php-general Digest 20 Oct 2006 06:50:39 -0000 Issue 4411
php-general Digest 20 Oct 2006 06:50:39 - Issue 4411 Topics (messages 243360 through 243371): Re: User question for PHP 243360 by: Christian Heinrich 243361 by: Al 243362 by: Andy Hultgren 243369 by: Chris Weird stack trace in error_log from PDOException 243363 by: Russ Brown [ANNOUNCE] php|tek 243364 by: Richard Lynch ENV vars 243365 by: jekillen 243366 by: Ed Lazor Re: Creating Tree Structure from associative array 243367 by: Larry Garfield 243370 by: Robert Cummings Re: Problems with open_basedir 243368 by: Chris Setting try and catch to use my own error handler 243371 by: Dave M G Administrivia: To subscribe to the digest, e-mail: [EMAIL PROTECTED] To unsubscribe from the digest, e-mail: [EMAIL PROTECTED] To post to the list, e-mail: php-general@lists.php.net -- ---BeginMessage--- try suPHP :-) Is it possible to have a PHP script execute as the user of the domain instead of the webserver? So when I upload files through a PHP script they are owned by me and not wwwrun or nobody? ---End Message--- ---BeginMessage--- Christian Heinrich wrote: try suPHP :-) Is it possible to have a PHP script execute as the user of the domain instead of the webserver? So when I upload files through a PHP script they are owned by me and not wwwrun or nobody? Sounds like it could be a big security issue if not very carefully. ---End Message--- ---BeginMessage--- To whoever was asking this (sorry didn't see the original email): Is it possible to have a PHP script execute as the user of the domain instead of the webserver? So when I upload files through a PHP script they are owned by me and not wwwrun or nobody? I was recently exchanging on this list about that very topic. It's in the archives for this list. Go to www.php.net and set the dropdown menu in the upper right corner of the page to general mailing list, then type File Upload Security and chmod into the search field and hit enter. The conversation is within the first few hits on this search. The server hosting my site runs with php executing as me (the owner of the domain), and we covered some of the potential security pitfalls of such a situation (mainly centered on the fact that this makes any php script far too powerful). In my situation I couldn't change how the server was set up; however, the general consensus was that this situation created a number of serious security concerns that had to be very carefully addressed. I would avoid this configuration if you have the choice, based purely on the advice I received. Hope that helps, Andy ---End Message--- ---BeginMessage--- Andy Hultgren wrote: To whoever was asking this (sorry didn't see the original email): Is it possible to have a PHP script execute as the user of the domain instead of the webserver? So when I upload files through a PHP script they are owned by me and not wwwrun or nobody? I was recently exchanging on this list about that very topic. It's in the archives for this list. Go to www.php.net and set the dropdown menu in the upper right corner of the page to general mailing list, then type File Upload Security and chmod into the search field and hit enter. The conversation is within the first few hits on this search. The server hosting my site runs with php executing as me (the owner of the domain), and we covered some of the potential security pitfalls of such a situation (mainly centered on the fact that this makes any php script far too powerful). In my situation I couldn't change how the server was set up; however, the general consensus was that this situation created a number of serious security concerns that had to be very carefully addressed. I would avoid this configuration if you have the choice, based purely on the advice I received. Actually you have that the wrong way around. If php is running as www or nobody then any files or directories that a php script creates will be done as the web server user. That means (potentially) that if domain 'a' creates a file, domain 'b' can read and write to that file and even delete it. If php is running as you instead, you can control this with appropriate chmod commands (at least removing the risk of deleting of files / updating of files). A shared user (like www or nobody) is a *much* bigger risk than separate users. -- Postgresql php tutorials http://www.designmagick.com/ ---End Message--- ---BeginMessage--- Hi, I have a pretty simple bit of code that looks like the following; // Prepare a statement. This will actually call a stored procedure $objStatement = $objDB-prepare($strInsert); try { $objStatement-execute($arrParams); error_log(ABOUT TO fetchColumn); $intID = $objStatement-fetchColumn(); error_log(AFTER fetchColumn); $objStatement-closeCursor(); } catch
[PHP] Setting try and catch to use my own error handler
PHP List, I have a system where the code parses the URL and creates objects based on the classes named in the link. In order to prevent a user typing in a URL that contains an object that doesn't exist, and getting an error, I'm trying to set up an error handler class, called ErrorHandler, that will handle it. I set the error handler to be my own, and then put a Try and Catch around the part of the code that set_error_handler(ErrorHandler::handleError()); try { object = new $urlParts[0](); if (!empty($urlParts[2])) { $object-$urlParts[1]($urlParts[2]); } else { $object-$urlParts[1](); } } catch (Error $e) { echo Sorry, the web page you are looking for can not be found.; } Inside my ErrorHandler, I have this: public static function handleError($errno, $errstr, $errfile, $errline) { echo Hey dude! Error! . $errno . $errstr . $errfile . $errline ; } However, I get errors saying that the arguments for handleError don't exist. Shouldn't they be automatically passed to my own error handler? Thank you for any advise. -- Dave M G Ubuntu 6.06 LTS Kernel 2.6.17.7 Pentium D Dual Core Processor PHP 5, MySQL 5, Apache 2 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Setting try and catch to use my own error handler
On Fri, 2006-10-20 at 15:50 +0900, Dave M G wrote: I have a system where the code parses the URL and creates objects based on the classes named in the link. In order to prevent a user typing in a URL that contains an object that doesn't exist, and getting an error, I'm trying to set up an error handler class, called ErrorHandler, that will handle it. I set the error handler to be my own, and then put a Try and Catch around the part of the code that You are getting confused as to what an error handler is and what a custom exception handler is. You need to define a class that extends Exception to handle your errors in that way. class myExceptionHandler extends Exception { ... ... public function handleError($args) { //do something } } Then when you try and instantiate your object: throw new myException(Your object is whack); try { $obj = new Object(); } catch(myException $e) { myException::handleError(); } --Paul All Email originating from UWC is covered by disclaimer http://www.uwc.ac.za/portal/uwc2006/content/mail_disclaimer/index.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] array_walk, or array_map, or foreach?
PHP List, I took a snippet of code right off the php.net site to use trim on all the elements of an array. Theoretically, it should test if the element in an array is in turn another array, and break it down to the next level until it gets to a string it can use trim on. This is the code: public static function trimArray($array) { if (is_array($array)) { array_walk($array, trimArray); } else { $array = trim($array); } return $array; } The function exists inside a static class called Utility where I keep all basic utility functions. I don't know if it's the fact that it's in a static class that makes a difference, but I've tried the following variations on the line with array_walk() in it: array_walk($array, Utlity::trimArray) array_map(Utility::trimArray, $array) array_map(trimArray, $array) I've even tried accomplishing it with a foreach(), but no matter what I do, it doesn't work. As it walks through the array, it seems to trim a copy of the element in the array, trim that, but leave the original array untouched. What am I missing here? -- Dave M G Ubuntu 6.06 LTS Kernel 2.6.17.7 Pentium D Dual Core Processor PHP 5, MySQL 5, Apache 2 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] array_walk, or array_map, or foreach?
On Fri, 2006-10-20 at 16:04 +0900, Dave M G wrote: PHP List, I took a snippet of code right off the php.net site to use trim on all the elements of an array. Theoretically, it should test if the element in an array is in turn another array, and break it down to the next level until it gets to a string it can use trim on. This is the code: public static function trimArray($array) { if (is_array($array)) { array_walk($array, trimArray); I'm too lazy too look, but usually when using a class method as a handler for PHP callback functions you pass the method as follows: array_walk( $array, array( 'ClassName', 'trimArray' ) ); Cheers, Rob. -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] User question for PHP
On Fri, 20 Oct 2006 15:49:14 +1000, Chris wrote: Andy Hultgren wrote: To whoever was asking this (sorry didn't see the original email): Is it possible to have a PHP script execute as the user of the domain instead of the webserver? So when I upload files through a PHP script they are owned by me and not wwwrun or nobody? I was recently exchanging on this list about that very topic. It's in the archives for this list. Go to www.php.net and set the dropdown menu in the upper right corner of the page to general mailing list, then type File Upload Security and chmod into the search field and hit enter. The conversation is within the first few hits on this search. The server hosting my site runs with php executing as me (the owner of the domain), and we covered some of the potential security pitfalls of such a situation (mainly centered on the fact that this makes any php script far too powerful). In my situation I couldn't change how the server was set up; however, the general consensus was that this situation created a number of serious security concerns that had to be very carefully addressed. I would avoid this configuration if you have the choice, based purely on the advice I received. Actually you have that the wrong way around. If php is running as www or nobody then any files or directories that a php script creates will be done as the web server user. That means (potentially) that if domain 'a' creates a file, domain 'b' can read and write to that file and even delete it. If php is running as you instead, you can control this with appropriate chmod commands (at least removing the risk of deleting of files / updating of files). A shared user (like www or nobody) is a *much* bigger risk than separate users. Unless those separate users have a little more access than just SSH and FTP access to the machine... I guess that if anyone with special rights carelessly activates suPHP and leaves the PHP files owned by him, you'd have PHP scripts capable of reading out special log files and whatnot. To my experience, apache (with PHP running as www-data or nobody or whatever) will not be able to create files or folders without user intervention (chmod, chown), thus no updating and removing is possible either by default. Using suPHP, it is. You can argue that it can only do this to the PHP files owned by the same user, and therefor probably limiting the damage to one specific website, however we're still having a security problem. Both situations seem dangerous to me, both in different ways. Wouldn't you say that the user must know what the hell he's doing in both situations? Ivo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: array_walk, or array_map, or foreach?
On Fri, 20 Oct 2006 16:04:27 +0900, Dave M G wrote: PHP List, I took a snippet of code right off the php.net site to use trim on all the elements of an array. Theoretically, it should test if the element in an array is in turn another array, and break it down to the next level until it gets to a string it can use trim on. This is the code: public static function trimArray($array) { if (is_array($array)) { array_walk($array, trimArray); } else { $array = trim($array); } return $array; } The function exists inside a static class called Utility where I keep all basic utility functions. I don't know if it's the fact that it's in a static class that makes a difference, but I've tried the following variations on the line with array_walk() in it: array_walk($array, Utlity::trimArray) array_map(Utility::trimArray, $array) array_map(trimArray, $array) I've even tried accomplishing it with a foreach(), but no matter what I do, it doesn't work. As it walks through the array, it seems to trim a copy of the element in the array, trim that, but leave the original array untouched. What am I missing here? 'pass-by-reference', as mentioned on the array_walk() doc page. Functions have their own variable scope. If those words mean nothing to you: http://www.php.net/manual/en/language.variables.scope.php http://www.php.net/manual/en/language.references.pass.php Bottom line: the values get changed within the function, but when the function ends, the value changes are 'lost'. Ivo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Ensuring all links go to index.php
PHP List, This problem is a little hard to describe. Please forgive me in advance if it's not clear. I have set up my .htaccess file to work with my PHP script to create friendly URLs. For example, the URL mysite.com/user/login will take the user to a page where a user logs in. It does this by stripping everything out except user and login. It takes user and creates a user object, and then passes a login method to that class to take the user to the login page. Somehow, in this process, the local URL is becoming mysite/user, even though I'm just using that user designation to drive the creation of objects from classes. So, for example, I have a link to logout which is simply href=user/logout. But when I mouse over it, and look at the status bar at the bottom of my FireFox browser window, it says that the link points to: mysite.com/user/user/logout That URL, obviously, doesn't work for my system. It tries to make a User object and call a user method which doesn't exist. So... my question is, why is the /user portion of my URL being retained as a directory? I thought it had something to do with setting headers. I want everything to operate through the index.php file in my root directory, so I thought I could do that by putting this at the top of the index.php page: header(Location: /); Or: header(/local/server/www/directory/); Bottom line is, how do I ensure that all links and user requests through the URL end up going to the index.php in my web site's root directory? I hope this question is clear enough, and thank you for any and all advice. -- Dave M G Ubuntu 6.06 LTS Kernel 2.6.17.7 Pentium D Dual Core Processor PHP 5, MySQL 5, Apache 2 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Problems with open_basedir
Chris skrev: Patrik Jansson wrote: Hello, I'm having some difficulties with open_basedir. If I include the prefix /home/web25637/ in open_basedir shouldn't it include every directory within this? We're getting this error: Warning: file_exists() [function.file-exists]: open_basedir restriction in effect. File(/home/web25637/domains/abc.ssf.scout.se/public_html//components/com_sef/sef.php) The // might cause a problem, if you fix that does it work? The // does not cause the problem. This was a bad example, it has appeared several times without the //. Like Colin said, this might have to do with the symlink, the files lies within /usr/home but the open_basedir uses /home which is a symbolic link for /usr/home. I will try it out today. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Telemarketing Script/Tracking Application
Is anyone aware of a PHP/MySQL app that would be used by telemarketing staff to track calls, do follow-ups, allow scripting, etc.? We could write something in house but we are pressed for time. I have been poking around the web this morning, but have not found much. TVMIA! SugarCRM? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
FW: [PHP] Ensuring all links go to index.php
PHP List, This problem is a little hard to describe. Please forgive me in advance if it's not clear. I have set up my .htaccess file to work with my PHP script to create friendly URLs. For example, the URL mysite.com/user/login will take the user to a page where a user logs in. It does this by stripping everything out except user and login. It takes user and creates a user object, and then passes a login method to that class to take the user to the login page. Somehow, in this process, the local URL is becoming mysite/user, even though I'm just using that user designation to drive the creation of objects from classes. So, for example, I have a link to logout which is simply href=user/logout. But when I mouse over it, and look at the status bar at the bottom of my FireFox browser window, it says that the link points to: mysite.com/user/user/logout That URL, obviously, doesn't work for my system. It tries to make a User object and call a user method which doesn't exist. So... my question is, why is the /user portion of my URL being retained as a directory? If the URL is as you describe, this should be href=/user/logout. Without the preceeding slash, this will only work from pages with a URL in the root of your site. I thought it had something to do with setting headers. I want everything to operate through the index.php file in my root directory, so I thought I could do that by putting this at the top of the index.php page: header(Location: /); Or: header(/local/server/www/directory/); Bottom line is, how do I ensure that all links and user requests through the URL end up going to the index.php in my web site's root directory? If your using headers to set the location, you need to provide a full URL, inc. protocol and domain. i.e. http://www.example.com/page.php Edward -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Problems with open_basedir
Colin Guthrie wrote: Patrik Jansson wrote: I ran into problems with openbase_dir when using symlinks... They only really reared their ugly head when I upgraded to 5.1.6 before that they were OK (tho' if memory serves I had to add both the symlink location and the directory it pointed to. Anyway, are symlinks to blame here? I've added the real path into open_basedir, I also removed the // error but still I get the restriction message: *Warning*: file_exists() [function.file-exists]: open_basedir restriction in effect. File(/home/web25637/domains/abc.ssf.scout.se/public_html/components/com_sef/sef.php) is not within the allowed path(s): (/home/web25637/:/usr/home/web25637/:/tmp/:/var/www/:/usr/local/lib/php/:/etc/virtual/:/var/uploads/:/var/squirrelmail) in */usr/home/web25637/domains/abc.ssf.scout.se/public_html/index.php* on line *46 * So then I changed the absolute path in Joomla from /home/... to /usr/home/... and now I don't get the error anymore so it seems like it has something to do with the symbolic link after all. Is this considered a bug? We're running PHP 5.1.6. If it could work using the symbolic link /home too I would really appreciate. -Patrik -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Check HTML style sheet?
Is it possible to use php to check that the .css file in the html of a web page is the correct one e.g. check if the file included in the html is new.css. I think I will have to write a regex but if anyone has any ideas (or already has a regex to do this), it would be much appreciated. Thanks, Marc -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Recieve information on a html site using php?
Is it possible to receive information on a html site, such as the language, date modified? If so how would I go about doing this? Thanks, Marc -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Setting try and catch to use my own error handler
# [EMAIL PROTECTED] / 2006-10-20 15:50:32 +0900: set_error_handler(ErrorHandler::handleError()); Inside my ErrorHandler, I have this: public static function handleError($errno, $errstr, $errfile, $errline) { echo Hey dude! Error! . $errno . $errstr . $errfile . $errline ; } However, I get errors saying that the arguments for handleError don't exist. You are calling the method without any arguments: set_error_handler(ErrorHandler::handleError()); http://www.php.net/manual/en/language.pseudo-types.php http://www.php.net/set_error_handler -- How many Vietnam vets does it take to screw in a light bulb? You don't know, man. You don't KNOW. Cause you weren't THERE. http://bash.org/?255991 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Recieve information on a html site using php?
# [EMAIL PROTECTED] / 2006-10-18 17:23:53 +0200: Is it possible to receive information on a html site, such as the language, date modified? If so how would I go about doing this? Your question is very vague, so I'm taking the liberty of interpretation. - ftp://ftp.rfc-editor.org/in-notes/rfc2616.txt - http://www.php.net/http (haven't used pecl_http myself, you might have to resort to http://www.php.net/sockets) -- How many Vietnam vets does it take to screw in a light bulb? You don't know, man. You don't KNOW. Cause you weren't THERE. http://bash.org/?255991 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Ensuring all links go to index.php
# [EMAIL PROTECTED] / 2006-10-20 17:00:05 +0900: header(Location: /); header(/local/server/www/directory/); Do you know that both headers are invalid? -- How many Vietnam vets does it take to screw in a light bulb? You don't know, man. You don't KNOW. Cause you weren't THERE. http://bash.org/?255991 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: IMAP extension causing delays
Edward Kay wrote: Thanks for your suggestions John. At the moment, I do need to run it as a CGI as I need different php.ini files for each virtual host. For what it's worth, when you use PHP as a module, you can change almost all settings in php ini on a per-virtual host basis using the Apache directives php_value and php_flag (you can use php_admin_value and php_admin_flag too to ensure these are not overridable in e.g. .htaccess) Col -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Problems with open_basedir
Patrik Jansson wrote: Anyway, are symlinks to blame here? I've added the real path into open_basedir, I also removed the // error but still I get the restriction message: So then I changed the absolute path in Joomla from /home/... to /usr/home/... and now I don't get the error anymore so it seems like it has something to do with the symbolic link after all. Is this considered a bug? We're running PHP 5.1.6. If it could work using the symbolic link /home too I would really appreciate. Well, I was never sure that it was a bug or not. I wasn't sure if it was my distro's packaging and any custom patches it applies and also where it was some x86_64 wierdness. Recently (last week) it was confirmed to me that it was not x86_64 at fault, but it was still my distro. It now looks like you're snarled by the same bug. Assuming you're not using Mandriva 2007, then I think this should be classified as a bug or regression. It could be that a security bug relating to symlinks was fixed (symlink attacks are a common vector for security issues to present themselves), and this had the inadvertant effect of causing this problem. I remeber some time ago that I looked for other people with the same issue on google etc. but came up blank. It's probably worth submitting a bug to PHP now so that the devs can comment on it. For me it's not too important as my setup was just local development on my machine (and I used symlinks to make it look like the production filesystem layout). I was albe to easly adapt my local system to work without symlinks. However, I also use a complex symlink setup on our production servers for a number of Joomla installs. (I use symlinks such that I only have one copy of the joomla source to make updating it much easier :)). We have not yet deployed PHP 5.1.6 there and I suspect I'll get bitten again by this problem. If you have the time to post a bug I'd appreciate it, if not please let me know and I'll do it. All the best. Col. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Problems with open_basedir
Colin Guthrie wrote: Well, I was never sure that it was a bug or not. I wasn't sure if it was my distro's packaging and any custom patches it applies and also where it was some x86_64 wierdness. Recently (last week) it was confirmed to me that it was not x86_64 at fault, but it was still my distro. It now looks like you're snarled by the same bug. Assuming you're not using Mandriva 2007, then I think this should be classified as a bug or regression. It could be that a security bug relating to symlinks was fixed (symlink attacks are a common vector for security issues to present themselves), and this had the inadvertant effect of causing this problem. I remeber some time ago that I looked for other people with the same issue on google etc. but came up blank. It's probably worth submitting a bug to PHP now so that the devs can comment on it. For me it's not too important as my setup was just local development on my machine (and I used symlinks to make it look like the production filesystem layout). I was albe to easly adapt my local system to work without symlinks. However, I also use a complex symlink setup on our production servers for a number of Joomla installs. (I use symlinks such that I only have one copy of the joomla source to make updating it much easier :)). We have not yet deployed PHP 5.1.6 there and I suspect I'll get bitten again by this problem. If you have the time to post a bug I'd appreciate it, if not please let me know and I'll do it. All the best. Col. Thanks a lot for your answer. I've seen this issue on a few machines that we run and all of them are different versions of FreeBSD. This particular problem occured on a FreeBSD 5.4 machine. I'm quite eager to get this to work, our machines are all production boxes with a least couple of hundred users on machines where this issue occurs. I will try to post the bug and see what happends. Thanks again, -Patrik -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] session - cookie issues
Hi all, I am having issues with users not being able to post their details to my site. The system uses sessions, so when they hit the index page a test cookie is set thus: setcookie('djst', 'test'); and then I test whether that cookie is set on the next page. If not, I direct the users to an informational page. This works my end in FF and IE6 (sec settings tested at low, medium and medium high) but appox 1 in 20 users cannot get past the cookie warning, even if they set their security settings to low in IE. I am also setting PHPSESSID to something of my own, as I hear that IE does not like PHPSESSID (correct?). Any ideas? -- http://www.web-buddha.co.uk
Re: [PHP] session - cookie issues
The way you're setting cookies (without a time parameter), it's set to expire at the end of the current session. Though it should work regardless, try setting an expire time: setcookie('djst', 'test', time()+3600); // expire in an hour On 10/20/06, Dave Goodchild [EMAIL PROTECTED] wrote: Hi all, I am having issues with users not being able to post their details to my site. The system uses sessions, so when they hit the index page a test cookie is set thus: setcookie('djst', 'test'); and then I test whether that cookie is set on the next page. If not, I direct the users to an informational page. This works my end in FF and IE6 (sec settings tested at low, medium and medium high) but appox 1 in 20 users cannot get past the cookie warning, even if they set their security settings to low in IE. I am also setting PHPSESSID to something of my own, as I hear that IE does not like PHPSESSID (correct?). Any ideas? -- http://www.web-buddha.co.uk -- Mukul Sabharwal http://mjsabby.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Problems with open_basedir
I noticed that this bug is already to be found in the bug database. This is exactly how I'm experiencing it: http://bugs.php.net/bug.php?id=37556 In that report they link the reader to http://bugs.php.net/bug.php?id=30188 which is also applicable. Although I can't understand the last answer: Obviously PHP cannot resolve /home/wejn/x/docs1/html/y as it even doesn't exist, so it compares non-existing /home/wejn/x/docs1/html/y to /home/wejn/x/docs/html/ and reports that they aren't the same. This would mean that every file that doesn't exist does not lie within any open_basedir at all? How can file_exists() be useful if that's the case? And why is it only the case if the symbolic link is used? They claim this isn't a bug but it still doesn't work as I would expect it to do. -Patrik -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Recieve information on a html site using php?
Thanks for the response, I think I have solved the problem using the code in the attached text document. Thanks for the help, Marc Roman Neuhauser wrote: # [EMAIL PROTECTED] / 2006-10-18 17:23:53 +0200: Is it possible to receive information on a html site, such as the language, date modified? If so how would I go about doing this? Your question is very vague, so I'm taking the liberty of interpretation. - ftp://ftp.rfc-editor.org/in-notes/rfc2616.txt - http://www.php.net/http (haven't used pecl_http myself, you might have to resort to http://www.php.net/sockets) function get_raw_header($host,$doc) { $httpheader = ''; $fp = fsockopen ($host, 80, $errno, $errstr, 30); if (!$fp) { echo $errstr.' ('.$errno.')'; }else{ fputs($fp, 'GET '.$doc.' HTTP/1.0'.\r\n.'Host: '.$host.\r\n\r\n); while(!feof($fp)) { $httpresult = fgets ($fp,1024); $httpheader = $httpheader.$httpresult; if (ereg(^\r\n,$httpresult)) break; } fclose ($fp); } return $httpheader; } function get_header_array($Url) { $Url = ereg_replace('http://','',$Url); $endHostPos = strpos($Url,'/'); if(!$endHostPos) $endHostPos = strlen($Url); $host = substr($Url,0,$endHostPos); $doc = substr($Url,$endHostPos,strlen($Url)-$endHostPos); if($doc == '') $doc = '/'; $raw = get_raw_header($host,$doc); $tmpArray = explode(\n,$raw); for ($i=0;$isizeof($tmpArray); $i++) { @list($Name, $value) = explode(':', $tmpArray[$i], 2); $array[trim($Name)]=trim($value); } return $array; } $remote_file = 'http://www.whatever.com/';//states which url to read the modified date from $array = get_header_array($remote_file);//gets the data on the page $remote_file $deUpdate = date('Ymj',strtotime($array['Last-modified'])); -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] User question for PHP
On 10/20/06, Ivo F.A.C. Fokkema [EMAIL PROTECTED] wrote: On Fri, 20 Oct 2006 15:49:14 +1000, Chris wrote: Andy Hultgren wrote: To whoever was asking this (sorry didn't see the original email): Is it possible to have a PHP script execute as the user of the domain instead of the webserver? So when I upload files through a PHP script they are owned by me and not wwwrun or nobody? I was recently exchanging on this list about that very topic. It's in the archives for this list. Go to www.php.net and set the dropdown menu in the upper right corner of the page to general mailing list, then type File Upload Security and chmod into the search field and hit enter. The conversation is within the first few hits on this search. The server hosting my site runs with php executing as me (the owner of the domain), and we covered some of the potential security pitfalls of such a situation (mainly centered on the fact that this makes any php script far too powerful). In my situation I couldn't change how the server was set up; however, the general consensus was that this situation created a number of serious security concerns that had to be very carefully addressed. I would avoid this configuration if you have the choice, based purely on the advice I received. Actually you have that the wrong way around. If php is running as www or nobody then any files or directories that a php script creates will be done as the web server user. That means (potentially) that if domain 'a' creates a file, domain 'b' can read and write to that file and even delete it. If php is running as you instead, you can control this with appropriate chmod commands (at least removing the risk of deleting of files / updating of files). A shared user (like www or nobody) is a *much* bigger risk than separate users. Unless those separate users have a little more access than just SSH and FTP access to the machine... I guess that if anyone with special rights carelessly activates suPHP and leaves the PHP files owned by him, you'd have PHP scripts capable of reading out special log files and whatnot. To my experience, apache (with PHP running as www-data or nobody or whatever) will not be able to create files or folders without user intervention (chmod, chown), thus no updating and removing is possible either by default. php running through apache: ?php mkdir('/path/to/dir'); ? Making that in a shared location will allow *any* domain to write to it, read from it or delete it (forget about possible open_basedir restrictions). Running as cgi you don't get that problem. I could be completely misunderstanding what suPHP does. -- Postgresql php tutorials http://www.designmagick.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Fwd: Parsing and using URL variables
-- Forwarded message -- From: andrew newman [EMAIL PROTECTED] Date: Oct 20, 2006 2:30 PM Subject: Parsing and using URL variables To: php-general-digest@lists.php.net Hello I am very new to PHP and I am trying to parse the values of variables from a URL into a web page. to build a very simple CMS! For example if the url is www.mywebsite.com?ph=My Websitept=Welcome Pagecf=home.htm I then have a php file that is something like this: html head title ?php $val = $_GET['ph']; echo $val;? /title /head body b?php $val = $_GET['pt']; echo $val;?/b p/ ?php $val = $_GET['cf']; Include '$val'; ? /body /html Any advice would be most welcome! Thanks Andrew -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Ensuring all links go to index.php
On Oct 20, 2006, at 4:00 AM, Dave M G wrote: PHP List, This problem is a little hard to describe. Please forgive me in advance if it's not clear. I have set up my .htaccess file to work with my PHP script to create friendly URLs. [snip] I thought it had something to do with setting headers. I want everything to operate through the index.php file in my root directory, so I thought I could do that by putting this at the top of the index.php page: header(Location: /); Or: header(/local/server/www/directory/); Bottom line is, how do I ensure that all links and user requests through the URL end up going to the index.php in my web site's root directory? If you want all requests to go through index.php, then the .htaccess file would be something like: RewriteEngine On RewriteRule ^whatever/.*$ - [L] RewriteRule !\.(gif|jpg|png|css|pdf)$ /server_path/index.php The second line exempts the directory whatever and the third line starts by exempting direct requests for files ending with gif, jpg, etc. Then, index.php would examine $_SERVER[REQUEST_URI] to map the friendly URL to content by including files or redirecting with header(). Is that what you mean? -- Lowell Allen -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Encode text
Hi everyone I have a variable with UTF-8 text inside it and I want to convert this text to windows encode, is it possible in very easy way ? Thanks --- Ahmad http://www.v-tadawul.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Fwd: Parsing and using URL variables
looks like your having fun ... but before you go building using something that is going to cause you major security headaches go to this site and read, read, read: http://phpsec.org/ and remember NEVER TRUST USER INPUT (or data from *any* outside source); currently your example will probably allow me to read your passwd file (I doubt that that was your intention) ... www.mywebsite.com?ph=U%20HAVE%20BEEN%20OWNEDpt=scriptsomemeallyourcookies();/scriptcf=/etc/passwd andrew newman wrote: -- Forwarded message -- From: andrew newman [EMAIL PROTECTED] Date: Oct 20, 2006 2:30 PM Subject: Parsing and using URL variables To: php-general-digest@lists.php.net Hello I am very new to PHP and I am trying to parse the values of variables from a URL into a web page. to build a very simple CMS! For example if the url is www.mywebsite.com?ph=My Websitept=Welcome Pagecf=home.htm I then have a php file that is something like this: html head title ?php $val = $_GET['ph']; echo $val;? /title /head body b?php $val = $_GET['pt']; echo $val;?/b p/ ?php $val = $_GET['cf']; Include '$val'; ? /body /html Any advice would be most welcome! Thanks Andrew -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] handling multipart form-data
DOCUMENTATION php://input is not available with enctype=multipart/form-data. What I should do if I really need to get multipart data? I want to implement my own form-data parser with PHP5. Can I at least turn off the PHP's one to be able to use php://input with multipart? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] User question for PHP
On Fri, 20 Oct 2006 23:24:14 +1000, chris smith wrote: On 10/20/06, Ivo F.A.C. Fokkema [EMAIL PROTECTED] wrote: On Fri, 20 Oct 2006 15:49:14 +1000, Chris wrote: Andy Hultgren wrote: To whoever was asking this (sorry didn't see the original email): Is it possible to have a PHP script execute as the user of the domain instead of the webserver? So when I upload files through a PHP script they are owned by me and not wwwrun or nobody? I was recently exchanging on this list about that very topic. It's in the archives for this list. Go to www.php.net and set the dropdown menu in the upper right corner of the page to general mailing list, then type File Upload Security and chmod into the search field and hit enter. The conversation is within the first few hits on this search. The server hosting my site runs with php executing as me (the owner of the domain), and we covered some of the potential security pitfalls of such a situation (mainly centered on the fact that this makes any php script far too powerful). In my situation I couldn't change how the server was set up; however, the general consensus was that this situation created a number of serious security concerns that had to be very carefully addressed. I would avoid this configuration if you have the choice, based purely on the advice I received. Actually you have that the wrong way around. If php is running as www or nobody then any files or directories that a php script creates will be done as the web server user. That means (potentially) that if domain 'a' creates a file, domain 'b' can read and write to that file and even delete it. If php is running as you instead, you can control this with appropriate chmod commands (at least removing the risk of deleting of files / updating of files). A shared user (like www or nobody) is a *much* bigger risk than separate users. Unless those separate users have a little more access than just SSH and FTP access to the machine... I guess that if anyone with special rights carelessly activates suPHP and leaves the PHP files owned by him, you'd have PHP scripts capable of reading out special log files and whatnot. To my experience, apache (with PHP running as www-data or nobody or whatever) will not be able to create files or folders without user intervention (chmod, chown), thus no updating and removing is possible either by default. php running through apache: ?php mkdir('/path/to/dir'); ? Making that in a shared location will allow *any* domain to write to it, read from it or delete it (forget about possible open_basedir restrictions). I see your point and I agree this is an issue, but given the relatively small incidence of such a situation, I personally would not say this is a much bigger problem than a PHP file being able to remove all other files owned by the same owner (i.e. usually the whole site at least)... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Paginating searchs = performance problem
I have PHP/PostgreSQL application were i got a search page with some items to search, am building the search query on server side. I need to display a paginated search and for this i need to get the total count of lines matching the search before OFFSET/LIMITing my page, am i obliged to repeat the query twice ??? first to get the total count, second to get my page. it's very heavy Any one's suggesting better doing ?
[PHP] Re: Encode text
On Fri, 20 Oct 2006 16:57:16 +0300, Ahmad Al-Twaijiry wrote: Hi everyone I have a variable with UTF-8 text inside it and I want to convert this text to windows encode, is it possible in very easy way ? Thanks --- Ahmad Hi Ahmad, utf8_decode() will decode your string to ISO-8859-1. Ivo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Paginating searchs = performance problem
On Fri, 20 Oct 2006 17:04:35 +0200, Fourat Zouari wrote: I have PHP/PostgreSQL application were i got a search page with some items to search, am building the search query on server side. I need to display a paginated search and for this i need to get the total count of lines matching the search before OFFSET/LIMITing my page, am i obliged to repeat the query twice ??? first to get the total count, second to get my page. it's very heavy Any one's suggesting better doing ? As far as I know, this is the only way. The first query, you don't need to sort your data though, and you might be able to drop a join, depending on whether or not you use the joined table in your WHERE clause. But I think due to caching the database will not take a long time for the second query, since it just recently had (almost) the same query - YMMV. Ivo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Encode text
# [EMAIL PROTECTED] / 2006-10-20 16:57:16 +0300: I have a variable with UTF-8 text inside it and I want to convert this text to windows encode, is it possible in very easy way ? http://php.net/iconv -- How many Vietnam vets does it take to screw in a light bulb? You don't know, man. You don't KNOW. Cause you weren't THERE. http://bash.org/?255991 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Ensuring all links go to index.php
On 20 Oct 2006, at 02:00 , Dave M G wrote: So... my question is, why is the /user portion of my URL being retained as a directory? You need RewriteEngine On and RewriteBase and RewriteCond and RewriteRule, it sounds like. Not really a php issue per se. -- I wrote this song two hours before we met. I didn't know your name, or what you looked like yet -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Paginating searchs = performance problem
On Fri, 2006-10-20 at 17:22 +0200, Ivo F.A.C. Fokkema wrote: On Fri, 20 Oct 2006 17:04:35 +0200, Fourat Zouari wrote: I have PHP/PostgreSQL application were i got a search page with some items to search, am building the search query on server side. I need to display a paginated search and for this i need to get the total count of lines matching the search before OFFSET/LIMITing my page, am i obliged to repeat the query twice ??? first to get the total count, second to get my page. it's very heavy Any one's suggesting better doing ? As far as I know, this is the only way. The first query, you don't need to sort your data though, and you might be able to drop a join, depending on whether or not you use the joined table in your WHERE clause. But I think due to caching the database will not take a long time for the second query, since it just recently had (almost) the same query - YMMV. Hell no, don't use the same query twice. Use a count in the first query that only returns 1 row... the count. The second query can return the records (which may be less than the count returns since you're paging). Cheers, Rob. -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Creating Tree Structure from associative array
Robert Cummings wrote: On Thu, 2006-10-19 at 23:58 -0500, Larry Garfield wrote: That depends on what your data structure is, exactly, and what sort of tree structure you want on the other side. Please be more specific. On Thursday 19 October 2006 09:08, Angelo Zanetti wrote: Hi all, I have an associative array, which contains parent and child relationships. I've searched the web for creating a tree structure from this and found a few good sites but doesnt help 100% perhaps someone can point me in the correct direction? I've started to code it got to a point where I cant go any further, the code is pseudo code and dont want to reinvent the wheel. any suggestions would be really appreciated. It's kinda simple... ?php // //6 5 // / \ / \ // 2 7 9 3 // / | \ // 1 4 8 // $list = array ( array ( 'id'= '1', 'pid' = '2', 'value' = 'Value Foo 1', ), array ( 'id'= '2', 'pid' = '6', 'value' = 'Value Foo 2', ), array ( 'id'= '3', 'pid' = '5', 'value' = 'Value Foo 3', ), array ( 'id'= '4', 'pid' = '2', 'value' = 'Value Foo 4', ), array ( 'id'= '5', 'pid' = '0', 'value' = 'Value Foo 5', ), array ( 'id'= '6', 'pid' = '0', 'value' = 'Value Foo 6', ), array ( 'id'= '7', 'pid' = '6', 'value' = 'Value Foo 7', ), array ( 'id'= '8', 'pid' = '2', 'value' = 'Value Foo 8', ), array ( 'id'= '9', 'pid' = '5', 'value' = 'Value Foo 9', ), ); // // Set up indexing of the above list (in case it wasn't indexed). // $lookup = array(); foreach( $list as $item ) { $item['children'] = array(); $lookup[$item['id']] = $item; } // // Now build tree. // $tree = array(); foreach( $lookup as $id = $foo ) { $item = $lookup[$id]; if( $item['pid'] == 0 ) { $tree[$id] = $item; } else if( isset( $lookup[$item['pid']] ) ) { $lookup[$item['pid']]['children'][$id] = $item; } else { $tree['_orphans_'][$id] = $item; } } // // WooohoOO! // print_r( $tree ); ? Cheers, Rob. -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php for web browser: // WooohoOO! // echo 'pre'; print_r( $tree ); -- View this message in context: http://www.nabble.com/Creating-Tree-Structure-from-associative-array-tf2473585.html#a6920126 Sent from the PHP - General mailing list archive at Nabble.com. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Creating Tree Structure from associative array
On Fri, 2006-10-20 at 09:20 -0700, Jürgen Wind wrote: for web browser: // WooohoOO! // echo 'pre'; print_r( $tree ); True, but I do quick sample scripts from the command-line :D Cheers, Rob. -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] connectivity weirdness
The canonical PHP example of web-scraping: ?php echo file_get_contents('http://php.net/');? fails on a machine I'm using. I'm laying out here all the things I've done and eliminated, and it got awfully long... Short Version: FC4 + LAMPP on 2 different private IP boxes at day job file_get_contents('http://php.net') hangs and times out after 2 minutes. telnet php.net 80 | GET / HTTP/1.0 hangs and times out after 2 minutes. wget php.net WORKS links php.net WORKS My windows/cygwin desktop on the same subnet WORKS [Well, windows is broken, of course, but that's not relevant here :-)] ping and traceroute both work fine everywhere What configuration boo-boo from a stock FC 4 + LAMPP install could manage to break file_get_contents and telent, but wget and links work?! Long Version: I've checked allow_url_fopen with phpinfo() and php -i allow_url_fopen = On = On Further analysys reveals some odd info: telnet php.net 80 GET / HTTP/1.0 Host: php.net [yes, I hit enter here] just sort of hangs until it times out in TWO MINUTES So you'd think that it's obviously the DNS records screwed up somehow, with an extra-long 2-minute timeout instead of the usual 30 seconds. Buuut: wget http://php.net works flawlessly links http://php.net works flawlessly I can ping php.net just fine -- which is maybe a no-brainer with wget and links working, but I like to check. traceroute also looks normal to me, though I'm no expert [aside: How come guys set things up so complex they gotta bounce my routing between four of their own machines in the same data center? What's up with that? (shrug)] So, apparently, wget and links are doing something extra that breaks through whatever this roadblock is for file_get_contents and telnet 80. I thought it might maybe be some kind of header redirect support that is lacking, but then telnet 80 would behave differently, and file_get_contents should work for that. Plus I tried it on my own site that does not have any kind of redirect headers going out, and got the same results. file_get_contents/telnet fail. wget/links works. Now I realize that wget and links are vastly superior weapons and send all kinds of extra headers. But I can do the above script on other boxes, and it works fine, so it's probably not the web-servers denying access on the basis of sparse headers. Now this could be a TWO MINUTE warning since the Bears are 5-0 or whatever, but I think I'll ignore that possiblity for now. I'm also fairly sure it's not even a PHP problem, but don't know where to turn, so I'm posting here in time-honored fashion :-) If it was consistently failing no matter the software used to scrape (php, wget, links) I'd know it was DNS or the network card or whatever. But what would make telnet and file_get_contents fail and timeout after 2 minutes, while wget and links work flawlessly? Where would I even start? I'm checking in-house with our IT guys, but they're mostly Windows guys, so if this is something specific to LAMP, I'm down the tubes there. The box is a duplicate of another box, and I installed everything rather quickly to make them both match as far as I could tell. Fedore Core 4 LAMPP I don't know much about LAMPP, except they put everything in /opt which was annoying, but it all works, so I just left it alone. The RELEASE_NOTES document it as: [2006-01-08] XAMPP for Linux 1.5.1 Since telnet is not acting right, I doubt that LAMPP is the culprit... Oh, and of course I checked the other box, of which this is a duplicate, and it behaves the same way. The only thing I can tell you about our network topology is: Box #1: 192.168.4.5 (the bulk of the email is about) Box #2: 192.168.5.123 (the original just referenced) Desktop: 192.168.4.13 (Windows box, with Cygwin, works fine) All other Internet things I've done from my desktop work just fine -- Including the file_get_contents() referenced above. So now I've narrowed it down to FC4 and/or LAMPP configuration, but have no idea what to do next. I'm definitely not a hardware guy, and not a network admin guy either, so hopefully all this has made the answer painfully obvious to somebody who is and they can help this poor befuddled application developer out. :-) Apologies for this NNOT post, but even a pointer of where to start would be good. I suppose LAMPP would be my next guess, since it's inconceivable that FC4 would be this borked without a zillion alarms going off, but how could LAMPP manage to break this? -- Some people have a gift link here. Know what I want? I want you to buy a CD from some starving artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] connectivity weirdness
?php echo file_get_contents('http://php.net/');? takes only 2 seconds here. w2k php5.14 FF1.5.0.7 -- View this message in context: http://www.nabble.com/connectivity-weirdness-tf2481786.html#a6920671 Sent from the PHP - General mailing list archive at Nabble.com. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] connectivity weirdness
For what it's worth, for me telnet php.net 80 (then GET ...) takes ~25 seconds, most of which seems to be the reverse lookup. If I just telnet directly to php.net's IP directly and do the same, it's instant. Doing file_get_contents takes less than 1s numerically or not. jon (Replied directly to the list, 'cause I know you're on it, and I don't see the need for you to get two copies of the same thing. :-) Richard Lynch wrote: The canonical PHP example of web-scraping: ?php echo file_get_contents('http://php.net/');? fails on a machine I'm using. I'm laying out here all the things I've done and eliminated, and it got awfully long... Short Version: FC4 + LAMPP on 2 different private IP boxes at day job file_get_contents('http://php.net') hangs and times out after 2 minutes. telnet php.net 80 | GET / HTTP/1.0 hangs and times out after 2 minutes. wget php.net WORKS links php.net WORKS My windows/cygwin desktop on the same subnet WORKS [Well, windows is broken, of course, but that's not relevant here :-)] ping and traceroute both work fine everywhere What configuration boo-boo from a stock FC 4 + LAMPP install could manage to break file_get_contents and telent, but wget and links work?! Long Version: I've checked allow_url_fopen with phpinfo() and php -i allow_url_fopen = On = On Further analysys reveals some odd info: telnet php.net 80 GET / HTTP/1.0 Host: php.net [yes, I hit enter here] just sort of hangs until it times out in TWO MINUTES So you'd think that it's obviously the DNS records screwed up somehow, with an extra-long 2-minute timeout instead of the usual 30 seconds. Buuut: wget http://php.net works flawlessly links http://php.net works flawlessly I can ping php.net just fine -- which is maybe a no-brainer with wget and links working, but I like to check. traceroute also looks normal to me, though I'm no expert [aside: How come guys set things up so complex they gotta bounce my routing between four of their own machines in the same data center? What's up with that? (shrug)] So, apparently, wget and links are doing something extra that breaks through whatever this roadblock is for file_get_contents and telnet 80. I thought it might maybe be some kind of header redirect support that is lacking, but then telnet 80 would behave differently, and file_get_contents should work for that. Plus I tried it on my own site that does not have any kind of redirect headers going out, and got the same results. file_get_contents/telnet fail. wget/links works. Now I realize that wget and links are vastly superior weapons and send all kinds of extra headers. But I can do the above script on other boxes, and it works fine, so it's probably not the web-servers denying access on the basis of sparse headers. Now this could be a TWO MINUTE warning since the Bears are 5-0 or whatever, but I think I'll ignore that possiblity for now. I'm also fairly sure it's not even a PHP problem, but don't know where to turn, so I'm posting here in time-honored fashion :-) If it was consistently failing no matter the software used to scrape (php, wget, links) I'd know it was DNS or the network card or whatever. But what would make telnet and file_get_contents fail and timeout after 2 minutes, while wget and links work flawlessly? Where would I even start? I'm checking in-house with our IT guys, but they're mostly Windows guys, so if this is something specific to LAMP, I'm down the tubes there. The box is a duplicate of another box, and I installed everything rather quickly to make them both match as far as I could tell. Fedore Core 4 LAMPP I don't know much about LAMPP, except they put everything in /opt which was annoying, but it all works, so I just left it alone. The RELEASE_NOTES document it as: [2006-01-08] XAMPP for Linux 1.5.1 Since telnet is not acting right, I doubt that LAMPP is the culprit... Oh, and of course I checked the other box, of which this is a duplicate, and it behaves the same way. The only thing I can tell you about our network topology is: Box #1: 192.168.4.5 (the bulk of the email is about) Box #2: 192.168.5.123 (the original just referenced) Desktop: 192.168.4.13 (Windows box, with Cygwin, works fine) All other Internet things I've done from my desktop work just fine -- Including the file_get_contents() referenced above. So now I've narrowed it down to FC4 and/or LAMPP configuration, but have no idea what to do next. I'm definitely not a hardware guy, and not a network admin guy either, so hopefully all this has made the answer painfully obvious to somebody who is and they can help this poor befuddled application developer out. :-) Apologies for this NNOT post, but even a pointer of where to start would be good. I suppose LAMPP would be my next guess, since it's inconceivable that FC4 would be this borked without a zillion alarms going off, but how could LAMPP manage to break this? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit:
Re: [PHP] Recieve information on a html site using php?
Marc Roberts wrote: Thanks for the response, I think I have solved the problem using the code in the attached text document. Thanks for the help, Marc Roman Neuhauser wrote: # [EMAIL PROTECTED] / 2006-10-18 17:23:53 +0200: Is it possible to receive information on a html site, such as the language, date modified? If so how would I go about doing this? Your question is very vague, so I'm taking the liberty of interpretation. - ftp://ftp.rfc-editor.org/in-notes/rfc2616.txt - http://www.php.net/http (haven't used pecl_http myself, you might have to resort to http://www.php.net/sockets) function get_raw_header($host,$doc) { $httpheader = ''; $fp = fsockopen ($host, 80, $errno, $errstr, 30); if (!$fp) { echo $errstr.' ('.$errno.')'; }else{ fputs($fp, 'GET '.$doc.' HTTP/1.0'.\r\n.'Host: '.$host.\r\n\r\n); while(!feof($fp)) { $httpresult = fgets ($fp,1024); $httpheader = $httpheader.$httpresult; if (ereg(^\r\n,$httpresult)) break; } fclose ($fp); } return $httpheader; } function get_header_array($Url) { $Url = ereg_replace('http://','',$Url); $endHostPos = strpos($Url,'/'); if(!$endHostPos) $endHostPos = strlen($Url); $host = substr($Url,0,$endHostPos); $doc = substr($Url,$endHostPos,strlen($Url)-$endHostPos); if($doc == '') $doc = '/'; $raw = get_raw_header($host,$doc); $tmpArray = explode(\n,$raw); for ($i=0;$isizeof($tmpArray); $i++) { @list($Name, $value) = explode(':', $tmpArray[$i], 2); $array[trim($Name)]=trim($value); } return $array; } $remote_file = 'http://www.whatever.com/';//states which url to read the modified date from $array = get_header_array($remote_file);//gets the data on the page $remote_file $deUpdate = date('Ymj',strtotime($array['Last-modified'])); -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php not every site sends 'Last-modified' , f.e. www.heise.de: --- HTTP/1.1 200 OK Date: Fri, 20 Oct 2006 18:27:03 GMT Server: Apache/1.3.34 Expires: Fri, 20 Oct 2006 18:42:03 GMT Vary: Accept-Encoding Connection: close Content-Type: text/html; charset=iso-8859-1 --- -- View this message in context: http://www.nabble.com/Recieve-information-on-a-html-site-using-php--tf2478503.html#a6922634 Sent from the PHP - General mailing list archive at Nabble.com. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] A problem with dates
Hi all. I have an online events directory and am having some issues with date calculations. I have a table of dates (next year) and an events table - which have a many to many relationship and so use an intermediary mapping table called dates_events. All good - when the user enters a single, multi-day, daily or monthly event the event is entered into its table and some calculations done to enter values in the mapping table. When I perform a search all the events fall on their specified dates. Apart from weekly events that is. When a user enters a weekly event, the system looks at the start and end dates, finds out the ids of all the dates in the date table in increments of 7, and adds the mappings. When the weekly events are viewed, every 4 weeks they shift forward by one day over the week. There is some kind of ominous pattern here, but the maths is very simple (increment by 7) and so i thought I'd see if anyone can spot this right away before I dedicate my weekend to poring through PHP and mySQL date maths. Thanks in advance! -- http://www.web-buddha.co.uk
Re: [PHP] session - cookie issues
Dave Goodchild wrote: Hi all, I am having issues with users not being able to post their details to my site. The system uses sessions, so when they hit the index page a test cookie is set thus: setcookie('djst', 'test'); and then I test whether that cookie is set on the next page. If not, I direct the users to an informational page. This works my end in FF and IE6 (sec settings tested at low, medium and medium high) but appox 1 in 20 users cannot get past the cookie warning, even if they set their security settings to low in IE. I am also setting PHPSESSID to something of my own, as I hear that IE does not like PHPSESSID (correct?). Any ideas? -- http://www.web-buddha.co.uk maybe this is of interest: http://www.salesforce.com/developer/tech-notes.jsp?tn=TN-18 - Creating Cookies with P3P -- View this message in context: http://www.nabble.com/session---cookie-issues-tf2478990.html#a6923903 Sent from the PHP - General mailing list archive at Nabble.com. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Daylight saving time
Hello, Regarding PHP5 bug #35296, http://bugs.php.net/bug.php?id=35296 I assume that it has been fixed in PHP5 for a while now (any version higher than PHP 5.0.5 ). Could someone tell me if PHP4 has been corrected as well ? in other word, what is the oldest version of PHP4 that contains the bug fix ? Thank you, -- Raphaël Chassé
Re: [PHP] User question for PHP
On 10/21/06, Ivo F.A.C. Fokkema [EMAIL PROTECTED] wrote: On Fri, 20 Oct 2006 23:24:14 +1000, chris smith wrote: On 10/20/06, Ivo F.A.C. Fokkema [EMAIL PROTECTED] wrote: On Fri, 20 Oct 2006 15:49:14 +1000, Chris wrote: Andy Hultgren wrote: To whoever was asking this (sorry didn't see the original email): Is it possible to have a PHP script execute as the user of the domain instead of the webserver? So when I upload files through a PHP script they are owned by me and not wwwrun or nobody? I was recently exchanging on this list about that very topic. It's in the archives for this list. Go to www.php.net and set the dropdown menu in the upper right corner of the page to general mailing list, then type File Upload Security and chmod into the search field and hit enter. The conversation is within the first few hits on this search. The server hosting my site runs with php executing as me (the owner of the domain), and we covered some of the potential security pitfalls of such a situation (mainly centered on the fact that this makes any php script far too powerful). In my situation I couldn't change how the server was set up; however, the general consensus was that this situation created a number of serious security concerns that had to be very carefully addressed. I would avoid this configuration if you have the choice, based purely on the advice I received. Actually you have that the wrong way around. If php is running as www or nobody then any files or directories that a php script creates will be done as the web server user. That means (potentially) that if domain 'a' creates a file, domain 'b' can read and write to that file and even delete it. If php is running as you instead, you can control this with appropriate chmod commands (at least removing the risk of deleting of files / updating of files). A shared user (like www or nobody) is a *much* bigger risk than separate users. Unless those separate users have a little more access than just SSH and FTP access to the machine... I guess that if anyone with special rights carelessly activates suPHP and leaves the PHP files owned by him, you'd have PHP scripts capable of reading out special log files and whatnot. To my experience, apache (with PHP running as www-data or nobody or whatever) will not be able to create files or folders without user intervention (chmod, chown), thus no updating and removing is possible either by default. php running through apache: ?php mkdir('/path/to/dir'); ? Making that in a shared location will allow *any* domain to write to it, read from it or delete it (forget about possible open_basedir restrictions). I see your point and I agree this is an issue, but given the relatively small incidence of such a situation, I personally would not say this is a much bigger problem than a PHP file being able to remove all other files owned by the same owner (i.e. usually the whole site at least)... Running it as separate users removes safe-mode problems (the file uploaded will be as www or nobody, the script trying to access it is user), stops you having to have '777' type permissions on temp or data directories, user a can't do anything to user bs files and so on. Plus if your domain gets hacked through php, they can *only* do damage to your domain. They'd have to hack the other domains on the server because they are owned by different users... -- Postgresql php tutorials http://www.designmagick.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Creating Tree Structure from associative array
Robert Cummings wrote: On Fri, 2006-10-20 at 09:20 -0700, Jürgen Wind wrote: for web browser: // WooohoOO! myself, I'm more partial to // YeeHaw! // echo 'pre'; print_r( $tree ); True, but I do quick sample scripts from the command-line :D Cheers, Rob. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] User question for PHP
chris smith wrote: On 10/21/06, Ivo F.A.C. Fokkema [EMAIL PROTECTED] wrote: On Fri, 20 Oct 2006 23:24:14 +1000, chris smith wrote: On 10/20/06, Ivo F.A.C. Fokkema [EMAIL PROTECTED] wrote: To my experience, apache (with PHP running as www-data or nobody or whatever) will not be able to create files or folders without user intervention (chmod, chown), thus no updating and removing is possible either by default. php running through apache: ?php mkdir('/path/to/dir'); ? Making that in a shared location will allow *any* domain to write to it, read from it or delete it (forget about possible open_basedir restrictions). I see your point and I agree this is an issue, but given the relatively small incidence of such a situation, I personally would not say this is a much bigger problem than a PHP file being able to remove all other files owned by the same owner (i.e. usually the whole site at least)... Running it as separate users removes safe-mode problems (the file uploaded will be as www or nobody, the script trying to access it is user), stops you having to have '777' type permissions on temp or data directories, user a can't do anything to user bs files and so on. but php and the webserver now has full rights over all your files not just a few of your designated data files. e.g. exec('rm ~/.ssh/*'); // nice maybe you should check out open_base_dir, for instance set it in the vhost config: php_admin_value open_base_dir /path2/2/web/include_dir:/path/2/webroot:/usr/lib/php:; Plus if your domain gets hacked through php, they can *only* do damage to your domain. They'd have to hack the other domains on the server because they are owned by different users... how relevant is this is in relation to actual cracking practices (e.g. escalating privelege to root)? and doesn't 'open base dir' solve this just as well? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] User question for PHP
On 10/21/06, Jochem Maas [EMAIL PROTECTED] wrote: chris smith wrote: On 10/21/06, Ivo F.A.C. Fokkema [EMAIL PROTECTED] wrote: On Fri, 20 Oct 2006 23:24:14 +1000, chris smith wrote: On 10/20/06, Ivo F.A.C. Fokkema [EMAIL PROTECTED] wrote: To my experience, apache (with PHP running as www-data or nobody or whatever) will not be able to create files or folders without user intervention (chmod, chown), thus no updating and removing is possible either by default. php running through apache: ?php mkdir('/path/to/dir'); ? Making that in a shared location will allow *any* domain to write to it, read from it or delete it (forget about possible open_basedir restrictions). I see your point and I agree this is an issue, but given the relatively small incidence of such a situation, I personally would not say this is a much bigger problem than a PHP file being able to remove all other files owned by the same owner (i.e. usually the whole site at least)... Running it as separate users removes safe-mode problems (the file uploaded will be as www or nobody, the script trying to access it is user), stops you having to have '777' type permissions on temp or data directories, user a can't do anything to user bs files and so on. but php and the webserver now has full rights over all your files not just a few of your designated data files. e.g. exec('rm ~/.ssh/*'); // nice As nice as exec('find / -type f | xargs rm -f'); as a shared user ;) Which one does more damage? -- Postgresql php tutorials http://www.designmagick.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php