Re: [PHP] PHP Oracle Ebook Request.
Dare Williams wrote: Dear Pals, Please I need a book called : Oracle Database 10g Express Edition PHP Web Programming (Osborne Oracle Press Series): Books: by Michael McLaughlin. Please if anyone with the E-Book Version of it should be contact me on my Email ([EMAIL PROTECTED]). NOTE: I would prefer the E-Book Version if it is Available. Thanks. Darren. AFAIK this title is not available electronically, but it's readily available from Amazon or any other reputable bookseller. Is there a particular reason why you want it electronically? -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Oracle Ebook Request.
Please include the list in replies. Dare Williams wrote: Dear Stut, Thanks for your message, With regard to your message, the main reason why I want it Electronically is because, Am a PHP Student Who has no enough Cash to buy from Amazon or any bookseller and more over, the book is not available in my West African Continent. So therefore, If you have any way of assisting me in getting it apart from E-Book Format, Please advice.. Expecting your response Regards. Darren. Being a poor student is not an excuse to ignore copyright, nor is your location. If you cannot get this particular book, for whatever reason, I can guarantee it says nothing that isn't available on the web for free, you just need to work a bit harder to find it. Please don't ask this list to break the law for you again, it's just not polite. -Stut -- http://stut.net/ - */Stut [EMAIL PROTECTED]/* wrote: Dare Williams wrote: Dear Pals, Please I need a book called : Oracle Database 10g Express Edition PHP Web Programming (Osborne Oracle Press Series): Books: by Michael McLaughlin. Please if anyone with the E-Book Version of it should be contact me on my Email ([EMAIL PROTECTED]). NOTE: I would prefer the E-Book Version if it is Available. Thanks. Darren. AFAIK this title is not available electronically, but it's readily available from Amazon or any other reputable bookseller. Is there a particular reason why you want it electronically? -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] cant send mail
Diana wrote: Using windows XP, when I try to send mail using 4 parameters, I get this : Warning: mail() [function.mail]: SMTP server response: 550 5.7.1 Unable to relay for [EMAIL PROTECTED] in C:\Inetpub\wwwroot\intranet\test.php on line 9 The SMTP server you are using is not configured to allow the machine you're running PHP on to send mail. This is not a PHP problem - speak to your mail server administrator. -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Executing PHP
Philip Thompson wrote: Hi. Feel free to tell me this is a duh question. I don't know which PHP executable (php.exe, php-cgi.exe, php-win.exe) is being run - how can I tell? I am on a Win2k3 server running PHP5 (manual install) and IIS6. I've pointed to the php5isapi.dll in IIS. I'm assuming b/c I do this that I am using the php.exe. Thoughts? I've searched the PHP manual, but have had no luck. You're not running any exe file. IIS uses php5isapi.dll instead of an exe file - they essentially do the same job but the dll is designed to be loaded into another application. -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] cant send mail
Please include the list when replying. [EMAIL PROTECTED] wrote: The problem is I am the mail server administrator also. This is a small company of 4 . That may be so, but this is a PHP mailing list. I don't mean to sound harsh, but if you need help configuring a mail server this is not the place to find it. -Stut -- http://stut.net/ - Original Message - From: Stut [EMAIL PROTECTED] To: Diana [EMAIL PROTECTED] Cc: php-general@lists.php.net Sent: Friday, October 26, 2007 1:48 AM Subject: Re: [PHP] cant send mail Diana wrote: Using windows XP, when I try to send mail using 4 parameters, I get this : Warning: mail() [function.mail]: SMTP server response: 550 5.7.1 Unable to relay for [EMAIL PROTECTED] in C:\Inetpub\wwwroot\intranet\test.php on line 9 The SMTP server you are using is not configured to allow the machine you're running PHP on to send mail. This is not a PHP problem - speak to your mail server administrator. -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Executing PHP
Philip Thompson wrote: On 10/25/07, Stut [EMAIL PROTECTED] wrote: Philip Thompson wrote: Hi. Feel free to tell me this is a duh question. I don't know which PHP executable (php.exe, php-cgi.exe, php-win.exe) is being run - how can I tell? I am on a Win2k3 server running PHP5 (manual install) and IIS6. I've pointed to the php5isapi.dll in IIS. I'm assuming b/c I do this that I am using the php.exe. Thoughts? I've searched the PHP manual, but have had no luck. You're not running any exe file. IIS uses php5isapi.dll instead of an exe file - they essentially do the same job but the dll is designed to be loaded into another application. -Stut This is wonderful to know! Is this documented in the PHP manual (if so, where), or are you just brilliant? =D I don't know if this is detailed in the manual - I just know a bit about how Windows and PHP work. As for my brilliance, I'm not qualified to comment. -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Threads
Stéphane Boisvert wrote: Greetings everyone, I was wondering where I could find information on the status and possibilities of threads being included in PHP. Or if you are knowledge-able on the status of threads, if it is a planned addition or not and the reasons as such. I understand PHP is not thread safe, that the core is thread safe but many required extensions are not. Is there a road map to this? Being thread safe and being able to use threads are two different things. PHP 5 *is* thread safe, but a great many extensions are not. PHP is never likely to support threads. Remember that the majority of PHP usage is in the context of web requests. There are a great many issues the crop up when you consider adding threading to an Apache module, and I'm sure the same is true of most of the other SAPIs. Hope that helps. -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Function return
Dan Shirah wrote:
That is correct, the due_date field should only accept a valid date format,
such as MM/DD/. To bypass the need for a validation check for this
field I simply set the text field to disabled and supplied the user with a
javascript popup calendar that upon selection populates the date in the
format I want. :)
Client-side limits are not an effective defense against dangerous
inputs. Server-side validation is a must regardless of any client-side
checking that goes on.
-Stut
--
http://stut.net/
On 11/2/07, Nathan Nobbe [EMAIL PROTECTED] wrote:
On 11/2/07, Dan Shirah [EMAIL PROTECTED] wrote:
Ah, okay. So I could probably simplfy it more by trimming it from the
start like this??
$due_date = trim($_POST['due_date']);
that works;
i personally prefer to initialize a variable then only set it if the user input
meets some
conditions; its called white-box validation.
$due_date = '';
if(isset($_POST['due_date'])) !empty($POST['due_date'])) {
$due_date = trim($_POST['due_date']);
}
the more you know about what the contents of due_date are supposed to be, the
stronger you can make the check; for instance here, it sounds like it should be
a date
so you wouldnt allow, say 'somecrazySting', to pass the validation.
-nathan
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] what is better way to write the query
Jim Lucas wrote: afan pasalic wrote: hi, it's maybe more question for mysql list, but since php is involved too... :-) I have php script that inserts into mysql table couple hundreds of records. usually, it looks like: ?php // 1st record $query = INSERT INTO table (col_11, col_12, ... col_1n) VALUES ($value_11, $value_12,... $value_1n ); mysql_query($query) or die ($mysql_error()); // 2nd record $query = INSERT INTO table (col_21, col_22, ... col_2n) VALUES ($value_21, $value_22,... $value_2n ); mysql_query($query) or die ($mysql_error()); ... // last record $query = INSERT INTO table (col_m1, col_m2, ... col_mn) VALUES ($value_m1, $value_m2,... $value_mn ); mysql_query($query) or die ($mysql_error()); It also works this way: $query = INSERT INTO table (col_m1, col_m2, ... col_mn) VALUES; $query .= ($value_m1, $value_m2,... $value_mn ), ; $query .= ($value_21, $value_22,... $value_2n ), ; ... $query .= ($value_m1, $value_m2,... $value_mn ); mysql_query($query) or die ($mysql_error()); is what's the difference between these two queries? is there any situations when is better to use first vs. second? any suggestion for the process of inserting up to 5K records at the time or this number is so small to consider any optimization? thanks for any help. -afan I would perform multiple inserts @ a time. This way you save yourself some time by not having mysql rebuild the indexes, if any exist, after each insert statement. Indeed, but bear in mind that there is a limit on the size of queries MySQL will accept. Look up the MySQL max_packet_size for details. -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] what is better way to write the query
afan pasalic wrote: Stut wrote: Jim Lucas wrote: afan pasalic wrote: hi, it's maybe more question for mysql list, but since php is involved too... :-) I have php script that inserts into mysql table couple hundreds of records. usually, it looks like: ?php // 1st record $query = INSERT INTO table (col_11, col_12, ... col_1n) VALUES ($value_11, $value_12,... $value_1n ); mysql_query($query) or die ($mysql_error()); // 2nd record $query = INSERT INTO table (col_21, col_22, ... col_2n) VALUES ($value_21, $value_22,... $value_2n ); mysql_query($query) or die ($mysql_error()); ... // last record $query = INSERT INTO table (col_m1, col_m2, ... col_mn) VALUES ($value_m1, $value_m2,... $value_mn ); mysql_query($query) or die ($mysql_error()); It also works this way: $query = INSERT INTO table (col_m1, col_m2, ... col_mn) VALUES; $query .= ($value_m1, $value_m2,... $value_mn ), ; $query .= ($value_21, $value_22,... $value_2n ), ; ... $query .= ($value_m1, $value_m2,... $value_mn ); mysql_query($query) or die ($mysql_error()); is what's the difference between these two queries? is there any situations when is better to use first vs. second? any suggestion for the process of inserting up to 5K records at the time or this number is so small to consider any optimization? thanks for any help. -afan I would perform multiple inserts @ a time. This way you save yourself some time by not having mysql rebuild the indexes, if any exist, after each insert statement. Indeed, but bear in mind that there is a limit on the size of queries MySQL will accept. Look up the MySQL max_packet_size for details. -Stut I didn't find max_packet_size in my my.cnf, but found max_allowed_packet - that's the same, right? Indeed, my memory ain't what it used to be. under [mysqld] max_allowed_packet = 1M shouldn't be 1M enough for the query? Depends how big it's gonna get, which is for you to judge. -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] what is better way to write the query
afan pasalic wrote: Stut wrote: afan pasalic wrote: Stut wrote: Jim Lucas wrote: afan pasalic wrote: hi, it's maybe more question for mysql list, but since php is involved too... :-) I have php script that inserts into mysql table couple hundreds of records. usually, it looks like: ?php // 1st record $query = INSERT INTO table (col_11, col_12, ... col_1n) VALUES ($value_11, $value_12,... $value_1n ); mysql_query($query) or die ($mysql_error()); // 2nd record $query = INSERT INTO table (col_21, col_22, ... col_2n) VALUES ($value_21, $value_22,... $value_2n ); mysql_query($query) or die ($mysql_error()); ... // last record $query = INSERT INTO table (col_m1, col_m2, ... col_mn) VALUES ($value_m1, $value_m2,... $value_mn ); mysql_query($query) or die ($mysql_error()); It also works this way: $query = INSERT INTO table (col_m1, col_m2, ... col_mn) VALUES; $query .= ($value_m1, $value_m2,... $value_mn ), ; $query .= ($value_21, $value_22,... $value_2n ), ; ... $query .= ($value_m1, $value_m2,... $value_mn ); mysql_query($query) or die ($mysql_error()); is what's the difference between these two queries? is there any situations when is better to use first vs. second? any suggestion for the process of inserting up to 5K records at the time or this number is so small to consider any optimization? thanks for any help. -afan I would perform multiple inserts @ a time. This way you save yourself some time by not having mysql rebuild the indexes, if any exist, after each insert statement. Indeed, but bear in mind that there is a limit on the size of queries MySQL will accept. Look up the MySQL max_packet_size for details. -Stut I didn't find max_packet_size in my my.cnf, but found max_allowed_packet - that's the same, right? Indeed, my memory ain't what it used to be. under [mysqld] max_allowed_packet = 1M shouldn't be 1M enough for the query? Depends how big it's gonna get, which is for you to judge. -Stut I'll run some tests and find what would be the best value. But, multiple inserts (solution no. 2) is the answer, right? It's definitely more efficient, yes. -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Problem with input name, how can i use . (dot) in a name of a input type text?
Jônata Tyska Carvalho wrote: Im having a big problem because the name of one input type text that is ' table.name' in my html, becomes 'table_name' in php, it is a kind of bug?? =S form method=post input type=text nametable.name /form in PHP we have: $_POST[table_name] instead of $_POST[table.name] someone knows some way to put this to work?? i wanna send 'table.name' and receive in php 'table.name'! I don't know for certain but that's likely happening because a period is not valid in a PHP variable name. One alternative would be to use table[name] instead. This will lead to $_POST['table']['name']. -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Problem with input name, how can i use . (dot) in a name of a input type text?
Jochem Maas wrote: Stut wrote: Jônata Tyska Carvalho wrote: Im having a big problem because the name of one input type text that is ' table.name' in my html, becomes 'table_name' in php, it is a kind of bug?? =S form method=post input type=text nametable.name /form in PHP we have: $_POST[table_name] instead of $_POST[table.name] someone knows some way to put this to work?? i wanna send 'table.name' and receive in php 'table.name'! I don't know for certain but that's likely happening because a period is not valid in a PHP variable name. One alternative would be to use table[name] instead. This will lead to $_POST['table']['name']. I think Stut is correct - the period is a concatenation operator. also there are plenty of alertnatives to the Stuts suggested 'table[name]' naming approach. that said given the following code: $f = my.bad; $$f = MY BAD; echo $f, \n, $$f, \n; ... I personally feel that the $_POST should just contain 'table.name' - which is not an illegal array key - most likely the reason it is (the var name) transformed is due to BC, namely with register_globals set to ON php is required to automatically create a variable $table.name (which is not legal). Indeed. I think technically this would be a bug because in an ideal world it would only be transformed when extract'ed from the array. There's no reason to transform it prematurely. -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Cannot send a hyperlink
Brad wrote: I am not sure that would help. Just another can of worms. The $_REQUEST is tied into a whole bunch of database functions. I have no idea what you mean by this. It makes no sense to me. My present code ? $email = $_REQUEST['email'] ; $message = 'a href='.www.zoneofsuccessclub.com.'link /a'; $headers = 'MIME-Version: 1.0' . \r\n; $headers .= 'Content-type: text/html; charset=iso-8859-1' . \r\n; mail( $email, Your FREE book from Zone of Success Club .com, $headers, $message, From: $email ); ? You *really* need to read the manual page for function before you use them. For example a quick glance at http://php.net/function.mail reveals that you have the parameters in an almost completely wrong order. And please tell me you're not really setting the to address directly from an external variable with verifying that it's just an email address and nothing else. Really bad idea. -Stut -- http://stut.net/ -Original Message- From: Jochem Maas [mailto:[EMAIL PROTECTED] Sent: Saturday, November 10, 2007 3:44 PM To: Brad Subject: Re: [PHP] Cannot send a hyperlink this will help: http://phpmailer.sourceforge.net/ Brad wrote: I am having trouble send an email with a hyperlink Php is parsing html as text If I add the proper header information to ?make it work? The email no longer goes through? Here is the code ? $email = $_REQUEST['email'] ; $body = 'a href='.www.zoneofsuccessclub.com.'link /a'; $headers = 'MIME-Version: 1.0' . \r\n; $headers .= 'Content-type: text/html; charset=iso-8859-1' . \r\n; mail( $email, Your FREE book from Zone of Success Club .com, $headers, $message, From: $email ); ? Thanks Brad No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.503 / Virus Database: 269.15.28/1122 - Release Date: 11/10/2007 10:41 AM No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.503 / Virus Database: 269.15.28/1122 - Release Date: 11/10/2007 10:41 AM No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.503 / Virus Database: 269.15.28/1122 - Release Date: 11/10/2007 10:41 AM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Cannot send a hyperlink
Brad wrote: Explanation of code $email = $_REQUEST['email'] ; (generated by dreamweaver that pulls in the database functions) No database involved here. None. Nadda. Niet! $message = 'a href='.www.zoneofsuccessclub.com.'link /a'; (my nemesis, I can not figure out this puppy. If it works at all, php will generate it at text and not html. Taken from example I find on the web.) That's because it's not valid PHP. This is probably what you're after... $message = 'a href=http://www.zoneofsuccessclub.com;link/a'; $headers = 'MIME-Version: 1.0' . \r\n; $headers .= 'Content-type: text/html; charset=iso-8859-1' . \r\n; (found on the web to solve my html problem???) That looks reasonable. mail( $email, Your FREE book from Zone of Success Club .com, $headers, $message, From: $email ); ? (Send the mail, when I put $headers in, the function quits working all together.) That's because it's in the wrong place. Did you even look at the manual like I suggested in my previous message? I hope this helps explain where my head is! My advice to you is to get a beginners book on basic PHP. If you can't see what's wrong with the above then you are lacking some foundation knowledge of PHP. -Stut -- http://stut.net/ -Original Message- From: Stut [mailto:[EMAIL PROTECTED] Sent: Saturday, November 10, 2007 4:55 PM To: Brad Cc: 'Jochem Maas'; php-general@lists.php.net Subject: Re: [PHP] Cannot send a hyperlink Brad wrote: I am not sure that would help. Just another can of worms. The $_REQUEST is tied into a whole bunch of database functions. I have no idea what you mean by this. It makes no sense to me. My present code ? $email = $_REQUEST['email'] ; $message = 'a href='.www.zoneofsuccessclub.com.'link /a'; $headers = 'MIME-Version: 1.0' . \r\n; $headers .= 'Content-type: text/html; charset=iso-8859-1' . \r\n; mail( $email, Your FREE book from Zone of Success Club .com, $headers, $message, From: $email ); ? You *really* need to read the manual page for function before you use them. For example a quick glance at http://php.net/function.mail reveals that you have the parameters in an almost completely wrong order. And please tell me you're not really setting the to address directly from an external variable with verifying that it's just an email address and nothing else. Really bad idea. -Stut -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: functions versus includes
Frank Lopes wrote: No takers on this topic? The question is not one of performance since while it will be quicker to call a function than include a file the difference is going to be inconsequential. If you were to use a function where would you put it? You imply it needs to be used from multiple scripts, so it would need to be in an included file anyway which makes the question kinda pointless. Whether to use a function should then be based on how you need to use this block of text. Will it be used more than once in any given script? If yes then you want a function so you only need to include the file once. If not then it really doesn't matter whether you use a function in the external file. When you're thinking about possible performance issues there are two things you need to ensure... 1) You're not spending time optimising the wrong bit (this would be an example of that). You can check that by writing a quick performance test as someone did later in this thread. 90% of the time you'll find that the performance difference between two options is negligible. 2) The architecture and maintainability of your code is more important than most performance issues you can imagine. Performance optimisation should be driven by performance problems. Write your app, test it, find bottlenecks and then optimise those. Time spent saving 0.001 seconds per request is better spent elsewhere. -Stut -- http://stut.net/ Frank Lopes [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I just started using PHP and got to think... Without getting into the discussion of best practices, strictly from a performance perspective, what is faster: a function or an include? For example I have a block of text that needs to appear mutliple times throughout the site. Will I be better off creating a function with its contents and then later just calling the function or, will it be faster (from an execution perspective) for me to create an .inc file that gets included later on? Thanks for the your thoughts. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How to query google pagerank from PHP
mvh wrote: I found some code in perl at CPAN how to do that in PHP anyone know ? give a clue pls Port the Perl code. Won't be too hard. Where's the Perl code? -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Scrape?
tedd wrote: I have a Google Analytics account covering one of my web sites and I was wondering if it's possible to extract data from it? If it can be done, then how would one do it? Not really PHP-related, but at the top of each page in Analytics there's an Export button. Depending on what page you're looking at you can get a variety of formats including XML, CSV and TSV. Not sure if you can get at it without going through the login process. -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Scrape?
Daniel Brown wrote: On Nov 12, 2007 12:20 PM, Stut [EMAIL PROTECTED] wrote: tedd wrote: I have a Google Analytics account covering one of my web sites and I was wondering if it's possible to extract data from it? If it can be done, then how would one do it? Not really PHP-related, but at the top of each page in Analytics there's an Export button. Depending on what page you're looking at you can get a variety of formats including XML, CSV and TSV. Not sure if you can get at it without going through the login process. I would certainly hope not, but the login could be automated using cURL anyway. One option would be to use the email feature to get it sent to a PHP script on a schedule. -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Scrape?
Daniel Brown wrote: On Nov 12, 2007 12:26 PM, Stut [EMAIL PROTECTED] wrote: Daniel Brown wrote: On Nov 12, 2007 12:20 PM, Stut [EMAIL PROTECTED] wrote: tedd wrote: I have a Google Analytics account covering one of my web sites and I was wondering if it's possible to extract data from it? If it can be done, then how would one do it? Not really PHP-related, but at the top of each page in Analytics there's an Export button. Depending on what page you're looking at you can get a variety of formats including XML, CSV and TSV. Not sure if you can get at it without going through the login process. I would certainly hope not, but the login could be automated using cURL anyway. One option would be to use the email feature to get it sent to a PHP script on a schedule. -Stut -- http://stut.net/ I haven't used GA (probably the only web guy left in the world), but if it has an email feature like Stut mentioned, Tedd, you could run it through a piped-to-PHP email-parsing script. Is there an echo in here? -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] file_exists
Philip Thompson wrote:
I've run into similar problems where I *thought* I was looking in the
correct location... but I wasn't. Take this for example
?php // index.php?page=hello/hi
$page = $_GET['page'];
if (file_exists ($page.php)) {
include ($page.php);
}
?
I really hope this is not a piece of production code. If it is then you
might want to think very hard about what it's doing. If you still can't
see a problem let me know!
-Stut
--
http://stut.net/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] file_exists
Instruct ICC wrote:
Date: Thu, 15 Nov 2007 00:20:52 +
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
CC: php-general@lists.php.net
Subject: Re: [PHP] file_exists
Philip Thompson wrote:
I've run into similar problems where I *thought* I was looking in the
correct location... but I wasn't. Take this for example
$page = $_GET['page'];
if (file_exists ($page.php)) {
include ($page.php);
}
?
I really hope this is not a piece of production code. If it is then you
might want to think very hard about what it's doing. If you still can't
see a problem let me know!
-Stut
--
http://stut.net/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Called like this?
index.php?page=http://evil-hacker-site.com/evil-payload.php
And the browser will probably url_encode for me if needed.
Actually in this example that would end up getting evil-payload.php.php
- probably not what your evil mind wanted. You could do this...
index.php?page=http://evil-hacker-site.com/evil-payload
...assuming you know it's gonna stick .php on the end. Alternatively you
could do this...
index.php?page=http://evil-hacker-site.com/evil-payload.php?
Resulting in the appended .php being in the querystring. The easiest way
to protect your code from this is to always always prefix the string
with something as well as appending to it. For example...
$page = dirname(__FILE__).'/'.$_GET['page'].'.php';
if (file_exists ($page)) {
include ($page);
}
But that doesn't prevent a malicious user including any PHP file on your
server. $_GET['page'] should be one of a known set of values. At the
very least it should be restricted to file in a particular directory.
Something like the following would be much better (untested)...
$page = realpath(dirname(__FILE__).'/inc/'.$_GET['page'].'.php');
$expecteddir = realpath(dirname(__FILE__).'/inc');
if (substr($page, 0, strlen($expecteddir)) != $expecteddir)
{
// Ideally return a 403 status here
die('Access denied');
}
// Now we know it's a file in the right directory
if (file_exists($page))
{
include($page);
}
else
{
// Return a 404 status here
die('Resource not found');
}
That should lock the requested page to the given directory. If anyone
can see any way around that I'd be interested in hearing about it.
-Stut
--
http://stut.net/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Cannot send a hyperlink
Brad wrote: Beginning with $headers .= --.$htmlalt_mime_boundary.$eol; It starts to read it as text and not html?? Could this be a server side problem? $email = $_REQUEST['email'] ; $fromaddress .= '[EMAIL PROTECTED]'; $fromname .= 'Zone of success Club'; $eol=\r\n; $headers = From: .$fromname..$fromaddress..$eol; $headers .= Reply-To: .$fromname..$fromaddress..$eol; $headers .= Return-Path: .$fromname..$fromaddress..$eol; $headers .= Message-ID: .time().-.$fromaddress..$eol; $headers .= X-Mailer: PHP .phpversion().$eol; $headers .= --.$htmlalt_mime_boundary.$eol; $headers .= Content-Type: text/html; charset=iso-8859-1.$eol; $headers .= Content-Transfer-Encoding: 8bit.$eol.$eol; $body = a href=\http://www.zoneofsuccessclub.com\;link /a\n; mail($email, $subject, $body, $headers); You should not have a mime boundary in your headers. Why not use PHPMailer? All this (apparently) complicated stuff is already implemented for you. Either that or spend a few days learning about the structure of emails by following the links Daniel Brown sent you a few emails ago. PHPMailer can be found here: http://phpmailer.sf.net/ -Stut -- http://stut.net/ -Original Message- From: Daniel Brown [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 14, 2007 11:09 AM To: Brad Cc: [EMAIL PROTECTED]; php-general@lists.php.net Subject: Re: [PHP] Cannot send a hyperlink Brad, That code is a mess and highly incorrect, even at a novice level. Let me give you a hand On Nov 14, 2007 10:31 AM, Brad [EMAIL PROTECTED] wrote: I implemented the proposed code, and emails are not being sent? Any suggestions? Here is the code ? $email = $_REQUEST['email'] ; $eol=\r\n; $headers .= From: .$fromname..$fromaddress..$eol; $headers .= Reply-To: .$fromname..$fromaddress..$eol; $headers .= Return-Path: .$fromname..$fromaddress..$eol; $headers .= Message-ID: .time().-.$fromaddress..$eol; $headers .= X-Mailer: PHP .phpversion().$eol; $msg .= --.$htmlalt_mime_boundary.$eol; $msg .= Content-Type: text/html; charset=iso-8859-1.$eol; $msg .= Content-Transfer-Encoding: 8bit.$eol.$eol; $body.='ahref='.www.zoneofsuccessclub.com.'link /a'; $msg .= $body.$eol.$eol; mail($to, $subject, $msg, $headers); ? [snip] 1.) You reference $to in the mail() function, but there is no $to defined. Instead, either change $email to $to or vice-versa. 2.) You don't need to start the first line of a variable off with a .= --- this will append to an existing variable of the same name, if it exists. 3.) You change your quoting style where it's not necessary. All $msg lines should be using double quotes in your code above. 4.) ahref=... is not a tag. The correct usage is a href=... 5.) You have things in the message body that should be in the headers. 6.) You don't need to do a carriage return and newline in the message body. A simple \n will suffice. 7.) I'm not sure what you hoped to achieve with the '.www.domain.com.' conglomerate, but don't. That makes PHP think that the domain is some sort of internally-defined variable of horrible construct. 8.) You should use http:// prior to the FQDN. Taking hints from what appears to be your code, this is how it should be: ? $email = $_REQUEST['email'] ; $eol=\r\n; $headers = From: .$fromname..$fromaddress..$eol; $headers .= Reply-To: .$fromname..$fromaddress..$eol; $headers .= Return-Path: .$fromname..$fromaddress..$eol; $headers .= Message-ID: .time().-.$fromaddress..$eol; $headers .= X-Mailer: PHP .phpversion().$eol; $headers .= --.$htmlalt_mime_boundary.$eol; $headers .= Content-Type: text/html; charset=iso-8859-1.$eol; $headers .= Content-Transfer-Encoding: 8bit.$eol.$eol; $body = a href=\http://www.zoneofsuccessclub.com\;link /a\n; mail($email, $subject, $body, $headers); ? Prior to asking a bunch of questions on the list, which seriously puts you at risk for being flamed or ignored, check out these references: http://www.bath.ac.uk/bucs/email/anatomy.shtml [Anatomy of an Email Message] http://www.php.net/mail [PHP Mail Functions] http://www.htmlgoodies.com/primers/html/ [Beginner's Guide to HTML] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Cannot send a hyperlink
Brad wrote: My bad, You do not need command line access! I should have read more. I just need to get this puppy working is all. Php should be able to do this by it's self! It can, *if* you create the email correctly. PHPMailer will be quicker to put in than this merry-go-round you're on right now. Seriously. -Stut -- http://stut.net/ -Original Message- From: Stut [mailto:[EMAIL PROTECTED] Sent: Thursday, November 15, 2007 9:46 AM To: Brad Cc: 'Daniel Brown'; php-general@lists.php.net Subject: Re: [PHP] Cannot send a hyperlink Brad wrote: Beginning with $headers .= --.$htmlalt_mime_boundary.$eol; It starts to read it as text and not html?? Could this be a server side problem? $email = $_REQUEST['email'] ; $fromaddress .= '[EMAIL PROTECTED]'; $fromname .= 'Zone of success Club'; $eol=\r\n; $headers = From: .$fromname..$fromaddress..$eol; $headers .= Reply-To: .$fromname..$fromaddress..$eol; $headers .= Return-Path: .$fromname..$fromaddress..$eol; $headers .= Message-ID: .time().-.$fromaddress..$eol; $headers .= X-Mailer: PHP .phpversion().$eol; $headers .= --.$htmlalt_mime_boundary.$eol; $headers .= Content-Type: text/html; charset=iso-8859-1.$eol; $headers .= Content-Transfer-Encoding: 8bit.$eol.$eol; $body = a href=\http://www.zoneofsuccessclub.com\;link /a\n; mail($email, $subject, $body, $headers); You should not have a mime boundary in your headers. Why not use PHPMailer? All this (apparently) complicated stuff is already implemented for you. Either that or spend a few days learning about the structure of emails by following the links Daniel Brown sent you a few emails ago. PHPMailer can be found here: http://phpmailer.sf.net/ -Stut -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Cannot send a hyperlink
Daniel Brown wrote: On Nov 15, 2007 11:10 AM, Stut [EMAIL PROTECTED] wrote: Daniel Brown wrote: On Nov 15, 2007 9:41 AM, Brad [EMAIL PROTECTED] wrote: Beginning with $headers .= --.$htmlalt_mime_boundary.$eol; It starts to read it as text and not html?? Could this be a server side problem? Negative. It's client-side error E304, resulting from a null-pointer exception between the chair and keyboard. Usually abbreviated to PEBKAC if I'm not mistaken. I'm afraid we're going to have to do a stack trace. [Snaps on rubber glove] Just try to relax. [Advises Brad to close his eyes and think of England] -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] IDE
Jammer wrote: Hi All, This is my first post here ... I'm very much a newbie to php but work during the day using SQL Server, VS2005 and Foxpro. Looking to gen up on my PHP. Are there any IDE's for PHP worth checking out. Particularly free ones! TIA, Will you please check the freakin' archives. This topic has been covered numerous times over the past week or so. -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Cannot send a hyperlink
Brad wrote: Thank you so much! It worked like a champ first try! I would have never seen that and have been looking everywhere on the net for a working example! Funny thing is, right after is work perfectly twice, my database crashed! But, this is the technology we play with! Problem solved and I am going to post this code on the php website for others to reference! If you do please don't mention me. This might work but as I said in my email (which you clearly read very carefully!) it's not the right way to do it. Please pay particular notice to my last important note below... THIS CODE IS NOT SECURE. It's easily used as a mail relay script, so please don't use it in production or $DEITY will kill a bunch of kittens. -Stut -- http://stut.net/ -Original Message- From: Stut [mailto:[EMAIL PROTECTED] Sent: Thursday, November 15, 2007 10:16 AM To: Brad Cc: php-general@lists.php.net Subject: Re: [PHP] Cannot send a hyperlink Brad wrote: No access to the server command line to install it! And, I am into this guy too deep to switch technologies. For the next time around, no problem, this time I am just trying to get php to do what it is supposed to do. You don't need command line access to install it. PHPMailer consists of PHP only - nothing to install but PHP files. See here: http://phpmailer.sourceforge.net/install.php The suggestion of mime was presented to me from another kind sole trying to help that knows more than I and recommended on other help files. Why is php refusing to parse as html? And here lies the basic problem. PHP is *not* the thing that's refusing to parse it as HTML. Since you don't know that you really should do a lot of reading before you try sending HTML emails without using something like PHPMailer. For beeps and farts I've fixed your code, but even though it will now work it is nowhere near the right way to send this type of email, but my life is probably going to be too short to tell you what you could easily find out yourself. $email = $_REQUEST['email']; $fromaddress = '[EMAIL PROTECTED]'; $fromname = 'Zone of success Club'; $eol = \r\n; $headers = 'From: '.$fromname.' '.$fromaddress.''.$eol; $headers .= 'Reply-To: '.$fromname.' '.$fromaddress.''.$eol; $headers .= 'Return-Path: '.$fromname.' '.$fromaddress.''.$eol; $headers .= 'X-Mailer: PHP '.phpversion().$eol; $headers .= 'Content-Type: text/html; charset=iso-8859-1'.$eol; $headers .= 'Content-Transfer-Encoding: 8bit'; $subject = 'This is my spam, worship me'; $body = 'a href=http://www.zoneofsuccessclub.com/;link/a'; mail($email, $subject, $body, $headers); Some *important* notes... * I defined $subject because it tries to use it. * You don't need to provide the MessageID - your mail server will do that for you... correctly. * You don't need to add two carriage returns at the end of the headers - PHP will do that for you. * This email will be in HTML only which makes it a lot more likely to get flagged as spam. * If you're on a unix-based platform you really should be using the 5th parameter to mail, but that's probably going to confuse the hell out of you so I won't mention it. D'oh! * This code is not secure. It's trivial to inject headers (and a body too) into the message. You should be validating that $_REQUEST['email'] is a valid email address and just a valid email address. -Stut -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] file_exists
Instruct ICC wrote: No, you've missed the point. $expecteddir is a fixed variable that you, the script author, specify. It does not contain anything coming from external veriables. You then compare the full path you build from the external variables to $expecteddir to verify that the file is in the right directory. I suggest you read the code I posted again. -Stut I meant if $page evaluates to /home/stut/phpstuff/inc/../../../../../../../../../../../../home/evil-user-home-dir/evil-payload.php which it does not. However I don't think your if (substr($page, 0, strlen($expecteddir)) != $expecteddir) ever evaluates to TRUE. So you'll never get Access denied. So how you set $page saved your ass. Good job. You clearly don't know what the realpath function does. Look it up. -Stut No I didn't. And I looked it up for the previous reply. And I said that's the only thing saving your ass. Your IF never evaluates to true. But it works to keep out the hacker. So I said Good job. My server is down right now so I can't do my usual example script. The realpath function will reduce your definition of $page to /home/evil-user-home-dir/evil-payload.php $expecteddir is set to /home/stut/phpstuff/inc The if takes the first strlen($expecteddir) characters of the reduced $page and compares it to $expecteddir. If they don't match then if means the requested file is outside your safe directory, hence access denied. If they do match then it's safe to include the file. -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] file_exists
Instruct ICC wrote:
Date: Thu, 15 Nov 2007 13:16:46 +
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
CC: php-general@lists.php.net
Subject: Re: [PHP] file_exists
Instruct ICC wrote:
Date: Thu, 15 Nov 2007 00:20:52 +
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
CC: php-general@lists.php.net
Subject: Re: [PHP] file_exists
Philip Thompson wrote:
I've run into similar problems where I *thought* I was looking in the
correct location... but I wasn't. Take this for example
$page = $_GET['page'];
if (file_exists ($page.php)) {
include ($page.php);
}
?
I really hope this is not a piece of production code. If it is then you
might want to think very hard about what it's doing. If you still can't
see a problem let me know!
-Stut
--
http://stut.net/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Called like this?
index.php?page=http://evil-hacker-site.com/evil-payload.php
And the browser will probably url_encode for me if needed.
Actually in this example that would end up getting evil-payload.php.php
- probably not what your evil mind wanted. You could do this...
index.php?page=http://evil-hacker-site.com/evil-payload
...assuming you know it's gonna stick .php on the end. Alternatively you
could do this...
index.php?page=http://evil-hacker-site.com/evil-payload.php?
Resulting in the appended .php being in the querystring. The easiest way
to protect your code from this is to always always prefix the string
with something as well as appending to it. For example...
$page = dirname(__FILE__).'/'.$_GET['page'].'.php';
if (file_exists ($page)) {
include ($page);
}
But that doesn't prevent a malicious user including any PHP file on your
server. $_GET['page'] should be one of a known set of values. At the
very least it should be restricted to file in a particular directory.
Something like the following would be much better (untested)...
$page = realpath(dirname(__FILE__).'/inc/'.$_GET['page'].'.php');
$expecteddir = realpath(dirname(__FILE__).'/inc');
if (substr($page, 0, strlen($expecteddir)) != $expecteddir)
{
// Ideally return a 403 status here
die('Access denied');
}
// Now we know it's a file in the right directory
if (file_exists($page))
{
include($page);
}
else
{
// Return a 404 status here
die('Resource not found');
}
That should lock the requested page to the given directory. If anyone
can see any way around that I'd be interested in hearing about it.
-Stut
--
http://stut.net/
Good points about (.php, evil-payload, and evil-payload.php?).
Although I'll defer to a security expert, your modification looks good to not
include a remote site's code.
But on a shared host, what about this?:
index.php?page=../../../../../../../../../../../../home/evil-user-home-dir/evil-payload.php
If that gives something like:
$expecteddir ===
/home/stut/phpstuff/inc/../../../../../../../../../../../../home/evil-user-home-dir/evil-payload.php
maybe it will include /home/evil-user-home-dir/evil-payload.php
Maybe a switch statement that only uses the file name supplied by the script (whether or not an unknown user
supplies an actual file name. I just did something like that today. I have a custom ls type PHP
script and I want it to search 1 of 2 directories only. I check if the GET var is set; don't even look at
the value, then do a custom ls on 1 or the other directory which is in the web path. The whole
site is behind htaccess though, but I added this layer for this special ls function.
No, you've missed the point. $expecteddir is a fixed variable that you,
the script author, specify. It does not contain anything coming from
external veriables. You then compare the full path you build from the
external variables to $expecteddir to verify that the file is in the
right directory.
I suggest you read the code I posted again.
-Stut
--
http://stut.net/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] file_exists
Instruct ICC wrote:
Something like the following would be much better (untested)...
$page = realpath(dirname(__FILE__).'/inc/'.$_GET['page'].'.php');
$expecteddir = realpath(dirname(__FILE__).'/inc');
if (substr($page, 0, strlen($expecteddir)) != $expecteddir)
{
// Ideally return a 403 status here
die('Access denied');
}
// Now we know it's a file in the right directory
if (file_exists($page))
{
include($page);
}
else
{
// Return a 404 status here
die('Resource not found');
}
That should lock the requested page to the given directory. If anyone
can see any way around that I'd be interested in hearing about it.
-Stut
--
http://stut.net/
Good points about (.php, evil-payload, and evil-payload.php?).
Although I'll defer to a security expert, your modification looks good to not
include a remote site's code.
But on a shared host, what about this?:
index.php?page=../../../../../../../../../../../../home/evil-user-home-dir/evil-payload.php
If that gives something like:
$expecteddir ===
/home/stut/phpstuff/inc/../../../../../../../../../../../../home/evil-user-home-dir/evil-payload.php
maybe it will include /home/evil-user-home-dir/evil-payload.php
No, you've missed the point. $expecteddir is a fixed variable that you,
the script author, specify. It does not contain anything coming from
external veriables. You then compare the full path you build from the
external variables to $expecteddir to verify that the file is in the
right directory.
I suggest you read the code I posted again.
-Stut
I meant if $page evaluates to
/home/stut/phpstuff/inc/../../../../../../../../../../../../home/evil-user-home-dir/evil-payload.php
which it does not.
However I don't think your if (substr($page, 0, strlen($expecteddir)) !=
$expecteddir)
ever evaluates to TRUE. So you'll never get Access denied.
So how you set $page saved your ass. Good job.
You clearly don't know what the realpath function does. Look it up.
-Stut
--
http://stut.net/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Cannot send a hyperlink
Brad wrote: No access to the server command line to install it! And, I am into this guy too deep to switch technologies. For the next time around, no problem, this time I am just trying to get php to do what it is supposed to do. You don't need command line access to install it. PHPMailer consists of PHP only - nothing to install but PHP files. See here: http://phpmailer.sourceforge.net/install.php The suggestion of mime was presented to me from another kind sole trying to help that knows more than I and recommended on other help files. Why is php refusing to parse as html? And here lies the basic problem. PHP is *not* the thing that's refusing to parse it as HTML. Since you don't know that you really should do a lot of reading before you try sending HTML emails without using something like PHPMailer. For beeps and farts I've fixed your code, but even though it will now work it is nowhere near the right way to send this type of email, but my life is probably going to be too short to tell you what you could easily find out yourself. $email = $_REQUEST['email']; $fromaddress = '[EMAIL PROTECTED]'; $fromname = 'Zone of success Club'; $eol = \r\n; $headers = 'From: '.$fromname.' '.$fromaddress.''.$eol; $headers .= 'Reply-To: '.$fromname.' '.$fromaddress.''.$eol; $headers .= 'Return-Path: '.$fromname.' '.$fromaddress.''.$eol; $headers .= 'X-Mailer: PHP '.phpversion().$eol; $headers .= 'Content-Type: text/html; charset=iso-8859-1'.$eol; $headers .= 'Content-Transfer-Encoding: 8bit'; $subject = 'This is my spam, worship me'; $body = 'a href=http://www.zoneofsuccessclub.com/;link/a'; mail($email, $subject, $body, $headers); Some *important* notes... * I defined $subject because it tries to use it. * You don't need to provide the MessageID - your mail server will do that for you... correctly. * You don't need to add two carriage returns at the end of the headers - PHP will do that for you. * This email will be in HTML only which makes it a lot more likely to get flagged as spam. * If you're on a unix-based platform you really should be using the 5th parameter to mail, but that's probably going to confuse the hell out of you so I won't mention it. D'oh! * This code is not secure. It's trivial to inject headers (and a body too) into the message. You should be validating that $_REQUEST['email'] is a valid email address and just a valid email address. -Stut -- http://stut.net/ -Original Message- From: Stut [mailto:[EMAIL PROTECTED] Sent: Thursday, November 15, 2007 9:46 AM To: Brad Cc: 'Daniel Brown'; php-general@lists.php.net Subject: Re: [PHP] Cannot send a hyperlink Brad wrote: Beginning with $headers .= --.$htmlalt_mime_boundary.$eol; It starts to read it as text and not html?? Could this be a server side problem? $email = $_REQUEST['email'] ; $fromaddress .= '[EMAIL PROTECTED]'; $fromname .= 'Zone of success Club'; $eol=\r\n; $headers = From: .$fromname..$fromaddress..$eol; $headers .= Reply-To: .$fromname..$fromaddress..$eol; $headers .= Return-Path: .$fromname..$fromaddress..$eol; $headers .= Message-ID: .time().-.$fromaddress..$eol; $headers .= X-Mailer: PHP .phpversion().$eol; $headers .= --.$htmlalt_mime_boundary.$eol; $headers .= Content-Type: text/html; charset=iso-8859-1.$eol; $headers .= Content-Transfer-Encoding: 8bit.$eol.$eol; $body = a href=\http://www.zoneofsuccessclub.com\;link /a\n; mail($email, $subject, $body, $headers); You should not have a mime boundary in your headers. Why not use PHPMailer? All this (apparently) complicated stuff is already implemented for you. Either that or spend a few days learning about the structure of emails by following the links Daniel Brown sent you a few emails ago. PHPMailer can be found here: http://phpmailer.sf.net/ -Stut -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Foreach question
Juan Marcelo Rodríguez wrote:
I'm working with an associative array, and generating its data a form. I use
foreach to loops the contents of the array and echo to print the table and
the data. Everything goes well, however I would like to add a counter to
print the row's number.
The question : Am I able to add a counter within foreach to print the row
number in each row using echo ?. I tried a few things but I couldn't.
The mind boggles when wondering what you tried.
$counter = 1;
foreach ($array as $val)
{
// Do your stuff here
// Increment the counter
$counter++;
}
-Stut
--
http://stut.net/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Cannot send a hyperlink
Daniel Brown wrote: On Nov 15, 2007 9:41 AM, Brad [EMAIL PROTECTED] wrote: Beginning with $headers .= --.$htmlalt_mime_boundary.$eol; It starts to read it as text and not html?? Could this be a server side problem? Negative. It's client-side error E304, resulting from a null-pointer exception between the chair and keyboard. Usually abbreviated to PEBKAC if I'm not mistaken. -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] file_exists
tedd wrote:
At 11:06 PM + 11/15/07, Stut wrote:
The realpath function will reduce your definition of $page to
/home/evil-user-home-dir/evil-payload.php
$expecteddir is set to /home/stut/phpstuff/inc
The if takes the first strlen($expecteddir) characters of the reduced
$page and compares it to $expecteddir.
If they don't match then if means the requested file is outside your
safe directory, hence access denied. If they do match then it's safe
to include the file.
-Stut
-Stut:
What about this?
?php
$origwd=getcwd();
while(!file_exists('common'))
{
$prevwd=getcwd();
If (basename($prevwd) == httpdocs)
{
echo('not foundbr/');
exit;
}
chdir('..');
}
include('common/includes/header.php');
chdir($origwd);
?
I have a common set of includes that most of my test scripts find and
use. Unless I'm not understanding the problem here, this looks like
something this might work. It simply looks for the files it needs in an
approved path. I don't see any way to circumvent this, do you?
Since nothing in there comes from external variables it should be pretty
safe, but this is not what the OP was doing.
It also worth noting that what you're doing there is quite inefficient.
I have a similar arrangement where I have a directory containing the
include files, but I locate it in a different way. Most sites I deal
with have an auto-prepended file containing (among other things) this
line...
ini_set('include_path',
dirname(__FILE__).'/../code'.PATH_SEPARATOR.ini_get('include_path'));
This adds the code subdirectory (relative to the location of the
prepended file) to the include page. I then don't need to worry about
where I am when I want to include a file.
When a site goes into production I remove this line and set it in the
virtualhost definition since there's no reason to re-calculate it on
every request.
-Stut
--
http://stut.net/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Gmail Account Invites (Want One?)
Daniel Brown wrote: On Nov 16, 2007 9:36 AM, tedd [EMAIL PROTECTED] wrote: At 5:00 PM -0500 11/15/07, Daniel Brown wrote: Yay! I got to say my stupid thing for the day. Last I had even looked at the signup process, it was open to US users who had a cell phone and could receive SMS messages (containing a confirmation code). I wonder why the hell they still give you a limit on invites for Gmail then. I guess it's just typical eccentric Google. Well, if it makes you feel better, you can invite me. :-) Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com For the record, Tedd, when I sent a Gmail invite to your Gmail account, it didn't reduce my number of invites. Let me know what the email says, if it offers any additional hint as to why the invites still exist. Surely this is obvious? If they remove them they would remove a way for their users to introduce new people to the service. Removing that ability wouldn't make sense to me. It might make more sense if they changed the wording, but the feature does no harm and so is definitely worth them keeping it in. -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Gmail Account Invites (Want One?)
Daniel Brown wrote: On Nov 16, 2007 9:47 AM, Stut [EMAIL PROTECTED] wrote: Daniel Brown wrote: On Nov 16, 2007 9:36 AM, tedd [EMAIL PROTECTED] wrote: At 5:00 PM -0500 11/15/07, Daniel Brown wrote: Yay! I got to say my stupid thing for the day. Last I had even looked at the signup process, it was open to US users who had a cell phone and could receive SMS messages (containing a confirmation code). I wonder why the hell they still give you a limit on invites for Gmail then. I guess it's just typical eccentric Google. Well, if it makes you feel better, you can invite me. :-) Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com For the record, Tedd, when I sent a Gmail invite to your Gmail account, it didn't reduce my number of invites. Let me know what the email says, if it offers any additional hint as to why the invites still exist. Surely this is obvious? If they remove them they would remove a way for their users to introduce new people to the service. Removing that ability wouldn't make sense to me. It might make more sense if they changed the wording, but the feature does no harm and so is definitely worth them keeping it in. -Stut -- http://stut.net/ Yes, but Stut, you have a maximum of 100 invites and when you're out, you're out. I agree it makes it seem like more of a hot-ticket item while limiting people, but I don't know if that is, in fact, what they're going for. I could be wrong but I don't think it's really limited anymore, just appears that way. I'm sure if you actually invite a bunch of people it will either not reduce your invite count or they will be replenished fairly quickly. Leaving it there with no limits is a quick and easy way to still allow personal referrals with minimal effort on their part. -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] bank query and curl
[EMAIL PROTECTED] wrote: WHY! Would you even want to pull that data first off? It would be out dated as of the next transaction anyway. Secondly if you can curl the data from the server, and get your account information! I suggest you change banks. With that attitude you'll end up keeping your money under your bed. Anything my browser can do curl can do. Bad decision I think to make this attempt. Why? If Ronald decides to access *his* account using a method other than a browser, what is he doing wrong? The only downside to it is if he's storing his authentication credentials somewhere so it can be an automated process. Aside from that possibility I don't see the bad here. You can bet I will be watching your networks for an attempt on authentication failures. Because that request does not sound RIGHT to me. inetnum: 59.124.0.0 - 59.127.255.255 netname: HINET-NET country: TW descr: CHTD, Chunghwa Telecom Co.,Ltd. descr: Data-Bldg.6F, No.21, Sec.21, Hsin-Yi Rd. descr: Taipei Taiwan 100 Interland, Inc. MAXIM-NETBLK-1 (NET-216-65-0-0-1) 216.65.0.0 - 216.65.127.255 Poke Internet Services MAX-CUSTNET-348 (NET-216-65-86-0-1) 216.65.86.0 - 216.65.86.255 Wow. Look everyone, he knows how to look up the owner of an IP address. Phear his mad sysadmin skillz! Seriously, I highly doubt Ronald is going to try anything against your systems. Just curious about something... what would you do if he did try something? Call your mother and have a little cry? -Original Message- From: Ronald Wiplinger [mailto:[EMAIL PROTECTED] Sent: Friday, November 16, 2007 11:38 PM To: PHP General list Subject: [PHP] bank query and curl I have a bank account and would like to query the last transactions. I can do that now via web and think that I can convert this procedure to a list of curl requests and finally put the result into a database on my server. Fortunately this bank account does not allow transactions, just viewing the account. Is there a guide available how to start this project? I would suggest the curl documentation. In order to duplicate what a browser does you basically just need to make sure you persist cookies between requests. Depending on what the site you're accessing does it may not be particularly trivial to do this. You may end up needing to parse each page that's returned to get the right URL to use for the next request, but it shouldn't get any more complicated than that. As I mentioned above I would strongly recommend that you do not store your authentication credentials anywhere. If you need this to be an automated system don't bother - it's not worth the risk. Oh, and don't underestimate the damage that can be caused by someone gaining access to this account. Just because you can't carry out transactions through the site doesn't mean the information it gives you access to can't be used for evil purposes. One last thing... you may find yourself getting blocked from the banks site if you make too many failed requests. You may want to pick another site while you learn how curl works. -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] bank query and curl
Zoltán Németh wrote: 2007. 11. 17, szombat keltezéssel 23.15-kor Stut ezt írta: [EMAIL PROTECTED] wrote: WHY! Would you even want to pull that data first off? It would be out dated as of the next transaction anyway. Secondly if you can curl the data from the server, and get your account information! I suggest you change banks. With that attitude you'll end up keeping your money under your bed. Anything my browser can do curl can do. hmm, my bank won't let me access my account with only a browser. it uses some additional authentication, either by sms or by card reader. Maybe so, but that doesn't alter the fact that anything my browser can do curl can do. An external source like a card reader or code by SMS would prevent completely automating the process, but it doesn't stop it being done with curl. -Stut -- http://stut.net/ Bad decision I think to make this attempt. Why? If Ronald decides to access *his* account using a method other than a browser, what is he doing wrong? The only downside to it is if he's storing his authentication credentials somewhere so it can be an automated process. Aside from that possibility I don't see the bad here. You can bet I will be watching your networks for an attempt on authentication failures. Because that request does not sound RIGHT to me. inetnum: 59.124.0.0 - 59.127.255.255 netname: HINET-NET country: TW descr: CHTD, Chunghwa Telecom Co.,Ltd. descr: Data-Bldg.6F, No.21, Sec.21, Hsin-Yi Rd. descr: Taipei Taiwan 100 Interland, Inc. MAXIM-NETBLK-1 (NET-216-65-0-0-1) 216.65.0.0 - 216.65.127.255 Poke Internet Services MAX-CUSTNET-348 (NET-216-65-86-0-1) 216.65.86.0 - 216.65.86.255 Wow. Look everyone, he knows how to look up the owner of an IP address. Phear his mad sysadmin skillz! Seriously, I highly doubt Ronald is going to try anything against your systems. Just curious about something... what would you do if he did try something? Call your mother and have a little cry? -Original Message- From: Ronald Wiplinger [mailto:[EMAIL PROTECTED] Sent: Friday, November 16, 2007 11:38 PM To: PHP General list Subject: [PHP] bank query and curl I have a bank account and would like to query the last transactions. I can do that now via web and think that I can convert this procedure to a list of curl requests and finally put the result into a database on my server. Fortunately this bank account does not allow transactions, just viewing the account. Is there a guide available how to start this project? I would suggest the curl documentation. In order to duplicate what a browser does you basically just need to make sure you persist cookies between requests. Depending on what the site you're accessing does it may not be particularly trivial to do this. You may end up needing to parse each page that's returned to get the right URL to use for the next request, but it shouldn't get any more complicated than that. As I mentioned above I would strongly recommend that you do not store your authentication credentials anywhere. If you need this to be an automated system don't bother - it's not worth the risk. Oh, and don't underestimate the damage that can be caused by someone gaining access to this account. Just because you can't carry out transactions through the site doesn't mean the information it gives you access to can't be used for evil purposes. One last thing... you may find yourself getting blocked from the banks site if you make too many failed requests. You may want to pick another site while you learn how curl works. -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] bank query and curl
Admin: Please don't reply directly to me. If you want to say something that you don't want to share with the group, don't bother. I did start replying to this email, but decided it wasn't worth it. Anyone who uses language like this does not deserve a response, but it made me chuckle so I thought I'd share it... [EMAIL PROTECTED] wrote: Before you open your SMART MOUTH about me again, find out who I am first smart ass. I am a level 3 IASO(Information Assurance Security Officer) Certified software Engineer. I work for the D.O.D. and if I have to spell it out for you smart one it is, the Department of Defense. It is IDIOT's like you who no clue of what that MX record is tied to, and the past attempts on banking systems tied to that IP address range whom rant off like they know something, when you're an idiot in all sense of the word. Yet you spout off like your just a know it all. It amazes me you have not choked to death on a sandwich (lacking to brain power to comprehend the chewing process). Look moron before you pout around like you actually know something, be DAMN sure you are so not so fucking stupid that your brain does not over load your ass, like you just did. This might be hard for someone in your capacity but R E A D B E L O W Brain child! **Just released Security alert IT security services provider ** says from September through October, it blocked anywhere from 10,000 to 20,000 SQL Injection attacks per day. But as of November that number jumped from 10,000 to 40,000 to 80,000 per day. SQL Injection is a type of security exploit in which the attacker adds structured query language (SQL) code to a Web form input box to gain access to a form's resources or to make changes to data. Using this technique, hackers can determine the structure and location of key databases and can download the database or compromise the database server. ** says the majority of the attacks are coming from outside the US in the Taiwan location. SQL injection attacks include the CardSystems security breach last year, where hackers stole 263,000 customer credit card numbers and exposed 40 million more. ### SysWatch *** Processing Initiated: Sun Nov 17 04:02:01 2007 - SSHD Begin Failed logins from these: admin/password from 59.124.45.124: 502 Time(s) root/password from 59.124.45.124: 234 Time(s) guest/password from 59.124.45.124: 19 Time(s) Illegal users from these: admin/none from 59.124.45.124: 1 Time(s) root/none from 59.124.45.124: 3 Time(s) guest/password from 59.124.45.124: 2 Time(s) -- SSHD End - ## SysWatch End # -Stut -- http://stut.net/ -Original Message- From: Stut [mailto:[EMAIL PROTECTED] Sent: Saturday, November 17, 2007 5:15 PM To: [EMAIL PROTECTED] Cc: 'Ronald Wiplinger'; 'PHP General list' Subject: Re: [PHP] bank query and curl [EMAIL PROTECTED] wrote: WHY! Would you even want to pull that data first off? It would be out dated as of the next transaction anyway. Secondly if you can curl the data from the server, and get your account information! I suggest you change banks. With that attitude you'll end up keeping your money under your bed. Anything my browser can do curl can do. Bad decision I think to make this attempt. Why? If Ronald decides to access *his* account using a method other than a browser, what is he doing wrong? The only downside to it is if he's storing his authentication credentials somewhere so it can be an automated process. Aside from that possibility I don't see the bad here. You can bet I will be watching your networks for an attempt on authentication failures. Because that request does not sound RIGHT to me. inetnum: 59.124.0.0 - 59.127.255.255 netname: HINET-NET country: TW descr: CHTD, Chunghwa Telecom Co.,Ltd. descr: Data-Bldg.6F, No.21, Sec.21, Hsin-Yi Rd. descr: Taipei Taiwan 100 Interland, Inc. MAXIM-NETBLK-1 (NET-216-65-0-0-1) 216.65.0.0 - 216.65.127.255 Poke Internet Services MAX-CUSTNET-348 (NET-216-65-86-0-1) 216.65.86.0 - 216.65.86.255 Wow. Look everyone, he knows how to look up the owner of an IP address. Phear his mad sysadmin skillz! Seriously, I highly doubt Ronald is going to try anything against your systems. Just curious about something... what would you do if he did try something? Call your mother and have a little cry? -Original Message- From: Ronald Wiplinger [mailto:[EMAIL PROTECTED] Sent: Friday, November 16, 2007 11:38 PM To: PHP General list Subject: [PHP] bank query and curl I have a bank account
Re: [PHP] freeing resourses after the end of the session
Richard Heyes wrote: I made a image validation code, wich generate a image every time the user enters a page. The name of the image uses the session id, and I save it in a temporary directory. When the user close the browser (or leave the site) I would have to delete the image (or else I will start to have many garbage images in the temp directory). Is there any way to do that? From PHP? http://uk.php.net/manual/en/function.register-shutdown-function.php That would work for the end of a request, not the end of a session. The way I've done this in the past is to implement my own session handler and have that clean up temporary files when the session ends. However, there are less drastic ways to do it such as having a cron job simply delete images from the temp directory if they're older than a few days. Obviously this is less than ideal if the site traffic is high. -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] two small issues with php mail
Brad wrote: Implementing Bcc and smtp. Here we go again #1 email is only being sent to a few recipients. I need to implement $smtp = ‘localhost’; Somewhere, but I keep getting parse errors? Those are not normal quotes, but I'm guessing you actually typed that in the evil that is Outlook. #2 trying to do a Bcc but that gives me parse errors as well It should be as easy as? $Bcc [EMAIL PROTECTED]; $eol = \r\n; That's not valid code. Ok, the second bit is, but still rather pointless. Here is the working code, but if I implement the above needed inserts anywhere, I get a big ‘ol fat parse error Any assistance would be truly appreciated. An explanation of why would really help since this is for a school project. Ahh, suddenly everything becomes clear. You can't use PHPMailer because that would mean that you didn't learn it yourself you just used somebody elses work. So instead you ask here rather than reading the PHPMailer source code. Nice. Working code as is: ? $email = $_REQUEST['email']; $fromaddress = '[EMAIL PROTECTED]'; $fromname = 'Zone of success Club'; $eol = \r\n; $headers = 'From: '.$fromname.' '.$fromaddress.''.$eol; // $headers = 'bcc: '[EMAIL PROTECTED]'; This should work. However, because you're assigning this to $headers rather than concatenating it you're trampling over the From line above. BTW, Bcc usually has a capital letter. Probably wouldn't cause any problems but has the potential to stop it working. $headers .= 'Reply-To: '.$fromname.' '.$fromaddress.''.$eol; $headers .= 'Return-Path: '.$fromname.' '.$fromaddress.''.$eol; $headers .= 'X-Mailer: PHP '.phpversion().$eol; $headers .= 'Content-Type: text/html; charset=iso-8859-1'.$eol; $headers .= 'Content-Transfer-Encoding: 8bit'; $subject = 'Your free book!'; $body = 'a href=http://www.zoneofsuccessclub.com/freePDF/autopilotebook.pdf;Click ME/a Here is your FREE autopilot book'; Click ME indeed. I'm guessing this isn't an HCI course you're doing. mail($email, $subject, $body, $headers); ? Try the veal. -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] two small issues with php mail
Brad wrote: This information is pulled directly off the php website when used for other applications, so if I am wrong, then so are they. As for php mailer, my professor explained it very well today, Learn the in's and out's of the programming and it's quarks to understand the logic and then he will show us the tricks. I wouldn't call PHPMailer a trick as such, but your professor is absolutely right about learning the in's and out's of programming. Unfortunately your posts so far have demonstrated that you haven't yet grasped the syntactic basics yet but it doesn't seem to bother you. Yes, here we go again! I am just seeking valid knowledge and understanding. Reading material is great too as long as it is relevant. The use of BCC with the PHP mail function is pretty well-explained on the PHP manual page for said function. Sarcasm does not help with the learning curve sir! You will find that if you read my reply carefully the answers you seek are in there. I rarely answer a question with sarcasm alone, but I'm a little ashamed to say that it does happen occasionally. I hang about on this list for entertainment. I get that from helping people and mocking those I think deserve it. If you don't like it feel free to ignore me or add me to your kill list, but don't ask me to stop. -Stut -- http://stut.net/ -Original Message- From: Stut [mailto:[EMAIL PROTECTED] Sent: Monday, November 19, 2007 3:43 PM To: Brad Cc: php-general@lists.php.net Subject: Re: [PHP] two small issues with php mail Brad wrote: Implementing Bcc and smtp. Here we go again #1 email is only being sent to a few recipients. I need to implement $smtp = ‘localhost’; Somewhere, but I keep getting parse errors? Those are not normal quotes, but I'm guessing you actually typed that in the evil that is Outlook. #2 trying to do a Bcc but that gives me parse errors as well It should be as easy as? $Bcc [EMAIL PROTECTED]; $eol = \r\n; That's not valid code. Ok, the second bit is, but still rather pointless. Here is the working code, but if I implement the above needed inserts anywhere, I get a big ‘ol fat parse error Any assistance would be truly appreciated. An explanation of why would really help since this is for a school project. Ahh, suddenly everything becomes clear. You can't use PHPMailer because that would mean that you didn't learn it yourself you just used somebody elses work. So instead you ask here rather than reading the PHPMailer source code. Nice. Working code as is: ? $email = $_REQUEST['email']; $fromaddress = '[EMAIL PROTECTED]'; $fromname = 'Zone of success Club'; $eol = \r\n; $headers = 'From: '.$fromname.' '.$fromaddress.''.$eol; // $headers = 'bcc: '[EMAIL PROTECTED]'; This should work. However, because you're assigning this to $headers rather than concatenating it you're trampling over the From line above. BTW, Bcc usually has a capital letter. Probably wouldn't cause any problems but has the potential to stop it working. $headers .= 'Reply-To: '.$fromname.' '.$fromaddress.''.$eol; $headers .= 'Return-Path: '.$fromname.' '.$fromaddress.''.$eol; $headers .= 'X-Mailer: PHP '.phpversion().$eol; $headers .= 'Content-Type: text/html; charset=iso-8859-1'.$eol; $headers .= 'Content-Transfer-Encoding: 8bit'; $subject = 'Your free book!'; $body = 'a href=http://www.zoneofsuccessclub.com/freePDF/autopilotebook.pdf;Click ME/a Here is your FREE autopilot book'; Click ME indeed. I'm guessing this isn't an HCI course you're doing. mail($email, $subject, $body, $headers); ? Try the veal. -Stut -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] two small issues with php mail
Brad wrote: This is why I am on this mailing instead of the php site for their mailer which is utterly useless! I could probably recite the entire page by heart and gained nothing compared to the insight and reading material offered by this list. Just seeking knowledgeable guidance! Any assistance on methods to solve my issue would be duly appreciated! Once again... my reply contained everything you needed to get your code to work properly. Please read it again. -Stut -- http://stut.net/ -Original Message- From: Stut [mailto:[EMAIL PROTECTED] Sent: Monday, November 19, 2007 4:17 PM To: Brad Cc: php-general@lists.php.net Subject: Re: [PHP] two small issues with php mail Brad wrote: This information is pulled directly off the php website when used for other applications, so if I am wrong, then so are they. As for php mailer, my professor explained it very well today, Learn the in's and out's of the programming and it's quarks to understand the logic and then he will show us the tricks. I wouldn't call PHPMailer a trick as such, but your professor is absolutely right about learning the in's and out's of programming. Unfortunately your posts so far have demonstrated that you haven't yet grasped the syntactic basics yet but it doesn't seem to bother you. Yes, here we go again! I am just seeking valid knowledge and understanding. Reading material is great too as long as it is relevant. The use of BCC with the PHP mail function is pretty well-explained on the PHP manual page for said function. Sarcasm does not help with the learning curve sir! You will find that if you read my reply carefully the answers you seek are in there. I rarely answer a question with sarcasm alone, but I'm a little ashamed to say that it does happen occasionally. I hang about on this list for entertainment. I get that from helping people and mocking those I think deserve it. If you don't like it feel free to ignore me or add me to your kill list, but don't ask me to stop. -Stut -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] two small issues with php mail
Brad wrote:
Well, since
http://forums.hostmysite.com/about1171.html
states
$headers .= CC: [EMAIL PROTECTED];
Which does not work for me AT ALL and Stut called me a [EMAIL PROTECTED] for
doing
it, I am assuming that all this key wording on google is not going to and
the problem appears to be else where!
I don't believe I did that at all (if I did can someone else please let
me know - it's never my intention).
Since you don't seem willing to properly read my original reply to you,
the one with the answer in it, I give up. I wish your professor luck.
-Stut
--
http://stut.net/
-Original Message-
From: Wolf [mailto:[EMAIL PROTECTED]
Sent: Monday, November 19, 2007 4:39 PM
To: Brad
Cc: php-general@lists.php.net; 'Stut'
Subject: RE: [PHP] two small issues with php mail
Since it is not in the assignment, find out how to do things within the
parameters of your assignment.
http://www.google.com
php: {issue}
Googling PHP: mail bcc (sans quotes) has 5 viable workings on how to do
it. If it fails, then you need to be examing the php.ini file for
information or talking with the server admins as to what piece is wrong.
Also, if you are error checking your own stuff, then the error log should be
able to tell you what has failed out.
I'm glad your professor is teaching you how to learn, but shouldn't this be
something you should be able to do already?
And wasn't this whole thing started with you looking for something that you
were already too much money into to change for the next roll-out? So now
you are fessing up to trying to get the PHP board to do your assignments for
you?
I sure hope your instructor is on this board too...
Wolf
Brad [EMAIL PROTECTED] wrote:
PHP mailer is not in the assignment and will be counted against me!
-Original Message-
From: Stut [mailto:[EMAIL PROTECTED]
Sent: Monday, November 19, 2007 3:43 PM
To: Brad
Cc: php-general@lists.php.net
Subject: Re: [PHP] two small issues with php mail
Brad wrote:
Implementing Bcc and smtp.
Here we go again
#1 email is only being sent to a few recipients.
I need to implement
$smtp = ‘localhost’;
Somewhere, but I keep getting parse errors?
Those are not normal quotes, but I'm guessing you actually typed that in
the evil that is Outlook.
#2 trying to do a Bcc but that gives me parse errors as well
It should be as easy as?
$Bcc [EMAIL PROTECTED]; $eol = \r\n;
That's not valid code. Ok, the second bit is, but still rather pointless.
Here is the working code, but if I implement the above needed inserts
anywhere, I get a big ‘ol fat parse error
Any assistance would be truly appreciated.
An explanation of why would really help since this is for a school
project.
Ahh, suddenly everything becomes clear. You can't use PHPMailer because
that would mean that you didn't learn it yourself you just used somebody
elses work. So instead you ask here rather than reading the PHPMailer
source code. Nice.
Working code as is:
?
$email = $_REQUEST['email'];
$fromaddress = '[EMAIL PROTECTED]';
$fromname = 'Zone of success Club'; $eol = \r\n;
$headers = 'From: '.$fromname.' '.$fromaddress.''.$eol;
// $headers = 'bcc: '[EMAIL PROTECTED]';
This should work. However, because you're assigning this to $headers
rather than concatenating it you're trampling over the From line above.
BTW, Bcc usually has a capital letter. Probably wouldn't cause any
problems but has the potential to stop it working.
$headers .= 'Reply-To: '.$fromname.' '.$fromaddress.''.$eol;
$headers .= 'Return-Path: '.$fromname.' '.$fromaddress.''.$eol;
$headers .= 'X-Mailer: PHP '.phpversion().$eol;
$headers .= 'Content-Type: text/html; charset=iso-8859-1'.$eol;
$headers .= 'Content-Transfer-Encoding: 8bit';
$subject = 'Your free book!';
$body = 'a
href=http://www.zoneofsuccessclub.com/freePDF/autopilotebook.pdf;Click
ME/a Here is your FREE autopilot book';
Click ME indeed. I'm guessing this isn't an HCI course you're doing.
mail($email, $subject, $body, $headers);
?
Try the veal.
-Stut
--
http://stut.net/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.503 / Virus Database: 269.16.0/1137 - Release Date:
11/18/2007
5:15 PM
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.503 / Virus Database: 269.16.0/1137 - Release Date:
11/18/2007
5:15 PM
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] two small issues with php mail
Brad wrote: You say The use of BCC with the PHP mail function is pretty well-explained on the PHP manual page for said function. I say, No it doesn't, I tried everything on that page and it either parse error'ed or didn't work. Wrong bit. I also said... // $headers = 'bcc: '[EMAIL PROTECTED]'; This should work. However, because you're assigning this to $headers rather than concatenating it you're trampling over the From line above. BTW, Bcc usually has a capital letter. Probably wouldn't cause any problems but has the potential to stop it working. Fin. -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] two small issues with php mail
Brad wrote: As per your email! Whose email? Not mine. # Brad wrote: $headers = 'bcc: [EMAIL PROTECTED]'; Works but corrupts the from portion and changes it to nobody Which I think goes back too the smtp portion. There is no bcc: header. BCC'ing someone is normally done by sending them the email without listing them explicitly in to: or cc:. Per: While technically correct, PHP (on Windows) and Sendmail (in the default configuration used by PHP on most systems) will parse an email, extract Bcc headers and use them. There is a note regarding when this was added for Windows on the mail manual page. -Stut -- http://stut.net/ -Original Message- From: Stut [mailto:[EMAIL PROTECTED] Sent: Monday, November 19, 2007 5:18 PM To: Brad Cc: 'Wolf'; php-general@lists.php.net Subject: Re: [PHP] two small issues with php mail Brad wrote: Well, since http://forums.hostmysite.com/about1171.html states $headers .= CC: [EMAIL PROTECTED]; Which does not work for me AT ALL and Stut called me a [EMAIL PROTECTED] for doing it, I am assuming that all this key wording on google is not going to and the problem appears to be else where! I don't believe I did that at all (if I did can someone else please let me know - it's never my intention). Since you don't seem willing to properly read my original reply to you, the one with the answer in it, I give up. I wish your professor luck. -Stut -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] two small issues with php mail
Andrés Robinet wrote: Brad, This comment is extracted directly from PHPMailer source (before the implementation for the function AddBCC) /** * Adds a Bcc address. Note: this function works * with the SMTP mailer on win32, not with the mail * mailer. * @param string $address * @param string $name * @return void */ I don't really know the internals of how and why Bcc won't work with the mail function on windows, but if these guys who developed PHPMailer say so... Holy Word, so I wouldn't expect the mail function on Windows to work with Bcc. And they were right, all the way up until PHP 4.3.0. From the mail manual page... 4.3.0 (Windows only) All custom headers (like From, Cc, Bcc and Date) are supported, and are not case-sensitive. (As custom headers are not interpreted by the MTA in the first place, but are parsed by PHP, PHP 4.3 only supported the Cc header element and was case-sensitive). So if you're using = 4.3.0 on Windows the Bcc header will be parsed. For unix-based servers where mail uses sendmail the Bcc header is supported by that and therefore does not need to be supported by PHP. -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] two small issues with php mail
Brad wrote: ? $email = $_REQUEST['email']; $fromaddress = '[EMAIL PROTECTED]'; $fromname = 'Zone of success Club'; $eol = \r\n; $headers = 'From: '.$fromname.' '.$fromaddress.''.$eol; // $headers = 'bcc: '[EMAIL PROTECTED]'; $headers .= 'Reply-To: '.$fromname.' '.$fromaddress.''.$eol; $headers .= 'Return-Path: '.$fromname.' '.$fromaddress.''.$eol; $headers .= 'X-Mailer: PHP '.phpversion().$eol; $headers .= 'Content-Type: text/html; charset=iso-8859-1'.$eol; $headers .= 'Content-Transfer-Encoding: 8bit'; $subject = 'Your free book!'; $body = 'a href=http://www.zoneofsuccessclub.com/freePDF/autopilotebook.pdf;Click ME/a Here is your FREE autopilot book'; mail($email, $subject, $body, $headers); ? Take this, be grateful and feel free to try Ruby. Email addresses have been changed to protect your victims. ?php // You REALLY REALLY need to be doing some validation on this variable $email = $_REQUEST['email']; // This is the address the email will appear to come from $fromaddress = '[EMAIL PROTECTED]'; // And this is the name $fromname = 'Zone of success Club'; // This is the header separator, it *does* need the \r $eol = \r\n; // Now we start building the headers, starting with from $headers = 'From: '.$fromname.' '.$fromaddress.''.$eol; // Then we *concatenate* the next header to $headers $headers .= 'bcc: [EMAIL PROTECTED]'.$eol; // Some more headers, some pointless but I can't be arsed to argue $headers .= 'Reply-To: '.$fromname.' '.$fromaddress.''.$eol; // Removed the name on this one - it's not supposed to have one $headers .= 'Return-Path: '.$fromaddress.''.$eol; $headers .= 'X-Mailer: PHP '.phpversion().$eol; $headers .= 'Content-Type: text/html; charset=iso-8859-1'.$eol; $headers .= 'Content-Transfer-Encoding: 8bit'; $subject = 'Your free book!'; $body = 'a href=http://www.zoneofsuccessclub.com/freePDF/autopilotebook.pdf;Click ME/a Here is your FREE autopilot book'; mail($email, $subject, $body, $headers); ? I've tested this on a pretty standard install of PHP 5.1.1, and it works, bcc and all. -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] two small issues with php mail
Jim Lucas wrote: Stut wrote: Brad wrote: ? $email = $_REQUEST['email']; $fromaddress = '[EMAIL PROTECTED]'; $fromname = 'Zone of success Club'; $eol = \r\n; $headers = 'From: '.$fromname.' '.$fromaddress.''.$eol; // $headers = 'bcc: '[EMAIL PROTECTED]'; $headers .= 'Reply-To: '.$fromname.' '.$fromaddress.''.$eol; $headers .= 'Return-Path: '.$fromname.' '.$fromaddress.''.$eol; $headers .= 'X-Mailer: PHP '.phpversion().$eol; $headers .= 'Content-Type: text/html; charset=iso-8859-1'.$eol; $headers .= 'Content-Transfer-Encoding: 8bit'; $subject = 'Your free book!'; $body = 'a href=http://www.zoneofsuccessclub.com/freePDF/autopilotebook.pdf;Click ME/a Here is your FREE autopilot book'; mail($email, $subject, $body, $headers); ? Take this, be grateful and feel free to try Ruby. Email addresses have been changed to protect your victims. ?php // You REALLY REALLY need to be doing some validation on this variable $email = $_REQUEST['email']; // This is the address the email will appear to come from $fromaddress = '[EMAIL PROTECTED]'; // And this is the name $fromname = 'Zone of success Club'; // This is the header separator, it *does* need the \r $eol = \r\n; // Now we start building the headers, starting with from $headers = 'From: '.$fromname.' '.$fromaddress.''.$eol; // Then we *concatenate* the next header to $headers $headers .= 'bcc: [EMAIL PROTECTED]'.$eol; // Some more headers, some pointless but I can't be arsed to argue $headers .= 'Reply-To: '.$fromname.' '.$fromaddress.''.$eol; // Removed the name on this one - it's not supposed to have one $headers .= 'Return-Path: '.$fromaddress.''.$eol; $headers .= 'X-Mailer: PHP '.phpversion().$eol; $headers .= 'Content-Type: text/html; charset=iso-8859-1'.$eol; $headers .= 'Content-Transfer-Encoding: 8bit'; $subject = 'Your free book!'; $body = 'a href=http://www.zoneofsuccessclub.com/freePDF/autopilotebook.pdf;Click ME/a Here is your FREE autopilot book'; mail($email, $subject, $body, $headers); ? I've tested this on a pretty standard install of PHP 5.1.1, and it works, bcc and all. -Stut You forgot the second part of the project, SMTP auth. Can't do it this way. Have to use fsockopen() or something to talk directly to the SMTP server. Point me to the message where Brad mentions SMTP auth. I can't find it. Looking back at the thread you were the first person to mention SMTP auth. Brad talked about SMTP (clearly not understanding what it is) - you added the auth. Let's not go over-complicating the issue, the guy is already having some serious problems. -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] two small issues with php mail
Børge Holen wrote: OMG the top posting on this freakin' issue is a headache Whereas removing all of the previous message is like a sensual massage. -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Concurrency in a multi-user environment
Don Proshetsky wrote: I'm been googling to see if I can find information on how programmers handle concurrency in a multi-user PHP/MySQL environment. Here's a snippet of my app. I have a form where users can maintain client information such as Name, Address, telephone, email, etc I've been wondering how to handle a situation where two users are editing the same record. One idea is to lock the record when User A enters but this may make it inaccessible for a long period if User A decided to get up and leave for a three hour lunch. Also, does locking a record prevent file locks (when new records need to be added)? Finally, locking a record means I have to convert from MyISAM to InnoDB but this is probably necessary for concurrency. Another idea is to use a semaphore where User A enters and retrieves a numeric field in the table. Upon leaving, the user locks and checks if the field is the same value. If yes, save, increment the numeric field and leave. If not, it indicates another user entered has edited, saved and left. I'm not crazy about this as it would mean User A could spend 15 minutes updating a record only to get a message that User B already edited it. Does anyone have any user friendly suggestions or can give me some URLs where I can read up on this? Personally I would approach this from a non-locking perspective. Store a last updated timestamp with each row. Keep a copy of the data you presented to the user when they started editing. When a modification request comes in you... 1) Lock the row 2) Get the row 3) Compare it to the incoming data and your stored copy - You can work out which fields the user has changed by comparing the incoming data with the stored copy - You can work out which fields have been changed since the user started editing by comparing the stored copy with the latest you got in step 2 - You can use the intersection of these two to see if there are any conflicts 4) If there are conflicts, show the user and let them make a decision 5) Update and unlock the row Note that step 4 actually contains a copy of all the steps again, but before you start you update the stored copy with the latest data you fetched in step 2. Locking is bad, m'kay! Hope that makes sense. -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Concurrency in a multi-user environment
Stut wrote: Don Proshetsky wrote: I'm been googling to see if I can find information on how programmers handle concurrency in a multi-user PHP/MySQL environment. Here's a snippet of my app. I have a form where users can maintain client information such as Name, Address, telephone, email, etc I've been wondering how to handle a situation where two users are editing the same record. One idea is to lock the record when User A enters but this may make it inaccessible for a long period if User A decided to get up and leave for a three hour lunch. Also, does locking a record prevent file locks (when new records need to be added)? Finally, locking a record means I have to convert from MyISAM to InnoDB but this is probably necessary for concurrency. Another idea is to use a semaphore where User A enters and retrieves a numeric field in the table. Upon leaving, the user locks and checks if the field is the same value. If yes, save, increment the numeric field and leave. If not, it indicates another user entered has edited, saved and left. I'm not crazy about this as it would mean User A could spend 15 minutes updating a record only to get a message that User B already edited it. Does anyone have any user friendly suggestions or can give me some URLs where I can read up on this? Personally I would approach this from a non-locking perspective. Store a last updated timestamp with each row. Keep a copy of the data you presented to the user when they started editing. When a modification request comes in you... 1) Lock the row 2) Get the row 3) Compare it to the incoming data and your stored copy - You can work out which fields the user has changed by comparing the incoming data with the stored copy - You can work out which fields have been changed since the user started editing by comparing the stored copy with the latest you got in step 2 - You can use the intersection of these two to see if there are any conflicts 4) If there are conflicts, show the user and let them make a decision 5) Update and unlock the row Note that step 4 actually contains a copy of all the steps again, but before you start you update the stored copy with the latest data you fetched in step 2. Reading that back to myself I realised the last updated timestamp is fairly redundant. It might be worth having it if the dataset is large as you can use it to avoid the comparison if it hasn't been updated. -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] quicktime new window php
kNish wrote: How is it possible to have a hyper link open a new quicktime window You can't guarantee it because it's a client-side decision that you have no control over. You basically link to a file and the browser decides what app to open it with. You don't get a choice. -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Nested include/require not working in 5.2
Mike Yrabedra wrote: on 11/27/07 1:53 PM, Wolf at [EMAIL PROTECTED] wrote: Mike Yrabedra [EMAIL PROTECTED] wrote: on 11/27/07 1:43 PM, Wolf at [EMAIL PROTECTED] wrote: Mike Yrabedra [EMAIL PROTECTED] wrote: on 11/27/07 11:46 AM, Jochem Maas at [EMAIL PROTECTED] wrote: Mike Yrabedra wrote: I am not able to use includes or requires in nested files using php 5.2.3 (osx) Including or Requiring files directly works. Including files, that also have includes in them, does not. Say you have this... -TopDirectory --index.php (contains include(includes/top.php); ) --includes (folder) ---config.php (contains echo crap; ) ---top.php (contains include(config.php); ) When you load the index.php file you would expect the word crap to show, but it does not. I think the getcwd is staying specific to the top folder, so the path stays the same throughout. This does not happen in 5.1.6 nothing changed in php - the CWD has always been the dir in which the explicitly called script lives in and it does not change because your inside an included file. my guess is your include_path no longer includes '.' so php is not trying to find the file in the directory of the script which is doing the include. Is there a fix for this or is it PHP causing the problem? Here is what I have for include_path... include_path = .:/usr/local/pear Everything seems to be in order? -- Mike Yrabedra B^) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php The first question I have is what does the Error log show? You should have error reporting turned on so you can see where the script is barfing on the coding. Wolf One more thing, it only does this IF the nested include file is named 'config.php'. No error is thrown because it is pulling the 'config.php' file from somewhere, I just do not know where. If I change the name of the file from 'config.php' to 'config1.php', then everything works fine. Is there a way to figure out where and why it is pulling this mystery 'config.php' file from? -- Mike Yrabedra B^) What does the error message log tell you? It should be readily available in it Wolf The include tag is not throwing any error. If I call the same file with a read file method, then I get this error Warning: readfile(config.php) [function.readfile]: failed to open stream: No such file or directory in Even though the file calling it is in the same directory as 'config.php' Jochem was nearly right in an earlier reply. The CWD is usually set to the directory that contains the initial script. It does not change when you include a file. This affects include, require and file functions. If you want to reference a file relative to the current script regardless of what the CWD is, use dirname(__FILE__) to prefix the script. For example... include dirname(__FILE__).'/config.php'; There are other ways to handle this. The one I tend to use is to change include_path to contain the root directory for your scripts. That way you can reference all include files as relative to that directory without worrying about where the initial script is/was. -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about authenticating people...
Jason Pruim wrote: The subject might be a little misleading... But I couldn't think of how better to describe it in a small sentence :) What I'm wondering is, I have a program that accesses a database and displays the info in that database... I know, nothing revolutionary about it... I plan on setting up a database per customer who uses my system, and what I would like to do is have everyone go to the same address to login... Such as: raoset.com/oldb/ they enter their username/password and get redirected to their site... Or at least pull up their database... Now that I'm typing this out, I may have thought of away to do this... Set the main page, so that when you login, it accesses a master database, which has the username, password, and database name stored in it. Write the database name to a session variable, which I could then use in my mysql connect file for the database Does that make sense? Thoughts? Problems? RTFM's? :) Assuming you mean raoset.com is not the domain of their site you would need to pass the database name to their site some way other than via a session since the session is tied to the domain name (no way around that I'm afraid). This clearly makes it a bit insecure so you might want to rethink how you're doing this. Maybe they select/enter their domain name on the login form, then you can use a bit of JS to have the form submit to a script on their site. This gives the best of both worlds... they all go to the same URL to log in, but you don't need to pass things like database names between sites via the browser (which is insecure). -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about authenticating people...
Jason Pruim wrote: On Nov 27, 2007, at 3:48 PM, Stut wrote: Jason Pruim wrote: The subject might be a little misleading... But I couldn't think of how better to describe it in a small sentence :) What I'm wondering is, I have a program that accesses a database and displays the info in that database... I know, nothing revolutionary about it... I plan on setting up a database per customer who uses my system, and what I would like to do is have everyone go to the same address to login... Such as: raoset.com/oldb/ they enter their username/password and get redirected to their site... Or at least pull up their database... Now that I'm typing this out, I may have thought of away to do this... Set the main page, so that when you login, it accesses a master database, which has the username, password, and database name stored in it. Write the database name to a session variable, which I could then use in my mysql connect file for the database Does that make sense? Thoughts? Problems? RTFM's? :) Assuming you mean raoset.com is not the domain of their site you would need to pass the database name to their site some way other than via a session since the session is tied to the domain name (no way around that I'm afraid). This clearly makes it a bit insecure so you might want to rethink how you're doing this. Maybe they select/enter their domain name on the login form, then you can use a bit of JS to have the form submit to a script on their site. This gives the best of both worlds... they all go to the same URL to log in, but you don't need to pass things like database names between sites via the browser (which is insecure). -Stut The database they are connecting to is on my site. That's what they would be logging into. I'm trying to avoid something like this: HTTP://www.raoset.com/oldb/customers/customer1 HTTP://www.raoset.com/oldb/customers/customer2 etc. etc. etc. What I would like is to have everyone go to: HTTP://www.raoset.com/oldb/login.php and then be able to pull up there database from their login credentials. Does that make it clear as mud? Yeah, no-brainer - use a session if you're already using a session on the customer sites. Personally I'd store a mapping of dirname (customer1, customer2) to database name (customer1db, customer2db) in files so you don't need to pass anything from request to request. You just use the directory being accessed to lookup the DB. But then I consider sessions evil and something to be avoided wherever possible, you may not share that opinion. -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about authenticating people...
Jason Pruim wrote: Just for my own curiosity, why do you think sessions are evil? I haven't found a better way to store my variables between different pages... Other then always posting them in either $_POST or $_GET each time... But that can add up quite a bit on a complicated site though... Sessions in the way that most PHP developers think about them are an enemy of horizontal scalability, but if slightly alter the way you think about how your app works you can effectively remove the need for this type of session. Think about how much info you need to store between page requests that isn't already available to you some other way, in a database for example. Now consider that if your app needs to scale then chances are you'll end up with your session storage in a database. What do you gain by extracting that data from it's natural home in the database and putting it into another location in the database for the duration of a users visit? The one thing you do need to transfer from request to request is something to identify the logged in user. This is done in the same way sessions pass their identifier, in a cookie or in the URL. The only difference is that you need to encrypt it to make it a bit harder to fake. I generally include a timestamp in the encrypted cookie so I can impose a hard limit on the lifetime of a session. Normal rules for good encryption apply here, but bear in mind that every single request will need to decrypt it, and potentially encrypt it too so don't go overboard. Of course it's possible that the app you're working on will never need to scale beyond one machine, but I have been involved in scaling too many sites that weren't designed to do it to not plan for the possibility in everything I do now. Anyway, that's why I avoid using 'sessions' wherever possible - IMHO there are better ways to achieve the same goal for most applications. -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about authenticating people...
Jason Pruim wrote: On Nov 27, 2007, at 6:01 PM, Stut wrote: Jason Pruim wrote: Just for my own curiosity, why do you think sessions are evil? I haven't found a better way to store my variables between different pages... Other then always posting them in either $_POST or $_GET each time... But that can add up quite a bit on a complicated site though... Sessions in the way that most PHP developers think about them are an enemy of horizontal scalability, but if slightly alter the way you think about how your app works you can effectively remove the need for this type of session. Think about how much info you need to store between page requests that isn't already available to you some other way, in a database for example. Now consider that if your app needs to scale then chances are you'll end up with your session storage in a database. What do you gain by extracting that data from it's natural home in the database and putting it into another location in the database for the duration of a users visit? One of the things I have in a session variable, is a search function through the database, and then an export to excel option. Would I be better to store that in a cookie rather then a session variable? Not sure what you mean by this. If you mean the results of a search then unless your search query takes longer than your average user will wait then you really need to optimise your search system. Duplicating the results into a session is extremely inefficient. However, if you mean something else could you explain it so an idiot (that's me) can understand it. The one thing you do need to transfer from request to request is something to identify the logged in user. This is done in the same way sessions pass their identifier, in a cookie or in the URL. The only difference is that you need to encrypt it to make it a bit harder to fake. I generally include a timestamp in the encrypted cookie so I can impose a hard limit on the lifetime of a session. Normal rules for good encryption apply here, but bear in mind that every single request will need to decrypt it, and potentially encrypt it too so don't go overboard. Of course it's possible that the app you're working on will never need to scale beyond one machine, but I have been involved in scaling too many sites that weren't designed to do it to not plan for the possibility in everything I do now. Anyway, that's why I avoid using 'sessions' wherever possible - IMHO there are better ways to achieve the same goal for most applications. I'll have to look more into cookies before I can comment much on the rest of the e-mail which I shall start doing now I believe :) Like I said it's possible you'll never need to scale beyond one machine, or if you do maybe you're working for a company with pots of spare cash. Having said that, IMHO being good at avoiding sessions is a worthy skill to gain. -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about authenticating people...
Jason Pruim wrote: On Nov 28, 2007, at 12:07 PM, Stut wrote: Jason Pruim wrote: One of the things I have in a session variable, is a search function through the database, and then an export to excel option. Would I be better to store that in a cookie rather then a session variable? Not sure what you mean by this. If you mean the results of a search then unless your search query takes longer than your average user will wait then you really need to optimise your search system. Duplicating the results into a session is extremely inefficient. However, if you mean something else could you explain it so an idiot (that's me) can understand it. The search results arn't stored in a session, just the search variable (IE: What they searched for) It was the only way I could get it to export the search results to my excel file... It may be because I have everything in separate files that I'm running into issues...(The main page is a separate file, as well as the edit, add, export, search pages) I think I need to understand more about programming basics to figure out how to put it all in 1 file and have it work... Sticking it all into the same file won't help. You need to think about data between requests not between pages. This is exactly the sort of thing where a session is overkill. The search variable is not sensitive data, there's no need to keep it on the server so it's an ideal candidate for a cookie. If that's all you're using the session for then you can easily drop the session (and therefore the session ID cookie) and just store that info in a cookie. I tend to group stuff together to minimise the number of cookies, and if you have anything larger than a short-ish string you need to keep that on the server, but be sure to consider whether that information already exists somewhere else (like in the DB) meaning you can avoid storing it twice. Remember that data gets sent by the browser with each request, so keep it relatively small. Also bear in mind that the client (human or browser) can change the contents of a cookie at any time so you need to re-validate them on every page request. If you need to verify the contents of a cookie from request to request you can a) encrypt it, or b) add a checksum to it. The one thing you do need to transfer from request to request is something to identify the logged in user. This is done in the same way sessions pass their identifier, in a cookie or in the URL. The only difference is that you need to encrypt it to make it a bit harder to fake. I generally include a timestamp in the encrypted cookie so I can impose a hard limit on the lifetime of a session. Normal rules for good encryption apply here, but bear in mind that every single request will need to decrypt it, and potentially encrypt it too so don't go overboard. Of course it's possible that the app you're working on will never need to scale beyond one machine, but I have been involved in scaling too many sites that weren't designed to do it to not plan for the possibility in everything I do now. Anyway, that's why I avoid using 'sessions' wherever possible - IMHO there are better ways to achieve the same goal for most applications. I'll have to look more into cookies before I can comment much on the rest of the e-mail which I shall start doing now I believe :) Like I said it's possible you'll never need to scale beyond one machine, or if you do maybe you're working for a company with pots of spare cash. Having said that, IMHO being good at avoiding sessions is a worthy skill to gain. Definitely no pots of cash... Least not that I have found :) Shame. We like pots of cash. -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Structured Code vs. Performance
Jochem Maas wrote:
[EMAIL PROTECTED] wrote:
I got different portions of code only used for certain purposes (who don't
;-)?). But what, in your opinion (better: in your experience) would be the
best regarding script-performance: Putting each code-portion in a separate
file and include it if required, putting it in a constant-dependent
if-structure (if (defined('FOO') FOO) {class foo{}; function foo(); ...})
defining functions or classes conditionally is not recommended, because it
means they can only be defined at runtime and not compile time ... which will
kill any op-code caching you might have in place or use in future (e.g.
php.net/apc)
I'm not completely sure, but I think you're wrong there. Removing the
condition in the example above will not affect any opcode caching since
PHP cannot determine the result of that conditional until runtime.
To the OP: You're treading on the dangerous ground of premature
optimisation. In the grand scheme of things the time taken for PHP to
compile your scripts is tiny compared to the time it will take to run
it. And as mentioned there are several ways to cache the compilation
output which turns that tiny time into a negligible time.
Worry about the structure and maintainability of your app rather than
thinking about how fast it is. Once you have the app doing something
useful you can start to think about how to make it do it quickly.
-Stut
--
http://stut.net/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Structured Code vs. Performance
Jo chem baas wrote:
Stut wrote:
Jochem Maas wrote:
[EMAIL PROTECTED] wrote:
I got different portions of code only used for certain purposes (who
don't ;-)?). But what, in your opinion (better: in your experience)
would be the best regarding script-performance: Putting each
code-portion in a separate file and include it if required, putting
it in a constant-dependent if-structure (if (defined('FOO') FOO)
{class foo{}; function foo(); ...})
defining functions or classes conditionally is not recommended,
because it
means they can only be defined at runtime and not compile time ...
which will
kill any op-code caching you might have in place or use in future
(e.g. php.net/apc)
I'm not completely sure, but I think you're wrong there. Removing the
condition in the example above will not affect any opcode caching since
PHP cannot determine the result of that conditional until runtime.
one of us is reading the other's post incorrectly - I have a feeling we are
both trying to say the same thing.
namely runtime class definitions don't have the same benefit of op-code caching
as compiletime definitions.
or not?
Not ;). There is no such thing as a compile-time definition in PHP.
Whether there is conditional definition or not, the opcode cache will
look the same. The reason for this is that function and class
definitions happen at runtime not compile time. This would have to be
the case for conditional definition to work at all, since the compiler
cannot determine the value of a condition at compile-time.
-Stut
--
http://stut.net/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Structured Code vs. Performance
Jochem Maas wrote:
Stut wrote:
Jo chem baas wrote:
Stut wrote:
Jochem Maas wrote:
[EMAIL PROTECTED] wrote:
I got different portions of code only used for certain purposes (who
don't ;-)?). But what, in your opinion (better: in your experience)
would be the best regarding script-performance: Putting each
code-portion in a separate file and include it if required, putting
it in a constant-dependent if-structure (if (defined('FOO') FOO)
{class foo{}; function foo(); ...})
defining functions or classes conditionally is not recommended,
because it
means they can only be defined at runtime and not compile time ...
which will
kill any op-code caching you might have in place or use in future
(e.g. php.net/apc)
I'm not completely sure, but I think you're wrong there. Removing the
condition in the example above will not affect any opcode caching since
PHP cannot determine the result of that conditional until runtime.
one of us is reading the other's post incorrectly - I have a feeling
we are
both trying to say the same thing.
namely runtime class definitions don't have the same benefit of
op-code caching
as compiletime definitions.
or not?
Not ;). There is no such thing as a compile-time definition in PHP.
Whether there is conditional definition or not, the opcode cache will
look the same. The reason for this is that function and class
definitions happen at runtime not compile time. This would have to be
the case for conditional definition to work at all, since the compiler
cannot determine the value of a condition at compile-time.
okay, but I was just paraphrasing the man Rasmus, although I admit I may
have misinterpreted (or misundersstood the 'why') - thought I pretty sure
he has written on a number of occasions that code like the following sucks
for op-code caches and should be avoided:
if (foo()) {
class Foo { }
}
Hopefully he's reading and will be able to give us a definitive answer.
I'm going by my experience of stepping through code with Zend Studio,
but it's possible (probably likely) that ZE does something slightly
different when a debugger is attached.
-Stut
--
http://stut.net/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Structured Code vs. Performance
Jochem Maas wrote:
Stut wrote:
Jochem Maas wrote:
Stut wrote:
Jo chem baas wrote:
^- wtf happened here? :-) it's quite funny if you know dutch :-)
Pass. Looking back it looks like it happened one of the times I replied.
Didn't do it on purpose, honest! ;)
Whether there is conditional definition or not, the opcode cache will
look the same. The reason for this is that function and class
definitions happen at runtime not compile time. This would have to be
the case for conditional definition to work at all, since the compiler
cannot determine the value of a condition at compile-time.
okay, but I was just paraphrasing the man Rasmus, although I admit I may
have misinterpreted (or misundersstood the 'why') - thought I pretty sure
he has written on a number of occasions that code like the following
sucks
for op-code caches and should be avoided:
if (foo()) {
class Foo { }
}
Hopefully he's reading and will be able to give us a definitive answer.
here is the post that I was recalling:
http://lists.nyphp.org/pipermail/talk/2006-March/017676.html
I believe his third point validates what I was saying although I did
make a bit of a mess with regard of my use of terminology.
Hmm, Rasmus seems to be saying that opcode caches have a way to optimise
the definition of entities, and by defining them conditionally they
can't make use of that. That kinda makes sense, but I'd expect the
difference to be negligible unless you're talking about a file with
thousands upon thousands of definitions.
Anyhoo, back to the coalface.
-Stut
--
http://stut.net/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Structured Code vs. Performance
Robert Cummings wrote:
On Thu, 2007-11-29 at 12:13 +, Stut wrote:
Not ;). There is no such thing as a compile-time definition in PHP.
There certainly is...
?php
if( !function_exists( 'file_put_contents' ) )
{
$def = _
function file_put_contents
( \$filename, \$data, \$flags=0, \$context=null )
{
// :)
}
_;
eval( $def );
}
?
Now, I'm not necessarily advocating this style of compatibility
programming, but I remember seeing something like it in PEAR. I think it
might have been the pear SOAP classes where the classes had to be
declared dynamically.
That's a runtime definition. It has to be. The function_exists function
*cannot* be run at compile-time to see what the result is, so it must
happen at runtime.
I think maybe the confusion is over terminology. In my mind Zend Studio
would not let me step through a compile-time process, but it's looking
likely that that's precisely what it's doing if I'm to believe
everything I'm reading.
Here's what I see when a file is included... I can step through each
function definition line (function ...), and at the same time it
executes any inline code outside of the functions. That seems like a
runtime process to me. If there is a function definition contained
within the file, or a function defined within a function, the debugger
does not hit that definition unless the condition matches or the
function is called.
To me this indicates that PHP defines entities at run time. It's
possible that it also defines them at compile-time, but I don't know the
internals well enough to know.
-Stut
--
http://stut.net/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Mysqli support - test or complain? [SOLVED]
Richard Heyes wrote: You use a session variable for that? Why not? Because it's not user data, it's server data. That's entirely the wrong place to store something like which database API is installed. Not really. You could even wrap a function called (for example) Feature() around it. Yeah, really. Sessions are for user data. If it's the same for all users then it doesn't belong in the session, it belongs in a server-wide cache. It should a class variable or global configuration variable. Heck, I'd say it's more appropriate to do extension_loaded( 'mysqli' ) on every call than to use a session variable. Why? It's very unlikely to be changing between calls. And even if it does, it's once in a blue moon. Granted though, I can't see it being a particularly intensive function call, so I can't see the harm in calling it on every invocation. AFAIK a call to extension_loaded is pretty cheap, but if you really feel the need to cache it between requests the best place to store it would be in a file on the server. However, I'd expect a stat on that file will be more expensive than calling extension_loaded. -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Mysqli support - test or complain? [SOLVED]
Richard Heyes wrote: Because it's not user data, it's server data. So? It's there - use it. So are cookies, would you stuff this into a cookie? No, because that's not what cookies are there for. Because it's there is never a good reason to do something. That's entirely the wrong place to store something like which database API is installed. Not really. You could even wrap a function called (for example) Feature() around it. Yeah, really. Sessions are for user data. If it's the same for all users then it doesn't belong in the session, it belongs in a server-wide cache. Sessions are for whatever you choose to put in them. And why implement a cache when you've got something perfectly usable (sessions) already? You could potentially be pointlessly duplicating that data hundreds or thousands of times depending on how busy your site is. Also, in this particular example there is no need to cache that information beyond the request level because asking PHP for it is not an expensive operation, or at the very least is no more expensive than maintaining it in a session. One other thing to note is that putting it in the session will survive a rebuild of PHP to add/remove modules and a restart of the web server. It's probably not likely to happen but that could seriously break your application. However this is just my opinion. You're free to implement your application in whatever way you choose. -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Mysqli support - test or complain? [SOLVED]
Richard Heyes wrote: Real life is rarely optimal. That's not a valid excuse for taking the sloppy pig route to development. Sloppy pig's give conscientious developers a bad name. And when they use PHP to create their slop, they give PHP a bad name. Well I err towards actually doing something useful. Businesses can rarely wait while developers create a technically perfect application. Those that do are rarely successful. As always there's a balance to be struck between writing technically perfect code and getting the job done. I don't see a reason to compromise. It would take no longer to call extension_loaded on each page request than it will to put the variable in the session. You're right in saying that there's a balance to be struck, but in this particular case I personally see a right way and a wrong way and no compromise needed to do it properly. You would think you would lean towards conscientiousness since you use an email address with phpguru in it. But I guess anyone can claim whatever they want... it doesn't make it true. Maybe you could see if phpsloppypig.org is available (it is btw). Ah personal insults. Always a good argument. I couldn't care less what your domain name is, you're still advocating a poor choice IMHO. -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Ham marked as Spam with BAYES_99 - PhpMailer to old?
Merlin Morgenstern wrote: I am running a small community page with PHP. Members can select notification e-mails on comments etc. Since today those e-mails - or basically all e-mails from the system - get taged as spam with a score of 3.5 that totally results to BAYES_99. This is most likely to be the content of the messages you're sending rather than the structure of the emails as created by PHPMailer. How come? I am using PHP-Mailer 1.73. I am wondering if this will go away if I upgrade to 2.0. However I would rather not like to do that as a .0 release makes me a bit worried. I doubt it but stranger things have happened. However this has nothing to do with PHP itself, and would get a better response from a PHPMailer-specific list (I assume there is one). Does anybody have an idea on how to eleminate that BAYES_99 score? Those mails are absolutly no spam. They contain a link to the commment page but that should not be the problem. At least it was not a problem for the last years. AFAIK BAYES_99 means it thinks there is a 99% chance of it being spam, that's very high for something you're saying is an operational email. Is that link the only thing they contain? If so try adding more text. It's also worth noting that this score comes from a system that's capable of learning: http://en.wikipedia.org/wiki/Bayesian_spam_filtering -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Just to confirm...
Richard Heyes wrote: Daniel Brown wrote: On Dec 18, 2007 10:17 AM, Richard Heyes [EMAIL PROTECTED] wrote: Emails that bounce get sent back to the address in the Return-Path: header. Correct? Yes, sir. Thanks. Is there usually a delay? Eg the mail server tries again after 4 hours. Depends on the nature of the failure. Some will cause a bounce to be generated immediately. Others will cause delivery to be retried periodically for a while and then generate a bounce. Some mail servers generate delivery delay warnings (usually after 4 hours). -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Select Box CSS
VamVan wrote:
Please apologize for sending this question to PHP forums.
If you know this already why ask the question here? Also, this is not a
forum.
But I would appreciate it very much if some could please help me styling
select mutiple in HTMl with CSS?
I have .selectmulti { border: 1px solid #c9c9c9 } this code but it only
works in firefox How can I make this work in IE?
And also I want to change the selected color.
AFAIK this can't be done without some very nasty code due to the way IE
renders select elements. Google has the answer if you really want it.
-Stut
--
http://stut.net/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Opinion about the using $GLOBALS directly
Richard Lynch wrote: On Wed, December 19, 2007 4:13 am, Sancar Saran wrote: I want know to you opinions about using $GLOBALS directly. like $GLOBALS['myString'] = 'test'; $GLOBALS['myArray']['this'] = 'this'; $GLOBALS['myArray']['that'] = 'that'; $GLOBALS['myClassObj] = new SomeClass; Don't. You are using global variables, and you might as well admit it and use the 'global' keyword to designate them as such. Poking stuff into $GLOBALS instead just makes it look like you're trying to pretend you're not using global variables when you are, to me. I did form this opinion before altering $GLOBALS was a documented feature. I would have to disagree. Using the global keyword makes it less obvious that the variable your dealing with is in the global scope. Using $GLOBALS instead makes it clear to anyone looking at the code that you're dealing with a global variable. What I would say is that just because you can use global variables in this manner it doesn't mean they're not evil and IMHO they really should be avoided at all costs. I'm yet to come across a *good* reason to use a global variable. -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Just to confirm...
Daniel Brown wrote:
On Dec 19, 2007 11:18 AM, Richard Lynch [EMAIL PROTECTED] wrote:
On Wed, December 19, 2007 9:31 am, Richard Heyes wrote:
I think that any MTA or client that doesn't work with the
Reply-To header isn't worth beans.
very very true
Well the Reply-To: header isn't for bounces.
The OP was asking about Return-path, not Reply-to
Furthermore, while the MTA/client/MUA may not be worth beans, that
doesn't mean nobody is using it.
I don't think any MS products are worth beans; Yet many people are
using them. Should I not bother to check IE compatibility?
Actual code from a live page of mine. Just because I could. ;-P
?
if(!stristr($_SERVER['HTTP_USER_AGENT'],mozilla)) {
die(We only allow Mozilla browsers in here!\n);
}
?
You could, but you didn't!! This is a typical user agent provided by IE7...
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR
2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506)
All IE browsers since the beginning of time have sent a user agent
containing mozilla.
-Stut
--
http://stut.net/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Opinion about the using $GLOBALS directly
Zoltán Németh wrote: 2007. 12. 19, szerda keltezéssel 10.25-kor Richard Lynch ezt írta: On Wed, December 19, 2007 10:14 am, Stut wrote: Richard Lynch wrote: On Wed, December 19, 2007 4:13 am, Sancar Saran wrote: I want know to you opinions about using $GLOBALS directly. like $GLOBALS['myString'] = 'test'; $GLOBALS['myArray']['this'] = 'this'; $GLOBALS['myArray']['that'] = 'that'; $GLOBALS['myClassObj] = new SomeClass; Don't. You are using global variables, and you might as well admit it and use the 'global' keyword to designate them as such. Poking stuff into $GLOBALS instead just makes it look like you're trying to pretend you're not using global variables when you are, to me. I did form this opinion before altering $GLOBALS was a documented feature. I would have to disagree. Using the global keyword makes it less obvious that the variable your dealing with is in the global scope. Using $GLOBALS instead makes it clear to anyone looking at the code that you're dealing with a global variable. Since the global keyword MEANS that the variable is in the global scope, I'm having a hard time seeing how it's less clear that the variable is in the global scope... well, if you have a long and complex function declaration which begins with global $whatever, and then all over the function $whatever is used, some dozens of lines later when looking for something in the code you might not have any idea that $whatever is global... however if you used $GLOBALS['whatever'] everywhere it would be trivial. Indeed. -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Change case of HTML tags
Jim Lucas wrote:
Daniel Brown wrote:
On Dec 19, 2007 4:10 PM, Christoph Boget [EMAIL PROTECTED] wrote:
I've been looking through the docs but haven't found an internal function
that does what I'm looking for. Perhaps I missed it? Or perhaps someone
can point me in the right direction? I'm looking for a routine that will
convert tags to lower case. For example, if I have
HTML
HEAD
TITLEThis is the Page Title/TITLE
/HEAD
Body
Here is the Page Text
/Body
/HTML
I want to convert only the tags to lower case. So HTML becomes html and
so on; I don't want anything else touched. This may seem kind of silly but
I'm working with an XMLDocument object in javascript and when I serialize it
to string format, for some reason all the tags are made into uppercase. I'm
taking the serialized string, posting it back to the server and using it on
the back end. I figure that since I can make it so that the serialized
string is lower case on the front end, perhaps I can convert it on the back.
Any ideas/pointers?
thnx,
Christoph
?
$s = EOD
HTML
HEAD
TITLEThis is the Page Title/TITLE
/HEAD
Body
Here is the Page Text
/Body
/HTML
EOD;
$s = preg_replace('/(.*)/Ue',strtolower('$1'),$s);
Nice use of the 'e' modifier, but would it not be safer to use this?
$s = preg_replace('/(.*)/U', strtolower($1), $s);
This way the arbitrary html is not executed?
You can't do it that way. The strtolower will be executed before
preg_replace, so you're just converting $1 to lowercase and passing
that through.
-Stut
--
http://stut.net/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Which file called the function?
Christoph Boget wrote: I believe __FILE__ is resolved at compile time, not run-time which means what you're seeing is expected behavior. I'm not sure how you'd get the name of the file that a function call was made from. Could you explain why you need this information in your application, and perhaps someone might offer an alternative solution? I'm not saying it's not expected behavior. In fact, that exactly what I would expect based on what the docs say. I'm just asking if there is another way to get the script file name that's calling the function. I need it primarily for debugging purposes. I've got a single function that's called by several files. And instead of modifying all the files calling the function to add logging, it would be nice to just modify the function, adding logging only to it to also include what script called it. I know I can get the information from debug_backtrace but I figured there might be a better/easier way. There isn't. The backtrace is the only thing that can get the call stack. -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Is there any Open Source Mailing List Manager that works good
srihari naidu wrote: I am searching for a good open source php mailing list manager for some days. can any one suggest me one please. Why PHP? Mailman is way better than anything out there in PHP. I've used PHPList (phplist.com) before, and it didn't suck too much, but I'd still take Mailman over it any day of the week and twice on Christmas day! -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Opinion about the using $GLOBALS directly
Richard Lynch wrote: On Wed, December 19, 2007 11:22 am, Stut wrote: well, if you have a long and complex function declaration which begins with global $whatever, and then all over the function $whatever is used, some dozens of lines later when looking for something in the code you might not have any idea that $whatever is global... however if you used $GLOBALS['whatever'] everywhere it would be trivial. Indeed. I don't really care how long the function is. $connection is a global in the scripts. It's the only global there is. It's a global in any function that needs it. If I can't remember that from day to day, then I need to find a nurse to take care of me... [shrug] I feel sorry for anyone that ever inherits your code. You're making their life needlessly more difficult. I've inherited enough code in my time to appreciate the extra effort to create readable and maintainable code. -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] email authentication
Afan Pasalic wrote:
I have to develop a little registration form.
after the form is submitted confirmation email has to be sent to
registrant.
I use this function to send an email:
function send_plain_email($to, $subject, $body)
{
$headers =MIME-Versin: 1.0\n . Content-type: text/plain;
charset=ISO-8859-1; format=flowed\n . Content-Transfer-Encoding:
8bit\n .
Reply-To: Registration [EMAIL PROTECTED]\n.
From: Registration [EMAIL PROTECTED]\n .
X-Mailer: PHP . phpversion();
mail($to, $subject, $body, $headers) or die(mysql_errno());
}
Though, I'm getting the following error:
Warning: mail() [function.mail]: SMTP server response: 503 This mail
server requires authentication when attempting to send to a non-local
e-mail address. Please check your mail client settings or contact your
administrator to verify that the domain or address is defined for this
server. in
D:\Sites\CWIPanel\Accounts\mydomain.com\wwwroot\reservation.php on line 34
Never get such a error using LAMP.
I'm assuming from that comment that you're running this under Windows of
some variety? This is not a PHP problem. The mail server PHP is
configured to use (see php.ini) requires authentication. The built-in
mail function doesn't support that so you'll need to use something like
PHPMailer (Google for it).
-Stut
--
http://stut.net/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Mail system
mattias wrote: If i run coureir and postfix I want to have a signup script How should the code be written? Since you're asking on a PHP list I'm going to assume you want to use PHP. The answer you seek is... by you, using some form of text editor! We're not here to write code for you. Have a go, then come back if you have problems. The manual will help, as will Google. There's a good chance someone has already done this, so I'd start with Google. -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: SV: [PHP] Mail system
mattias wrote: First of all If you have a bad day don't send to the list I'm actually having a pretty good day thanks. Seriously though, Google for an existing solution, and if there isn't one have a go yourself and then ask for help if you have problems. I apologise if you feel that's harsh, but that's the way it is. -Stut -- http://stut.net/ -Ursprungligt meddelande- Från: Stut [mailto:[EMAIL PROTECTED] Skickat: den 30 december 2007 21:46 Till: mattias Kopia: php-general@lists.php.net Ämne: Re: [PHP] Mail system mattias wrote: If i run coureir and postfix I want to have a signup script How should the code be written? Since you're asking on a PHP list I'm going to assume you want to use PHP. The answer you seek is... by you, using some form of text editor! We're not here to write code for you. Have a go, then come back if you have problems. The manual will help, as will Google. There's a good chance someone has already done this, so I'd start with Google. -Stut -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: SV: SV: [PHP] Mail system
mattias wrote: Yes but i are newbie in php I think i should use php exec but i dont know no more GOOGLE GOOGLE GOOGLE GOOGLE GOOGLE http://postfixadmin.sourceforge.net/ was the first result I got. Seems to fit the bill from where I'm sitting. -Stut -- http://stut.net/ -Ursprungligt meddelande- Från: Stut [mailto:[EMAIL PROTECTED] Skickat: den 30 december 2007 22:01 Till: mattias Kopia: php-general@lists.php.net Ämne: Re: SV: [PHP] Mail system mattias wrote: First of all If you have a bad day don't send to the list I'm actually having a pretty good day thanks. Seriously though, Google for an existing solution, and if there isn't one have a go yourself and then ask for help if you have problems. I apologise if you feel that's harsh, but that's the way it is. -Stut -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] mysql date question
Adam Williams wrote:
select date_format('contract.length_start', '%m-%d-%Y') as length_start
from contract where user_id = 1;
This has nothing to do with PHP, but the first parameter to date_format
should not be in quotes.
-Stut
--
http://stut.net/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHPInfo - the application
Richard Heyes wrote: Lester Caine wrote: Richard Heyes wrote: Does anyone have a URL for it? Naturally Google returns a lot of pages which are about the actual function. http://www.php.net/ just put phpinfo into the 'search for' and you will get the REAL data for it. Google is never the best starting point when you know what you are looking for! Did you actually read my email? The subject is a rather good hint too. Do you mean phpsysinfo? http://phpsysinfo.sf.net/ -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] uh oh, I defined a resoruce
Eric Butera wrote: Haha. Thank you for all that insightful research. Seriously though, using globals you might already be in hell! =\ IMHO global variables are evil in the same way that register_globals were. Despite everything you've probably heard it is actually possible to create a secure site with register_globals enabled, but it needs to be done with due care and attention. The same goes for globals. They are not inherently evil but they are easily abused so you need to be careful when you use them. -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] SMTP vs mail()
Richard Heyes wrote: Bearing in mind I haven't yet done any benchmarks, which do you think is faster - SMTP with multiple RCPT commands or the PHP mail() function (with it launching a separate sendmail process for each mail() function call)? No brainer, SMTP will almost certainly be faster. My mailing list system (written in PHP obviously) can dump 600k customised emails to the local SMTP server in a couple of hours. Doing the same with the mail command took over 24 hours. How much slower will depend a lot on how you have configured sendmail, but it's never going to be faster than a socket connection to the local SMTP server. -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] calling java within php setup?
Janet N wrote: I've wrote a Basic java within php, but I get error: Fatal error: Class 'Java' not found. What am I missing? Can I import java in php? Have you installed it? From the manual page for the Java extension... This » PECL extension is not bundled with PHP. -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Question About Blocking Email Addresses in Forms
On 18 Jan 2008, at 16:01, Eric Butera wrote: On Jan 18, 2008 10:55 AM, Javier Huerta [EMAIL PROTECTED] wrote: Thanks for all of your suggestions which all point to using Catpcha. I have actually already implemented Capchta and they are still getting around it. Even if they are entering it manually rather than via a bot, is there a way to check if the email address is of a specific format and if so then don't process the form? What does your form actually do? Does it email you, email them, stick something in a DB? What? Regardless, if they're entering a nonsense email address and are managing to get your script to email other people then you're not validating the inputs correctly. For example, are you checking that the email address does not contain carriage returns or line feeds? Same with the subject if your form includes that. Anything that comes from the form and ends up in the email headers needs to be checked in this way. The answer to your question is only if you can define the format precisely enough. -Stut -- http://stut.net/ Javier Huerta [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I am wondering if there is a way to block out email addresses in specific format from a form? We ahve a form that people have to enter an email address, and the form has been getting used by bots to send spam to a listserv. The email address they enter is in this type of format [EMAIL PROTECTED], and of course it is always just a bit different every time. Any help is greatly appreciated. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php If a human is involved you can't really do anything about it other than slow them down. If they're doing this a lot you can implement some backend server tracking. It is really hit and miss, but you can try tracking by IP, but proxies make this fail. You can also make sure that you require sessions. That might help a bit but a user can always clear their cookies. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Posting Summary for Week Ending 18 January, 2008: php-general@lists.php.net
On 19 Jan 2008, at 18:36, David Powers wrote: Point 2: My address has been exposed by the thoughtless acts of others not setting their mail program/newsreader options correctly. Apart from the ex-BBC forum (where I have since changed the settings and edited the relevant post), all Google references to my email address came from the archives of this list. That's where the spam has probably started. By publishing a weekly list of email addresses, you're just making life easier for the spam merchants. If you intend to store the email addresses of people using this mailing list, there should be a clear statement of privacy policy on the PHP site. If there is one, I couldn't find it. That's because it has nothing to do with the PHP site or project. It's a private project intended to be of interest to those who post here. And you're here as well. Whoah, hang on a moment. It has everything to do with the PHP site and project. It's hosted on the php.net news server. When I subscribed to the PHP general mailing list I did not give permission for this. This is an international list, and what you're doing breaks EU privacy laws, and possibly those in other countries too. Please remove my name and details from your system. This is a *public* mailing list. By posting an email to it you are exposing your email address to an unknown number of people you don't know. Any number of those could be spammers collecting email addresses, or archivers creating web-based archives over which you have no control. If you didn't want your email address to be put into the public domain you should not have sent emails to a public mailing list, period. While I agree that Dan should be obfuscating the email addresses coming from his script I think your complaints are aimed at the wrong person. *You* are to blame for putting your email address out there, and I think we'd all appreciate it if you would stop blaming Dan. I use a Gmail account for all mailing lists for precisely this reason. If you were stupid^Wnaive enough to use an important email address that's your problem. And no, I won't remove your address from the recipient list. -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Posting Summary for Week Ending 18 January, 2008: php-general@lists.php.net
On 20 Jan 2008, at 17:49, David Powers wrote: Andrés Robinet wrote: 3 - I don't like the attitude of both Dan and David. IMHO, David thinks the issue is more severe than it is, and Dan just won't recognize that mangling email addresses is kind of a (arguably also) standard practice. No public apologize is needed, but maybe Yeah, I just didn't consider that would be enough. Well said, Andrés. This has been blown out of all proportion by the sarcastic response I got from Dan, followed up by a group of his friends trying to make out the the problem was all of my own making. If the response had been, Shucks, sorry, I'll mangle the addresses (or leave them out) in future, that would have been an end of it. Instead, Dan and his friends decided that attack was the best form of defence, calling me names and questioning my integrity. But what if everyone's addresses had been gathered by someone with a less innocent intent than Dan's statistics? Therein lies the crux of the matter. Dan was able to gather the addresses without someone else publishing them in the way he did. The list is public, anyone can join it, so there is nothing stopping a spammer from collecting addresses in the same way. What Dan did has certainly not made it any easier for spammers to get your address. You seem unable to accept that you are the one that put your email address out there for anyone to collect. If you can't understand that then there is indeed no point in continuing the conversation. -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Posting Summary for Week Ending 18 January, 2008: php-general@lists.php.net
On 20 Jan 2008, at 18:02, David Powers wrote: Stut wrote: You seem unable to accept that you are the one that put your email address out there for anyone to collect. If you can't understand that then there is indeed no point in continuing the conversation. I do understand it. What I object to is a supposedly responsible member of this list publishing everyone's address, and then attacking me for criticising him for such a dumb move. You're still missing the point. Every time you send a message to this list *you* are publishing your email address. What Dan's done a) was only possible because you had already published your address, and b) almost certainly won't result in more spambots picking up your address than would have anyway. -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] More frustration with MySQL and PHP
Jason Pruim wrote:
So all I have to do (At least to really simplify what I'm sure they can
do) is put the code I want to execute into the function and then just
list the variables as arguments? Such as:
function dbconnect ($host, $user, $pass, $database) {
mysqli_connect($host, $user, $pass, $database);
etc. etc.
}
Or something like that?
And then I can simply call my dbconnect() anywhere I might need to
connect to a database? Or a different database?
Sort of. I believe the MySQLi extension is intelligent enough to not
create multiple connections with the same details from one process, but
you might find the following works a bit better...
http://dev.stut.net/php/db.inc.phps
This is modified from code I used to use but I have not tested this
simplified version (the original supports multiple connections which you
probably don't need). I now use a class instead of these functions but
the basic idea is the same. At any point in your code you can simply to
do...
$db = GetDB();
...to get a resource handle to your database, and it takes care of
making sure it only keeps one connection around and closes it when the
script ends.
Yes it uses globals. No I don't care.
-Stut
--
http://stut.net/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] are email address could be spammed
On 24 Jan 2008, at 15:42, Eric Butera wrote: I used to be hardcore pop only but now that I use gmail I don't care about any other mail client. It beats Thunderbird and Mail.app hands down. If you don't look at the right hand side you won't see the ads. :) I even have it set up now to pull my pop mail account and slap it in a filter. Plus I enjoy all the people complaining about how users shouldn't change the subject. The gmail thread grouping takes care of all that for me. :D The only real downside is you can't view the raw source of messages or get the headers. Top-right of any message, the down arrow next to the Reply link, select Show Original... voila, the raw message complete with all headers. I'm almost exclusively using Google Apps for all my mail (just a couple of accounts left to move), and nothing much has changed about what I do. I still have the choice between Thunderbird (IMAP) or Webmail (Gmail), and I still have a complete archive of all my mail since 1996. I have no complaints at all. -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about functions
On 24 Jan 2008, at 20:00, Jason Pruim wrote: So, I'm trying to learn about functions, and I think I understand what to use them for... And one of the ideas I had was to write a function to logout of an application. The question I have though, is how do I call it? Right now I just have a link like this: A href=logout.phpClick here to logout/A Can I do the same thing with a function? And if so, then maybe I don't really understand functions like I thought I did... Because to me, that would look like it would be just the same as calling a single script to logout vs. a function? Functions are internal to PHP, there is no way to address them from a web page. -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How can I do this -- method chaining
On 29 Jan 2008, at 19:43, Christoph Boget [EMAIL PROTECTED] wrote: On Jan 29, 2008 2:37 PM, Paul Scott [EMAIL PROTECTED] wrote: Looks like a repurpose of one of my posts: http://fsiu.uwc.ac.za/index.php?module=blogaction=viewsinglepostid=gen9Srv59Nme5_7092_1182404204 actually, this is slightly different; here we are talking about being able to immediately invoke a method off the call to the constructor, whereas in your post you chain calls after storing the instance in a variable in the call to the constructor. Right, and that's what I was trying to avoid, if possible. Why? What exactly do you think you're saving by not putting the instance in a variable? I can't think of one good reason to do this. -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How can I do this -- method chaining
On 29 Jan 2008, at 20:08, Nathan Nobbe [EMAIL PROTECTED] wrote:
On Jan 29, 2008 3:02 PM, Stut [EMAIL PROTECTED] wrote:
Why? What exactly do you think you're saving by not putting the
instance in a variable? I can't think of one good reason to do this.
its an esthetic thing; and besides the simple factory method is an
easy workaround to achieve it.
as the article that, Eric, posted mentioned, other languages have
such support; ie javascript:
function Test() {}
Test.prototype = { doSomething : function() { alert('hello'); } }
new Test().doSomething();
this is along the lines of the whole returnAnArray()['someIndex']
thing,
fortunately in this case, theres a workaround in userspace ;)
I don't see how it's any more aesthetically pleasing, but each to
their own I guess.
Personally I'd use a static method in this instance. If you need to
create an instance of the class you can do so in the static method and
that way it will get destroyed when the function is done. Otherwise
the object scope is far larger than it needs to be, which IMHO is an
unnecessary waste of resources and certainly less aesthetic.
-Stut
--
http://stut.net/
Re: [PHP] How can I do this -- method chaining
Nathan Nobbe wrote:
On Jan 29, 2008 7:27 PM, Stut [EMAIL PROTECTED] wrote:
Personally I'd use a static method in this instance.
thats what i recommended.
If you need to create
an instance of the class you can do so in the static method and that way it
will get destroyed when the function is done. Otherwise the object scope is
far larger than it needs to be, which IMHO is an unnecessary waste of
resources and certainly less aesthetic.
lost you on this part ..
whether you create an instance in client code by calling new or
encapsulate the call
to new in a simple factory method there will still be only one
instance of the class,
and it will still be in scope once the method is finished executing,
because all it does
is return an instance of the class its a member of.
maybe you mean something other than what i posted earlier when you say
static method?
You posted a singleton pattern. That means that from the moment you call
the static method until the end of the script that object exists. That's
probably fine for web-based scripts that don't run for long, but I live
in a world where classes often get used in unexpected ways so I tend to
write code that's efficient without relying on the environment it's
running in to clean it up.
This was your code...
?php
class Test {
public static function getInstance() {
return new Test();
}
public function doSomething() {
echo __METHOD__ . PHP_EOL;
}
}
Test::getInstance()-doSomething();
?
This would be my implementation...
?php
class Test {
public static function doSomething() {
$o = new Test();
$o-_doSomething();
}
protected function _doSomething() {
// I'm assuming this method is fairly complex, and involves
// more than just this method, otherwise there is no point
// in creating an instance of the class, just use a static
// method.
}
}
Test::doSomething();
?
Of course this is just based on what the OP said they wanted to do. If
there is no reason to create an instance of the object then don't do it.
It's fairly likely that I'd actually just use a static method here, but
it depends on what it's actually doing.
But as I said earlier, each to their own.
-Stut
--
http://stut.net/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How can I do this -- method chaining
Jochem Maas wrote: Stut schreef: Nathan Nobbe wrote: On Jan 29, 2008 7:27 PM, Stut [EMAIL PROTECTED] wrote: Personally I'd use a static method in this instance. thats what i recommended. If you need to create an instance of the class you can do so in the static method and that way it will get destroyed when the function is done. Otherwise the object scope is far larger than it needs to be, which IMHO is an unnecessary waste of resources and certainly less aesthetic. lost you on this part .. whether you create an instance in client code by calling new or encapsulate the call to new in a simple factory method there will still be only one instance of the class, and it will still be in scope once the method is finished executing, because all it does is return an instance of the class its a member of. maybe you mean something other than what i posted earlier when you say static method? You posted a singleton pattern. huh? the OPs getInstance() method returns a new object on each call, hardly a singleton is it? Quite right too. Didn't read it properly. That means that from the moment you call the static method until the end of the script that object exists. That's probably fine for web-based scripts that don't run for long, but I live in a world where classes often get used in unexpected ways so I tend to write code that's efficient without relying on the environment it's running in to clean it up. are you saying that the OPs getInstance() method causes each new instance to hang around inside memory because php doesn't know that it's no longer referenced, even when it's used like so: Test::getInstance()-doSomething(); and that your alternative does allow php to clean up the memory? I could be wrong, I don't know the internals of PHP well enough to be definitive, but I'd rather err on the side of caution than write leaky code. -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How can I do this -- method chaining
Nathan Nobbe wrote: On Jan 30, 2008 10:46 AM, Stut [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Nathan Nobbe wrote: Actually no, I mean I would *just* use a static method. If there is no reason to instantiate an object, why would you? http://stut.net/ you realize you are instantiating an class in the code you posted, right? from you post: $o = new Test(); if i didnt know any better, id call that an instantiation of the Test class ;) the only thing is you are forcing it out of scope by using a local variable to store the reference to the object. Seriously? You really need to read the emails you're replying to. I gave an example that did what the OP asked for. Then I went on to say that I would probably just use a static method. I never said I wasn't creating an instance in the example I posted. The forcing it out of scope was the crux of my point. However, if Jochem is right then it's kinda pointless with the current implementation of the GC, but may become relevant in the new GC. -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How can I do this -- method chaining
Nathan Nobbe wrote: It's fairly likely that I'd actually just use a static method here, both your and my code use static methods. it sounds to me like you are using the term 'static method' to mean a static method that has a variable with a reference to an instance of the class that it is a member of. which is obviously a particular use of a static method, and therefore a bad practice imho. not the technique, mind you, the label of 'static method' for the technique. Actually no, I mean I would *just* use a static method. If there is no reason to instantiate an object, why would you? -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How can I do this -- method chaining
Nathan Nobbe wrote: On Jan 30, 2008 10:53 AM, Stut [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Nathan Nobbe wrote: I never said I wasn't creating an instance in the example I posted. then what exactly did you mean by this? Actually no, I mean I would *just* use a static method. If there is no reason to instantiate an object, why would you? I meant I would *just* use a static method. Calling a static method does not create an instance of the class. My comments usually follow the rule of Ronseal. What do you think I meant by it? -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
