php-general Digest 1 Apr 2010 15:00:23 -0000 Issue 6670
php-general Digest 1 Apr 2010 15:00:23 - Issue 6670
Topics (messages 303714 through 303725):
Re: Still searching for a bugtracking system
303714 by: Jan G.B.
image upload keeps file name ?
303715 by: Matthew Croud
303716 by: Ashley Sheridan
303717 by: Midhun Girish
How to know which PHP is used by Apache
303718 by: Devendra Jadhav
303719 by: Ashley Sheridan
303720 by: Devendra Jadhav
303721 by: Richard
303722 by: Nilesh Govindarajan
303723 by: Teus Benschop
303724 by: Devendra Jadhav
303725 by: Devendra Jadhav
Administrivia:
To subscribe to the digest, e-mail:
php-general-digest-subscr...@lists.php.net
To unsubscribe from the digest, e-mail:
php-general-digest-unsubscr...@lists.php.net
To post to the list, e-mail:
php-gene...@lists.php.net
--
---BeginMessage---
2010/3/30 Andre Polykanine an...@oire.org:
Hello Jan,
And what do you use then?)
Sadly, I'm bound to use what I dislike. Mantis. ;)
It's not my decision and in our business model there's no major
benefit in switching the software, at this point.
I can live with it.
Regards
--
With best regards from Ukraine,
Andre
Skype: Francophile; WlmMSN: arthaelon @ yandex.ru; Jabber: arthaelon @
jabber.org
Yahoo! messenger: andre.polykanine; ICQ: 191749952
Twitter: m_elensule
- Original message -
From: Jan G.B. ro0ot.w...@googlemail.com
To: Alex Major p...@allydm.co.uk
Date: Tuesday, March 30, 2010, 6:04:20 PM
Subject: [PHP] Still searching for a bugtracking system
2010/3/30 Alex Major p...@allydm.co.uk
Surely if it's not suitable for your situation, it's not the best? :)
Mantis is what I'd recommend and believe has already been recommend to you.
Runs using PHP and MySQL, it's flexible for public or private projects,
multiple projects etc.
I do agree with you that Bugzilla seems heavy, I know it has its supporters
but I've always found it to be overkill for the projects I've worked on.
Alex.
-Original Message-
From: Andre Polykanine [mailto:an...@oire.org]
Sent: 30 March 2010 14:14
To: php-gene...@lists.php.net
Subject: [PHP] Still searching for a bugtracking system
Hello everyone,
The best of all suggested bugtrackers is JotBug, on my opinion. But it
works only with SQLite databases, and I have no access to such one
(only MySql).
Any solutions?
P.S. I'd use Trac, but since I have no own server yet, we have no
access to Python, either... Only Php, MySql, Perl.
I have looked at Bugzilla... seems to heavy for our service).
-
Well. I'm not a fan of mantis. Mantis has some annoying bugs and the
codebase seems weird.
It basically works, but that is all about it.
I quote http://sqlite.org/about.html :
SQLite is a software library that implements
a self-contained,serverless, zero-configuration, transactional SQL database
engine.
...
Unlike most other SQL databases, SQLite does not have a separate server
process. SQLite reads and writes directly to ordinary disk files. A complete
SQL database with multiple tables, indices, triggers, and views, is
contained in a single disk file.
So you don't need access to such a database.
Regards
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
---End Message---
---BeginMessage---
Hi Guys,
Can someone confirm for me that the code below will move an uploaded
file and give it the same name as the original image file name ?
$file_dir = /home/uploads;
foreach($_FILES as $file_name = $file_array) {
echo path: .$file_array[tmp_name].br/\n;
echo name: .$file_array[name].br/\n;
echo type: .$file_array[type].br/\n;
echo size: .$file_array[size].br/\n;
$UploadName[$num] = $file_array[name];
$num++;
if (is_uploaded_file($file_array[tmp_name])) {
move_uploaded_file($file_array[tmp_name], $file_dir/.
$file_array[name]) or die (Couldn't copy);
echo file was moved!br/;
}
}
Many thanks,
---End Message---
---BeginMessage---
On Thu, 2010-04-01 at 10:51 +0100, Matthew Croud wrote:
Hi Guys,
Can someone confirm for me that the code below will move an uploaded
file and give it the same name as the original image file name ?
$file_dir = /home/uploads;
foreach($_FILES as $file_name = $file_array) {
echo path: .$file_array[tmp_name].br/\n;
echo name: .$file_array[name].br/\n;
echo type: .$file_array[type].br/\n;
echo size: .$file_array[size].br/\n;
$UploadName[$num] = $file_array[name];
$num++;
if (is_uploaded_file($file_array[tmp_name])) {
move_uploaded_file($file_array[tmp_name], $file_dir/.
$file_array[name]) or die (Couldn't copy);
echo file was moved!br/;
}
}
Many thanks,
Yes,
Re: Re[2]: [PHP] Still searching for a bugtracking system
2010/3/30 Andre Polykanine an...@oire.org: Hello Jan, And what do you use then?) Sadly, I'm bound to use what I dislike. Mantis. ;) It's not my decision and in our business model there's no major benefit in switching the software, at this point. I can live with it. Regards -- With best regards from Ukraine, Andre Skype: Francophile; WlmMSN: arthaelon @ yandex.ru; Jabber: arthaelon @ jabber.org Yahoo! messenger: andre.polykanine; ICQ: 191749952 Twitter: m_elensule - Original message - From: Jan G.B. ro0ot.w...@googlemail.com To: Alex Major p...@allydm.co.uk Date: Tuesday, March 30, 2010, 6:04:20 PM Subject: [PHP] Still searching for a bugtracking system 2010/3/30 Alex Major p...@allydm.co.uk Surely if it's not suitable for your situation, it's not the best? :) Mantis is what I'd recommend and believe has already been recommend to you. Runs using PHP and MySQL, it's flexible for public or private projects, multiple projects etc. I do agree with you that Bugzilla seems heavy, I know it has its supporters but I've always found it to be overkill for the projects I've worked on. Alex. -Original Message- From: Andre Polykanine [mailto:an...@oire.org] Sent: 30 March 2010 14:14 To: php-general@lists.php.net Subject: [PHP] Still searching for a bugtracking system Hello everyone, The best of all suggested bugtrackers is JotBug, on my opinion. But it works only with SQLite databases, and I have no access to such one (only MySql). Any solutions? P.S. I'd use Trac, but since I have no own server yet, we have no access to Python, either... Only Php, MySql, Perl. I have looked at Bugzilla... seems to heavy for our service). - Well. I'm not a fan of mantis. Mantis has some annoying bugs and the codebase seems weird. It basically works, but that is all about it. I quote http://sqlite.org/about.html : SQLite is a software library that implements a self-contained,serverless, zero-configuration, transactional SQL database engine. ... Unlike most other SQL databases, SQLite does not have a separate server process. SQLite reads and writes directly to ordinary disk files. A complete SQL database with multiple tables, indices, triggers, and views, is contained in a single disk file. So you don't need access to such a database. Regards -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] image upload keeps file name ?
Hi Guys,
Can someone confirm for me that the code below will move an uploaded
file and give it the same name as the original image file name ?
$file_dir = /home/uploads;
foreach($_FILES as $file_name = $file_array) {
echo path: .$file_array[tmp_name].br/\n;
echo name: .$file_array[name].br/\n;
echo type: .$file_array[type].br/\n;
echo size: .$file_array[size].br/\n;
$UploadName[$num] = $file_array[name];
$num++;
if (is_uploaded_file($file_array[tmp_name])) {
move_uploaded_file($file_array[tmp_name], $file_dir/.
$file_array[name]) or die (Couldn't copy);
echo file was moved!br/;
}
}
Many thanks,
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] image upload keeps file name ?
On Thu, 2010-04-01 at 10:51 +0100, Matthew Croud wrote:
Hi Guys,
Can someone confirm for me that the code below will move an uploaded
file and give it the same name as the original image file name ?
$file_dir = /home/uploads;
foreach($_FILES as $file_name = $file_array) {
echo path: .$file_array[tmp_name].br/\n;
echo name: .$file_array[name].br/\n;
echo type: .$file_array[type].br/\n;
echo size: .$file_array[size].br/\n;
$UploadName[$num] = $file_array[name];
$num++;
if (is_uploaded_file($file_array[tmp_name])) {
move_uploaded_file($file_array[tmp_name], $file_dir/.
$file_array[name]) or die (Couldn't copy);
echo file was moved!br/;
}
}
Many thanks,
Yes, the original filename comes from the [name] array element.
However, if someone is uploading a filename with the same name as one
that already exists, you will be overwriting it.
For peace of mind, I've always found it best to save the file using the
tmp_name given to it by PHP, and store this against the original
filename in a database. You can then use PHP to deliver the file back to
the user when it's needed as either a download or something displayed in
the browser. This works nicely with storing files outside of the web
root, which will prevent people from maliciously uploading files to
attempt to break your server and/or app.
Thanks,
Ash
http://www.ashleysheridan.co.uk
Re: [PHP] image upload keeps file name ?
I use the follwing function for moving files:
public function moveFile($file,$targetdir=../uploads/images/)
{
$fileName = $file['name'];
$ext = substr($fileName, strrpos($fileName, '.') + 1);
do
{
$targetfilename=md5(date(m.d.y.h.i.s).basename($fileName)).'.'.$ext;
$fullname=$targetdir.$targetfilename;
}while(file_exists($fullname));
move_uploaded_file($file[tmp_name],$fullname);
return $fullname;
}
Call the fn as :
foreach($_FILES as $file_name = $filearray)
{
if( $filearray['error']=='')
{
$filenametobestored=moveFile($filearray);
/*Enter name into db here*/
}
}
this will make sure you never over write anyfiles..
Midhun Girish
On Thu, Apr 1, 2010 at 3:25 PM, Ashley Sheridan
a...@ashleysheridan.co.ukwrote:
of the web
root, which will prevent people from maliciously uploadi
[PHP] How to know which PHP is used by Apache
Hi All, In the situation if there are two PHP's installed on the Linux box. How to know which PHP is used by Apache? Another question is do Apache need PHP's binary to execute PHP Scripts? If yes what is the role of libphp5.so in Apache? Note: PHP is configured as module under Apache. Appreciate your thoughts. -- Devendra Jadhav देवेंद्र जाधव
Re: [PHP] How to know which PHP is used by Apache
On Thu, 2010-04-01 at 19:00 +0530, Devendra Jadhav wrote: Hi All, In the situation if there are two PHP's installed on the Linux box. How to know which PHP is used by Apache? Another question is do Apache need PHP's binary to execute PHP Scripts? If yes what is the role of libphp5.so in Apache? Note: PHP is configured as module under Apache. Appreciate your thoughts. The libphp5.so is the Apache module that links PHP into Apache. You need this and PHP installed if you want to use PHP in Apache. The module itself indicates what version of PHP Apache will be using. Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] How to know which PHP is used by Apache
On Thu, Apr 1, 2010 at 6:59 PM, Ashley Sheridan a...@ashleysheridan.co.ukwrote: On Thu, 2010-04-01 at 19:00 +0530, Devendra Jadhav wrote: Hi All, In the situation if there are two PHP's installed on the Linux box. How to know which PHP is used by Apache? Another question is do Apache need PHP's binary to execute PHP Scripts? If yes what is the role of libphp5.so in Apache? Note: PHP is configured as module under Apache. Appreciate your thoughts. The libphp5.so is the Apache module that links PHP into Apache. You need this and PHP installed if you want to use PHP in Apache. The module itself indicates what version of PHP Apache will be using. Thanks, Ash http://www.ashleysheridan.co.uk With my case both installation of PHP has version 5.x, so how to know which PHP is being used? -- Devendra Jadhav देवेंद्र जाधव
Re: [PHP] How to know which PHP is used by Apache
Hi, In the situation if there are two PHP's installed on the Linux box. How to know which PHP is used by Apache? Another question is do Apache need PHP's binary to execute PHP Scripts? If yes what is the role of libphp5.so in Apache? Note: PHP is configured as module under Apache. This may help: ?php phpinfo(); ? -- Richard Heyes HTML5 canvas graphing: RGraph - http://www.rgraph.net (updated 20th March) Lots of PHP and Javascript code - http://www.phpguru.org -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How to know which PHP is used by Apache
On 04/01/10 19:00, Devendra Jadhav wrote: Hi All, In the situation if there are two PHP's installed on the Linux box. How to know which PHP is used by Apache? Another question is do Apache need PHP's binary to execute PHP Scripts? If yes what is the role of libphp5.so in Apache? Note: PHP is configured as module under Apache. Appreciate your thoughts. First of all, libphp5.so is created during the php compilation process. So it will use version of php with which it was compiled. Also, I don't think php's binary is needed for execution of php scripts is needed. -- Nilesh Govindarajan Site Server Administrator www.itech7.com मेरा भारत महान ! मम भारत: महत्तम भवतु ! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How to know which PHP is used by Apache
On Thu, 2010-04-01 at 19:07 +0530, Devendra Jadhav wrote: With my case both installation of PHP has version 5.x, so how to know which PHP is being used? Running this page through Apache could do it: ?php phpinfo (); ? Teus. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How to know which PHP is used by Apache
On Thu, Apr 1, 2010 at 7:13 PM, Teus Benschop teusjanne...@gmail.comwrote: On Thu, 2010-04-01 at 19:07 +0530, Devendra Jadhav wrote: With my case both installation of PHP has version 5.x, so how to know which PHP is being used? Running this page through Apache could do it: ?php phpinfo (); ? Teus. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php I am still confused. As per Nilesh php's binary is not required and as per Ashley it is required. Which one is correct? And I am not able to find which php's binary is used by using phpinfo(). -- Devendra Jadhav देवेंद्र जाधव
Re: [PHP] How to know which PHP is used by Apache
On Thu, Apr 1, 2010 at 7:22 PM, Devendra Jadhav devendra...@gmail.comwrote: On Thu, Apr 1, 2010 at 7:13 PM, Teus Benschop teusjanne...@gmail.comwrote: On Thu, 2010-04-01 at 19:07 +0530, Devendra Jadhav wrote: With my case both installation of PHP has version 5.x, so how to know which PHP is being used? Running this page through Apache could do it: ?php phpinfo (); ? Teus. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php I am still confused. As per Nilesh php's binary is not required and as per Ashley it is required. Which one is correct? And I am not able to find which php's binary is used by using phpinfo(). -- Devendra Jadhav देवेंद्र जाधव Anyone confident about either of the two answers? -- Devendra Jadhav देवेंद्र जाधव
Re: [PHP] How to know which PHP is used by Apache
On 04/01/10 20:30, Devendra Jadhav wrote: On Thu, Apr 1, 2010 at 7:22 PM, Devendra Jadhavdevendra...@gmail.comwrote: On Thu, Apr 1, 2010 at 7:13 PM, Teus Benschopteusjanne...@gmail.comwrote: On Thu, 2010-04-01 at 19:07 +0530, Devendra Jadhav wrote: With my case both installation of PHP has version 5.x, so how to know which PHP is being used? Running this page through Apache could do it: ?php phpinfo (); ? Teus. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php I am still confused. As per Nilesh php's binary is not required and as per Ashley it is required. Which one is correct? And I am not able to find which php's binary is used by using phpinfo(). -- Devendra Jadhav देवेंद्र जाधव Anyone confident about either of the two answers? Well, you can do a trial test. Compile a different version of php without libphp5.so, and replace the php interpreter of libphp5.so with this one. If phpinfo() from apache shows you a different version then libphp5 uses the binary else not. As per common logic, libphp5 embeds the php interpreter into apache, hence it'd not make sense to say that it needs the binary. -- Nilesh Govindarajan Site Server Administrator www.itech7.com मेरा भारत महान ! मम भारत: महत्तम भवतु ! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: php 5.3.2 Unable to fork
Hi, thanks for the reply, just tried without any db bases and the scenario did not change (besides for mysql). With and without pear.. nothing changed from the initial scene. Nathan Rixham nrix...@gmail.com escreveu na mensagem news:4bb3eb75.4020...@gmail.com... Eduardo Nunes wrote: Compiling without mysql support, the cli php -r 'echo shell_exec(echo Test!);' works fine even as the apache unprivileged user. However when running the test.php script with apache the error log still shows the error Unable to execute / Unable to fork ... back in 5.2.3 i had the same problem and found it to be the psql drivers not mysql.. may be worth checking -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How to know which PHP is used by Apache
Devendra Jadhav wrote: I am still confused. As per Nilesh php's binary is not required and as per Ashley it is required. Which one is correct? And I am not able to find which php's binary is used by using phpinfo(). Anyone confident about either of the two answers? Pretty confident about all of them. Nilesh probably misunderstood, or we are misunderstanding him. PHP has to have a binary file, whether it's the CLI interpreter or the Apache module. Run a script with phpinfo() in it. Look for the line that says Server API. If this reads something like Apache $N.$N Handler, then the PHP interpreter binary is something like libphp$n.so. If the line reads Command Line Interface, then you are using something like /usr/bin/php, /usr/local/bin/php, etc. (I'm from a BSD background, your $penguin_path may vary). If you are talking about actually having two different versions of PHP installed, and not sure which is actually being called, you might find out something with the Linux equivalent of the BSD `pkg_which`: [31] Thu 01.Apr.2010 10:39:24 [ad...@archangel][/usr/local/bin] sudo pkg_which /usr/local/bin/php php5-5.2.11 This command is highly dependent on your Linux distro: on RH I think it's rpm, dpkg on Debian, urpmf on Mandriva, etc. If you have two installations of the same version, $deity help you :-) HTH, Kevin Kinsey -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: php 5.3.2 Unable to fork
I would try your setenv path idea while compiling php without mysql, however I don't get why compiling php with mysql does not fork nor execute even running the php cli as root... Thanks for the reply Nilesh! Nilesh Govindarajan li...@itech7.com escreveu na mensagem news:4bb3fca7.4030...@itech7.com... On 04/01/10 02:21, Eduardo Nunes wrote: Compiling without mysql support, the cli php -r 'echo shell_exec(echo Test!);' works fine even as the apache unprivileged user. However when running the test.php script with apache the error log still shows the error Unable to execute / Unable to fork ... Eduardo Nunes zeh...@terra.com.br escreveu na mensagem news:38.94.09265.3a973...@pb1.pair.com... Hello people! A time before I had issues with my php 5.2.3 that would not fork anything, neither in shell or via apache, and I figured out that commenting out the snmp.so extension from php.ini made it fork commands passed to php cli with an unprivileged user (www) fine, however apache still would not fork anything. Now I just compiled 5.3.2 and it doesn't fork at all, neither as root with -n option. For example I am running: r...@saturno:/usr/src/apache/php-5.3.2# ./sapi/cli/php -n -r 'echo shell_exec(echo Test!);' Warning: shell_exec(): Unable to execute 'echo Test!' in Command line code on line 1 (neither system, exec, other options work) Any ideas on what is going on? (compiled using ../configure --prefix=/usr --with-apxs2 --disable-cgi --disable-short-tags --disable-ipv6 --without-sqlite3 --with-mysql --with-pdo-mysql --without-pdo-sqlite --enable-sockets --without-sqlite --with-gnu-ld) Thanks I think you need to check your PATH environment variable. Add the directory to it where your PHP interpreter sits. PS: This just a guess. Don't bash me if I'm wrong. -- Nilesh Govindarajan Site Server Administrator www.itech7.com मेरा भारत महान ! मम भारत: महत्तम भवतु ! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How to know which PHP is used by Apache
libphp5.so doesn't need the php binary. I've confirmed this using a test. My local apache is configured to use libphp5.so I moved /usr/bin/php to /root, then started apache and ran drupal. It worked. This confirms that libphp5.so is independent of the php binary in /usr/bin as I suggested earlier. -- Nilesh Govindarajan Site Server Administrator www.itech7.com मेरा भारत महान ! मम भारत: महत्तम भवतु ! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How to know which PHP is used by Apache
Nilesh Govindarajan wrote: libphp5.so doesn't need the php binary. You're right, and of course not. libphp5.so *is* a PHP binary :-) I've confirmed this using a test. My local apache is configured to use libphp5.so I moved /usr/bin/php to /root, then started apache and ran drupal. It worked. This confirms that libphp5.so is independent of the php binary in /usr/bin as I suggested earlier. No one was questioning that .. or at least, I wasn't. One is an executable binary file ... a program. The other is also a binary file, but it's a _library_. What I said was you need one or the other. A binary file, either the Apache SO or the binary interpreter... It's possible to configure Apache to use a PHP executable (CGI), and the CGI and CLI executables are similar, if not identical. I dunno if anyone actually does that anymore, though. :-) Ashley said The libphp5.so is the Apache module that links PHP into Apache. You need this and PHP installed if you want to use PHP in Apache. Devendra apparently misinterpreted this to mean that you need both the SO and the binary interpreter, but you don't. You DO need the rest of the PHP extensions, libraries, config files, etc. ... a PHP installation, whether or not your have the CLI binary is not that important, although I always do since I like to run system scripts in PHP via cron, etc. Kevin Kinsey -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How to know which PHP is used by Apache
On 04/01/10 23:03, Kevin Kinsey wrote: Nilesh Govindarajan wrote: libphp5.so doesn't need the php binary. You're right, and of course not. libphp5.so *is* a PHP binary :-) I've confirmed this using a test. My local apache is configured to use libphp5.so I moved /usr/bin/php to /root, then started apache and ran drupal. It worked. This confirms that libphp5.so is independent of the php binary in /usr/bin as I suggested earlier. No one was questioning that .. or at least, I wasn't. One is an executable binary file ... a program. The other is also a binary file, but it's a _library_. What I said was you need one or the other. A binary file, either the Apache SO or the binary interpreter... It's possible to configure Apache to use a PHP executable (CGI), and the CGI and CLI executables are similar, if not identical. I dunno if anyone actually does that anymore, though. :-) Ashley said The libphp5.so is the Apache module that links PHP into Apache. You need this and PHP installed if you want to use PHP in Apache. Devendra apparently misinterpreted this to mean that you need both the SO and the binary interpreter, but you don't. You DO need the rest of the PHP extensions, libraries, config files, etc. ... a PHP installation, whether or not your have the CLI binary is not that important, although I always do since I like to run system scripts in PHP via cron, etc. Kevin Kinsey LOL. Super misunderstanding. Anyway, I did that test to help Devendra. -- Nilesh Govindarajan Site Server Administrator www.itech7.com मेरा भारत महान ! मम भारत: महत्तम भवतु ! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] File encryption under PHP
Folks: If I wanted to encrypt a file in PHP and then write it out to disk (one-way encryption, requiring a password), what PHP built-ins might you recommend to encrypt the contents of the file before writing it out to disk? Paul -- Paul M. Foster -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] File encryption under PHP
On Thu, 2010-04-01 at 15:47 -0400, Paul M Foster wrote: Folks: If I wanted to encrypt a file in PHP and then write it out to disk (one-way encryption, requiring a password), what PHP built-ins might you recommend to encrypt the contents of the file before writing it out to disk? Paul -- Paul M. Foster I don't think you want one-way encryption, that would mean you can't unencrypt it! What about the usual functions for encrypting strings in PHP? Couldn't you encrypt the file as a string and output that? Or did you want the file to request a password when it was opened? What about a password-protected compressed archive file? Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] File encryption under PHP
On Thu, Apr 01, 2010 at 08:45:53PM +0100, Ashley Sheridan wrote: On Thu, 2010-04-01 at 15:47 -0400, Paul M Foster wrote: Folks: If I wanted to encrypt a file in PHP and then write it out to disk (one-way encryption, requiring a password), what PHP built-ins might you recommend to encrypt the contents of the file before writing it out to disk? Paul -- Paul M. Foster I don't think you want one-way encryption, that would mean you can't unencrypt it! Then one-way encryption would be something no one would do. I must be using the wrong term. What I mean is that it needs a password, which is used to encrypt and decrypt the file. What about the usual functions for encrypting strings in PHP? Couldn't you encrypt the file as a string and output that? Or did you want the file to request a password when it was opened? What about a password-protected compressed archive file? Well, when you say, usual functions for encrypting strings in PHP, what are my options there? And which are the best (most secure) methods? It looks like mcrypt_*() will do the job, but there are 20-30 algorithms, and I have no idea which are the most secure. Or would something else be better (than mcrypt_*())? Paul -- Paul M. Foster -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] File encryption under PHP
On Thu, Apr 1, 2010 at 3:47 PM, Paul M Foster pa...@quillandmouse.com wrote: Folks: If I wanted to encrypt a file in PHP and then write it out to disk (one-way encryption, requiring a password), what PHP built-ins might you recommend to encrypt the contents of the file before writing it out to disk? Paul I use the MCrypt extension to encrypt strings (login hashes in cookies, other such things). I don't see why you couldn't read the file into a string and then use mcrypt. You'd have to play with it though. Like make sure performance doesn't degrade massively for large files (rather than small strings), as well as making sure everything is binary-safe. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] File encryption under PHP
On Thu, 2010-04-01 at 16:04 -0400, Paul M Foster wrote: On Thu, Apr 01, 2010 at 08:45:53PM +0100, Ashley Sheridan wrote: On Thu, 2010-04-01 at 15:47 -0400, Paul M Foster wrote: Folks: If I wanted to encrypt a file in PHP and then write it out to disk (one-way encryption, requiring a password), what PHP built-ins might you recommend to encrypt the contents of the file before writing it out to disk? Paul -- Paul M. Foster I don't think you want one-way encryption, that would mean you can't unencrypt it! Then one-way encryption would be something no one would do. I must be using the wrong term. What I mean is that it needs a password, which is used to encrypt and decrypt the file. What about the usual functions for encrypting strings in PHP? Couldn't you encrypt the file as a string and output that? Or did you want the file to request a password when it was opened? What about a password-protected compressed archive file? Well, when you say, usual functions for encrypting strings in PHP, what are my options there? And which are the best (most secure) methods? It looks like mcrypt_*() will do the job, but there are 20-30 algorithms, and I have no idea which are the most secure. Or would something else be better (than mcrypt_*())? Paul -- Paul M. Foster There's a good reason for one-way encryption. The crypt function in PHP is one-way, and the use case is to compare an entered password without the encrypted password ever being unencryptable. Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] File encryption under PHP
On Thu, Apr 1, 2010 at 4:05 PM, Ashley Sheridan a...@ashleysheridan.co.uk wrote: On Thu, 2010-04-01 at 16:04 -0400, Paul M Foster wrote: On Thu, Apr 01, 2010 at 08:45:53PM +0100, Ashley Sheridan wrote: On Thu, 2010-04-01 at 15:47 -0400, Paul M Foster wrote: Folks: If I wanted to encrypt a file in PHP and then write it out to disk (one-way encryption, requiring a password), what PHP built-ins might you recommend to encrypt the contents of the file before writing it out to disk? Paul -- Paul M. Foster I don't think you want one-way encryption, that would mean you can't unencrypt it! Then one-way encryption would be something no one would do. I must be using the wrong term. What I mean is that it needs a password, which is used to encrypt and decrypt the file. What about the usual functions for encrypting strings in PHP? Couldn't you encrypt the file as a string and output that? Or did you want the file to request a password when it was opened? What about a password-protected compressed archive file? Well, when you say, usual functions for encrypting strings in PHP, what are my options there? And which are the best (most secure) methods? It looks like mcrypt_*() will do the job, but there are 20-30 algorithms, and I have no idea which are the most secure. Or would something else be better (than mcrypt_*())? Paul -- Paul M. Foster There's a good reason for one-way encryption. The crypt function in PHP is one-way, and the use case is to compare an entered password without the encrypted password ever being unencryptable. Thanks, Ash Technically, one-way encryption is called hashing, as encryption by definition is two-way. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] File encryption under PHP
Paul M Foster wrote: Folks: If I wanted to encrypt a file in PHP and then write it out to disk (one-way encryption, requiring a password), what PHP built-ins might you recommend to encrypt the contents of the file before writing it out to disk? Paul Here's a very generic mcrypt example. IANAE where security is concerned, but from what I've read, BLOWFISH should be a fairly decent algorithm for most applications. This isn't my work, can't remember whose ... uses 3DES. KDK ?php $plaintext = Four score and seven years ago; $cipher = MCRYPT_TRIPLEDES; $mode = MCRYPT_MODE_ECB; $rand_src = MCRYPT_DEV_RANDOM; //MCRYPT_DEV_RANDOM $password = 'Extra secret password'; print (Plaintext: $plaintext\n); // OK, let's encrypt the data $handle = mcrypt_module_open ($cipher, '', $mode, ''); if (!$handle) die (Couldn't locate open mcrypt module for '$cipher' algorithm); $iv_size = mcrypt_enc_get_iv_size ($handle); $ivector = mcrypt_create_iv ($iv_size, $rand_src); if (mcrypt_generic_init ($handle, $password, $ivector) == -1) die (Error: mcrypt_generic_init() failed.); $ciphertext = mcrypt_generic ($handle, $plaintext); mcrypt_generic_end ($handle); echo br Ciphertext: . bin2hex ($ciphertext) . \n; // Now let's decrypt it $handle = mcrypt_module_open ($cipher, '', $mode, ''); if (!$handle) die (Couldn't locate open mcrypt module for '$cipher' algorithm); if (mcrypt_generic_init ($handle, $password, $ivector) == -1) die (Error: mcrypt_generic_init() failed.); $plaintext = mdecrypt_generic ($handle, $ciphertext); mcrypt_generic_end ($handle); echo br Plaintext: $plaintext\n); ? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Tokutek Acquires Oracle
http://tokutek.com/2010/04/tokutek-acquires-oracle/ April 1, 2010, Totutek, Inc., announced the acquisition of Oracle Corporation. Tokutek has long been a supporter of open-source software said John Partridge, CEO of Tokutek. Oracle is an innovative small company the develops database front ends such as MySQL. Tokutek intends to continue developing the MySQL technology and expand our commitment to open-soure software. Oracle CEO Larry Ellison's role has not been determined. Other than a statement that the transaction is an all-stock transaction, terms of the transaction were not disclosed. http://planet.mysql.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Tokutek Acquires Oracle
Daevid Vincent wrote: http://tokutek.com/2010/04/tokutek-acquires-oracle/ April 1, 2010, Totutek, Inc., announced the acquisition of Oracle Corporation. Tokutek has long been a supporter of open-source software said John Partridge, CEO of Tokutek. Oracle is an innovative small company the develops database front ends such as MySQL. Tokutek intends to continue developing the MySQL technology and expand our commitment to open-soure software. Oracle CEO Larry Ellison's role has not been determined. Other than a statement that the transaction is an all-stock transaction, terms of the transaction were not disclosed. http://planet.mysql.com/ but sadly.. Tokutek's acquisitions of Oracle, Apple, HP, Microsoft and Google were today blocked by the European Union on the basis that the announced acquisitions were 'in bad taste'. http://tokutek.com/2010/04/tokuteks-acquisitions-blocked-by-eu/ shame -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Tokutek Acquires Oracle
On Thu, 2010-04-01 at 21:58 +0100, Nathan Rixham wrote: Daevid Vincent wrote: http://tokutek.com/2010/04/tokutek-acquires-oracle/ April 1, 2010, Totutek, Inc., announced the acquisition of Oracle Corporation. Tokutek has long been a supporter of open-source software said John Partridge, CEO of Tokutek. Oracle is an innovative small company the develops database front ends such as MySQL. Tokutek intends to continue developing the MySQL technology and expand our commitment to open-soure software. Oracle CEO Larry Ellison's role has not been determined. Other than a statement that the transaction is an all-stock transaction, terms of the transaction were not disclosed. http://planet.mysql.com/ but sadly.. Tokutek's acquisitions of Oracle, Apple, HP, Microsoft and Google were today blocked by the European Union on the basis that the announced acquisitions were 'in bad taste'. http://tokutek.com/2010/04/tokuteks-acquisitions-blocked-by-eu/ shame An April fools? It looks decidedly odd... Speaking of which, has anyone checked out Googles new Animal Translate? :p Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] Re: Tokutek Acquires Oracle
On Thu, Apr 1, 2010 at 1:57 PM, Ashley Sheridan a...@ashleysheridan.co.uk wrote: On Thu, 2010-04-01 at 21:58 +0100, Nathan Rixham wrote: Daevid Vincent wrote: http://tokutek.com/2010/04/tokutek-acquires-oracle/ April 1, 2010, Totutek, Inc., announced the acquisition of Oracle Corporation. Tokutek has long been a supporter of open-source software said John Partridge, CEO of Tokutek. Oracle is an innovative small company the develops database front ends such as MySQL. Tokutek intends to continue developing the MySQL technology and expand our commitment to open-soure software. Oracle CEO Larry Ellison's role has not been determined. Other than a statement that the transaction is an all-stock transaction, terms of the transaction were not disclosed. http://planet.mysql.com/ but sadly.. Tokutek's acquisitions of Oracle, Apple, HP, Microsoft and Google were today blocked by the European Union on the basis that the announced acquisitions were 'in bad taste'. http://tokutek.com/2010/04/tokuteks-acquisitions-blocked-by-eu/ shame An April fools? It looks decidedly odd... Speaking of which, has anyone checked out Googles new Animal Translate? :p BTW, did you know that laptop can fly? http://www.youtube.com/watch?v=TVwhrJirgp0 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] File encryption under PHP
Then one-way encryption would be something no one would do. I must be using the wrong term. What I mean is that it needs a password, which is used to encrypt and decrypt the file. *Symmetric* encryption uses the same key to encrypt and decrypt the text (what you're talking about, and example algorithms include blowfish, AES.) *Asymmetric* encryption uses separate keys, allowing anyone to send you an encrypted message with a public key, but only allowing you to decrypt it with your private key (https uses this as the initial stage to exchange the key to be used for the subsequent exchanges of text using symmetric encryption because symmetric encryption is much faster, and example algorithm is RSA.) Adam -- Nephtali: PHP web framework that functions beautifully http://nephtaliproject.com
[PHP] Apache rule/directive to stop serving PHP pages from /var/www/includes/
(Sorry if this is a duplicate. I sent one earlier with OT: prefixing the subject line and I think this list software kills the message despite being proper netiquette. *sigh*) I have your basic web tree setup. develo...@mypse:/var/www/dart2$ tree -d -I 'CVS' |-- UPDATES |-- ajax |-- images | |-- gui | `-- icons `-- includes |-- classes |-- css |-- functions | `-- xml |-- gui |-- js | |-- charts `-- pear |-- Auth |-- Benchmark |-- DB |-- Date |-- File |-- Spreadsheet `-- XML_RPC It's not ideal. I would normally have /includes/ in a directory outside the servable webroot directory, but for various reasons I won't go into, this is how it is. Now I have Apache configured to NOT allow directory browsing. I also have a index.html file in most all main directories to log attempts and also redirect back to the main site. What I don't know how to protect against is if someone were to KNOW the name of a .php file. Say I have /includes/foo.inc.php for example, someone can put that in their URL and apache will happily serve it up. :( Is there a directive to prevent this? I would think it should be doable since PHP reads the file directly off of disk via a command like this and isn't really served perse: require_once ROOTPATH.'/includes/functions/foo.inc.php'; Anyone? Anyone? Beuller? Beuller? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Apache rule/directive to stop serving PHP pages from /var/www/includes/
Daevid Vincent wrote: (Sorry if this is a duplicate. I sent one earlier with OT: prefixing the subject line and I think this list software kills the message despite being proper netiquette. *sigh*) I have your basic web tree setup. develo...@mypse:/var/www/dart2$ tree -d -I 'CVS' |-- UPDATES |-- ajax |-- images | |-- gui | `-- icons `-- includes |-- classes |-- css |-- functions | `-- xml |-- gui |-- js | |-- charts `-- pear |-- Auth |-- Benchmark |-- DB |-- Date |-- File |-- Spreadsheet `-- XML_RPC It's not ideal. I would normally have /includes/ in a directory outside the servable webroot directory, but for various reasons I won't go into, this is how it is. Now I have Apache configured to NOT allow directory browsing. I also have a index.html file in most all main directories to log attempts and also redirect back to the main site. What I don't know how to protect against is if someone were to KNOW the name of a .php file. Say I have /includes/foo.inc.php for example, someone can put that in their URL and apache will happily serve it up. :( Is there a directive to prevent this? I would think it should be doable since PHP reads the file directly off of disk via a command like this and isn't really served perse: require_once ROOTPATH.'/includes/functions/foo.inc.php'; Anyone? Anyone? Beuller? Beuller? LocationMatch ^/includes/ Order allow,deny Deny from all /LocationMatch Cheers, Rob. -- http://www.interjinn.com Application and Templating Framework for PHP -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Apache rule/directive to stop serving PHP pages from /var/www/includes/ [SOLVED]
-Original Message- From: Robert Cummings [mailto:rob...@interjinn.com] Sent: Thursday, April 01, 2010 7:23 PM To: Daevid Vincent Cc: php-general@lists.php.net Subject: Re: [PHP] Apache rule/directive to stop serving PHP pages from /var/www/includes/ Daevid Vincent wrote: (Sorry if this is a duplicate. I sent one earlier with OT: prefixing the subject line and I think this list software kills the message despite being proper netiquette. *sigh*) I have your basic web tree setup. develo...@mypse:/var/www/dart2$ tree -d -I 'CVS' |-- UPDATES |-- ajax |-- images | |-- gui | `-- icons `-- includes |-- classes |-- css |-- functions | `-- xml |-- gui |-- js | |-- charts `-- pear |-- Auth |-- Benchmark |-- DB |-- Date |-- File |-- Spreadsheet `-- XML_RPC It's not ideal. I would normally have /includes/ in a directory outside the servable webroot directory, but for various reasons I won't go into, this is how it is. Now I have Apache configured to NOT allow directory browsing. I also have a index.html file in most all main directories to log attempts and also redirect back to the main site. What I don't know how to protect against is if someone were to KNOW the name of a .php file. Say I have /includes/foo.inc.php for example, someone can put that in their URL and apache will happily serve it up. :( Is there a directive to prevent this? I would think it should be doable since PHP reads the file directly off of disk via a command like this and isn't really served perse: require_once ROOTPATH.'/includes/functions/foo.inc.php'; Anyone? Anyone? Beuller? Beuller? LocationMatch ^/includes/ Order allow,deny Deny from all /LocationMatch Brilliant! Thanks Rob. Here is the final that I went with (turns out I had to mind the /includes/js directory or all my jQuery stuff STB, so that's why I call each directory out like that): develo...@myvm:/etc/apache2/sites-enabled$ tail -n20 000-default # [dv] added 2010-04-01 to prevent serving include files and such LocationMatch /UPDATES/ Order allow,deny Deny from all /LocationMatch FilesMatch \.sql$ Order allow,deny Deny from all /FilesMatch LocationMatch /includes/(classes|functions|gui|pear)/ Order allow,deny Deny from all /LocationMatch FilesMatch \.(inc|class)\.php$ Order allow,deny Deny from all /FilesMatch -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
