php-general Digest 2 Jul 2004 11:24:02 -0000 Issue 2853
php-general Digest 2 Jul 2004 11:24:02 - Issue 2853
Topics (messages 189498 through 189530):
Create a function
189498 by: John Taylor-Johnston
189499 by: Jason Barnett
189500 by: Jason Barnett
Online Users
189501 by: Matt Palermo
189502 by: Curt Zirzow
189503 by: zareef ahmed
189508 by: Matt Palermo
PHP Bug ?
189504 by: adwinwijaya
189505 by: zareef ahmed
189518 by: Pierre
HTTP RAW DATA
189506 by: Alan McDonald
189510 by: raditha dissanayake
HTTP_AUTHORIZATION question
189507 by: Alan McDonald
189509 by: raditha dissanayake
189513 by: Alan McDonald
189530 by: Torsten Roehr
Just wanted to say
189511 by: Brent Clements
php functions avail ?
189512 by: Brent Clark
Re: Online Users[Scanned]
189514 by: Michael Egan
Re: MySQL QUERY Results Not Appearing
189515 by: Harlequin
Reference Scripts: Imaging Database, Recursion, Age Validation, Reg Ex
189516 by: Jason Paschal
Re: MySQL QUERY Results Not Appearing[Scanned]
189517 by: Michael Egan
Problem with session on first page loaded
189519 by: Jordi Canals
189521 by: Angelo binc2
189522 by: Jordi Canals
189524 by: Jordi Canals
189525 by: Lars Torben Wilson
189527 by: Daniel Kullik
189529 by: Jordi Canals
Object is not instatiated on POST, Fatal error
189520 by: Angelo binc2
189526 by: Daniel Kullik
Re: Object is not instatiated on POST, Fatal error SOLVED
189523 by: Angelo binc2
$_SESSION
189528 by: Dennis Koot
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
--
---BeginMessage---
I have a menu with a bunch of items. How can I clean up this code and push it through
a function?
Your basic newbie Question :)
Thanks,
John
pa class=nav href=index.html?php
if(stristr($_SERVER[SCRIPT_FILENAME],index.html))
{
echo bHome/b;
}else{
echo Home;
}
?/a
pa class=nav href=index.html?php
if(stristr($_SERVER[SCRIPT_FILENAME],search.html))
{
echo bSearch/b;
}else{
echo Search;
}
?/a
---End Message---
---BeginMessage---
$pages = array('index.html' = 'Home', 'search.html' = 'Search');
function menu($pages) {
foreach ($pages as $page = $desc) {
if (stristr($_SERVER['SCRIPT_FILENAME']), $page) {
echo 'pa class=nav href=index.html/ab' .
$desc . '/b/p';
} else {
echo 'pa class=nav href=index.html/a' . $desc . '/p';
}
}
pa class=nav href=index.html?php
if(stristr($_SERVER[SCRIPT_FILENAME],index.html))
{
echo bHome/b;
}else{
echo Home;
}
?/a
pa class=nav href=index.html?php
if(stristr($_SERVER[SCRIPT_FILENAME],search.html))
{
echo bSearch/b;
}else{
echo Search;
}
?/a
---End Message---
---BeginMessage---
Jason Barnett wrote:
$pages = array('index.html' = 'Home', 'search.html' = 'Search');
function menu($pages) {
foreach ($pages as $page = $desc) {
if (stristr($_SERVER['SCRIPT_FILENAME']), $page) {
sheesh, $desc should be in between anchors
echo 'pa class=nav href=index.htmlb' . $desc .
'/b/a/p';
} else {
echo 'pa class=nav href=index.html' . $desc . '/a/p';
}
}
---End Message---
---BeginMessage---
I am trying to keep a MySQL table of all currently online users for a system
I'm making. It's pretty simple to add the username to the list when they
login, but I don't know how to remove their username when they leave (unless
they click the logout button). Basically I want to be able to keep a list
of all currently active users. So if they close out their browser, it will
remove their name from the list (within a reasonable time frame). I'm
basically trying to keep this list of online users for a chat application
I'm building. Anyone have any suggestions on how to do this?
Thanks,
Matt
http://sweetphp.com
---End Message---
---BeginMessage---
* Thus wrote Matt Palermo:
they click the logout button). Basically I want to be able to keep a list
of all currently active users. So if they close out their browser, it will
remove their name from the list (within a reasonable time frame). I'm
No can do.
You'll just have to expire people from inactivity.
Curt
--
First, let me assure you that this is not one of those shady pyramid schemes
you've been hearing about. No, sir. Our model is the trapezoid!
---End Message---
---BeginMessage---
Hi,
If you are using a database on your server you can
do this as follows:
1. Make a table named
active_users(userid,last_access);
2. Record every visit of a user to any page.
3. you can delete the entries from this table on a
condition like ::
delete from active_users where last_access is less
than (currenttime-MAX_EXPIRE_TIME)
4. Display row count of active_users to visitors.
This is
[PHP] php functions avail ?
Hi I would like to know if these functions (for php 5)are already uploaded, available on the php.net sites, in terms of research and or support. http://zend.com/php5/whats-new.php Kind Regards Brent Clark MSN: [EMAIL PROTECTED] eMail: [EMAIL PROTECTED] Cell: +27 82 701 7827 Work No: +27 21 683 0069 Fax No: +27 21 683 6137 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] HTTP_AUTHORIZATION question
I have files contained in a download directory (.doc, .xls etc files) so I can't request authentication on each download from insie the files. I use authentication against a DB for the rest of the site and all pages are protected this way. My only way to protect these download files is to place server authentication on the folders they are contained in. To avoid having to manage my users again as server users, does anyone know how to set the HTTP_AUTHORIZATION variable at time of request? I don't need high security, so the page setting the HTTP_AUTHORIZATION is protected but does contain the username and pw couplet for the HTTP_AUTHORIZATION setting. There authorizations settings are supposed to be sent back to the server by the client so you cannot generate them with php. Your option include using .htpasswd that checks against a mysql database (please ask in the apache list.) and keeping your downloads 'offline' and delivering them through a php script. The second suggested has been discussed to exaustion in this list in the past. -- Raditha Dissanayake. Thanks - I suppose I was thinking of building (via PHP) and client JS script to set the property at the client. But anyway the offline way is the answer - shold have thought of that. Alan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Online Users[Scanned]
Matt, The most comprehensive example of this is provided by PhpBB (www.phpbb.com). This application pretty much follows the logic you've set out. HTH, Michael Egan -Original Message- From: Matt Palermo [mailto:[EMAIL PROTECTED] Sent: 02 July 2004 06:13 To: [EMAIL PROTECTED] Subject: Re: [PHP] Online Users[Scanned] Is it possible to make a table of all logged in users session ids and then check to see if the session still exists every couple minutes? So every minute or two, it would go through the table and for each record it would get the session id, then check that session id to see if it's still in existance. Is this possible to do? Thanks, Matt http://sweetphp.com Zareef Ahmed [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi, If you are using a database on your server you can do this as follows: 1. Make a table named active_users(userid,last_access); 2. Record every visit of a user to any page. 3. you can delete the entries from this table on a condition like :: delete from active_users where last_access is less than (currenttime-MAX_EXPIRE_TIME) 4. Display row count of active_users to visitors. This is just a hint. Some knowldge of php/any database assumed , Revert back with any comment or problem. zareef ahmed --- Curt Zirzow [EMAIL PROTECTED] wrote: * Thus wrote Matt Palermo: they click the logout button). Basically I want to be able to keep a list of all currently active users. So if they close out their browser, it will remove their name from the list (within a reasonable time frame). I'm = Zareef Ahmed :: A PHP Developer in Delhi(India). Homepage :: http://www.zasaifi.com __ Do you Yahoo!? New and Improved Yahoo! Mail - 100MB free storage! http://promotions.yahoo.com/new_mail -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php The information contained in this email (and in any attachments sent with it) is confidential. It is intended for the addressee only. Access to this email by anyone else is unintended and unauthorized. If you are not the original addressee, 3tc asks you to please maintain confidentiality. If you have received this email in error please notify 3tc immediately by replying to it, then destroy any copies and delete it from your computer system. Any use, dissemination, forwarding, printing or copying of this email by anyone except the addressee in the normal course of his/her business, is strictly prohibited. 3tc owns the copyright in this email and any document created by us and assert the right to be identified as the author of it. Copyright has not been transferred to the addressee. We protect our systems with Sophos Anti-virus - www.sophos.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: MySQL QUERY Results Not Appearing
Craig. Thanks for the response and sorry I've been delayed in getting back
to you.
I put a new page together and dropped all the peripheral code and this is
what I ended up with:
?php
/* MySQL Connection Variables */
$host=localhost;
$user=arras_WebMaster;
$password=qwerty;
$dbase=arras_Members;
/* MySQL Connection String */
$Connection=mysql_connect ($host, $user, $password)
or die ('I cannot connect to the database because: ' . mysql_error());
mysql_select_db ($dbase);
/* Display Current Members */
echo \n\n\n\n\n;
echo h3active members should appear here/h3;
$query = mysql_query(SELECT * FROM RegisteredMembers) or die(could not
execute query);
while($result = mysql_fetch_array($query)){
echo $result['UserID'];
}
?
Still no joy though. Any ideas...?
--
-
Michael Mason
Arras People
www.arraspeople.co.uk
-
Craig Donnelly [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
$result is an array that has to be fetched...try this
echo h3active members should appear here/h3;
$query = mysql_query(SELECT * FROM RegisteredMembers) or die(could not
execute query);
while($result = mysql_fetch_array($query)){
echo $result['YOUR_DB_FIELDNAME'];
}
change YOUR_DB_FIELDNAME' to whatever the fields are you are querying.
you could also:
pre
?php print_r($result); ?
/pre
HTH
Craig
Harlequin [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Hi all...
Despite being able to make a connection to the server and execute a
query
I
am unable to do this through PHP using the following commands:
echo h3active members should appear here/h3;
$query = SELECT * FROM RegisteredMembers;
$result = mysql_query($query) or die (could not execute query);
echo $result;
Any ideas...?
--
-
Michael Mason
Arras People
www.arraspeople.co.uk
-
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Reference Scripts: Imaging Database, Recursion, Age Validation, Reg Ex
Some things crop up while coding that I do not often use, so that I tend to forget the proper way to handle them and end up researching it and going through the same inoperable code again and again until I end up with something that works. Finally decided to host the code on my site and thought someone else might benefit from it. Storing Images in MySQL and Displaying them with PHP: http://www.dailymedication.com/modules.php?name=Forumsfile=viewtopict=15 Recursion (Word Permutations/Jumble): http://www.dailymedication.com/modules.php?name=Forumsfile=viewtopict=11 Age Validation (Determine Age from Birthdate): http://www.dailymedication.com/modules.php?name=Forumsfile=viewtopict=14 Regular Expressions (Finding links in Web Code/ Gallery Image Ripper): http://www.dailymedication.com/modules.php?name=Forumsfile=viewtopict=13 They all have working demos except for the Imaging Database stuff. Hope these can help somebody. Plan to be adding more soon. _ MSN Life Events gives you the tips and tools to handle the turning points in your life. http://lifeevents.msn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: MySQL QUERY Results Not Appearing[Scanned]
Don't know that this will work but it might help isolate the problem:
/* MySQL Connection Variables */
$host=localhost;
$user=arras_WebMaster;
$password=qwerty;
$dbase=arras_Members;
/* MySQL Connection String */
if(!$dbConnect = @mysql_connect ($host, $user, $password))
{
echo Couldn't connect to the database server: .mysql_error().br /;
}
if(!$dbSelect = @mysql_select_db ($dbase))
{
echo Couldn't select the database: .mysql_error().br /;
}
if(!$query = @mysql_query(SELECT * FROM RegisteredMembers))
{
echo Couldn't execute query: .mysql_error().br /;
}
else
{
while($result = mysql_fetch_array($query))
{
echo $result['UserID'];
}
}
HTH,
Michael Egan
-Original Message-
From: Harlequin [mailto:[EMAIL PROTECTED]
Sent: 02 July 2004 09:34
To: [EMAIL PROTECTED]
Subject: [PHP] Re: MySQL QUERY Results Not Appearing[Scanned]
Craig. Thanks for the response and sorry I've been delayed in getting back
to you.
I put a new page together and dropped all the peripheral code and this is
what I ended up with:
?php
/* MySQL Connection Variables */
$host=localhost;
$user=arras_WebMaster;
$password=qwerty;
$dbase=arras_Members;
/* MySQL Connection String */
$Connection=mysql_connect ($host, $user, $password)
or die ('I cannot connect to the database because: ' . mysql_error());
mysql_select_db ($dbase);
/* Display Current Members */
echo \n\n\n\n\n;
echo h3active members should appear here/h3;
$query = mysql_query(SELECT * FROM RegisteredMembers) or die(could not
execute query);
while($result = mysql_fetch_array($query)){
echo $result['UserID'];
}
?
Still no joy though. Any ideas...?
--
-
Michael Mason
Arras People
www.arraspeople.co.uk
-
The information contained in this email (and in any attachments sent with it) is
confidential. It is intended for the addressee only. Access to this email by anyone
else is unintended and unauthorized.
If you are not the original addressee, 3tc asks you to please maintain
confidentiality. If you have received this email in error please notify 3tc
immediately by replying to it, then destroy any copies and delete it from your
computer system.
Any use, dissemination, forwarding, printing or copying of this email by anyone except
the addressee in the normal course of his/her business, is strictly prohibited. 3tc
owns the copyright in this email and any document created by us and assert the right
to be identified as the author of it. Copyright has not been transferred to the
addressee.
We protect our systems with Sophos Anti-virus -
www.sophos.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] PHP Bug ?
Just try this : $temp = $country_list[$country_symbol]['AU'] ; Seems better :) Pierre -Message d'origine- De : adwinwijaya [mailto:[EMAIL PROTECTED] Envoyé : vendredi 2 juillet 2004 05:01 À : [EMAIL PROTECTED] Objet : [PHP] PHP Bug ? Hi... I found a bug (may be) I tried to do like this: $temp = $country_list[$country_symbol['AU']] ; this didnt work, so I have to change to : $symbol = $country_symbol['AU']; $temp = $country_list[$symbol] ; is this PHP bug ? -- Best regards, adwinwijaya mailto:[EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Problem with session on first page loaded
Hi all,
I have an extrange problem with the session cookie:
In all my pages there I have this two lines to start the session:
session_name('jcwse');
session_start();
When I access my website, at any page, everytyhink works OK, and the
session cookie is set with no problem except for links.
In the fist page I aceess, all links are appended with the session ID.
I mean that in every link, the ?jcwse=da22311212 ... is appended. This
occurs just on the load of first page (not any else). If I reload the
page, then links are formed correctly with no session ID (And sessions
works perfect).
This problem only arises on my ISP hosting (Linux+Apache 1.3) and does
not show on my devel computer (Windows+Apache 2.0). I've been searching
the manual, but found no explanation about that.
Any help will be really welcome.
Regards,
Jordi.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Object is not instatiated on POST, Fatal error
Hi all, I have a PHP file. and when it loads it creates an object for my database : include(db_class.inc); fine. I make a couple of calls to the database class this is also working fine. Then I post the page but to itself and then I go into a function (lets call it xfunction) which is ONLY accessed once the form has been posted and I get a fatal error: Fatal error: Call to a member function on a non-object in c:\program files\apache group\apache\htdocs\zero\opdocument.php on line 98 From what I've read my database object is not instatiated and therefore is in theory not an object. However I check before I go into the xfunction to see if the object is set and it is, then once in the function (where the error occurs) I test to see if the object is set again and it tells me that the object is not set. What could be the reason for the object not being set once being called in the function (xfunction)?? I have googled and many people get this error but not many have a clear solution. Any help or suggestions will be appreciated. Thanks Angelo Disclaimer This e-mail transmission contains confidential information, which is the property of the sender. The information in this e-mail or attachments thereto is intended for the attention and use only of the addressee. Should you have received this e-mail in error, please delete and destroy it and any attachments thereto immediately. Under no circumstances will the Cape Technikon or the sender of this e-mail be liable to any party for any direct, indirect, special or other consequential damages for any use of this e-mail. For the detailed e-mail disclaimer please refer to http://www.ctech.ac.za/polic or call +27 (0)21 460 3911 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Problem with session on first page loaded
shouldn't session_start() come first?
also remember that your devel computer might have different settings in
the PHP.ini file to that of your ISP, probably register_globals is set
to off. I would check it.
HTH
Angelo
Jordi Canals [EMAIL PROTECTED] 7/2/2004 11:14:28 AM
Hi all,
I have an extrange problem with the session cookie:
In all my pages there I have this two lines to start the session:
session_name('jcwse');
session_start();
When I access my website, at any page, everytyhink works OK, and the
session cookie is set with no problem except for links.
In the fist page I aceess, all links are appended with the session ID.
I mean that in every link, the ?jcwse=da22311212 ... is appended. This
occurs just on the load of first page (not any else). If I reload the
page, then links are formed correctly with no session ID (And sessions
works perfect).
This problem only arises on my ISP hosting (Linux+Apache 1.3) and does
not show on my devel computer (Windows+Apache 2.0). I've been searching
the manual, but found no explanation about that.
Any help will be really welcome.
Regards,
Jordi.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Disclaimer
This e-mail transmission contains confidential information,
which is the property of the sender.
The information in this e-mail or attachments thereto is
intended for the attention and use only of the addressee.
Should you have received this e-mail in error, please delete
and destroy it and any attachments thereto immediately.
Under no circumstances will the Cape Technikon or the sender
of this e-mail be liable to any party for any direct, indirect,
special or other consequential damages for any use of this e-mail.
For the detailed e-mail disclaimer please refer to
http://www.ctech.ac.za/polic or call +27 (0)21 460 3911
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Problem with session on first page loaded
Jordi Canals wrote: This problem only arises on my ISP hosting (Linux+Apache 1.3) and does not show on my devel computer (Windows+Apache 2.0). I've been searching the manual, but found no explanation about that. Sorry forgot it: The two platforms run PHP 4.3.7 Thanks again, Jordi. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Object is not instatiated on POST, Fatal error SOLVED
Ok guys, I have fixed the problem and its a really easy fix. basically the object was out of scope and therefore PHP treated my object name as a new variable and therefore it obvioulsy was not set because it is a new variable. SO the way I got it working was to just call the code directly and not put it in a function, or you could pass the object to the function as an argument. Hope this can help others in the future! Angelo Jason Paschal [EMAIL PROTECTED] 7/2/2004 11:22:04 AM would it be necessary/possible to make it global inside the function? - http://www.dailymedication.com - Everything you didn't know you needed until you went there and said to yourself, What did I do before I visited DailyMedication.com? and another part of you said, It does not matter. From: Angelo binc2 [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [PHP] Object is not instatiated on POST, Fatal error Date: Fri, 02 Jul 2004 11:14:53 +0200 Hi all, I have a PHP file. and when it loads it creates an object for my database : include(db_class.inc); fine. I make a couple of calls to the database class this is also working fine. Then I post the page but to itself and then I go into a function (lets call it xfunction) which is ONLY accessed once the form has been posted and I get a fatal error: Fatal error: Call to a member function on a non-object in c:\program files\apache group\apache\htdocs\zero\opdocument.php on line 98 From what I've read my database object is not instatiated and therefore is in theory not an object. However I check before I go into the xfunction to see if the object is set and it is, then once in the function (where the error occurs) I test to see if the object is set again and it tells me that the object is not set. What could be the reason for the object not being set once being called in the function (xfunction)?? I have googled and many people get this error but not many have a clear solution. Any help or suggestions will be appreciated. Thanks Angelo Disclaimer This e-mail transmission contains confidential information, which is the property of the sender. The information in this e-mail or attachments thereto is intended for the attention and use only of the addressee. Should you have received this e-mail in error, please delete and destroy it and any attachments thereto immediately. Under no circumstances will the Cape Technikon or the sender of this e-mail be liable to any party for any direct, indirect, special or other consequential damages for any use of this e-mail. For the detailed e-mail disclaimer please refer to http://www.ctech.ac.za/polic or call +27 (0)21 460 3911 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php _ MSN Life Events gives you the tips and tools to handle the turning points in your life. http://lifeevents.msn.com Disclaimer This e-mail transmission contains confidential information, which is the property of the sender. The information in this e-mail or attachments thereto is intended for the attention and use only of the addressee. Should you have received this e-mail in error, please delete and destroy it and any attachments thereto immediately. Under no circumstances will the Cape Technikon or the sender of this e-mail be liable to any party for any direct, indirect, special or other consequential damages for any use of this e-mail. For the detailed e-mail disclaimer please refer to http://www.ctech.ac.za/polic or call +27 (0)21 460 3911 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Problem with session on first page loaded
Angelo, thanks for your comments.
session_name must go before session_start.
I think register_globals has nothing to do with session cookies. I
always work with register_globals = off as recommended.
About the cookie params (In PHP.INI) I checked them on the two platforms
with phpinfo() and are exactly the same.
I'm relly lost with this issue. It is not a browser problem, because
browsers are accepting (and saving) the cookies. I tested it with
Firefox, MSIE and Mozilla, and always have the same issue.
Why the first page loaded, and only the first one, passes the session ID
on the URL? I think perhaps could be something related with the system
trying to read the cookie on the same page that first created it. But
don't find a way to solve it.
Thanks for your time,
Jordi.
Angelo binc2 wrote:
shouldn't session_start() come first?
also remember that your devel computer might have different settings in
the PHP.ini file to that of your ISP, probably register_globals is set
to off. I would check it.
HTH
Angelo
Jordi Canals [EMAIL PROTECTED] 7/2/2004 11:14:28 AM
session_name('jcwse');
session_start();
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Problem with session on first page loaded
Jordi Canals wrote: Angelo, thanks for your comments. session_name must go before session_start. I think register_globals has nothing to do with session cookies. I always work with register_globals = off as recommended. About the cookie params (In PHP.INI) I checked them on the two platforms with phpinfo() and are exactly the same. I'm relly lost with this issue. It is not a browser problem, because browsers are accepting (and saving) the cookies. I tested it with Firefox, MSIE and Mozilla, and always have the same issue. Why the first page loaded, and only the first one, passes the session ID on the URL? I think perhaps could be something related with the system trying to read the cookie on the same page that first created it. But don't find a way to solve it. Thanks for your time, Jordi. Was your binary compiled with --enable-trans-sid? If so, I imagine the explanation would be something along the lines that because the session manager doesn't know whether you have cookies enabled until it gets a cookie back, it uses trans_sid. On the second page view, it gets a cookie, and starts using cookies instead. No research went into this; it's just a guess. ;) Torben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Object is not instatiated on POST, Fatal error
You might as well add a reference of your db-object to global scope. [code] $GLOBALS['_db_object'] = $db; [/code] Then you could access it anywhere in your code like this: [code] $GLOBALS['_db_object']-sumbitQuery($query); [/code] Daniel Angelo Binc2 wrote: Ok guys, I have fixed the problem and its a really easy fix. basically the object was out of scope and therefore PHP treated my object name as a new variable and therefore it obvioulsy was not set because it is a new variable. SO the way I got it working was to just call the code directly and not put it in a function, or you could pass the object to the function as an argument. Hope this can help others in the future! Angelo Jason Paschal [EMAIL PROTECTED] 7/2/2004 11:22:04 AM would it be necessary/possible to make it global inside the function? - http://www.dailymedication.com - Everything you didn't know you needed until you went there and said to yourself, What did I do before I visited DailyMedication.com? and another part of you said, It does not matter. From: Angelo binc2 [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [PHP] Object is not instatiated on POST, Fatal error Date: Fri, 02 Jul 2004 11:14:53 +0200 Hi all, I have a PHP file. and when it loads it creates an object for my database : include(db_class.inc); fine. I make a couple of calls to the database class this is also working fine. Then I post the page but to itself and then I go into a function (lets call it xfunction) which is ONLY accessed once the form has been posted and I get a fatal error: Fatal error: Call to a member function on a non-object in c:\program files\apache group\apache\htdocs\zero\opdocument.php on line 98 From what I've read my database object is not instatiated and therefore is in theory not an object. However I check before I go into the xfunction to see if the object is set and it is, then once in the function (where the error occurs) I test to see if the object is set again and it tells me that the object is not set. What could be the reason for the object not being set once being called in the function (xfunction)?? I have googled and many people get this error but not many have a clear solution. Any help or suggestions will be appreciated. Thanks Angelo Disclaimer This e-mail transmission contains confidential information, which is the property of the sender. The information in this e-mail or attachments thereto is intended for the attention and use only of the addressee. Should you have received this e-mail in error, please delete and destroy it and any attachments thereto immediately. Under no circumstances will the Cape Technikon or the sender of this e-mail be liable to any party for any direct, indirect, special or other consequential damages for any use of this e-mail. For the detailed e-mail disclaimer please refer to http://www.ctech.ac.za/polic or call +27 (0)21 460 3911 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php _ MSN Life Events gives you the tips and tools to handle the turning points in your life. http://lifeevents.msn.com Disclaimer This e-mail transmission contains confidential information, which is the property of the sender. The information in this e-mail or attachments thereto is intended for the attention and use only of the addressee. Should you have received this e-mail in error, please delete and destroy it and any attachments thereto immediately. Under no circumstances will the Cape Technikon or the sender of this e-mail be liable to any party for any direct, indirect, special or other consequential damages for any use of this e-mail. For the detailed e-mail disclaimer please refer to http://www.ctech.ac.za/polic or call +27 (0)21 460 3911 -- WWE e-commerce IT GmbH Eiffestrasse 462, D-20537 Hamburg Tel.: +49-40-2530659-0, Fax: +49-40-2530659-50 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Problem with session on first page loaded
Source: http://www.php.net/set_cookie
[snip]
Once the cookies have been set, they can be accessed on the next page
load with the $_COOKIE or $HTTP_COOKIE_VARS arrays.
[/snip]
Since PHP cannot access a cookie right after it has been set PHP cannot
be sure if the cookie has been accepted on client-side (user might deny
cookies). Therefore PHP chooses another way of storing the current
session id until next page has been loaded (GET-param, hidden-field...).
Daniel
Jordi Canals wrote:
Hi all,
I have an extrange problem with the session cookie:
In all my pages there I have this two lines to start the session:
session_name('jcwse');
session_start();
When I access my website, at any page, everytyhink works OK, and the
session cookie is set with no problem except for links.
In the fist page I aceess, all links are appended with the session ID.
I mean that in every link, the ?jcwse=da22311212 ... is appended. This
occurs just on the load of first page (not any else). If I reload the
page, then links are formed correctly with no session ID (And sessions
works perfect).
This problem only arises on my ISP hosting (Linux+Apache 1.3) and does
not show on my devel computer (Windows+Apache 2.0). I've been searching
the manual, but found no explanation about that.
Any help will be really welcome.
Regards,
Jordi.
--
WWE e-commerce IT GmbH
Eiffestrasse 462, D-20537 Hamburg
Tel.: +49-40-2530659-0, Fax: +49-40-2530659-50
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] $_SESSION
Hello all, i have a question concerning the $_SESSION stuff. i have a domain registered with online webspace on this webspace i have put a litte bit of code that will send the visitor's of the website to my server using a frame. I open one frame full-screen size and i let it open MY_IP/base/index.php as page. i then have a login page which uses $_SESSION and which sends you to either MY_IP/login1/index.php or MY_IP/login2/index.php depending on your username. (which are stored in mysql) this all works fine. i get redirected to the right page and all. but then on the new page the session doesn't work anymore. so the user gets a error for not being logged in and returns to the login page at /base AND here's the strange thing.. when i open it using the http://MY_IP link it all works great. it just doesn't when i use the frame via my hosting provider. So i tried to make a fram on my site which is exactly the same as the frame at the hosting provider. And it all works great aswell. just not when i place the frame at my Hosting Prov. has anybody got a clue how to do this? thanx Dennis
Re: [PHP] Problem with session on first page loaded
Lars Torben Wilson wrote: About the cookie params (In PHP.INI) I checked them on the two platforms with phpinfo() and are exactly the same. Was your binary compiled with --enable-trans-sid? If so, I imagine the explanation would be something along the lines that because the session manager doesn't know whether you have cookies enabled until it gets a cookie back, it uses trans_sid. On the second page view, it gets a cookie, and starts using cookies instead. Thanks Torben, The binary is not compiled with --enable-trans-sid. But I've seen that the ISP changed a param in the PHP.INI, and they changed session.use_trans_sid setting it to 1. I tested setting it on my devel computer and really now the problem reproduces here :) So I think this could be really the problem. Now I should talk to the provider to not set this parameter to ON by default, because the security risk on it (As stated on the manuals). On the sessions manuals, says that this parameter can only be set on PHP_INI_SYSTEM and PHP_INI_PERDIR, but in the ini_set() manual says it can be set in PHP_INI_ALL. I think the first is correct and the second is not as I tried setting it with ini_set with no result. I cannot understand this change from the provider as it is a security risk as the comments in PHP.INI says: ; trans sid support is disabled by default. ; Use of trans sid may risk your users security. ; Use this option with caution. ; - User may send URL contains active session ID ; to other person via. email/irc/etc. ; - URL that contains active session ID may be stored ; in publically accessible computer. ; - User may access your site with the same session ID ; always using URL stored in browser's history or bookmarks. Thanks for your valuable help. Now *I've seen where the problem is*, and I can look for a solution. Regards, Jordi. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] HTTP_AUTHORIZATION question
Alan McDonald [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I have files contained in a download directory (.doc, .xls etc files) so I can't request authentication on each download from insie the files. I use authentication against a DB for the rest of the site and all pages are protected this way. My only way to protect these download files is to place server authentication on the folders they are contained in. To avoid having to manage my users again as server users, does anyone know how to set the HTTP_AUTHORIZATION variable at time of request? I don't need high security, so the page setting the HTTP_AUTHORIZATION is protected but does contain the username and pw couplet for the HTTP_AUTHORIZATION setting. There authorizations settings are supposed to be sent back to the server by the client so you cannot generate them with php. Your option include using .htpasswd that checks against a mysql database (please ask in the apache list.) and keeping your downloads 'offline' and delivering them through a php script. The second suggested has been discussed to exaustion in this list in the past. -- Raditha Dissanayake. Thanks - I suppose I was thinking of building (via PHP) and client JS script to set the property at the client. But anyway the offline way is the answer - shold have thought of that. Alan Hi Alan, check PEAR's HTTP_Download for serving files for download from a protected directory: http://pear.php.net/package/HTTP_Download Regards, Torsten Roehr -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Reference Scripts: Imaging Database, Recursion, Age Validation, Reg Ex
Jason Paschal [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Some things crop up while coding that I do not often use, so that I tend to forget the proper way to handle them and end up researching it and going through the same inoperable code again and again until I end up with something that works. Finally decided to host the code on my site and thought someone else might benefit from it. Storing Images in MySQL and Displaying them with PHP: http://www.dailymedication.com/modules.php?name=Forumsfile=viewtopict=15 Recursion (Word Permutations/Jumble): http://www.dailymedication.com/modules.php?name=Forumsfile=viewtopict=11 Age Validation (Determine Age from Birthdate): http://www.dailymedication.com/modules.php?name=Forumsfile=viewtopict=14 Regular Expressions (Finding links in Web Code/ Gallery Image Ripper): http://www.dailymedication.com/modules.php?name=Forumsfile=viewtopict=13 They all have working demos except for the Imaging Database stuff. Hope these can help somebody. Plan to be adding more soon. Thanks Jason for sharing your code with us. Greatly appreciated! Torsten Roehr -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Strange Session Problem
Hi,
I have a config file which i include in every page:
snip
class object {};
$CFG = new object;
$CFG-dbhost = localhost;
$CFG-dbname = x;
$CFG-dbuser = x;
$CFG-dbpass = x;
$connection = mysql_connect($CFG-dbhost, $CFG-dbuser, $CFG-dbpass);
@mysql_select_db($CFG-dbname) or die( Unable to select database);
$CFG-wwwroot = http://www.xxx.com;
$CFG-dirroot = /usr/home/xxx/public_html;
$CFG-templatedir = $CFG-dirroot/templates;
$CFG-admindir = $CFG-wwwroot/admin;
$CFG-usersdir = $CFG-wwwroot/users;
session_start();
/snip
On my login form I am attempting to initialise the seesion variables if the
login values are correct:
snip
include(application.php);
$user = verify_login($_POST[username], $_POST[password]);
if($user){
// register user sessions
$ses_user_id = $user[User_ID];
$ses_name = $user[User_Name];
$ses_user_type = $user[User_Type];
session_register(ses_user_id);
session_register(ses_name);
session_register(ses_user_type);
include($CFG-usersdir); // ***This line causes session problems***
exit;
}
/snip
The highlighted line is causing problems. If i leave it as it is the
following page (users/index.php) will not display session variables
snip
echo '$ses_user_type = '.$ses_user_type.'br'.
$ses_user_id = '.$ses_user_id.'br';
/snip
displays:
$ses_user_type =
$ses_user_id =
However, if I rewrite the offending line to:
include(users/index.php);
then it worke fine and displays the session variables correctly:
$ses_user_type = Administrator
$ses_user_id = 1
I would be most grateful if someone could lend a hand here as this is as far
as I have been able to narrow down the problem to in the last 10 hours!!!
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Strange Session Problem
Ooops, sorry about the attempted fake URL!
Shaun [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Hi,
I have a config file which i include in every page:
snip
class object {};
$CFG = new object;
$CFG-dbhost = localhost;
$CFG-dbname = x;
$CFG-dbuser = x;
$CFG-dbpass = x;
$connection = mysql_connect($CFG-dbhost, $CFG-dbuser, $CFG-dbpass);
@mysql_select_db($CFG-dbname) or die( Unable to select database);
$CFG-wwwroot = http://www.xxx.com;
$CFG-dirroot = /usr/home/xxx/public_html;
$CFG-templatedir = $CFG-dirroot/templates;
$CFG-admindir = $CFG-wwwroot/admin;
$CFG-usersdir = $CFG-wwwroot/users;
session_start();
/snip
On my login form I am attempting to initialise the seesion variables if
the
login values are correct:
snip
include(application.php);
$user = verify_login($_POST[username], $_POST[password]);
if($user){
// register user sessions
$ses_user_id = $user[User_ID];
$ses_name = $user[User_Name];
$ses_user_type = $user[User_Type];
session_register(ses_user_id);
session_register(ses_name);
session_register(ses_user_type);
include($CFG-usersdir); // ***This line causes session problems***
exit;
}
/snip
The highlighted line is causing problems. If i leave it as it is the
following page (users/index.php) will not display session variables
snip
echo '$ses_user_type = '.$ses_user_type.'br'.
$ses_user_id = '.$ses_user_id.'br';
/snip
displays:
$ses_user_type =
$ses_user_id =
However, if I rewrite the offending line to:
include(users/index.php);
then it worke fine and displays the session variables correctly:
$ses_user_type = Administrator
$ses_user_id = 1
I would be most grateful if someone could lend a hand here as this is as
far
as I have been able to narrow down the problem to in the last 10 hours!!!
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Online Users
On Fri, 2 Jul 2004 01:13:14 -0400, Matt Palermo [EMAIL PROTECTED] wrote:
Is it possible to make a table of all logged in users session ids and then
check to see if the session still exists every couple minutes? So every
minute or two, it would go through the table and for each record it would
get the session id, then check that session id to see if it's still in
existance. Is this possible to do?
This is simple to accomplish if you use database managed PHP sessions.
You can override the default PHP session handling functions with
session_set_save_handler() then you will know what users are logged in
by what sessions are still active. Here's how I do it:
My sessions.php that I require in all other scripts on the site:
?php
if(ini_get('session.use_trans_sid')==0){
ini_set(session.use_trans_sid, 1);
}
$sessionDbHandler = '';
function sessionOpen($save_path, $session_name){
global $sessionDbHandler;
if(! $sessionDbHandler = mysql_pconnect(DB_HOST, DB_USER, DB_PASS)){
die(Can't get sessionDbHandler: .mysql_error());
}
return true;
}
function sessionClose(){
return true;
}
function sessionRead($key){
$sql =
select
sessionData
from
.TB_USER_SESSIONS.
where
sessionID = '$key'
and
sessionExpire UNIX_TIMESTAMP()
;
$query = mysql_query($sql);
if(mysql_num_rows($query)){
return mysql_result($query, 0, sessionData);
}
return false;
}
function sessionWrite($key, $val){
$value = addslashes($val);
$sql =
replace into .TB_USER_SESSIONS. (
sessionID,
sessionData,
sessionExpire
) values (
'$key',
'$value',
UNIX_TIMESTAMP() + .SITE_ONLINE_EXPIRE.
)
;
return mysql_query($sql);
}
function sessionDestroy($key){
$sql =
delete from
.TB_USER_SESSIONS.
where
sessionID = '$key'
;
return mysql_query($sql);
}
function sessionGarbageCollection(){
$sql =
delete from
.TB_USER_SESSIONS.
where
sessionExpire UNIX_TIMESTAMP()
;
$query = mysql_query($sql);
return sqlAffectedRows();
}
session_set_save_handler(sessionOpen, sessionClose,
sessionRead, sessionWrite, sessionDestroy,
sessionGarbageCollection);
session_start();
?
Some config.php variables:
define('DB_HOST', 'localhost');
define('DB_DB', 'db_name');
define('DB_USER', 'db_user');
define('DB_PASS', 'db_pass');
define('TB_USER_SESSIONS', 'userSessions');
define('SITE_ONLINE_EXPIRE', 900);
The table structure for userSessions looks like this:
CREATE TABLE `userSessions` (
`sessionID` varchar(32) NOT NULL default '',
`sessionData` text NOT NULL,
`sessionExpire` int(10) unsigned NOT NULL default '0',
PRIMARY KEY (`sessionID`)
) TYPE=MyISAM;
When a user logs in you are probably already setting some kind of
userID or userName, so make that a session variable if it is not
already. Then it's just a matter of listing the userNames or userIDs
out of the userSessions table.
You might want to force session garbage collection at the top of each
script by calling sessionGarbageCollection(). That will make the
username listings more realtime.
--
Greg Donald
http://destiney.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Header or includes for one-level up access?
Orginally when I designed my site, I put the db access file, conn.php, in the webarea - where all files reside. After reading a recent thread, I realize that this may not be too secure. Therefore, I would like to shove conn.php one level above the webarea. However, I don't feel like re-writng 300+ files with the new db access info, so I thought a simple re-direct page might do the trick. I've tried three methods: the header approach header(location: ../conn-up.php); an absolute header: header(location: /vhome/conn-up.php); and an include approach: include(../conn-up.php); /* Db file access (conn.php) -- all pages presently refer or call this file */ ?php session_start(); ob_start(); ? ?php /* $db = pg_connect(dbname=big user=me password=pwd); old string */ header(location: /vhome/site/conn-up.php); // tried 3 approaches above ? /* New db access (conn-up.php) - now located one level above webpages */ ?php session_start(); ob_start(); ? ?php $db = pg_connect(dbname=big user=me password=pwd); ? All three approaches will not allow db access. I'm stumped. Is it possible to do this, and will this protect the db password any better than if it stays in the webarea? Any help, guidance, or ideas most welcome. Tia, Andre -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] MySQL QUERY Results Not Appearing[Scanned]
Michael
just wanted to thank you through the group for your time.
U R A Star...!
--
-
Michael Mason
Arras People
www.arraspeople.co.uk
-
Michael Egan [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Have a look at the mysql functions in the PHP manual - i.e.
http://uk.php.net/mysql_query
I'm also certain this question has been raised fairly recently on the list.
All mysql_query is going to do is either open up the resource or not. You'll
need to use something else to display the data.
For example:
$sql = select * from members;
if(!$result = mysql_query($sql))
echo mysql_error();
while($row = mysql_fetch_array($result))
{
echo $row['column_name'];
}
HTH,
Michael Egan
-Original Message-
From: Harlequin [mailto:[EMAIL PROTECTED]
Sent: 30 June 2004 12:42
To: [EMAIL PROTECTED]
Subject: [PHP] MySQL QUERY Results Not Appearing[Scanned]
Hi all...
Despite being able to make a connection to the server and execute a query I
am unable to do this through PHP using the following commands:
echo h3active members should appear here/h3;
$query = SELECT * FROM RegisteredMembers;
$result = mysql_query($query) or die (could not execute query);
echo $result;
Any ideas...?
--
-
Michael Mason
Arras People
www.arraspeople.co.uk
-
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
The information contained in this email (and in any attachments sent with
it) is confidential. It is intended for the addressee only. Access to this
email by anyone else is unintended and unauthorized.
If you are not the original addressee, 3tc asks you to please maintain
confidentiality. If you have received this email in error please notify 3tc
immediately by replying to it, then destroy any copies and delete it from
your computer system.
Any use, dissemination, forwarding, printing or copying of this email by
anyone except the addressee in the normal course of his/her business, is
strictly prohibited. 3tc owns the copyright in this email and any document
created by us and assert the right to be identified as the author of it.
Copyright has not been transferred to the addressee.
We protect our systems with Sophos Anti-virus -
www.sophos.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] MySQL QUERY Results Not Appearing[Scanned]
Glad to be of help. I'm sure there will be many more occasions when I'm badly in need
of assistance.
Cheers,
Michael
-Original Message-
From: Harlequin [mailto:[EMAIL PROTECTED]
Sent: 02 July 2004 13:55
To: [EMAIL PROTECTED]
Subject: Re: [PHP] MySQL QUERY Results Not Appearing[Scanned]
Michael
just wanted to thank you through the group for your time.
U R A Star...!
--
-
Michael Mason
Arras People
www.arraspeople.co.uk
-
Michael Egan [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Have a look at the mysql functions in the PHP manual - i.e.
http://uk.php.net/mysql_query
I'm also certain this question has been raised fairly recently on the list.
All mysql_query is going to do is either open up the resource or not. You'll
need to use something else to display the data.
For example:
$sql = select * from members;
if(!$result = mysql_query($sql))
echo mysql_error();
while($row = mysql_fetch_array($result))
{
echo $row['column_name'];
}
HTH,
Michael Egan
-Original Message-
From: Harlequin [mailto:[EMAIL PROTECTED]
Sent: 30 June 2004 12:42
To: [EMAIL PROTECTED]
Subject: [PHP] MySQL QUERY Results Not Appearing[Scanned]
Hi all...
Despite being able to make a connection to the server and execute a query I
am unable to do this through PHP using the following commands:
echo h3active members should appear here/h3;
$query = SELECT * FROM RegisteredMembers;
$result = mysql_query($query) or die (could not execute query);
echo $result;
Any ideas...?
--
-
Michael Mason
Arras People
www.arraspeople.co.uk
-
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
The information contained in this email (and in any attachments sent with
it) is confidential. It is intended for the addressee only. Access to this
email by anyone else is unintended and unauthorized.
If you are not the original addressee, 3tc asks you to please maintain
confidentiality. If you have received this email in error please notify 3tc
immediately by replying to it, then destroy any copies and delete it from
your computer system.
Any use, dissemination, forwarding, printing or copying of this email by
anyone except the addressee in the normal course of his/her business, is
strictly prohibited. 3tc owns the copyright in this email and any document
created by us and assert the right to be identified as the author of it.
Copyright has not been transferred to the addressee.
We protect our systems with Sophos Anti-virus -
www.sophos.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
The information contained in this email (and in any attachments sent with it) is
confidential. It is intended for the addressee only. Access to this email by anyone
else is unintended and unauthorized.
If you are not the original addressee, 3tc asks you to please maintain
confidentiality. If you have received this email in error please notify 3tc
immediately by replying to it, then destroy any copies and delete it from your
computer system.
Any use, dissemination, forwarding, printing or copying of this email by anyone except
the addressee in the normal course of his/her business, is strictly prohibited. 3tc
owns the copyright in this email and any document created by us and assert the right
to be identified as the author of it. Copyright has not been transferred to the
addressee.
We protect our systems with Sophos Anti-virus -
www.sophos.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Problem with session on first page loaded
Jordi Canals wrote: the ISP changed a param in the PHP.INI, and they changed session.use_trans_sid setting it to 1. [...] Now I should talk to the provider to not set this parameter to ON by default, because the security risk on it (As stated on the manuals). If they allow you to use .htaccess files, you can create one at the root of your application with the following: php_flag session.use_trans_sid off -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] session id changing all the time on some pc's
Hello, I have a strange problem. For example i have a script: ?php session_start(); echo session_id(); ? Once it started a session the session_id should never change. It works on my localhost with default php configuration. I'm using mozilla firefox and IE. I put this script on some other server on the net. It works just fine too with both browsers. But i also put it on one other server and while you are you using IE the session_id changes all the time. With mozilla firefox everything just works fine. On all servers. I looked at server configurations but i couldn't find anything usefull. I tried to change IE settings to accept all cookies but nothing changed. Maybe someone knows where's the problem.. Thanks Bye -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Header or includes for one-level up access?
Andre Dubuc wrote: I thought a simple re-direct page might do the trick. I've tried three methods: the header approach header(location: ../conn-up.php); an absolute header: header(location: /vhome/conn-up.php); and an include approach: include(../conn-up.php); Te header methods will not work. You need to access directly the filesystem in order to include a file. Cannot do it by URL. The third aproach perhaps could work, not sure. But I would test to things (I assume conn.php is on your site root) : 1. Check the user running the web server hsa permisions to read on the directory the file is located. 2. Try an absolute path to the file. Perhaps it will not permit portability, but for test purposes could help. On conn.php you could try: include(/vhome/conn-up.php); If it does not work, problably is a permissions problem. 3. For portability, and when you have been able to include the file as said in point 2. You could do in conn.php something like: $conn_dir = dirname(dirname(__FILE__)); // Gives parent dir include($conn_dir . 'conn-up.php'); 4. Could set the path to de directory including the file with set_include_path(); and then include just by name: $mypath = get_include_path() . PATH_SEPARATOR . /vhome; set_include_path($mypath); Hope this can help to investigate a bit more on your problem. Regards, Jordi -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Header or includes for one-level up access?
Andre Dubuc wrote:
Orginally when I designed my site, I put the db access file, conn.php, in the
webarea - where all files reside. After reading a recent thread, I realize
that this may not be too secure. Therefore, I would like to shove conn.php
one level above the webarea. However, I don't feel like re-writng 300+ files
with the new db access info, so I thought a simple re-direct page might do
the trick.
I've tried three methods:
the header approach
header(location: ../conn-up.php);
an absolute header:
header(location: /vhome/conn-up.php);
and an include approach:
include(../conn-up.php);
/* Db file access (conn.php) -- all pages presently refer or call this file */
?php session_start(); ob_start(); ?
?php
/* $db = pg_connect(dbname=big user=me password=pwd); old string */
header(location: /vhome/site/conn-up.php); // tried 3 approaches above
?
/* New db access (conn-up.php) - now located one level above webpages */
?php session_start(); ob_start(); ?
?php
$db = pg_connect(dbname=big user=me password=pwd);
?
All three approaches will not allow db access. I'm stumped. Is it possible to
do this, and will this protect the db password any better than if it stays in
the webarea?
Any help, guidance, or ideas most welcome.
Tia,
Andre
Maybe this aids:
[code]
define('FOOBAR', realpath(dirname(__FILE__) . '/..') . '/');
require_once(FOOBAR . 'conn_up.php');
[/code]
Add this line to a script in your docroot. In subdirs you'll certainly
have to add some '/..'. Some prepend-file is suggested.
Daniel
--
WWE e-commerce IT GmbH
Eiffestrasse 462, D-20537 Hamburg
Tel.: +49-40-2530659-0, Fax: +49-40-2530659-50
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Header or includes for one-level up access? [SOLVED]
On Friday 02 July 2004 09:16 am, Jordi Canals wrote: Andre Dubuc wrote: I thought a simple re-direct page might do the trick. I've tried three methods: the header approach header(location: ../conn-up.php); an absolute header: header(location: /vhome/conn-up.php); and an include approach: include(../conn-up.php); Te header methods will not work. You need to access directly the filesystem in order to include a file. Cannot do it by URL. The third aproach perhaps could work, not sure. But I would test to things (I assume conn.php is on your site root) : 1. Check the user running the web server hsa permisions to read on the directory the file is located. 2. Try an absolute path to the file. Perhaps it will not permit portability, but for test purposes could help. On conn.php you could try: include(/vhome/conn-up.php); If it does not work, problably is a permissions problem. 3. For portability, and when you have been able to include the file as said in point 2. You could do in conn.php something like: $conn_dir = dirname(dirname(__FILE__)); // Gives parent dir include($conn_dir . 'conn-up.php'); 4. Could set the path to de directory including the file with set_include_path(); and then include just by name: $mypath = get_include_path() . PATH_SEPARATOR . /vhome; set_include_path($mypath); Hope this can help to investigate a bit more on your problem. Regards, Jordi Hi Jordi, Thanks for the advice! I tried include(/vhome/conn-up.php); works like a charm! Funny I never thought of giving the absolute path for the include . . . sigh! Regards, Andre -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Uploading multiple files
Dear All.
I ma trying to write a script that let the user choose
how many languages to upload. Therefore the first
script checks weather the user has choosed to add
images, if not, he'll get a preview of the web site;
otherwise array_padd will increment the array for the
number of images the user has choosen:
?php
if(($add == ) or ($add == 0)){
$description= wordwrap($description,50,br);
echo table frame=\border\
trth$font1 PREVIEW DEL SITO/font/th/tr
trtd colspan=\2\ align=\left\img
src=\../ecom/$u/$logo_name\/td/tr
trtd$description/tdtdimg
src=\../ecom/$u/$img_az_name\/td/tr
/table;
}else{
$img = array('img','desc');
$img = array_pad($img, $add, '');
echo table trth colspan=\6\$font1 GESTIONE
SITO - Add images/font/th
form action=\./panel.php\ method=\post\
enctype=\multipart/form-data\
input type=\hidden\ name=\servizio\ value=\4\
input type=\hidden\ name=\visione\
value=\imdone\;
foreach($img as $k = $img){
$k++;
echo trtd$font1 Image $k:nbsp;/font/td
tdinput type=\file\ name=\img[$k]\/td
td$font1 Title:nbsp;/font/td
tdinput type=\text\ name=\title[$k]\
maxlength=\50\/td
td$font1 Description:nbsp;/font/td
tdtextarea name=\desc[$k]\/textarea/td
/tr;
}
?
The second script would be:
?php
$uploaddir =
/web/htdocs/www.example.it/home/ecom/$u/;
$uploadfile = $uploaddir.$_FILES['img']['name'];
print pre;
if
(move_uploaded_file($HTTP_POST_FILES['img']['tmp_name'],
$uploadfile)) {
print File is valid, and was successfully
uploaded. ;
print Here's some more debugging info:\n;
print_r($HTTP_POST_FILES);
} else {
print Possible file upload attack! Here's some
debugging info:\n;
print_r($HTTP_POST_FILES);
}
print /pre;
?
I keep on getting a possible upload file attack. The
debugging info says there are no errors. I have tried
using $_FILES instead of $HTTP_POST_FILES. My ISP has
Gobals turned on and max file size is 8 MB, in this
example I have been using 2 files of 246K each.
Where do you think the problem might lay?
Thank you,
Gennaro Losappio
Yahoo! Companion - Scarica gratis la toolbar di Ricerca di Yahoo!
http://companion.yahoo.it
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] call_user_func and call-time pass-by-reference
How do you use the call_user_func function with call-time
pass-by-reference deprecation?
For example:
function fun($arg) {
$arg++;
}
$var = 0;
call_user_func(fun, $var);
echo $var; //echoes 0 instead of 1
Is their anyway to do this:
call_user_func(fun, $var);
Thanks for any help with this!
Andrew Nagy
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session id changing all the time on some pc's
On Friday 02 July 2004 12:12 pm, Zilvinas Saltys wrote: I looked at server configurations but i couldn't find anything usefull. I tried to change IE settings to accept all cookies but nothing changed. Maybe someone knows where's the problem.. I dont know of all the specifics of your situation, but I know when it happened to my code, it boiled down to a cookie problem. (I never experienced it first hand unless I turned off cookies in my own browser. I saw it was happening for other users on my code). So what I eventually did, was modified my code to work with browsers that do not store cookies (for what ever reason that may be). By that I mean to pass the session id in the url and in forms... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Uploading multiple files
Gennaro losappio [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Dear All.
Hi.
I ma trying to write a script that let the user choose
how many languages to upload. Therefore the first
script checks weather the user has choosed to add
images, if not, he'll get a preview of the web site;
otherwise array_padd will increment the array for the
number of images the user has choosen:
?php
if(($add == ) or ($add == 0)){
You can use empty() here:
if (empty($add)) {
$description= wordwrap($description,50,br);
echo table frame=\border\
trth$font1 PREVIEW DEL SITO/font/th/tr
trtd colspan=\2\ align=\left\img
src=\../ecom/$u/$logo_name\/td/tr
trtd$description/tdtdimg
src=\../ecom/$u/$img_az_name\/td/tr
/table;
}else{
$img = array('img','desc');
$img = array_pad($img, $add, '');
echo table trth colspan=\6\$font1 GESTIONE
SITO - Add images/font/th
form action=\./panel.php\ method=\post\
enctype=\multipart/form-data\
input type=\hidden\ name=\servizio\ value=\4\
input type=\hidden\ name=\visione\
value=\imdone\;
foreach($img as $k = $img){
$k++;
echo trtd$font1 Image $k:nbsp;/font/td
tdinput type=\file\ name=\img[$k]\/td
td$font1 Title:nbsp;/font/td
tdinput type=\text\ name=\title[$k]\
maxlength=\50\/td
td$font1 Description:nbsp;/font/td
tdtextarea name=\desc[$k]\/textarea/td
/tr;
}
?
The second script would be:
?php
$uploaddir =
/web/htdocs/www.example.it/home/ecom/$u/;
$uploadfile = $uploaddir.$_FILES['img']['name'];
Where is $u being set? It's better to use a constant for path information:
define('UPLOAD_PATH',
'/web/htdocs/www.example.it/home/ecom/whateverumightbe');
Otherwise someone could call the file with:
page.php?u=../../ or whatever
You should NOT rely on register_globals. You can turn it off in run time by
putting this line at the top of all scripts:
ini_set('register_globals', 0);
Then access all variables with $_GET['var1'], $_POST['var1'],
$_FILES['file'] etc.
You should also check the file's mime type ($_FILES['file']['type']) and
only allow specific file types (GIF, JPEG).
print pre;
if
(move_uploaded_file($HTTP_POST_FILES['img']['tmp_name'],
$uploadfile)) {
print File is valid, and was successfully
uploaded. ;
print Here's some more debugging info:\n;
print_r($HTTP_POST_FILES);
} else {
print Possible file upload attack! Here's some
debugging info:\n;
print_r($HTTP_POST_FILES);
}
print /pre;
?
I keep on getting a possible upload file attack. The
debugging info says there are no errors. I have tried
using $_FILES instead of $HTTP_POST_FILES. My ISP has
Gobals turned on and max file size is 8 MB, in this
example I have been using 2 files of 246K each.
Where do you think the problem might lay?
Thank you,
Gennaro Losappio
How do you know you are getting upload attacks? Any symptoms?
Regards, Torsten Roehr
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Online Users
This looks like a good solution. What is the best way to list the current
users, since the sesssionData seems to be serialized in the db or something?
I just want to list out all the users from the db.
Thanks,
Matt
http://sweetphp.com
Greg Donald [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
On Fri, 2 Jul 2004 01:13:14 -0400, Matt Palermo [EMAIL PROTECTED]
wrote:
Is it possible to make a table of all logged in users session ids and
then
check to see if the session still exists every couple minutes? So every
minute or two, it would go through the table and for each record it
would
get the session id, then check that session id to see if it's still in
existance. Is this possible to do?
This is simple to accomplish if you use database managed PHP sessions.
You can override the default PHP session handling functions with
session_set_save_handler() then you will know what users are logged in
by what sessions are still active. Here's how I do it:
My sessions.php that I require in all other scripts on the site:
?php
if(ini_get('session.use_trans_sid')==0){
ini_set(session.use_trans_sid, 1);
}
$sessionDbHandler = '';
function sessionOpen($save_path, $session_name){
global $sessionDbHandler;
if(! $sessionDbHandler = mysql_pconnect(DB_HOST, DB_USER, DB_PASS)){
die(Can't get sessionDbHandler: .mysql_error());
}
return true;
}
function sessionClose(){
return true;
}
function sessionRead($key){
$sql =
select
sessionData
from
.TB_USER_SESSIONS.
where
sessionID = '$key'
and
sessionExpire UNIX_TIMESTAMP()
;
$query = mysql_query($sql);
if(mysql_num_rows($query)){
return mysql_result($query, 0, sessionData);
}
return false;
}
function sessionWrite($key, $val){
$value = addslashes($val);
$sql =
replace into .TB_USER_SESSIONS. (
sessionID,
sessionData,
sessionExpire
) values (
'$key',
'$value',
UNIX_TIMESTAMP() + .SITE_ONLINE_EXPIRE.
)
;
return mysql_query($sql);
}
function sessionDestroy($key){
$sql =
delete from
.TB_USER_SESSIONS.
where
sessionID = '$key'
;
return mysql_query($sql);
}
function sessionGarbageCollection(){
$sql =
delete from
.TB_USER_SESSIONS.
where
sessionExpire UNIX_TIMESTAMP()
;
$query = mysql_query($sql);
return sqlAffectedRows();
}
session_set_save_handler(sessionOpen, sessionClose,
sessionRead, sessionWrite, sessionDestroy,
sessionGarbageCollection);
session_start();
?
Some config.php variables:
define('DB_HOST', 'localhost');
define('DB_DB', 'db_name');
define('DB_USER', 'db_user');
define('DB_PASS', 'db_pass');
define('TB_USER_SESSIONS', 'userSessions');
define('SITE_ONLINE_EXPIRE', 900);
The table structure for userSessions looks like this:
CREATE TABLE `userSessions` (
`sessionID` varchar(32) NOT NULL default '',
`sessionData` text NOT NULL,
`sessionExpire` int(10) unsigned NOT NULL default '0',
PRIMARY KEY (`sessionID`)
) TYPE=MyISAM;
When a user logs in you are probably already setting some kind of
userID or userName, so make that a session variable if it is not
already. Then it's just a matter of listing the userNames or userIDs
out of the userSessions table.
You might want to force session garbage collection at the top of each
script by calling sessionGarbageCollection(). That will make the
username listings more realtime.
--
Greg Donald
http://destiney.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Best way to send XML via HTTPS POST
I need to interface with a partner's XML API and they require that the XML request be sent via HTTPS POST. I also need to parse the XML response that the partner's server will send back. Is CURL the best way to handle the transfer or something like PEAR HTTP_Request? I'm looking for the approach that will be the most reliable under heavy load. Thanks for any advice. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] call_user_func and call-time pass-by-reference
Hi,
Saturday, July 3, 2004, 2:02:42 AM, you wrote:
AN How do you use the call_user_func function with call-time
AN pass-by-reference deprecation?
AN For example:
AN function fun($arg) {
AN$arg++;
AN }
AN $var = 0;
AN call_user_func(fun, $var);
AN echo $var; //echoes 0 instead of 1
AN Is their anyway to do this:
AN call_user_func(fun, $var);
AN Thanks for any help with this!
AN Andrew Nagy
With call_user_function() you need to do this:
call_user_func(fun, $var);
--
regards,
Tom
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] call_user_func and call-time pass-by-reference
Tom Rogers wrote: With call_user_function() you need to do this: call_user_func(fun, $var); Tom, this won't work due to the Call-Time Pass-By-Reference deprecation. Does anyone know how to do this? The error message says If you would like to pass it by reference, modify the declaration of call_user_func() ... how would i do this? Andrew -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session id changing all the time on some pc's
On Fri, 2 Jul 2004 12:21:34 -0400 Gerard Samuel [EMAIL PROTECTED] wrote: On Friday 02 July 2004 12:12 pm, Zilvinas Saltys wrote: I looked at server configurations but i couldn't find anything usefull. I tried to change IE settings to accept all cookies but nothing changed. Maybe someone knows where's the problem.. I dont know of all the specifics of your situation, but I know when it happened to my code, it boiled down to a cookie problem. (I never experienced it first hand unless I turned off cookies in my own browser. I saw it was happening for other users on my code). So what I eventually did, was modified my code to work with browsers that do not store cookies (for what ever reason that may be). By that I mean to pass the session id in the url and in forms... I know i can pass the session id by url.. But this solution is ugly and hopefully not the only one there is.. The problem is as i understand IE is not accepting the cookie. So the session id allways regenerates. Everything works fine with mozilla. The strangest part of the show is some pc's that have IE installed accepts those cookies. I turned 'accept ALL cookies'. Same result.. Maybe ... this could be a domain problem.. The only thing i want to know is all the truth about IE (6?) and cookies :) Heeelp :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Best way to send XML via HTTPS POST
On Fri, 02 Jul 2004 12:40:56 -0400, Shaun Fanning [EMAIL PROTECTED] wrote: I need to interface with a partner's XML API and they require that the XML request be sent via HTTPS POST. I also need to parse the XML response that the partner's server will send back. Is CURL the best way to handle the transfer or something like PEAR HTTP_Request? I'm looking for the approach that will be the most reliable under heavy load. Thanks for any advice. I'm not sure about load, but I've had great success with HTTP_Request and HTTP_Client. I'v even submitted a bunch of patches to them to fix bugs. :-) They're very flexible, can do just about anything, and are very simple to use. As for parsing XML, I've created a simple extention of XML_Parser that parses the XML into a (useful!) associative array. It's large if you print_r it, but it gives you *all* of the data and lets you choose exactly what you want. http://www.reversefold.com/PEAR/Assoc.phps -- DB_DataObject_FormBuilder - The database at your fingertips http://pear.php.net/package/DB_DataObject_FormBuilder paperCrane --Justin Patrin-- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] include() with a query string?
Is there some way to fake inclusion with a query string attached? I am trying to add a feature to PHP-Mesh (don't know if anyone's heard of it or using it in these parts), basically some user discovered that they can't have portals with query strings attached to the URL. Currently, portals are built something like this: ?php $page-apply_decorator(../portlets/test.php, portlet); ? The contents of the apply_decorator function look like this: ob_start(); // Using require to make errors happen on failure to include a page. require($decorator_selector-get_path($page_location)); $page_contents = ob_get_clean(); // The rest of this stuff's job is to decorate the page which came back. $page = new Page($page_contents); $decorator = $decorator_selector-get_decorator($decorator_name); $decorator-decorate($page); Now, what I want to do is this: ?php $page-apply_decorator(../portlets/test.php?var=1, portlet); ? But when I do that, it can't require the page, because (obviously) the page test.php?var=1 doesn't exist. I was thinking I could use virtual() for this, but it doesn't seem to work properly either... not even if I pass /portlets/test.php?var=1, which I think is a bit odd. Is there some workaround I can use to include a file and have it process the query string? At the moment I'm thinking of saving $HTTP_GET_VARS, then inserting all the variables manually and restoring the hash after the include, but this seems to be a little more complicated than it should need to be. TX -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] include() with a query string?
On Sat, 03 Jul 2004 03:02:07 +1000, Trejkaz Xaoza [EMAIL PROTECTED] wrote: Is there some way to fake inclusion with a query string attached? Yep. Set the $_GET, $_POST, or $_REQUEST vars you need before including. You could also store a backup copy before doing this and put it back after the include if you need it. I am trying to add a feature to PHP-Mesh (don't know if anyone's heard of it or using it in these parts), basically some user discovered that they can't have portals with query strings attached to the URL. Currently, portals are built something like this: ?php $page-apply_decorator(../portlets/test.php, portlet); ? The contents of the apply_decorator function look like this: ob_start(); // Using require to make errors happen on failure to include a page. require($decorator_selector-get_path($page_location)); $page_contents = ob_get_clean(); // The rest of this stuff's job is to decorate the page which came back. $page = new Page($page_contents); $decorator = $decorator_selector-get_decorator($decorator_name); $decorator-decorate($page); Now, what I want to do is this: ?php $page-apply_decorator(../portlets/test.php?var=1, portlet); ? But when I do that, it can't require the page, because (obviously) the page test.php?var=1 doesn't exist. I was thinking I could use virtual() for this, but it doesn't seem to work properly either... not even if I pass /portlets/test.php?var=1, which I think is a bit odd. Is there some workaround I can use to include a file and have it process the query string? At the moment I'm thinking of saving $HTTP_GET_VARS, then inserting all the variables manually and restoring the hash after the include, but this seems to be a little more complicated than it should need to be. TX -- DB_DataObject_FormBuilder - The database at your fingertips http://pear.php.net/package/DB_DataObject_FormBuilder paperCrane --Justin Patrin-- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Online Users
Okay, I actually found out how to list the users, but you have the following
line of code:
define('SITE_ONLINE_EXPIRE', 900);
What is the 900? Is that 900 seconds?
Thanks,
Matt
http://sweetphp.com
Matt Palermo [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
This looks like a good solution. What is the best way to list the current
users, since the sesssionData seems to be serialized in the db or
something?
I just want to list out all the users from the db.
Thanks,
Matt
http://sweetphp.com
Greg Donald [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
On Fri, 2 Jul 2004 01:13:14 -0400, Matt Palermo [EMAIL PROTECTED]
wrote:
Is it possible to make a table of all logged in users session ids and
then
check to see if the session still exists every couple minutes? So
every
minute or two, it would go through the table and for each record it
would
get the session id, then check that session id to see if it's still in
existance. Is this possible to do?
This is simple to accomplish if you use database managed PHP sessions.
You can override the default PHP session handling functions with
session_set_save_handler() then you will know what users are logged in
by what sessions are still active. Here's how I do it:
My sessions.php that I require in all other scripts on the site:
?php
if(ini_get('session.use_trans_sid')==0){
ini_set(session.use_trans_sid, 1);
}
$sessionDbHandler = '';
function sessionOpen($save_path, $session_name){
global $sessionDbHandler;
if(! $sessionDbHandler = mysql_pconnect(DB_HOST, DB_USER, DB_PASS)){
die(Can't get sessionDbHandler: .mysql_error());
}
return true;
}
function sessionClose(){
return true;
}
function sessionRead($key){
$sql =
select
sessionData
from
.TB_USER_SESSIONS.
where
sessionID = '$key'
and
sessionExpire UNIX_TIMESTAMP()
;
$query = mysql_query($sql);
if(mysql_num_rows($query)){
return mysql_result($query, 0, sessionData);
}
return false;
}
function sessionWrite($key, $val){
$value = addslashes($val);
$sql =
replace into .TB_USER_SESSIONS. (
sessionID,
sessionData,
sessionExpire
) values (
'$key',
'$value',
UNIX_TIMESTAMP() + .SITE_ONLINE_EXPIRE.
)
;
return mysql_query($sql);
}
function sessionDestroy($key){
$sql =
delete from
.TB_USER_SESSIONS.
where
sessionID = '$key'
;
return mysql_query($sql);
}
function sessionGarbageCollection(){
$sql =
delete from
.TB_USER_SESSIONS.
where
sessionExpire UNIX_TIMESTAMP()
;
$query = mysql_query($sql);
return sqlAffectedRows();
}
session_set_save_handler(sessionOpen, sessionClose,
sessionRead, sessionWrite, sessionDestroy,
sessionGarbageCollection);
session_start();
?
Some config.php variables:
define('DB_HOST', 'localhost');
define('DB_DB', 'db_name');
define('DB_USER', 'db_user');
define('DB_PASS', 'db_pass');
define('TB_USER_SESSIONS', 'userSessions');
define('SITE_ONLINE_EXPIRE', 900);
The table structure for userSessions looks like this:
CREATE TABLE `userSessions` (
`sessionID` varchar(32) NOT NULL default '',
`sessionData` text NOT NULL,
`sessionExpire` int(10) unsigned NOT NULL default '0',
PRIMARY KEY (`sessionID`)
) TYPE=MyISAM;
When a user logs in you are probably already setting some kind of
userID or userName, so make that a session variable if it is not
already. Then it's just a matter of listing the userNames or userIDs
out of the userSessions table.
You might want to force session garbage collection at the top of each
script by calling sessionGarbageCollection(). That will make the
username listings more realtime.
--
Greg Donald
http://destiney.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session id changing all the time on some pc's
Zilvinas Saltys [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] On Fri, 2 Jul 2004 12:21:34 -0400 Gerard Samuel [EMAIL PROTECTED] wrote: On Friday 02 July 2004 12:12 pm, Zilvinas Saltys wrote: I looked at server configurations but i couldn't find anything usefull. I tried to change IE settings to accept all cookies but nothing changed. Maybe someone knows where's the problem.. I dont know of all the specifics of your situation, but I know when it happened to my code, it boiled down to a cookie problem. (I never experienced it first hand unless I turned off cookies in my own browser. I saw it was happening for other users on my code). So what I eventually did, was modified my code to work with browsers that do not store cookies (for what ever reason that may be). By that I mean to pass the session id in the url and in forms... I know i can pass the session id by url.. But this solution is ugly and hopefully not the only one there is.. The problem is as i understand IE is not accepting the cookie. So the session id allways regenerates. Everything works fine with mozilla. The strangest part of the show is some pc's that have IE installed accepts those cookies. I turned 'accept ALL cookies'. Same result.. Maybe ... this could be a domain problem.. The only thing i want to know is all the truth about IE (6?) and cookies :) Heeelp :) Sorry to say that but just DO NOT use cookies. You will always have problems with users having weird cookie settings in their browser. Cookies are fine for intranets where you know the infrastructure you are dealing with. Passing the session id via GET/POST may be ugly but makes you independent of the browser's cookie settings. Regards, Torsten Roehr -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP 5 Install problem:[sapi/cli/php] Error 1 ?
Hi all, I'm having trouble installing PHP 5 on a Fedora Core 2 box. I get through ./configure fine but during the make I get errors like this: ext/pcre/php_pcre.lo(.text+0x2e38):/home/jough/php-5.0.0RC3/ext/pcre/ php_pcre.c:1482: undefined reference to `php_pcre_exec' collect2: ld returned 1 exit status make: *** [sapi/cli/php] Error 1 Looked online for a solution to no avail. Anyone know how to fix this? Below is my configure stuff Thanks!!! ./configure --host=i386-redhat-linux' '--build=i386-redhat-linux' '--target=i386-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib' '--libexecdir=/usr/libexec' '--localstatedir=/var' '--sharedstatedir=/usr/com' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--cache-file=../config.cache' '--with-config-file-path=/etc' '--with-config-file-scan-dir=/etc/php.d' '--enable-force-cgi-redirect' '--disable-debug' '--enable-pic' '--disable-rpath' '--enable-inline-optimization' '--with-bz2' '--with-db4=/usr' '--with-curl ' '--with-exec-dir=/usr/bin' '--with-freetype-dir=/usr' '--with-png-dir=/usr' '--with-gd' '--enable-gd-native-ttf' '--without-gdbm' '--with-gettext' '--with-ncurses' '--with-gmp' '--with-iconv' '--with-jpeg-dir=/usr' '--with-openssl' '--with-png' '--with-pspell' '--with-regex=system' '--with-xml' '--with-expat-dir=/usr' '--with-dom=shared,/usr' '--with-dom-xslt=/usr' '--with-dom-exslt=/usr' '--with-xmlrpc=shared' '--with-pcre-regex=/usr' '--with-zlib' '--with-layout=GNU' '--enable-bcmath' '--enable-exif' '--enable-ftp' '--enable-magic-quotes' '--enable-safe-mode' '--enable-sockets' '--enable-sysvsem' '--enable-sysvshm' '--enable-track-vars' '--enable-trans-sid' '--enable-yp' '--enable-wddx' '--with-pear=/usr/share/pear' '--with-imap=shared' '--with-imap-ssl' '--with-kerberos' '--with-ldap=shared' '--with-mysql=shared,/usr' '--with-pgsql=shared' '--with-snmp=shared,/usr' '--with-snmp=shared' '--enable-ucd-snmp-hack' '--with-unixODBC=shared,/usr' '--enable-memory-limit' '--enable-bcmath' '--enable-shmop' '--enable-calendar' '--enable-dbx' '--enable-dio' '--enable-mcal' '--enable-mbstring' '--enable-mbstr-enc-trans' '--enable-mbregex' '--with-apxs2=/usr/sbin/apxs' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] session id changing all the time on some pc's
Zilvinas Saltys wrote:
The problem is as i understand IE is not accepting the cookie. So the
session id allways regenerates. Everything works fine with mozilla.
[...]
The only thing i want to know is all the truth about IE (6?) and
cookies :)
Could it be a problem with IE6 and P3P (http://www.w3.org/P3P/)?
This is just hearsay, but a friend of mine told me about a problem he was having
with IE6 and cookies in his application. He had to send a P3P header before some
versions of IE would accept the cookie. I've read that P3P only applies to
persistant cookies, but his was temporary and was still not working until he added
this:
header('P3P: CP=NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM');
I have no first hand experience with this myself, and I haven't done the proper
research to become familiar with it. Make of this what you will. :) More
information here:
http://www.computercops.biz/modules.php?name=Newsfile=printsid=837
HTH
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] safe mode/open basedir not working ?
Ok. How about set the safe_mode_exec_dir to /dev/null then ? On Wed, 30 Jun 2004 21:55:17 -0700, Justin Patrin [EMAIL PROTECTED] wrote: YES. You need to set the safe_mode_exec_dir path to be some path without binaries. Such as: /etc, although that's a bad example. Make a directory with only root write access and point that config option to it. On Wed, 30 Jun 2004 22:31:27 -0400, robert mena [EMAIL PROTECTED] wrote: Marek, Justin, am I doing something wrong with the setup because I saw the logs and a redeye.php was used to system(perl -) and was not supposed to. On Thu, 01 Jul 2004 00:32:07 +0200, Marek Kilimajer [EMAIL PROTECTED] wrote: Justin Patrin wrote --- napísal:: On Wed, 30 Jun 2004 23:50:02 +0200, Marek Kilimajer [EMAIL PROTECTED] wrote: robert mena wrote --- napísal:: Hi, I host a few virtual domains in apache 2 and use php. The virtual domain is something like VirtualHost a.b.c.d:80 ServerAdmin [EMAIL PROTECTED] DocumentRoot /home/httpd/html/domain.com ServerName www.domain.com ErrorLog logs/domain.com-error_log CustomLog logs/domain.com-access_log combined ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/ Directory /home/httpd/html/domain.com/ AllowOverride AuthConfig Limit php_admin_value doc_root /home/httpd/html/domain.com/ php_admin_flag safe_mode on php_admin_value open_basedir /home/httpd/html/domain.com:/tmp/ /Directory /VirtualHost Recently I had a minor problem with a user that uploaded via ftp a php script in his domain and this domain used exec/system etc to call perl, read files. Shouldn't the settings above retrict such thing ? no, this setting affects only php, not programs executed from php If you have safe mode on, you can set various things to stop this. One is safe_mode_exec_dir. Actualy you have to if you want to use any of the exec functions: !DSPAM:40e37582309468563245817! -- paperCrane --Justin Patrin-- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session id changing all the time on some pc's
Zilvinas Saltys [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] On Fri, 2 Jul 2004 12:21:34 -0400 Gerard Samuel [EMAIL PROTECTED] wrote: On Friday 02 July 2004 12:12 pm, Zilvinas Saltys wrote: I looked at server configurations but i couldn't find anything usefull. I tried to change IE settings to accept all cookies but nothing changed. Maybe someone knows where's the problem.. I dont know of all the specifics of your situation, but I know when it happened to my code, it boiled down to a cookie problem. (I never experienced it first hand unless I turned off cookies in my own browser. I saw it was happening for other users on my code). So what I eventually did, was modified my code to work with browsers that do not store cookies (for what ever reason that may be). By that I mean to pass the session id in the url and in forms... I know i can pass the session id by url.. But this solution is ugly and hopefully not the only one there is.. The problem is as i understand IE is not accepting the cookie. So the session id allways regenerates. Everything works fine with mozilla. The strangest part of the show is some pc's that have IE installed accepts those cookies. I turned 'accept ALL cookies'. Same result.. Maybe ... this could be a domain problem.. The only thing i want to know is all the truth about IE (6?) and cookies :) Heeelp :) Sorry to say that but just DO NOT use cookies. You will always have problems with users having weird cookie settings in their browser. Cookies are fine for intranets where you know the infrastructure you are dealing with. Passing the session id via GET/POST may be ugly but makes you independent of the browser's cookie settings. Regards, Torsten Roehr I can agree with this. I created an internal website for my company that requires login. And even then some users a restricted to certain areas of the website depending on their user level. Passing the $_SESSION variables around was just plain easier than setting up cookies. I also felt I had a greater control over the whole process from login to logout. Instead of passing the session_id through the URL ($_GET) just assign it to $_SESSION and pass that around. Then it'll stay transparent to the user. --Matthew Sims --http://killermookie.org -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session id changing all the time on some pc's
Matthew Sims [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Zilvinas Saltys [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] On Fri, 2 Jul 2004 12:21:34 -0400 Gerard Samuel [EMAIL PROTECTED] wrote: On Friday 02 July 2004 12:12 pm, Zilvinas Saltys wrote: I looked at server configurations but i couldn't find anything usefull. I tried to change IE settings to accept all cookies but nothing changed. Maybe someone knows where's the problem.. I dont know of all the specifics of your situation, but I know when it happened to my code, it boiled down to a cookie problem. (I never experienced it first hand unless I turned off cookies in my own browser. I saw it was happening for other users on my code). So what I eventually did, was modified my code to work with browsers that do not store cookies (for what ever reason that may be). By that I mean to pass the session id in the url and in forms... I know i can pass the session id by url.. But this solution is ugly and hopefully not the only one there is.. The problem is as i understand IE is not accepting the cookie. So the session id allways regenerates. Everything works fine with mozilla. The strangest part of the show is some pc's that have IE installed accepts those cookies. I turned 'accept ALL cookies'. Same result.. Maybe ... this could be a domain problem.. The only thing i want to know is all the truth about IE (6?) and cookies :) Heeelp :) Sorry to say that but just DO NOT use cookies. You will always have problems with users having weird cookie settings in their browser. Cookies are fine for intranets where you know the infrastructure you are dealing with. Passing the session id via GET/POST may be ugly but makes you independent of the browser's cookie settings. Regards, Torsten Roehr I can agree with this. I created an internal website for my company that requires login. And even then some users a restricted to certain areas of the website depending on their user level. Passing the $_SESSION variables around was just plain easier than setting up cookies. I also felt I had a greater control over the whole process from login to logout. Instead of passing the session_id through the URL ($_GET) just assign it to $_SESSION and pass that around. Then it'll stay transparent to the user. Could you describe the last paragraph a bit more in detail? Thanks in advance! Torsten -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] safe mode/open basedir not working ?
That *may* not work as it's a file, not a folder. You're welcome to try, though. :-) On Fri, 2 Jul 2004 14:19:25 -0400, robert mena [EMAIL PROTECTED] wrote: Ok. How about set the safe_mode_exec_dir to /dev/null then ? On Wed, 30 Jun 2004 21:55:17 -0700, Justin Patrin [EMAIL PROTECTED] wrote: YES. You need to set the safe_mode_exec_dir path to be some path without binaries. Such as: /etc, although that's a bad example. Make a directory with only root write access and point that config option to it. On Wed, 30 Jun 2004 22:31:27 -0400, robert mena [EMAIL PROTECTED] wrote: Marek, Justin, am I doing something wrong with the setup because I saw the logs and a redeye.php was used to system(perl -) and was not supposed to. On Thu, 01 Jul 2004 00:32:07 +0200, Marek Kilimajer [EMAIL PROTECTED] wrote: Justin Patrin wrote --- napísal:: On Wed, 30 Jun 2004 23:50:02 +0200, Marek Kilimajer [EMAIL PROTECTED] wrote: robert mena wrote --- napísal:: Hi, I host a few virtual domains in apache 2 and use php. The virtual domain is something like VirtualHost a.b.c.d:80 ServerAdmin [EMAIL PROTECTED] DocumentRoot /home/httpd/html/domain.com ServerName www.domain.com ErrorLog logs/domain.com-error_log CustomLog logs/domain.com-access_log combined ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/ Directory /home/httpd/html/domain.com/ AllowOverride AuthConfig Limit php_admin_value doc_root /home/httpd/html/domain.com/ php_admin_flag safe_mode on php_admin_value open_basedir /home/httpd/html/domain.com:/tmp/ /Directory /VirtualHost Recently I had a minor problem with a user that uploaded via ftp a php script in his domain and this domain used exec/system etc to call perl, read files. Shouldn't the settings above retrict such thing ? no, this setting affects only php, not programs executed from php If you have safe mode on, you can set various things to stop this. One is safe_mode_exec_dir. Actualy you have to if you want to use any of the exec functions: -- paperCrane --Justin Patrin-- !DSPAM:40e5a54342181346017871! -- DB_DataObject_FormBuilder - The database at your fingertips http://pear.php.net/package/DB_DataObject_FormBuilder paperCrane --Justin Patrin-- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session id changing all the time on some pc's
Instead of passing the session_id through the URL ($_GET) just assign it to $_SESSION and pass that around. Then it'll stay transparent to the user. Could you describe the last paragraph a bit more in detail? Thanks in advance! Torsten What if you used this? session_start(); $_SESSION['sid']=session_id($HTTP_GET_VARS['sid']); Now as long as each of your pages has session_start() at the top, you can use $_SESSION['sid'] whereever. To the mailing list: Am I doing this correctly? --Matthew Sims --http://killermookie.org -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] safe mode/open basedir not working ?
Ok. It did not worked. I had to create an empy dir. Well, one problem. Since I have users with ftp access and they host php scripts that handle file uploads. The files are created with apache.apache and are usually moved to the user's directory using move_uploaded_file. Since the owner/gorup of the script would be foo.ftponly this would fail due to uid differences. How do I solve this ? Change the user's group from ftponly to apache and use the safe_mode_gid on ? - rt On Fri, 2 Jul 2004 11:28:39 -0700, Justin Patrin [EMAIL PROTECTED] wrote: That *may* not work as it's a file, not a folder. You're welcome to try, though. :-) On Fri, 2 Jul 2004 14:19:25 -0400, robert mena [EMAIL PROTECTED] wrote: Ok. How about set the safe_mode_exec_dir to /dev/null then ? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Password encyption
I have been looking at a number of scripts and they all seem to use something like a config.php file where there is a var called something like $dbpasswd but the password is still clear text. While I understand that the file only sets vars and it can be put outside the document root so that it cannot be accessed and you can protect it with permissions and all on the server, and you can even put a simple if statement to check that the script it was meant for is loading it. But has anyone done something like encypting that password rather than leaving it in plan text. Call me paranoid but I think I would rather play the little bit in overhead to decypt the password to give myself a slightly safer feel about my database password. _ FREE pop-up blocking with the new MSN Toolbar get it now! http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] regular expression
Could someone help me with a regular expression? I am not very good at them. I want to find the following pattern inside a file: [%string%] Then extract the string portion to store in array. I would next like to replace those patterns with html code. That's right you guessed it a template engine type program. I thought it was/\[\%[a-z]\%\] but I guess I am wrong. Then what function do I use to extract. Thank you, George
RE: [PHP] Password encyption
[snip] But has anyone done something like encypting that password rather than leaving it in plan text. [/snip] Yes. Happy Independence Day! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP 5 Install problem:[sapi/cli/php] Error 1 ?
Greetings, for anyone who is interested, I figured out what the problem was. After perusing my config options a few times I noticed one that was suspicious --with-pcre-regex=/usr I then found out these was the perl compatible regex stuff. I ended up leaving that option out and built PHP 5. After looking at the output of phpinfo() I saw that pcre was still enabled. Don't know why it was causing errors though. But at least it's solved!! On Jul 2, 2004, at 1:19 PM, Jough P wrote: Hi all, I'm having trouble installing PHP 5 on a Fedora Core 2 box. I get through ./configure fine but during the make I get errors like this: ext/pcre/php_pcre.lo(.text+0x2e38):/home/jough/php-5.0.0RC3/ext/pcre/ php_pcre.c:1482: undefined reference to `php_pcre_exec' collect2: ld returned 1 exit status make: *** [sapi/cli/php] Error 1 Looked online for a solution to no avail. Anyone know how to fix this? Below is my configure stuff Thanks!!! ./configure --host=i386-redhat-linux' '--build=i386-redhat-linux' '--target=i386-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib' '--libexecdir=/usr/libexec' '--localstatedir=/var' '--sharedstatedir=/usr/com' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--cache-file=../config.cache' '--with-config-file-path=/etc' '--with-config-file-scan-dir=/etc/php.d' '--enable-force-cgi-redirect' '--disable-debug' '--enable-pic' '--disable-rpath' '--enable-inline-optimization' '--with-bz2' '--with-db4=/usr' '--with-curl ' '--with-exec-dir=/usr/bin' '--with-freetype-dir=/usr' '--with-png-dir=/usr' '--with-gd' '--enable-gd-native-ttf' '--without-gdbm' '--with-gettext' '--with-ncurses' '--with-gmp' '--with-iconv' '--with-jpeg-dir=/usr' '--with-openssl' '--with-png' '--with-pspell' '--with-regex=system' '--with-xml' '--with-expat-dir=/usr' '--with-dom=shared,/usr' '--with-dom-xslt=/usr' '--with-dom-exslt=/usr' '--with-xmlrpc=shared' '--with-pcre-regex=/usr' '--with-zlib' '--with-layout=GNU' '--enable-bcmath' '--enable-exif' '--enable-ftp' '--enable-magic-quotes' '--enable-safe-mode' '--enable-sockets' '--enable-sysvsem' '--enable-sysvshm' '--enable-track-vars' '--enable-trans-sid' '--enable-yp' '--enable-wddx' '--with-pear=/usr/share/pear' '--with-imap=shared' '--with-imap-ssl' '--with-kerberos' '--with-ldap=shared' '--with-mysql=shared,/usr' '--with-pgsql=shared' '--with-snmp=shared,/usr' '--with-snmp=shared' '--enable-ucd-snmp-hack' '--with-unixODBC=shared,/usr' '--enable-memory-limit' '--enable-bcmath' '--enable-shmop' '--enable-calendar' '--enable-dbx' '--enable-dio' '--enable-mcal' '--enable-mbstring' '--enable-mbstr-enc-trans' '--enable-mbregex' '--with-apxs2=/usr/sbin/apxs' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Password encyption
Anzak Wolf wrote: Call me paranoid but I think I would rather play the little bit in overhead to decypt the password to give myself a slightly safer feel about my database password. Paranoid. And where do you plan on keeping the key to decrypt the password? In another file? How are you going to protect that file? Paranoid. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session id changing all the time on some pc's
On Friday 02 July 2004 02:13 pm, Torsten Roehr wrote: Passing the session id via GET/POST may be ugly but makes you independent of the browser's cookie settings. I would have to agree... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session id changing all the time on some pc's
Matthew Sims [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Instead of passing the session_id through the URL ($_GET) just assign it to $_SESSION and pass that around. Then it'll stay transparent to the user. Could you describe the last paragraph a bit more in detail? Thanks in advance! Torsten What if you used this? session_start(); $_SESSION['sid']=session_id($HTTP_GET_VARS['sid']); Now as long as each of your pages has session_start() at the top, you can use $_SESSION['sid'] whereever. To the mailing list: Am I doing this correctly? But somehow you have to pass the session id from page to page!?! By the way, the session id is always available as the constant SID. Torsten -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session id changing all the time on some pc's
Matthew Sims [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Instead of passing the session_id through the URL ($_GET) just assign it to $_SESSION and pass that around. Then it'll stay transparent to the user. Could you describe the last paragraph a bit more in detail? Thanks in advance! Torsten What if you used this? session_start(); $_SESSION['sid']=session_id($HTTP_GET_VARS['sid']); Now as long as each of your pages has session_start() at the top, you can use $_SESSION['sid'] whereever. To the mailing list: Am I doing this correctly? But somehow you have to pass the session id from page to page!?! By the way, the session id is always available as the constant SID. Torsten The $_SESSION['sid'] will follow from page to page. As long as the user stays in the current session, all $_SESSION variables will follow from page to page as long as session_start() is used. --Matthew Sims --http://killermookie.org -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Password encyption
I realize the key needs to be stored somewhere which is part of the problem of how to make it a bit more secure. I just don't feel safe if a password in a flat file in clear text. Ideally the database should support something like an ssh style public/private Key auth where the private Key is stored internally to the database. Though I don't know if any databases out there actaully do that or if it would be worth the time to set up and learn for me. _ FREE pop-up blocking with the new MSN Toolbar get it now! http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Password encyption
[snip] I realize the key needs to be stored somewhere which is part of the problem of how to make it a bit more secure. I just don't feel safe if a password in a flat file in clear text. Ideally the database should support something like an ssh style public/private Key auth where the private Key is stored internally to the database. Though I don't know if any databases out there actaully do that or if it would be worth the time to set up and learn for me. [/snip] Have you aactually checked the documentation of your database? It may be quite simple. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session id changing all the time on some pc's
Matthew Sims [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Matthew Sims [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Instead of passing the session_id through the URL ($_GET) just assign it to $_SESSION and pass that around. Then it'll stay transparent to the user. Could you describe the last paragraph a bit more in detail? Thanks in advance! Torsten What if you used this? session_start(); $_SESSION['sid']=session_id($HTTP_GET_VARS['sid']); Now as long as each of your pages has session_start() at the top, you can use $_SESSION['sid'] whereever. To the mailing list: Am I doing this correctly? But somehow you have to pass the session id from page to page!?! By the way, the session id is always available as the constant SID. Torsten The $_SESSION['sid'] will follow from page to page. As long as the user stays in the current session, all $_SESSION variables will follow from page to page as long as session_start() is used. OK, but HOW do you manage that the user stays in the current session. Usually this is made sure by passing the session id around. But obviously you are not doing this, are you? Torsten -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] regular expression
First of all, you might want to put more than one % probably like %%% Reason is, asp users % % like php uses ? ?. Just a precaution. You almost had the regex right. /%[a-z]+%/i Thans means, starts with a %, can match a-z, at least once (the + part) but as many times (greedy), then another %, and the i means case-insensitive. If you don't have that you'd have to do [a-zA-Z] instead. Also, will there be anything else in there besides just alpha chars? -Josh On Fri, 2 Jul 2004 13:56:29 -0500, George Lantz [EMAIL PROTECTED] wrote: Could someone help me with a regular expression? I am not very good at them. I want to find the following pattern inside a file: [%string%] Then extract the string portion to store in array. I would next like to replace those patterns with html code. That's right you guessed it a template engine type program. I thought it was/\[\%[a-z]\%\] but I guess I am wrong. Then what function do I use to extract. Thank you, George -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] call_user_func and call-time pass-by-reference
* Thus wrote Andrew Nagy:
How do you use the call_user_func function with call-time
pass-by-reference deprecation?
For example:
function fun($arg) {
$arg++;
}
$var = 0;
call_user_func(fun, $var);
echo $var; //echoes 0 instead of 1
$func_call = 'fun';
$func_call($var);
Curt
--
First, let me assure you that this is not one of those shady pyramid schemes
you've been hearing about. No, sir. Our model is the trapezoid!
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Password encyption
gt;[snip] gt;I realize the key needs to be stored somewhere which is part of the gt;problem of how to make it a bit more secure. I just don't feel safe if gt;a password in a flat file in clear text. Ideally the database should gt;support something gt;like an ssh style public/private Key auth where the private Key is gt;stored internally to the database. Though I don't know if any databases gt;out there actaully do that or if it would be worth the time to set up gt;and learn for gt;me. gt;[/snip] gt; gt;Have you aactually checked the documentation of your database? It may be gt;quite simple. gt; Yes I have looked though since I'm not 100% sure what I'm looking for it is hard to come up with a solid answer. I'm just looking for a more secure way to connect to my database through PHP and was hoping to find some suggestions here, not get the run around. _ Check out the latest news, polls and tools in the MSN 2004 Election Guide! http://special.msn.com/msn/election2004.armx -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Password encyption
So host your own server. That way nobody but you has access to it. Then you could store the password wherever you want, unecrypted, and it wouldn't matter. If you're running an application that's that security conscious, you shouldn't be using a shared server anyway. -Original Message- From: Anzak Wolf [mailto:[EMAIL PROTECTED] Sent: Friday, July 02, 2004 1:24 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: [PHP] Password encyption Yes I have looked though since I'm not 100% sure what I'm looking for it is hard to come up with a solid answer. I'm just looking for a more secure way to connect to my database through PHP and was hoping to find some suggestions here, not get the run around. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session id changing all the time on some pc's
The $_SESSION['sid'] will follow from page to page. As long as the user
stays in the current session, all $_SESSION variables will follow from
page to page as long as session_start() is used.
OK, but HOW do you manage that the user stays in the current session.
Usually this is made sure by passing the session id around. But
obviously
you are not doing this, are you?
Torsten
As long as the user keeps his browser pointing at your site, then they'll
stay in the currect session. The moment they shut down the web browser,
the session is lost.
When the user first comes to your site, assign the session_id to a
$_SESSION variable. Then as the user jumps from page to page, check the
$_SESSION variable with the session_id on that page.
Try this, on the front page:
session_start();
$_SESSOIN['sid']=session_id();
On another page:
if ($_SESSION['sid']==session_id()) {
continue browsing;
} else {
redirect to front page;
}
or however you want it to be. The above isn't tested. Not sure if
session_id needs to be assigned to a variable.
Is this what you're referring to or am I just misreading what you're asking?
--Matthew Sims
--http://killermookie.org
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Password encyption
So host your own server. That way nobody but you has access to it. Then you could store the password wherever you want, unecrypted, and it wouldn't matter. If you're running an application that's that security conscious, you shouldn't be using a shared server anyway. -Original Message- From: Anzak Wolf [mailto:[EMAIL PROTECTED] Sent: Friday, July 02, 2004 1:24 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: [PHP] Password encyption Yes I have looked though since I'm not 100% sure what I'm looking for it is hard to come up with a solid answer. I'm just looking for a more secure way to connect to my database through PHP and was hoping to find some suggestions here, not get the run around. Bob does make a good point. If you don't run your own server, you might want to see other options about running your site. If you do run your own server, maybe store the passwd as an MD5 hash on the web page that sends it to a script outside your web root. If the MD5 hashes match, return the passwd back to the web page. --Matthew Sims --http://killermookie.org -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Password encyption
gt;So host your own server. That way nobody but you has access to it. gt;Then you could store the password wherever you want, unecrypted, and it gt;wouldn't matter. If you're running an application that's that security gt;conscious, you shouldn't be using a shared server anyway. I do run my own server but I know for a fact that even if I harden the server as much as I can there is a chance that someone could gain access to that server. While once they have root on the box they pretty much can do as they like, and my app really does not have a huge security requirement, this is a learning processes for me and I'm always looking for a better/more secure way to do things. _ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session id changing all the time on some pc's
On Friday 02 July 2004 04:38 pm, Matthew Sims wrote: As long as the user keeps his browser pointing at your site, then they'll stay in the currect session. The moment they shut down the web browser, the session is lost. The logic doesnt compute with me. I guess I'll have to try this myself... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session id changing all the time on some pc's
Matthew Sims [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
The $_SESSION['sid'] will follow from page to page. As long as the user
stays in the current session, all $_SESSION variables will follow from
page to page as long as session_start() is used.
OK, but HOW do you manage that the user stays in the current session.
Usually this is made sure by passing the session id around. But
obviously
you are not doing this, are you?
Torsten
As long as the user keeps his browser pointing at your site, then they'll
stay in the currect session. The moment they shut down the web browser,
the session is lost.
This does only work *with* using a cookie.
When the user first comes to your site, assign the session_id to a
$_SESSION variable. Then as the user jumps from page to page, check the
$_SESSION variable with the session_id on that page.
Try this, on the front page:
session_start();
$_SESSOIN['sid']=session_id();
On another page:
if ($_SESSION['sid']==session_id()) {
continue browsing;
} else {
redirect to front page;
}
or however you want it to be. The above isn't tested. Not sure if
session_id needs to be assigned to a variable.
Is this what you're referring to or am I just misreading what you're
asking?
No, this is exactly what I wanted to know. But it would contradict
everything I experienced with sessions until now - and it does. I just
tested your code (with session_start() also at the top of page2). It does
not work because there is absolutely no relation between page1 and page2
with your code. In this case a new session is being started on page two.
You have got to pass the session id from one page to another (when not using
a cookie) otherwise it won't work and rightly so.
Maybe your memory played a trick on you ;) Don't mind.
Regards, Torsten
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session id changing all the time on some pc's
No, this is exactly what I wanted to know. But it would contradict everything I experienced with sessions until now - and it does. I just tested your code (with session_start() also at the top of page2). It does not work because there is absolutely no relation between page1 and page2 with your code. In this case a new session is being started on page two. You have got to pass the session id from one page to another (when not using a cookie) otherwise it won't work and rightly so. Ah, you are so correct. My apologies. Without cookies turned on then the session id is different with each page. Bleh. Okay...so...ignore all that I said. :) So I guess $_GET is the only option...that sucks. Sorry dude. --Matthew Sims --http://killermookie.org -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Password encyption
Well that's a whole different thing, then. -Original Message- From: Anzak Wolf [mailto:[EMAIL PROTECTED] Sent: Friday, July 02, 2004 1:40 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: [PHP] Password encyption I do run my own server but I know for a fact that even if I harden the server as much as I can there is a chance that someone could gain access to that server. While once they have root on the box they pretty much can do as they like, and my app really does not have a huge security requirement, this is a learning processes for me and I'm always looking for a better/more secure way to do things. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP cgi
There used to be a way that stripped something from a PHP binary that drastically reduced the size of the cgi file. For the life of me, I can't remember and can't find it on google anywhere. Anyone know what it is? TIA, Steve
[PHP] Re: Best way to send XML via HTTPS POST
Hello, On 07/02/2004 01:40 PM, Shaun Fanning wrote: I need to interface with a partner's XML API and they require that the XML request be sent via HTTPS POST. I also need to parse the XML response that the partner's server will send back. Is CURL the best way to handle the transfer or something like PEAR HTTP_Request? I'm looking for the approach that will be the most reliable under heavy load. Thanks for any advice. SSL (HTTPS) support is a little tricky. Some hosts may or may not provide curl or openssl PHP extensions that are necessary to support SSL. You may want to try this popular HTTP client that makes SSL requests figuring automatically whether it is possible to use curl or openssl for you. The usage of the class is the same regardless which of the libraries is available. It already comes with an example to make XML HTTP POST requests: http://www.phpclasses.org/httpclient -- Regards, Manuel Lemos PHP Classes - Free ready to use OOP components written in PHP http://www.phpclasses.org/ PHP Reviews - Reviews of PHP books and other products http://www.phpclasses.org/reviews/ Metastorage - Data object relational mapping layer generator http://www.meta-language.net/metastorage.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Help needed
Hi, I am completely new to PHP and would need some help. I have just opened a site for my manufaturing business and would like to create a section where each of my clients get their own account in which they can login and check the status of their order. For this I would need a script for accounts (SQL, I guess?) and also a script for updating the status page of each order. I do want something like an admin area since there are several of us who would update the pages. Basically I just want to have diffeent fields with information which are easily updated but for different accounts/clients. Is there somewhere I can read up on how to make such a thing or do I need to hire someone to do this Thanks, Christian -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Best way to send XML via HTTPS POST
Thanks Manuel, I will take a look at it. I do have complete control over the box this is running on, so I can rebuild PHP with support for CURL and OpenSSL if necessary. My main concern is having a robust approach that is fast and efficient under a high load. On 7/2/04 5:55 PM, Manuel Lemos [EMAIL PROTECTED] wrote: Hello, On 07/02/2004 01:40 PM, Shaun Fanning wrote: I need to interface with a partner's XML API and they require that the XML request be sent via HTTPS POST. I also need to parse the XML response that the partner's server will send back. Is CURL the best way to handle the transfer or something like PEAR HTTP_Request? I'm looking for the approach that will be the most reliable under heavy load. Thanks for any advice. SSL (HTTPS) support is a little tricky. Some hosts may or may not provide curl or openssl PHP extensions that are necessary to support SSL. You may want to try this popular HTTP client that makes SSL requests figuring automatically whether it is possible to use curl or openssl for you. The usage of the class is the same regardless which of the libraries is available. It already comes with an example to make XML HTTP POST requests: http://www.phpclasses.org/httpclient -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP cgi
* Thus wrote Steve Douville: There used to be a way that stripped something from a PHP binary that drastically reduced the size of the cgi file. For the life of me, I can't remember and can't find it on google anywhere. Anyone know what it is? You're looking for the 'strip' command Curt -- First, let me assure you that this is not one of those shady pyramid schemes you've been hearing about. No, sir. Our model is the trapezoid! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] PHP cgi
Found lots of stuff under google PHP Obfuscate. Unless you have compiler, php is source, and obfuscators seem to be directed at making things both compact and hard to hack. On the other hand, if you have a compiler, ignore this. Warren Vail -Original Message- From: Curt Zirzow [mailto:[EMAIL PROTECTED] Sent: Friday, July 02, 2004 3:38 PM To: [EMAIL PROTECTED] Subject: Re: [PHP] PHP cgi * Thus wrote Steve Douville: There used to be a way that stripped something from a PHP binary that drastically reduced the size of the cgi file. For the life of me, I can't remember and can't find it on google anywhere. Anyone know what it is? You're looking for the 'strip' command Curt -- First, let me assure you that this is not one of those shady pyramid schemes you've been hearing about. No, sir. Our model is the trapezoid! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session id changing all the time on some pc's
* Thus wrote Torsten Roehr: Zilvinas Saltys [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] The only thing i want to know is all the truth about IE (6?) and cookies :) Heeelp :) Sorry to say that but just DO NOT use cookies. You will always have problems with users having weird cookie settings in their browser. Cookies are fine for intranets where you know the infrastructure you are dealing with. Passing the session id via GET/POST may be ugly but makes you independent of the browser's cookie settings. I would strongly discourage trans_id with sessions that contain sensitive data. Curt -- First, let me assure you that this is not one of those shady pyramid schemes you've been hearing about. No, sir. Our model is the trapezoid! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Best way to send XML via HTTPS POST
Hello, On 07/02/2004 07:18 PM, Shaun Fanning wrote: Thanks Manuel, I will take a look at it. I do have complete control over the box this is running on, so I can rebuild PHP with support for CURL and OpenSSL if necessary. My main concern is having a robust approach that is fast and efficient under a high load. In that case a Curl based solution is probably better because it is a library purely written in C and it takes care about low level details that would probably take more time to execute with pure PHP and socket access calls with OpenSSL. I need to interface with a partner's XML API and they require that the XML request be sent via HTTPS POST. I also need to parse the XML response that the partner's server will send back. Is CURL the best way to handle the transfer or something like PEAR HTTP_Request? I'm looking for the approach that will be the most reliable under heavy load. Thanks for any advice. SSL (HTTPS) support is a little tricky. Some hosts may or may not provide curl or openssl PHP extensions that are necessary to support SSL. You may want to try this popular HTTP client that makes SSL requests figuring automatically whether it is possible to use curl or openssl for you. The usage of the class is the same regardless which of the libraries is available. It already comes with an example to make XML HTTP POST requests: http://www.phpclasses.org/httpclient -- Regards, Manuel Lemos PHP Classes - Free ready to use OOP components written in PHP http://www.phpclasses.org/ PHP Reviews - Reviews of PHP books and other products http://www.phpclasses.org/reviews/ Metastorage - Data object relational mapping layer generator http://www.meta-language.net/metastorage.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP 5 Install problem:[sapi/cli/php] Error 1 ?
* Thus wrote Jough P: Hi all, I'm having trouble installing PHP 5 on a Fedora Core 2 box. I get through ./configure fine but during the make I get errors like this: ext/pcre/php_pcre.lo(.text+0x2e38):/home/jough/php-5.0.0RC3/ext/pcre/ php_pcre.c:1482: undefined reference to `php_pcre_exec' collect2: ld returned 1 exit status make: *** [sapi/cli/php] Error 1 This means it can't find the shared object for the pcrelib. ./configure --host=i386-redhat-linux' ... '--with-pcre-regex=/usr' Any paticular reason you are using this? Php has a build in pcrelib that it will use. Otherwise you're pcrelib is probably in a awkward place. Curt -- First, let me assure you that this is not one of those shady pyramid schemes you've been hearing about. No, sir. Our model is the trapezoid! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP 5 Install problem:[sapi/cli/php] Error 1 ?
* Thus wrote Jough P: Greetings, for anyone who is interested, I figured out what the problem was. After perusing my config options a few times I noticed one that was suspicious --with-pcre-regex=/usr I had a feeling it was that. I then found out these was the perl compatible regex stuff. I ended up leaving that option out and built PHP 5. After looking at the output of phpinfo() I saw that pcre was still enabled. Don't know why it was causing errors though. But at least it's solved!! See my explaination in my other message :) Curt -- First, let me assure you that this is not one of those shady pyramid schemes you've been hearing about. No, sir. Our model is the trapezoid! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session id changing all the time on some pc's
On Fri, 2 Jul 2004 22:45:23 + Curt Zirzow [EMAIL PROTECTED] wrote: * Thus wrote Torsten Roehr: Zilvinas Saltys [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] The only thing i want to know is all the truth about IE (6?) and cookies :) Heeelp :) Sorry to say that but just DO NOT use cookies. You will always have problems with users having weird cookie settings in their browser. Cookies are fine for intranets where you know the infrastructure you are dealing with. Passing the session id via GET/POST may be ugly but makes you independent of the browser's cookie settings. I would strongly discourage trans_id with sessions that contain sensitive data. Yes it does contain sensitive data.. And those people cant work with that data because of IE... Those people have to travel from place to place. They can't use mozilla everywhere or change the IE settings or even to turn the zone alarm off... So what are your suggestions? Using trans sid is the only solution as i see now.. No matter how unsafe it is.. Or it looks or works ugly.. That is the problem :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] php.ini mail settings
[mail function] ; For Win32 only. SMTP = smtp.mail.yahoo.co.uk ; for Win32 only sendmail_from= [EMAIL PROTECTED] ; for Win32 only ; For Win32 only. ;sendmail_from = [EMAIL PROTECTED] is there anyway to set a password for the mail function in php.ini thanks -- Olly Using Opera's revolutionary e-mail client: http://www.opera.com/m2/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php.ini mail settings
I don't think so. I would suggest using PEAR::Mail, which has support for passwords through its SMTP backend. On Fri, 02 Jul 2004 23:44:48 +0100, Olly [EMAIL PROTECTED] wrote: [mail function] ; For Win32 only. SMTP = smtp.mail.yahoo.co.uk ; for Win32 only sendmail_from= [EMAIL PROTECTED] ; for Win32 only ; For Win32 only. ;sendmail_from = [EMAIL PROTECTED] is there anyway to set a password for the mail function in php.ini thanks -- Olly Using Opera's revolutionary e-mail client: http://www.opera.com/m2/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php !DSPAM:40e5e4f9309771484917681! -- DB_DataObject_FormBuilder - The database at your fingertips http://pear.php.net/package/DB_DataObject_FormBuilder paperCrane --Justin Patrin-- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Help installing on Fedora 2
Hi Everyone, I'm finally making the switch from Windows to Linux for development and I've run into a problem. I've got Apache, MySql, and PHP (I think, all the files look like there in the right places) installed. However I can only get Apache and MySql up and running, I can't seem to figure out what went wrong with PHP. Has anyone had similar problems or know where I can look for documentation specific to the Fedora flavor of Linux? I've looked/gone through the docs on the PHP and Redhat sites but I must be missing something. Any help would be greatly appreciated. Regards, David Bevan GetAnyIdeas Web Design P. 416.452.9410 F. 416.570.4529 E. [EMAIL PROTECTED] W. http://www.getanyideas.com/ http://www.getanyideas.com
Re: [PHP] include() with a query string?
Justin Patrin wrote: On Sat, 03 Jul 2004 03:02:07 +1000, Trejkaz Xaoza [EMAIL PROTECTED] wrote: Is there some way to fake inclusion with a query string attached? Yep. Set the $_GET, $_POST, or $_REQUEST vars you need before including. You could also store a backup copy before doing this and put it back after the include if you need it. Okay. This is the way I'm going then. I just noticed also that although $HTTP_GET_VARS is supposed to be an alias for $_GET, I still have to set both variables to account for users' behaviour. (Either that, or I forget about $HTTP_GET_VARS and tell users if it's deprecated in PHP, it's unsupported by my code.) And also, what should I do with $_REQUEST? Do users have to call a function to get that to populate? If that's the case I can silently ignore it since it isn't used anywhere in my code. TX -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re[2]: [PHP] call_user_func and call-time pass-by-reference
Hi,
Saturday, July 3, 2004, 3:00:22 AM, you wrote:
AN Tom Rogers wrote:
With call_user_function() you need to do this:
call_user_func(fun, $var);
AN Tom, this won't work due to the Call-Time Pass-By-Reference deprecation.
AN Does anyone know how to do this?
AN The error message says If you would like to pass it by reference,
AN modify the declaration of call_user_func() ... how would i do this?
AN Andrew
Sorry about that, I checked it in cli and it doesn't give a warning.
This is another way:
function fun($arg) {
$arg++;
}
$var = 0;
call_user_func_array(fun, array($var));
echo $var;
--
regards,
Tom
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Password encyption
I realize the key needs to be stored somewhere which is part of the problem of how to make it a bit more secure. I just don't feel safe if a password in a flat file in clear text. Ideally the database should support something like an ssh style public/private Key auth where the private Key is stored internally to the database. Where would you store the passphrase to the key? This is a losing battle - at some point, anonymous requests from the outside world are going to have to result in some kind of access to the database. I think you'd be better off accepting the inherent security tradeoffs as a known variable, and working from there: write your code so it's not vulnerable to SQL injection or other attacks, limit the access permissions of the database user, put the file containing the password someplace where the webserver won't divulge its content (apache config or .htaccess is a personal favorite of mine), and (important!) back up your DB regularly so that you can recover from attacks cleanly. -mike. - michal migurski- contact info and pgp key: sf/cahttp://mike.teczno.com/contact.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] help ???
Dear: I wonder why my website runs smooth in PHP 4.1.1 but it does not in 4.3.7. Dannis
Re: [PHP] include() with a query string?
It just depends on the vars that the code expects. If it expects them to come via get, it may be $_GET, post, it may be $_POST. Or either of those could be in $_REQUEST (which is populated according to a config var) in a certain order from $_GET, $_POST, and $_COOKIE. In addition, $_GET can be in $HTTP_GET_VARS and $_POST can be in $HTTP_POST_VARS. Both those can be globals if you have register_globals on. So.there's a lot to set if you really want to emulate everything. On Sat, 03 Jul 2004 11:46:32 +1000, Trejkaz Xaoza [EMAIL PROTECTED] wrote: Justin Patrin wrote: On Sat, 03 Jul 2004 03:02:07 +1000, Trejkaz Xaoza [EMAIL PROTECTED] wrote: Is there some way to fake inclusion with a query string attached? Yep. Set the $_GET, $_POST, or $_REQUEST vars you need before including. You could also store a backup copy before doing this and put it back after the include if you need it. Okay. This is the way I'm going then. I just noticed also that although $HTTP_GET_VARS is supposed to be an alias for $_GET, I still have to set both variables to account for users' behaviour. (Either that, or I forget about $HTTP_GET_VARS and tell users if it's deprecated in PHP, it's unsupported by my code.) And also, what should I do with $_REQUEST? Do users have to call a function to get that to populate? If that's the case I can silently ignore it since it isn't used anywhere in my code. TX -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php !DSPAM:40e60df175701962020657! -- DB_DataObject_FormBuilder - The database at your fingertips http://pear.php.net/package/DB_DataObject_FormBuilder paperCrane --Justin Patrin-- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Online Users
--- Matt Palermo [EMAIL PROTECTED] wrote:
Okay, I actually found out how to list the users,
but you have the following
line of code:
define('SITE_ONLINE_EXPIRE', 900);
What is the 900? Is that 900 seconds?
Yes time is in seconds.
zareef ahmed
=
Zareef Ahmed :: A PHP Developer in Delhi(India).
Homepage :: http://www.zasaifi.com
__
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!
http://promotions.yahoo.com/new_mail
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] include() with a query string?
Justin Patrin wrote: It just depends on the vars that the code expects. If it expects them to come via get, it may be $_GET, post, it may be $_POST. Or either of those could be in $_REQUEST (which is populated according to a config var) in a certain order from $_GET, $_POST, and $_COOKIE. In addition, $_GET can be in $HTTP_GET_VARS and $_POST can be in $HTTP_POST_VARS. Both those can be globals if you have register_globals on. So.there's a lot to set if you really want to emulate everything. Well, the code is not my code. It's any code which might be written by someone using PHP-Mesh in the future. So I guess I have to set a hell of a lot of these to make pretend. That being said I only really need to deal with the GET, I guess. Cookies I can treat as being correctly sent already, POST I will just clear out before doing the call (i.e., you can't post to a portlet), and GET I'll populate using parse_str on the query string provided. $_REQUEST is a trouble-maker, and I might just have to forget about it, and tell people to populate it themselves since the function to do so is so easy to use. But the rest is working already so I guess I'm just down to testing it now. Thanks! TX -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP 4.3.7 build failed on HP-UX 11.23 IPF
Hello All, I can built PHP 4.3.7 on 11.23 IPF IC71L. But I got core dumped when I give gmake test. I used the following steps to build: $ ./configure --prefix=/opt/hpws/apache/php --with-apxs2=/opt/hpws/apache/bin/apxs --with-gettext --with-xml $ gmake $ gmake test /bin/sh: 13218 Memory fault(coredump) gmake: [test] Error 139 (ignored) $ gcc version 3.3.2. Note: In HP-C compiler, the gmake test hangs. Regards, Durai. __ Do you Yahoo!? Yahoo! Mail - 50x more storage than other providers! http://promotions.yahoo.com/new_mail -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] help ???
On Jul 2, 2004, at 9:46 AM, Dannis Yang wrote: Dear: I wonder why my website runs smooth in PHP 4.1.1 but it does not in 4.3.7. Dannis Please go through and tell us more information! We can't help you otherwise! At least tell us what your site does and define what smooth is and is not. And if you can possibly, please give us more than a sentence of detail. -Galen -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] help ???
I wonder why my website runs smooth in PHP 4.1.1 but it does not in 4.3.7. Without knowing any relevant details at all, I would suggest that the settings are different between the two servers, particularly register_globals and magic_quotes. Larry -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
