php-general Digest 24 Jun 2010 08:21:40 -0000 Issue 6813
php-general Digest 24 Jun 2010 08:21:40 - Issue 6813 Topics (messages 306382 through 306392): Re: Problem with ssh2_connect 306382 by: Brandon Rampersad 306387 by: Radek Krejèa 306392 by: Radek Krejèa Re: In what scenario an extension of a class is useful? 306383 by: Daevid Vincent Re: How to store encrypted data and how to store the key? 306384 by: Michael Shadle 306385 by: Peter Lind 306386 by: Michael Shadle IIS, PHP and HTML 306388 by: Phillip Baker 306389 by: Ashley Sheridan 306390 by: Tommy Pham 306391 by: Ashley Sheridan Administrivia: To subscribe to the digest, e-mail: php-general-digest-subscr...@lists.php.net To unsubscribe from the digest, e-mail: php-general-digest-unsubscr...@lists.php.net To post to the list, e-mail: php-gene...@lists.php.net -- ---BeginMessage--- Do you have lexneter installed. I think that could be the problem. 2010/6/23 Radek Krejča radek.kre...@starnet.cz Make sure that the key file exists by that name in the location you're specifying (hint: use a full path). Its in ssh2_auth_public..., yes, I am using full path there. it is the right key for that server. Yes, I use it with ssh command from line on the same computer. the permissions on the file are very strict (chmod 0400 ssh-rsa). My private key has 0400 I got error message immediately after $connection = ssh2_connect(' test.starnet.cz', 22, array('hostkey'='ssh-rsa'), $methods);, so $connection is invalid resource for other function. I have rsa keys, but if I use ssh-dss (hostkey), Its without warning - but I cant connect with keys. Radek -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- A Brandon_R Production ---End Message--- ---BeginMessage--- Do you have lexneter installed. I think that could be the problem. 2010/6/23 Radek Krejča radek.kre...@starnet.cz Make sure that What is lexneter please? Radek ---End Message--- ---BeginMessage--- Hi, new symptoms... So, I have following: 1. created rsa keys - tested over ssh command - on remote server is public key renamed to authorized_keys, on local machine i have both keys 2. rights on local machine: -r 1 radek wheel 1675 23 led 2007 radek -r 1 radek wheel229 24 crv 10:05 radek.pub 3. rights on remote machine -r 1 radek wheel 402 Jun 26 2006 authorized_keys 4. script ?php $methods = array( 'kex' = 'diffie-hellman-group1-sha1', 'hostkey' = 'ssh-dss', 'client_to_server' = array( 'crypt' = '3des-cbc', 'mac' = 'hmac-md5', 'comp' = 'none'), 'server_to_client' = array( 'crypt' = '3des-cbc', 'mac' = 'hmac-md5', 'comp' = 'none')); $connection = ssh2_connect('test.starnet.cz', 22, $methods); if (ssh2_auth_pubkey_file($connection, 'radek', '/home/radek/.ssh/radek.pub', '/home/radek/.ssh/radek')) { echo Public Key Authentication Successful\n; } else { die('Public Key Authentication Failed'); } ? 5. result of script php pokus.php Assertion failed: (session-userauth_pblc_method_len == _libssh2_ntohu32(pubkeydata)), function userauth_publickey, file userauth.c, line 982. Abort trap: 6 (core dumped [obraz pameti ulozen]) 6. if i use method ssh-rsa, i got message written in latest e-mail 7. both computers are FreeBSD, php from fresh ports 8. connection to Mikrotik over password (I cant use it there) withou problem (with this methods of course): $methods = array( 'kex' = 'diffie-hellman-group1-sha1', 'client_to_server' = array( 'crypt' = '3des-cbc', 'comp' = 'none'), 'server_to_client' = array( 'crypt' = 'aes256-cbc,aes192-cbc,aes128-cbc', 'comp' = 'none')); What I have wrong? Thank you Radek---End Message--- ---BeginMessage--- Priceless. Could also be extended applied to babies too. ;-p object babies extends mammal ( function eat (milk $food) ) ROFL. -Original Message- From: Rene Veerman [mailto:rene7...@gmail.com] Sent: Tuesday, June 22, 2010 11:58 PM object mammal ( function eat (mixed $food) function shit () function sleep() ) ---End Message--- ---BeginMessage--- I talked with a friend who actually had this implemented before and banks had signed off on it after reviewing it. load balancer (irrelevant to the security piece) web server(s) - only accepts traffic to port 80/443. can only forward requests on to the app server, one direction. app server(s) - processes the PHP/etc. has access to the
php-general Digest 24 Jun 2010 21:41:57 -0000 Issue 6814
php-general Digest 24 Jun 2010 21:41:57 - Issue 6814 Topics (messages 306393 through 306408): Re: Problem with ssh2_connect - finished 306393 by: Radek Krejèa Quick session question 306394 by: Danny 306395 by: Ashley Sheridan 306396 by: Jim Lucas 306397 by: Danny 306398 by: Mari Masuda 306403 by: Gaurav Kumar 306407 by: Jim Lucas Making a Password Confirmation in PHP 306399 by: Michael Calkins 306400 by: Ashley Sheridan 306401 by: Floyd Resler 306402 by: Ashley Sheridan 306404 by: David Èesal 306405 by: Ashley Sheridan 306406 by: Adam Richardson Unexpected behaviour from define() 306408 by: James Long Administrivia: To subscribe to the digest, e-mail: php-general-digest-subscr...@lists.php.net To unsubscribe from the digest, e-mail: php-general-digest-unsubscr...@lists.php.net To post to the list, e-mail: php-gene...@lists.php.net -- ---BeginMessage--- Hi, so I have (hope) finished. There is problem with rsa keys in function ssh2_connect (probably bug, I dont see any problem on my side), so I created two pairs - rsa and dsa. rsa method isnt working, but dsa method without problems. Its little complication, because I have everwhere rsa keys, but I change it to dsa, If nobody doesnt have any idea, where could be a problem with rsa. Radek---End Message--- ---BeginMessage--- Hi guys, I always start new projects with the following session code-snippet: (In other words this is how I initialize my sessions in the index.php file.) ### START CODE SNIPPET ?php session_start(); setcookie(session_name(),,0,/); unset($_COOKIE[session_name()]); $_SESSION = array(); session_unset(); session_destroy(); session_start(); /// Define some $_SESSION variables $_SESSION['sessionid'] = session_id() ; $_SESSION['server'] = http://localhost/~user/new_project; ; $_SESSION['sql_dflts'] = $_SESSION['server']./sql/sql_dflts.inc ; $_SESSION['remoteaddr'] = $_SERVER['REMOTE_ADDR'] ; $_SESSION['remotehost'] = gethostbyaddr ( $_SERVER['REMOTE_ADDR'] ) ; /// Include Files include ( $_SESSION['sql_dflts'] ) ; include ( $_SESSION['server']./fnc/fnc_include_dir.inc ) ; $var_include_dir = include_dir ( fnc ) ; ? ### END CODE SNIPPET # All of the projects I have done so far were for business intranet purposes and it worked fine. But last week I uploaded another project to the internet and my sessions did not work. I have been using it this way since v4.0 (I think, anyway since a LONG time ago), but now I think it is a bit outdated and needs some kind of revision. Is this still sufficient or can you guys give some tips on a more updated way of starting my sessions? My php.ini file is stock-standard. I am running version 5.2.6-1 with apache 2.2.9 on a Debian 5.04 machine. Thank You Danny ---End Message--- ---BeginMessage--- On Thu, 2010-06-24 at 16:24 +0200, Danny wrote: Hi guys, I always start new projects with the following session code-snippet: (In other words this is how I initialize my sessions in the index.php file.) ### START CODE SNIPPET ?php session_start(); setcookie(session_name(),,0,/); unset($_COOKIE[session_name()]); $_SESSION = array(); session_unset(); session_destroy(); session_start(); /// Define some $_SESSION variables $_SESSION['sessionid'] = session_id() ; $_SESSION['server'] = http://localhost/~user/new_project; ; $_SESSION['sql_dflts'] = $_SESSION['server']./sql/sql_dflts.inc ; $_SESSION['remoteaddr'] = $_SERVER['REMOTE_ADDR'] ; $_SESSION['remotehost'] = gethostbyaddr ( $_SERVER['REMOTE_ADDR'] ) ; /// Include Files include ( $_SESSION['sql_dflts'] ) ; include ( $_SESSION['server']./fnc/fnc_include_dir.inc ) ; $var_include_dir = include_dir ( fnc ) ; ? ### END CODE SNIPPET # All of the projects I have done so far were for business intranet purposes and it worked fine. But last week I uploaded another project to the internet and my sessions did not work. I have been using it this way since v4.0 (I think, anyway since a LONG time ago), but now I think it is a bit outdated and needs some kind of revision. Is this still sufficient or can you guys give some tips on a more updated way of starting my sessions? My php.ini file is stock-standard. I am running version 5.2.6-1 with apache 2.2.9 on a Debian 5.04 machine. Thank You Danny From the looks of it, any
RE: [PHP] Problem with ssh2_connect
Hi, new symptoms... So, I have following: 1. created rsa keys - tested over ssh command - on remote server is public key renamed to authorized_keys, on local machine i have both keys 2. rights on local machine: -r 1 radek wheel 1675 23 led 2007 radek -r 1 radek wheel229 24 crv 10:05 radek.pub 3. rights on remote machine -r 1 radek wheel 402 Jun 26 2006 authorized_keys 4. script ?php $methods = array( 'kex' = 'diffie-hellman-group1-sha1', 'hostkey' = 'ssh-dss', 'client_to_server' = array( 'crypt' = '3des-cbc', 'mac' = 'hmac-md5', 'comp' = 'none'), 'server_to_client' = array( 'crypt' = '3des-cbc', 'mac' = 'hmac-md5', 'comp' = 'none')); $connection = ssh2_connect('test.starnet.cz', 22, $methods); if (ssh2_auth_pubkey_file($connection, 'radek', '/home/radek/.ssh/radek.pub', '/home/radek/.ssh/radek')) { echo Public Key Authentication Successful\n; } else { die('Public Key Authentication Failed'); } ? 5. result of script php pokus.php Assertion failed: (session-userauth_pblc_method_len == _libssh2_ntohu32(pubkeydata)), function userauth_publickey, file userauth.c, line 982. Abort trap: 6 (core dumped [obraz pameti ulozen]) 6. if i use method ssh-rsa, i got message written in latest e-mail 7. both computers are FreeBSD, php from fresh ports 8. connection to Mikrotik over password (I cant use it there) withou problem (with this methods of course): $methods = array( 'kex' = 'diffie-hellman-group1-sha1', 'client_to_server' = array( 'crypt' = '3des-cbc', 'comp' = 'none'), 'server_to_client' = array( 'crypt' = 'aes256-cbc,aes192-cbc,aes128-cbc', 'comp' = 'none')); What I have wrong? Thank you Radek -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Problem with ssh2_connect - finished
Hi, so I have (hope) finished. There is problem with rsa keys in function ssh2_connect (probably bug, I dont see any problem on my side), so I created two pairs - rsa and dsa. rsa method isnt working, but dsa method without problems. Its little complication, because I have everwhere rsa keys, but I change it to dsa, If nobody doesnt have any idea, where could be a problem with rsa. Radek -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Quick session question
Hi guys, I always start new projects with the following session code-snippet: (In other words this is how I initialize my sessions in the index.php file.) ### START CODE SNIPPET ?php session_start(); setcookie(session_name(),,0,/); unset($_COOKIE[session_name()]); $_SESSION = array(); session_unset(); session_destroy(); session_start(); /// Define some $_SESSION variables $_SESSION['sessionid'] = session_id() ; $_SESSION['server'] = http://localhost/~user/new_project; ; $_SESSION['sql_dflts'] = $_SESSION['server']./sql/sql_dflts.inc ; $_SESSION['remoteaddr'] = $_SERVER['REMOTE_ADDR'] ; $_SESSION['remotehost'] = gethostbyaddr ( $_SERVER['REMOTE_ADDR'] ) ; /// Include Files include ( $_SESSION['sql_dflts'] ) ; include ( $_SESSION['server']./fnc/fnc_include_dir.inc ) ; $var_include_dir = include_dir ( fnc ) ; ? ### END CODE SNIPPET # All of the projects I have done so far were for business intranet purposes and it worked fine. But last week I uploaded another project to the internet and my sessions did not work. I have been using it this way since v4.0 (I think, anyway since a LONG time ago), but now I think it is a bit outdated and needs some kind of revision. Is this still sufficient or can you guys give some tips on a more updated way of starting my sessions? My php.ini file is stock-standard. I am running version 5.2.6-1 with apache 2.2.9 on a Debian 5.04 machine. Thank You Danny -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Quick session question
On Thu, 2010-06-24 at 16:24 +0200, Danny wrote: Hi guys, I always start new projects with the following session code-snippet: (In other words this is how I initialize my sessions in the index.php file.) ### START CODE SNIPPET ?php session_start(); setcookie(session_name(),,0,/); unset($_COOKIE[session_name()]); $_SESSION = array(); session_unset(); session_destroy(); session_start(); /// Define some $_SESSION variables $_SESSION['sessionid'] = session_id() ; $_SESSION['server'] = http://localhost/~user/new_project; ; $_SESSION['sql_dflts'] = $_SESSION['server']./sql/sql_dflts.inc ; $_SESSION['remoteaddr'] = $_SERVER['REMOTE_ADDR'] ; $_SESSION['remotehost'] = gethostbyaddr ( $_SERVER['REMOTE_ADDR'] ) ; /// Include Files include ( $_SESSION['sql_dflts'] ) ; include ( $_SESSION['server']./fnc/fnc_include_dir.inc ) ; $var_include_dir = include_dir ( fnc ) ; ? ### END CODE SNIPPET # All of the projects I have done so far were for business intranet purposes and it worked fine. But last week I uploaded another project to the internet and my sessions did not work. I have been using it this way since v4.0 (I think, anyway since a LONG time ago), but now I think it is a bit outdated and needs some kind of revision. Is this still sufficient or can you guys give some tips on a more updated way of starting my sessions? My php.ini file is stock-standard. I am running version 5.2.6-1 with apache 2.2.9 on a Debian 5.04 machine. Thank You Danny From the looks of it, any values that you add to the session are forgotten again the next time this code is called because of your use of session_unset() and session_destory(). Generally these functions are only used if you are closing the session. When you say 'sessions did not work' what do you mean? Sessions aren't being created? You can't access session variables? You need to be a bit more specific about the issue. Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] Quick session question
Danny wrote: Hi guys, I always start new projects with the following session code-snippet: (In other words this is how I initialize my sessions in the index.php file.) ### START CODE SNIPPET ?php session_start(); setcookie(session_name(),,0,/); unset($_COOKIE[session_name()]); $_SESSION = array(); session_unset(); session_destroy(); session_start(); /// Define some $_SESSION variables $_SESSION['sessionid'] = session_id() ; $_SESSION['server'] = http://localhost/~user/new_project; ; $_SESSION['sql_dflts'] = $_SESSION['server']./sql/sql_dflts.inc ; $_SESSION['remoteaddr'] = $_SERVER['REMOTE_ADDR'] ; $_SESSION['remotehost'] = gethostbyaddr ( $_SERVER['REMOTE_ADDR'] ) ; /// Include Files include ( $_SESSION['sql_dflts'] ) ; include ( $_SESSION['server']./fnc/fnc_include_dir.inc ) ; $var_include_dir = include_dir ( fnc ) ; ? ### END CODE SNIPPET # All of the projects I have done so far were for business intranet purposes and it worked fine. But last week I uploaded another project to the internet and my sessions did not work. I have been using it this way since v4.0 (I think, anyway since a LONG time ago), but now I think it is a bit outdated and needs some kind of revision. Is this still sufficient or can you guys give some tips on a more updated way of starting my sessions? My php.ini file is stock-standard. I am running version 5.2.6-1 with apache 2.2.9 on a Debian 5.04 machine. Nothing looks to be wrong with the session initiation code. The problem is more the likely the calls to include a remote file. Basically, to expand your variables out, you would be doing this: include ( 'http://localhost/~user/new_project/sql/sql_dflts.inc' ) ; include ( 'http://localhost/~user/new_project/fnc/fnc_include_dir.inc' ) ; If your php.ini settings are stock, then the problem is with the allow_url_include directive. It is set to 0 by default. See here: http://us3.php.net/manual/en/filesystem.configuration.php Change that setting to '1' and restart your web server, then you should be good to go. Thank You Danny -- Jim Lucas A: Maybe because some people are too annoyed by top-posting. Q: Why do I not get an answer to my question(s)? A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Quick session question
Thanks Ashley and Jim, When you say 'sessions did not work' what do you mean? Sessions aren't being created? You can't access session variables? You need to be a bit more specific about the issue. Sorry, here is an explanation: The project I uploaded for a customer is a stock ordering web-app that they used on their local intranet for a year or so, but now they want this same web-app to be available globally. I thought that it would work out-the-box on the internet but it doesn't. On their local-lan I am able to do some (advanced) login checks with sessions with no problem, like I said, it has been workng for a year or so now. Also, the same login sequence I use here I also use in my other intranet web-apps. However, when I uploaded this project and I log on, I just get a blank screen after the login checks are done and it is supposed to take me to the logged-in start page. That is why I say that somehow my sessions are not carried over or caught by php. Thanks for the comments on my session initialization, if there is not really anything that should be changed, then I will leave it like it is. Just one more thing, should I always expand the URL's to an absolute path instead of using a session variable like I do? Thnks again guys Danny -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Quick session question
On Jun 24, 2010, at 9:09 AM, Danny wrote: Thanks Ashley and Jim, When you say 'sessions did not work' what do you mean? Sessions aren't being created? You can't access session variables? You need to be a bit more specific about the issue. Sorry, here is an explanation: The project I uploaded for a customer is a stock ordering web-app that they used on their local intranet for a year or so, but now they want this same web-app to be available globally. I thought that it would work out-the-box on the internet but it doesn't. On their local-lan I am able to do some (advanced) login checks with sessions with no problem, like I said, it has been workng for a year or so now. Also, the same login sequence I use here I also use in my other intranet web-apps. However, when I uploaded this project and I log on, I just get a blank screen after the login checks are done and it is supposed to take me to the logged-in start page. That is why I say that somehow my sessions are not carried over or caught by php. Thanks for the comments on my session initialization, if there is not really anything that should be changed, then I will leave it like it is. Just one more thing, should I always expand the URL's to an absolute path instead of using a session variable like I do? Thnks again guys Danny -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Maybe you need to change $_SESSION['server'] = http://localhost/~user/new_project; ; to be not localhost. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Making a Password Confirmation in PHP
This is very straight forward, if password a and b are not equal to each other, how can I let the user know that with out losing all of the entered information on the registration form? I was trying this: ---$p1 = input type=\password\ name=\usr_p1\ /; $p2 = input type=\password\ name=\usr_p2\ /; // if they didn't match return $p1 = input type=\password\ name=\usr_p1\ value=\ . $p1 . \/;--- I was trying to change the value of the variable which shows the input field to have the password already in it. and either one would just be echo'd depending on the result. Any ideas please? From,Michael calkinsmichaelcalk...@live.com elementFontfont-familyfont-sizefont-stylefont-variantfont-weightletter-spacingline-heighttext-decorationtext-aligntext-indenttext-transformwhite-spaceword-spacingcolorBackgroundbg-attachmentbg-colorbg-imagebg-positionbg-repeatBoxwidthheightborder-topborder-rightborder-bottomborder-leftmarginpaddingmax-heightmin-heightmax-widthmin-widthoutline-coloroutline-styleoutline-widthPositioningpositiontopbottomrightleftfloatdisplayclearz-indexListlist-style-imagelist-style-typelist-style-positionTablevertical-alignborder-collapseborder-spacingcaption-sideempty-cellstable-layoutEffectstext-shadow-webkit-box-shadowborder-radiusOtheroverflowcursorvisibility _ Hotmail has tools for the New Busy. Search, chat and e-mail from your inbox. http://www.windowslive.com/campaign/thenewbusy?ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_1
Re: [PHP] Making a Password Confirmation in PHP
On Thu, 2010-06-24 at 11:22 -0700, Michael Calkins wrote: This is very straight forward, if password a and b are not equal to each other, how can I let the user know that with out losing all of the entered information on the registration form? I was trying this: ---$p1 = input type=\password\ name=\usr_p1\ /; $p2 = input type=\password\ name=\usr_p2\ /; // if they didn't match return $p1 = input type=\password\ name=\usr_p1\ value=\ . $p1 . \/;--- I was trying to change the value of the variable which shows the input field to have the password already in it. and either one would just be echo'd depending on the result. Any ideas please? From,Michael calkinsmichaelcalk...@live.com elementFontfont-familyfont-sizefont-stylefont-variantfont-weightletter-spacingline-heighttext-decorationtext-aligntext-indenttext-transformwhite-spaceword-spacingcolorBackgroundbg-attachmentbg-colorbg-imagebg-positionbg-repeatBoxwidthheightborder-topborder-rightborder-bottomborder-leftmarginpaddingmax-heightmin-heightmax-widthmin-widthoutline-coloroutline-styleoutline-widthPositioningpositiontopbottomrightleftfloatdisplayclearz-indexListlist-style-imagelist-style-typelist-style-positionTablevertical-alignborder-collapseborder-spacingcaption-sideempty-cellstable-layoutEffectstext-shadow-webkit-box-shadowborder-radiusOtheroverflowcursorvisibility _ Hotmail has tools for the New Busy. Search, chat and e-mail from your inbox. http://www.windowslive.com/campaign/thenewbusy?ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_1 When you output the form again, output it with the values that were sent to you (take care about deliberate injection though) For things like select lists, I find I end up creating these from an array in PHP anyway, so it's easy to loop through the array and set the selected attribute if that's the value that was picked. Checkboxes and radio buttons; if the value has been sent by the user, then mark them checked when you output the html for them. Don't fill password boxes, as that confuses the user. If they mistyped, how do they know what value it holds anyway? Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] Making a Password Confirmation in PHP
On Jun 24, 2010, at 2:22 PM, Michael Calkins wrote: This is very straight forward, if password a and b are not equal to each other, how can I let the user know that with out losing all of the entered information on the registration form? I was trying this: ---$p1 = input type=\password\ name=\usr_p1\ /; $p2 = input type=\password\ name=\usr_p2\ /; // if they didn't match return $p1 = input type=\password\ name=\usr_p1\ value=\ . $p1 . \/;--- I was trying to change the value of the variable which shows the input field to have the password already in it. and either one would just be echo'd depending on the result. Any ideas please? From,Michael calkinsmichaelcalk...@live.com If you aren't opposed to using JavaScript, I'd do it there. If you don't want to use JavaScript then you can load the form data from the $_POST (or $_GET) array that was passed back to your script. Take care, Floyd -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Making a Password Confirmation in PHP
On Thu, 2010-06-24 at 14:29 -0400, Floyd Resler wrote: On Jun 24, 2010, at 2:22 PM, Michael Calkins wrote: This is very straight forward, if password a and b are not equal to each other, how can I let the user know that with out losing all of the entered information on the registration form? I was trying this: ---$p1 = input type=\password\ name=\usr_p1\ /; $p2 = input type=\password\ name=\usr_p2\ /; // if they didn't match return $p1 = input type=\password\ name=\usr_p1\ value=\ . $p1 . \/;--- I was trying to change the value of the variable which shows the input field to have the password already in it. and either one would just be echo'd depending on the result. Any ideas please? From,Michael calkinsmichaelcalk...@live.com If you aren't opposed to using JavaScript, I'd do it there. If you don't want to use JavaScript then you can load the form data from the $_POST (or $_GET) array that was passed back to your script. Take care, Floyd Is Javascript allowed to read the value of password boxes? I was of the understanding that it couldn't, so checking if a password field matches another is pretty moot. Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] Quick session question
Danny, I just read the email trail regarding your problem. The very first thing- 1. Session are stored as a file on the server in a folder. Check that the folder has read/*write* permission. (/tmp/ folder) 2. Check on the server that are the sessions really getting saved on the server? 3. Now in case you do not have access to a sessions folder on the server then set the session folder name/path to the folder (a new one) you can have access to (may be root of your ftp) using session_save_path('/httpdocs/'your-domain-folder/new-session-folder) (provide read/write permission) before session_start() in index.php or common header include file. This session_save_path() should be declared on every file on the top. Try the above and let me know if it works. Thanks, Gaurav Kumar http://blog.OsWebStudio.Com On Thu, Jun 24, 2010 at 7:54 PM, Danny dannydeb...@gmail.com wrote: Hi guys, I always start new projects with the following session code-snippet: (In other words this is how I initialize my sessions in the index.php file.) ### START CODE SNIPPET ?php session_start(); setcookie(session_name(),,0,/); unset($_COOKIE[session_name()]); $_SESSION = array(); session_unset(); session_destroy(); session_start(); /// Define some $_SESSION variables $_SESSION['sessionid'] = session_id() ; $_SESSION['server'] = http://localhost/~user/new_projecthttp://localhost/%7Euser/new_project ; $_SESSION['sql_dflts'] = $_SESSION['server']./sql/sql_dflts.inc ; $_SESSION['remoteaddr'] = $_SERVER['REMOTE_ADDR'] ; $_SESSION['remotehost'] = gethostbyaddr ( $_SERVER['REMOTE_ADDR'] ) ; /// Include Files include ( $_SESSION['sql_dflts'] ) ; include ( $_SESSION['server']./fnc/fnc_include_dir.inc ) ; $var_include_dir = include_dir ( fnc ) ; ? ### END CODE SNIPPET # All of the projects I have done so far were for business intranet purposes and it worked fine. But last week I uploaded another project to the internet and my sessions did not work. I have been using it this way since v4.0 (I think, anyway since a LONG time ago), but now I think it is a bit outdated and needs some kind of revision. Is this still sufficient or can you guys give some tips on a more updated way of starting my sessions? My php.ini file is stock-standard. I am running version 5.2.6-1 with apache 2.2.9 on a Debian 5.04 machine. Thank You Danny -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Making a Password Confirmation in PHP
Yes, it is. D -Original Message- From: Ashley Sheridan [mailto:a...@ashleysheridan.co.uk] Sent: Thursday, June 24, 2010 8:32 PM To: Floyd Resler Cc: PHP Subject: Re: [PHP] Making a Password Confirmation in PHP On Thu, 2010-06-24 at 14:29 -0400, Floyd Resler wrote: On Jun 24, 2010, at 2:22 PM, Michael Calkins wrote: This is very straight forward, if password a and b are not equal to each other, how can I let the user know that with out losing all of the entered information on the registration form? I was trying this: ---$p1 = input type=\password\ name=\usr_p1\ /; $p2 = input type=\password\ name=\usr_p2\ /; // if they didn't match return $p1 = input type=\password\ name=\usr_p1\ value=\ . $p1 . \/;--- I was trying to change the value of the variable which shows the input field to have the password already in it. and either one would just be echo'd depending on the result. Any ideas please? From,Michael calkinsmichaelcalk...@live.com If you aren't opposed to using JavaScript, I'd do it there. If you don't want to use JavaScript then you can load the form data from the $_POST (or $_GET) array that was passed back to your script. Take care, Floyd Is Javascript allowed to read the value of password boxes? I was of the understanding that it couldn't, so checking if a password field matches another is pretty moot. Thanks, Ash http://www.ashleysheridan.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Making a Password Confirmation in PHP
On Thu, 2010-06-24 at 20:37 +0200, David Česal wrote: Yes, it is. D -Original Message- From: Ashley Sheridan [mailto:a...@ashleysheridan.co.uk] Sent: Thursday, June 24, 2010 8:32 PM To: Floyd Resler Cc: PHP Subject: Re: [PHP] Making a Password Confirmation in PHP On Thu, 2010-06-24 at 14:29 -0400, Floyd Resler wrote: On Jun 24, 2010, at 2:22 PM, Michael Calkins wrote: This is very straight forward, if password a and b are not equal to each other, how can I let the user know that with out losing all of the entered information on the registration form? I was trying this: ---$p1 = input type=\password\ name=\usr_p1\ /; $p2 = input type=\password\ name=\usr_p2\ /; // if they didn't match return $p1 = input type=\password\ name=\usr_p1\ value=\ . $p1 . \/;--- I was trying to change the value of the variable which shows the input field to have the password already in it. and either one would just be echo'd depending on the result. Any ideas please? From,Michael calkinsmichaelcalk...@live.com If you aren't opposed to using JavaScript, I'd do it there. If you don't want to use JavaScript then you can load the form data from the $_POST (or $_GET) array that was passed back to your script. Take care, Floyd Is Javascript allowed to read the value of password boxes? I was of the understanding that it couldn't, so checking if a password field matches another is pretty moot. Thanks, Ash http://www.ashleysheridan.co.uk Yes, so it does. That seems like a bit of a flaw in Javascript on security grounds. Anyway, you still need to perform the same check on the server: * Javascript may be turned off * Not every browser supports Javascript * Someone may make a post request without using the form Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] Making a Password Confirmation in PHP
On Thu, Jun 24, 2010 at 2:46 PM, Ashley Sheridan a...@ashleysheridan.co.ukwrote: On Thu, 2010-06-24 at 20:37 +0200, David Česal wrote: Yes, it is. D -Original Message- From: Ashley Sheridan [mailto:a...@ashleysheridan.co.uk] Sent: Thursday, June 24, 2010 8:32 PM To: Floyd Resler Cc: PHP Subject: Re: [PHP] Making a Password Confirmation in PHP On Thu, 2010-06-24 at 14:29 -0400, Floyd Resler wrote: On Jun 24, 2010, at 2:22 PM, Michael Calkins wrote: This is very straight forward, if password a and b are not equal to each other, how can I let the user know that with out losing all of the entered information on the registration form? I was trying this: ---$p1 = input type=\password\ name=\usr_p1\ /; $p2 = input type=\password\ name=\usr_p2\ /; // if they didn't match return $p1 = input type=\password\ name=\usr_p1\ value=\ . $p1 . \/;--- I was trying to change the value of the variable which shows the input field to have the password already in it. and either one would just be echo'd depending on the result. Any ideas please? From,Michael calkinsmichaelcalk...@live.com If you aren't opposed to using JavaScript, I'd do it there. If you don't want to use JavaScript then you can load the form data from the $_POST (or $_GET) array that was passed back to your script. Take care, Floyd Is Javascript allowed to read the value of password boxes? I was of the understanding that it couldn't, so checking if a password field matches another is pretty moot. Thanks, Ash http://www.ashleysheridan.co.uk Yes, so it does. That seems like a bit of a flaw in Javascript on security grounds. Anyway, you still need to perform the same check on the server: * Javascript may be turned off * Not every browser supports Javascript * Someone may make a post request without using the form Thanks, Ash http://www.ashleysheridan.co.uk Yes, the checks should be performed server-side, too. In terms of security, the password field was meant merely to protect against nearby people peering over the shoulder of the user typing in their password (aka, shoulder surfing.) So in terms of security, nothing is flawed, and there has been some debate on the need and implementation of password fields, especially given interfaces like the iphone which let you view the last character entered for a brief amount of time: http://www.schneier.com/blog/archives/2009/07/the_pros_and_co.html http://www.useit.com/alertbox/passwords.html I'd recommend progressively enhancing the page with a plugin such as those listed below (I prefer jQuery, but there are other options for other frameworks): http://plugins.jquery.com/project/showPasswordCheckbox http://plugins.jquery.com/project/fvalidate http://plugins.jquery.com/project/iphone-password Adam -- Nephtali: PHP web framework that functions beautifully http://nephtaliproject.com
Re: [PHP] Quick session question
Danny wrote: Thanks Ashley and Jim, When you say 'sessions did not work' what do you mean? Sessions aren't being created? You can't access session variables? You need to be a bit more specific about the issue. Sorry, here is an explanation: The project I uploaded for a customer is a stock ordering web-app that they used on their local intranet for a year or so, but now they want this same web-app to be available globally. I thought that it would work out-the-box on the internet but it doesn't. On their local-lan I am able to do some (advanced) login checks with sessions with no problem, like I said, it has been workng for a year or so now. Also, the same login sequence I use here I also use in my other intranet web-apps. However, when I uploaded this project and I log on, I just get a blank screen after the login checks are done and it is supposed to take me to the logged-in start page. Regarding the blank page, in your php.ini file turn on display_errors and error_reporting error_reporting = E_ALL display_errors = On This will make sure that PHP tells you all the errors that are possibly being generated. That is why I say that somehow my sessions are not carried over or caught by php. Thanks for the comments on my session initialization, if there is not really anything that should be changed, then I will leave it like it is. Just one more thing, should I always expand the URL's to an absolute path instead of using a session variable like I do? Thnks again guys Danny -- Jim Lucas A: Maybe because some people are too annoyed by top-posting. Q: Why do I not get an answer to my question(s)? A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Unexpected behaviour from define()
Perhaps I am missing something basic here. Why does the LOG_WARNING constant take on a value of 4, when it is defined with a value of 1? Thank you! Jim $ cat bug.php ? define( 'LOG_NORMAL', 0 ); define( 'LOG_WARNING', 1 ); define( 'LOG_ERROR', 2 ); echo 'LOG_NORMAL ' . LOG_NORMAL . \n; echo 'LOG_WARNING ' . LOG_WARNING . \n; echo 'LOG_ERROR ' . LOG_ERROR . \n; ? $ php bug.php LOG_NORMAL 0 LOG_WARNING 4 LOG_ERROR 2 $ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Unexpected behaviour from define()
On Thu, Jun 24, 2010 at 02:41:51PM -0700, James Long wrote: Perhaps I am missing something basic here. Why does the LOG_WARNING constant take on a value of 4, when it is defined with a value of 1? Thank you! Jim Answering my own question here LOG_WARNING is already defined elsewhere it seems, by the Network function define_syslog_variables: $ cat bug.php ? //define( 'LOG_NORMAL', 0 ); //define( 'LOG_WARNING', 1 ); //define( 'LOG_ERROR', 2 ); echo 'LOG_NORMAL ' . LOG_NORMAL . \n; echo 'LOG_WARNING ' . LOG_WARNING . \n; echo 'LOG_ERROR ' . LOG_ERROR . \n; ? $ php bug.php LOG_NORMAL LOG_NORMAL LOG_WARNING 4 LOG_ERROR LOG_ERROR $ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Unexpected behaviour from define()
On 24/06/10 22:41, James Long wrote: Perhaps I am missing something basic here. Why does the LOG_WARNING constant take on a value of 4, when it is defined with a value of 1? Thank you! Jim $ cat bug.php ? define( 'LOG_NORMAL', 0 ); define( 'LOG_WARNING', 1 ); define( 'LOG_ERROR', 2 ); echo 'LOG_NORMAL ' . LOG_NORMAL . \n; echo 'LOG_WARNING ' . LOG_WARNING . \n; echo 'LOG_ERROR ' . LOG_ERROR . \n; ? $ php bug.php LOG_NORMAL 0 LOG_WARNING 4 LOG_ERROR 2 $ Very strange, as ? define( 'LOG_NORMAL', 0 ); define( 'LOG_WARNiNG', 1 ); define( 'LOG_ERROR', 2 ); echo 'LOG_NORMAL ' . LOG_NORMAL . \n; echo 'LOG_WARNiNG ' . LOG_WARNiNG . \n; echo 'LOG_ERROR ' . LOG_ERROR . \n; ? seems to work fine Tim -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Unexpected behaviour from define()
On Thu, 2010-06-24 at 23:02 +0100, Tim Schofield wrote: On 24/06/10 22:41, James Long wrote: Perhaps I am missing something basic here. Why does the LOG_WARNING constant take on a value of 4, when it is defined with a value of 1? Thank you! Jim $ cat bug.php ? define( 'LOG_NORMAL', 0 ); define( 'LOG_WARNING', 1 ); define( 'LOG_ERROR', 2 ); echo 'LOG_NORMAL ' . LOG_NORMAL . \n; echo 'LOG_WARNING ' . LOG_WARNING . \n; echo 'LOG_ERROR ' . LOG_ERROR . \n; ? $ php bug.php LOG_NORMAL 0 LOG_WARNING 4 LOG_ERROR 2 $ Very strange, as ? define( 'LOG_NORMAL', 0 ); define( 'LOG_WARNiNG', 1 ); define( 'LOG_ERROR', 2 ); echo 'LOG_NORMAL ' . LOG_NORMAL . \n; echo 'LOG_WARNiNG ' . LOG_WARNiNG . \n; echo 'LOG_ERROR ' . LOG_ERROR . \n; ? seems to work fine Tim It would, you misspelt LOG_WARNING with a lowercase 'i' ;) Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] Unexpected behaviour from define()
On 24/06/10 23:08, Ashley Sheridan wrote: On Thu, 2010-06-24 at 23:02 +0100, Tim Schofield wrote: Very strange, as ? define( 'LOG_NORMAL', 0 ); define( 'LOG_WARNiNG', 1 ); define( 'LOG_ERROR', 2 ); echo 'LOG_NORMAL ' . LOG_NORMAL .\n; echo 'LOG_WARNiNG ' . LOG_WARNiNG .\n; echo 'LOG_ERROR ' . LOG_ERROR .\n; ? seems to work fine Tim It would, you misspelt LOG_WARNING with a lowercase 'i' ;) Thanks, Ash http://www.ashleysheridan.co.uk Thats what I was trying to illustrate, it worked with lower case i but not with upper case, but James has explained it. Thanks Tim -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Quick session question
Hi Gaurav, Creating a local folder solved the problem. I can now catch the session varaibles. I think that I am too familiar with setting up everything on a local server and forgot that there are other things to consider when you work on the internet. Thank You Danny On Jun 25 10, Gaurav Kumar : 2. Check on the server that are the sessions really getting saved on the server? 3. Now in case you do not have access to a sessions folder on the server then set the session folder name/path to the folder (a new one) you can have access to (may be root of your ftp) using session_save_path('/httpdocs/ 'your-domain-folder/new-session-folder) (provide read/write permission) before session_start() in index.php or common header include file. This session_save_path() should be declared on every file on the top. Try the above and let me know if it works. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Quick session question
Hi Jim, I followed Gaurav's tips on creating a folder to store the session info in and it got solved. I can now catch the session variables but I got A LOT of include() file errors which was solved by following your suggestion on expanding my URL's. Thank You Danny On Jun 24 10, Jim Lucas : Nothing looks to be wrong with the session initiation code. The problem is more the likely the calls to include a remote file. Basically, to expand your variables out, you would be doing this: include ( 'http://localhost/~user/new_project/sql/sql_dflts.inc' ) ; include ( 'http://localhost/~user/new_project/fnc/fnc_include_dir.inc' ) ; If your php.ini settings are stock, then the problem is with the allow_url_include directive. It is set to 0 by default. See here: http://us3.php.net/manual/en/filesystem.configuration.php Change that setting to '1' and restart your web server, then you should be good to go. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Quick session question [SOLVED]
Hi Guys, Thanks to all of you who helped me with my problem. I can now continue with my life :) . I'm happy and the customer is happy ... Thank you once again. Danny -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Quick session question
Hi Mari, I used localhost as a substitute for the real url. My mistake I should've told you guys. Thanks anyway for your input. Danny On Jun 24 10, Mari Masuda : Maybe you need to change $_SESSION['server'] = http://localhost/~user/new_project; ; to be not localhost. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php