Re: [PHP] recipes anyone?

[Clancy]

On Sat, 30 May 2009 14:31:26 -0400, af.gour...@videotron.ca (PJ) wrote:


>> So, if corn is bad, eating it will get rid of it faster right? :p

>No it will turn you into a corn cob! ;-)

Which is why Christopher Columbus found the Americas uninhabited! ;-)


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] How To Limit FIle Uploader Against Hijackers?

[Michael A. Peters]

Nitsan Bin-Nun wrote:

What do you mean by session variables?
I should register a new session and pass it along with the file to the 
PHP wrapper?


Yes - in the page that links to your downloads you can do something like

$_SESSION['download']=TRUE;

then in the wrapper -

if (isset($_SESSION['download'])) {
   $allowed=$_SESSION['download']
   } else {
   $allowed=FALSE;
   }

the check the $allowed variable.

Only way the file will be sent is if they have been to your site that 
creates a session for them and sets the $_SESSION['download'] variable 
to TRUE.


You can check whatever you want from the session variables.

For some of my files, I check the userid in the session variable and 
make sure the user is allowed to download it. If they aren't, they get a 
401 forbidden header and page.


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Re: Numerical Recipe - Scheduling Question - update...

[bruce]

Hi again...

for those who care, feel free to reply with comments... for those who
don't.. please ignore!!

this is a list of psuedo code/steps/overview of what i'm considering for a
kind of scheduling process. the goal is for the user to enter a starttime,
as well as specify a periodic function. the resulting output would be the
next 'event' time...

i've tried to walk through the different scenarios to accommodate the
different occurances that i can think of...

like i said.. feel free to leave comments..

thanks


job scheduler - functions

user enters:

starttime (now, future)
future - day:month:year: hour:min
day -dayList,   monthList,  yearList
time-hourList,  minList

validate date/time

interval:
type:
minutes, hour, day, week, month, last-of-the-month
number
1, 2, 

===

when using time, round to 0 secs
if user enters only minute:
use current hour
use current year
use current month
use current date

if user enters only hour:
use current min
use current year
use current month
use current date

if user enters only min:
use current hour
use current year
use current month
use current date

if user enters only year:
use current min
use current hour
use current month
use current date

if user enters only month:
use current min
use current hour
use current year
use current date

if user enters only date:
use current min
use current hour
use current year
use current month

if user enters now() (or leaves it blank):
   app sets min to current min
   app sets hour to current hour
   app sets year to current year
   app sets month to current month
   app sets date to current date

---++
interval:
 user selects minutes,
 user selects 'X' as the numeric interval
(if 'X' is blank, app defaults 'X' to 5)
  app gets the year:month:date hour:min
  app converts the date/time to secs
  app creates 'interval' ="+".str(X)." minute"
  (app computes the next time/secs adding X * 60 for the next 'X' minute)
this computes every 'X' minutes using
strtotime(interval, secs)
-gives every minute at the current 'min', or every 20th minute at the
20min mark, etc..
--note:: should the app roll over minuites.. or should it restart at the
hour
-- or should it perform both, and let the user decide...


 user selects hourly,
 user selects 'X' as the numeric interval
(if 'X' is blank, app defaults 'X' to 1)
  app gets the year:month:date hour:min
  app converts the date/time to secs
  app creates 'interval' ="+".str(X)." hour"
  (app computes the next time/secs adding X * 3600 for the next 'X' hour)
this computes every 'X' hour, on the 'min' using
strtotime(interval, secs)
-gives every hour at the current 'min', or every 2nd Hour at the
10min mark, etc..


 user selects daily,
 user selects 'X' as the numeric interval
(if 'X' is blank, app defaults 'X' to 1)
  app gets the year:month:date hour:min
  app converts the date/time to secs
  app creates 'interval' ="+".str(X)." day"
  (app computes the next time/secs adding X * 60*60*24 for the next 'X' day)
this computes every 'X' day, on the 'hour:min' using
strtotime(interval, secs)
-gives every day at the current 'hour:min', or every 2nd Day at the
2:10pm mark, etc..


 user selects weekly,
 user selects 'X' as the numeric interval
(if 'X' is blank, app defaults 'X' to 1)
  app gets the year:month:date hour:min
  app converts the date/time to secs
  app creates 'interval' ="+".str(X)." week"
  (app computes the next time/secs adding X * 60*60*24 for the next 'X' day)
this computes every 'X' week, on the 'day:hour:min' using
strtotime(interval, secs)
-gives every Mon at the current 'hour:min', or every 2nd Tues at 
10:00pm,
etc..


 user selects monthly,
 user selects 'X' as the numeric interval
(if 'X' is blank, app defaults 'X' to 1)
  app gets the year:month:date hour:min
  app converts the date/time to secs
  app creates 'interval' ="+".str(X)." month"
  (>> redo app computes the next time/secs adding X * 60*60*24 for the
next 'X' month)
this computes every 'X' month, on the 'date:hour:min' using
strtotime(interval, secs)
need to include logic to cut limit future month to the 'end date' of the
 month. don't want to roll over into the next month.. ie, if the date
is jan 29,
 and the next feb only has 28 days.. stop at jan 28...
need to incorporate leap year checks, etc...
-gives every Month at the current 'date:hour:min', based on th

Re: [PHP] How To Limit FIle Uploader Against Hijackers?

[Nitsan Bin-Nun]

What do you mean by session variables?
I should register a new session and pass it along with the file to the PHP
wrapper?

On Sat, May 30, 2009 at 10:02 PM, Michael A. Peters  wrote:

> Nitsan Bin-Nun wrote:
>
>>
>>
>> On Sat, May 30, 2009 at 7:02 PM, Ashley Sheridan <
>> a...@ashleysheridan.co.uk > wrote:
>>
>>On Sat, 2009-05-30 at 17:54 +0200, Nitsan Bin-Nun wrote:
>> > That's the verification that my layer does. I'm not sure whether
>>that's
>> > enough or not.
>> >
>> > On Sat, May 30, 2009 at 4:43 PM, Michael A. Peters
>>mailto:mpet...@mac.com>> wrote:
>> >
>> > > Nitsan Bin-Nun wrote:
>> > >
>> > >  On Sat, May 30, 2009 at 3:26 PM, Michael A. Peters
>>mailto:mpet...@mac.com>>
>> > >> mpet...@mac.com >> wrote:
>> > >>
>> > >>Nitsan Bin-Nun wrote:
>> > >>
>> > >>Hi
>> > >>
>> > >>I have wrote a file uploader in PHP, and I don't want
>>people to
>> > >>hijack it
>> > >>(get direct links, download whenever they want, etc).
>> > >>
>> > >>Currently I have placed the uploaded files one
>>directory up from
>> > >>the www
>> > >>root, and I'm hosting the files mime type in order to
>>serve them
>> > >>on the fly.
>> > >>
>> > >>I'm trying to think how should I secure this website, I
>>don't
>> > >>want people to
>> > >>get direct links,etc.
>> > >>
>> > >>Currently the links are being check with the
>>$_SERVER['refer']
>> > >>variables and
>> > >>it being compared to the one in my config file.
>> > >>
>> > >>Any ideas will be very appreciated! Thanks!
>> > >>
>> > >>
>> > >>By the way, does this file serving feature takes a lot
>>of load
>> > >>from the
>> > >>server? if so then what are the other options? can I
>>serve these
>> > >>files w/o
>> > >>PHP involved? lets say only by some sort of apache
>>module or
>> > >>anything like
>> > >>that?
>> > >>
>> > >>
>> > >>What I do -
>> > >>
>> > >>Files for restricted access are outside the web root.
>> > >>php wrapper script verifies the credentials of user to
>>download the
>> > >>file (IE via a post token, session ID, etc.) and if
>>allowed, it then
>> > >>sends the real file.
>> > >>
>> > >>I use mod_rewrite (apache) to send requests for the real
>>file to the
>> > >>php wrapper script so that the linked file has the same
>>name as the
>> > >>real file (lets me use the same wrapper for lots of
>>different files).
>> > >>
>> > >>As far as load on the server, no - I don't think it costs a
>>lot as
>> > >>far as system resources.
>> > >>
>> > >>
>> > >>
>> > >> Thank you for the fast answer.
>> > >>
>> > >> I'm doing the same regarding the php wrapper layer, but the
>>thing is that
>> > >> I just don't know what verification exams should I do in the
>>php wrapping
>> > >> layer.
>> > >> I'm not sure what is the way that it should be done.
>> > >>
>> > >
>> > > I check the referrer, assuming no other credential is required,
>>if it is
>> > > from an approved site or not sent (some people disable sending the
>> > > http_referrer in their browser), I allow it. Otherwise I don't.
>> > >
>>That should be fine for downloading files. There will be an issue if
>>they are media files and you want to play them from a browser plugin,
>> as
>>no plugin I've ever seen actually passes the referrer header.
>>
>>
>>Ash
>>www.ashleysheridan.co.uk 
>>
>>
>>
>> I'm sending downloading headers, there will be no options of playing it
>> from the browser's plugin.
>> Thank you both for your comments. I have decided that referrer check is
>> enough for now :)
>>
>> Nitsan
>>
>>
> If you really want to be sure, you can use session variables with a
> download wrapper.
>

Re: [PHP] How To Limit FIle Uploader Against Hijackers?

[Michael A. Peters]

Nitsan Bin-Nun wrote:



On Sat, May 30, 2009 at 7:02 PM, Ashley Sheridan 
mailto:a...@ashleysheridan.co.uk>> wrote:


On Sat, 2009-05-30 at 17:54 +0200, Nitsan Bin-Nun wrote:
 > That's the verification that my layer does. I'm not sure whether
that's
 > enough or not.
 >
 > On Sat, May 30, 2009 at 4:43 PM, Michael A. Peters
mailto:mpet...@mac.com>> wrote:
 >
 > > Nitsan Bin-Nun wrote:
 > >
 > >  On Sat, May 30, 2009 at 3:26 PM, Michael A. Peters
mailto:mpet...@mac.com> >> mpet...@mac.com >> wrote:
 > >>
 > >>Nitsan Bin-Nun wrote:
 > >>
 > >>Hi
 > >>
 > >>I have wrote a file uploader in PHP, and I don't want
people to
 > >>hijack it
 > >>(get direct links, download whenever they want, etc).
 > >>
 > >>Currently I have placed the uploaded files one
directory up from
 > >>the www
 > >>root, and I'm hosting the files mime type in order to
serve them
 > >>on the fly.
 > >>
 > >>I'm trying to think how should I secure this website, I
don't
 > >>want people to
 > >>get direct links,etc.
 > >>
 > >>Currently the links are being check with the
$_SERVER['refer']
 > >>variables and
 > >>it being compared to the one in my config file.
 > >>
 > >>Any ideas will be very appreciated! Thanks!
 > >>
 > >>
 > >>By the way, does this file serving feature takes a lot
of load
 > >>from the
 > >>server? if so then what are the other options? can I
serve these
 > >>files w/o
 > >>PHP involved? lets say only by some sort of apache
module or
 > >>anything like
 > >>that?
 > >>
 > >>
 > >>What I do -
 > >>
 > >>Files for restricted access are outside the web root.
 > >>php wrapper script verifies the credentials of user to
download the
 > >>file (IE via a post token, session ID, etc.) and if
allowed, it then
 > >>sends the real file.
 > >>
 > >>I use mod_rewrite (apache) to send requests for the real
file to the
 > >>php wrapper script so that the linked file has the same
name as the
 > >>real file (lets me use the same wrapper for lots of
different files).
 > >>
 > >>As far as load on the server, no - I don't think it costs a
lot as
 > >>far as system resources.
 > >>
 > >>
 > >>
 > >> Thank you for the fast answer.
 > >>
 > >> I'm doing the same regarding the php wrapper layer, but the
thing is that
 > >> I just don't know what verification exams should I do in the
php wrapping
 > >> layer.
 > >> I'm not sure what is the way that it should be done.
 > >>
 > >
 > > I check the referrer, assuming no other credential is required,
if it is
 > > from an approved site or not sent (some people disable sending the
 > > http_referrer in their browser), I allow it. Otherwise I don't.
 > >
That should be fine for downloading files. There will be an issue if
they are media files and you want to play them from a browser plugin, as
no plugin I've ever seen actually passes the referrer header.


Ash
www.ashleysheridan.co.uk 



I'm sending downloading headers, there will be no options of playing it 
from the browser's plugin.
Thank you both for your comments. I have decided that referrer check is 
enough for now :)


Nitsan



If you really want to be sure, you can use session variables with a 
download wrapper.


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] How To Limit FIle Uploader Against Hijackers?

[Nitsan Bin-Nun]

On Sat, May 30, 2009 at 7:02 PM, Ashley Sheridan
wrote:

> On Sat, 2009-05-30 at 17:54 +0200, Nitsan Bin-Nun wrote:
> > That's the verification that my layer does. I'm not sure whether that's
> > enough or not.
> >
> > On Sat, May 30, 2009 at 4:43 PM, Michael A. Peters 
> wrote:
> >
> > > Nitsan Bin-Nun wrote:
> > >
> > >  On Sat, May 30, 2009 at 3:26 PM, Michael A. Peters   > >> mpet...@mac.com>> wrote:
> > >>
> > >>Nitsan Bin-Nun wrote:
> > >>
> > >>Hi
> > >>
> > >>I have wrote a file uploader in PHP, and I don't want people to
> > >>hijack it
> > >>(get direct links, download whenever they want, etc).
> > >>
> > >>Currently I have placed the uploaded files one directory up
> from
> > >>the www
> > >>root, and I'm hosting the files mime type in order to serve
> them
> > >>on the fly.
> > >>
> > >>I'm trying to think how should I secure this website, I don't
> > >>want people to
> > >>get direct links,etc.
> > >>
> > >>Currently the links are being check with the $_SERVER['refer']
> > >>variables and
> > >>it being compared to the one in my config file.
> > >>
> > >>Any ideas will be very appreciated! Thanks!
> > >>
> > >>
> > >>By the way, does this file serving feature takes a lot of load
> > >>from the
> > >>server? if so then what are the other options? can I serve
> these
> > >>files w/o
> > >>PHP involved? lets say only by some sort of apache module or
> > >>anything like
> > >>that?
> > >>
> > >>
> > >>What I do -
> > >>
> > >>Files for restricted access are outside the web root.
> > >>php wrapper script verifies the credentials of user to download the
> > >>file (IE via a post token, session ID, etc.) and if allowed, it
> then
> > >>sends the real file.
> > >>
> > >>I use mod_rewrite (apache) to send requests for the real file to
> the
> > >>php wrapper script so that the linked file has the same name as the
> > >>real file (lets me use the same wrapper for lots of different
> files).
> > >>
> > >>As far as load on the server, no - I don't think it costs a lot as
> > >>far as system resources.
> > >>
> > >>
> > >>
> > >> Thank you for the fast answer.
> > >>
> > >> I'm doing the same regarding the php wrapper layer, but the thing is
> that
> > >> I just don't know what verification exams should I do in the php
> wrapping
> > >> layer.
> > >> I'm not sure what is the way that it should be done.
> > >>
> > >
> > > I check the referrer, assuming no other credential is required, if it
> is
> > > from an approved site or not sent (some people disable sending the
> > > http_referrer in their browser), I allow it. Otherwise I don't.
> > >
> That should be fine for downloading files. There will be an issue if
> they are media files and you want to play them from a browser plugin, as
> no plugin I've ever seen actually passes the referrer header.
>
>
> Ash
> www.ashleysheridan.co.uk
>
>

I'm sending downloading headers, there will be no options of playing it from
the browser's plugin.
Thank you both for your comments. I have decided that referrer check is
enough for now :)

Nitsan

[PHP] Autoloading with namespaces in 5.3.0

[Eddie Drapkin]

Hey, I'm looking to start playing with 5.3.0, and thus by extension,
namespaces.  One of the things that I definitely need support for is
autoloading, and the docs aren't exactly explicit in some (obvious to me)
cases.

I have an autoloading class that internally handles file-not-found errors
and the like and a set of methods that get registered via
spl_autoload_register.  I'm wondering if there's any way that the autoloader
- which won't exist inside a namespace - can handle classes with the same
name in several different namespaces.  Say, for example, I have three
directories foo/, bar/, and baz/ and each of those corresponds to a
same-named namespace, and each also has a class named ExampleClass.  If I
try to instantate a foo\ExampleClass, does the classname get set in the
autoloader method as "ExampleClass" or "foo\ExampleClass"?  If the former,
is there any way to determine the namespace name so I don't accidentally
autoload bar\ExampleClass or baz\ExampleClass?

[PHP] backslashes, string replacement, mysql_real_escape_strings and languages

[PJ]

Ok, let's get this straightened out, please.
I'm coming up with little annoyances like text with é & the like
being displayed and not displayed, having to enter it to get it
displayed, and sometimes seeing the code rather than the accented character.
And then there is preg_replace! When I have to use foreign characters
and I often do in several languages, preg removes the & and the spaces
that I don't want in a string but it also replaces the foreign language
accent formatting(e.g. î with icirc). Now that is annoying. I then
have to replace the space&space with space/space and omit the
preg_replace. That's a workaround... but that prevents filtering out
lost spaces. And how does all that relate to latin1 and utf8_general?
I'm setting up my databases with utf8_general... so, now what? Should I
be reverting to latin1(or is it 15) I don't recall... Is there a way to
fix this cross language problem?
Ooooh, boy. :'(

-- 
Hervé Kempf: "Pour sauver la planète, sortez du capitalisme."
-
Phil Jourdan --- p...@ptahhotep.com
   http://www.ptahhotep.com
   http://www.chiccantine.com/andypantry.php


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] recipes anyone?

[PJ]

Ashley Sheridan wrote:
> On Fri, 2009-05-29 at 19:24 -0400, PJ wrote:
>   
>> Michael A. Peters wrote:
>> 
>>> Bob McConnell wrote:
>>>   
 like a web based front end,
 exclusion of specific ingredients due to allergies and being able to
 attach dated notes about alterations or substitutions I try each time
 
>>> That sounds wicked.
>>> One of my brothers is allergic to corn.
>>> Being able to flag ingredients that contain corn (usually ingredients
>>> that contain corn syrup) would also be great.
>>>
>>> Fortunately nothing too drastic happens when he gets corn, he gets a
>>> rash and a bad attitude - but it still manages to slip its way into a
>>> lot of things you wouldn't think contain corn.
>>>
>>> I think it may be corn syrup itself and not corn that he is allergic
>>> to, I don't remember.
>>>
>>>   
>> Oh my god, you have just treaded into one horrible hornet's nest... corn
>> is probably the worst thing imaginable when it come to the food chain,
>> nutrition, ecology, global warmiing, allergies, "green" fuel, etc. etc.
>> not to mention that we as "human beings" are practically being turned
>> into corn ourselves.
>> Maybe your brother already knows about some of this, but it would be
>> worth it for you to pursue the subject and you would be horrifies what
>> corn is doing to our bodies and our planet. That is truly Montezuma's
>> Revenge. If you want to know where to look, I'll check it out from my
>> reading... I don't have that on me at the moment. ;-)
>>
>> -- 
>> Hervé Kempf: "Pour sauver la planète, sortez du capitalisme."
>> -
>> Phil Jourdan --- p...@ptahhotep.com
>>http://www.ptahhotep.com
>>http://www.chiccantine.com/andypantry.php
>>
>>
>> 
> So, if corn is bad, eating it will get rid of it faster right? :p
>
>
> Ash
> www.ashleysheridan.co.uk
>
>
>   
No it will turn you into a corn cob! ;-)
The authority on that is Michael Pollan... check out his books; you'll
never eat the same again.

-- 
Hervé Kempf: "Pour sauver la planète, sortez du capitalisme."
-
Phil Jourdan --- p...@ptahhotep.com
   http://www.ptahhotep.com
   http://www.chiccantine.com/andypantry.php


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] How To Limit FIle Uploader Against Hijackers?

[Ashley Sheridan]

On Sat, 2009-05-30 at 17:54 +0200, Nitsan Bin-Nun wrote:
> That's the verification that my layer does. I'm not sure whether that's
> enough or not.
> 
> On Sat, May 30, 2009 at 4:43 PM, Michael A. Peters  wrote:
> 
> > Nitsan Bin-Nun wrote:
> >
> >  On Sat, May 30, 2009 at 3:26 PM, Michael A. Peters  >> mpet...@mac.com>> wrote:
> >>
> >>Nitsan Bin-Nun wrote:
> >>
> >>Hi
> >>
> >>I have wrote a file uploader in PHP, and I don't want people to
> >>hijack it
> >>(get direct links, download whenever they want, etc).
> >>
> >>Currently I have placed the uploaded files one directory up from
> >>the www
> >>root, and I'm hosting the files mime type in order to serve them
> >>on the fly.
> >>
> >>I'm trying to think how should I secure this website, I don't
> >>want people to
> >>get direct links,etc.
> >>
> >>Currently the links are being check with the $_SERVER['refer']
> >>variables and
> >>it being compared to the one in my config file.
> >>
> >>Any ideas will be very appreciated! Thanks!
> >>
> >>
> >>By the way, does this file serving feature takes a lot of load
> >>from the
> >>server? if so then what are the other options? can I serve these
> >>files w/o
> >>PHP involved? lets say only by some sort of apache module or
> >>anything like
> >>that?
> >>
> >>
> >>What I do -
> >>
> >>Files for restricted access are outside the web root.
> >>php wrapper script verifies the credentials of user to download the
> >>file (IE via a post token, session ID, etc.) and if allowed, it then
> >>sends the real file.
> >>
> >>I use mod_rewrite (apache) to send requests for the real file to the
> >>php wrapper script so that the linked file has the same name as the
> >>real file (lets me use the same wrapper for lots of different files).
> >>
> >>As far as load on the server, no - I don't think it costs a lot as
> >>far as system resources.
> >>
> >>
> >>
> >> Thank you for the fast answer.
> >>
> >> I'm doing the same regarding the php wrapper layer, but the thing is that
> >> I just don't know what verification exams should I do in the php wrapping
> >> layer.
> >> I'm not sure what is the way that it should be done.
> >>
> >
> > I check the referrer, assuming no other credential is required, if it is
> > from an approved site or not sent (some people disable sending the
> > http_referrer in their browser), I allow it. Otherwise I don't.
> >
That should be fine for downloading files. There will be an issue if
they are media files and you want to play them from a browser plugin, as
no plugin I've ever seen actually passes the referrer header.


Ash
www.ashleysheridan.co.uk


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] How To Limit FIle Uploader Against Hijackers?

[Nitsan Bin-Nun]

That's the verification that my layer does. I'm not sure whether that's
enough or not.

On Sat, May 30, 2009 at 4:43 PM, Michael A. Peters  wrote:

> Nitsan Bin-Nun wrote:
>
>  On Sat, May 30, 2009 at 3:26 PM, Michael A. Peters > mpet...@mac.com>> wrote:
>>
>>Nitsan Bin-Nun wrote:
>>
>>Hi
>>
>>I have wrote a file uploader in PHP, and I don't want people to
>>hijack it
>>(get direct links, download whenever they want, etc).
>>
>>Currently I have placed the uploaded files one directory up from
>>the www
>>root, and I'm hosting the files mime type in order to serve them
>>on the fly.
>>
>>I'm trying to think how should I secure this website, I don't
>>want people to
>>get direct links,etc.
>>
>>Currently the links are being check with the $_SERVER['refer']
>>variables and
>>it being compared to the one in my config file.
>>
>>Any ideas will be very appreciated! Thanks!
>>
>>
>>By the way, does this file serving feature takes a lot of load
>>from the
>>server? if so then what are the other options? can I serve these
>>files w/o
>>PHP involved? lets say only by some sort of apache module or
>>anything like
>>that?
>>
>>
>>What I do -
>>
>>Files for restricted access are outside the web root.
>>php wrapper script verifies the credentials of user to download the
>>file (IE via a post token, session ID, etc.) and if allowed, it then
>>sends the real file.
>>
>>I use mod_rewrite (apache) to send requests for the real file to the
>>php wrapper script so that the linked file has the same name as the
>>real file (lets me use the same wrapper for lots of different files).
>>
>>As far as load on the server, no - I don't think it costs a lot as
>>far as system resources.
>>
>>
>>
>> Thank you for the fast answer.
>>
>> I'm doing the same regarding the php wrapper layer, but the thing is that
>> I just don't know what verification exams should I do in the php wrapping
>> layer.
>> I'm not sure what is the way that it should be done.
>>
>
> I check the referrer, assuming no other credential is required, if it is
> from an approved site or not sent (some people disable sending the
> http_referrer in their browser), I allow it. Otherwise I don't.
>

Re: [PHP] How To Limit FIle Uploader Against Hijackers?

[Michael A. Peters]

Nitsan Bin-Nun wrote:
On Sat, May 30, 2009 at 3:26 PM, Michael A. Peters > wrote:


Nitsan Bin-Nun wrote:

Hi

I have wrote a file uploader in PHP, and I don't want people to
hijack it
(get direct links, download whenever they want, etc).

Currently I have placed the uploaded files one directory up from
the www
root, and I'm hosting the files mime type in order to serve them
on the fly.

I'm trying to think how should I secure this website, I don't
want people to
get direct links,etc.

Currently the links are being check with the $_SERVER['refer']
variables and
it being compared to the one in my config file.

Any ideas will be very appreciated! Thanks!


By the way, does this file serving feature takes a lot of load
from the
server? if so then what are the other options? can I serve these
files w/o
PHP involved? lets say only by some sort of apache module or
anything like
that?


What I do -

Files for restricted access are outside the web root.
php wrapper script verifies the credentials of user to download the
file (IE via a post token, session ID, etc.) and if allowed, it then
sends the real file.

I use mod_rewrite (apache) to send requests for the real file to the
php wrapper script so that the linked file has the same name as the
real file (lets me use the same wrapper for lots of different files).

As far as load on the server, no - I don't think it costs a lot as
far as system resources.



Thank you for the fast answer.

I'm doing the same regarding the php wrapper layer, but the thing is 
that I just don't know what verification exams should I do in the php 
wrapping layer.

I'm not sure what is the way that it should be done.


I check the referrer, assuming no other credential is required, if it is 
from an approved site or not sent (some people disable sending the 
http_referrer in their browser), I allow it. Otherwise I don't.


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] How To Limit FIle Uploader Against Hijackers?

[Nitsan Bin-Nun]

On Sat, May 30, 2009 at 3:26 PM, Michael A. Peters  wrote:

> Nitsan Bin-Nun wrote:
>
>> Hi
>>
>> I have wrote a file uploader in PHP, and I don't want people to hijack it
>> (get direct links, download whenever they want, etc).
>>
>> Currently I have placed the uploaded files one directory up from the www
>> root, and I'm hosting the files mime type in order to serve them on the
>> fly.
>>
>> I'm trying to think how should I secure this website, I don't want people
>> to
>> get direct links,etc.
>>
>> Currently the links are being check with the $_SERVER['refer'] variables
>> and
>> it being compared to the one in my config file.
>>
>> Any ideas will be very appreciated! Thanks!
>>
>>
>> By the way, does this file serving feature takes a lot of load from the
>> server? if so then what are the other options? can I serve these files w/o
>> PHP involved? lets say only by some sort of apache module or anything like
>> that?
>>
>>
> What I do -
>
> Files for restricted access are outside the web root.
> php wrapper script verifies the credentials of user to download the file
> (IE via a post token, session ID, etc.) and if allowed, it then sends the
> real file.
>
> I use mod_rewrite (apache) to send requests for the real file to the php
> wrapper script so that the linked file has the same name as the real file
> (lets me use the same wrapper for lots of different files).
>
> As far as load on the server, no - I don't think it costs a lot as far as
> system resources.
>


Thank you for the fast answer.

I'm doing the same regarding the php wrapper layer, but the thing is that I
just don't know what verification exams should I do in the php wrapping
layer.
I'm not sure what is the way that it should be done.

Re: [PHP] How To Limit FIle Uploader Against Hijackers?

[Michael A. Peters]

Nitsan Bin-Nun wrote:

Hi

I have wrote a file uploader in PHP, and I don't want people to hijack it
(get direct links, download whenever they want, etc).

Currently I have placed the uploaded files one directory up from the www
root, and I'm hosting the files mime type in order to serve them on the fly.

I'm trying to think how should I secure this website, I don't want people to
get direct links,etc.

Currently the links are being check with the $_SERVER['refer'] variables and
it being compared to the one in my config file.

Any ideas will be very appreciated! Thanks!


By the way, does this file serving feature takes a lot of load from the
server? if so then what are the other options? can I serve these files w/o
PHP involved? lets say only by some sort of apache module or anything like
that?



What I do -

Files for restricted access are outside the web root.
php wrapper script verifies the credentials of user to download the file 
(IE via a post token, session ID, etc.) and if allowed, it then sends 
the real file.


I use mod_rewrite (apache) to send requests for the real file to the php 
wrapper script so that the linked file has the same name as the real 
file (lets me use the same wrapper for lots of different files).


As far as load on the server, no - I don't think it costs a lot as far 
as system resources.


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Pointer for csv files

[Nitsan Bin-Nun]

http://il.php.net/manual/en/function.file.php
http://il.php.net/manual/en/function.str-getcsv.php
http://il.php.net/fgetcsv

You can go through the lines and start buffering them when you get to 400,
and stop the buffer and continue; the loop when you reach line 1400.

On Sat, May 30, 2009 at 12:56 PM, shahrzad khorrami <
shahrzad.khorr...@gmail.com> wrote:

> hi,
>
> Is there any function in php to get data of a csv file from a line to
> another line that we say?
> for example get me data   from  line  400  to  line  1400  of a csv file.
> if
> no function, what you recommend to get data?
>
> Thanks in advance,
> Shahrzad
>

[PHP] Pointer for csv files

[shahrzad khorrami]

hi,

Is there any function in php to get data of a csv file from a line to
another line that we say?
for example get me data   from  line  400  to  line  1400  of a csv file. if
no function, what you recommend to get data?

Thanks in advance,
Shahrzad

[PHP] How To Limit FIle Uploader Against Hijackers?

[Nitsan Bin-Nun]

Hi

I have wrote a file uploader in PHP, and I don't want people to hijack it
(get direct links, download whenever they want, etc).

Currently I have placed the uploaded files one directory up from the www
root, and I'm hosting the files mime type in order to serve them on the fly.

I'm trying to think how should I secure this website, I don't want people to
get direct links,etc.

Currently the links are being check with the $_SERVER['refer'] variables and
it being compared to the one in my config file.

Any ideas will be very appreciated! Thanks!


By the way, does this file serving feature takes a lot of load from the
server? if so then what are the other options? can I serve these files w/o
PHP involved? lets say only by some sort of apache module or anything like
that?

Re: [PHP] Sending mail from localhost

[Ashley Sheridan]

On Sat, 2009-05-30 at 15:01 +0530, Sumit Sharma wrote:
> I have already un-commented the smtp settings as 
> 
> SMTP = localhost
> smtp_port = 25
> 
> do I need to change any other settings.
> 
> Sumit
> 
> 
> 
> On Sat, May 30, 2009 at 3:06 PM, Ashley Sheridan
>  wrote:
> On Sat, 2009-05-30 at 14:41 +0530, Sumit Sharma wrote:
> > Hi,
> >
> > I am new to php and not able to send mail from localhost.
> when trying to do
> > so getting following response:
> >
> >
> 
> > *Warning*: mail() [function.mail
> ]: Failed
> > to connect to mailserver at "localhost" port 25, verify your
> "SMTP" and
> > "smtp_port" setting in php.ini or use ini_set() in *C:\wamp
> \www\abc1.php* on
> > line *9
> >
> > *Please Help,
> >
> > Thanks,
> > Sumit
> 
> 
> You need to edit your smtp settings in the php.ini file to
> point to the
> mail server you are using. I believe on a Windows php.ini
> these are
> commented out by default (at least they always have been for
> me)
> 
> 
> Ash
> www.ashleysheridan.co.uk
> 
> 
Have you restarted the server? Also, I'm not sure, but does Windows come
with an SMTP server by default? It might be something only available to
Windows Server versions, and would need setting up. 'Course, I'm not too
sure on Windows servers, I tend to work more with a LAMP stack than
WAMP.


Ash
www.ashleysheridan.co.uk


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Sending mail from localhost

[Ashley Sheridan]

On Sat, 2009-05-30 at 14:41 +0530, Sumit Sharma wrote:
> Hi,
> 
> I am new to php and not able to send mail from localhost. when trying to do
> so getting following response:
> 
> 
> *Warning*: mail() [function.mail ]: Failed
> to connect to mailserver at "localhost" port 25, verify your "SMTP" and
> "smtp_port" setting in php.ini or use ini_set() in *C:\wamp\www\abc1.php* on
> line *9
> 
> *Please Help,
> 
> Thanks,
> Sumit

You need to edit your smtp settings in the php.ini file to point to the
mail server you are using. I believe on a Windows php.ini these are
commented out by default (at least they always have been for me)


Ash
www.ashleysheridan.co.uk


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Sending mail from localhost

[Sumit Sharma]

Hi,

I am new to php and not able to send mail from localhost. when trying to do
so getting following response:


*Warning*: mail() [function.mail ]: Failed
to connect to mailserver at "localhost" port 25, verify your "SMTP" and
"smtp_port" setting in php.ini or use ini_set() in *C:\wamp\www\abc1.php* on
line *9

*Please Help,

Thanks,
Sumit

Re: [PHP] pdf_new()

[Sumit Sharma]

Hi Michael,

Now its working.

Thanks,
Sumit.



On Sat, May 30, 2009 at 1:51 PM, Michael A. Peters  wrote:

> Sumit Sharma wrote:
> > Hi,
> >
> > Unable the create new pdf file object. Getting an error when coding as
> > following:
> >
> >  >
> > $pdf=pdf_new();
> >
> > ?>
> >
> > *Fatal error*: Call to undefined function pdf_new() in
> *C:\wamp\www\abc1.php
> > * on line *3*
> >
> > Please Help.
> >
> > Thanks,
> >  Sumit.
> >
>
> You need to install PDFLib.
> If installed, you need to load the module (in your php.ini)
>
>

Re: [PHP] recipes anyone?

[Ashley Sheridan]

On Fri, 2009-05-29 at 19:24 -0400, PJ wrote:
> Michael A. Peters wrote:
> > Bob McConnell wrote:
> > > like a web based front end,
> > > exclusion of specific ingredients due to allergies and being able to
> > > attach dated notes about alterations or substitutions I try each time
> >
> > That sounds wicked.
> > One of my brothers is allergic to corn.
> > Being able to flag ingredients that contain corn (usually ingredients
> > that contain corn syrup) would also be great.
> >
> > Fortunately nothing too drastic happens when he gets corn, he gets a
> > rash and a bad attitude - but it still manages to slip its way into a
> > lot of things you wouldn't think contain corn.
> >
> > I think it may be corn syrup itself and not corn that he is allergic
> > to, I don't remember.
> >
> Oh my god, you have just treaded into one horrible hornet's nest... corn
> is probably the worst thing imaginable when it come to the food chain,
> nutrition, ecology, global warmiing, allergies, "green" fuel, etc. etc.
> not to mention that we as "human beings" are practically being turned
> into corn ourselves.
> Maybe your brother already knows about some of this, but it would be
> worth it for you to pursue the subject and you would be horrifies what
> corn is doing to our bodies and our planet. That is truly Montezuma's
> Revenge. If you want to know where to look, I'll check it out from my
> reading... I don't have that on me at the moment. ;-)
> 
> -- 
> Hervé Kempf: "Pour sauver la planète, sortez du capitalisme."
> -
> Phil Jourdan --- p...@ptahhotep.com
>http://www.ptahhotep.com
>http://www.chiccantine.com/andypantry.php
> 
> 
So, if corn is bad, eating it will get rid of it faster right? :p


Ash
www.ashleysheridan.co.uk


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] pdf_new()

[Michael A. Peters]

Sumit Sharma wrote:
> Hi,
>
> Unable the create new pdf file object. Getting an error when coding as
> following:
>
> 
> $pdf=pdf_new();
>
> ?>
>
> *Fatal error*: Call to undefined function pdf_new() in 
*C:\wamp\www\abc1.php

> * on line *3*
>
> Please Help.
>
> Thanks,
>  Sumit.
>

You need to install PDFLib.
If installed, you need to load the module (in your php.ini)


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] pdf_new()

[Sumit Sharma]

Hi,

Unable the create new pdf file object. Getting an error when coding as
following:



*Fatal error*: Call to undefined function pdf_new() in *C:\wamp\www\abc1.php
* on line *3*

Please Help.

Thanks,
 Sumit.