort of like this: $sql = SELECT rowid FROM numbers WHERE (mynumer is within 10 of number); but I've gotten stuck do I have to do this: $sql = SELECT rowid FROM numbers WHERE (((mynumer+10) number) AND (mynumer-10) number) ); it seems kinda wordy ... Susan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Executing UNIX commands with PHP
Hi all, how can i execute a UNIX command like 'newuser Tim Taubert tim password' ? and am i able to fetch the results of such commands? Please help. Tim Taubert - Tim Taubert | [EMAIL PROTECTED] | http://www.shogunat.com/rg/ - -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] [ANNOUCE] PHPAUCTION 1.0 is out
It is (finally!) available at http://www.phpauction.org - Everyone interested in helping with the localization project, translating to other languages than english is welcome! Thanks Gianluca -- ALBASOFTWARE C/ Mallorca 186 - 3º 1ª 08036 Barcelona (Spain) Tel. +34 93454009 - +34 934549324 Fax. +34 934541979 @@ ICQ 47323154 @@ [EMAIL PROTECTED] http://www.albasoftware.com http://www.phpauction.org http://www.gianlucabaldo.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Executing UNIX commands with PHP
Tim Taubert [EMAIL PROTECTED] wrote: Hi all, how can i execute a UNIX command like 'newuser Tim Taubert tim password' $output = system(unix_command); echo The result was . $output; more info at: www.php.net/system -- Henrik Hansen -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] Executing UNIX commands with PHP
Thanks a lot Henrik! - Tim Taubert | [EMAIL PROTECTED] | http://www.shogunat.com/rg/ - .o] -Original Message- .o] From: Henrik Hansen [mailto:[EMAIL PROTECTED]] .o] Sent: Wednesday, July 04, 2001 10:26 PM .o] To: [EMAIL PROTECTED] .o] Subject: Re: [PHP] Executing UNIX commands with PHP .o] .o] .o] Tim Taubert [EMAIL PROTECTED] wrote: .o] .o] Hi all, .o] how can i execute a UNIX command like .o] .o] 'newuser Tim Taubert tim password' .o] .o] $output = system(unix_command); .o] echo The result was . $output; .o] .o] more info at: .o] .o] www.php.net/system .o] .o] -- .o] Henrik Hansen .o] .o] .o] -- .o] PHP General Mailing List (http://www.php.net/) .o] To unsubscribe, e-mail: [EMAIL PROTECTED] .o] For additional commands, e-mail: [EMAIL PROTECTED] .o] To contact the list administrators, e-mail: [EMAIL PROTECTED] .o] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] Executing UNIX commands with PHP
mh this is bad... can i do anything else instead of this ? - Tim Taubert | [EMAIL PROTECTED] | http://www.shogunat.com/rg/ - .o] -Original Message- .o] From: Arcady Genkin [mailto:[EMAIL PROTECTED]] .o] Sent: Wednesday, July 04, 2001 10:42 PM .o] To: [EMAIL PROTECTED] .o] Cc: PHP Mailingliste .o] Subject: Re: [PHP] Executing UNIX commands with PHP .o] .o] .o] Tim Taubert [EMAIL PROTECTED] writes: .o] .o] how can i execute a UNIX command like .o] 'newuser Tim Taubert tim password' .o] ? and am i able to fetch the results of such commands? .o] .o] Since someone else replied to your question, I'll just mention that .o] running such command may be a really bad idea. If someone runs `ps' .o] at the same time, he'll be able to see the password for user `tim' in .o] clear text. .o] -- .o] Arcady Genkin .o] i=1; while 1, hilb(i); i=i+1; end -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] Executing UNIX commands with PHP
You could popen() the command, I believe, and do it interactively... -Original Message- From: Tim Taubert [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 04, 2001 4:47 PM To: PHP Mailingliste Subject: RE: [PHP] Executing UNIX commands with PHP mh this is bad... can i do anything else instead of this ? - Tim Taubert | [EMAIL PROTECTED] | http://www.shogunat.com/rg/ - .o] -Original Message- .o] From: Arcady Genkin [mailto:[EMAIL PROTECTED]] .o] Sent: Wednesday, July 04, 2001 10:42 PM .o] To: [EMAIL PROTECTED] .o] Cc: PHP Mailingliste .o] Subject: Re: [PHP] Executing UNIX commands with PHP .o] .o] .o] Tim Taubert [EMAIL PROTECTED] writes: .o] .o] how can i execute a UNIX command like .o] 'newuser Tim Taubert tim password' .o] ? and am i able to fetch the results of such commands? .o] .o] Since someone else replied to your question, I'll just mention that .o] running such command may be a really bad idea. If someone runs `ps' .o] at the same time, he'll be able to see the password for user `tim' in .o] clear text. .o] -- .o] Arcady Genkin .o] i=1; while 1, hilb(i); i=i+1; end -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] MySQL problem
Hi All, Does anyone know if this can be done with one query? I have to create a chart based on info in two tables that are four tables apart. Here are the relevant tables and just the most relevant fields... accident_report - ID - weekending (this is a -MM-DD format date) - (and others) accident_data - ID - accident_report_id - (and others) accident_cause (a lookup table) - ID - accident_data_id - cause_id cause (a list of possible causes of accidents ie. falling object or electric shock - ID - Description I need to list all the causes with the number of times each has occurred, even if it's zero times... they don't need to be listed in any particular order... Cheers Simon Kimber -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Executing UNIX commands with PHP
Tim Taubert [EMAIL PROTECTED] wrote: mh this is bad... can i do anything else instead of this ? crypt the password before inserting it into the user account? -- Henrik Hansen -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] Security of PHP code
Possibilities for improving security on a sourec displayer.
1) Maybe you could restrict your source shower to only look at
particular types of files - maybe the file has to end in .php
or .inc before it is even considered.
2) Given that something that displays the source needs to read the file,
maybe it could just look for some kind of marker that would
have to appear within the first N lines of a file, otherwise it
would be rejected. For example, every file that could be displayed
might need to look like this:
?php
//DISPLAYABLE
...
At 16:54 4/07/2001 +0100, Jon Haworth wrote:
Yes, I would have thought this would do it:
if (strstr($file, /usr/local/apache/htdocs/) {
show_source($file);
} else {
echo File must be in /usr/local/apache/htdocs!;
}
-
Brian White
Step Two Designs Pty Ltd - SGML, XML HTML Consultancy
Phone: +612-93197901
Web: http://www.steptwo.com.au/
Email: [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] MySQL problem
On 04-Jul-01 Simon Kimber wrote: Hi All, Does anyone know if this can be done with one query? I have to create a chart based on info in two tables that are four tables apart. Here are the relevant tables and just the most relevant fields... accident_report - ID - weekending (this is a -MM-DD format date) - (and others) accident_data - ID - accident_report_id - (and others) accident_cause (a lookup table) - ID - accident_data_id - cause_id cause (a list of possible causes of accidents ie. falling object or electric shock - ID - Description I need to list all the causes with the number of times each has occurred, even if it's zero times... they don't need to be listed in any particular order... select cause.ID, count(*) as cnt from ... WHERE ... group by cause.ID; Regards, -- Don Read [EMAIL PROTECTED] -- It's always darkest before the dawn. So if you are going to steal the neighbor's newspaper, that's the time to do it. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Best way to put text on image
If I have a JPEG image, what is the best way to put text or another image at a certain place using the gd library? Todd -- Todd Cary Ariste Software [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] MySQL problem
Sorry!!! I'm stupid! I forgot to mention that the list of causes has to be for a specified accident_report.weekending Cheers Simon -Original Message- From: Don Read [mailto:[EMAIL PROTECTED]] Sent: 04 July 2001 23:21 To: Simon Kimber Cc: [EMAIL PROTECTED] Subject: RE: [PHP] MySQL problem On 04-Jul-01 Simon Kimber wrote: Hi All, Does anyone know if this can be done with one query? I have to create a chart based on info in two tables that are four tables apart. Here are the relevant tables and just the most relevant fields... accident_report - ID - weekending (this is a -MM-DD format date) - (and others) accident_data - ID - accident_report_id - (and others) accident_cause (a lookup table) - ID - accident_data_id - cause_id cause (a list of possible causes of accidents ie. falling object or electric shock - ID - Description I need to list all the causes with the number of times each has occurred, even if it's zero times... they don't need to be listed in any particular order... select cause.ID, count(*) as cnt from ... WHERE ... group by cause.ID; Regards, -- Don Read [EMAIL PROTECTED] -- It's always darkest before the dawn. So if you are going to steal the neighbor's newspaper, that's the time to do it. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Removing Invalid Users
Clayton Dukes [EMAIL PROTECTED] wrote: How can I write code that will search the database and check the validity of an email address, and if it's bad, to remove that entry from the database? Like Tom said, use regex to check the email is of a valid format. A small percentage of servers can be contacted to find whether an email address is valid, but fewer and fewer are allowing this so it's completely unreliable. You can use getmxrr() to see if a DNS MX record exists corresponding to the domain. You'll need explode() to pull out the domain itself from the email address. Unfortunately an email address can be valid without having a valid MX record and also DNS could be unreachable at the exact moment your requesting it. It might be better to bypass getmxrr() and use checkdnsrr() instead to find whether the host exists. Of course this too could be unreachable. If you really want to determine if an email address is valid, a better strategy may be to send an email to the address with a unique string in it that must be mailed back or a unique URL that must be visited. You'd then need a script that's triggered upon receipt of matching emails and changes a flag in your DB record to designate the email address as valid or a script in the webpage that does the same. -- Steve Werby President, Befriend Internet Services LLC http://www.befriend.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] checking if checkbox is checked
I have 5 checkbox's in a form that I what to make sure at least one of
the checkbox is checked.
input type='checkbox' name='interest' value='basic'
input type='checkbox' name='interest3' value='Internet access '
input type='checkbox' name='interest1' value='pro'
input type='checkbox' name='interest4' value='domain name'
input type='checkbox' name='interest2' value='platinum'
I am checking for blank field buy doing this below How can I check for at
least one of the above check boxes is checked
if ($name == ) {
$name_err =
font color=redPlease enter your name!/fontbr ;
$send = no;
}
Best regards,
Richard
mailto:[EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Apache, PHP4 amd mySQL with SuSE 7.2
I am a newbie attempting to get Apache working with PHP 4 and MySQL on 7.2. All three are installed, Apache is running, it says that the PHP module is installed and I can manually log into mysql. From http://localhost: Operating system: [ SuSE Linux 7.2 (i386) ] Host: [ linux.local, Kernel: 2.4.4-4GB (i686) ] Webserver version: [ Apache/1.3.19 (Unix) (SuSE/Linux) ] Installed modules: [ PHP4 module ] [ Apache perl module (mod_perl) ] [ Apache DAV module (mod_dav) ] [ Apache Python module (mod_python) ] My first problem, when I try to load a php file (ie http://localhost/phpinfo.php) Koqueror shows the Open With dialog window. It does not seem to be recognizing php as a valid extension. My http.conf file has the following AddType application/x-httpd-php .php AddType application/x-httpd-php-source .phps AddType application/x-tar .tgz What else can I do ? Is there a HOWTO for SuSE on this ? Everything I have seen is for other distros which use Apachectl for instance, not applicable to SuSE and I don't yet understand enough about what I am doing to translate. Thanks Chuck -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Security of PHP code
Sascha Schumann [EMAIL PROTECTED] wrote:
On Wed, 4 Jul 2001, Steve Werby wrote:
Jon Haworth [EMAIL PROTECTED] wrote:
Yes, I would have thought this would do it:
if (strstr($file, /usr/local/apache/htdocs/) {
show_source($file);
[..]
Something along those lines will work. Without some kind of limitations
built in, the page will be able to load any file that's world-readable
so
it's a good idea to limit access to certain directories or hardcode the
directory you want to give access to.
Imagine someone passing in
/usr/local/apache/htdocs/../../../../etc/passwd as path..
Excellent point. In addition to hardcoding the path I would do something to
ensure that the file requested does not attempt to bypass that directory.
I'd probably use a regex to make sure it doesn't include a / or if I want
to serve files from a deeper directory I'd do a regex or use something like
strstr() to see if .. is within the filename. Personally, I wouldn't make
a script that outputed a file on the server or a script's code *and* allowed
the user to dictate what file was accessed.
--
Steve Werby
President, Befriend Internet Services LLC
http://www.befriend.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] checking if checkbox is checked
Richard Kurth [EMAIL PROTECTED] wrote:
I have 5 checkbox's in a form that I what to make sure at least one of
the checkbox is checked.
input type='checkbox' name='interest' value='basic'
input type='checkbox' name='interest3' value='Internet access '
input type='checkbox' name='interest1' value='pro'
input type='checkbox' name='interest4' value='domain name'
input type='checkbox' name='interest2' value='platinum'
if ( $interest == 'basic' || $interest3 == 'Internet access' || ...
$interest2 == 'platinum' )
{
echo At least one was checked.;
}
Ignoring the first input box you could also use a loop since the field names
are sequential. You could also handle the first field, by starting $i at 0
and only appending $i if it's greater than 0, but I don't want to clutter
the code. The code below assumes the fields aren't preset to values other
than those listed above.
for ( $i = 1; $i 4; $i++ )
{
$field = 'interest' . $i;
if ( ! empty( $$field ) )
{
$flag = TRUE;
}
}
if ( $flag == TRUE )
{
echo At least one was checked.;
}
--
Steve Werby
President, Befriend Internet Services LLC
http://www.befriend.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Is it me or my server company?
Okay I'm trying to use fopen() to open a file just uploaded via a form. like this: echo brparsing uploaded file . . .; $path = fopen($form_data, r); echo bropeing a path . . .; $thesize = filesize($form_data); echo brgetting size . . .; $tmpdata = fread($path, $thesize); echo brreading data . . .; $data = addslashes($tmpdata); but I get this error: parsing uploaded file . . . Warning: SAFE MODE Restriction in effect. The script whose uid is 10294 is not allowed to access /tmp/phpxyqF2z owned by uid 0 in /usr/local/plesk/apache/vhosts/futurebird.com/httpdocs/mapbuild2/displaymap. php3 on line 34 Is there some kind of safe mode that keeps fopen() from looking at the tempoary directory where the uploaded file is stored? The other error: Warning: fopen(/tmp/phpxyqF2z,r) - Success in /usr/local/plesk/apache/vhosts/futurebird.com/httpdocs/mapbuild2/displaymap. php3 on line 34 When it says Success what is it talking about? Is there a way around this? Maybe since I'm on a vitual server I need to include a more full path? I'm deeply confused. Susan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Basic fopen() question
I had an example of a function to open a file and read its contents into an array. It worked so that each line of the file was one element of the array. I can't find my example, nor can I get it to work the way I'd like. Any help? =- Jonathan Campbell ( [EMAIL PROTECTED] ) Mid days haze and I'm still not awake I got everything going but my bills are still late Funnier than hell and I think it's a blast Life's like a laugh when you got no money Lyrics from Average Day by Aztek Trip ( http://www.aztektrip.com ) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] Best way to put text on image
Todd, I'm not sure if you can write text to an existing image as I add to a new one but here is the code I use... $updateTime = date(F d, Y - h:ia); $text = New Movie Reviews @hyrum.net .$updateTime; $image = ImageCreate(500, 70); $bg = ImageColorAllocate($image, 255, 255, 255); $blue = ImageColorAllocate($image, 0, 0, 255); $black = ImageColorAllocate($image, 0, 0, 0); $himage= ImageCreateFromPNG(/home/hyrum/public_html/images/topics/hyrum.png); ImageRectangle($image, 0, 0, 500, 70, $white); ImageCopy($image, $himage, 410, 5, 1, 1, 89, 64); ImageString($image, 4, 0, 0, $text, $blue); ImageString($image, 3, 0, 20, $title1, $black); ImageString($image, 3, 0, 35, $title2, $black); ImageString($image, 3, 0, 50, $title3, $black); ImagePNG($image, signature.png); ImageDestroy($image); So you could create a new image and copy your jpg to the new canvas or (and preferably) someone will know if you can add text to an already existing image... Jeff -Original Message- From: Todd Cary [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 04, 2001 6:30 PM To: [EMAIL PROTECTED] Subject: [PHP] Best way to put text on image If I have a JPEG image, what is the best way to put text or another image at a certain place using the gd library? Todd -- Todd Cary Ariste Software [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Basic fopen() question
file() http://php.net/file - Original Message - From: JCampbell [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, July 05, 2001 10:48 AM Subject: [PHP] Basic fopen() question I had an example of a function to open a file and read its contents into an array. It worked so that each line of the file was one element of the array. I can't find my example, nor can I get it to work the way I'd like. Any help? =- Jonathan Campbell ( [EMAIL PROTECTED] ) Mid days haze and I'm still not awake I got everything going but my bills are still late Funnier than hell and I think it's a blast Life's like a laugh when you got no money Lyrics from Average Day by Aztek Trip ( http://www.aztektrip.com ) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Basic fopen() question
Normally when I'm looking for a function I start at a given spot, for example, you've found yourself here : http://www.php.net/manual/en/function.fopen.php From there, a good place to go is the given section, which in this case is here : http://www.php.net/manual/en/ref.filesystem.php Which contains a long list of file related a functions with brief descriptions. Within the list is : file Reads entire file into an array Granted it's a fairly long list, but through time the names and functions become remembered, and quicker and quicker they'll be found. http://www.php.net/manual/en/function.file.php regards, philip On Wed, 4 Jul 2001, JCampbell wrote: I had an example of a function to open a file and read its contents into an array. It worked so that each line of the file was one element of the array. I can't find my example, nor can I get it to work the way I'd like. Any help? =- Jonathan Campbell ( [EMAIL PROTECTED] ) Mid days haze and I'm still not awake I got everything going but my bills are still late Funnier than hell and I think it's a blast Life's like a laugh when you got no money Lyrics from Average Day by Aztek Trip ( http://www.aztektrip.com ) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
