Re: [PHP] file uploads grief
the "5000" represent byter try making it 500 i.e 5 megabytes i think the file you are trying to upload might be bigger than 5k and 5M is safe you can keep the fileseize fixed to a large value to be safe. and instead all the fancy code just try the move_uploaded_file() command to see if it works Good luck! On Sat, 21 Jul 2001, Justin French wrote: > Hi all, > > I know this topic get's covered all the time, but i've copied this code > direct from the online manual, and it still fails to work!! > > My environment is PHP4.0.1, under FreeBSD. > > To my knowledge, NONE of the php.ini file has been changed at all, and > the rest of PHP has been working finr for 6 months, although this is the > first time i've attempted file uploads. > > > This code is in the php manual: > > The HTML form: > --- > > > Send this file: > > > --- > > > The PHP code (as I understand from the man page, PHP4 << 4.0.2 requires > different code. Since i'm on 4.0.1, I've used this block of code, which > I believe is the correct code for my environment), copied accross line > for line. > > --- > /* Userland test for uploaded file. */ > function is_uploaded_file($filename) { > if (!$tmp_file = get_cfg_var('upload_tmp_dir')) { > $tmp_file = dirname(tempnam('', '')); > } > $tmp_file .= '/' . basename($filename); > /* User might have trailing slash in php.ini... */ > return (ereg_replace('/+', '/', $tmp_file) == $filename); > } > > if (is_uploaded_file($userfile)) { > copy($userfile, "/usr/local/share/doc/apache/tests/images"); > //changed this line for new file location > echo "file uploaded successfully"; // > added this line > } else { > echo "Possible file upload attack: filename '$userfile'."; > } > } > > > > > The Errors: > With the above code, I get this error when I submit: > --- > Warning: Max file size exceeded - file [userfile] not saved in Unknown > on line 0 > Possible file upload attack: filename 'none'. > --- > > So I commented out value="5000"> in the HTML for the moment. What does 5000 represent? > Bytes? KiloBytes? > > > With this line commented out, I get: > --- > Possible file upload attack: filename '/var/tmp/phpzlv472'. > --- > > The image i'm attempting to upload is a 44k GIF file from via Netscape > 4.6 on a Mac, but I can't see that this is the problem, since I've never > been refused an upload at any website. > > > > What I've tried: > I've read all the documentation I could find online > I've tried different permission settings for the target directory > I've looked for a simple upload script at all the usual PHP sites, but > couldn't find anything that wasn't mega complex. > > > Questions: > I find it hard to believe it's the code that is the problem, since it's > copied striaght from the website, so maybe it's a problem on my server, > or something else i'm missing. Any ideas? What else SHOULD I add to > this code (once it's functional) to handle errors properly, etc etc. > > > Many thanks in advance > Justin French > > -- Saquib Farooq @ Systems @ SDNPK Islamabad -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Odd include/variable problem
php4.0.5 win32 I have a page called results.php. Short but with any number of 12 include files depending on the logic flow. The first include file is a config file include("config.fil"); that contains all the variables to run the app., included is : $MYSQL_LINK=mysql_connect($host,$uName,$pWord); (All the necessary variables are declared before $MYSQL_LINK) Four different includes use this variable to get info from the same table and db no problem. When I get down to one of the last includes, I get the following error message "1 is not a valid MySQL-Link resource"etc in fulldisplay.php so I added the following to fulldisplay.php before the call to the db print $MYSQL_LINK; mysql_select_db($dbName,$MYSQL_LINK); It returned: Resource id #1 Warning: 1 is not a valid MySQL-Link resource in...etc the script completes but with the warning message Now if I take this include and insert include("config.fil"); at the top of this include file. I get...Resource id #9 and the script runs correctly to completion, no warnings no problems. I can't even begin to understand why the variable $MYSQL_LINK runs correctly in all the includes except fulldisplay.php unless I include the config file for the second time. By way of note, all the other varaibles defined in the config file are available in fulldisplay.php without including the config fle for a 2nd time. rm __ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Knowing when a visitor leaves.
Hi all I have a small web shop, what happens in it is that when a visitor clicks a displayed object ( adds it to his shopping cart) then it is marked as booked in the MySQL table, the problem is that when the visitor leaves without checking out, i.e. just chooses sumthing and decides to leave the object in the table remains booked and is not displayed to other visitors, is there any way that i can see when a person leaves the webshop, when he closes the browser window, the variables his session is destroyed automaitically right ? but that does'nt change allow me to attach a subroutine so that the changes are made in the tables. the solution i have thought of is to execute a subroutine when the session expires, but how do i do that, how do i set the time for session to expire and how do i attach a function/subroutine to that. the final question is that on this list when we use the word "client" it means the person hu is visiting the website right as in "client browser", and how does the SSL "client " differ from this. thanx alot in advance -- Saquib Farooq @ Systems @ SDNPK Islamabad -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] sample code snippets writing text to images?
Thanks for the example, Thiago. This raises another question, however. I noticed that the code below sends the header after the HTML tag, which (if I understand correctly) requires a special setting in the php.ini file. Assuming I don't have access to that file, is there a way to work around this or to toggle that setting on a page-by-page basis? Thanks. --kurt > -Original Message- > From: Thiago Locatelli da Silva [mailto:[EMAIL PROTECTED]] > Sent: Friday, July 20, 2001 10:13 PM > To: [EMAIL PROTECTED] > Subject: Re: [PHP] sample code snippets writing text to images? > > > > test.php > > > PHP - button > > > > border="0"> > border="0"> > > > > button.php > > /* > image font counter > icount.php3 / by Hunje Cho ([EMAIL PROTECTED]) > > $bgColor : Background Color , Hexadecimal > $fgColor : Foreground Color , Hexadecimal > Hexadecimal order : RGB (each 2byte) > */ > define("COUNT_FILE", "count.txt"); > define("COUNT_FONT", "2"); > > function ConvertColor($hexVal) > { > $ColorVal = array(3); > for($i = 0; $i < 3; $i++) > $ColorVal[$i] = HexDec(substr($hexVal, $i * 2, 2)); > return $ColorVal; > } > > function addCount() > { > $fp = fopen(COUNT_FILE, "r"); > $count = fgets($fp, 10); > fclose($fp); > $count++; > $fp = fopen(COUNT_FILE, "w"); > fputs($fp, $count , 10); > fclose($fp); > return $count; > } > $strCount = addCount(); > $width = strlen($strCount) * ImageFontWidth(COUNT_FONT); > $hImg = ImageCreate($width, ImageFontHeight(COUNT_FONT)); > list($red, $green, $blue) = ConvertColor($bgColor); > $clrBg = ImageColorAllocate($hImg, $red, $green, $blue); > list($red, $green, $blue) = ConvertColor($fgColor); > $clrFg = ImageColorAllocate($hImg, $red, $green, $blue); > ImageFill($hImg, 1, 1, $clrBg); > ImageString($hImg, COUNT_FONT, 1, 1, $strCount, $clrFg); > header("Content-type: image/gif"); > ImageGIF($hImg); > ImageDestroy($hImg); > ?> > > Regards > thiago > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] sample code snippets writing text to images?
http://www.webmonkey.com has a tutorial on it. http://www.phpbuilder.com has one too i think Kurt Lieber wrote: > > I'm learning how to work with images in PHP and specifically learning > how to write text dynamically to an existing image. > > Does anyone have any sample code and/or pointers that might help me out? > I work best from examples, rather than muddling through the manual > (though that's what I'm doing right now.) > > Ideally, if someone has an example of a reusable function to write text > to existing images, that would be great. > > Thanks. > > --kurt -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] sample code snippets writing text to images?
test.php PHP - button button.php Regards thiago
[PHP] sample code snippets writing text to images?
I'm learning how to work with images in PHP and specifically learning how to write text dynamically to an existing image. Does anyone have any sample code and/or pointers that might help me out? I work best from examples, rather than muddling through the manual (though that's what I'm doing right now.) Ideally, if someone has an example of a reusable function to write text to existing images, that would be great. Thanks. --kurt
[PHP] file uploads grief
Hi all, I know this topic get's covered all the time, but i've copied this code direct from the online manual, and it still fails to work!! My environment is PHP4.0.1, under FreeBSD. To my knowledge, NONE of the php.ini file has been changed at all, and the rest of PHP has been working finr for 6 months, although this is the first time i've attempted file uploads. This code is in the php manual: The HTML form: --- Send this file: --- The PHP code (as I understand from the man page, PHP4 << 4.0.2 requires different code. Since i'm on 4.0.1, I've used this block of code, which I believe is the correct code for my environment), copied accross line for line. --- /* Userland test for uploaded file. */ function is_uploaded_file($filename){ if (!$tmp_file = get_cfg_var('upload_tmp_dir')) { $tmp_file = dirname(tempnam('', '')); } $tmp_file .= '/' . basename($filename); /* User might have trailing slash in php.ini... */ return (ereg_replace('/+', '/', $tmp_file) == $filename); } if (is_uploaded_file($userfile)) { copy($userfile, "/usr/local/share/doc/apache/tests/images"); //changed this line for new file location echo "file uploaded successfully"; // added this line } else { echo "Possible file upload attack: filename '$userfile'."; } } The Errors: With the above code, I get this error when I submit: --- Warning: Max file size exceeded - file [userfile] not saved in Unknown on line 0 Possible file upload attack: filename 'none'. --- So I commented out in the HTML for the moment. What does 5000 represent? Bytes? KiloBytes? With this line commented out, I get: --- Possible file upload attack: filename '/var/tmp/phpzlv472'. --- The image i'm attempting to upload is a 44k GIF file from via Netscape 4.6 on a Mac, but I can't see that this is the problem, since I've never been refused an upload at any website. What I've tried: I've read all the documentation I could find online I've tried different permission settings for the target directory I've looked for a simple upload script at all the usual PHP sites, but couldn't find anything that wasn't mega complex. Questions: I find it hard to believe it's the code that is the problem, since it's copied striaght from the website, so maybe it's a problem on my server, or something else i'm missing. Any ideas? What else SHOULD I add to this code (once it's functional) to handle errors properly, etc etc. Many thanks in advance Justin French -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Gettin' system enviroment (Urgent, please)
Check phpinfo() On Sat, 21 Jul 2001, Thiago Locatelli da Silva wrote: > Well, this code get the name of the user that is logged in win9x/2k/nt (ASP) > > Request.ServerVariables("LOGON_USER") > > and, how can i do it in php? > I tryed getenv() and not worked. > > Please, help me! > > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Gettin' system enviroment (Urgent, please)
Well, this code get the name of the user that is logged in win9x/2k/nt (ASP) Request.ServerVariables("LOGON_USER") and, how can i do it in php? I tryed getenv() and not worked. Please, help me! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] PHP security
> I need to store username and password for mysql in a file to be used by PHP. > I am concerned with PHP's security. Can anyone use showsource() to read php > source even if they are on a different server or they are spoofing my ip > address (hacking)? No, of course not. > If I put a file with the secure data in a directory outside the root > directory and include it in a PHP script, could someone use echo or > showsource() to view the file content making the data insecure? Are you on a shared server? ie. Do other people have access to your server? If so, it is somewhat difficult to guarantee security on something like this unless you have your own Apache instance running as your own user id. If you are not on a shared server you don't need to worry about PHP's security. -Rasmus -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] PHP security
I need to store username and password for mysql in a file to be used by PHP. I am concerned with PHP's security. Can anyone use showsource() to read php source even if they are on a different server or they are spoofing my ip address (hacking)? If I put a file with the secure data in a directory outside the root directory and include it in a PHP script, could someone use echo or showsource() to view the file content making the data insecure? Thanks! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] What's wrong with this regular expression?
Hi James, This is what you want $body=eregi_replace ("]+)\">([^<]+)","[url=\"\\1\"]\\2[/url]",$body); You were checking for no ['s in the string instead of no >'s or <'s - -- - - - Philip Murray - [EMAIL PROTECTED] http://www.open2view.com - Open2View.com - - -- - - - Original Message - From: "James Crowley" <[EMAIL PROTECTED]> To: "PHP List" <[EMAIL PROTECTED]> Sent: Saturday, July 21, 2001 6:26 AM Subject: [PHP] What's wrong with this regular expression? > Hi, > Could someone please point out where I've gone wrong with this regular > expression...? > > $body="http://www.fred.com\";>my test or href=\"/show.asp?id=333\">here"; > $body=eregi_replace (" href=\"([^\\[]*)\">([^\\[]*)","[url=\"\\1\"]\\2[/url]",$body); > > #$body should now be > [url="http://www.fred.com"]my test[/url] or > [url="/show.asp?id=333"]here[/url] > #but instead, it is > [url="http://www.fred.com";>my test or href=\"/show.asp?id=333\"]here[/url] > echo $body; > > Thanks > > - James > > Editor, VB Web > == > Web - http://www.vbweb.co.uk > Email - [EMAIL PROTECTED] > ICQ# - 60612011 > Fax - +44(0)8707052859 > == > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] include, require, require_once
> Subject: [PHP] include, require, require_once > > what is the diference beetwen this functions? The difference is well explained on www.php.net -> documentation -> {include, require, require_once} RTFM! Martin. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] include, require, require_once
Hi, On Sat, Jul 21, 2001 at 12:18:38AM -0300, Thiago Locatelli da Silva wrote: > what is the diference beetwen this functions? I believe the include/require_once() functions check to see if that particular include was previously included in the script and if it was it ignores it, at least that is the way I understand it. require() differrs from include() because it will always read the targetted file even if the line of code it is sitting on is never actually executed. Hope that describes it for you. Regards, Josh -- First post to list :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] include, require, require_once
what is the diference beetwen this functions? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] testing if var is empty
http://php.net/empty On Sat, 21 Jul 2001, Justin French wrote: > Hi, > > I'm a semi-newbie, and if I want to check if a variable is set, or > contains something, i've been doing it like this: > > if($var != "") { ... } > > I'm sure there is a better/safer/smarter/faster/more reliable way? > > > Justin French > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] testing if var is empty
Hi, I'm a semi-newbie, and if I want to check if a variable is set, or contains something, i've been doing it like this: if($var != "") { ... } I'm sure there is a better/safer/smarter/faster/more reliable way? Justin French -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Printing a HTML page
I have written part of an online ordering system that produces an order which must be stored in a database, emailed to the relevant address, and printed on a local printer (lp, RedHat 7.0). The database storage is not a problem and I've created a HTML page which I can email. What are peoples opinions on the best way to print the page? I've given a little bit of thought to dumping the HTML constructed for the email to dik and then piping it through a html2eps type app. and then to the (postscript) printer. How are other people doing this? How come the printer functions are only available on windows? Usually it's the reverse :-) Cheers, Brad -- Brad Hubbard Congo Systems 12 Northgate Drive, Thomastown, Victoria, Australia 3074 Email: [EMAIL PROTECTED] Ph: +61-3-94645981 Fax: +61-3-94645982 Mob: +61-419107559 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Redirect Problems w/netscape
Hi, I have a calendar script which I wrote with the following section of code. if ($HTTP_POST_VARS["ACTION"]=="DELETE" && $HTTP_POST_VARS["MsgId"]!="" && ereg("^([0-9])+$",$HTTP_POST_VARS["MsgId"]) ) { $sqltxt1="delete from CalendarData where ID='". $HTTP_POST_VARS["MsgId"]."'"; $result1=mysql_query($sqltxt1,$conn_id) or die ("Unable to execute query - $sqltxt1"); header ("Location: $SCRIPT_NAME?OrgID=$OrgID&CalID=$CalID&". "year=$year&month=$month&day=$day"); } The code gets called by from a form to delete a event from the calendar. The problem is this. In netscape 4.7 (Windows & Linux) after I click the delete button on the form I get the error "The document contained no data" but the event is deleted from the calendar. What has me really confused is that it my script works great in IE4,IE5 and Lynx. (I haven't tried anything else) Also if I change the code as follows it works on netscape but it goes the month view of the calendar instead of the day view. Which isn't what I want. header ("Location: $SCRIPT_NAME?OrgID=$OrgID&CalID=$CalID&". "year=$year&month=$month"); The url for accessing the document is http://myhost/webpost/editcalendar.php?OrgID=ESD189&CalID=Events&year=2001&month=07&day=3 If I change my code to echo "Location: $SCRIPT_NAME?OrgID=$OrgID&CalID=$CalID&". "year=$year&month=$month"; I get a web page with the following line. webpost/editcalendar.php?OrgID=ESD189&CalID=Events&year=2001&month=07&day=3 Obviously since this is working in IE my code isn't completely screwed up. So I am wondering if anyone has seen this behavior? Am I breaking a length barrier that netscape is enforcing? I have tried this same code on apache 1.3.12 with php 4.02 & apache 1.3.19 with php 4.06 both with the same results. Any help would be great. Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] COOL BAMBOO MATS
DEAR SIR /MADAM: WE ARE PRODUCING HIGH QUALITY COOL BAMBOO MATS,WELCOME ORDER. PRICE FOB TO SHENZHEN CHINA: US¡ç14.6 TO US¡ç17.0 PER PIECE ( FIRST GRADE OF SIZE 150cm¡Á193cm ) PRICE FOB TO SHENZHEN CHINA: US¡ç5.2 TO US¡ç5.9 PER sq.m. ( FIRST GRADE OF OTHER SIZE ) DELIVERY TIME: 7-15 DAYS ALSO WELCOME ORDER BY YOUR SIZE OR ORDER ALL KINDS OF BAMBOO SOFA CUSHIONS. LOOK THE DETAILS ABOUT BAMBOO MATS FROM HERE: http://www.chunpai.com/zlx-yw.htm OTHER PRODUCTS: PLEASE LOOK PRICES WITH PHOTOS OF WOOD SHOES FROM HERE: http://www.chunpai.com/mxmyj010713.htm PLEASE LOOK PRICES WITH PHOTOS OF FLYING SHOES FROM HERE: http://www.chunpai.com/flyingshoe.htm PLEASE LOOK PRICES WITH PHOTOS OF PLYWOOD,FLOORING & ALUMINUM-PLASTIC PANEL FROM: http://www.chunpai.com/qtmyj010528.htm BEST REGARDS MR. TAN LONG ( SATRAP ) GUILIN LINGUI SHENGPING XIAOXUE BAMBOO & WOOD MANUFACTORY ADDRESS: No.229 RONGSHAN ROAD,LINGUI,GUILIN,GUANGXI,CHINA TEL: +86-773-5592687 FAX: +86-773-5592687 EMAIL: [EMAIL PROTECTED] WEB SITE: www.chunpai.com/first-english.htm POSTALCODE: 541100 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] Stoping Frame Breakers
For the record: If you check the HTML spec, you'll discover that tags aren't allowed within tags. Most browsers handle them, but YMMV. (Last time I tested it, Mozilla (aka Netscape 6) didn't even display pages with scripts in the header because it's invalid html. I couldn't convince anyone that it was important enough to fix, either.) - Theo -Original Message- From: Sheridan Saint-Michel [mailto:[EMAIL PROTECTED]] Sent: Friday, July 20, 2001 10:27 AM To: php-general Subject: Re: [PHP] Stoping Frame Breakers I would actually suggest JavaScript, rather than PHP here. Try putting something like