php-general Digest 11 Aug 2010 10:27:20 -0000 Issue 6888
php-general Digest 11 Aug 2010 10:27:20 - Issue 6888 Topics (messages 307390 through 307396): Variable variables into an array. 307390 by: Richard Quadling 307392 by: Jim Lucas 307393 by: Richard Quadling 307394 by: Andrew Ballard 307396 by: Richard Quadling /status page of php-fpm 5.3.3 307391 by: Martin Minka Mail_Mime: undefined method Mail_mimePart::encodeHeader() 307395 by: René Santis Administrivia: To subscribe to the digest, e-mail: php-general-digest-subscr...@lists.php.net To unsubscribe from the digest, e-mail: php-general-digest-unsubscr...@lists.php.net To post to the list, e-mail: php-gene...@lists.php.net -- ---BeginMessage--- Hi. Quick set of eyes needed to see what I've done wrong... The following is a reduced example ... ?php $Set = array(); $Entry = 'Set[1]'; $Value = 'Assigned'; $$Entry = $Value; print_r($Set); ? The output is an empty array. Examining $GLOBALS, I end up with an entries ... [Set] = Array ( ) [Entry] = Set[1] [Value] = Assigned [Set[1]] = Assigned According to http://docs.php.net/manual/en/language.variables.basics.php, a variable named Set[1] is not a valid variable name. The [ and ] are not part of the set of valid characters. In testing all the working V4 and V5 releases I have, the output is always an empty array, so it looks like it is me, but the invalid variable name is an issue I think. Regards, Richard. NOTE: The above is a simple test. I'm trying to map in nested data to over 10 levels. -- Richard Quadling. ---End Message--- ---BeginMessage--- Richard Quadling wrote: Hi. Quick set of eyes needed to see what I've done wrong... The following is a reduced example ... ?php $Set = array(); $Entry = 'Set[1]'; $Value = 'Assigned'; $$Entry = $Value; print_r($Set); ? The output is an empty array. Examining $GLOBALS, I end up with an entries ... [Set] = Array ( ) [Entry] = Set[1] [Value] = Assigned [Set[1]] = Assigned According to http://docs.php.net/manual/en/language.variables.basics.php, a variable named Set[1] is not a valid variable name. The [ and ] are not part of the set of valid characters. In testing all the working V4 and V5 releases I have, the output is always an empty array, so it looks like it is me, but the invalid variable name is an issue I think. Regards, Richard. NOTE: The above is a simple test. I'm trying to map in nested data to over 10 levels. For something like this, a string that looks like a nested array reference, you might need to involve eval for it to derive that nested array. ---End Message--- ---BeginMessage--- On 10 August 2010 16:49, Jim Lucas li...@cmsws.com wrote: Richard Quadling wrote: Hi. Quick set of eyes needed to see what I've done wrong... The following is a reduced example ... ?php $Set = array(); $Entry = 'Set[1]'; $Value = 'Assigned'; $$Entry = $Value; print_r($Set); ? The output is an empty array. Examining $GLOBALS, I end up with an entries ... [Set] = Array ( ) [Entry] = Set[1] [Value] = Assigned [Set[1]] = Assigned According to http://docs.php.net/manual/en/language.variables.basics.php, a variable named Set[1] is not a valid variable name. The [ and ] are not part of the set of valid characters. In testing all the working V4 and V5 releases I have, the output is always an empty array, so it looks like it is me, but the invalid variable name is an issue I think. Regards, Richard. NOTE: The above is a simple test. I'm trying to map in nested data to over 10 levels. For something like this, a string that looks like a nested array reference, you might need to involve eval for it to derive that nested array. I'm happy with that. It seems variable variables can produce variables that do not follow the same naming limitations as normal variables. -- Richard Quadling. ---End Message--- ---BeginMessage--- On Tue, Aug 10, 2010 at 12:23 PM, Richard Quadling rquadl...@gmail.com wrote: On 10 August 2010 16:49, Jim Lucas li...@cmsws.com wrote: Richard Quadling wrote: Hi. Quick set of eyes needed to see what I've done wrong... The following is a reduced example ... ?php $Set = array(); $Entry = 'Set[1]'; $Value = 'Assigned'; $$Entry = $Value; print_r($Set); ? The output is an empty array. Examining $GLOBALS, I end up with an entries ... [Set] = Array ( ) [Entry] = Set[1] [Value] = Assigned [Set[1]] = Assigned According to http://docs.php.net/manual/en/language.variables.basics.php, a variable named Set[1] is not a valid variable name. The [ and ] are not part of the set of valid characters. In testing all the working V4 and V5 releases I have, the output is always an empty array, so it looks like it is me, but the invalid variable name is
php-general Digest 11 Aug 2010 22:50:32 -0000 Issue 6889
php-general Digest 11 Aug 2010 22:50:32 - Issue 6889 Topics (messages 307397 through 307401): Re: Variable variables into an array. 307397 by: Bob McConnell 307398 by: Richard Quadling protecting a directory by php mysql 307399 by: Ali Asghar Toraby Parizy 307400 by: Ashley Sheridan Encryption/Decryption Question 307401 by: tedd Administrivia: To subscribe to the digest, e-mail: php-general-digest-subscr...@lists.php.net To unsubscribe from the digest, e-mail: php-general-digest-unsubscr...@lists.php.net To post to the list, e-mail: php-gene...@lists.php.net -- ---BeginMessage--- From: Richard Quadling Quick set of eyes needed to see what I've done wrong... The following is a reduced example ... ?php $Set = array(); $Entry = 'Set[1]'; ^^ Shouldn't that be $Set[1]? $Value = 'Assigned'; $$Entry = $Value; print_r($Set); ? Bob McConnell ---End Message--- ---BeginMessage--- On 11 August 2010 13:58, Bob McConnell r...@cbord.com wrote: From: Richard Quadling Quick set of eyes needed to see what I've done wrong... The following is a reduced example ... ?php $Set = array(); $Entry = 'Set[1]'; ^^ Shouldn't that be $Set[1]? $Value = 'Assigned'; $$Entry = $Value; print_r($Set); ? Bob McConnell No. ---End Message--- ---BeginMessage--- Hi. I need a protected directory in my server that only the authenticated user can reach all files in that folder(file type is zip and picture or a web page, maybe). I save user ID and passwords in mysql database. today I tried to use htaccess but mod_auth_mysql isn't installed on my server. I know that I can protect web pages by a simple PHP script(checking log in session) but I don't know how I can protect images and files! Thanks for any help -- Ali Asghar Torabi ---End Message--- ---BeginMessage--- On Thu, 2010-08-12 at 02:02 +0430, Ali Asghar Toraby Parizy wrote: Hi. I need a protected directory in my server that only the authenticated user can reach all files in that folder(file type is zip and picture or a web page, maybe). I save user ID and passwords in mysql database. today I tried to use htaccess but mod_auth_mysql isn't installed on my server. I know that I can protect web pages by a simple PHP script(checking log in session) but I don't know how I can protect images and files! Thanks for any help You can protect with a .htaccess with a more basic protection, by having a password stored in an encrypted form in a file somewhere that Apache can see. However, if you need to authorise users via details in a DB, then your best bet is to store all the files themselves outside of the web root, and then use a script to access them. The script can authenticate users however you want, and only when they are logged in will it read from the file and write that back out to the client with the correct headers. If you can't put the files outside of web root, then you have little hope of securing them if you can't get mod_auth_mysql installed. Thanks, Ash http://www.ashleysheridan.co.uk ---End Message--- ---BeginMessage--- Hi gang: Okay, a question to the Encryption/Decryption gurus out there. If you were given: 1. This encrypted string: p3IVhDBT26i+p4vd7J4fAw== 2. Were told it was a social security number (i.e., in the form of 123-45-6789). 3. And it had been generated from this code: $cipher = mcrypt_module_open(MCRYPT_TRIPLEDES,'','cbc',''); mcrypt_generic_init($cipher, $key1, $key2); $encrypted = mcrypt_generic($cipher,$social_security_number); 4. Where $key1 and $key2 are md5() values calculated from two different security phrases. 5. Where each security phrase contains multiple non-English words. What would it take for you to break the encrypted string and decipher the social security number? Can it be done? If so, how long? And lastly, where would the best place to store these security phrases? (Note: I didn't ask where would be the best place for me to put them.) :-) Cheers, tedd PS: No, the SS number in question is not 123-45-6789. :-) -- --- http://sperling.com/ ---End Message---
Re: [PHP] Variable variables into an array.
On 10 August 2010 18:08, Andrew Ballard aball...@gmail.com wrote: On Tue, Aug 10, 2010 at 12:23 PM, Richard Quadling rquadl...@gmail.com wrote: On 10 August 2010 16:49, Jim Lucas li...@cmsws.com wrote: Richard Quadling wrote: Hi. Quick set of eyes needed to see what I've done wrong... The following is a reduced example ... ?php $Set = array(); $Entry = 'Set[1]'; $Value = 'Assigned'; $$Entry = $Value; print_r($Set); ? The output is an empty array. Examining $GLOBALS, I end up with an entries ... [Set] = Array ( ) [Entry] = Set[1] [Value] = Assigned [Set[1]] = Assigned According to http://docs.php.net/manual/en/language.variables.basics.php, a variable named Set[1] is not a valid variable name. The [ and ] are not part of the set of valid characters. In testing all the working V4 and V5 releases I have, the output is always an empty array, so it looks like it is me, but the invalid variable name is an issue I think. Regards, Richard. NOTE: The above is a simple test. I'm trying to map in nested data to over 10 levels. For something like this, a string that looks like a nested array reference, you might need to involve eval for it to derive that nested array. I'm happy with that. It seems variable variables can produce variables that do not follow the same naming limitations as normal variables. It would seem so. If eval() works, can you rearrange the strings a little to make use of parse_str() and avoid the use of eval()? Andrew php -r parse_str('a[1][2][3]=richard quadling'); var_dump($a); outputs ... array(1) { [1]= array(1) { [2]= array(1) { [3]= string(16) richard quadling } } } Perfect. Thanks. -- Richard Quadling. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Variable variables into an array.
From: Richard Quadling Quick set of eyes needed to see what I've done wrong... The following is a reduced example ... ?php $Set = array(); $Entry = 'Set[1]'; ^^ Shouldn't that be $Set[1]? $Value = 'Assigned'; $$Entry = $Value; print_r($Set); ? Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Variable variables into an array.
On 11 August 2010 13:58, Bob McConnell r...@cbord.com wrote: From: Richard Quadling Quick set of eyes needed to see what I've done wrong... The following is a reduced example ... ?php $Set = array(); $Entry = 'Set[1]'; ^^ Shouldn't that be $Set[1]? $Value = 'Assigned'; $$Entry = $Value; print_r($Set); ? Bob McConnell No. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] protecting a directory by php mysql
Hi. I need a protected directory in my server that only the authenticated user can reach all files in that folder(file type is zip and picture or a web page, maybe). I save user ID and passwords in mysql database. today I tried to use htaccess but mod_auth_mysql isn't installed on my server. I know that I can protect web pages by a simple PHP script(checking log in session) but I don't know how I can protect images and files! Thanks for any help -- Ali Asghar Torabi
Re: [PHP] protecting a directory by php mysql
On Thu, 2010-08-12 at 02:02 +0430, Ali Asghar Toraby Parizy wrote: Hi. I need a protected directory in my server that only the authenticated user can reach all files in that folder(file type is zip and picture or a web page, maybe). I save user ID and passwords in mysql database. today I tried to use htaccess but mod_auth_mysql isn't installed on my server. I know that I can protect web pages by a simple PHP script(checking log in session) but I don't know how I can protect images and files! Thanks for any help You can protect with a .htaccess with a more basic protection, by having a password stored in an encrypted form in a file somewhere that Apache can see. However, if you need to authorise users via details in a DB, then your best bet is to store all the files themselves outside of the web root, and then use a script to access them. The script can authenticate users however you want, and only when they are logged in will it read from the file and write that back out to the client with the correct headers. If you can't put the files outside of web root, then you have little hope of securing them if you can't get mod_auth_mysql installed. Thanks, Ash http://www.ashleysheridan.co.uk
[PHP] Encryption/Decryption Question
Hi gang: Okay, a question to the Encryption/Decryption gurus out there. If you were given: 1. This encrypted string: p3IVhDBT26i+p4vd7J4fAw== 2. Were told it was a social security number (i.e., in the form of 123-45-6789). 3. And it had been generated from this code: $cipher = mcrypt_module_open(MCRYPT_TRIPLEDES,'','cbc',''); mcrypt_generic_init($cipher, $key1, $key2); $encrypted = mcrypt_generic($cipher,$social_security_number); 4. Where $key1 and $key2 are md5() values calculated from two different security phrases. 5. Where each security phrase contains multiple non-English words. What would it take for you to break the encrypted string and decipher the social security number? Can it be done? If so, how long? And lastly, where would the best place to store these security phrases? (Note: I didn't ask where would be the best place for me to put them.) :-) Cheers, tedd PS: No, the SS number in question is not 123-45-6789. :-) -- --- http://sperling.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Encryption/Decryption Question
On Aug 11, 2010, at 6:50 PM, tedd wrote: Hi gang: Okay, a question to the Encryption/Decryption gurus out there. If you were given: 1. This encrypted string: p3IVhDBT26i+p4vd7J4fAw== 2. Were told it was a social security number (i.e., in the form of 123-45-6789). 3. And it had been generated from this code: $cipher = mcrypt_module_open(MCRYPT_TRIPLEDES,'','cbc',''); mcrypt_generic_init($cipher, $key1, $key2); $encrypted = mcrypt_generic($cipher,$social_security_number); 4. Where $key1 and $key2 are md5() values calculated from two different security phrases. 5. Where each security phrase contains multiple non-English words. What would it take for you to break the encrypted string and decipher the social security number? Can it be done? If so, how long? And lastly, where would the best place to store these security phrases? (Note: I didn't ask where would be the best place for me to put them.) :-) Cheers, tedd PS: No, the SS number in question is not 123-45-6789. :-) -- --- http://sperling.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Tedd- Considering you can brute force the entire keyspace for Triple DES in under a few hours (without specialized equipment) I don't think it would take long. Granted, I'm not an encryption expert. I look forward to hearing more. Thanks, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Encryption/Decryption Question
From my experience, I'd have to say that it would be a real tough go to crack that. If there was a weak point in the scheme is that your end result pattern ( the ssn ) is defined with a pair of constants, the hyphens. In our scheme we remove the dashes and just provide a mask for display. We also keep a unique key with each ssn, the record number for extra security. Where to keep it is tougher, OWASP suggests that the keys be stored on another non web facing server, with a locked down filesystem. That would be best if you have the hardware available. One other option here is to load the keys into ram on server start up and never have them physically on the machine. Bastien On 8/11/10, tedd t...@sperling.com wrote: Hi gang: Okay, a question to the Encryption/Decryption gurus out there. If you were given: 1. This encrypted string: p3IVhDBT26i+p4vd7J4fAw== 2. Were told it was a social security number (i.e., in the form of 123-45-6789). 3. And it had been generated from this code: $cipher = mcrypt_module_open(MCRYPT_TRIPLEDES,'','cbc',''); mcrypt_generic_init($cipher, $key1, $key2); $encrypted = mcrypt_generic($cipher,$social_security_number); 4. Where $key1 and $key2 are md5() values calculated from two different security phrases. 5. Where each security phrase contains multiple non-English words. What would it take for you to break the encrypted string and decipher the social security number? Can it be done? If so, how long? And lastly, where would the best place to store these security phrases? (Note: I didn't ask where would be the best place for me to put them.) :-) Cheers, tedd PS: No, the SS number in question is not 123-45-6789. :-) -- --- http://sperling.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Sent from my mobile device Bastien Cat, the other other white meat -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] [site is acting strange] - blank pages, download index.php, or works fine
Well if anyone cares to know what this problem was. We have no idea. We duplicated the sites templates, docroot, site is still using same shared plugins it was before, javascript, etc... The only thing that is different is that it is on a new doc root and new subdomain, members2.myhomegrown.com instead of just members. The only thing that is different is we disabled Proxy Pass however, we tried disabling this on the problem site and it did nothing to fix the issue. Anyhow from just simply duplicating the site, our errors seem to have gone away. Thanks for your help Thanks, T On Wed, Aug 4, 2010 at 3:31 PM, Tristan sunnrun...@gmail.com wrote: The sites are all on the same server. LAMP. no load balancing or anything really fancy for that matter. Looking a little closer, here's an error that we uncovered being thrown by apache As we have discussed, I have investigated this further and spoke with your host. It appears that when the error page appears, the following error appears in your apache/php error logs: Broken pipe: core_output_filter: writing data to the network Which would be causing empty responses (the error being seen in chrome). Since this appears to be a server side issue, your host is investigating this further. If your host needs us to take some further action in regards to this issue, please let us know. This site has adult content on it btw. Like I said sometimes we won't see the prob for hrs and sometimes its every other page load. members.myhomegrown.com tmm / phpuser Thanks, T On Fri, Jul 30, 2010 at 6:51 PM, David Hutto smokefl...@gmail.com wrote: On Fri, Jul 30, 2010 at 8:50 PM, David Hutto smokefl...@gmail.com wrote: On Fri, Jul 30, 2010 at 8:49 PM, David Hutto smokefl...@gmail.com wrote: On Fri, Jul 30, 2010 at 2:50 PM, Ashley Sheridan a...@ashleysheridan.co.uk wrote: On Fri, 2010-07-30 at 13:38 -0400, Adam Richardson wrote: On Fri, Jul 30, 2010 at 11:35 AM, Bill Guion bgu...@comcast.net wrote: At 6:45 PM -0600 7/29/10, Tristan wrote: Yeah like i said site works 95% of the time when navigating. PHP5.2, Mysql 5. The site is completely dynamic so it wouldn't work at all if that was the case of it not being installed right. so the other 5% of the time is blank pages and download index.php files. In Firefox when you get a blank page, if you click view source it will show all the code that should be there but, I can't tell if it's requesting the page again when you do that. It never fails 2 times in a row. A refresh will always fix it. When you look in firebug there is no html so it leads me to believe FF may be doing just that...going for a second request instead of viewing currently opened source? In IE8 I would get something like diagnose problem button more information drop down with this problem can be caused by a variety of issues..this is a completely typical M$ error with no valid help chrome same thing with web page cannot be displayed more information etc... On Thu, Jul 29, 2010 at 6:36 PM, David McGlone da...@dmcentral.net wrote: On Thu, 2010-07-29 at 18:11 -0600, Tristan wrote: I have the strangest issue with my host. They can't figure it out and I'm completely perplexed. We have other sites running on the server just fine. However, this new site is acting very weird. Sometimes we get blank pages, sometimes we get a blank page and then a dialog pops up asking if we want to download index.php, and then sometimes the site is working fine. Any ideas on this? I'm at ends. Appreciate any advice. For authentication we are using mysql auth module in apache/linux and proxy pass. We removed proxy pass to see if that was it but, it wasn't. its a members.domain.comsubdomain if that helps. Do you have php-mysql installed? -- Blessings, David M. Does the page validate at http://jigsaw.w3.org/css-validator/? -= Bill =- -- Don't find fault. Find a remedy. - Henry Ford -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Tristan, The good news is that you're not crazy. I've had this exact issue (at least in terms of symptoms) when working with one of my client's websites. The bad news is that this was long ago, I was using a shared host, and I'm not the one who cause or, more importantly, fixed the problem. That said, I've strained my memory to try and recall what might have been said in the follow-up from the host, and it seems like there was a mime-type handling issue (again, I could be completely wrong, this is just a faint memory.) Another faint memory: are you able to see a difference in behavior when you view an index file with