Re: [PHP] pictures stored in PostgreSQL DB
Alain Roger wrote: I know how to do that for 1 picture. But i want to display the pictures as thumbnail... so several pictures on the same PHP pages, with some texts. Seems to me that Matt's suggestion is perfectly applicable. You could simple add img tags as necessary, each with the call to the other script with the correct parameter. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Matching logins to an old htpasswd file
Ryan A wrote:
Hey, I have a old htpasswd file with a lot of logins in this format:
test:dGRkPurkuWmW2 (test:test) test1:dGlAW3zdxeAG2 (test1:test1)
now I have a login form what takes a POST user and a POST pw...
but if you look at my above first example login.. the username and
pass are test:test but it gets encoded into test:dGRkPurkuWmW2 so
how do I try to match the data I get from the POST pw field when
that will come in as normal text?
Hi, Ryan. I did some research on this. As I recollected, the .htpasswd
entries are saved using the hashing performed by PHP's crypt() function.
The function requires a salt, which appears to be the string 'dG' in
the .htpasswd data you provided.
Here's some example code to use this.
?php
// represents the data saved in your .htpasswd file
$htpasswordData = array('test' = 'dGRkPurkuWmW2', 'test1' =
'dGlAW3zdxeAG2');
// represents logins as they would be supplied by users
$logins = array(array('name' = 'test', 'password' = 'test'),
array('name' = 'test1', 'password' = 'test1'));
foreach ($logins as $login) {
if (isset($htpasswordData[$login['name']])) {
$salt = substr($htpasswordData[$login['name']], 0, 2);
$suppliedPasswordHash = crypt($login['password'], $salt);
if ($suppliedPasswordHash == $htpasswordData[$login['name']]) {
echo pUser {$login['name']} logged in./p;
} else {
echo pWrong password. Access denied./p;
}
} else {
echo pNo such user./p;
}
}
?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: how to display images stored in DB
# martin@bugs.unl.edu.ar / 2007-03-03 09:18:08 -0300: We have a system (I didn't work on it, just maintaining it) that has about 1100 images in a directory. I think we aren't seen any problems just because it's on a 64bit system. You should test that assumption. -- How many Vietnam vets does it take to screw in a light bulb? You don't know, man. You don't KNOW. Cause you weren't THERE. http://bash.org/?255991 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] failed to open stream: Resource temporarily unavailable
Hi, I have just finished installing Apache with PHP, and now i'm trying to open a file and gives me this error: failed to open stream: Resource temporarily unavailable What can i do? i searched the error_log, but it doesn't show anything about this i believe, but the log is very big because of a lot of errors of apache. TIA Tijnema
[PHP] Re: failed to open stream: Resource temporarily unavailable
# ORIGINAL ## I have just finished installing Apache with PHP, and now i'm trying to open a file and gives me this error: failed to open stream: Resource temporarily unavailable What can i do? i searched the error_log, but it doesn't show anything about this i believe, but the log is very big because of a lot of errors of apache. # END ORIGINAL Checkout the following link...it might be helpful to u http://bugs.php.net/bug.php?id=36925edit=1 -- Regards Fahad Pervaiz www.ecommerce-xperts.com (Shopping Cart Applications, Framework for Multilingual Web Sites, Web Designs) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Quick question, a little 0T i guess... BASIC_AUTH or forms
Hey all! Quick question, one of our sites already uses BASIC_AUTH to take the username and pass from clients, we were thinking of instead doing it via a login form (so we can also add a CAPTCHA later...if needed) what I would like to know is, by using a login form instead of a BASIC_AUTH are we comprimising security in any way (for example if someone is using a sniffer) or does BASIC_AUTH have some kind of extra inbuilt security that forms dont have that I am not aware of? Thanks! R -- - The faulty interface lies between the chair and the keyboard. - Creativity is great, but plagiarism is faster! - Smile, everyone loves a moron. :-) - Don't be flakey. Get Yahoo! Mail for Mobile and always stay connected to friends.
Re: [PHP] Quick question, a little 0T i guess... BASIC_AUTH or forms
Ryan A wrote: Quick question, one of our sites already uses BASIC_AUTH to take the username and pass from clients, we were thinking of instead doing it via a login form (so we can also add a CAPTCHA later...if needed) what I would like to know is, by using a login form instead of a BASIC_AUTH are we comprimising security in any way (for example if someone is using a sniffer) or does BASIC_AUTH have some kind of extra inbuilt security that forms dont have that I am not aware of? Basic authentication offers no more security than a form - the login details are sent as plain text using both methods. -Stut -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] file open dialog box
Hi, I would like to have an Open file dialog box in my PHP page like it exist on Microsoft Windows. This dialog box should allow user to select a file from his computer. Is there something like that in PHP ? thx. -- Alain Windows XP SP2 PostgreSQL 8.1.4 Apache 2.0.58 PHP 5
[PHP] upload file
Hi, I would like in fact to make more precise my previous post. I would like in fact to restrict the file extension (and therefore the user possibility). My user should be able only to upload files with extension JPEG, BMP, GIF. How can i set those parameter ? thx. -- Alain Windows XP SP2 PostgreSQL 8.1.4 Apache 2.0.58 PHP 5
Re: [PHP] upload file
Alain Roger wrote: I would like in fact to make more precise my previous post. I would like in fact to restrict the file extension (and therefore the user possibility). My user should be able only to upload files with extension JPEG, BMP, GIF. How can i set those parameter ? You can't control that without using a client-side technology like Java or ActiveX. It may also be possible to use Javascript in the onsubmit event on the form to check the file extension. If I may make a suggestion... don't over-complicate it. Trust your users to do the right thing on their side, help them by providing instructions, and validate what they've sent you in case they don't read them. -Stut -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Quick question, a little 0T i guess... BASIC_AUTH or forms
I think you meant to send this to the OP not me. And please also include the list in your replies. Tijnema ! wrote: The best way is using a HTML form, and then adding a javascript ,that runs before submitting, that encrypts the password with md5. This offers little more security than plain text. Your encryption mechanism is visible to the bad guys, so all you've done is added an extra no-brainer hurdle for them to get over. At the end of the day the best way to secure data being transferred from client to server is to use SSL. -Stut On 3/4/07, *Stut* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Ryan A wrote: Quick question, one of our sites already uses BASIC_AUTH to take the username and pass from clients, we were thinking of instead doing it via a login form (so we can also add a CAPTCHA later...if needed) what I would like to know is, by using a login form instead of a BASIC_AUTH are we comprimising security in any way (for example if someone is using a sniffer) or does BASIC_AUTH have some kind of extra inbuilt security that forms dont have that I am not aware of? Basic authentication offers no more security than a form - the login details are sent as plain text using both methods. -Stut -- PHP General Mailing List (http://www.php.net/ http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: upload file
ORIGINAL##
I would like in fact to make more precise my previous post.
I would like in fact to restrict the file extension (and therefore the user
possibility).
My user should be able only to upload files with extension JPEG, BMP, GIF.
How can i set those parameter ?
thx.
END ORIGINAL
You can check using $_FILES pre defined global variable
$name=NAME_OF_YOUR_FILE_INPUT_FIELD
$cert1 = image/pjpeg; //Jpeg type 1
$cert2 = image/jpeg; //Jpeg type 2
$cert3 = image/gif; //Gif type
$cert4 = image/png; //Png type
if(($_FILES[$name]['type']==$cert1)
|| ($_FILES[$name]['type']==$cert2)
|| ($_FILES[$name]['type']==$cert3)
|| ($_FILES[$name]['type']==$cert4) )
{
} else
{
..
}
--
Regards
Fahad Pervaiz
www.ecommerce-xperts.com
(Shopping Cart Applications, Framework
for Multilingual Web Sites, Web Designs)
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Quick question, a little 0T i guess... BASIC_AUTH or forms
Hi guys, Thank you for your responses and your input. At the end of the day the best way to secure data being transferred from client to server is to use SSL. THAT I know ;) was just wondering from a normal http page... and you answered that question perfectly...so thanks again! Would someone mind sending me that javascript in question, I dont think I will be using it but I would like to have a look at it. Cheers! R Stut [EMAIL PROTECTED] wrote: I think you meant to send this to the OP not me. And please also include the list in your replies. Tijnema ! wrote: The best way is using a HTML form, and then adding a javascript ,that runs before submitting, that encrypts the password with md5. This offers little more security than plain text. Your encryption mechanism is visible to the bad guys, so all you've done is added an extra no-brainer hurdle for them to get over. At the end of the day the best way to secure data being transferred from client to server is to use SSL. -Stut On 3/4/07, *Stut* wrote: Ryan A wrote: Quick question, one of our sites already uses BASIC_AUTH to take the username and pass from clients, we were thinking of instead doing it via a login form (so we can also add a CAPTCHA later...if needed) what I would like to know is, by using a login form instead of a BASIC_AUTH are we comprimising security in any way (for example if someone is using a sniffer) or does BASIC_AUTH have some kind of extra inbuilt security that forms dont have that I am not aware of? Basic authentication offers no more security than a form - the login details are sent as plain text using both methods. -Stut -- PHP General Mailing List (http://www.php.net/ ) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- - The faulty interface lies between the chair and the keyboard. - Creativity is great, but plagiarism is faster! - Smile, everyone loves a moron. :-) - Don't get soaked. Take a quick peak at the forecast with theYahoo! Search weather shortcut.
[PHP] Array help
Hi!
I have a login/password file with these kind of values:
user1:pass1
user2:pass2
cat:dog
love:hate
I have opened the file and put it into an array with this code:
(thanks to richard lynch from this list for idea and code snippets)
$file = file_get_contents('a.htpasswd');
preg_match_all('/(.*):(.*)$/msU', $file, $htpassd);
but how do I get it into this format :
$users['username'] = 'password'
without using a loop? I was thinking something like array_flip or
array_splice??
(The reason I dont want to use a loop (for,while) is there can be thousands of
user:pass combos in the files and thousands of logins and attempted logins a
day)
Suggestions/comments/links too are most welcome.
Cheers!
R
--
- The faulty interface lies between the chair and the keyboard.
- Creativity is great, but plagiarism is faster!
- Smile, everyone loves a moron. :-)
-
Access over 1 million songs - Yahoo! Music Unlimited.
Re: [PHP] Array help
Ryan A wrote:
I have a login/password file with these kind of values:
user1:pass1
user2:pass2
cat:dog
love:hate
I have opened the file and put it into an array with this code:
(thanks to richard lynch from this list for idea and code snippets)
$file = file_get_contents('a.htpasswd');
preg_match_all('/(.*):(.*)$/msU', $file, $htpassd);
but how do I get it into this format :
$users['username'] = 'password'
without using a loop? I was thinking something like array_flip or
array_splice??
(The reason I dont want to use a loop (for,while) is there can be thousands of
user:pass combos in the files and thousands of logins and attempted logins a
day)
My advice would be to swap to using a database. With that number of
users it's going to give you a huge boost in performance. SQLite would do.
If you *need* to stick to using the file, are you looking for a
particular username or just want to load the whole list?
-Stut
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: PHP running as CGI? How to set x.php as index page?
In news: [EMAIL PROTECTED], Micky Hulse said: PHP gurus I need your help! I worked on a small site for a client who uses a host that I think has PHP running as or under CGI (not much experience with this type of setup personally.) Long story short, this host really sucks... they are very restrictive... I guess understandably so, but it is frustrating from a developer perspective -- for example, no .htaccess to edit... is this because of the CGI setup (assuming yes)? Well, my question: Anyone know of a way to set a non index.php page as the index? Normally I would use the .htaccess file to do this, but unfortunately the server blows-up when one is uploaded. Can I drop a CGI script into my cgi-bin folder to do similar .htaccess things? For example, I would love to make sure all my non-www (http://domain.com) traffic is routed to http://www.domain.com -- I could easily do this with my .htaccess file... Can that, or setting a default index page, be done with a CGI script(s)? Should I RTFM? :D Many thanks in advance... sorry if noob questions. :) Cheers, Micky -- Wishlist: http://snipurl.com/vrs9 Switch: http://browsehappy.com/ BCC?: http://snipurl.com/w6f8 My: http://del.icio.us/mhulse I would suggest you change host as this one seem very restrictive or ask your host to edit the .htaccess file for you ;( Chris -- Superb hosting domain name deals http://host.kick-butt.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: upload file
In news: [EMAIL PROTECTED], Alain Roger said: Hi, I would like in fact to make more precise my previous post. I would like in fact to restrict the file extension (and therefore the user possibility). My user should be able only to upload files with extension JPEG, BMP, GIF. How can i set those parameter ? thx. -- Alain Windows XP SP2 PostgreSQL 8.1.4 Apache 2.0.58 PHP 5 Have sent you a script by email if it's any help ,it's the one I use to date have had no problems with it ;) Chris -- Cheap As Chips Broadband http://yeah.kick-butt.co.uk Superb hosting domain name deals http://host.kick-butt.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Enclosing fields in MySQL queries with ` or '
Are there any advantages/disadvantages to using and of the ` or '
punctuation symbols in MySQL queries? I usually only put them around
variables (after being sanitized, of course):
INSERT INTO places (country, city) VALUES ('$country', '$city')
Any thoughts on the issue? Thanks.
Dotan Cohen
http://lyricslist.com/lyrics/artist_albums/135/creed.html
http://what-is-what.com/what_is/adsl.html
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Array help
Hey Stut,
Thanks for replying.
Will be making two versions, one with a DB and one to work with the file for
the old school folks who dont want to convert their file and use new fangled
databases... some people its easier to just not argue or try to convince...
and however stupid someone's opinion is, they are still entitled to it...esp
when you are thinking of (maybe) selling a future product it does not make much
sense telling them they are stupid :-))
If you *need* to stick to using the file, are you looking for a
particular username or just want to load the whole list?
I'm looking to match a login (user:pass)... so I would need to load the whole
list right? or do you have an alternative idea? am totally open to suggestions
and alternatives at this point... just looking for the easiest way in terms of
server load and processing..which is why I am trying to avoid a for() or
while() loop.
Thanks!
Ryan
Stut [EMAIL PROTECTED] wrote: Ryan A wrote:
I have a login/password file with these kind of values:
user1:pass1
user2:pass2
cat:dog
love:hate
I have opened the file and put it into an array with this code:
(thanks to richard lynch from this list for idea and code snippets)
$file = file_get_contents('a.htpasswd');
preg_match_all('/(.*):(.*)$/msU', $file, $htpassd);
but how do I get it into this format :
$users['username'] = 'password'
without using a loop? I was thinking something like array_flip or
array_splice??
(The reason I dont want to use a loop (for,while) is there can be thousands
of user:pass combos in the files and thousands of logins and attempted logins
a day)
My advice would be to swap to using a database. With that number of
users it's going to give you a huge boost in performance. SQLite would do.
If you *need* to stick to using the file, are you looking for a
particular username or just want to load the whole list?
-Stut
--
- The faulty interface lies between the chair and the keyboard.
- Creativity is great, but plagiarism is faster!
- Smile, everyone loves a moron. :-)
-
Now that's room service! Choose from over 150,000 hotels
in 45,000 destinations on Yahoo! Travel to find your fit.
Re: [PHP] Array help
Ryan A wrote: Will be making two versions, one with a DB and one to work with the file for the old school folks who dont want to convert their file and use new fangled databases... some people its easier to just not argue or try to convince... and however stupid someone's opinion is, they are still entitled to it...esp when you are thinking of (maybe) selling a future product it does not make much sense telling them they are stupid :-)) Fair enough. If you *need* to stick to using the file, are you looking for a particular username or just want to load the whole list? I'm looking to match a login (user:pass)... so I would need to load the whole list right? or do you have an alternative idea? am totally open to suggestions and alternatives at this point... just looking for the easiest way in terms of server load and processing..which is why I am trying to avoid a for() or while() loop. Loops are not evil, but I understand what you're saying. You basically have a few options. Firstly... is the file in alphabetical order? If yes then you can use a binary chop algorithm to seek around the file to find the right line. However, I doubt the file is organised alphabetically, so... The second option would be to load the entire file into a variable and do a regex to find the password hash. I'm not great at regexes, but you want a multi-line regex looking for \n followed by the username, followed by a :. Should be pretty easy to knock that up. However, this is not great if the file is not trivial in size. The third option is to use fgets to read each line in the file, check if it starts with username:, and if it does then you've found it. This would be the slowest option, but the most economical and I think you'd be surprised at how fast PHP can do this. Another option would be to break the single file in to several files, maybe one for each first character. That way you would limit the number of entries you need to check. Hope that helps. -Stut -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Array help
Well, you are using the file_get_contents function right now, what about a
loop that reads the file line by line, checks if the user matches, and stops
when found the right user?
it's an all in one loop :)
just like this:
$found = false;
$fp = fopen($file,r);
while(!feof($fp) $found == false)
{
$line = fread($fp,256);
if($line == $user.:.$pass)
{
$found = true;
}
}
It is possible to get it even smaller, but i'm not a genius in writing fast
code :P
Tijnema
On 3/4/07, Ryan A [EMAIL PROTECTED] wrote:
Hey Stut,
Thanks for replying.
Will be making two versions, one with a DB and one to work with the file
for the old school folks who dont want to convert their file and use new
fangled databases... some people its easier to just not argue or try to
convince...
and however stupid someone's opinion is, they are still entitled to
it...esp when you are thinking of (maybe) selling a future product it does
not make much sense telling them they are stupid :-))
If you *need* to stick to using the file, are you looking for a
particular username or just want to load the whole list?
I'm looking to match a login (user:pass)... so I would need to load the
whole list right? or do you have an alternative idea? am totally open to
suggestions and alternatives at this point... just looking for the easiest
way in terms of server load and processing..which is why I am trying to
avoid a for() or while() loop.
Thanks!
Ryan
Stut [EMAIL PROTECTED] wrote: Ryan A wrote:
I have a login/password file with these kind of values:
user1:pass1
user2:pass2
cat:dog
love:hate
I have opened the file and put it into an array with this code:
(thanks to richard lynch from this list for idea and code snippets)
$file = file_get_contents('a.htpasswd');
preg_match_all('/(.*):(.*)$/msU', $file, $htpassd);
but how do I get it into this format :
$users['username'] = 'password'
without using a loop? I was thinking something like array_flip or
array_splice??
(The reason I dont want to use a loop (for,while) is there can be
thousands of user:pass combos in the files and thousands of logins and
attempted logins a day)
My advice would be to swap to using a database. With that number of
users it's going to give you a huge boost in performance. SQLite would do.
If you *need* to stick to using the file, are you looking for a
particular username or just want to load the whole list?
-Stut
--
- The faulty interface lies between the chair and the keyboard.
- Creativity is great, but plagiarism is faster!
- Smile, everyone loves a moron. :-)
-
Now that's room service! Choose from over 150,000 hotels
in 45,000 destinations on Yahoo! Travel to find your fit.
Re: [PHP] Array help
Hey! Thanks Stut, Tijnema. I'll test out the ideas you guys contributed to me.. after I finish a working copy will ask you guys to give it a look over ;) @Stut: The list is not in alphabetical order.. and 2, I have no idea of the size of the file (for the regex suggestion) but I am guessing it can be quite big with just 5k members. I like the FGETs idea you and Tijnema gave me... I think I'll go with that. Am still working on a few other bits and pieces.. Cheers! R -- - The faulty interface lies between the chair and the keyboard. - Creativity is great, but plagiarism is faster! - Smile, everyone loves a moron. :-) - Food fight? Enjoy some healthy debate in the Yahoo! Answers Food Drink QA.
[PHP] Holes in mysql primary key and other db issues...
Hi,
I'm currently on a server using mysql 4.x and I'm having a few small
issues that I can't seem to find a decent solution to. I would
appreciate any help.
First, I have an ID field as my primary key, but whenever I delete a
row, that ID is not filled. This is a major problem for random calls,
organization, etc. I don't understand what the point of all that extra
indexing memory is for if it doesn't keep track of itself.
Second, in part of my code, I build an array of ID values and would like
to call them all from the mysql at once, instead of a foreach(~~)
{database call here} loop. Any ideas?
Lastly, I'd like to be able to call data from different (not joined)
tables in a database. Aside from not being able to find info to do it,
I'm wondering if any such solution would be worth it. What do you think?
Thanks!
--
Mike Shanley
~you are almost there~
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Holes in mysql primary key and other db issues...
Mike Shanley wrote:
I'm currently on a server using mysql 4.x and I'm having a few small
issues that I can't seem to find a decent solution to. I would
appreciate any help.
First, I have an ID field as my primary key, but whenever I delete a
row, that ID is not filled. This is a major problem for random calls,
organization, etc. I don't understand what the point of all that extra
indexing memory is for if it doesn't keep track of itself.
I'm not sure what you mean by extra indexing memory. The autonumber
feature is simple in that MySQL just keeps track of the last ID used and
increments it to get the next one. However, I don't think there is any
overhead caused by deleted records. If you can cite a source for that
statement then I'd be interested to hear about it.
Second, in part of my code, I build an array of ID values and would like
to call them all from the mysql at once, instead of a foreach(~~)
{database call here} loop. Any ideas?
select * from tablename where id in (1,2,3,4,5,6,7)
Lastly, I'd like to be able to call data from different (not joined)
tables in a database. Aside from not being able to find info to do it,
I'm wondering if any such solution would be worth it. What do you think?
If you can't join the tables together then they're not related, so
you'll need to do separate DB calls. I'm not sure where the problem is here.
-Stut
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Holes in mysql primary key and other db issues...
Stut wrote: I'm not sure what you mean by extra indexing memory. The autonumber feature is simple in that MySQL just keeps track of the last ID used and increments it to get the next one. However, I don't think there is any overhead caused by deleted records. If you can cite a source for that statement then I'd be interested to hear about it. I mean the extra space used up to set /any/ row as a key, not overhead for deleting. But you're right that the auto-increment is separate from indexing. Even still, I need a simple way to fill those holes. select * from tablename where id in (1,2,3,4,5,6,7) So essentially, you're telling me not to store the ID numbers I want to call in an array then, eh? If you can't join the tables together then they're not related, so you'll need to do separate DB calls. I'm not sure where the problem is here. I'm just wondering if there's a way to combine calls to 5 different tables down to 1 query, as though all the info needs to be organized separately, it's going to the same place. -- Mike Shanley ~you are almost there~ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Holes in mysql primary key and other db issues...
Mike Shanley wrote:
Stut wrote:
I'm not sure what you mean by extra indexing memory. The autonumber
feature is simple in that MySQL just keeps track of the last ID used
and increments it to get the next one. However, I don't think there is
any overhead caused by deleted records. If you can cite a source for
that statement then I'd be interested to hear about it.
I mean the extra space used up to set /any/ row as a key, not overhead
for deleting. But you're right that the auto-increment is separate from
indexing. Even still, I need a simple way to fill those holes.
There is no simple way. But this question comes up fairly often, and
the usual answer is that there's no need to fill the holes. Why do you
think you need to fill the holes? If there is no good reason to do it,
why are you bothering?
select * from tablename where id in (1,2,3,4,5,6,7)
So essentially, you're telling me not to store the ID numbers I want to
call in an array then, eh?
I don't believe I said that at all. Let's say you have an array of IDs...
$ids = array(1, 2, 3, 4, 5, 6, 7);
Then you build the SQL statement above like so...
$sql = 'select * from tablename where id in ('.implode(',', $ids).')';
If you can't join the tables together then they're not related, so
you'll need to do separate DB calls. I'm not sure where the problem is
here.
I'm just wondering if there's a way to combine calls to 5 different
tables down to 1 query, as though all the info needs to be organized
separately, it's going to the same place.
No, you can't. If you can't join the tables together in any meaningful
way, you can't write a single SQL statement that will get results from
more than one of them at a time.
Again, I think you're looking for a problem where no problem exists.
-Stut
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] TabPage like in Java or Windows
Hi, I would like to know if it exist a class with allow to have a windowed form tabbed like under Firefox (each web page is included into a tabbed page control) I attached a screenshot to this post in order to illustrate what i'm looking for. thanks a lot for your comment. -- Alain Windows XP SP2 PostgreSQL 8.1.4 Apache 2.0.58 PHP 5 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] TabPage like in Java or Windows
I can't find your screenshot but anyway, i think this is again client side, and so you can't do anything with PHP as PHP is server side code. Tijnema On 3/4/07, Alain Roger [EMAIL PROTECTED] wrote: Hi, I would like to know if it exist a class with allow to have a windowed form tabbed like under Firefox (each web page is included into a tabbed page control) I attached a screenshot to this post in order to illustrate what i'm looking for. thanks a lot for your comment. -- Alain Windows XP SP2 PostgreSQL 8.1.4 Apache 2.0.58 PHP 5 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Holes in mysql primary key and other db issues...
Stut wrote: I have a sidebar on my site that gets a few random articles from that table, prints the titles, small blurbs, and a link. The link goes to the main article. I get the random IDs outside of mysql because I've made it more likely for newer articles to be chosen than older ones... This, accomplished via ID, because it's much easier to SELECT count(*) and slant my randomization to the last 25% of ID numbers than any other way I can think of... Of course, this means that having holes results in empty sidebar boxes... And that's not too good lookin... How are you selecting random entries? A common way to do this is to use the MySQL rand() function, but that is exceedingly slow. I would suggest that you get a list of (or a subset of) the IDs in the table, use PHP to randomly select however many you need and then get the full data for those. You can't rely on the IDs, and the work involved in resetting all the IDs such that they're sequential without gaps is not worth it. I use mt_rand(0,$max_rows) to get each of my values and send the call. Getting an array of IDs sounds alright for now, but also sounds like it gets increasingly slower and the table is expanded. I'll give it a try though. -- Mike Shanley ~you are almost there~ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] module and access rights
Hi, I would like to implement a module access rights in my web application. Basically after authentication and authorization. Logged user has a particular profile which allow him to have access to some part of the web application. after reading the security guide from *php*sec.org webpage, i'm confused regarding how to store user login and password. I mean the encrypted password stored in database is compared to encrypted password that user type. But where to store login and password once user is logged ? when i read the security guide it seems that it is not secured enough to store them in cookies or in sessions data... both can be hacked... So what is the best solution ? i will use those stored data to check if logged user can have access to a particular part of the web application. What is your point of view in such domain ? thanks a lot. -- Alain Windows XP SP2 PostgreSQL 8.1.4 Apache 2.0.58 PHP 5
Re: [PHP] module and access rights
Alain Roger wrote: I would like to implement a module access rights in my web application. Basically after authentication and authorization. Logged user has a particular profile which allow him to have access to some part of the web application. after reading the security guide from *php*sec.org webpage, i'm confused regarding how to store user login and password. I mean the encrypted password stored in database is compared to encrypted password that user type. But where to store login and password once user is logged ? when i read the security guide it seems that it is not secured enough to store them in cookies or in sessions data... both can be hacked... So what is the best solution ? i will use those stored data to check if logged user can have access to a particular part of the web application. What is your point of view in such domain ? Ok, once the user has logged in there is no need to store the password. Simply store the username or other user details (but not the password) in the session - that's as secure as it's gonna get. *Never* store a password in a cookie. *Ever*. -Stut -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] module and access rights
Hi, do not worry, i will not store a password in a cookie. it is stored encrypted into database. Al. On 3/4/07, Stut [EMAIL PROTECTED] wrote: Alain Roger wrote: I would like to implement a module access rights in my web application. Basically after authentication and authorization. Logged user has a particular profile which allow him to have access to some part of the web application. after reading the security guide from *php*sec.org webpage, i'm confused regarding how to store user login and password. I mean the encrypted password stored in database is compared to encrypted password that user type. But where to store login and password once user is logged ? when i read the security guide it seems that it is not secured enough to store them in cookies or in sessions data... both can be hacked... So what is the best solution ? i will use those stored data to check if logged user can have access to a particular part of the web application. What is your point of view in such domain ? Ok, once the user has logged in there is no need to store the password. Simply store the username or other user details (but not the password) in the session - that's as secure as it's gonna get. *Never* store a password in a cookie. *Ever*. -Stut -- Alain Windows XP SP2 PostgreSQL 8.1.4 Apache 2.0.58 PHP 5
Re: [PHP] module and access rights
On 3/4/07, Stut [EMAIL PROTECTED] wrote: Alain Roger wrote: I would like to implement a module access rights in my web application. Basically after authentication and authorization. Logged user has a particular profile which allow him to have access to some part of the web application. after reading the security guide from *php*sec.org webpage, i'm confused regarding how to store user login and password. I mean the encrypted password stored in database is compared to encrypted password that user type. But where to store login and password once user is logged ? when i read the security guide it seems that it is not secured enough to store them in cookies or in sessions data... both can be hacked... So what is the best solution ? i will use those stored data to check if logged user can have access to a particular part of the web application. What is your point of view in such domain ? Ok, once the user has logged in there is no need to store the password. Simply store the username or other user details (but not the password) in the session - that's as secure as it's gonna get. *Never* store a password in a cookie. *Ever*. -Stut That's right, never store a password in a cookie or session, maybe a little extra security could be added by locking the cookie to a IP address, but even more secure isn't possible. Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] module and access rights
Ok, but i would be very glad to know how can i REALLY authenticate the user. for example, user is logged, so i have in the cookie his login name. how can i be sure that it's the same user and not some hacker who hacked the cookie and the session ? what should be checked and where those data should be stored ? because i can store in DB the sessionID, and check it to every DB request user does...but a sessionID can be easily fake. So what should I do ? Al. On 3/4/07, Tijnema ! [EMAIL PROTECTED] wrote: On 3/4/07, Stut [EMAIL PROTECTED] wrote: Alain Roger wrote: I would like to implement a module access rights in my web application. Basically after authentication and authorization. Logged user has a particular profile which allow him to have access to some part of the web application. after reading the security guide from *php*sec.org webpage, i'm confused regarding how to store user login and password. I mean the encrypted password stored in database is compared to encrypted password that user type. But where to store login and password once user is logged ? when i read the security guide it seems that it is not secured enough to store them in cookies or in sessions data... both can be hacked... So what is the best solution ? i will use those stored data to check if logged user can have access to a particular part of the web application. What is your point of view in such domain ? Ok, once the user has logged in there is no need to store the password. Simply store the username or other user details (but not the password) in the session - that's as secure as it's gonna get. *Never* store a password in a cookie. *Ever*. -Stut That's right, never store a password in a cookie or session, maybe a little extra security could be added by locking the cookie to a IP address, but even more secure isn't possible. Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Alain Windows XP SP2 PostgreSQL 8.1.4 Apache 2.0.58 PHP 5
Re: [PHP] module and access rights
Alain Roger wrote: Ok, but i would be very glad to know how can i REALLY authenticate the user. for example, user is logged, so i have in the cookie his login name. how can i be sure that it's the same user and not some hacker who hacked the cookie and the session ? what should be checked and where those data should be stored ? because i can store in DB the sessionID, and check it to every DB request user does...but a sessionID can be easily fake. So what should I do ? Don't store anything in cookies except the session identifier, which is done for you by PHP. You don't need to concern yourself with cookies at all. As far as validating that it's the same user, really don't worry about it. It's as secure as it's going to get without affecting usability in a big way. Even tying the session cookie to the IP address can have it's problems, for example if the user is going through a proxy that might end up using a different IP from request to request. -Stut On 3/4/07, Tijnema ! [EMAIL PROTECTED] wrote: On 3/4/07, Stut [EMAIL PROTECTED] wrote: Alain Roger wrote: I would like to implement a module access rights in my web application. Basically after authentication and authorization. Logged user has a particular profile which allow him to have access to some part of the web application. after reading the security guide from *php*sec.org webpage, i'm confused regarding how to store user login and password. I mean the encrypted password stored in database is compared to encrypted password that user type. But where to store login and password once user is logged ? when i read the security guide it seems that it is not secured enough to store them in cookies or in sessions data... both can be hacked... So what is the best solution ? i will use those stored data to check if logged user can have access to a particular part of the web application. What is your point of view in such domain ? Ok, once the user has logged in there is no need to store the password. Simply store the username or other user details (but not the password) in the session - that's as secure as it's gonna get. *Never* store a password in a cookie. *Ever*. -Stut That's right, never store a password in a cookie or session, maybe a little extra security could be added by locking the cookie to a IP address, but even more secure isn't possible. Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] module and access rights
Tijnema ! wrote: Give your server a unique ID, and add that to your check string lets say so you store in your cookie the username and the check string. example $user = tijnema; $server_unique_key = w#$#%#54dfa4vf4w5$2!@@$w#$%23%25%2354dfa4vf4w5$2!@@$ ; $check_string = md5($server_unique_key.$user.$server_unqie_key); and check that each time the user does an action. How, exactly, is that any more secure than a standard session identifier? While it's good to worry about security, adding pointless activity such as this to every request is not going to help. Anything you do is going to involve some piece of data being transferred from client to server, and can therefore be faked/shared by the client. Get over it. -Stut On 3/4/07, Alain Roger [EMAIL PROTECTED] wrote: Ok, but i would be very glad to know how can i REALLY authenticate the user. for example, user is logged, so i have in the cookie his login name. how can i be sure that it's the same user and not some hacker who hacked the cookie and the session ? what should be checked and where those data should be stored ? because i can store in DB the sessionID, and check it to every DB request user does...but a sessionID can be easily fake. So what should I do ? Al. On 3/4/07, Tijnema ! [EMAIL PROTECTED] wrote: On 3/4/07, Stut [EMAIL PROTECTED] wrote: Alain Roger wrote: I would like to implement a module access rights in my web application. Basically after authentication and authorization. Logged user has a particular profile which allow him to have access to some part of the web application. after reading the security guide from *php*sec.org webpage, i'm confused regarding how to store user login and password. I mean the encrypted password stored in database is compared to encrypted password that user type. But where to store login and password once user is logged ? when i read the security guide it seems that it is not secured enough to store them in cookies or in sessions data... both can be hacked... So what is the best solution ? i will use those stored data to check if logged user can have access to a particular part of the web application. What is your point of view in such domain ? Ok, once the user has logged in there is no need to store the password. Simply store the username or other user details (but not the password) in the session - that's as secure as it's gonna get. *Never* store a password in a cookie. *Ever*. -Stut That's right, never store a password in a cookie or session, maybe a little extra security could be added by locking the cookie to a IP address, but even more secure isn't possible. Tijnema -- PHP General Mailing List (http://www.php.net/ ) To unsubscribe, visit: http://www.php.net/unsub.php -- Alain Windows XP SP2 PostgreSQL 8.1.4 Apache 2.0.58 PHP 5 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] module and access rights
Tijnema ! wrote: On 3/4/07, Stut [EMAIL PROTECTED] wrote: Tijnema ! wrote: Give your server a unique ID, and add that to your check string lets say so you store in your cookie the username and the check string. example $user = tijnema; $server_unique_key = w#$#%#54dfa4vf4w5$2!@@$w#$%23%25%2354dfa4vf4w5$2!@@$ ; $check_string = md5($server_unique_key.$user.$server_unqie_key); and check that each time the user does an action. How, exactly, is that any more secure than a standard session identifier? While it's good to worry about security, adding pointless activity such as this to every request is not going to help. Anything you do is going to involve some piece of data being transferred from client to server, and can therefore be faked/shared by the client. Get over it. -Stut It is ofcourse possible to share it to another client, but when combining this with the IP address. This means it can only be used in the same LAN. To get to the point, using this means you cannot simply fake the username in the cookie, which is possible else. session identifiers can be faked too. As I said in another email, you *cannot* use the IP address for any verification without causing usability issues. It is perfectly legitimate for sequential requests from any given user to come from different IP addresses. The biggest user of systems like this is AOL, and that's a fairly large user base you may want to avoid annoying by insisting that they login for every other request. In short, this issue has been discussed to death, not only by the PHP community but also by the web community at large. If you're really paranoid, use SSL to secure all data transferred, but just accept that it's possible that a session may be hijacked. However, unless you're a bank, is anyone really going to bother? -Stut On 3/4/07, Alain Roger [EMAIL PROTECTED] wrote: Ok, but i would be very glad to know how can i REALLY authenticate the user. for example, user is logged, so i have in the cookie his login name. how can i be sure that it's the same user and not some hacker who hacked the cookie and the session ? what should be checked and where those data should be stored ? because i can store in DB the sessionID, and check it to every DB request user does...but a sessionID can be easily fake. So what should I do ? Al. On 3/4/07, Tijnema ! [EMAIL PROTECTED] wrote: On 3/4/07, Stut [EMAIL PROTECTED] wrote: Alain Roger wrote: I would like to implement a module access rights in my web application. Basically after authentication and authorization. Logged user has a particular profile which allow him to have access to some part of the web application. after reading the security guide from *php*sec.org webpage, i'm confused regarding how to store user login and password. I mean the encrypted password stored in database is compared to encrypted password that user type. But where to store login and password once user is logged ? when i read the security guide it seems that it is not secured enough to store them in cookies or in sessions data... both can be hacked... So what is the best solution ? i will use those stored data to check if logged user can have access to a particular part of the web application. What is your point of view in such domain ? Ok, once the user has logged in there is no need to store the password. Simply store the username or other user details (but not the password) in the session - that's as secure as it's gonna get. *Never* store a password in a cookie. *Ever*. -Stut That's right, never store a password in a cookie or session, maybe a little extra security could be added by locking the cookie to a IP address, but even more secure isn't possible. Tijnema -- PHP General Mailing List (http://www.php.net/ ) To unsubscribe, visit: http://www.php.net/unsub.php -- Alain Windows XP SP2 PostgreSQL 8.1.4 Apache 2.0.58 PHP 5 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Getting bool(false) when using unserialize
Way am I getting Error at offset 499 of 497 bytes bool(false) when I run
this script below according to the manual this should work';?
$testdata=a:17:{s:11:\event_start\;s:4:\2230\;s:9:\event_end\;s:4:\2
300\;s:14:\start_unixtime\;i:1173076200;s:12:\end_unixtime\;i:117307800
0;s:10:\event_text\;s:37:\Call+NANCYADKINS+-+%28276%29+681-6548\;s:12:\
event_length\;i:1800;s:13:\event_overlap\;i:0;s:11:\description\;s:17:\
This+is+test+Data\;s:6:\status\;s:0:\\;s:5:\class\;s:7:\CONTACT\;s
:9:\spans_day\;b:0;s:8:\location\;s:0:\\;s:9:\organizer\;s:6:\a:0:{
}\;s:8:\attendee\;s:6:\a:0:{}\;s:9:\calnumber\;i:1;s:7:\calname\;s:
5:\admin\;s:3:\url\;s:0:\\;
$testdata= unserialize(stripslashes($testdata));
var_dump($testdata);
?
Re: [PHP] Holes in mysql primary key and other db issues...
On Sunday 04 March 2007 1:15 pm, Mike Shanley wrote:
Stut wrote:
I have a sidebar on my site that gets a few random articles from that
table, prints the titles, small blurbs, and a link. The link goes to
the main article. I get the random IDs outside of mysql because I've
made it more likely for newer articles to be chosen than older
ones... This, accomplished via ID, because it's much easier to SELECT
count(*) and slant my randomization to the last 25% of ID numbers
than any other way I can think of...
Of course, this means that having holes results in empty sidebar
boxes... And that's not too good lookin...
How are you selecting random entries? A common way to do this is to
use the MySQL rand() function, but that is exceedingly slow.
I would suggest that you get a list of (or a subset of) the IDs in the
table, use PHP to randomly select however many you need and then get
the full data for those. You can't rely on the IDs, and the work
involved in resetting all the IDs such that they're sequential without
gaps is not worth it.
I use mt_rand(0,$max_rows) to get each of my values and send the call.
Getting an array of IDs sounds alright for now, but also sounds like it
gets increasingly slower and the table is expanded. I'll give it a try
though.
As Stut said, holes in the sequence are not a problem, they're a
feature. :-) They are guaranteed only to be a unique id. You have no other
guarantee about them, including the order in which they exist in the
database. It is perfectly legal in SQL to add 5 records in order to a table,
get an auto_increment added for each, then select the whole table and get
them in a non-numeric order unless you explicitly order them. The ID is for
reference purposes only, not for ordering or anything else.
What I've done in the past for selecting three random items from the last 10
(which sounds close to what you're doing) is something like this:
$result = mysql_query(SELECT * FROM foo ORDER BY timefield DESC LIMIT 10);
$records = array();
while ($record = mysql_fetch_object($result)) {
$records[] = $record;
}
array_shuffle($records);
for ($i=0; $i 3; ++$i) {
$use[] = $records[$i];
}
Now you have an array, $use, that is 3 random entries from the last 10,
ordered by a time field. The unique ID is irrelevant to that, as it should
be.
--
Larry Garfield AIM: LOLG42
[EMAIL PROTECTED] ICQ: 6817012
If nature has made any one thing less susceptible than all others of
exclusive property, it is the action of the thinking power called an idea,
which an individual may exclusively possess as long as he keeps it to
himself; but the moment it is divulged, it forces itself into the possession
of every one, and the receiver cannot dispossess himself of it. -- Thomas
Jefferson
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: TabPage like in Java or Windows
Alain Roger wrote: I attached a screenshot to this post in order to illustrate what i'm looking for. Your image was scrubbed. Can you post a link to it? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: [PHP-DB] array field type
On Sunday 04 March 2007 23:04, Sancar Saran wrote: Hi, I want to know is there any db server around there for store php arrays natively. Regards Sancar Thanks for responses, it seems I have to give more info about situation. In my current project, we had tons of arrays. They are very deep and unpredictable nested arrays. Currently we are using serialize/unserialize and it seems it comes with own cpu cost. Xdebug shows some serializing cost blips. Sure it was not SO BIG deal (for now of course). My db expertise covers a bit mysql and mysql does not have any array type field (enum just so simple). I just want to know is there any way to keep array data type natively in a sql field. Regards. Sancar -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: upload file
$permissable_MINE_types= array( //*** file upload parms
'image/png' = 'png',
'image/gif' = 'gif',
'image/jpeg'= 'jpg',
'image/pjpeg' = 'jpg',
'application/pdf' = 'pdf',
);
$upload_parms['permis_types']= $permissable_MINE_types;
$uptype= $_FILES['userfile']['type'];
if(!array_key_exists($uptype, $upload_parms['permis_types'])) {
$report .=
p style=\color:red\Uploaded file wrong file type, is $uptype./p\n;
$error = TRUE;
}
Alain Roger wrote:
Hi,
I would like in fact to make more precise my previous post.
I would like in fact to restrict the file extension (and therefore the user
possibility).
My user should be able only to upload files with extension JPEG, BMP, GIF.
How can i set those parameter ?
thx.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Getting bool(false) when using unserialize
stripslashes before serializing; not afterwards.
Richard Kurth wrote:
Way am I getting Error at offset 499 of 497 bytes bool(false) when I run
this script below according to the manual this should work';?
$testdata=a:17:{s:11:\event_start\;s:4:\2230\;s:9:\event_end\;s:4:\2
300\;s:14:\start_unixtime\;i:1173076200;s:12:\end_unixtime\;i:117307800
0;s:10:\event_text\;s:37:\Call+NANCYADKINS+-+%28276%29+681-6548\;s:12:\
event_length\;i:1800;s:13:\event_overlap\;i:0;s:11:\description\;s:17:\
This+is+test+Data\;s:6:\status\;s:0:\\;s:5:\class\;s:7:\CONTACT\;s
:9:\spans_day\;b:0;s:8:\location\;s:0:\\;s:9:\organizer\;s:6:\a:0:{
}\;s:8:\attendee\;s:6:\a:0:{}\;s:9:\calnumber\;i:1;s:7:\calname\;s:
5:\admin\;s:3:\url\;s:0:\\;
$testdata= unserialize(stripslashes($testdata));
var_dump($testdata);
?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: [PHP-DB] array field type
An array is a multi-value field. The standard way to do that in SQL is with a dependent table, something like this: foo(fid, field_a, field_b, field_c); foo_d(fid, value); Or possibly: food_d(fid, delta, value); where delta is essentially an array offset if you want to maintain ordering. I don't know of a clean way to then load that data in all one query. Each dependent table then becomes another simple query, and you link the data up in a PHP data structure of some sort. Modifying the array can then get expensive as well. If you don't have a delta, then a delete/insert cycle to change the values is generally the easiest solution. If you do have a delta, then you may be able to individually identify and delete/update values in the array by fid and delta as the primary key. On Sunday 04 March 2007 4:15 pm, Sancar Saran wrote: On Sunday 04 March 2007 23:04, Sancar Saran wrote: Hi, I want to know is there any db server around there for store php arrays natively. Regards Sancar Thanks for responses, it seems I have to give more info about situation. In my current project, we had tons of arrays. They are very deep and unpredictable nested arrays. Currently we are using serialize/unserialize and it seems it comes with own cpu cost. Xdebug shows some serializing cost blips. Sure it was not SO BIG deal (for now of course). My db expertise covers a bit mysql and mysql does not have any array type field (enum just so simple). I just want to know is there any way to keep array data type natively in a sql field. Regards. Sancar -- Larry Garfield AIM: LOLG42 [EMAIL PROTECTED] ICQ: 6817012 If nature has made any one thing less susceptible than all others of exclusive property, it is the action of the thinking power called an idea, which an individual may exclusively possess as long as he keeps it to himself; but the moment it is divulged, it forces itself into the possession of every one, and the receiver cannot dispossess himself of it. -- Thomas Jefferson -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: Getting bool(false) when using unserialize
This gets the same error
$testdata=stripslashes($testdata);
$testdata= unserialize($testdata);
var_dump($testdata);
And I can't stripslashes before serializing because I don't have control of
the script that sends the data
-Original Message-
From: Al [mailto:[EMAIL PROTECTED]
Sent: Sunday, March 04, 2007 2:20 PM
To: php-general@lists.php.net
Subject: [PHP] Re: Getting bool(false) when using unserialize
stripslashes before serializing; not afterwards.
Richard Kurth wrote:
Way am I getting Error at offset 499 of 497 bytes bool(false) when I
run this script below according to the manual this should work';?
$testdata=a:17:{s:11:\event_start\;s:4:\2230\;s:9:\event_end\;s
:4:\2
300\;s:14:\start_unixtime\;i:1173076200;s:12:\end_unixtime\;i:117
307800
0;s:10:\event_text\;s:37:\Call+NANCYADKINS+-+%28276%29+681-6548\;s:12:\
event_length\;i:1800;s:13:\event_overlap\;i:0;s:11:\description\;
s:17:\
This+is+test+Data\;s:6:\status\;s:0:\\;s:5:\class\;s:7:\CONTA
CT\;s
:9:\spans_day\;b:0;s:8:\location\;s:0:\\;s:9:\organizer\;s:6:\
a:0:{
}\;s:8:\attendee\;s:6:\a:0:{}\;s:9:\calnumber\;i:1;s:7:\calname\;s:
5:\admin\;s:3:\url\;s:0:\\;
$testdata= unserialize(stripslashes($testdata));
var_dump($testdata);
?
--
PHP General Mailing List (http://www.php.net/) To unsubscribe, visit:
http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: [PHP-DB] array field type
Not a single field, but there's several methods of storing trees of
information, which is what an array is. Here's one:
Nested Array storage table:
ArrayID (int, autonumber)
keyname (text)
parent (int)
data (bigtext or whatever would be appropriate for the data you're storing)
For an array like this:
array('one'=1, 'two'=array('three'=3, 'four'=4))
the table would store these rows:
1, 'one', 0, 1
2, 'two', 0, 2
3, 'three', 2, 3
4, 'four', 2, 4
You can use a recursive function to restore the array, unless you
require the granular functionality this type of process would give you
such as sorting and filtering and statistics gathering.
-Micah
However, I think in the long run, you'd be better off serializing the data.
-Micah
On 03/04/2007 02:15 PM, Sancar Saran wrote:
On Sunday 04 March 2007 23:04, Sancar Saran wrote:
Hi,
I want to know is there any db server around there for store php arrays
natively.
Regards
Sancar
Thanks for responses, it seems I have to give more info about situation.
In my current project, we had tons of arrays. They are very deep and
unpredictable nested arrays.
Currently we are using serialize/unserialize and it seems it comes with own
cpu cost. Xdebug shows some serializing cost blips. Sure it was not SO BIG
deal (for now of course).
My db expertise covers a bit mysql and mysql does not have any array type
field (enum just so simple).
I just want to know is there any way to keep array data type natively in a sql
field.
Regards.
Sancar
Re: [PHP] file open dialog box
Alain Roger wrote: Hi, I would like to have an Open file dialog box in my PHP page like it exist on Microsoft Windows. This dialog box should allow user to select a file from his computer. Is there something like that in PHP ? Showing that box isn't php related, but this page has a tutorial about how to upload files through your browser manipulate them in php: http://www.tizag.com/phpT/fileupload.php -- Postgresql php tutorials http://www.designmagick.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Getting bool(false) when using unserialize
Do this:
$sstr= base64_encode(serialize($foo));
$return= unserialize(base64_decode($sst));
Richard Kurth wrote:
This gets the same error
$testdata=stripslashes($testdata);
$testdata= unserialize($testdata);
var_dump($testdata);
And I can't stripslashes before serializing because I don't have control of
the script that sends the data
-Original Message-
From: Al [mailto:[EMAIL PROTECTED]
Sent: Sunday, March 04, 2007 2:20 PM
To: php-general@lists.php.net
Subject: [PHP] Re: Getting bool(false) when using unserialize
stripslashes before serializing; not afterwards.
Richard Kurth wrote:
Way am I getting Error at offset 499 of 497 bytes bool(false) when I
run this script below according to the manual this should work';?
$testdata=a:17:{s:11:\event_start\;s:4:\2230\;s:9:\event_end\;s
:4:\2
300\;s:14:\start_unixtime\;i:1173076200;s:12:\end_unixtime\;i:117
307800
0;s:10:\event_text\;s:37:\Call+NANCYADKINS+-+%28276%29+681-6548\;s:12:\
event_length\;i:1800;s:13:\event_overlap\;i:0;s:11:\description\;
s:17:\
This+is+test+Data\;s:6:\status\;s:0:\\;s:5:\class\;s:7:\CONTA
CT\;s
:9:\spans_day\;b:0;s:8:\location\;s:0:\\;s:9:\organizer\;s:6:\
a:0:{
}\;s:8:\attendee\;s:6:\a:0:{}\;s:9:\calnumber\;i:1;s:7:\calname\;s:
5:\admin\;s:3:\url\;s:0:\\;
$testdata= unserialize(stripslashes($testdata));
var_dump($testdata);
?
--
PHP General Mailing List (http://www.php.net/) To unsubscribe, visit:
http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: PHP running as CGI? How to set x.php as index page?
Joker7 wrote: I would suggest you change host as this one seem very restrictive or ask your host to edit the .htaccess file for you ;( Hi Chris, thanks for the reply. :) Yeah, I actually talked to client today, and they are fed-up with host too... sounds like they want to make a switch asap. On top of being too developmentally restrictive, they are also very expensive. Thanks for help -- have a great day/night. Cheers, Micky -- Wishlist: http://snipurl.com/vrs9 Switch: http://browsehappy.com/ BCC?: http://snipurl.com/w6f8 My: http://del.icio.us/mhulse -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: PHP running as CGI? How to set x.php as index page?
Hi Mike, thanks for the help, I really appreciate your time. :)
Michael Weaver wrote:
It's not a PHP trick, but it should work for you, even with restrictions.
Definitely a good option. Actually, that is close to what I am doing now:
?php
#header(Refresh: 0; URL=http://www.domain.com/start.php?page=home;);
/* Old technique. */
require('http://www.domain.com/start.php?page=home'); /* Current
technique. */
?
I chose to use require() for SEO purposes... I think Google tends to
frown upon header redirects and/or refreshes... but require() has become
slightly problematic for other reasons... I think the bottom line is
that this host sucks... need to make a switch. :D
Thanks for the tip, I greatly appreciate your help.
Cheers,
Micky
--
Wishlist: http://snipurl.com/vrs9
Switch: http://browsehappy.com/
BCC?: http://snipurl.com/w6f8
My: http://del.icio.us/mhulse
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Site Hacking Tools Revealed
Hi, I'm not able to open any of these files, because my NAV detects them as PHP Backdoor Trojans. So they look nice, but they are detected by my AV (and probably other AV programs too) I'm not going to test these scripts, but i think it does show how many harm a PHP script can do. Do these scripts work on Linux Windows? On 3/5/07, Wolf [EMAIL PROTECTED] wrote: Folks, I have been busy with life over the last number of months and have finally been able to sit down and take the time to construct a site to house the scripts that people have used to try to take down my server. The following URL links to the majority of the hack tools that have been tried. They are set to display their source only, a couple of them do not display their Source, but I am sure that if you look on the web for them as they are named on the link, that you will find what you seek. http://ambiguous.dnsalias.net/ Wolf -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Password Protect Directory
Well, you could try to edit each PHP file and add a piece of login code at top, but if the directory will also contain images (which need a password to access), it would not be possible that way. Tijnema On 3/4/07, Jason Karns [EMAIL PROTECTED] wrote: I'm trying to find a way to password protect a directory. I currently have an authentication and authorization system in place for pages in my directory. I'd prefer to use my existing system somehow (as it includes OpenID authentication) as opposed to using htaccess and HTTP Auth. The only idea of found is to use mod_rewrite to have a PHP script serve up all the files in the particular directory and have the authentication handled in this script. This just seems a little 'hackish' to me. Is there any other way to password protect a directory with PHP? I'd even entertain the idea of using HTTP Auth if I could get PHP to 'login'. For instance, the user logs in at another page in the site, and then during the login process, PHP sets the HTTP Auth password so when the files in the directory are accessed, the user has already been logged in. Any suggestions would be great, I can't find anything else online.
