[PHP] require/include fails with APC enabled
I have one server that is acting up whenever I try to enable APC. PHP scripts execute normally as long as there are no calls to include(), include_once(), require(), or require_once(). Any file (no matter the size) that can be included while APC is disabled will cause the script to silently fail at the point of include when APC is enabled. There is no output in the PHP error_log, even when logging all message types. This feels like it's probably a really simple fix, but we're stumped. Any help you can provide would be greatly appreciated. Server software combinations: PHP 5.2.9 with APC 3.0.18 and ZTS PHP 5.2.6+lenny3 with APC 3.1.2 PHP 5.2.6+lenny3 with APC 3.0.18 Apache 2.2.9 in all cases APC is configured for pthread mutex locks. mmap disabled.
Re: [PHP] pre-screening pages before served?
On Mon, Jul 20, 2009 at 4:47 PM, Chris Payne wrote: >> Really? This is an actual problem for you? It sounds too me that you have a >> malicious user on your server and if so, fire them. If you suspect you've >> been hacked from externally, then I would format and re-install -- or use a >> backup from a known good date. I've been coding PHP since 1996, and have >> NEVER heard of a man-in-the-middle attack like this. It just sounds like you >> have other problems and this isn't a solution, it's a band-aid. > > Hi There, > > There were MANY servers this past month had the same attack. At the > end of every index page on the website some malicious PHP code was > added linking to an iframe etc . first thing i did (Of course) was > change all FTP and user account passwords on my server and LUCKILY it > hasn't happened since even though friends of mine have had it happen a > couple of times on their servers since. > > I just want to have an extra layer of protection in place and i'm also > going to go through every single script I have written and lock them > down tightly as I don't know if they did this with FTP or some other > way to be honest. > > Chris > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > This could be the result of hole in the security somewhere of some package on the server. Worth checking into. -- Bastien Cat, the other other white meat -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] pre-screening pages before served?
> Really? This is an actual problem for you? It sounds too me that you have a > malicious user on your server and if so, fire them. If you suspect you've > been hacked from externally, then I would format and re-install -- or use a > backup from a known good date. I've been coding PHP since 1996, and have > NEVER heard of a man-in-the-middle attack like this. It just sounds like you > have other problems and this isn't a solution, it's a band-aid. Hi There, There were MANY servers this past month had the same attack. At the end of every index page on the website some malicious PHP code was added linking to an iframe etc . first thing i did (Of course) was change all FTP and user account passwords on my server and LUCKILY it hasn't happened since even though friends of mine have had it happen a couple of times on their servers since. I just want to have an extra layer of protection in place and i'm also going to go through every single script I have written and lock them down tightly as I don't know if they did this with FTP or some other way to be honest. Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] pre-screening pages before served?
On Mon, Jul 20, 2009 at 4:25 PM, Daevid Vincent wrote: > > >> -Original Message- >> From: oxygene...@gmail.com [mailto:oxygene...@gmail.com] On >> Behalf Of Chris Payne >> Sent: Monday, July 20, 2009 12:58 PM >> To: php-general@lists.php.net >> Subject: Re: [PHP] pre-screening pages before served? >> >> On Mon, Jul 20, 2009 at 12:30 PM, Per Jessen wrote: >> > Chris Payne wrote: >> > >> >> Hi everyone, >> >> >> >> Is it possible to have the system pre-screen a page before >> it is sent >> >> to a user? What I mean is, if someone requests index.php >> could I have >> >> a script scan the file before I serves it? >> > >> > Yes, apache has an output filter that can be set up as the >> last stage >> > just before serving a page. >> > >> > >> > /Per >> > >> > -- >> > Per Jessen, Zürich (19.8°C) >> >> Thank you, i'll look into that this evening as it would solve some >> problems i've had. I want my system to check local copies of a page >> against a cache I have of the same page and if they are different it >> won't serve the page and will automatically send me a copy of the page >> via email and restore it to what it should be. A way of protecting >> against attacks. Just 1 stage but I want to be pro-active and always >> be ontop of things. > > Really? This is an actual problem for you? It sounds too me that you have a > malicious user on your server and if so, fire them. If you suspect you've > been hacked from externally, then I would format and re-install -- or use a > backup from a known good date. I've been coding PHP since 1996, and have > NEVER heard of a man-in-the-middle attack like this. It just sounds like you > have other problems and this isn't a solution, it's a band-aid. > > http://daevid.com > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > Sounds like XSS to me. Likely a better validation and sanitation routine would help to clear the issue -- Bastien Cat, the other other white meat -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] pre-screening pages before served?
> -Original Message- > From: oxygene...@gmail.com [mailto:oxygene...@gmail.com] On > Behalf Of Chris Payne > Sent: Monday, July 20, 2009 12:58 PM > To: php-general@lists.php.net > Subject: Re: [PHP] pre-screening pages before served? > > On Mon, Jul 20, 2009 at 12:30 PM, Per Jessen wrote: > > Chris Payne wrote: > > > >> Hi everyone, > >> > >> Is it possible to have the system pre-screen a page before > it is sent > >> to a user? What I mean is, if someone requests index.php > could I have > >> a script scan the file before I serves it? > > > > Yes, apache has an output filter that can be set up as the > last stage > > just before serving a page. > > > > > > /Per > > > > -- > > Per Jessen, Zürich (19.8°C) > > Thank you, i'll look into that this evening as it would solve some > problems i've had. I want my system to check local copies of a page > against a cache I have of the same page and if they are different it > won't serve the page and will automatically send me a copy of the page > via email and restore it to what it should be. A way of protecting > against attacks. Just 1 stage but I want to be pro-active and always > be ontop of things. Really? This is an actual problem for you? It sounds too me that you have a malicious user on your server and if so, fire them. If you suspect you've been hacked from externally, then I would format and re-install -- or use a backup from a known good date. I've been coding PHP since 1996, and have NEVER heard of a man-in-the-middle attack like this. It just sounds like you have other problems and this isn't a solution, it's a band-aid. http://daevid.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] pre-screening pages before served?
On Mon, Jul 20, 2009 at 12:30 PM, Per Jessen wrote: > Chris Payne wrote: > >> Hi everyone, >> >> Is it possible to have the system pre-screen a page before it is sent >> to a user? What I mean is, if someone requests index.php could I have >> a script scan the file before I serves it? > > Yes, apache has an output filter that can be set up as the last stage > just before serving a page. > > > /Per > > -- > Per Jessen, Zürich (19.8°C) Thank you, i'll look into that this evening as it would solve some problems i've had. I want my system to check local copies of a page against a cache I have of the same page and if they are different it won't serve the page and will automatically send me a copy of the page via email and restore it to what it should be. A way of protecting against attacks. Just 1 stage but I want to be pro-active and always be ontop of things. Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] pre-screening pages before served?
Chris Payne wrote: > Hi everyone, > > Is it possible to have the system pre-screen a page before it is sent > to a user? What I mean is, if someone requests index.php could I have > a script scan the file before I serves it? Yes, apache has an output filter that can be set up as the last stage just before serving a page. /Per -- Per Jessen, Zürich (19.8°C) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP and FoxPro
> We currently use the Easysoft ODBC Bridge to connect to a remote FoxPro > database. The problem is that the bridge, after a while, starts consuming a > ton of system resources and we have to reboot the machine. Afterwards, it > can take upwards to two hours before everything is running quickly again. > We need another solution. Does anyone know of a any other way to connect > to a remote FoxPro database (or any ODBC source that isn't a database > server)? We've had a LOT a luck using ODBTP. Which can be found at http://odbtp.sourceforge.net Here's the rough outline... 1. Install Visual FoxPro odbc driver (or whatever drivers you want) on a Windows machine. 2. Install the ODBTP Server on the windows machine 3. Install a PHP module in your php. (Common ones included in the download) 4. Once you connect the functions are ALMOST exactly the same in usage as the mysql_xyz functions. A couple gotchas: 1. If you need to compile the PHP ODBTP module from source on x64 (OS X Leopard at least) it can be a pain. 2. The VFP 6.0 ODBC driver (not sure about higher versions) does not allow more than 250 odd characters to be inserted at a single time so memo's can be a PAIN. 3. It does require a port be opened on the Windows machine's firewall... (Uses TCP/IP for communication) 4. By default the ODBTP server can use up to 32 threads. The VFP ODBC driver is by nature single threaded. We've never had a problem with that directly but I assume it is what causes threads to slowly hang and disappear... eventually a message comes up "Unable to create thread". At that point you simply need to restart the ODBTP service in the Windows Services Control Panel. The bigger the tables and the more heavily used it is the more often this will happen. Other than that... Works like a charm. Looking forward, once you bite the bullet and convert to MySQL (at least for us) you can almost change odbtp_ to mysql_ and be up and running. (Assuming you limit yourself to "pure" SQL and not invoke VFP functions.) Matt -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] pre-screening pages before served?
Hi everyone, Is it possible to have the system pre-screen a page before it is sent to a user? What I mean is, if someone requests index.php could I have a script scan the file before I serves it? The reason I ask is this way I could check for patterns on the script to make sure the page hasn't been tampered with live, so to speak. Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Internal PHP caching methodology
On Sat, Jul 18, 2009 at 7:14 AM, Daniel Kolbo wrote: > Daniel Kolbo wrote: >> Eric Butera wrote: >>> On Thu, Jul 16, 2009 at 5:50 PM, Daniel Kolbo wrote: Hello, Call me a dreamer...but I got to ask. Is there any software for helping speed up PHP by utilizing internal PHP caching? I am not talking about the external php cache/header control. Smarty caching doesn't give me the control I need either. I would like to cache to a finer level than page by page, but rather on a module by module basis. Each of my pages contains a subset of modules. The content of these modules changes based upon certain criteria (link, time, session data, but is sometimes static across the site). I would like to be able to cache individual "modules" (preferably based upon frequency and time to generate). I am trying to develop a way to do this, but I have to think a brighter mind has come before me and hopefully arrived at a solution. As always any help/thoughts are much appreciated, except for that one guy's comments (you all know who I am talking) ~ jk ;) Thanks, ` -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php >>> Have you actually profiled your code to see where the pain points are >>> vs saying 'module?' Are you also running an opcode cache? From there >>> you can use data, block, or full page caching. Finally you can figure >>> out if you want to store it in flat files or memory. I'd start by >>> knowing what is actually the slow part using Xdebug and nail a few >>> down. >>> >>> There is no end all solution. Some pages really don't have a lot >>> going on and are hardly updated so full page is fine. Others might >>> have something that is hard to generate on a sidebar, so block caching >>> would be more suitable for that. As previously mentioned, Zend_Cache >>> is up to the task. There is also a PEAR package called Cache_Lite >>> which would work to if you're interested in file based caching. >>> >> >> So dreams do come true... >> >> Thank you for the wonderful insight. I've been reading about the >> memcached and Xdebug and Zend_Cache. I've got lots to learn, but it is >> exactly the type of material i was trying to find. >> >> I am not currently running an opcode cache. I may be doing "premature >> optimization", but i want to design the entire system intelligently from >> the get go rather than having to rebuild later. you know 'work smarter >> not harder' >> >> Is it possible to run xdebug on a virtual host server on which i do not >> have shell access? I can modify php.ini via cgi, but I don't know if >> i'd be able to view the results of xdebug on the machine. Your opinion >> would be appreciated. >> >> Thanks so much, i feel like i've just been shown a whole new world. >> dK >> ` > > I still have to (fully) rtfm. But i was wondering if the following > scenario(s) is(are) possible. > > -Does memcached store the same data under different keys in the same spot? > > From my reading so far, i do not think so. > My understanding is that currently memcached goes like as follows: > key->key_hash->server->data_value > but this approach could conceivably store the same data_value under > different keys (thus consuming unneeded memory) > > What i'd like it to do is the following: > key->key_hash->server->data_hash->server->data_value > > That is, each key has the data_hash as its value. Then one uses this > data_hash as the new key which has the data_value as its value. > This way the only data that is replicated would be the relatively small > data_hash, but the (larger) data itself would not be replicated. > > This would allow for the user to use different keys to access the same > data. This would be needed when seemingly different keys happen to > share the same data, but would be too costly to recognize, predict, and > accommodate such associations > > This doubles the number of calls to the server, but could conceivable > save a great deal of memory for more cached objects. What would be even > slicker is if the programmer could use either approach within the same > script. For example, if the programmer new for (almost) certain that a > certain key would never have the same data signature as any other key, > she could then use the original method and save on the overhead of > storing key_hash to data_hashes pairs. > > Also, I really like the idea behind zend_cache that I can use memcache/d > as the backend. That's pretty modular! > > I have three direct questions: > 1) Is the above approach wise or have i violated some basic caching > principle? > > 2) Is the php memcache/memcached class extendable (so that I can > implement 1 above)? > > 3) If 2) is yes, can I use this extendable class as the backend for > zend_cache? > > Thanks, > dK > ` > > The fact you said you haven't used Xdebug or
Re: [PHP] PHP and FoxPro
Paul, Believe me I would like nothing more that to get rid of FoxPro and convert it to MySQL. Sadly, that's not possible right now. I'll check into dBase. Thanks! Floyd On Jul 19, 2009, at 4:53 PM, Paul M Foster wrote: On Sun, Jul 19, 2009 at 09:00:49AM -0400, Floyd Resler wrote: We currently use the Easysoft ODBC Bridge to connect to a remote FoxPro database. The problem is that the bridge, after a while, starts consuming a ton of system resources and we have to reboot the machine. Afterwards, it can take upwards to two hours before everything is running quickly again. We need another solution. Does anyone know of a any other way to connect to a remote FoxPro database (or any ODBC source that isn't a database server)? No way to convert the FoxPro to PostgreSQL or MySQL? FoxPro is ancient and decrepit (I used to code in FoxPro). There is a dBase module for PHP. I don't know if it handles generic xBase files. I don't know much about the module, but you could check it out. Paul -- Paul M. Foster -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Dual PHP installation and session sharing
Hi, Zareef. I have not tried storing session in a database, and I think it's not an option in my case, since I'm working on a legacy software that uses distributed databases across several servers. Actually, I guess it would be easier to setup a new webserver, running PHP 5 only, and discontinue the current one. But if there's a chance to share session in the actual environment, I would certainly prefer that. Thanks for the reply! 2009/7/19 Zareef Ahmed > > > On Sat, Jul 18, 2009 at 1:34 AM, Bruno Fajardo wrote: >> >> Hi all, >> >> I'm using Apache/2.2.3 (Linux/SUSE), running PHP 4.4.7 in CGI mode, in a >> dual installation with PHP 5.1.2 running as an Apache module. >> Scripts with .php5 extension are executed by PHP 5, and those with .php are >> executed by PHP 4, and everything runs as expected. >> My question is: is it possible to share session data between .php and .php5 >> scripts in this environment? All my tests failed. > > have you tried using database as session storage and setting session id > manually in your application. >> >> >> Thanks in advance! > > > > -- > Zareef Ahmed :: A PHP Developer in India ( Delhi ) > Homepage :: http://www.zareef.net -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: file_set_contents() do several times?
2009/7/20 Martin Zvarík : >> 2009/7/20 Martin Zvarík : >>> >> $i = 0; >>> do { >>> $i++; >>> $r = file_put_contents('file.txt', 'content'); >>> } while($r === false && $i < 3); >>> >>> if ($r === false) die('error'); >>> >>> ?> >>> > I am not appending anything, just ensuring that it will be written (and > giving it max. 3 tryes). Ok, don't do that. If it didn't work the first time, it won't work 0.001 seconds later, either. Chances are it will either be a permissions error, or out-of-disc-space. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: file_set_contents() do several times?
David Otton napsal(a): > 2009/7/20 Martin Zvarík : >> > $i = 0; >> do { >> $i++; >> $r = file_put_contents('file.txt', 'content'); >> } while($r === false && $i < 3); >> >> if ($r === false) die('error'); >> >> ?> >> >> Makes sense? or is it enough to do it just once? > > Assuming 'content' changes, and this is the cut-down example... > > $r = file_put_contents('file.txt', 'content', FILE_APPEND); > > There's a small overhead in opening/closing the file three times > instead of one, but I doubt that's going to be an issue for you. > I am not appending anything, just ensuring that it will be written (and giving it max. 3 tryes). === Martin Scotta replied: In my experience file_put_contents never fails, except about file permissions, but this is not the case. --- Thanks for your replies. Martin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] why does PHP parse "*.html" files in one subdir/ but not in another?
2009/7/19 Paul M Foster : > On Sun, Jul 19, 2009 at 07:18:34PM +0100, Stuart wrote: > >> 2009/7/19 Paul M Foster : >> > On Sun, Jul 19, 2009 at 09:30:33AM +0530, kranthi wrote: >> > >> >> >> >> > You do realize that PHP does not parse HTML files, right? The web server >> >> > does that. In fact, the web server also parses PHP files, using a >> >> > different library. >> >> >> >> Kindly elaborate If you are saying that PHP cant parse files with >> >> extension .html >> >> http://us2.php.net/manual/en/security.hiding.php. >> > >> > That's exactly what I'm saying. Apache or IIS (or whatever) discern the >> > contents of a file and determine how to parse it. As far as I know, >> > Apache, even with a PHP file, parses the HTML in the file and hands PHP >> > off to a PHP module to decode. The PHP engine itself does not parse the >> > HTML which is interspersed in and amongst your PHP code. The web server >> > does that. Unless some php internals person says otherwise, that's the >> > story. At best, the PHP engine would simply echo non-PHP text to the >> > browser, which is not parsing it. >> >> Actually that's not accurate. The web server does nothing with a file >> before it passes it to the PHP engine. PHP gets the entire file, it >> simply echo's anything not inside PHP tags. > > Then I stand corrected. But again, this means that PHP doesn't actually > *parse* the HTML it echoes. Technically it parses the the entire file looking for PHP tags, but that's being overly picky. -Stuart -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] file_set_contents() do several times?
2009/7/20 Martin Zvarík : > > $i = 0; > do { > $i++; > $r = file_put_contents('file.txt', 'content'); > } while($r === false && $i < 3); > > if ($r === false) die('error'); > > ?> > > Makes sense? or is it enough to do it just once? Assuming 'content' changes, and this is the cut-down example... $r = file_put_contents('file.txt', 'content', FILE_APPEND); There's a small overhead in opening/closing the file three times instead of one, but I doubt that's going to be an issue for you. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php