RE: [PHP] Need unrounded precision
Hmmm... Didn't think about this, but % only works with int values it was just future prof precaution since this statement is false for many other languages. In few words I am not sure PHP6 does the same ... never mind so far Good to know. In that case, I would probably just use intval() instead of since it's clearer and bitwise shifts aren't necessarily integer only either. Jaime -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Need unrounded precision
-Original Message- From: Diogo Neves [mailto:dafne...@gmail.com] Sent: Monday, October 12, 2009 9:19 AM To: Andre Dubuc Cc: php-general@lists.php.net Subject: Re: [PHP] Need unrounded precision A simple way to do that would be: $elapsed = strval( 28.56018 ); $pos = strpos( $elapsed, '.' ); echo $elapsed[ ++$pos ]; On Sat, Jan 2, 2010 at 2:20 AM, Andre Dubuc aajdu...@webhart.net wrote: Hi, I need to extract the first digit after the decimal point from a number such as 28.56018, which should be '5'. Couldn't this be done with just simple math functions? $a = 28.56018; $b = intval(($a*10)-(intval($a)*10)); or: $a = 28.56018; $b = intval(($a-intval($a))*10); Jaime -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Need unrounded precision
Couldn't this be done with just simple math functions? indeed: $a = 28.56018; $b = $a * 10 % 10 0; Hmmm... Didn't think about this, but % only works with int values, so $b = $a * 10 % 10; Should work as well. Jaime -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] SESSION VARIABLES ACROSS DIFFERENT WINDOWS/TABS
Leon, This is really just a function of the browser. When a session cookie is created, if the browser is setup for a single instance, that's the session cookie it'll use for *any* request to that domain. This functions differently depending on what browser you're using. For example: Firefox - All windows, tabs, etc, under the same profile will use the same session. If you create profiles, you can have different sessions. IE7, IE6 - All tabs or windows opened from clicks will share the same instance/session. Starting IE from the icon will open up a new instance/session. This worked great if you wanted to run two different sessions at the same site/domain. Just start IE up from the icon again and you'd have a new session. IE8 - IE8 model changed, so that all browser windows, tabs, etc., run under the same frame/session, much like Firefox. Clicking the IE icon again now just keeps the same frame and thus the same session. Originally, this sounded like a big problem, but IE8 introduced a new feature - File Menu - New Session. This will open up a new window that will be a separate frame that will not use current session cookies. Here's just one of many links, but gives some helpful hints on the IE side: http://blogs.msdn.com/ie/archive/2009/05/06/session-cookies-sessionstorage-and-ie8.aspx And another: http://blogs.msdn.com/askie/archive/2009/05/08/session-management-within-internet-explorer-8-0.aspx One of the issues now is that if you close IE, your session does not disappear. In the past (IE7/IE6), your session would disappear if you closed a browser window that you opened yourself, but it *wouldn't* disappear if you closed a browser window that was opened by a click from Outlook or another program. This was a bit inconsistent. I won't argue whether or not their fix was the best way to go, but now it's at least consistent. Note - In Firefox, not even Private Browsing separates the session cookies. If you start Private Browsing (Firefox 3.5), log into a site, then start a new browser window from the icon (that isn't in Private Browsing mode), it shares the session cookies. (Before you ask, I just checked this to be sure.) IE8 InPrivate Mode is a totally separate session, cookies and all. This could possibly be another way for you to run multiple sessions against the same domain. OTOH, multiple InPrivate sessions running at the same time share the same frame, so they share the same session, so it would only be good for a single new session. If you need more, just use File - New Session. Jaime -Original Message- From: Leon du Plessis [mailto:l...@dsgnit.com] Sent: Thursday, August 20, 2009 8:16 AM To: 'Floyd Resler' Cc: a...@dotcontent.net; php-general@lists.php.net Subject: [PHP] SESSION VARIABLES ACROSS DIFFERENT WINDOWS/TABS It is just strange that I have this condition now...maybe I missed it a year ago ? Having a different session start up for each window for tab would be a major pain. Why? People must please try and understand what I mean by NEW. It does not apply to windows/tabs being opened from a link or request. Imho, keeping the session per domain sounds wrong, it does not mean it is. It would have been nice if: Browser/tab one - my login detail container A. Browser/tab two - my admin login container B. (tabs/windows opened from browser one, then inherits container A naturally) (Closing browser one, then destroys container A then naturally only) NOT Domain.com - one session container only. Heck, I am surprised it works that way at all cause it sounds like the domain can then only handle one user a time if arrays are not used or profiles not created on FF no matter where the request come from, but, then I am obviously missing something in this respect as stated. When I have time I will reconstruct this concept again. Thanks anyway guys. I received some helpful advise for future reference. But please..I do not, like many others, want to start a war. I am ok with things how they are. We can put this thing to rest. -Original Message- From: Floyd Resler [mailto:fres...@adex-intl.com] Sent: 20 August 2009 02:25 PM To: Leon du Plessis Cc: a...@dotcontent.net; php-general@lists.php.net Subject: Re: [PHP] SESSIONS lost sometimes Leon, Sessions are used on a per-domain basis. So, no matter how many windows or tabs you have open for mydomain.com it will be the same session for all. Having a different session start up for each window or tab would be a major pain. If you needed to keep track of a user ID, for example, you wouldn't be able to. As already mentioned you can use different browsers. You can also set up sub-domains which would each have their own sessions. Take care, Floyd On Aug 20, 2009, at 4:26 AM, Leon du Plessis wrote: It's not an issue, it's a feature. Thanks Arno...but it is a pain also. If I work with user A in Tab1
RE: [PHP] IE Issues
Ctrl-MouseWheel will increase or decrease the text size in an IE browser window. I've found that I've accidentally increased the font size since I use the Mouse Wheel quite a bit. (As well as CTRL-W to close an IE window if one pops up) Jaime Bozza -Original Message- From: Stephen [mailto:[EMAIL PROTECTED] Sent: Monday, July 21, 2003 1:21 PM To: Chris W. Parker Cc: PHP List Subject: Re: [PHP] IE Issues Thank you so much! I now have to wonder how it got set to that. Probably my brothers or that power surge a while back. Anyway, thanks again! Thank you, Stephen Craton Senior Executive Web Developer Mophus.com, Inc. Lead Programmer/Webmaster WiredPHP (http://php.melchior.us) - Original Message - From: Chris W. Parker [EMAIL PROTECTED] To: Stephen [EMAIL PROTECTED] Sent: Monday, July 21, 2003 1:13 PM Subject: RE: [PHP] IE Issues Stephen mailto:[EMAIL PROTECTED] on Monday, July 21, 2003 11:11 AM said: If I make a webpage that has font size=1 then IE will display the font at size 3 or 4. I have no idea why either. I have put a default style sheet on IE to make all the fonts a certain size but this is getting annoying since only some are getting resized. Is your text scaled? That's the only reason I think of. View Text Size Medium (default) You might be on Larger or Largest. c. p.s. FIRST POST!! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Cookie handling, NS 4.x?
Hello, By any chance, is your website named http://domain.com or is it http://www.domain.com ? Jaime Bozza -Original Message- From: Chad Day [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 10, 2002 8:09 AM To: [EMAIL PROTECTED]; php general Subject: RE: [PHP] Cookie handling, NS 4.x? Ok, I understand. I was able to get NS to set the cookie, but -only- if I put nothing in the domain field. setcookie(NSUSERNAME, cday, time()+2592000, /, .domain.com); echo meta DEFANGED_HTTP-EQUIV=\REFRESH\ content=\0;url=nscookie2.php\; did not work. domain.com also did not work . . this is kind of a pain, but this is what I get for trying to make a site NS 4.x compatible I guess. Is there any way to specify the domain of a cookie with NS 4.x in this kind of situation? Thanks, Chad -Original Message- From: Chris Shiflett [mailto:[EMAIL PROTECTED]] Sent: Monday, December 09, 2002 5:30 PM To: Chad Day; php general Subject: RE: [PHP] Cookie handling, NS 4.x? --- Chad Day [EMAIL PROTECTED] wrote: I'm not sure how this would matter since the cookie is never set at all.. it's not an issue of it reading the cookie, as it can't read what is never set. I'll give it a shot when I get home though anyway. Read my response again, and you'll see that what you are saying here does not conflict. The cookie is indeed not getting set, and that is likely because the browser does not take action on the Set-Cookie header when it is contained within a 302 response. If you use a meta redirect rather than a header(Location: ...) call, the response status will be 200 instead of 302, so the browser might accept the cookie. Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Cookie handling, NS 4.x?
The original cookie specifications required that the domain in the cookie has at least 2 (or 3 for domains not in the primary tlds) periods in it. (So as to stop someone from using .com, .edu, etc...) So, you use .domain.com, right? Well, Netscape 4.x is strict in that .domain.com does not match http://domain.com ... Sounds like you're having this problem. I don't believe you're going to have any luck with cookies in Netscape 4.x with only one period. (I had heard some references to using domain.com., but I just setup a primary domain webserver to test that and it doesn't work) Jaime -Original Message- From: Chad Day [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 10, 2002 8:17 AM To: Jaime Bozza Cc: 'php general' Subject: RE: [PHP] Cookie handling, NS 4.x? domain.com, but www is pointed to it as well. When I was setting the cookies with Header calls and using .domain.com, they worked fine (I want to be able to access these cookies from my.domain.com, forums.domain.com, etc, which is why they need to be set in .domain.com). But then the NS 4.x Header problem popped up, and now the domain issue.. In IE, the code I posted below: setcookie(NSUSERNAME, cday, time()+2592000, /, .domain.com); echo meta DEFANGED_HTTP-EQUIV=\REFRESH\ content=\0;url=nscookie2.php\; works fine in regards to setting the cookie still. NS 4.x is a piece of crap. :( Chad -Original Message- From: Jaime Bozza [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 10, 2002 9:07 AM To: 'Chad Day' Cc: 'php general' Subject: RE: [PHP] Cookie handling, NS 4.x? Hello, By any chance, is your website named http://domain.com or is it http://www.domain.com ? Jaime Bozza -Original Message- From: Chad Day [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 10, 2002 8:09 AM To: [EMAIL PROTECTED]; php general Subject: RE: [PHP] Cookie handling, NS 4.x? Ok, I understand. I was able to get NS to set the cookie, but -only- if I put nothing in the domain field. setcookie(NSUSERNAME, cday, time()+2592000, /, .domain.com); echo meta DEFANGED_HTTP-EQUIV=\REFRESH\ content=\0;url=nscookie2.php\; did not work. domain.com also did not work . . this is kind of a pain, but this is what I get for trying to make a site NS 4.x compatible I guess. Is there any way to specify the domain of a cookie with NS 4.x in this kind of situation? Thanks, Chad -Original Message- From: Chris Shiflett [mailto:[EMAIL PROTECTED]] Sent: Monday, December 09, 2002 5:30 PM To: Chad Day; php general Subject: RE: [PHP] Cookie handling, NS 4.x? --- Chad Day [EMAIL PROTECTED] wrote: I'm not sure how this would matter since the cookie is never set at all.. it's not an issue of it reading the cookie, as it can't read what is never set. I'll give it a shot when I get home though anyway. Read my response again, and you'll see that what you are saying here does not conflict. The cookie is indeed not getting set, and that is likely because the browser does not take action on the Set-Cookie header when it is contained within a 302 response. If you use a meta redirect rather than a header(Location: ...) call, the response status will be 200 instead of 302, so the browser might accept the cookie. Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Cookie handling, NS 4.x?
Well, not quite. Cookies won't work if you specify a domain and you don't use something like http://www.domain.com For instance, if you drop the support for http://domain.com and then set your cookie with .domain.com, everything will work fine. (Perhaps setup a virtual host for domain.com that redirects everything to www.domain.com?) Redirecting and cookies work fine with Apache. We redirect with cookies here quite a bit and it works fine in everything I've tested (Netscape, IE, Opera, Mozilla, even IE Mac! G) There's a problem using IIS with cookies and redirects (IIS parses the headers and removes most of them if you have a Location header.) And yes, Netscape 4.x is the bane of all existence. :) Now that Netscape 7.0 and Mozilla 1.x are out, someone should remove all copies of Netscape 4.x. (Cookies aren't the only big issue for me there. CSS and Dynamic HTML support are horrible in NS4.x!) Jaime -Original Message- From: Chad Day [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 10, 2002 9:11 AM To: Jaime Bozza Cc: 'php general' Subject: RE: [PHP] Cookie handling, NS 4.x? So, basically... cookies aren't going to work in NS 4.x if I specify a domain and need to do a redirect afterwards. (I tried the dot at the end, also no go) ... wow, that sucks. :\ Thanks, Chad -Original Message- From: Jaime Bozza [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 10, 2002 9:33 AM To: 'Chad Day' Cc: 'php general' Subject: RE: [PHP] Cookie handling, NS 4.x? The original cookie specifications required that the domain in the cookie has at least 2 (or 3 for domains not in the primary tlds) periods in it. (So as to stop someone from using .com, .edu, etc...) So, you use .domain.com, right? Well, Netscape 4.x is strict in that .domain.com does not match http://domain.com ... Sounds like you're having this problem. I don't believe you're going to have any luck with cookies in Netscape 4.x with only one period. (I had heard some references to using domain.com., but I just setup a primary domain webserver to test that and it doesn't work) Jaime -Original Message- From: Chad Day [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 10, 2002 8:17 AM To: Jaime Bozza Cc: 'php general' Subject: RE: [PHP] Cookie handling, NS 4.x? domain.com, but www is pointed to it as well. When I was setting the cookies with Header calls and using .domain.com, they worked fine (I want to be able to access these cookies from my.domain.com, forums.domain.com, etc, which is why they need to be set in .domain.com). But then the NS 4.x Header problem popped up, and now the domain issue.. In IE, the code I posted below: setcookie(NSUSERNAME, cday, time()+2592000, /, .domain.com); echo meta DEFANGED_HTTP-EQUIV=\REFRESH\ content=\0;url=nscookie2.php\; works fine in regards to setting the cookie still. NS 4.x is a piece of crap. :( Chad -Original Message- From: Jaime Bozza [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 10, 2002 9:07 AM To: 'Chad Day' Cc: 'php general' Subject: RE: [PHP] Cookie handling, NS 4.x? Hello, By any chance, is your website named http://domain.com or is it http://www.domain.com ? Jaime Bozza -Original Message- From: Chad Day [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 10, 2002 8:09 AM To: [EMAIL PROTECTED]; php general Subject: RE: [PHP] Cookie handling, NS 4.x? Ok, I understand. I was able to get NS to set the cookie, but -only- if I put nothing in the domain field. setcookie(NSUSERNAME, cday, time()+2592000, /, .domain.com); echo meta DEFANGED_HTTP-EQUIV=\REFRESH\ content=\0;url=nscookie2.php\; did not work. domain.com also did not work . . this is kind of a pain, but this is what I get for trying to make a site NS 4.x compatible I guess. Is there any way to specify the domain of a cookie with NS 4.x in this kind of situation? Thanks, Chad -Original Message- From: Chris Shiflett [mailto:[EMAIL PROTECTED]] Sent: Monday, December 09, 2002 5:30 PM To: Chad Day; php general Subject: RE: [PHP] Cookie handling, NS 4.x? --- Chad Day [EMAIL PROTECTED] wrote: I'm not sure how this would matter since the cookie is never set at all.. it's not an issue of it reading the cookie, as it can't read what is never set. I'll give it a shot when I get home though anyway. Read my response again, and you'll see that what you are saying here does not conflict. The cookie is indeed not getting set, and that is likely because the browser does not take action on the Set-Cookie header when it is contained within a 302 response. If you use a meta redirect rather than a header(Location: ...) call, the response status will be 200 instead of 302, so the browser might accept
RE: Re: [PHP] Creating SSL Connection to Accept Credit Cards
Except that https:// doesn't work with fopen until PHP 4.3.0. Suggestions are only good if they work with a current version of PHP. :) (No, I don't consider 4.3.0 current until it's at *least* released) Regardless, until then, CURL support is probably the way to go. Assuming you have curl support, it's fairly straightforward: --- $ch = curl_init(https://somesite.com;); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $authorization_data); $result = curl_exec($ch); $errorstr = curl_error($ch); curl_close($ch); --- $result contains the data received and $errorstr contains the error message (if any) if it was unsuccessful. Translating $result depends on how they return the data. With the above example, you'll need to have $authorization_data in POST format, which really is nothing more than the GET format string. (Secure transaction APIs typically don't allow GET) var=somevaluevar2=somevalue2var3=anothervalue -Original Message- From: Ben C. [mailto:benc;cox.net] Sent: Tuesday, November 05, 2002 11:55 AM To: Adam Voigt Cc: [EMAIL PROTECTED] Subject: Re: Re: [PHP] Creating SSL Connection to Accept Credit Cards I am not sure if that is what they want. I will try it and get back. Good suggestion. From: Adam Voigt [EMAIL PROTECTED] Date: 2002/11/05 Tue PM 12:33:00 EST To: [EMAIL PROTECTED] CC: [EMAIL PROTECTED] Subject: Re: [PHP] Creating SSL Connection to Accept Credit Cards Like: $f = fopen(https://whatever.com,r;) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: Re: [PHP] Creating SSL Connection to Accept Credit Cards
Unfortunately, if you don't have CURL support and you can't change that, you may be out of luck. HTTPS support requires CURL and OpenSSL, and in the future at least OpenSSL. I would speak with your hosting provider and see what they recommend. Perhaps they can add in CURL and OpenSSL support. If not, you may need to change providers. :) Jaime -Original Message- From: Ben C. [mailto:benc;cox.net] Sent: Tuesday, November 05, 2002 12:19 PM To: Jaime Bozza; 'Adam Voigt' Cc: [EMAIL PROTECTED] Subject: RE: Re: [PHP] Creating SSL Connection to Accept Credit Cards Is there anything else that I can do. I am running PHP 4.1.2 so the fopen() doesn't work and I donot have support for CURL. Any other suggestions? From: Jaime Bozza [EMAIL PROTECTED] Date: 2002/11/05 Tue PM 01:09:37 EST To: 'Ben C.' [EMAIL PROTECTED], 'Adam Voigt' [EMAIL PROTECTED] CC: [EMAIL PROTECTED] Subject: RE: Re: [PHP] Creating SSL Connection to Accept Credit Cards Except that https:// doesn't work with fopen until PHP 4.3.0. Suggestions are only good if they work with a current version of PHP. :) (No, I don't consider 4.3.0 current until it's at *least* released) Regardless, until then, CURL support is probably the way to go. Assuming you have curl support, it's fairly straightforward: --- $ch = curl_init(https://somesite.com;); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $authorization_data); $result = curl_exec($ch); $errorstr = curl_error($ch); curl_close($ch); --- $result contains the data received and $errorstr contains the error message (if any) if it was unsuccessful. Translating $result depends on how they return the data. With the above example, you'll need to have $authorization_data in POST format, which really is nothing more than the GET format string. (Secure transaction APIs typically don't allow GET) var=somevaluevar2=somevalue2var3=anothervalue -Original Message- From: Ben C. [mailto:benc;cox.net] Sent: Tuesday, November 05, 2002 11:55 AM To: Adam Voigt Cc: [EMAIL PROTECTED] Subject: Re: Re: [PHP] Creating SSL Connection to Accept Credit Cards I am not sure if that is what they want. I will try it and get back. Good suggestion. From: Adam Voigt [EMAIL PROTECTED] Date: 2002/11/05 Tue PM 12:33:00 EST To: [EMAIL PROTECTED] CC: [EMAIL PROTECTED] Subject: Re: [PHP] Creating SSL Connection to Accept Credit Cards Like: $f = fopen(https://whatever.com,r;) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] sessions
Unfortunately, in a real world situation, verifying IP address does *NOT* work. On our sites we have the following: -- AOL. Their outgoing IP isn't necessarily the same IP address throughout the session. AOL assigns IP addresses as needed. -- People behind web caching servers. HTTP can be cached, HTTPS cannot. If you switch between HTTP and HTTPS, a person's IP address will change. -- Clients that have network connections that multiplex multiple pipes. If there are multiple IPs, then the connection may flipflop between the IPs in the session. And those are the most common problems with trying to force the same IP in a session. If you were to use IP to validate a session, it would be best to combine it with the Browser Agent string and perhaps the referrer. If all three aren't what you expect, then it may be a hijack attempt. Just using IP address will cause problems if you run into any of the problems above (and others that cause the IP Address to change during a session) Jaime Bozza -Original Message- From: Adam Voigt [mailto:adam;cryptocomm.com] You could, on the page where it initially creates there session, get there IP address and make that a session variable, then in one of your include files which is called on every page, check to see if the current users's IP match's the one of the $_SESSION[ip] variable, if it doesn't, just stop them dead with an exit; statement. Course this won't help for people behind the same public IP, but it's a start. You could also verify against what the browser identify itself as, etc. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] sessions
Really? Your IP randomly changes when your surfing between say yahoo.com and msn.com does it? While it is true that you can force an IP change while your connected, I have not yet seen a Mine doesn't because it's fixed. But for the reasons I stated in my previous email, it may for someone else. In fact, I've *watched* a session's IP address flipflop back and forth when downloading data from one of our websites. There are products out there that multiplex dialup lines without using MPPP. How do they do that? They make multiple connections, each with their own IP Address, and then the unit load balances TCP/IP sessions across the connections. (One TCP/IP session will go out connection #1, the next out of session #2, and so forth) I have been using an extra IP check in our sessions on a website which get's somewhere in the area of 500,000 unique hits a month and we have not had a single complaint of people's session's being dropped. Perhaps the clients you have don't use the devices (or are on AOL, or have webcache devices). Perhaps the ones that have a problem just go away. There could be many reasons why you haven't had a complaint. Personally I find it easier to go somewhere else than complain to a website that I'm having problems with. I'm just pointing out the issues, I'm not forcing anyone to listen. :) Jaime Bozza -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] sessions
I have not seen it where AOL randomly shunts a new IP to a client, but then again I don't get to many AOL users on the websites which use these sessions, ofcourse of those who do, none have ever complained about there session being lost. It doesn't always happen, but I think AOL's IP timeout is smaller than the session timeout on our websites. When tracking a login issue at one point, I lost track of the customer because his IP changed. He was using AOL. This is true, however most people with secondary connections are (or should) be operated in a BGP fashion where two pipe's can route the same IP subnet while maintaining two seperate routes to the internet. BGP on a dialup or ISDN connection? Multiplexing isn't multihoming. Two different issues. :) (Not to mention that your everyday person doesn't know anything about multihoming and BGP.) Even Linux has the ability (eql is one of the products) to combine multiple upstream gateways (whether they be dialup/ISDN/DSL/T1's, etc) in a simple round-robin form. Cisco routers even have the support (ip load-sharing per-destination) that doesn't require BGP or to have the routes be on the same provider. Jaime Bozza -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] sessions
A 99% solution is what I strive to get, between javascript and CSS incompatibilty's between browsers, all kinds of HTML, table and form tags looking different between systems, and everything else which breaks design compatibility between the two, the programming side, having the IP check is great, with referer check the original user and the hacker who gets there SID just have both be runnign IE if it was a browser check, I'm willing to live with the possibility that someone could lose there session (though it hasn't happened yet) and if it does maybe we'll look at a different way to do it. Just to bring up your browser/referrer checks, have you seen this in your weblogs? Field blocked by Outpost (http://www.agnitum.com) That's the referrer (HTTP_REFERER) field. :) Another popular product (Norton Internet Security) will block HTTP_REFERER by default also. (It also has the ability to block the browser agent, but it's not on by default) I've seen others that change HTTP_REFERER into HTTP_WEFERER and hash the data so you can't see what it was originally. I'm not sure which product does this. Jaime Bozza -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] sessions
The point of doing it is, even if someone gets your SID, they can't just paste it on to the URL because they don't have the IP that matches that session, so when they go to that page, your include file detects this, and stops them. Definitely a problem. Which is why I recommend multiple checks (IP Address, Referrer, Browser - especially browser) to verify a connection. It's highly unlikely all three of those would change. But if IP Address changed and the referrer and Browser stayed the same it's possibly the same person. (You could also do a little check on how different the IP Address is and base it off of that) Or, if you want to make it more difficult and only accept cookies (which makes it harder for the average joe to accidentally hijack a session), PHP 4.3 will have session.use_only_cookies as a variable. Jaime Bozza -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Credit card checks?
This may help with the specific formats. (And how to calculate the check digit yourself to verify) http://www.beachnet.com/~hstiles/cardtype.html Jaime Bozza -Original Message- From: Kristopher Yates [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 23, 2002 1:42 PM To: [EMAIL PROTECTED] Subject: Re: [PHP] Credit card checks? You should contact Visa International Service Association to determine what constitues a valid credit card number. Just FYI, a valid format is 16 digits; ---. I believe VISA normally begins with 41 as the first two digits, however, I am not a Visa Int. agent but I am a client. Ultimately, you would need a merchant account to verify its validity, AFTER you have verified its format for accuracy. HTH Kris Jas wrote: Yeah, I have looked at that class file and I don't want someone elses example to use, I want to build my own but have no way of knowing what makes up a valid visa number etc Jas Richard Baskett [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Try this: http://www.AnalysisAndSolutions.com/code/ccvs-ph.htm Rick A sense of humor can help you over look the unattractive, tolerate the unpleasant, cope with the unexpected, and smile through the unbearable. - Moshe Waldoks From: Jas [EMAIL PROTECTED] Date: Tue, 23 Jul 2002 12:09:48 -0600 To: [EMAIL PROTECTED] Subject: [PHP] Credit card checks? Just wondering if anyone has come across the need to develop a class to test a string of numbers based on a credit card type. If you have where would I be able to get information on what string of numbers is consistent with each of the different credit cards? Any help would be appreciated! Jas -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Equivalent of this in php
PHP has heredoc capability, though it'll look a little strange since you'll need the () around the parameters. It's also used a little bit differently. Here's the code: $fp = popen($Openssl_cmd req -new -config /usr/lib/openssl.cnf . -key $cert_dir/key -days $days -out $cert_dir/request 12, w); fputs ($fp, USER_INFO $subject[C] $subject[ST] $subject[L] $subject[O] $subject[OU] $subject[CN] $subject[Email] USER_INFO ); pclose($fp); --- PHP uses instead of and does not have a ; at the end of the first line. Typically, (using print), the end statement would have a ;, but since you need to close the ()'s, and since you can't have anything *BUT* a ; following the end statement, you need to put the ); on the next line. Good luck! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 12, 2002 12:19 PM To: [EMAIL PROTECTED] Subject: [PHP] Equivalent of this in php What would be the equivalent of this in php. Mostly the open (REQ and the print REQ USER_INFO; to the close REQ; Could somebody just point me in the write direction. open (REQ, |$Openssl_cmd req -new -config /usr/lib/openssl.cnf . -key $cert_dir/key -days $days -out $cert_dir/request 12) || return MSG_error(ssl_cant_gen_request); print REQ USER_INFO; $subject{'C'} $subject{'ST'} $subject{'L'} $subject{'O'} $subject{'OU'} $subject{'CN'} $subject{'Email'} USER_INFO ; close REQ; -- Best regards, rdkurth mailto:[EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] PHP URLs not opening from email in Outlook XP
Natalie, I'm using Outlook XP here and the link opens just fine. The only time I get that locate link browser window is if I hold the shift-key down when clicking on the link. (I typically link to open links in new windows, so I hold the shift-key when clicking links - It will open the link in a new browser window.) If you weren't hitting the shift-key, it could be possible that one of your shift-keys are stuck, which is emulating the shift-click. Not much more I can tell you other than that, since the link (and all others) work just fine for me in Outlook XP. Jaime Bozza -Original Message- From: Leotta, Natalie (NCI/IMS) [mailto:[EMAIL PROTECTED]] Sent: Friday, May 31, 2002 12:16 PM To: [EMAIL PROTECTED] Cc: Jeans, Matt (NCI/IMS); Cucinelli, James (NCI/IMS) Subject: [PHP] PHP URLs not opening from email in Outlook XP I just tried to open the PHP link about the Navy. I'm running IE6 (freshly installed today, so no tweaks have been made) with Win2000. When I clicked on the link in the email, a locate link window came up (similar to an open file window). This does not happen on my coworker's machine. The only obvious difference between my computer and my coworker's computer is that I'm running Office XP and he's got Office 2000, so we've got different versions of Outlook. We are currently redoing our website so that the URL has all of the unique identifiers for each graph, so the whole point is to have people graph something, copy it into an email, and send it to someone so they get the same graph. Does this happen to anyone else? Is there something we can do to prevent it from happening? Thanks! -Natalie PS Here's the link that was sent, if you want to try it: http://www.zend.com/zend/cs/csnavalready.php Natalie S. Leotta Information Management Services, Inc. (301) 680-9770 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Post 4.1.0 PHP
The only problem I see with any of these options is that the new arrays are superglobals (not my term) and do not require the use of the global command. For instance: function myfunc() { global $HTTP_POST_VARS; $somevar = $HTTP_POST_VARS[somevar]; ... } can now be written as: function myfunc() { $somevar = $_POST[somevar]; } Sure you can extract the old ($HTTP_) arrays into the new, but you still don't get the same functionality. (Yes, you could put a 'global $_POST;' in the new way, but that defeats the purpose of having the new superglobals) Jaime Bozza -Original Message- From: Kurth Bemis (List Monkey) [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 30, 2002 9:59 AM To: Michael Hall Cc: PHP List Subject: Re: [PHP] Post 4.1.0 PHP At 11:35 PM 5/30/2002 +0930, Michael Hall wrote: When I asked I got this response. $types_to_register = array('GET','POST','COOKIE','SESSION','SERVER'); foreach ($types_to_register as $type) { $arr = @${'HTTP_' . $type . '_VARS'}; if (@count($arr) 0) { extract($arr, EXTR_OVERWRITE); } } put that at the of of your scripts and everything will work ok untill you get things moved over. ~kurth I've been using PHP 4.0.1 for ages now, and have decided to upgrade one of my machines to 4.2.1 and get used to working under the new security arrangements. I understand that older scripts are fully compatible with 4.1.0+, or can be made so with minimal fuss. I am assuming that scripts written using the new $_GET and $_POST (etc) arrays simply won't run under pre-4.1.0 versions of PHP. So, where does this leave us with regard to ISPs that still run older versions of PHP (so that users' scripts won't break)? Is there some way to write code using the new arrays, but that will run under older versions of PHP. Would including something like this at the top of a script work: $_POST = $HTTP_POST_VARS; while inside the code reference is made only to $_POST ? Sorry if this has been covered repeatedly, I've only just rejoined the list after a break from the relentless volume (of great, useful info). TIA Michael Hall [EMAIL PROTECTED] Kurth Bemis - Network/Systems Administrator, USAExpress.net/Ozone Computer Jedi business, Go back to your drinks - Anakin Skywalker, AOTC [EMAIL PROTECTED] | http://kurth.hardcrypto.com PGP key available - http://kurth.hardcrypto.com/pgp -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] form posting to a fake page
Actually, I believe this is a browser problem. The browser does not resubmit POST data after a redirect (302 returned), so your final page never sees the data. I had a similar problem where I was redirecting in certain cases and could never get the POST data to come up on the final page. (Testing this with both IE and Netscape) Jaime Bozza -Original Message- From: [ rswfire ] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 17, 2002 2:36 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: [PHP] form posting to a fake page Yes it works fine if I access it directly from index.php. The action property is set appropriately. I believe the problem lies in the fact that it is redirected in the background because the page is not real, so I'm assuming it is an Apache behaviour as opposed to a PHP limitation. Original Message Follows From: SHEETS,JASON (Non-HP-Boise,ex1) [EMAIL PROTECTED] To: '[ rswfire ]' [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: RE: [PHP] form posting to a fake page Date: Wed, 17 Apr 2002 15:29:56 -0400 I assume form works correctly if you go directly to your index page. You need to show us the html code for your form. Make sure your action= is set properly. If you are using PHP you need to show relevant code. Please be more specific about your domain, www.mydomain.com/mypage.html does not allow anyone to go to the site and view the behavior or view your html to make sure everything is ok. Jason -Original Message- From: [ rswfire ] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 17, 2002 1:04 PM To: [EMAIL PROTECTED] Subject: [PHP] form posting to a fake page I am having a problem with posted variables showing up on a redirected page... When someone access the page www.mydomain.com/mypage.html - it does not actually exist so my 404 errordocument is called (which is the root index.php file) - the index.php file knows what to do and creates an appropriate page - my entire network works in this fashion. Unfortunately, if someone completes a form, the posted variables do not seem to show up. I'm not sure what I can do about this. I cannot redesign my entire network because of this one problem - does any one have any suggestions? -rsw _ Send and receive Hotmail on your mobile device: http://mobile.msn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php _ Send and receive Hotmail on your mobile device: http://mobile.msn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] form posting to a fake page
I've done some testing, and it seems that Apache messes with the server variables when it sends the error document. Basically, Apache does *NOT* send an HTTP 302 response. It sends an HTTP 404 response, but outputs the full code from the ErrorDocument. Unfortunately, it changes the REQUEST_METHOD from POST to GET. Also, it creates the following: REDIRECT_ERROR_NOTES REDIRECT_REQUEST_METHOD REDIRECT_STATUS REDIRECT_URL (See http://httpd.apache.org/docs/custom-error.html for more information on the variables) REDIRECT_REQUEST_METHOD contains POST. Also, CONTENT_TYPE is *still* application/x-www-form-urlencoded and CONTENT_LENGTH still equals the size of the POST data, so the data *IS* still being sent, though PHP is most likely ignoring the data since the method does not equal POST. Can anyone from the development team verify this? (CC'ing to php-dev in a separate email so additional comments don't get CC'd as well) If this is the case, this may be a good one for a feature request. If not, using the RewriteEngine may be your only choice. (Looking in /main/main.c, it seems that POST data *is* only parsed when REQUEST_METHOD=POST, so it may end up only being a single line patch) Let us know if you plan on requesting a new feature. Jaime Bozza -Original Message- From: [ rswfire ] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 17, 2002 4:04 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: [PHP] form posting to a fake page No, the error handler does not have access to the posted data. The problem in a nutshell: 1. Person fills out form; clicks submit 2. Form action property is called; server notices the page is not real (Data is lost here) 3. Error handler is called Original Message Follows From: Miguel Cruz [EMAIL PROTECTED] To: [ rswfire ] [EMAIL PROTECTED] CC: [EMAIL PROTECTED] Subject: Re: [PHP] form posting to a fake page Date: Wed, 17 Apr 2002 16:00:17 -0500 (CDT) Your error handler would read them and then construct a redirect containing the form data in querystring format. miguel On Wed, 17 Apr 2002, [ rswfire ] wrote: $_POST[] variables do not exist on a redirected page; that's the problem! Original Message Follows From: Miguel Cruz [EMAIL PROTECTED] To: [ rswfire ] [EMAIL PROTECTED] CC: [EMAIL PROTECTED] Subject: Re: [PHP] form posting to a fake page Date: Wed, 17 Apr 2002 15:56:32 -0500 (CDT) On Wed, 17 Apr 2002, [ rswfire ] wrote: It would still require some knowledge of the posted data. If someone clicks a submit button, and it is posting to a page that doesn't really exist, then when the index.php file gets called as a 404 errordocument, the posted variables are already lost, so it wouldn't be possible to access the posted variables in any fashion. The only possibility might be if Apache had some way of dealing with this scenario and I am not that familiar with how Apache works. And so, that leaves me with the only workaround I do know, post to a page that does exist! It's just not the ideal solution, but it works. Well, depending on the quantity of posted data, you could go through $_POST[] and turn them into GET args and pass them along to the appropriate page (not that I really understand what you're trying to do). miguel _ Chat with friends online, try MSN Messenger: http://messenger.msn.com _ Send and receive Hotmail on your mobile device: http://mobile.msn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] viewing get/post variables
Read the NEWS file for PHP 4.2.0. (It should be located in the base directory of the source distro) If you're using the Windows package, try here: http://cvs.php.net/co.php/php4/NEWS?r=1.885.2.17 Jaime Bozza -Original Message- From: Martín Marqués [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 16, 2002 8:44 AM To: Christoph Starkmann; [EMAIL PROTECTED] Subject: Re: [PHP] viewing get/post variables On Mar 16 Abr 2002 10:35, Christoph Starkmann wrote: Hi Martín! I can't remmeber how to configure php.ini so that if I get the URL http://localhost/index.php?var1=10 an echo $var1 will return 10 What I mean, is that _GET[var1] exists, but I want $var1 to be available. If $var1 is not available directly, your safe_mode seems to be turned on. One way would be to turn safe_mode off again: change the line safe_mode=On to safe_mode=Off safe_mode is Off. in your php.ini. The safer way would be to prepare $var1, for example like this: $var1 = $HTTP_GET_VARS[var1]; Now you can use $var1. Before I upgraded PHP form 4.0.6 to 4.2.0RC2 it worked directly, without having to pass the $HTTP_GET_VARS. Saludos... :-) -- Porqué usar una base de datos relacional cualquiera, si podés usar PostgreSQL? - Martín Marqués |[EMAIL PROTECTED] Programador, Administrador, DBA | Centro de Telematica Universidad Nacional del Litoral - -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] viewing get/post variables
Hmmm... I'm not sure why that would be (unless, of course, your php.ini has it there.) Either way, it sounds like a potential bug in either phpinfo() or the register_globals code itself. Jaime Bozza -Original Message- From: Martín Marqués [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 16, 2002 9:25 AM To: [EMAIL PROTECTED] Subject: Re: [PHP] viewing get/post variables On Mar 16 Abr 2002 11:02, Jaime Bozza wrote: Read the NEWS file for PHP 4.2.0. (It should be located in the base directory of the source distro) You're talking about: - ACHTUNG!! register_globals defaults to 'off' now !!! Yes, but phpinfo() says that register_globals is On!! Any way, I going back to 4.1.2 until 4.2 gets final, or at least until I finish the programming of an aplication I have to release. -- Porqué usar una base de datos relacional cualquiera, si podés usar PostgreSQL? - Martín Marqués |[EMAIL PROTECTED] Programador, Administrador, DBA | Centro de Telematica Universidad Nacional del Litoral - -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Sessions that last for ever
Actually, sites that remember you don't typically keep the same session around. They send a separate cookie that contains just userid information and when you return, they just set the session variables in such a way based off of the userid cookie. If you really want to keep the same session around, just use the function 'session_set_cookie_params()' and set the lifetime to be some huge number, or use the session.cookie_lifetime setting in php.ini. Jaime Bozza -Original Message- From: Nigel Gilbert [mailto:[EMAIL PROTECTED]] Sent: Saturday, February 16, 2002 2:10 PM To: Erik Price Cc: [EMAIL PROTECTED] Subject: Re: [PHP] Sessions that last for ever But very many commercial sites, including Apple and Amazon to name two, do exactly this. When you re-enter the site they 'remember' who you are using a cookie. In my case, I'm building a multi-player strategy game and while I want the players to go through an initial briefing the first time they ever join the game, thereafter they should be able to get straight into the game if they are still using the same PC. But as I said, the specifics of my use aren't so important - lots of sites leave permanent cookies around and the results don't seem to be catastrophic. The question is still: how to do it? Nigel On Saturday, February 16, 2002, at 07:52 PM, Erik Price wrote: On Saturday, February 16, 2002, at 07:43 AM, Nigel Gilbert wrote: By default, a session (created with session_register) seems to last just as long as the user has their browser open. If a user quits the browser, the session is automatically destroyed. I want a session to last indefinitely (or until my program destroys it). There are some hints about how this could be done with cookies in the documentation, but not a clear recipe. What sequence of PHP statements should I use to achieve this? I don't have the answer you're looking for (maybe it's a php.ini setting), but I suspect that it might be a dangerous idea. The longer a session ID is hanging about, the easier it is for a cracker to hijack it and use it for evil intent. Remember, every time a page is requested within any given session, either a cookie variable or a GET variable is being sent along with the HTTP headers. Keeping a session going for more time than needed means that the variable representing the session ID is leaving footprints all over the place. Erik -- who has become overcautious lately upon learning how HTTP works Erik Price Web Developer Temp Media Lab, H.H. Brown [EMAIL PROTECTED] __ Professor Nigel Gilbert, FREng, AcSS, Pro Vice-Chancellor and Professor of Sociology, University of Surrey, Guildford GU2 7XH, UK. +44 (0)1483 689173 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Having a problem with sessions, Part Deux.
Henrik, Which session handler are you using? Files, mm, User? Jaime Bozza -Original Message- From: Henrik Hudson [mailto:[EMAIL PROTECTED]] Sent: Sunday, January 20, 2002 11:55 PM To: [EMAIL PROTECTED] Subject: [PHP] Having a problem with sessions, Part Deux. Just FYI. I posted the forwarded question earlier, but did some more testing. I was doing some testing tonight when server traffic was low (ie: stop / restart Apache) and I found out that when register_globals is On, the below code doesn't work. Is this something to do with the EGPCS and how variables are inherited? When register_globals is off, the code works great. Could someone explain why that is? That'd be great :) I would have thought that you can still access the HTTP_SESSION_VARS even if globals is on? Thanks. Henrik On Sunday 20 January 2002 15:12, Henrik Hudson wrote: Hey List- Banging my head again the wall with this one. One of our developers was trying to get some session stuff to work and he couldn't and asked me to look into it. I have a script that contains the following (the sessions.php href reference is the same script accept it calls this one): _ session_start(); if (!isset($HTTP_SESSION_VARS[count])) { $HTTP_SESSION_VARS[count] = 0; } else { $HTTP_SESSION_VARS[count]++; } //Print the counter echo Counter is now: $HTTP_SESSION_VARS[count];\nbr\n; echo Let's go to another a href=\sessions.php\page/a...brbr; ___ On my box at home running PHP 4.0.6 it works great. On the work server running PHP 4.0.6 it doesn't work. Just keeps setting count to 0. The work box is running Apache 1.3.20 with the following compile options: './configure' '--with-apxs' '--with-config-file-path=/etc/php' '--with-openssl=/usr/local/openssl' '--with-zlib' '--with-bz2' '--with-pspell' '--enable-ftp' '--enable-gd' '--with-imap' '--with-mcrypt' '--with-mhash' '--with-mysql=/usr/local/mysql' The home box is running Apache 1.3.22 with the following compile options: './configure' '--with-apxs' '--with-config-file-path=/etc/php' '--with-openssl=/usr/local/openssl' '--with-zlib' '--with-bz2' '--with-mysql=/usr/local/mysql' '--with-mcrypt' '--with-mhash' '--disable-xml' '--enable-ftp' '--with-gettext' '--with-pspell' '--enable-inline-optimization' The only major difference that I could find in the php.ini file is that at home I have register globals off and at work they are on? Even with register globals on, you can still use the $HTTP_*_VARS, right? The sessionID cookie is getting put into my browser, I checked so the session is starting correctly, just not retaining the variable. Any ideas anyone? Thanks list. Henrik -- Henrik Hudson [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] session problems not finding my variables..
Peter, I had a similar problem, and I believe there's a bug report already filed about it. PHP doesn't seem to save session variables if you use the Location: header. What I do in my scripts when I need to set a location redirect is run 'session_write_close()' before I use the header function. This assures me that the data is written. Jaime Bozza -Original Message- From: Peter Lavender [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 15, 2002 7:35 PM To: php-general Subject: [PHP] session problems not finding my variables.. Hi everyone, I'm not sure what I have done wrong here. I haven't been sucessful in finding anything that points to what the cuase could be. What I find interesting is that I have used session in another area of the web site with out problems. The only difference between it and the way I have done it here is that I'm using the header function in this bit of code, where as the session is started and variables registered and the processing is done on another page. Anyway here is the code for the log in page: ?php session_start(); file://session_unset(); include('./connectDB.php'); include('./commonfunctions.php'); ? function checkdetails($db, $HTTPVARS) { //check if allowed access $user = $HTTPVARS['uid']; $passwd = $HTTPVARS['passwd']; $sql = select * from tbl_maxware where loginID = '$user' and password = '$passwd';; $result = $db-query($sql); checkError($result, $db, Error in checkDetails); if ($result-numrows() == 0) { echo htmlbody; echo h2Error Loging In/h2; echo brNot a valid login try again or contact the adminbr; echo a href=\./login.php\Try Again/a; echo /body/html; exit(); } else { // matched in the maxware table $result-fetchinto($success); $UID = $success[0]; $logUID = $success[1]; $logName = $success[2]; //echo session_save_path(); session_register(UID, logUID, logName); // send them to the main page header(Location: ./supportau.php); } } // end checkdetails if (array_key_exists( uid, $HTTP_POST_VARS ) ) { checkdetails($db, $HTTP_POST_VARS); } else { login(); } ? Code for the following main page ?php session_start(); include( './connectDB.php' ); include('./commonFunctions.php'); ? html head title/title DEFANGED_style !-- @import url(./max.css); @import url(./supportAU.css); @import url(./link.css); -- /DEFANGED_style /head body h2Support Database/h2 center table width=90% border=1 trtd rowspan=2 width=30% !--table width=100% border=1 bgcolor=#887766 trtd -- ?php echo Name= $logName; DEFANGED_snip This returns an error: PHP Warning: Undefined variable: logName in c:\inetpub\wwwroot\supportau\supportau.php on line 25 Thanks, Pete -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] Session troubles
Ricardo, I've had some strange problems with session writing, but they always returned back to the fact that return false was being used in the session read function. PHP 4.0.6 wouldn't write out sessions when register_globals was set to off when you were using return false. PHP 4.1.0 crashes with signal 11 after a bit when using return false. I've filed a couple of bug reports with the request that this be fixed. I believe a patch is either being worked on or already submitted, but I'm not positive. Sean's problem is that he's using return false in his session read function. The session read function should return a blank value ('') and not false when there's no data. This was never clear in the documentation (and complaint I made) but is quite true. Once switching over to using ('') instead of (false), I no longer had problems. Jaime Bozza -Original Message- From: Junior, Ricardo [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 03, 2002 8:52 AM To: [EMAIL PROTECTED] Subject: RE: [PHP] Session troubles Hi Sean ! I had the same problem... this can be resolved using the function session_write_close() at the end of each script you use sessions. It will force PHP to call the write and close function. In some combinations of PHP version, Apache and OS, this problem doesn't happens, but as you, I had this problem too.. :) Put this function in yours PHP scripts and see if now them will work. Here is an exemple of a test script: ?php error_reporting( E_ALL ); ini_set(session.save_handler,user); include( ./mysession.php ); where is my session functions declareted to use database... session_start(); ? html head titleMySQL Session Management: Second Page/title /head body ?php print( SESSION User: $aUserbr ); print( SESSION Account: $aAccountbr ); $aUser = Katie; $aAccount = 2026; print( CHANGED User: $aUserbr ); print( CHANGED Account: $aAccountbr ); session_write_close(); ? /body /html Cheers, _ Ricardo J. A. Júnior, Software Engineer Trainee Bowne Global Solutions Phone +55 21 2515 7713 [EMAIL PROTECTED] www.bowneglobal.com.br -Original Message- From: Sean LeBlanc [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 02, 2002 2:20 PM To: [EMAIL PROTECTED] Subject:Re: [PHP] Session troubles On 01-02 07:45, Jaime Bozza wrote: I agree. Perhaps make a feature request that disallows session starting if save_handler=user and you haven't defined a session handler? Then it could spit out a more correct error message. Blast. I am still unable to get my own session handler to work. My session handler's write never gets called; only my session_open and session_read get calledthe default file session handler still works, if I change save_handler back to file instead of user. As for the feature request, I guess I could - is there a mechanism to do this outlined somewhere? -Original Message- From: Sean LeBlanc [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 01, 2002 8:32 PM To: [EMAIL PROTECTED] Subject: Re: [PHP] Session troubles On 12-31 09:23, Jaime Bozza wrote: Sean, From your php error_log, it's saying the following: Failed to write session data (user) which sounds like it's having problems writing to the user-defined session handler. Are you using a user-defined session handler? If not, make sure your php.ini file has: session.save_handler = files And *NOT*: session.save_handler = user That will make a big difference. Good eye. That was it. I *did* have it as user because I was trying to do my own user-defined session handler, and then stepped back and was just trying to get the simpler case to work, w/o changing it back. Thanks, it works now! Now, I just need to see if I can get my session_handler working... It's too bad the error message isn't more descriptive for this, BTW... -Original Message- From: Sean LeBlanc [mailto:[EMAIL PROTECTED]] Sent: Saturday, December 29, 2001 1:21 PM To: [EMAIL PROTECTED] Subject: Re: [PHP] Session troubles On 12-29 12:56, David Jackson wrote: Sean -- Don't know if this help but here's what I just worked for me. What ver. of PHP are you using? It seem to me that 3.x.x needs PHPLIB: http://sourceforge.net/projects/phplib to handle sessions? -- David Jackson --- sean.php --- ?php include(seaninc.php); ? --- seaninc.php -- ?php session_start(); session_register(i); $i++; echo $i; ? I'm using 4.0.6. I believe session handling was added as part of standard 4.x, right (if configured to compile it)? Some more info: I tried with Konqueror, as I know a cookie needs to be sent during the session_start() phase - I did get a dialog pop-up asking if I wanted to accept the cookie, but I still got the error: Fatal error: Failed
RE: [PHP] Session troubles
Hmmm... So, there are yet more problems with the session functions. :) Are you using 4.1.1 or 4.0.6? Jaime -Original Message- From: Junior, Ricardo [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 03, 2002 9:34 AM To: 'Jaime Bozza'; [EMAIL PROTECTED] Subject: RE: [PHP] Session troubles Ok Jaime. I've imagine that he had the same problem that I have had before.. :) I'm really returning a ' in my read function when there is no data too... because of this I don't had the problem related by Sean... Thanks, _ Ricardo J. A. Júnior, Software Engineer Trainee Bowne Global Solutions Phone +55 21 2515 7713 [EMAIL PROTECTED] www.bowneglobal.com.br -Original Message- From: Jaime Bozza [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 03, 2002 11:09 AM To: [EMAIL PROTECTED] Subject:RE: [PHP] Session troubles Ricardo, I've had some strange problems with session writing, but they always returned back to the fact that return false was being used in the session read function. PHP 4.0.6 wouldn't write out sessions when register_globals was set to off when you were using return false. PHP 4.1.0 crashes with signal 11 after a bit when using return false. I've filed a couple of bug reports with the request that this be fixed. I believe a patch is either being worked on or already submitted, but I'm not positive. Sean's problem is that he's using return false in his session read function. The session read function should return a blank value ('') and not false when there's no data. This was never clear in the documentation (and complaint I made) but is quite true. Once switching over to using ('') instead of (false), I no longer had problems. Jaime Bozza -Original Message- From: Junior, Ricardo [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 03, 2002 8:52 AM To: [EMAIL PROTECTED] Subject: RE: [PHP] Session troubles Hi Sean ! I had the same problem... this can be resolved using the function session_write_close() at the end of each script you use sessions. It will force PHP to call the write and close function. In some combinations of PHP version, Apache and OS, this problem doesn't happens, but as you, I had this problem too.. :) Put this function in yours PHP scripts and see if now them will work. Here is an exemple of a test script: ?php error_reporting( E_ALL ); ini_set(session.save_handler,user); include( ./mysession.php ); where is my session functions declareted to use database... session_start(); ? html head titleMySQL Session Management: Second Page/title /head body ?php print( SESSION User: $aUserbr ); print( SESSION Account: $aAccountbr ); $aUser = Katie; $aAccount = 2026; print( CHANGED User: $aUserbr ); print( CHANGED Account: $aAccountbr ); session_write_close(); ? /body /html Cheers, _ Ricardo J. A. Júnior, Software Engineer Trainee Bowne Global Solutions Phone +55 21 2515 7713 [EMAIL PROTECTED] www.bowneglobal.com.br -Original Message- From: Sean LeBlanc [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 02, 2002 2:20 PM To: [EMAIL PROTECTED] Subject:Re: [PHP] Session troubles On 01-02 07:45, Jaime Bozza wrote: I agree. Perhaps make a feature request that disallows session starting if save_handler=user and you haven't defined a session handler? Then it could spit out a more correct error message. Blast. I am still unable to get my own session handler to work. My session handler's write never gets called; only my session_open and session_read get calledthe default file session handler still works, if I change save_handler back to file instead of user. As for the feature request, I guess I could - is there a mechanism to do this outlined somewhere? -Original Message- From: Sean LeBlanc [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 01, 2002 8:32 PM To: [EMAIL PROTECTED] Subject: Re: [PHP] Session troubles On 12-31 09:23, Jaime Bozza wrote: Sean, From your php error_log, it's saying the following: Failed to write session data (user) which sounds like it's having problems writing to the user-defined session handler. Are you using a user-defined session handler? If not, make sure your php.ini file has: session.save_handler = files And *NOT*: session.save_handler = user That will make a big difference. Good eye. That was it. I *did* have it as user because I was trying to do my own user-defined session handler, and then stepped back and was just trying to get the simpler case to work, w/o changing it back. Thanks, it works now! Now, I just need to see if I can get my session_handler working... It's too bad the error message isn't more descriptive for this, BTW... -Original Message- From: Sean LeBlanc [mailto:[EMAIL PROTECTED]] Sent: Saturday, December 29
RE: [PHP] Session troubles
I agree. Perhaps make a feature request that disallows session starting if save_handler=user and you haven't defined a session handler?Then it could spit out a more correct error message. Jaime Bozza -Original Message- From: Sean LeBlanc [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 01, 2002 8:32 PM To: [EMAIL PROTECTED] Subject: Re: [PHP] Session troubles On 12-31 09:23, Jaime Bozza wrote: Sean, From your php error_log, it's saying the following: Failed to write session data (user) which sounds like it's having problems writing to the user-defined session handler. Are you using a user-defined session handler? If not, make sure your php.ini file has: session.save_handler = files And *NOT*: session.save_handler = user That will make a big difference. Good eye. That was it. I *did* have it as user because I was trying to do my own user-defined session handler, and then stepped back and was just trying to get the simpler case to work, w/o changing it back. Thanks, it works now! Now, I just need to see if I can get my session_handler working... It's too bad the error message isn't more descriptive for this, BTW... -Original Message- From: Sean LeBlanc [mailto:[EMAIL PROTECTED]] Sent: Saturday, December 29, 2001 1:21 PM To: [EMAIL PROTECTED] Subject: Re: [PHP] Session troubles On 12-29 12:56, David Jackson wrote: Sean -- Don't know if this help but here's what I just worked for me. What ver. of PHP are you using? It seem to me that 3.x.x needs PHPLIB: http://sourceforge.net/projects/phplib to handle sessions? -- David Jackson --- sean.php --- ?php include(seaninc.php); ? --- seaninc.php -- ?php session_start(); session_register(i); $i++; echo $i; ? I'm using 4.0.6. I believe session handling was added as part of standard 4.x, right (if configured to compile it)? Some more info: I tried with Konqueror, as I know a cookie needs to be sent during the session_start() phase - I did get a dialog pop-up asking if I wanted to accept the cookie, but I still got the error: Fatal error: Failed to initialize session module in /usr/local/apache/htdocs/sesstest.php on line 2 It says line 2 because I deleted some white space and commented out code thas was before session_start(). I set logging errors on, and sent it to syslog. Here's what it says: Dec 29 12:12:57 free httpd: PHP Fatal error: Failed to initialize session module in /usr/local/apache/htdocs/sesstest.php on line 2 Dec 29 12:12:57 free httpd: PHP Warning: Failed to write session data (user). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0 But /tmp exists, and is world writeable: free# ls -ld /tmp drwxrwxrwt 16 root wheel 1024 Dec 29 12:14 /tmp On 12-29 09:59, Miles Thompson wrote: Sean, What's going on in incl.php. Are you issuing a session_start()? No, I was not. What if it's rearranged like so, as I understand you have to register the session variable before using it. include(incl.php); session_start(); session_register(mine); $mine++; echo $mine; No dice, either. Actually, I had tried several permutations of the order before posting. :) There's the divide and conquer approach too. What do you see if you comment out the include, then issue a phpinfo() and a die()? Okay, I tried commenting out include, resulting in this code: session_start(); session_register(i); $i++; echo $i; When I run the above, I get this: Fatal error: Failed to initialize session module in /usr/local/apache/htdocs/sesstest.php on line 6 Which is getting somewhere, in a way. Line 6 is session_start(); What part from phpinfo() output were you interested in? Or did you want to see all of it? Thanks for the help. HTH and Merry Christmas / Happy New Year - Miles Thompson On Friday 28 December 2001 11:26 pm, Sean LeBlanc wrote: I asked this on php-install list, but got no response so here goes... I simply cannot get session to work correctly. Here's the test script: include(incl.php); session_start(); $mine++; session_register(mine); echo $mine; incl.php includes code to save/retrieve session information to/from DB. It calles session_set_save_handler at the end. What happens is I get an error because it is trying to read the variable out and I get a DB error, but my session writing routine is never called...I know, because I have a print in there. And of course, the var doesn't increment upon refreshes - it remains 1. I've seen this before, and it was fixed, but I forget how it was done, as I didn't actually implement the solution (I hear and I forget, I do and I remember, I guess). About my system
RE: [PHP] Session troubles
What do you have for the return values for your session_read function? (Specifically, what do you return when there's no data available?) Jaime Bozza -Original Message- From: Sean LeBlanc [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 02, 2002 11:20 AM To: [EMAIL PROTECTED] Subject: Re: [PHP] Session troubles On 01-02 07:45, Jaime Bozza wrote: I agree. Perhaps make a feature request that disallows session starting if save_handler=user and you haven't defined a session handler? Then it could spit out a more correct error message. Blast. I am still unable to get my own session handler to work. My session handler's write never gets called; only my session_open and session_read get calledthe default file session handler still works, if I change save_handler back to file instead of user. As for the feature request, I guess I could - is there a mechanism to do this outlined somewhere? -Original Message- From: Sean LeBlanc [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 01, 2002 8:32 PM To: [EMAIL PROTECTED] Subject: Re: [PHP] Session troubles On 12-31 09:23, Jaime Bozza wrote: Sean, From your php error_log, it's saying the following: Failed to write session data (user) which sounds like it's having problems writing to the user-defined session handler. Are you using a user-defined session handler? If not, make sure your php.ini file has: session.save_handler = files And *NOT*: session.save_handler = user That will make a big difference. Good eye. That was it. I *did* have it as user because I was trying to do my own user-defined session handler, and then stepped back and was just trying to get the simpler case to work, w/o changing it back. Thanks, it works now! Now, I just need to see if I can get my session_handler working... It's too bad the error message isn't more descriptive for this, BTW... -Original Message- From: Sean LeBlanc [mailto:[EMAIL PROTECTED]] Sent: Saturday, December 29, 2001 1:21 PM To: [EMAIL PROTECTED] Subject: Re: [PHP] Session troubles On 12-29 12:56, David Jackson wrote: Sean -- Don't know if this help but here's what I just worked for me. What ver. of PHP are you using? It seem to me that 3.x.x needs PHPLIB: http://sourceforge.net/projects/phplib to handle sessions? -- David Jackson --- sean.php --- ?php include(seaninc.php); ? --- seaninc.php -- ?php session_start(); session_register(i); $i++; echo $i; ? I'm using 4.0.6. I believe session handling was added as part of standard 4.x, right (if configured to compile it)? Some more info: I tried with Konqueror, as I know a cookie needs to be sent during the session_start() phase - I did get a dialog pop-up asking if I wanted to accept the cookie, but I still got the error: Fatal error: Failed to initialize session module in /usr/local/apache/htdocs/sesstest.php on line 2 It says line 2 because I deleted some white space and commented out code thas was before session_start(). I set logging errors on, and sent it to syslog. Here's what it says: Dec 29 12:12:57 free httpd: PHP Fatal error: Failed to initialize session module in /usr/local/apache/htdocs/sesstest.php on line 2 Dec 29 12:12:57 free httpd: PHP Warning: Failed to write session data (user). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0 But /tmp exists, and is world writeable: free# ls -ld /tmp drwxrwxrwt 16 root wheel 1024 Dec 29 12:14 /tmp On 12-29 09:59, Miles Thompson wrote: Sean, What's going on in incl.php. Are you issuing a session_start()? No, I was not. What if it's rearranged like so, as I understand you have to register the session variable before using it. include(incl.php); session_start(); session_register(mine); $mine++; echo $mine; No dice, either. Actually, I had tried several permutations of the order before posting. :) There's the divide and conquer approach too. What do you see if you comment out the include, then issue a phpinfo() and a die()? Okay, I tried commenting out include, resulting in this code: session_start(); session_register(i); $i++; echo $i; When I run the above, I get this: Fatal error: Failed to initialize session module in /usr/local/apache/htdocs/sesstest.php on line 6 Which is getting somewhere, in a way. Line 6 is session_start(); What part from phpinfo() output were you interested in? Or did you want to see all of it? Thanks for the help. HTH and Merry Christmas / Happy New Year - Miles Thompson On Friday 28 December 2001 11:26 pm, Sean LeBlanc wrote: I asked this on php-install list, but got
RE: [PHP] Session troubles
Returning false is invalid for the session read function, and has caused *MANY* issues with PHP and Sessions. (Check the archives as well as the bugs database. I have a couple in there myself) Change: return false; To: return ''; And things should start working as expected. Jaime Bozza -Original Message- From: Sean LeBlanc [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 02, 2002 4:02 PM To: [EMAIL PROTECTED] Subject: Re: [PHP] Session troubles On 01-02 14:31, Jaime Bozza wrote: What do you have for the return values for your session_read function? (Specifically, what do you return when there's no data available?) Well, it turns out that write *is* being called, but due to some feature of session write, echo and print don't work, as I read on bugs.php.net. So I put a file-writing mechanism in there and I see it is being called and what was happening. I was trying to do an insert all the time, due to bad logic, so it was cycling to 2, then stopping. Now it seems to work properly. :) As for the session read, I return false when no value is found. Jaime Bozza -Original Message- From: Sean LeBlanc [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 02, 2002 11:20 AM To: [EMAIL PROTECTED] Subject: Re: [PHP] Session troubles On 01-02 07:45, Jaime Bozza wrote: I agree. Perhaps make a feature request that disallows session starting if save_handler=user and you haven't defined a session handler? Then it could spit out a more correct error message. Blast. I am still unable to get my own session handler to work. My session handler's write never gets called; only my session_open and session_read get calledthe default file session handler still works, if I change save_handler back to file instead of user. As for the feature request, I guess I could - is there a mechanism to do this outlined somewhere? -Original Message- From: Sean LeBlanc [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 01, 2002 8:32 PM To: [EMAIL PROTECTED] Subject: Re: [PHP] Session troubles On 12-31 09:23, Jaime Bozza wrote: Sean, From your php error_log, it's saying the following: Failed to write session data (user) which sounds like it's having problems writing to the user-defined session handler. Are you using a user-defined session handler? If not, make sure your php.ini file has: session.save_handler = files And *NOT*: session.save_handler = user That will make a big difference. Good eye. That was it. I *did* have it as user because I was trying to do my own user-defined session handler, and then stepped back and was just trying to get the simpler case to work, w/o changing it back. Thanks, it works now! Now, I just need to see if I can get my session_handler working... It's too bad the error message isn't more descriptive for this, BTW... -Original Message- From: Sean LeBlanc [mailto:[EMAIL PROTECTED]] Sent: Saturday, December 29, 2001 1:21 PM To: [EMAIL PROTECTED] Subject: Re: [PHP] Session troubles On 12-29 12:56, David Jackson wrote: Sean -- Don't know if this help but here's what I just worked for me. What ver. of PHP are you using? It seem to me that 3.x.x needs PHPLIB: http://sourceforge.net/projects/phplib to handle sessions? -- David Jackson --- sean.php --- ?php include(seaninc.php); ? --- seaninc.php -- ?php session_start(); session_register(i); $i++; echo $i; ? I'm using 4.0.6. I believe session handling was added as part of standard 4.x, right (if configured to compile it)? Some more info: I tried with Konqueror, as I know a cookie needs to be sent during the session_start() phase - I did get a dialog pop-up asking if I wanted to accept the cookie, but I still got the error: Fatal error: Failed to initialize session module in /usr/local/apache/htdocs/sesstest.php on line 2 It says line 2 because I deleted some white space and commented out code thas was before session_start(). I set logging errors on, and sent it to syslog. Here's what it says: Dec 29 12:12:57 free httpd: PHP Fatal error: Failed to initialize session module in /usr/local/apache/htdocs/sesstest.php on line 2 Dec 29 12:12:57 free httpd: PHP Warning: Failed to write session data (user). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0 But /tmp exists, and is world writeable: free# ls -ld /tmp drwxrwxrwt 16 root wheel 1024 Dec 29 12:14 /tmp On 12-29 09:59, Miles Thompson wrote: Sean, What's going on in incl.php. Are you issuing a session_start()? No, I was not. What if it's rearranged like so, as I understand you have
RE: [PHP] Mommy, is it true that...?
Another way I validate input is by using settype(); For instance: settype($id, integer); I use addslashes and settype on all data coming from a browser that ends up being using in a query. (abs will convert negative numbers, which may be what you want, but then again. G) Jaime Bozza -Original Message- From: Nathan Cassano [mailto:[EMAIL PROTECTED]] Sent: Friday, December 21, 2001 11:34 AM To: [EMAIL PROTECTED] Subject: RE: [PHP] Mommy, is it true that...? One thing that I do know is dangerous is deleting rows based on an integer field with an unprocessed value; Example: Delete row script ? if($delete $id){ delete from mytable where id = $id; } ? By simply appending an all inclusive sql clause. $id = 21421 or 1 = 1; Ca-Boom! The entire table has been deleted. Don't you feel dumb! Instead process the input. $id = abs($id); -Original Message- From: Bogdan Stancescu [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 20, 2001 5:40 PM To: [EMAIL PROTECTED] Subject: [PHP] Mommy, is it true that...? 2. Please enter your age: 25; drop database mysql Does this actually work? I've read at least a dozen articles telling people to get it in their blood not to trust users and addslashes to any king incoming data, as well as pass it as strings to mysql (insert into person set age='$age' instead of insert into person set age =$age). So I decided I had to test this: I wrote the code exactly as in the example; I provided the exact dangerous input (well, to be honest, I tried a select instead of drop mysql). When I tried it, the presumably dangerous situation degraded into a trivial MySQL error. It went something like You have an error near '; select 1+1'. Did you ever actually try this? Does it work on your system? Thanks in advance for the input! Bogdan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] Session storage and the --with-mm option
John (and all), I was using --with-mm on my system and immediately saw a jump in memory usage and I wasn't even using the mm session support! The memory doubled from 4.0.6 to 4.1.0. I've since removed it from my compile. Jaime Bozza GeoComm International Corp. -Original Message- From: John Lim [mailto:[EMAIL PROTECTED]] Sent: Friday, December 14, 2001 9:27 PM To: [EMAIL PROTECTED] Subject: Re: [PHP] Session storage and the --with-mm option This doesn't explain why mm is causing such a memory bloat though. Mark, are you storing big arrays as session variables? I am using mm myself for sessions and never have these problems (I only store less than 1K of data in sessions anyway). Regards, John Jeremy Allen [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Sessions by default will use the file system to store session data. Using the file system on a site that utilizes sessions moderately can be negative as far as performance goes. Using shared memory simply means that session data is now stored in shared memory. Shared memory is a bit more efficient than using the file system. Where session data is stored is supposed to be sort of black box and transparent to the actual use of sessions. You can also define a group of custom session handling functions to use any device your mind can imagine for session storage. Anything PHP can easily connect to (Java, RDBMS, ...) the sky is the limit. Take a look at session_set_save_handler (for custom session handling routines). Once you get your session save handler working it is transparent to the use of sessions. If your having performance troubles with sessions using the file system, shared memory may be the best way to go. Take a look at this page http://www.php.net/manual/en/ref.session.php To actually use shared memory you must modify the option session.save_handler in the php.ini file. Thanks Jeremy Allen -Original Message- From: Mark [mailto:[EMAIL PROTECTED]] Sent: Friday, December 14, 2001 10:38 AM To: [EMAIL PROTECTED] Subject: [PHP] Session storage and the --with-mm option I'm trying to cut down on the amount of memory that my apache proceeses use, I've noticed that when I have the --with-mm option set when I configure and compile PHP that the apache process goes up by about 40MB or more on the process table: USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 23102 0.0 2.5 54588 12972 ? SDec11 0:13 /usr/sbin/httpd nobody 11242 0.0 2.7 55040 14408 ? SDec13 0:16 /usr/sbin/httpd nobody 11244 0.0 2.7 55076 14216 ? SDec13 0:16 /usr/sbin/httpd I understand that not each process is using up that much ram, but I'd still like to cut down the usage since without having --with-mm enabled makes the processes more like this: USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 29415 0.0 0.7 13988 5844 ?SDec13 0:02 /usr/sbin/httpd nobody 31719 0.0 0.7 14140 6096 ?S04:02 0:00 /usr/sbin/httpd nobody 31720 0.0 0.7 14140 6096 ?S04:02 0:00 /usr/sbin/httpd So my question is this. What is the --with-mm option for? The only real documentation I can find about it anywhere is on the PHP site where they have a complete list of configuration options: -- --with-mm[=DIR] PHP 3: Option not available in PHP 3 PHP 4: Include mm support for session storage -- Well, that's not really helpful. Does this option affect how sessions work under PHP? I think some of the users on my system have been using sessions successfully without this option. Also, since this gets compiled in the ext/sessions directory, would I be able to compile it as a module that could be loaded into PHP at run time? Any help would be appretiated. Thanks, -- mark.krenz [EMAIL PROTECTED] ___ Their snazzy page and friendly installation process don't make up for damn trickery. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL P
RE: [PHP] Re: PHP 4.1.0 and User-defined Sessions
I *HAVE* searched the database and there have been similar problems, with the request to try the latest CVS and to produce a short script that duplicates the problem. Since I can't exactly put the CVS version onto a live website (and start having all sorts of other problems) and I can't duplicate the problem consistently on a non-active testing site, I don't really have anything else additional to offer except for Me Too!. My email already stated that I have tried to use --enable-debug and that I'm getting a segfault without any core file whatsoever. The last paragraph explains my attempts on using enable-debug. Jaime Bozza -Original Message- From: Yasuo Ohgaki [mailto:[EMAIL PROTECTED]] Sent: Wednesday, December 12, 2001 9:04 PM To: [EMAIL PROTECTED]; Jaime Bozza Subject: [PHP] Re: PHP 4.1.0 and User-defined Sessions Search bug database to see if the same problem is reported or not. If you get segfault, buld PHP with --enable-debug and get core file. If it is new, get backtrace as described in bugs.php.net. Submit new bug report. If you found multiple issues, submit bug report separately. There are more comments following. Jaime Bozza wrote: Hello, I've run into a really intermittent and strange problem with PHP 4.1.0, and before I try and figure out how to send in a bug report that'll get ignored (because I don't have all the data that is expected), I thought I would try here to see if anyone else is having similar problems. Configuration: FreeBSD 4.4-STABLE, PostgreSQL 7.1.3, Apache 1.3.22, PHP 4.1.0. So far I don't have problem with Linux 2.4.4/PosrgreSql 7.1.3/Apache 1.3.22/PHP 4.1.0 or 4.2.0-dev I use PHP Sessions for large parts of our sites. I'm currently using the PostgreSQL Session Handler code from Jon Parise and it had been working pretty much perfectly under PHP 4.0.6. (The only issue was when multiple requests came in with the same session_id at the EXACT same time - AvantGo for instance - But I made some minor modifications to eliminate that problem) Once upgrading to 4.1.0, I started noticing Apache processes segfaulting left and right. (Signal 11's, with the occasional Signal 10) At first I started to think perhaps memory was bad on that particular system. I have 4 servers (running 3-5 separate Apache processes each) and each and every server was giving me the Signal 10/11's. I started looking into it further. I have an auto_prepend for my application code that defines the base session variables, config variables, includes the pgsql_session_handler file, etc. All the processing is handled here so that my other pages can just use an array that stores all the session data. That way I can pretty much ignore the backend in any of my application code. This setting is similar to mine also. Once I turned this code off, bingo! No more segfaults! So I started hacking out code there. If I kept all the startup code but eliminated the session commands, it still worked. As soon as I turned on the session (session_start/session_register), I'd get the segfaults again. If you could make *short* script that segfault, attach it to bug report. If I turned off the pgsql_session_handler and went back to files (the default), I didn't have any problems either. It was just a problem when I was using the pgsql_session_handler. I'm not sure what your session handler looks like, could try pgsql session handler that can be found at Zend.com's code exchange? So I then turned off session handling and built my own session functions (quickie, but basically emulate the session functions I needed) that called the SAME pgsql_session_handler code that was being used by PHP's internal functions. For the past hour I haven't had a single segfault on any of my servers. (Within 5 minutes of turning on the internal session routines, I would start getting segfaults every minute or so) One other thing I noticed was that I had compiled PHP with the mm shared memory library. Previous to 4.1.0, each Apache process had a size of around 64MB. (Without mm, the size was 4-5MB or so) Once installing 4.1.0, the size went up to 130MB for each process! Since I believe sessions utilize the mm library if it's available, I figure this may be one of the clues. (I never tried using the shared memory style of sessions, so I couldn't tell you if it would segfault there.) This is strange, mm session module allocates shared memory that is needed. (Description is not fully correct, but almost correct) Is anyone having any of these problems? Is anyone else using the internal PHP session support with their own session handler (under some of the same conditions I gave above) and having no problems with PHP4.1.0? Please let me know either way. BTW, I never get a core file. I've tried enable-debug to get the symbols in there, but without a core file I'm kind
RE: [PHP] Re: PHP 4.1.0 and User-defined Sessions
I've been trying to work something up running httpd -X, unfortunately, single user access doesn't seem to help. As near as I can tell, it happens only with concurrent access. Perhaps some type of memory lock or something. I no longer have --with-mm, so it's not trying to use that type of shared memory. Can gdb help with running httpd *without* the -X? I've tried ab, but I think I'm going to try again (running ab multiple times on different pages to try and simulate real world access) and see if I can get anything to come up there. Again, concurrent access seems to be the key as I have been unable to get Apache(PHP) to segfault on a test server with single access only. I took a look at the PostgreSQL session code on Zend (which I believe you've written)... The one's I'm using are quite a bit similar, though yours track counts and such. The core reading/writing is similar, except for the following: The Zend version will still load a session up even if the maxlifetime has been exceeded. Since gc isn't called EVERY time (unless probability is 100), occasionally there could be the possibility of stale session data being loaded up. This is a simple one to fix, but important for me. I notice that you have the row locking in the SELECT for the session_read. Will this cause PostgreSQL to deny read access for another concurrent connection (with the same session_id), or will that second connection wait until the first is done? I guess I'll have to test that out. If you want, I can switch over to your code and to prove it's not the session_handler code itself. How busy are the sites you maintain that use the session handler code? (In requests per minute, etc.) I noticed your comment on the mm code. Like I said, I was a bit confused on that as well. I can certainly write a bug report up for that, but I don't know if you'd classify that as a bug. Jaime Bozza -Original Message- From: Yasuo Ohgaki [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 13, 2001 1:01 PM To: Jaime Bozza Cc: [EMAIL PROTECTED] Subject: Re: [PHP] Re: PHP 4.1.0 and User-defined Sessions Jaime Bozza wrote: I *HAVE* searched the database and there have been similar problems, with the request to try the latest CVS and to produce a short script that duplicates the problem. Since I can't exactly put the CVS version onto a live website (and start having all sorts of other problems) and I can't duplicate the problem consistently on a non-active testing site, I don't really have anything else additional to offer except for Me Too!. My email already stated that I have tried to use --enable-debug and that I'm getting a segfault without any core file whatsoever. The last paragraph explains my attempts on using enable-debug. This is not practical, but you can try to run apache under gdb. If any segfault happens while you are running apache under gdb, you can get backtrace. BTW, did you try benchmarking tools like ab? You may be able to reproduce problem with benchmark tools. -- Yasuo Ohgaki Jaime Bozza -Original Message- From: Yasuo Ohgaki [mailto:[EMAIL PROTECTED]] Sent: Wednesday, December 12, 2001 9:04 PM To: [EMAIL PROTECTED]; Jaime Bozza Subject: [PHP] Re: PHP 4.1.0 and User-defined Sessions Search bug database to see if the same problem is reported or not. If you get segfault, buld PHP with --enable-debug and get core file. If it is new, get backtrace as described in bugs.php.net. Submit new bug report. If you found multiple issues, submit bug report separately. There are more comments following. Jaime Bozza wrote: Hello, I've run into a really intermittent and strange problem with PHP 4.1.0, and before I try and figure out how to send in a bug report that'll get ignored (because I don't have all the data that is expected), I thought I would try here to see if anyone else is having similar problems. Configuration: FreeBSD 4.4-STABLE, PostgreSQL 7.1.3, Apache 1.3.22, PHP 4.1.0. So far I don't have problem with Linux 2.4.4/PosrgreSql 7.1.3/Apache 1.3.22/PHP 4.1.0 or 4.2.0-dev I use PHP Sessions for large parts of our sites. I'm currently using the PostgreSQL Session Handler code from Jon Parise and it had been working pretty much perfectly under PHP 4.0.6. (The only issue was when multiple requests came in with the same session_id at the EXACT same time - AvantGo for instance - But I made some minor modifications to eliminate that problem) Once upgrading to 4.1.0, I started noticing Apache processes segfaulting left and right. (Signal 11's, with the occasional Signal 10) At first I started to think perhaps memory was bad on that particular system. I have 4 servers (running 3-5 separate Apache processes each) and each and every server was giving me the Signal 10/11's. I started looking into it further. I have an auto_prepend for my application code that defines the base session variables, config variables
[PHP] PHP 4.1.0 and User-defined Sessions
Hello, I've run into a really intermittent and strange problem with PHP 4.1.0, and before I try and figure out how to send in a bug report that'll get ignored (because I don't have all the data that is expected), I thought I would try here to see if anyone else is having similar problems. Configuration: FreeBSD 4.4-STABLE, PostgreSQL 7.1.3, Apache 1.3.22, PHP 4.1.0. I use PHP Sessions for large parts of our sites. I'm currently using the PostgreSQL Session Handler code from Jon Parise and it had been working pretty much perfectly under PHP 4.0.6. (The only issue was when multiple requests came in with the same session_id at the EXACT same time - AvantGo for instance - But I made some minor modifications to eliminate that problem) Once upgrading to 4.1.0, I started noticing Apache processes segfaulting left and right. (Signal 11's, with the occasional Signal 10) At first I started to think perhaps memory was bad on that particular system. I have 4 servers (running 3-5 separate Apache processes each) and each and every server was giving me the Signal 10/11's. I started looking into it further. I have an auto_prepend for my application code that defines the base session variables, config variables, includes the pgsql_session_handler file, etc. All the processing is handled here so that my other pages can just use an array that stores all the session data. That way I can pretty much ignore the backend in any of my application code. Once I turned this code off, bingo! No more segfaults! So I started hacking out code there. If I kept all the startup code but eliminated the session commands, it still worked. As soon as I turned on the session (session_start/session_register), I'd get the segfaults again. If I turned off the pgsql_session_handler and went back to files (the default), I didn't have any problems either. It was just a problem when I was using the pgsql_session_handler. So I then turned off session handling and built my own session functions (quickie, but basically emulate the session functions I needed) that called the SAME pgsql_session_handler code that was being used by PHP's internal functions. For the past hour I haven't had a single segfault on any of my servers. (Within 5 minutes of turning on the internal session routines, I would start getting segfaults every minute or so) One other thing I noticed was that I had compiled PHP with the mm shared memory library. Previous to 4.1.0, each Apache process had a size of around 64MB. (Without mm, the size was 4-5MB or so) Once installing 4.1.0, the size went up to 130MB for each process! Since I believe sessions utilize the mm library if it's available, I figure this may be one of the clues. (I never tried using the shared memory style of sessions, so I couldn't tell you if it would segfault there.) Is anyone having any of these problems? Is anyone else using the internal PHP session support with their own session handler (under some of the same conditions I gave above) and having no problems with PHP4.1.0? Please let me know either way. BTW, I never get a core file. I've tried enable-debug to get the symbols in there, but without a core file I'm kind of out of luck on tracing. All I can tell you now is that using user-defined handlers for sessions started causing me lots of problems. (As near as I can tell, you need to have some sort of a decent load on your servers - Single client access didn't ever seem to allow me to force the crashes) HELP! Jaime Bozza -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] File upload !!!!
Hello, Is there some reason I keep getting copies of messages from the list sent directly to me as well as the list? I've seen one or two come by and thought it was just someone replying wrong. Recently though, I'm received questions, comments, answers, etc., all regarding subjects I haven't been involved in. :) I read the list all the time, so I don't think I need two copies sent to me. G Jaime Bozza GeoComm International Corp. -Original Message- From: Kevin Williams [mailto:[EMAIL PROTECTED]] Sent: Sunday, May 13, 2001 1:46 PM To: [EMAIL PROTECTED] Cc: PHP User Group; Matthias Roggendorf Subject: Re: [PHP] File upload Hi, A snippet of code could help, but I recently experienced two problems with uploading and gaining the information. Are you using the correct ENCTYPE for the upload, along with using POST (GET doesn't work). Also, if you are trying to us the information from inside a function, I had to either globally define all of the attributes, or you could pass them to the function. Hope this helps Kevin Williams Matthias Roggendorf [EMAIL PROTECTED] wrote in message 9dmisb$bhq$[EMAIL PROTECTED]">news:9dmisb$bhq$[EMAIL PROTECTED]... Hi, sorry for asking such easy things but I really have a hard time to get this to work: I use exactly the scripts which are given on the PHP website to upload files. The problem is that the variable $userfile just contains none and $userfile_size is 0. The rest of the variables have the right values. When I use a larger file it takes more time so I assume that the file is uploaded, but I cannot save it because I don't know the temporary filename. Can anybody help me? I really need this to work. Thanks, Matthias -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] More Email ereg Validation
Sorry, but that doesn't work. I thought it would, but it only does two characters on the top level domain again. Tested at http://www.php.comzept.de/rexpr (thanks Jrg!) Does anyone else (a regex guru) have any other suggestions? The most recent regex you had: ([a-z0-9_\.\-]+)@([a-z0-9\.-]+).([a-z]{2,3}) would still allow addresses such as [EMAIL PROTECTED] or _.-._.@.-.com. (Actually, with the . there, you could even have _.-._.@.-|com) Regardless, here's a regex I've adjusted to try and keep the address as close to good form as possible: "^[0-9a-z]+([-_./]([0-9a-z]+))*@[0-9a-z]+([-.]([0-9a-z]+))*\\.[a-z]{2,4}$" A little longer, but it does the trick (I've tried hitting it with a bunch of possibilities, but I may have missed some. G) We have some lists that contain (valid) email addresses like [EMAIL PROTECTED], so I've allowed a / as a separator to the left of the @. (If you don't want to allow this, just replace [-_./] with [-_.] and it'll be gone. At the end of the regex, I allow 2-3 characters but this may need to be 2-5 shortly since the new TLDs may start coming into use. Up to you. Make sure you use eregi instead of just ereg, or lowercase the email address before you check it. We also go a step further and use checkdnsrr to see if there are any (type ANY that is) records available for the hostname part. Not great, but it at least tries to see if the hostname exists. Let me know if it works out for you. Jaime Bozza GeoComm International Corp. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] RE: Bug IDs #8772, #9002, maybe #9724 - session write handler and register_globals
Hello, (Using both 4.0.4pl1 and latest CVS as of today.) I have been having similar problems with defining my own session handling routings and register_globals. If register_globals is off, a new session doesn't seem to call the "write" handler, thus the session never gets stored. With register_globals=on, the session gets stored correctly. I've done some testing and found out a fix to the problems which ends up being better than keeping register_globals on. Here's my code for my "read" handler (PostgreSQL-based). -- function sess_read($sid) { global $SESS_DBH; $qry = "SELECT value FROM sessions WHERE sid = '$sid'"; $qid = pg_exec($SESS_DBH, $qry); if (pg_numrows($qid) 0) { list($value) = pg_fetch_row($qid, 0); return $value; } return ""; } --- Originally (last line in function above)[EMAIL PROTECTED], I was returning a FALSE instead of a blank string. When I switched over to returning a blank string (when there wasn't any data in the session database), my "write" handler gets called correctly. I'm not sure if this will fix anybody else's problems, but if you change your read handler to return a blank string instead of a FALSE condition, it may start working for you as well! (If it DOES help you out, please let me know.) Jaime Bozza -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]