Re: [PHP] Foreach

[mike]

On 1/18/08, Andrés Robinet <[EMAIL PROTECTED]> wrote:
> Please, don't get me wrong, I'm just curious, how does the server know when
> the browser is closed? Do you use javascript (AJAX) or something to notify
> the server?

it's a browser thing, not a server thing. the browser will "forget"
the session cookie when it's closed.

the server doesn't care either way. afaik... which sucks, because i do
my own session gc based on the last accessed time of the session row
in the database*. if the session is removed before the browser is
closed, a new one will be started as far as i know; even if the
browser thinks it should still have the first normal "session cookie"
it will be given a new one. so i typically rely on sessions "only so
much"

* i use my own mysql-based session handler since i am using multiple webservers

[PHP] Re: Expand variable in comparison

[Marcus]

Andrés Robinet wrote:

-Original Message-
From: news [mailto:[EMAIL PROTECTED] On Behalf Of Marcus
Sent: Friday, January 18, 2008 9:56 PM
To: php-general@lists.php.net
Subject: [PHP] Re: Expand variable in comparison

Andrés Robinet wrote:

-Original Message-
From: news [mailto:[EMAIL PROTECTED] On Behalf Of Marcus
Sent: Friday, January 18, 2008 4:51 PM
To: php-general@lists.php.net
Subject: [PHP] Expand variable in comparison

Hi!


Is there any way to get the following snippet returning a true?


...
$this->var = ?
if ($this->var == $preDefinedStringToTestWith)
 return true;
else
 false;



The problem:
I don't know, what $preDefinedStringToTestWith is!
$this->var can be set to any string.

I tried
$this->var = "${preDefinedStringToTestWith}"
but this doesn't get expanded.


Uh! Shouldn't it work?

$this->var = $preDefinedStringToTestWith

For certain reason $this->var can only be set to a string and not to a
variable!

Any suggestions?


I don't understand what you are trying to do, 


I do only have control over the content of this variable itself (Comes from 
$_REQUEST) - not over the code.





but maybe you are trying to achieve something like:

var = "theVariableName"; // Hold variable name
$theVariableName = "whatever you want";
if (${$this->var} == $theVariableName)
  echo ${$this->var}." is equal to ".$theVariableName;
else
  echo "bad dog! stop it!";
}
}

new Test();
?>


Nearly, but I can only alter the content of $var itself!
I cannot change the comparison.
Comparison is always
if ($this->var == $preDefinedStringToTestWith)

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Foreach

[Andrés Robinet]

> -Original Message-
> From: Eric Butera [mailto:[EMAIL PROTECTED]
> Sent: Friday, January 18, 2008 11:21 PM
> To: mike
> Cc: PHP eMail List
> Subject: Re: [PHP] Foreach
> 
> On Jan 18, 2008 5:06 PM, mike <[EMAIL PROTECTED]> wrote:
> > On 1/18/08, Eric Butera <[EMAIL PROTECTED]> wrote:
> >
> > > Nonetheless as I keep re-iterating, people will copy and paste this
> > > stuff as is because they don't know better.  It is the
> responsibility
> > > of people writing the answers to make sure their code is validated
> and
> > > as "secure" as possible unless there is some glaringly obvious
> comment
> > > saying {get your data here} with a link to how to validate it
> > > properly.
> >
> > I agree. Everyone should be pushing for the best code possible
> here...
> >
> > > Using session based form tokens is a better approach to make sure
> the
> > > post came from within your application.
> >
> > Except if your sessions timeout while the user is filling out the
> > form. I have a forum and sometimes people spend a LOT of time
> > composing messages (copy/pasting replies to reply to them, etc) and
> if
> > it's session-based, their session may timeout (depending on how it's
> > configured) before they hit submit, resulting in a total loss of
> data.
> > Unless the application understands to restart a session, but then
> > what's the point of the token...
> >
> > I have non-user-specific tokens issued every request (with an expiry
> > of 24 hours) per form so it can only be submitted once. It's worked
> > pretty well, but as with everything there are a couple ways around
> it,
> > but it would take some work to do that.
> >
> 
> That is a good point to consider.  On our servers we have the session
> timeout set to when the browser is closed so I forget sometimes people
> put actual time limits on them.
> 
> --

Please, don't get me wrong, I'm just curious, how does the server know when
the browser is closed? Do you use javascript (AJAX) or something to notify
the server?
As far as I remember, sessions are:

1 - A cookie (or a GET/POST parameter that gets passed by from page to page)
2 - A session file

So when the user closes the browser and opens it up again, a new cookie will
be generated by the server if it didn't get one in the request (and a new
session file will be created as well), but that doesn't delete the old
session file. I mean, isn't it supposed to be a garbage collection feature
in any session implementation (that is what the session timeout is for,
isn't it)? Or is it just that I'm missing something?

Regards,

Rob

PS. Yes, I know you can have persistent cookies, and you can store session
data in there. But the data length has a limit of some KB AFAIK, and you'd
have to encrypt/decrypt sensitive information.


Andrés Robinet | Lead Developer | BESTPLACE CORPORATION
5100 Bayview Drive 206, Royal Lauderdale Landings, Fort Lauderdale, FL 33308
| TEL 954-607-4207 | FAX 954-337-2695
Email: [EMAIL PROTECTED]  | MSN Chat: [EMAIL PROTECTED]  |  SKYPE:
bestplace |  Web: http://www.bestplace.biz | Web: http://www.seo-diy.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Posting Summary for Week Ending 18 January, 2008: php-general@lists.php.net

[Eric Butera]

On Jan 18, 2008 4:52 PM, Jim Lucas <[EMAIL PROTECTED]> wrote:
> PostTrack [Dan Brown] wrote:
> >   514 (100%) 975244 (100%)  EVERYONE
> >   69(13.4%)  92431(9.5%)  "Richard Lynch" <[EMAIL 
> > PROTECTED]>
> >   9(1.8%)  22245(2.3%)  Wolf <[EMAIL PROTECTED]>
> >   5(1%)  8497(0.9%)  "Andrew Ballard" <[EMAIL 
> > PROTECTED]>
> >   4(0.8%)  6000(0.6%)  Pastor Steve <[EMAIL PROTECTED]>
> >   2(0.4%)  201342(20.6%)  Improve Your Life 
> > Style<[EMAIL PROTECTED]>
>
> I need more str_pad()  :)
>
> --
> Jim Lucas
>
> "Some men are born to greatness, some achieve greatness,
> and some have greatness thrust upon them."
>
> Twelfth Night, Act II, Scene V
>  by William Shakespeare
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Check out this blog post:
http://www.tagarga.com/blok/on/070116

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Posting Summary for Week Ending 18 January, 2008: php-general@lists.php.net

[Nathan Nobbe]

On Jan 18, 2008 7:40 PM, Jim Lucas <[EMAIL PROTECTED]> wrote:

> Plus, what about a tool/site that would allow me to view a graph of the
> entire of the list/archive?  A graph including, but not limited to
> post/person post/email address   posts/day  posts/country  etc...
>
> Thanks
>
> --
> Jim Lucas
>

i dont know where youll find all those metrics; but if you google
php-general archives
you will find several sites that track the list.  the first one, MARC,
looks pretty solid; it goes back to '98.

-nathan

Re: [PHP] Foreach

[Eric Butera]

On Jan 18, 2008 5:06 PM, mike <[EMAIL PROTECTED]> wrote:
> On 1/18/08, Eric Butera <[EMAIL PROTECTED]> wrote:
>
> > Nonetheless as I keep re-iterating, people will copy and paste this
> > stuff as is because they don't know better.  It is the responsibility
> > of people writing the answers to make sure their code is validated and
> > as "secure" as possible unless there is some glaringly obvious comment
> > saying {get your data here} with a link to how to validate it
> > properly.
>
> I agree. Everyone should be pushing for the best code possible here...
>
> > Using session based form tokens is a better approach to make sure the
> > post came from within your application.
>
> Except if your sessions timeout while the user is filling out the
> form. I have a forum and sometimes people spend a LOT of time
> composing messages (copy/pasting replies to reply to them, etc) and if
> it's session-based, their session may timeout (depending on how it's
> configured) before they hit submit, resulting in a total loss of data.
> Unless the application understands to restart a session, but then
> what's the point of the token...
>
> I have non-user-specific tokens issued every request (with an expiry
> of 24 hours) per form so it can only be submitted once. It's worked
> pretty well, but as with everything there are a couple ways around it,
> but it would take some work to do that.
>

That is a good point to consider.  On our servers we have the session
timeout set to when the browser is closed so I forget sometimes people
put actual time limits on them.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Re: Expand variable in comparison

[Andrés Robinet]

> -Original Message-
> From: news [mailto:[EMAIL PROTECTED] On Behalf Of Marcus
> Sent: Friday, January 18, 2008 9:56 PM
> To: php-general@lists.php.net
> Subject: [PHP] Re: Expand variable in comparison
> 
> Andrés Robinet wrote:
> >> -Original Message-
> >> From: news [mailto:[EMAIL PROTECTED] On Behalf Of Marcus
> >> Sent: Friday, January 18, 2008 4:51 PM
> >> To: php-general@lists.php.net
> >> Subject: [PHP] Expand variable in comparison
> >>
> >> Hi!
> >>
> >>
> >> Is there any way to get the following snippet returning a true?
> >>
> >>
> >> ...
> >> $this->var = ?
> >> if ($this->var == $preDefinedStringToTestWith)
> >>  return true;
> >> else
> >>  false;
> >>
> >>
> >>
> >> The problem:
> >> I don't know, what $preDefinedStringToTestWith is!
> >> $this->var can be set to any string.
> >>
> >> I tried
> >> $this->var = "${preDefinedStringToTestWith}"
> >> but this doesn't get expanded.
> >>
> >
> > Uh! Shouldn't it work?
> >
> > $this->var = $preDefinedStringToTestWith
> 
> For certain reason $this->var can only be set to a string and not to a
> variable!
> 
> Any suggestions?

I don't understand what you are trying to do, but maybe you are trying to
achieve something like:

var = "theVariableName"; // Hold variable name
$theVariableName = "whatever you want";
if (${$this->var} == $theVariableName)
  echo ${$this->var}." is equal to ".$theVariableName;
else
  echo "bad dog! stop it!";
}
}

new Test();
?>



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: Expand variable in comparison

[Marcus]

Andrés Robinet wrote:

-Original Message-
From: news [mailto:[EMAIL PROTECTED] On Behalf Of Marcus
Sent: Friday, January 18, 2008 4:51 PM
To: php-general@lists.php.net
Subject: [PHP] Expand variable in comparison

Hi!


Is there any way to get the following snippet returning a true?


...
$this->var = ?
if ($this->var == $preDefinedStringToTestWith)
 return true;
else
 false;



The problem:
I don't know, what $preDefinedStringToTestWith is!
$this->var can be set to any string.

I tried
$this->var = "${preDefinedStringToTestWith}"
but this doesn't get expanded.



Uh! Shouldn't it work?

$this->var = $preDefinedStringToTestWith


For certain reason $this->var can only be set to a string and not to a variable!

Any suggestions?

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Posting Summary for Week Ending 18 January, 2008: php-general@lists.php.net

[Jim Lucas]

Daniel Brown wrote:

On Jan 18, 2008 4:52 PM, Jim Lucas <[EMAIL PROTECTED]> wrote:

PostTrack [Dan Brown] wrote:

  514 (100%) 975244 (100%)  EVERYONE
  69(13.4%)  92431(9.5%)  "Richard Lynch" <[EMAIL 
PROTECTED]>
  9(1.8%)  22245(2.3%)  Wolf <[EMAIL PROTECTED]>
  5(1%)  8497(0.9%)  "Andrew Ballard" <[EMAIL PROTECTED]>
  4(0.8%)  6000(0.6%)  Pastor Steve <[EMAIL PROTECTED]>
  2(0.4%)  201342(20.6%)  Improve Your Life Style<[EMAIL 
PROTECTED]>

I need more str_pad()  :)


It's easier to give more cowbell.  ;-P

I actually thought the first comment on this would be how Richard
came out this afternoon at about 3:30p and started replying to every
thread.  The guy has fingers that are faster than most people blink, I
swear it!  His keyboard must smoke, sizzle, and pop at the end of the
day.



Does anybody know of a site/tool that will allow me to search the entire 
archive of the mailing list.  I can't seem to find a search tool on the 
php.net site.


Plus, what about a tool/site that would allow me to view a graph of the 
entire of the list/archive?  A graph including, but not limited to 
post/person post/email address   posts/day  posts/country  etc...


Thanks

--
Jim Lucas

   "Some men are born to greatness, some achieve greatness,
   and some have greatness thrust upon them."

Twelfth Night, Act II, Scene V
by William Shakespeare

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: Bad company This Weekend!

[Colin Guthrie]

Richard Lynch wrote:
> On Fri, January 18, 2008 11:15 am, Colin Guthrie wrote:
>> Maximus Entertainment wrote:
>>>   _Bad Company – This Saturday Night in Milwaukee, WI_
>> Great. That's super relevant for 99.9% of this mailing list.
>>
>> Anyone near Milwaukee should go along and punch one of the
>> promoters :D
> 
> Aw, come on...
> 
> Could be they just slipped in their "To" autofill choice...

Yeah you're right... just give them a bad Chinese burn or a nipple
gripple then :p

Col

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Question About Blocking Email Addresses in Forms

[Andrés Robinet]

> -Original Message-
> From: Andrew Ballard [mailto:[EMAIL PROTECTED]
> Sent: Friday, January 18, 2008 6:10 PM
> To: PHP General list
> Subject: Re: [PHP] Question About Blocking Email Addresses in Forms
> 
> On Jan 18, 2008 10:18 AM, Richard Heyes <[EMAIL PROTECTED]> wrote:
> > > I am wondering if there is a way to block out email addresses in
> specific
> > > format from a form?  We ahve a form that people have to enter an
> email
> > > address, and the form has been getting used by bots to send spam to
> a
> > > listserv.  The email address they enter is in this type of format
> > > [EMAIL PROTECTED], and of course it is always just a bit
> different every
> > > time.  Any help is greatly appreciated.
> >
> > Could add a CAPTCHA image ("Type the letters in the image...") to
> your
> > form. It eliminated comment junk when I added one to my website.
> >
> 
> Depending on what it is for, make sure if you use CAPTCHA that you
> provide an accessible alternative, as I'm sure NU would hate to run
> afoul of the ADA.
> 
> Andrew
> 

It depends on your target, that's for sure. I made up a list of things you can 
do when you are this kind of trouble. It's a small summary. I think you can't 
live without 1 and 2 most of the time, and specially for contact forms (you are 
free to disagree):

1 - Simple CAPTCHA (audio support if it's difficult for people with visual 
disease - if you target them as well)

2 - Email validation REGEX (well, validation to all extents, not only email)

3 - Some/All of the hidden fields techniques (to prevent automated bots not 
launched directly to you, but scanning the whole web - which are usually the 
most powerful and nasty ones)

4 - PHP IP/Session blacklisting (for example, fail the captcha 3 times and you 
have to wait 10 seconds)

5 - Some mod_security rules for when 1 and/or 2 fail. I don't like mod_security 
(you have to be careful on the ruleset to keep your server load low and avoid 
breaking some apps like phpMyAdmin), but sometimes you may need it (specially 
if you deal with code not written by you).

6 - mod_throttle or similar when it starts becoming more of a DOS/DDOS attack 
(anybody sharing experience on this?).

Regards,

Rob

Andrés Robinet | Lead Developer | BESTPLACE CORPORATION
5100 Bayview Drive 206, Royal Lauderdale Landings, Fort Lauderdale, FL 33308 | 
TEL 954-607-4207 | FAX 954-337-2695
Email: [EMAIL PROTECTED]  | MSN Chat: [EMAIL PROTECTED]  |  SKYPE: bestplace |  
Web: http://www.bestplace.biz | Web: http://www.seo-diy.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: system command runs application, but application doesn't work correctly

[Daniel Brown]

On Jan 18, 2008 5:49 PM, Apple <[EMAIL PROTECTED]> wrote:
> Daniel Brown  gmail.com> writes:
>
> >
> > On Jan 17, 2008 6:48 PM, Apple  gmail.com> wrote:
> > > Another strange thing is I run ImageMajick with system() in a lot
> of scripts on
> > > the same server and everything works fine.
> > >
> > > What is the problem? Do you have any idea?
> >
> > Does the UID (or at least GID) under which PHP is being executed
> > have permissions to write to the area you're trying to save the file?
> >
> > Similar to above, does it have the correct permissions to read the
> > incoming file?
> >
> > Have both $inputFile and $outputFile been properly defined?  Try
> > echo'ing them out just above the (commented-out) system() call line to
>
> > be sure.
> >
>
> Just want to add to my previous post.
>
> I wonder is it possible to run system() command, so mencoder will run as from
> root (user "500") and not PHP (user "43").
>
> Maybe that's the problem?

500 is generally the lowest non-privileged (non-system, user) UID
used on a *nix system.  Root would be UID: 0, and PHP, Apache, and all
other services should NEVER be configured to run as root.  Why PHP is
running with a UID of 43 I'm not certain, but it sounds as though it
may be running as the Apache user (apache, httpd, nobody, www, pscln,
daemon, etc.).  In either case, I'm still a little stumped (sorry!),
but wanted to definitely state that it SHOULD NOT EVER run as root.

-- 


Daniel P. Brown
Senior Unix Geek and #1 Rated "Year's Coolest Guy" By Self Since
Nineteen-Seventy-[mumble].

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Expand variable in comparison

[Andrés Robinet]

> -Original Message-
> From: news [mailto:[EMAIL PROTECTED] On Behalf Of Marcus
> Sent: Friday, January 18, 2008 4:51 PM
> To: php-general@lists.php.net
> Subject: [PHP] Expand variable in comparison
> 
> Hi!
> 
> 
> Is there any way to get the following snippet returning a true?
> 
> 
> ...
> $this->var = ?
> if ($this->var == $preDefinedStringToTestWith)
>  return true;
> else
>  false;
> 
> 
> 
> The problem:
> I don't know, what $preDefinedStringToTestWith is!
> $this->var can be set to any string.
> 
> I tried
> $this->var = "${preDefinedStringToTestWith}"
> but this doesn't get expanded.
> 
> 
> Thanks for your help,
> 
> Marcus.
> 
> --

Uh! Shouldn't it work?

$this->var = $preDefinedStringToTestWith

Rob

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Posting Summary for Week Ending 18 January, 2008: php-general@lists.php.net

[Andrés Robinet]

Hey, your script doesn't like me, is it that you need
quoted_printable_decode?

=?iso-8859-1?Q?Andr=E9s_Robinet?=

Rob
> -Original Message-
> From: Jay Blanchard [mailto:[EMAIL PROTECTED]
> Sent: Friday, January 18, 2008 7:38 PM
> To: PostTrack [Dan Brown]; php-general@lists.php.net
> Subject: RE: [PHP] Posting Summary for Week Ending 18 January, 2008:
> php-general@lists.php.net
> 
> Wow, I wasn't on the list. And I top posted. I really suck.
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of PostTrack [Dan
> Brown]
> Sent: Friday, January 18, 2008 3:01 PM
> To: php-general@lists.php.net
> Subject: [PHP] Posting Summary for Week Ending 18 January, 2008:
> php-general@lists.php.net
> 
> 
>   Posting Summary for PHP-General List
>   Week Ending: Friday, 18 January, 2008
> 
>   Messages| Bytes   | Sender
>   +-+--
>   514 (100%) 975244 (100%)  EVERYONE
>   69(13.4%)  92431(9.5%)  "Richard Lynch"
> <[EMAIL PROTECTED]>
>   46(8.9%)  78933(8.1%)  Jochem Maas
> <[EMAIL PROTECTED]>
>   29(5.6%)  48003(4.9%)  "Eric Butera"
> <[EMAIL PROTECTED]>
>   28(5.4%)  40764(4.2%)  "Nathan Nobbe"
> <[EMAIL PROTECTED]>
>   26(5.1%)  41149(4.2%)  "Daniel Brown"
> <[EMAIL PROTECTED]>
>   24(4.7%)  15837(1.6%)   Per Jessen
> <[EMAIL PROTECTED]>
>   19(3.7%)  40495(4.2%)  Manuel Lemos
> <[EMAIL PROTECTED]>
>   17(3.3%)  21478(2.2%)  Jim Lucas
> <[EMAIL PROTECTED]>
>   16(3.1%)  38021(3.9%)
> =?iso-8859-1?Q?Andr=E9s_Robinet?= <[EMAIL PROTECTED]>
>   14(2.7%)  10125(1%)  Richard Heyes
> <[EMAIL PROTECTED]>
>   11(2.1%)  14946(1.5%)  mike <[EMAIL PROTECTED]>
>   9(1.8%)  22245(2.3%)  Wolf <[EMAIL PROTECTED]>
>   9(1.8%)  11964(1.2%)  Europus
> <[EMAIL PROTECTED]>
>   7(1.4%)  9494(1%)  "Ken Kixmoeller -- reply to
> [EMAIL PROTECTED]" <[EMAIL PROTECTED]>
>   7(1.4%)  5637(0.6%)  Chris <[EMAIL PROTECTED]>
>   6(1.2%)  4881(0.5%)  Naz Gassiep <[EMAIL PROTECTED]>
>   5(1%)  8497(0.9%)  "Andrew Ballard"
> <[EMAIL PROTECTED]>
>   5(1%)  8705(0.9%)
> =?ISO-8859-1?Q?Zolt=E1n_N=E9meth?= <[EMAIL PROTECTED]>
>   5(1%)  4932(0.5%)  Sancar Saran
> <[EMAIL PROTECTED]>
>   5(1%)  6174(0.6%)   Colin Guthrie
> <[EMAIL PROTECTED]>
>   5(1%)  7854(0.8%)  Wang Chen
> <[EMAIL PROTECTED]>
>   5(1%)  5875(0.6%)  "Javier Huerta"
> <[EMAIL PROTECTED]>
>   4(0.8%)  6000(0.6%)  Pastor Steve
> <[EMAIL PROTECTED]>
>   4(0.8%)  2214(0.2%)  "Lucas Prado Melo"
> <[EMAIL PROTECTED]>
>   4(0.8%)  11675(1.2%)  "David Giragosian"
> <[EMAIL PROTECTED]>
>   4(0.8%)  25354(2.6%)   Apple
> <[EMAIL PROTECTED]>
>   4(0.8%)  3892(0.4%)  clive
> <[EMAIL PROTECTED]>
>   4(0.8%)  5407(0.6%)  Larry Garfield
> <[EMAIL PROTECTED]>
>   4(0.8%)  3479(0.4%)  "Carole E. Mah"
> <[EMAIL PROTECTED]>
>   4(0.8%)  3104(0.3%)  Adam Williams
> <[EMAIL PROTECTED]>
>   3(0.6%)  2552(0.3%)  tedd
> <[EMAIL PROTECTED]>
>   3(0.6%)  5341(0.5%)  Scott Wilcox
> <[EMAIL PROTECTED]>
>   3(0.6%)  3021(0.3%)  Max Antonov
> <[EMAIL PROTECTED]>
>   3(0.6%)  4873(0.5%)  Casey
> <[EMAIL PROTECTED]>
>   3(0.6%)  2819(0.3%)  "Tom Chubb"
> <[EMAIL PROTECTED]>
>   3(0.6%)  3728(0.4%)  "mathieu leddet"
> <[EMAIL PROTECTED]>
>   3(0.6%)  5052(0.5%)  "Sean-Michael"
> <[EMAIL PROTECTED]>
>   3(0.6%)  3182(0.3%)  "A.smith"
> <[EMAIL PROTECTED]>
>   3(0.6%)  3111(0.3%)  "Dotan Cohen"
> <[EMAIL PROTECTED]>
>   3(0.6%)  4201(0.4%)  Richard
> <[EMAIL PROTECTED]>
>   3(0.6%)  3449(0.4%)  "T.Lensselink"
> <[EMAIL PROTECTED]>
>   3(0.6%)  4133(0.4%)  julian
> <[EMAIL PROTECTED]>
>   2(0.4%)  2182(0.2%)  Paul Scott
> <[EMAIL PROTECTED]>
>   2(0.4%)  2793(0.3%)  "Janet N"
> <[EMAIL PROTECTED]>
>   2(0.4%)  11021(1.1%)  Jason Pruim
> <[EMAIL PROTECTED]>
>   2(0.4%)  1818(0.2%)  Pierre Pintaric
> <[EMAIL PROTECTED]>
>   2(0.4%)  2855(0.3%)  "Churchill, Craig"
> <[EMAIL PROTECTED]>
>   2(0.4%)  201342(20.6%)  Improve Your Life
> Style<[EMAIL PROTECTED]>
>   2(0.4%)  2542(0.3%)  Bastien Koert
> <[EMAIL PROTECTED]>
>   

[PHP] Re: system command runs application, but application doesn't work correctly

[Apple7777]

Daniel Brown  gmail.com> writes:

> 
> On Jan 17, 2008 6:48 PM, Apple  gmail.com> wrote:
> > Another strange thing is I run ImageMajick with system() in a lot 
of scripts on
> > the same server and everything works fine.
> >
> > What is the problem? Do you have any idea?
> 
> Does the UID (or at least GID) under which PHP is being executed
> have permissions to write to the area you're trying to save the file?
> 
> Similar to above, does it have the correct permissions to read the
> incoming file?
> 
> Have both $inputFile and $outputFile been properly defined?  Try
> echo'ing them out just above the (commented-out) system() call line to

> be sure.
> 

Just want to add to my previous post.

I wonder is it possible to run system() command, so mencoder will run as from
root (user "500") and not PHP (user "43").

Maybe that's the problem?

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Foreach

[mike]

On 1/18/08, Eric Butera <[EMAIL PROTECTED]> wrote:

> Nonetheless as I keep re-iterating, people will copy and paste this
> stuff as is because they don't know better.  It is the responsibility
> of people writing the answers to make sure their code is validated and
> as "secure" as possible unless there is some glaringly obvious comment
> saying {get your data here} with a link to how to validate it
> properly.

I agree. Everyone should be pushing for the best code possible here...

> Using session based form tokens is a better approach to make sure the
> post came from within your application.

Except if your sessions timeout while the user is filling out the
form. I have a forum and sometimes people spend a LOT of time
composing messages (copy/pasting replies to reply to them, etc) and if
it's session-based, their session may timeout (depending on how it's
configured) before they hit submit, resulting in a total loss of data.
Unless the application understands to restart a session, but then
what's the point of the token...

I have non-user-specific tokens issued every request (with an expiry
of 24 hours) per form so it can only be submitted once. It's worked
pretty well, but as with everything there are a couple ways around it,
but it would take some work to do that.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Posting Summary for Week Ending 18 January, 2008: php-general@lists.php.net

[Jay Blanchard]

Wow, I wasn't on the list. And I top posted. I really suck.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of PostTrack [Dan
Brown]
Sent: Friday, January 18, 2008 3:01 PM
To: php-general@lists.php.net
Subject: [PHP] Posting Summary for Week Ending 18 January, 2008:
php-general@lists.php.net


Posting Summary for PHP-General List
Week Ending: Friday, 18 January, 2008

Messages| Bytes   | Sender
+-+--
514 (100%) 975244 (100%)  EVERYONE
69(13.4%)  92431(9.5%)  "Richard Lynch"
<[EMAIL PROTECTED]>
46(8.9%)  78933(8.1%)  Jochem Maas
<[EMAIL PROTECTED]>
29(5.6%)  48003(4.9%)  "Eric Butera"
<[EMAIL PROTECTED]>
28(5.4%)  40764(4.2%)  "Nathan Nobbe"
<[EMAIL PROTECTED]>
26(5.1%)  41149(4.2%)  "Daniel Brown"
<[EMAIL PROTECTED]>
24(4.7%)  15837(1.6%)   Per Jessen
<[EMAIL PROTECTED]>
19(3.7%)  40495(4.2%)  Manuel Lemos
<[EMAIL PROTECTED]>
17(3.3%)  21478(2.2%)  Jim Lucas
<[EMAIL PROTECTED]>
16(3.1%)  38021(3.9%)
=?iso-8859-1?Q?Andr=E9s_Robinet?= <[EMAIL PROTECTED]>
14(2.7%)  10125(1%)  Richard Heyes
<[EMAIL PROTECTED]>
11(2.1%)  14946(1.5%)  mike <[EMAIL PROTECTED]>
9(1.8%)  22245(2.3%)  Wolf <[EMAIL PROTECTED]>
9(1.8%)  11964(1.2%)  Europus
<[EMAIL PROTECTED]>
7(1.4%)  9494(1%)  "Ken Kixmoeller -- reply to
[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
7(1.4%)  5637(0.6%)  Chris <[EMAIL PROTECTED]>
6(1.2%)  4881(0.5%)  Naz Gassiep <[EMAIL PROTECTED]>
5(1%)  8497(0.9%)  "Andrew Ballard"
<[EMAIL PROTECTED]>
5(1%)  8705(0.9%)
=?ISO-8859-1?Q?Zolt=E1n_N=E9meth?= <[EMAIL PROTECTED]>
5(1%)  4932(0.5%)  Sancar Saran
<[EMAIL PROTECTED]>
5(1%)  6174(0.6%)   Colin Guthrie
<[EMAIL PROTECTED]>
5(1%)  7854(0.8%)  Wang Chen
<[EMAIL PROTECTED]>
5(1%)  5875(0.6%)  "Javier Huerta"
<[EMAIL PROTECTED]>
4(0.8%)  6000(0.6%)  Pastor Steve
<[EMAIL PROTECTED]>
4(0.8%)  2214(0.2%)  "Lucas Prado Melo"
<[EMAIL PROTECTED]>
4(0.8%)  11675(1.2%)  "David Giragosian"
<[EMAIL PROTECTED]>
4(0.8%)  25354(2.6%)   Apple
<[EMAIL PROTECTED]>
4(0.8%)  3892(0.4%)  clive
<[EMAIL PROTECTED]>
4(0.8%)  5407(0.6%)  Larry Garfield
<[EMAIL PROTECTED]>
4(0.8%)  3479(0.4%)  "Carole E. Mah"
<[EMAIL PROTECTED]>
4(0.8%)  3104(0.3%)  Adam Williams
<[EMAIL PROTECTED]>
3(0.6%)  2552(0.3%)  tedd
<[EMAIL PROTECTED]>
3(0.6%)  5341(0.5%)  Scott Wilcox
<[EMAIL PROTECTED]>
3(0.6%)  3021(0.3%)  Max Antonov
<[EMAIL PROTECTED]>
3(0.6%)  4873(0.5%)  Casey
<[EMAIL PROTECTED]>
3(0.6%)  2819(0.3%)  "Tom Chubb"
<[EMAIL PROTECTED]>
3(0.6%)  3728(0.4%)  "mathieu leddet"
<[EMAIL PROTECTED]>
3(0.6%)  5052(0.5%)  "Sean-Michael"
<[EMAIL PROTECTED]>
3(0.6%)  3182(0.3%)  "A.smith"
<[EMAIL PROTECTED]>
3(0.6%)  3111(0.3%)  "Dotan Cohen"
<[EMAIL PROTECTED]>
3(0.6%)  4201(0.4%)  Richard
<[EMAIL PROTECTED]>
3(0.6%)  3449(0.4%)  "T.Lensselink"
<[EMAIL PROTECTED]>
3(0.6%)  4133(0.4%)  julian
<[EMAIL PROTECTED]>
2(0.4%)  2182(0.2%)  Paul Scott
<[EMAIL PROTECTED]>
2(0.4%)  2793(0.3%)  "Janet N"
<[EMAIL PROTECTED]>
2(0.4%)  11021(1.1%)  Jason Pruim
<[EMAIL PROTECTED]>
2(0.4%)  1818(0.2%)  Pierre Pintaric
<[EMAIL PROTECTED]>
2(0.4%)  2855(0.3%)  "Churchill, Craig"
<[EMAIL PROTECTED]>
2(0.4%)  201342(20.6%)  Improve Your Life
Style<[EMAIL PROTECTED]>
2(0.4%)  2542(0.3%)  Bastien Koert
<[EMAIL PROTECTED]>
2(0.4%)  1002(0.1%)  Silvio Porcellana
<[EMAIL PROTECTED]>
2(0.4%)  2947(0.3%)  Danny Brow
<[EMAIL PROTECTED]>
2(0.4%)  4571(0.5%)  Steve Edberg
<[EMAIL PROTECTED]>
2(0.4%)  3259(0.3%)  Chuck
<[EMAIL PROTECTED]>
2(0.4%)  4262(0.4%)  "Greg Donald"
<[EMAIL PROTECTED]>
2(0.4%)  3218(0.3%)  "GoWtHaM NaRiSiPaLli"
<[EMAIL PROTECTED]>
2(0.4%)  7045(0.7%)
=?UT

Re: [PHP] Posting Summary for Week Ending 18 January, 2008: php-general@lists.php.net

[Richard Lynch]

Let printf handle it for you. :-)

On Fri, January 18, 2008 3:52 pm, Jim Lucas wrote:
> PostTrack [Dan Brown] wrote:
>>  514 (100%) 975244 (100%)  EVERYONE
>>  69(13.4%)  92431(9.5%)  "Richard Lynch"
>> <[EMAIL PROTECTED]>
>>  9(1.8%)  22245(2.3%)  Wolf <[EMAIL PROTECTED]>
>>  5(1%)  8497(0.9%)  "Andrew Ballard"
>> <[EMAIL PROTECTED]>
>>  4(0.8%)  6000(0.6%)  Pastor Steve
>> <[EMAIL PROTECTED]>
>>  2(0.4%)  201342(20.6%)  Improve Your Life
>> Style<[EMAIL PROTECTED]>
>
> I need more str_pad()  :)
>
> --
> Jim Lucas
>
> "Some men are born to greatness, some achieve greatness,
> and some have greatness thrust upon them."
>
> Twelfth Night, Act II, Scene V
>  by William Shakespeare
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>


-- 
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/from/lynch
Yeah, I get a buck. So?

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Foreach

[Richard Lynch]

If you are trying to keep the names and orders in "parallel" you need
to do something not unlike:

while (list($key, $name) = each($names)){
  $order = $orders[$key];
  $query = "update whatever set order = $order where name = '$name'";
}

This completely ignores security and error checking in the name of
simplicity, which means it's missing about 20 more lines of code to
make it safe...

On Fri, January 18, 2008 10:17 am, Pastor Steve wrote:
> Yes, each variable is an array. foreach works individually with no
> problems.
> The problem I am having is getting both to update the table in MySQL.
> It
> will update  $i three times with no problem, however, it will only
> update $t
> with the last value in the array.
>
> Name is a checkbox and contains the name of the record from the db.
> Order is
> a select menu with a number. (which is the number drawn from the
> number of
> records in the db). I would like to see both values come across and
> update
> the table however many times necessary. Name would update the name and
> order
> would update order. Order is the order in which each record will
> appear on
> the page.
>
> I hope this makes more sense. I wish I knew more, and then I would be
> able
> to formulate my questions better. Thank you so much for your help.
>
> Steve M.
>
> on 1/17/08 10:07 PM David Giragosian ([EMAIL PROTECTED]) wrote:
>
>> On 1/17/08, mike <[EMAIL PROTECTED]> wrote:
>>> On 1/17/08, Nathan Nobbe < [EMAIL PROTECTED]
>>>  > wrote:
>>>
>  $name = $_POST['name'];
>  if ($name) {
>  foreach ($name as $t) {
>
>echo "$t";
>}
>>>
>$order = $_POST['order'];
>if ($order) {
>foreach ($order as $i) {
>>>

 there are a few different issues here; first of all; are you sure
 $_POST['name']
 and $_POST['order'] are even arrays?
>>>
>>> hint:
>>>
>>> if(isset($_POST['name']) && is_array($_POST['name']))
>>
>> Steve,
>>
>> // Do you have several html form elements such as > name="name[]"> in your html?
>> // Mike's suggestion...
>> if( isset( $_POST['name'] ) && is_array( $_POST['name'] ) ) {
>>
>> // you'll never get in here if you don't...
>> $name = $_POST['name'];
>>
>>// foreach expects an array, as Nathan states. Even if $name
>> is an
>> array, $t
>>// will hold only the last value in the array when the
>> foreach loop is
>> exited
>>// because $t is being overwritten with each iteration.
>>foreach ($name as $t) {
>>
>>echo "$t";
>>
>>} // end foreach ($name)
>>
>>$order = $_POST['order'];
>>
>>if ($order) {
>>
>>// see above about arrays and foreach
>>foreach ($order as $i) {
>>
>>   //Update the table in MySQL
>>
>>   $i = mysql_real_escape_string($i, $cnx); //
>> One of
>> Eric's suggestions
>>
>>   $update_data = "UPDATE sections SET `order` =
>> '$i' WHERE
>> name = '$t'";
>>
>>   $response = mysql_query( $update_data, $cnx );
>>
>>   if(mysql_error()) die ('database error'.
>> mysql_error());
>>
>>   echo "$i";
>>
>>} //end foreach ($order)
>>
>>}
>>
>> }
>>
>> Assuming both $_POST['name'] and $_POST['order'] are arrays, the way
>> your code
>> is now structured, the table `sections` will have the record(s)
>> where name
>> equals the last value in the $names array updated multiple times,
>> once for
>> each value in the $order array, but all you will see is that the
>> record(s)
>> will have the last value in the $order array.
>>
>> See if this makes any sense and then ask more questions.
>>
>> David
>>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>


-- 
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/from/lynch
Yeah, I get a buck. So?

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] A stupid question?

[Richard Lynch]

if (session_id()){
  //no session yet
}
else{
  //we have lift-off!
}

On Thu, January 17, 2008 8:54 pm, Shelley Shyan wrote:
> Hi all,
>
> Maybe this is a somehow stupid question.
>
> I want to know how php could know whether session_start() has been
> called, that is, whether session has been started.
>
> I Googled, but got little help.
>
> Thank you for help!
> Any tip is greatly appreciated.
>
> Regards,
> Shelley
>
>


-- 
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/from/lynch
Yeah, I get a buck. So?

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Looks like a bug with Smarty

[Richard Lynch]

You'll have to take this up with the Smarty folks, as it's very
smarty-specific, and not (PHP-)General at all...

On Fri, January 18, 2008 12:16 am, GoWtHaM NaRiSiPaLli wrote:
> Hi All,
>
> I using html_options smarty tag to output an associative array in
> select
> drop down.
> Here a sample associative array:
>
> array(5) {
>   ["CN-PEK-KEJ"]=>
>   array(1) {
> [198]=>
> string(7) "TechTst"
>   }
>   ["IE-DUB-GAS"]=>
>   array(2) {
> [177]=>
> string(10) "store room"
> [39]=>
> string(10) "TechStop 2"
>   }
>   ["UK-LON-BEL"]=>
>   array(1) {
> [88]=>
> string(16) "TechStop-LON-BEL"
>   }
>   ["IE-DUB-GOR"]=>
>   array(1) {
> [159]=>
> string(10) "TechStop 1"
>   }
>   ["US-NYC-9TH"]=>
>   array(1) {
> [194]=>
> string(12) "TestTechStop"
>   }
> }
>
>
> and the syntax I have used to output this was:
> {html_options name='locationId' options=$locations
> selected=$selectedLocation}
> where in I assign $selectedLocation with one of the options after
> selecting
> them.
>
> Even after everything being right, the option thats been selected is
> not set
> but it again goes back to show the first option after submit.
>
> Looks like either smarty misinterprets this selected option or is
> there
> something wrong from my end.
>
> Cheers
> --
> Mark is on the way to make a Mark in your hearts
>


-- 
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/from/lynch
Yeah, I get a buck. So?

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Posting Summary for Week Ending 18 January, 2008: php-general@lists.php.net

[Nathan Nobbe]

On Jan 18, 2008 4:56 PM, Daniel Brown <[EMAIL PROTECTED]> wrote:

> On Jan 18, 2008 4:52 PM, Jim Lucas <[EMAIL PROTECTED]> wrote:
> > PostTrack [Dan Brown] wrote:
> > >   514 (100%) 975244 (100%)  EVERYONE
> > >   69(13.4%)  92431(9.5%)  "Richard Lynch" <
> [EMAIL PROTECTED]>
> > >   9(1.8%)  22245(2.3%)  Wolf <[EMAIL PROTECTED]>
> > >   5(1%)  8497(0.9%)  "Andrew Ballard" <
> [EMAIL PROTECTED]>
> > >   4(0.8%)  6000(0.6%)  Pastor Steve <
> [EMAIL PROTECTED]>
> > >   2(0.4%)  201342(20.6%)  Improve Your Life Style<
> [EMAIL PROTECTED]>
> >
> > I need more str_pad()  :)
>
>It's easier to give more cowbell.  ;-P
>
>I actually thought the first comment on this would be how Richard
> came out this afternoon at about 3:30p and started replying to every
> thread.  The guy has fingers that are faster than most people blink, I
> swear it!  His keyboard must smoke, sizzle, and pop at the end of the
> day.


well, i dont know what the rest of you guys get to do all day,
but i still have to work ;)

-nathan

Re: [PHP] Posting Summary for Week Ending 18 January, 2008: php-general@lists.php.net

[Daniel Brown]

On Jan 18, 2008 4:52 PM, Jim Lucas <[EMAIL PROTECTED]> wrote:
> PostTrack [Dan Brown] wrote:
> >   514 (100%) 975244 (100%)  EVERYONE
> >   69(13.4%)  92431(9.5%)  "Richard Lynch" <[EMAIL 
> > PROTECTED]>
> >   9(1.8%)  22245(2.3%)  Wolf <[EMAIL PROTECTED]>
> >   5(1%)  8497(0.9%)  "Andrew Ballard" <[EMAIL 
> > PROTECTED]>
> >   4(0.8%)  6000(0.6%)  Pastor Steve <[EMAIL PROTECTED]>
> >   2(0.4%)  201342(20.6%)  Improve Your Life 
> > Style<[EMAIL PROTECTED]>
>
> I need more str_pad()  :)

It's easier to give more cowbell.  ;-P

I actually thought the first comment on this would be how Richard
came out this afternoon at about 3:30p and started replying to every
thread.  The guy has fingers that are faster than most people blink, I
swear it!  His keyboard must smoke, sizzle, and pop at the end of the
day.

-- 


Daniel P. Brown
Senior Unix Geek and #1 Rated "Year's Coolest Guy" By Self Since
Nineteen-Seventy-[mumble].

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Posting Summary for Week Ending 18 January, 2008: php-general@lists.php.net

[Jim Lucas]

PostTrack [Dan Brown] wrote:

514 (100%) 975244 (100%)  EVERYONE
69(13.4%)  92431(9.5%)  "Richard Lynch" <[EMAIL 
PROTECTED]>
9(1.8%)  22245(2.3%)  Wolf <[EMAIL PROTECTED]>
5(1%)  8497(0.9%)  "Andrew Ballard" <[EMAIL PROTECTED]>
4(0.8%)  6000(0.6%)  Pastor Steve <[EMAIL PROTECTED]>
2(0.4%)  201342(20.6%)  Improve Your Life Style<[EMAIL 
PROTECTED]>


I need more str_pad()  :)

--
Jim Lucas

   "Some men are born to greatness, some achieve greatness,
   and some have greatness thrust upon them."

Twelfth Night, Act II, Scene V
by William Shakespeare

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Bad company This Weekend!

[Børge Holen]

On Friday 18 January 2008 21:44:26 Richard Lynch wrote:
> On Fri, January 18, 2008 11:15 am, Colin Guthrie wrote:
> > Maximus Entertainment wrote:
> >>   _Bad Company – This Saturday Night in Milwaukee, WI_
> >
> > Great. That's super relevant for 99.9% of this mailing list.
> >
> > Anyone near Milwaukee should go along and punch one of the
> > promoters :D
>
> Aw, come on...
>
> Could be they just slipped in their "To" autofill choice...

so much fun mocking someone ;D


>
> --
> Some people have a "gift" link here.
> Know what I want?
> I want you to buy a CD from some indie artist.
> http://cdbaby.com/from/lynch
> Yeah, I get a buck. So?



-- 
---
Børge Holen
http://www.arivene.net

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Question About Blocking Email Addresses in Forms

[Andrew Ballard]

On Jan 18, 2008 10:18 AM, Richard Heyes <[EMAIL PROTECTED]> wrote:
> > I am wondering if there is a way to block out email addresses in specific
> > format from a form?  We ahve a form that people have to enter an email
> > address, and the form has been getting used by bots to send spam to a
> > listserv.  The email address they enter is in this type of format
> > [EMAIL PROTECTED], and of course it is always just a bit different every
> > time.  Any help is greatly appreciated.
>
> Could add a CAPTCHA image ("Type the letters in the image...") to your
> form. It eliminated comment junk when I added one to my website.
>

Depending on what it is for, make sure if you use CAPTCHA that you
provide an accessible alternative, as I'm sure NU would hate to run
afoul of the ADA.

Andrew

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Question About Blocking Email Addresses in Forms

[Richard Lynch]

On Fri, January 18, 2008 10:41 am, Per Jessen wrote:
> 2. check that the domain exists and has an MX.

I believe this will foul you up...

I *think* many domains just use their regular domain as MX if there is
no MX.

And the Bad Guy can easily change tactics to use [EMAIL PROTECTED] or
whatever, once they figure out you only check for MX records...

Though it could work as a stop-gap measure at least.

-- 
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/from/lynch
Yeah, I get a buck. So?

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Posting Summary for Week Ending 18 January, 2008: php-general@lists.php.net

[PostTrack [Dan Brown]]

Posting Summary for PHP-General List
Week Ending: Friday, 18 January, 2008

Messages| Bytes   | Sender
+-+--
514 (100%) 975244 (100%)  EVERYONE
69(13.4%)  92431(9.5%)  "Richard Lynch" <[EMAIL 
PROTECTED]>
46(8.9%)  78933(8.1%)  Jochem Maas <[EMAIL PROTECTED]>
29(5.6%)  48003(4.9%)  "Eric Butera" <[EMAIL PROTECTED]>
28(5.4%)  40764(4.2%)  "Nathan Nobbe" <[EMAIL 
PROTECTED]>
26(5.1%)  41149(4.2%)  "Daniel Brown" <[EMAIL 
PROTECTED]>
24(4.7%)  15837(1.6%)   Per Jessen <[EMAIL PROTECTED]>
19(3.7%)  40495(4.2%)  Manuel Lemos <[EMAIL PROTECTED]>
17(3.3%)  21478(2.2%)  Jim Lucas <[EMAIL PROTECTED]>
16(3.1%)  38021(3.9%)  
=?iso-8859-1?Q?Andr=E9s_Robinet?= <[EMAIL PROTECTED]>
14(2.7%)  10125(1%)  Richard Heyes <[EMAIL PROTECTED]>
11(2.1%)  14946(1.5%)  mike <[EMAIL PROTECTED]>
9(1.8%)  22245(2.3%)  Wolf <[EMAIL PROTECTED]>
9(1.8%)  11964(1.2%)  Europus <[EMAIL PROTECTED]>
7(1.4%)  9494(1%)  "Ken Kixmoeller -- reply to [EMAIL 
PROTECTED]" <[EMAIL PROTECTED]>
7(1.4%)  5637(0.6%)  Chris <[EMAIL PROTECTED]>
6(1.2%)  4881(0.5%)  Naz Gassiep <[EMAIL PROTECTED]>
5(1%)  8497(0.9%)  "Andrew Ballard" <[EMAIL PROTECTED]>
5(1%)  8705(0.9%)  =?ISO-8859-1?Q?Zolt=E1n_N=E9meth?= 
<[EMAIL PROTECTED]>
5(1%)  4932(0.5%)  Sancar Saran <[EMAIL PROTECTED]>
5(1%)  6174(0.6%)   Colin Guthrie <[EMAIL PROTECTED]>
5(1%)  7854(0.8%)  Wang Chen <[EMAIL PROTECTED]>
5(1%)  5875(0.6%)  "Javier Huerta" <[EMAIL PROTECTED]>
4(0.8%)  6000(0.6%)  Pastor Steve <[EMAIL PROTECTED]>
4(0.8%)  2214(0.2%)  "Lucas Prado Melo" <[EMAIL 
PROTECTED]>
4(0.8%)  11675(1.2%)  "David Giragosian" <[EMAIL 
PROTECTED]>
4(0.8%)  25354(2.6%)   Apple <[EMAIL PROTECTED]>
4(0.8%)  3892(0.4%)  clive <[EMAIL PROTECTED]>
4(0.8%)  5407(0.6%)  Larry Garfield <[EMAIL PROTECTED]>
4(0.8%)  3479(0.4%)  "Carole E. Mah" <[EMAIL PROTECTED]>
4(0.8%)  3104(0.3%)  Adam Williams <[EMAIL PROTECTED]>
3(0.6%)  2552(0.3%)  tedd <[EMAIL PROTECTED]>
3(0.6%)  5341(0.5%)  Scott Wilcox <[EMAIL PROTECTED]>
3(0.6%)  3021(0.3%)  Max Antonov <[EMAIL PROTECTED]>
3(0.6%)  4873(0.5%)  Casey <[EMAIL PROTECTED]>
3(0.6%)  2819(0.3%)  "Tom Chubb" <[EMAIL PROTECTED]>
3(0.6%)  3728(0.4%)  "mathieu leddet" <[EMAIL 
PROTECTED]>
3(0.6%)  5052(0.5%)  "Sean-Michael" <[EMAIL PROTECTED]>
3(0.6%)  3182(0.3%)  "A.smith" <[EMAIL PROTECTED]>
3(0.6%)  3111(0.3%)  "Dotan Cohen" <[EMAIL PROTECTED]>
3(0.6%)  4201(0.4%)  Richard <[EMAIL PROTECTED]>
3(0.6%)  3449(0.4%)  "T.Lensselink" <[EMAIL PROTECTED]>
3(0.6%)  4133(0.4%)  julian <[EMAIL PROTECTED]>
2(0.4%)  2182(0.2%)  Paul Scott <[EMAIL PROTECTED]>
2(0.4%)  2793(0.3%)  "Janet N" <[EMAIL PROTECTED]>
2(0.4%)  11021(1.1%)  Jason Pruim <[EMAIL PROTECTED]>
2(0.4%)  1818(0.2%)  Pierre Pintaric <[EMAIL PROTECTED]>
2(0.4%)  2855(0.3%)  "Churchill, Craig" <[EMAIL 
PROTECTED]>
2(0.4%)  201342(20.6%)  Improve Your Life Style<[EMAIL 
PROTECTED]>
2(0.4%)  2542(0.3%)  Bastien Koert <[EMAIL PROTECTED]>
2(0.4%)  1002(0.1%)  Silvio Porcellana <[EMAIL 
PROTECTED]>
2(0.4%)  2947(0.3%)  Danny Brow <[EMAIL PROTECTED]>
2(0.4%)  4571(0.5%)  Steve Edberg <[EMAIL PROTECTED]>
2(0.4%)  3259(0.3%)  Chuck <[EMAIL PROTECTED]>
2(0.4%)  4262(0.4%)  "Greg Donald" <[EMAIL PROTECTED]>
2(0.4%)  3218(0.3%)  "GoWtHaM NaRiSiPaLli" <[EMAIL 
PROTECTED]>
2(0.4%)  7045(0.7%)  =?UTF-8?Q?Andr=C3=A9s_Robinet?= 
<[EMAIL PROTECTED]>
2(0.4%)  1985(0.2%)  Dave M G <[EMAIL PROTECTED]>
2(0.4%)  5217(0.5%)  "Dan" <[EMAIL PROTECTED]>
2(0.4%)  2737(0.3%)  Julian <[EMAIL PROTECTED]>
2(0.4%)  3683(0.4%) 

Re: [PHP] Question About Blocking Email Addresses in Forms

[Richard Lynch]

On Fri, January 18, 2008 9:31 am, Richard Heyes wrote:
>> Or even a simple text CAPTCHA "What is 16 divided by 4?".
>
> Careful though, I made a class which converted numbers to text
> (TextualNumbers IIRC) and it got broken.

Almost any CAPTCHA can be broken if somebody wants it badly enough.

Some are easier than others, of course.

But you get rid of a LOT of bottom-feeders with a CAPTCHA.

CAPTCHA has serious usability drawbacks, however.

I would suggest NOT going for something really hard for a human to use
-- I believe that it won't make THAT much difference to the number of
junk eliminated.

-- 
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/from/lynch
Yeah, I get a buck. So?

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Question About Blocking Email Addresses in Forms

[Richard Lynch]

On Fri, January 18, 2008 8:50 am, Javier Huerta wrote:
> I am wondering if there is a way to block out email addresses in
> specific
> format from a form?  We ahve a form that people have to enter an email
> address, and the form has been getting used by bots to send spam to a
> listserv.  The email address they enter is in this type of format
> [EMAIL PROTECTED], and of course it is always just a bit different
> every
> time.  Any help is greatly appreciated.

You should limit posting to subscribers, and force subscribers to
confirm that they received an email at their address before finalizing
their subscription to the list.

That will eliminate 99.999% of this stuff.

Trying to determine which emails are forgeries without messing up a
real user would be impossible, literally, and consume resources for
the rest of your life...  NU has better things for you to do! :-)

-- 
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/from/lynch
Yeah, I get a buck. So?

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Problem with ocasional blank value

[Richard Lynch]

On Fri, January 18, 2008 9:12 am, Joey wrote:
> I have a problem that the below code which is supposed to display a
> random
> image and on occasion it shows NO image.
>
> I'm not sure what is happening.  This is running on linux just in case
> that
> makes any difference.
>
> <%
>
> $image_folder = "new_random/";
>
> $dir = $_SERVER['DOCUMENT_ROOT'] . "/" . $image_folder;
>
> $image_array = array();
>
> # The user doesn"t need to see any errors

While the USER does not need to see any errors, YOU need to catch
them, log them, and deal with them, rather than just ignoring them.

Try using:
http://php.net/set_error_handler instead.

There are MANY other ways to handle errors, but that is probably the
easiest lowest-impact one you can implement quickly without modifying
your codebase too much.

> $dir_handle = @opendir($dir);
>
>
>
> while (false !== ($file = readdir($dir_handle)))
>
>   if (!is_dir($file))
>
> $image_array[] = $file;
>
> #
>
> closedir ($dir_handle);
>
>
>
> #
>
> # The following appears to make things more random
>
> srand((double)microtime()*100);

You may have fooled yourself into thinking it looks more random, but
the rand function is auto-seeded at PHP startup for a long time now,
and the srand() is not needed.

> $r = rand(0,sizeof($image_array)-1);
>
>
>
> #
>
> echo " height
> = \"400\" >";

Have you looked at the source in the browser when it fails?

What's in the src="..." bit?

Is it something you expect or what?

-- 
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/from/lynch
Yeah, I get a buck. So?

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Bad company This Weekend!

[Richard Lynch]

On Fri, January 18, 2008 11:15 am, Colin Guthrie wrote:
> Maximus Entertainment wrote:
>>
>>   _Bad Company – This Saturday Night in Milwaukee, WI_
>
> Great. That's super relevant for 99.9% of this mailing list.
>
> Anyone near Milwaukee should go along and punch one of the
> promoters :D

Aw, come on...

Could be they just slipped in their "To" autofill choice...

-- 
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/from/lynch
Yeah, I get a buck. So?

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] FPDF

[Richard Lynch]

On Fri, January 18, 2008 12:14 pm, Balasubramanyam Ananthamurthy wrote:
> I'm fetching content from database and printing it on the browser. I
> want add an link on the same page "Click here to view it in PDF". Is
> it
> possible to do it using FPDF? If yes, how can I do this?

Actually, FPDF goes even further than that, and (sort of) lets you
overlay a "FORM" on top of a PDF -- which is probably overkill for
what you need.

There are several options for generating a PDF from your DB data,
actually, but this one was worked well for me for a long time:
http://php.net/pdf
Note that this has a kind of funky license setup for
commercial/non-commercial usage, so you may not find that appropriate
for your needs though.
In addition to the php.net examples, here is a web-based calendar that
you can also print out and put on your fridge:
http://uncommonground.com/events.htm
http://uncommonground.com/events.pdf

That would be useless to you without source:
http://uncommonground.com/events.phps
http://uncommonground.com/events_pdf.phps

A bit messy code, and a lot of layout stuff you don't need, but it is
a real-live working example :-)

-- 
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/from/lynch
Yeah, I get a buck. So?

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Foreach

[Eric Butera]

On Jan 18, 2008 2:55 PM, Pastor Steve <[EMAIL PROTECTED]> wrote:
>
>  Here is the output, thanks!
>
>  Array ( [page_name] => [image] => spacer.gif [text_head] => [name] => Array
> ( [0] => Holiday Inn [1] => The Rib Room [2] => Winner ) [order] => Array (
> [0] => 3 [1] => 3 [2] => 3 ) [add-page] => Create Page )
>
>  --
>  Steve M.
>
>
>
>  on 1/18/08 1:43 PM Eric Butera ([EMAIL PROTECTED]) wrote:
>
>
> On Jan 18, 2008 2:12 PM, Pastor Steve <[EMAIL PROTECTED]> wrote:
>  >
>  >  I used the following code from Wolf and it did not work:
>  >
>  >
>  >>  // First check to make sure you are getting both fields
>  >  if(isset($_POST['name']) && is_array($_POST['name']) &&
>  > isset($_POST['order']) && is_array($_POST['order']))
>  >  {
>  >   // Now assign them to easier to play with variables
>  >   $names=$_POST['name'];
>  >   $orders=$_POST['orders'];
>  >   // This tests for the same number of items as names
>  >   if (count($names) == count($orders))
>  >   {
>  >$i=0;
>  >while($i<=count($names))
>  >{
>  > $update_data = "UPDATE sections SET `order` = '$orders[$i]' WHERE
> name =
>  > '$names[$i]'";
>  > $response = mysql_query( $update_data, $cnx );
>  > if(mysql_error()) die ('database error'.mysql_error());
>  >}
>  >   }
>  >  }
>  >  ?>
>  >
>  >  Can you tell me why it didn't work? It just hangs as soon as the page is
>  > called. I know that both name and order are arrays. They are working
>  > separately.
>  >
>  >  Thanks for any help.
>  >
>  >  --
>  >  Steve M.
>  >
>  >
>  >
>  >
>  >
>  >  on 1/17/08 5:05 PM Eric Butera ([EMAIL PROTECTED]) wrote:
>  >
>  >
>  >
>  > On Jan 17, 2008 5:57 PM, Nathan Nobbe <[EMAIL PROTECTED]> wrote:
>  >  > there are a few different issues here; first of all; are you sure
>  >  > $_POST['name']
>  >  > and $_POST['order'] are even arrays?
>  >
>  >  To check try this right above your saving code block:
>  >
>  >  echo '';
>  >  print_r($_POST);
>  >
>  >  After you figure out if your data is right we're going to have to talk
>  >  about input validation and sql injection.
>  >
>  >
>
>  If it is just hanging when you load the page I'm going to guess that
>  there is an issue with the while() statement.  If you delete all of
>  that and just do the print_r($_POST) and show me the output of that
>  I'll be able to help you further.  I need to see what the arrays
>  you've created in the post look like before I can write you a
>  statement to parse and use them.
>
>

Keep in mind that your name and order values really should be using
their primary key value.  Combining them could mess up if you don't
choose both options in the correct order.  I'll leave that to you to
figure out.



[image] => spacer.gif
[text_head] =>
[name] => Array (
[0] => Holiday Inn
[1] => The Rib Room
[2] => Winner
)
[order] => Array (
[0] => 3
[1] => 3
[2] => 3
)
[add-page] => Create Page
)
*/

$_POST = array(
'page_name' => '',
'image' => 'spacer.gif',
'text_head' => '',
'name'  => array(
0 => 'Holiday Inn',
1 => 'The Rib Room',
2 => 'Winner'
),
'order' => array(
0 => 3,
1 => 3,
2 => 3
),
'add-page'  => 'Create Page'
);

function super_duper_escaper($value, $db) {
if (!get_magic_quotes_gpc()) {
$value = mysql_real_escape_string($value, $db);
}
return $value;
}

if (strtolower($_SERVER['REQUEST_METHOD']) == 'post') {

$cnx = mysql_connect();
// handle this somehow too

if (isset($_POST['name'], $_POST['order'])) {
$_sql = "UPDATE sections SET `order` = %d WHERE name = '%s'";
foreach (array_combine($_POST['name'], $_POST['order']) as 
$name => $order) {
$sql = sprintf(
   $_sql,
   (int)$order,
   super_duper_escaper($name, $cnx)
);  
$result = mysql_query($sql, $cnx);
if (!$result) {
die("Handle this gracefully");
}
}
}

}

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] SimpleXML addChild() namespace problem

[Nathan Nobbe]

On Jan 18, 2008 2:48 PM, Carole E. Mah <[EMAIL PROTECTED]> wrote:

> On Jan 18, 2008 12:22 PM, Nathan Nobbe <[EMAIL PROTECTED]> wrote:
> > Are you trying to read an existing document into a SimpleXMLElement, or
> are
> > you trying to create a SimpleXMLElement instance and generate a document
> > from that?
> > My impression was you were trying to do the later; please clarify and if
> you
> > are trying to do the later, post the code you are using to create the
> > SimpleXMLElement instance and generate the output youve posted.
>
> Nathan,
>
> I am trying to to the latter -- create a SimpleXMLElement instance and
> generate
> a document from that.
>
> Thank you very much for all your examples and patience.
>
> I now see the very silly mistake I made.
>
> Correct (from your example):
>
> $xml = new SimpleXMLElement('http://apple.com"/>');
> $n = $xml->addChild("subtitle", "Musical Mockery", " http://apple.com";);
>
> Incorrect (what I was doing):
>
> $xml = new SimpleXMLElement('http://apple.com"/>');
> $n = $xml->addChild("subtitle", "Musical Mockery", " itunes");
>
> To be fair, there really isn't an example of this on PHP.net.
> Nonetheless, I feel a bit foolish for having wasted your time with
> this. Thank you for your help.


no prob; i learned how to do this on this post myself ;)
glad to hear its working now!

-nathan

Re: [PHP] SimpleXML addChild() namespace problem

[Carole E. Mah]

On Jan 18, 2008 12:22 PM, Nathan Nobbe <[EMAIL PROTECTED]> wrote:
> Are you trying to read an existing document into a SimpleXMLElement, or are
> you trying to create a SimpleXMLElement instance and generate a document
> from that?
> My impression was you were trying to do the later; please clarify and if you
> are trying to do the later, post the code you are using to create the
> SimpleXMLElement instance and generate the output youve posted.

Nathan,

I am trying to to the latter -- create a SimpleXMLElement instance and generate
a document from that.

Thank you very much for all your examples and patience.

I now see the very silly mistake I made.

Correct (from your example):

$xml = new SimpleXMLElement('http://apple.com"/>');
$n = $xml->addChild("subtitle", "Musical Mockery", " http://apple.com";);

Incorrect (what I was doing):

$xml = new SimpleXMLElement('http://apple.com"/>');
$n = $xml->addChild("subtitle", "Musical Mockery", " itunes");

To be fair, there really isn't an example of this on PHP.net.
Nonetheless, I feel a bit foolish for having wasted your time with
this. Thank you for your help.

Carole

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] FPDF

[Balasubramanyam Ananthamurthy]

Hello,

I'm fetching content from database and printing it on the browser. I 
want add an link on the same page "Click here to view it in PDF". Is it 
possible to do it using FPDF? If yes, how can I do this?


Thank you.

Balu

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: system command runs application, but application doesn't work correctly

[Apple7777]

Daniel Brown  gmail.com> writes:

> Does the UID (or at least GID) under which PHP is being executed
> have permissions to write to the area you're trying to save the file?
> 
> Similar to above, does it have the correct permissions to read the
> incoming file?

Daniel, I'm not sure about UID, but users of both folders where I write files
("photo" and "video") are the same. ImageMagick runned from PHP writes files to
photo without any problems. Also, all my scripts have the same UID, uploaded
from one user.

Both directories ("photo" and "video") have same permissions "777" and same user
"500".

If I'm telling something wrong, can you tell me how can I check GID/UID info and
for what files/directories? I'm not linux guru...



> 
> Have both $inputFile and $outputFile been properly defined?  Try
> echo'ing them out just above the (commented-out) system() call line to
> be sure.
> 

I'm sure paths and files are ok. As I said before, shell script, written by my
PHP script works perfectly when I run it from shell, not PHP. I'm pretty sure
the problem is not here. My script echoes these paths (I just don't post it
here) and they're ok.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Foreach

[Eric Butera]

On Jan 18, 2008 12:20 PM, Zoltán Németh <[EMAIL PROTECTED]> wrote:
> 2008. 01. 18, péntek keltezéssel 12.10-kor Wolf ezt írta:
>
> >  Eric Butera <[EMAIL PROTECTED]> wrote:
> > > On Jan 18, 2008 11:38 AM, Wolf <[EMAIL PROTECTED]> wrote:
> > > > Steve,
> > > >
> > > > This should work as some basic sudo code.  You are running into a 
> > > > number of issues with your usage of the foreach as it sounds like what 
> > > > you really want to do is walk through one array and grab the 
> > > > corresponding value from another.
> > > >
> > > >  > > > // First check to make sure you are getting both fields
> > > > if(isset($_POST['name']) && is_array($_POST['name']) && 
> > > > isset($_POST['order']) && is_array($_POST['order']))
> > > > {
> > > >  // Now assign them to easier to play with variables
> > > >  $names=$_POST['name'];
> > > >  $orders=$_POST['orders'];
> > > >  // This tests for the same number of items as names
> > > >  if (count($names) == count($orders))
> > > >  {
> > > >   $i=0;
> > > >   while($i<=count($names))
> > > >   {
> > > >$update_data = "UPDATE sections SET `order` = '$orders[$i]' WHERE 
> > > > name = '$names[$i]'";
> > > >$response = mysql_query( $update_data, $cnx );
> > > >if(mysql_error()) die ('database error'.mysql_error());
> > > >   }
> > > >  }
> > > > }
> > > > ?>
> > > >
> > > > HTH,
> > > > Wolf
> > > >
> > > >
> > > > --
> > > > PHP General Mailing List (http://www.php.net/)
> > > > To unsubscribe, visit: http://www.php.net/unsub.php
> > > >
> > > >
> > >
> > > Hi Wolf,
> > >
> > > Your code is missing data validation!  Hopefully you don't do stuff
> > > like that either.
> > >
> > > function super_duper_escaper($value, $db) {
> > > if (!get_magic_quotes_gpc()) {
> > > $value = mysql_real_escape_string($value, $db);
> > > }
> > > return $value;
> > > }
> > >
> > > $_sql = "UPDATE sections SET `order` = %d WHERE name = '%s'";
> > > $sql = sprintf(
> > > $_sql,
> > > (int)$orders[$i],
> > > super_duper_escaper($names[$i], $cnx)
> > > );
> > >
> > > What we're doing here is making sure that the order is a number and
> > > that the name is a string that properly escapes out the quotes to make
> > > sure people can't break out of the context of data and into commands.
> > > Look up SQL injection for more information.
> > >
> > > Don't rely on magic quotes, etc as it is a server specific setting, is
> > > going away in php6, and does not take character sets into
> > > consideration.  The mysql extension is just as bad as it wont allow
> > > you to update the character set context from the mysql server default.
> > >  So use mysqli or pdo unless everything matches across the board.
> >
> >
> > Of course it was missing the data validation, I don't write a whole 
> > page/app for anyone just out of the blue.  I was expecting Steve to make 
> > sure he handled the data validation on his side before implementing the 
> > code fully.  As it is, I would have used a function and array_walk to check 
> > the validness of each field and assign it to a new array if it was valid, 
> > then use the new arrays to actually be pushed into the mysql queries.  :)
> >
> > I also tend to put in a referrer checker to make sure the page is coming 
> > where it should be coming from and depending on how nice I am either 
> > redirecting back to my page and my form, or heading them off to other fun 
> > places (like ratemypoo or something similar)  :)
>
> I wouldn't do that as the referer value can be set on the client side to
> anything... I just simply don't trust it.
>
> greets
> Zoltán Németh
>
> >
> > Wolf
> >
>
>

Nonetheless as I keep re-iterating, people will copy and paste this
stuff as is because they don't know better.  It is the responsibility
of people writing the answers to make sure their code is validated and
as "secure" as possible unless there is some glaringly obvious comment
saying {get your data here} with a link to how to validate it
properly.

Using session based form tokens is a better approach to make sure the
post came from within your application.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: system command runs application, but application doesn't work correctly

[Daniel Brown]

On Jan 17, 2008 6:48 PM, Apple <[EMAIL PROTECTED]> wrote:
> Another strange thing is I run ImageMajick with system() in a lot of scripts 
> on
> the same server and everything works fine.
>
> What is the problem? Do you have any idea?

Does the UID (or at least GID) under which PHP is being executed
have permissions to write to the area you're trying to save the file?

Similar to above, does it have the correct permissions to read the
incoming file?

Have both $inputFile and $outputFile been properly defined?  Try
echo'ing them out just above the (commented-out) system() call line to
be sure.

-- 


Daniel P. Brown
Senior Unix Geek and #1 Rated "Year's Coolest Guy" By Self Since
Nineteen-Seventy-[mumble].

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] SimpleXML addChild() namespace problem

[Nathan Nobbe]

On Jan 18, 2008 12:04 PM, Carole E. Mah <[EMAIL PROTECTED]> wrote:

> I did exactly this, and still got:
>
> 
> http://www.itunes.com/dtds/podcast-1.0.dtd"; version="
> 2.0">
>
>
>
>My Title
>My Link
>My Description
>My
> Author
>My
> Subtitle
>
>
>
> 
>


are you trying to read an existing document into a SimpleXMLElement, or are
you trying
to create a SimpleXMLElement instance and generate a document from that?
my impression was you were trying to do the later; please clarify and if you
are trying to
do the later, post the code you are using to create the SimpleXMLElement
instance and
generate the output youve posted.

-nathan

Re: [PHP] Problem with ocasional blank value

[Jim Lucas]

Joey wrote:

Hi All,

 


I have a problem that the below code which is supposed to display a random
image and on occasion it shows NO image.

I'm not sure what is happening.  This is running on linux just in case that
makes any difference.

 


<%

$image_folder = "new_random/";

$dir = $_SERVER['DOCUMENT_ROOT'] . "/" . $image_folder;

$image_array = array();

 


# The user doesn"t need to see any errors

$dir_handle = @opendir($dir);

 


while (false !== ($file = readdir($dir_handle)))

  if (!is_dir($file))

$image_array[] = $file;

#

closedir ($dir_handle);

 


#

# The following appears to make things more random

srand((double)microtime()*100);

$r = rand(0,sizeof($image_array)-1);

 


#

echo "";

%>

 

 

 


Thanks!

 



Try something like this.

http://www.cmsws.com/examples/php/testscripts/[EMAIL PROTECTED]/0001.php

--
Jim Lucas

   "Some men are born to greatness, some achieve greatness,
   and some have greatness thrust upon them."

Twelfth Night, Act II, Scene V
by William Shakespeare

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Foreach

[Zoltán Németh]

2008. 01. 18, péntek keltezéssel 12.10-kor Wolf ezt írta:
>  Eric Butera <[EMAIL PROTECTED]> wrote: 
> > On Jan 18, 2008 11:38 AM, Wolf <[EMAIL PROTECTED]> wrote:
> > > Steve,
> > >
> > > This should work as some basic sudo code.  You are running into a number 
> > > of issues with your usage of the foreach as it sounds like what you 
> > > really want to do is walk through one array and grab the corresponding 
> > > value from another.
> > >
> > >  > > // First check to make sure you are getting both fields
> > > if(isset($_POST['name']) && is_array($_POST['name']) && 
> > > isset($_POST['order']) && is_array($_POST['order']))
> > > {
> > >  // Now assign them to easier to play with variables
> > >  $names=$_POST['name'];
> > >  $orders=$_POST['orders'];
> > >  // This tests for the same number of items as names
> > >  if (count($names) == count($orders))
> > >  {
> > >   $i=0;
> > >   while($i<=count($names))
> > >   {
> > >$update_data = "UPDATE sections SET `order` = '$orders[$i]' WHERE name 
> > > = '$names[$i]'";
> > >$response = mysql_query( $update_data, $cnx );
> > >if(mysql_error()) die ('database error'.mysql_error());
> > >   }
> > >  }
> > > }
> > > ?>
> > >
> > > HTH,
> > > Wolf
> > >
> > >
> > > --
> > > PHP General Mailing List (http://www.php.net/)
> > > To unsubscribe, visit: http://www.php.net/unsub.php
> > >
> > >
> > 
> > Hi Wolf,
> > 
> > Your code is missing data validation!  Hopefully you don't do stuff
> > like that either.
> > 
> > function super_duper_escaper($value, $db) {
> > if (!get_magic_quotes_gpc()) {
> > $value = mysql_real_escape_string($value, $db);
> > }
> > return $value;
> > }
> > 
> > $_sql = "UPDATE sections SET `order` = %d WHERE name = '%s'";
> > $sql = sprintf(
> > $_sql,
> > (int)$orders[$i],
> > super_duper_escaper($names[$i], $cnx)
> > );
> > 
> > What we're doing here is making sure that the order is a number and
> > that the name is a string that properly escapes out the quotes to make
> > sure people can't break out of the context of data and into commands.
> > Look up SQL injection for more information.
> > 
> > Don't rely on magic quotes, etc as it is a server specific setting, is
> > going away in php6, and does not take character sets into
> > consideration.  The mysql extension is just as bad as it wont allow
> > you to update the character set context from the mysql server default.
> >  So use mysqli or pdo unless everything matches across the board.
> 
> 
> Of course it was missing the data validation, I don't write a whole page/app 
> for anyone just out of the blue.  I was expecting Steve to make sure he 
> handled the data validation on his side before implementing the code fully.  
> As it is, I would have used a function and array_walk to check the validness 
> of each field and assign it to a new array if it was valid, then use the new 
> arrays to actually be pushed into the mysql queries.  :)
> 
> I also tend to put in a referrer checker to make sure the page is coming 
> where it should be coming from and depending on how nice I am either 
> redirecting back to my page and my form, or heading them off to other fun 
> places (like ratemypoo or something similar)  :)

I wouldn't do that as the referer value can be set on the client side to
anything... I just simply don't trust it.

greets
Zoltán Németh

> 
> Wolf
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Bad company This Weekend!

[Casey]

On Jan 18, 2008 9:15 AM, Colin Guthrie <[EMAIL PROTECTED]> wrote:
> Maximus Entertainment wrote:
> >
> >   _Bad Company – This Saturday Night in Milwaukee, WI_
>
> Great. That's super relevant for 99.9% of this mailing list.
>
> Anyone near Milwaukee should go along and punch one of the promoters :D
>


> Don't miss this opportunity to see him.  Please go to the Richfield Chalet's
> website (www.richfieldchalet.com/events.php) for more information, or
> contact the venue at 262-628-4080.  Tickets are $20.  Print this email out

Gasp! They use PHP!


-Casey

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Question About Blocking Email Addresses in Forms

[Javier Huerta]

> Hi Javier!
>
> At my work we had tons of issues with spam bots randomly hitting our
> contact forms.  They would inject all sorts of random garbage along
> with the standard email header injection attempts to try and send mass
> mails through the forms.
>
> We've worked on a standardized form processing script that has some
> basic ideas implemented that has cut down on 99% of the spam in our
> forms yet also does _not_ use any horrible CAPTCHA crap.  If you use
> one of those you're basically saying you hate your users and want to
> make them miserable.
>
> Here are a few of the ideas we use:
>
> - Require a user enter an email address and then validate this address
> using PEAR::Validate::email() with the true parameter to resolve host
> names.  That would always require at least a valid domain name.
>
> - Filter all the fields against a set of invalid keywords.  Also make
> this set of keywords extendable on a per site basis because some sites
> get hit with different keywords.  Here is a set you can start with
> array('to:','from:','cc:','bcc:','href=','url=')
>
> - Trick the bots.  I noticed lots of forms spam scripts will use some
> sort of regex to find all form fields and then inject them with any
> value that they want.  Just because your form uses a select dropdown
> or hidden field doesn't mean that is what you're going to get back.
> Most of these things in my experience are automated so they just do a
> mass search for name="".  I use this to my advantage by doing two
> things.  First I have a commented out field that if it is submitted I
> fail the post.  Then I also have a hidden field that has a constant
> value that must remain the same.  If this value is changed (only a
> spammer would do it since it's hidden) fail the post.
>
> - Add a configurable option to ignore posts that contain the domain
> name in them.  Lots of these bots will send out a test that uses
> random@ as a test.  I usually enable
> this feature after the client has tested their form and are happy with
> it.
>
> Make sure that if any of these conditions fail you show the form back
> to the user with a helpful error message.  This way if a real user
> accidently triggers any of the security measures you can let them know
> how to fix it, such as removing href= from input fields.
>
> Good luck!

Thanks again for the suggestions Eric and everyone else.  One of my 
colleagues, who is more PHP savy than I, agreed to help me work on this 
using all of your suggestions.

I am now quite confident that we will be able to conquer our spam problem.

Javier 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: Bad company This Weekend!

[Colin Guthrie]

Maximus Entertainment wrote:
> 
>   _Bad Company – This Saturday Night in Milwaukee, WI_

Great. That's super relevant for 99.9% of this mailing list.

Anyone near Milwaukee should go along and punch one of the promoters :D

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Foreach

[Wolf]

 Eric Butera <[EMAIL PROTECTED]> wrote: 
> On Jan 18, 2008 11:38 AM, Wolf <[EMAIL PROTECTED]> wrote:
> > Steve,
> >
> > This should work as some basic sudo code.  You are running into a number of 
> > issues with your usage of the foreach as it sounds like what you really 
> > want to do is walk through one array and grab the corresponding value from 
> > another.
> >
> >  > // First check to make sure you are getting both fields
> > if(isset($_POST['name']) && is_array($_POST['name']) && 
> > isset($_POST['order']) && is_array($_POST['order']))
> > {
> >  // Now assign them to easier to play with variables
> >  $names=$_POST['name'];
> >  $orders=$_POST['orders'];
> >  // This tests for the same number of items as names
> >  if (count($names) == count($orders))
> >  {
> >   $i=0;
> >   while($i<=count($names))
> >   {
> >$update_data = "UPDATE sections SET `order` = '$orders[$i]' WHERE name = 
> > '$names[$i]'";
> >$response = mysql_query( $update_data, $cnx );
> >if(mysql_error()) die ('database error'.mysql_error());
> >   }
> >  }
> > }
> > ?>
> >
> > HTH,
> > Wolf
> >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >
> 
> Hi Wolf,
> 
> Your code is missing data validation!  Hopefully you don't do stuff
> like that either.
> 
> function super_duper_escaper($value, $db) {
>   if (!get_magic_quotes_gpc()) {
>   $value = mysql_real_escape_string($value, $db);
>   }
>   return $value;
> }
> 
> $_sql = "UPDATE sections SET `order` = %d WHERE name = '%s'";
> $sql = sprintf(
>   $_sql,
>   (int)$orders[$i],
>   super_duper_escaper($names[$i], $cnx)
> );
> 
> What we're doing here is making sure that the order is a number and
> that the name is a string that properly escapes out the quotes to make
> sure people can't break out of the context of data and into commands.
> Look up SQL injection for more information.
> 
> Don't rely on magic quotes, etc as it is a server specific setting, is
> going away in php6, and does not take character sets into
> consideration.  The mysql extension is just as bad as it wont allow
> you to update the character set context from the mysql server default.
>  So use mysqli or pdo unless everything matches across the board.


Of course it was missing the data validation, I don't write a whole page/app 
for anyone just out of the blue.  I was expecting Steve to make sure he handled 
the data validation on his side before implementing the code fully.  As it is, 
I would have used a function and array_walk to check the validness of each 
field and assign it to a new array if it was valid, then use the new arrays to 
actually be pushed into the mysql queries.  :)

I also tend to put in a referrer checker to make sure the page is coming where 
it should be coming from and depending on how nice I am either redirecting back 
to my page and my form, or heading them off to other fun places (like ratemypoo 
or something similar)  :)

Wolf

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] SimpleXML addChild() namespace problem

[Carole E. Mah]

>based upon information from bug #43221, if you define the namespace
>beforehand
>it will work.
>
>$xml = new SimpleXMLElement('http://apple.com"/>');
>$n = $xml->addChild("subtitle", "Musical Mockery", "http://apple.com";);
>print_r($xml->asXml());
>?>
>
>produces:
>
>http://apple.com";>Musical
>Mockery
>
>-nathan

Actually, it doesn't work.

I did exactly this, and still got:


http://www.itunes.com/dtds/podcast-1.0.dtd"; version="2.0">



My Title
My Link
My Description
My 
Author
My 
Subtitle





-Carole

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Foreach

[Eric Butera]

On Jan 18, 2008 11:38 AM, Wolf <[EMAIL PROTECTED]> wrote:
> Steve,
>
> This should work as some basic sudo code.  You are running into a number of 
> issues with your usage of the foreach as it sounds like what you really want 
> to do is walk through one array and grab the corresponding value from another.
>
>  // First check to make sure you are getting both fields
> if(isset($_POST['name']) && is_array($_POST['name']) && 
> isset($_POST['order']) && is_array($_POST['order']))
> {
>  // Now assign them to easier to play with variables
>  $names=$_POST['name'];
>  $orders=$_POST['orders'];
>  // This tests for the same number of items as names
>  if (count($names) == count($orders))
>  {
>   $i=0;
>   while($i<=count($names))
>   {
>$update_data = "UPDATE sections SET `order` = '$orders[$i]' WHERE name = 
> '$names[$i]'";
>$response = mysql_query( $update_data, $cnx );
>if(mysql_error()) die ('database error'.mysql_error());
>   }
>  }
> }
> ?>
>
> HTH,
> Wolf
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Hi Wolf,

Your code is missing data validation!  Hopefully you don't do stuff
like that either.

function super_duper_escaper($value, $db) {
if (!get_magic_quotes_gpc()) {
$value = mysql_real_escape_string($value, $db);
}
return $value;
}

$_sql = "UPDATE sections SET `order` = %d WHERE name = '%s'";
$sql = sprintf(
$_sql,
(int)$orders[$i],
super_duper_escaper($names[$i], $cnx)
);

What we're doing here is making sure that the order is a number and
that the name is a string that properly escapes out the quotes to make
sure people can't break out of the context of data and into commands.
Look up SQL injection for more information.

Don't rely on magic quotes, etc as it is a server specific setting, is
going away in php6, and does not take character sets into
consideration.  The mysql extension is just as bad as it wont allow
you to update the character set context from the mysql server default.
 So use mysqli or pdo unless everything matches across the board.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Question About Blocking Email Addresses in Forms

[Javier Huerta]

> What does your form actually do? Does it email you, >email them, stick 
> something in a DB? What?
>

The form sends an email to a listserv and cc's the sender and then enters 
data into a database.



> Regardless, if they're entering a nonsense email address >and are 
> managing to get your script to email other people then >you're not 
> validating the inputs correctly.

This is what I am not sure about how to go about doing. 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: Question About Blocking Email Addresses in Forms

[Manuel Lemos]

Hello,

on 01/18/2008 01:55 PM Javier Huerta said the following:
> Thanks for all of your suggestions which all point to using Catpcha.  I have 
> actually already implemented Capchta and they are still getting around it. 
> Even if they are entering it manually rather than via a bot, is there a way 
> to check if the email address is of a specific format and if so then don't 
> process the form?

Sure. If you just want to block addresses of some domains, you do not
even need to use regular expressions. Try something like this:

$block = 'jhgfghjk.com';
$email = $_POST['email'];
if(substr($email, -strlen($block)) === $block)
{
do whatever you want to not accept this address;
}

If you iterate this code over a list of blocked domains taken from an
array, you have implemented a generalized black list.

-- 

Regards,
Manuel Lemos

PHP professionals looking for PHP jobs
http://www.phpclasses.org/professionals/

PHP Classes - Free ready to use OOP components written in PHP
http://www.phpclasses.org/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Question About Blocking Email Addresses in Forms

[Per Jessen]

Javier Huerta wrote:

> Thanks for all of your suggestions which all point to using Catpcha. 
> I have actually already implemented Capchta and they are still getting
> around it. Even if they are entering it manually rather than via a
> bot, is there a way to check if the email address is of a specific
> format and if so then don't process the form?

1. use a regex to validate the email-address syntax
2. check that the domain exists and has an MX.



/Per Jessen, Zürich

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Foreach

[Wolf]

Steve,

This should work as some basic sudo code.  You are running into a number of 
issues with your usage of the foreach as it sounds like what you really want to 
do is walk through one array and grab the corresponding value from another.

'.mysql_error());
  }
 }
}
?>

HTH,
Wolf

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Foreach

[Pastor Steve]

Yes, each variable is an array. foreach works individually with no problems.
The problem I am having is getting both to update the table in MySQL. It
will update  $i three times with no problem, however, it will only update $t
with the last value in the array.

Name is a checkbox and contains the name of the record from the db. Order is
a select menu with a number. (which is the number drawn from the number of
records in the db). I would like to see both values come across and update
the table however many times necessary. Name would update the name and order
would update order. Order is the order in which each record will appear on
the page.

I hope this makes more sense. I wish I knew more, and then I would be able
to formulate my questions better. Thank you so much for your help.

Steve M.

on 1/17/08 10:07 PM David Giragosian ([EMAIL PROTECTED]) wrote:

> On 1/17/08, mike <[EMAIL PROTECTED]> wrote:
>> On 1/17/08, Nathan Nobbe < [EMAIL PROTECTED]
>>  > wrote:
>> 
  $name = $_POST['name'];
  if ($name) {
  foreach ($name as $t) {
 
echo "$t";
} 
>> 
$order = $_POST['order'];
if ($order) {
foreach ($order as $i) {
>> 
>>> 
>>> there are a few different issues here; first of all; are you sure
>>> $_POST['name'] 
>>> and $_POST['order'] are even arrays?
>> 
>> hint:
>> 
>> if(isset($_POST['name']) && is_array($_POST['name']))
> 
> Steve,  
> 
> // Do you have several html form elements such as  name="name[]"> in your html?
> // Mike's suggestion...
> if( isset( $_POST['name'] ) && is_array( $_POST['name'] ) ) {
> 
> // you'll never get in here if you don't...
> $name = $_POST['name'];
>  
>// foreach expects an array, as Nathan states. Even if $name is an
> array, $t 
>// will hold only the last value in the array when the foreach loop is
> exited
>// because $t is being overwritten with each iteration.
>foreach ($name as $t) {
> 
>echo "$t";
> 
>} // end foreach ($name)
> 
>$order = $_POST['order'];
>
>if ($order) {
>
>// see above about arrays and foreach
>foreach ($order as $i) {
> 
>   //Update the table in MySQL
> 
>   $i = mysql_real_escape_string($i, $cnx); // One of
> Eric's suggestions
> 
>   $update_data = "UPDATE sections SET `order` = '$i' WHERE
> name = '$t'";
> 
>   $response = mysql_query( $update_data, $cnx );
> 
>   if(mysql_error()) die ('database error'.
> mysql_error());
> 
>   echo "$i";
> 
>} //end foreach ($order)
> 
>}
> 
> }
> 
> Assuming both $_POST['name'] and $_POST['order'] are arrays, the way your code
> is now structured, the table `sections` will have the record(s) where name
> equals the last value in the $names array updated multiple times, once for
> each value in the $order array, but all you will see is that the record(s)
> will have the last value in the $order array.
> 
> See if this makes any sense and then ask more questions.
> 
> David
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Bad company This Weekend!

[Maximus Entertainment]

Bad Company – This Saturday Night in Milwaukee, WI

Bad Company, with Brian Howe, is performing at the Richfield Chalet in 
Hubertus, WI this Saturday Night – January 19, 2008. Along with Bad Company's 
highly acclaimed 1993 live CD "What You Hear Is What You Get - The Best of Bad 
Company - Live" Brian wrote and sold 19 million additional albums highlighted 
by such radio and video hits as "Holy Water," "If You Needed Somebody," "No 
Smoke Without A Fire," and "How About That," - not to mention a few of the 
group's previous hits as recorded on the "live" CD. Brian does an ALL-HITS show 
that is selling venues out across America. Don’t miss this opportunity to see 
him. Please go to the Richfield Chalet’s website 
(www.richfieldchalet.com/events.php) for more information, or contact the venue 
at 262-628-4080. Tickets are $20. Print this email out and receive a $2.00 
discount at the door. We hope to see you at the show.

Re: [PHP] Re: Question About Blocking Email Addresses in Forms

[Stut]

On 18 Jan 2008, at 16:01, Eric Butera wrote:

On Jan 18, 2008 10:55 AM, Javier Huerta <[EMAIL PROTECTED]>  
wrote:
Thanks for all of your suggestions which all point to using  
Catpcha.  I have
actually already implemented Capchta and they are still getting  
around it.
Even if they are entering it manually rather than via a bot, is  
there a way
to check if the email address is of a specific format and if so  
then don't

process the form?


What does your form actually do? Does it email you, email them, stick  
something in a DB? What?


Regardless, if they're entering a nonsense email address and are  
managing to get your script to email other people then you're not  
validating the inputs correctly. For example, are you checking that  
the email address does not contain carriage returns or line feeds?  
Same with the subject if your form includes that.


Anything that comes from the form and ends up in the email headers  
needs to be checked in this way.


The answer to your question is "only if you can define the format  
precisely enough".


-Stut

--
http://stut.net/


""Javier Huerta"" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]

I am wondering if there is a way to block out email addresses in  
specific
format from a form?  We ahve a form that people have to enter an  
email
address, and the form has been getting used by bots to send spam  
to a

listserv.  The email address they enter is in this type of format
[EMAIL PROTECTED], and of course it is always just a bit  
different every

time.  Any help is greatly appreciated.


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




If a human is involved you can't really do anything about it other
than slow them down.  If they're doing this a lot you can implement
some backend server tracking.  It is really hit and miss, but you can
try tracking by IP, but proxies make this fail.  You can also make
sure that you require sessions.  That might help a bit but a user can
always clear their cookies.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Question About Blocking Email Addresses in Forms

[Javier Huerta]

The bad thing about using only registered users is that we have this form 
set in our Smart classrooms to give us feedback about any issues they 
encountered while using the AV equipment.  We have to keep the form open to 
non-university users.  When I implemented the Captcha code, I thought that 
it would take care fo this problem.  Basically it looks as though someone is 
entering the data manually.



"Stephen" <[EMAIL PROTECTED]> wrote in message 
news:[EMAIL PROTECTED]
> Javier Huerta wrote:
>> I am wondering if there is a way to block out email addresses in specific 
>> format from a form?  We ahve a form that people have to enter an email 
>> address, and the form has been getting used by bots to send spam to a 
>> listserv.  The email address they enter is in this type of format 
>> [EMAIL PROTECTED], and of course it is always just a bit different 
>> every time.  Any help is greatly appreciated.
>
> Have a registration process and only allow registered users to send email 
> to the list.
>
> Stephen 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Question About Blocking Email Addresses in Forms

[Wolf]

 Eric Butera <[EMAIL PROTECTED]> wrote: 
> On Jan 18, 2008 9:50 AM, Javier Huerta <[EMAIL PROTECTED]> wrote:
> > I am wondering if there is a way to block out email addresses in specific
> > format from a form?  We ahve a form that people have to enter an email
> > address, and the form has been getting used by bots to send spam to a
> > listserv.  The email address they enter is in this type of format
> > [EMAIL PROTECTED], and of course it is always just a bit different every
> > time.  Any help is greatly appreciated.
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >
> 
> Hi Javier!
> 
> At my work we had tons of issues with spam bots randomly hitting our
> contact forms.  They would inject all sorts of random garbage along
> with the standard email header injection attempts to try and send mass
> mails through the forms.
> 
> We've worked on a standardized form processing script that has some
> basic ideas implemented that has cut down on 99% of the spam in our
> forms yet also does _not_ use any horrible CAPTCHA crap.  If you use
> one of those you're basically saying you hate your users and want to
> make them miserable.
> 
> Here are a few of the ideas we use:
> 
> - Require a user enter an email address and then validate this address
> using PEAR::Validate::email() with the true parameter to resolve host
> names.  That would always require at least a valid domain name.
> 
> - Filter all the fields against a set of invalid keywords.  Also make
> this set of keywords extendable on a per site basis because some sites
> get hit with different keywords.  Here is a set you can start with
> array('to:','from:','cc:','bcc:','href=','url=')
> 
> - Trick the bots.  I noticed lots of forms spam scripts will use some
> sort of regex to find all form fields and then inject them with any
> value that they want.  Just because your form uses a select dropdown
> or hidden field doesn't mean that is what you're going to get back.
> Most of these things in my experience are automated so they just do a
> mass search for name="".  I use this to my advantage by doing two
> things.  First I have a commented out field that if it is submitted I
> fail the post.  Then I also have a hidden field that has a constant
> value that must remain the same.  If this value is changed (only a
> spammer would do it since it's hidden) fail the post.
> 
> - Add a configurable option to ignore posts that contain the domain
> name in them.  Lots of these bots will send out a test that uses
> random@ as a test.  I usually enable
> this feature after the client has tested their form and are happy with
> it.
> 
> Make sure that if any of these conditions fail you show the form back
> to the user with a helpful error message.  This way if a real user
> accidently triggers any of the security measures you can let them know
> how to fix it, such as removing href= from input fields.
> 
> Good luck!
> 
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php


Those are pretty sweet suggestions there Eric, I hadn't thought about the 
constant field or the commented on to check on.  :)

Thanks for sharing!!

Wolf

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] A stupid question?

[Eric Butera]

On Jan 18, 2008 10:49 AM, Jochem Maas <[EMAIL PROTECTED]> wrote:
>
> Eric Butera schreef:
> > On Jan 18, 2008 9:31 AM, Jochem Maas <[EMAIL PROTECTED]> wrote:
> >> Eric Butera schreef:
> >>> On Jan 17, 2008 9:54 PM, Shelley Shyan <[EMAIL PROTECTED]> wrote:
>  Hi all,
> 
>  Maybe this is a somehow stupid question.
> 
>  I want to know how php could know whether session_start() has been 
>  called, that is, whether session has been started.
> 
>  I Googled, but got little help.
> 
>  Thank you for help!
>  Any tip is greatly appreciated.
> 
>  Regards,
>  Shelley
> 
> 
> >>>
> >>> One other thing is you won't be able to start a session if headers
> >>> have been sent.  It is a good idea to use output buffering to help aid
> >>> with this.
> >> no it's not a good idea to use output bufferin to 'help aid' this. instead
> >> write code that is logically structured so that the initialization of your 
> >> pages/app/scripts
> >> occurs BEFORE any output is generated.
> >>
> >> to avoid spurious output of whitespace avoid including the trailing '?>' is
> >> included php[-only] files. (and ignore whatever Tedd says on the subject 
> >> ;-)
> >>
> >>> If headers have been sent you'll get a nasty warning.
> >> if (headers_sent()) {
> >> echo "oops!";
> >> }
> >>
> >> use code to avoid warnings.
> >>
> >>
> >>> It can be a php.ini setting or you can simply call ob_start() on the
> >>> first line of your script.
> >>>
> >>
> >
> > I agree with you that it is ideal to do what you're saying but it
> > isn't always 100% practical.  Sometimes the stuff we work on is handed
> > down and in our purist world we'd like to change it, but can't.  So I
> > think that you should recommend best practices for future creations,
> > but blindly shooting down all alternatives isn't right.  My solution
> > would get the job done rather than the OP refactoring the pages and
> > not getting paid for it.  It would work and over time things could be
> > tidied up on future revisions over time.
>
> still, it's not a good idea because that implies a concept that you are
> wanting to apply. you don't want to use output buffering if you can help it.
>
> output buffering to overcome output being created before headers are 
> [conditionally]
> sent in badly written code is a viable hack given certain budgetary and/or 
> time
> constraints.
>
> what I'm saying is it's a viable solution to a immediate problem for
> which you don't have the time/money to fix properly - it's more than fine
> to enlighted the OP as such, I just don't think calling it a good idea
> is the right thing to do - it gives the impression that your giving
> it the seal-of-good-coding-practice-approval, and the OP might just take
> your word for it.
>
> > Also, if you do what you've said and created your logic 100%
> > perfectly, there should never be any use for headers_sent(), right?
> > Headers shouldn't have been sent until you've specifically sent them.
>
> true, and they are not - but if you want to be sure to avoid cruft in the
> output and/or shit in the logs you program defensively for those occasions
> where somebody [else?] makes a mistake of some kind.
>

Fair enough, you win!  :)

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Question About Blocking Email Addresses in Forms

[Eric Butera]

On Jan 18, 2008 10:55 AM, Javier Huerta <[EMAIL PROTECTED]> wrote:
> Thanks for all of your suggestions which all point to using Catpcha.  I have
> actually already implemented Capchta and they are still getting around it.
> Even if they are entering it manually rather than via a bot, is there a way
> to check if the email address is of a specific format and if so then don't
> process the form?
>
>
>
> ""Javier Huerta"" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]
>
> >I am wondering if there is a way to block out email addresses in specific
> >format from a form?  We ahve a form that people have to enter an email
> >address, and the form has been getting used by bots to send spam to a
> >listserv.  The email address they enter is in this type of format
> >[EMAIL PROTECTED], and of course it is always just a bit different every
> >time.  Any help is greatly appreciated.
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

If a human is involved you can't really do anything about it other
than slow them down.  If they're doing this a lot you can implement
some backend server tracking.  It is really hit and miss, but you can
try tracking by IP, but proxies make this fail.  You can also make
sure that you require sessions.  That might help a bit but a user can
always clear their cookies.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: Question About Blocking Email Addresses in Forms

[Javier Huerta]

Thanks for all of your suggestions which all point to using Catpcha.  I have 
actually already implemented Capchta and they are still getting around it. 
Even if they are entering it manually rather than via a bot, is there a way 
to check if the email address is of a specific format and if so then don't 
process the form?



""Javier Huerta"" <[EMAIL PROTECTED]> wrote in message 
news:[EMAIL PROTECTED]
>I am wondering if there is a way to block out email addresses in specific 
>format from a form?  We ahve a form that people have to enter an email 
>address, and the form has been getting used by bots to send spam to a 
>listserv.  The email address they enter is in this type of format 
>[EMAIL PROTECTED], and of course it is always just a bit different every 
>time.  Any help is greatly appreciated. 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Question About Blocking Email Addresses in Forms

[Eric Butera]

On Jan 18, 2008 9:50 AM, Javier Huerta <[EMAIL PROTECTED]> wrote:
> I am wondering if there is a way to block out email addresses in specific
> format from a form?  We ahve a form that people have to enter an email
> address, and the form has been getting used by bots to send spam to a
> listserv.  The email address they enter is in this type of format
> [EMAIL PROTECTED], and of course it is always just a bit different every
> time.  Any help is greatly appreciated.
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Hi Javier!

At my work we had tons of issues with spam bots randomly hitting our
contact forms.  They would inject all sorts of random garbage along
with the standard email header injection attempts to try and send mass
mails through the forms.

We've worked on a standardized form processing script that has some
basic ideas implemented that has cut down on 99% of the spam in our
forms yet also does _not_ use any horrible CAPTCHA crap.  If you use
one of those you're basically saying you hate your users and want to
make them miserable.

Here are a few of the ideas we use:

- Require a user enter an email address and then validate this address
using PEAR::Validate::email() with the true parameter to resolve host
names.  That would always require at least a valid domain name.

- Filter all the fields against a set of invalid keywords.  Also make
this set of keywords extendable on a per site basis because some sites
get hit with different keywords.  Here is a set you can start with
array('to:','from:','cc:','bcc:','href=','url=')

- Trick the bots.  I noticed lots of forms spam scripts will use some
sort of regex to find all form fields and then inject them with any
value that they want.  Just because your form uses a select dropdown
or hidden field doesn't mean that is what you're going to get back.
Most of these things in my experience are automated so they just do a
mass search for name="".  I use this to my advantage by doing two
things.  First I have a commented out field that if it is submitted I
fail the post.  Then I also have a hidden field that has a constant
value that must remain the same.  If this value is changed (only a
spammer would do it since it's hidden) fail the post.

- Add a configurable option to ignore posts that contain the domain
name in them.  Lots of these bots will send out a test that uses
random@ as a test.  I usually enable
this feature after the client has tested their form and are happy with
it.

Make sure that if any of these conditions fail you show the form back
to the user with a helpful error message.  This way if a real user
accidently triggers any of the security measures you can let them know
how to fix it, such as removing href= from input fields.

Good luck!

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Problem with ocasional blank value

[Jochem Maas]

Joey schreef:

Hi All,

 


I have a problem that the below code which is supposed to display a random
image and on occasion it shows NO image.

I'm not sure what is happening.  This is running on linux just in case that
makes any difference.

 


<%

$image_folder = "new_random/";

$dir = $_SERVER['DOCUMENT_ROOT'] . "/" . $image_folder;

$image_array = array();

 


# The user doesn"t need to see any errors

$dir_handle = @opendir($dir);

 


while (false !== ($file = readdir($dir_handle)))

  if (!is_dir($file))

$image_array[] = $file;

#

closedir ($dir_handle);

 


#

# The following appears to make things more random

srand((double)microtime()*100);

$r = rand(0,sizeof($image_array)-1);

 


#

echo "";

%>



apart from what Eric said - which was all correct (and definitely use glob for 
this - and
possibly even cache the results in a file, which you periodically refresh, so 
that you only have
to read a single file rather than list a complete directory) - have you actually
looked at the src attribute of the IMG tag when you get no image. no doubt
you'll see very clearly why it is not showing an image (my guess it will
be referencing a file that is not an image as Eric suggested)

 


Thanks!

 



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] A stupid question?

[Eric Butera]

On Jan 18, 2008 9:31 AM, Jochem Maas <[EMAIL PROTECTED]> wrote:
> Eric Butera schreef:
> > On Jan 17, 2008 9:54 PM, Shelley Shyan <[EMAIL PROTECTED]> wrote:
> >> Hi all,
> >>
> >> Maybe this is a somehow stupid question.
> >>
> >> I want to know how php could know whether session_start() has been called, 
> >> that is, whether session has been started.
> >>
> >> I Googled, but got little help.
> >>
> >> Thank you for help!
> >> Any tip is greatly appreciated.
> >>
> >> Regards,
> >> Shelley
> >>
> >>
> >
> >
> > One other thing is you won't be able to start a session if headers
> > have been sent.  It is a good idea to use output buffering to help aid
> > with this.
>
> no it's not a good idea to use output bufferin to 'help aid' this. instead
> write code that is logically structured so that the initialization of your 
> pages/app/scripts
> occurs BEFORE any output is generated.
>
> to avoid spurious output of whitespace avoid including the trailing '?>' is
> included php[-only] files. (and ignore whatever Tedd says on the subject ;-)
>
> > If headers have been sent you'll get a nasty warning.
>
> if (headers_sent()) {
> echo "oops!";
> }
>
> use code to avoid warnings.
>
>
> >
> > It can be a php.ini setting or you can simply call ob_start() on the
> > first line of your script.
> >
>
>

I agree with you that it is ideal to do what you're saying but it
isn't always 100% practical.  Sometimes the stuff we work on is handed
down and in our purist world we'd like to change it, but can't.  So I
think that you should recommend best practices for future creations,
but blindly shooting down all alternatives isn't right.  My solution
would get the job done rather than the OP refactoring the pages and
not getting paid for it.  It would work and over time things could be
tidied up on future revisions over time.

Also, if you do what you've said and created your logic 100%
perfectly, there should never be any use for headers_sent(), right?
Headers shouldn't have been sent until you've specifically sent them.
Just a friendly jab! :D

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] A stupid question?

[Jochem Maas]

Eric Butera schreef:

On Jan 18, 2008 9:31 AM, Jochem Maas <[EMAIL PROTECTED]> wrote:

Eric Butera schreef:

On Jan 17, 2008 9:54 PM, Shelley Shyan <[EMAIL PROTECTED]> wrote:

Hi all,

Maybe this is a somehow stupid question.

I want to know how php could know whether session_start() has been called, that 
is, whether session has been started.

I Googled, but got little help.

Thank you for help!
Any tip is greatly appreciated.

Regards,
Shelley




One other thing is you won't be able to start a session if headers
have been sent.  It is a good idea to use output buffering to help aid
with this.

no it's not a good idea to use output bufferin to 'help aid' this. instead
write code that is logically structured so that the initialization of your 
pages/app/scripts
occurs BEFORE any output is generated.

to avoid spurious output of whitespace avoid including the trailing '?>' is
included php[-only] files. (and ignore whatever Tedd says on the subject ;-)


If headers have been sent you'll get a nasty warning.

if (headers_sent()) {
echo "oops!";
}

use code to avoid warnings.



It can be a php.ini setting or you can simply call ob_start() on the
first line of your script.





I agree with you that it is ideal to do what you're saying but it
isn't always 100% practical.  Sometimes the stuff we work on is handed
down and in our purist world we'd like to change it, but can't.  So I
think that you should recommend best practices for future creations,
but blindly shooting down all alternatives isn't right.  My solution
would get the job done rather than the OP refactoring the pages and
not getting paid for it.  It would work and over time things could be
tidied up on future revisions over time.


still, it's not a good idea because that implies a concept that you are
wanting to apply. you don't want to use output buffering if you can help it.

output buffering to overcome output being created before headers are 
[conditionally]
sent in badly written code is a viable hack given certain budgetary and/or time
constraints.

what I'm saying is it's a viable solution to a immediate problem for
which you don't have the time/money to fix properly - it's more than fine
to enlighted the OP as such, I just don't think calling it a good idea
is the right thing to do - it gives the impression that your giving
it the seal-of-good-coding-practice-approval, and the OP might just take
your word for it.


Also, if you do what you've said and created your logic 100%
perfectly, there should never be any use for headers_sent(), right?
Headers shouldn't have been sent until you've specifically sent them.


true, and they are not - but if you want to be sure to avoid cruft in the
output and/or shit in the logs you program defensively for those occasions
where somebody [else?] makes a mistake of some kind.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Question About Blocking Email Addresses in Forms

[Silvio Porcellana]

Javier Huerta wrote:
I am wondering if there is a way to block out email addresses in specific 
format from a form?  We ahve a form that people have to enter an email 
address, and the form has been getting used by bots to send spam to a 
listserv.  The email address they enter is in this type of format 
[EMAIL PROTECTED], and of course it is always just a bit different every 
time.  Any help is greatly appreciated. 



http://en.wikipedia.org/wiki/Captcha

HTH, cheers!
Silvio

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Problem with ocasional blank value

[Eric Butera]

On Jan 18, 2008 10:12 AM, Joey <[EMAIL PROTECTED]> wrote:
> Hi All,
>
>
>
> I have a problem that the below code which is supposed to display a random
> image and on occasion it shows NO image.
>
> I'm not sure what is happening.  This is running on linux just in case that
> makes any difference.
>
>
>
> <%
>
> $image_folder = "new_random/";
>
> $dir = $_SERVER['DOCUMENT_ROOT'] . "/" . $image_folder;
>
> $image_array = array();
>
>
>
> # The user doesn"t need to see any errors
>
> $dir_handle = @opendir($dir);
>
>
>
> while (false !== ($file = readdir($dir_handle)))
>
>   if (!is_dir($file))
>
> $image_array[] = $file;
>
> #
>
> closedir ($dir_handle);
>
>
>
> #
>
> # The following appears to make things more random
>
> srand((double)microtime()*100);
>
> $r = rand(0,sizeof($image_array)-1);
>
>
>
> #
>
> echo " = \"400\" >";
>
> %>
>
>
>
>
>
>
>
> Thanks!
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Why are you using ASP style tags?  PHP doesn't compile on it so what
other advantage does that give you other than not being compatible
with most installs?

Get rid of your error hiding.  Suppressing errors means you don't see
them either therefore cannot fix them.  The better solution is to turn
display_errors off and leave logging on.

My guess is that it is trying to link to a directory, a . hidden file,
or something else that shouldn't be there.  If it were my script I
would probably use a glob() type solution so that I can pick the ext's
I want.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Question About Blocking Email Addresses in Forms

[Richard Heyes]

Or even a simple text CAPTCHA "What is 16 divided by 4?".


Careful though, I made a class which converted numbers to text 
(TextualNumbers IIRC) and it got broken.


--
Richard Heyes
http://www.websupportsolutions.co.uk

Knowledge Base and Helpdesk software that eases your support
burden and helps increase your sales.

** NOW OFFERING FREE ACCOUNTS TO CHARITIES AND NON-PROFITS **

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Question About Blocking Email Addresses in Forms

[Per Jessen]

Richard Heyes wrote:

>> I am wondering if there is a way to block out email addresses in
>> specific
>> format from a form?  We ahve a form that people have to enter an
>> email address, and the form has been getting used by bots to send
>> spam to a
>> listserv.  The email address they enter is in this type of format
>> [EMAIL PROTECTED], and of course it is always just a bit different
>> every
>> time.  Any help is greatly appreciated.
> 
> Could add a CAPTCHA image ("Type the letters in the image...") to your
> form. It eliminated comment junk when I added one to my website.

Or even a simple text CAPTCHA "What is 16 divided by 4?".


/Per Jessen, Zürich

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Question About Blocking Email Addresses in Forms

[Stephen]

Javier Huerta wrote:
I am wondering if there is a way to block out email addresses in specific 
format from a form?  We ahve a form that people have to enter an email 
address, and the form has been getting used by bots to send spam to a 
listserv.  The email address they enter is in this type of format 
[EMAIL PROTECTED], and of course it is always just a bit different every 
time.  Any help is greatly appreciated. 


Have a registration process and only allow registered users to send 
email to the list.


Stephen

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Question About Blocking Email Addresses in Forms

[Richard Heyes]

I am wondering if there is a way to block out email addresses in specific 
format from a form?  We ahve a form that people have to enter an email 
address, and the form has been getting used by bots to send spam to a 
listserv.  The email address they enter is in this type of format 
[EMAIL PROTECTED], and of course it is always just a bit different every 
time.  Any help is greatly appreciated. 


Could add a CAPTCHA image ("Type the letters in the image...") to your 
form. It eliminated comment junk when I added one to my website.


--
Richard Heyes
http://www.websupportsolutions.co.uk

Knowledge Base and Helpdesk software that eases your support
burden and helps increase your sales.

** NOW OFFERING FREE ACCOUNTS TO CHARITIES AND NON-PROFITS **

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Problem with ocasional blank value

[Joey]

Hi All,

 

I have a problem that the below code which is supposed to display a random
image and on occasion it shows NO image.

I'm not sure what is happening.  This is running on linux just in case that
makes any difference.

 

<%

$image_folder = "new_random/";

$dir = $_SERVER['DOCUMENT_ROOT'] . "/" . $image_folder;

$image_array = array();

 

# The user doesn"t need to see any errors

$dir_handle = @opendir($dir);

 

while (false !== ($file = readdir($dir_handle)))

  if (!is_dir($file))

$image_array[] = $file;

#

closedir ($dir_handle);

 

#

# The following appears to make things more random

srand((double)microtime()*100);

$r = rand(0,sizeof($image_array)-1);

 

#

echo "";

%>

 

 

 

Thanks!

 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Question About Blocking Email Addresses in Forms

[Javier Huerta]

I am wondering if there is a way to block out email addresses in specific 
format from a form?  We ahve a form that people have to enter an email 
address, and the form has been getting used by bots to send spam to a 
listserv.  The email address they enter is in this type of format 
[EMAIL PROTECTED], and of course it is always just a bit different every 
time.  Any help is greatly appreciated. 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: Match anything between two " that is not a " except if it is escaped...

[Al]

A good habit is to use the hex equivalent character for any character that has a 
special meaning in pregex expressions.  e.g.,

space = \x20
"/" = \x2f
"." = \x2e
double quotes = \x3d
etc.

Then you won't have this type of problem and you won't have to use stuff like 
this:

This is for double quotes:
'/"[^"]*(?:.[^"]*)*"/'

this is for single:
'/\'[^\']*(?:.[^\']*)*\'/'

It's almost impossible to debug this nonsense.

Also, use delimiters that do not occur in your pattern. I almost never use "/"; 
and instead like "%". I assume you know the delimiters can be almost any 
character.


mathieu leddet wrote:

Hi everyone,

I am struggling with regular expression trying to match strings
delimited by double quotes, but taking into consideration that \" is not
a string ending character.

---8<---
-

$in = 'this is a string : "Hi everyone my name is \"Mathieu\"!" Here is
a second string : "PHP is just perfect"';

// pattern for catching strings between "
$pattern = '#"([^"]*)"#';

// surround matching string with HTML span code to highlight
$replacement = '"${1}"';

// perform the reg exp replacement
$out = preg_replace($pattern, $replacement, $in);

---8<---
-

$out contains : 
this is a string : "Hi everyone my name is \"Mathieu\"!"

Here is a second string : "PHP is just perfect"

This behaviour is normal considering my pattern (anything between two "
that is not a ").
But I don't know how to get this :
this is a string : "Hi everyone my name is \"Mathieu\"!" Here is
a second string : "PHP is just perfect"

I would like my pattern to express : Anything between two " that is not
a " except if it is escaped.

Thanks for reading me, any help in return is welcome !


--
Mathieu


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] A stupid question?

[Jochem Maas]

Eric Butera schreef:

On Jan 17, 2008 9:54 PM, Shelley Shyan <[EMAIL PROTECTED]> wrote:

Hi all,

Maybe this is a somehow stupid question.

I want to know how php could know whether session_start() has been called, that 
is, whether session has been started.

I Googled, but got little help.

Thank you for help!
Any tip is greatly appreciated.

Regards,
Shelley





One other thing is you won't be able to start a session if headers
have been sent.  It is a good idea to use output buffering to help aid
with this. 


no it's not a good idea to use output bufferin to 'help aid' this. instead
write code that is logically structured so that the initialization of your 
pages/app/scripts
occurs BEFORE any output is generated.

to avoid spurious output of whitespace avoid including the trailing '?>' is
included php[-only] files. (and ignore whatever Tedd says on the subject ;-)


If headers have been sent you'll get a nasty warning.


if (headers_sent()) {
echo "oops!";
}

use code to avoid warnings.



It can be a php.ini setting or you can simply call ob_start() on the
first line of your script.



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] QNX build

[Jochem Maas]

Richard schreef:

Jochem Maas was thinking very hard :

Richard schreef:

Jochem Maas wrote :

Richard schreef:

Hi,

After installing PHP on a Windows machine I see a very small 
PHP-executable and several extension dll's that can be loaded.


When I build PHP on a QNX machine I get one huge executable of 8.6 
MB. Is it possible to build something similar to the Windows version?


yes, by specifying to ./configure that it should build shared 
extensions

or those extensions that allow it. so the relevant ./configure options
will look something like:

--enable-foo=shared,/path/to/libs

I tried that but it didn't work.


didn't work in what way?


It is still one binary of 8.6 MB and no shared libs.





what's your configure line look like right now?

PS - I'd never heard of QNX - just looked it up - interested to know 
what your

doing with it and php.
I have an embedded system with an sqlite database. I want a web 
interface that shows database info and maybe system info.


cool :-)



PPS - Is a single large binary any worse than a smaller binary that 
loads
in a bunch of extensions (assuming the same extensions in each 
case), won't

the memory footprint be near enough the same for each?
It seems that my system has a problem with loading large binaries. It 
would be nice if I could decide in the ini file which extensions will 
be loaded (I am not sure which extensions I need).
I use the shttpd web server. This one does not support fast cgi. 
Loading a large cgi interpreter each time slows down my system.


ok - seems like you will only be needing a small subset of the 
available extensions.
have you tried using --disable-all and then only enabling the 
extensions you really

need, It may get the binary size down to a usable level.



When I use the option --disable-all the binary is about 5 MB. Which is 
much too large.
An option could be not to use php but perl. This binary is 1 MB. But I 
think the best option is a web server with fast cgi.


lighthttpd?








Regards,

Richard







--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Match anything between two " that is not a " except if it is escaped...

[Paul Scott]

On Fri, 2008-01-18 at 12:28 +0200, Nikolay Ananiev wrote:
> This is for double quotes:
> '/"[^"]*(?:.[^"]*)*"/'
> 
> this is for single:
> '/\'[^\']*(?:.[^\']*)*\'/'
> 
> i took these from the smarty compiler class.

Has anyone started a commonly used PCRE Regexp library? It could be a
simple wiki page or something (we had one on our old site that was
getting quite large - but that is now gone - sigh)

Anyway, is anyone up for that? These things come up pretty often, and
having a library of common ones would save us all a lot of effort in
these types of threads. Something like:

Purpose: 
regex  : 
Author : 


Thoughts? We could use
http://fsiu.uwc.ac.za/index.php?module=wiki&action=view_page&name=RegularExpressionMethods
 for it.

--Paul

All Email originating from UWC is covered by disclaimer 
http://www.uwc.ac.za/portal/public/portal_services/disclaimer.htm 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] A stupid question?

[Eric Butera]

On Jan 17, 2008 9:54 PM, Shelley Shyan <[EMAIL PROTECTED]> wrote:
> Hi all,
>
> Maybe this is a somehow stupid question.
>
> I want to know how php could know whether session_start() has been called, 
> that is, whether session has been started.
>
> I Googled, but got little help.
>
> Thank you for help!
> Any tip is greatly appreciated.
>
> Regards,
> Shelley
>
>


One other thing is you won't be able to start a session if headers
have been sent.  It is a good idea to use output buffering to help aid
with this.  If headers have been sent you'll get a nasty warning.

It can be a php.ini setting or you can simply call ob_start() on the
first line of your script.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: Match anything between two " that is not a " except if it is escaped...

[Nikolay Ananiev]

This is for double quotes:
'/"[^"]*(?:.[^"]*)*"/'

this is for single:
'/\'[^\']*(?:.[^\']*)*\'/'

i took these from the smarty compiler class.


"mathieu leddet" <[EMAIL PROTECTED]> wrote in message 
news:[EMAIL PROTECTED]
Hi everyone,

I am struggling with regular expression trying to match strings
delimited by double quotes, but taking into consideration that \" is not
a string ending character.

---8<---
-

$in = 'this is a string : "Hi everyone my name is \"Mathieu\"!" Here is
a second string : "PHP is just perfect"';

// pattern for catching strings between "
$pattern = '#"([^"]*)"#';

// surround matching string with HTML span code to highlight
$replacement = '"${1}"';

// perform the reg exp replacement
$out = preg_replace($pattern, $replacement, $in);

---8<---
-

$out contains :
this is a string : "Hi everyone my name is \"Mathieu\"!"
Here is a second string : "PHP is just perfect"

This behaviour is normal considering my pattern (anything between two "
that is not a ").
But I don't know how to get this :
this is a string : "Hi everyone my name is \"Mathieu\"!" Here is
a second string : "PHP is just perfect"

I would like my pattern to express : Anything between two " that is not
a " except if it is escaped.

Thanks for reading me, any help in return is welcome !


--
Mathieu

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] QNX build

[Richard]

Jochem Maas was thinking very hard :

Richard schreef:

Jochem Maas wrote :

Richard schreef:

Hi,

After installing PHP on a Windows machine I see a very small 
PHP-executable and several extension dll's that can be loaded.


When I build PHP on a QNX machine I get one huge executable of 8.6 MB. Is 
it possible to build something similar to the Windows version?


yes, by specifying to ./configure that it should build shared extensions
or those extensions that allow it. so the relevant ./configure options
will look something like:

--enable-foo=shared,/path/to/libs

I tried that but it didn't work.


didn't work in what way?


It is still one binary of 8.6 MB and no shared libs.





what's your configure line look like right now?

PS - I'd never heard of QNX - just looked it up - interested to know what 
your

doing with it and php.
I have an embedded system with an sqlite database. I want a web interface 
that shows database info and maybe system info.


cool :-)



PPS - Is a single large binary any worse than a smaller binary that loads
in a bunch of extensions (assuming the same extensions in each case), 
won't

the memory footprint be near enough the same for each?
It seems that my system has a problem with loading large binaries. It would 
be nice if I could decide in the ini file which extensions will be loaded 
(I am not sure which extensions I need).
I use the shttpd web server. This one does not support fast cgi. Loading a 
large cgi interpreter each time slows down my system.


ok - seems like you will only be needing a small subset of the available 
extensions.
have you tried using --disable-all and then only enabling the extensions you 
really

need, It may get the binary size down to a usable level.



When I use the option --disable-all the binary is about 5 MB. Which is 
much too large.
An option could be not to use php but perl. This binary is 1 MB. But I 
think the best option is a web server with fast cgi.







Regards,

Richard





--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] snmp_set_valueretrieval depends on what?

[Per Jessen]

Richard Lynch wrote:

> fumble-fingers!
> 
> http://lxr.php.net/

Do you know if that site is up-to-date and if it includes php
extensions??  I searched for 'snmp_set_valueretrieval' and got nothing,
yet that function is clearly defined in the SNMP extension. In 4.3.9
and 5.2.3 (just two versions I happened to have available).


/Per Jessen, Zürich

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] QNX build

[Jochem Maas]

Richard schreef:

Jochem Maas wrote :

Richard schreef:

Hi,

After installing PHP on a Windows machine I see a very small 
PHP-executable and several extension dll's that can be loaded.


When I build PHP on a QNX machine I get one huge executable of 8.6 
MB. Is it possible to build something similar to the Windows version?


yes, by specifying to ./configure that it should build shared extensions
or those extensions that allow it. so the relevant ./configure options
will look something like:

--enable-foo=shared,/path/to/libs

I tried that but it didn't work.


didn't work in what way?



what's your configure line look like right now?

PS - I'd never heard of QNX - just looked it up - interested to know 
what your

doing with it and php.
I have an embedded system with an sqlite database. I want a web 
interface that shows database info and maybe system info.


cool :-)



PPS - Is a single large binary any worse than a smaller binary that loads
in a bunch of extensions (assuming the same extensions in each case), 
won't

the memory footprint be near enough the same for each?
It seems that my system has a problem with loading large binaries. It 
would be nice if I could decide in the ini file which extensions will be 
loaded (I am not sure which extensions I need).
I use the shttpd web server. This one does not support fast cgi. Loading 
a large cgi interpreter each time slows down my system.


ok - seems like you will only be needing a small subset of the available 
extensions.
have you tried using --disable-all and then only enabling the extensions you 
really
need, It may get the binary size down to a usable level.






Regards,

Richard





--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] QNX build

[Richard]

Jochem Maas wrote :

Richard schreef:

Hi,

After installing PHP on a Windows machine I see a very small 
PHP-executable and several extension dll's that can be loaded.


When I build PHP on a QNX machine I get one huge executable of 8.6 MB. Is 
it possible to build something similar to the Windows version?


yes, by specifying to ./configure that it should build shared extensions
or those extensions that allow it. so the relevant ./configure options
will look something like:

--enable-foo=shared,/path/to/libs

I tried that but it didn't work.


what's your configure line look like right now?

PS - I'd never heard of QNX - just looked it up - interested to know what 
your

doing with it and php.
I have an embedded system with an sqlite database. I want a web 
interface that shows database info and maybe system info.


PPS - Is a single large binary any worse than a smaller binary that loads
in a bunch of extensions (assuming the same extensions in each case), won't
the memory footprint be near enough the same for each?
It seems that my system has a problem with loading large binaries. It 
would be nice if I could decide in the ini file which extensions will 
be loaded (I am not sure which extensions I need).
I use the shttpd web server. This one does not support fast cgi. 
Loading a large cgi interpreter each time slows down my system.





Regards,

Richard



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] A stupid question?

[Jochem Maas]

Shelley Shyan schreef:

Hi all,

Maybe this is a somehow stupid question.

I want to know how php could know whether session_start() has been called, that 
is, whether session has been started.


you can do it by checking the return value of session_id() if it's empty you 
can be pretty
sure session_start() was not called. having said that I think your better off
writing code that can assume the session was started (e.g. by including a
file that init's the session [and whatever else is relevant) ... but that may
not be doable.

see here: http://php.net/session_id

I don't recommend the auto_session_start ini setting because there are probably
times when you explicitly don't need/want the session started.



I Googled, but got little help.

Thank you for help!
Any tip is greatly appreciated.

Regards,
Shelley



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Looks like a bug with Smarty

[GoWtHaM NaRiSiPaLli]

got the answer from you clive :) Thanks

On Jan 18, 2008 1:02 PM, clive <[EMAIL PROTECTED]> wrote:

> if  ($question == 'php')
>domail('phplist',$question);
>
> if  ($question == 'smarty')
>domail('smartylist',$question);
>
>
> > Hi All,
> >
> > I using html_options smarty tag to output an associative array in select
> > drop down.
> > Here a sample associative array:
> >
> > array(5) {
> >   ["CN-PEK-KEJ"]=>
> >   array(1) {
> > [198]=>
> > string(7) "TechTst"
> >   }
> >   ["IE-DUB-GAS"]=>
> >   array(2) {
> > [177]=>
> > string(10) "store room"
> > [39]=>
> > string(10) "TechStop 2"
> >   }
> >   ["UK-LON-BEL"]=>
> >   array(1) {
> > [88]=>
> > string(16) "TechStop-LON-BEL"
> >   }
> >   ["IE-DUB-GOR"]=>
> >   array(1) {
> > [159]=>
> > string(10) "TechStop 1"
> >   }
> >   ["US-NYC-9TH"]=>
> >   array(1) {
> > [194]=>
> > string(12) "TestTechStop"
> >   }
> > }
> >
> >
> > and the syntax I have used to output this was:
> > {html_options name='locationId' options=$locations
> > selected=$selectedLocation}
> > where in I assign $selectedLocation with one of the options after
> selecting
> > them.
> >
> > Even after everything being right, the option thats been selected is not
> set
> > but it again goes back to show the first option after submit.
> >
> > Looks like either smarty misinterprets this selected option or is there
> > something wrong from my end.
> >
> > Cheers
> >
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>


-- 
Mark is on the way to make a Mark in your hearts

-
Fight back spam! Download the Blue Frog.
http://www.bluesecurity.com/register/s?user=Z290aHNfMzE4OTg2NA%3D%3D

Re: [PHP] New years resolution: To get serious with my programming! Anyone wanna help? :)

[Zoltán Németh]

2008. 01. 17, csütörtök keltezéssel 15.01-kor Richard Lynch ezt írta:
> On Thu, January 17, 2008 2:06 am, Jochem Maas wrote:
> > Richard Lynch schreef:
> >> On Wed, January 16, 2008 9:57 am, Daniel Brown wrote:
> >>> echo($h."\n".$i."\n"); // echo is a construct, but as expected, can
> >>> use parentheses()
> >>
> >> Just to be picuyane:
> >>
> >> echo isn't using the parens.
> >>
> >> The parens are forcing PHP to evaluate the concatenation of the
> >> strings FIRST, and then echo them.
> >>
> >> And since the concatenation operator takes precedence over the
> >> language construct, the parens are basically useless cruft.
> >
> > not to mention that it should be written as (spaces are optional ;-)):
> >
> > echo $h, "\n", $i, "\n";
> >
> > which avoids any concat operation and dumps the result of each
> > expression
> > direct to the buffer :-)
> 
> I wanted to avoid the whole concat versus multi-arg performance
> thread, since it usually takes about a week before somebody posts the
> definitive answer, showing the actual PHP opcodes generated...

no, this time it won't take a week, as I have the answer at hand ;)
http://blog.libssh2.org/index.php?/archives/28-How-long-is-a-piece-of-string.html

> 
> And I don't recall the answer, and don't give a [bleep] since it's
> almost never the bottleneck in an application in the first place...

you're absolutely right in that, personally I don't care about it either
when coding. however the above article is an interesting read :)

greets
Zoltán Németh

> 
> -- 
> Some people have a "gift" link here.
> Know what I want?
> I want you to buy a CD from some indie artist.
> http://cdbaby.com/from/lynch
> Yeah, I get a buck. So?
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Encryption failing

[Zoltán Németh]

2008. 01. 17, csütörtök keltezéssel 12.14-kor Ken Kixmoeller -- reply to
[EMAIL PROTECTED] ezt írta:
> (forgot to copy the list)
> 
> On Jan 16, 2008, at 5:08 PM, Richard Lynch wrote:
> 
> 
> > Is it possible that 4% of the time, you have spaces on the start/end
> > of the string, which get trimmed before encryption?
> >
> 
> In this case, no. In trying to simplify the situation to narrow the  
> possibilities of error, I am generating "random" character strings of  
> only alphanumeric (or numeric-only) characters. Each is exactly 16  
> characters.
> 
> 
> 
> > And if rijndael is one of the algorithms which requires a fixed-size
> > input, that also would be "bad" to trim it.
> >
> 
> No documentation that I was able to find suggests that requirement.
> 
> 
> 
> 
> > Actually, I'd suggest that the encryption function has no business
> > trimming the text anyway.
> >
> 
> Philosophically I agree with you, but mCrypt has this nasty habit of  
> appending bunches of nulls to the decrypted string. So philosophical  
> purity gives way to practical application.


yeah, I just ran into the same thing yesterday evening with mcrypt and
rijndael_256.
encrypting went fine, decrypted string had a lot of nulls at the end. so
I too had to use trim() on it.

greets
Zoltán Németh

> 
> Good ideas, as usual. Thank you.
> 
> Ken
> 
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php