Re: [PHP] Control Point of Access for certain pages.
in the url pass two (GET) variables: hash and token
generate a md5 hash from a secret string and the token (like time())...
oh your page with links to pop ups:
?
$secret = Pigs can fly i see;
$token = time();
$hash = md5($secret.$token);
?
On your popup page:
?
$secret = Pigs can fly i see;
if ( md5($secret.$_GET['token']) != $_GET['hash'] )
{
echo I'm reporting you to the police! (Please link correctly);
exit;
}
?
-js
Monty wrote:
On a site that uses a popup window to display images, I want to prevent
people from hotlinking directly to the popup page because it just looks like
crap if not sized properly with controls removed.
But I'm not sure how I can prevent someone from doing this. It appears the
HTTP_REFERER isn't always a reliable way to see if they are entering the
page from another page on your own site. And I'm not using sessions for this
site (it's not necessary).
So, I'm a little stuck on how I can allow access to a page only from certain
other pages. Has anyone done this with PHP?
Thanks!
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session Management
first off: IP addresses are not the way to go about this AT ALL. Even if they are behind a proxy, they would most likely be running on a private subnet (say 10.0.0.x) and worse yet, if a company has multiple backbones (like the one I consult at) traffic could go through one of 3 gateway routes (different IP's) and thus i'd end up with 1 of three sessions!? Also i could just go through and guess id's since they're a relatively small set. (Easily scripted to probe for sessions) Creating a 'jump' page is your best bet to cross domains and pass the session id in the url, and then set the id for that domain. There should not be any issues if they use the same session store, etc. As for the internals of php's sessions, I'll leave someone else to answer that. -js Robert Samuel White wrote: I'm looking for some well thought out advice on session management. I've created a class for handling session management across an unlimited number of domains (without using cookies) however it has some inherent problems. In order to differentiate between users, it is using the IP Address. I realize this is completely inefficient, and I was hoping that someone could give me some pointers on how exactly PHP handles session management from the backend. When not using cookies, PHP propagates the Session ID in the URL and a hidden variable in forms. However, is this even safe? Or is this completely blind faith that the Session belongs to that person? Basically, I want to know if PHP *knows for sure* the right user is using the right session. In other words, can it detect hijacked sessions? My guess is a resounding no. I'm wondering if there is some way to determine the real IP Address of a user, even if that user is behind a proxy farm, etc., and if this is, in fact, what PHP does. If not, I'm stuck with figuring out how best to accomplish my goals using cookies. The problem: a cookie can only bet set for a single domain; therefore, the session will not be carried with the person if they browse to another domain which also uses the same eNetwizard Content Management Server. A possibility is to always propagate a State Id with the URL and forms, however even this would not prevent the exact same problem: Is this blind faith? If you can point me to any excellent resources on the state of session management on the web and how to do this securely, please let me know. -Samuel | http://enetwizard.net -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Session Management
I am quite aware that IP's are not the way to go, and why. That is why I asked about the internal ways PHP handles sessions. Thanks. Creating a jump page as you call it does not answer the fundamental question concerning the security of session management, and that is the basis of what I want to discuss. -Original Message- From: Jonathan Sharp [mailto:js-lists;sharpmedia.net] Sent: Saturday, November 02, 2002 3:16 AM To: Robert Samuel White Cc: [EMAIL PROTECTED] Subject: Re: [PHP] Session Management first off: IP addresses are not the way to go about this AT ALL. Even if they are behind a proxy, they would most likely be running on a private subnet (say 10.0.0.x) and worse yet, if a company has multiple backbones (like the one I consult at) traffic could go through one of 3 gateway routes (different IP's) and thus i'd end up with 1 of three sessions!? Also i could just go through and guess id's since they're a relatively small set. (Easily scripted to probe for sessions) Creating a 'jump' page is your best bet to cross domains and pass the session id in the url, and then set the id for that domain. There should not be any issues if they use the same session store, etc. As for the internals of php's sessions, I'll leave someone else to answer that. -js Robert Samuel White wrote: I'm looking for some well thought out advice on session management. I've created a class for handling session management across an unlimited number of domains (without using cookies) however it has some inherent problems. In order to differentiate between users, it is using the IP Address. I realize this is completely inefficient, and I was hoping that someone could give me some pointers on how exactly PHP handles session management from the backend. When not using cookies, PHP propagates the Session ID in the URL and a hidden variable in forms. However, is this even safe? Or is this completely blind faith that the Session belongs to that person? Basically, I want to know if PHP *knows for sure* the right user is using the right session. In other words, can it detect hijacked sessions? My guess is a resounding no. I'm wondering if there is some way to determine the real IP Address of a user, even if that user is behind a proxy farm, etc., and if this is, in fact, what PHP does. If not, I'm stuck with figuring out how best to accomplish my goals using cookies. The problem: a cookie can only bet set for a single domain; therefore, the session will not be carried with the person if they browse to another domain which also uses the same eNetwizard Content Management Server. A possibility is to always propagate a State Id with the URL and forms, however even this would not prevent the exact same problem: Is this blind faith? If you can point me to any excellent resources on the state of session management on the web and how to do this securely, please let me know. -Samuel | http://enetwizard.net -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: uping to plaese help
Still needing help
please help me
Marcelo [EMAIL PROTECTED] wrote in message
news:20021102001942.34689.qmail;pb1.pair.com...
Hi need some help please
What is wrong with my code?
it is supposed to upload 2 files but instead gives me this error
Warning: Unable to open 'Array' for reading
The code
html
head
titleO Leme upload/title
meta http-equiv=Content-Type content=text/html; charset=iso-8859-1
/head
body
?php
$PHP_SELF = $_SERVER['PHP_SELF'];
$page = $_REQUEST['page'];
$origem = $_FILES['origem'];
$origem2 = $_FILES['origem2'];
switch($page)
{
case um:
um($origem ,$origem2);
break;
case dois:
dois($origem, $origem2);
break;
default:
um($origem ,$origem2);
break;
}
function um($origem ,$origem2)
{
?
titleJornal O Leme/title
meta http-equiv=Content-Type content=text/html; charset=iso-8859-1
/head
body bgcolor=#006699
table width=100% border=0 cellpadding=0 cellspacing=0
!--DWLayoutTable--
tr
td width=100% height=70 valign=topimg src=test.jpg
width=600 height=120
/td
/tr
tr
td height=262 valign=toppnbsp;/p
form method=post action=?php $PHP_SELF ?
enctype=multipart/form-data
table width=75% border=0 align=center bgcolor=#FF
tr
td width=23%div align=centerfont face=BankGothic Md
BT
/font/div/td
td width=77% bgcolor=#FFnbsp; /td
/tr
tr
tddiv align=center/div/td
td bgcolor=#FFnbsp; /td
/tr
tr
tddiv align=center/div/td
td bgcolor=#FFnbsp; /td
/tr
tr
tddiv align=leftstrongImagem
pequena/strong/div/td
td bgcolor=#FF input type=hidden name=MAX_FILE_SIZE
value=102400
input type=File name=origem /td
/tr
tr
tddiv align=leftstrongImagem
grande/strong/div/td
td bgcolor=#FFinput type=hidden name=MAX_FILE_SIZE
value=102400
input type=File name=origem2 /td
/tr
tr
tddiv align=center/div/td
td bgcolor=#FFnbsp; /td
/tr
tr
tdnbsp;/td
tdnbsp;/td
/tr
/table
p align=center
input name=submit type=submit value=Adicionar
input type=hidden name=page value=dois
/form/p
/td
/tr
tr
td height=81 valign=topdiv align=center
pnbsp;/p
p
?php
include ('menu.php');
?
nbsp;/p
/div/td
/tr
/table
?php
}
function dois($origem, $origem2)
{
set_time_limit(60);
$path=(dirname($PATH_TRANSLATED)).../primeirapagina/;
$origem_name=pppv2.jpg;
$dest= $path.$origem_name;
if (($origem none) ($origem )){
if (copy($origem,$dest)){;
} else {
echo directoria sem direitos de escrita br;
}
unlink ($origem);
}
set_time_limit(60);
$path2=(dirname($PATH_TRANSLATED)).../primeirapagina/;
$origem2_name=ppv2.jpg;
$dest2= $path2.$origem2_name;
if (($origem2 none) ($origem2 )){
if (copy($origem2,$dest2)){;
} else {
echo directoria sem direitos de escrita br;
}
unlink ($origem2);
}
}
?
/body
/html
and yes i am new to php
tk
Marcelo Salvador
www.sinesdigital.pt
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] This is a test mail for this mail list!
Thank you for reading my mail! -- test -- Joskey Liaus [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Can you guys do me a favor?
I just started a service on my website, for free TopSite Hosting. It's had great exposure from Hotscripts.com, in fact, my Remote-Hosted Search EWngine service has taken off quite well. The only problem here is that people just don't seem to take to it too well. I haven't had one person sign up, and I don't know why! Not many people contact a website with bug issues, and I think that's what I need here! Anyways, the favor I'm asking, if you're even slightly interested in this idea, to create your own TopSite, set it up on your site, and email me with any bugs, comments and suggestions. If running your own TopSite isn't your cup o' tea, then you can join the TopSite I've already created, for PHP sites (the URLs for all of these are below). I could also use the help so I can create an administration panel for TopSite owners, to edit/remove TopSites, and check if their code is on their page. I haven't been able to create this feature since no one's signed up yet ;) Also email me with bugs/comments/suggestions if you help me this way too! I'll greatly appreciate all of it. :) Create a TopSite: http://www.nukedweb.com/topsites/ Top 10 PHP Sites: http://www.nukedweb.com/topsites/topsites.php?ts=php Please don't reply to this email! I'll never be able to find it ;) Use the Contact link on the menu on the website. :) Also, if you're interested (here comes the shameless plug), if you'd be interested in selling my PHP scripts on your website and making a little extra money, check out: http://www.nukedweb.com/phpscripts/affiliates.php Many thanks in advance! ~ Tim -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] ftp_rawlist problems
This is a known bug on the windows platform.
It has been fixed in CVS, and is most likly fixed in the current 4.3.0pre2
release.
I experience this problem a few weeks ago, but once I downloaded the lastest
CVS Snapshot it worked as expected.
hope this helps
Andrew
- Original Message -
From: Alex [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Saturday, November 02, 2002 12:27 AM
Subject: [PHP] ftp_rawlist problems
I'm writing a script which crawls through ftp servers, retrieving file
listings and saving them to a DB so they may be searched.
What happens, is the script connects to the ftp server, and asks for a
listing of a directory. The ftp server apparentally sends the script the
file listing, but then the script hangs. I have absolutely no idea what
causes the problem.
To combat this problem, I have a loop which keeps looping until
ftp_rawlist
actually returns something valid.
$files = false;
while (! is_array($files))
{
$files = ftp_rawlist($conn, $dir);
}
That, along with
ftp_set_option($conn, FTP_TIMEOUT_SEC, 3);
Seems to fix the problem for now, but I would still like to know what's
going on.
Please note...
I'm running PHP 4.2.1 as a module with apache 1.3.x on a win2k machine.
The
server I am using for testing, if it should make any difference, is
Filezilla 0.7.2.
Also, this problem does not occur every time a directory listing is
requested, but perhaps every 15-20 directories. In any case, which
directory
php stalls on is random.
If anyone else has ever encountered this problem, or has any idea what is
going on, I would be very interested in hearing what you have to say :).
- Alex
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Session Management
I've created a class for handling session management across an unlimited number of domains (without using cookies) however it has some inherent problems. In order to differentiate between users, it is using the IP Address. I realize this is completely inefficient, and I was hoping that someone could give me some pointers on how exactly PHP handles session management from the backend. When not using cookies, PHP propagates the Session ID in the URL and a hidden variable in forms. However, is this even safe? Or is this completely blind faith that the Session belongs to that person? It's blind faith, just like every other system. That's the nature of HTTP. PHP makes a unique session id that it passes around to identify the user and link all of the requests. Basically, I want to know if PHP *knows for sure* the right user is using the right session. In other words, can it detect hijacked sessions? My guess is a resounding no. No...and neither can any program you write that uses HTTP. The only thing you can do is make it unique enough so that it can't be hijacked. I'm wondering if there is some way to determine the real IP Address of a user, even if that user is behind a proxy farm, etc., and if this is, in fact, what PHP does. No. The PHP session management isn't related to IP at all, that I know of. It shouldn't have to be because of the problem with proxies and people having changing IPs or people sharing IP addresses. If not, I'm stuck with figuring out how best to accomplish my goals using cookies. The problem: a cookie can only bet set for a single domain; therefore, the session will not be carried with the person if they browse to another domain which also uses the same eNetwizard Content Management Server. A possibility is to always propagate a State Id with the URL and forms, however even this would not prevent the exact same problem: Is this blind faith? If you want the session to maintain over different domains, your only option is to pass the unique id in the URL or POST data. It's just as safe as cookies, but, like you said, you can't pass cookies across domains. Put everything behind SSL and that's as secure as you can get. Hopefully I'm not too confusing. Feel free to ask more questions. ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Installation prob: I can't see libphp4.so
I can't actually find out where the libphp4.so has been placed. Assuming you have done 'make', 'make install', use 'find / -name libphp4.so' to find where it is. Or just do 'make install' again and watch carefully to see where libphp4.so is copied to. The 'find / -name libphp4.so' didn't return me any directory where the file is placed. The make install returned me this at the end: /usr/home/rockit/usr/local/lib/php/php-4.2.3/build/shtool install -c -m 0755 php /usr/home/rockit/usr/local/bin/php installing shared modules into /usr/home/rockit/usr/local/lib/php/extensions/no- debug-non-zts-20020429 So, it should mean that the libphp4.so is placed in this last directory no- debug-non-zts-20020429. But this directory is empty. Does anyone have any other hint in order to find out the installed module? Daniele -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Protecting your scripts
Hi there I wrote some php scripts that I want some friends to be able to use from there php scripts. Some on my server under different domains and some on other servers else where on the web How could I enable them to embed and use my scripts from within there php pages without them getting access to the source. Best regards Scott -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] help on php dbg
Hello all I am new to programming I need a urgent help, I recently installed PHP 4.2.3 ( ON win me , running apache 1.3.22 ) from the install shield downloaded from php.net. Earlier my dbugger used to work but now it doesnt work, the nupshere phped gives the following error -- -- Security Alert! The PHP CGI cannot be accessed directly. This PHP CGI binary was compiled with force-cgi-redirect enabled. This means that a page will only be served up if the REDIRECT_STATUS CGI variable is set, e.g. via an Apache Action directive. For more information as to why this behaviour exists, see the manual page for CGI security. For more information about changing this behaviour or re-enabling this webserver, consult the installation file that came with this distribution, or visit the manual page. == I will b highly obliged if any1 can give me step by step instructions how to make the dbugger run, Thanx in advance vivek __ Do you Yahoo!? HotJobs - Search new jobs daily now http://hotjobs.yahoo.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Protecting your scripts
Hello, On 11/02/2002 10:26 AM, Scott wrote: Hi there I wrote some php scripts that I want some friends to be able to use from there php scripts. Some on my server under different domains and some on other servers else where on the web How could I enable them to embed and use my scripts from within there php pages without them getting access to the source. http://pear.php.net/bcompiler -- Regards, Manuel Lemos -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Executing the value of a variable
I would like to store some code in a database and load/execute that code
based on a query.
Is it possible to execute the value of a variable in a php script?
I am aware of several other ways to accomplish the same task, but I just
want to see if there is in fact a performance hit from storing code in a
database.
I tried something along the line of:
while ($row = mysql_fetch_array($result)
{
function loaded_module()
{$row[moduleCode];}
}
loaded_module();
but that doesn't seem to work.
Any thoughts?
-Jackson
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] storing inc.php outside doc root/security/includes
I know how it works, I just want to know the error (or warning you get) example: *Warning*: Failed opening ... for inclusion (include_path='.:/php/includes:/usr/share/php') in */var/www/... *on line ... Also check if your $_SERVER['DOCUMENT_ROOT'] really corresponds to real filesystem path, for example on my system $_SERVER['DOCUMENT_ROOT'] is /www/htdocs, but /www/htdocs is only a symlink to /var/www/html, so I need to put sensitivedata.inc.php into /var/www/html. You might also have safe mode restrictions in effect. rolf vreijdenberger wrote: this is how it is done: include ($_SERVER['DOCUMENT_ROOT'].'/../sensitivedata.inc.php'); explanation: suppose i have a file: www.mydomain.com/file.php on the server it could be : /home/sites/site168/web/file.php this file wants to include a file with sensitive data, (or just download some other files ) that should not be in the root (accessible via the web) so I store this files in this directory, one higher than the doc root /home/sites/site168/ like this /home/sites/site168/sensitivedata.inc.php it is now inaccesible via the web in a direct way, but not indirectly, through other php scripts. you include it in the way described above: include ($_SERVER['DOCUMENT_ROOT'].'/../sensitivedata.inc.php'); $_SERVER['DOCUMENT_ROOT'] quote php manual The document root directory under which the current script is executing, as defined in the server's configuration file. hope to have helped you all -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] using mysql_field_type to disginguish between a blob anda text field.
Use method found in user comments on http://www.php.net/mysql_field_type John Meyer wrote: I've recently found out that mysql returns blob for both blobs and text fields. Now, how do I distinguish between the two? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Executing the value of a variable
www.php.net/exec
Make sure you read the entire page and are aware of the security
concerns of using this function.
---John Holmes...
-Original Message-
From: Jackson Miller [mailto:anything;jaxn.org]
Sent: Saturday, November 02, 2002 8:03 AM
To: [EMAIL PROTECTED]
Subject: [PHP] Executing the value of a variable
I would like to store some code in a database and load/execute that
code
based on a query.
Is it possible to execute the value of a variable in a php script?
I am aware of several other ways to accomplish the same task, but I
just
want to see if there is in fact a performance hit from storing code in
a
database.
I tried something along the line of:
while ($row = mysql_fetch_array($result)
{
function loaded_module()
{$row[moduleCode];}
}
loaded_module();
but that doesn't seem to work.
Any thoughts?
-Jackson
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Executing the value of a variable
You want to look at eval();
Jackson Miller wrote:
I would like to store some code in a database and load/execute that code
based on a query.
Is it possible to execute the value of a variable in a php script?
I am aware of several other ways to accomplish the same task, but I just
want to see if there is in fact a performance hit from storing code in a
database.
I tried something along the line of:
while ($row = mysql_fetch_array($result)
{
function loaded_module()
{$row[moduleCode];}
}
loaded_module();
but that doesn't seem to work.
Any thoughts?
-Jackson
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Executing the value of a variable
eval()
- Original Message -
From: Jackson Miller [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Saturday, November 02, 2002 7:02 AM
Subject: [PHP] Executing the value of a variable
I would like to store some code in a database and load/execute that code
based on a query.
Is it possible to execute the value of a variable in a php script?
I am aware of several other ways to accomplish the same task, but I just
want to see if there is in fact a performance hit from storing code in a
database.
I tried something along the line of:
while ($row = mysql_fetch_array($result)
{
function loaded_module()
{$row[moduleCode];}
}
loaded_module();
but that doesn't seem to work.
Any thoughts?
-Jackson
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Executing the value of a variable
www.php.net/eval I mean... duh! sorry...
---John Holmes...
-Original Message-
From: John W. Holmes [mailto:holmes072000;charter.net]
Sent: Saturday, November 02, 2002 9:24 AM
To: 'Jackson Miller'; [EMAIL PROTECTED]
Subject: RE: [PHP] Executing the value of a variable
www.php.net/exec
Make sure you read the entire page and are aware of the security
concerns of using this function.
---John Holmes...
-Original Message-
From: Jackson Miller [mailto:anything;jaxn.org]
Sent: Saturday, November 02, 2002 8:03 AM
To: [EMAIL PROTECTED]
Subject: [PHP] Executing the value of a variable
I would like to store some code in a database and load/execute that
code
based on a query.
Is it possible to execute the value of a variable in a php script?
I am aware of several other ways to accomplish the same task, but I
just
want to see if there is in fact a performance hit from storing code
in
a
database.
I tried something along the line of:
while ($row = mysql_fetch_array($result)
{
function loaded_module()
{$row[moduleCode];}
}
loaded_module();
but that doesn't seem to work.
Any thoughts?
-Jackson
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Installation prob: I can't see libphp4.so
Now it works. I repeated the installation from scratch and now it finally creates the libphp4.so file. Daniele Daniele Baroncelli [EMAIL PROTECTED] wrote in message news:20021102130710.81040.qmail;pb1.pair.com... I can't actually find out where the libphp4.so has been placed. Assuming you have done 'make', 'make install', use 'find / -name libphp4.so' to find where it is. Or just do 'make install' again and watch carefully to see where libphp4.so is copied to. The 'find / -name libphp4.so' didn't return me any directory where the file is placed. The make install returned me this at the end: /usr/home/rockit/usr/local/lib/php/php-4.2.3/build/shtool install -c -m 0755 php /usr/home/rockit/usr/local/bin/php installing shared modules into /usr/home/rockit/usr/local/lib/php/extensions/no- debug-non-zts-20020429 So, it should mean that the libphp4.so is placed in this last directory no- debug-non-zts-20020429. But this directory is empty. Does anyone have any other hint in order to find out the installed module? Daniele -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Problem with 4.2.3?
output buffering = off This is already set to off Any other suggestions? -Adam Jason Wong [EMAIL PROTECTED] wrote in message news:200211021451.44280.php-general;gremlins.com.hk... On Saturday 02 November 2002 06:16, Adam Humphrey wrote: I just upgraded my PHP from 4.2.2 to 4.2.3 and now I have a problem. Right now I have some HTML with included PHP. When the client opens a page with PHP and HTML it used to (under 4.2.2) display all the HTML before the PHP and then process the PHP and finally (when processing completed) finish the rest of the HTML. This allowed my to do some DHTML to let the user know that the PHP was processing. Now with the new version of PHP (4.2.3) when I hit these pages it will process the PHP before it sends any HTML to the client. This is really frustrating. Is there some setting in php.ini that I can modify to allow the browser to get the HTML before the PHP code? Or any other way to get the old behavior? Try disabling output buffering (php.ini). -- Jason Wong - Gremlins Associates - www.gremlins.com.hk Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * /* You can fool some of the people some of the time, and some of the people all of the time, and that is sufficient. */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Fwd: Quarter question..
HI all,
In the code below I'm trying to get the last column to show 1, 2, 3, or 4
according to which quarter of the year it is. But all it shows in that column
is Resource ID # X. The X starts with #3 and goes to 18. There are (at the
moment) 15 items in the table. Any ideas what's wrong?
Thanks
JIM
#
?php
echo table border=1 \n;
$i=1;
while ($myrow = mysql_fetch_array($result)) {
if($i % 2) { //this means if there is a remainder
echo TR bgcolor=\yellow\\n;
} else { //if there isn't a remainder we will do the else
echo TR bgcolor=\white\\n;
}
$qdate=$myrow[date];
$sql = select quarter($qdate) or die(not work #3);
$yyy = mysql_query ($sql) or die(not work #4);
printf(tda href=\%s?id=%sdelete=yes\Delete/a/td, $PHP_SELF,
$myrow[id]);
printf(tda href=\%s?id=%ssubmit=yes\Update/tdtd%s/tdtd
%s/tdtd %s/td/a/tr,
update-inv.php, $myrow[id], $myrow[name], $myrow[details], $yyy);
$i=$i+1;
}
echo /table\n;
}
?
#
--
Vielfeind -- Viel Ehr'
Antiamerikanische Propaganda in der Philatelie des 20. Jahrhunderts
http:/www.fecundswamp.net/~hatridge/stamps/index.html
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Time limit exceeded when uploading files
I'm using a single php script to send files named upload.php, here is the source code: ?php set_time_limit(500); copy($userfile, log\\$userfile_name); echo htmlheadtitleUploading file.../titlemeta http-equiv=\refresh\ content=\0; url=http://test.com/file_sent.html\;/headbodycenterfont face=\Verdana\ size=\4\Uploading file.../font/center/body/html; ? I've tried to change the time limit because there's an error that doesn't stop: Fatal error: Maximum execution time of 20 seconds exceeded in D:\dominios\E\escolas-es\spe\upload.php on line 2 As you can see, the time limit is exceeded before the set_time_limit is executed. I thing that's because the script begins only after the file is uploaded. My problem is that I can't change the maximum_execution_time in the configuration file. Does anyone can help me out? Thank you, Eduardo M. Bragatto. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Fwd: Quarter question..
try this:
-js
table border=1
?
$i = 0;
while ( $myrow = mysql_fetch_array($result) )
{
$c = ( ++$i % 2 ? 'yellow' : 'white' );
echo tr bgcolor=\$c\;
printf('tda href=%s?id=%sdelete=yesDelete/a/td',
$PHP_SELF, $myrow['id'] );
$q = ceil( 4/(int)date('n', strtotime($mydata['date']) ));
printf('tda
href=%s?id=%ssubmit=yes%s/a/tdtd%s/tdtd%s/td/tr',
'update-inv.php', $myrow['id'], $myrow['name'], $myrow['details'], $q);
}
?
/table
Jim Hatridge wrote:
HI all,
In the code below I'm trying to get the last column to show 1, 2, 3, or 4
according to which quarter of the year it is. But all it shows in that column
is Resource ID # X. The X starts with #3 and goes to 18. There are (at the
moment) 15 items in the table. Any ideas what's wrong?
Thanks
JIM
#
?php
echo table border=1 \n;
$i=1;
while ($myrow = mysql_fetch_array($result)) {
if($i % 2) { //this means if there is a remainder
echo TR bgcolor=\yellow\\n;
} else { //if there isn't a remainder we will do the else
echo TR bgcolor=\white\\n;
}
$qdate=$myrow[date];
$sql = select quarter($qdate) or die(not work #3);
$yyy = mysql_query ($sql) or die(not work #4);
printf(tda href=\%s?id=%sdelete=yes\Delete/a/td, $PHP_SELF,
$myrow[id]);
printf(tda href=\%s?id=%ssubmit=yes\Update/tdtd%s/tdtd
%s/tdtd %s/td/a/tr,
update-inv.php, $myrow[id], $myrow[name], $myrow[details], $yyy);
$i=$i+1;
}
echo /table\n;
}
?
#
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Fwd: Quarter question..
When you run mysql_query, it just sends back a resource id to the result
set. To get the data, use something like mysql_fetch_array()
$sql = SELECT * FROM `myDataBase.myTable`;
if ( $result = mysql_query ( $sql ) ) {
while ( $data = mysql_fetch_array ( $result, MYSQL_ASSOC ) ) {
print_r ( $data );
}
mysql_free_result ( $result );
} else {
echo ( mysql_error() );
}
Jim Hatridge wrote:
HI all,
In the code below I'm trying to get the last column to show 1, 2, 3, or 4
according to which quarter of the year it is. But all it shows in that column
is Resource ID # X. The X starts with #3 and goes to 18. There are (at the
moment) 15 items in the table. Any ideas what's wrong?
Thanks
JIM
#
?php
echo table border=1 \n;
$i=1;
while ($myrow = mysql_fetch_array($result)) {
if($i % 2) { //this means if there is a remainder
echo TR bgcolor=\yellow\\n;
} else { //if there isn't a remainder we will do the else
echo TR bgcolor=\white\\n;
}
$qdate=$myrow[date];
$sql = select quarter($qdate) or die(not work #3);
$yyy = mysql_query ($sql) or die(not work #4);
printf(tda href=\%s?id=%sdelete=yes\Delete/a/td, $PHP_SELF,
$myrow[id]);
printf(tda href=\%s?id=%ssubmit=yes\Update/tdtd%s/tdtd
%s/tdtd %s/td/a/tr,
update-inv.php, $myrow[id], $myrow[name], $myrow[details], $yyy);
$i=$i+1;
}
echo /table\n;
}
?
#
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Problem with is_dir function
I'm having a problem with the is_dir function, or maybe I don't understand
how it supposed to work. I'm using the following code to check whether or
not a directory called $user_dir exists. If it exists, I am returned the
proper message. But if it doesn't exist, I get the following error message
that says that it doesn't exist. (I already knew that!)
ERROR Number=8 Description=Error: quot;stat failed for
/home/sites/home/users/demodocs/web/userforum/user
(errno=2 - No such file or directory)quot; on line 175 of
/home/sites/home/users/demo/web/user_forum/messages.php./
Can someone please explain what I am doing wrong here, and how to return a
usable value if the directory doesn't exist.
$test = is_dir($user_dir);
if($test){echo You have a user directory. It is $user_dir;}
else{echo Your user directory doesn't exist;
return;}
Thanks a lot.
Roger Lewis
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
php-general Digest 2 Nov 2002 19:07:18 -0000 Issue 1681
php-general Digest 2 Nov 2002 19:07:18 - Issue 1681 Topics (messages 122503 through 122531): Re: Problem with 4.2.3? 122503 by: Jason Wong 122526 by: Adam Re: -How to do Mapping ? 122504 by: Jason Wong Control Point of Access for certain pages. 122505 by: Monty 122506 by: Jonathan Sharp Re: Session Management 122507 by: Jonathan Sharp 122508 by: Robert Samuel White 122513 by: John W. Holmes Re: uping to plaese help 122509 by: marcelo This is a test mail for this mail list! 122510 by: Joskey Liaus Can you guys do me a favor? 122511 by: PHP Mailing List Re: ftp_rawlist problems 122512 by: Andrew Brampton Re: Installation prob: I can't see libphp4.so 122514 by: Daniele Baroncelli 122525 by: Daniele Baroncelli Protecting your scripts 122515 by: scott 122517 by: Manuel Lemos help on php dbg 122516 by: Vivek Kedia Executing the value of a variable 122518 by: Jackson Miller 122521 by: John W. Holmes 122522 by: Marek Kilimajer 122523 by: Rick Emery 122524 by: John W. Holmes Re: storing inc.php outside doc root/security/includes 122519 by: Marek Kilimajer Re: using mysql_field_type to disginguish between a blob and a text field. 122520 by: Marek Kilimajer Re: Quarter question.. 122527 by: Jim Hatridge 122529 by: Jonathan Sharp 122530 by: John Nichel Time limit exceeded when uploading files 122528 by: Eduardo M. Bragatto Problem with is_dir function 122531 by: Roger Lewis Administrivia: To subscribe to the digest, e-mail: [EMAIL PROTECTED] To unsubscribe from the digest, e-mail: [EMAIL PROTECTED] To post to the list, e-mail: [EMAIL PROTECTED] -- ---BeginMessage--- On Saturday 02 November 2002 06:16, Adam Humphrey wrote: I just upgraded my PHP from 4.2.2 to 4.2.3 and now I have a problem. Right now I have some HTML with included PHP. When the client opens a page with PHP and HTML it used to (under 4.2.2) display all the HTML before the PHP and then process the PHP and finally (when processing completed) finish the rest of the HTML. This allowed my to do some DHTML to let the user know that the PHP was processing. Now with the new version of PHP (4.2.3) when I hit these pages it will process the PHP before it sends any HTML to the client. This is really frustrating. Is there some setting in php.ini that I can modify to allow the browser to get the HTML before the PHP code? Or any other way to get the old behavior? Try disabling output buffering (php.ini). -- Jason Wong - Gremlins Associates - www.gremlins.com.hk Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * /* You can fool some of the people some of the time, and some of the people all of the time, and that is sufficient. */ ---End Message--- ---BeginMessage--- output buffering = off This is already set to off Any other suggestions? -Adam Jason Wong [EMAIL PROTECTED] wrote in message news:200211021451.44280.php-general;gremlins.com.hk... On Saturday 02 November 2002 06:16, Adam Humphrey wrote: I just upgraded my PHP from 4.2.2 to 4.2.3 and now I have a problem. Right now I have some HTML with included PHP. When the client opens a page with PHP and HTML it used to (under 4.2.2) display all the HTML before the PHP and then process the PHP and finally (when processing completed) finish the rest of the HTML. This allowed my to do some DHTML to let the user know that the PHP was processing. Now with the new version of PHP (4.2.3) when I hit these pages it will process the PHP before it sends any HTML to the client. This is really frustrating. Is there some setting in php.ini that I can modify to allow the browser to get the HTML before the PHP code? Or any other way to get the old behavior? Try disabling output buffering (php.ini). -- Jason Wong - Gremlins Associates - www.gremlins.com.hk Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * /* You can fool some of the people some of the time, and some of the people all of the time, and that is sufficient. */ ---End Message--- ---BeginMessage--- On Friday 01 November 2002 18:57, N.Paramaguru wrote: Hi, I'm currently developing clubs and groups...the individual group pages are displayed based on the group id like login.php?id=1...etc,during Creation of the group the user is allowed to enter their subdomain and to select a domain from the available list and all this details are stored in mysql database. The main requirement is that whenever the user types domain.subdomain.com they must be able to go to the home page of the group It is not possible to have something like
Re: [PHP] Problem with is_dir function
what values of $user_dir are you passing to is_dir?
echo them out before the test, you might be sending paths which are most
certainly not directories... for example:
c:\windows
/home/blah
would be valid, but
c:\windows\win.com
/home/blah/myfile
http://somesite/somepath
ftp://someftpserver/incoming
are invalid
Hope this helps
Andrew
- Original Message -
From: Roger Lewis [EMAIL PROTECTED]
To: Php-General [EMAIL PROTECTED]
Sent: Saturday, November 02, 2002 7:06 PM
Subject: [PHP] Problem with is_dir function
I'm having a problem with the is_dir function, or maybe I don't understand
how it supposed to work. I'm using the following code to check whether or
not a directory called $user_dir exists. If it exists, I am returned the
proper message. But if it doesn't exist, I get the following error
message
that says that it doesn't exist. (I already knew that!)
ERROR Number=8 Description=Error: quot;stat failed for
/home/sites/home/users/demodocs/web/userforum/user
(errno=2 - No such file or directory)quot; on line 175 of
/home/sites/home/users/demo/web/user_forum/messages.php./
Can someone please explain what I am doing wrong here, and how to return a
usable value if the directory doesn't exist.
$test = is_dir($user_dir);
if($test){echo You have a user directory. It is $user_dir;}
else{echo Your user directory doesn't exist;
return;}
Thanks a lot.
Roger Lewis
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Problem with is_dir function
I believe the path is of the correct format.
So for example, if
$user_dir = /home/sites/home/users/demodocs/web/userforum/user
and $user_dir exists, then
is_dir($user_dir) should = 1
however, if $user_dir doesn't exist, then
is_dir($user_dir) should = 0
Isn't this the correct logic?
Roger
-Original Message-
From: Andrew Brampton [mailto:andrew;bramp.freeserve.co.uk]
Sent: Saturday, November 02, 2002 11:24 AM
To: Roger Lewis; [EMAIL PROTECTED]
Subject: Re: [PHP] Problem with is_dir function
what values of $user_dir are you passing to is_dir?
echo them out before the test, you might be sending paths which are most
certainly not directories... for example:
c:\windows
/home/blah
would be valid, but
c:\windows\win.com
/home/blah/myfile
http://somesite/somepath
ftp://someftpserver/incoming
are invalid
Hope this helps
Andrew
- Original Message -
From: Roger Lewis [EMAIL PROTECTED]
To: Php-General [EMAIL PROTECTED]
Sent: Saturday, November 02, 2002 7:06 PM
Subject: [PHP] Problem with is_dir function
I'm having a problem with the is_dir function, or maybe I don't understand
how it supposed to work. I'm using the following code to check whether or
not a directory called $user_dir exists. If it exists, I am returned the
proper message. But if it doesn't exist, I get the following error
message
that says that it doesn't exist. (I already knew that!)
ERROR Number=8 Description=Error: quot;stat failed for
/home/sites/home/users/demodocs/web/userforum/user
(errno=2 - No such file or directory)quot; on line 175 of
/home/sites/home/users/demo/web/user_forum/messages.php./
Can someone please explain what I am doing wrong here, and how to return a
usable value if the directory doesn't exist.
$test = is_dir($user_dir);
if($test){echo You have a user directory. It is $user_dir;}
else{echo Your user directory doesn't exist;
return;}
Thanks a lot.
Roger Lewis
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] XSLT Sablotron output
Hi guys,
I have typed a simple script to test the Sablotron module recently
installed.
I found out that the HTML is output all in one line, without newlines, which
is very annoying.
Anyone can tell me if this is a bug of the module, or I have to specify
something somewhere?
Here is the script on the server, where you can watch the result:
http://www.rockit.it/redazione/sixth/prova.php
Below you can find my PHP, XML and XSL files.
Cheers
Daniele
==
PHP file
--
?php
// Allocate a new XSLT processor
$xh = xslt_create();
// call the XSLT processor directly
xslt_process($xh, 'prova.xml', 'prova.xsl', 'prova.html');
// output the result
readfile('prova.html');
xslt_free($xh);
?
==
XML file
---
?xml version=1.0?
me
nameJohn Doe/name
address94, Main Street, Nowheresville 16463, XY/address
tel738 2838/tel
email[EMAIL PROTECTED]/email
urlhttp://www.unknown_and_unsung.com//url
/me
===
XSL file
-
?xml version=1.0?
xsl:stylesheet version=1.0
xmlns:xsl=http://www.w3.org/1999/XSL/Transform;
xsl:template match=/
html
head
/head
body
h1Contact information for bxsl:value-of select=me/name //b/h1
h2Mailing address:/h2
xsl:value-of select=me/address /
h2Phone:/h2
xsl:value-of select=me/tel /
h2Email address:/h2
xsl:value-of select=me/email /
h2Web site URL:/h2
xsl:value-of select=me/url /
/body
/html
/xsl:template
/xsl:stylesheet
==
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Send $out embedded in a mail in HTML FORMAT
I read from a template, insert data and save it as a new file with html
code...
i want to send that file that is the same as $out via mail embedded in it...
i do
$fifi = fopen ('/'.$cursada.$cuatrimestre.'/'.$registronro.'.htm', w);
$fp = $fifi;
fputs ($fifi, $out . );
fclose ($fifi);
mail([EMAIL PROTECTED], subject,$out , From: website);
but when i receive that mail.. i get the source of the file with html
body bla bla bla not in HTML FORMAT..
thnx in advance!..
Spooky
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Geographic IP location
Hi all, I am looking for a way to determine the geographic location based on IP address. I understand that 100% accuracy is impossible. Does anyone know of a good software or service provider that provides quality geographic detection to US state level based on IP of website visitors. I have tried several and find that they simply use whois records. This is great but seems highly inaccurate. Ideally I am looking for a utility that I can feed a list of IP's to and then use this data to update mysql records. These two services look pretty decent. http://www.geobytes.com http://www.serviceobjects.com/products/dots_ipgeo.asp Thanks for any input, olinux __ Do you Yahoo!? HotJobs - Search new jobs daily now http://hotjobs.yahoo.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Geographic IP location
http://www.phpclasses.org/netgeoclass that 'should' work for what you want... someone else suggested it a while age for another project Jason Reid [EMAIL PROTECTED] -- AC Host Canada www.achost.ca - Original Message - From: olinux [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, November 02, 2002 5:54 PM Subject: [PHP] Geographic IP location Hi all, I am looking for a way to determine the geographic location based on IP address. I understand that 100% accuracy is impossible. Does anyone know of a good software or service provider that provides quality geographic detection to US state level based on IP of website visitors. I have tried several and find that they simply use whois records. This is great but seems highly inaccurate. Ideally I am looking for a utility that I can feed a list of IP's to and then use this data to update mysql records. These two services look pretty decent. http://www.geobytes.com http://www.serviceobjects.com/products/dots_ipgeo.asp Thanks for any input, olinux __ Do you Yahoo!? HotJobs - Search new jobs daily now http://hotjobs.yahoo.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Geographic IP location
This is a great class, but NetGeo uses only whois records, I think that the more accurate solutions also use some sort of ip domain name analyisis to find city location. Thanks, olinux --- Jason Reid [EMAIL PROTECTED] wrote: http://www.phpclasses.org/netgeoclass that 'should' work for what you want... someone else suggested it a while age for another project Jason Reid [EMAIL PROTECTED] -- AC Host Canada www.achost.ca - Original Message - From: olinux [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, November 02, 2002 5:54 PM Subject: [PHP] Geographic IP location Hi all, I am looking for a way to determine the geographic location based on IP address. I understand that 100% accuracy is impossible. Does anyone know of a good software or service provider that provides quality geographic detection to US state level based on IP of website visitors. I have tried several and find that they simply use whois records. This is great but seems highly inaccurate. Ideally I am looking for a utility that I can feed a list of IP's to and then use this data to update mysql records. These two services look pretty decent. http://www.geobytes.com http://www.serviceobjects.com/products/dots_ipgeo.asp Thanks for any input, olinux __ Do you Yahoo!? HotJobs - Search new jobs daily now http://hotjobs.yahoo.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php __ Do you Yahoo!? HotJobs - Search new jobs daily now http://hotjobs.yahoo.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] ereg (Why, Does sort of work)?
I'm comparing the values of a check box, against another form field, and it sort of works, but I don't understand why (A better solution? is listed below it? TIA, David Jackson --- And part of the HTML Form: --- tdbAccount Type:/b/td tdAsset/tdtdinput type=radio name=transid value=1000/td tdLiability/tdtdinput type=radio name=transid value=2000/td input type=text name=coa_acct size=5 maxlength=5 -- Here's the one that's puzzling me: -- if ( ereg(^1,$_POST['transid'])== ereg(^1,$_POST['coa_acct'])): echo $_POST['coa_acct']; else : echo Get off you Asset!; exit; endif; --- The better solution using substrings? --- if ( substr($_POST['transid'],0,1)== substr($_POST['coa_acct'],0,1)): echo $_POST['coa_acct']; else : echo Get off you Asset!; exit; endif; -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Cookies disabled, new session ID each click!
I posted this but not sure Google works, so using my own account as it
did not show up yet.
I am fairly new to PHP, and am running a shopping cart app written in
PHP. Most people using this cart do not have this issue, but I do!
I have boiled the program down to a few lines, and it doesn't work. When
you click on the link in the code, it gives you a session ID. Then, when
you click again, it goes away. The SID appears to be blank every other time.
Why would that be? I am using PHP 4.2.0 and 4.2.2, BSD and Linux, and
Apache 1.3.20 something. Two different hosts. Same result. Client is
IE5.5 with cookies disabled, running on NT. New session file is
generated even though one already existed. This happens every other
click as SID is blank every other click.
Please help me understand what the issue is.
Steve
?php
session_name('Steve');
session_start();
?
!doctype html public -//W3C//DTD HTML 4.01 Transitional//EN
html
head
meta http-equiv=Content-Type content=text/html
titleTest Page/title
/head
body marginwidth=0 marginheight=0 topmargin=0 bottommargin=0
leftmargin=0 rightmargin=0
?php echo 'a href=http://linux.office.home/catalog/default_test.php?'
. SID . 'link to me/a'; ?
/body
/html
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Session Management
These were all the same assumptions I made, thanks. I knew that it was more of an HTTP thing than a PHP thing when it came to the blind faith thing... I was just hoping that was something better out there. I'm not willing to use session management as blindly as it is currently implemented. I will find my own solution. -Original Message- From: John W. Holmes [mailto:holmes072000;charter.net] Sent: Saturday, November 02, 2002 7:42 AM To: 'Robert Samuel White'; [EMAIL PROTECTED] Subject: RE: [PHP] Session Management I've created a class for handling session management across an unlimited number of domains (without using cookies) however it has some inherent problems. In order to differentiate between users, it is using the IP Address. I realize this is completely inefficient, and I was hoping that someone could give me some pointers on how exactly PHP handles session management from the backend. When not using cookies, PHP propagates the Session ID in the URL and a hidden variable in forms. However, is this even safe? Or is this completely blind faith that the Session belongs to that person? It's blind faith, just like every other system. That's the nature of HTTP. PHP makes a unique session id that it passes around to identify the user and link all of the requests. Basically, I want to know if PHP *knows for sure* the right user is using the right session. In other words, can it detect hijacked sessions? My guess is a resounding no. No...and neither can any program you write that uses HTTP. The only thing you can do is make it unique enough so that it can't be hijacked. I'm wondering if there is some way to determine the real IP Address of a user, even if that user is behind a proxy farm, etc., and if this is, in fact, what PHP does. No. The PHP session management isn't related to IP at all, that I know of. It shouldn't have to be because of the problem with proxies and people having changing IPs or people sharing IP addresses. If not, I'm stuck with figuring out how best to accomplish my goals using cookies. The problem: a cookie can only bet set for a single domain; therefore, the session will not be carried with the person if they browse to another domain which also uses the same eNetwizard Content Management Server. A possibility is to always propagate a State Id with the URL and forms, however even this would not prevent the exact same problem: Is this blind faith? If you want the session to maintain over different domains, your only option is to pass the unique id in the URL or POST data. It's just as safe as cookies, but, like you said, you can't pass cookies across domains. Put everything behind SSL and that's as secure as you can get. Hopefully I'm not too confusing. Feel free to ask more questions. ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] need help with project
Hello people Im in need help with creating a system where it will let me Add/drop players off a web page..basically of a roster with salary cap control And I want to do trades as well This is for a fantasy football page. And I need to have username and passwords so my owners can login and there is no cheating.. http://www.ultimatefootballleague.com/index4.shtml This is my site. Please email me directly if you are interested in helping. Thanks Karl james
[PHP] Re: need help with project
Karl -- Before you go reinventing the wheel , you might check http://freshmeat.net ... of course there is nothing actually wrong with reinventing the wheel *grin* David Jackson Karl James wrote: Hello people Im in need help with creating a system where it will let me Add/drop players off a web page..basically of a roster with salary cap control And I want to do trades as well This is for a fantasy football page. And I need to have username and passwords so my owners can login and there is no cheating.. http://www.ultimatefootballleague.com/index4.shtml This is my site. Please email me directly if you are interested in helping. Thanks Karl james -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Cookies disabled, new session ID each click!
Steve, Check your php.ini file. PHP uses cookies for maintaining your Web client's unique ID, and unless you have use_trans_sid set, it will not attempt to pass the unique ID on the URL for those who have cookies disabled. Chris Steve Fatula wrote: When you click on the link in the code, it gives you a session ID. Then, when you click again, it goes away. The SID appears to be blank every other time. Why would that be? I am using PHP 4.2.0 and 4.2.2, BSD and Linux, and Apache 1.3.20 something. Two different hosts. Same result. Client is IE5.5 with cookies disabled, running on NT. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
