[PHP] How to print a mysql result
Hi, I am having a problem with menu options being pass on to my database. Is there a way that I can see what is sql statement that is passing on to the database? Say maybe print $sql or something like that? Chuck Payne -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How to print a mysql result
echo $sql; Adam On Sat, 7 Sep 2002, Chuck PUP Payne wrote: Hi, I am having a problem with menu options being pass on to my database. Is there a way that I can see what is sql statement that is passing on to the database? Say maybe print $sql or something like that? Chuck Payne -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] gmdate()
I got an idea to solve my problem. I'll make client side calculation. I'll set the user pick a future time and then calculate from the client side how many minutes exists between these two times, then pass the minutes difference to the server. Naintara Jain [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... lets say, ServerOne has TimeZone GMT+2 ServerTwo has TimeZone GMT+3 the gmdate() will return diff values for the same timestamp. essentially there will be a diff of 1 hour in the return values from these two servers. -Naintara -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] t]On Behalf Of lallous Sent: Friday, September 06, 2002 8:55 PM To: [EMAIL PROTECTED] Subject: Re: [PHP] gmdate() I don't own the server, and the server is probably set up correctly as it is a web hosting server. anyway, how should that RedHat 6 server be set up ? Elias Marek Kilimajer [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... The server needs to be set up correctly - it needs to know what time zone it is in and if the BIOS time is GMT or local. lallous wrote: Isn't the gmdate() supposed to return the same value when run from two different timezones? I run it on GMT+2 system and EDT system, and I get 1 hour difference, please advise. Elias -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] How to set the file premission by using CHMOD?
Situation: I want to create a file to a directory, but the premission denied, how to solve this problem by using CHMOD? Bryan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Enhancement of script
Dear All I have recently downloaded a calendar from CST (which is no longer supported ) and I have made a few changes to the script. The calendar will be used to see when something is booked and you can assign messages to it as well which the general user cannot see. In this respects I have created 2 pages - welcome .php for the general viewer and admin_welcome for the updating of the calendar. What I would like to do is to be able to enter multiple dates in at the same time - either saying from a start date for so many days or from a start date to an end date. After spending hours looking at the code and in this forum I cannot seem to get it right - basically I cannot do it. I was wondering if someone could have a look and tell me where I am going wrong. I have attached the files to this email along with the mySQL table file in case another column needs to be added. You can see the script running at www.matrix-hosting.co.uk/prestige/welcome.php for the general view and www.matrix-hosting.co.uk/prestige/admin_welcome.php for the admin side. Any help would be appreciated Ray P.S. if any one also knows how to get it to display a 2 or 3 months at a time or even a year this would also be a bonus as I have tried to do this as well. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Enhancement of script
Looks good if your keen to shear the code we could have a tinkle with it and see if we can work it out. Phil - Original Message - From: Ray Healy (Data Net Services) [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, September 07, 2002 10:11 PM Subject: [PHP] Enhancement of script Dear All I have recently downloaded a calendar from CST (which is no longer supported ) and I have made a few changes to the script. The calendar will be used to see when something is booked and you can assign messages to it as well which the general user cannot see. In this respects I have created 2 pages - welcome .php for the general viewer and admin_welcome for the updating of the calendar. What I would like to do is to be able to enter multiple dates in at the same time - either saying from a start date for so many days or from a start date to an end date. After spending hours looking at the code and in this forum I cannot seem to get it right - basically I cannot do it. I was wondering if someone could have a look and tell me where I am going wrong. I have attached the files to this email along with the mySQL table file in case another column needs to be added. You can see the script running at www.matrix-hosting.co.uk/prestige/welcome.php for the general view and www.matrix-hosting.co.uk/prestige/admin_welcome.php for the admin side. Any help would be appreciated Ray P.S. if any one also knows how to get it to display a 2 or 3 months at a time or even a year this would also be a bonus as I have tried to do this as well. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Enhancement of script
Dear All The calendar will be used to see when something is booked and you can assign messages to it as well which the general user cannot see. In this respects I have created 2 pages - welcome .php for the general viewer and admin_welcome for the updating of the calendar. What I would like to do is to be able to enter multiple dates in at the same time - either saying from a start date for so many days or from a start date to an end date. After spending hours looking at the code and in this forum I cannot seem to get it right - basically I cannot do it. I was wondering if someone could have a look and tell me where I am going wrong. (scripts at bottom of page) ng at www.matrix-hosting.co.uk/prestige/welcome.php for the general view and www.matrix-hosting.co.uk/prestige/admin_welcome.php for the admin side. Any help would be appreciated Ray P.S. if any one also knows how to get it to display a 2 or 3 months at a time or even a year this would also be a bonus as I have tried to do this as well. The Scipts: mySQL Database File CREATE TABLE tablename ( id int(11) DEFAULT '0' NOT NULL auto_increment, username varchar(255), stamp datetime, subject varchar(255), description blob, PRIMARY KEY (id) ); welcome.php (this is what the end user sees) ? $mysql_hostname = 'localhost'; $mysql_username = ''; $mysql_password = ''; $mysql_database = ''; $mysql_tablename = ''; $currentday = date(j, time()); $currentmonth = date(m, time()); $currentyear = date(Y, time()); $lastday = 1; $database = mysql_connect($mysql_hostname, $mysql_username, $mysql_password); if (!$month) { $month = date(m, time()); $year = date(Y, time()); } mysql_select_db($mysql_database, $database); echo centerfont face=Arial size=2b; echo date('F', mktime(0,0,0,$month,1,$year)); echo $yearpfont size=3/bp; $firstday = date( 'w', mktime(0,0,0,$month,1,$year)); while (checkdate($month,$lastday,$year)) { $lastday++; } $nextmonth = $month+1; $nextyear = $year; if ($nextmonth == 13) { $nextmonth = 1; $nextyear = $year + 1; } $lastmonth = $month-1; $lastyear = $year; if ($lastmonth == 0) { $lastmonth = 12; $lastyear = $year-1; } echo tabletr; echo tdform method=post action=welcome.phpinput type=submit value='' input type=hidden name=month value=$lastmonth input type=hidden name=year value=$lastyear/form/td; echo tdform method=post action=welcome.phpinput type=submit value='' input type=hidden name=month value=$nextmonth input type=hidden name=year value=$nextyear/form/td/tr/table; echo table width=175 cellpadding=1 cellspacing=1 border=1; echo trtd width=25font size=2bSun/b/font/tdtd width=25font size=2bMon/b/font/td td width=25font size=2bTue/b/font/tdtd width=25font size=2bWed/b/font/td td width=25font size=2bThu/b/font/tdtd width=25font size=2bFri/b/font/td td width=25font size=2bSat/b/font/td/b/font/tr; for ($i=0; $i7; $i++) { if ($i $firstday) { echo td/td; } else { $thisday = ($i+1)-$firstday; if ($currentyear $year) { echo td valign=top align=center bgcolor=dd; } else if ($currentmonth $month $currentyear == $year) { echo td valign=top align=center bgcolor=dd; } else if ($currentmonth == $month $currentday $thisday $currentyear == $year) { echo td valign=top align=center bgcolor=dd; } else { echo td valign=top align=center bgcolor=white; } echo font size=2b$thisday/b/fontbr font size=3; $query2 = mysql_query(SELECT subject FROM $mysql_tablename WHERE stamp = \$year-$month-$thisday 00:00:00\ and stamp = \$year-$month-$thisday 23:59:59\ ORDER BY stamp); for ($j = 0; $jmysql_num_rows($query2); $j++) { $results = mysql_fetch_array($query2); if ($results[subject]) { echo font color=redb$results[subject]/b/font; } } if (mysql_num_rows($query2) 4) { for ($j=0; $j(4-mysql_num_rows($query2)); $j++) echo ; } echo /td; } } echo /tr\n; $nextday = ($i+1)-$firstday; for ($j = 0; $j5; $j++) { echo tr; for ($k = 0; $k7; $k++) { if ($nextday $lastday) { if ($currentyear $year) { echo td valign=top align=center bgcolor=dd; } else if ($currentmonth $month $currentyear == $year) { echo td valign=top bgcolor=dd; } else if ($currentmonth == $month $currentday $nextday $currentyear == $year) { echo td valign=top align=center bgcolor=dd; } else { echo td valign=top align=center bgcolor=white; } echo font size=2b$nextday/b/fontbr font size=3; $query3 = mysql_query(SELECT subject FROM $mysql_tablename WHERE stamp = \$year-$month-$nextday 00:00:00\ AND stamp = \$year-$month-$nextday 23:59:59\ ORDER BY stamp); for ($i = 0; $imysql_num_rows($query3)+4; $i++) { $results2 = mysql_fetch_array($query3); if ($results2[subject]) { echo font color=redb$results2[subject]/b/font; } else if ($i 4) { echo ; } } echo /td; $nextday++; } } echo /tr\n; } echo /tablefont size=3; ? admin_welcome.php (this is what the admin uses) ? $mysql_hostname = 'localhost'; $mysql_username = ''; $mysql_password = ''; $mysql_database = ''; $mysql_tablename = ''; $currentday = date(j, time()); $currentmonth = date(m, time()); $currentyear = date(Y,
[PHP] what's the latest version of PHPLib now?
i can't visit http://phplib.netuse.de
php-general Digest 7 Sep 2002 11:55:16 -0000 Issue 1571
php-general Digest 7 Sep 2002 11:55:16 - Issue 1571 Topics (messages 115578 through 115598): Re: Object composition and reference 115578 by: Dan Ostrowski email with html and images 115579 by: josh 115582 by: Manuel Lemos Re: php4 w/ apache2 using module 115580 by: Adam Williams 115585 by: Seairth Jacobs Re: From ASP to PHP please help 115581 by: Richard Baskett Re: Source code 115583 by: Justin French Re: defining vars within functions as global 115584 by: Justin French Re: \n to BR Problem 115586 by: Jacob Miller 115587 by: Jacob Miller Re: Low Cost PHP Hosting 115588 by: Justin French Re: Web based FTP client 115589 by: Justin French Re: File upload security and virus considerations 115590 by: YC Nyon How to print a mysql result 115591 by: Chuck PUP Payne 115592 by: Adam Williams Re: gmdate() 115593 by: lallous How to set the file premission by using CHMOD? 115594 by: Bryan Enhancement of script 115595 by: Ray Healy \(Data Net Services\) 115596 by: Philip J. Newman 115597 by: Ray Healy \(Data Net Services\) what's the latest version of PHPLib now? 115598 by: xdrag Administrivia: To subscribe to the digest, e-mail: [EMAIL PROTECTED] To unsubscribe from the digest, e-mail: [EMAIL PROTECTED] To post to the list, e-mail: [EMAIL PROTECTED] -- ---BeginMessage--- Well this is just a suggestion since I am in the middle of some PostgreSQL learning and I don't entirely know your situation.. BUT... In times like this, I usually build one MASTER OBJECT to controll all the other little happy citizen objects like mindless sheep. For instance. At one point I needed Form objects ( think of your bus ) to not only have access to other objects called Style objects, which could change ( think of your diesel object ), but also communicate to a database and do all sorts of other fun stuff. Now.. I couldn't have random objects floating around in orbit cause then they couldn't talk to each other so well, and things would get frustrating and one of the objects was likely to punch one of the other objects, knocking out his front properties. I couldn't afford the dental. So what I did was create a FormMaster which held methods for accessing individual objects, makeing all the objects do the same thing ( whether they complained or not ), letting the objects access (indirectly) the properties ( think 'global, but not' ) of the master object, and it all stays very neat. of course.. it's more coding... hehe.. but it made my forms behave quite nicely. regards, dan Fri, 6 Sep 2002 17:45:33 -0500 Paul Smith [EMAIL PROTECTED] wrote: Other classes need to have access to these objects without going through any mode objects. I suppose I can just pass by reference to these other classes; I don't want to have any objects out of sync. On Friday, September 6, 2002, at 06:12 PM, Dan Ostrowski wrote: The only point I don't understand is why you are averted to saying $bus-setFuel($diesel); I don't understand the drawback... regards, dan On Fri, 6 Sep 2002 16:58:06 -0500 Paul Smith [EMAIL PROTECTED] wrote: I'm compositing a class based on other classes. The component classes are (this is for a transportation application) fuel and vehicle. The container class is mode (as in mode of transit: rail, bus, etc.). There can be several vehicles and fuels for each mode (many to one). I want to be able to accomplish something like this: $bus = new mode(); $diesel = new fuel($bus); $ethanol = new fuel($bus); $class_a_bus = new vehicle($bus); $articulated_bus = new vehicle($bus); In other words, register the fuels and vehicles with the mode object in such a way that I don't have to make them members of said object; in further other words, instead of doing it something like: $bus = new mode(); $diesel = new fuel(); $bus-addFuel($diesel); Is there a way I can then reference the components of the mode object without having to know the names I picked for the variables; without having to do something like: $diesel = new fuel(); $bus-addFuel($diesel, 'diesel'); -- a handle to reference the globally scoped variable One kludgy way would be to foreach() the $GLOBALS in a method of the mode class, checking for is_a('fuel'). One of my rules of thumb is to reduce use of the $GLOBALS. Would a more elegant solution be related to PHP's reference counting? I apologize if this is a confusing-as-hell post. I would be more than happy to clarify a point... Paul -- Paul Smith [EMAIL PROTECTED] Center for Neighborhood Technology Chicago, IL USA -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php --
[PHP] Array - Match
I have $sub = abc; and $subs[0] = cde; $subs[0] = iyu; $subs[0] = abc; .. .. .. $subs[50] = xyx; How to find whether $sub matches with any one of $subs[$i] I have used a for loop but it is returning true when $subs[$i] = xabc. /Chandu --- Powered by MihiraMail, Fast secure reliable Brought to you by Mihira Net Pvt Ltd. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How to set the file premission by using CHMOD?
man chown (change ownership) (i.e. chown my_username:my_groupname directory) -or- man chmod (change permissions)(i.e. chmod uga+w file_name -or- chown 4777 file_name) -Brad Bryan wrote: Situation: I want to create a file to a directory, but the premission denied, how to solve this problem by using CHMOD? Bryan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Array - Match
? $sub = abcd; $subs[] = cde; $subs[] = iyu; $subs[] = abc; $subs[] = xyx; $match=false; foreach($subs as $value) { if($sub==$value){$match=true; break;} } if($match) echo 'found!'; else echo 'not found!'; //or better use //for PHP 4 if(in_array($sub,$subs))echo 'found!'; else echo 'not found!'; //also possible //for PHP 4 = 4.0.5 4.2.0 if(is_null(($b=array_search($sub,$subs echo 'not found!'; else echo 'found! In $sub['.$b.']'; //or for PHP 4 = 4.2.0 if(($b=array_search($sub,$subs))) echo 'found! In $sub['.$b.']'; else echo 'not found!'; ? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Problem with inserting values into database through php
Hi Olli, I think the query string is missing an ; Timo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] using print instead of echo
the example I have below.. I'm able to get working using the 'echo' command. But I would like to know how to format the same using the 'print' command. I am familiar with both. but with this one instance I am not sure how to format the print command correctly to get the same results as the echo command. Any suggestions would be appreciated. $variable1[0]=one; $variable2[0]=two; $variable3[0]=three; $variable4[0]=four; $j=1; while($j5){ echo ${variable.$j}[0]; $j++; } -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sessions with register_globals = off
Sessions are now being registered, but I have a problem unregistering them. This is the code that I'm using to test it: kill.php session_start(); print(ID = .$_SESSION['id']); //The value is printed print(PERMISOS = .$_SESSION['permisos']); //The value is printed unset($_SESSION['id']); unset($_SESSION['permisos']); print(ID = .$_SESSION['id']); //The value is NOT printed print(PERMISOS = .$_SESSION['permisos']); //The value is NOT printed ---kill.php- If the page is reloaded, the result is exactly the same. But if I keep reloading the page $_SESSION['id'] and $_SESSION['permisos'] have the same value. Is there any other way to unregister session variables ??? Thank you very much. _ Mauricio Cuenca - Original Message - From: Daniel Guerrier [EMAIL PROTECTED] To: Mauricio Cuenca [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Friday, September 06, 2002 2:11 PM Subject: Re: [PHP] Sessions with register_globals = off Here you go http://www.zend.com/manual/function.session-is-registered.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] \n to BR Problem
on 07/09/02 1:51 AM, N. Pari Purna Chand ([EMAIL PROTECTED]) wrote: $newstr = ereg_replace (\n, BR, $newstr); Instead, I think you'd have to escape the slash: \\n... but it's irrelevant, because there's a function that does this for you: $newstr = nl2br($newstr); Also, you should try to use str_replace('was', 'is', $str), because it's less resource intensive than ereg* Justin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Link for downloading?
http://www.zend.com/zend/trick/tricks-august-2001.php the stuff he does with mime types and headers is all relevant to what you want to do... Justin on 07/09/02 1:56 AM, Alex Shi ([EMAIL PROTECTED]) wrote: Thanks for your reply! Still have another question: How to use header() to generate download link? Alex - Original Message - From: [EMAIL PROTECTED] To: Alex Shi [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Friday, September 06, 2002 7:27 AM Subject: Re: [PHP] Link for downloading? Question 1: I think this has to do with how you attribute your file extensions in httpd.conf (Apache thing, not PHP), so check out the docs on apache.org Question 2: I woudl tend to believe it depends what kind of link it is... is it and HTTP downlaod site (which would use the windows save file as dialog, or is it a link to an FTP site, which may use your local FTP software... HTH -Brad Hello, How to create a link that when click it will lauch file downloading at client's end. And another question which might be biased from this topic, but still related with the subject of this message: why some downloading link will lauch a ftp client such as NetAnts or Download Accelerator while other link will start a Window's builtin download window? Alex -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about character acces, [] vs {}
Somewhere in an article or the manual it *strongly* advises using in {} not [] for access of a certain character in a string. Justin on 07/09/02 5:34 AM, Robert Cummings ([EMAIL PROTECTED]) wrote: Some time ago i wrote some code where I used the now deprecated form of accessing characters in a string $string[x]... Would there be much of a performance gain for me to go take the time to update the code to the newer $string{x} style? Cheers, Rob. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Help! I will even Donate through Paypal, I only want to make a thumbnail of a picture through php code.
Hi Gang, I am serious, I will send a donation (small- I am not a rich man :o) ) through PayPal, if someone is kind enough to help me out. What I need it to create a thumbnail of an uploaded picture. I am not fussy on how the PHP script accomplishes this as long as it works. I tried running Imagemagick (convert after the file is uploaded) through an exec command with no luck. I would like to have two files in the folder where the image is uploated : image.jpg and imagethumbnail.jpg (I want to creat thumbnails on the fly of pictures users upload). I am running IIS 5, If this is part of my problem I am willing to change to apache. I am sure this is a simple process since it is done all the time. If there are otherways to create a thumbnail I am willing to try that as well. I just can not seem to run the convert.exe through a PHP file :o( Is it not possible to run an external progrman (convert.exe) through php code? What I am looking for is some detailed instruction on how to go about this, I have found bits and pieces but there are too many holes in the information I have so far. Again Thanks in advance to any help anyone can provide --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.385 / Virus Database: 217 - Release Date: 9/4/2002 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] email with html and images
I'd start by having a look at Manuel's class at phpclasses.org... called mimeMial or something... Justin on 07/09/02 9:32 AM, josh ([EMAIL PROTECTED]) wrote: Hey all I have seen many tutorials on sending HTML email, and sending email with attachments, but have found nothing on sending HTML email with the images for the html attached. Anyone familiar with doing this? Thanks, Josh -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: Proposal for securing PHP sessions
You're going to be shutting out a lot of AOL users (bah! who needs em! ;p) if you do that, as AOL changes a user's IP address about as often as you read the word the... Dave -Original Message- From: M1tch [mailto:[EMAIL PROTECTED]] Sent: Saturday, September 07, 2002 12:05 PM To: [EMAIL PROTECTED] Subject: [PHP] Re: Proposal for securing PHP sessions Why not just use IP? I created a nice system, whereby if your IP is changed (or someone is hacking your session), the session is destroyed, and the user must log in. Does not add much overhead either. Also, I built it using database (using my own session functions in savehandler), that stores the ip as well. This prevents people snooping. Still not 100% secure I imagine, but much better. Andy Mar Tin [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Dear all: Until I read the article PHP Session security (http://www.webkreator.com/php/configuration/php-session-security.html) I haven't noticed how insecure PHP Sessions are. Basically there're 2 problems: *) It's possible to hijack a session if you know the SID (session id) 1) If you're on a shared server (cheap webhosting) other users can get the SIDs by doing ls /tmp/sess_* (/tmp/ is defined on session.save_path on the config file, so it may be different). 2) When a user clicks on an external link, the browser sends the REFERER url and sometimes it contains the SID (if session.use_trans_sid is enabled) PHP offers a security measure: with session.referer_check it will reject SIDs comming from other referers, but the referer url can be easily forged. *) Users can read session data from the session files, which are owned by the server process (every user which has an account on the webserver can read server owned files) (If you're intrested in the subject I would recommend to read full the article: http://www.webkreator.com/php/configuration/php-session-security.html) I have developed some functions to avoid this problems. They replace the standard session functions (using session_set_save_handler), so you only have to include the file at the beggining of your script and (afaik) you're safe :) This is the idea: Apart from the session cookie, I set another one (with the same name and the string '_sec' appended). On this cookie I set a random KEY. The name of the file which contains the session data is the md5 hash of the SID and the KEY together. This turns impossible to guess the session id by looking at the filenames. To hide the data inside the file, the serialized string is crypted using the KEY as password, so nobody can see the content of your user's sessions. You can find the code here: http://www.n3rds.com.ar/files/docs/php_sessions/sess_handler.txt Im looking for suggestions to make it 100% compatible with the standard session functions, and I would like to hear some thougts about the idea Martin Sarsale [EMAIL PROTECTED] __ Do You Yahoo!? Yahoo! Finance - Get real-time stock quotes http://finance.yahoo.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Credit Card Validation
I know it's been posted here several times and I've looked through the archives but I just need something very simple for this. I have a form that already takes in user information but now before accepting the information, I'd like to pass the credit card information to a function and return true or false. Is anyone using something like this that is simple? Jeff
Re: [PHP] gmdate()
Huh? I think date() will return different values, but gmdate() will not, since it returns GM time. Lallous, maybe it is something about summertime/wintertime? Timo Am Freitag den, 6. September 2002, um 16:36, schrieb Naintara Jain: lets say, ServerOne has TimeZone GMT+2 ServerTwo has TimeZone GMT+3 the gmdate() will return diff values for the same timestamp. essentially there will be a diff of 1 hour in the return values from these two servers. -Naintara -Original Message- From: [EMAIL PROTECTED] [mailto:php-general- [EMAIL PROTECTED] t]On Behalf Of lallous Sent: Friday, September 06, 2002 8:55 PM To: [EMAIL PROTECTED] Subject: Re: [PHP] gmdate() I don't own the server, and the server is probably set up correctly as it is a web hosting server. anyway, how should that RedHat 6 server be set up ? Elias Marek Kilimajer [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... The server needs to be set up correctly - it needs to know what time zone it is in and if the BIOS time is GMT or local. lallous wrote: Isn't the gmdate() supposed to return the same value when run from two different timezones? I run it on GMT+2 system and EDT system, and I get 1 hour difference, please advise. Elias -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Proposal for securing PHP sessions
Why not just use IP? I created a nice system, whereby if your IP is changed (or someone is hacking your session), the session is destroyed, and the user must log in. Does not add much overhead either. Also, I built it using database (using my own session functions in savehandler), that stores the ip as well. This prevents people snooping. Still not 100% secure I imagine, but much better. Andy Mar Tin [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Dear all: Until I read the article PHP Session security (http://www.webkreator.com/php/configuration/php-session-security.html) I haven't noticed how insecure PHP Sessions are. Basically there're 2 problems: *) It's possible to hijack a session if you know the SID (session id) 1) If you're on a shared server (cheap webhosting) other users can get the SIDs by doing ls /tmp/sess_* (/tmp/ is defined on session.save_path on the config file, so it may be different). 2) When a user clicks on an external link, the browser sends the REFERER url and sometimes it contains the SID (if session.use_trans_sid is enabled) PHP offers a security measure: with session.referer_check it will reject SIDs comming from other referers, but the referer url can be easily forged. *) Users can read session data from the session files, which are owned by the server process (every user which has an account on the webserver can read server owned files) (If you're intrested in the subject I would recommend to read full the article: http://www.webkreator.com/php/configuration/php-session-security.html) I have developed some functions to avoid this problems. They replace the standard session functions (using session_set_save_handler), so you only have to include the file at the beggining of your script and (afaik) you're safe :) This is the idea: Apart from the session cookie, I set another one (with the same name and the string '_sec' appended). On this cookie I set a random KEY. The name of the file which contains the session data is the md5 hash of the SID and the KEY together. This turns impossible to guess the session id by looking at the filenames. To hide the data inside the file, the serialized string is crypted using the KEY as password, so nobody can see the content of your user's sessions. You can find the code here: http://www.n3rds.com.ar/files/docs/php_sessions/sess_handler.txt Im looking for suggestions to make it 100% compatible with the standard session functions, and I would like to hear some thougts about the idea Martin Sarsale [EMAIL PROTECTED] __ Do You Yahoo!? Yahoo! Finance - Get real-time stock quotes http://finance.yahoo.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Proposal for securing PHP sessions
You could use a SUB NET (o; to block a group of users ie 202.*.*.* would kill most of New Zealand and Oz - Original Message - From: Dave at Sinewaves.net [EMAIL PROTECTED] To: PHPlist [EMAIL PROTECTED]; M1tch [EMAIL PROTECTED] Sent: Sunday, September 08, 2002 8:34 AM Subject: RE: [PHP] Re: Proposal for securing PHP sessions You're going to be shutting out a lot of AOL users (bah! who needs em! ;p) if you do that, as AOL changes a user's IP address about as often as you read the word the... Dave -Original Message- From: M1tch [mailto:[EMAIL PROTECTED]] Sent: Saturday, September 07, 2002 12:05 PM To: [EMAIL PROTECTED] Subject: [PHP] Re: Proposal for securing PHP sessions Why not just use IP? I created a nice system, whereby if your IP is changed (or someone is hacking your session), the session is destroyed, and the user must log in. Does not add much overhead either. Also, I built it using database (using my own session functions in savehandler), that stores the ip as well. This prevents people snooping. Still not 100% secure I imagine, but much better. Andy Mar Tin [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Dear all: Until I read the article PHP Session security (http://www.webkreator.com/php/configuration/php-session-security.html) I haven't noticed how insecure PHP Sessions are. Basically there're 2 problems: *) It's possible to hijack a session if you know the SID (session id) 1) If you're on a shared server (cheap webhosting) other users can get the SIDs by doing ls /tmp/sess_* (/tmp/ is defined on session.save_path on the config file, so it may be different). 2) When a user clicks on an external link, the browser sends the REFERER url and sometimes it contains the SID (if session.use_trans_sid is enabled) PHP offers a security measure: with session.referer_check it will reject SIDs comming from other referers, but the referer url can be easily forged. *) Users can read session data from the session files, which are owned by the server process (every user which has an account on the webserver can read server owned files) (If you're intrested in the subject I would recommend to read full the article: http://www.webkreator.com/php/configuration/php-session-security.html) I have developed some functions to avoid this problems. They replace the standard session functions (using session_set_save_handler), so you only have to include the file at the beggining of your script and (afaik) you're safe :) This is the idea: Apart from the session cookie, I set another one (with the same name and the string '_sec' appended). On this cookie I set a random KEY. The name of the file which contains the session data is the md5 hash of the SID and the KEY together. This turns impossible to guess the session id by looking at the filenames. To hide the data inside the file, the serialized string is crypted using the KEY as password, so nobody can see the content of your user's sessions. You can find the code here: http://www.n3rds.com.ar/files/docs/php_sessions/sess_handler.txt Im looking for suggestions to make it 100% compatible with the standard session functions, and I would like to hear some thougts about the idea Martin Sarsale [EMAIL PROTECTED] __ Do You Yahoo!? Yahoo! Finance - Get real-time stock quotes http://finance.yahoo.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Warning: Could not execute mail delivery program
PHP Warning: Could not execute mail delivery program in /htdocs/... Any suggestions on how to fix this? - Noah -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] contact list re-ordering (php/mySQL CMS design)
Dear guru's, Hit a problem while developing a CMS with php/mySQL. Part of this is a contact list and this works ok (add/edit/delete with insert/update/delete queries). Now the client has requested a new feature: ability to change the order in which the contacts are being presented in the public part of this CMS (don't ask me why). I've added a field 'show_pos' to the contacts table and am able to change its value when I edit an existing record or add a new one. What I can't wrap my head around at the moment is how one deals with updating 'show_pos' for the OTHER records (while editing/deleting present record (WHERE id='$id')? Could anyone give me some pointers as to how this could be done in php and/or SQL (preferable). I sure hope anyone understands what I mean ... Cheers! newbie@a_loss -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Calculating Totals from table columns without a second query to the DB
Hi Jay, MySQL deserves some more respect. It's language is quite potent. Have you had a look on COUNT()? It is suited well for... well, counting. I would like to be able to sum up a collumns values already in MySQL. The following query will sum up all values of the column 'id': SELECT @idsum:=(IFNULL(@idsum, id)+id), id FROM yourtable; Now a question to the PHP/MySQL experienced: Why does this type of query not work in combination with PHP? I am using query above as $query and do the following standard procedure: $result = mysql_query($query); while ($row = mysql_fetch_row($result)) { echo join(, , $row) . br; }; But MySQLs variable seems to be reset for each row. Is there any other access method on a query that can cope with it properly? Timo Am Freitag den, 6. September 2002, um 17:32, schrieb Jay Blanchard: [thinking out loud] For small result sets where I am looking for column totals I generally issue 2 queries to the database, one for the data and one for the totals. This works fine, but for some things the database returns 100's or 1000's of records. To make this easier to use I page the records, showing an appropriate number of records for each page. The records for each page returned like so (normal); while($row = mysql_fetch_object($result)){ print(td . $row-value . /td\n); print(td . $row-another_value . /td\n); } The PHB would now like a totals per page and a grand totals. Easy enough with 3 queries each time the page is called, one for the records, one for the page totals, (using proper LIMIT queries) and one for the grand totals, but awfully inefficient and intensive. I suppose I could do something like this; while($row = mysql_fetch_object($result)){ print(td . $row-value . /td\n); print(td . $row-another_value . /td\n); $value1 = $value1 + $row-value; $value2 = $value2 + $row-another_value; } [/thinking out loud] In the process of typing this out I of course realized that this would work very well. Even if the database contains NULL values they are treated as zero. This gets me back to 2 queries, one of which only has to be issued once (the one for the grand totals, the results can be held in variables and echo'd or printed as needed). It also seems to be very efficient as the $value variables will only be doing a one time math operation each time through the while loop. For smaller results sets all on one page the same type of operation could be used for the grand totals as well, working the whole report down to a single query. I use a lot of crosstab queries where totals are needed along the bottom or right side, you can only do one within the original query. The other totals are left to another query ... usually. This should be a lesson to us all, we all try to over-compicate the issue sometimes. Usually a look at the docs/manual/FAQ/other-text-intensive-method-of-delivering-information will deliver the solution to a problem while some thought slowed to a reasonable speed (such as me typing out the problem above) will also allow natural logic to occur, producing a solution. Break down the process into managable portions, solving each portion before moving on to the next. Challenge; Can this be made as simple for rows too? Peace and I HTH someone else! Jay Hard work has a future payoff. Laziness pays off NOW. * * Texas PHP Developers Conf Spring 2003* * T Bar M Resort Conference Center* * New Braunfels, Texas * * Contact [EMAIL PROTECTED] * * * * Want to present a paper or workshop? Contact now! * * -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Proposal for securing PHP sessions
Dear all: Until I read the article PHP Session security (http://www.webkreator.com/php/configuration/php-session-security.html) I haven't noticed how insecure PHP Sessions are. Basically there're 2 problems: *) It's possible to hijack a session if you know the SID (session id) 1) If you're on a shared server (cheap webhosting) other users can get the SIDs by doing ls /tmp/sess_* (/tmp/ is defined on session.save_path on the config file, so it may be different). 2) When a user clicks on an external link, the browser sends the REFERER url and sometimes it contains the SID (if session.use_trans_sid is enabled) PHP offers a security measure: with session.referer_check it will reject SIDs comming from other referers, but the referer url can be easily forged. *) Users can read session data from the session files, which are owned by the server process (every user which has an account on the webserver can read server owned files) (If you're intrested in the subject I would recommend to read full the article: http://www.webkreator.com/php/configuration/php-session-security.html) I have developed some functions to avoid this problems. They replace the standard session functions (using session_set_save_handler), so you only have to include the file at the beggining of your script and (afaik) you're safe :) This is the idea: Apart from the session cookie, I set another one (with the same name and the string '_sec' appended). On this cookie I set a random KEY. The name of the file which contains the session data is the md5 hash of the SID and the KEY together. This turns impossible to guess the session id by looking at the filenames. To hide the data inside the file, the serialized string is crypted using the KEY as password, so nobody can see the content of your user's sessions. You can find the code here: http://www.n3rds.com.ar/files/docs/php_sessions/sess_handler.txt Im looking for suggestions to make it 100% compatible with the standard session functions, and I would like to hear some thougts about the idea Martin Sarsale [EMAIL PROTECTED] __ Do You Yahoo!? Yahoo! Finance - Get real-time stock quotes http://finance.yahoo.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: sending email with linefeeds
Hello, On 09/06/2002 12:10 PM, Kai Hinkelmann wrote: Hi, we are sending plain-text-emails from php not using the mail-command but with port-operations. Everything works fine BUT outlook 2000 eats the linefeeds. We tried several things: copying the header from an original (functional) email from outlook, sending with \n or \r\n to seperate header-info and so on... nothing works. All email-clients show the mails correct - outlook 2000 doesn't. Since other mails are shown correct, there MUST be a way, but we don't know, which. Who can help? You may want to try this class that deals with line feeds properly according to the sending method. http://www.phpclasses.org/mimemessage It supports sending via mail() or SMTP which work under Windows, and sendmail and qmail that work only under Unix/Linux. -- Regards, Manuel Lemos -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] using print instead of echo
At 9/7/2002, you wrote: the example I have below.. I'm able to get working using the 'echo' command. But I would like to know how to format the same using the 'print' command. I am familiar with both. but with this one instance I am not sure how to format the print command correctly to get the same results as the echo command. Any suggestions would be appreciated. $variable1[0]=one; $variable2[0]=two; $variable3[0]=three; $variable4[0]=four; $j=1; while($j5){ echo ${variable.$j}[0]; $j++; } Hi, I don't get it, it works identically with echo and with print, doesn't it? $variable1[0]=one; $variable2[0]=two; $variable3[0]=three; $variable4[0]=four; $j=1; while($j5){ print ${variable.$j}[0]; $j++; } If you get kicks from odd coding styles you might also use eval :) $variable1[0]=one; $variable2[0]=two; $variable3[0]=three; $variable4[0]=four; $j=1; while($j5){ eval(print \\$variable . $j . [0]br\;); $j++; } - Pekka Saarinen http://photography-on-the.net - -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Array - Match
Hello Chandu, You can use in_array(needle, haystack) for this. For example, if (in_array(abc,$subs)) {item found, do stuff...} HTH! Jed On the threshold of genius, N. Pari Purna Chand wrote: I have $sub = abc; and $subs[0] = cde; $subs[0] = iyu; $subs[0] = abc; .. .. .. $subs[50] = xyx; How to find whether $sub matches with any one of $subs[$i] I have used a for loop but it is returning true when $subs[$i] = xabc. /Chandu --- Powered by MihiraMail, Fast secure reliable Brought to you by Mihira Net Pvt Ltd. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] contact list re-ordering (php/mySQL CMS design)
I'm not sure if what you mean is something like this: Say, you have a table with 2 columns (1) id and (2) contact. And your table is populated in this way: id contact 1 a 2 b 3 c 4 d 5 e And, let's say that your id is auto_incremented. Also, the contacts are shown ORDER BY id DESC. So, each time you add a new one, it shows up on the top of the list. So, what if you want a contact to show up between id 3 and 4? Well, what I'd do is (1) NOT auto_increment the id field and (2) manually increment the id by, say, 10 or 100. In other words, my table would probably look something like this: id contact 100 a 200 b 300 c 400 d 500 e So, if I want to make one contact show up between 300 and 400, I'll just add the contact with an id of, say, 350. This way, I wouldn't even need a show_pos field. Besides, I wouldn't even bother changing the show_pos for the other records. :) Of course, there must be a more elegant way of doing this. (Actually, I'm not really sure if I really understand your problem... Still, HTH...) - E Dear guru's, Hit a problem while developing a CMS with php/mySQL. Part of this is a contact list and this works ok (add/edit/delete with insert/update/delete queries). Now the client has requested a new feature: ability to change the order in which the contacts are being presented in the public part of this CMS (don't ask me why). I've added a field 'show_pos' to the contacts table and am able to change its value when I edit an existing record or add a new one. What I can't wrap my head around at the moment is how one deals with updating 'show_pos' for the OTHER records (while editing/deleting present record (WHERE id='$id')? Could anyone give me some pointers as to how this could be done in php and/or SQL (preferable). I sure hope anyone understands what I mean ... Cheers! newbie@a_loss -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] How to program very basic chat on PHP?
Hello, this question is about dynamic communication between browsers. I have a site to meet people (PHP/Mysql).These people have their profiles and pictures stored into the site. I would like to make some kind of chat (very single chat), so when people log into system, I can trace their nicknames and list all active users onto some table. When someone wants talk to any other listed person, he just click on nick name, and some window will open on the other people browser's. This way, a single chat between two users could be stablished easily. Is this possible to program just using PHP?. I cant figure here how to control remotely the other user's browse (open chat window for instance) using only PHP. Thanks for any help Mig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How to program very basic chat on PHP?
You could create a scema, or module that is called with each page load, that checks for messages when the user is logged in. So when the message is stored into the databace, when the user loads the anypage while logged in it checks for new messages, and if the user has messages then the window pops up and the user can eather reply etc etc Phil - Original Message - From: M [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, September 08, 2002 10:09 AM Subject: [PHP] How to program very basic chat on PHP? Hello, this question is about dynamic communication between browsers. I have a site to meet people (PHP/Mysql).These people have their profiles and pictures stored into the site. I would like to make some kind of chat (very single chat), so when people log into system, I can trace their nicknames and list all active users onto some table. When someone wants talk to any other listed person, he just click on nick name, and some window will open on the other people browser's. This way, a single chat between two users could be stablished easily. Is this possible to program just using PHP?. I cant figure here how to control remotely the other user's browse (open chat window for instance) using only PHP. Thanks for any help Mig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Help! I will even Donate through Paypal, I only want to makea thumbnail of a picture through php code.
Hello, On 09/07/2002 12:55 PM, Kurtis Harper wrote: I am serious, I will send a donation (small- I am not a rich man :o) ) through PayPal, if someone is kind enough to help me out. What I need it to create a thumbnail of an uploaded picture. I am not fussy on how the PHP script accomplishes this as long as it works. I tried running Imagemagick (convert after the file is uploaded) through an exec command with no luck. I would like to have two files in the folder where the image is uploated : image.jpg and imagethumbnail.jpg (I want to creat thumbnails on the fly of pictures users upload). I am running IIS 5, If this is part of my problem I am willing to change to apache. I am sure this is a simple process since it is done all the time. If there are otherways to create a thumbnail I am willing to try that as well. I just can not seem to run the convert.exe through a PHP file :o( Is it not possible to run an external progrman (convert.exe) through php code? What I am looking for is some detailed instruction on how to go about this, I have found bits and pieces but there are too many holes in the information I have so far. Here you may find several classes for that purpose just the way you want, ie, just using PHP code: http://www.phpclasses.org/browse.html/class/11.html -- Regards, Manuel Lemos -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Warning: Could not execute mail delivery program
== [EMAIL PROTECTED] (Noah Spitzer-Williams) ªº¤å³¹¤¤´£¨ì: PHP Warning: Could not execute mail delivery program in /htdocs/... Any suggestions on how to fix this? - Noah check your php.ini file. if should be safe_mode = Off -- [m[1;32m* Origin: LastLoveSongBBS (lls.twbbs.org) From: localhost.localdomai [m -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Credit Card Validation
Hello, On 09/07/2002 06:03 PM, Jeff Lewis wrote: I know it's been posted here several times and I've looked through the archives but I just need something very simple for this. I have a form that already takes in user information but now before accepting the information, I'd like to pass the credit card information to a function and return true or false. Is anyone using something like this that is simple? This class does exactly what you ask. It generates Javascript code for client side validation and the class itself can validate on the server side. See the sample output pages. -- Regards, Manuel Lemos -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Credit Card Validation
Check out http://www.analysisandsolutions.com/code/ccvs-ph.htm At 05:03 PM 9/7/2002 -0400, Jeff Lewis wrote: I know it's been posted here several times and I've looked through the archives but I just need something very simple for this. I have a form that already takes in user information but now before accepting the information, I'd like to pass the credit card information to a function and return true or false. Is anyone using something like this that is simple? Jeff -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Credit Card Validation
Hello, On 09/07/2002 06:03 PM, Jeff Lewis wrote: I know it's been posted here several times and I've looked through the archives but I just need something very simple for this. I have a form that already takes in user information but now before accepting the information, I'd like to pass the credit card information to a function and return true or false. Is anyone using something like this that is simple? This class does exactly what you ask. It generates Javascript code for client side validation and the class itself can validate on the server side. See the sample output pages. Oops, the class is here: http://www.phpclasses.org/formsgeneration -- Regards, Manuel Lemos -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] cmsg cancel 42EOfJ$q0m@lls.twbbs.org
Re: Warning: Could not execute mail delivery ¡K -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Link for downloading?
try this: ?php ... ... $filename = test; header(Cache-Control: no-cache, must-revalidate); header(Content-type:.$mime_type); header(Content-Disposition:filename=.$filename..doc); echo hello, world!; ? - Original Message - From: Justin French [EMAIL PROTECTED] To: Alex Shi [EMAIL PROTECTED]; [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Saturday, September 07, 2002 11:45 PM Subject: Re: [PHP] Link for downloading? http://www.zend.com/zend/trick/tricks-august-2001.php the stuff he does with mime types and headers is all relevant to what you want to do... Justin on 07/09/02 1:56 AM, Alex Shi ([EMAIL PROTECTED]) wrote: Thanks for your reply! Still have another question: How to use header() to generate download link? Alex - Original Message - From: [EMAIL PROTECTED] To: Alex Shi [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Friday, September 06, 2002 7:27 AM Subject: Re: [PHP] Link for downloading? Question 1: I think this has to do with how you attribute your file extensions in httpd.conf (Apache thing, not PHP), so check out the docs on apache.org Question 2: I woudl tend to believe it depends what kind of link it is... is it and HTTP downlaod site (which would use the windows save file as dialog, or is it a link to an FTP site, which may use your local FTP software... HTH -Brad Hello, How to create a link that when click it will lauch file downloading at client's end. And another question which might be biased from this topic, but still related with the subject of this message: why some downloading link will lauch a ftp client such as NetAnts or Download Accelerator while other link will start a Window's builtin download window? Alex -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Proposal for securing PHP sessions
Does it change the IP address while the user is connected? I didn't think that was possible... I only use sessions to store username/password and other limited variables, it's only if they log off and back in again that's they have to log out, and separate cookies automatically handle the login there- so it's pretty seamless. Anyone know about server farms? I vaguely remember reading that you should only use the first three portions of an IP address (e.g. 123.12.123) to be sufficient for a server farm. Dave At Sinewaves.Net [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... You're going to be shutting out a lot of AOL users (bah! who needs em! ;p) if you do that, as AOL changes a user's IP address about as often as you read the word the... Dave -Original Message- From: M1tch [mailto:[EMAIL PROTECTED]] Sent: Saturday, September 07, 2002 12:05 PM To: [EMAIL PROTECTED] Subject: [PHP] Re: Proposal for securing PHP sessions Why not just use IP? I created a nice system, whereby if your IP is changed (or someone is hacking your session), the session is destroyed, and the user must log in. Does not add much overhead either. Also, I built it using database (using my own session functions in savehandler), that stores the ip as well. This prevents people snooping. Still not 100% secure I imagine, but much better. Andy Mar Tin [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Dear all: Until I read the article PHP Session security (http://www.webkreator.com/php/configuration/php-session-security.html) I haven't noticed how insecure PHP Sessions are. Basically there're 2 problems: *) It's possible to hijack a session if you know the SID (session id) 1) If you're on a shared server (cheap webhosting) other users can get the SIDs by doing ls /tmp/sess_* (/tmp/ is defined on session.save_path on the config file, so it may be different). 2) When a user clicks on an external link, the browser sends the REFERER url and sometimes it contains the SID (if session.use_trans_sid is enabled) PHP offers a security measure: with session.referer_check it will reject SIDs comming from other referers, but the referer url can be easily forged. *) Users can read session data from the session files, which are owned by the server process (every user which has an account on the webserver can read server owned files) (If you're intrested in the subject I would recommend to read full the article: http://www.webkreator.com/php/configuration/php-session-security.html) I have developed some functions to avoid this problems. They replace the standard session functions (using session_set_save_handler), so you only have to include the file at the beggining of your script and (afaik) you're safe :) This is the idea: Apart from the session cookie, I set another one (with the same name and the string '_sec' appended). On this cookie I set a random KEY. The name of the file which contains the session data is the md5 hash of the SID and the KEY together. This turns impossible to guess the session id by looking at the filenames. To hide the data inside the file, the serialized string is crypted using the KEY as password, so nobody can see the content of your user's sessions. You can find the code here: http://www.n3rds.com.ar/files/docs/php_sessions/sess_handler.txt Im looking for suggestions to make it 100% compatible with the standard session functions, and I would like to hear some thougts about the idea Martin Sarsale [EMAIL PROTECTED] __ Do You Yahoo!? Yahoo! Finance - Get real-time stock quotes http://finance.yahoo.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] security documentation
Can someone please tell me specifically who can answer if http://www.php.net/manual/en/security.php is based on the most recent PHP 4.2.3? Or are there new bits of information that have not been added to this chapter, yet? Vania _ Vania Smrkovski Internet Design and Programming [EMAIL PROTECTED] http://pandorasdream.com/ http://webdesign.pandorasdream.com/
php-general Digest 8 Sep 2002 01:46:44 -0000 Issue 1572
php-general Digest 8 Sep 2002 01:46:44 - Issue 1572 Topics (messages 115599 through 115634): Array - Match 115599 by: N. Pari Purna Chand 115601 by: Bas Jobsen 115613 by: Jed Verity Re: How to set the file premission by using CHMOD? 115600 by: Brad Bonkoski Re: Problem with inserting values into database through php 115602 by: timo stamm using print instead of echo 115603 by: Kevin Heflin 115612 by: Pekka Saarinen Re: Sessions with register_globals = off 115604 by: Mauricio Cuenca Re: \n to BR Problem 115605 by: Justin French Re: Link for downloading? 115606 by: Justin French 115632 by: xdrag Re: Question about character acces, [] vs {} 115607 by: Justin French Help! I will even Donate through Paypal, I only want to make a thumbnail of a picture through php code. 115608 by: Kurtis Harper 115615 by: Manuel Lemos Re: email with html and images 115609 by: Justin French contact list re-ordering (php/mySQL CMS design) 115610 by: speedfreak.chello.be 115614 by: . Edwin Proposal for securing PHP sessions 115611 by: mar tin 115618 by: M1tch 115621 by: Dave at Sinewaves.net 115622 by: Philip J. Newman 115633 by: M1tch Re: sending email with linefeeds 115616 by: Manuel Lemos [ANNOUNCE] PHP 4.2.3 released 115617 by: Zeev Suraski Re: gmdate() 115619 by: timo stamm Re: Calculating Totals from table columns without a second query to the DB 115620 by: timo stamm Credit Card Validation 115623 by: Jeff Lewis 115628 by: Manuel Lemos 115629 by: Garrick Linn 115630 by: Manuel Lemos Warning: Could not execute mail delivery program 115624 by: Noah Spitzer-Williams 115627 by: ¡Û How to program very basic chat on PHP? 115625 by: M 115626 by: Philip J. Newman cmsg cancel 42EOfJ$[EMAIL PROTECTED] 115631 by: ¡Û security documentation 115634 by: Vania Smrkovski Administrivia: To subscribe to the digest, e-mail: [EMAIL PROTECTED] To unsubscribe from the digest, e-mail: [EMAIL PROTECTED] To post to the list, e-mail: [EMAIL PROTECTED] -- ---BeginMessage--- I have $sub = abc; and $subs[0] = cde; $subs[0] = iyu; $subs[0] = abc; .. .. .. $subs[50] = xyx; How to find whether $sub matches with any one of $subs[$i] I have used a for loop but it is returning true when $subs[$i] = xabc. /Chandu --- Powered by MihiraMail, Fast secure reliable Brought to you by Mihira Net Pvt Ltd. ---End Message--- ---BeginMessage--- ? $sub = abcd; $subs[] = cde; $subs[] = iyu; $subs[] = abc; $subs[] = xyx; $match=false; foreach($subs as $value) { if($sub==$value){$match=true; break;} } if($match) echo 'found!'; else echo 'not found!'; //or better use //for PHP 4 if(in_array($sub,$subs))echo 'found!'; else echo 'not found!'; //also possible //for PHP 4 = 4.0.5 4.2.0 if(is_null(($b=array_search($sub,$subs echo 'not found!'; else echo 'found! In $sub['.$b.']'; //or for PHP 4 = 4.2.0 if(($b=array_search($sub,$subs))) echo 'found! In $sub['.$b.']'; else echo 'not found!'; ? ---End Message--- ---BeginMessage--- Hello Chandu, You can use in_array(needle, haystack) for this. For example, if (in_array(abc,$subs)) {item found, do stuff...} HTH! Jed On the threshold of genius, N. Pari Purna Chand wrote: I have $sub = abc; and $subs[0] = cde; $subs[0] = iyu; $subs[0] = abc; .. .. .. $subs[50] = xyx; How to find whether $sub matches with any one of $subs[$i] I have used a for loop but it is returning true when $subs[$i] = xabc. /Chandu --- Powered by MihiraMail, Fast secure reliable Brought to you by Mihira Net Pvt Ltd. ---End Message--- ---BeginMessage--- man chown (change ownership) (i.e. chown my_username:my_groupname directory) -or- man chmod (change permissions)(i.e. chmod uga+w file_name -or- chown 4777 file_name) -Brad Bryan wrote: Situation: I want to create a file to a directory, but the premission denied, how to solve this problem by using CHMOD? Bryan ---End Message--- ---BeginMessage--- Hi Olli, I think the query string is missing an ; Timo ---End Message--- ---BeginMessage--- the example I have below.. I'm able to get working using the 'echo' command. But I would like to know how to format the same using the 'print' command. I am familiar with both. but with this one instance I am not sure how to format the print command correctly to get the same results as the echo command. Any suggestions would be appreciated. $variable1[0]=one; $variable2[0]=two; $variable3[0]=three; $variable4[0]=four;
[PHP] How to do pass on information...
Hi, I would like to know if there is a way that I can pass on an information from a pull down menu into a sql query. Right now I have to right a PHP page for each piece I am wanting to pass on. Example I have a movie database and now if I want to see what is in my Anime Category that starts with A I have to create a page like this: Select * FROM database WHERE category = 'anime' AND title like 'A%' I know I have to do an array? Would it be like this? $category $letter Select * FROM database WHERE category = '$category' and title is like '$letter' But it get to the sql statement is where I am lost. Chuck Payne Magi Design and Support -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How to do pass on information...
Can't you make a form? Lets say you have a lexical database for categories like: IDNAME 1 Anime 2 Action etc... then in the form so: select name='cat' ?php $query = select * from categories; $result = run_query($query); while($row = fetch_array($result) { echo option value=$row[0]$row[1]/option; } free_result($result) ? /select This would send to the form action page the numerical representation of the categoried selected from the drop down list. -Brad Chuck PUP Payne wrote: Hi, I would like to know if there is a way that I can pass on an information from a pull down menu into a sql query. Right now I have to right a PHP page for each piece I am wanting to pass on. Example I have a movie database and now if I want to see what is in my Anime Category that starts with A I have to create a page like this: Select * FROM database WHERE category = 'anime' AND title like 'A%' I know I have to do an array? Would it be like this? $category $letter Select * FROM database WHERE category = '$category' and title is like '$letter' But it get to the sql statement is where I am lost. Chuck Payne Magi Design and Support -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] header() problem!!!!
Hi: is this a bug? [win98se + apache2.0.40 + PHP4.2.3 + IE6.0] download1.php: ?php ... header(Cache-Control: no-cache, must-revalidate); header(Content-Type:.$mime_type); header(Content-Disposition: filename=$filename); echo $filedata; ? works well download2.php: ?php ... header(Cache-Control: no-cache, must-revalidate); header(Content-Type:.$mime_type); header(Content-Disposition: attachment; filename=$filename); echo $filedata; ? please pay attention to header(Content-Disposition: ...) if you click this URL, for example download2.php?id=1, then click the save button, your browser will suffer a fatal error. You can not do anything else now!
Re: [PHP] Re: Proposal for securing PHP sessions
on 08/09/02 5:04 AM, M1tch ([EMAIL PROTECTED]) wrote: Why not just use IP? I created a nice system, whereby if your IP is changed (or someone is hacking your session), the session is destroyed, and the user must log in. Does not add much overhead either. large ISPs like AOL use variable IPs (your IP could change from page to page)... that's a pretty good reason to start with. if people get disconnected, they too are likely to have a new IP on most dial-up ISPs. Justin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Credit Card Validation
You have be a little clearer. What do you want to return on true? a) the card number appears to be numerically valid b) the card has enough credit left on it to place the order I'll assume A. You need to decide what cards are going to be accepted, and look for a class or set of functions which validate that number as numerically valid, given a certain TYPE of card. Ie, VISA's numeric specs for a valid looking card number, will be different to others. I'm pretty sure I've seen a class on phpclasses.org Justin on 08/09/02 7:03 AM, Jeff Lewis ([EMAIL PROTECTED]) wrote: I know it's been posted here several times and I've looked through the archives but I just need something very simple for this. I have a form that already takes in user information but now before accepting the information, I'd like to pass the credit card information to a function and return true or false. Is anyone using something like this that is simple? Jeff -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] php_flag in httpd.conf
Though the manual says it's possible I have bene unable to turn the PHP engine on and of per *directory*.. Towards the top of the httpd.conf file I have : Directory / Options FollowSymLinks AllowOverride None php_flag engine off /Directory Then further down for a directory I need PHP in I have Directory /usr/site/www/www.foobar.com/* Options FollowSymLinks AllowOverride None php_flag engine off /Directory And this doesn't work.. Note that it does seem to work including it in VirtualHost directives but I'm using mod_vhost_alias so I don't have virtualhost directives for all my sites.. Thanks to anyone that can help, please CC this address with replies! -Mitch I can only please one person per day. Today is not your day. Tomorrow doesn't look good either. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php_flag in httpd.conf
Change off to on in the last directory container or omit it if php is enabled by default. thats probaly where the problem is. Jason Reid [EMAIL PROTECTED] -- AC Host Canada www.achost.ca - Original Message - From: Mitch Vincent [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, September 07, 2002 9:39 PM Subject: [PHP] php_flag in httpd.conf Though the manual says it's possible I have bene unable to turn the PHP engine on and of per *directory*.. Towards the top of the httpd.conf file I have : Directory / Options FollowSymLinks AllowOverride None php_flag engine off /Directory Then further down for a directory I need PHP in I have Directory /usr/site/www/www.foobar.com/* Options FollowSymLinks AllowOverride None php_flag engine off /Directory And this doesn't work.. Note that it does seem to work including it in VirtualHost directives but I'm using mod_vhost_alias so I don't have virtualhost directives for all my sites.. Thanks to anyone that can help, please CC this address with replies! -Mitch I can only please one person per day. Today is not your day. Tomorrow doesn't look good either. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Stock Market data - where can I get it?
I would like to have a dynamic graph of market indices. Where I can get this data (free and paid). I have found several applications that grab yahoo finance data, but I don't think this flies very well with yahoo. CBS MarketWatch seems to be quite pricey. Can anyone recommend a source? Thanks, olinux __ Do You Yahoo!? Yahoo! Finance - Get real-time stock quotes http://finance.yahoo.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] imagecopyresized problems
I'm trying to use imagecopyresized to generate a thumbnail image and then store the image in the proper place, but I'm running into some problems. I'm using the standard code: $src_img = imagecreatefromjpeg(../php/images/.$HTTP_POST_FILES['imagefile']['name']); if (imagesx($src_img)$max_width){ imagejpeg($src_img); exit(); } $dst_img = imagecreate(80,60); imagecopyresized($dst_img,$src_img,0,0,80,60,80,60,imagesx($src_img),imagesy ($src_img)); imagejpeg($dst_img); this will give me this output: 3ÿØÿàJFIFÿþCREATOR: gd-jpeg v2.0 (using IJG JPEG v62), default quality ÿÛC $.' ,#(7),01444'9=82.342ÿÛC 2!!22ÿÀ What I need is for imagecopyresized to make a new file that I can then give a new name and copy into the files that I want it to go to, such as.. copy ($dst_img, ../php/thumbs/.$thumb_name); If I try to this, I get the following error... Warning: Unable to open 'Resource id #4' for reading: No such file or directory in /u/php/uppic.php on line 55 (uppic.php is the name of the .php script this is in) Am I missing something obvious? Thanks, Brian -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php_flag in httpd.conf
Oops -- that was a typo, I did have it On in the last directive.. I was changing it all around before I sent the email.. On Saturday, September 7, 2002, at 08:45 PM, Jason Reid wrote: Change off to on in the last directory container or omit it if php is enabled by default. thats probaly where the problem is. Jason Reid [EMAIL PROTECTED] -- AC Host Canada www.achost.ca - Original Message - From: Mitch Vincent [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, September 07, 2002 9:39 PM Subject: [PHP] php_flag in httpd.conf Though the manual says it's possible I have bene unable to turn the PHP engine on and of per *directory*.. Towards the top of the httpd.conf file I have : Directory / Options FollowSymLinks AllowOverride None php_flag engine off /Directory Then further down for a directory I need PHP in I have Directory /usr/site/www/www.foobar.com/* Options FollowSymLinks AllowOverride None php_flag engine off /Directory And this doesn't work.. Note that it does seem to work including it in VirtualHost directives but I'm using mod_vhost_alias so I don't have virtualhost directives for all my sites.. Thanks to anyone that can help, please CC this address with replies! -Mitch I can only please one person per day. Today is not your day. Tomorrow doesn't look good either. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] [ANNOUNCE] PHP 4.2.3 released
PHP 4.2.3 has been released. It is a maintenance release and includes a large number of fixes for the previous 4.2.2 version. 4.2.3 is a recommended upgrade for all users of PHP, and particularly Windows users. Full list of changes: - Enabled strcoll() on win32. (Markus) - Fixed possible ASCII control char injection in mail(). (Stefan Esser) - Fixed a potential crash bug in import_request_variables() (Zeev) - Fixed several problems with directory functions on Windows. (Steph) - Fixed xbithack bug in Apache module. (Rasmus) - Fixed a bug that prevented touch() from working on various platforms. (Steph) - Fixed ob_gzhandler()'s handling of requests that do have the Accept-Encoding header, but do not allow compression. (Zeev) - Fixed several bugs in the multithreaded version that could cause random parse errors, especially on machines with multiple CPUs. (Zeev, Zend Engine) - Fixed a build problem in bcmath. (Alan) - Fixed several bzip2 issues. (Andrei, kalowsky) - Fixed several COM issues. (Harald) - Various exif fixes. (Marcus) - Fixed domxml_xslt_process() and domxml_get_element_by_id() and several other issues in DOMXML. (Christian) - Fixed DOMXML crash on removing previously created attributes. (Christian) - Fixed crash when converting $GLOBALS to an object. (Zeev, Zend Engine) - Fixed ImageCreateFromGD2Part() (Jani) - Fixed a build issue in the IMAP extension under IRIX. (kalowsky) - Fixed a bug in imap_last_error() (Jani) - Various mbstring fixes. (Yasuo, Rui) - Fixed a build problem in the mcal extension. (Jani) - Made MySQL rollback open transactions when the request ends. (Georg) - Fixed a crash in the shutdown order of the ODBC module. (kalowsky) - Fixed PCRE build problems. ([EMAIL PROTECTED]) - Fixed a crash in pg_lo_write() (Yasuo) - Fixed posix_isatty() and posix_ttyname(). (Markus) - Fixed accidental pg_lo_import() API change. (Yasuo) - Fixed ereg_replace() crash when the backreference number was greater than the number of captured subpatterns. ([EMAIL PROTECTED]) - Fixed array_rand() on thread-safe platforms such as Windows. (Edin) - Report the right exit code after a call to exit(). (Edin) Shana tova, Zeev -- PHP Announcements Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php