[PHP] java.lang.UnsatisfiedLinkError: send trying to install PHP as a Servlet for Tomcat 5.0.18 on FreeBSD
Hi, Ive searched the web and archives - found many with the same problem, but noone with a solution. I followed the following steps (as per /sapi/servlet/README): 1)./configure --with-servlet --with-java 2) make 3) make install 4) copy the phpsrvlt.jar to the context's WEB-INF/lib 5) added the servlet config and mapping to the context's web.xml 6) restarted tomcat First I get this exception (javax.servlet.ServletException: Servlet.init() for servlet php threw exception): java.lang.UnsatisfiedLinkError: no php4 in java.library.path java.lang.ClassLoader.loadLibrary(ClassLoader.java:1403) java.lang.Runtime.loadLibrary0(Runtime.java:788) java.lang.System.loadLibrary(System.java:832) net.php.reflect.loadLibrary(reflect.java:34) net.php.reflect.clinit(reflect.java:29) net.php.servlet.init(servlet.java:157) Then everytime I refresh after that I get this (javax.servlet.ServletException: Servlet execution threw an exception): java.lang.UnsatisfiedLinkError: send net.php.servlet.send(Native Method) net.php.servlet.service(servlet.java:190) net.php.servlet.service(servlet.java:214) javax.servlet.http.HttpServlet.service(HttpServlet.java:856) Does anyone have any idea how to get around this? Thanks for your time, -- Dan Hardiker -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] remove ' from string
Any functions to remove'from a longstring?
?php
$myLongString = ..'..'.'.;
$myLongString = str_replace(', , $myLongString);
?
et voila! Simple huh ;)
For more info, check out: http://www.php.net/str_replace
--
Dan Hardiker [EMAIL PROTECTED]
ADAM Software Systems Engineer
First Creative
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] HTTP_REFERER reliability
But the manual says that HTTP_REFERER is unreliable, so I'm intrigued to know exactly what the problems are. Any ideas? The HTTP_REFERER field is retrieved from the HTTP Referer: header as used in the HTTP protocol. This field is set entirely by the client browser / application retrieving the data. There is nothing to stop the client from adding malformed, incorrect or spoof data into this field - and thus possibly faking entry to the data you are protecting. You cannot rely on this field to be accurate, correct or even populated. -- Dan Hardiker [EMAIL PROTECTED] ADAM Software Systems Engineer First Creative -- Dan Hardiker [EMAIL PROTECTED] ADAM Software Systems Engineer First Creative -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Hacker problem
This could still be faked easily with a telnet session and some fake http headers. Your only way of making sure is to create a serverside script which filters the data. Yes, theoretically...you could require it to be posted data. In order to do this you would have to make sure registered_globals is set to off in your php.ini and then for each variable posted from your form you will need to do something like this $name=$_POST[name]; This will only post the variables if they have been posted. Then you could use the referrer along with this and it will only allow data from that specific form. Hope this helps! Brian Drexler -Original Message- From: Pag [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 12, 2003 8:35 AM To: [EMAIL PROTECTED] Subject: [PHP] Hacker problem Been having some hacker problems on my site, and a simple one: I have a shoutbox, a simple form with name and text that adds lines to the database. I do checks for insults, too long words, tags, etc, but its still possible to circumvent those checks by adding the data on the url instead of using the form. something like: www.domain.com/shoutb.php?name=hackertext=generalnonsenseandbadwords To prevent this, i tried tracing the http_referral so that only data from inside the site goes into the shoutbox. THe problem is that if you do that url above after visiting my site, the http_referral obviously thinks its coming from inside the site. :-P How can i solve this? Is there any way to prevent data adding from outside? Maybe some invisible check on the form or something? Thanks. Pag -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Dan Hardiker [EMAIL PROTECTED] ADAM Software Systems Engineer First Creative -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] eval challenge
- define a string that has a function call in it (that returns a string) that at the time of declaration is not in scope, eg $str = this is the name : \$node-getName(); // $node is _not_ defined currently, so we can't escape out Ya have 2 options really (from my perspective): 1. Place in jump out's If you know your evaling routine is using 's then use them to break out of the parser. Firstly - this is bad coding - as if you can break out, then so can the rest of the data in the string. If you insist on this method, on any external data check for the break out char and escape it - otherwise you have a major security hole. $str = text here '.\$node-getName().'more text maybe; eval(\$str = '$str';); NOTE: there is no ' at the start or end of the string - this is important. 2. Build a string parser and use tagging... easiest done in XML imho $str = some text here exec$node-getName()/exec; Then go through the string before the eval executing everything between exec tags (be security concious for heavens sake - can be dangerous if not strictly checked) and replace the command with the response. I can provide sample code for either options ... but would rather not mock up a test bed if its not gonna get used ;) PS: Im guessing your building dynamic templates ... have you had a look into smarty? http://smarty.php.net/ -- Dan Hardiker [EMAIL PROTECTED] ADAM Software Systems Engineer First Creative -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] eval challenge
Currently, I'm using defined tags for replacing info from my CMS, eg: $str = ofa-core:siteMapLink/ Then I have a function that has all the objects in scope, and can perform the necessary replacements. ok ... what would ofa-core:siteMapLink/ represent? The output of $ofa-core-siteMapLink();? If your using XML throughout - have you looked at XSLT transformations? -- Dan Hardiker [EMAIL PROTECTED] ADAM Software Systems Engineer First Creative -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] IP Addesses on local network
echo gethostbyaddr(ip.number.inserted.here); returns the name of the server when it`s an internet address. Is there a similar command that will return host names on a local network I tried using the above command putting in a LAN address, but it just returned the IP address. This isn't a PHP issue, this is a DNS issue. gethostbyaddr uses DNS resolution to convert the IP address into its named equivelant... if no name is found, it will return the IP address again. The only way to get the reverse DNS for a private (LAN) IP address is to use a DNS server which has those IPs registered. In short, you have to run your own domain name server and apply the entries in there. There are other, OS independant, ways of adding these lookups (eg: /etc/hosts on Unix %SYSTEMROOT%\system32\hosts.pam (I think) on Windows 2000+) but you will have to investigate those yourself. -- Dan Hardiker [EMAIL PROTECTED] ADAM Software Systems Engineer First Creative -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: eval help
Hi, $arr2[name] = Broness!; .. $str3 = brHello, $arr2['name']; .. eval (\$evaldString = \$str3\;); echo $evaldString; Your almost there... just remember one very simple rule - if in doubt, break out. Meaning, if you're having variable resolution issues, then just break out of the string. Apply the following change to have happy dreams: From: $str3 = brHello, $arr2['name']; To: $str3 = brHello, .$arr2['name']; -- Dan Hardiker [EMAIL PROTECTED] ADAM Software Systems Engineer First Creative -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Still no luck running a PHPCLI script from CRON
Ok, by looking at my cron logs it looks like cron is trying to run my
PHP CLI script. However, it is not running it. I only have one line of
code that isn't commented out and the line simply sends me an email
using the PHP mail() function.
One thing to keep in mind when working with crontab is environmental
variables. As in, Cron has none. You have to set any you want in your
crontab, or your called scripts. For example, use full paths.
You shouldnt have to call a shell before calling the php cli. Here is an
example script for you to test. My php binary is in /usr/local/bin/php, my
script is /usr/local/crontab-scripts/wibble.php and the file I am writing
to is in /tmp/wibble.output
This is what wibble looks like [chmoded to 755, owned by the user of the
crontab]:
#!/usr/local/bin/php -q
?php
if ($fp = fopen(/tmp/wibble.output,a)) {
fputs($fp, Script Executed on .date(YmdHis).\n);
fclose($fp);
} else {
die(Could not open 'wibble.output' for read / write operations);
}
?
and the crontab line I have is:
* * * * /usr/local/contab-scripts/wibble.php
and you can see the output of it running every minute:
tail -f /tmp/wibble.output
Works fine for me ... try it
--
Dan Hardiker [EMAIL PROTECTED]
ADAM Software Systems Engineer
First Creative
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] what are the planned features of php 5?
I read something a while back about more OO features, but I was wondering if there is a roadmap anywhere? Out of curiosity I had a look at the php.net site and related sites and eventually came across this link: http://www.zend.com/images/press/Feb_2003-4_Zeev_PHP5.pdf I think this is more in the realm of what your looking for: http://www.php.net/ZEND_CHANGES.txt -- Dan Hardiker [EMAIL PROTECTED] ADAM Software Systems Engineer First Creative -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Piping to a PHP cgi-binary... broken in v4.3.2?
Hey all, echo ?php echo \hi\; ? | /path/to/php That works on php v4.2.x but Ive got 3 machines on v4.3.x and none of them seem to respond to the piping of the php config. v4.2.x Response [13:56:[EMAIL PROTECTED]:~$ echo ?php echo \hi\; ? | /usr/local/bin/php X-Powered-By: PHP/4.2.3 Content-type: text/html hi[13:56:[EMAIL PROTECTED]:~$ v4.3.x Response [13:58:[EMAIL PROTECTED]:~$ echo ?php echo \hi\; ? | /usr/local/bin/php Status: 404 Content-type: text/html X-Powered-By: PHP/4.3.2-dev No input file specified. [13:59:[EMAIL PROTECTED]:~$ Anyone else with the same results on a v4.3.x cgi-binary? Is this modified behavoir limited to me, or expected? -- Dan Hardiker [EMAIL PROTECTED] ADAM Software Systems Engineer First Creative -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Restarting a daemon in PHP
It works just fine, the daemon is started, but apache does not respond any more in the current session. Only if I close the brower and restart it, I can access the website again. Does anyone know of a good workaround? I encountered the same behaviour after sending mail from a PHP webmail client. I'm puzzled, too... This could because exec statements are executed in the foreground. Your best bet would be to background the process with . exec(perl myscript.pl ); -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software Systems Engineer First Creative -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP-4.3-dev - What is it for?
What is the meaning of dev in PHP-4.3-dev? Development release, not a Production release. Its a snapshot of the upcoming 4.3 system. Can I use it as a fully working PHP distribution? No, as the name suggests its purely an insight as to where the development is up to at this point in time. Although it is recommended that you dont use this in production systems, it would greatly help the Quality Assurance and Release Engineering teams if you could download it to your development machine(s) and test. Feedback should be sent to the relevant lists.php.net group, more information on which lists to use for what (bugs, qa, dev questions) can be found on the php website. -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software Systems Engineer First Creative -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] hiding php
Actually.. You can turn off header responses in both apache and php. Inside the php.ini you will find: [ expose_php = Off ] In the ini-dist its even switched off by default. In the apache httpd.conf file you can set the following: [ ServerSignature On ] I believe you may also find some help in mod_headers. In short you can do alot with the configuration to mask what you are running on what platform. If you are running FreeBSD you can even get it to emulate the SYN packets (used for TCP operating system fingerprinting) of alternative OS's (eg: Red Hat [why you would want people to think you'd run RH, to I dont know] / Solaris). Questions? Because its better to have someone waste time trying known hacks for a platform I don't have than to have the same person not know the platform and start spending time figuring out what it is right off the bat. That will not work.. try the following: telnet yourserve 80 and than type GET / HTTP1.0 and press Enter twice You'll see the server response which will tell anybody that the server is Apache and even the operation system it runs at. -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software Systems Engineer First Creative -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] hiding php
[Larry Brown] Because its better to have someone waste time trying known hacks for a platform I don't have than to have the same person not know the platform and start spending time figuring out what it is right off the bat. [Mike Ford] Well, if you *really* wnat to get hem going, you could send .jsp and .cfm (and any others you can think of) through PHP as well!! If your gong down that road, you could use an arbitrary extension to pipe through php so that at the simplist level (the URL) the technology isnt misinformed (eg: .cfm as cold fusion), but at a blank completely, eg: http://your-server.com/some.script With .script being parsed by php, but the outside world not knowing what technology you are using behind the scenes. Very simple, yet very effective way of blindfolding the end user. -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software Systems Engineer First Creative -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] OpenSSL Encryption to a browser.
I would like to use OpenSSL to send encrypted information to a browser. The information would be encrypted to a public key that has its private counterpart installed in the browser. The idea is that the information would be decrypted automatically, but only when the destination browser has the right private key installed. Most people would leave apache (usually with mod_ssl) to handle the encryption over https. Im not even sure if you could do what I think you are asking without controlling the whole http communication (as the whole thing is SSL wrapped, or none of it). Would it be possible to us header(Content-type: multipart/encrypted), since it is originally meant for messages? I think you need to look into one of the following: - Handling the requests yourself by listening to port 80 (not advisable - php wasnt built for that sort of task, but its possible) - Using ssl certificate pairs and installing them in a custom manner on the apache installation - Alternative methods PS: if your not using apache, I cant help you at all. Others may. --- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software Systems Engineer First Creative -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] The hunt for PHP Developers [job applicant search]
Hi, [sorry about this being kinda off topic, but hey :P if anyone knows of a more appropriate place - let me know!] I am looking for prospective employee's which a high level of PHP experiance, with an interest in learning Java in the next few months. Before I continue - the position is onsite in Preston, Lancashire, UK. Sorry, we aren't looking for remote workers at this point. The following requirements: * FreeBSD experiance. User level required, Admin level prefered. * XML experiance (understanding of its use and its purpose) * Extensive MySQL experiance * Vast OOP experiance in PHP The project would suit the following personality: * Fast learner and grasps concepts quickly * Idea Mad (constantly coming up with ideas spontaniously) * Prefers being given an outline and discussing the details, rather than being given a fully mapped out spec documenting down to the statement in code. * Willingness to learn on the fly * A passion for coding * Someone who percives working as a coder as being paid to do their hobby, rather than being paid to work 9-5 :P The project is an extensive object based database engine with a vast future, more of which I cant discuss on here, but could off list. NOTE: please CC my email address in on any reply. -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software Systems Engineer First Creative -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software Systems Engineer First Creative -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] adding unix account via system command
!!!WARNING - WARNING - WARNING - WARNING - WARNING!!!
This will mean ANYONE can run this program AS ROOT. Read up on SUID.
!!!WARNING - WARNING - WARNING - WARNING - WARNING!!!
Make yourfile.c and put this in:
main(argc,argv)
int argc;
char **argv;
{
execv(/your/program/here, argv);
}
then cc -o yourfile yourfile.c
chown root.root yourfile
chmod 4755 yourfile
this will make it rwsr-xr-x
--
Dan Hardiker [[EMAIL PROTECTED]]
ADAM Software Systems Engineer
First Creative Ltd
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Load / Stress Testing
Hi All, I have a CPU intensive PHP application, and would like to stress test it to find out the number of concurrent connections I can have before the response rate from my script is 5 seconds or more. The tests will initally take place over a 100mbs LAN. The following are in use: PHP 4.2.3 (using APXS) [also v4.3.0-dev will be tested] Apache 1.3 MySQL 3.23 FreeBSD 4.6-STABLE Ive thought of writting a load testing script, but Im not after reinventing the wheel. -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software Systems Engineer First Creative Ltd -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Compiling PHP with Sablot support
Hi All, I have PHP-4.3.0(dev) [php cvs version] and have the following configure: ../configure --with-mysql=/usr/local/ --with-gd=/usr/local/ --with-openssl --with-curl --enable-ftp --with-dom --with-xml --enable-trans-sid --enable-sockets --enable-wddx --with-zlib --with-mcrypt=/usr/local/ --with-mhash=/usr/local/ --with-freetype --with-t1lib --with-ttf --with-freetype-dir=/usr/local/ --with-gettext --enable-track-vars --with-apxs --with-expat --with-enable-xslt --with-xslt-sablot --with-sablot Configure runs fine... Make runs beautifully... Make Install runs perfectly... Apache restarts great, but: Fatal error: Call to undefined function: xslt_create_processor() in /usr/home/dhardiker/public_html/cvs/flash_api_4.03/xslTransformer.inc.php on line 24 Ideas? PS: Im running FreeBSD 4.6-Stable and a copy of my phpinfo() output can be found at http://dipsy.dapond.net/phpinfo.html. -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software Systems Engineer First Creative Ltd -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Compiling PHP with Sablot support
There should be a new entry like XSLT enabled under XML enabled in your PHPinfo in case of successful set-up. Thats what Im looking for, but cant find it... however the configure line still says its in there. I'm not very familiar with the Unix build, but just to be sure can you check if you uncommented the xslt extension in your php.ini file (if any)? As far as I know Ive done everything I need to, there isnt any php.ini directive that does that. If Im missing something I can check... If there was an error I could probably debug it - but there isnt! heh - Original Message - From: Dan Hardiker [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, August 27, 2002 2:52 PM Subject: [PHP] Compiling PHP with Sablot support Hi All, I have PHP-4.3.0(dev) [php cvs version] and have the following configure: ../configure --with-mysql=/usr/local/ --with-gd=/usr/local/ --with-openssl --with-curl --enable-ftp --with-dom --with-xml --enable-trans-sid --enable-sockets --enable-wddx --with-zlib --with-mcrypt=/usr/local/ --with-mhash=/usr/local/ --with-freetype --with-t1lib --with-ttf --with-freetype-dir=/usr/local/ --with-gettext --enable-track-vars --with-apxs --with-expat --with-enable-xslt --with-xslt-sablot --with-sablot Configure runs fine... Make runs beautifully... Make Install runs perfectly... Apache restarts great, but: Fatal error: Call to undefined function: xslt_create_processor() in /usr/home/dhardiker/public_html/cvs/flash_api_4.03/xslTransformer.inc.php on line 24 Ideas? PS: Im running FreeBSD 4.6-Stable and a copy of my phpinfo() output can be found at http://dipsy.dapond.net/phpinfo.html. -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software Systems Engineer First Creative Ltd -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Web Based Mail
www.squirrelmail.org -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software Systems Engineer First Creative Ltd -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] crypt(): How to make it use blowfish?
My system is a linux RH7.2 box. How can I make blowfish encryption available to PHP's crypt? Use mcrypt. See the manual. -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software Systems Engineer First Creative Ltd -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] progress bar
To make it look that little bit nicer, you could use flash to display the bar... but I think that make take a little longer than you'd like for development. Hi! Well i suppose flush() is useful in your case, flush out the output whenever it is called, and not when the page is fully generated (the usual case)! Sou you might to sth like this: - Print 1/4 of the progress bar - flush - wait some time - print 2/4 of the progress bar - flush i don't know if it works, but that's the way it'd do it ;) - Tom -Original Message- From: Serdar Sokmen [mailto:[EMAIL PROTECTED]] Sent: Monday, August 12, 2002 12:06 PM To: [EMAIL PROTECTED] Subject: [PHP] progress bar Hi, I would like to add a progress bar to an installtion program I'm writing in PHP. I basically have one function that I call, it takes about 30 seconds or so to finish executing... I haven't done such a thing before. Can anyone plese suggest me some ideas... Many Thanks Serdar -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software Systems Engineer First Creative Ltd -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: DOMXML...
Check that the file employees.xml exists, and try providing it with an absolute reference rather than relative (eg: c:\\xmlfiles\\employees.xml). Also check that the xml file renders ok in Internet Explorer. the line that gives the error... Warning: failed to load external entity employees.xml in C:\Inetpub\wwweloanshop\test\xml.php on line 36 What employees? is... $doc = xmldocfile(employees.xml) or die(What employees?); Lallous [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... hmm! 1)Can you show the code @ line 36 if possible 2)try to escape the \ (replace every \ with \\) Brian McGarvie [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I have a problem with DOMXML... I installed it and it is showing up in a phpinfo() script... However when I try a simple example it gives me an error such as: Warning: failed to load external entity employees.xml in C:\Inetpub\wwweloanshop\test\xml.php on line 36 Any hints? [ Brian M McGarvie | www.mcgarvie.net - www.the-local-guide.com - www.anypurposeloans.com ] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software Systems Engineer First Creative Ltd -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1
Hi, 1. Every peice of software has bugs - PHP still bugs - it always will have. Deal with it. 2. It is no-one's responsibility other than your own to *test the software*. Anyone using any form of software in a production environment has at least one test bed to install new versions of software on to test for security. 3. You dont have to upgrade! You should, but you dont have to... its down to the system administrator to assess the need. 4. If your software requires register_globals to be set On in the php.ini then your software is badly coded and quite possiblty insecure in its own nature. 5. At the end of the day, we arent choosing YOU to use PHP... you chose PHP for your own reasons. If you dont like it - Microsoft will be happy to take chunks of money off your hands for a Win2k Server with IIS and ASP on it. The grass it always greener huh. - Dan Who said anything about M$? I don't use their crappy products so I don't have to deal with their security issues. I'm the one who brought up Microsoft, I'm saying it's a whole lot better then the alternatives. If PHP 4.2 is unsafe then why is it listed at the top of the page for download? There is not a shread of text saying do not use in production, no unsafe warnings whatsoever. How am I supposed to magically find the 'do not use' warnings? You have to magically find this by reading the messages on this list, not more then a month ago, someone asked was it considered stable for production use, and the answer was no. I was going to type a long rant about how you should test software or atleast wait a while for the kinks to be worked out of new versions instead of running cutting edge, but screw it, I'm not wasting any more time on this. It's not about that.. It's about the hell I've already been through with the new register_globals setting. Then two huge ass security holes following in the next couple of months after that. I know, there such bastards for releasing security patches to fix the holes they know about instead of burrying the evidence and denying a hole exists. If it doesn't bother you the hassles 'the php group' is putting me, you, and alot of others through then I guess that's just you. I can't help but get pissed about it. I did not have the time to do these upgrades, but now I have to make time. You know your right, the PHP group (god bless them) is out to get you, individually, they intentionally put security holes into the software, so they can go back later and make you patch your dozens of systems and make your life a living hell. And it's not just me who doesn't mind upgrading, it's just you who can't handle it. Adam Voigt [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software Systems Engineer First Creative Ltd -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] array_rand() and seed
Have you seeded the random generator? Read up on srand and mt_srand. - Dan Using Win2K Professional Server, IIS PHP Version 4.2.1 mt_getrandmax() returned 2147483647 I have an array of 26 characters. I want three random values from the array, I use the following: $rand_al = array_rand ($arralpha, 3); I get the same characters each and every time. The way I am handling it right now is generating random values using mt_rand(0,25) and using those random values as the index of the array to retrieve the value of. Any ideas on this? Thanks. Naintara -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software Systems Engineer First Creative Ltd -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] is their a jobs mailing list?
I have no idea if this of any use to you guys ... but www.jobserv.co.uk has a load of IT jobs - but AFAIK they are all for mainland UK. Will be helpful for brits in any case. You might find a link to their continental / american / australian counterparts. -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software Systems Engineer First Creative Ltd -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] securing an 'includes' dir
1. Name all included files .inc I do this for many reasons, but mainly to help me know which are executables, and which are includes. It also helps with step 3. Just for an added layer of security (incase step 3 isnt effective due to mis-configuration or what have you), name them .inc.php and at the top of the code put something like this (eg: filename == mysql.inc.php): if ($SCRIPT_NAME==/inc/mysql.inc.php) die(you shouldnt be talking to me!); or if your really clever - you could throw a 404: not found or a 301: access denied. This also means that your script will be relatively harmless and the PHP code would never be divulged. If it was in a .inc file alone, then if the ..htaccess wasnt being effective (or it was accidentally uploaded to an alternate location) then it would be completely exposed. 3. Include a .htaccess file in the /inc/ directory (or further up towards your docroot with the following: Files ~ \.inc$ Order Allow,Deny Deny from all /Files Change the first line to Files ~ \.inc.php$ in order to fit this more secure procedure. -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software Systems Engineer First Creative Ltd -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] view source with opera
In short I think what everyone is trying to say is: it depends on how your server is setup. If you host your own servers then you need to read up on how PHP works in the chain of command and how its configured. If not, then reading up on the whole request and deliver process of HTTP where a scripting language like PHP / ASP is involved would be useful... but its unlikely that a commerical hoster would allow .php files to have their source viewd. To clear things up - if the extension you are using is being parsed by PHP (eg .php files are working correctly and a phpinfo() executes as expected) then there is *no known exploit* to get the source from that page. Thats not to say there isnt one we dont know about - and if your friend / collegue who informed you that it is possible, can ... then I would be (as would most of us on this list) most eager to find out how. If he can replicate the exploit, I have an open mind. For the record, there are only 3 ways of outputing PHP source on a properly configured webserver running PHP. 1. Placing a show_source PHP command in your PHP parsed script 2. Using .phps (only works on Unix AFAIK) 3. Outputing the code yourself using echo's / having badly formed code (eg: missing out the ?php at the begining exposing your php code as raw html). In all 3 cases it would be quite obvious (as your site would not function as intended). Also - for the record - if you cannot view the PHP source inside IE, then you cannot inside netscape, opera nor any other web browser as IE gets the same data as the rest of them (unless your doing some fancy stuff, by which you will already know the answer to most of your questions). Hope I havent been to confusing - Dan On Thursday, June 13, 2002, 2:20:29 PM, you wrote: I'm quite sure that this won't work... The server isn't delivering the php source, so the client will not get the source code but only the resulting code the script generated. So IMHO this is a hoax. Unless your server has phps (source view) enabled. If it has then you can see the source of any file by using the extension .phps. -- Stuart -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software Systems Engineer First Creative Ltd -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] view source with opera
Unless your server has phps (source view) enabled. If it has then you can see the source of any file by using the extension .phps. Awright! But then it would be possible with any browser... Unless I missed it, the OP never said it *only* happened in Opera. but unless we are assuming the OP is a complete idiot, we can assume that it would be more than obvious! As the PHP script wouldnt execute at all! Also, this only works on a unix host, and I doubt that anyone would purposly name their files .phps blah blah. In short the answer is still no, you cannot gain the source from a functional PHP script unless it has been setup to. There is no exploit to do this with any browser. -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software Systems Engineer First Creative Ltd -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] forcing file downloads
2. Can someone tell me what the %20 is there for? The %20 (I forget the exact explanation, sorry) is basically code for the space. % in a URL means thats its gonna be followed by a 2 digit hex number referencing directly to the ascii table. 20 is the hex equivelant for . You could rewrite http://; as %68%74%74%70%3a%2f%2f. -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software Systems Engineer First Creative Ltd -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] catching plurals
I'm trying to write a function to catch and remove plurals from a search feature, can anyone suggest how I can efficiently remove 'ies' and 's' from the right hand end of each word within an array? Your best bet is to use a phonetic search (for speed) looking up against a dictionary file although there are speed impacts. -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software Systems Engineer First Creative Ltd -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Can a php script be placed within a stylesheet?
That's how I interpret it at least... Does the CSS file _HAVE_ to end in .css? Or does it just matter how you link HTTP content headers can be used to tell the client that this is a file of a different name. EG: I have a pdf outputted from a output.php file and to make it look like file.pdf instead I use: header(Content-Disposition: filename=file.pdf); -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software Systems Engineer First Creative Ltd -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Formatting XML Data
I would like some of the text to be bold, or maybe I would like to insert a hyper-link. Unfortunately it does not seem I can do this with ordinary HTML tags because they will be interpreted as XML tags. I am sure, however that there is another way of doing this. Does anyone know how? Have a look into XSLT... its all in the manual. -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software Systems Engineer First Creative Ltd -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Making code execute on fatal error?
I want to make all fatal errors trigger an error file to be include, the file to exit, and the error never t be displayed. Is there any way to do this without access to php.ini? Implement your own error handler. There is a load of documentation in the manual. -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software Systems Engineer First Creative Ltd -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Secure File Upload
A) Do you want to place a limit on the size of a single file being uploaded? [...] Second, I want to be able to prevent my (limited) traffic to be exhausted. Simple reason: I pay for anything above let's say 10 GB of traffic. So what PHP offers to me AFAIK enables me to protect my space, but not my traffic. You are absolutly correct. Welcome to the client/server relationship. Your PHP is *entirely* server side, meaning that (in a HTTP[S] PUT or POST) the entire file is sent to PHP before it can work out if its too big or not. However, there are some client side effects you can induce (such as the browser limiting the file size, this can be set in the HTML FORM) - but as this is client side there is no gaurentee that this request will be honoured (still leaving you open for a custom / noncompliant browser to upload giga-huge files to you). In my experiance its best to give people access to FTP upload but thats not always an option... I hope the information has helped you. The following URL might be worth researching. http://www.php.net/manual/en/features.file-upload.php Look for information on MAX_FILE_SIZE and READ the user comments. The manual + user comments usually holds the answers you seek. ;) -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software Systems Engineer First Creative Ltd -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Secure File Upload
I know this, not this new to CGI... ;) The only thing I thought/hoped was that maybe there's a way to recieve the file size information before upping the entire file. It is possible with some browsers: http://marc.theaimsgroup.com/?l=php-generalm=102079018906224w=2 But you still have to rely on your visitors as they could simply use another web browser should they wish to DoS your site. Security measures such as logging in before allowing a file upload can come in useful here. -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software Systems Engineer First Creative Ltd -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] date problem
SELECT COUNT(*) AS c FROM users_table WHERE UNIX_TIMESTAMP( user_regdate ) '1022882400' The only way you can do it with a char column is to select the entire database, load it into a PHP array, using strtotime() to (hopefully) convert May 29, 2002, etc, into a unix timestamp, and then sort by that timestamp. Alternatively you could use the query you are now (if its returning the correct subset of rows from the table). Replace COUNT(*) AS c with your primary key field (eg: id), and then use mysql_count_row() [rtfm for more details] rather than pulling the rows. From here it looks like your fastest option, but your not providing enough information. -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software Systems Engineer First Creative Ltd -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] array_walk
Instead of passing this and other to your array, PHP
passes 0 and other. Is there any way I can make it
so that it passes this?
[pulled from the manual directly]
Example 1. array_walk() example
$fruits = array (d=lemon, a=orange, b=banana, c=apple);
function test_alter ($item1, $key, $prefix) {
$item1 = $prefix: $item1;
}
function test_print ($item2, $key) {
echo $key. $item2br\n;
}
echo Before ...:\n;
array_walk ($fruits, 'test_print');
reset ($fruits);
array_walk ($fruits, 'test_alter', 'fruit');
echo ... and after:\n;
reset ($fruits);
array_walk ($fruits, 'test_print');
The printout of the program above will be:
Before ...:
d. lemon
a. orange
b. banana
c. apple
and after:
d. fruit: lemon
a. fruit: orange
b. fruit: banana
c. fruit: apple
--
Dan Hardiker [[EMAIL PROTECTED]]
ADAM Software Systems Engineer
First Creative Ltd
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Displaying images with php?
What is the best way to display images in the browser with php? If i for instance have the pictures in ..\pictures\ Youre asking the wrong question. PHP doesnt display anything in the browser... the browser does that job. What you can do is one of the following: 1. Output content headers and fpassthru the file (see fpassthru in the manual for more details)2. Output the HTML with a IMG / tag with the SRC attribute pointing to the image as usual. Others on this list will be able to provide good tutorial web pages which would do the job explaining PHP's role in displaying images in the web browser much better than I can. -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software Systems Engineer First Creative Ltd -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sessions question (-enable-trans-sid)
Hmmm I've had a problem with this: I have --enable-trans-sid but I see url appends on my browser when I *know* cookies are working. Personally I cant say this is a bad thing... not all browsers enable cookies and they can be messy and insecure at times (eg: cross domain issues). Placing in the URL may make it look a bit messier (the URL that is) but its much more compatable. Just my 2 cents. -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software Systems Engineer First Creative Ltd -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP script and external C program
http://www.php.net/popen Process Handling. - Original Message - From: John Holmes [EMAIL PROTECTED] To: 'ing.Martin Prá¹ek' [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Monday, May 27, 2002 8:28 PM Subject: RE: [PHP] PHP script and external C program I don't have example code, but what you want is the exec() function. Be careful passing user variables to a command line program. In PHP docs it seems,that exec() does not solve my problem . It is easy to grab output of mycomand to an array, but it seems , that there is no way to feed mycommands STDIN with something, ie commandline is only way to pass some argument or data for mycomand. I need something like this hypotetical example: /bin/mycommand $variable $parsed_variable or $variable | /bin/mycommand | $parsed_variable -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software Systems Engineer First Creative Ltd -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Executebale code from a databse
Use eval ... although beware of the serious security implications. Hi. I'm changing my website to one based on My-SQL which will help with organization and searching etc. Hopefully, the code for all the pages will be stored in the database too. However, I cannot get PHP to parse / execute the code stored in the database. The script $query = mysql_query(SELECT * FROM pages, $link); $result = mysql_fetch_array($query); print $result['4']; gets the content of the page (column 4 of the database) but displays include(common/counter.php); include(common/navbar.php); to the screen instead of opening and including these two files in the output. Is there something I need to do to the result to make it executable? Might I need a \n between the two lines of code? I'm using Win 98, Apache 1.3.19, PHP 4.2.0 and MySQL but I'm not sure which version! (fairly recent though) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software Systems Engineer -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Problem with mktime()
$startDate['Jungfrau'] = mktime (0, 0, 0, 08, 24, 2000); $startDate['Waage']= mktime (0, 0, 0, 09, 24, 2000); Replace 08 and 09 with 8 and 9 respectivly and you will have the effect you desire. -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software Systems Engineer -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] PHP,Apache disabled FTP?
I have reciently setup apache and PHP and now FTP does not work! I am running a win2k pro machine, is this because of PHP or APACHE or what? [..] Unless you did something totally off the wall I seriously doubt Apache or PHP are affecting your FTP server. Unless your using IIS to serve your FTP ;) That would go belly up if youve got another http processes running. More information about your setup is required for us to help further. -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software Systems Engineer -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Using php as a scripting language within cron jobs?
[snip] but this is only needed only if you compile php into apache or am i wrong? if i have the cgi version installed, i can call the php script directly from the shell. The only thing for me to do then, is to set #!/path.to/php in the first line of the script, right? [/snip] Can you have the compiled with apache version and the CGI version installed on the same server? Sure can! Yes... in your ./configure line, leave out the --with-apache and --with-apxs options. This will warn you that it is about to create a binary and not a module. After a make install it will usually end up in /usr/local/bin/php for you to use as your shell interpretor. (Follow up email regarding security to follow from a linx post). -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software Systems Engineer -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Using php as a scripting language within cron jobs?
the only thing that can smash th whole thing imo, is if you try to use the cgi version via web if you have php also installed as apache module. but all of what i wrote is a guess, never tried by myself. You can do all of the following simultaniously without and clashes: * Use PHP as an apache module * Use PHP as a cgi-binary via the web * Use PHP for shell scripting The first uses the module, the latter 2 use the binary created. They can also be created with 2 differnt configure statments. EG: you could have imap enabled in the apache module, but not in the binary... and you could have 3 binarys, one with sockets pcntl enabled, one with dom xml enabled, and one with everything enabled... etc. -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software Systems Engineer -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Using php as a scripting language within cron jobs?
Set your cron job up as lynx -dump http://www.myserver.com/myscript.php /dev/null (or pipe it to a logfile if you fancy) - obviously, you'll need lynx installed for this to work :-) but this is only needed only if you compile php into apache or am i wrong? if i have the cgi version installed, i can call the php script directly from the shell. The only thing for me to do then, is to set #!/path.to/php in the first line of the script, right? Spot on. As a couple of others have pointed out, you can compile PHP to be a standalone interpreter and then write scripts for it - personally I always use it as a module, and I find using lynx works perfectly... if it ain't broken, don't fix it... Please be very very careful with this advice. I use PHP to shell script and can do some pretty dangerous stuff (eg: edit system configuration files and HUP daemons). If this script was exectuted via the web there could be 3 major issues: 1. Apache would have be live and working in order for the script to run. Not good if starting apache is what your intending!2. Security - its web accessable! You are going to have to bolt down your apache like a rat's ass to make sure no1 gets in to malioulsy execute your code. Even then theres no gaurentee that there will be no apache exploit to get around it.3. You might want the script performed as a certain user. With the cron and a binary your executing it as the cron owner... which is essential for editing files and HUPing processes that dont belong to the web process. If your execing PHP scripts from cron I highly recommend using the binary, if only for standalone purposes. It all depends what your after doing... experimentation is the key, and imho you should stick to the binary for shell stuff and the module for web stuff. -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software Systems Engineer -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Using php as a scripting language within cron jobs?
#!/path.to/php -q
I'd like to suggest the -q option for PHP shell scripts, which I rely
on every day.
Sh!! We dont want to give away *everything* heh... bah ... well I
might as well give you the rest of the info.
[14:03:50][dhardiker@amnesiac]:~$ php -?
Usage: php [-q] [-h] [-s [-v] [-i] [-f file] | {file [args...]}
-q Quiet-mode. Suppress HTTP Header output.
-s Display colour syntax highlighted source.
-f file Parse file. Implies `-q'
-v Version number
-C Do not chdir to the script's directory
-c path Look for php.ini file in this directory
-a Run interactively
-d foo[=bar] Define INI entry foo with value 'bar'
-e Generate extended information for debugger/profiler
-z file Load Zend extension file.
-l Syntax check only (lint)
-m Show compiled in modules
-i PHP information
-h This help
[14:03:52][dhardiker@amnesiac]:~$
everything there is pretty self explanitory... as is the reason for using
option q ;)
--
Dan Hardiker [[EMAIL PROTECTED]]
ADAM Software Systems Engineer
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Variables in PHP: public vs. private
But AFAIK (and see ;)), variables in PHP in fact are never private, but always public, at least within the current script. This is correct, all functions and variables inside a class are public. There are no protected nor private func's / var's. So what would be the sense in having this kind of functions? Readability? 1. Grouping similarly purposed functions together into one class makes usability much better (also allows for polymorphism and suchforth) 2. Expandability... although PHP doesnt support protected functions and variables, thats not to say it never will... and should the day come - it would have to be backwardly compatable. This is at least seen as a step in the right direction 3. Interitance (which is only really possible with classes in any usable form) with the ability to call the parent's function or over-ride it with your own. PHP has never claimed to be fully OOP compliant infact it has quite blatently stated that its not. I hope that the time will come when PHP has much more OOP support like other languages (such as C++, delphi etc). -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software Systems Engineer -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Using php as a scripting language within cron jobs?
from the cron I would call this command... wget -q -T10 http:/www.mydomain.com/myScript.php -0 /dev/null I have never had a problem with this method, although I am sure it has a higher overhead than compiling as a binary and directly calling php. This method (again) is insecure in the extreme... please see my other responses to this for further details but basically, the following stand: 1. The script is executed as the web process 2. The web process has to be running 3. The script is accessable from the web This makes it highly insecure as anyone could execute it (unless you locked it down which is silly when you could just run it locally yourself). Also the data is going over HTTP which would easily be intercepted with ethereal / tcpdump etc. I still *strongly* recommend compiling a binary if only for purely security based precautionary reasons. -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software Systems Engineer -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Looking for web based email
I use http://www.squirrelmail.org/ ... Im actually currently mailing you from it - I find it very easy, and extreemly configurable. Its open source and developing at a rate of knotts. Its very easy to install, although it does currently require cookies... but Im urging them to shy away from that ;) - Dan http://nocc.sourceforge.net/ -Jared -Original Message- From: Craig [mailto:[EMAIL PROTECTED]] I am in the process of developing a website with a webmail system similar in functions to hotmail Does anyone have any suggestions for where to start? -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software Systems Engineer -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP and MySQL
Hi, [..] $user = OMMITTED; $pass = OMMITTED; $db = Book Store1; $local = OMMITED; $link = mysql_connect( $local, $user, $pass ); [..] You do realise, you have just pasted your database connection details to the world?! I gonna have to write an article on how to communicate securely over the internet. (not just with PHP, but with the data you communicate in the messages as well!!) -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software Systems Engineer -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Problem with sending information with quotes
Turn magic_quotes off. Check the manual for full details. or use stripslashes() ... rtm ;) -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software Systems Engineer -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] is $HTTP_REFERER worth trusting?
Is it possible for a hacker to make an identical $HTT_REFERER in the header? I have no idea how $HTTP_REFERER is made, is it made from the http client and put in the http header? Thats exactly how its done. The user agent (browser) takes the URL it was on when a link was clicked / form submitted etc and places that into a HTTP header which is sent back to the server. This information can be very easily faked and is widely implemented into spam / attack bots. If I can't trust $HTTP_REFERER, how can I deny malicious attack like that? The best way is authentication. I dont know what the load on your server is generating, but Im pretty sure there will be an alternative way of doing it. eg: on request do the load-based method and dump the details into a temporary table with a timestamp of the last time it was updated. If you get the same request within x minutes (or hours / days) then serve up the generated information from the table. This would mean that your db no longer gets hammered if malitious users were to launch 5000 requests at it in the space of 10 mins, it would just do the big DB operation the once. -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software Systems Engineer -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] is $HTTP_REFERER worth trusting?
Craig Vincent wrote: The best thing you can do is temporarily record the IPs of connections to your script, and then block IPs that connect to the script too often directly from your routing table. It doesn't necessarily stop those using proxies but definately is more reliable than an HTTP_REFERER protection scheme. If you are expecting to have a wide (uncontrolled) audience for the data you are outputting I would strongly suggest against doing this as the majority of major ISPs operate transparent web proxies - where everyone from that ISP will appear to be coming from the same IP. If I was a malitious user, I would get a block of 50 IPs, place them on a unix box and then bind randomly to the IPs when making the calls... making the work around for this security measure trivial. Im not saying you shouldnt implement any method of security, as some security is far better than none! Just making sure that everyone is aware of the consequences and implications. -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software Systems Engineer -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: help with arrays
This is a basic question but I'm a basic fellow. If I have an array
$timespread = array(12am-01am=0);
$timespread[01am-02am]=0;
$timespread[02am-03am]=0; etc
Using $time which is a number, I want to add 1 to the value of
$timespread[$time] without changing the key so if $time =1
I want to have $timespread[01am-02am]=1;
Using $timespread[$time]+=1; doesn't work.
Nope, you must say
$timespread[01am-02am] += 1
I think the problem here is your understanding on how array key's work.
The following method would be far more appropriate:
?php
// Create 00 to 23 in the array
// 00 will store hits between midnight and 1am,
// 01 for 1am - 2am ...
// 23 for 11pm - midnight
$timespread = array();
for ($cnt=0; $cnt24; $cnt++) {
$timespread[str_pad($cnt,2,'0',STR_PAD_LEFT)] = 0;
}
/* here you must work out the hour, and round *DOWN* (truncate off the
minutes .. eg: for the current time */
$timespread[date(H)]++;
?
follow or have I lost ya?
--
Dan Hardiker [[EMAIL PROTECTED]]
ADAM Software Systems Engineer
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] is $HTTP_REFERER worth trusting?
Then, it is not safe to do IP-based blocking, right? Any alternative? As I mentioned in an earlier post (my original reply to you): If I can't trust $HTTP_REFERER, how can I deny malicious attack like that? The best way is authentication... that is asking the user for a username and password before doing getting the data (then you can block out specific users should they attack you - but you can only do that after the incident). There are other methods - I dont know what the load on your server is generating, but Im pretty sure there will be an alternative way of doing it. eg: on request do the load-based method and dump the details into a temporary table with a timestamp of the last time it was updated. If you get the same request within x minutes (or hours / days) then serve up the generated information from the table. This would mean that your db no longer gets hammered if malitious users were to launch 5000 requests at it in the space of 10 mins, it would just do the big DB operation the once. -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software Systems Engineer -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Script executes for longer than 30s [SECURITY CONCERN]
If this was a geniune script (which I hope it isnt) and was webaccessable with register globals on ... I could just do page.php?command=rm+-Rf+/ and do some serious damage. Just worth noting. HI I wrote a basic script that takes the input of a textfield and passes it onto the system() function and then echo's the result, somethinglike this: ?php $result = system($command); echo $result; ? The $command is sent from the previous page via text field. Whe I test this and do something like ping 192.168.0.2, the page keeps on growing and growing, way past 30seconds. My php.ini file is definately set to 30s timeout. Is there something wrong or do I have a misunderstanding of the timeout workings? Thanks ' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software Systems Engineer -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Script executes for longer than 30s
Because system operates outside of the PHP scope, I think the timer is suspended for the duration of the exection. Seems to be the obvious answer here. Hi Chris The script is not meant to run ping, I just used it as a test and then noticed that it does not time out as I would have expected. The problem is thus that if it is used on the command it is intended for and that command actually just keeps on going and going for whatever reason, I might end up with a problem where I expected PHP to take care of it for me Chris Hewitt wrote: If I may respectfully suggest that you do not use the php scipt timeout to limit the number of pings but ensure that the system command will finish within the required time. The former seems a poor technique to me. In your example, the ping command will never complete (unless php closes it down). Why not limit the number of pings with ping -c 10 192.168.0.2? HTH Chris PHPCoder wrote: HI I wrote a basic script that takes the input of a textfield and passes it onto the system() function and then echo's the result, somethinglike this: ?php $result = system($command); echo $result; ? The $command is sent from the previous page via text field. Whe I test this and do something like ping 192.168.0.2, the page keeps on growing and growing, way past 30seconds. My php.ini file is definately set to 30s timeout. Is there something wrong or do I have a misunderstanding of the timeout workings? Thanks ' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software Systems Engineer -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Problem with object
Now I want to resolve the hostname from ip adresses:
foreach ($aLines as $entry)
{ if ($entry-host == )
$entry-host = Teststring;
print $entry-host.\n; // prints Teststring
}
// Testoutput
foreach ($aLines as $entry)
{ print $entry-host.\n; // prints empty string!
}
Why is host in the second loop empty again?
Foreach returns a COPY of the contents... if you want to modify the
contents use the key... eg:
foreach ($aLines as $key=$entry) {
if ($aLines[$key]-host == ) $aLines[$key]-host = Teststring;
print $aLines[$key]-host.\n; // prints Teststring
}
That way your altering the master array and not the copy
--
Dan Hardiker [[EMAIL PROTECTED]]
ADAM Software Systems Engineer
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: randomize?
[..]
is there any way to limit to 4 in each group without 47839 rows of
code?
[..]
yes. you can. ;)
[..]
oh, thank you very much :P
[..]
This might be a bit more helpful ;) There are several way to do it, this
is just one. Unoptimised, aimed at readability.
?php
// Split $items equally among $items
function randGroup($items, $groups) {
// Init
$return = array();
$cnt = 0;
// Shuffle
srand ((float)microtime()*100);
shuffle ($items);
// Divide up
while (sizeof($items)) {
$return[$cnt++] = array_pop($items);
if ($cnt = $groups) $cnt = 0;
}
// Return
return $return;
}
// Replace these with the items you want, and specifiy 4 groups
$items = array(1,2,3,4,5,6,7,8,9,10,11,12,13,14);
$result = randGroup($items, 4);
echo pre; print_r($result); echo /pre;
?
--
Dan Hardiker [[EMAIL PROTECTED]]
ADAM Software Systems Engineer
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] problem with fread
i have a question about the fread() function.
i want to read data from a webserver url, which i don't know the exact
size of, i only know that it varies.
You dont actually give the size of the file, you give the size of the block
you want to pull. For example:
?php
$output = ; // Clear output
$url = http://whatever.com/file.html;; // whatever you wanna pull from
if ($fp = fopen($url, r)) {
while ($tmp = fget($fp, 4096)) $output .= $tmp;
fclose($fp);
}
echo The URL's content is: .$output;
?
The 4096 part just means it will pull from the file pointer ($fp) in 4096
byte blocks (or chunks), and the while will keep pulling the chunks until
there is nothing left to pull.
--
Dan Hardiker [[EMAIL PROTECTED]]
ADAM Software Systems Engineer
First Creative Ltd
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] problem with fread
erm, don't wanna be nosy, but you meant fgets() - forgot the s -
didn't you?
Yes I did (early-morning-itis I guess heh). Thanks for the typo
correction ;)
Ammended code is as follows:
?php
$output = ; // Clear output
$url = http://whatever.com/file.html;; // whatever you wanna pull
from
if ($fp = fopen($url, r)) {
while ($tmp = fgets($fp, 4096)) $output .= $tmp;
fclose($fp);
}
echo The URL's content is: .$output;
?
--
Dan Hardiker [[EMAIL PROTECTED]]
ADAM Software Systems Engineer
First Creative Ltd
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Registering an Array in a Session
I am trying to register an array in a session, but am having no luck. [..] where fieldtext is the name of a field on the form, and $page is the page number, which increases by one each time the form is submitted. ? php // Register the Session Variable, and increment this page session_register(fieldtext); $_SESSION[fieldtext][.$page.]++; // Show all pages print_r($_SESSION[fieldtext]); ? That should get you started. -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software Systems Engineer First Creative Ltd -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] permissions issue under NT?
Help. I've managed to hose myself. I had this page working fine until I went in and screwed up my users under NT4. I can't backtrack and figure out what I changed. Can anyone point me in the right direction? Is this a permissions issue? Thanks. Ok, sorry if Im gonna sound a little blunt, but the following error message looks rather obvious to me. Warning: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0 Open your php.ini file and change session.save_path from /tmp to c:/temp (or where-ever you wish it to go) -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software Systems Engineer First Creative Ltd -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Creating mail account on Linux server
And I quote, from the [EMAIL PROTECTED] which you posted to no more than 30 mins ago. Im hoping you dont have the IQ of a fish. How can I create a mail account on Linux server with PHP ? More information is required for that question to be answer (such as what MTA and MDA are you using and a few others which would give the impression you dont quite have a grasp on the question your really asking). In anycase - wrong list. The PHP Developers list is for people who develop PHP, not with it. I think your after [EMAIL PROTECTED] ... send an email to [EMAIL PROTECTED] to sign up. If you choose to pursue the question in that forum, please include the following information in your question: 1. Linux Distro Version 2. Mail Transfer Agent [MTA] (qmail, sendmail, etc) 3. Mail Delivery Agent [MDA] (vpopmail, etc) 4. Your experiance with creating / using unix mail boxes outside of PHP (eg: how would you go about the problem using shell scripts / command line typing) This will give the people who try to help a better impression of the situation and give you more targeted advice. -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software Systems Engineer First Creative Ltd -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] permissions issue under NT?
Dan - It seemed pretty obvious to me too, but again, the ini file hasn't changed since the whole thing worked. What has changed are the permissions under NT. I've tried changing the /tmp permissions, but the combinations are considerable, and I don't have time to try them all. I was hoping someone could point me in the right direction. /tmp doesnt exist under windows - thats a unix path. Try changing it to a path that does exist. I dont use windows so you will have to try one of the following (assuming the dir you want it c:\temp\) c:\\temp c:\temp c:/temp One of those should work... I dont know if you need to escape php.ini values (hence the \\ and \ options). -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software Systems Engineer First Creative Ltd -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Creating mail account on Linux server
I'm curious about the same thing. RedHat 7.2 with default IMAP. How can I create a mail account on Linux server with PHP ? If you check the list, you will see a reply from myself with a list of questions you need to answer for us to begin to help you. In general, if people need to ask such a question, then they really are not ready, or do not understand the security implications of creating mail accounts on a server. I agree with Jason here. 1. An IMAP account != a mail account, thats just a MAA (Mail Access Agent) which allows you to read mail from a file/dir/storage space on your machine. I use Courier IMAP for that (using ./Maildir). 2. We need to know your MTA and MDA in order to even begin to help 3. On a default RedHat setup you need root access (as in you need give your php script root access) in order to perform what your asking. If that doesnt ring alarm bells, please type halt at your RedHat console now. The first thing you need to ask yourself is why would you want to do it? For the most part, I use these sort of functions from a PHP script to administrate my system and give customers automated access to modify their own domains. (This is all done through a MySQL firewall [as in data gets put into MySQL from the interface, and then read by backend scripts that do the dirty work - unconnected to the frontend interface for security ... incase anyone was about to tell me what they think a firewall is]) Although I can't see these two people having the unix know-how in order to build such a system, let alone securely. I would make some bitchy underhanded comments about their Mother's and the local Ameaoba slut relating to their IQ ... but I wont, cuz Im not like that ;) heh Jason: what dya recon on people being licensed to be able to run a unix style operating system? heh Hell lets license people to use computers. -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software Systems Engineer First Creative Ltd -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Creating mail account on Linux server
I can create the popuser account, but my problem comes with setting the password. I realize that when you do a useradd command you can specify a -p option for password, but it hasn't worked for me. Is there a better way then calling system commands? PLEASE tell me your aware that the useradd command will add a unix user, not just for mail - but for access to the machine itself over a terminal (SSH / Telnet / whatever else you may have left open)... and should the script your trying to make ever be exploited, that the hacker could then very easily create a user account on your system and then just walk straight in?? Given your current attitude (and awareness) of security, I doubt that it would take long for your machine to be anhilated. -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software Systems Engineer First Creative Ltd -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Announcement: Smarty template engine 2.1.1 released
This is a minor bug fix release. Wasnt aware that php-general had incorporated a channel for product plugging and advertisment?! -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software Systems Engineer First Creative Ltd -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] New Session Variable unset doesn't work
I somehow cannot unset Session variables. If I set for example $_SESSION[error]=formcheck (the new style) and I want to unset it at the end of the page (unset($_SESSION[error])), it's there again on the next page. Is there a special way to unset the new Session variables? Seen as you used session_register to set the session variable, it would make sense for you to use session_unregister to do the inverse. -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software Systems Engineer First Creative Ltd -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Hashes in strings
Hi, I think this will accomplish what your trying to achieve. $str = I can use $hash[vars] in strings; However, this will not work for multi dimensional arrays... eg: $hash['var']['var2'] = Elephant; $str = I can NOT use $hash[var][var2] in strings; will output I can NOT use Array[var2] in strings. For this you have to jump out of the string and use contcatination... eg: $str = I can use .$hash[var][var2]. in strings; will output I can use Elephant in strings. Hope that helps :) -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software Systems Engineer First Creative Ltd Hey there, why do these work: $vars = vars; $ar[0] = arrays; $hash['vars'] = hashes; str = I can use $vars in strings; str = I can use $ar[0] in string; while this one doesn't: str = I can NOT use $hash['vars'] in strings; Kind regards -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] CVS handled PHP projects
Hi, [a little background, feel free to skim] The company I have been working for have been considering moving over to a CVS based version control system for a while and I have been elected to investiate the fesability. We have a network of PHP files linked together via include / require / require_once etc inside the source tree in a multitude of directories. A sample tree structure might be something like: + Project Base files | +-- Core Handlers (mysql, sessions, authentication, security etc) +-- Data Handlers (abstraction layer between project and various db models) +-- General Functionality (smtp / nntp / imap abstract classes as well as custom functions for things like data conversion) +-- Output Handlers (conversion modules for things like outputting stuff in XML / HTML / XHTML / UML / CSV / even some things as word documents etc) [ stop skimming here ] Because these files are stored in the CVS repository, if I was to check out (for example) an XML output handler and make some modifications to the encoding types ... how would I test my changes before commital? (I obviously wouldnt want to break the repository files) As these files need to be executed via a web browser, I can only think I would have to check out *all* the files, and then point my webserver at my local directory. Then I only check back in the ones I change, releasing the others. This is not too bad if Im on my own but when multiple people are working on the same tree together there will be locks all over the place as CVS wont know which file I am working on. It will just know Ive checked out all the files. Ideas and Samples of how other people have broached this issue are most welcome. Please include my email address in the reply and remove the [PHP] tag from the subject. Thanks -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software Systems Engineer First Creative Ltd -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Stupid question
I have a script that outputs this: 0.023884057998657 What's the command to make it shrink down to this: 0.023 I thought it was eregi() something, but I forgot. sorry It depends on what you need. If you want to round the number off to 3 decimal points use the round() function. However if you don't want to round and instead just want to truncate the number, the number_format() function would be what you need. Sincerely, Craig Vincent If speed is an issue, instead of using number_format for truncation use substr. i.e: echo substr($var, 0, 5); to get 3 dp. -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software Systems Engineer First Creative Ltd -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Opinions Wanted
There are quite a few ways of doing this. 1. Get MySQL to do the caching for you, using temporary tables. 2. Get something like the Zend Cache to handle it transparently 3. Use a global session (which everyone shares, or just specific groups of people) which you can embed data in 4. Use a ramdisk / mfs partition to store hard copies.. if they are only updated once a day, then disk I/O is unlikely to be a problem. 5. Use shared memory to expand on number 3 The key questions you need to ask yourself are: 1. Whats the scope of the caching? eg: per use, per page, per website... 2. Whats the TTL (time to live) on the cache? eg: 5 mins, 5 visits, 5 hours, 5 days... 3. Whats being cached? eg: MySQL results, processed results, derrived information... The answer to those questions will help you determine which one of the 5 options (there are ones other than the ones listed btw) you require. -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software Systems Engineer First Creative Ltd Just a general question of the best way to do it ! I've got a job search site with mysql at the back of it ! You choose on the first page - type of job, where and other bits, go to the next page where query is done and then lists the jobs available! Whats the best way of keeping this page temporarily in existence ?? I don't want the query to run every time when they have changed no information and I don't want the Warning Page has expired please re-submit details when the reload the page ! At the moment I'm thinking I can create a temporary static version of the page ? but would like to here some other opinions about it ! Thanks -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Test if a daemon is running...
What type of daemon? eg: To see if my pop3 daemon is running I use sockstat... sockstat | grep 110 and process the output. eg: To see if my mail redirect daemon is running I check /var/run/red_mail.pid All depends on what you want to do as to how you do it. You could even do it in a multitude of ways and use the resulting matrix to determine. -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software Systems Engineer First Creative Ltd Hello everybody, I would like to know an easy way to check is a daemon is running. What do you think is the best? Try to read a .pid file from the right directory? Use sockets function to try to connect to the listening port of the daemon? Grep the output of ps -e ? Thanks for your help ! Gilles. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] CVS handled PHP projects
Thanks for the input, for added information - we have a multitude of servers, 1 software development one plus several live servers. The aim is to have the live servers cvsup the latest STABLE branch from the development / deployment server... the issue of concurrent working is strickly in the development realm as there are usually 2 / 3 developers working on the same area of the project at the same time (one might modify the input algorythms, while another improves the security for example). I'll see what I can do with your suggestion.. Ive read through the entire documentation at cvshome.org (man that was a labourous task) and I still dont think I grasp it fully... guess its time to jump in at the deep end. Thanks -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software Systems Engineer First Creative Ltd At 10:08 AM +0100 2/5/02, Dan Hardiker wrote: As these files need to be executed via a web browser, I can only think I would have to check out *all* the files, and then point my webserver at my local directory. Then I only check back in the ones I change, releasing the others. Yes, you need to use a local copy of the entire site for development. If you're doing your editing on a machine not running a web server, PHP and a database this causes some problems. To get around this I generally run two versions of a site on the server. I make and verify all the changes on a development version then move the entire development site to the live server. This can still be tricky, as you don't want the development site working with the live data. So you need to run a test database as well. This is not too bad if Im on my own but when multiple people are working on the same tree together there will be locks all over the place as CVS wont know which file I am working on. It will just know Ive checked out all the files. You need to do more reading on the way CVS works. Everyone can work on whatever files they like. There won't be any locks at all. Except when someone is actively checking in some modifications (typically a few seconds). The C in CVS means concurrent. Which means multiple users working on the files at once. ...R. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Test if a daemon is running...
No we cant. As the process itself creates the pid then there is no gaurentee that the process is live (eg: it could have been kill -9ed, or the box hard-booted)... however if there is no pid file (and the process usually manages one) then you can be sure that the process is *not* running. As such its usually a good first port of call. If the pid file DOES exist, pull out the id and grep ps aux for it. If you find it then you can check the status of the process and determine what state its in. If the process doesnt exist in the ps aux - its dead. If you dont get a pid file in normal execution (or you dont have access to it) ... then your gonna have to do it the long winded way (greping out unique attributes from a ps auxww / sockstat etc). Good luck -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software Systems Engineer First Creative Ltd I would like to monitor 3 different daemon : postfix, amavisd (a virus scanner acting as a content filter for postfix) and spamd (SpamAssassin, a spam filtering daemon invoked by procmail acting as an SMTP server). Can we be sure that a daemon is running if the .pid file exist? Gilles. -Original Message- From: Dan Hardiker [mailto:[EMAIL PROTECTED]] Sent: jeudi 2 mai 2002 12:13 To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: [PHP] Test if a daemon is running... What type of daemon? eg: To see if my pop3 daemon is running I use sockstat... sockstat | grep 110 and process the output. eg: To see if my mail redirect daemon is running I check /var/run/red_mail.pid All depends on what you want to do as to how you do it. You could even do it in a multitude of ways and use the resulting matrix to determine. -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software Systems Engineer First Creative Ltd Hello everybody, I would like to know an easy way to check is a daemon is running. What do you think is the best? Try to read a .pid file from the right directory? Use sockets function to try to connect to the listening port of the daemon? Grep the output of ps -e ? Thanks for your help ! Gilles. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PRIMARY KEY vs. INDEX
To clarify, an indexed field is *not* inheriently unique. You can have an indexed field which is not unique, and a unique field which is not indexed (hence the options being available). A primary key is both indexed and unique (with the slight adaption of compound keys)... but this is majorly off topic. http://www.mysql.com/doc/ - Dan Christoph, Indexes are built on key fields, so yes. When a field is identified as a key it is indexed. To answer your second question, it is the index which maintains the uniqueness of a field. A book is a really good analogy. If you wanted to look up the references to string, you can do it very quickly in the index. Even if you don't come close to the s section, you immediately know whether to look next to the right or to the left. If you push the issue, and act extremely dumb (like a computer), you'll find the page containing string within 7 hits; once you're on that page it's a short read to find the term. That's what makes searching on indexed fields so fast. To find the term in the book requires you to start reading on page 1 and to read text until you find the term. Which why searches which do not take advantage of key fields are so slow. Indexes are your friend, they don't slow down the addition of records that much, and make retrieval of records extremely fast. Regards - Miles Thompson At 02:13 PM 5/2/2002 +0200, Christoph Starkmann wrote: Hi there! I guess I got a very easy question for the pros here... I've been searching the documentaion of mySQL, but didn't find the answer (even though I'm sure it's out there somewhere :))... Is a primary key in mySQL automatically indexed? And is a unique field indexed automatically ?(I don't think and don't hope so, but one never knows) Thanx, Kiko -- It's not a bug, it's a feature. christoph starkmann mailto:[EMAIL PROTECTED] http://www.gruppe-69.com/ ICQ: 100601600 -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software Systems Engineer First Creative Ltd -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] page reloading
Hi, The problem is that I can never get the html stuff output *after* having included download.inc because of the exit; call -- which I have to have else the html gets output and downloaded as well (and I don't understand why fpassthru doesn't stop at EOF on $fp). [...] downloadtxt.inc: ?php create a txt file, and then: header( Content-Transfer-Encoding: base64 ); ... more header stuff $fp = fopen( $txtfile, r ); fpassthru( $fp ); exit; ? Replace exit; with fclose( $fp );. Please note that headers must be sent before any other output. What you are trying to achieve can be done with refresh headers (either html-meta or http). -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software Systems Engineer First Creative Ltd -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Multiple mails to be sent from checkbox selection
Hi, I am not sure how I should me sending the checkbox name and variables and then how to actually insert the email addresses using the mail command. Is there a better way than using a checkbox? If you have a HTML form with a list of email addresses to send to you might want the code to look something like: input type='checkbox' name='sendTo[]' value='[EMAIL PROTECTED]' / User 1br / input type='checkbox' name='sendTo[]' value='[EMAIL PROTECTED]' / User 2br / input type='checkbox' name='sendTo[]' value='[EMAIL PROTECTED]' / User 3br / Now in the resulting PHP code (assuming that you're using = PHP v4.1.x and using METHOD=get in the form) you should find $_GET['sendTo'] is an array of email addresses they ticked. Just add them as mail headers (you can find simple instructions on the http://www.php.net/mail page in the user comments). If METHOD=post then use $_POST, and if an old version of PHP is being used then use $HTTP_POST_VARS / $HTTP_GET_VARS. -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software Systems Engineer First Creative Ltd -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Hashes in strings
Hi, I would suggest not to use $hash[var1][var2] instead of $hash['var1']['var2'] because afaik php will think u mean two constants ( var1 and var2 ). Just if it doesnt find these constants it will use them as $hash['var1']['var2']. Thats correct, php will think they are constants and upon not finding them will send up a low priority error (I think its of E_NOTICE). Appologies for sloppy coding (must remember to be more awake). $hash['var1']['var2'] is much better, safer, more compatable and faster (marginally - as it doesnt have to check for constants of that name). As an extra note, (and this of personal desire rather than coding standards), I would always break out of a string to insert variables. Personally it just highlights the dynamic parts of string creation. eg: = Name: .$user-name. is age .$user-age.. .(($user- birthday==$today)?Happy Birthday!).br /; but thats getting out of the scope of the question heh -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software Systems Engineer First Creative Ltd -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: An integer?
Why not just use a regular expression match to see if there is anything other than numeric characters? That will tell you if it is an integer before you do the type casting. (sorry if that sounds a little obvious but no-one seems to have suggested it) - Dan Unknown Sender [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]... This may be a silly question, but I can't spot and easy way to do it, I want to check if the value inside a vriable is an integer. If I do is_int($variable) I always get false, because this variable qwas read in from a form so its a string, if I make the variable an integer using settype() I just end up with 0 if it was invalid, the number otherwise. I need something that will actually tell me if there the conversion was successfull. Am I missing something? Thanks, Shaun -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
