Re: [PHP] session

[Justin French]

on 11/03/03 6:47 PM, Shaun van den Berg ([EMAIL PROTECTED]) wrote:

 Hi,
 
 What should the probability of your garbadge collector be ? is a 100% bad ,

I've never seen much more than 20% on a production server -- most at 1%.  If
you make it 100%, then PHP will do a garbage clean out on EVERY request
(from my understanding), which would surely place some load on the server,
and perhaps slow down your application.

 and how long must the max lifetime of your session variables be , the
 default is 1440 secs(24 min) , is 24 hours to much ? Thanks

How long do you want the sessions to last?  The only arguments against
having a large number are:

- all these sessions have to be stored somewhere (file/memory/db)

- security -- it is wise, based on your application's target market, to have
long sessions which *may* be left active?


Justin


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Little Problem :)

[Justin French]

PLEASE use a descriptive heading, rather than something generic.

Justin


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] need help with parsing form input ...

[Justin French]

Space at the beginning or end of a string can be removed with trim().

In order for someone to write you a regexp, you need to change your question
to the following:


I need to ensure a string only has the following characters in it:
A-Z
a-z
0-9
Can someone please help me write a regexp which strip out all other
characters from a string?


It's always better to specify what you will ALLOW rather than trying to
think of everything little character you want to REFUSE.

Unfortunately, I'm no good with regexp's, so you'll have to hope someone who
IS reads your post :)


Justin French


on 12/03/03 5:14 AM, Kenn Murrah ([EMAIL PROTECTED]) wrote:

 Greetings.
 
 I'm out of my league here, not knowing enough about regular expressions yet
 to do this, so I desperately need someone's help ...
 
 I need to parse form input to eliminate unwanted characters (punctuation,
 mostly) ... for instance, if the web site visitor types  smith,susan--33
 into the field, i want to parse that line to eliminate the initial space,
 the comma, and the dashes so that $myvariable=smithsusan33 
 
 any help in doing this would be GREATLY appreciate.
 
 thanks.
 
 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Checking for a Valid Email String.

[Justin French]

on 12/03/03 12:42 PM, Philip J. Newman ([EMAIL PROTECTED]) wrote:

 how ever i don't think most ISPs let users pick names with the + sign in it

Doesn't matter... if it's a valid format of email address, then it should be
validated as legit.

I use this:
http://www.killersoft.com/downloads/pafiledb.php?action=fileid=4

Haven't had a single complaint.


The only true way to validate an address is for some to open the mail
account, read an email, and then respond.  Everything else just prevents
obvious mistakes, dummy address' and typos.


Justin French


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Subtracting two dates

[Justin French]

READ THE F***ING MANUAL!!!

http://php.net/round clearly shows you how to round to a whole number.

if you want to round ALL decimals up, then you might have to create
something from scratch, but

a) you need to read the relevant pages in the manual first
b) think about exactly what you want, then tell us


Justin French


on 12/03/03 4:06 PM, Ben C. ([EMAIL PROTECTED]) wrote:

 Is there a way not to round the number but get a whole number?   I don't
 want to have 1.5 days show as 2 days because it really has not gone into day
 2?
 
 -Original Message-
 From: Justin French [mailto:[EMAIL PROTECTED]
 Sent: Monday, March 10, 2003 8:27 PM
 To: Ben C.; [EMAIL PROTECTED]
 Subject: Re: [PHP] Subtracting two dates
 
 
 ?
 $otherDate = 2003-11-15;  // -mm-dd format
 $otherDateStamp = strtotime($otherDate);// now a unix timestamp
 
 $difference = time() - $otherDateStamp; // diff in seconds
 ?
 
 Then you need to decide if you want to show days, or hours, or years
 difference...
 
 I'll show you hours and days:
 
 ?
 $differenceHours = $difference / 3600;  // 60secs x 60 mins
 $differenceDays  = $difference / 86400; // 60 x 60 x 24 hours
 ?
 
 You then need to round the number using round().
 
 
 Justin
 
 
 
 on 11/03/03 3:02 PM, Ben C. ([EMAIL PROTECTED]) wrote:
 
 There are a lot of artlicles on this but I need a simple solution.  I need
 to subtract two dates as follows:
 
 $date = date(Y-m-d);
 $date1 = 2003-03-03;
 $differencedate = ($date - $date1);
 echo $differencedate;
 
 When I do this I get 0.  Please help!
 
 
 --
 The content of this email message and any attachments are confidential and
 may be legally privileged, intended solely for the addressee.  If you are
 not the intended recipient, be advised that any use, dissemination,
 distribution, or copying of this e-mail is strictly prohibited.  If you
 receive this message in error, please notify the sender immediately by
 reply
 email and destroy the message and its attachments.
 
 
 ---
 [This E-mail scanned for viruses]
 
 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Subtracting two dates

[Justin French]

on 12/03/03 4:35 PM, Justin French ([EMAIL PROTECTED]) wrote:

 if you want to round ALL decimals up, then you might have to create
 something from scratch, but

Actually, there's a link to both ceil() and floor() on the round() page in
the manual.

Justin


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] sessions

[Justin French]

Nothing is safe unless it goes over SSL, and even then, NOTHING is 100%
secure :)

The point is that you shouldn't have the plain text password as a session
var...

Your login form (and the script that varifies the login) should be secure
(see note), and should establish a session var like logged_in NOT session
vars like password.  This way, IF the session is hijacked, the hijacker
can only hijack that session NOT find out what the user's password is.

Note: The real issue you have is that the password can be seen in plain text
when the login form is submitted... therefor, you need to be concerned about
running the login process under SSL.


Justin French




on 10/03/03 7:36 PM, Shaun van den Berg ([EMAIL PROTECTED]) wrote:

 Hi,
 
 Tell me , is sessions safe - why is it really used ? Is it important te
 delete the session variables after u use it ? When a user logs on to my site
 , he enters the password , i then encrypt the password and verify it with
 the one in the database ! Will someone be able to hijack the session getting
 the password before i encrypt it ?
 
 Thanks
 Shaun
 
 --
 Novtel Consulting
 Tel: +27 21 9822373
 Fax: +27 21 9815846
 Please visit our website:
 www.novtel.co.za
 
 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Online Store

[Justin French]

You only have two options really... either they manually change each product
themselves via a web based form, or the process is managed by a CSV file.
The first thing you need to ensure is that every product in the catalogue
has a unique key (identifier / product number / barcode number / whatever).

This value needs to be present in the database, and in the case of a CSV
file, needs to match the CSV.


You take the following CSV:

'10034','Socks - Red','2.99'
'10485','Socks - Blue','3.24'

And parse it into your database, where you'd have columns like:

id,description,price


They can change the description all they want... they can also change the
price, but they need to leave the id alone.  If they change the ID, it's
like a new product.


If their supplier can't supply an Excel or CSV file, or doesn't have unique
codes for each product, then your client has no choice but to manually
update the data themselves via web forms, or maintain THEIR OWN Excel file
which you can parse weekly/daily/whatever.


I'd avoid doing anything manually.  Try to get an agreed format CSV from the
supplier monthly, and parse it.


Justin



on 11/03/03 9:51 AM, Pag ([EMAIL PROTECTED]) wrote:

 
 Hi,
 
 I have to write a PHP/MySQL online store with product catalogs, prices,
 descriptions, and ordering (no payment) etc, but i have a big doubt when it
 comes to updating.
 How is it usually done? I mean, i never did a project like this, with a
 big amount of products to update. Whats the easiest way of updating the
 prices like say, every week? The suppliers send a list of the new prices to
 the store, and the store has to update the prices online manually, one by one?
 Also i thought of saving the excel file in csv format and uploading to the
 site, where some sort of parser would collect the new info from it. The
 problem with that approach would be if the supplier changes a cel on some
 product name, then everything would be ruined.
 How is it usually done?
 
 Big thanks, i am completely blind in this.
 
 Pag
 
 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: sessions terminating randomly please help

[Justin French]

Check if your server is using files or shared memory to save the sessions...
My ISP was using mm (memory), and it was buggy... when they changed back to
files, all was well.

Justin


on 11/03/03 7:40 AM, David Chamberlin ([EMAIL PROTECTED]) wrote:

 It's possible you're being afflicted with the same problem I am.  See
 the message just one or two above this about Sessions problem.  What I
 found in my debugging is that it had to do with how I was
 mix-and-matching the way I specified links.
 
 Short version of the problem is that http://mysite.org/ has one session
 and http://www.mysite.org/ has another.  In my code, I sometimes have
 the links as a href=/page and sometimes it's explicit, as a
 href=http://www.mysite.org/;.  So if a user went to the site as
 http://mysite.org - the pages that used the explicit www.mysite.org
 would fail.
 
 So if there's anything in your pages/links that may change how the link
 is referred, you may be have different sessions occuring.
 
 I would imagine it should be pretty easy for you to debug whether or not
 this is the problem.  Have each of your pages echo out the current
 session id (echo 'session is '.session_id().'br';) and see if it
 changes at any point, and especially on the pages that fail.
 
 -Dave
 
 Freaky Deaky wrote:
 hi 
 
 i am experiencing a major problem with sessions expiring randomly in some of
 my 
 apps. i will log in and start clicking around and then i will eventually
 arrive at a page that tells me that i'm not logged in anymore. this happens
 apparently randomly. i have seen it on ie6, ie for mac, netscape 4.7 for pc,
 and mozilla 
 
 the apps are hosted on
 
 freebsd 4.7-release p2
 apache 1.3.27 
 php version 4.2.3
 compiled with --enable-trans-sid
 
 i can't go into production if there's the possibility that users will be
 randomly logged off. i went through all of my code over the weekend, and i
 don't think i can attribute this to a miscoding:
 
 when a user logs in, i create a session with
 
 session_start();
 $valid_user=$_POST['username'];
 session_register(valid_user);
 
 i have the following code at the top of each page to check to see if the
 session 
 is valid: 
 
 session_start();
 $valid_user=$_SESSION['valid_user'];
 global $valid_user;
 if (session_is_registered(valid_user)
 {...function to spit out an error message if the session is not valid...;}
 
 i have a logout page that destroys the session
 
 session_start();
 session_destroy();
 
 i also have a javascript timer in the header of every page that redirects to
 the 
 logout page if the user has been inactive for 20 minutes.
 
 i have played around with session.gc_probability, setting it to 100, but that
 doesn't seem to have fixed the problem.
 
 this is a huge problem.
 if anyone can give some advice, i'd really appreciate it.
 
 thanks
 
 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] .htaccess Help

[Justin French]

Get on the Apache list, not the PHP one :)

Justin

on 11/03/03 10:39 AM, Pushpinder Singh Garcha ([EMAIL PROTECTED]) wrote:

 Hello All
 
 I need to allow users to be able to access ONLY non-html files in a
 Secret Dir.
 Can anyone suggest a .htaccess method to do just that.
 
 I have a .htaccess script which will prevent anybody from viewing the
 contents of a Dir via http, but this time , I need to allow users to
 view the PHP Files
 
 
 TIA
 
 Pushpinder Singh Garcha
 _
 Web Architect
 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] newbie: contents will not output

[Justin French]

I've never opened a URL with fopen.

Have you looked for examples in the manual?  http://php.net/fopen ???

however, I can see one problem...

filesize($file) -- where is $file


Justin French


on 11/03/03 2:22 PM, Anthony Ritter ([EMAIL PROTECTED])
wrote:

 I'm trying to test the following script to display the contents of the
 following URL but it will not output.
 
 Any advice will be greatly appreciated.
 Thank you.
 Tony Ritter
 ...
 
 html
 head
 /head
 body
 ?
 $file_handler = fopen(http://www.weather.com;, r);
 $contents = fread($file_handler, filesize($file));
 fclose($file_handler);
 echo $contents;
 ?
 /body
 /html
 
 
 
 
 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Subtracting two dates

[Justin French]

?
$otherDate = 2003-11-15;  // -mm-dd format
$otherDateStamp = strtotime($otherDate);// now a unix timestamp

$difference = time() - $otherDateStamp; // diff in seconds
?

Then you need to decide if you want to show days, or hours, or years
difference...

I'll show you hours and days:

?
$differenceHours = $difference / 3600;  // 60secs x 60 mins
$differenceDays  = $difference / 86400; // 60 x 60 x 24 hours
?

You then need to round the number using round().


Justin



on 11/03/03 3:02 PM, Ben C. ([EMAIL PROTECTED]) wrote:

 There are a lot of artlicles on this but I need a simple solution.  I need
 to subtract two dates as follows:
 
 $date = date(Y-m-d);
 $date1 = 2003-03-03;
 $differencedate = ($date - $date1);
 echo $differencedate;
 
 When I do this I get 0.  Please help!
 
 
 --
 The content of this email message and any attachments are confidential and
 may be legally privileged, intended solely for the addressee.  If you are
 not the intended recipient, be advised that any use, dissemination,
 distribution, or copying of this e-mail is strictly prohibited.  If you
 receive this message in error, please notify the sender immediately by reply
 email and destroy the message and its attachments.
 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Subtracting two dates

[Justin French]

on 11/03/03 5:04 PM, Ben C. ([EMAIL PROTECTED]) wrote:

 Thanks, Justin.  It works.

Of course it does :P

HTH

Justin


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Forms Session variables

[Justin French]

You need to slow down and think things through.  My recommendation would be
to get a SINGLE PAGE form to work how you want first, then assess the logic
needed to move onto multiple forms.

Also, this was asked a while back, so here was my answer  sample code last
time:

http://marc.theaimsgroup.com/?l=php-generalm=104371796307302w=2


Justin




on 11/03/03 4:45 PM, Ashley M. Kirchner ([EMAIL PROTECTED]) wrote:

 
 I'm trying to build a multi-step form and using sessions to register
 the field values, but having serious issues.  This is what I'd like to do:
 
 step 1 (first page): ask for name, address, email. [submit]
 step 2 (second page): ask for more personal information [submit]
 step 3 (last page): ask for specific event information [submit]
 send everything to a back end MySQL db, and redirect to a thank you
 page.
 
 This whole process is just one form.php file that posts to a
 process.php script.  The content of form.php gets changed based on the
 step# (they get included step1.inc, step2.inc, and step3.inc.)
 
 However, after each [submit] I would like to verify the data prior
 to continuing to the next page.  If any of the fields are missing or
 incorrect, we re-post the same page with the correct fields already
 filled in (based on whatever the user entered), and the missing one ...
 blank (obviously.)  But, if everything is okay, and all fields check
 out, register the values and go on to the next page.  Repeat the process.
 
 I'm having a heck of a time with the validation part.  Either things
 don't register, or it gets stuck in a loop, regardless of what I change
 after the re-post.  So, I need some help.  I need some code...help!


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Displaying a file

[Justin French]

Change your link to something like:

a href=view.php?file=raceschedule.pdf ../a

view.php will NOT be a HTML page -- it will be responsible for:

a)  some conditional stuff, like checking for a logged in user
b)  output an appropriate header for the file type
c)  pass through the actual file contents


You would actually want to store the target files outside the doc root, or
forbid apache to serve them directly over http.

There's a decent article here:
http://www.zend.com/zend/trick/tricks-august-2001.php


Justin French



on 10/03/03 1:17 PM, Todd Cary ([EMAIL PROTECTED]) wrote:

 I want to display a file under program control in the same manner as one
 would with using an a tag e.g.
 
 Click a href=files/raceschedule.pdf Name=Race Schedule
 Target=_blankhere/a to open the Race Schedule
 
 In other words, if certain conditions are met, then I want to display
 the file.  What is the best way to do that?
 
 Many thanks.
 
 Todd


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Displaying a file

[Justin French]

Same way

img src='image.php?file=myimage.gif' /

image.php would do simular things to what view.php does in the script below.

Justin


on 10/03/03 2:07 PM, Mark Tehara ([EMAIL PROTECTED]) wrote:

 On that note, how would i load an image from outside the document root?
 
 
 
 - Original Message -
 From: Justin French [EMAIL PROTECTED]
 To: Todd Cary [EMAIL PROTECTED]; [EMAIL PROTECTED]
 Sent: Monday, March 10, 2003 4:06 PM
 Subject: Re: [PHP] Displaying a file
 
 
 Change your link to something like:
 
 a href=view.php?file=raceschedule.pdf ../a
 
 view.php will NOT be a HTML page -- it will be responsible for:
 
 a)  some conditional stuff, like checking for a logged in user
 b)  output an appropriate header for the file type
 c)  pass through the actual file contents
 
 
 You would actually want to store the target files outside the doc root, or
 forbid apache to serve them directly over http.
 
 There's a decent article here:
 http://www.zend.com/zend/trick/tricks-august-2001.php
 
 
 Justin French
 
 
 
 on 10/03/03 1:17 PM, Todd Cary ([EMAIL PROTECTED]) wrote:
 
 I want to display a file under program control in the same manner as one
 would with using an a tag e.g.
 
 Click a href=files/raceschedule.pdf Name=Race Schedule
 Target=_blankhere/a to open the Race Schedule
 
 In other words, if certain conditions are met, then I want to display
 the file.  What is the best way to do that?
 
 Many thanks.
 
 Todd
 
 
 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php
 
 
 
 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Displaying a file

[Justin French]

on 10/03/03 3:40 PM, Todd Cary ([EMAIL PROTECTED]) wrote:

 OK!  This makes sense.  What is the syntax to do
 
 b)  output an appropriate header for the file type
 c)  pass through the actual file contents
 
 if I were doing an HTML file - if I were doing a PDF file?

*Slaps forehead loudly*

Did you read that article?  Didn't think so.

It deals with PDF, headers, and plenty of other stuff.

If you still have a question after reading the article and trying the sample
code, THEN ask away.


Justin


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] file_exists() question

[Justin French]

on 09/03/03 8:10 AM, Charles Kline ([EMAIL PROTECTED]) wrote:

 if(file_exists('cherpdocs/$annrow[id].doc')){
 echo br /a href=\cherpdocs/$annrow[id].doc\Funding
 details paper/a;
 }

This is a pretty simple debugging type query, so:

First things first, make sure that $annrow[id] is what you expect, by
echoing it to the screen.

?
echo $annrow[id] . br /;
?


Then your file_exists() line has to use double quotes, because you're using
a variable:

file_exists(cherpdocs/$annrow[id].doc)

Or better still, clarify exactly what you want by using {braces} or .'s
file_exists(cherpdocs/{$annrow[id]}.doc)

Or:
file_exists(cherpdocs/ . $annrow[id] . .doc)


Same applies to your echo line.



Summary, I think you can save yourself a little grief by making the
following changes to your code.  Personally, I prefer wrapping all vars in
{braces} if inside a string.  It also includes some minor debugging code, so
that you can hunt down the issue.

?
$file = cherpdocs/{$annrow[id]}.doc

if(file_exists($file)) {
echo br /a href=\{$file}\Funding details paper/a;
} else {
echo The file {$file} did not exist;
}
?


Justin


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] repost: cookie problem

[Justin French]

1. Perhaps the browsers aren't accepting the cookies, or there are some
other security settings set too high?  Have you LOOKED in each browser to
see if the cookie is set?

2. Is it the EXACT same version of PHP that you have before/after the
reinstall?

3. It *may* be something to do with register globals being off in your
php.ini file...


Justin


on 08/03/03 9:34 PM, H. Miersch ([EMAIL PROTECTED]) wrote:

 i've posted this before to the newsgroup, and i don't think it got
 through to the mailinglist, so i'll try again.
 
 hello.
 i'm new to this NG, so i don't know if this is the right mailinglist
 / newsgroup for my problem. if not, please let me know which one to
 post it to. anyway, here goes:
 
 i'm designing a new website with several php scripts. for that
 purpose i've configuerd my server (apache under MacOSX 10.2.4) to
 process php. the scripts get executed as they should be. so far so
 hoopy. the problem is the cookie. i have a login.php which checks
 user input and depending on the results either sets a cookie,
 displays a message and proceeds to the next page or returns to the
 login page. the problem is, it doesn't work, the browser (netscape,
 safari,...) never gets the cookie. the next page checks the cookie
 and if it isn't set, it returns to the login page. since the cookie
 isn't set, this keeps happening even when it should proceed to the
 order forms.
 now the strange thing: before i had to reinstall OSX, it worked nicely.
 
 what can i do about this? any suggestions?


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Getting Numerical Index of a Key

[Justin French]

on 04/03/03 5:47 PM, Matt Honeycutt ([EMAIL PROTECTED]) wrote:

 I'm just going to spend the extra 5 minutes and rewrite that little
 chunk of code.

Sounds like the right move :)

Justin


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Keeping existing data in textarea's

[Justin French]

Here's a quick sample of how you can structure a form, and all it's
validation, and all it's error messages, and thankyou notes all onto one
script.

I haven't included every little line and data check that I should (otherwise
you'd have to pay me :P), but it works.

The beauty of keeping it all in one script is that you can echo the POSTed
variables back out into the form, with an error message.

This should be a suitable framework for you to further develop into your own
application.



?
// uncomment next 3 lines if register globals off
// $name = $_POST['name'];
// $email = $_POST['email'];
// $action = $_GET['action'];


if(empty($action))
{
$show_form = 1;
}
else
{
$show_form = 0;
}


if($action == validate)
{
$error = '';

// check for empty vars
if(empty($name)) { $error .= - you didn't enter your namebr /; }
if(empty($email)) { $error .= - you didn't enter your emailbr /; }

// perform any other validation as needed

if($error)
{
$show_form = 1;
}
else
{
// insert into database, send email, redirect or whatever
header(Location: {$_SERVER['PHP_SELF']}?action=thanks);
exit;
}
}

?
html
body
?
if($show_form)
{
if($error)
{
echo {$error}br /;
}
echo form action='{$_SERVER['PHP_SELF']}?action=validate'
method='POST'\n;
echo Name: input type='text' name='name' value='{$name}' /br /;
echo Email: input type='text' name='email' value='{$email}' /br /;
echo input type='submit' name='submit' value='submit' /br /;
echo /form;
}

if($action == thanks)
{
echo thanks!!!;
}
?
/body
/html


Justin French


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Using PHP to Generate a CSS Style Sheet

[Justin French]

on 04/03/03 5:37 PM, Phillip S. Baker ([EMAIL PROTECTED]) wrote:

 I would like to use PHP to make calls from a DB and generate a CSS file.
 Anyone have any ideas on doing this?

every day :)

PHP is some kind of programming language which is PARSED by PHP.  The result
is a TEXT FILE of some description... yes, even a CSS file.

How to do it depends entirely on your database structure and what you want
to achieve.

But a quick example:
---
?
$textColour = 'FF9900'; // a var you retrieved from a DB
$bgColour = 'white';// a var you retrieved from a DB
?
P { color: #?=$textColour?; }
BODY { background-color: #?=$bgColour?; }
---


 Will php commands executre from a .css file or is there a different way to
 do this??

.css files will not *automatically* be parsed by PHP, however you can force
them through with either a .htaccess file, or by editing apache's httpd.conf
file to suit.

this is my .htaccess file:

Files dynamic.css
ForceType application/x-httpd-php
/Files


Or, you can just include() some CSS generated by PHP directly into your PHP
application, and it will just appear as part of the HTML source.


Justin French


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Remember scrolled position

[Justin French]

This is not a PHP issue -- it's a javascript issue... try a JS newsgroup or
list.

Justin



on 05/03/03 1:10 AM, Lars Espelid ([EMAIL PROTECTED]) wrote:

 I'm trying to implement the following functionality into the file test.php:
 
 When I scroll down the page and then hit a button, the page should remember
 the scrolled position, refresh the page and then scroll down to the
 remembered position. If I knew how many form-schemas there would be on the
 page, this would be easy. But I don't so then I need a way to give each form
 a unike name and this name I need to use in the function hentKoordinat().
 But when hentKoordinat is executed the variable containing the form-name is
 not yet set.
 
 When someone hits a button in one of the form-schemas the following
 happens:
 1) hentKoordinat() is executed. The form-schemas hidden field named yKoord
 gets the value: the amunt of pixels scrolled in y-direction. This doesn't
 work because $teller is not yet set (needed to specify which form is
 submitted).
 2)the page is refreshed and $teller is set to a number whisch says which
 form is submitted and $yKoord is set to the amunt of pixels scrolled in
 y-direction.
 3)onload in body calls the function mScroll which scrolls the page to where
 it was when someone clicked the button.
 
 Hoping someone can help, maybe I need to do this a totally different way?
 
 Thanks!
 
 Lars
 
 
 Tried to explain the code in test.php:
 
 !DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.01 Transitional//EN
 http://www.w3.org/TR/html4/loose.dtd;
 html
 head
 titleUntitled Document/title
 script language=JavaScript type=text/javascript
 !--
 
 function getPageScroll(){
 
 //this function returns scrollX and scrollY as probertys of
 getPageScroll. ScrollX and scrollY
 //contains the amount of pixels the page has been scrolled in x and y
 direction.
 
 var X, Y;
 if(typeof window.pageXOffset == 'number'){
 X = window.pageXOffset;
 Y = window.pageYOffset;
 }else{
 if((window.document.compatMode)
 (window.document.compatMode == 'CSS1Compat')){
 X = window.document.documentElement.scrollLeft;
 Y = window.document.documentElement.scrollTop;
 }else{
 X = window.document.body.scrollLeft;
 Y = window.document.body.scrollTop;
 }
 }
 return {scrollX:X,scrollY:Y};
 }
 function hentKoordinat() {
 
 // this function uses getPageScroll() to find pixels scrolled in y-direction
 and inserts this value into the hidden-form-value named yKoord in the form
 schema which holds the button clicked (form?php echo $teller; ?).
 
 
 //*Here the problem arises. The first time you click a button, $teller
 is not set. This method is executed before the page is refreshed. The value
 $teller is set when the page is refreshed.*
 
 document.form?php echo $teller; ?.yKoord.value = getPageScroll().scrollY
 }
 
 function mScroll() {
 
 //this function scrolls the page so many pixels that $yKoord holds in the
 y-direction.
 //to avoid error messages I set $yKoord like 0 if it is empty (scrolls
 nothing).
 
 ?php if(!isset($yKoord)) $yKoord=0; ?
 ?php if($yKoord=='') $yKoord=0; ?
 self.scrollTo(0,?php echo $yKoord; ?)
 }
 
 //--
 /script
 /head
 
 body onLoad=mScroll()
 ?php echo p Ykoordinat:  . $yKoord . p;
 echo Teller:  . $teller;
 
 for($i=0; $i150; $i++) {
 //prints 150 line breaks so that the page gets scrollable (the content does
 not fit the monitor-area)
 echo 'br';
 }
 for($teller=0; $teller2; $teller++) {
 //prints two form-schemas. Later on I will print a varying amount of
 form-schemas (depends on the amunt of
 //data in a MySQL-table)
 //The form name includes $teller so that each form-schema gets a unike name
 and I know which
 //$yKoord to update in hentKoordinat(). $teller and $yKoord is passed on as
 variables when the page refreshes,
 //so that I know which form's button1 is submitted and how many pixels there
 are to scroll when onload=mScroll()
 // in body is called (uses $yKoord).
 ?
 form action=test.php name=form?php echo $teller; ? onsubmit=return
 hentKoordinat()
 input type=hidden name=teller value=?php echo $teller; ?
 input type=hidden name=yKoord
 input name=button1 type=submit value=Send input
 /form
 ?php $teller++; ?
 ?php
 } //for($teller=0; $i2; $i++) {
 ?
 /body
 /html
 
 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Truncating text

[Justin French]

Take the truncating out of the picture, and just concentrate on returning
two results from mysql.  If that works, then try it with rows that contain
an exclamation mark (!).

If they both work, THEN concentrate on truncating the variable down.

Let us know how far you get, so we can pinpoint the problem.


Justin


on 05/03/03 12:45 AM, Sebastian ([EMAIL PROTECTED]) wrote:

 Good morning all.
 
 I have a mysql query that fetches some text. I am limiting the results to
 two (2).
 
 Then i am limiting the text to 30 characters and truncating it with some
  Like this:
 
 if(strlen($title) = 30) {
 $title = substr(trim($title),0,30);
 $title = $title.'..';
 }
 
 But when a $title contains a ! (exclamation point) it only shows one result.
 Why is an ! interfering?
 
 Any suggestions?
 
 warm regards,
 Sebastian - [BBR] Gaming Clan
 http://www.broadbandreports.com
 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Code Validator

[Justin French]

You need to validate the RESULT of the HTML/PHP source being processed by
PHP, resulting in pure HTML source, which is what your browser sees.

So, upload your pages to a server which can be accessed over the internet,
then go to somewhere like validator.w3.org, enter the URL, and it will
validate it.

If you're looking for an OFFLINE validator, then I think you'd need to View
Source on the resultant HTML output, copy and paste into a text editor, save
it, then run it through your validator.


Justin French


on 04/03/03 9:51 AM, Beauford.2002 ([EMAIL PROTECTED]) wrote:

 Hi,
 
 Is there a code validater for HTML/PHP.  I have one for just HTML, but once
 you introduce PHP it doesn't work.
 
 TIA
 
 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] ICQ # validation

[Justin French]

Does it actually NEED a regexp?

UNTESTED code:
?
$icq = 2264532680;
if( (is_int($icq))  (strlen($icq)  7)  (strlen($icq)  9) ) {
echo yah;
} else {
echo nah;
}
?

FWIW, Are you SURE that all valid ICQ #'s are between 7 and 9 chars?
Surely at some point they'll reach 10 chars, and *may* have started at 6?


Justin



on 04/03/03 6:00 AM, Liam Gibbs ([EMAIL PROTECTED]) wrote:

 Maybe I'm off my rocker, but I don't see how this can't work. I'm trying to
 validate an ICQ number, and assuming a valid one is between 7 and 9 numbers.
 My line of code is this:
 
 if(ereg(^[0-9]{7,9}$, $_REQUEST[icqnumber])) {
 print(a-okay!);
 } else {
 print(error msg);
 }
 
 I've submitted the ICQ # 2264532680, but it validates. Any ideas?
 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] 2 questions !

[Justin French]

on 02/03/03 7:51 AM, Vincent M. ([EMAIL PROTECTED]) wrote:

 Hello,
 
 I didn't find in the doc how to:
 - Know the full path of the current directory. Like /var/www/to/the/path

http://www.php.net/manual/en/reserved.variables.php#reserved.variables.serve
r


 - Know under which user work apache, to know when I create a file whose
 file it is...

the file is always owned by whatever user apache is... so really you'd have
to try a chown or chmod on the file, to see if you can correct it... really,
you don't need to KNOW who it's owned by, you need to SET IT to your
preference of owner and/or permissions.

I'm sure there's a way to check the owner of a file, but not (from what i
know) a way to check who apache is running as.


Justin


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] A PHP page counter / statistics app

[Justin French]

on 01/03/03 7:27 AM, Michael Zornek ([EMAIL PROTECTED]) wrote:

 I'm ether looking to find or build my own open source php based script, that
 would allow you to include a small code chunk on every page of a site and
 then view statistics from the info, on what pages were viewed, how many
 times, etc...
 
 First, if there are any you know of and want to recommend, please post.

 Secondly, if I do build it myself would it be better to write this log to
 file or mysql db? Right now I only get like 200 page views a day but still
 am concerned about resource use since I'm on a shared server.

It depends how detailed you you want it broken down by:

- page
- page and month
- page and week
- page and day
- page and hour
- page and minute
- page and second

Personally, I have two tables:

counters_page (id, url)
counters_hits (page_id, stamp)

My counters.inc script does the following:

- looks to see if the current URL is already listed in counters_page
- if it is, it grabs the id
- if not, it inserts and creates a new id
- inserts a record into counters_hits with the page_id, and a unix timestamp
of when that page was hit.

This way, I know the exact second that a page was hit... So I can perform
report on that data, selecting how many hits for each page within the last
week, month, year, minute, 30 seconds, etc etc.

This *IS* a little expensive in terms of data storage though.  Each hit to
the site costs around 20 bytes.  A site I recently launched has attracted
37,000+ hits, so we're already looking at 740k of data.  However, this table
layout IS more economic than recording the entire URL of each hit... instead
we only record the id of the URL.


If I were only concerned with days, or months, I'd choose to store less data
(and may still!!)... for example, a current timestamp is 10 chars long,
wheras storing 2003-03 is only 7 chars (but only cares about the month, not
the day, hour, minute, second, etc).


The key issue with the above design is NOT how long it takes to record the
data (I have never noticed any performance hit on my code, even on a very
busy shared server).  It seems to be (although not drastic AT ALL) at the
point where I choose to report.  It's a LOT of information to plow through,
and it will get worse :)

There are plenty of things I can do though... I can archive reports, I can
cache queries, I can perform monthly analysis, etc etc.  To me, the most
important factor is the data, and I know I've got exactly what I want.


You may also wish to know things like what browser they're using, their IP
address, etc etc, which may be a key reason why you should build your own.


I choose to build my own for the following reasons:

1. learn learn learn
2. keep it tightly integrated with my other admin tools
3. get exactly what I want


Also check out:

http://www.phpbuilder.com/columns/index.php3?cat=5subcat=32 (logging
category)


 
 Finally, can you call a php script from an ServerSideInclude page??

not sure, but you should check the archives for server side includes and ssi


Justin


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Deciding the directory for the uploaded file?

[Justin French]

It's all in the manual:

http://www.php.net/manual/en/features.file-upload.php

In particular, look at the lines involving move_uploaded_file()

Justin French


on 03/03/03 4:00 PM, Denis L. Menezes ([EMAIL PROTECTED]) wrote:

 Hello friends.
 
 I have seen some php scripts for uploading files. They all mention thet the
 file goes to a temporary folder.
 
 How can I upload the file to a particular folder that I have created?
 
 Thanks very much.
 Denis


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Capitalising Personal Names

[Justin French]

What about DeSilva And McSomething?

Justin


on 28/02/03 10:11 PM, Danny Shepherd ([EMAIL PROTECTED]) wrote:

 Hi,
 
 Well it's hardly rocket science - a flick through the manual and I came up
 with :
 
 $name=ucwords(strtolower($name));
 
 HTH
 
 Danny.
 
 - Original Message -
 From: Geoff Caplan [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]
 Sent: Friday, February 28, 2003 10:31 AM
 Subject: [PHP] Capitalising Personal Names
 
 
 Hi folks,
 
 I need to clean up the capitalisation of user-entered personal names.
 
 Once you start thinking about it, you realise it is a non-trivial
 issue, but previous discussions on the list presented only very
 partial solutions.
 
 In Perl, there are Cpan modules such as namecase and nameparse which
 handle this quite well. Does anyone have anything similar in PHP?
 
 Thanks
 --
 
 Geoff Caplan
 Advantae Ltd
 
 
 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php
 
 
 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] How can I detetct if session cookies are enabled?

[Justin French]

on 01/03/03 3:52 AM, Don ([EMAIL PROTECTED]) wrote:

 Hi,
 
 I have a site that requires a user to login in for extended function.  The
 site uses sessions.  I note that if a user configures his/her browser block
 all cookies, he/she will not be able to navigate the extended part of the
 site.  Is there a way (PHP code if possible please) to verify if session
 cookies are enabled in the user's browser?

On the page that you set the cookie on, you need to append a value like
setcookie=true to all the URLs on the page (or perhaps this can be
achieved transparently with a header() or meta refresh...  Then, on the page
following that, if $_GET['setcookie'] is true but you can't find a session
id, then you know that the cookie failed.

The other way sessions can be passed around is in the URL... you can
manually add the SID to all URLs in your site, or recompile PHP with
trans-sid, and it will do everything above for you, transparently... if the
user has cookies, it will use them, otherwise it will modify URLs to include
the SID.

Justin


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] strip comma from $value

[Justin French]

on 01/03/03 4:41 AM, Hugh Danaher ([EMAIL PROTECTED]) wrote:

 try ereg_replace(,,,$value);

no need for ereg here...

str_replace(',','',$value);

:)

justin


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] HELP PLEASE ! Need PHP Advice !!!

[Justin French]

Right, well there's a few issues here.

1.

You're asking if there's a way to parse a QXD file so retrieve the text from
it.  I doubt this can be done.  I had a quick google for it, to no luck.  I
also bothered to open up a Quark 3.32 file in my text editor, to check out
the source.  It looks pretty complex.

However, there MAY be some light at the end of the tunnel.

a) PHP *IS* able to read and write PDF format.  Prerhaps if your newspaper
designers export a PDF of the newspaper (relatively easy). you can pick up
the pieces you need through the PDF, rather than the QXD file.

b) What you're really talking about is using one set of data in multiple
ways (web  print, then maybe email, WAP, PDA, etc).  What I'd be aiming to
do is have all the text/content stored in a shared database or easy-to-parse
file format (like XML), so that the writers write to this format, then the
designers copy + paste to Quark, the editors can edit directly in the XML
file or via database GUIs, and people in charge of other content formats
(like web_ can either copy + paste from the central content, or parse it
with a program like PHP.

c) Perhaps your company should look at Adobe InDesign 2 -- I read an article
which briefly discussed it's ability to parse or read from XML files -- so
you could have a simple XML doc:

---
article

id28/id

titleLearning about XML/heading

subtitleI wish I had time to explore this properly!/subtitle

authorJustin French/author

email[EMAIL PROTECTED]/email

keywordsXML,Justin,Foo,Bah,PHP/keywords

content

p class=introIn this article, I'll attempt to show you some blah
blah./p

pParagraph 1/p

pParagraph 2/p

pParagraph 3/p

p class=footerThis is my footer/p

/content

/article
---

I *think* InDesign 2 can take this data, and with the designer's help,
format it to a designed article.

At the very least, you could export some nice clean plain text for the
designer to copy+paste, which is probably what they already do (copy+paste
from Word to Quark.




2. Image files in Quark need to be either TIFF or EPS format.  So, what you
need is a way of copying these files, converting them to JPEGs, GIFs or
PNGs, and resizing them to suit the web.

I don't really know if the image functions in PHP can do this... best left
to others.

You *could* batch convert everything to a RGB JPEG using photoshops batch
processing and actions, THEN get PHP or Photoshop to do the resizing etc.

However, cropping and whatnot of a file is often something that can ONLY
be done by eye... You may never be able to achieve this with automated
computer programs.



Think about the real issue.  Is it taking stuff from quark and messing with
it, or is it having a good clean source of data which can be used many
ways?


Justin French




on 28/02/03 12:24 AM, justin brenton ([EMAIL PROTECTED]) wrote:

 can anyone give me some good advise on how abouts I should go about
 maintaining a newspaper website.
 
 here is what is currently in place and how i want it to be managed
 
 right now the newspapers are published in a quark file from that file
 pictures have to be placed in photoshop and resized , croped and what not
 and then inserted into a html page, the content i.e text is in this quark
 file as well and is copied and pasted into a html file, what i want to do is
 have the site automated to some extent so i do not have to be doing all this
 copying and pasteing it's a total waste valueable time. what i would like to
 have it some way to have a php script to take this info from the quark file
 and the pictures and have them either transfered to a html page or to a
 database from there i could call from the php script.
 
 
 
 ANYONE HAVE ANY IDEAS ON A GOOD WAY TO GO ABOUT THIS ... PLEASE CONTACT ME
 
 [EMAIL PROTECTED]
 
 remove the NOSPAM from address
 
 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Deleting a page after viewing it

[Justin French]

Yes, with either sessions, POST or GET, you need to let the second page know
that it has to delete the other page, and then delete it with unlink...
although I'm SURE there's gotta be a better way to do all this rather than
creating/deleting files for each member.

Justin


on 27/02/03 4:32 AM, Paul ([EMAIL PROTECTED]) wrote:

 I have a confirmation of membership page a user would arrive at after
 clicking on a URL in an email. After they click on a link in this page I
 want to delete the page itself so it will only exist for this one use.
 The URL in the page does go to another Welcome page which is on
 another server. Do I need to include something in the second page that
 will do the deleting, or can I delete it from within the script for the
 first page that deletes as of the click on the URL. Haven't written any
 code yet for this, but I'm thinking unlink.
 
 TIA,
 Paul
 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] session_start

[Justin French]

Yeah, get a new host :)

J


on 27/02/03 11:36 AM, Mr Percival ([EMAIL PROTECTED]) wrote:

 
 [snip]
 Not to be nosey or anything but usually session data will always be saved
 or not. How come one would want to check to see if is was or not.
 [snip]
 
 Maybe I am on the wrong track but the other day I got a disk full error when
 I was sending some mail... at the same time while my website was working, it
 wasnt saving session data, so users were getting sent back to the login page
 instead of going on to use the site.
 
 What I was hoping to do was to be able to give a error message if the server
 was having this problem, but in order to do that I was needing a way of
 knowing if it was because the session_start failed or users who didnt have
 cookies turned on.
 
 I probably just need to get a new host since these disk full errors happen
 regularly. :(
 
 Mr P.


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Emacs?

[Justin French]

on 27/02/03 11:55 AM, Larry Brown ([EMAIL PROTECTED]) wrote:

 25

ahahahahahahaha


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Newbie Security Questions...

[Justin French]

on 25/02/03 1:10 PM, Miguel Angelo ([EMAIL PROTECTED])
wrote:

 From what i have studid the session management, were you start a session
 id, and can put in several variables... My question is this, this variables
 remain were ? on the user browser (cookies, url enconding ?) or does the
 user just receive the single session id, and the rest remain on the server ?
 This is a important security consideration for me.

The session ID is stored on the browser (either with cookies or URL).  The
session var/value pairs are stored on the server.

Justin


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Uploading Images

[Justin French]

http://php.net/filesize
http://php.net/getimagesize

http://www.php.net/manual/en/features.file-upload.php
Also mentions Related Configurations Note: See also the file_uploads,
upload_max_filesize, upload_tmp_dir, and post_max_size directives in
php.ini

Please search the manual first -- it isn't hard to find what you need!


Justin French


on 26/02/03 5:12 AM, clarionhaze ([EMAIL PROTECTED]) wrote:

 Hey guys I need to make a place for people to upload images and then I need to
 make sure the file size is alright and the pixel size too...  Could someone
 please send me in the right direction?
 
 -steven


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] no session id

[Justin French]

on 26/02/03 11:39 AM, php ([EMAIL PROTECTED]) wrote:

?
session_start ();

// OPTION
echo session id:  . session_id();

// OR
$sid = session_id();
echo $sid;
?

Justin


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Passing emails to database

[Justin French]

Please keep the emails on-list, so that others can learn, and search the
answers in the archive -- that's the whole point of the list.


on 25/02/03 12:14 AM, Alberto Brea ([EMAIL PROTECTED]) wrote:

 Justin,
 Thanks for your answer
 The only real problem seems to be how to capture the different parts of an
 incoming email (from, date, message, etc) somehow into PHP variables.

Did you even read the IMAP page on php.net?
http://www.php.net/manual/en/ref.imap.php

I doubt it, because it clearly shows a list of imap functions, including
imap_body(), imap_subject(), etc etc.

Please at least do SOME research before asking questions.


 Then you INSERT them into the (e.g.MySQL) database or do anything else with
 them.
 Is there an easy way to do this? I have never used IMAP functions, but I can
 learn if this is the way.

I doubt you've got imap functions installed at the moment... it requires
extra components, so that may be your first issue.


 As to your comment, my PHP is installed as an Apache module (on Windows), not
 as CGI.

Well then that rules out one of the two options (using .forward to pass the
emails to a PHP script).  You'll need either PHP as CGI, OR the IMAP
functions AFAIK -- your choice.


Justin


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP_SELF syntax

[Justin French]

on 24/02/03 11:42 AM, Jason Lange ([EMAIL PROTECTED]) wrote:

 What you might try is removing the single-quotes from around PHP_SELF.
 
 Before: $_SERVER['PHP_SELF']
 After:  $_SERVER[PHP_SELF]
 
 Another note: as far as I can tell you do not need the braces ({}) to
 enclose a variable within a double-quoted string. I may be wrong, but
 nothing I've read advocates doing this, and I've never had a problem
 with my code when I've written it this way.

Wrapping vars in braces helps clarify the code, and can avoid problems like:

?
$price = '44.99';
echo Price: US$$priceeach;// probably won't work
echo Price: US${$price}each;  // will work for sure
echo Price: US$ . $price . each;// will work, but not my pref
?

I've also found it helps with things like:

?
echo a href='{$_SERVER['PHP_SELF']}'click/a;
?

... where normally the single quotes would cause confusion, or require the
href to be wrapped in escaped double quotes.

In otherwords, wrapping $vars in {braces} provides clarity to both the PHP
parser, and to the writer, IMHO.


Justin


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Downloading files

[Justin French]

on 24/02/03 1:01 AM, Anthony Rodriguez ([EMAIL PROTECTED]) wrote:

 In PHP, is there a way to allow the user to download a file (e.g.:
 sample.txt) to their computer? And, then, automatically return to the
 PHP-generated Web page.

why do you need to re-run the page?  it can be done with a bit of messing
around, but i can't imagine why :)

you can force the download of a file by setting the correct headers using
header() and passing the file through.  see the user notes on
http://php.net/header.


if you're only talking about text files, then why not simply do a
href='blah/sample.txt' target='_blank'click/a ???

This will pop it up in a new window, leave the original window untouched,
and they can choose save as from the file menu.

if for some reason you DO want the original window to be refreshed, this
could easily be done with a javascript onclick event in the above a tag.


 How can the file be stored in C:\sample.txt, for example?

you have no control over where the user downloads the file to -- it's
entirely up to them and/or their browser settings.  actually, forcing a
download really isn't true... in most cases your really forcing a 'save
file as...' dialogue window.


Justin



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Another Logging Question

[Justin French]

on 24/02/03 3:30 AM, Matt Honeycutt ([EMAIL PROTECTED]) wrote:

 I'd like for my counter/logger to be fairly scalable, so I'm toying with two
 possible implementation routes:

what are you logging (what kind of data)

 1. Have the counter dump visitor info to a text file, then run a cron job on
 that nightly to process the data and perform a full analysis.

Archiving a report, rather than archiving the raw data can save lots of
space, and yes a cron would be the best way.  the downside is that the
report is the ONLY record of the data.


 2. Have the counter dump the visitor info into a DB (probably MySQL), then
 process the data whenever the administrator wants to view his stats.

On-demand stats will use up more space long-term than generating monthly
reports or something... but there are obvious benefits.  The biggest issue
IMHO is that if your site is processing a large amount of data, processing
it over and over and over on demand is going to burden the server.


 Anyone have any suggestions or considerations on which method would work
 better?  Is there something else I should do instead?

If you're going to be dealing with large amounts of data, a combination.

Perhaps perform a monthly analysis and consolidation of data to keep on
demand / real time processing to the current month only...  However, make
sure you keep the long-term data SOMEWHERE, in case you want to change the
reporting, method, or analyse the data a different way.


If we're only talking about a counter on a few pages, real-time should be
fine.


Justin


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] re-populate array keys

[Justin French]

Hi, after asort()ing an array, the numeric keys are obviously out of order.
what i'd like to do is reset the keys, starting at zero.

is there a function for this, or do I just walk through the array with a
foreach() and do it manually?


Justin


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] re-populate array keys

[Justin French]

Oooops!

Didn't see it, despite looking over and over :)

Thx,

Justin


on 24/02/03 3:42 PM, John W. Holmes ([EMAIL PROTECTED]) wrote:

 Hi, after asort()ing an array, the numeric keys are obviously out of
 order.
 what i'd like to do is reset the keys, starting at zero.
 
 is there a function for this, or do I just walk through the array with
 a
 foreach() and do it manually?
 
 Why don't you just use sort()?
 
 ---John W. Holmes...
 
 PHP Architect - A monthly magazine for PHP Professionals. Get your copy
 today. http://www.phparch.com/
 
 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] table border colors in html/xml

[Justin French]

CSS will help here... however this is definitely NOT a php question... :)

Try the NG:
comp.infosystems.www.authoring.stylesheets

Justin

on 24/02/03 5:23 PM, Sunfire ([EMAIL PROTECTED]) wrote:

 hi
 
 my client just told me that he wants his table borders shown on his web page
 to be a darker blue than the default color  of html web page tables.. does
 anybody know how to set the color for the table border color?
 
 would it be something like:
 table bordercolor=x
 or is it something different...
 
 
 
 
 ---
 Outgoing mail is certified Virus Free.
 Checked by AVG anti-virus system (http://www.grisoft.com).
 Version: 6.0.443 / Virus Database: 248 - Release Date: 1/11/2003
 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] dynamic website screenshot/screen capture

[Justin French]

on 22/02/03 5:55 PM, olinux ([EMAIL PROTECTED]) wrote:

 Hi all - 
 While I know that this is not possible with PHP alone,
 Does anyone know how to capture website screen shots
 using PHP. I have recieved many spam mails featuring a
 screen shot of our company website and I imagine that
 it would be quite possible combined with some sort of
 web browser.

I doubt PHP will have anything to do with it... My guess is there MUST be
some form of automation/macro tool available on Windows or Linux, which
enables you to load a URL in a browser, and take a screen shot.  I get the
feeling it could also be done with AppleScript on the Mac.

Afterall, PHP, Perl, etc aren't a browser.  But it's possible that PHP can
trigger a command-line program to do the above.



Justin French


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Problem with Arrays?

[Justin French]

on 22/02/03 11:46 PM, Patrick Teague ([EMAIL PROTECTED]) wrote:

 I ran into something interesting  the only thing I can figure out is that
 functions won't use any variables other than globals, those past to the
 function, or those created inside the function?

exactly :)

you bring the array or variable into the scope of the function

?
$byteSize[0] = bytes;
$byteSize[1] = kb;
$byteSize[2] = mb;


function getMaxSize( $maxSize )
{
global $byteSize;

echo $byteSize[0] . br/\n;
echo $byteSize[1] . br/\n;
echo $byteSize[2] . br/\n;
}
?


Justin French


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Printer Friendly page

[Justin French]

if you're already building dynamic pages, just roll your own... set a GET
var to trigger a simple page view (simple layout, less HTML, very little
CSS, no tables, etc etc) which uses the same CONTENT but keeps it simple for
printing.


justin



on 23/02/03 8:28 AM, Sebastian ([EMAIL PROTECTED]) wrote:

 Greetings all.
 
 I am looking for a simple print page script. I tried just about all the print
 scripts at hotscripts.com and not one works (at least for me).
 
 Does anyone know of one that works under php v 4.2.3 with register globals
 off?
 
 thanks in advance.
 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Logging Referer

[Justin French]

on 22/02/03 10:19 AM, Matt Honeycutt ([EMAIL PROTECTED]) wrote:

 I'd also like for it to log the referer,
 but because the counter is triggered via an img tag, the referer is always
 the page that has the img tag.  Is there any other way to grab the referer
 that actually sent the user to the page that contains the counter?  I'd like
 for the counter to work even when included in static HTML pages, so the
 including page cannot use any PHP to help facilitate this logging
 functionality.

No, not easily :)

On PHP pages, you could get the referrer, and append it to the URL, forcing
the correct REFERRER through to the img script:

img src=makeMyCounter.php?ref=?=$_SERVER['HTTP_REFERRER']?

And you *could* choose to force .html files through the PHP parser, so
foo.html could use the above code.


I think the other alternative is to use javascript to build the img tag,
because I'm pretty sure JS can figure out the referrer.

But this has the obvious downside of JS being NO WHERE NEAR guaranteed to be
on each browser.


I think i'm missing something though, because I *think* those free
counter/stat programs DO log a referrer... wait -- just checked
thecounter.com, and they DO use JS for the referrer.


Justin


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] sessions

[Justin French]

on 21/02/03 5:34 AM, Joseph Bannon ([EMAIL PROTECTED]) wrote:

 I'm starting to use sessions for my website and wanted
 to know some things before I fully commit to use them.
 
 1) How are sessions different from cookies other than
 where the information is stored?

A session is just a method of maintaining state (ie, a way of recognising
the same browser/client on each request).  One of the methods for
maintaining this state is cookies, the other is by passing a SID around in
the URL.

In the case of cookies, the ONLY data being stored client side is a session
ID... if you choose to *entirely* manage your session via cookies, then
you'd have to store more data on the client side cookies (uid, pass,
preferences, etc).


 2) Does session data stored on the server
 automatically delete after a certain time?

Yes.  There's a lifetime setting (seconds), and there's a garbage cleanout
routine.  Once the garbage probability has been triggered AND the session
lifetime has expired, THEN it gets deleted.


 3) Is a session id created for each user per each
 browser or just per each user?

Each BROWSER/CLIENT... in the case of cookie based sessions, the cookie is
set on the browser, containing a session id... Yes, the user could spoof the
cookie on another machine and continue the session, but I dount that was
your question.  Same with URLs -- the session is passed around via URL, the
user *could* grab the SID out of the URL, and append it to another URL on
another browser/machine.


Justin


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Find IP address

[Justin French]

on 20/02/03 1:08 AM, Christian Ista ([EMAIL PROTECTED]) wrote:

 Is there a better way to be sure, I have the IP address of the user (the ISP
 ip address)

No.

IP address' can be faked, they can be part of a firewall/network, and the
browser can choose not to send them.  They are helpfull, but not a solution
to anything.

Another common problem is users who's IP address changes constantly (whilst
still being connected) -- AOL and other ISPs are notorious for this.


Cheers,

Justin


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Date/Time Logic

[Justin French]

I assume you talking about a logged in, validated user -- because there's no
way to prevent a user from deleting their cookies, or changing their IP, or
using a different computer to access the site.

My only suggestion is that you create a user/pass login system, maintain it
with sessions, and make the site members-only.

As part of the sign-up process, keep a timestamp of when they joined, and
each time they log-in, check that their stamp is within the limits set.

Next time they login after that date, you can use their login as the trigger
to:

a) set the account to invalid
b) send the admin a report email
c) update any other data and tables
d) prompt the user to buy more time, or whatever


By keeping timestamps of when they signed up, when they last logged in, you
can also build reports about who has logged in, who is about to run out of
time, who needs a reminder email sent about buying more time, and even run
some garbage cleanout stuff, so that users who have expired, and haven't
shown up in 2 months get auto-deleted or whatever.


Some of it could be done with cron jobs, or you could just choose to run a
script from your browser daily/weekly/yearly to trigger the processing.


Justin


on 20/02/03 5:50 AM, Brent Baisley ([EMAIL PROTECTED]) wrote:

 It sounds like you're asking for triggers, which are available yet. But
 you could setup a cron job to run every night to update the database. It
 would be no different than doing a nightly dump for backup. You could
 even have it email you the accounts that were closed and those that will
 be closing in the next week or two.
 
 If that won't work for you, then you can just have the user login kick
 of the disabling code. It would still restrict access, but wouldn't give
 you the timely notification you're asking for.
 
 On Wednesday, February 19, 2003, at 12:46 PM, Pushpinder Singh Garcha
 wrote:
 
 Hello  Everyone,
 
 My php/mysql application needs to keep track of the first time that a
 User logs on to the site. Afterwards the User should be allowed either
 3 days / 3 months/1 year of access to the site. Once the stipulated
 time period is over the system should invalidate the login of the user.
 The Admin/ User should get email notification about this. The
 notification part is easy the hard part to figure out is how to be able
 to keep and tab on the Time Period stipulated for a user.
 
 Thanks in advance
 Pushpinder Singh Garcha
 _
 Web Architect
 
 --
 Brent Baisley
 Systems Architect
 Landover Associates, Inc.
 Search  Advisory Services for Advanced Technology Environments
 p: 212.759.6400/800.759.0577
 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP][PHP] Money Decimals

[Justin French]

Did you even bother to look on the site?

To prove a point, I did a seach for the word number on PHP, and found this
result within SECONDS:

http://www.php.net/manual/en/function.number-format.php


Justin French





on 20/02/03 9:54 AM, Dennis Cole ([EMAIL PROTECTED]) wrote:

 I am writing a script that will take amount out of a database then display
 them on the page. But, some of these are like 46.0 or 46 or 46.005,
 and they all need to look like 46.00. Is there an easy way to do this.
 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] problem with mysql / auto increment fields.. ?

[Justin French]

if you check on the FIRST insert (the primary table that holds master
usernames) to ensure the uname doesn't exist, THEN do the other queries,
there shouldn't be a problem.


I think the key here is that you're using the username as the unique key,
and putting that username in multiple tables... really, you should be taking
advantage of mysql's auto-increment on an ID field... therefor the username
brad_is_the_best_2002 is an alias of userid 204... all your other tables
(bb etc) should be using 204 as the id, not brad_is_the_best_2002...

1. gives people the chance to change usernames, because the ID is primary,
not the username

2. saves HEAPS of space:
Consider using 10 character unames everywhere:
1000 users x 10 char uname x 10 BB posts each = 100k of data -- not too bad
5000 users x 10 char uname x 50 BB posts each = 2.5meg of data -- an issue
5000 users x 15 char uname x 50 BB posts each = 3.75meg of data -- an issue

Then consider using 4 byte userIDs (like 1042) everywhere:
1000 users x 4 byte uid x 10 BB posts each = 40k of data -- better
5000 users x 4 byte uid x 50 BB posts each = 1 meg of data -- 60% space save
5000 users x 4 byte uid x 50 BB posts each = 1 meg of data -- 74% space save

... and in practice, the first 99 uid's will only be 2 bytes, the next 900
will only be 3 bytes, etc etc.


I'm no database expert, but I guess that's the point behind relational
databases... the same user can be related to many tables, using just a few
bytes of data, rather than a 6-20 character username.


So, after your first insert into the primary user table, you would find out
what ID you just inserted with mysql_insert_id(), and use THAT to insert
into the related tables...

Of course, your BB may require a full username, and lots of your other
architecture may have to be changed, but I'm just pointing out that it's
worth getting this stuff right, because one day you'll copy the same
code/structure to another site, and it may attract 100,000 users really
quick, and you might end up with a MASSIVE data problem REALLY quick -- it's
happened to me :)


Justin French

on 20/02/03 11:34 AM, Chris McCluskey ([EMAIL PROTECTED]) wrote:

 MySql should insert a value into that column when you update if you are using
 an auto_increment field.  this value will always be unique.  period.
 
 -Chris
 
 -Original Message-
 From: Chad Day [mailto:[EMAIL PROTECTED]]
 Sent: Wed 2/19/2003 1:16 PM
 To: php general 
 Cc: 
 Subject: [PHP] problem with mysql / auto increment fields.. ?
 
 
 
 On my website there are a couple places where people can sign up ..
 
 The querys after the sign up process look like
 
 $blahblah = query(insert firstname lastname) values (blah blah blah)
 $userid = mysql_insert_id($blahblah);
 
 $insertintoothertable = query(userid, blah blah blah) etc.
 
 it then uses this userid var to insert them into a variety of other tables
 for other things on the site, such as a phpBB account, etc.
 
 if multiple people are signing up for accounts at different places, is there
 the possibility that a duplicate userid could be assigned, or anything like
 that?
 
 Thanks,
 Chad
 
 
 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php
 
 
 
 
8b°
?¨¥S´?w?
?º?


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php ecommers site

[Justin French]

phpShop.org

not sure about XML, but everything else is covered

Justin


on 20/02/03 1:06 PM, Chris Knipe ([EMAIL PROTECTED]) wrote:

 Lo all,
 
 Is there any good already developed PHP based commerce solutions out there?
 I'm preferably looking for something with catalogues (product pics,
 descriptions, ratings, buyer comments, etc), online payment options, xml
 support (to sell via partners for example), etc etc etc.
 
 Thanks,
 
 --
 me
 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] ishttp://username:password@localhost.com/secure_area/ secure ?

[Justin French]

First things first, ANYTHING you do without https:// (SSL) is insecure.
Anything you do with SSL is more secure, not secure.

Which answers 90% or your questions.


If you are stuck with the username:password@ in the URL, my guess is you
could get your current URL, use parse_url to check if it has the uname and
pass bits in it, and if so, rebuild the URL without them, and redirect... it
could be quite messy, and I haven't thought it through tho!!


BUT, my real advice is to choose EITHER http authentication (let them login
via the usual pop-up), OR choose PHP based authentication with sessions.

It's REALLY easy to write a script which can protect certain files from
non-logged in members with PHP.


Justin French





on 18/02/03 10:22 PM, Shams ([EMAIL PROTECTED]) wrote:

 Hi,
 
 I have a PHP login scripts that takes the username and password and
 stores it in a session.
 
 Once verified as a valid user against a mySQL database, the user is
 redirected to a members area ( /secure_area ), using:
 
 http://username:[EMAIL PROTECTED]/secure_area/
 
 This is so that .htaccess (which is in /secure_area won't pop up its own
 login/password box).
 
 However, i am having a couple of problems,
 
 first, once the user is redirected to the /secure_area folder, EVERY link on
 that page (and onwards) is prefixed with
 http://username:[EMAIL PROTECTED].. for everyone to see !!! and
 thus the password has been exposed.
 How can I stop it displaying the username and password ?
 
 And also, is this a secure way of logging in?
 
 (it is the only way I can figure out how to do it, so that PHP logs u in and
 passes username and password to .htaccess quietly).
 
 Many Thanks for any help!
 
 Shams
 
 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Sending/recieiving email

[Justin French]

for sending, it can be REALLY basic (php.net/mail) or really complex... if
you want the complex end of things (HTML, attachments, etc) try manuel
lemos' class on phpclasses.com

for receiving, i've never done it, but php.net/imap looks like the go

justin


on 19/02/03 10:13 AM, Jono Bacon ([EMAIL PROTECTED]) wrote:

 Hello all,
 
 I am looking to work with email and PHP, and I was wondering what would
 be the best way to deal with sending and recieving mail - is there a
 library pre-written or can I write it with functions that are part of
 PHP itself.
 
 Cheers,
 
 Jono
 
 
 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Redirect without header or javascipt

[Justin French]

without header() and without javascript?

your only option would be a meta refresh, which i can't imagine is going to
help :)

Justin



on 19/02/03 9:59 AM, Daniel Guerrier ([EMAIL PROTECTED]) wrote:

 Is there any to redirect in php with using header()
 and without the use of javascript?
 
 __
 Do you Yahoo!?
 Yahoo! Shopping - Send Flowers for Valentine's Day
 http://shopping.yahoo.com


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] limiting characters

[Justin French]

Do you want it chopped at a certain number of words, or characters?

Justin French



on 19/02/03 10:00 AM, Michael P. Carel ([EMAIL PROTECTED]) wrote:

 Hi to all,
 
 How could i limit the character output that is being displayed in the html
 page. Is there a function or a php classes that perfectly support it?
 
 Example:
 
 $myoutput = This is my sample output.;
 
 Required Output:
 
 This is my 
 
 Any idea? Thanks in advance for the replies
 
 
 
 mike
 
 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] limiting characters

[Justin French]

Season to taste:

?
function chopper($string,$length=20, $suffix=...) {
$words = explode(' ',$string);
if(count($words) = $length) {
$i = 0;
$new = '';
while($i  $length) {
$new .= $words[$i].' ';
$i++;
}
if($suffix) {
$new .= $suffix;
}
return trim($new);
} else {
return $string;
}
}

$foo = This is my really long string;

// EXAMPLES

// no change, since $foo is less than 20 chars (default)
echo chopper($foo);

// echos 'This is my ...' -- uses default suffix
echo chopper($foo,3);

// echos 'This is my [too long]'
echo chopper($foo,3,'[too long]');
?


Justin French



on 19/02/03 10:18 AM, Michael P. Carel ([EMAIL PROTECTED]) wrote:

 it would be better if it will be chopped by words and not by characters. Any
 idea how?
 
 - Original Message -
 From: Justin French [EMAIL PROTECTED]
 To: Michael P. Carel [EMAIL PROTECTED]; [EMAIL PROTECTED]
 Sent: Wednesday, February 19, 2003 7:26 AM
 Subject: Re: [PHP] limiting characters
 
 
 Do you want it chopped at a certain number of words, or characters?
 
 Justin French
 
 
 
 on 19/02/03 10:00 AM, Michael P. Carel ([EMAIL PROTECTED]) wrote:
 
 Hi to all,
 
 How could i limit the character output that is being displayed in the
 html
 page. Is there a function or a php classes that perfectly support it?
 
 Example:
 
 $myoutput = This is my sample output.;
 
 Required Output:
 
 This is my 
 
 Any idea? Thanks in advance for the replies
 
 
 
 mike
 
 
 
 ---
 [This E-mail scanned for viruses]
 
 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Sessions Timing Out Too Often

[Justin French]

Did you look in the manual first?  Didn't think so.

php.net/session
first search result is http://www.php.net/manual/en/ref.session.php

There are two PHP.ini settings you should look at:

session.gc_probability specifies the probability that the gc (garbage
collection) routine is started on each request in percent. Defaults to 1.

session.gc_maxlifetime specifies the number of seconds after which data will
be seen as 'garbage' and cleaned up.


if you can't change the settings yourself in php.ini (or ask the host to),
then i'm 99% sure they can be over-ridden on a per-directory basis using a
.htaccess file (apache assumption here).

Something like (guess):

IfModule mod_php4.c
php_flag session.gc_maxlifetime 1440
/IfModule


Of course, all this was available by:

a) searching the manial
b) searching the archives, where this gets asked weekly


:)


Justin French



on 19/02/03 12:59 PM, Monty ([EMAIL PROTECTED]) wrote:

 I'm finding that my sessions seem to be timing out fairly quickly. For
 example, in a little forum I wrote with PHP, people are telling me that if
 they type a long message and click Submit, they are taken to the Login page
 because their session obviously timed out, and they loose their posts in the
 forum. I do have a remember me feature that uses a cookie, but, not all
 visitors are using it, and they are the ones experiencing this problem.
 
 Is there a way to extend session time, and is that the best way to reduce
 this problem from happening to most members?
 
 Thanks!
 
 Monty
 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Protecting files

[Justin French]

My preference

1. if possible, store the files above your public_html directory (doc
root)... this means they cannot be over http:// by apache, if that isn't
possible:

2. use .htaccess to either block the entire directory of includes, or all
*.inc files, or whatever you think is best.  Personally, I block *.inc
across all my sites, via a .htaccess file in the doc root:

Files ~ \.inc$
Order Allow,Deny
Deny from all
/Files

3. I don't think permissions (chmod) of the file will help much, since
apache needs to read the files for them to be included... you should make
sure that other users on the server cannot include() your .inc files from
their account... if they can, find a new ISP ASAP, because they're obviously
DUMB.


I personally don't like the idea of naming all inc files *.php, because
there is a CHANCE that they might be executed out of context (imagine if you
had an include file which (stupidly) worked fine within the context of your
whole site, but accidentally deleted a whole table of data if executed on
it's own... YUK!!).

The upside of naming them .php is that if the server's sys admin accidently
takes away permission for .htaccess files, or you accidentally delete your
own .htaccess file, you're still protected.


Perhaps you could consider BOTH:

Files ~ \.inc.php$
Order Allow,Deny
Deny from all
/Files

... this will prevent them being served at all... in the event that the
.htaccess is deleted or disabled, you can rest easy that PHP will parse
them, so that they cannot see the raw file.


By the way, this has been discussed in the archives MANY times, so do some
background research first... or even right now :)


Justin



on 18/02/03 8:17 AM, PR ([EMAIL PROTECTED]) wrote:

 Hello,
 
 How can I protect my php files among other files like templates
 (.inc) and mysql config  (config.inc) files being copied/read/imported (front
 page)/used by other applications other than my
 site...
 
 can this be done by htaccess? is so , could anyone point me into right
 direction?


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] MD5 Password Login Driving me Crazy

[Justin French]

on 18/02/03 6:42 AM, Vernon ([EMAIL PROTECTED]) wrote:

 When the user goes to login into the page though I have the encrypted
 password echo to the page and they match except a 52 on the end of it which
 I am assuming is a space or something being picked up on submit or
 something. I recall there is a way to trim the field so that it doesn't pick
 up spaces but can't recall what it is. Anyone know what it is and if it
 could be that?

SEARCH THE MANUAL!!!

http://php.net/trim


Justin French



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] MD5 Passwords (How it works?)

[Justin French]

on 18/02/03 3:59 AM, Vernon ([EMAIL PROTECTED]) wrote:

 I'm thinking that the MD5 function more than likely encrypts a password to
 store into a database, and when you log in using the MD5 function it will
 simply encrypt the value being passed along again the same way. Now I'm
 wondering what happens when I user has lost there password and needs to
 retrieve it, there is no way to reverse the process is there?

No, there isn't -- md5() is NOT encryption (a 1 meg file and a 5 character
password will both have the same length md5 value).

You would need to write a script which resets their password, and sends it
to them via email.

If they've fogotten what password they set, then they're obviously not too
precious about it being the same password.  Reset it to something random,
send it to them via email (handy for confirming their email address is still
valid), and let them login with that password, and change it to something
else if they wish.

Justin French


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] session cookie that never expires

[Justin French]

on 18/02/03 1:40 AM, Altug Sahin ([EMAIL PROTECTED]) wrote:

 Hi there,
 
 I have setup a site with session management but even the browser is closed
 or after the default time expiration of the session, the user should be able
 to see his/her personalized settings. I am nor using any cookies.
 
 How can I make this happen without changing my session related code? Should
 I combine cookies with sessions or can I make my sessions never expire even
 the browser is closed?

Sessions are just that -- a single session, so no, a session cannot live
forever.  However a cookie can.  You *could* set a cookie with the users uid
and pwd, and check for the cookie before asking the user to login, but
obviously there are some vulnerabilities to this, so it should be an OPTION
for users, rather than FORCED upon them... they should also be aware of the
risks.

One of many risks is the fact that if they're on a shared computer (library,
net cafe, work, school), others will

a) be able to see their password and username by viewing the cookie

b) be able to login as the user to your site, and possibly many others using
those credentials



Justin 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] MD5 Passwords (How it works?)

[Justin French]

Very true -- forgot to mention that step :)

Thanks for the reminder!!

Justin


on 18/02/03 12:49 PM, Jason Sheets ([EMAIL PROTECTED]) wrote:

 If you do a password reset system please remember not to reset the
 password before they confirm who they are.
 
 This means instead of having them entering their login and email address
 and immediatly resetting their password send the account owner an e-mail
 with a link that will reset their password, if you have SSL make the
 link go over SSL that way the traffic is secure.  The link should
 contain a unique id that was randomly generated and stored in the
 database, when they click the link validate the account name, email
 address and the unique id, if they match reset the password and remove
 the unique id from the list of approved id's, this prevents someone from
 replaying the URL and resetting the password again.
 
 Jason
 
 On Mon, 2003-02-17 at 17:48, Justin French wrote:
 on 18/02/03 3:59 AM, Vernon ([EMAIL PROTECTED]) wrote:
 
 I'm thinking that the MD5 function more than likely encrypts a password to
 store into a database, and when you log in using the MD5 function it will
 simply encrypt the value being passed along again the same way. Now I'm
 wondering what happens when I user has lost there password and needs to
 retrieve it, there is no way to reverse the process is there?
 
 No, there isn't -- md5() is NOT encryption (a 1 meg file and a 5 character
 password will both have the same length md5 value).
 
 You would need to write a script which resets their password, and sends it
 to them via email.
 
 If they've fogotten what password they set, then they're obviously not too
 precious about it being the same password.  Reset it to something random,
 send it to them via email (handy for confirming their email address is still
 valid), and let them login with that password, and change it to something
 else if they wish.
 
 Justin French
 
 
 -- 
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php
 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] session cookie that never expires

[Justin French]

Nice!!

Justin French

on 18/02/03 12:54 PM, Jason Sheets ([EMAIL PROTECTED]) wrote:

 You shouldn't store user password in cookies on a browser, instead a
 more secure method for the user is:
 
 On your login form offer the ability to be remembered, if they click the
 Remember Me box generate a unique random ID (or 2 and combine them),
 now store this ID in your database attached to their user account and
 set a cookie on their browser with this ID.  Now when they come to your
 website if they are not logged in your website checks for this unique id
 in the cookie, if the cookie exists it references it against their user
 account, if the unique id matches the system logs them in.  This method
 is also nice because you can invalidate all automatic logins by clearing
 the column in your database.
 
 Please note the unique ID will still be sent in the clear so someone
 sniffing the traffic could still pick it up, if you force them to login
 once every n days it can help reduce this, also prompt for the password
 for any critical events like changing their profile.
 
 If you pass this over SSL you make it more secure because the traffic is
 encrypted.
 
 Jason
 On Mon, 2003-02-17 at 17:55, Justin French wrote:
 on 18/02/03 1:40 AM, Altug Sahin ([EMAIL PROTECTED]) wrote:
 
 Hi there,
 
 I have setup a site with session management but even the browser is closed
 or after the default time expiration of the session, the user should be able
 to see his/her personalized settings. I am nor using any cookies.
 
 How can I make this happen without changing my session related code? Should
 I combine cookies with sessions or can I make my sessions never expire even
 the browser is closed?
 
 Sessions are just that -- a single session, so no, a session cannot live
 forever.  However a cookie can.  You *could* set a cookie with the users uid
 and pwd, and check for the cookie before asking the user to login, but
 obviously there are some vulnerabilities to this, so it should be an OPTION
 for users, rather than FORCED upon them... they should also be aware of the
 risks.
 
 One of many risks is the fact that if they're on a shared computer (library,
 net cafe, work, school), others will
 
 a) be able to see their password and username by viewing the cookie
 
 b) be able to login as the user to your site, and possibly many others using
 those credentials
 
 
 
 Justin 
 
 
 -- 
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php
 
 ---
 [This E-mail scanned for viruses]
 
 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] URL of calling page

[Justin French]

on 17/02/03 9:25 AM, Kevin Waterson ([EMAIL PROTECTED]) wrote:

 This one time, at band camp,
 acleave [EMAIL PROTECTED] wrote:
 
 I believe there's a way in PHP to get the URL of the page that called the
 current page but can't find it.  Is there such a function?  Or would I have
 to 
 use another script (like Javascript)?
 
 $_SERVER['HTTP_REFERER']
 
 Kevin

But it's not ALWAYS set by the browser, so don't rely on it for anything
mission critical on your site.

Justin


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Date formating

[Justin French]

?
echo date('the format you want', strtotime('2003-02-15 13:19:02'));
?

In this case 'the format you want' is 'l, d F, Y. H:i:s', but you should be
able to look it up in the manual for yourself. php.net/date

strtotime('2003-02-15 13:19:02') SHOULD work, converting the string to a
unix time stamp, which is what date() needs to work.

All this is available in the manual of course :)


Justin


on 15/02/03 7:56 PM, Dhaval Desai ([EMAIL PROTECTED]) wrote:

 Hi,
 
 I have a string in this format:
 2003-02-15 13:19:02
 
 I want to display it in a more readable format like Staurday, 11 Februardy,
 2003, 13:19:02. How can I achieve that. I tried date() function but could
 not get what I wanted.
 
 -Dhaval
 
 
 
 
 
 _
 MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*.
 http://join.msn.com/?page=features/virus
 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Block direct image loads but allow them in PHP

[Justin French]

Using Apache's main config file (or at a per-directory level using a
.htaccess file), you need to black all .jpg, .jpeg, .gif, .png, .bmp, etc
etc files from being *directly* served via http.

I'm not too good with Apache yet, but an example would be:

Files ~ \.jpg$
Order Allow,Deny
Deny from all
/Files
Files ~ \.gif$
Order Allow,Deny
Deny from all
/Files
Files ~ \.jpeg$
Order Allow,Deny
Deny from all
/Files
Files ~ \.bmp$
Order Allow,Deny
Deny from all
/Files

(you might also choose to block everything in imageDir/, which would also
include the xml file)



Then you need to create a script called image.php which:

a) accepts file=.xxx in the URL ($_GET)
b) sets the appropriate image header
c) passes the image file though

Instead of you calling
img src='imageDir/picture.jpg' /

You would call
img src='image.php?file=imageDir/picture.jpg' /


You also need to ensure that users can't directly call image.php?file=
picture.jpg in the browser, which can also be done with apache / .htaccess
files.


Files ~ \image.php$
Order Allow,Deny
Deny from all
/Files



There's plenty of examples of passing images through in the manual... in
particular one of the user-contributed notes by lists at darkcore dot net
08-Aug-2002 03:24 at http://php.net/header looks about right.


Justin


on 16/02/03 3:24 AM, Michael Mulligan ([EMAIL PROTECTED]) wrote:

 Perhaps you could further describe such a method? I'm sorry, I just don't
 quite see how this will block the files. Perhaps I should further explain my
 situation.
 
 The script that I will distribute will always make use of a very particular
 directory structure. In imageDir, there will always be a specifically
 named XML file that points to a bunch of images in the directory. However,
 given security checks that I put in my script, not all of those images
 should be publicly viewable. However, if a savvy user were to just load this
 XML doc up in their web browser, they will have a complete listing of URLs
 to all of my images. I cannot modify this XML file.  (which is why I want to
 block a user from loading, say myserver.com/imageDir/picture.jpg)
 
 Will your proposed idea still work in this situation?
 
 Thanks for your help and patience in this matter. :-)
 
 On 02/15/03 11:09 AM, Marco Tabini [EMAIL PROTECTED] wrote:
 Only if you let them. The PHP script allows to put the appropriate
 checks in place. For example, if you use sessions, you can verify that
 the session is still valid and that the user has, indeed, the right to
 access that image. At a later time, even if another user types in the
 same URL but does not have a valid session (or a variable inside the
 session that contains the right data), you would be able to block him
 from reading the image.
 
 Cheers,
 
 
 Marco
 
 
 -m^2
 
 __
 Hi! I'm a .signature virus! Copy me into your ~/.signature to help me
 spread!
 __ 
 
 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] restricting access to files using PHP

[Justin French]

on 13/02/03 9:19 PM, Shams ([EMAIL PROTECTED]) wrote:

 Also, is there no way I can allow a user to login using a PHP login script,
 and then pass the username and password over to .htaccess to verify ?

Just use .htaccess for the whole lot

Justin


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Templates

[Justin French]

Go for a complex situation if that's what you want, or consider the basics:

home.php
?
include('inc/header_code.php');
//
// unique code for this page to be executed before the html tag
//
include('inc/header_html.php');
?
Welcome to our website!
?
include('inc/footer.php');
?

contact.php
?
include('inc/header_code.php');
//
// unique code for this page to be executed before the html tag
//
include('inc/header_html.php');
?
Contact us: [EMAIL PROTECTED]
?
include('inc/footer.php');
?


If you update any code in any of the 3 include files, you will update the
entire site's look, feel and actions.  It still allows for you to execute
unique PHP code either before or after the HTML starts too.


Strip your site down to what's common, and what's unique to each page, and
see where you go from there.


Justin


on 14/02/03 10:00 AM, Darren Young ([EMAIL PROTECTED]) wrote:

 
 I'm looking around for some options on using templates with PHP. I've
 used several Perl solutions in the past, but never tried it in PHP.
 Digging on the web yields several options so I'd love some thoughts or
 comments. The real driver is that the basic site design could change
 over time and I'd like to have the basic HTML in the templates, and the
 real logic in the PHP code.
 
 Thanks in advance,
 
 Darren Young
 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Templates

[Justin French]

 If you update any code in any of the 3 include files, you will update the
 entire site's look, feel and actions.  It still allows for you to execute
 unique PHP code either before or after the HTML starts too.

I forgot to mention that a whole heap of your formatting and visial design
can be achieved with CSS too... don't get yourself trapped by making the
content hard to update.

A simple p class=bodyText means that it's just as updateable as the rest
of your code, by tweaking a few lines of CSS in header_html.php


Justin


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Templates

[Justin French]

on 14/02/03 10:20 AM, Darren Young ([EMAIL PROTECTED]) wrote:

 That's pretty much what I'm doing today, header page, menu page, content
 page and a footer. Each of which includes a shared functions file as
 well via require_once(). Only real problem is keeping track of
 tables/rows/columns across all the various files. The 'where was that
 tr supposed to be...' kind of thing.

yeah, well a complex layout will kill it pretty quick :)

The other way is go down the route of a 'fusebox' -- one script that shows
all pages within the site.

index.php
?
// some header stuff
?
html
table
tr
tdStuff/td
/tr
tr
td
?
$file = content/{$_GET['p']}.html;
if(file_exists($file))
{ include($file); }
else
{ include('content/error.html'); }
?
/td
/tr
/table
/html


you can call that script with
p=contact 
p=home
p=about
p=membersaction=validatestep=3favcolor=blue

And just make sure the include files do what they need to.


 Here's another one, there's no way to set a cookie after the headers
 have been sent, true? Any way around this at all or at that point am I
 best to use session variables and/or hidden fields.

Hidden fields, yes.
You are going to have the same problem with sessions... sessions must be set
before the headers are sent too.

You need to either change the logic on your page so that you set the cookie
BEFORE the html, or enable output buffering, so that you can set the
cookie or session whenever you like, then do a flush.  Personally, I've
never seen the need to use OB, because I've found a way to work that I'm
comfortable with.

eg:
?
include('header_code.inc');
if($action=='validate')
{
// validate form entry
if($error)
{ $show_form = 1; }
else
{
$show_form = 0;
// add form to DB or
// set a cookie or
// set a session or
header(Location: form.php?page=thanks);
}
}
?
html
body
?
if($show_form) { include('form.inc'); }
if($_GET['page'] == thanks) { echo thanks; }
?
/body
/html


In otherwords, I execute any code that I need to BEFORE the headers are
sent, to ensure that I CAN set cookies, sessions, or use header()... I set
some simple triggers like $show_form to decide what I want to do in the
body.

Each to their own, but it works great for me over many many applications.


Justin



Justin French


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] restricting access to files using PHP

[Justin French]

Assuming Apache:

1. use index.php or login.php as a log-in file, just as you are

2. if you have your heart set on naming the files .html instead of .php,
then create a .htaccess file in the dir which forces .html files thru php
for that directory

3. create a php file called access_control.php with (psuedo code) the
following contents:

---
?
if(the user isn't valid)
{
header(Location: login.php);
exit;
}
?
---

4. add ? include('access_control.php'); ? at the top of any html or php
file you wish to protect... if the user isn't valid, they will be redirected
to the login page.  if they are valid, they'll see the file.


If you have lots of these HTML files to add the line to, consider a batch
process, which you can do with PHP and most text editors.

I get the feeling you could also auto-prepend access_control.php to ALL
scripts, and add a little more logic to the code:

---
?
if( (the user isn't valid) AND (eregi('.html$',$_SERVER['PHP_SELF'])) )
{
header(Location: login.php);
exit;
}
?
---

-- which should only impose the access control on *.html pages, but i'm not
good with regexp at all!!


Justin French





on 12/02/03 8:46 PM, Shams ([EMAIL PROTECTED]) wrote:

 Hi,
 
 i've written a secure PHP login script which will allow users to login to a
 directory such as this:
 
 smezone.com/members/index.php
 
 however, how do I restrict people from accessing HTML files in that
 directory (which they can easily do so by typing the URL into their
 browser), such as:
 
 smezone.com/members/document1.html
 
 ?
 
 Since its a regular HTML files (and we have lots), I can't check whether the
 user has a valid session as I would do in a PHP file.
 
 Thanks for any help!
 
 Shams
 
 
 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Who's Online

[Justin French]

Search the archives.  This asked, and answered, a few times a week.

Justin French


on 11/02/03 9:53 AM, Vernon ([EMAIL PROTECTED]) wrote:

 I have a membership base that is logging into a php and MySQL based web site
 and am wanting to be able to create a who's online (and perhaps an ability
 to contact that person, but that's later) so that that person's profile is
 available.
 
 Anyone have any ideas where I could download a quick script someone to plug
 it in or if not a tutorial on how to make that happen?
 
 Thanks
 
 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] numerics

[Justin French]

I guess it might be possible with javascript.  At the very least, you can do
a validation client-side for numbers only before submitting.

Justin.


on 11/02/03 5:27 AM, Edward Peloke ([EMAIL PROTECTED]) wrote:

 IS there a way to only allow the user to type in numerics to a text field?
 I do not want to allow them to even type in anything unless it is a number.
 Basically, I don't want to allow them to enter hi and then I do checks and
 give them a warning that it isn't a number, I want to force it from the
 start.
 
 Thanks,
 Eddie
 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] several buttons in form - which one was clicked

[Justin French]

Hi,

Why do you want a checkbox beside each button?  Wouldn't the button alone be
enough?  I'm assuming it's for something like a delete items list?

This is one of many ways to do it... I can't see why you need checkboxes --
perhaps you need to tell us more abut what you want to achieve.

?
for($i=1;$i=30;$i++)
{
echo form action='anyfile.php' method='post';
echo Delete Item # {$i} ;
echo input type='hidden' name='item' value='{$i}' /;
echo input type='submit' name='delete' value='go' /;
echo /form;
}
?

This would create 30 go buttons, each one on it's own form, each one having
a hidden name/value of item/$i.  On anyfile.php you would be concerned with
the POST var $_POST['item'] (or $item if reg globals on), and perhaps
$_POST['delete'] to know that the form was submitted.


Another option might be a list of checkboxes, and ONE go button to delete
all checked items:

form action='anyfile.php' method='post'
?
for($i=1;$i=30;$i++)
{
echo Item #{$i} ;
echo input type='checkbox' name='delete[{$i}]' value='1' /;
}
?
input type='submit' name='delete' value='delete checked items' /

On anyfile.php, you would have an array $_POST['delete'] that you could loop
through, getting the keys (id's of items to be deleted) and acting upon
them.


I could go on :)


Justin







on 11/02/03 12:09 PM, Vahldieck, Mike ([EMAIL PROTECTED]) wrote:

 Hi there,
 
 I'm new to PHP, so maybe this Q makes me look rather stupid... never mind,
 asking it anyway...
 
 I want to have a form with several checkboxes and an OK button next to each
 of them, to enable users to send data when checkbox has been changed..
 I need to pass $i to know, which button has been clicked...
 
 for ($i = 1; $i = 30; $i++) {
 echo INPUT TYPE=\checkbox\ name=\cbox$i\ checkedcheckbox No. $i;
 echo ;
 echo FORM ACTION=\anyfile.php?box=$i\ METHOD=\POST\;
 echo INPUT TYPE=\Submit\ NAME=\OK$i\ VALUE=\OK\;
 echo br;
 }
 ?
 
 
 I always get anyfile.php?box=1 ... What am I doing wrong?
 Better ways to do that?
 
 Thanks for your help
 greetings from Berlin/Germany
 Mike
 
 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Vars in URL

[Justin French]

on 06/02/03 10:03 AM, Shawn McKenzie ([EMAIL PROTECTED]) wrote:

 I am trying to do something simple to sell items with paypal.  One of the
 options paypal has is a return url, so that after the buyer pays via the
 paypal website they are forwarded to the return url (my site) so they can
 access some info..
 
 The problem is that the form on my site that collects info and posts to
 paypal has the hidden return url vars in it.  So a simple view source in the
 browser reveals the return url.
 
 So what I did is made a form that submits to a php script on my site that
 then adds the appropriate paypal vars and submits to the paypal site.  I
 used header(Location:), but this shows the return url var in the url
 address bar.  I want to pass vars to paypal without them being shown in the
 url address bar.

Not a chance really -- you can't use cookies (essentially the third way to
do pass vars around), because cookies are tied to a specific domain.

I say if the rest of society can deal with POST and GET vars for Paypal etc,
then so can you :)


Justin


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Client Side PHP

[Justin French]

on 07/02/03 2:41 AM, Pete ([EMAIL PROTECTED]) wrote:

 Think thje user base will be quite big if we got it together.
 How many oho programmers are there who struggle with Javascript - me
 included ;-)
 Anyway the opensourcness of php would make the plugins more efficient
 for each browser.

I dunno if people stuggle weith javascript -- the biggest problem for me has
always been guaranteeing it's available on the client... clearly this issue
gets worse when trying to encourage users to adopt a PHP plugin.

Justin


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php and Mac running 8.6

[Justin French]

on 02/02/03 3:30 PM, Bobbi-Lea ([EMAIL PROTECTED]) wrote:

 I've just installed php, zend developer, mysqladmin, and apache on my pc
 laptop.
 
 Are there any available for mac 8.6 ?

Not to the best of my knowledge... mac OSX has though :)

Justin


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] index.php

[Justin French]

Strange -- can u change it to foo.php and execute it, or do you get a 404
error (not found)?

Justin


on 03/02/03 12:45 PM, Renato Lopes ([EMAIL PROTECTED]) wrote:

 Hi!
 
 I have called a index.php file in a directory.
 
 Every time I point my browser to that directory the contents of the
 directory gets displayed instead of the index.php file.
 
 Can anyone help?
 
 Thanks in advance
 
 Renato
 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] including files...

[Justin French]

on 03/02/03 5:28 AM, John W. Holmes ([EMAIL PROTECTED]) wrote:

 Pretty much. Only addition is to make sure filename.inc can't be viewed
 through the browser.

... by having apache refuse to server all .inc files through http, via the
use of a .htaccess file (assuming apache server)

Cheers,

Justin


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] question

[Justin French]

on 02/02/03 7:56 AM, Karl James ([EMAIL PROTECTED]) wrote:

 what is a winmail.dat file?

PLEASE don't post in rich text / HTML -- you've been asked more than once
PLEASE ask php-specific questions

Justin


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] .php extensions versus .html

[Justin French]

I think what you've seen is shtml / ssi / server side includes, but anyway,
since you asked:

1. create a .htaccess file which pushes *all* .php pages through PHP

I *THINK* the code is something like:

Files ~ \.html$
ForceType application/x-httpd-php
/Files

But you should check the apache manual, list or some tutorials.


2. change your code to:

html
head
titleUntitled/title
/head
body
HELLO WORLD!!!
P
?php include(helloworld2.php); ?
/body
/html


Why can't you just use the .php extension?


Justin


on 31/01/03 5:46 PM, Guru Geek ([EMAIL PROTECTED]) wrote:

 I was wondering, can you call a php script in the middle of a html page?
 
 I've seen some sites use code like this:
 !DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.01 Transitional//EN
 
 html
 head
 titleUntitled/title
 /head
 body
 HELLO WORLD!!!
 P
 !--#include file=helloworld2.php --
 /body
 /html
 
 but when I try it, the php script doesn't run.
 
 
 Does anyone else know how to use php on a page and yet keep the .html
 extension?
 
 Thanks in advance,
 Roger
 
 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] need some guidance

[Justin French]

On a major level, create or use a large CMS (content management system), and
use the information you have in the databases / file system to establish
what's new, modified, etc.

On a smaller level, you could check which files have been updated in X days
(I think) with PHP, and display them as a list, which some selective
listing.

On a pain-in-the-ass level, you could maintain a HTML page with links on it
to things you've recently updated, and maintain it manually.


If you're talking about *another site* (not yours), it would be even harder.


Justin


on 31/01/03 4:28 PM, Seth Hopkins ([EMAIL PROTECTED]) wrote:

 Hey everyone.  I'm wondering if someone could lead me in the right direction
 on this one.  What could I use to see if a site has been updated and then
 display what has been added to it?
 
 Any advice is appreciated.
 Thanks.
 
 Seth
 
 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Apache

[Justin French]

strings must be wrapped in quotes

$name = 'ab';

Justin

on 31/01/03 8:45 PM, Aaron Stephan William Boeren ([EMAIL PROTECTED]) wrote:

 The script:
 ?php
 #start variables
 $name = ab;
 $age = 16;
 #start script
 echo Hi, my name is $name and I'am $age years old.;
 ?


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Unable to upload multiple files

[Justin French]

Firstly, try uploading two SMALL files (say, no more than 1k each), just to
check if it's an issue with *two files*, or an issue with *file size*,
*script time outs* (maximum execution time) or something else.

Start ruling them out, one at a time.

Justin


on 01/02/03 12:03 AM, Antti ([EMAIL PROTECTED]) wrote:

 When I push the submit button it starts to send the request to my server
 and uploads a file, but if I upload more than one at a time it doesn't
 even start to upload them. My upload max should be like 50M in php.ini.
 What is the problem.
 
 antti
 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Exclusion in Regex not working

[Justin French]

Can I make a suggestion?

I tend to look at the issue of user input the other way around... rather
than excluding things I don't think I want, I choose in allow things I *DO*
want... so instead of saying a username shouldn't contain
!@#$%^*()_+-=?:';, I say it should contain a-zA-Z0-9_-.

This means that I allow what I trust, rather than assuming I can think of
every possible bad character the user might choose.

?
// a-zA-Z0-9_ are valid in this case
if(preg_match(/^[a-zA-Z0-9_]*$/, $username))
{
// good
}
else
{
// bad
}
?


To answer your question, (and i've got ZERO experience with regexp's, and
the above regexp was written for me by someone on this list!) is that you
need to escape some characters, like a $ sign, with a \.

Cheers,

Justin





on 01/02/03 12:11 AM, [EMAIL PROTECTED] ([EMAIL PROTECTED]) wrote:

 Hello Everyone
 
 This might be slightly offtopic since I'm not sure its php related but
 I'm working on a script where some inputdata is taken for further
 processing. For validation purposes I want to make sure certain chars are
 not part of the input. Basically stuff like $ * :; etc...
 
 So I'm using ereg(pattern, input) to see if the pattern matches or not.
 
 Example
 
 if(ereg($pattern, $input))
 {
 // do allowed stuff
 }
 else
 {
 // do something for the illegal input
 }
 SO for exclusion I build the following pattern [^$] and pass it to ereg
 above.  So if the input includes a $ the ereg should return false and the
 processing shouldn't take place.
 
 Well the thing is for $pattern = '[^$]' it doesn't work. Input including
 '$' is still passed to the allowed stuff code block.
 So am I doing something wrong or is there a problem with the character
 coding of my editor
 
 BtW I'm using W2K with PHP 4.1.x Apache 1.3.X and TextPad 4.x for editing.
 I save my scripts as ANSI format. Meaning only legal ASCII Characters +
 German extended code page.
 
 Can anybody help me?
 
 I also tried [^a] as a pattern but the input can contain a and slip
 through. 
 
 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Context

[Justin French]

AFAIK, PHP skips over anything out side the ? and ?... so yes,
technically, it would be a little faster.

End of the day, such a small gain could probably be made up elsewhere by
optimising a function you use on every page, or something else like that.

It's been said on the list many times before: Just do whicher you're more
comfortable with, and whichever makes it easier for you to read/write/modify
the code.

I tend to run major blocks of straight HTML outside of php, and little bits
inside PHP using echo.


Justin


on 30/01/03 7:01 PM, Boaz Yahav ([EMAIL PROTECTED]) wrote:

 HI
 
 I was reading this article : http://www.devarticles.com/art/1/397/2
 And am a bit confused now.
 
 If I understand correctly, the author claims that :
 
 ?php $php_tags = PHP Tags ?
 Combining HTML output and
 ?php echo $php_tags; ?
 tags really wastes my time.
 
 Runs slightly faster than
 
 ?php 
 $php_tags = PHP Tags;
 echo Never breaking out of $php_tags is much less irritating.;
 ? 
 
 
 IS this true?
 Is echo more consuming than entering and exiting in and out of context?
 
 berber
 
 
 
 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php
 
 ---
 [This E-mail scanned for viruses]
 
 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] How to check for refresh in PHP

[Justin French]

Not really that simple.

You can't use the HTTP_REFERER, because it's not set when the user refreshes
(at least on my browser, so at best it will be unreliable).

Common ways to prevent such things happening (like voting for a pic or song
or poll more than once) are usually done with either:

1. logging IP address', and ignoring two votes within a reasonable period of
time from the same address -- this has a high overhead of data, and isn't
failsafe, because IP address' are notoriously unreliable.

2. dropping a cookie onto the users computer, basically saying read this
one, so that the vote is only counted if the cookie isn't there...
obviously users can choose to block cookies, or delete them, so this isn't
reliable either

3. sessions... if you maintain a site-wide session with each of your users
(done with either a session id in the url, or with a cookie), you can keep
track of which news items have been read on the server side with session
variables.  again, this isn't 100% reliable, because the user could delete
the session cookie or delete the session # from the URL (both making the
user appear as a new user)


And that's about it.


So, you've got a choice of three options, none of which are bullet proof at
all.  I personally like the session one (because all the user knows is that
they're in a session, not that each news read is being logged), but you have
to understand that you will not get it perfect, ever.

I could write a PHP script, or even a client-side apple script or schedule
which access' your URL every 5 mins... no cookies, no sessions, no nothin',
and i'd get huge numbers :)


If I was trying for the best possible outcome, I think I'd log an IP
address, timestamp and user agent string (even if it's null), but rely on
sessions first...  Needless to say though if your news is being read a lot,
you'll have a lot of data to store, clean out, etc.


Justin



on 15/02/03 5:08 PM, Pag ([EMAIL PROTECTED]) wrote:

 
 Hi,
 
 I have a news site where i want to track how many visits or reads each
 individual news has. I have a main list with all the titles, then clicking
 on them shows the details of the specific news, only then the counter for
 that particular news is increased. The problem is, if the user does a
 refresh while at the details, the counter is increased again. How can i
 prevent this from happening?
 
 I thought it would be something like a unique counter problem, but its
 like having a counter problem for each news i have. :-P
 
 What would be nice, if it exists, is to check if the user is doing a
 refresh or coming from somewhere else. If its a refresh, the counter would
 simply not increase. That would be sufficient to keep the
 i-want-my-news-to-have-the-higher-number-of-visitors author, from having
 his way.
 
 Thanks.
 
 Pag
 
 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] using custom button instead of standard submit formelement

[Justin French]

The W3.org site is down at the moment, so I can't confirm this, but I'm
pretty sure...

input type=submit name=parent value=foo src=icon.gif /

... is correct, but I've never done it :)

I think the page you want to look at is:
http://www.w3.org/TR/html401/interact/forms.html#edef-INPUT

Cheers,

Justin


on 27/01/03 1:02 PM, Durwood Gafford ([EMAIL PROTECTED]) wrote:

 I can't figure out how to tell which button was pressed by a user when i'm
 using a button instead of a standard submit form element.
 
 This works:
 
 input type=submit name=parent value=foo
 $parent will equal foo
 
 This doesn't work:
 
 button type=submit name=parent value=fooimg
 src=icon.gif/button
 $parent will equal img src=icon.gif NOT foo
 
 How do I get the value of foo to be returned in $parent and still use a
 graphical icon instead of a standard submit button?
 
 thanks,
 durwood ([EMAIL PROTECTED])
 
 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] best way to save form data on user side

[Justin French]

on 29/01/03 6:35 AM, Petre Agenbag ([EMAIL PROTECTED]) wrote:

 Hi
 I have a rather annoying problem regarding forms.
 I have built an app that allows the users to fill in a rather large form
 (much like a claim form) and then have the data pumped into a mysql db.
 The problem is: the users want to be able to save their forms on their
 systems as a) backup/proof that they have filled it in and b) for their
 records for future use and c) the hope is that it would also allow for a
 reliable method to complete the form off-line and then submit it when
 online again.
 
 So, I'm not sure what the best way is to tackle this situation. My gutt
 says it would need some kind of client stand alone app, but I wouldn't
 want to go there unless I am proven beyond reasonable doubt that it is
 the only way.


There are different issues here

If they want to save a half-completed form, you *could* save that data
server side in either a table, temporary table, or file, and have them
log-in to continue using it.  I have done this many times.  You could also
save the data client-side with cookies, but there's no guarantee that
cookies will work on a specific client.

If they want back-up/proof of doing it, then they can print the browser
screen as they fill it in, AND, you can give them a confirmation page which
prints all the form values back to the browser as a printable HTML page
which they can either print or save as TEXT or HTML.

Writing something that works offline for completion online later sounds like
you're trying to make the web do something it wasn't designed for.  The only
solution I can think of is client-side javascript saving the form
information as a browser cookie, but there's no way I'd bother, because it
would require the user to have both javascript and cookies enabled, and I
think there's also issues with the issuing domain of the cookie.


 The users are mostly in computer limbo, and if they had their way, they
 would want to use Word or Excel to complete the forms, save it to
 their hard drive and click to send it away...


You can create a form inside a PDF document, and it can POST the completed
data to a URL.  So they could complete the form offline, print it, whatever,
then connect, and hit submit.  It would open a browser window with a URL
like http://yourdomain.com/parseThePDFForm.php and then you would have your
submitted data.


Whilst not as a elegant, they COULD fill in an excel file, and upload it via
a browser.

Same with word.

I'm not sure if wither excel or word has any method of POSTing data.


With all these client-side options, there's zero hope of getting them to
correct missing fields though :)



Decide if this is something you want to achieve on the web, or offline.  If
on the web, keep it basic, with perhaps a save to server option and a
printable thankyou/proof page.  If offline, I think PDF forms are the best
of a bad bunch.


Justin French


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] register_globals

[Justin French]

on 29/01/03 6:41 AM, Kiswa ([EMAIL PROTECTED]) wrote:


change If($id==1){ to If($_GET['id']==1){

or put this line near the top of your script:

$id = $_GET['id'];

or, a little more anal:

if(isset($_GET['id'])) { $id = $_GET['id']; }


Justin




 font size=2a href=left.php?id=1 target=_selfFinansiering/aBR
 ?
 If($id==1){
 echo a href=info/leas.htm target=\mainFrame\font
 color=\#00\Leasing/font/aBR
 a href=info/avb.htm target=\mainFrame\font color=\#00\Räntefri
 avbet./font/aBR
 a href=info/stul.htm target=\mainFrame\font
 color=\#00\Studentlån/font/aBR;
 };
 ?
 
 


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Advice on uploaded files

[Justin French]

on 29/01/03 11:16 AM, Manuel Ochoa ([EMAIL PROTECTED]) wrote:

 I writting a php program for a small insurance company and they want to
 receive uploaded digital photos.
 
 Should I store the photos in a mysql database or in a directory on the hard
 drive?
 
 If you have experience with this any advice would be appreciated.


I prefer storing them in the filesystem, and using the MySQL database to
keep track of WHERE they are (link).  There of course are SOME problems with
that... mainly because the two are not joined at the hip... someone could
accidently trash the file, or the MYSQL record, without deleting the other.

Storing the image directly in MySQL has never appealed to me, because you
have to do a little more work to get the image out (sending headers, having
an image script, etc), and mainly because the size of the DB increases
dramatically... which makes backing up more difficult/time consuming.

Each to their own though :)


Justin


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] best way to pass variables to iframe

[Justin French]

on 29/01/03 4:35 PM, Mantas Kriauciunas ([EMAIL PROTECTED]) wrote:

 I believe there was question like this, but I was wondering if someone
 could point me with useful information about passing variables to
 iframe.

To point out the obvious, you can pass variables to any URL by using GET:
iframe src=page.php?var1=foovar2=bah/iframe

iframes can be targeted with links just like a regular frame, using
target=frameName

Other options would be to have variables stored in sessions, in cookies, or
via POST variables (I think).

But (to the best of my knowledge), since PHP is server-side, these pretty
much all rely on reading/acting on the variables whilst the page is being
processed and sent by the server.

I get the feeling you perhaps want to have an existing page in an existing
iframe react in relation to things happening elsewhere... correct?

I don't think it REALLY can, since once the frame's content is server-side,
it has nothing to do with PHP.  You basically need to force the frame's
contents to refresh, perhaps with new variables passed in with either GET,
POST, sessions or Cookies.

Javascript can read cookies, but I don't think this is your answer at all.


You need to be more specific about what you want to achieve.


Justin


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] multiple entry forms !!

[Justin French]

on 28/01/03 10:20 AM, scott ([EMAIL PROTECTED]) wrote:

 hi
 
 looking for some advice
 
 I have a site in progress. user to it have to enter a LOT of information (it
 will contain a club directory)
 
 in order to try and make it a less unpleasant experience for the user, I
 want to give them 7 smaller input forms, each one following the other

 what would be the correct way to do this, one very large, complex coded php
 conditional form that does everything, or several smaller ones ?

one script to run the form with decent logic to break it up into a few
sections... but that's makes reading/updating the script difficult, so I
prefer to include() the HTML code for each form, and in some cases, eve
include() the main programming for each section


 if I use one form, it will conatin rather a lot of code, but execution would
 all be handled by the form itself
 
 but if I use multiple smaller forms, each form would need to process the
 previous forms input, and then display it's inputs for entry
 
 I am also using sessions, which adds a little to complexity

actually, they help!!  You can save the contents of form1 into the session
before showing form2, then adding the contents of form2 before showing
form3, etc etc.  Much easier than setting cookies, writing hidden inputs on
subsequent forms, etc etc.

 any general good coding practice tips/links would be helpful

Use $_GET variables to keep track of which part of the form you are upto,
and what you are doing.

I'd suggest this is a lot clearer than reyling on $_POST['submit'] being
true or anything else like that.

So, maybe you have a few status':

- status=showForm
- status=validate


And for both modes, you would tell the script which form part to
show/validate using a GET variable formPart (=1,=2, etc)


So when the script first loads, set a default of status=showForm and a
formPart=1


?
session_start();


// $status
if(isset($_GET['status'])) { $status = $_GET['status']; }
else { $status = 'showForm'; }

// $formPart
if(isset($_GET['formPart'])) { $formPart = $_GET['formPart']; }
else { $formPart = 1; }
?


Then BEFORE anything is sent to the browser, validating would usually take
place, so that you can do any redirects or anything like that.  The way I've
set it up, is that each form part has it's own php script with some code to
validate the form entry.

?
if($status == validate)
{
// look for an include file which matches the current $formPart
// and include it... haven't put in place an error checking
$validateCodeFile = inc/validateFormCode/{$formPart}.php;
if(file_exists($validateCodeFile))
{
include($validateCodeFile);
}
}
?

I'll show a sample of these include files later.  The aim of MY include
files is to return a var $validEntry of true or false... based on that, I
can decide whether to add the form contents to the session / database, or
whether I should show the form again, due to errors.

?
if($validEntry)
{
// either add form contents to session or to database
//
//

// redirect to status=showFormformPart=[next]
$next = $formPart + 1;
header(Location: myscript.php?status=showFormformPart={$next});
}
else
{
// show same form again with error message
$message = you screwed up;
header(Location:
myscript.php?status=showFormformPart={$formPart}message={$message});
}
?

That (roughly) takes care of validating each form entry, keeping track of
all the vars with sessions or adding to a DB, and passing people onto the
next form part.

Then you'd want a few lines of HTML, then some code to show the right
formPart's HTML code, and a few lines to clode off the HTML.

if($status = 'showForm')
{
?
html
headtitleform/title/head
body
?
$includeFormCode = inc/forms/{$formPart}.php;
if(file_exists($includeFormCode))
{
include($includeFormCode);
}
?
/body
/html
?
}
?

The secret is that we're using include files to make sure the form's code
base isn't messy.


The whole script in one:


---
?
session_start();

// $status
if(isset($_GET['status'])) { $status = $_GET['status']; }
else { $status = 'showForm'; }

// $formPart
if(isset($_GET['formPart'])) { $formPart = $_GET['formPart']; }
else { $formPart = 1; }



if($status == validate)
{
// look for an include file which matches the current $formPart
// and include it... haven't put in place an error checking
$validateCodeFile = inc/validateFormCode/{$formPart}.php;
if(file_exists($validateCodeFile))
{
include($validateCodeFile);
}

if($validEntry)
{
// either add form contents to session or to database
//
//

// redirect to status=showFormformPart=[next]
$next = $formPart + 1;
header(Location: myscript.php?status=showFormformPart={$next});
}
else
{
// show same form again with error message
$message = you screwed up;
  

Re: [PHP] PHP Page Refresh on Redirection

[Justin French]

on 28/01/03 4:42 PM, Phil ([EMAIL PROTECTED]) wrote:

 I have a PHP page with a form that submits to another PHP processing page.
 On completion of the PHP actions on the processing page, I have echoed into
 the page the javascript action of 'location.href=...' and the location is
 redirected to the PHP form page that starting the process. Both pages take
 data from an SQL server. The problem I'm having is that the the javascript
 always grabs the cached page. I need a newly refreshed page to return with
 updated data from the SQL server. Any suggestions?

In addition to sending the correct no-cache headers (which don't always work
with certain browsers and clients), you could also attach a random string to
the URL as a GET variable, so that the browser thinks it's a NEW, unread
URL.

include this function (straight from the manual) via a function library:
?
function make_seed() {
list($usec, $sec) = explode(' ', microtime());
return (float) $sec + ((float) $usec * 10);
}
?

Then to get a random number,

?
// seed the rand no generator and get a rand value
srand(make_seed());
$randval = rand();
?

Then you can echo it as a get var or querystring on any URL:

location.href = page.php?r=?=$randval?
location.href = page.php??=$randval?


Justin


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] IP address

[Justin French]

on 24/01/03 1:23 PM, K.C.P. van Zijl ([EMAIL PROTECTED]) wrote:

 Is it possible in PHP to determine the IP address of a server which is
 requesting a page from my own server?
 When I use $REMOTE_ADDR, I get the wrong IP address. In that case I get
 the IP address of a person who is requesting the page on that other
 server.

 Hopefully my question is clear enough

Not really!! :)

Here's what happens (sort of):

1. i request a URL on my computer
2. it talks to my ISP
3. my ISP talks to anywhere from 2 to 20 (or more) servers along the way
4. finally connects with the requested URL (your server with PHP)
5. page comes back thru the 2 to 20 servers
6. arrives at my ISP
7. gets sent to my computer
8. I look at the page

So, which one of these computers are you trying to get the IP address of?


Justin French


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php