Re: [PHP] Novice question

2011-10-31 Thread John Allsopp 
> cURL is the best one in my experience, but you have to manage security
> yourself. Meaning: Remember to escape/encode data.
>
> http://php.net/manual/en/book.curl.php

Thanks everyone, appreciated, I'll investigate ..

Cheers
J

>> --
>> 01723 376477
>>
>> Cost-free marketing: http://www.flowmarketing.co.uk/
>>
>> Affordable marketing guidance for small businesses:
>> http://www.amilliontweaks.co.uk/
>>
>> Effective marketing services for SMEs: coming soon at
>> http://www.surgemarketing.co.uk
>>
>> Professional Internet marketing consultancy:
>> http://www.johnallsopp.co.uk
>>
>>
>> --
>> PHP General Mailing List (http://www.php.net/)
>> To unsubscribe, visit: http://www.php.net/unsub.php
>>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>


-- 
01723 376477

Cost-free marketing: http://www.flowmarketing.co.uk/

Affordable marketing guidance for small businesses:
http://www.amilliontweaks.co.uk/

Effective marketing services for SMEs: coming soon at
http://www.surgemarketing.co.uk

Professional Internet marketing consultancy: http://www.johnallsopp.co.uk


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Novice question

2011-10-30 Thread John Allsopp 
Hi

I'm afraid I've fallen a little out of touch with PHP dev, so a stupid
question for you.

I want to write a script that requests a URL and then reads that website
.. I'm interested to map web structures. My web host is saying I'll need
URL file access enabled but that it's a) a security risk and b)
deprecated.

So .. what's the good / proper / acceptable / secure way of reading in
URLs in PHP or .. isn't there one?

Cheers
J

-- 
01723 376477

Cost-free marketing: http://www.flowmarketing.co.uk/

Affordable marketing guidance for small businesses:
http://www.amilliontweaks.co.uk/

Effective marketing services for SMEs: coming soon at
http://www.surgemarketing.co.uk

Professional Internet marketing consultancy: http://www.johnallsopp.co.uk


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] How to secure this

2010-02-13 Thread John Allsopp 

Robert Cummings wrote:

Ashley Sheridan wrote:

On Fri, 2010-02-12 at 16:12 -0500, Robert Cummings wrote:


John Allsopp wrote:

Hi everyone

There may be blinding bits of total ignorance in this so don't 
ignore the obvious.


This is a security question, but a sentence of background: I'm 
writing software for a mapping/location website and I want to be 
able to provide something others can plug into their website that 
would display their map.


So I'm providing a URL like 
http://www.mydomain.com?h=300&w=250&username=name&password=password


The idea is they can define their own height and width and it plugs 
in as an iframe.


That takes the username and password and throws it over web 
services to get back the data from which we can create the map.


My question (and it might be the wrong question) is how can I not 
give away the password to all and sundry yet still provide a 
self-contained URL?
MD5() (or SHA()) hash the information and supply that along with the 
settings. Then you know it was generated by your site. So you can do 
the following:


$url = 
"http://www.mydomain.com?h=$height&w=$width&username=$username&key=$key";; 



?>

Then when you get this URL via the iframe, you re-compute the 
expected key and then compare it against the given key. Since only 
you know the SECRET_SALT value then nobody should be able to forge 
the key.


Cheers,
Rob.
--
http://www.interjinn.com
Application and Templating Framework for PHP




What about requiring them to sign in the first time to use your service,
and then give them a unique id which i tied to their details. You could
then get them to pass across this id in the url. You could link their
account maybe to some sorts of limits with regards to what they can
access maybe?


Presumably they ARE logged in when you create this URL for them... 
otherwise someone else could generate it :)


Cheers,
Rob.
Well no they are not logged in, it's just an embedded iframe so that's 
my main issue with my method, anyone could look at the web page source, 
pinch the URL of the iframe and they'd have the username and password.


I'd got as far as MD5, but not the Secret Salt bit.

The thing that warped my head was .. if the URL then becomes
http://www.mydomain.com?h=$height&w=$width&username=$username&key=$key 
that's the same thing isn't it ..  a URL anyone could use anywhere? In a 
sense, we would have simply created another password, the MD5 key, which 
was a valid way to get into the system.


So then validating the domain from a list stops anyone using it anywhere 
and means we can switch it off by domain if we need to.


And .. we're not passing the password, right? We're not mixing that into 
the MD5? We are just saying, if you have the right username, if we know 
you've come via our code (secret salt), and you're from an approved 
domain, we'll let you in.


Sorted, I think .. unless you spot any faulty reasoning in the above. 
Thanks very much guys :-)


J







--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] How to secure this

2010-02-12 Thread John Allsopp 

Hi everyone

There may be blinding bits of total ignorance in this so don't ignore 
the obvious.


This is a security question, but a sentence of background: I'm writing 
software for a mapping/location website and I want to be able to provide 
something others can plug into their website that would display their map.


So I'm providing a URL like 
http://www.mydomain.com?h=300&w=250&username=name&password=password


The idea is they can define their own height and width and it plugs in 
as an iframe.


That takes the username and password and throws it over web services to 
get back the data from which we can create the map.


My question (and it might be the wrong question) is how can I not give 
away the password to all and sundry yet still provide a self-contained URL?


Thanks in advance :-)

Cheers
J



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Call to object function, want to PHP interpret returned string

2009-07-07 Thread John Allsopp 

Stuart wrote:

2009/7/6 John Allsopp :
  

David Robley wrote:


John Allsopp wrote:


  

Hi

At the top of a webpage I have:

getTop("my company title");
?>

to deliver the first lines of HTML, everything in HEAD and the first
bits of page furniture (menu, etc).

In the furniture object in getTop(), I want to return a string that
includes the CSS file that I call with an include_once. But the
include_once isn't interpreted by PHP, it's just outputted. So from:

   $toReturn = "
   ...";

   return $toReturn;

I get



in my code.

Do I really have to break up my echo $myFurniture->getTop("my company
title"); call to getTopTop, then include my CSS, then call getTopBottom,
or can I get PHP to interpret that text that came back?

PS. I may be stupid, this may be obvious .. I don't program PHP every day

Thanks in advance for your help :-)

Cheers
J



First guess is that your page doing the including doesn't have a filename
with a .php extension, and your server is set to only parse php in files
with a .php extension.



Cheers

  

Ah, thanks. It's a PHP object returning a string, I guess the PHP
interpreter won't see that.

So, maybe my object has to write a file that my calling file then includes
after the object function call. Doesn't sound too elegant, but is that how
it's gotta be?



You appear to be looking for the eval function: http://php.net/eval

However, in 99.99% of cases using eval is not the right solution. In
your case there are two ways to solve it.

The first way, assuming the thing you're trying to include is a
stylesheet, is to use an external link to a CSS file. That would be
the "normal" way to include a stylesheet in an HTML page and is far
more efficient that including it inline.

If it's not just a stylesheet that you're including then you'll want
to load the file in the getTop method. For example...

$toReturn = "  
Thanks guys. Yes, actually file_get_contents didn't work for me, and yes 
you're right, of course I should be including my CSS like rel='stylesheet' type='text/css' media='screen' href='style3.css' 
title='style1'> in the header.


The style3.txt file I was trying to PHP include was there so I could 
include more than one stylesheet and make just one amendment. One for 
printing and I'm guessing one for mobile. All that file contained was 
the 

That was legacy code. Now I have a furniture object, of course, I can 
put my stylesheet code in one place there just as part of the header, 
and have no need for style3.txt.


Thanks for all your help.
J

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Call to object function, want to PHP interpret returned string

2009-07-06 Thread John Allsopp 

David Robley wrote:

John Allsopp wrote:

  

Hi

At the top of a webpage I have:

getTop("my company title");
?>

to deliver the first lines of HTML, everything in HEAD and the first
bits of page furniture (menu, etc).

In the furniture object in getTop(), I want to return a string that
includes the CSS file that I call with an include_once. But the
include_once isn't interpreted by PHP, it's just outputted. So from:

$toReturn = "
...";

return $toReturn;

I get



in my code.

Do I really have to break up my echo $myFurniture->getTop("my company
title"); call to getTopTop, then include my CSS, then call getTopBottom,
or can I get PHP to interpret that text that came back?

PS. I may be stupid, this may be obvious .. I don't program PHP every day

Thanks in advance for your help :-)

Cheers
J



First guess is that your page doing the including doesn't have a filename
with a .php extension, and your server is set to only parse php in files
with a .php extension.



Cheers
  
Ah, thanks. It's a PHP object returning a string, I guess the PHP 
interpreter won't see that.


So, maybe my object has to write a file that my calling file then 
includes after the object function call. Doesn't sound too elegant, but 
is that how it's gotta be?


Cheers
J


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Call to object function, want to PHP interpret returned string

2009-07-05 Thread John Allsopp 

Hi

At the top of a webpage I have:

getTop("my company title");
?>

to deliver the first lines of HTML, everything in HEAD and the first 
bits of page furniture (menu, etc).


In the furniture object in getTop(), I want to return a string that 
includes the CSS file that I call with an include_once. But the 
include_once isn't interpreted by PHP, it's just outputted. So from:


   $toReturn = "Transitional//EN' 

   
   ...";

   return $toReturn;

I get



in my code.

Do I really have to break up my echo $myFurniture->getTop("my company title"); call to getTopTop, 
then include my CSS, then call getTopBottom, or can I get PHP to interpret that text that came back?


PS. I may be stupid, this may be obvious .. I don't program PHP every day

Thanks in advance for your help :-)

Cheers
J

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] is_readable(http://.... text file) says not, but I canin browser

2009-01-11 Thread John Allsopp 

Nathan Rixham wrote:

John Allsopp wrote:

Nathan Nobbe wrote:
On Sun, Dec 28, 2008 at 11:02 AM, John Allsopp 
wrote:


 

Hi

I'm sure this is simple for yous all but I'm not sure I know the 
answer.


  $myFileLast = "http://www.myDomain.com/text.txt";;
  if (is_readable($myFileLast))
  {
  $fh = fopen($myFileLast, 'r');
  $theDataLast = fread($fh, 200);
  fclose($fh);
  echo ("The dataLast: ".$theDataLast."\n");
  } else
  {
  echo ("Last fix file unavailable: $myFileLast\n");
  }

returns Last fix file unavailable even for a file that my browser 
can read.

All I want to do is skip over files

This could be a very simple error, I'd appreciate a pointer. Is it
permissions being different for PHP versus the browser or 
something? PHP is

running on a different server.




are you basically trying to tell if theres a resource @ the given 
url?  if

so, id prefer curl myself.

something like

if(($ch = curl_init($url) === false)
  echo ("Last fix file unavailable: $myFileLast\n");
else {
  curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);*
*  $theDataLast = curl_exec($ch);
  echo ("The dataLast: ".$theDataLast."\n");*
*  curl_close($ch);*
*}

obviously, youll need the curl extension installed for this to 
work.  i know
the fopen wrappers will allow you to get a read-only handle to an 
http url,
but im not sure what is_readable() will do w/ that, it may be 
limited to the

local filesystem.

-nathan

  
Thanks. I'm trying to read the contents of the file at the URL, but 
it might not exist.


So far I'm getting a lot of *Warning*: curl_setopt(): supplied 
argument is not a valid cURL handle resource in 
*/home/myAcc/public_html/test.php* on line *58

*
I searched phpinfo for 'curl' and it came up nothing, so I'm just 
checking with my hosts to see if I have the extension installed.


I'll be back, thanks
J


might be a bracket thing..

could try:
if( ($ch = curl_init($url)) === false) {
  echo ("Last fix file unavailable: $myFileLast\n");
} else {


or
if( !is_resource($ch = curl_init($url)) ) {
  echo ("Last fix file unavailable: $myFileLast\n");
} else {





Ah, perfect, it was a bracket thing.

Thanks muchly

J

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] is_readable(http://.... text file) says not, but I can in browser

2009-01-11 Thread John Allsopp 

Nathan Nobbe wrote:

On Sun, Dec 28, 2008 at 11:02 AM, John Allsopp wrote:

  

Hi

I'm sure this is simple for yous all but I'm not sure I know the answer.

  $myFileLast = "http://www.myDomain.com/text.txt";;
  if (is_readable($myFileLast))
  {
  $fh = fopen($myFileLast, 'r');
  $theDataLast = fread($fh, 200);
  fclose($fh);
  echo ("The dataLast: ".$theDataLast."\n");
  } else
  {
  echo ("Last fix file unavailable: $myFileLast\n");
  }

returns Last fix file unavailable even for a file that my browser can read.
All I want to do is skip over files

This could be a very simple error, I'd appreciate a pointer. Is it
permissions being different for PHP versus the browser or something? PHP is
running on a different server.




are you basically trying to tell if theres a resource @ the given url?  if
so, id prefer curl myself.

something like

if(($ch = curl_init($url) === false)
  echo ("Last fix file unavailable: $myFileLast\n");
else {
  curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);*
*  $theDataLast = curl_exec($ch);
  echo ("The dataLast: ".$theDataLast."\n");*
*  curl_close($ch);*
*}

obviously, youll need the curl extension installed for this to work.  i know
the fopen wrappers will allow you to get a read-only handle to an http url,
but im not sure what is_readable() will do w/ that, it may be limited to the
local filesystem.

-nathan

  
Thanks. I'm trying to read the contents of the file at the URL, but it 
might not exist.


So far I'm getting a lot of *Warning*: curl_setopt(): supplied argument 
is not a valid cURL handle resource in 
*/home/myAcc/public_html/test.php* on line *58

*
I searched phpinfo for 'curl' and it came up nothing, so I'm just 
checking with my hosts to see if I have the extension installed.


I'll be back, thanks
J

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] is_readable(http://.... text file) says not, but I can in browser

2009-01-11 Thread John Allsopp 

Daniel Brown wrote:

On Sun, Dec 28, 2008 at 13:02, John Allsopp  wrote:
  

  $myFileLast = "http://www.myDomain.com/text.txt";;
  if (is_readable($myFileLast))
  {
  $fh = fopen($myFileLast, 'r');
  $theDataLast = fread($fh, 200);
  fclose($fh);
  echo ("The dataLast: ".$theDataLast."\n");
  } else
  {
  echo ("Last fix file unavailable: $myFileLast\n");
  }



Simplified:

http://www.myDomain.com/text.txt";;
$theDataLast = file_get_contents($myFileLast);
?>

You can manipulate the code as you see fit.  If it doesn't work,
then check your php.ini file (if you have access) to ensure that you
have this line:

allow_url_fopen = On

  
Thanks, that worked a treat except I was getting warnings on 404. I 
looked around for solutions to that and it appears curl might handle 
that better, so I'm currently working on that. Many thanks tho .. let me 
know if you know how to stop the warnings :-)


J

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] is_readable(http://.... text file) says not, but I can in browser

2008-12-28 Thread John Allsopp 

Hi

I'm sure this is simple for yous all but I'm not sure I know the answer.

   $myFileLast = "http://www.myDomain.com/text.txt";;
   if (is_readable($myFileLast))
   {
   $fh = fopen($myFileLast, 'r');
   $theDataLast = fread($fh, 200);
   fclose($fh);
   echo ("The dataLast: ".$theDataLast."\n");
   } else
   {
   echo ("Last fix file unavailable: $myFileLast\n");
   }

returns Last fix file unavailable even for a file that my browser can 
read. All I want to do is skip over files


This could be a very simple error, I'd appreciate a pointer. Is it 
permissions being different for PHP versus the browser or something? PHP 
is running on a different server.


Cheers
J



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Pear XML parser finding nothing in ATOM / Movable Type feed

2008-09-18 Thread John Allsopp 

Nathan Rixham wrote:
Atom and RSS are completely different; the only similarities lie in 
the fact they are both XML, and both used frequently for syndicating 
news.

Really? OK, back to the books, thanks

You need an atom parser; or just load the feed into DOMDocument..

SimplePie and RssPhp are the only two I know that handle atom feeds well.

Fab, thanks.

J

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Pear XML parser finding nothing in ATOM / Movable Type feed

2008-09-17 Thread John Allsopp 

Hi

I know nothing about Pear, so I don't know how to debug this:

I've got a newly installed Movable Type blog with a couple of entries in 
it, and I just found from php.net the pear classes to parse an RSS feed, 
parser.php and rss.php, and this code from the PEAR site works


require_once "XML/RSS.php";

$rss =& new XML_RSS("http://rss.slashdot.org/Slashdot/slashdot";);
$rss->parse();

echo "Headlines from slashdot\n";
echo "\n";

foreach ($rss->getItems() as $item) {
   echo "" . $item['title'] . 
"\n";

}

echo "\n";

but if I point it at my blog: 
http://www.bluetreeservices.co.uk/gps_tracking_news/atom.xml or 
http://www.bluetreeservices.co.uk/gps_tracking_news/ or 
http://www.bluetreeservices.co.uk/gps_tracking_news , parse returns an 
empty array.


Am I just using the wrong code for that type of feed (I would have 
thought any RSS reader would handle an atom format feed) or is it that 
my server needs to provide atom.xml or .. what's going on?


I've no idea how to use PEAR::error with regard to $rss->parse() so I'm 
a bit stumped about debugging it.


I'd certainly call myself a PHP programmer, but I've never really used 
pear is the thing.


All help appreciated :-)

Cheers
J

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php